Don't attempt to send fragments > max_send_fragment in DTLS

We were allocating the write buffer based on the size of max_send_fragment, but ignoring it when writing data. We should fragment handshake messages if they exceed max_send_fragment and reject application data writes that are too large. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3287)
author: Matt Caswell <matt@openssl.org> 2017-04-21 14:00:20 +0100
committer: Matt Caswell <matt@openssl.org> 2017-04-25 14:04:13 +0100
commit: 22ae579bea93c0a426bacb764783e0e2cf35c14c (patch)
tree: fec2421f22df1a13903f5384219f911287aa8cb6 /ssl/ssl_err.c
parent: c9a6b9f7ed482025d684ef3a04505004f85a97a1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 73e0ae15c1..be4c0c00c1 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -415,6 +415,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "error in received cipher list"},
     {ERR_REASON(SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
      "error setting tlsa base domain"},
+    {ERR_REASON(SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE),
+     "exceeds max fragment size"},
     {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
     {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
     {ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"},
author	Matt Caswell <matt@openssl.org>	2017-04-21 14:00:20 +0100
committer	Matt Caswell <matt@openssl.org>	2017-04-25 14:04:13 +0100
commit	22ae579bea93c0a426bacb764783e0e2cf35c14c (patch)
tree	fec2421f22df1a13903f5384219f911287aa8cb6 /ssl/ssl_err.c
parent	c9a6b9f7ed482025d684ef3a04505004f85a97a1 (diff)