Allow compile-time configuration of DTLS badmac limit
Introduces MBEDTLS_SSL_CONF_BADMAC_LIMIT to fix the maximum
number of records with bad MAC tolerated in DTLS at compile-time.
Impact on code-size:
| | GCC | ARMC5 | ARMC6 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23511 | 24049 | 27903 |
| `libmbedtls.a` after | 23487 | 24025 | 27885 |
| gain in Bytes | 24 | 24 | 18 |
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 35b3fe9..2a7ca13 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -2586,6 +2586,14 @@
}
#endif /* MBEDTLS_SSL_CONF_ANTI_REPLAY */
+#if defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
+ if( strcmp( "MBEDTLS_SSL_CONF_BADMAC_LIMIT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_BADMAC_LIMIT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CONF_BADMAC_LIMIT */
+
#if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 )
{