From 9d396bee8e1247baae68f74cba25f0362f3aa181 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 2 Apr 2009 22:16:02 +0000 Subject: [PATCH] PR: 1829 Submitted by: Robin Seggelmann Approved by: steve@openssl.org DTLS timer bug fix. --- crypto/bio/bio.h | 1 + crypto/bio/bss_dgram.c | 36 ++++++++++++++++++++++++++++++++++++ ssl/d1_clnt.c | 9 +++++++++ ssl/d1_srvr.c | 13 +++++++++++++ 4 files changed, 59 insertions(+) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index cecb6a7207..0190c5a020 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -158,6 +158,7 @@ extern "C" { #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ +#define BIO_CTRL_DGRAM_SET_TIMEOUT 45 /* modifiers */ #define BIO_FP_READ 0x02 diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index c3da6dc82f..092709a228 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -104,6 +104,8 @@ typedef struct bio_dgram_data_st unsigned int connected; unsigned int _errno; unsigned int mtu; + struct timeval hstimeoutdiff; + struct timeval hstimeout; } bio_dgram_data; BIO_METHOD *BIO_s_datagram(void) @@ -196,6 +198,22 @@ static int dgram_read(BIO *b, char *out, int outl) BIO_set_retry_read(b); data->_errno = get_last_socket_error(); } + memset(&(data->hstimeout), 0, sizeof(struct timeval)); + } + else + { + if (data->hstimeout.tv_sec > 0 || data->hstimeout.tv_usec > 0) + { + struct timeval curtime; + gettimeofday(&curtime, NULL); + if (curtime.tv_sec >= data->hstimeout.tv_sec && + curtime.tv_usec >= data->hstimeout.tv_usec) + { + data->_errno = EAGAIN; + ret = -1; + memset(&(data->hstimeout), 0, sizeof(struct timeval)); + } + } } } return(ret); @@ -345,6 +363,23 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) memcpy(&(data->peer), to, sizeof(struct sockaddr)); break; + case BIO_CTRL_DGRAM_SET_TIMEOUT: + if (num > 0) + { + gettimeofday(&(data->hstimeout), NULL); + data->hstimeout.tv_sec += data->hstimeoutdiff.tv_sec; + data->hstimeout.tv_usec += data->hstimeoutdiff.tv_usec; + if (data->hstimeout.tv_usec >= 1000000) + { + data->hstimeout.tv_sec++; + data->hstimeout.tv_usec -= 1000000; + } + } + else + { + memset(&(data->hstimeout), 0, sizeof(struct timeval)); + } + break; #if defined(SO_RCVTIMEO) case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: #ifdef OPENSSL_SYS_WINDOWS @@ -360,6 +395,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) sizeof(struct timeval)) < 0) { perror("setsockopt"); ret = -1; } #endif + memcpy(&(data->hstimeoutdiff), ptr, sizeof(struct timeval)); break; case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: #ifdef OPENSSL_SYS_WINDOWS diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 49c6760d19..5f7a21b011 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -229,6 +229,7 @@ int dtls1_connect(SSL *s) /* every DTLS ClientHello resets Finished MAC */ ssl3_init_finished_mac(s); + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_client_hello(s); if (ret <= 0) goto end; @@ -254,6 +255,7 @@ int dtls1_connect(SSL *s) if (ret <= 0) goto end; else { + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); if (s->hit) s->state=SSL3_ST_CR_FINISHED_A; else @@ -268,6 +270,7 @@ int dtls1_connect(SSL *s) ret = dtls1_get_hello_verify(s); if ( ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); if ( s->d1->send_cookie) /* start again, with a cookie */ s->state=SSL3_ST_CW_CLNT_HELLO_A; else @@ -329,6 +332,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CERT_B: case SSL3_ST_CW_CERT_C: case SSL3_ST_CW_CERT_D: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_client_certificate(s); if (ret <= 0) goto end; s->state=SSL3_ST_CW_KEY_EXCH_A; @@ -337,6 +341,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_KEY_EXCH_A: case SSL3_ST_CW_KEY_EXCH_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_client_key_exchange(s); if (ret <= 0) goto end; l=s->s3->tmp.new_cipher->algorithms; @@ -359,6 +364,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CERT_VRFY_A: case SSL3_ST_CW_CERT_VRFY_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_client_verify(s); if (ret <= 0) goto end; s->state=SSL3_ST_CW_CHANGE_A; @@ -368,6 +374,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; @@ -402,6 +409,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_finished(s, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, s->method->ssl3_enc->client_finished_label, @@ -437,6 +445,7 @@ int dtls1_connect(SSL *s) ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); if (s->hit) s->state=SSL3_ST_CW_CHANGE_A; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0bbf8ae7f3..bb290b88e3 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -247,6 +247,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; @@ -267,6 +268,7 @@ int dtls1_accept(SSL *s) s->shutdown=0; ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->new_session = 2; if ( s->d1->send_cookie) @@ -280,6 +282,7 @@ int dtls1_accept(SSL *s) case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret = dtls1_send_hello_verify_request(s); if ( ret <= 0) goto end; s->d1->send_cookie = 0; @@ -293,6 +296,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_hello(s); if (ret <= 0) goto end; @@ -308,6 +312,7 @@ int dtls1_accept(SSL *s) /* Check if it is anon DH */ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) { + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_certificate(s); if (ret <= 0) goto end; } @@ -349,6 +354,7 @@ int dtls1_accept(SSL *s) ) ) { + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_key_exchange(s); if (ret <= 0) goto end; } @@ -385,6 +391,7 @@ int dtls1_accept(SSL *s) else { s->s3->tmp.cert_request=1; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_certificate_request(s); if (ret <= 0) goto end; #ifndef NETSCAPE_HANG_BUG @@ -399,6 +406,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_done(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; @@ -426,6 +434,7 @@ int dtls1_accept(SSL *s) ret = ssl3_check_client_hello(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { @@ -433,6 +442,7 @@ int dtls1_accept(SSL *s) * have not asked for it :-) */ ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } @@ -442,6 +452,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_KEY_EXCH_B: ret=ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; @@ -462,6 +473,7 @@ int dtls1_accept(SSL *s) /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->state=SSL3_ST_SR_FINISHED_A; s->init_num=0; @@ -472,6 +484,7 @@ int dtls1_accept(SSL *s) ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); if (s->hit) s->state=SSL_ST_OK; else -- 2.25.1