From e17e064ce2c060de738aff86740e1989f2c08d2b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 18 Mar 2020 12:36:11 +1000 Subject: [PATCH] Allow setting of MTU in DTLS --- configure.ac | 11 +++++++++++ src/internal.c | 10 ++++++++-- src/ssl.c | 9 +++++++-- tests/api.c | 42 ++++++++++++++++++++++++++++++++++++++++++ wolfssl/internal.h | 7 +++++-- 5 files changed, 73 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 83b8e89de..f56cfd6b3 100644 --- a/configure.ac +++ b/configure.ac @@ -275,6 +275,17 @@ then AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS" fi +# DTLS change MTU +AC_ARG_ENABLE([dtls-mtu], + [AS_HELP_STRING([--enable-dtls-mtu],[Enable setting the MTU size for wolfSSL DTLS (default: disabled)])], + [ ENABLED_DTLS_MTU=$enableval ], + [ ENABLED_DTLS_MTU=no ] + ) +if test "$ENABLED_DTLS_MTU" = "yes" +then + AM_CFLAGS="-DWOLFSSL_DTLS_MTU $AM_CFLAGS" +fi + # TLS v1.3 Draft 18 AC_ARG_ENABLE([tls13-draft18], diff --git a/src/internal.c b/src/internal.c index a32153e30..5cd6575a2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1740,8 +1740,12 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->devId = INVALID_DEVID; -#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) - ctx->dtlsMtuSz = MAX_RECORD_SIZE; +#if defined(WOLFSSL_DTLS) + #ifdef WOLFSSL_SCTP + ctx->dtlsMtuSz = MAX_RECORD_SIZE; + #elif defined(WOLFSSL_DTLS_MTU) + ctx->dtlsMtuSz = MAX_MTU; + #endif #endif #ifndef NO_CERTS @@ -5649,6 +5653,8 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef WOLFSSL_DTLS #ifdef WOLFSSL_SCTP ssl->options.dtlsSctp = ctx->dtlsSctp; + #endif + #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) ssl->dtlsMtuSz = ctx->dtlsMtuSz; ssl->dtls_expected_rx = ssl->dtlsMtuSz; #else diff --git a/src/ssl.c b/src/ssl.c index 0e75fdbd7..f47759df5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1076,6 +1076,10 @@ int wolfSSL_dtls_set_sctp(WOLFSSL* ssl) return WOLFSSL_SUCCESS; } +#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ + +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word16 newMtu) { @@ -1101,8 +1105,7 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) return WOLFSSL_SUCCESS; } - -#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ +#endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */ #ifdef WOLFSSL_DTLS_DROP_STATS @@ -2023,6 +2026,8 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) ssl->dtls_expected_rx = max(sz + 100, MAX_MTU); #ifdef WOLFSSL_SCTP if (ssl->options.dtlsSctp) +#endif +#if defined(WOLLSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) ssl->dtls_expected_rx = max(ssl->dtls_expected_rx, ssl->dtlsMtuSz); #endif } diff --git a/tests/api.c b/tests/api.c index 47a8843bb..c7e4de5f2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -31296,6 +31296,47 @@ static void test_SetTmpEC_DHE_Sz(void) #endif } +static void test_wolfSSL_dtls_set_mtu(void) +{ +#if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \ + defined(WOLFSSL_DTLS) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + const char* testCertFile; + const char* testKeyFile; + + AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#endif + if (testCertFile != NULL && testKeyFile != NULL) { + AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + WOLFSSL_FILETYPE_PEM)); + AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + WOLFSSL_FILETYPE_PEM)); + } + AssertNotNull(ssl = wolfSSL_new(ctx)); + + AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + printf(testingFmt, "wolfSSL_dtls_set_mtu()"); + printf(resultFmt, passed); +#endif +} + #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ !defined(NO_CERTS) static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) @@ -31598,6 +31639,7 @@ void ApiTest(void) test_wolfSSL_SetTmpDH_buffer(); test_wolfSSL_SetMinMaxDhKey_Sz(); test_SetTmpEC_DHE_Sz(); + test_wolfSSL_dtls_set_mtu(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) test_wolfSSL_read_write(); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 62a881f1c..4e0dc7026 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2684,6 +2684,9 @@ struct WOLFSSL_CTX { #endif #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) byte dtlsSctp; /* DTLS-over-SCTP mode */ +#endif +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) word16 dtlsMtuSz; /* DTLS MTU size */ #endif #ifndef NO_DH @@ -4021,9 +4024,9 @@ struct WOLFSSL { #ifdef WOLFSSL_SESSION_EXPORT wc_dtls_export dtls_export; /* export function for session */ #endif -#ifdef WOLFSSL_SCTP +#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) word16 dtlsMtuSz; -#endif /* WOLFSSL_SCTP */ +#endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */ #ifdef WOLFSSL_MULTICAST void* mcastHwCbCtx; /* Multicast highwater callback ctx */ #endif /* WOLFSSL_MULTICAST */