SSL timer fixes: not DTLS only, start cancelled

This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-13 16:22:05 +02:00
parent d2377e7e78
commit 286a136e63

View File

@ -76,8 +76,6 @@ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* /*
* Start a timer. * Start a timer.
* Passing millisecs = 0 cancels a running timer. * Passing millisecs = 0 cancels a running timer.
@ -100,11 +98,15 @@ static int ssl_check_timer( mbedtls_ssl_context *ssl )
return( -2 ); return( -2 );
if( ssl->f_get_timer( ssl->p_timer ) == 2 ) if( ssl->f_get_timer( ssl->p_timer ) == 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
return( -1 ); return( -1 );
}
return( 0 ); return( 0 );
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* /*
* Double the retransmit timeout value, within the allowed range, * Double the retransmit timeout value, within the allowed range,
* returning -1 if the maximum value has already been reached. * returning -1 if the maximum value has already been reached.
@ -2355,7 +2357,11 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
while( ssl->in_left < nb_want ) while( ssl->in_left < nb_want )
{ {
len = nb_want - ssl->in_left; len = nb_want - ssl->in_left;
ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr + ssl->in_left, len );
if( ssl_check_timer( ssl ) != 0 )
ret = MBEDTLS_ERR_SSL_TIMEOUT;
else
ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr + ssl->in_left, len );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
ssl->in_left, nb_want ) ); ssl->in_left, nb_want ) );
@ -4934,6 +4940,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
else else
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
ssl_set_timer( ssl, 0 );
} }
#endif #endif
@ -5050,6 +5058,9 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
ssl->state = MBEDTLS_SSL_HELLO_REQUEST; ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
/* Cancel any possibly running timer */
ssl_set_timer( ssl, 0 );
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
ssl->renego_records_seen = 0; ssl->renego_records_seen = 0;
@ -5276,6 +5287,9 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
ssl->p_timer = p_timer; ssl->p_timer = p_timer;
ssl->f_set_timer = f_set_timer; ssl->f_set_timer = f_set_timer;
ssl->f_get_timer = f_get_timer; ssl->f_get_timer = f_get_timer;
/* Make sure we start with no timer running */
ssl_set_timer( ssl, 0 );
} }
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
@ -6056,11 +6070,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
if( ssl->in_offt == NULL ) if( ssl->in_offt == NULL )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* Start timer if not already running */ /* Start timer if not already running */
if( ssl->f_get_timer( ssl->p_timer ) == -1 ) if( ssl->f_get_timer( ssl->p_timer ) == -1 )
ssl_set_timer( ssl, ssl->conf->read_timeout ); ssl_set_timer( ssl, ssl->conf->read_timeout );
#endif
if( ! record_read ) if( ! record_read )
{ {
@ -6218,12 +6230,12 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
ssl->in_offt = ssl->in_msg; ssl->in_offt = ssl->in_msg;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* We're going to return something now, cancel timer, /* We're going to return something now, cancel timer,
* except if handshake (renegotiation) is in progress */ * except if handshake (renegotiation) is in progress */
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
ssl_set_timer( ssl, 0 ); ssl_set_timer( ssl, 0 );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* If we requested renego but received AppData, resend HelloRequest. /* If we requested renego but received AppData, resend HelloRequest.
* Do it now, after setting in_offt, to avoid taking this branch * Do it now, after setting in_offt, to avoid taking this branch
* again if ssl_write_hello_request() returns WANT_WRITE */ * again if ssl_write_hello_request() returns WANT_WRITE */