1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
=pod
=head1 NAME
SSL_CTX_set_record_padding_callback,
SSL_set_record_padding_callback,
SSL_CTX_set_record_padding_callback_arg,
SSL_set_record_padding_callback_arg,
SSL_CTX_get_record_padding_callback_arg,
SSL_get_record_padding_callback_arg,
SSL_CTX_set_block_padding,
SSL_set_block_padding - install callback to specify TLS 1.3 record padding
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
void *SSL_get_record_padding_callback_arg(const SSL *ssl);
int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
int SSL_set_block_padding(SSL *ssl, size_t block_size);
=head1 DESCRIPTION
SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback()
can be used to assign a callback function I<cb> to specify the padding
for TLS 1.3 records. The value set in B<ctx> is copied to a new SSL by SSL_new().
SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg()
assign a value B<arg> that is passed to the callback when it is invoked. The value
set in B<ctx> is copied to a new SSL by SSL_new().
SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg()
retrieve the B<arg> value that is passed to the callback.
SSL_CTX_set_block_padding() and SSL_set_block_padding() pads the record to a multiple
of the B<block_size>. A B<block_size> of 0 or 1 disables block padding. The limit of
B<block_size> is SSL3_RT_MAX_PLAIN_LENGTH.
The callback is invoked for every record before encryption.
The B<type> parameter is the TLS record type that is being processed; may be
one of SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE, or SSL3_RT_ALERT.
The B<len> parameter is the current plaintext length of the record before encryption.
The B<arg> parameter is the value set via SSL_CTX_set_record_padding_callback_arg()
or SSL_set_record_padding_callback_arg().
=head1 RETURN VALUES
The SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg()
functions return the B<arg> value assigned in the corresponding set functions.
The SSL_CTX_set_block_padding() and SSL_set_block_padding() functions return 1 on success
or 0 if B<block_size> is too large.
The B<cb> returns the number of padding bytes to add to the record. A return of 0
indicates no padding will be added. A return value that causes the record to
exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the
maximum record size.
=head1 NOTES
The default behavior is to add no padding to the record.
A user-supplied padding callback function will override the behavior set by
SSL_set_block_padding() or SSL_CTX_set_block_padding(). Setting the user-supplied
callback to NULL will restore the configured block padding behavior.
These functions only apply to TLS 1.3 records being written.
Padding bytes are not added in constant-time.
=head1 SEE ALSO
L<ssl(7)>, L<SSL_new(3)>
=head1 HISTORY
The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1.
=head1 COPYRIGHT
Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
|
