From ea6e386008f5e9c1e651ef1034fc38c60e706dfb Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 9 Mar 2012 15:52:33 +0000
Subject: PR: 2756 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
---
 ssl/d1_lib.c | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

(limited to 'ssl/d1_lib.c')

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index f4bfd29afd..56f62530e5 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -391,6 +391,7 @@ void dtls1_double_timeout(SSL *s)
 void dtls1_stop_timer(SSL *s)
 	{
 	/* Reset everything */
+	memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
 	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
 	s->d1->timeout_duration = 1;
 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
@@ -398,35 +399,43 @@ void dtls1_stop_timer(SSL *s)
 	dtls1_clear_record_buffer(s);
 	}
 
-int dtls1_handle_timeout(SSL *s)
+int dtls1_check_timeout_num(SSL *s)
 	{
-	DTLS1_STATE *state;
+	s->d1->timeout.num_alerts++;
 
-	/* if no timer is expired, don't do anything */
-	if (!dtls1_is_timer_expired(s))
+	/* Reduce MTU after 2 unsuccessful retransmissions */
+	if (s->d1->timeout.num_alerts > 2)
 		{
-		return 0;
+		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
 		}
 
-	dtls1_double_timeout(s);
-	state = s->d1;
-	state->timeout.num_alerts++;
-	if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
 		{
 		/* fail the connection, enough alerts have been sent */
 		SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
 		return -1;
 		}
 
-	state->timeout.read_timeouts++;
-	if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+	return 0;
+	}
+
+int dtls1_handle_timeout(SSL *s)
+	{
+	/* if no timer is expired, don't do anything */
+	if (!dtls1_is_timer_expired(s))
 		{
-		state->timeout.read_timeouts = 1;
+		return 0;
 		}
 
-	if (state->timeout_duration > 2)
+	dtls1_double_timeout(s);
+
+	if (dtls1_check_timeout_num(s) < 0)
+		return -1;
+
+	s->d1->timeout.read_timeouts++;
+	if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
 		{
-		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
+		s->d1->timeout.read_timeouts = 1;
 		}
 
 #ifndef OPENSSL_NO_HEARTBEATS
-- 
cgit v1.2.3