diff --git a/src/ssl.c b/src/ssl.c index 38a94b1e7..e3ebdd3a7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -567,13 +567,13 @@ word16 CyaSSL_SNI_GetRequest(CYASSL* ssl, byte type, void** data) #endif /* HAVE_SNI */ -#ifdef MAX_FRAGMENT_LENGTH +#ifdef HAVE_MAX_FRAGMENT int CyaSSL_UseMaxFragment(CYASSL* ssl, byte mfl) { if (ssl == NULL) return BAD_FUNC_ARG; - return TLSX_UseMaxFragment(ssl->extensions, mfl); + return TLSX_UseMaxFragment(&ssl->extensions, mfl); } int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, byte mfl) @@ -581,7 +581,7 @@ int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, byte mfl) if (ctx == NULL) return BAD_FUNC_ARG; - return TLSX_UseMaxFragment(ctx->extensions, mfl); + return TLSX_UseMaxFragment(&ctx->extensions, mfl); } #endif /* HAVE_MAX_FRAGMENT */ diff --git a/src/tls.c b/src/tls.c index 07575a8fb..cc8e51069 100644 --- a/src/tls.c +++ b/src/tls.c @@ -905,14 +905,14 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl) if (extensions == NULL) return BAD_FUNC_ARG; - if (CYASSL_MFL_2_9 <= mfl && mfl <= CYASSL_MFL_2_12) { - if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL) - return MEMORY_E; - - data[0] = mfl; - } else + if (mfl < CYASSL_MFL_2_9 || CYASSL_MFL_2_13 < mfl) return BAD_FUNC_ARG; + if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL) + return MEMORY_E; + + data[0] = mfl; + /* push new MFL extension. */ if ((ret = TLSX_Append(extensions, MAX_FRAGMENT_LENGTH)) != 0) { XFREE(data, 0, DYNAMIC_TYPE_TLSX); diff --git a/tests/api.c b/tests/api.c index 8cd10d5f4..1e3f0be95 100644 --- a/tests/api.c +++ b/tests/api.c @@ -50,8 +50,11 @@ static int test_CyaSSL_read_write(void); #ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_SNI static void test_CyaSSL_UseSNI(void); -#endif /* HAVE_TLS_EXTENSIONS */ #endif /* HAVE_SNI */ +#ifdef HAVE_MAX_FRAGMENT +static void test_CyaSSL_UseMaxFragment(void); +#endif /* HAVE_MAX_FRAGMENT */ +#endif /* HAVE_TLS_EXTENSIONS */ /* test function helpers */ static int test_method(CYASSL_METHOD *method, const char *name); @@ -107,6 +110,9 @@ int ApiTest(void) #ifdef HAVE_SNI test_CyaSSL_UseSNI(); #endif /* HAVE_SNI */ +#ifdef HAVE_MAX_FRAGMENT + test_CyaSSL_UseMaxFragment(); +#endif /* HAVE_MAX_FRAGMENT */ #endif /* HAVE_TLS_EXTENSIONS */ test_CyaSSL_Cleanup(); printf(" End API Tests\n"); @@ -382,9 +388,43 @@ void test_CyaSSL_UseSNI(void) server_callbacks.on_result = verify_SNI_fake_matching; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); - } #endif /* HAVE_SNI */ + +#ifdef HAVE_MAX_FRAGMENT +static void test_CyaSSL_UseMaxFragment(void) +{ + CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); + CYASSL *ssl = CyaSSL_new(ctx); + + AssertNotNull(ctx); + AssertNotNull(ssl); + + /* error cases */ + AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9)); + AssertIntNE(0, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9)); + AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 0)); + AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 6)); + AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 0)); + AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 6)); + + /* success case */ + AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9)); + AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10)); + AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11)); + AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12)); + AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13)); + AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9)); + AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10)); + AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11)); + AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12)); + AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13)); + + CyaSSL_free(ssl); + CyaSSL_CTX_free(ctx); +} +#endif /* HAVE_MAX_FRAGMENT */ + #endif /* HAVE_TLS_EXTENSIONS */ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)