1

(1 replies, posted in wolfSSL)

In DTLS mode, the variable inSz gets set to MAX_MTU in GetInputData(). Then enters a do/while loop.  If size > MAX_MTU then multiple reads are required to read the message. In the loop, inSz is decremented to zero after the first read.  This will cause the Receive() call to fail.


do
{
  in = Receive(ssl, ,, inSz)

  ssl->buffers.inputBuffer.length += in;
        inSz -= in;                                                 <----  inSz = 0, after first read

} while (ssl->buffers.inputBuffer.length < size);


Recommend adding this code before before end of loop

        #ifdef CYASSL_DTLS
            if (ssl->options.dtls &&  (ssl->buffers.inputBuffer.length < size))
            {
                inSz = MIN(size-ssl->buffers.inputBuffer.length, MAX_MTU); 
            }
        #endif

2

(1 replies, posted in wolfSSL)

I would like to use DTLS on an embedded embedded platform over an unreliable link. My platform has a small comm buffer (500 bytes). If I reduce the MTU size, it seems the SendCertificate() function will grow the output buffer and send the data.  I don't see where the segmentation/reassembly is being performed when the msg is fragmented. In fact it seems like the msg grows and is sent violating the MAX_MTU size. Is segmentation/reassembly expected to be implemented in the CBIORecv/CBIOSend routines for embedded systems?

Thanks.