Remove DTLS processed_rcds queue.

When DTLS handshake records are received from the next epoch, we will
potentially queue them on the unprocessed_rcds queue - this is usually
a Finished message that has been received without the ChangeCipherSuite
(CCS) message (which may have been dropped or reordered).

After the epoch increments (due to the CCS being received), the current
code processes all records on the unprocessed queue and immediate queues
them on the processed queue, which dtls1_get_record() then pulls from.
This form of processing only adds more complexity and another queue.

Instead, once the epoch increments, pull a single record from the
unprocessed queue and process it, allowing the contents to be consumed
by the caller. We repeat this process until the unprocessed queue is
empty, at which point we go back to consuming messages from the wire.

ok inoguchi@ tb@

1 files changed, 1 insertions, 9 deletions

diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 6d9959ff43..3db5629e23 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.57 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.58 2021/07/21 08:42:14 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -88,8 +88,6 @@ dtls1_new(SSL *s)
 
         if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL)
                 goto err;
-        if ((s->d1->internal->processed_rcds.q = pqueue_new()) == NULL)
-                goto err;
         if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL)
                 goto err;
         if ((s->d1->sent_messages = pqueue_new()) == NULL)
@@ -143,7 +141,6 @@ static void
 dtls1_clear_queues(SSL *s)
 {
         dtls1_drain_records(D1I(s)->unprocessed_rcds.q);
-        dtls1_drain_records(D1I(s)->processed_rcds.q);
         dtls1_drain_fragments(D1I(s)->buffered_messages);
         dtls1_drain_fragments(s->d1->sent_messages);
         dtls1_drain_records(D1I(s)->buffered_app_data.q);
@@ -160,7 +157,6 @@ dtls1_free(SSL *s)
         dtls1_clear_queues(s);
 
         pqueue_free(D1I(s)->unprocessed_rcds.q);
-        pqueue_free(D1I(s)->processed_rcds.q);
         pqueue_free(D1I(s)->buffered_messages);
         pqueue_free(s->d1->sent_messages);
         pqueue_free(D1I(s)->buffered_app_data.q);
@@ -176,7 +172,6 @@ dtls1_clear(SSL *s)
 {
         struct dtls1_state_internal_st *internal;
         pqueue unprocessed_rcds;
-        pqueue processed_rcds;
         pqueue buffered_messages;
         pqueue sent_messages;
         pqueue buffered_app_data;
@@ -184,7 +179,6 @@ dtls1_clear(SSL *s)
 
         if (s->d1) {
                 unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
-                processed_rcds = D1I(s)->processed_rcds.q;
                 buffered_messages = D1I(s)->buffered_messages;
                 sent_messages = s->d1->sent_messages;
                 buffered_app_data = D1I(s)->buffered_app_data.q;
@@ -200,7 +194,6 @@ dtls1_clear(SSL *s)
                 D1I(s)->r_epoch =
                     tls12_record_layer_initial_epoch(s->internal->rl);
 
-                D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
                 D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
 
                 if (s->server) {
@@ -212,7 +205,6 @@ dtls1_clear(SSL *s)
                 }
 
                 D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
-                D1I(s)->processed_rcds.q = processed_rcds;
                 D1I(s)->buffered_messages = buffered_messages;
                 s->d1->sent_messages = sent_messages;
                 D1I(s)->buffered_app_data.q = buffered_app_data;