mimlowe
diff --git a/‎lib/libssl/d1_lib.c‎
Lines changed: 1 addition & 9 deletions b/‎lib/libssl/d1_lib.c‎
Lines changed: 1 addition & 9 deletions
diff --git a/‎lib/libssl/d1_pkt.c‎
Lines changed: 19 additions & 38 deletions b/‎lib/libssl/d1_pkt.c‎
Lines changed: 19 additions & 38 deletions
diff --git a/‎lib/libssl/dtls_locl.h‎
Lines changed: 2 additions & 3 deletions b/‎lib/libssl/dtls_locl.h‎
Lines changed: 2 additions & 3 deletions
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.57 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.58 2021/07/21 08:42:14 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -88,8 +88,6 @@ dtls1_new(SSL *s)
 
 if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL)
 goto err;
-if ((s->d1->internal->processed_rcds.q = pqueue_new()) == NULL)
-goto err;
 if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL)
 goto err;
 if ((s->d1->sent_messages = pqueue_new()) == NULL)
@@ -143,7 +141,6 @@ static void
 dtls1_clear_queues(SSL *s)
 {
 dtls1_drain_records(D1I(s)->unprocessed_rcds.q);
-dtls1_drain_records(D1I(s)->processed_rcds.q);
 dtls1_drain_fragments(D1I(s)->buffered_messages);
 dtls1_drain_fragments(s->d1->sent_messages);
 dtls1_drain_records(D1I(s)->buffered_app_data.q);
@@ -160,7 +157,6 @@ dtls1_free(SSL *s)
 dtls1_clear_queues(s);
 
 pqueue_free(D1I(s)->unprocessed_rcds.q);
-pqueue_free(D1I(s)->processed_rcds.q);
 pqueue_free(D1I(s)->buffered_messages);
 pqueue_free(s->d1->sent_messages);
 pqueue_free(D1I(s)->buffered_app_data.q);
@@ -176,15 +172,13 @@ dtls1_clear(SSL *s)
 {
 struct dtls1_state_internal_st *internal;
 pqueue unprocessed_rcds;
-pqueue processed_rcds;
 pqueue buffered_messages;
 pqueue sent_messages;
 pqueue buffered_app_data;
 unsigned int mtu;
 
 if (s->d1) {
 unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
-processed_rcds = D1I(s)->processed_rcds.q;
 buffered_messages = D1I(s)->buffered_messages;
 sent_messages = s->d1->sent_messages;
 buffered_app_data = D1I(s)->buffered_app_data.q;
@@ -200,7 +194,6 @@ dtls1_clear(SSL *s)
 D1I(s)->r_epoch =
  tls12_record_layer_initial_epoch(s->internal->rl);
 
-D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
 D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
 
 if (s->server) {
@@ -212,7 +205,6 @@ dtls1_clear(SSL *s)
 }
 
 D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
-D1I(s)->processed_rcds.q = processed_rcds;
 D1I(s)->buffered_messages = buffered_messages;
 s->d1->sent_messages = sent_messages;
 D1I(s)->buffered_app_data.q = buffered_app_data;
 
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.102 2021/07/21 07:51:12 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.103 2021/07/21 08:42:14 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -274,34 +274,23 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
 }
 
 static int
-dtls1_process_buffered_records(SSL *s)
+dtls1_process_buffered_record(SSL *s)
 {
-pitem *item;
+/* Check if epoch is current. */
+if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
+return (0);
 
-item = pqueue_peek(D1I(s)->unprocessed_rcds.q);
-if (item) {
-/* Check if epoch is current. */
-if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
-return (1);
-/* Nothing to do. */
-
-/* Process all the records. */
-while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
-if (!dtls1_retrieve_buffered_record((s),
- &((D1I(s))->unprocessed_rcds)))
-return (0);
-if (!dtls1_process_record(s))
-return (0);
-if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
- S3I(s)->rrec.seq_num) < 0)
-return (-1);
-}
+/* Update epoch once all unprocessed records have been processed. */
+if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {
+D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
+return (0);
 }
 
- /* sync epoch numbers once all the unprocessed records
- * have been processed */
-D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
-D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
+/* Process one of the records. */
+if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))
+return (-1);
+if (!dtls1_process_record(s))
+return (-1);
 
 return (1);
 }
@@ -365,22 +354,15 @@ dtls1_process_record(SSL *s)
 int
 dtls1_get_record(SSL *s)
 {
-SSL3_RECORD_INTERNAL *rr;
+SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
 unsigned char *p = NULL;
 DTLS1_BITMAP *bitmap;
 unsigned int is_next_epoch;
-int n;
+int ret, n;
 
-rr = &(S3I(s)->rrec);
-
-/* The epoch may have changed. If so, process all the
- * pending records. This is a non-blocking operation. */
-if (dtls1_process_buffered_records(s) < 0)
-return (-1);
-
-/* if we're renegotiating, then there may be buffered records */
-if (dtls1_retrieve_buffered_record((s), &((D1I(s))->processed_rcds)))
-return 1;
+/* See if there are pending records that can now be processed. */
+if ((ret = dtls1_process_buffered_record(s)) != 0)
+return (ret);
 
 /* get something from the wire */
 if (0) {
@@ -1189,7 +1171,6 @@ dtls1_dispatch_alert(SSL *s)
 return (i);
 }
 
-
 static DTLS1_BITMAP *
 dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
 {
 
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls_locl.h,v 1.2 2021/07/19 08:42:24 jsing Exp $ */
+/* $OpenBSD: dtls_locl.h,v 1.3 2021/07/21 08:42:14 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -151,9 +151,8 @@ typedef struct dtls1_state_internal_st {
 
 unsigned short handshake_read_seq;
 
-/* Received handshake records (processed and unprocessed) */
+/* Received handshake records (unprocessed) */
 record_pqueue unprocessed_rcds;
-record_pqueue processed_rcds;
 
 /* Buffered handshake messages */
 struct _pqueue *buffered_messages;