PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.
This commit is contained in:
Dr. Stephen Henson
40
ssl/d1_lib.c
40
ssl/d1_lib.c
@@ -421,6 +421,7 @@ void dtls1_double_timeout(SSL *s)
|
||||
void dtls1_stop_timer(SSL *s)
|
||||
{
|
||||
/* Reset everything */
|
||||
memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
|
||||
memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
|
||||
s->d1->timeout_duration = 1;
|
||||
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
|
||||
@@ -428,10 +429,28 @@ void dtls1_stop_timer(SSL *s)
|
||||
dtls1_clear_record_buffer(s);
|
||||
}
|
||||
|
||||
int dtls1_check_timeout_num(SSL *s)
|
||||
{
|
||||
s->d1->timeout.num_alerts++;
|
||||
|
||||
/* Reduce MTU after 2 unsuccessful retransmissions */
|
||||
if (s->d1->timeout.num_alerts > 2)
|
||||
{
|
||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
|
||||
}
|
||||
|
||||
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
|
||||
{
|
||||
/* fail the connection, enough alerts have been sent */
|
||||
SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int dtls1_handle_timeout(SSL *s)
|
||||
{
|
||||
DTLS1_STATE *state;
|
||||
|
||||
/* if no timer is expired, don't do anything */
|
||||
if (!dtls1_is_timer_expired(s))
|
||||
{
|
||||
@@ -439,19 +458,14 @@ int dtls1_handle_timeout(SSL *s)
|
||||
}
|
||||
|
||||
dtls1_double_timeout(s);
|
||||
state = s->d1;
|
||||
state->timeout.num_alerts++;
|
||||
if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
|
||||
{
|
||||
/* fail the connection, enough alerts have been sent */
|
||||
SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
state->timeout.read_timeouts++;
|
||||
if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
|
||||
if (dtls1_check_timeout_num(s) < 0)
|
||||
return -1;
|
||||
|
||||
s->d1->timeout.read_timeouts++;
|
||||
if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
|
||||
{
|
||||
state->timeout.read_timeouts = 1;
|
||||
s->d1->timeout.read_timeouts = 1;
|
||||
}
|
||||
|
||||
if (state->timeout_duration > 2)
|
||||
|
||||
12
ssl/d1_pkt.c
12
ssl/d1_pkt.c
@@ -139,7 +139,6 @@ static int dtls1_process_record(SSL *s);
|
||||
#if PQ_64BIT_IS_INTEGER
|
||||
static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
|
||||
#endif
|
||||
static void dtls1_clear_timeouts(SSL *s);
|
||||
|
||||
/* copy buffered record into SSL structure */
|
||||
static int
|
||||
@@ -640,7 +639,6 @@ again:
|
||||
goto again; /* get another record */
|
||||
}
|
||||
|
||||
dtls1_clear_timeouts(s); /* done waiting */
|
||||
return(1);
|
||||
|
||||
}
|
||||
@@ -1109,6 +1107,9 @@ start:
|
||||
*/
|
||||
if (msg_hdr.type == SSL3_MT_FINISHED)
|
||||
{
|
||||
if (dtls1_check_timeout_num(s) < 0)
|
||||
return -1;
|
||||
|
||||
dtls1_retransmit_buffered_messages(s);
|
||||
rr->length = 0;
|
||||
goto start;
|
||||
@@ -1812,10 +1813,3 @@ bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
|
||||
return _num;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static void
|
||||
dtls1_clear_timeouts(SSL *s)
|
||||
{
|
||||
memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
|
||||
}
|
||||
|
||||
@@ -870,6 +870,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
|
||||
void dtls1_reset_seq_numbers(SSL *s, int rw);
|
||||
long dtls1_default_timeout(void);
|
||||
struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
|
||||
int dtls1_check_timeout_num(SSL *s);
|
||||
int dtls1_handle_timeout(SSL *s);
|
||||
SSL_CIPHER *dtls1_get_cipher(unsigned int u);
|
||||
void dtls1_start_timer(SSL *s);
|
||||
|
||||
Reference in New Issue
Block a user