Split the maximum fragment length into two - an input and output MFL
Since the server might want to have a different maximum fragment length
for the outgoing messages than the negotiated one - introduce a new way of
computing it. This commit also adds additional ssl-opt.sh tests ensuring
that the maximum fragment lengths are set as expected.
mbedtls_ssl_get_max_frag_len() is now a deprecated function,
being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour
of this function is the same as before.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/ChangeLog b/ChangeLog
index bcceebb..0547f69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@
New deprecations
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
SSL module for hardware acceleration of individual records.
+ * Deprecate mbedtls_ssl_get_max_frag_len() in favour of
+ mbedtls_ssl_get_output_max_frag_len() and
+ mbedtls_ssl_get_input_max_frag_len() to be more precise about which max
+ fragment length is desired.
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
@@ -13,6 +17,11 @@
Changes
* Mbed Crypto is no longer a Git submodule. The crypto part of the library
is back directly in the present repository.
+ * Split mbedtls_ssl_get_max_frag_len() into
+ mbedtls_ssl_get_output_max_frag_len() and
+ mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input
+ buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ is defined), regardless of what MFL was configured for it.
= mbed TLS 2.21.0 branch released 2020-02-20