When attempting to send a message with DTLS, if it is too large, return an error rather than splitting it across records. (ZD 10602)

src/internal.c

@@ -17709,9 +17709,11 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 
         len = wolfSSL_GetMaxRecordSize(ssl, sz - sent);
 
-#ifdef WOLFSSL_DTLS
+#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
-        if (IsDtlsNotSctpMode(ssl)) {
+        if (ssl->options.dtls && (len < sz - sent)) {
-            len = min(len, MAX_UDP_SIZE);
+            ssl->error = DTLS_SIZE_ERROR;
+            WOLFSSL_ERROR(ssl->error);
+            return ssl->error;
         }
 #endif
         buffSz = len;
@@ -18439,6 +18441,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case TLS13_SECRET_CB_E:
         return "TLS1.3 Secret Callback Error";
 
+    case DTLS_SIZE_ERROR:
+        return "DTLS trying to send too much in single datagram error";
+
     default :
         return "unknown error number";
     }
@@ -29977,7 +29982,7 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
     }
 #endif /* HAVE_MAX_FRAGMENT */
 #ifdef WOLFSSL_DTLS
-    if ((ssl->options.dtls) && (maxFragment > MAX_UDP_SIZE)) {
+    if (IsDtlsNotSctpMode(ssl) && (maxFragment > MAX_UDP_SIZE)) {
         maxFragment = MAX_UDP_SIZE;
     }
 #endif

wolfssl/error-ssl.h

@@ -167,6 +167,7 @@ enum wolfSSL_ErrorCodes {
     CLIENT_CERT_CB_ERROR         = -436,   /* Client cert callback error */
     SSL_SHUTDOWN_ALREADY_DONE_E  = -437,   /* Shutdown called redundantly */
     TLS13_SECRET_CB_E            = -438,   /* TLS1.3 secret Cb fcn failure */
+    DTLS_SIZE_ERROR              = -439,   /* Trying to send too much data */
 
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */