Fix DTLS MTU splitting

We could/would send packets somewhat larger than MTU
author: Jack Lloyd <[email protected]> 2019-05-21 08:17:44 -0400
committer: Jack Lloyd <[email protected]> 2019-05-21 08:17:44 -0400
commit: 03038c33f5d3e4a35bd5da77206c85a2bc369371 (patch)
tree: e8c5053df578002c2fa6d010f13dc75d63f4ff23 /src/bogo_shim
parent: f7525fc6b5dd8ad6e224f012c78e56993cac4ebd (diff)
2 files changed, 11 insertions, 3 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
index 3d3c8a775..6af76d3f1 100644
--- a/src/bogo_shim/bogo_shim.cpp
+++ b/src/bogo_shim/bogo_shim.cpp
@@ -660,7 +660,7 @@ std::unique_ptr<Shim_Arguments> parse_options(char* argv[])
       //"max-send-fragment",
       "max-version",
       "min-version",
-      //"mtu",
+      "mtu",
       "port",
       "read-size",
       "resume-count",
@@ -980,7 +980,10 @@ class Shim_Policy final : public Botan::TLS::Policy
       std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version,
                                              bool have_srp) const override;
 
-      //size_t dtls_default_mtu() const override;
+      size_t dtls_default_mtu() const override
+         {
+         return m_args.get_int_opt_or_else("mtu", 1232);
+         }
 
       //size_t dtls_initial_timeout() const override;
 
diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json
index f69c4b929..bdac49818 100644
--- a/src/bogo_shim/config.json
+++ b/src/bogo_shim/config.json
@@ -51,12 +51,15 @@
         "*FalseStart*": "Botan doesn't do false start",
         "MaxSendFragment*": "Maximum fragment extension not supported",
         "ExportKeyingMaterial-EmptyContext*": "No support for this",
+
         "Peek-*": "No peek API",
+        "*OldCallback*": "OpenSSL/BoringSSL specific",
 
         "CheckLeafCurve": "Botan ignores this",
 
         "OCSPStapling-Server-*": "Server doesn't support OCSP stapling currently",
-        "UnsolicitedCertificateExtensions-TLS*":  "Server doesn't support OCSP stapling currently",
+        "UnsolicitedCertificateExtensions-TLS*": "Server doesn't support OCSP stapling currently",
+        "ServerOCSPCallback": "Server doesn't support OCSP stapling currently",
 
         "CipherNegotiation-2": "No support for cipher equivalence classes",
         "CipherNegotiation-3": "No support for cipher equivalence classes",
@@ -117,6 +120,8 @@
         "VersionNegotiation-Server-TLS1-TLS12-DTLS": "Needs investigation",
         "VersionTooLow-DTLS": "Needs investigation",
 
+        "MTUExceeded": "BoringSSL splits DTLS handshakes differently",
+
         "ClientOCSPCallback-FailNoStaple-*-DTLS*": "Alert problem",
         "MinimumVersion-Client2-TLS12-TLS1-DTLS": "Alert problem",
         "SendBogusAlertType-DTLS": "Alert problem",
author	Jack Lloyd <[email protected]>	2019-05-21 08:17:44 -0400
committer	Jack Lloyd <[email protected]>	2019-05-21 08:17:44 -0400
commit	03038c33f5d3e4a35bd5da77206c85a2bc369371 (patch)
tree	e8c5053df578002c2fa6d010f13dc75d63f4ff23 /src/bogo_shim
parent	f7525fc6b5dd8ad6e224f012c78e56993cac4ebd (diff)