3 files changed, 22 insertions, 50 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 6d9959ff43..3db5629e23 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.57 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.58 2021/07/21 08:42:14 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -88,8 +88,6 @@ dtls1_new(SSL *s)
        if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL)
                goto err;
-        if ((s->d1->internal->processed_rcds.q = pqueue_new()) == NULL)
-                goto err;
        if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL)
                goto err;
        if ((s->d1->sent_messages = pqueue_new()) == NULL)
@@ -143,7 +141,6 @@ static void
 dtls1_clear_queues(SSL *s)
 {
        dtls1_drain_records(D1I(s)->unprocessed_rcds.q);
-        dtls1_drain_records(D1I(s)->processed_rcds.q);
        dtls1_drain_fragments(D1I(s)->buffered_messages);
        dtls1_drain_fragments(s->d1->sent_messages);
        dtls1_drain_records(D1I(s)->buffered_app_data.q);
@@ -160,7 +157,6 @@ dtls1_free(SSL *s)
        dtls1_clear_queues(s);
        pqueue_free(D1I(s)->unprocessed_rcds.q);
-        pqueue_free(D1I(s)->processed_rcds.q);
        pqueue_free(D1I(s)->buffered_messages);
        pqueue_free(s->d1->sent_messages);
        pqueue_free(D1I(s)->buffered_app_data.q);
@@ -176,7 +172,6 @@ dtls1_clear(SSL *s)
 {
        struct dtls1_state_internal_st *internal;
        pqueue unprocessed_rcds;
-        pqueue processed_rcds;
        pqueue buffered_messages;
        pqueue sent_messages;
        pqueue buffered_app_data;
@@ -184,7 +179,6 @@ dtls1_clear(SSL *s)
        if (s->d1) {
                unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
-                processed_rcds = D1I(s)->processed_rcds.q;
                buffered_messages = D1I(s)->buffered_messages;
                sent_messages = s->d1->sent_messages;
                buffered_app_data = D1I(s)->buffered_app_data.q;
@@ -200,7 +194,6 @@ dtls1_clear(SSL *s)
                D1I(s)->r_epoch =
                    tls12_record_layer_initial_epoch(s->internal->rl);
-                D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
                D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
                if (s->server) {
@@ -212,7 +205,6 @@ dtls1_clear(SSL *s)
                }
                D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
-                D1I(s)->processed_rcds.q = processed_rcds;
                D1I(s)->buffered_messages = buffered_messages;
                s->d1->sent_messages = sent_messages;
                D1I(s)->buffered_app_data.q = buffered_app_data;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 4e773a42bb..0416ee9c59 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.102 2021/07/21 07:51:12 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.103 2021/07/21 08:42:14 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -274,34 +274,23 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
 }
 static int
-dtls1_process_buffered_records(SSL *s)
+dtls1_process_buffered_record(SSL *s)
 {
-        pitem *item;
+        /* Check if epoch is current. */
+        if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
+                return (0);
-        item = pqueue_peek(D1I(s)->unprocessed_rcds.q);
+        /* Update epoch once all unprocessed records have been processed. */
-        if (item) {
+        if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {
-                /* Check if epoch is current. */
+                D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
-                if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
+                return (0);
-                        return (1);
-                /* Nothing to do. */
-                /* Process all the records. */
-                while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
-                        if (!dtls1_retrieve_buffered_record((s),
-                            &((D1I(s))->unprocessed_rcds)))
-                                return (0);
-                        if (!dtls1_process_record(s))
-                                return (0);
-                        if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
-                            S3I(s)->rrec.seq_num) < 0)
-                                return (-1);
-                }
        }
-    /* sync epoch numbers once all the unprocessed records
+        /* Process one of the records. */
-     * have been processed */
+        if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))
-        D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
+                return (-1);
-        D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
+        if (!dtls1_process_record(s))
+                return (-1);
        return (1);
 }
@@ -365,22 +354,15 @@ dtls1_process_record(SSL *s)
 int
 dtls1_get_record(SSL *s)
 {
-        SSL3_RECORD_INTERNAL *rr;
+        SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
        unsigned char *p = NULL;
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
-        int n;
+        int ret, n;
-        rr = &(S3I(s)->rrec);
+        /* See if there are pending records that can now be processed. */
+        if ((ret = dtls1_process_buffered_record(s)) != 0)
-        /* The epoch may have changed.  If so, process all the
+                return (ret);
-         * pending records.  This is a non-blocking operation. */
-        if (dtls1_process_buffered_records(s) < 0)
-                return (-1);
-        /* if we're renegotiating, then there may be buffered records */
-        if (dtls1_retrieve_buffered_record((s), &((D1I(s))->processed_rcds)))
-                return 1;
        /* get something from the wire */
        if (0) {
@@ -1189,7 +1171,6 @@ dtls1_dispatch_alert(SSL *s)
        return (i);
 }
 static DTLS1_BITMAP *
 dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
 {
diff --git a/src/lib/libssl/dtls_locl.h b/src/lib/libssl/dtls_locl.h
index 9e0699d098..bc28ce8559 100644
--- a/src/lib/libssl/dtls_locl.h
+++ b/src/lib/libssl/dtls_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls_locl.h,v 1.2 2021/07/19 08:42:24 jsing Exp $ */
+/* $OpenBSD: dtls_locl.h,v 1.3 2021/07/21 08:42:14 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -151,9 +151,8 @@ typedef struct dtls1_state_internal_st {
        unsigned short handshake_read_seq;
-        /* Received handshake records (processed and unprocessed) */
+        /* Received handshake records (unprocessed) */
        record_pqueue unprocessed_rcds;
-        record_pqueue processed_rcds;
        /* Buffered handshake messages */
        struct _pqueue *buffered_messages;

diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index 6d9959ff43..3db5629e23 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_lib.c,v 1.57 2021/07/01 17:53:39 jsing Exp $ */	1	/* $OpenBSD: d1_lib.c,v 1.58 2021/07/21 08:42:14 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -88,8 +88,6 @@ dtls1_new(SSL *s)
88		88
89	if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL)	89	if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL)
90	goto err;	90	goto err;
91	if ((s->d1->internal->processed_rcds.q = pqueue_new()) == NULL)
92	goto err;
93	if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL)	91	if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL)
94	goto err;	92	goto err;
95	if ((s->d1->sent_messages = pqueue_new()) == NULL)	93	if ((s->d1->sent_messages = pqueue_new()) == NULL)
@@ -143,7 +141,6 @@ static void
143	dtls1_clear_queues(SSL *s)	141	dtls1_clear_queues(SSL *s)
144	{	142	{
145	dtls1_drain_records(D1I(s)->unprocessed_rcds.q);	143	dtls1_drain_records(D1I(s)->unprocessed_rcds.q);
146	dtls1_drain_records(D1I(s)->processed_rcds.q);
147	dtls1_drain_fragments(D1I(s)->buffered_messages);	144	dtls1_drain_fragments(D1I(s)->buffered_messages);
148	dtls1_drain_fragments(s->d1->sent_messages);	145	dtls1_drain_fragments(s->d1->sent_messages);
149	dtls1_drain_records(D1I(s)->buffered_app_data.q);	146	dtls1_drain_records(D1I(s)->buffered_app_data.q);
@@ -160,7 +157,6 @@ dtls1_free(SSL *s)
160	dtls1_clear_queues(s);	157	dtls1_clear_queues(s);
161		158
162	pqueue_free(D1I(s)->unprocessed_rcds.q);	159	pqueue_free(D1I(s)->unprocessed_rcds.q);
163	pqueue_free(D1I(s)->processed_rcds.q);
164	pqueue_free(D1I(s)->buffered_messages);	160	pqueue_free(D1I(s)->buffered_messages);
165	pqueue_free(s->d1->sent_messages);	161	pqueue_free(s->d1->sent_messages);
166	pqueue_free(D1I(s)->buffered_app_data.q);	162	pqueue_free(D1I(s)->buffered_app_data.q);
@@ -176,7 +172,6 @@ dtls1_clear(SSL *s)
176	{	172	{
177	struct dtls1_state_internal_st *internal;	173	struct dtls1_state_internal_st *internal;
178	pqueue unprocessed_rcds;	174	pqueue unprocessed_rcds;
179	pqueue processed_rcds;
180	pqueue buffered_messages;	175	pqueue buffered_messages;
181	pqueue sent_messages;	176	pqueue sent_messages;
182	pqueue buffered_app_data;	177	pqueue buffered_app_data;
@@ -184,7 +179,6 @@ dtls1_clear(SSL *s)
184		179
185	if (s->d1) {	180	if (s->d1) {
186	unprocessed_rcds = D1I(s)->unprocessed_rcds.q;	181	unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
187	processed_rcds = D1I(s)->processed_rcds.q;
188	buffered_messages = D1I(s)->buffered_messages;	182	buffered_messages = D1I(s)->buffered_messages;
189	sent_messages = s->d1->sent_messages;	183	sent_messages = s->d1->sent_messages;
190	buffered_app_data = D1I(s)->buffered_app_data.q;	184	buffered_app_data = D1I(s)->buffered_app_data.q;
@@ -200,7 +194,6 @@ dtls1_clear(SSL *s)
200	D1I(s)->r_epoch =	194	D1I(s)->r_epoch =
201	tls12_record_layer_initial_epoch(s->internal->rl);	195	tls12_record_layer_initial_epoch(s->internal->rl);
202		196
203	D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
204	D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;	197	D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
205		198
206	if (s->server) {	199	if (s->server) {
@@ -212,7 +205,6 @@ dtls1_clear(SSL *s)
212	}	205	}
213		206
214	D1I(s)->unprocessed_rcds.q = unprocessed_rcds;	207	D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
215	D1I(s)->processed_rcds.q = processed_rcds;
216	D1I(s)->buffered_messages = buffered_messages;	208	D1I(s)->buffered_messages = buffered_messages;
217	s->d1->sent_messages = sent_messages;	209	s->d1->sent_messages = sent_messages;
218	D1I(s)->buffered_app_data.q = buffered_app_data;	210	D1I(s)->buffered_app_data.q = buffered_app_data;


diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 4e773a42bb..0416ee9c59 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.102 2021/07/21 07:51:12 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.103 2021/07/21 08:42:14 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -274,34 +274,23 @@ dtls1_retrieve_buffered_record(SSL s, record_pqueue queue)
274	}	274	}
275		275
276	static int	276	static int
277	dtls1_process_buffered_records(SSL *s)	277	dtls1_process_buffered_record(SSL *s)
278	{	278	{
279	pitem *item;	279	/* Check if epoch is current. */
		280	if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
		281	return (0);
280		282
281	item = pqueue_peek(D1I(s)->unprocessed_rcds.q);	283	/* Update epoch once all unprocessed records have been processed. */
282	if (item) {	284	if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {
283	/* Check if epoch is current. */	285	D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
284	if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)	286	return (0);
285	return (1);
286	/* Nothing to do. */
287
288	/* Process all the records. */
289	while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
290	if (!dtls1_retrieve_buffered_record((s),
291	&((D1I(s))->unprocessed_rcds)))
292	return (0);
293	if (!dtls1_process_record(s))
294	return (0);
295	if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
296	S3I(s)->rrec.seq_num) < 0)
297	return (-1);
298	}
299	}	287	}
300		288
301	/* sync epoch numbers once all the unprocessed records	289	/* Process one of the records. */
302	* have been processed */	290	if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))
303	D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;	291	return (-1);
304	D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;	292	if (!dtls1_process_record(s))
		293	return (-1);
305		294
306	return (1);	295	return (1);
307	}	296	}
@@ -365,22 +354,15 @@ dtls1_process_record(SSL *s)
365	int	354	int
366	dtls1_get_record(SSL *s)	355	dtls1_get_record(SSL *s)
367	{	356	{
368	SSL3_RECORD_INTERNAL *rr;	357	SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
369	unsigned char *p = NULL;	358	unsigned char *p = NULL;
370	DTLS1_BITMAP *bitmap;	359	DTLS1_BITMAP *bitmap;
371	unsigned int is_next_epoch;	360	unsigned int is_next_epoch;
372	int n;	361	int ret, n;
373		362
374	rr = &(S3I(s)->rrec);	363	/* See if there are pending records that can now be processed. */
375		364	if ((ret = dtls1_process_buffered_record(s)) != 0)
376	/* The epoch may have changed. If so, process all the	365	return (ret);
377	* pending records. This is a non-blocking operation. */
378	if (dtls1_process_buffered_records(s) < 0)
379	return (-1);
380
381	/* if we're renegotiating, then there may be buffered records */
382	if (dtls1_retrieve_buffered_record((s), &((D1I(s))->processed_rcds)))
383	return 1;
384		366
385	/* get something from the wire */	367	/* get something from the wire */
386	if (0) {	368	if (0) {
@@ -1189,7 +1171,6 @@ dtls1_dispatch_alert(SSL *s)
1189	return (i);	1171	return (i);
1190	}	1172	}
1191		1173
1192
1193	static DTLS1_BITMAP *	1174	static DTLS1_BITMAP *
1194	dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)	1175	dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)
1195	{	1176	{


diff --git a/src/lib/libssl/dtls_locl.h b/src/lib/libssl/dtls_locl.h index 9e0699d098..bc28ce8559 100644 --- a/src/lib/libssl/dtls_locl.h +++ b/src/lib/libssl/dtls_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dtls_locl.h,v 1.2 2021/07/19 08:42:24 jsing Exp $ */	1	/* $OpenBSD: dtls_locl.h,v 1.3 2021/07/21 08:42:14 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -151,9 +151,8 @@ typedef struct dtls1_state_internal_st {
151		151
152	unsigned short handshake_read_seq;	152	unsigned short handshake_read_seq;
153		153
154	/* Received handshake records (processed and unprocessed) */	154	/* Received handshake records (unprocessed) */
155	record_pqueue unprocessed_rcds;	155	record_pqueue unprocessed_rcds;
156	record_pqueue processed_rcds;
157		156
158	/* Buffered handshake messages */	157	/* Buffered handshake messages */
159	struct _pqueue *buffered_messages;	158	struct _pqueue *buffered_messages;