From 280075104e64a326985417c1e3f7dc4658586c8c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 28 Aug 2018 09:46:44 +0100 Subject: [PATCH] DTLS Reordering: Improve doc of MBEDTLS_SSL_DTLS_MAX_BUFFERING --- include/mbedtls/config.h | 9 +++++++++ include/mbedtls/ssl.h | 6 +++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1cdff71f1..70770de43 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3015,6 +3015,15 @@ * Maximum number of heap-allocated bytes for the purpose of * DTLS handshake message reassembly and future message buffering. * + * This should be at least 9/8 * MBEDTLSSL_MAX_IN_CONTENT_LEN + * to account for a reassembled handshake message of maximum size, + * together with its reassembly bitmap. + * + * A value of 2 * MBEDTLS_SSL_MAX_IN_CONTENT_LEN (32768 by default) + * should be sufficient for all practical situations as it allows + * to reassembly a large handshake message (such as a certificate) + * while buffering multiple smaller handshake messages. + * */ //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 39c7bfaa1..5de911cd5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -243,8 +243,12 @@ #define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN #endif +/* + * Maximum number of heap-allocated bytes for the purpose of + * DTLS handshake message reassembly and future message buffering. + */ #if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING) -#define MBEDTLS_SSL_DTLS_MAX_BUFFERING ( 2 * MBEDTLS_SSL_IN_CONTENT_LEN ) +#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 #endif /* \} name SECTION: Module settings */