Are the different ways mbedtls_ssl_write() is used in coap_tls_write() and coap_dtls_write() intended?

[pptz]

This is not so much a feature request as it is a question (which may end up being a bug report). When the size of the data that mbedtls_ssl_write() (coap_mbedtls.c) wants to send is too large, we need to call it repeatedly while data to be sent remains. This is implemented in coap_tls_write():

while (amount_sent < data_len) {
    ret = mbedtls_ssl_write(&m_env->ssl, &data[amount_sent], data_len - amount_sent);
    ...
    amount_sent += ret;
    ...

However, in coap_dtls_write() it isn't:

ret = mbedtls_ssl_write(&m_env->ssl, (const unsigned char *) data, data_len);
...

Is this intentional? I'm asking because back in v4.3.1 which we've been using before the while loop was not implemented at all and we used to have an internal patch applied to both functions. I don't know enough about the intended behaviour of these methods to be sure.

[mrdeep1]

Thanks for raising this.

This is intentional. With a streaming protocol (TCP, which TLS uses), the kernel output buffer can be running almost full (data is going out slowly over the network - there are network retries etc.) and so a new mbedtls_ssl_write() may not be able to add all the data to the output buffer - hence retry loop.

As UDP datagrams (which DTLS uses) cannot be split (apart from any IP fragmentation that may take place) as the datagram defines the length of data the whole datagram . So, either all of the data is sent, or an error (EAGAIN) raised if the output buffer cannot take the full packet.