mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 00:40:49 +02:00
0963541f3b
The handshake-message defragmentation buffer (pendingMsg/pendingMsgSz/ pendingMsgOffset/pendingMsgType) lived inside ssl->arrays, which FreeHandshakeResources() releases once the handshake completes. For a TLS 1.3 client the arrays are released whenever they are not being retained for later use, e.g. when the library is built without HAVE_SESSION_TICKET. DoTls13HandShakeMsg() then took an "arrays == NULL" early path that handed the record straight to DoTls13HandShakeMsgType() without any reassembly. A post-handshake handshake message split across several records -- such as a NewSessionTicket once a small max_fragment_length has been negotiated -- was therefore rejected with INCOMPLETE_DATA (-310) and the peer was reset. Fragmentation during the handshake was unaffected because the arrays still existed at that point. Move the defragmentation buffer fields out of Arrays and into the WOLFSSL object so they survive FreeArrays(), and drop the now-unnecessary arrays == NULL special case in DoTls13HandShakeMsg() so that post-handshake messages are reassembled exactly like handshake messages. The buffer is freed in wolfSSL_ResourceFree(). DoHandShakeMsg() (TLS 1.2) is updated to use the relocated fields as well. Add a regression test, test_tls13_fragmented_session_ticket, that releases the client's handshake arrays after the handshake and injects a NewSessionTicket fragmented across two records, confirming it is reassembled and consumed instead of failing with INCOMPLETE_DATA.
Before creating any new configure files (.conf) read the CONF_FILES_README.md