mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-09-17 20:24:24 +00:00
altcp_mbedtls_sndbuf: use mbedtls_ssl_get_record_expansion()
This commit is contained in:
parent
6606c4013f
commit
de68c5bed6
@ -92,21 +92,6 @@
|
|||||||
#define ALTCP_MBEDTLS_ENTROPY_LEN 0
|
#define ALTCP_MBEDTLS_ENTROPY_LEN 0
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Define this to whatever overhead is suitable.
|
|
||||||
* Defaults to take care of record header, IV, AuthTag.
|
|
||||||
* The last '+16' is for alignment & security.
|
|
||||||
*/
|
|
||||||
#ifndef ALTCP_MBEDTLS_SNDBUF_OVERHEAD
|
|
||||||
#define ALTCP_MBEDTLS_SNDBUF_OVERHEAD (5 + 8 + 16 + (MEM_ALIGNMENT - 1) + 16)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/** When this is 1 and ALTCP_MBEDTLS_SNDBUF_OVERHEAD==1, the sndbuf
|
|
||||||
* is limited to the (negotiated) maximum fragment length.
|
|
||||||
*/
|
|
||||||
#ifndef ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN
|
|
||||||
#define ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Variable prototype, the actual declaration is at the end of this file
|
/* Variable prototype, the actual declaration is at the end of this file
|
||||||
since it contains pointers to static functions declared here */
|
since it contains pointers to static functions declared here */
|
||||||
extern const struct altcp_functions altcp_mbedtls_functions;
|
extern const struct altcp_functions altcp_mbedtls_functions;
|
||||||
@ -938,9 +923,6 @@ altcp_mbedtls_close(struct altcp_pcb *conn)
|
|||||||
static u16_t
|
static u16_t
|
||||||
altcp_mbedtls_sndbuf(struct altcp_pcb *conn)
|
altcp_mbedtls_sndbuf(struct altcp_pcb *conn)
|
||||||
{
|
{
|
||||||
/* Take care of record header, IV, AuthTag */
|
|
||||||
#if ALTCP_MBEDTLS_SNDBUF_OVERHEAD
|
|
||||||
size_t ssl_added = ALTCP_MBEDTLS_SNDBUF_OVERHEAD;
|
|
||||||
|
|
||||||
if (conn) {
|
if (conn) {
|
||||||
altcp_mbedtls_state_t *state;
|
altcp_mbedtls_state_t *state;
|
||||||
@ -950,26 +932,29 @@ altcp_mbedtls_sndbuf(struct altcp_pcb *conn)
|
|||||||
}
|
}
|
||||||
if (conn->inner_conn) {
|
if (conn->inner_conn) {
|
||||||
u16_t sndbuf = altcp_sndbuf(conn->inner_conn);
|
u16_t sndbuf = altcp_sndbuf(conn->inner_conn);
|
||||||
/* internal sndbuf smaller than our offset */
|
/* Take care of record header, IV, AuthTag */
|
||||||
if (ssl_added < sndbuf) {
|
int ssl_expan = mbedtls_ssl_get_record_expansion(&state->ssl_context);
|
||||||
size_t max_len = 0xFFFF;
|
if (ssl_expan > 0) {
|
||||||
size_t ret;
|
size_t ssl_added = (u16_t)LWIP_MIN(ssl_expan, 0xFFFF);
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN
|
/* internal sndbuf smaller than our offset */
|
||||||
/* @todo: adjust ssl_added to real value related to negociated cipher */
|
if (ssl_added < sndbuf) {
|
||||||
size_t max_frag_len = mbedtls_ssl_get_max_frag_len(&state->ssl_context);
|
size_t max_len = 0xFFFF;
|
||||||
max_len = LWIP_MIN(max_frag_len, max_len);
|
size_t ret;
|
||||||
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
/* @todo: adjust ssl_added to real value related to negociated cipher */
|
||||||
|
size_t max_frag_len = mbedtls_ssl_get_max_frag_len(&state->ssl_context);
|
||||||
|
max_len = LWIP_MIN(max_frag_len, max_len);
|
||||||
#endif
|
#endif
|
||||||
/* Adjust sndbuf of inner_conn with what added by SSL */
|
/* Adjust sndbuf of inner_conn with what added by SSL */
|
||||||
ret = LWIP_MIN(sndbuf - ssl_added, max_len);
|
ret = LWIP_MIN(sndbuf - ssl_added, max_len);
|
||||||
LWIP_ASSERT("sndbuf overflow", ret <= 0xFFFF);
|
LWIP_ASSERT("sndbuf overflow", ret <= 0xFFFF);
|
||||||
return (u16_t)ret;
|
return (u16_t)ret;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
/* fallback: use sendbuf of the inner connection */
|
||||||
#else /* ALTCP_MBEDTLS_SNDBUF_OVERHEAD */
|
|
||||||
return altcp_default_sndbuf(conn);
|
return altcp_default_sndbuf(conn);
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Write data to a TLS connection. Calls into mbedTLS, which in turn calls into
|
/** Write data to a TLS connection. Calls into mbedTLS, which in turn calls into
|
||||||
|
Loading…
Reference in New Issue
Block a user