1 files changed, 19 insertions, 38 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 4e773a42bb..0416ee9c59 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.102 2021/07/21 07:51:12 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.103 2021/07/21 08:42:14 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -274,34 +274,23 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
 }
 static int
-dtls1_process_buffered_records(SSL *s)
+dtls1_process_buffered_record(SSL *s)
 {
-        pitem *item;
+        /* Check if epoch is current. */
+        if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
+                return (0);
-        item = pqueue_peek(D1I(s)->unprocessed_rcds.q);
+        /* Update epoch once all unprocessed records have been processed. */
-        if (item) {
+        if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {
-                /* Check if epoch is current. */
+                D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
-                if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
+                return (0);
-                        return (1);
-                /* Nothing to do. */
-                /* Process all the records. */
-                while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
-                        if (!dtls1_retrieve_buffered_record((s),
-                            &((D1I(s))->unprocessed_rcds)))
-                                return (0);
-                        if (!dtls1_process_record(s))
-                                return (0);
-                        if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
-                            S3I(s)->rrec.seq_num) < 0)
-                                return (-1);
-                }
        }
-    /* sync epoch numbers once all the unprocessed records
+        /* Process one of the records. */
-     * have been processed */
+        if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))
-        D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
+                return (-1);
-        D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
+        if (!dtls1_process_record(s))
+                return (-1);
        return (1);
 }
@@ -365,22 +354,15 @@ dtls1_process_record(SSL *s)
 int
 dtls1_get_record(SSL *s)
 {
-        SSL3_RECORD_INTERNAL *rr;
+        SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
        unsigned char *p = NULL;
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
-        int n;
+        int ret, n;
-        rr = &(S3I(s)->rrec);
+        /* See if there are pending records that can now be processed. */
+        if ((ret = dtls1_process_buffered_record(s)) != 0)
-        /* The epoch may have changed.  If so, process all the
+                return (ret);
-         * pending records.  This is a non-blocking operation. */
-        if (dtls1_process_buffered_records(s) < 0)
-                return (-1);
-        /* if we're renegotiating, then there may be buffered records */
-        if (dtls1_retrieve_buffered_record((s), &((D1I(s))->processed_rcds)))
-                return 1;
        /* get something from the wire */
        if (0) {
@@ -1189,7 +1171,6 @@ dtls1_dispatch_alert(SSL *s)
        return (i);
 }
 static DTLS1_BITMAP *
 dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
 {

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 4e773a42bb..0416ee9c59 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.102 2021/07/21 07:51:12 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.103 2021/07/21 08:42:14 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -274,34 +274,23 @@ dtls1_retrieve_buffered_record(SSL s, record_pqueue queue)
274	}	274	}
275		275
276	static int	276	static int
277	dtls1_process_buffered_records(SSL *s)	277	dtls1_process_buffered_record(SSL *s)
278	{	278	{
279	pitem *item;	279	/* Check if epoch is current. */
		280	if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
		281	return (0);
280		282
281	item = pqueue_peek(D1I(s)->unprocessed_rcds.q);	283	/* Update epoch once all unprocessed records have been processed. */
282	if (item) {	284	if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {
283	/* Check if epoch is current. */	285	D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
284	if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)	286	return (0);
285	return (1);
286	/* Nothing to do. */
287
288	/* Process all the records. */
289	while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
290	if (!dtls1_retrieve_buffered_record((s),
291	&((D1I(s))->unprocessed_rcds)))
292	return (0);
293	if (!dtls1_process_record(s))
294	return (0);
295	if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
296	S3I(s)->rrec.seq_num) < 0)
297	return (-1);
298	}
299	}	287	}
300		288
301	/* sync epoch numbers once all the unprocessed records	289	/* Process one of the records. */
302	* have been processed */	290	if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))
303	D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;	291	return (-1);
304	D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;	292	if (!dtls1_process_record(s))
		293	return (-1);
305		294
306	return (1);	295	return (1);
307	}	296	}
@@ -365,22 +354,15 @@ dtls1_process_record(SSL *s)
365	int	354	int
366	dtls1_get_record(SSL *s)	355	dtls1_get_record(SSL *s)
367	{	356	{
368	SSL3_RECORD_INTERNAL *rr;	357	SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
369	unsigned char *p = NULL;	358	unsigned char *p = NULL;
370	DTLS1_BITMAP *bitmap;	359	DTLS1_BITMAP *bitmap;
371	unsigned int is_next_epoch;	360	unsigned int is_next_epoch;
372	int n;	361	int ret, n;
373		362
374	rr = &(S3I(s)->rrec);	363	/* See if there are pending records that can now be processed. */
375		364	if ((ret = dtls1_process_buffered_record(s)) != 0)
376	/* The epoch may have changed. If so, process all the	365	return (ret);
377	* pending records. This is a non-blocking operation. */
378	if (dtls1_process_buffered_records(s) < 0)
379	return (-1);
380
381	/* if we're renegotiating, then there may be buffered records */
382	if (dtls1_retrieve_buffered_record((s), &((D1I(s))->processed_rcds)))
383	return 1;
384		366
385	/* get something from the wire */	367	/* get something from the wire */
386	if (0) {	368	if (0) {
@@ -1189,7 +1171,6 @@ dtls1_dispatch_alert(SSL *s)
1189	return (i);	1171	return (i);
1190	}	1172	}
1191		1173
1192
1193	static DTLS1_BITMAP *	1174	static DTLS1_BITMAP *
1194	dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)	1175	dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)
1195	{	1176	{