DTLS 1.3: check size including headers

2024-08-28 12:58:50 +02:00 · 2024-08-28 12:58:50 +02:00 · b2f59f733a
commit b2f59f733a
parent dcea21a9a5
3 changed files with 21 additions and 11 deletions
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@ -33,6 +33,8 @@ jobs:
          '--enable-dtls --enable-dtls13 --enable-earlydata 
             --enable-session-ticket --enable-psk 
             CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
+          '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
+             --enable-dtls-frag-ch',
        ]
    name: make check
    runs-on: ${{ matrix.os }}
--- a/src/dtls.c
+++ b/src/dtls.c
@ -953,10 +953,15 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
            int tlsxFound;
            ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
                                 &tlsxFound);
-            if (ret != 0)
+            if (ret != 0) {
+                if (isFirstCHFrag) {
+                    WOLFSSL_MSG("\t\tCookie probably missing from first "
+                                "fragment. Dropping.");
+                }
                return ret;
            }
        }
+    }
 #endif

    ret = ClientHelloSanityCheck(&ch, isTls13);
--- a/src/tls13.c
+++ b/src/tls13.c
@ -4455,8 +4455,17 @@ int SendTls13ClientHello(WOLFSSL* ssl)
        if (ret != 0)
            return ret;

+        /* Total message size. */
+        args->sendSz =
+                (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ);
+
+#ifdef WOLFSSL_DTLS13
+        if (ssl->options.dtls)
+            args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
+#endif /* WOLFSSL_DTLS13 */
+
 #ifdef WOLFSSL_DTLS_CH_FRAG
-        if (ssl->options.dtls && args->length > maxFrag &&
+        if (ssl->options.dtls && args->sendSz > maxFrag &&
                TLSX_Find(ssl->extensions, TLSX_COOKIE) == NULL) {
            /* Try again with an empty key share if we would be fragmenting
             * without a cookie */
@ -4467,7 +4476,9 @@ int SendTls13ClientHello(WOLFSSL* ssl)
            ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
            if (ret != 0)
                return ret;
-            if (args->length > maxFrag) {
+            args->sendSz = (int)(args->length +
+                    DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ);
+            if (args->sendSz > maxFrag) {
                WOLFSSL_MSG("Can't fit first CH in one fragment.");
                return BUFFER_ERROR;
            }
@ -4476,14 +4487,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 #endif
    }

-    /* Total message size. */
-    args->sendSz = (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ);
-
-#ifdef WOLFSSL_DTLS13
-    if (ssl->options.dtls)
-        args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
-#endif /* WOLFSSL_DTLS13 */
-
    /* Check buffers are big enough and grow if needed. */
    if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0)
        return ret;