Speedup DTLS max fragment size calculation for MTU limits

Refactor wolfssl_local_GetRecordSize to compute the record size directly
from cipher specs instead of calling BuildMessage. Add a unit test that
compares the new calculation to BuildMessage's size-only output across
every registered cipher suite and supported (D)TLS version.

Author: julek-wolfssl

src/internal.c

@@ -42252,30 +42252,100 @@ int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev)
  */
 int wolfssl_local_GetRecordSize(WOLFSSL *ssl, int payloadSz, int isEncrypted)
 {
-    int recordSz;
+    int sz;
+    int headerSz;
+    int digestSz;
+    int ivSz;
+#ifdef WOLFSSL_DTLS_CID
+    byte cidSz;
+#endif
+#ifndef WOLFSSL_AEAD_ONLY
+    int blockSz;
+    int pad;
+#endif
 
     if (ssl == NULL)
         return BAD_FUNC_ARG;
 
-    if (isEncrypted) {
-        recordSz = BuildMessage(ssl, NULL, 0, NULL, payloadSz, application_data,
-             0, 1, 0, CUR_ORDER);
-        /* use a safe upper bound in case of error */
-        if (recordSz < 0) {
-            recordSz = payloadSz + RECORD_HEADER_SZ
-                + cipherExtraData(ssl) + COMP_EXTRA;
-            if (ssl->options.dtls) {
-                recordSz += DTLS_RECORD_EXTRA;
-            }
-        }
+    if (!isEncrypted) {
+        sz = payloadSz + RECORD_HEADER_SZ;
+        if (ssl->options.dtls)
+            sz += DTLS_RECORD_EXTRA;
+        return sz;
     }
-    else {
-        recordSz = payloadSz + RECORD_HEADER_SZ;
-        if (ssl->options.dtls) {
-            recordSz += DTLS_RECORD_EXTRA;
+
+#ifdef WOLFSSL_TLS13
+    if (ssl->options.tls1_3) {
+    #ifdef WOLFSSL_DTLS13
+        if (ssl->options.dtls)
+            headerSz = Dtls13GetRlHeaderLength(ssl, 1);
+        else
+    #endif
+            headerSz = RECORD_HEADER_SZ;
+        sz = payloadSz + headerSz + 1 /* inner type */
+                + ssl->specs.aead_mac_size;
+    #ifdef WOLFSSL_DTLS13
+        if (ssl->options.dtls && sz < Dtls13MinimumRecordLength(ssl))
+            sz = Dtls13MinimumRecordLength(ssl);
+    #endif
+        return sz;
+    }
+#endif
+
+    /* TLS 1.2 / TLS 1.1 / DTLS 1.2 path. Mirror BuildMessage's size
+     * calculation so the result matches exactly. */
+    headerSz = RECORD_HEADER_SZ;
+    sz = payloadSz + RECORD_HEADER_SZ;
+
+    if (ssl->options.dtls) {
+        sz       += DTLS_RECORD_EXTRA;
+        headerSz += DTLS_RECORD_EXTRA;
+    #ifdef WOLFSSL_DTLS_CID
+        cidSz = DtlsGetCidTxSize(ssl);
+        if (cidSz > 0) {
+            sz       += cidSz;
+            headerSz += cidSz;
+            sz++; /* real_type byte appended */
         }
+    #endif
+    }
+
+    digestSz = (int)ssl->specs.hash_size;
+#ifdef HAVE_TRUNCATED_HMAC
+    if (ssl->truncated_hmac)
+        digestSz = min(TRUNCATED_HMAC_SZ, digestSz);
+#endif
+    sz += digestSz;
+
+#ifndef WOLFSSL_AEAD_ONLY
+    if (ssl->specs.cipher_type == block) {
+        blockSz = (int)ssl->specs.block_size;
+
+        if (ssl->options.tls1_1)
+            sz += blockSz; /* explicit IV */
+        sz += 1; /* pad-length byte */
+
+    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+        if (ssl->options.startedETMWrite)
+            pad = blockSz != 0 ?
+                (sz - headerSz - digestSz) % blockSz : 0;
+        else
+    #endif
+            pad = blockSz != 0 ? (sz - headerSz) % blockSz : 0;
+        if (pad != 0)
+            pad = blockSz - pad;
+        sz += pad;
     }
-    return recordSz;
+    else
+#endif /* WOLFSSL_AEAD_ONLY */
+    if (ssl->specs.cipher_type == aead) {
+        ivSz = 0;
+        if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
+            ivSz = AESGCM_EXP_IV_SZ;
+        sz += ivSz + (int)ssl->specs.aead_mac_size - digestSz;
+    }
+
+    return sz;
 }
 #endif
 

tests/api/test_tls.c

@@ -1121,3 +1121,178 @@ int test_tls12_peerauth_failsafe(void)
 #endif
     return EXPECT_RESULT();
 }
+
+/* Verify that wolfssl_local_GetRecordSize agrees exactly with
+ * BuildMessage's size-only output. Iterates every cipher suite registered
+ * in internal.c via GetCipherNames(), tries each against every supported
+ * (D)TLS protocol version (with and without DTLS connection ID where
+ * applicable), and on successful handshake compares the two
+ * record-size calculations across a range of payload sizes. Logs each
+ * skipped combination so coverage gaps are visible. Handshake failures
+ * outside the explicit allow-list fail the test instead of being
+ * silently skipped. */
+int test_record_size_matches_build_message(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
+    const int sizes[] = {
+        1, 8, 15, 16, 17, 31, 32, 33, 64, 100, 256, 1000, 4096, 16000
+    };
+    struct {
+        method_provider client;
+        method_provider server;
+        int use_cid;
+        int is_tls13;
+        const char* label;
+    } versions[] = {
+#ifndef WOLFSSL_NO_TLS12
+        { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, 0, 0,
+          "TLSv1.2" },
+#ifdef WOLFSSL_DTLS
+        { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, 0, 0,
+          "DTLSv1.2" },
+#ifdef WOLFSSL_DTLS_CID
+        { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, 1, 0,
+          "DTLSv1.2+CID" },
+#endif
+#endif
+#endif
+#ifdef WOLFSSL_TLS13
+        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0, 1,
+          "TLSv1.3" },
+#ifdef WOLFSSL_DTLS13
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 0, 1,
+          "DTLSv1.3" },
+#ifdef WOLFSSL_DTLS_CID
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1, 1,
+          "DTLSv1.3+CID" },
+#endif
+#endif
+#endif
+    };
+    const CipherSuiteInfo* allCiphers = GetCipherNames();
+    int numCiphers = GetCipherNamesSize();
+    int tested = 0;
+    size_t v, j;
+    int i;
+
+    fprintf(stderr, "\n");
+    for (v = 0; v < XELEM_CNT(versions) && EXPECT_SUCCESS(); v++) {
+        for (i = 0; i < numCiphers && EXPECT_SUCCESS(); i++) {
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            struct test_memio_ctx test_ctx;
+            const char* name = allCiphers[i].name;
+            int isTls13Cipher = (XSTRSTR(name, "TLS13-") != NULL);
+            int handshakeRet;
+
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                    &ssl_s, versions[v].client, versions[v].server), 0);
+
+            /* Skip ciphers that aren't valid for this version/build. */
+            if (wolfSSL_set_cipher_list(ssl_c, name) != 1 ||
+                    wolfSSL_set_cipher_list(ssl_s, name) != 1) {
+                fprintf(stderr,
+                        "  [SKIP %-12s %-40s] cipher not selectable\n",
+                        versions[v].label, name);
+                goto next_iter;
+            }
+
+#ifdef WOLFSSL_DTLS_CID
+            if (versions[v].use_cid) {
+                unsigned char cid_c[] = { 0, 1, 2, 3 };
+                unsigned char cid_s[] = { 4, 5, 6, 7, 8, 9 };
+                ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
+                ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
+                ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, cid_s,
+                        (int)sizeof(cid_s)), 1);
+                ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, cid_c,
+                        (int)sizeof(cid_c)), 1);
+            }
+#endif
+
+            handshakeRet = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
+            if (handshakeRet != 0) {
+                /* Allow-list of ciphers that legitimately can't negotiate
+                 * with the default test_memio configuration. Anything else
+                 * is a real failure. */
+                int expected = 0;
+                const char* reason = NULL;
+
+                if (isTls13Cipher != versions[v].is_tls13) {
+                    expected = 1;
+                    reason = "version mismatch";
+                }
+                else if (XSTRSTR(name, "ECDSA") != NULL) {
+                    expected = 1;
+                    reason = "no ECDSA cert";
+                }
+                else if (XSTRSTR(name, "ECDH-") != NULL) {
+                    expected = 1;
+                    reason = "no static ECDH cert";
+                }
+                else if (XSTRSTR(name, "PSK") != NULL) {
+                    expected = 1;
+                    reason = "no PSK callback";
+                }
+                else if (XSTRSTR(name, "ANON") != NULL ||
+                         XSTRSTR(name, "anon") != NULL) {
+                    expected = 1;
+                    reason = "anon not enabled";
+                }
+                else if (XSTRSTR(name, "SRP") != NULL) {
+                    expected = 1;
+                    reason = "no SRP setup";
+                }
+
+                if (!expected) {
+                    fprintf(stderr,
+                            "  [FAIL %-12s %-40s] unexpected handshake "
+                            "failure (%d)\n",
+                            versions[v].label, name, handshakeRet);
+                }
+                else {
+                    fprintf(stderr,
+                            "  [SKIP %-12s %-40s] %s\n",
+                            versions[v].label, name, reason);
+                }
+                ExpectIntEQ(expected, 1);
+                goto next_iter;
+            }
+
+            for (j = 0; j < XELEM_CNT(sizes) && EXPECT_SUCCESS(); j++) {
+                int payload = sizes[j];
+                int recordSz, buildSz;
+
+                recordSz = wolfssl_local_GetRecordSize(ssl_c, payload, 1);
+                buildSz = BuildMessage(ssl_c, NULL, 0, NULL, payload,
+                        application_data, 0, 1, 0, CUR_ORDER);
+
+                ExpectIntGE(recordSz, 0);
+                ExpectIntGE(buildSz, 0);
+                ExpectIntEQ(recordSz, buildSz);
+                if (recordSz != buildSz) {
+                    fprintf(stderr,
+                            "  [MISMATCH %-12s %-40s payload=%d]"
+                            " recordSz=%d buildSz=%d\n",
+                            versions[v].label, name, payload,
+                            recordSz, buildSz);
+                }
+            }
+            tested++;
+
+next_iter:
+            wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c);
+            wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_s);
+        }
+    }
+
+    /* Sanity: at least one cipher/version combination must have been
+     * exercised per supported version, otherwise the test is silently a
+     * no-op. */
+    ExpectIntGE(tested, (int)XELEM_CNT(versions));
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_tls.h

@@ -35,6 +35,7 @@ int test_tls12_etm_failed_resumption(void);
 int test_tls_set_curves_list_ecc_fallback(void);
 int test_tls12_corrupted_finished(void);
 int test_tls12_peerauth_failsafe(void);
+int test_record_size_matches_build_message(void);
 
 #define TEST_TLS_DECLS                                                         \
         TEST_DECL_GROUP("tls", test_utils_memio_move_message),                 \
@@ -49,6 +50,7 @@ int test_tls12_peerauth_failsafe(void);
         TEST_DECL_GROUP("tls", test_tls12_etm_failed_resumption),              \
         TEST_DECL_GROUP("tls", test_tls_set_curves_list_ecc_fallback),         \
         TEST_DECL_GROUP("tls", test_tls12_corrupted_finished),                 \
-        TEST_DECL_GROUP("tls", test_tls12_peerauth_failsafe)
+        TEST_DECL_GROUP("tls", test_tls12_peerauth_failsafe),                  \
+        TEST_DECL_GROUP("tls", test_record_size_matches_build_message)
 
 #endif /* TESTS_API_TEST_TLS_H */

wolfssl/internal.h

@@ -6815,7 +6815,7 @@ WOLFSSL_LOCAL int VerifyClientSuite(word16 havePSK, byte cipherSuite0,
                                     byte cipherSuite);
 
 WOLFSSL_LOCAL int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length);
-WOLFSSL_LOCAL int wolfssl_local_GetRecordSize(WOLFSSL *ssl, int payloadSz,
+WOLFSSL_TEST_VIS int wolfssl_local_GetRecordSize(WOLFSSL *ssl, int payloadSz,
         int isEncrypted);
 WOLFSSL_LOCAL int wolfssl_local_GetMaxPlaintextSize(WOLFSSL *ssl);
 WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl);
@@ -7106,8 +7106,8 @@ typedef struct CipherSuiteInfo {
     byte flags;
 } CipherSuiteInfo;
 
-WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
-WOLFSSL_LOCAL int GetCipherNamesSize(void);
+WOLFSSL_TEST_VIS const CipherSuiteInfo* GetCipherNames(void);
+WOLFSSL_TEST_VIS int GetCipherNamesSize(void);
 WOLFSSL_LOCAL const char* GetCipherNameInternal(byte cipherSuite0, byte cipherSuite);
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
 /* used in wolfSSL_sk_CIPHER_description */
@@ -7187,7 +7187,7 @@ WOLFSSL_LOCAL int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
 #ifndef WOLFSSL_NO_TLS12
 WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args);
 #endif
-WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
+WOLFSSL_TEST_VIS int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
                         const byte* input, int inSz, int type, int hashOutput,
                         int sizeOnly, int asyncOkay, int epochOrder);