altcp_mbedtls_sndbuf: use mbedtls_ssl_get_record_expansion()

2024-09-12 17:55:38 +00:00 · 2018-01-25 13:15:49 +01:00 · 2018-01-25 13:15:49 +01:00 · de68c5bed6
commit de68c5bed6
parent 6606c4013f
1 changed files with 18 additions and 33 deletions
--- a/src/apps/altcp_tls/altcp_tls_mbedtls.c
+++ b/src/apps/altcp_tls/altcp_tls_mbedtls.c
@ -92,21 +92,6 @@
 #define ALTCP_MBEDTLS_ENTROPY_LEN   0
 #endif

-/** Define this to whatever overhead is suitable.
- * Defaults to take care of record header, IV, AuthTag.
- * The last '+16' is for alignment & security.
- */
-#ifndef ALTCP_MBEDTLS_SNDBUF_OVERHEAD
-#define ALTCP_MBEDTLS_SNDBUF_OVERHEAD   (5 + 8 + 16 + (MEM_ALIGNMENT - 1) + 16)
-#endif
-
-/** When this is 1 and ALTCP_MBEDTLS_SNDBUF_OVERHEAD==1, the sndbuf
- * is limited to the (negotiated) maximum fragment length.
- */
-#ifndef ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN
-#define ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN   1
-#endif
-
 /* Variable prototype, the actual declaration is at the end of this file
   since it contains pointers to static functions declared here */
 extern const struct altcp_functions altcp_mbedtls_functions;
@ -938,9 +923,6 @@ altcp_mbedtls_close(struct altcp_pcb *conn)
 static u16_t
 altcp_mbedtls_sndbuf(struct altcp_pcb *conn)
 {
-  /* Take care of record header, IV, AuthTag */
-#if ALTCP_MBEDTLS_SNDBUF_OVERHEAD
-  size_t ssl_added = ALTCP_MBEDTLS_SNDBUF_OVERHEAD;

  if (conn) {
    altcp_mbedtls_state_t *state;
@ -950,26 +932,29 @@ altcp_mbedtls_sndbuf(struct altcp_pcb *conn)
    }
    if (conn->inner_conn) {
      u16_t sndbuf = altcp_sndbuf(conn->inner_conn);
-      /* internal sndbuf smaller than our offset */
-      if (ssl_added < sndbuf) {
-        size_t max_len = 0xFFFF;
-        size_t ret;
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN
-        /* @todo: adjust ssl_added to real value related to negociated cipher */
-        size_t max_frag_len = mbedtls_ssl_get_max_frag_len(&state->ssl_context);
-        max_len = LWIP_MIN(max_frag_len, max_len);
+      /* Take care of record header, IV, AuthTag */
+      int ssl_expan = mbedtls_ssl_get_record_expansion(&state->ssl_context);
+      if (ssl_expan > 0) {
+        size_t ssl_added = (u16_t)LWIP_MIN(ssl_expan, 0xFFFF);
+        /* internal sndbuf smaller than our offset */
+        if (ssl_added < sndbuf) {
+          size_t max_len = 0xFFFF;
+          size_t ret;
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+          /* @todo: adjust ssl_added to real value related to negociated cipher */
+          size_t max_frag_len = mbedtls_ssl_get_max_frag_len(&state->ssl_context);
+          max_len = LWIP_MIN(max_frag_len, max_len);
 #endif
-        /* Adjust sndbuf of inner_conn with what added by SSL */
-        ret = LWIP_MIN(sndbuf - ssl_added, max_len);
-        LWIP_ASSERT("sndbuf overflow", ret <= 0xFFFF);
-        return (u16_t)ret;
+          /* Adjust sndbuf of inner_conn with what added by SSL */
+          ret = LWIP_MIN(sndbuf - ssl_added, max_len);
+          LWIP_ASSERT("sndbuf overflow", ret <= 0xFFFF);
+          return (u16_t)ret;
+        }
      }
    }
  }
-  return 0;
-#else /* ALTCP_MBEDTLS_SNDBUF_OVERHEAD */
+  /* fallback: use sendbuf of the inner connection */
  return altcp_default_sndbuf(conn);
-#endif
 }

 /** Write data to a TLS connection. Calls into mbedTLS, which in turn calls into