projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
PR: 2457
[openssl.git] / ssl / d1_lib.c
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 99935563d1c9f70832a1bcdd0f215cf3ffffd628..96b220e87ce0f52a21f60f1486c0dae6f7e33c7c 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -62,7 +62,7 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-#ifdef OPENSSL_SYS_WIN32
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
 #include <sys/timeb.h>
 #endif
 
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
                timeleft->tv_usec += 1000000;
                }
 
+       /* If remaining time is less than 15 ms, set it to 0
+        * to prevent issues because of small devergences with
+        * socket timeouts.
+        */
+       if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
+               {
+               memset(timeleft, 0, sizeof(struct timeval));
+               }
+       
+
        return timeleft;
        }
 
@@ -382,194 +392,3 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
        (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
        return 1;
        }
-
-#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_dtlsext(SSL *s, unsigned char *p, unsigned char *limit)
-       {
-       int extdatalen = 0;
-       unsigned char *ret = p;
-       int el;
-
-       ret+=2;
-       
-       if (ret>=limit) return NULL; /* this really never occurs, but ... */
-
-       /* Renegotiate extension */
-       if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
-               {
-               SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-               return NULL;
-               }
-
-       if((limit - p - 4 - el) < 0) return NULL;
-         
-       s2n(TLSEXT_TYPE_renegotiate,ret);
-       s2n(el,ret);
-
-       if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
-               {
-               SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-               return NULL;
-               }
-
-       ret += el;
-
-       if ((extdatalen = ret-p-2)== 0) 
-               return p;
-
-       s2n(extdatalen,p);
-
-       return ret;
-       }
-
-int ssl_parse_clienthello_dtlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-       {
-       unsigned short type;
-       unsigned short size;
-       unsigned short len;
-       unsigned char *data = *p;
-       int renegotiate_seen = 0;
-
-       if (data >= (d+n-2))
-               {
-               if (s->new_session
-                       && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-                       {
-                       /* We should always see one extension: the renegotiate extension */
-                       SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                       *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-                       return 0;
-                       }
-               return 1;
-               }
-       n2s(data,len);
-
-       if (data > (d+n-len)) 
-               return 1;
-
-       while (data <= (d+n-4))
-               {
-               n2s(data,type);
-               n2s(data,size);
-               
-               if (data+size > (d+n))
-                       return 1;
-               
-               if (type == TLSEXT_TYPE_renegotiate)
-                       {
-                       if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
-                               return 0;
-                       renegotiate_seen = 1;
-                       }
-               
-               data+=size;
-               }
-
-       if (s->new_session && !renegotiate_seen
-               && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-               {
-               *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-               SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-               return 0;
-               }
-
-       *p = data;
-       return 1;
-       }
-
-unsigned char *ssl_add_serverhello_dtlsext(SSL *s, unsigned char *p, unsigned char *limit)
-       {
-       int extdatalen = 0;
-       unsigned char *ret = p;
-       
-       ret+=2;
-       
-       if (ret>=limit) return NULL; /* this really never occurs, but ... */
-       
-       if(s->s3->send_connection_binding)
-               {
-               int el;
-
-               if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
-                       {
-                       SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-                       return NULL;
-                       }
-
-               if((limit - p - 4 - el) < 0) return NULL;
-          
-               s2n(TLSEXT_TYPE_renegotiate,ret);
-               s2n(el,ret);
-
-               if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
-                       {
-                       SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-                       return NULL;
-                       }
-
-               ret += el;
-               }
-
-       if ((extdatalen = ret-p-2)== 0) 
-               return p;
-
-       s2n(extdatalen,p);
-
-       return ret;
-       }
-
-int ssl_parse_serverhello_dtlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-       {
-       unsigned short type;
-       unsigned short size;
-       unsigned short len;
-       unsigned char *data = *p;
-       int renegotiate_seen = 0;
-       
-       if (data >= (d+n-2))
-               {
-               if (s->new_session
-                       && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-                       {
-                       /* We should always see one extension: the renegotiate extension */
-                       SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                       *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-                       return 0;
-                       }
-               return 1;
-               }
-       n2s(data,len);
-       
-       if (data > (d+n-len)) 
-               return 1;
-       
-       while (data <= (d+n-4))
-               {
-               n2s(data,type);
-               n2s(data,size);
-               
-               if (data+size > (d+n))
-                       return 1;
-               
-               if (type == TLSEXT_TYPE_renegotiate)
-                       {
-                       if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-                               return 0;
-                       renegotiate_seen = 1;
-                       }
-               
-               data+=size;
-               }
-
-       if (s->new_session && !renegotiate_seen
-               && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-               {
-               *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-               SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-               return 0;
-               }
-
-       *p = data;
-       return 1;
-       }
-#endif
Unnamed repository; edit this file 'description' to name the repository.