[openssl-users] DTLS fragmentation and mem BIO

Lorenzo Miniero lminiero at gmail.com
Fri Jun 5 11:16:03 UTC 2015 

2015-06-05 12:34 GMT+02:00 Alfred E. Heggestad <aeh at db.org>:

>
>
> On 05/06/15 11:20, Lorenzo Miniero wrote:
>
>> 2015-06-05 10:31 GMT+02:00 Matt Caswell <matt at openssl.org <mailto:
>> matt at openssl.org>>:
>>
>>
>>
>>
>>     On 05/06/15 08:09, Lorenzo Miniero wrote:
>>      > Hi all,
>>      >
>>      > first of all, apologies if this has been asked before. I've
>> searched
>>      > archives pretty much everywhere, and only came to partial
>> indications as
>>      > to how this should be dealt with.
>>      >
>>      > The problem I'm facing deals with using DTLS with mem BIOs, as I
>> have to
>>      > take care of transport myself. Specifically, I've implemented a
>> WebRTC
>>      > gateway called Janus, which means all the connectivity related
>> stuff is
>>      > delegated to another library (libnice in this case). This mostly
>> works
>>      > great (kudos to you guys!), but I have problems as soon as packets
>>      > exceed the MTU, which can easily happen whenever, for instance,
>> you try
>>      > to handshake with certificates larger than 1024 bits. I read
>> around that
>>      > the DTLS stack in OpenSSL automatically deals with this, and in
>> fact
>>      > this seems to be happening: what isn't working is the BIO mem part
>> of this.
>>      >
>>      > More specifically, OpenSSL does indeed take care of fragmenting the
>>      > packets according to what is assumed to be the MTU (1472 by
>> default, or
>>      > the value as set in s->d1->mtu). The problem is that the mem BIO
>> ignores
>>      > that fragmentation info completely, and so, when you do an
>> BIO_read,
>>      > makes available at the application the whole packet anyway. This
>> results
>>      > in the whole buffer being passed to nice_agent_send (the method
>> libnice
>>      > exposes to send packets), which means it's just as not fragmenting
>>      > anything: the packet is too large and the network drops it. You can
>>      > verify this by using, e.g., a 4096 bits certificate, and capture
>> the
>>      > DTLS traffic with Wireshark: you'll see that the message is
>> recognized
>>      > as composed of not only multiple messages, but also fragments.
>>      >
>>      > Is there any way I can force the BIO to return the invididual
>>      > fragments/messages when I do a BIO_read, so that I can send
>> properly
>>      > sized packets? I've tried looking around but found no insight on
>> how to
>>      > do that. The only approach that came to my mind was to manually
>> inspect
>>      > the buffer that is returned, and split messages/fragments myself,
>> but
>>      > I'd rather avoid delving within the specifics of the protocol if
>> possible.
>>      >
>>      > Thanks in advance for any help you may provide me with!
>>
>>     Hmmmm. An interesting problem.
>>
>>     The issue is that a mem BIO has no knowledge of datagram semantics
>>     (perhaps we need to add something for OpenSSL 1.1.0).
>>
>>     In a dgram BIO each BIO_write translates to a single datagram being
>>     produced. In a mem BIO you just have a big bucket of memory, and every
>>     time you get a BIO_write you just add the data onto the end of
>>     everything that we've go so far, and so the packet boundaries are not
>>     respected.
>>
>>     How about you create a custom filter BIO? All it would need to do is
>>     proxy all calls down to the underlying mem BIO. Along the way though
>> it
>>     could take note of where the packet boundaries are, so when you call
>>     BIO_read it only gives it to you a datagram at a time.
>>
>>     Matt
>>
>>
>>
>> Thanks for the very quick answer!
>>
>> Your suggestion does indeed make much more sense that manually inspecting
>> the buffer as I thought of, as you don't need to know anything about the
>> protocol but
>> only to be ready to index the packets you see passing by. I never tried
>> writing a BIO filter but there's a first time for everything :-)
>>
>> Just one quick question about this: are messages/packets passed to the
>> BIO actually splitted, and then just queued by the mem BIO in the buffer,
>> or can there be
>> cases where a larger than normal buffer is passed to the BIO anyway,
>> meaning a manual splitting could be needed nevertheless from time to time?
>>
>>
>
> hey,
>
>
> I just want to point out that we have been using OpenSSL in the libre
> stack for
> a long time, with successful deployment.
>
>
> the DTLS code is here:
>
> http://www.creytiv.com/doxygen/re-dox/html/tls__udp_8c_source.html
>
>
> we are using 2 different BIOs; one for outgoing, one for incoming:
>
>
>
>         tc->sbio_in = BIO_new(BIO_s_mem());
>         if (!tc->sbio_in) {
>                 ERR_clear_error();
>                 err = ENOMEM;
>                 goto out;
>         }
>
>         tc->sbio_out = BIO_new(&bio_udp_send);
>         if (!tc->sbio_out) {
>                 ERR_clear_error();
>                 BIO_free(tc->sbio_in);
>                 err = ENOMEM;
>                 goto out;
>         }
>
>
>
Hi Alfred,

thanks for sharing this. So you've basically created a new BIO source/sink
type, and you use that one instead of a mem BIO for sending, right? That
might be an interesting approach (e.g., creating a custom BIO based on BIO
mem), especially if it turns out that implementing a filter will prove
harder than I hope.

Lorenzo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150605/5cc68ba9/attachment-0001.html>

More information about the openssl-users mailing list