[tls] Split received records over multiple I/O buffers - openslx-ng/ipxe.git - Fork of ipxe; additional commands and features

diff options

author	Michael Brown	2012-09-26 22:42:23 +0200
committer	Michael Brown	2012-09-27 02:56:01 +0200
commit	72db14640c2a9eac0ba53baa955b180f1f4b9c2f (patch)
tree	239f9dbbdfe5c889a9fd72110efae604ec80b14c /src/include/usr
parent	[crypto] Allow in-place CBC decryption (diff)
download	ipxe-72db14640c2a9eac0ba53baa955b180f1f4b9c2f.tar.gz ipxe-72db14640c2a9eac0ba53baa955b180f1f4b9c2f.tar.xz ipxe-72db14640c2a9eac0ba53baa955b180f1f4b9c2f.zip

[tls] Split received records over multiple I/O buffers

TLS servers are not obliged to implement the RFC3546 maximum fragment length extension, and many common servers (including OpenSSL, as used in Apache's mod_ssl) do not do so. iPXE may therefore have to cope with TLS records of up to 16kB. Allocations for 16kB have a non-negligible chance of failing, causing the TLS connection to abort. Fix by maintaining the received record as a linked list of I/O buffers, rather than a single contiguous buffer. To reduce memory pressure, we also decrypt in situ, and deliver the decrypted data via xfer_deliver_iob() rather than xfer_deliver_raw(). Signed-off-by: Michael Brown <mcb30@ipxe.org>

Diffstat (limited to 'src/include/usr')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: