Google Git
Sign in
boringssl/boringssl.git/0d82223ab4fc93fdbf56e00857bc94b321978c55
commit
0d82223ab4fc93fdbf56e00857bc94b321978c55
[log] [tgz]
author
Jonas Oreland <jonaso@google.com>
Thu Jan 22 10:25:33 2026 -0800
committer
David Benjamin <davidben@google.com>
Thu Jan 22 12:06:46 2026 -0800
tree
67a116110f65f603a143aae5ec1ca2035486446f
parent
974314a2b8ced6dba92f2de0a105ac86271f5325 [diff]
Allow DTLSv1_set_initial_timeout_duration to be called mid-handshake

This is useful for WebRTC that "guess" a reasonable timeout
duration based on first ICE rtt...but that can be wildly incorrect
so modifying it can reduce worst case behavior.

The patch
a) modifies the timeout for next flight
b) modifies ongoing timer(s).
c) change representation of the DTLSTimer to keep a start time
and a duration rather than only a expire time.

---

Update test as (from davidben@ thanks!)
The tests needed to AdvanceClock() because all the WriteFoo()
methods buffer up a packet, with the other methods implicitly flushing. SetTimeout() was patterned after SetMTU() which was missing an
implicit flush, but probably should have had one, to avoid reordering
of signals.

Once that's fixed, the original test is sensitive to the timeout / 4
business. While I'm here, trim the tests a bit. They included a bunch of
bits that were part of exercising the core ACK machinery. But since
that's already covered elsewhere, we really only need to drive the shim
into a state with an ACK timer and try a SetTimeout

---

Update-Note: DTLSv1_set_initial_timeout_duration now also affect ongoing flights. You might need modify your code to check for timeout after calling the function.

Bug: webrtc:404763475
Change-Id: Iaea911c38e2e7cfc056728d9f47530729032ffc2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/86167
Commit-Queue: Lily Chen <chlily@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
8 files changed
tree: 67a116110f65f603a143aae5ec1ca2035486446f
  1. .bcr/
  2. .github/
  3. bench/
  4. cmake/
  5. crypto/
  6. decrepit/
  7. docs/
  8. fuzz/
  9. gen/
  10. include/
  11. infra/
  12. pki/
  13. rust/
  14. ssl/
  15. third_party/
  16. tool/
  17. util/
  18. .bazelignore
  19. .bazelrc
  20. .bazelversion
  21. .clang-format
  22. .clang-format-ignore
  23. .gitignore
  24. API-CONVENTIONS.md
  25. AUTHORS
  26. BREAKING-CHANGES.md
  27. BUILD.bazel
  28. build.json
  29. BUILDING.md
  30. CMakeLists.txt
  31. codereview.settings
  32. CONTRIBUTING.md
  33. FUZZING.md
  34. go.mod
  35. go.sum
  36. INCORPORATING.md
  37. LICENSE
  38. MODULE.bazel
  39. MODULE.bazel.lock
  40. PORTING.md
  41. PRESUBMIT.py
  42. PrivacyInfo.xcprivacy
  43. README.md
  44. SANDBOXING.md
  45. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: