From 9c2bed0b65c52b0c245ff7b86dd520fe315c8b0d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 6 Mar 2012 13:22:57 +0000
Subject: [PATCH] PR: 2748 Submitted by: Robin Seggelmann
 <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
---
 ssl/d1_clnt.c | 2 +-
 ssl/d1_srvr.c | 7 +++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 089fa4c7f8..074b7f308f 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -260,7 +260,6 @@ int dtls1_connect(SSL *s)
 			if (ret <= 0) goto end;
 			else
 				{
-				dtls1_stop_timer(s);
 				if (s->hit)
 					s->state=SSL3_ST_CR_FINISHED_A;
 				else
@@ -354,6 +353,7 @@ int dtls1_connect(SSL *s)
 		case SSL3_ST_CR_SRVR_DONE_B:
 			ret=ssl3_get_server_done(s);
 			if (ret <= 0) goto end;
+			dtls1_stop_timer(s);
 			if (s->s3->tmp.cert_req)
 				s->state=SSL3_ST_CW_CERT_A;
 			else
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 149983be30..17cc022751 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -485,15 +485,16 @@ int dtls1_accept(SSL *s)
 			ret = ssl3_check_client_hello(s);
 			if (ret <= 0)
 				goto end;
-			dtls1_stop_timer(s);
 			if (ret == 2)
+				{
+				dtls1_stop_timer(s);
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+				}
 			else {
 				/* could be sent for a DH cert, even if we
 				 * have not asked for it :-) */
 				ret=ssl3_get_client_certificate(s);
 				if (ret <= 0) goto end;
-				dtls1_stop_timer(s);
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
@@ -503,7 +504,6 @@ int dtls1_accept(SSL *s)
 		case SSL3_ST_SR_KEY_EXCH_B:
 			ret=ssl3_get_client_key_exchange(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 			s->state=SSL3_ST_SR_CERT_VRFY_A;
 			s->init_num=0;
 
@@ -540,7 +540,6 @@ int dtls1_accept(SSL *s)
 			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 
 			s->state=SSL3_ST_SR_FINISHED_A;
 			s->init_num=0;
-- 
2.25.1