SSL timer fixes: not DTLS only, start cancelled
This commit is contained in:
parent
d2377e7e78
commit
286a136e63
@ -76,8 +76,6 @@ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
/*
|
/*
|
||||||
* Start a timer.
|
* Start a timer.
|
||||||
* Passing millisecs = 0 cancels a running timer.
|
* Passing millisecs = 0 cancels a running timer.
|
||||||
@ -100,11 +98,15 @@ static int ssl_check_timer( mbedtls_ssl_context *ssl )
|
|||||||
return( -2 );
|
return( -2 );
|
||||||
|
|
||||||
if( ssl->f_get_timer( ssl->p_timer ) == 2 )
|
if( ssl->f_get_timer( ssl->p_timer ) == 2 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
|
||||||
return( -1 );
|
return( -1 );
|
||||||
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
/*
|
/*
|
||||||
* Double the retransmit timeout value, within the allowed range,
|
* Double the retransmit timeout value, within the allowed range,
|
||||||
* returning -1 if the maximum value has already been reached.
|
* returning -1 if the maximum value has already been reached.
|
||||||
@ -2355,7 +2357,11 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
while( ssl->in_left < nb_want )
|
while( ssl->in_left < nb_want )
|
||||||
{
|
{
|
||||||
len = nb_want - ssl->in_left;
|
len = nb_want - ssl->in_left;
|
||||||
ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr + ssl->in_left, len );
|
|
||||||
|
if( ssl_check_timer( ssl ) != 0 )
|
||||||
|
ret = MBEDTLS_ERR_SSL_TIMEOUT;
|
||||||
|
else
|
||||||
|
ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr + ssl->in_left, len );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
@ -4934,6 +4940,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
|
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
|
||||||
else
|
else
|
||||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
|
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
|
||||||
|
|
||||||
|
ssl_set_timer( ssl, 0 );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -5050,6 +5058,9 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
|
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
|
||||||
|
|
||||||
|
/* Cancel any possibly running timer */
|
||||||
|
ssl_set_timer( ssl, 0 );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
|
ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
|
||||||
ssl->renego_records_seen = 0;
|
ssl->renego_records_seen = 0;
|
||||||
@ -5276,6 +5287,9 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
|
|||||||
ssl->p_timer = p_timer;
|
ssl->p_timer = p_timer;
|
||||||
ssl->f_set_timer = f_set_timer;
|
ssl->f_set_timer = f_set_timer;
|
||||||
ssl->f_get_timer = f_get_timer;
|
ssl->f_get_timer = f_get_timer;
|
||||||
|
|
||||||
|
/* Make sure we start with no timer running */
|
||||||
|
ssl_set_timer( ssl, 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
@ -6056,11 +6070,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
|
|
||||||
if( ssl->in_offt == NULL )
|
if( ssl->in_offt == NULL )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
/* Start timer if not already running */
|
/* Start timer if not already running */
|
||||||
if( ssl->f_get_timer( ssl->p_timer ) == -1 )
|
if( ssl->f_get_timer( ssl->p_timer ) == -1 )
|
||||||
ssl_set_timer( ssl, ssl->conf->read_timeout );
|
ssl_set_timer( ssl, ssl->conf->read_timeout );
|
||||||
#endif
|
|
||||||
|
|
||||||
if( ! record_read )
|
if( ! record_read )
|
||||||
{
|
{
|
||||||
@ -6218,12 +6230,12 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
|
|
||||||
ssl->in_offt = ssl->in_msg;
|
ssl->in_offt = ssl->in_msg;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
/* We're going to return something now, cancel timer,
|
/* We're going to return something now, cancel timer,
|
||||||
* except if handshake (renegotiation) is in progress */
|
* except if handshake (renegotiation) is in progress */
|
||||||
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||||
ssl_set_timer( ssl, 0 );
|
ssl_set_timer( ssl, 0 );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
/* If we requested renego but received AppData, resend HelloRequest.
|
/* If we requested renego but received AppData, resend HelloRequest.
|
||||||
* Do it now, after setting in_offt, to avoid taking this branch
|
* Do it now, after setting in_offt, to avoid taking this branch
|
||||||
* again if ssl_write_hello_request() returns WANT_WRITE */
|
* again if ssl_write_hello_request() returns WANT_WRITE */
|
||||||
|
Loading…
Reference in New Issue
Block a user