From: Hugo Landau Date: Wed, 30 Nov 2022 07:55:48 +0000 (+0000) Subject: QUIC Front End I/O API: Correct implementation of SSL_tick, SSL_get_tick_timeout X-Git-Tag: openssl-3.2.0-alpha1~1484 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbe2573d3b54dcaab1eab3401f2948a0f01ee49a;p=thirdparty%2Fopenssl.git QUIC Front End I/O API: Correct implementation of SSL_tick, SSL_get_tick_timeout Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19703) --- diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cbfac68db07..6cff4134f1d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -7049,9 +7049,17 @@ int SSL_tick(SSL *s) sc = SSL_CONNECTION_FROM_SSL_ONLY(s); if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc)) - return DTLSv1_handle_timeout(s); + /* + * DTLSv1_handle_timeout returns 0 if the timer wasn't expired yet, + * which we consider a success case. Theoretically DTLSv1_handle_timeout + * can also return 0 if s is NULL or not a DTLS object, but we've + * already ruled out those possibilities above, so this is not possible + * here. Thus the only failure cases are where DTLSv1_handle_timeout + * returns -1. + */ + return DTLSv1_handle_timeout(s) >= 0; - return 0; + return 1; } int SSL_get_tick_timeout(SSL *s, struct timeval *tv) @@ -7066,15 +7074,13 @@ int SSL_get_tick_timeout(SSL *s, struct timeval *tv) #endif sc = SSL_CONNECTION_FROM_SSL_ONLY(s); - if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc)) { - if (!DTLSv1_get_timeout(s, tv)) { - tv->tv_sec = -1; - tv->tv_usec = 0; - } + if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc) + && DTLSv1_get_timeout(s, tv)) return 1; - } - return 0; + tv->tv_sec = -1; + tv->tv_usec = 0; + return 1; } int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)