mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 10:15:40 +00:00
Disable dtls fragmentation for ClientHello messages
Set the handshake mtu to unlimited when encountering a ClienHello message and reset it to its previous value after writing the record.
This commit is contained in:
parent
db9ad837c9
commit
7fa9903bd0
|
@ -212,7 +212,10 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
* delivered) of any compliant IPv4 (and IPv6) network, and should work
|
* delivered) of any compliant IPv4 (and IPv6) network, and should work
|
||||||
* on most non-IP stacks too. */
|
* on most non-IP stacks too. */
|
||||||
if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
|
if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
|
||||||
|
{
|
||||||
ssl->handshake->mtu = 508;
|
ssl->handshake->mtu = 508;
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) );
|
||||||
|
}
|
||||||
|
|
||||||
new_timeout = 2 * ssl->handshake->retransmit_timeout;
|
new_timeout = 2 * ssl->handshake->retransmit_timeout;
|
||||||
|
|
||||||
|
@ -2945,6 +2948,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
|
||||||
int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
uint16_t mtu_temp = 0;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
|
||||||
|
|
||||||
if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
|
if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
|
@ -2979,6 +2983,15 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
||||||
ssl_swap_epochs( ssl );
|
ssl_swap_epochs( ssl );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Disable handshake mtu for client hello message to avoid fragmentation.
|
||||||
|
* Setting it back after calling mbedtls_ssl_write_record */
|
||||||
|
if( ssl->out_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO )
|
||||||
|
{
|
||||||
|
mtu_temp = ssl->handshake->mtu;
|
||||||
|
ssl->handshake->mtu = 0;
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "disabling fragmentation of ClientHello message" ) );
|
||||||
|
}
|
||||||
|
|
||||||
ret = ssl_get_remaining_payload_in_datagram( ssl );
|
ret = ssl_get_remaining_payload_in_datagram( ssl );
|
||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -3077,6 +3090,12 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( mtu_temp != 0 )
|
||||||
|
{
|
||||||
|
ssl->handshake->mtu = mtu_temp;
|
||||||
|
mtu_temp = 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
||||||
|
|
Loading…
Reference in a new issue