PR: 1922

author Dr. Stephen Henson <steve@openssl.org>

Fri, 15 May 2009 22:58:13 +0000 (22:58 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 15 May 2009 22:58:13 +0000 (22:58 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 15 May 2009 22:58:13 +0000 (22:58 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 15 May 2009 22:58:13 +0000 (22:58 +0000)
diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h

index 3371342fc1956e447258a493b506e7e766bcf44c..ab5d5c0923d144aebf8391d9a6eb9412434debf9 100644 (file)
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -159,7 +159,8 @@ extern "C" {
  
  #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
  
  
  #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
  
-#define BIO_CTRL_DGRAM_SET_TIMEOUT        45
+#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
+                                                                                         * adjust socket timeouts */
  
  /* modifiers */
  #define BIO_FP_READ            0x02
  
  /* modifiers */
  #define BIO_FP_READ            0x02
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c

index 2aac67b09087b9f9edc6e8a9140dbe50f43b965c..173d871f567d9f81581942cff0483ad6402efa87 100644 (file)
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -110,8 +110,8 @@ typedef struct bio_dgram_data_st
         unsigned int connected;
         unsigned int _errno;
         unsigned int mtu;
         unsigned int connected;
         unsigned int _errno;
         unsigned int mtu;
-       struct timeval hstimeoutdiff;
-       struct timeval hstimeout;
+       struct timeval next_timeout;
+       struct timeval socket_timeout;
         } bio_dgram_data;
  
  BIO_METHOD *BIO_s_datagram(void)
         } bio_dgram_data;
  
  BIO_METHOD *BIO_s_datagram(void)
@@ -173,7 +173,88 @@ static int dgram_clear(BIO *a)
                 }
         return(1);
         }
                 }
         return(1);
         }
-       
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+       {
+#if defined(SO_RCVTIMEO)
+       bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+       int sz = sizeof(int);
+
+       /* Is a timer active? */
+       if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
+               {
+               struct timeval timenow, timeleft;
+
+               /* Read current socket timeout */
+#ifdef OPENSSL_SYS_WINDOWS
+               int timeout;
+               if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                          (void*)&timeout, &sz) < 0)
+                       { perror("getsockopt"); }
+               else
+                       {
+                       data->socket_timeout.tv_sec = timeout / 1000;
+                       data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+                       }
+#else
+               if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
+                                               &(data->socket_timeout), (void *)&sz) < 0)
+                       { perror("getsockopt"); }
+#endif
+
+               /* Get current time */
+               get_current_time(&timenow);
+
+               /* Calculate time left until timer expires */
+               memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+               timeleft.tv_sec -= timenow.tv_sec;
+               timeleft.tv_usec -= timenow.tv_usec;
+               if (timeleft.tv_usec < 0)
+                       {
+                       timeleft.tv_sec--;
+                       timeleft.tv_usec += 1000000;
+                       }
+
+               /* Adjust socket timeout if next handhake message timer
+                * will expire earlier.
+                */
+               if (data->socket_timeout.tv_sec < timeleft.tv_sec ||
+                       (data->socket_timeout.tv_sec == timeleft.tv_sec &&
+                        data->socket_timeout.tv_usec <= timeleft.tv_usec))
+                       {
+#ifdef OPENSSL_SYS_WINDOWS
+                       timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+                       if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                                  (void*)&timeout, sizeof(timeout)) < 0)
+                               { perror("setsockopt"); }
+#else
+                       if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                                                       sizeof(struct timeval)) < 0)
+                               { perror("setsockopt"); }
+#endif
+                       }
+               }
+#endif
+       }
+
+static void dgram_reset_rcv_timeout(BIO *b)
+       {
+#if defined(SO_RCVTIMEO)
+       bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+#ifdef OPENSSL_SYS_WINDOWS
+       int timeout = data->socket_timeout.tv_sec * 1000 +
+                                 data->socket_timeout.tv_usec / 1000;
+       if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                  (void*)&timeout, sizeof(timeout)) < 0)
+               { perror("setsockopt"); }
+#else
+       if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+                                       sizeof(struct timeval)) < 0)
+               { perror("setsockopt"); }
+#endif
+#endif
+       }
+
  static int dgram_read(BIO *b, char *out, int outl)
         {
         int ret=0;
  static int dgram_read(BIO *b, char *out, int outl)
         {
         int ret=0;
@@ -191,7 +272,9 @@ static int dgram_read(BIO *b, char *out, int outl)
                  * but this is not universal. Cast to (void *) to avoid
                  * compiler warnings.
                  */
                  * but this is not universal. Cast to (void *) to avoid
                  * compiler warnings.
                  */
+               dgram_adjust_rcv_timeout(b);
                 ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
                 ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
+               dgram_reset_rcv_timeout(b);
  
                 if ( ! data->connected  && ret > 0)
                         BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
  
                 if ( ! data->connected  && ret > 0)
                         BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
@@ -206,22 +289,6 @@ static int dgram_read(BIO *b, char *out, int outl)
                                 }
                         memset(&(data->hstimeout), 0, sizeof(struct timeval));
                         }
                                 }
                         memset(&(data->hstimeout), 0, sizeof(struct timeval));
                         }
-               else
-                       {
-                       if (data->hstimeout.tv_sec > 0 || data->hstimeout.tv_usec > 0)
-                               {
-                               struct timeval curtime;
-                               get_current_time(&curtime);
-
-                               if (curtime.tv_sec >= data->hstimeout.tv_sec &&
-                                       curtime.tv_usec >= data->hstimeout.tv_usec)
-                                       {
-                                       data->_errno = EAGAIN;
-                                       ret = -1;
-                                       memset(&(data->hstimeout), 0, sizeof(struct timeval));
-                                       }
-                               }
-                       }
                 }
         return(ret);
         }
                 }
         return(ret);
         }
@@ -370,22 +437,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
  
          memcpy(&(data->peer), to, sizeof(struct sockaddr));
          break;
  
          memcpy(&(data->peer), to, sizeof(struct sockaddr));
          break;
-       case BIO_CTRL_DGRAM_SET_TIMEOUT:
-               if (num > 0)
-                       {
-                       get_current_time(&data->hstimeout);
-                       data->hstimeout.tv_sec += data->hstimeoutdiff.tv_sec;
-                       data->hstimeout.tv_usec += data->hstimeoutdiff.tv_usec;
-                       if (data->hstimeout.tv_usec >= 1000000)
-                               {
-                               data->hstimeout.tv_sec++;
-                               data->hstimeout.tv_usec -= 1000000;
-                               }
-                       }
-               else
-                       {
-                       memset(&(data->hstimeout), 0, sizeof(struct timeval));
-                       }
+       case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+               memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));             
                 break;
  #if defined(SO_RCVTIMEO)
         case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
                 break;
  #if defined(SO_RCVTIMEO)
         case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
@@ -402,7 +455,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         sizeof(struct timeval)) < 0)
                         { perror("setsockopt"); ret = -1; }
  #endif
                         sizeof(struct timeval)) < 0)
                         { perror("setsockopt"); ret = -1; }
  #endif
-               memcpy(&(data->hstimeoutdiff), ptr, sizeof(struct timeval));
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
  #ifdef OPENSSL_SYS_WINDOWS
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
  #ifdef OPENSSL_SYS_WINDOWS
diff --git a/ssl/d1_both.c b/ssl/d1_both.c

index 8883760da50e6683584cecfd35a8c83ec56fd067..928a005e5377f67ee628b2bfb4278149f9c017e4 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -883,7 +883,6 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
  int dtls1_read_failed(SSL *s, int code)
         {
         DTLS1_STATE *state;
  int dtls1_read_failed(SSL *s, int code)
         {
         DTLS1_STATE *state;
-       BIO *bio;
         int send_alert = 0;
  
         if ( code > 0)
         int send_alert = 0;
  
         if ( code > 0)
@@ -892,8 +891,7 @@ int dtls1_read_failed(SSL *s, int code)
                 return 1;
                 }
  
                 return 1;
                 }
  
-       bio = SSL_get_rbio(s);
-       if ( ! BIO_dgram_recv_timedout(bio))
+       if (!dtls1_is_timer_expired(s))
                 {
                 /* not a timeout, none of our business, 
                    let higher layers handle this.  in fact it's probably an error */
                 {
                 /* not a timeout, none of our business, 
                    let higher layers handle this.  in fact it's probably an error */
@@ -906,6 +904,7 @@ int dtls1_read_failed(SSL *s, int code)
                 return code;
                 }
  
                 return code;
                 }
  
+       dtls1_double_timeout(s);
         state = s->d1;
         state->timeout.num_alerts++;
         if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
         state = s->d1;
         state->timeout.num_alerts++;
         if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c

index 3a08923e92d86a5235ece5481362b8242cca3503..0425af5a587d1cf054b3e1034b2a481bbd8de011 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -233,7 +233,7 @@ int dtls1_connect(SSL *s)
                         /* every DTLS ClientHello resets Finished MAC */
                         ssl3_init_finished_mac(s);
  
                         /* every DTLS ClientHello resets Finished MAC */
                         ssl3_init_finished_mac(s);
  
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_client_hello(s);
                         if (ret <= 0) goto end;
  
                         ret=dtls1_client_hello(s);
                         if (ret <= 0) goto end;
  
@@ -259,7 +259,7 @@ int dtls1_connect(SSL *s)
                         if (ret <= 0) goto end;
                         else
                                 {
                         if (ret <= 0) goto end;
                         else
                                 {
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                               dtls1_stop_timer(s);
                                 if (s->hit)
                                         s->state=SSL3_ST_CR_FINISHED_A;
                                 else
                                 if (s->hit)
                                         s->state=SSL3_ST_CR_FINISHED_A;
                                 else
@@ -274,7 +274,7 @@ int dtls1_connect(SSL *s)
                         ret = dtls1_get_hello_verify(s);
                         if ( ret <= 0)
                                 goto end;
                         ret = dtls1_get_hello_verify(s);
                         if ( ret <= 0)
                                 goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                         if ( s->d1->send_cookie) /* start again, with a cookie */
                                 s->state=SSL3_ST_CW_CLNT_HELLO_A;
                         else
                         if ( s->d1->send_cookie) /* start again, with a cookie */
                                 s->state=SSL3_ST_CW_CLNT_HELLO_A;
                         else
@@ -336,7 +336,7 @@ int dtls1_connect(SSL *s)
                 case SSL3_ST_CW_CERT_B:
                 case SSL3_ST_CW_CERT_C:
                 case SSL3_ST_CW_CERT_D:
                 case SSL3_ST_CW_CERT_B:
                 case SSL3_ST_CW_CERT_C:
                 case SSL3_ST_CW_CERT_D:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_client_certificate(s);
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_CW_KEY_EXCH_A;
                         ret=dtls1_send_client_certificate(s);
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_CW_KEY_EXCH_A;
@@ -345,7 +345,7 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_KEY_EXCH_A:
                 case SSL3_ST_CW_KEY_EXCH_B:
  
                 case SSL3_ST_CW_KEY_EXCH_A:
                 case SSL3_ST_CW_KEY_EXCH_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_client_key_exchange(s);
                         if (ret <= 0) goto end;
                         /* EAY EAY EAY need to check for DH fix cert
                         ret=dtls1_send_client_key_exchange(s);
                         if (ret <= 0) goto end;
                         /* EAY EAY EAY need to check for DH fix cert
@@ -367,7 +367,7 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_CERT_VRFY_A:
                 case SSL3_ST_CW_CERT_VRFY_B:
  
                 case SSL3_ST_CW_CERT_VRFY_A:
                 case SSL3_ST_CW_CERT_VRFY_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_client_verify(s);
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_CW_CHANGE_A;
                         ret=dtls1_send_client_verify(s);
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_CW_CHANGE_A;
@@ -377,7 +377,7 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_CHANGE_A:
                 case SSL3_ST_CW_CHANGE_B:
  
                 case SSL3_ST_CW_CHANGE_A:
                 case SSL3_ST_CW_CHANGE_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_change_cipher_spec(s,
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
                         ret=dtls1_send_change_cipher_spec(s,
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
@@ -412,7 +412,7 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_FINISHED_A:
                 case SSL3_ST_CW_FINISHED_B:
  
                 case SSL3_ST_CW_FINISHED_A:
                 case SSL3_ST_CW_FINISHED_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_finished(s,
                                 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                 s->method->ssl3_enc->client_finished_label,
                         ret=dtls1_send_finished(s,
                                 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                 s->method->ssl3_enc->client_finished_label,
@@ -445,7 +445,7 @@ int dtls1_connect(SSL *s)
                         ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
                                 SSL3_ST_CR_FINISHED_B);
                         if (ret <= 0) goto end;
                         ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
                                 SSL3_ST_CR_FINISHED_B);
                         if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
  
                         if (s->hit)
                                 s->state=SSL3_ST_CW_CHANGE_A;
  
                         if (s->hit)
                                 s->state=SSL3_ST_CW_CHANGE_A;
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c

index 712b880f919a7df00ac3c11a86c9ae4dedac5da7..62b7702a3820b1162d31c61dc549641e046e83dc 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -61,6 +61,11 @@
  #include <openssl/objects.h>
  #include "ssl_locl.h"
  
  #include <openssl/objects.h>
  #include "ssl_locl.h"
  
+#ifdef OPENSSL_SYS_WIN32
+#include <sys/timeb.h>
+#endif
+
+static void get_current_time(struct timeval *t);
  const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
  
  SSL3_ENC_METHOD DTLSv1_enc_data={
  const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
  
  SSL3_ENC_METHOD DTLSv1_enc_data={
@@ -201,3 +206,107 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
  
         return ciph;
         }
  
         return ciph;
         }
+
+void dtls1_start_timer(SSL *s)
+       {
+       /* If timer is not set, initialize duration with 1 second */
+       if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
+               {
+               s->d1->timeout_duration = 1;
+               }
+       
+       /* Set timeout to current time */
+       get_current_time(&(s->d1->next_timeout));
+
+       /* Add duration to current time */
+       s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+       }
+
+struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
+       {
+       struct timeval timenow;
+
+       /* If no timeout is set, just return NULL */
+       if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
+               {
+               return NULL;
+               }
+
+       /* Get current time */
+       get_current_time(&timenow);
+
+       /* If timer already expired, set remaining time to 0 */
+       if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+               (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+                s->d1->next_timeout.tv_usec <= timenow.tv_usec))
+               {
+               memset(timeleft, 0, sizeof(struct timeval));
+               return timeleft;
+               }
+
+       /* Calculate time left until timer expires */
+       memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+       timeleft->tv_sec -= timenow.tv_sec;
+       timeleft->tv_usec -= timenow.tv_usec;
+       if (timeleft->tv_usec < 0)
+               {
+               timeleft->tv_sec--;
+               timeleft->tv_usec += 1000000;
+               }
+
+       return timeleft;
+       }
+
+int dtls1_is_timer_expired(SSL *s)
+       {
+       struct timeval timeleft;
+
+       /* Get time left until timeout, return false if no timer running */
+       if (dtls1_get_timeout(s, &timeleft) == NULL)
+               {
+               return 0;
+               }
+
+       /* Return false if timer is not expired yet */
+       if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
+               {
+               return 0;
+               }
+
+       /* Timer expired, so return true */     
+       return 1;
+       }
+
+void dtls1_double_timeout(SSL *s)
+       {
+       s->d1->timeout_duration *= 2;
+       if (s->d1->timeout_duration > 60)
+               s->d1->timeout_duration = 60;
+       dtls1_start_timer(s);
+       }
+
+void dtls1_stop_timer(SSL *s)
+       {
+       /* Reset everything */
+       memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+       s->d1->timeout_duration = 1;
+       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+       }
+
+static void get_current_time(struct timeval *t)
+{
+#ifdef OPENSSL_SYS_WIN32
+       struct _timeb tb;
+       _ftime(&tb);
+       t->tv_sec = (long)tb.time;
+       t->tv_usec = (long)tb.millitm * 1000;
+#elif defined(OPENSSL_SYS_VMS)
+       struct timeb tb;
+       ftime(&tb);
+       t->tv_sec = (long)tb.time;
+       t->tv_usec = (long)tb.millitm * 1000;
+#else
+       gettimeofday(t, NULL);
+#endif
+}
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index 00b3911b279753905ebe500fd9cb968d53ae1429..b53e07d23c2a4ce869e71ae54c160068c390d54a 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -762,7 +762,14 @@ start:
                         pitem_free(item);
                         }
                 }
                         pitem_free(item);
                         }
                 }
-               
+
+       /* Check for timeout */
+       if (dtls1_is_timer_expired(s))
+               {
+               if (dtls1_read_failed(s, -1) > 0);
+                       goto start;
+               }
+
         /* get new packet if necessary */
         if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
                 {
         /* get new packet if necessary */
         if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
                 {
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index 666ab75d1dd2fd3da38688e84f04fc6f1c9b3426..638f3845d46d9d0fe0313062fd67f4b260db6309 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -249,7 +249,7 @@ int dtls1_accept(SSL *s)
                 case SSL3_ST_SW_HELLO_REQ_B:
  
                         s->shutdown=0;
                 case SSL3_ST_SW_HELLO_REQ_B:
  
                         s->shutdown=0;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_hello_request(s);
                         if (ret <= 0) goto end;
                         s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
                         ret=dtls1_send_hello_request(s);
                         if (ret <= 0) goto end;
                         s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
@@ -270,7 +270,7 @@ int dtls1_accept(SSL *s)
                         s->shutdown=0;
                         ret=ssl3_get_client_hello(s);
                         if (ret <= 0) goto end;
                         s->shutdown=0;
                         ret=ssl3_get_client_hello(s);
                         if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                         s->new_session = 2;
  
                         if (s->d1->send_cookie)
                         s->new_session = 2;
  
                         if (s->d1->send_cookie)
@@ -284,7 +284,7 @@ int dtls1_accept(SSL *s)
                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
  
                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
  
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret = dtls1_send_hello_verify_request(s);
                         if ( ret <= 0) goto end;
                         s->d1->send_cookie = 0;
                         ret = dtls1_send_hello_verify_request(s);
                         if ( ret <= 0) goto end;
                         s->d1->send_cookie = 0;
@@ -298,7 +298,7 @@ int dtls1_accept(SSL *s)
                         
                 case SSL3_ST_SW_SRVR_HELLO_A:
                 case SSL3_ST_SW_SRVR_HELLO_B:
                         
                 case SSL3_ST_SW_SRVR_HELLO_A:
                 case SSL3_ST_SW_SRVR_HELLO_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_server_hello(s);
                         if (ret <= 0) goto end;
  
                         ret=dtls1_send_server_hello(s);
                         if (ret <= 0) goto end;
  
@@ -314,7 +314,7 @@ int dtls1_accept(SSL *s)
                         /* Check if it is anon DH */
                         if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
                                 {
                         /* Check if it is anon DH */
                         if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
                                 {
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                               dtls1_start_timer(s);
                                 ret=dtls1_send_server_certificate(s);
                                 if (ret <= 0) goto end;
                                 }
                                 ret=dtls1_send_server_certificate(s);
                                 if (ret <= 0) goto end;
                                 }
@@ -356,7 +356,7 @@ int dtls1_accept(SSL *s)
                                 )
                             )
                                 {
                                 )
                             )
                                 {
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                               dtls1_start_timer(s);
                                 ret=dtls1_send_server_key_exchange(s);
                                 if (ret <= 0) goto end;
                                 }
                                 ret=dtls1_send_server_key_exchange(s);
                                 if (ret <= 0) goto end;
                                 }
@@ -393,7 +393,7 @@ int dtls1_accept(SSL *s)
                         else
                                 {
                                 s->s3->tmp.cert_request=1;
                         else
                                 {
                                 s->s3->tmp.cert_request=1;
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                               dtls1_start_timer(s);
                                 ret=dtls1_send_certificate_request(s);
                                 if (ret <= 0) goto end;
  #ifndef NETSCAPE_HANG_BUG
                                 ret=dtls1_send_certificate_request(s);
                                 if (ret <= 0) goto end;
  #ifndef NETSCAPE_HANG_BUG
@@ -408,7 +408,7 @@ int dtls1_accept(SSL *s)
  
                 case SSL3_ST_SW_SRVR_DONE_A:
                 case SSL3_ST_SW_SRVR_DONE_B:
  
                 case SSL3_ST_SW_SRVR_DONE_A:
                 case SSL3_ST_SW_SRVR_DONE_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                         ret=dtls1_send_server_done(s);
                         if (ret <= 0) goto end;
                         s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
                         ret=dtls1_send_server_done(s);
                         if (ret <= 0) goto end;
                         s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
@@ -436,7 +436,7 @@ int dtls1_accept(SSL *s)
                         ret = ssl3_check_client_hello(s);
                         if (ret <= 0)
                                 goto end;
                         ret = ssl3_check_client_hello(s);
                         if (ret <= 0)
                                 goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                         if (ret == 2)
                                 s->state = SSL3_ST_SR_CLNT_HELLO_C;
                         else {
                         if (ret == 2)
                                 s->state = SSL3_ST_SR_CLNT_HELLO_C;
                         else {
@@ -444,7 +444,7 @@ int dtls1_accept(SSL *s)
                                  * have not asked for it :-) */
                                 ret=ssl3_get_client_certificate(s);
                                 if (ret <= 0) goto end;
                                  * have not asked for it :-) */
                                 ret=ssl3_get_client_certificate(s);
                                 if (ret <= 0) goto end;
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                               dtls1_stop_timer(s);
                                 s->init_num=0;
                                 s->state=SSL3_ST_SR_KEY_EXCH_A;
                         }
                                 s->init_num=0;
                                 s->state=SSL3_ST_SR_KEY_EXCH_A;
                         }
@@ -454,7 +454,7 @@ int dtls1_accept(SSL *s)
                 case SSL3_ST_SR_KEY_EXCH_B:
                         ret=ssl3_get_client_key_exchange(s);
                         if (ret <= 0) goto end;
                 case SSL3_ST_SR_KEY_EXCH_B:
                         ret=ssl3_get_client_key_exchange(s);
                         if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                         s->state=SSL3_ST_SR_CERT_VRFY_A;
                         s->init_num=0;
  
                         s->state=SSL3_ST_SR_CERT_VRFY_A;
                         s->init_num=0;
  
@@ -475,7 +475,7 @@ int dtls1_accept(SSL *s)
                         /* we should decide if we expected this one */
                         ret=ssl3_get_cert_verify(s);
                         if (ret <= 0) goto end;
                         /* we should decide if we expected this one */
                         ret=ssl3_get_cert_verify(s);
                         if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
  
                         s->state=SSL3_ST_SR_FINISHED_A;
                         s->init_num=0;
  
                         s->state=SSL3_ST_SR_FINISHED_A;
                         s->init_num=0;
@@ -486,7 +486,7 @@ int dtls1_accept(SSL *s)
                         ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                 SSL3_ST_SR_FINISHED_B);
                         if (ret <= 0) goto end;
                         ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                 SSL3_ST_SR_FINISHED_B);
                         if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                         if (s->hit)
                                 s->state=SSL_ST_OK;
                         else
                         if (s->hit)
                                 s->state=SSL_ST_OK;
                         else
diff --git a/ssl/dtls1.h b/ssl/dtls1.h

index 2066638f9425aab45f27d7857da573fd36dc16f6..177e55cd9f143fc9541f7b9da2bfa1656a04d81f 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -210,7 +210,13 @@ typedef struct dtls1_state_st
         struct hm_header_st r_msg_hdr;
  
         struct dtls1_timeout_st timeout;
         struct hm_header_st r_msg_hdr;
  
         struct dtls1_timeout_st timeout;
-       
+
+       /* Indicates when the last handshake msg sent will timeout */
+       struct timeval next_timeout;
+
+       /* Timeout duration */
+       unsigned short timeout_duration;
+
         /* storage for Alert/Handshake protocol data received but not
          * yet processed by ssl3_read_bytes: */
         unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
         /* storage for Alert/Handshake protocol data received but not
          * yet processed by ssl3_read_bytes: */
         unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index dd9fa8780c7cb475c3ee8aa12ebefca1421308ef..c2e74f18bca0c8e0d0040be37f5793096d581664 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -942,6 +942,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
  void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
  void dtls1_reset_seq_numbers(SSL *s, int rw);
  long dtls1_default_timeout(void);
  void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
  void dtls1_reset_seq_numbers(SSL *s, int rw);
  long dtls1_default_timeout(void);
+struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
  const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
  
  
  const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 15 May 2009 22:58:13 +0000 (22:58 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 15 May 2009 22:58:13 +0000 (22:58 +0000)
crypto/bio/bio.h		patch \| blob \| history
crypto/bio/bss_dgram.c		patch \| blob \| history
ssl/d1_both.c		patch \| blob \| history
ssl/d1_clnt.c		patch \| blob \| history
ssl/d1_lib.c		patch \| blob \| history
ssl/d1_pkt.c		patch \| blob \| history
ssl/d1_srvr.c		patch \| blob \| history
ssl/dtls1.h		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history