I am running on a Nordic Semiconductor nRF52840 connected to a Wiznet W5500, running Zephyr. The goal is to connect securely to the Azure IoT Hub. I am using the mbedtls that comes with Zephyr.
The IDE is VS Code with nRF Connect v1.9.1
During the connect process the call to mbedtls_ssl_setup() initializes the input and output buffer lengths:
int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
const mbedtls_ssl_config *conf )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
ssl->conf = conf;
/*
* Prepare base structures
*/
/* Set to NULL in case of an error condition */
ssl->out_buf = NULL;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
ssl->in_buf_len = in_buf_len;
#endif
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
if( ssl->in_buf == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
ssl->out_buf_len = out_buf_len;
#endif
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
if( ssl->out_buf == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
mbedtls_ssl_reset_in_out_pointers( ssl );
#if defined(MBEDTLS_SSL_DTLS_SRTP)
memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) );
#endif
if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
goto error;
return( 0 );
error:
mbedtls_free( ssl->in_buf );
mbedtls_free( ssl->out_buf );
ssl->conf = NULL;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
ssl->in_buf_len = 0;
ssl->out_buf_len = 0;
#endif
ssl->in_buf = NULL;
ssl->out_buf = NULL;
ssl->in_hdr = NULL;
ssl->in_ctr = NULL;
ssl->in_len = NULL;
ssl->in_iv = NULL;
ssl->in_msg = NULL;
ssl->out_hdr = NULL;
ssl->out_ctr = NULL;
ssl->out_len = NULL;
ssl->out_iv = NULL;
ssl->out_msg = NULL;
return( ret );
}
In ssl.h
#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
#endif
In nrf-config.h
#define MBEDTLS_SSL_IN_CONTENT_LEN 16380
In ssl_misc.h
#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
( MBEDTLS_SSL_IN_CONTENT_LEN ) )
#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_IN_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
#else
#define MBEDTLS_SSL_IN_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
+ ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
#endif
MBEDTLS_SSL_IN_BUFFER_LEN and MBEDTLS_SSL_OUT_BUFFER_LEN are defined in ssl_misc.h and should be > 16384. However, if I break in this function, the value of in_buf_len and out_buf_len are both 0x719. This causes a failure during the handshake process because the buffers are not large enough to hold the message to be received from the server.
I am baffled as to how the compiler is coming up with 0x719 for the assignment to in_buf_len and out_buf_len.
Any help is appreciated.
MDF