Fix DTLS MTU splitting

We could/would send packets somewhat larger than MTU

3 files changed, 16 insertions, 22 deletions

diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
index 3d3c8a775..6af76d3f1 100644
--- a/src/bogo_shim/bogo_shim.cpp
+++ b/src/bogo_shim/bogo_shim.cpp
@@ -660,7 +660,7 @@ std::unique_ptr<Shim_Arguments> parse_options(char* argv[])
       //"max-send-fragment",
       "max-version",
       "min-version",
-      //"mtu",
+      "mtu",
       "port",
       "read-size",
       "resume-count",
@@ -980,7 +980,10 @@ class Shim_Policy final : public Botan::TLS::Policy
       std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version,
                                              bool have_srp) const override;
 
-      //size_t dtls_default_mtu() const override;
+      size_t dtls_default_mtu() const override
+         {
+         return m_args.get_int_opt_or_else("mtu", 1232);
+         }
 
       //size_t dtls_initial_timeout() const override;
 
diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json
index f69c4b929..bdac49818 100644
--- a/src/bogo_shim/config.json
+++ b/src/bogo_shim/config.json
@@ -51,12 +51,15 @@
         "*FalseStart*": "Botan doesn't do false start",
         "MaxSendFragment*": "Maximum fragment extension not supported",
         "ExportKeyingMaterial-EmptyContext*": "No support for this",
+
         "Peek-*": "No peek API",
+        "*OldCallback*": "OpenSSL/BoringSSL specific",
 
         "CheckLeafCurve": "Botan ignores this",
 
         "OCSPStapling-Server-*": "Server doesn't support OCSP stapling currently",
-        "UnsolicitedCertificateExtensions-TLS*":  "Server doesn't support OCSP stapling currently",
+        "UnsolicitedCertificateExtensions-TLS*": "Server doesn't support OCSP stapling currently",
+        "ServerOCSPCallback": "Server doesn't support OCSP stapling currently",
 
         "CipherNegotiation-2": "No support for cipher equivalence classes",
         "CipherNegotiation-3": "No support for cipher equivalence classes",
@@ -117,6 +120,8 @@
         "VersionNegotiation-Server-TLS1-TLS12-DTLS": "Needs investigation",
         "VersionTooLow-DTLS": "Needs investigation",
 
+        "MTUExceeded": "BoringSSL splits DTLS handshakes differently",
+
         "ClientOCSPCallback-FailNoStaple-*-DTLS*": "Alert problem",
         "MinimumVersion-Client2-TLS12-TLS1-DTLS": "Alert problem",
         "SendBogusAlertType-DTLS": "Alert problem",
diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp
index 47a9ad6d2..afab1dd20 100644
--- a/src/lib/tls/tls_handshake_io.cpp
+++ b/src/lib/tls/tls_handshake_io.cpp
@@ -39,18 +39,6 @@ uint64_t steady_clock_ms()
       std::chrono::steady_clock::now().time_since_epoch()).count();
    }
 
-size_t split_for_mtu(size_t mtu, size_t msg_size)
-   {
-   const size_t DTLS_HEADERS_SIZE = 25; // DTLS record+handshake headers
-
-   const size_t parts = (msg_size + mtu) / mtu;
-
-   if(parts + DTLS_HEADERS_SIZE > mtu)
-      return parts + 1;
-
-   return parts;
-   }
-
 }
 
 Protocol_Version Stream_Handshake_IO::initial_record_version() const
@@ -425,17 +413,15 @@ std::vector<uint8_t> Datagram_Handshake_IO::send_message(uint16_t msg_seq,
       }
    else
       {
-      const size_t parts = split_for_mtu(m_mtu, msg_bits.size());
-
-      const size_t parts_size = (msg_bits.size() + parts) / parts;
-
       size_t frag_offset = 0;
 
+      const size_t DTLS_HANDSHAKE_HEADERS = 32;
+      const size_t ciphersuite_overhead = (epoch > 0) ? 32 : 0;
+      const size_t max_rec_size = m_mtu - DTLS_HANDSHAKE_HEADERS - ciphersuite_overhead;
+
       while(frag_offset != msg_bits.size())
          {
-         const size_t frag_len =
-            std::min<size_t>(msg_bits.size() - frag_offset,
-                             parts_size);
+         const size_t frag_len = std::min<size_t>(msg_bits.size() - frag_offset, max_rec_size);
 
          m_send_hs(epoch,
                    HANDSHAKE,