search

Synss / python-mbedtls

Cryptographic library with an mbed TLS back end
MIT License
79 stars 28 forks source link

Chunking while sending more than 1024B data during handshake #103

Closed sebachm94 closed 5 months ago

sebachm94 commented 6 months ago

NOTE: Please use stackoverflow for support questions. This repository's issues are reserved for feature requests and bug reports.

I am submitting a …

Description

Possibly a bug, needs a bit investigation. Sending messages longer than 1024B during handshake is not chunked.

Current behavior

I've set up my dtls client using python-mbedtls with certificate chain. During the handshake client is sending his certs to server, frame is > 1024B. While sending I'd expect that in below while loop it should send out it in chunks if it doesn't fit into 1024 buffer. But the result is it's sending only one chunk then it goes to WantReadError. image

Expected behavior

Message is sent in chunks.

sebachm94 commented 5 months ago

Hi, sorry for being inpatient. :) Any update here?

Synss commented 5 months ago

I've not forgotten about this issue but I haven't had time to investigate here lately.

Synss commented 5 months ago

1024B is very conservative and I'll increase it to 4096B later.

It seems calling recv() twice there simply doesn't work. I'm possibly running in the case documented in the man page.

If a message is too long to fit in the supplied buffer, excess bytes may be discarded [...] I have to think on how to handle this.

Synss commented 5 months ago

If 4096B is large enough, I can already increase the buffer and release. Would that work for you?

sebachm94 commented 5 months ago

Yes, increasing the buffer to 4096 will solve my problem. I would be really glad for releasing it. :)

Maybe one more thing worth to mention, because it can be related. I'm not sure if 'max_fragmentation_length' works correctly, or my expectation are wrong. By setting that to 512 for example I would expect that all messages will be chunked in max 512B datagrams. I've set it up on the server side which also uses the mbedtls and it's working as expected, messages from server are chunked in 512B datagrams, but it's not working on client side which is using python-mbedtls. It sends whole message anyway in single datagram - but it looks like DTLS messages are fragmented. Here's some screen: image Only change I did in code is increasing the send buffer size from 1024 to bigger. (so what you already proposed) Client settings: MTU = 1024 and MFL = 512.

Maybe worth to investigate.