wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PR: 1922

Browse source 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
This commit is contained in:
Dr. Stephen Henson 2009-05-15 22:58:13 +00:00
parent a379c433a3
commit d6584eba8c
9 changed files with 239 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
crypto/bio/bio.h
View file

@ -159,7 +159,8 @@ extern "C" {
#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */
#define BIO_CTRL_DGRAM_SET_TIMEOUT 45 #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
* adjust socket timeouts */
/* modifiers */ /* modifiers */
#define BIO_FP_READ 0x02 #define BIO_FP_READ 0x02

124
crypto/bio/bss_dgram.c
View file

@ -110,8 +110,8 @@ typedef struct bio_dgram_data_st
unsigned int connected; unsigned int connected;
unsigned int _errno; unsigned int _errno;
unsigned int mtu; unsigned int mtu;
struct timeval hstimeoutdiff; struct timeval next_timeout;
struct timeval hstimeout; struct timeval socket_timeout;
} bio_dgram_data; } bio_dgram_data;
BIO_METHOD *BIO_s_datagram(void) BIO_METHOD *BIO_s_datagram(void)
@ -173,7 +173,88 @@ static int dgram_clear(BIO *a)
} }
return(1); return(1);
} }
static void dgram_adjust_rcv_timeout(BIO *b)
{
#if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
int sz = sizeof(int);
/* Is a timer active? */
if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
{
struct timeval timenow, timeleft;
/* Read current socket timeout */
#ifdef OPENSSL_SYS_WINDOWS
int timeout;
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, &sz) < 0)
{ perror("getsockopt"); }
else
{
data->socket_timeout.tv_sec = timeout / 1000;
data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
}
#else
if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
&(data->socket_timeout), (void *)&sz) < 0)
{ perror("getsockopt"); }
#endif
/* Get current time */
get_current_time(&timenow);
/* Calculate time left until timer expires */
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
timeleft.tv_sec -= timenow.tv_sec;
timeleft.tv_usec -= timenow.tv_usec;
if (timeleft.tv_usec < 0)
{
timeleft.tv_sec--;
timeleft.tv_usec += 1000000;
}
/* Adjust socket timeout if next handhake message timer
* will expire earlier.
*/
if (data->socket_timeout.tv_sec < timeleft.tv_sec ||
(data->socket_timeout.tv_sec == timeleft.tv_sec &&
data->socket_timeout.tv_usec <= timeleft.tv_usec))
{
#ifdef OPENSSL_SYS_WINDOWS
timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, sizeof(timeout)) < 0)
{ perror("setsockopt"); }
#else
if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
sizeof(struct timeval)) < 0)
{ perror("setsockopt"); }
#endif
}
}
#endif
}
static void dgram_reset_rcv_timeout(BIO *b)
{
#if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
#ifdef OPENSSL_SYS_WINDOWS
int timeout = data->socket_timeout.tv_sec * 1000 +
data->socket_timeout.tv_usec / 1000;
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, sizeof(timeout)) < 0)
{ perror("setsockopt"); }
#else
if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
sizeof(struct timeval)) < 0)
{ perror("setsockopt"); }
#endif
#endif
}
static int dgram_read(BIO *b, char *out, int outl) static int dgram_read(BIO *b, char *out, int outl)
{ {
int ret=0; int ret=0;
@ -191,7 +272,9 @@ static int dgram_read(BIO *b, char *out, int outl)
* but this is not universal. Cast to (void *) to avoid * but this is not universal. Cast to (void *) to avoid
* compiler warnings. * compiler warnings.
*/ */
dgram_adjust_rcv_timeout(b);
ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen); ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
dgram_reset_rcv_timeout(b);
if ( ! data->connected && ret > 0) if ( ! data->connected && ret > 0)
BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer); BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
@ -206,22 +289,6 @@ static int dgram_read(BIO *b, char *out, int outl)
} }
memset(&(data->hstimeout), 0, sizeof(struct timeval)); memset(&(data->hstimeout), 0, sizeof(struct timeval));
} }
else
{
if (data->hstimeout.tv_sec > 0 || data->hstimeout.tv_usec > 0)
{
struct timeval curtime;
get_current_time(&curtime);
if (curtime.tv_sec >= data->hstimeout.tv_sec &&
curtime.tv_usec >= data->hstimeout.tv_usec)
{
data->_errno = EAGAIN;
ret = -1;
memset(&(data->hstimeout), 0, sizeof(struct timeval));
}
}
}
} }
return(ret); return(ret);
} }
@ -370,22 +437,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
memcpy(&(data->peer), to, sizeof(struct sockaddr)); memcpy(&(data->peer), to, sizeof(struct sockaddr));
break; break;
case BIO_CTRL_DGRAM_SET_TIMEOUT: case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
if (num > 0) memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
{
get_current_time(&data->hstimeout);
data->hstimeout.tv_sec += data->hstimeoutdiff.tv_sec;
data->hstimeout.tv_usec += data->hstimeoutdiff.tv_usec;
if (data->hstimeout.tv_usec >= 1000000)
{
data->hstimeout.tv_sec++;
data->hstimeout.tv_usec -= 1000000;
}
}
else
{
memset(&(data->hstimeout), 0, sizeof(struct timeval));
}
break; break;
#if defined(SO_RCVTIMEO) #if defined(SO_RCVTIMEO)
case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
@ -402,7 +455,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
sizeof(struct timeval)) < 0) sizeof(struct timeval)) < 0)
{ perror("setsockopt"); ret = -1; } { perror("setsockopt"); ret = -1; }
#endif #endif
memcpy(&(data->hstimeoutdiff), ptr, sizeof(struct timeval));
break; break;
case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
#ifdef OPENSSL_SYS_WINDOWS #ifdef OPENSSL_SYS_WINDOWS

5
ssl/d1_both.c
View file

@ -883,7 +883,6 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
int dtls1_read_failed(SSL *s, int code) int dtls1_read_failed(SSL *s, int code)
{ {
DTLS1_STATE *state; DTLS1_STATE *state;
BIO *bio;
int send_alert = 0; int send_alert = 0;
if ( code > 0) if ( code > 0)
@ -892,8 +891,7 @@ int dtls1_read_failed(SSL *s, int code)
return 1; return 1;
} }
bio = SSL_get_rbio(s); if (!dtls1_is_timer_expired(s))
if ( ! BIO_dgram_recv_timedout(bio))
{ {
/* not a timeout, none of our business, /* not a timeout, none of our business,
let higher layers handle this. in fact it's probably an error */ let higher layers handle this. in fact it's probably an error */
@ -906,6 +904,7 @@ int dtls1_read_failed(SSL *s, int code)
return code; return code;
} }
dtls1_double_timeout(s);
state = s->d1; state = s->d1;
state->timeout.num_alerts++; state->timeout.num_alerts++;
if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)

18
ssl/d1_clnt.c
View file

@ -233,7 +233,7 @@ int dtls1_connect(SSL *s)
/* every DTLS ClientHello resets Finished MAC */ /* every DTLS ClientHello resets Finished MAC */
ssl3_init_finished_mac(s); ssl3_init_finished_mac(s);
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_client_hello(s); ret=dtls1_client_hello(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
@ -259,7 +259,7 @@ int dtls1_connect(SSL *s)
if (ret <= 0) goto end; if (ret <= 0) goto end;
else else
{ {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
if (s->hit) if (s->hit)
s->state=SSL3_ST_CR_FINISHED_A; s->state=SSL3_ST_CR_FINISHED_A;
else else
@ -274,7 +274,7 @@ int dtls1_connect(SSL *s)
ret = dtls1_get_hello_verify(s); ret = dtls1_get_hello_verify(s);
if ( ret <= 0) if ( ret <= 0)
goto end; goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
if ( s->d1->send_cookie) /* start again, with a cookie */ if ( s->d1->send_cookie) /* start again, with a cookie */
s->state=SSL3_ST_CW_CLNT_HELLO_A; s->state=SSL3_ST_CW_CLNT_HELLO_A;
else else
@ -336,7 +336,7 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_CERT_B: case SSL3_ST_CW_CERT_B:
case SSL3_ST_CW_CERT_C: case SSL3_ST_CW_CERT_C:
case SSL3_ST_CW_CERT_D: case SSL3_ST_CW_CERT_D:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_client_certificate(s); ret=dtls1_send_client_certificate(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
s->state=SSL3_ST_CW_KEY_EXCH_A; s->state=SSL3_ST_CW_KEY_EXCH_A;
@ -345,7 +345,7 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_KEY_EXCH_A: case SSL3_ST_CW_KEY_EXCH_A:
case SSL3_ST_CW_KEY_EXCH_B: case SSL3_ST_CW_KEY_EXCH_B:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_client_key_exchange(s); ret=dtls1_send_client_key_exchange(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
/* EAY EAY EAY need to check for DH fix cert /* EAY EAY EAY need to check for DH fix cert
@ -367,7 +367,7 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_CERT_VRFY_A: case SSL3_ST_CW_CERT_VRFY_A:
case SSL3_ST_CW_CERT_VRFY_B: case SSL3_ST_CW_CERT_VRFY_B:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_client_verify(s); ret=dtls1_send_client_verify(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
s->state=SSL3_ST_CW_CHANGE_A; s->state=SSL3_ST_CW_CHANGE_A;
@ -377,7 +377,7 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_CW_CHANGE_B: case SSL3_ST_CW_CHANGE_B:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_change_cipher_spec(s, ret=dtls1_send_change_cipher_spec(s,
SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
if (ret <= 0) goto end; if (ret <= 0) goto end;
@ -412,7 +412,7 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B: case SSL3_ST_CW_FINISHED_B:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_finished(s, ret=dtls1_send_finished(s,
SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
s->method->ssl3_enc->client_finished_label, s->method->ssl3_enc->client_finished_label,
@ -445,7 +445,7 @@ int dtls1_connect(SSL *s)
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B); SSL3_ST_CR_FINISHED_B);
if (ret <= 0) goto end; if (ret <= 0) goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
if (s->hit) if (s->hit)
s->state=SSL3_ST_CW_CHANGE_A; s->state=SSL3_ST_CW_CHANGE_A;

109
ssl/d1_lib.c
View file

@ -61,6 +61,11 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include "ssl_locl.h" #include "ssl_locl.h"
#ifdef OPENSSL_SYS_WIN32
#include <sys/timeb.h>
#endif
static void get_current_time(struct timeval *t);
const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
SSL3_ENC_METHOD DTLSv1_enc_data={ SSL3_ENC_METHOD DTLSv1_enc_data={
@ -201,3 +206,107 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
return ciph; return ciph;
} }
void dtls1_start_timer(SSL *s)
{
/* If timer is not set, initialize duration with 1 second */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
{
s->d1->timeout_duration = 1;
}
/* Set timeout to current time */
get_current_time(&(s->d1->next_timeout));
/* Add duration to current time */
s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
}
struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
{
struct timeval timenow;
/* If no timeout is set, just return NULL */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
{
return NULL;
}
/* Get current time */
get_current_time(&timenow);
/* If timer already expired, set remaining time to 0 */
if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
(s->d1->next_timeout.tv_sec == timenow.tv_sec &&
s->d1->next_timeout.tv_usec <= timenow.tv_usec))
{
memset(timeleft, 0, sizeof(struct timeval));
return timeleft;
}
/* Calculate time left until timer expires */
memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
timeleft->tv_sec -= timenow.tv_sec;
timeleft->tv_usec -= timenow.tv_usec;
if (timeleft->tv_usec < 0)
{
timeleft->tv_sec--;
timeleft->tv_usec += 1000000;
}
return timeleft;
}
int dtls1_is_timer_expired(SSL *s)
{
struct timeval timeleft;
/* Get time left until timeout, return false if no timer running */
if (dtls1_get_timeout(s, &timeleft) == NULL)
{
return 0;
}
/* Return false if timer is not expired yet */
if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
{
return 0;
}
/* Timer expired, so return true */
return 1;
}
void dtls1_double_timeout(SSL *s)
{
s->d1->timeout_duration *= 2;
if (s->d1->timeout_duration > 60)
s->d1->timeout_duration = 60;
dtls1_start_timer(s);
}
void dtls1_stop_timer(SSL *s)
{
/* Reset everything */
memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
s->d1->timeout_duration = 1;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
}
static void get_current_time(struct timeval *t)
{
#ifdef OPENSSL_SYS_WIN32
struct _timeb tb;
_ftime(&tb);
t->tv_sec = (long)tb.time;
t->tv_usec = (long)tb.millitm * 1000;
#elif defined(OPENSSL_SYS_VMS)
struct timeb tb;
ftime(&tb);
t->tv_sec = (long)tb.time;
t->tv_usec = (long)tb.millitm * 1000;
#else
gettimeofday(t, NULL);
#endif
}

9
ssl/d1_pkt.c
View file

@ -762,7 +762,14 @@ start:
pitem_free(item); pitem_free(item);
} }
} }
/* Check for timeout */
if (dtls1_is_timer_expired(s))
{
if (dtls1_read_failed(s, -1) > 0);
goto start;
}
/* get new packet if necessary */ /* get new packet if necessary */
if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
{ {

26
ssl/d1_srvr.c
View file

@ -249,7 +249,7 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_HELLO_REQ_B: case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown=0; s->shutdown=0;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_hello_request(s); ret=dtls1_send_hello_request(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
@ -270,7 +270,7 @@ int dtls1_accept(SSL *s)
s->shutdown=0; s->shutdown=0;
ret=ssl3_get_client_hello(s); ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
s->new_session = 2; s->new_session = 2;
if (s->d1->send_cookie) if (s->d1->send_cookie)
@ -284,7 +284,7 @@ int dtls1_accept(SSL *s)
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret = dtls1_send_hello_verify_request(s); ret = dtls1_send_hello_verify_request(s);
if ( ret <= 0) goto end; if ( ret <= 0) goto end;
s->d1->send_cookie = 0; s->d1->send_cookie = 0;
@ -298,7 +298,7 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B: case SSL3_ST_SW_SRVR_HELLO_B:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_server_hello(s); ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
@ -314,7 +314,7 @@ int dtls1_accept(SSL *s)
/* Check if it is anon DH */ /* Check if it is anon DH */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
{ {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_server_certificate(s); ret=dtls1_send_server_certificate(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
} }
@ -356,7 +356,7 @@ int dtls1_accept(SSL *s)
) )
) )
{ {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_server_key_exchange(s); ret=dtls1_send_server_key_exchange(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
} }
@ -393,7 +393,7 @@ int dtls1_accept(SSL *s)
else else
{ {
s->s3->tmp.cert_request=1; s->s3->tmp.cert_request=1;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_certificate_request(s); ret=dtls1_send_certificate_request(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
#ifndef NETSCAPE_HANG_BUG #ifndef NETSCAPE_HANG_BUG
@ -408,7 +408,7 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_A:
case SSL3_ST_SW_SRVR_DONE_B: case SSL3_ST_SW_SRVR_DONE_B:
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); dtls1_start_timer(s);
ret=dtls1_send_server_done(s); ret=dtls1_send_server_done(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
@ -436,7 +436,7 @@ int dtls1_accept(SSL *s)
ret = ssl3_check_client_hello(s); ret = ssl3_check_client_hello(s);
if (ret <= 0) if (ret <= 0)
goto end; goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
if (ret == 2) if (ret == 2)
s->state = SSL3_ST_SR_CLNT_HELLO_C; s->state = SSL3_ST_SR_CLNT_HELLO_C;
else { else {
@ -444,7 +444,7 @@ int dtls1_accept(SSL *s)
* have not asked for it :-) */ * have not asked for it :-) */
ret=ssl3_get_client_certificate(s); ret=ssl3_get_client_certificate(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
s->init_num=0; s->init_num=0;
s->state=SSL3_ST_SR_KEY_EXCH_A; s->state=SSL3_ST_SR_KEY_EXCH_A;
} }
@ -454,7 +454,7 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SR_KEY_EXCH_B: case SSL3_ST_SR_KEY_EXCH_B:
ret=ssl3_get_client_key_exchange(s); ret=ssl3_get_client_key_exchange(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
s->state=SSL3_ST_SR_CERT_VRFY_A; s->state=SSL3_ST_SR_CERT_VRFY_A;
s->init_num=0; s->init_num=0;
@ -475,7 +475,7 @@ int dtls1_accept(SSL *s)
/* we should decide if we expected this one */ /* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s); ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
s->state=SSL3_ST_SR_FINISHED_A; s->state=SSL3_ST_SR_FINISHED_A;
s->init_num=0; s->init_num=0;
@ -486,7 +486,7 @@ int dtls1_accept(SSL *s)
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B); SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end; if (ret <= 0) goto end;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); dtls1_stop_timer(s);
if (s->hit) if (s->hit)
s->state=SSL_ST_OK; s->state=SSL_ST_OK;
else else

8
ssl/dtls1.h
View file

@ -210,7 +210,13 @@ typedef struct dtls1_state_st
struct hm_header_st r_msg_hdr; struct hm_header_st r_msg_hdr;
struct dtls1_timeout_st timeout; struct dtls1_timeout_st timeout;
/* Indicates when the last handshake msg sent will timeout */
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
/* storage for Alert/Handshake protocol data received but not /* storage for Alert/Handshake protocol data received but not
* yet processed by ssl3_read_bytes: */ * yet processed by ssl3_read_bytes: */
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];

1
ssl/ssl_locl.h
View file

@ -942,6 +942,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
void dtls1_reset_seq_numbers(SSL *s, int rw); void dtls1_reset_seq_numbers(SSL *s, int rw);
long dtls1_default_timeout(void); long dtls1_default_timeout(void);
struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
const SSL_CIPHER *dtls1_get_cipher(unsigned int u); const SSL_CIPHER *dtls1_get_cipher(unsigned int u);