esp_at: large DTLS handshake messages fail reassembly in passive mode (AT+CIPRECVTYPE=1
)
#77993
Labels
area: Wi-Fi
Wi-Fi
bug
The issue is a bug, or the PR is fixing a bug
priority: low
Low impact/importance bug
Describe the bug
When interacting with a DTLS server using the
esp_at
WiFi driver withCONFIG_WIFI_ESP_AT_PASSIVE_MODE=y
, if the size of a reassembled DTLS handshake message exceeds2048
, mbedtls will frequently fail to complete the handshake because the portion of the UDP datagram which contains the second fragment will frequently be less than that of the DTLS message. This causes mbedtls to discard the record with a message like the following:This occurs because
CIPRECVDATA_MAX_LEN
is hard-coded toESP_MTU
, which is hard-coded to2048
, so if the sum of the fragments exceeds2048
they won't both be able to be read in a single operation by mbedtls.Consider the following sequence of datagrams from the server:
The first datagram containing the
Server Hello
has length80
:The second containing the first fragment of the
Certificate
has length1225
:Because
CIPRECVDATA_MAX_LEN
is2048
, we only have room for743
bytes (2048
-80
-1225
=743
), but the first DTLS message (the second fragment) in the datagram indicates in its header that it alone is849
bytes (836
bytes +13
header bytes):To Reproduce
Connect to a DTLS server that fragments records during the handshake with
CONFIG_WIFI_ESP_AT_PASSIVE_MODE=y
set on client.The following config will assist in observing the behavior via logging:
Expected behavior
Manually increasing the
CIPRECVDATA_MAX_LEN
allows the handshake to complete successfully (I set to4096
), so one option would be to expose it as a user configurable value. Alternatively, higher levels of the stack may be able to handle ensuring that multiple records are identified.Impact
Using the
esp_at
driver in passive mode is not possible in some scenarios with some servers.Logs and console output
Shown above.
Environment (please complete the following information):
2f24831ee13d399ce019c4632b0bcd440a713f7c
The text was updated successfully, but these errors were encountered: