mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-09-17 20:24:24 +00:00
altcp_mbedtls_sndbuf: use mbedtls_ssl_get_record_expansion()
This commit is contained in:
parent
6606c4013f
commit
de68c5bed6
@ -92,21 +92,6 @@
|
||||
#define ALTCP_MBEDTLS_ENTROPY_LEN 0
|
||||
#endif
|
||||
|
||||
/** Define this to whatever overhead is suitable.
|
||||
* Defaults to take care of record header, IV, AuthTag.
|
||||
* The last '+16' is for alignment & security.
|
||||
*/
|
||||
#ifndef ALTCP_MBEDTLS_SNDBUF_OVERHEAD
|
||||
#define ALTCP_MBEDTLS_SNDBUF_OVERHEAD (5 + 8 + 16 + (MEM_ALIGNMENT - 1) + 16)
|
||||
#endif
|
||||
|
||||
/** When this is 1 and ALTCP_MBEDTLS_SNDBUF_OVERHEAD==1, the sndbuf
|
||||
* is limited to the (negotiated) maximum fragment length.
|
||||
*/
|
||||
#ifndef ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN
|
||||
#define ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN 1
|
||||
#endif
|
||||
|
||||
/* Variable prototype, the actual declaration is at the end of this file
|
||||
since it contains pointers to static functions declared here */
|
||||
extern const struct altcp_functions altcp_mbedtls_functions;
|
||||
@ -938,9 +923,6 @@ altcp_mbedtls_close(struct altcp_pcb *conn)
|
||||
static u16_t
|
||||
altcp_mbedtls_sndbuf(struct altcp_pcb *conn)
|
||||
{
|
||||
/* Take care of record header, IV, AuthTag */
|
||||
#if ALTCP_MBEDTLS_SNDBUF_OVERHEAD
|
||||
size_t ssl_added = ALTCP_MBEDTLS_SNDBUF_OVERHEAD;
|
||||
|
||||
if (conn) {
|
||||
altcp_mbedtls_state_t *state;
|
||||
@ -950,26 +932,29 @@ altcp_mbedtls_sndbuf(struct altcp_pcb *conn)
|
||||
}
|
||||
if (conn->inner_conn) {
|
||||
u16_t sndbuf = altcp_sndbuf(conn->inner_conn);
|
||||
/* internal sndbuf smaller than our offset */
|
||||
if (ssl_added < sndbuf) {
|
||||
size_t max_len = 0xFFFF;
|
||||
size_t ret;
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && ALTCP_MBEDTLS_SNDBUF_OVERHEAD_LIMIT_TO_MAX_FRAG_LEN
|
||||
/* @todo: adjust ssl_added to real value related to negociated cipher */
|
||||
size_t max_frag_len = mbedtls_ssl_get_max_frag_len(&state->ssl_context);
|
||||
max_len = LWIP_MIN(max_frag_len, max_len);
|
||||
/* Take care of record header, IV, AuthTag */
|
||||
int ssl_expan = mbedtls_ssl_get_record_expansion(&state->ssl_context);
|
||||
if (ssl_expan > 0) {
|
||||
size_t ssl_added = (u16_t)LWIP_MIN(ssl_expan, 0xFFFF);
|
||||
/* internal sndbuf smaller than our offset */
|
||||
if (ssl_added < sndbuf) {
|
||||
size_t max_len = 0xFFFF;
|
||||
size_t ret;
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/* @todo: adjust ssl_added to real value related to negociated cipher */
|
||||
size_t max_frag_len = mbedtls_ssl_get_max_frag_len(&state->ssl_context);
|
||||
max_len = LWIP_MIN(max_frag_len, max_len);
|
||||
#endif
|
||||
/* Adjust sndbuf of inner_conn with what added by SSL */
|
||||
ret = LWIP_MIN(sndbuf - ssl_added, max_len);
|
||||
LWIP_ASSERT("sndbuf overflow", ret <= 0xFFFF);
|
||||
return (u16_t)ret;
|
||||
/* Adjust sndbuf of inner_conn with what added by SSL */
|
||||
ret = LWIP_MIN(sndbuf - ssl_added, max_len);
|
||||
LWIP_ASSERT("sndbuf overflow", ret <= 0xFFFF);
|
||||
return (u16_t)ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
#else /* ALTCP_MBEDTLS_SNDBUF_OVERHEAD */
|
||||
/* fallback: use sendbuf of the inner connection */
|
||||
return altcp_default_sndbuf(conn);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Write data to a TLS connection. Calls into mbedTLS, which in turn calls into
|
||||
|
Loading…
Reference in New Issue
Block a user