[lwip-devel] [bug #52836] altcp_write error because of invalid sndbuf available returned

[David GIRAULT]

Follow-up Comment #4, bug #52836 (project lwip):

Sorry, have no time to reply before.

No problem for your editing, I try to push bugs I found in an early state so
it can be discussed. Patch I gave are subject to change (and this one wasn't
rebase to latest master of lwip du to lack of time)...

For your questions, the ssl_added variable include
- the SSL record header which is 5 bytes,
- the 8 bytes IV use to encrypt the record,
- the 16 bytes TAG use to authenticate the record,
- 3 additional bytes to keep a size aligned (may not be necessary),
- 16 additional bytes for security because the IV and TAG size may change and
if TAG is 32 bytes (SHA512 for example), you loose because calculated sndbuf
will be to big.

Since I don't known how I can gather the size of IV and TAG negotiated by SSL
during handshake, I put some conservative value here.

If you know some mbedTLS functions that can do this job, it will be great to
use them.

Sorry I don't understand you question in comment #2, but what I see in
`mbedtls_ssl_write` is that it always fail if provided buffer size is >
negociated fragment/record size and previous fragment is always flushed
before, so it always start with a new fragment. It result `sndbuf` MUST be <=
`mbedtls_ssl_get_max_frag_len()`.



    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?52836>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/