Warmcat homepage andy@warmcat.com
libwebsockets
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1756237044, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"454a0637faa02fc980cd23658becc824", "commit": {"type":"commit", "time": 1417598652, "time_ofs": 0, "oid_tree": { "oid": "ee04fd7cf4ff6376a54e4412b97e3932304ce9f4", "alias": []}, "oid":{ "oid": "59669b6abf620d1ed2ef4d1e2df25c998b89b64d", "alias": []}, "msg": "Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use ", "sig_commit": { "git_time": { "time": 1417598652, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1417478285, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP)\nand instead use the value provided by the underlying BIO. Also provide some\nnew DTLS_CTRLs so that the library user can set the mtu without needing to\nknow this constant. These new DTLS_CTRLs provide the capability to set the\nlink level mtu to be used (i.e. including this IP/UDP overhead). The previous\nDTLS_CTRLs required the library user to subtract this overhead first.\n\nReviewed-by: Tim Hudson \u003ctjh@openssl.org\u003e\n" , "diff": "diff --git a/ssl/d1_both.c b/ssl/d1_both.c\nindex 9a981e8..bea975b 100644\n--- a/ssl/d1_both.c\n+++ b/ssl/d1_both.c\n@@ -156,9 +156,9 @@ static unsigned char bitmask_start_values[] \u003d {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe\n static unsigned char bitmask_end_values[] \u003d {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};\n \n /* XDTLS: figure out the right values */\n-static const unsigned int g_probable_mtu[] \u003d {1500 - 28, 512 - 28, 256 - 28};\n+static const unsigned int g_probable_mtu[] \u003d {1500, 512, 256};\n \n-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);\n+static void dtls1_guess_mtu(SSL *s);\n static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, \n \tunsigned long frag_len);\n static unsigned char *dtls1_write_message_header(SSL *s,\n@@ -226,18 +226,24 @@ void dtls1_hm_fragment_free(hm_fragment *frag)\n \n static void dtls1_query_mtu(SSL *s)\n {\n+\tif(s-\u003ed1-\u003elink_mtu)\n+\t\t{\n+\t\ts-\u003ed1-\u003emtu \u003d s-\u003ed1-\u003elink_mtu-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));\n+\t\ts-\u003ed1-\u003elink_mtu \u003d 0;\n+\t\t}\n+\n \t/* AHA! Figure out the MTU, and stick to the right size */\n-\tif (s-\u003ed1-\u003emtu \u003c dtls1_min_mtu() \u0026\u0026 !(SSL_get_options(s) \u0026 SSL_OP_NO_QUERY_MTU))\n+\tif (s-\u003ed1-\u003emtu \u003c dtls1_min_mtu(s) \u0026\u0026 !(SSL_get_options(s) \u0026 SSL_OP_NO_QUERY_MTU))\n \t\t{\n \t\ts-\u003ed1-\u003emtu \u003d \n \t\t\tBIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);\n \n \t\t/* I've seen the kernel return bogus numbers when it doesn't know\n \t\t * (initial write), so just make sure we have a reasonable number */\n-\t\tif (s-\u003ed1-\u003emtu \u003c dtls1_min_mtu())\n+\t\tif (s-\u003ed1-\u003emtu \u003c dtls1_min_mtu(s))\n \t\t\t{\n \t\t\ts-\u003ed1-\u003emtu \u003d 0;\n-\t\t\ts-\u003ed1-\u003emtu \u003d dtls1_guess_mtu(s-\u003ed1-\u003emtu);\n+\t\t\tdtls1_guess_mtu(s);\n \t\t\tBIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, \n \t\t\t\ts-\u003ed1-\u003emtu, NULL);\n \t\t\t}\n@@ -275,7 +281,7 @@ int dtls1_do_write(SSL *s, int type)\n \t\t}\n #endif\n \n-\tOPENSSL_assert(s-\u003ed1-\u003emtu \u003e\u003d dtls1_min_mtu()); /* should have something reasonable now */\n+\tOPENSSL_assert(s-\u003ed1-\u003emtu \u003e\u003d dtls1_min_mtu(s)); /* should have something reasonable now */\n \n \tif ( s-\u003einit_off \u003d\u003d 0 \u0026\u0026 type \u003d\u003d SSL3_RT_HANDSHAKE)\n \t\tOPENSSL_assert(s-\u003einit_num \u003d\u003d \n@@ -1299,26 +1305,40 @@ dtls1_write_message_header(SSL *s, unsigned char *p)\n \treturn p;\n \t}\n \n-unsigned int \n-dtls1_min_mtu(void)\n+unsigned int\n+dtls1_link_min_mtu(void)\n \t{\n \treturn (g_probable_mtu[(sizeof(g_probable_mtu) / \n \t\tsizeof(g_probable_mtu[0])) - 1]);\n \t}\n \n-static unsigned int \n-dtls1_guess_mtu(unsigned int curr_mtu)\n+unsigned int\n+dtls1_min_mtu(SSL *s)\n \t{\n-\tunsigned int i;\n+\treturn dtls1_link_min_mtu()-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));\n+\t}\n \n-\tif ( curr_mtu \u003d\u003d 0 )\n-\t\treturn g_probable_mtu[0] ;\n+static void \n+dtls1_guess_mtu(SSL *s)\n+\t{\n+\tunsigned int curr_mtu;\n+\tunsigned int i;\n+\tunsigned int mtu_ovr;\n \n-\tfor ( i \u003d 0; i \u003c sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)\n-\t\tif ( curr_mtu \u003e g_probable_mtu[i])\n-\t\t\treturn g_probable_mtu[i];\n+\tcurr_mtu \u003d s-\u003ed1-\u003emtu;\n+\tmtu_ovr \u003d BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));\n \n-\treturn curr_mtu;\n+\tif ( curr_mtu \u003d\u003d 0 )\n+\t\t{\n+\t\tcurr_mtu \u003d g_probable_mtu[0] - mtu_ovr;\n+\t\t}\n+\telse\n+\t\t{\n+\t\tfor ( i \u003d 0; i \u003c sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)\n+\t\t\tif ( curr_mtu \u003e g_probable_mtu[i] - mtu_ovr)\n+\t\t\t\treturn g_probable_mtu[i] - mtu_ovr;\n+\t\t}\n+\ts-\u003ed1-\u003emtu \u003d curr_mtu;\n \t}\n \n void\ndiff --git a/ssl/d1_lib.c b/ssl/d1_lib.c\nindex 09268b8..5b3de08 100644\n--- a/ssl/d1_lib.c\n+++ b/ssl/d1_lib.c\n@@ -139,6 +139,9 @@ int dtls1_new(SSL *s)\n \t\td1-\u003ecookie_len \u003d sizeof(s-\u003ed1-\u003ecookie);\n \t\t}\n \n+\td1-\u003elink_mtu \u003d 0;\n+\td1-\u003emtu \u003d 0;\n+\n \tif( ! d1-\u003eunprocessed_rcds.q || ! d1-\u003eprocessed_rcds.q \n || ! d1-\u003ebuffered_messages || ! d1-\u003esent_messages || ! d1-\u003ebuffered_app_data.q)\n \t\t{\n@@ -234,6 +237,7 @@ void dtls1_clear(SSL *s)\n \tpqueue sent_messages;\n \tpqueue buffered_app_data;\n \tunsigned int mtu;\n+\tunsigned int link_mtu;\n \n \tif (s-\u003ed1)\n \t\t{\n@@ -243,6 +247,7 @@ void dtls1_clear(SSL *s)\n \t\tsent_messages \u003d s-\u003ed1-\u003esent_messages;\n \t\tbuffered_app_data \u003d s-\u003ed1-\u003ebuffered_app_data.q;\n \t\tmtu \u003d s-\u003ed1-\u003emtu;\n+\t\tlink_mtu \u003d s-\u003ed1-\u003elink_mtu;\n \n \t\tdtls1_clear_queues(s);\n \n@@ -256,6 +261,7 @@ void dtls1_clear(SSL *s)\n \t\tif (SSL_get_options(s) \u0026 SSL_OP_NO_QUERY_MTU)\n \t\t\t{\n \t\t\ts-\u003ed1-\u003emtu \u003d mtu;\n+\t\t\ts-\u003ed1-\u003elink_mtu \u003d link_mtu;\n \t\t\t}\n \n \t\ts-\u003ed1-\u003eunprocessed_rcds.q \u003d unprocessed_rcds;\n@@ -312,6 +318,25 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)\n \t\t\t}\n \t\treturn 0; /* Unexpected state; fail closed. */\n \n+\t\t/* Just one protocol version is supported so far;\n+\t\t * fail closed if the version is not as expected. */\n+\t\treturn s-\u003eversion \u003d\u003d DTLS_MAX_VERSION;\n+\tcase DTLS_CTRL_SET_LINK_MTU:\n+\t\tif (larg \u003c (long)dtls1_link_min_mtu())\n+\t\t\treturn 0;\n+\t\ts-\u003ed1-\u003elink_mtu \u003d larg;\n+\t\treturn 1;\n+\tcase DTLS_CTRL_GET_LINK_MIN_MTU:\n+\t\treturn (long)dtls1_link_min_mtu();\n+\tcase SSL_CTRL_SET_MTU:\n+\t\t/*\n+\t\t * We may not have a BIO set yet so can't call dtls1_min_mtu()\n+\t\t * We'll have to make do with dtls1_link_min_mtu() and max overhead\n+\t\t */\n+\t\tif (larg \u003c (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)\n+\t\t\treturn 0;\n+\t\ts-\u003ed1-\u003emtu \u003d larg;\n+\t\treturn larg;\n \tdefault:\n \t\tret \u003d ssl3_ctrl(s, cmd, larg, parg);\n \t\tbreak;\ndiff --git a/ssl/dtls1.h b/ssl/dtls1.h\nindex af86f60..96f7334 100644\n--- a/ssl/dtls1.h\n+++ b/ssl/dtls1.h\n@@ -121,6 +121,9 @@ extern \u0022C\u0022 {\n #define DTLS1_SCTP_AUTH_LABEL\t\u0022EXPORTER_DTLS_OVER_SCTP\u0022\n #endif\n \n+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */\n+#define DTLS1_MAX_MTU_OVERHEAD 48\n+\n typedef struct dtls1_bitmap_st\n \t{\n \tunsigned long map;\t\t/* track 32 packets on 32-bit systems\n@@ -235,6 +238,7 @@ typedef struct dtls1_state_st\n \t/* Is set when listening for new connections with dtls1_listen() */\n \tunsigned int listen;\n \n+\tunsigned int link_mtu; /* max on-the-wire DTLS packet size */\n \tunsigned int mtu; /* max DTLS packet size */\n \n \tstruct hm_header_st w_msg_hdr;\ndiff --git a/ssl/ssl.h b/ssl/ssl.h\nindex bc4cd0d..104e4f1 100644\n--- a/ssl/ssl.h\n+++ b/ssl/ssl.h\n@@ -787,6 +787,10 @@ struct ssl_session_st\n SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)\n #define SSL_set_mtu(ssl, mtu) \u005c\n SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)\n+#define DTLS_set_link_mtu(ssl, mtu) \u005c\n+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)\n+#define DTLS_get_link_min_mtu(ssl) \u005c\n+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)\n \n #define SSL_get_secure_renegotiation_support(ssl) \u005c\n \tSSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)\n@@ -1844,6 +1848,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)\n \n #define SSL_CTRL_SET_DH_AUTO\t\t\t118\n #define SSL_CTRL_CHECK_PROTO_VERSION\t\t119\n+#define DTLS_CTRL_SET_LINK_MTU\t\t\t120\n+#define DTLS_CTRL_GET_LINK_MIN_MTU\t\t121\n \n \n #define SSL_CERT_SET_FIRST\t\t\t1\ndiff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c\nindex 43204de..f45b6dd 100644\n--- a/ssl/ssl_lib.c\n+++ b/ssl/ssl_lib.c\n@@ -1129,18 +1129,6 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)\n \t\tl\u003ds-\u003emax_cert_list;\n \t\ts-\u003emax_cert_list\u003dlarg;\n \t\treturn(l);\n-\tcase SSL_CTRL_SET_MTU:\n-#ifndef OPENSSL_NO_DTLS1\n-\t\tif (larg \u003c (long)dtls1_min_mtu())\n-\t\t\treturn 0;\n-#endif\n-\n-\t\tif (SSL_IS_DTLS(s))\n-\t\t\t{\n-\t\t\ts-\u003ed1-\u003emtu \u003d larg;\n-\t\t\treturn larg;\n-\t\t\t}\n-\t\treturn 0;\n \tcase SSL_CTRL_SET_MAX_SEND_FRAGMENT:\n \t\tif (larg \u003c 512 || larg \u003e SSL3_RT_MAX_PLAIN_LENGTH)\n \t\t\treturn 0;\ndiff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h\nindex 60f8107..ffbf75b 100644\n--- a/ssl/ssl_locl.h\n+++ b/ssl/ssl_locl.h\n@@ -1218,7 +1218,8 @@ void dtls1_stop_timer(SSL *s);\n int dtls1_is_timer_expired(SSL *s);\n void dtls1_double_timeout(SSL *s);\n int dtls1_send_newsession_ticket(SSL *s);\n-unsigned int dtls1_min_mtu(void);\n+unsigned int dtls1_min_mtu(SSL *s);\n+unsigned int dtls1_link_min_mtu(void);\n void dtls1_hm_fragment_free(hm_fragment *frag);\n \n /* some client-only functions */\n","s":{"c":1756156685,"u": 10637}} ],"g": 2051,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "7d0a"}