Implement ssl_read() timeout (DTLS only for now)
This commit is contained in:
Manuel Pégourié-Gonnard
Paul Bakker
parent
2707430a4d
commit
6b65141718
@ -1930,6 +1930,8 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
uint32_t timeout;
|
||||
|
||||
/*
|
||||
* The point is, we need to always read a full datagram at once, so we
|
||||
* sometimes read more then requested, and handle the additional data.
|
||||
@ -1986,12 +1988,16 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
|
||||
}
|
||||
|
||||
len = SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
|
||||
if( ssl->f_recv_timeout != NULL &&
|
||||
ssl->handshake != NULL ) /* No timeout outside handshake */
|
||||
{
|
||||
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
|
||||
ssl->handshake->retransmit_timeout );
|
||||
}
|
||||
|
||||
if( ssl->state != SSL_HANDSHAKE_OVER )
|
||||
timeout = ssl->handshake->retransmit_timeout;
|
||||
else
|
||||
timeout = ssl->read_timeout;
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
|
||||
|
||||
if( ssl->f_recv_timeout != NULL && timeout != 0 )
|
||||
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, timeout );
|
||||
else
|
||||
ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
|
||||
|
||||
@ -2006,19 +2012,24 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "recv timeout" ) );
|
||||
|
||||
if( ssl_double_retransmit_timeout( ssl ) != 0 )
|
||||
if( ssl->state != SSL_HANDSHAKE_OVER )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
|
||||
return( POLARSSL_ERR_NET_TIMEOUT );
|
||||
if( ssl_double_retransmit_timeout( ssl ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
|
||||
return( POLARSSL_ERR_NET_TIMEOUT );
|
||||
}
|
||||
|
||||
if( ( ret = ssl_resend( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_resend", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( POLARSSL_ERR_NET_WANT_READ );
|
||||
}
|
||||
|
||||
if( ( ret = ssl_resend( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_resend", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( POLARSSL_ERR_NET_WANT_READ );
|
||||
return( POLARSSL_ERR_NET_TIMEOUT );
|
||||
}
|
||||
|
||||
if( ret < 0 )
|
||||
@ -4226,6 +4237,9 @@ void ssl_handshake_wrapup( ssl_context *ssl )
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake->flight != NULL )
|
||||
{
|
||||
/* Cancel handshake timer */
|
||||
ssl_set_timer( ssl, 0 );
|
||||
|
||||
/* Keep last flight around in case we need to resend it:
|
||||
* we need the handshake and transform structures for that */
|
||||
SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
|
||||
@ -5649,6 +5663,10 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
|
||||
if( ssl->in_offt == NULL )
|
||||
{
|
||||
/* Start timer if not already running */
|
||||
if( ssl->time_limit == 0 )
|
||||
ssl_set_timer( ssl, ssl->read_timeout );
|
||||
|
||||
if( ! record_read )
|
||||
{
|
||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||
@ -5799,6 +5817,9 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
}
|
||||
|
||||
ssl->in_offt = ssl->in_msg;
|
||||
|
||||
/* We're going to return something now, cancel timer */
|
||||
ssl_set_timer( ssl, 0 );
|
||||
}
|
||||
|
||||
n = ( len < ssl->in_msglen )
|
||||
|
||||
@ -75,6 +75,7 @@ int main( int argc, char *argv[] )
|
||||
#define DFL_REQUEST_SIZE -1
|
||||
#define DFL_DEBUG_LEVEL 0
|
||||
#define DFL_NBIO 0
|
||||
#define DFL_READ_TIMEOUT 0
|
||||
#define DFL_CA_FILE ""
|
||||
#define DFL_CA_PATH ""
|
||||
#define DFL_CRT_FILE ""
|
||||
@ -112,6 +113,7 @@ struct options
|
||||
int server_port; /* port on which the ssl service runs */
|
||||
int debug_level; /* level of debugging */
|
||||
int nbio; /* should I/O be blocking? */
|
||||
uint32_t read_timeout; /* timeout on ssl_read() in milliseconds */
|
||||
const char *request_page; /* page on server to request */
|
||||
int request_size; /* pad request with header to requested size */
|
||||
const char *ca_file; /* the file with the CA certificate(s) */
|
||||
@ -311,6 +313,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
|
||||
" debug_level=%%d default: 0 (disabled)\n" \
|
||||
" nbio=%%d default: 0 (blocking I/O)\n" \
|
||||
" options: 1 (non-blocking), 2 (added delays)\n" \
|
||||
" read_timeout=%%d default: 0 (no timeout)\n" \
|
||||
"\n" \
|
||||
USAGE_DTLS \
|
||||
"\n" \
|
||||
@ -408,6 +411,7 @@ int main( int argc, char *argv[] )
|
||||
opt.server_port = DFL_SERVER_PORT;
|
||||
opt.debug_level = DFL_DEBUG_LEVEL;
|
||||
opt.nbio = DFL_NBIO;
|
||||
opt.read_timeout = DFL_READ_TIMEOUT;
|
||||
opt.request_page = DFL_REQUEST_PAGE;
|
||||
opt.request_size = DFL_REQUEST_SIZE;
|
||||
opt.ca_file = DFL_CA_FILE;
|
||||
@ -473,6 +477,8 @@ int main( int argc, char *argv[] )
|
||||
if( opt.nbio < 0 || opt.nbio > 2 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "read_timeout" ) == 0 )
|
||||
opt.read_timeout = atoi( q );
|
||||
else if( strcmp( p, "request_page" ) == 0 )
|
||||
opt.request_page = q;
|
||||
else if( strcmp( p, "request_size" ) == 0 )
|
||||
@ -982,7 +988,7 @@ int main( int argc, char *argv[] )
|
||||
#else
|
||||
NULL,
|
||||
#endif
|
||||
0 );
|
||||
opt.read_timeout );
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
|
||||
|
||||
@ -93,6 +93,7 @@ int main( int argc, char *argv[] )
|
||||
#define DFL_SERVER_PORT 4433
|
||||
#define DFL_DEBUG_LEVEL 0
|
||||
#define DFL_NBIO 0
|
||||
#define DFL_READ_TIMEOUT 0
|
||||
#define DFL_CA_FILE ""
|
||||
#define DFL_CA_PATH ""
|
||||
#define DFL_CRT_FILE ""
|
||||
@ -158,6 +159,7 @@ struct options
|
||||
int server_port; /* port on which the ssl service runs */
|
||||
int debug_level; /* level of debugging */
|
||||
int nbio; /* should I/O be blocking? */
|
||||
uint32_t read_timeout; /* timeout on ssl_read() in milliseconds */
|
||||
const char *ca_file; /* the file with the CA certificate(s) */
|
||||
const char *ca_path; /* the path with the CA certificate(s) reside */
|
||||
const char *crt_file; /* the file with the server certificate */
|
||||
@ -345,6 +347,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
|
||||
" debug_level=%%d default: 0 (disabled)\n" \
|
||||
" nbio=%%d default: 0 (blocking I/O)\n" \
|
||||
" options: 1 (non-blocking), 2 (added delays)\n" \
|
||||
" read_timeout=%%d default: 0 (no timeout)\n" \
|
||||
"\n" \
|
||||
USAGE_DTLS \
|
||||
USAGE_COOKIES \
|
||||
@ -736,6 +739,7 @@ int main( int argc, char *argv[] )
|
||||
opt.server_port = DFL_SERVER_PORT;
|
||||
opt.debug_level = DFL_DEBUG_LEVEL;
|
||||
opt.nbio = DFL_NBIO;
|
||||
opt.read_timeout = DFL_READ_TIMEOUT;
|
||||
opt.ca_file = DFL_CA_FILE;
|
||||
opt.ca_path = DFL_CA_PATH;
|
||||
opt.crt_file = DFL_CRT_FILE;
|
||||
@ -806,6 +810,8 @@ int main( int argc, char *argv[] )
|
||||
if( opt.nbio < 0 || opt.nbio > 2 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "read_timeout" ) == 0 )
|
||||
opt.read_timeout = atoi( q );
|
||||
else if( strcmp( p, "ca_file" ) == 0 )
|
||||
opt.ca_file = q;
|
||||
else if( strcmp( p, "ca_path" ) == 0 )
|
||||
@ -1632,7 +1638,7 @@ reset:
|
||||
#else
|
||||
NULL,
|
||||
#endif
|
||||
0 );
|
||||
opt.read_timeout );
|
||||
|
||||
#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
|
||||
if( opt.transport == SSL_TRANSPORT_DATAGRAM )
|
||||
|
||||
Loading…
Reference in New Issue
Block a user