SSL timer fixes: not DTLS only, start cancelled

286a136e · Manuel Pégourié-Gonnard · d2377e7e · 286a136e
Commit 286a136e authored May 13, 2015 by Manuel Pégourié-Gonnard
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 6 deletions

ssl_tls.c library/ssl_tls.c +18 -6

No files found.
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -76,8 +76,6 @@ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
    return( 0 );
 }
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
 /*
 * Start a timer.
 * Passing millisecs = 0 cancels a running timer.
@@ -100,11 +98,15 @@ static int ssl_check_timer( mbedtls_ssl_context *ssl )
        return( -2 );
    if( ssl->f_get_timer( ssl->p_timer ) == 2 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
        return( -1 );
+    }
    return( 0 );
 }
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
 /*
 * Double the retransmit timeout value, within the allowed range,
 * returning -1 if the maximum value has already been reached.
@@ -2355,7 +2357,11 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
        while( ssl->in_left < nb_want )
        {
            len = nb_want - ssl->in_left;
-            ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr + ssl->in_left, len );
+            if( ssl_check_timer( ssl ) != 0 )
+                ret = MBEDTLS_ERR_SSL_TIMEOUT;
+            else
+                ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr + ssl->in_left, len );
            MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
                           ssl->in_left, nb_want ) );
@@ -4934,6 +4940,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
            ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
        else
            ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+        ssl_set_timer( ssl, 0 );
    }
 #endif
@@ -5050,6 +5058,9 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+    /* Cancel any possibly running timer */
+    ssl_set_timer( ssl, 0 );
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
    ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
    ssl->renego_records_seen = 0;
@@ -5276,6 +5287,9 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
    ssl->p_timer        = p_timer;
    ssl->f_set_timer    = f_set_timer;
    ssl->f_get_timer    = f_get_timer;
+    /* Make sure we start with no timer running */
+    ssl_set_timer( ssl, 0 );
 }
 #if defined(MBEDTLS_SSL_SRV_C)
@@ -6056,11 +6070,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
    if( ssl->in_offt == NULL )
    {
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
        /* Start timer if not already running */
        if( ssl->f_get_timer( ssl->p_timer ) == -1 )
            ssl_set_timer( ssl, ssl->conf->read_timeout );
-#endif
        if( ! record_read )
        {
@@ -6218,12 +6230,12 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
        ssl->in_offt = ssl->in_msg;
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
        /* We're going to return something now, cancel timer,
         * except if handshake (renegotiation) is in progress */
        if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
            ssl_set_timer( ssl, 0 );
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
        /* If we requested renego but received AppData, resend HelloRequest.
         * Do it now, after setting in_offt, to avoid taking this branch
         * again if ssl_write_hello_request() returns WANT_WRITE */