[openssl-users] DTLS fragmentation and mem BIO

Matt Caswell matt at openssl.org
Fri Jun 5 18:18:50 UTC 2015

I see you got it working! Just some comments below

On 05/06/15 12:34, Lorenzo Miniero wrote:
> I've started looking into filters and I have some doubts, though, also
> taking into account what you suggested, and I apologize again if this
> turns out to be silly. As far as I've understood, what I should do is
> changing the current pattern I use for outgoing packets:
>       application < memBIO < ssl
> to something like this:
>       application < memBIO < filter < ssl
> or this:
>       application < filter < memBIO < ssl
> that is, a new BIO filter that enforces the fragmentation I talked
> about. Not exactly sure about which one should be the way to go, but
> I've given this some thought.

I took a very brief look at your code and I see you went with the first
option. That's fine, although I would have done it slightly differently:

application <--   -- ssl
              |   |
              |   V
              ^   V

i.e. the filter does all the reading and writing to the memBIO. libssl
calls BIO_write(), the filter takes note of the packet sizes, and then
writes to the membBIO. When the application wants to read data it calls
BIO_read on the filter, and the filter figures out how big the packet
needs to be and reads that amount out of the memBIO. Your way works too


More information about the openssl-users mailing list