From 37b0fc06f02bf2dc16d579959a97529f1444142c Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Thu, 13 Feb 2020 17:37:25 +0100 Subject: [PATCH] Use two buffers instead of split mode Use two dedicated buffers for input and output instead of split mode. Indeed some MQTT server (especially with TLS) needs a full 8k buffer as they send their Certificate. On the other hand, on output, a smaller buffer is needed. Clients will be able to finely tune those values by defining BEAR_SSL_CLIENT_{I,O}BUF_SIZE before including ArduinoBearSSL.h, the default default values have been chosen to keep current behavior as requested during review. Signed-off-by: Fabrice Fontaine --- src/BearSSLClient.cpp | 3 +-- src/BearSSLClient.h | 11 ++++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp index 78c7de2..4ad379a 100644 --- a/src/BearSSLClient.cpp +++ b/src/BearSSLClient.cpp @@ -248,8 +248,7 @@ int BearSSLClient::connectSSL(const char* host) // initialize client context with all algorithms and hardcoded trust anchors br_ssl_client_init_full(&_sc, &_xc, _TAs, _numTAs); - // set the buffer in split mode - br_ssl_engine_set_buffer(&_sc.eng, _iobuf, sizeof(_iobuf), 1); + br_ssl_engine_set_buffers_bidi(&_sc.eng, _ibuf, sizeof(_ibuf), _obuf, sizeof(_obuf)); // inject entropy in engine unsigned char entropy[32]; diff --git a/src/BearSSLClient.h b/src/BearSSLClient.h index becc155..42fee4e 100644 --- a/src/BearSSLClient.h +++ b/src/BearSSLClient.h @@ -25,8 +25,12 @@ #ifndef _BEAR_SSL_CLIENT_H_ #define _BEAR_SSL_CLIENT_H_ -#ifndef BEAR_SSL_CLIENT_IOBUF_SIZE -#define BEAR_SSL_CLIENT_IOBUF_SIZE 8192 + 85 + 325 +#ifndef BEAR_SSL_CLIENT_OBUF_SIZE +#define BEAR_SSL_CLIENT_OBUF_SIZE 512 + 85 +#endif + +#ifndef BEAR_SSL_CLIENT_IBUF_SIZE +#define BEAR_SSL_CLIENT_IBUF_SIZE 8192 + 85 + 325 - BEAR_SSL_CLIENT_OBUF_SIZE #endif #include @@ -78,7 +82,8 @@ class BearSSLClient : public Client { br_ssl_client_context _sc; br_x509_minimal_context _xc; - unsigned char _iobuf[BEAR_SSL_CLIENT_IOBUF_SIZE]; + unsigned char _ibuf[BEAR_SSL_CLIENT_IBUF_SIZE]; + unsigned char _obuf[BEAR_SSL_CLIENT_OBUF_SIZE]; br_sslio_context _ioc; };