From 1d7392f219c298b574d491aaa9431df029fc55a6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 23 Sep 2011 13:34:48 +0000 Subject: [PATCH] PR: 2602 Submitted by: Robin Seggelmann Reviewed by: steve Fix DTLS bug which prevents manual MTU setting --- ssl/d1_both.c | 8 +++----- ssl/d1_lib.c | 9 ++++++++- ssl/ssl_lib.c | 3 +++ ssl/ssl_locl.h | 1 + 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 2180c6d4da..68172a9dda 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -158,7 +158,6 @@ static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1 /* XDTLS: figure out the right values */ static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; -static unsigned int dtls1_min_mtu(void); static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len); @@ -264,11 +263,10 @@ int dtls1_do_write(SSL *s, int type) return ret; mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); } - - OPENSSL_assert(mtu > 0); /* should have something reasonable now */ - #endif + OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ + if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); @@ -1367,7 +1365,7 @@ dtls1_write_message_header(SSL *s, unsigned char *p) return p; } -static unsigned int +unsigned int dtls1_min_mtu(void) { return (g_probable_mtu[(sizeof(g_probable_mtu) / diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 48e8b6ffbb..c3b77c889b 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -204,7 +204,8 @@ void dtls1_clear(SSL *s) pqueue buffered_messages; pqueue sent_messages; pqueue buffered_app_data; - + unsigned int mtu; + if (s->d1) { unprocessed_rcds = s->d1->unprocessed_rcds.q; @@ -212,6 +213,7 @@ void dtls1_clear(SSL *s) buffered_messages = s->d1->buffered_messages; sent_messages = s->d1->sent_messages; buffered_app_data = s->d1->buffered_app_data.q; + mtu = s->d1->mtu; dtls1_clear_queues(s); @@ -222,6 +224,11 @@ void dtls1_clear(SSL *s) s->d1->cookie_len = sizeof(s->d1->cookie); } + if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) + { + s->d1->mtu = mtu; + } + s->d1->unprocessed_rcds.q = unprocessed_rcds; s->d1->processed_rcds.q = processed_rcds; s->d1->buffered_messages = buffered_messages; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b75c260725..0b5f234e5c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1075,6 +1075,9 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) s->max_cert_list=larg; return(l); case SSL_CTRL_SET_MTU: + if (larg < dtls1_min_mtu()) + return 0; + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 458f570ad2..e5eec19c49 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -966,6 +966,7 @@ void dtls1_stop_timer(SSL *s); int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); int dtls1_send_newsession_ticket(SSL *s); +unsigned int dtls1_min_mtu(void); /* some client-only functions */ int ssl3_client_hello(SSL *s); -- 2.40.0