summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/d1_lib.c')
-rw-r--r--src/lib/libssl/d1_lib.c364
1 files changed, 180 insertions, 184 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 750f83e04a..3da7c36545 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -70,8 +70,8 @@ static void get_current_time(struct timeval *t);
70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; 70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client); 71int dtls1_listen(SSL *s, struct sockaddr *client);
72 72
73SSL3_ENC_METHOD DTLSv1_enc_data={ 73SSL3_ENC_METHOD DTLSv1_enc_data = {
74 dtls1_enc, 74 dtls1_enc,
75 tls1_mac, 75 tls1_mac,
76 tls1_setup_key_block, 76 tls1_setup_key_block,
77 tls1_generate_master_secret, 77 tls1_generate_master_secret,
@@ -79,137 +79,139 @@ SSL3_ENC_METHOD DTLSv1_enc_data={
79 tls1_final_finish_mac, 79 tls1_final_finish_mac,
80 TLS1_FINISH_MAC_LENGTH, 80 TLS1_FINISH_MAC_LENGTH,
81 tls1_cert_verify_mac, 81 tls1_cert_verify_mac,
82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, 82 TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, 83 TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
84 tls1_alert_code, 84 tls1_alert_code,
85 tls1_export_keying_material, 85 tls1_export_keying_material,
86 }; 86};
87 87
88long dtls1_default_timeout(void) 88long
89 { 89dtls1_default_timeout(void)
90{
90 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec 91 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
91 * is way too long for http, the cache would over fill */ 92 * is way too long for http, the cache would over fill */
92 return(60*60*2); 93 return (60*60*2);
93 } 94}
94 95
95int dtls1_new(SSL *s) 96int
96 { 97dtls1_new(SSL *s)
98{
97 DTLS1_STATE *d1; 99 DTLS1_STATE *d1;
98 100
99 if (!ssl3_new(s)) return(0); 101 if (!ssl3_new(s))
100 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); 102 return (0);
101 memset(d1,0, sizeof *d1); 103 if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
104 memset(d1, 0, sizeof *d1);
102 105
103 /* d1->handshake_epoch=0; */ 106 /* d1->handshake_epoch=0; */
104 107
105 d1->unprocessed_rcds.q=pqueue_new(); 108 d1->unprocessed_rcds.q = pqueue_new();
106 d1->processed_rcds.q=pqueue_new(); 109 d1->processed_rcds.q = pqueue_new();
107 d1->buffered_messages = pqueue_new(); 110 d1->buffered_messages = pqueue_new();
108 d1->sent_messages=pqueue_new(); 111 d1->sent_messages = pqueue_new();
109 d1->buffered_app_data.q=pqueue_new(); 112 d1->buffered_app_data.q = pqueue_new();
110 113
111 if ( s->server) 114 if (s->server) {
112 {
113 d1->cookie_len = sizeof(s->d1->cookie); 115 d1->cookie_len = sizeof(s->d1->cookie);
114 } 116 }
115 117
116 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 118 if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||
117 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) 119 !d1->buffered_messages || !d1->sent_messages ||
118 { 120 !d1->buffered_app_data.q) {
119 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); 121 if (d1->unprocessed_rcds.q)
120 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); 122 pqueue_free(d1->unprocessed_rcds.q);
121 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); 123 if (d1->processed_rcds.q)
122 if ( d1->sent_messages) pqueue_free(d1->sent_messages); 124 pqueue_free(d1->processed_rcds.q);
123 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); 125 if (d1->buffered_messages)
126 pqueue_free(d1->buffered_messages);
127 if (d1->sent_messages)
128 pqueue_free(d1->sent_messages);
129 if (d1->buffered_app_data.q)
130 pqueue_free(d1->buffered_app_data.q);
124 OPENSSL_free(d1); 131 OPENSSL_free(d1);
125 return (0); 132 return (0);
126 } 133 }
127 134
128 s->d1=d1; 135 s->d1 = d1;
129 s->method->ssl_clear(s); 136 s->method->ssl_clear(s);
130 return(1); 137 return (1);
131 } 138}
132 139
133static void dtls1_clear_queues(SSL *s) 140static void
134 { 141dtls1_clear_queues(SSL *s)
135 pitem *item = NULL; 142{
136 hm_fragment *frag = NULL; 143 pitem *item = NULL;
144 hm_fragment *frag = NULL;
137 DTLS1_RECORD_DATA *rdata; 145 DTLS1_RECORD_DATA *rdata;
138 146
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) 147 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
140 {
141 rdata = (DTLS1_RECORD_DATA *) item->data; 148 rdata = (DTLS1_RECORD_DATA *) item->data;
142 if (rdata->rbuf.buf) 149 if (rdata->rbuf.buf) {
143 {
144 OPENSSL_free(rdata->rbuf.buf); 150 OPENSSL_free(rdata->rbuf.buf);
145 } 151 }
146 OPENSSL_free(item->data); 152 OPENSSL_free(item->data);
147 pitem_free(item); 153 pitem_free(item);
148 } 154 }
149 155
150 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) 156 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
151 {
152 rdata = (DTLS1_RECORD_DATA *) item->data; 157 rdata = (DTLS1_RECORD_DATA *) item->data;
153 if (rdata->rbuf.buf) 158 if (rdata->rbuf.buf) {
154 {
155 OPENSSL_free(rdata->rbuf.buf); 159 OPENSSL_free(rdata->rbuf.buf);
156 } 160 }
157 OPENSSL_free(item->data); 161 OPENSSL_free(item->data);
158 pitem_free(item); 162 pitem_free(item);
159 } 163 }
160 164
161 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) 165 while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
162 {
163 frag = (hm_fragment *)item->data;
164 OPENSSL_free(frag->fragment);
165 OPENSSL_free(frag);
166 pitem_free(item);
167 }
168
169 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
170 {
171 frag = (hm_fragment *)item->data;
172 OPENSSL_free(frag->fragment);
173 OPENSSL_free(frag);
174 pitem_free(item);
175 }
176
177 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
178 {
179 frag = (hm_fragment *)item->data; 166 frag = (hm_fragment *)item->data;
180 OPENSSL_free(frag->fragment); 167 OPENSSL_free(frag->fragment);
181 OPENSSL_free(frag); 168 OPENSSL_free(frag);
182 pitem_free(item); 169 pitem_free(item);
183 }
184 } 170 }
185 171
186void dtls1_free(SSL *s) 172 while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
187 { 173 frag = (hm_fragment *)item->data;
174 OPENSSL_free(frag->fragment);
175 OPENSSL_free(frag);
176 pitem_free(item);
177 }
178
179 while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
180 frag = (hm_fragment *)item->data;
181 OPENSSL_free(frag->fragment);
182 OPENSSL_free(frag);
183 pitem_free(item);
184 }
185}
186
187void
188dtls1_free(SSL *s)
189{
188 ssl3_free(s); 190 ssl3_free(s);
189 191
190 dtls1_clear_queues(s); 192 dtls1_clear_queues(s);
191 193
192 pqueue_free(s->d1->unprocessed_rcds.q); 194 pqueue_free(s->d1->unprocessed_rcds.q);
193 pqueue_free(s->d1->processed_rcds.q); 195 pqueue_free(s->d1->processed_rcds.q);
194 pqueue_free(s->d1->buffered_messages); 196 pqueue_free(s->d1->buffered_messages);
195 pqueue_free(s->d1->sent_messages); 197 pqueue_free(s->d1->sent_messages);
196 pqueue_free(s->d1->buffered_app_data.q); 198 pqueue_free(s->d1->buffered_app_data.q);
197 199
198 OPENSSL_free(s->d1); 200 OPENSSL_free(s->d1);
199 s->d1 = NULL; 201 s->d1 = NULL;
200 } 202}
201 203
202void dtls1_clear(SSL *s) 204void
203 { 205dtls1_clear(SSL *s)
204 pqueue unprocessed_rcds; 206{
205 pqueue processed_rcds; 207 pqueue unprocessed_rcds;
206 pqueue buffered_messages; 208 pqueue processed_rcds;
209 pqueue buffered_messages;
207 pqueue sent_messages; 210 pqueue sent_messages;
208 pqueue buffered_app_data; 211 pqueue buffered_app_data;
209 unsigned int mtu; 212 unsigned int mtu;
210 213
211 if (s->d1) 214 if (s->d1) {
212 {
213 unprocessed_rcds = s->d1->unprocessed_rcds.q; 215 unprocessed_rcds = s->d1->unprocessed_rcds.q;
214 processed_rcds = s->d1->processed_rcds.q; 216 processed_rcds = s->d1->processed_rcds.q;
215 buffered_messages = s->d1->buffered_messages; 217 buffered_messages = s->d1->buffered_messages;
@@ -221,41 +223,38 @@ void dtls1_clear(SSL *s)
221 223
222 memset(s->d1, 0, sizeof(*(s->d1))); 224 memset(s->d1, 0, sizeof(*(s->d1)));
223 225
224 if (s->server) 226 if (s->server) {
225 {
226 s->d1->cookie_len = sizeof(s->d1->cookie); 227 s->d1->cookie_len = sizeof(s->d1->cookie);
227 } 228 }
228 229
229 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) 230 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
230 {
231 s->d1->mtu = mtu; 231 s->d1->mtu = mtu;
232 } 232 }
233 233
234 s->d1->unprocessed_rcds.q = unprocessed_rcds; 234 s->d1->unprocessed_rcds.q = unprocessed_rcds;
235 s->d1->processed_rcds.q = processed_rcds; 235 s->d1->processed_rcds.q = processed_rcds;
236 s->d1->buffered_messages = buffered_messages; 236 s->d1->buffered_messages = buffered_messages;
237 s->d1->sent_messages = sent_messages; 237 s->d1->sent_messages = sent_messages;
238 s->d1->buffered_app_data.q = buffered_app_data; 238 s->d1->buffered_app_data.q = buffered_app_data;
239 } 239 }
240 240
241 ssl3_clear(s); 241 ssl3_clear(s);
242 if (s->options & SSL_OP_CISCO_ANYCONNECT) 242 if (s->options & SSL_OP_CISCO_ANYCONNECT)
243 s->version=DTLS1_BAD_VER; 243 s->version = DTLS1_BAD_VER;
244 else 244 else
245 s->version=DTLS1_VERSION; 245 s->version = DTLS1_VERSION;
246 } 246}
247 247
248long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) 248long
249 { 249dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
250 int ret=0; 250{
251 int ret = 0;
251 252
252 switch (cmd) 253 switch (cmd) {
253 {
254 case DTLS_CTRL_GET_TIMEOUT: 254 case DTLS_CTRL_GET_TIMEOUT:
255 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) 255 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) {
256 {
257 ret = 1; 256 ret = 1;
258 } 257 }
259 break; 258 break;
260 case DTLS_CTRL_HANDLE_TIMEOUT: 259 case DTLS_CTRL_HANDLE_TIMEOUT:
261 ret = dtls1_handle_timeout(s); 260 ret = dtls1_handle_timeout(s);
@@ -267,9 +266,9 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
267 default: 266 default:
268 ret = ssl3_ctrl(s, cmd, larg, parg); 267 ret = ssl3_ctrl(s, cmd, larg, parg);
269 break; 268 break;
270 }
271 return(ret);
272 } 269 }
270 return (ret);
271}
273 272
274/* 273/*
275 * As it's impossible to use stream ciphers in "datagram" mode, this 274 * As it's impossible to use stream ciphers in "datagram" mode, this
@@ -278,53 +277,51 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
278 * to explicitly list their SSL_* codes. Currently RC4 is the only one 277 * to explicitly list their SSL_* codes. Currently RC4 is the only one
279 * available, but if new ones emerge, they will have to be added... 278 * available, but if new ones emerge, they will have to be added...
280 */ 279 */
281const SSL_CIPHER *dtls1_get_cipher(unsigned int u) 280const SSL_CIPHER
282 { 281*dtls1_get_cipher(unsigned int u)
282{
283 const SSL_CIPHER *ciph = ssl3_get_cipher(u); 283 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
284 284
285 if (ciph != NULL) 285 if (ciph != NULL) {
286 {
287 if (ciph->algorithm_enc == SSL_RC4) 286 if (ciph->algorithm_enc == SSL_RC4)
288 return NULL; 287 return NULL;
289 } 288 }
290 289
291 return ciph; 290 return ciph;
292 } 291}
293 292
294void dtls1_start_timer(SSL *s) 293void
295 { 294dtls1_start_timer(SSL *s)
295{
296#ifndef OPENSSL_NO_SCTP 296#ifndef OPENSSL_NO_SCTP
297 /* Disable timer for SCTP */ 297 /* Disable timer for SCTP */
298 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 298 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
299 {
300 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 299 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
301 return; 300 return;
302 } 301 }
303#endif 302#endif
304 303
305 /* If timer is not set, initialize duration with 1 second */ 304 /* If timer is not set, initialize duration with 1 second */
306 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) 305 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
307 {
308 s->d1->timeout_duration = 1; 306 s->d1->timeout_duration = 1;
309 } 307 }
310 308
311 /* Set timeout to current time */ 309 /* Set timeout to current time */
312 get_current_time(&(s->d1->next_timeout)); 310 get_current_time(&(s->d1->next_timeout));
313 311
314 /* Add duration to current time */ 312 /* Add duration to current time */
315 s->d1->next_timeout.tv_sec += s->d1->timeout_duration; 313 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
316 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 314 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
317 } 315}
318 316
319struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) 317struct timeval*
320 { 318dtls1_get_timeout(SSL *s, struct timeval* timeleft) {
321 struct timeval timenow; 319 struct timeval timenow;
322 320
323 /* If no timeout is set, just return NULL */ 321 /* If no timeout is set, just return NULL */
324 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) 322 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
325 {
326 return NULL; 323 return NULL;
327 } 324 }
328 325
329 /* Get current time */ 326 /* Get current time */
330 get_current_time(&timenow); 327 get_current_time(&timenow);
@@ -332,65 +329,63 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
332 /* If timer already expired, set remaining time to 0 */ 329 /* If timer already expired, set remaining time to 0 */
333 if (s->d1->next_timeout.tv_sec < timenow.tv_sec || 330 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
334 (s->d1->next_timeout.tv_sec == timenow.tv_sec && 331 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
335 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) 332 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
336 {
337 memset(timeleft, 0, sizeof(struct timeval)); 333 memset(timeleft, 0, sizeof(struct timeval));
338 return timeleft; 334 return timeleft;
339 } 335 }
340 336
341 /* Calculate time left until timer expires */ 337 /* Calculate time left until timer expires */
342 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); 338 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
343 timeleft->tv_sec -= timenow.tv_sec; 339 timeleft->tv_sec -= timenow.tv_sec;
344 timeleft->tv_usec -= timenow.tv_usec; 340 timeleft->tv_usec -= timenow.tv_usec;
345 if (timeleft->tv_usec < 0) 341 if (timeleft->tv_usec < 0) {
346 {
347 timeleft->tv_sec--; 342 timeleft->tv_sec--;
348 timeleft->tv_usec += 1000000; 343 timeleft->tv_usec += 1000000;
349 } 344 }
350 345
351 /* If remaining time is less than 15 ms, set it to 0 346 /* If remaining time is less than 15 ms, set it to 0
352 * to prevent issues because of small devergences with 347 * to prevent issues because of small devergences with
353 * socket timeouts. 348 * socket timeouts.
354 */ 349 */
355 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) 350 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
356 {
357 memset(timeleft, 0, sizeof(struct timeval)); 351 memset(timeleft, 0, sizeof(struct timeval));
358 } 352 }
359 353
360 354
361 return timeleft; 355 return timeleft;
362 } 356}
363 357
364int dtls1_is_timer_expired(SSL *s) 358int
365 { 359dtls1_is_timer_expired(SSL *s)
360{
366 struct timeval timeleft; 361 struct timeval timeleft;
367 362
368 /* Get time left until timeout, return false if no timer running */ 363 /* Get time left until timeout, return false if no timer running */
369 if (dtls1_get_timeout(s, &timeleft) == NULL) 364 if (dtls1_get_timeout(s, &timeleft) == NULL) {
370 {
371 return 0; 365 return 0;
372 } 366 }
373 367
374 /* Return false if timer is not expired yet */ 368 /* Return false if timer is not expired yet */
375 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) 369 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
376 {
377 return 0; 370 return 0;
378 } 371 }
379 372
380 /* Timer expired, so return true */ 373 /* Timer expired, so return true */
381 return 1; 374 return 1;
382 } 375}
383 376
384void dtls1_double_timeout(SSL *s) 377void
385 { 378dtls1_double_timeout(SSL *s)
379{
386 s->d1->timeout_duration *= 2; 380 s->d1->timeout_duration *= 2;
387 if (s->d1->timeout_duration > 60) 381 if (s->d1->timeout_duration > 60)
388 s->d1->timeout_duration = 60; 382 s->d1->timeout_duration = 60;
389 dtls1_start_timer(s); 383 dtls1_start_timer(s);
390 } 384}
391 385
392void dtls1_stop_timer(SSL *s) 386void
393 { 387dtls1_stop_timer(SSL *s)
388{
394 /* Reset everything */ 389 /* Reset everything */
395 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); 390 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
396 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 391 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
@@ -398,35 +393,35 @@ void dtls1_stop_timer(SSL *s)
398 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 393 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
399 /* Clear retransmission buffer */ 394 /* Clear retransmission buffer */
400 dtls1_clear_record_buffer(s); 395 dtls1_clear_record_buffer(s);
401 } 396}
402 397
403int dtls1_check_timeout_num(SSL *s) 398int
404 { 399dtls1_check_timeout_num(SSL *s)
400{
405 s->d1->timeout.num_alerts++; 401 s->d1->timeout.num_alerts++;
406 402
407 /* Reduce MTU after 2 unsuccessful retransmissions */ 403 /* Reduce MTU after 2 unsuccessful retransmissions */
408 if (s->d1->timeout.num_alerts > 2) 404 if (s->d1->timeout.num_alerts > 2) {
409 { 405 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
410 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
411 }
412 406
413 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) 407 }
414 { 408
409 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
415 /* fail the connection, enough alerts have been sent */ 410 /* fail the connection, enough alerts have been sent */
416 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); 411 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
417 return -1; 412 return -1;
418 } 413 }
419 414
420 return 0; 415 return 0;
421 } 416}
422 417
423int dtls1_handle_timeout(SSL *s) 418int
424 { 419dtls1_handle_timeout(SSL *s)
420{
425 /* if no timer is expired, don't do anything */ 421 /* if no timer is expired, don't do anything */
426 if (!dtls1_is_timer_expired(s)) 422 if (!dtls1_is_timer_expired(s)) {
427 {
428 return 0; 423 return 0;
429 } 424 }
430 425
431 dtls1_double_timeout(s); 426 dtls1_double_timeout(s);
432 427
@@ -434,38 +429,39 @@ int dtls1_handle_timeout(SSL *s)
434 return -1; 429 return -1;
435 430
436 s->d1->timeout.read_timeouts++; 431 s->d1->timeout.read_timeouts++;
437 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) 432 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
438 {
439 s->d1->timeout.read_timeouts = 1; 433 s->d1->timeout.read_timeouts = 1;
440 } 434 }
441 435
442#ifndef OPENSSL_NO_HEARTBEATS 436#ifndef OPENSSL_NO_HEARTBEATS
443 if (s->tlsext_hb_pending) 437 if (s->tlsext_hb_pending) {
444 {
445 s->tlsext_hb_pending = 0; 438 s->tlsext_hb_pending = 0;
446 return dtls1_heartbeat(s); 439 return dtls1_heartbeat(s);
447 } 440 }
448#endif 441#endif
449 442
450 dtls1_start_timer(s); 443 dtls1_start_timer(s);
451 return dtls1_retransmit_buffered_messages(s); 444 return dtls1_retransmit_buffered_messages(s);
452 } 445}
453 446
454static void get_current_time(struct timeval *t) 447static void
448get_current_time(struct timeval *t)
455{ 449{
456 gettimeofday(t, NULL); 450 gettimeofday(t, NULL);
457} 451}
458 452
459int dtls1_listen(SSL *s, struct sockaddr *client) 453int
460 { 454dtls1_listen(SSL *s, struct sockaddr *client)
455{
461 int ret; 456 int ret;
462 457
463 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); 458 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
464 s->d1->listen = 1; 459 s->d1->listen = 1;
465 460
466 ret = SSL_accept(s); 461 ret = SSL_accept(s);
467 if (ret <= 0) return ret; 462 if (ret <= 0)
468 463 return ret;
469 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); 464
465 (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
470 return 1; 466 return 1;
471 } 467}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:21:44 +0000