Consolidate dtls1_start_timer calls.

Rather than reset the timer on every message, start it up immediately after
flushing one of our flights.

Change-Id: I97f8b4f572ceff62c546c94933b2700975c50a02
Reviewed-on: https://boringssl-review.googlesource.com/8180
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

ssl/d1_clnt.c

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index b61a139..2732ff1 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -171,7 +171,6 @@
 
       case SSL3_ST_CW_CLNT_HELLO_A:
       case SSL3_ST_CW_CLNT_HELLO_B:
-        dtls1_start_timer(ssl);
         ret = ssl3_send_client_hello(ssl);
         if (ret <= 0) {
           goto end;
@@ -280,7 +279,6 @@
       case SSL3_ST_CW_CERT_B:
       case SSL3_ST_CW_CERT_C:
       case SSL3_ST_CW_CERT_D:
-        dtls1_start_timer(ssl);
         ret = ssl3_send_client_certificate(ssl);
         if (ret <= 0) {
           goto end;
@@ -290,7 +288,6 @@
 
       case SSL3_ST_CW_KEY_EXCH_A:
       case SSL3_ST_CW_KEY_EXCH_B:
-        dtls1_start_timer(ssl);
         ret = ssl3_send_client_key_exchange(ssl);
         if (ret <= 0) {
           goto end;
@@ -307,7 +304,6 @@
       case SSL3_ST_CW_CERT_VRFY_A:
       case SSL3_ST_CW_CERT_VRFY_B:
       case SSL3_ST_CW_CERT_VRFY_C:
-        dtls1_start_timer(ssl);
         ret = ssl3_send_cert_verify(ssl);
         if (ret <= 0) {
           goto end;
@@ -317,9 +313,6 @@
 
       case SSL3_ST_CW_CHANGE_A:
       case SSL3_ST_CW_CHANGE_B:
-        if (!ssl->hit) {
-          dtls1_start_timer(ssl);
-        }
         ret = dtls1_send_change_cipher_spec(ssl, SSL3_ST_CW_CHANGE_A,
                                             SSL3_ST_CW_CHANGE_B);
         if (ret <= 0) {
@@ -336,10 +329,6 @@
 
       case SSL3_ST_CW_FINISHED_A:
       case SSL3_ST_CW_FINISHED_B:
-        if (!ssl->hit) {
-          dtls1_start_timer(ssl);
-        }
-
         ret = ssl3_send_finished(ssl, SSL3_ST_CW_FINISHED_A,
                                  SSL3_ST_CW_FINISHED_B);
         if (ret <= 0) {
@@ -410,6 +399,9 @@
           goto end;
         }
         ssl->state = ssl->s3->tmp.next_state;
+        if (ssl->state != SSL_ST_OK) {
+          dtls1_start_timer(ssl);
+        }
         break;
 
       case SSL_ST_OK:

ssl/d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 372ed56..b9e59be 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -184,7 +184,6 @@
 
       case SSL3_ST_SW_SRVR_HELLO_A:
       case SSL3_ST_SW_SRVR_HELLO_B:
-        dtls1_start_timer(ssl);
         ret = ssl3_send_server_hello(ssl);
         if (ret <= 0) {
           goto end;
@@ -204,7 +203,6 @@
       case SSL3_ST_SW_CERT_A:
       case SSL3_ST_SW_CERT_B:
         if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
-          dtls1_start_timer(ssl);
           ret = ssl3_send_server_certificate(ssl);
           if (ret <= 0) {
             goto end;
@@ -244,7 +242,6 @@
          * in sync. */
         if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher) ||
             ((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) {
-          dtls1_start_timer(ssl);
           ret = ssl3_send_server_key_exchange(ssl);
           if (ret <= 0) {
             goto end;
@@ -259,7 +256,6 @@
       case SSL3_ST_SW_CERT_REQ_A:
       case SSL3_ST_SW_CERT_REQ_B:
         if (ssl->s3->tmp.cert_request) {
-          dtls1_start_timer(ssl);
           ret = ssl3_send_certificate_request(ssl);
           if (ret <= 0) {
             goto end;
@@ -272,7 +268,6 @@
 
       case SSL3_ST_SW_SRVR_DONE_A:
       case SSL3_ST_SW_SRVR_DONE_B:
-        dtls1_start_timer(ssl);
         ret = ssl3_send_server_done(ssl);
         if (ret <= 0) {
           goto end;
@@ -288,6 +283,9 @@
           goto end;
         }
         ssl->state = ssl->s3->tmp.next_state;
+        if (ssl->state != SSL_ST_OK) {
+          dtls1_start_timer(ssl);
+        }
         break;
 
       case SSL3_ST_SR_CERT_A: