From b347df8d9a28e29e43e265989029f8bdada4ba45 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 17 May 2013 10:29:34 -0700
Subject: [PATCH] DTLS rx size check, ssn10 Allows for receiving datagrams
 larger than the MTU that are reassembled by the IP stack.

---
 cyassl/internal.h |  3 ++-
 src/internal.c    |  7 ++++---
 src/ssl.c         | 13 +++++++++++++
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/cyassl/internal.h b/cyassl/internal.h
index 0ffdd1115..d161e48d9 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -561,7 +561,7 @@ enum Misc {
                                    digest sz + BLOC_SZ (iv) + pad byte (1) */
     MAX_COMP_EXTRA  = 1024,     /* max compression extra */
     MAX_MTU         = 1500,     /* max expected MTU */
-    MAX_UDP_SIZE    = MAX_MTU - 100,   /* don't exceed MTU w/ 100 byte header */
+    MAX_UDP_SIZE    = 8192 - 100, /* was MAX_MTU - 100 */
     MAX_DH_SZ       = 612,      /* 2240 p, pub, g + 2 byte size for each */
     MAX_STR_VERSION = 8,        /* string rep of protocol version */
 
@@ -1693,6 +1693,7 @@ struct CYASSL {
     DtlsPool*       dtls_pool;
     DtlsMsg*        dtls_msg_list;
     void*           IOCB_CookieCtx;     /* gen cookie ctx */
+    word32          dtls_expected_rx;
 #endif
 #ifdef CYASSL_CALLBACKS
     HandShakeInfo   handShakeInfo;      /* info saved during handshake */
diff --git a/src/internal.c b/src/internal.c
index b7dc206cd..92e7d4f78 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1286,6 +1286,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
     ssl->IOCB_WriteCtx = &ssl->wfd;  /* correctly set */
 #ifdef CYASSL_DTLS
     ssl->IOCB_CookieCtx = NULL;      /* we don't use for default cb */
+    ssl->dtls_expected_rx = MAX_MTU;
 #endif
 
 #ifndef NO_OLD_TLS
@@ -4376,9 +4377,9 @@ static int GetInputData(CYASSL *ssl, word32 size)
 
 #ifdef CYASSL_DTLS
     if (ssl->options.dtls) {
-        if (size < MAX_MTU)
-            dtlsExtra = (int)(MAX_MTU - size);
-        inSz = MAX_MTU;       /* read ahead up to MTU */
+        if (size < ssl->dtls_expected_rx)
+            dtlsExtra = (int)(ssl->dtls_expected_rx - size);
+        inSz = ssl->dtls_expected_rx;  
     }
 #endif
     
diff --git a/src/ssl.c b/src/ssl.c
index 4bc52a423..88b59bf61 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -88,6 +88,15 @@
 
 #endif /* min */
 
+#ifndef max
+
+    static INLINE word32 max(word32 a, word32 b)
+    {
+        return a > b ? a : b;
+    }
+
+#endif /* min */
+
 
 #ifndef CYASSL_LEANPSK
 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
@@ -440,6 +449,10 @@ static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek)
 #ifdef HAVE_ERRNO_H 
         errno = 0;
 #endif
+#ifdef CYASSL_DTLS
+    if (ssl->options.dtls)
+        ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
+#endif
 
     ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);