Configure maximum fragment length extension. (FreeRTOS#350)

laroche · Oct 18, 2020 · 2eed409 · 2eed409
1 parent 60ac51d
commit 2eed409
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 0 deletions.
diff --git a/FreeRTOS-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos.c b/FreeRTOS-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos.c
@@ -402,6 +402,27 @@ static void setOptionalConfigurations( SSLContext_t * pSslContext,
                         mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
         }
     }
+
+    /* Set Maximum Fragment Length if enabled. */
+    #ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+    if( 0 == mbedtlsError )
+    {
+        /* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted.
+         * See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information.
+         *
+         * Smaller values can be found in "mbedtls/include/ssl.h".
+         */
+        mbedtlsError = mbedtls_ssl_conf_max_frag_len( &( pSslContext->config ), MBEDTLS_SSL_MAX_FRAG_LEN_4096 );
+
+        if( mbedtlsError != 0 )
+        {
+            LogError( ( "Failed to maximum fragment length extension: mbedTLSError= %s : %s.",
+                        mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
+                        mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
+        }
+    }
+    #endif
+
 }
 /*-----------------------------------------------------------*/
 

diff --git a/...S-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos_pkcs11.c b/...S-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos_pkcs11.c
@@ -393,6 +393,27 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext,
         }
     }
 
+    /* Set Maximum Fragment Length if enabled. */
+    #ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+    if( returnStatus == TLS_TRANSPORT_SUCCESS )
+    {
+        /* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted.
+         * See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information.
+         *
+         * Smaller values can be found in "mbedtls/include/ssl.h".
+         */
+        mbedtlsError = mbedtls_ssl_conf_max_frag_len( &( pNetworkContext->sslContext.config ), MBEDTLS_SSL_MAX_FRAG_LEN_4096 );
+
+        if( mbedtlsError != 0 )
+        {
+            LogError( ( "Failed to maximum fragment length extension: mbedTLSError= %s : %s.",
+                        mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
+                        mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
+            returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
+        }
+    }
+    #endif
+
     if( returnStatus == TLS_TRANSPORT_SUCCESS )
     {
         /* Perform the TLS handshake. */