Stop wasting resources

Use a custom function that minimally parses the message an creates a reply without the overhead of a full SSL context. Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's also depend on SRV_C as is doesn't make sense on client.
2015-09-08 17:50:29 +02:00 · 2015-09-08 17:50:29 +02:00 · 62c74bb78a
commit 62c74bb78a
parent 222cb8db22
3 changed files with 169 additions and 85 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -421,6 +421,11 @@
 #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif

+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
+    ( !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) || !defined(MBEDTLS_SSL_SRV_C) )
+#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
 #error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1144,6 +1144,9 @@
 * new connection securely, as described in section 4.1.8 of RFC 6347. This
 * flag enables that support.
 *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *           MBEDTLS_SSL_SRV_C
+ *
 * Comment this to disable support for clients reusing the source port.
 */
 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE