Use appropriate versions of SSL3_ENC_METHOD

[oweals/openssl.git] / ssl / d1_lib.c
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c

index f4bfd29afd5b18892a2852fba362d24d339f2ebc..f03a7ee1d8b3d69627eac9e342acca81578d85e7 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -67,6 +67,8 @@
  #endif
  
  static void get_current_time(struct timeval *t);
+static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
+static int dtls1_handshake_write(SSL *s);
  const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
  int dtls1_listen(SSL *s, struct sockaddr *client);
  
@@ -83,6 +85,10 @@ SSL3_ENC_METHOD DTLSv1_enc_data={
         TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
         tls1_alert_code,
         tls1_export_keying_material,
+       SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
+       DTLS1_HM_HEADER_LENGTH,
+       dtls1_set_handshake_header,
+       dtls1_handshake_write   
         };
  
  long dtls1_default_timeout(void)
@@ -196,6 +202,7 @@ void dtls1_free(SSL *s)
         pqueue_free(s->d1->buffered_app_data.q);
  
         OPENSSL_free(s->d1);
+       s->d1 = NULL;
         }
  
  void dtls1_clear(SSL *s)
@@ -391,6 +398,7 @@ void dtls1_double_timeout(SSL *s)
  void dtls1_stop_timer(SSL *s)
         {
         /* Reset everything */
+       memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
         memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
         s->d1->timeout_duration = 1;
         BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
@@ -398,35 +406,43 @@ void dtls1_stop_timer(SSL *s)
         dtls1_clear_record_buffer(s);
         }
  
-int dtls1_handle_timeout(SSL *s)
+int dtls1_check_timeout_num(SSL *s)
         {
-       DTLS1_STATE *state;
+       s->d1->timeout.num_alerts++;
  
-       /* if no timer is expired, don't do anything */
-       if (!dtls1_is_timer_expired(s))
+       /* Reduce MTU after 2 unsuccessful retransmissions */
+       if (s->d1->timeout.num_alerts > 2)
                 {
-               return 0;
+               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
                 }
  
-       dtls1_double_timeout(s);
-       state = s->d1;
-       state->timeout.num_alerts++;
-       if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+       if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
                 {
                 /* fail the connection, enough alerts have been sent */
-               SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
+               SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
                 return -1;
                 }
  
-       state->timeout.read_timeouts++;
-       if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+       return 0;
+       }
+
+int dtls1_handle_timeout(SSL *s)
+       {
+       /* if no timer is expired, don't do anything */
+       if (!dtls1_is_timer_expired(s))
                 {
-               state->timeout.read_timeouts = 1;
+               return 0;
                 }
  
-       if (state->timeout_duration > 2)
+       dtls1_double_timeout(s);
+
+       if (dtls1_check_timeout_num(s) < 0)
+               return -1;
+
+       s->d1->timeout.read_timeouts++;
+       if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
                 {
-               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
+               s->d1->timeout.read_timeouts = 1;
                 }
  
  #ifndef OPENSSL_NO_HEARTBEATS
@@ -471,3 +487,20 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
         (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
         return 1;
         }
+
+static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
+       {
+       unsigned char *p = (unsigned char *)s->init_buf->data;
+       dtls1_set_message_header(s, p, htype, len, 0, len);
+       s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
+       s->init_off = 0;
+       /* Buffer the message to handle re-xmits */
+       dtls1_buffer_message(s, 0);
+       }
+
+static int dtls1_handshake_write(SSL *s)
+       {
+       return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
+       }
+       
+