From: jsing <jsing@openbsd.org>
Date: Mon, 25 Oct 2021 10:09:28 +0000 (+0000)
Subject: Use ssl_force_want_read() in the DTLS code.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e2a9b682240338ddad74bcea1f0ce2d690bcbd1e;p=openbsd

Use ssl_force_want_read() in the DTLS code.

Also mop up some mostly unhelpful comments while here.

ok beck@ tb@
---

diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 7aea85a4c4f..9601a39e3a9 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.113 2021/10/23 13:36:03 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.114 2021/10/25 10:09:28 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -654,14 +654,9 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 			 * Application data while renegotiating is allowed.
 			 * Try reading again.
 			 */
-			BIO *bio;
-
 			S3I(s)->in_read_app_data = 2;
-			bio = SSL_get_rbio(s);
-			s->internal->rwstate = SSL_READING;
-			BIO_clear_retry_flags(bio);
-			BIO_set_retry_read(bio);
-			return (-1);
+			ssl_force_want_read(s);
+			return -1;
 		} else {
 			/* Not certain if this is the right error handling */
 			al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -714,17 +709,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 				}
 
 				if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
-					if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
-					{
-						BIO *bio;
-						/* In the case where we try to read application data,
-						 * but we trigger an SSL handshake, we return -1 with
-						 * the retry option set.  Otherwise renegotiation may
-						 * cause nasty problems in the blocking world */
-						s->internal->rwstate = SSL_READING;
-						bio = SSL_get_rbio(s);
-						BIO_clear_retry_flags(bio);
-						BIO_set_retry_read(bio);
+					if (S3I(s)->rbuf.left == 0) {
+						ssl_force_want_read(s);
 						return (-1);
 					}
 				}
@@ -851,17 +837,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 		}
 
 		if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
-			if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
-			{
-				BIO *bio;
-				/* In the case where we try to read application data,
-				 * but we trigger an SSL handshake, we return -1 with
-				 * the retry option set.  Otherwise renegotiation may
-				 * cause nasty problems in the blocking world */
-				s->internal->rwstate = SSL_READING;
-				bio = SSL_get_rbio(s);
-				BIO_clear_retry_flags(bio);
-				BIO_set_retry_read(bio);
+			if (S3I(s)->rbuf.left == 0) {
+				ssl_force_want_read(s);
 				return (-1);
 			}
 		}
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 01c22762ef5..27bf5ec41f7 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.367 2021/10/25 10:01:46 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.368 2021/10/25 10:09:28 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1372,6 +1372,8 @@ int ssl3_renegotiate(SSL *ssl);
 
 int ssl3_renegotiate_check(SSL *ssl);
 
+void ssl_force_want_read(SSL *s);
+
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 049a7df3c34..8a5f97e5c75 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.50 2021/08/30 19:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.51 2021/10/25 10:09:28 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -127,14 +127,15 @@ static int ssl3_get_record(SSL *s);
  * Force a WANT_READ return for certain error conditions where
  * we don't want to spin internally.
  */
-static void
+void
 ssl_force_want_read(SSL *s)
 {
-	BIO * bio;
+	BIO *bio;
 
 	bio = SSL_get_rbio(s);
 	BIO_clear_retry_flags(bio);
 	BIO_set_retry_read(bio);
+
 	s->internal->rwstate = SSL_READING;
 }
 
@@ -931,11 +932,6 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 
 				if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
 					if (S3I(s)->rbuf.left == 0) {
-						/* no read-ahead left? */
-			/* In the case where we try to read application data,
-			 * but we trigger an SSL handshake, we return -1 with
-			 * the retry option set.  Otherwise renegotiation may
-			 * cause nasty problems in the blocking world */
 						ssl_force_want_read(s);
 						return (-1);
 					}
@@ -1079,11 +1075,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 		}
 
 		if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
-			if (S3I(s)->rbuf.left == 0) { /* no read-ahead left? */
-				/* In the case where we try to read application data,
-				 * but we trigger an SSL handshake, we return -1 with
-				 * the retry option set.  Otherwise renegotiation may
-				 * cause nasty problems in the blocking world */
+			if (S3I(s)->rbuf.left == 0) {
 				ssl_force_want_read(s);
 				return (-1);
 			}