Update from 1.0.0-stable.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 15 May 2009 22:58:40 +0000 (22:58 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 15 May 2009 22:58:40 +0000 (22:58 +0000)
crypto/bio/bio.h
crypto/bio/bss_dgram.c
ssl/d1_both.c
ssl/d1_clnt.c
ssl/d1_lib.c
ssl/d1_pkt.c
ssl/d1_srvr.c
ssl/dtls1.h
ssl/ssl_locl.h

index 3371342fc1956e447258a493b506e7e766bcf44c..ab5d5c0923d144aebf8391d9a6eb9412434debf9 100644 (file)
@@ -159,7 +159,8 @@ extern "C" {
 
 #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
 
-#define BIO_CTRL_DGRAM_SET_TIMEOUT        45
+#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
+                                                                                         * adjust socket timeouts */
 
 /* modifiers */
 #define BIO_FP_READ            0x02
index 2aac67b09087b9f9edc6e8a9140dbe50f43b965c..173d871f567d9f81581942cff0483ad6402efa87 100644 (file)
@@ -110,8 +110,8 @@ typedef struct bio_dgram_data_st
        unsigned int connected;
        unsigned int _errno;
        unsigned int mtu;
-       struct timeval hstimeoutdiff;
-       struct timeval hstimeout;
+       struct timeval next_timeout;
+       struct timeval socket_timeout;
        } bio_dgram_data;
 
 BIO_METHOD *BIO_s_datagram(void)
@@ -173,7 +173,88 @@ static int dgram_clear(BIO *a)
                }
        return(1);
        }
-       
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+       {
+#if defined(SO_RCVTIMEO)
+       bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+       int sz = sizeof(int);
+
+       /* Is a timer active? */
+       if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
+               {
+               struct timeval timenow, timeleft;
+
+               /* Read current socket timeout */
+#ifdef OPENSSL_SYS_WINDOWS
+               int timeout;
+               if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                          (void*)&timeout, &sz) < 0)
+                       { perror("getsockopt"); }
+               else
+                       {
+                       data->socket_timeout.tv_sec = timeout / 1000;
+                       data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+                       }
+#else
+               if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
+                                               &(data->socket_timeout), (void *)&sz) < 0)
+                       { perror("getsockopt"); }
+#endif
+
+               /* Get current time */
+               get_current_time(&timenow);
+
+               /* Calculate time left until timer expires */
+               memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+               timeleft.tv_sec -= timenow.tv_sec;
+               timeleft.tv_usec -= timenow.tv_usec;
+               if (timeleft.tv_usec < 0)
+                       {
+                       timeleft.tv_sec--;
+                       timeleft.tv_usec += 1000000;
+                       }
+
+               /* Adjust socket timeout if next handhake message timer
+                * will expire earlier.
+                */
+               if (data->socket_timeout.tv_sec < timeleft.tv_sec ||
+                       (data->socket_timeout.tv_sec == timeleft.tv_sec &&
+                        data->socket_timeout.tv_usec <= timeleft.tv_usec))
+                       {
+#ifdef OPENSSL_SYS_WINDOWS
+                       timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+                       if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                                  (void*)&timeout, sizeof(timeout)) < 0)
+                               { perror("setsockopt"); }
+#else
+                       if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                                                       sizeof(struct timeval)) < 0)
+                               { perror("setsockopt"); }
+#endif
+                       }
+               }
+#endif
+       }
+
+static void dgram_reset_rcv_timeout(BIO *b)
+       {
+#if defined(SO_RCVTIMEO)
+       bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+#ifdef OPENSSL_SYS_WINDOWS
+       int timeout = data->socket_timeout.tv_sec * 1000 +
+                                 data->socket_timeout.tv_usec / 1000;
+       if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                  (void*)&timeout, sizeof(timeout)) < 0)
+               { perror("setsockopt"); }
+#else
+       if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+                                       sizeof(struct timeval)) < 0)
+               { perror("setsockopt"); }
+#endif
+#endif
+       }
+
 static int dgram_read(BIO *b, char *out, int outl)
        {
        int ret=0;
@@ -191,7 +272,9 @@ static int dgram_read(BIO *b, char *out, int outl)
                 * but this is not universal. Cast to (void *) to avoid
                 * compiler warnings.
                 */
+               dgram_adjust_rcv_timeout(b);
                ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
+               dgram_reset_rcv_timeout(b);
 
                if ( ! data->connected  && ret > 0)
                        BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
@@ -206,22 +289,6 @@ static int dgram_read(BIO *b, char *out, int outl)
                                }
                        memset(&(data->hstimeout), 0, sizeof(struct timeval));
                        }
-               else
-                       {
-                       if (data->hstimeout.tv_sec > 0 || data->hstimeout.tv_usec > 0)
-                               {
-                               struct timeval curtime;
-                               get_current_time(&curtime);
-
-                               if (curtime.tv_sec >= data->hstimeout.tv_sec &&
-                                       curtime.tv_usec >= data->hstimeout.tv_usec)
-                                       {
-                                       data->_errno = EAGAIN;
-                                       ret = -1;
-                                       memset(&(data->hstimeout), 0, sizeof(struct timeval));
-                                       }
-                               }
-                       }
                }
        return(ret);
        }
@@ -370,22 +437,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 
         memcpy(&(data->peer), to, sizeof(struct sockaddr));
         break;
-       case BIO_CTRL_DGRAM_SET_TIMEOUT:
-               if (num > 0)
-                       {
-                       get_current_time(&data->hstimeout);
-                       data->hstimeout.tv_sec += data->hstimeoutdiff.tv_sec;
-                       data->hstimeout.tv_usec += data->hstimeoutdiff.tv_usec;
-                       if (data->hstimeout.tv_usec >= 1000000)
-                               {
-                               data->hstimeout.tv_sec++;
-                               data->hstimeout.tv_usec -= 1000000;
-                               }
-                       }
-               else
-                       {
-                       memset(&(data->hstimeout), 0, sizeof(struct timeval));
-                       }
+       case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+               memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));             
                break;
 #if defined(SO_RCVTIMEO)
        case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
@@ -402,7 +455,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                        sizeof(struct timeval)) < 0)
                        { perror("setsockopt"); ret = -1; }
 #endif
-               memcpy(&(data->hstimeoutdiff), ptr, sizeof(struct timeval));
                break;
        case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
 #ifdef OPENSSL_SYS_WINDOWS
index 8883760da50e6683584cecfd35a8c83ec56fd067..928a005e5377f67ee628b2bfb4278149f9c017e4 100644 (file)
@@ -883,7 +883,6 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
 int dtls1_read_failed(SSL *s, int code)
        {
        DTLS1_STATE *state;
-       BIO *bio;
        int send_alert = 0;
 
        if ( code > 0)
@@ -892,8 +891,7 @@ int dtls1_read_failed(SSL *s, int code)
                return 1;
                }
 
-       bio = SSL_get_rbio(s);
-       if ( ! BIO_dgram_recv_timedout(bio))
+       if (!dtls1_is_timer_expired(s))
                {
                /* not a timeout, none of our business, 
                   let higher layers handle this.  in fact it's probably an error */
@@ -906,6 +904,7 @@ int dtls1_read_failed(SSL *s, int code)
                return code;
                }
 
+       dtls1_double_timeout(s);
        state = s->d1;
        state->timeout.num_alerts++;
        if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
index 3a08923e92d86a5235ece5481362b8242cca3503..0425af5a587d1cf054b3e1034b2a481bbd8de011 100644 (file)
@@ -233,7 +233,7 @@ int dtls1_connect(SSL *s)
                        /* every DTLS ClientHello resets Finished MAC */
                        ssl3_init_finished_mac(s);
 
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_client_hello(s);
                        if (ret <= 0) goto end;
 
@@ -259,7 +259,7 @@ int dtls1_connect(SSL *s)
                        if (ret <= 0) goto end;
                        else
                                {
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                               dtls1_stop_timer(s);
                                if (s->hit)
                                        s->state=SSL3_ST_CR_FINISHED_A;
                                else
@@ -274,7 +274,7 @@ int dtls1_connect(SSL *s)
                        ret = dtls1_get_hello_verify(s);
                        if ( ret <= 0)
                                goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                        if ( s->d1->send_cookie) /* start again, with a cookie */
                                s->state=SSL3_ST_CW_CLNT_HELLO_A;
                        else
@@ -336,7 +336,7 @@ int dtls1_connect(SSL *s)
                case SSL3_ST_CW_CERT_B:
                case SSL3_ST_CW_CERT_C:
                case SSL3_ST_CW_CERT_D:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_client_certificate(s);
                        if (ret <= 0) goto end;
                        s->state=SSL3_ST_CW_KEY_EXCH_A;
@@ -345,7 +345,7 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_KEY_EXCH_A:
                case SSL3_ST_CW_KEY_EXCH_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_client_key_exchange(s);
                        if (ret <= 0) goto end;
                        /* EAY EAY EAY need to check for DH fix cert
@@ -367,7 +367,7 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_CERT_VRFY_A:
                case SSL3_ST_CW_CERT_VRFY_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_client_verify(s);
                        if (ret <= 0) goto end;
                        s->state=SSL3_ST_CW_CHANGE_A;
@@ -377,7 +377,7 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_change_cipher_spec(s,
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
@@ -412,7 +412,7 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_finished(s,
                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                s->method->ssl3_enc->client_finished_label,
@@ -445,7 +445,7 @@ int dtls1_connect(SSL *s)
                        ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
                                SSL3_ST_CR_FINISHED_B);
                        if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
 
                        if (s->hit)
                                s->state=SSL3_ST_CW_CHANGE_A;
index 712b880f919a7df00ac3c11a86c9ae4dedac5da7..62b7702a3820b1162d31c61dc549641e046e83dc 100644 (file)
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
+#ifdef OPENSSL_SYS_WIN32
+#include <sys/timeb.h>
+#endif
+
+static void get_current_time(struct timeval *t);
 const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
 
 SSL3_ENC_METHOD DTLSv1_enc_data={
@@ -201,3 +206,107 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
 
        return ciph;
        }
+
+void dtls1_start_timer(SSL *s)
+       {
+       /* If timer is not set, initialize duration with 1 second */
+       if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
+               {
+               s->d1->timeout_duration = 1;
+               }
+       
+       /* Set timeout to current time */
+       get_current_time(&(s->d1->next_timeout));
+
+       /* Add duration to current time */
+       s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+       }
+
+struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
+       {
+       struct timeval timenow;
+
+       /* If no timeout is set, just return NULL */
+       if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
+               {
+               return NULL;
+               }
+
+       /* Get current time */
+       get_current_time(&timenow);
+
+       /* If timer already expired, set remaining time to 0 */
+       if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+               (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+                s->d1->next_timeout.tv_usec <= timenow.tv_usec))
+               {
+               memset(timeleft, 0, sizeof(struct timeval));
+               return timeleft;
+               }
+
+       /* Calculate time left until timer expires */
+       memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+       timeleft->tv_sec -= timenow.tv_sec;
+       timeleft->tv_usec -= timenow.tv_usec;
+       if (timeleft->tv_usec < 0)
+               {
+               timeleft->tv_sec--;
+               timeleft->tv_usec += 1000000;
+               }
+
+       return timeleft;
+       }
+
+int dtls1_is_timer_expired(SSL *s)
+       {
+       struct timeval timeleft;
+
+       /* Get time left until timeout, return false if no timer running */
+       if (dtls1_get_timeout(s, &timeleft) == NULL)
+               {
+               return 0;
+               }
+
+       /* Return false if timer is not expired yet */
+       if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
+               {
+               return 0;
+               }
+
+       /* Timer expired, so return true */     
+       return 1;
+       }
+
+void dtls1_double_timeout(SSL *s)
+       {
+       s->d1->timeout_duration *= 2;
+       if (s->d1->timeout_duration > 60)
+               s->d1->timeout_duration = 60;
+       dtls1_start_timer(s);
+       }
+
+void dtls1_stop_timer(SSL *s)
+       {
+       /* Reset everything */
+       memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+       s->d1->timeout_duration = 1;
+       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+       }
+
+static void get_current_time(struct timeval *t)
+{
+#ifdef OPENSSL_SYS_WIN32
+       struct _timeb tb;
+       _ftime(&tb);
+       t->tv_sec = (long)tb.time;
+       t->tv_usec = (long)tb.millitm * 1000;
+#elif defined(OPENSSL_SYS_VMS)
+       struct timeb tb;
+       ftime(&tb);
+       t->tv_sec = (long)tb.time;
+       t->tv_usec = (long)tb.millitm * 1000;
+#else
+       gettimeofday(t, NULL);
+#endif
+}
index 00b3911b279753905ebe500fd9cb968d53ae1429..b53e07d23c2a4ce869e71ae54c160068c390d54a 100644 (file)
@@ -762,7 +762,14 @@ start:
                        pitem_free(item);
                        }
                }
-               
+
+       /* Check for timeout */
+       if (dtls1_is_timer_expired(s))
+               {
+               if (dtls1_read_failed(s, -1) > 0);
+                       goto start;
+               }
+
        /* get new packet if necessary */
        if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
                {
index 666ab75d1dd2fd3da38688e84f04fc6f1c9b3426..638f3845d46d9d0fe0313062fd67f4b260db6309 100644 (file)
@@ -249,7 +249,7 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SW_HELLO_REQ_B:
 
                        s->shutdown=0;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_hello_request(s);
                        if (ret <= 0) goto end;
                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
@@ -270,7 +270,7 @@ int dtls1_accept(SSL *s)
                        s->shutdown=0;
                        ret=ssl3_get_client_hello(s);
                        if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                        s->new_session = 2;
 
                        if (s->d1->send_cookie)
@@ -284,7 +284,7 @@ int dtls1_accept(SSL *s)
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
 
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret = dtls1_send_hello_verify_request(s);
                        if ( ret <= 0) goto end;
                        s->d1->send_cookie = 0;
@@ -298,7 +298,7 @@ int dtls1_accept(SSL *s)
                        
                case SSL3_ST_SW_SRVR_HELLO_A:
                case SSL3_ST_SW_SRVR_HELLO_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_server_hello(s);
                        if (ret <= 0) goto end;
 
@@ -314,7 +314,7 @@ int dtls1_accept(SSL *s)
                        /* Check if it is anon DH */
                        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
                                {
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                               dtls1_start_timer(s);
                                ret=dtls1_send_server_certificate(s);
                                if (ret <= 0) goto end;
                                }
@@ -356,7 +356,7 @@ int dtls1_accept(SSL *s)
                                )
                            )
                                {
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                               dtls1_start_timer(s);
                                ret=dtls1_send_server_key_exchange(s);
                                if (ret <= 0) goto end;
                                }
@@ -393,7 +393,7 @@ int dtls1_accept(SSL *s)
                        else
                                {
                                s->s3->tmp.cert_request=1;
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                               dtls1_start_timer(s);
                                ret=dtls1_send_certificate_request(s);
                                if (ret <= 0) goto end;
 #ifndef NETSCAPE_HANG_BUG
@@ -408,7 +408,7 @@ int dtls1_accept(SSL *s)
 
                case SSL3_ST_SW_SRVR_DONE_A:
                case SSL3_ST_SW_SRVR_DONE_B:
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
+                       dtls1_start_timer(s);
                        ret=dtls1_send_server_done(s);
                        if (ret <= 0) goto end;
                        s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
@@ -436,7 +436,7 @@ int dtls1_accept(SSL *s)
                        ret = ssl3_check_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                        if (ret == 2)
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
                        else {
@@ -444,7 +444,7 @@ int dtls1_accept(SSL *s)
                                 * have not asked for it :-) */
                                ret=ssl3_get_client_certificate(s);
                                if (ret <= 0) goto end;
-                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                               dtls1_stop_timer(s);
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -454,7 +454,7 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SR_KEY_EXCH_B:
                        ret=ssl3_get_client_key_exchange(s);
                        if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                        s->state=SSL3_ST_SR_CERT_VRFY_A;
                        s->init_num=0;
 
@@ -475,7 +475,7 @@ int dtls1_accept(SSL *s)
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
 
                        s->state=SSL3_ST_SR_FINISHED_A;
                        s->init_num=0;
@@ -486,7 +486,7 @@ int dtls1_accept(SSL *s)
                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0) goto end;
-                       BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
+                       dtls1_stop_timer(s);
                        if (s->hit)
                                s->state=SSL_ST_OK;
                        else
index 2066638f9425aab45f27d7857da573fd36dc16f6..177e55cd9f143fc9541f7b9da2bfa1656a04d81f 100644 (file)
@@ -210,7 +210,13 @@ typedef struct dtls1_state_st
        struct hm_header_st r_msg_hdr;
 
        struct dtls1_timeout_st timeout;
-       
+
+       /* Indicates when the last handshake msg sent will timeout */
+       struct timeval next_timeout;
+
+       /* Timeout duration */
+       unsigned short timeout_duration;
+
        /* storage for Alert/Handshake protocol data received but not
         * yet processed by ssl3_read_bytes: */
        unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
index dd9fa8780c7cb475c3ee8aa12ebefca1421308ef..c2e74f18bca0c8e0d0040be37f5793096d581664 100644 (file)
@@ -942,6 +942,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
 long dtls1_default_timeout(void);
+struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
 const SSL_CIPHER *dtls1_get_cipher(unsigned int u);