Commit ad3d9522 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

PR: 2756 

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
parent 18ea747c

ssl/d1_lib.c

+23 −14
Original line number Diff line number Diff line
@@ -381,6 +381,7 @@ void dtls1_double_timeout(SSL *s) 
void dtls1_stop_timer(SSL *s)

	{

	/* Reset everything */

	memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));

	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));

	s->d1->timeout_duration = 1;

	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
@@ -388,35 +389,43 @@ void dtls1_stop_timer(SSL *s) 
	dtls1_clear_record_buffer(s);

	}



int dtls1_handle_timeout(SSL *s)

int dtls1_check_timeout_num(SSL *s)

	{

	DTLS1_STATE *state;

	s->d1->timeout.num_alerts++;



	/* if no timer is expired, don't do anything */

	if (!dtls1_is_timer_expired(s))

	/* Reduce MTU after 2 unsuccessful retransmissions */

	if (s->d1->timeout.num_alerts > 2)

		{

		return 0;

		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		

		}



	dtls1_double_timeout(s);

	state = s->d1;

	state->timeout.num_alerts++;

	if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)

	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)

		{

		/* fail the connection, enough alerts have been sent */

		SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);

		return -1;

		}



	state->timeout.read_timeouts++;

	if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)

	return 0;

	}



int dtls1_handle_timeout(SSL *s)

	{

		state->timeout.read_timeouts = 1;

	/* if no timer is expired, don't do anything */

	if (!dtls1_is_timer_expired(s))

		{

		return 0;

		}



	if (state->timeout_duration > 2)

	dtls1_double_timeout(s);



	if (dtls1_check_timeout_num(s) < 0)

		return -1;



	s->d1->timeout.read_timeouts++;

	if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)

		{

		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		

		s->d1->timeout.read_timeouts = 1;

		}



	dtls1_start_timer(s);

ssl/d1_pkt.c

+3 −9
Original line number Diff line number Diff line
@@ -179,7 +179,6 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, 
static int dtls1_buffer_record(SSL *s, record_pqueue *q,

	unsigned char *priority);

static int dtls1_process_record(SSL *s);

static void dtls1_clear_timeouts(SSL *s);



/* copy buffered record into SSL structure */

static int
@@ -682,7 +681,6 @@ again: 
		goto again;   /* get another record */

		}



	dtls1_clear_timeouts(s);  /* done waiting */

	return(1);



	}
@@ -1152,6 +1150,9 @@ start: 
		 */

		if (msg_hdr.type == SSL3_MT_FINISHED)

			{

			if (dtls1_check_timeout_num(s) < 0)

				return -1;



			dtls1_retransmit_buffered_messages(s);

			rr->length = 0;

			goto start;
@@ -1765,10 +1766,3 @@ dtls1_reset_seq_numbers(SSL *s, int rw) 


	memset(seq, 0x00, seq_bytes);

	}
 




static void

dtls1_clear_timeouts(SSL *s)

	{

	memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));

	}

ssl/ssl_locl.h

+1 −0
Original line number Diff line number Diff line
@@ -943,6 +943,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); 
void dtls1_reset_seq_numbers(SSL *s, int rw);

long dtls1_default_timeout(void);

struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);

int dtls1_check_timeout_num(SSL *s);

int dtls1_handle_timeout(SSL *s);

const SSL_CIPHER *dtls1_get_cipher(unsigned int u);

void dtls1_start_timer(SSL *s);