Skip to content

fix DTLS header headroom accounting #9513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dgarske merged 10 commits into from
Dec 24, 2025
Merged

fix DTLS header headroom accounting #9513

dgarske merged 10 commits into from
Dec 24, 2025
+396 −92

Conversation

@rizlik
Copy link
Contributor

@rizlik rizlik commented Dec 10, 2025
edited
Loading

Description

Refactor wolfSSL_GetMaxFragSize() to return just the Max frag size, and use the more explicit wolfSSL_GetMaxPlaintextSize() to get max plaintext in building message.

Simplify lengths calculation and fix over-estimation of DTLS headers headroom.

closes #8939

@rizlik rizlik self-assigned this Dec 10, 2025
@rizlik rizlik requested a review from julek-wolfssl December 10, 2025 19:03
@rizlik rizlik marked this pull request as ready for review December 15, 2025 21:50
@rizlik rizlik changed the title wip: fix DTLS header headroom accounting fix DTLS header headroom accounting Dec 15, 2025
@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Dec 15, 2025

🛟 Devin Lifeguard found 1 likely issues in this PR

  • pointer-null-check snippet snippet snippet: Add if (ssl == NULL) return BAD_FUNC_ARG; (or appropriate error) at the start of wolfSSL_GetRecordSize, wolfSSL_GetMaxPlaintextSize, and wolfSSL_GetMaxFragSize before any dereference of ssl.

@rizlik
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

@rizlik rizlik force-pushed the dtls_header_fix branch 2 times, most recently from e21f3de to ec8d91d Compare December 16, 2025 07:48
julek-wolfssl
julek-wolfssl requested changes Dec 16, 2025
View reviewed changes
@rizlik
Copy link
Contributor Author

rizlik commented Dec 18, 2025

retest this please

@rizlik rizlik requested a review from julek-wolfssl December 22, 2025 13:47
@rizlik rizlik removed their assignment Dec 22, 2025
julek-wolfssl
julek-wolfssl previously approved these changes Dec 23, 2025
View reviewed changes
dgarske
dgarske requested changes Dec 23, 2025
View reviewed changes
dgarske
dgarske requested changes Dec 23, 2025
View reviewed changes
@rizlik rizlik removed their assignment Dec 23, 2025
@dgarske dgarske merged commit 2354ea1 into wolfSSL:master Dec 24, 2025
378 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@julek-wolfssl julek-wolfssl julek-wolfssl left review comments

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DTLS application datagrams are restricted to be 12 bytes smaller than necessary

4 participants

@rizlik @dgarske @julek-wolfssl @wolfSSL-Bot