Let MBEDTLS_SSL_MAX_CONTENT_LEN to be split into outward & inward sizes
For the situation where the mbedTLS device has limited RAM, but the other end of the connection doesn't support the max_fragment_length extension. To be spec-compliant, mbedTLS has to keep a 16384 byte incoming buffer. However the outgoing buffer can be made smaller without breaking spec compliance, and we save some RAM. See comments in include/mbedtls/config.h for some more details. (The lower limit of outgoing buffer size is the buffer size used during handshake/cert negotiation. As the handshake is half-duplex it might even be possible to store this data in the "incoming" buffer during the handshake, which would save even more RAM - but it would also be a lot hackier and error-prone. I didn't really explore this possibility, but thought I'd mention it here in case someone sees this later on a mission to jam mbedTLS into an even tinier RAM footprint.)
This commit is contained in:
Angus Gratton
parent
2dbecc04cc
commit
d8213d00db
7 changed files with 198 additions and 87 deletions
|
|
@ -220,7 +220,7 @@
|
|||
#endif
|
||||
|
||||
/*
|
||||
* Maxium fragment length in bytes,
|
||||
* Maximum fragment length in bytes,
|
||||
* determines the size of each of the two internal I/O buffers.
|
||||
*
|
||||
* Note: the RFC defines the default size of SSL / TLS messages. If you
|
||||
|
|
@ -234,6 +234,14 @@
|
|||
#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
|
||||
#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
|
||||
#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
|
|
@ -2418,7 +2426,8 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
|
|||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/**
|
||||
* \brief Set the maximum fragment length to emit and/or negotiate
|
||||
* (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
|
||||
* (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and
|
||||
* MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes)
|
||||
* (Server: set maximum fragment length to emit,
|
||||
* usually negotiated by the client during handshake
|
||||
* (Client: set maximum fragment length to emit *and*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue