From 9c284f96517d6f9956bf4d7f73971e7a5d410263 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 6 Mar 2012 13:24:16 +0000 Subject: [PATCH] PR: 2748 Submitted by: Robin Seggelmann Fix possible DTLS timer deadlock. --- ssl/d1_clnt.c | 2 +- ssl/d1_srvr.c | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 1b518d981e..a6ed09c51d 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -329,7 +329,6 @@ int dtls1_connect(SSL *s) if (ret <= 0) goto end; else { - dtls1_stop_timer(s); if (s->hit) { #ifndef OPENSSL_NO_SCTP @@ -440,6 +439,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CR_SRVR_DONE_B: ret=ssl3_get_server_done(s); if (ret <= 0) goto end; + dtls1_stop_timer(s); if (s->s3->tmp.cert_req) s->s3->tmp.next_state=SSL3_ST_CW_CERT_A; else diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 6af53b2ff4..5822379d10 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -591,15 +591,16 @@ int dtls1_accept(SSL *s) ret = ssl3_check_client_hello(s); if (ret <= 0) goto end; - dtls1_stop_timer(s); if (ret == 2) + { + dtls1_stop_timer(s); s->state = SSL3_ST_SR_CLNT_HELLO_C; + } else { /* could be sent for a DH cert, even if we * have not asked for it :-) */ ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; - dtls1_stop_timer(s); s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } @@ -609,7 +610,6 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_KEY_EXCH_B: ret=ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; - dtls1_stop_timer(s); #ifndef OPENSSL_NO_SCTP /* Add new shared key for SCTP-Auth, * will be ignored if no SCTP used. @@ -661,7 +661,6 @@ int dtls1_accept(SSL *s) /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; - dtls1_stop_timer(s); #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && state == SSL_ST_RENEGOTIATE) -- 2.40.0