wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove dtls_expected_rx and use expected values directly

Browse Source 
We should always read MTU + EXTRA so that we capture the entire message and are able to correctly decrypt the entire datagram. A smaller MTU also breaks larger handshake messages sent during a connection like secure renegotiation in DTLS 1.2 (confirmed) and post-handshake messages in DTLS 1.3 (suspected).
This commit is contained in:
Juliusz Sosinowicz
2023-10-05 16:26:06 +02:00
parent 80c8c62fb2
commit 89946126f2
3 changed files with 14 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/internal.c
View File

@@ -7182,13 +7182,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz = ctx->dtlsMtuSz;
ssl->dtls_expected_rx = ssl->dtlsMtuSz;
#else
ssl->dtls_expected_rx = MAX_MTU;
#endif
/* Add some bytes so that we can operate with slight difference
* in set MTU size on each peer */
ssl->dtls_expected_rx += DTLS_MTU_ADDITIONAL_READ_BUFFER;
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
ssl->dtls_timeout = ssl->dtls_timeout_init;
@@ -10599,13 +10593,12 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (size + ssl->buffers.outputBuffer.length >
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz
word32 mtu = (word32)ssl->dtlsMtuSz;
#else
ssl->dtls_expected_rx
word32 mtu = MAX_MTU;
#endif
) {
if ((word32)size + ssl->buffers.outputBuffer.length > mtu) {
int ret;
WOLFSSL_MSG("CheckAvailableSize() flushing buffer "
"to make room for new message");
@@ -10613,12 +10606,7 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
return ret;
}
}
if (size > (int)
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz
#else
ssl->dtls_expected_rx
#endif
if ((word32)size > mtu
#ifdef WOLFSSL_DTLS13
/* DTLS1.3 uses the output buffer to store the full message and deal
with fragmentation later in dtls13HandshakeSend() */
@@ -19854,10 +19842,16 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
inSz = (int)(size - usedLength); /* from last partial read */
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (size < ssl->dtls_expected_rx)
dtlsExtra = (int)(ssl->dtls_expected_rx - size);
inSz = ssl->dtls_expected_rx;
if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) {
/* Add DTLS_MTU_ADDITIONAL_READ_BUFFER bytes so that we can operate with
* slight difference in set MTU size on each peer */
#ifdef WOLFSSL_DTLS_MTU
inSz = (word32)ssl->dtlsMtuSz + DTLS_MTU_ADDITIONAL_READ_BUFFER;
#else
inSz = MAX_MTU + DTLS_MTU_ADDITIONAL_READ_BUFFER;
#endif
if (size < (word32)inSz)
dtlsExtra = (int)(inSz - size);
}
#endif

16
src/ssl.c
View File

@@ -3338,22 +3338,6 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
errno = 0;
#endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
ssl->dtls_expected_rx = max(sz + DTLS_MTU_ADDITIONAL_READ_BUFFER,
MAX_MTU);
#ifdef WOLFSSL_SCTP
if (ssl->options.dtlsSctp)
#endif
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
/* Add some bytes so that we can operate with slight difference
* in set MTU size on each peer */
ssl->dtls_expected_rx = max(ssl->dtls_expected_rx,
ssl->dtlsMtuSz + (word32)DTLS_MTU_ADDITIONAL_READ_BUFFER);
#endif
}
#endif
ret = ReceiveData(ssl, (byte*)data, sz, peek);
#ifdef HAVE_WRITE_DUP

1
wolfssl/internal.h
View File

@@ -5567,7 +5567,6 @@ struct WOLFSSL {
DtlsMsg* dtls_tx_msg;
DtlsMsg* dtls_rx_msg_list;
void* IOCB_CookieCtx; /* gen cookie ctx */
word32 dtls_expected_rx;
#ifdef WOLFSSL_SESSION_EXPORT
wc_dtls_export dtls_export; /* export function for session */
#endif