Declare ssl_conf_mtu()

This commit is contained in:
Manuel Pégourié-Gonnard 2017-09-21 13:15:27 +02:00
parent 01ec4af023
commit 0b1d9b2c75
3 changed files with 53 additions and 0 deletions

View file

@ -24,6 +24,9 @@ Changes
* Improve compatibility with some alternative CCM implementations by using
CCM test vectors from RAM.
INTERNAL NOTE: need to bump soversion of libmbedtls:
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
= mbed TLS 2.12.0 branch released 2018-07-25
Security

View file

@ -958,6 +958,10 @@ struct mbedtls_ssl_config
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint16_t mtu; /*!< path mtu, used to fragment outoing messages */
#endif
unsigned char max_major_ver; /*!< max. major version used */
unsigned char max_minor_ver; /*!< max. minor version used */
unsigned char min_major_ver; /*!< min. major version used */
@ -2423,6 +2427,33 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
char cert_req_ca_list );
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/**
* \brief Set the Maximum Tranport Unit (MTU).
* This represents the maximum size of a datagram payload
* handled by the transport layer (usually UDP) as determined
* by the network link and stack. In practice, this controls
* the maximum size datagram the DTLS layer will pass to the
* \c f_send() callback set using \c mbedtls_ssl_set_bio().
*
* \note This only controls the size of the packet we send.
* Client-side, you can request the server to use smaller
* records with \c mbedtls_conf_max_frag_len().
*
* \note If both a MTU and a maximum fragment length have been
* configured (or negotiated with the peer), the lower limit
* is used.
*
* \note Values larger than \c MBEDTLS_SSL_OUT_CONTENT_LEN have no
* effect. This can only be used to decrease the maximum size
* of detagrams sent.
*
* \param conf SSL configuration
* \param mtu Value of the path MTU in bytes
*/
void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Set the maximum fragment length to emit and/or negotiate
@ -2433,6 +2464,18 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
* (Client: set maximum fragment length to emit *and*
* negotiate with the server during handshake)
*
* \note With TLS, this currently only affects ApplicationData (sent
* with \c mbedtls_ssl_read()), not handshake messages.
* With DTLS, this affects both ApplicationData and handshake.
*
* \note This sets the maximum length for a record's paylaod,
* excluding record overhead that will be added to it, see
* \c mbedtls_ssl_get_record_expansion().
*
* \note For DTLS, it is also possible to set a limit for the total
* size of daragrams passed to the transport layer, including
* record overhead, see \c mbedtls_ssl_conf_mtu().
*
* \param conf SSL configuration
* \param mfl_code Code for maximum fragment length (allowed values:
* MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024,

View file

@ -6750,6 +6750,13 @@ void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
}
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu )
{
conf->mtu = mtu;
}
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
{