Skip to content

Enhance extra user data value and external cookie length max size #10236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Roy-Carter wants to merge 8 commits into
base: master
Choose a base branch
from
+13 −3
Open

Enhance extra user data value and external cookie length max size #10236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
9365248
Refactor - allow configurating more than 99 , since large platforms w…
Roy-Carter Apr 16, 2026
e64305f
Refactor - when crafting a DTLS packet max external cookie length (fo…
Roy-Carter Apr 16, 2026
5642488
Refactor - Change note to support maximum of 255 (based on RFC) for t…
Roy-Carter Apr 16, 2026
ca01807
Cosmetic - fix documentation
Roy-Carter Apr 16, 2026
3111128
Cosmetic - fixed mispell
Roy-Carter Apr 16, 2026
a8ca71b
Fix: Julek PR notes
Roy-Carter Apr 17, 2026
46de2b3
Fix: move define to be before the define check for TLS & PSK
Roy-Carter Apr 17, 2026
8342738
Fix: PR notes fixes
Roy-Carter Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10376,9 +10376,10 @@ case "$ENABLED_EX_DATA" in
no) ;;
yes) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
;;
[[1-9]]|[[1-9]][[0-9]]) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DMAX_EX_DATA=$ENABLED_EX_DATA"
[[1-9]]|[[1-9]][[0-9]]|[[1-9]][[0-9]][[0-9]]|[[1-9]][[0-9]][[0-9]][[0-9]])
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DMAX_EX_DATA=$ENABLED_EX_DATA"
;;
*) AC_MSG_ERROR([Invalid argument to --enable-context-extra-user-data -- must be yes, no, or a number from 1 to 99])
*) AC_MSG_ERROR([Invalid argument to --enable-context-extra-user-data -- must be yes, no, or a number from 1 to 9999 (note: each index reserves one pointer per object, so large values increase memory use)])
;;
esac

Expand Down
11 changes: 10 additions & 1 deletion wolfssl/internal.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1442,6 +1442,15 @@ enum {
*/
#define AEAD_SM4_CCM_LIMIT w64From32(0, (1 << 10) - 1)

#ifndef WOLFSSL_COOKIE_LEN
/* Maximum size for a DTLS cookie */
#define WOLFSSL_COOKIE_LEN 32
#endif

Comment thread
Roy-Carter marked this conversation as resolved.
#if WOLFSSL_COOKIE_LEN > 255
#error "WOLFSSL_COOKIE_LEN must be <= 255 per RFC 6347 (opaque<0..2^8-1>)"
#endif

#if defined(WOLFSSL_TLS13) || !defined(NO_PSK)

Comment thread
Roy-Carter marked this conversation as resolved.
Comment thread
Roy-Carter marked this conversation as resolved.
#define TLS13_TICKET_NONCE_MAX_SZ 255
Expand Down Expand Up @@ -1569,7 +1578,7 @@ enum Misc {
SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
ID_LEN = 32, /* session id length */
COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
MAX_COOKIE_LEN = 32, /* max dtls cookie size */
MAX_COOKIE_LEN = WOLFSSL_COOKIE_LEN, /* max dtls cookie size */
COOKIE_SZ = 20, /* use a 20 byte cookie */
SUITE_LEN = 2, /* cipher suite sz length */
ENUM_LEN = 1, /* always a byte */
Comment thread
Roy-Carter marked this conversation as resolved.
Expand Down
Loading