Allow compile-time configuration of DTLS badmac limit

Introduces MBEDTLS_SSL_CONF_BADMAC_LIMIT to fix the maximum number of records with bad MAC tolerated in DTLS at compile-time. Impact on code-size: | | GCC | ARMC5 | ARMC6 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23511 | 24049 | 27903 | | `libmbedtls.a` after | 23487 | 24025 | 27885 | | gain in Bytes | 24 | 24 | 18 |
2026-05-11 14:38:17 +02:00 · 2019-06-12 16:30:46 +01:00
parent 7f376f4ece
commit de67154658
8 changed files with 53 additions and 10 deletions
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -2586,6 +2586,14 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_SSL_CONF_ANTI_REPLAY */

+#if defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
+    if( strcmp( "MBEDTLS_SSL_CONF_BADMAC_LIMIT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_BADMAC_LIMIT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CONF_BADMAC_LIMIT */
+
 #if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
    if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 )
    {