From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 6 Mar 2012 13:46:52 +0000 (+0000)
Subject: PR: 2755
X-Git-Tag: OpenSSL_1_0_0h~8
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f4f512a853c2cfbb149f7053907b418b1915453f;p=oweals%2Fopenssl.git

PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
---

diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
index ab47abcf14..3c39d1844d 100644
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -146,6 +146,7 @@ extern "C" {
 /* #endif */
 
 #define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
+#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
 #define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
 #define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
 					      * MTU. want to use this
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 71ebe987b6..ad9c372d58 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -547,6 +547,27 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		ret = 0;
 #endif
 		break;
+	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+		switch (data->peer.sa.sa_family)
+			{
+			case AF_INET:
+				ret = 576 - 20 - 8;
+				break;
+#if OPENSSL_USE_IPV6
+			case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+				if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+					ret = 576 - 20 - 8;
+				else
+#endif
+					ret = 1280 - 40 - 8;
+				break;
+#endif
+			default:
+				ret = 576 - 20 - 8;
+				break;
+			}
+		break;
 	case BIO_CTRL_DGRAM_GET_MTU:
 		return data->mtu;
 		break;
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 9f898d6997..2f95880249 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -227,14 +227,14 @@ int dtls1_do_write(SSL *s, int type)
 	unsigned int len, frag_off, mac_size, blocksize;
 
 	/* AHA!  Figure out the MTU, and stick to the right size */
-	if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+	if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
 		{
 		s->d1->mtu = 
 			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
 
 		/* I've seen the kernel return bogus numbers when it doesn't know
 		 * (initial write), so just make sure we have a reasonable number */
-		if ( s->d1->mtu < dtls1_min_mtu())
+		if (s->d1->mtu < dtls1_min_mtu())
 			{
 			s->d1->mtu = 0;
 			s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index c3b77c889b..7603715159 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -414,6 +414,11 @@ int dtls1_handle_timeout(SSL *s)
 		state->timeout.read_timeouts = 1;
 		}
 
+	if (state->timeout_duration > 2)
+		{
+		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
+		}
+
 	dtls1_start_timer(s);
 	return dtls1_retransmit_buffered_messages(s);
 	}