tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit e771e760f5acc9b6e80710f6cf4a631c2beafa84
parent 9932a1e95b99eac258f685425e73afe94d406798
Author: Michael Froman <mfroman@mozilla.com>
Date:   Wed, 15 Oct 2025 11:53:45 -0500

Bug 1993083 - Vendor libwebrtc from 36ea4535a5

Upstream commit: https://webrtc.googlesource.com/src/+/36ea4535a500ac137dbf1f577ce40dc1aaa774ef
    [M140] DTLS1.3: Fix missing retransmission due to failure to set timer.

    DTLS 1.3 considers itself connected earlier than DTLS 1.2 did - when
    second flight reaches the client. This CL fixes a bug that when
    client is connected (state_ != SSL_CONNECTING), it would not
    continue retransmitting. Continuous retransmission is needed
    when the third flight is lost multiple times. Or really anytime that DTLS request it :)

    This fixes the TODO in dtls_ice_integrationtest.cc in which dtls1.3
    spuriously failed with certain (packet loss intensive) configurations.

    CREDITS: sergeysu@ that found and fixed the problem!

    (cherry picked from commit 4221e1bc2fc360448c1663f0bbae058ff9f65a48)

    No-Try: true
    Bug: chromium:441245658, chromium:441486101
    Change-Id: I3302f6f384d7e4cda090184094a6fadaf7e4f129
    Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/406320
    Reviewed-by: Tomas Gunnarsson <tommi@webrtc.org>
    Reviewed-by: Harald Alvestrand <hta@webrtc.org>
    Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
    Cr-Original-Commit-Position: refs/heads/main@{#45439}
    Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/407780
    Commit-Queue: Guido Urdaneta <guidou@webrtc.org>
    Cr-Commit-Position: refs/branch-heads/7339@{#2}
    Cr-Branched-From: 9bd64751d9b3b35a820cb72c9029993e218146a1-refs/heads/main@{#45270}

Diffstat:

Mthird_party/libwebrtc/README.mozilla.last-vendor | 4++--


Mthird_party/libwebrtc/p2p/dtls/dtls_ice_integrationtest.cc | 6+-----


Mthird_party/libwebrtc/rtc_base/openssl_stream_adapter.cc | 15++++++++++++---


Mthird_party/libwebrtc/rtc_base/openssl_stream_adapter.h | 2++


4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/third_party/libwebrtc/README.mozilla.last-vendor b/third_party/libwebrtc/README.mozilla.last-vendor
@@ -1,4 +1,4 @@
 # ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
-libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-15T16:52:37.142701+00:00.
+libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-15T16:53:37.558762+00:00.
 # base of lastest vendoring
-847fe79059
+36ea4535a5
diff --git a/third_party/libwebrtc/p2p/dtls/dtls_ice_integrationtest.cc b/third_party/libwebrtc/p2p/dtls/dtls_ice_integrationtest.cc
@@ -127,11 +127,7 @@ class DtlsIceIntegrationTest : public ::testing::TestWithParam<std::tuple<
 
     BuiltInNetworkBehaviorConfig networkBehavior;
     networkBehavior.link_capacity = DataRate::KilobitsPerSec(220);
-    // TODO (webrtc:383141571) : Investigate why this testcase fails for
-    // DTLS 1.3 delay if networkBehavior.queue_delay_ms = 100ms.
-    // - unless both peers support dtls in stun, in which case it passes.
-    // - note: only for dtls1.3, it works for dtls1.2!
-    networkBehavior.queue_delay_ms = 50;
+    networkBehavior.queue_delay_ms = 100;
     networkBehavior.queue_length_packets = 30;
     networkBehavior.loss_percent = 50;
 
diff --git a/third_party/libwebrtc/rtc_base/openssl_stream_adapter.cc b/third_party/libwebrtc/rtc_base/openssl_stream_adapter.cc
@@ -852,10 +852,15 @@ void OpenSSLStreamAdapter::SetTimeout(int delay_ms) {
           // We check the timer even after SSL_CONNECTED,
           // but ContinueSSL() is only needed when SSL_CONNECTING
           if (state_ == SSL_CONNECTING) {
+            // Note: timeout is set inside ContinueSSL()
             ContinueSSL();
+          } else if (state_ == SSL_CONNECTED) {
+            MaybeSetTimeout();
+          } else {
+            RTC_DCHECK_NOTREACHED() << "state_: " << state_;
           }
         } else {
-          RTC_DCHECK_NOTREACHED();
+          RTC_DCHECK_NOTREACHED() << "flag->alive() == false";
         }
         // This callback will never run again (stopped above).
         return TimeDelta::PlusInfinity();
@@ -970,6 +975,12 @@ int OpenSSLStreamAdapter::ContinueSSL() {
     }
   }
 
+  MaybeSetTimeout();
+
+  return 0;
+}
+
+void OpenSSLStreamAdapter::MaybeSetTimeout() {
   if (ssl_ != nullptr) {
     struct timeval timeout;
     if (DTLSv1_get_timeout(ssl_, &timeout)) {
@@ -977,8 +988,6 @@ int OpenSSLStreamAdapter::ContinueSSL() {
       SetTimeout(delay);
     }
   }
-
-  return 0;
 }
 
 void OpenSSLStreamAdapter::Error(absl::string_view context,
diff --git a/third_party/libwebrtc/rtc_base/openssl_stream_adapter.h b/third_party/libwebrtc/rtc_base/openssl_stream_adapter.h
@@ -210,6 +210,8 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter {
            !peer_certificate_digest_value_.empty();
   }
 
+  void MaybeSetTimeout();
+
   const std::unique_ptr<StreamInterface> stream_;
   absl::AnyInvocable<void(SSLHandshakeError)> handshake_error_;