Cleanup messages for retransmission when receiving ack

include/internal/statem.h

@@ -104,6 +104,8 @@ struct ossl_statem_st {
     OSSL_HANDSHAKE_STATE hand_state;
     /* The handshake state requested by an API call (e.g. HelloRequest) */
     OSSL_HANDSHAKE_STATE request_state;
+    /* The handshake state waiting for acknowledge */
+    OSSL_HANDSHAKE_STATE ack_state;
     int in_init;
     int read_state_first_init;
     /* true when we are actually in SSL_accept() or SSL_connect() */

ssl/d1_lib.c

@@ -139,6 +139,15 @@ void dtls1_clear_received_buffer(SSL_CONNECTION *s)
     }
 }
 
+void dtls1_remove_sent_buffer_item(struct pqueue_st *pq, unsigned char *prio64be) {
+    pitem *item = NULL;
+
+    while ((item = pqueue_find(pq, prio64be)) != NULL) {
+        dtls1_hm_fragment_free((hm_fragment *)item->data);
+        pitem_free(item);
+    }
+}
+
 void dtls1_clear_sent_buffer(SSL_CONNECTION *s)
 {
     pitem *item = NULL;

ssl/ssl_local.h

@@ -1960,10 +1960,9 @@ typedef struct dtls1_state_st {
     int shutdown_received;
 # endif
 
-    /* Sequence numbers that should be acknowledged */
+    /* Sequence numbers that are to be acknowledged */
     uint16_t ack_seq_num[DTLS_ACK_SEQ_NUM_LEN];
     size_t ack_seq_num_count;
-    int msg_being_acked;
 
     DTLS_timer_cb timer_cb;
 
@@ -2679,6 +2678,8 @@ __owur void dtls1_get_queue_priority(unsigned char *prio64be,
 int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s);
 void dtls1_clear_received_buffer(SSL_CONNECTION *s);
 void dtls1_clear_sent_buffer(SSL_CONNECTION *s);
+void dtls1_remove_sent_buffer_item(struct pqueue_st *pq,
+                                   unsigned char *prio64be);
 void dtls1_get_message_header(const unsigned char *data,
                               struct hm_header_st *msg_hdr);
 __owur OSSL_TIME dtls1_default_timeout(void);

ssl/statem/statem_clnt.c

@@ -1410,11 +1410,6 @@ MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt)
     return MSG_PROCESS_FINISHED_READING;
 }
 
-MSG_PROCESS_RETURN dtls_process_ack(SSL_CONNECTION *s, PACKET *pkt)
-{
-
-    return MSG_PROCESS_FINISHED_READING;
-}
 static int set_client_ciphersuite(SSL_CONNECTION *s,
                                   const unsigned char *cipherchars)
 {

ssl/statem/statem_dtls.c

@@ -1030,6 +1030,15 @@ CON_FUNC_RETURN dtls_construct_ack(SSL_CONNECTION *s, WPACKET *pkt) {
     }
 
     for (size_t i = 0; i < s->d1->ack_seq_num_count; ++i) {
+        /*
+         * rfc9147: section 4.
+         *
+         * Record numbers are encoded as
+         *      struct {
+         *           uint64 epoch;
+         *           uint64 sequence_number;
+         *      } RecordNumber;
+         */
         if (!WPACKET_put_bytes_u16(pkt, s->d1->ack_seq_num[i] & 0xffff)) {
 
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -1044,6 +1053,45 @@ CON_FUNC_RETURN dtls_construct_ack(SSL_CONNECTION *s, WPACKET *pkt) {
     return CON_FUNC_SUCCESS;
 }
 
+MSG_PROCESS_RETURN dtls_process_ack(SSL_CONNECTION *s, PACKET *pkt)
+{
+    PACKET record_numbers;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &record_numbers)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_LENGTH_TOO_LONG);
+        return MSG_PROCESS_ERROR;
+    }
+    while (PACKET_remaining(&record_numbers) > 0) {
+        unsigned char prio64be[8];
+        uint64_t epoch;
+        uint64_t sequence_number;
+
+        /*
+         * rfc9147: section 4.
+         *
+         * Record numbers are encoded as
+         *      struct {
+         *           uint64 epoch;
+         *           uint64 sequence_number;
+         *      } RecordNumber;
+         */
+
+        if (!PACKET_get_net_8(&record_numbers, &epoch)
+            || !PACKET_get_net_8(&record_numbers, &sequence_number)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_LENGTH_TOO_LONG);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (dtls1_get_epoch(s, SSL3_CC_WRITE) == epoch) {
+            dtls1_get_queue_priority(prio64be, sequence_number, 0);
+            dtls1_remove_sent_buffer_item(s->d1->sent_messages, prio64be);
+        }
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+
 #ifndef OPENSSL_NO_SCTP
 /*
  * Wait for a dry event. Should only be called at a point in the handshake

ssl/statem/statem_srvr.c

@@ -569,7 +569,7 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL_CONNECTION *s)
             s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
 
         if (SSL_CONNECTION_IS_DTLS13(s)) {
-            s->d1->msg_being_acked = SSL3_MT_FINISHED;
+            st->ack_state = TLS_ST_SR_FINISHED;
             st->hand_state = TLS_ST_SW_ACK;
         } else {
             /* Check if we are expected to deliver a new session ticket */
@@ -582,7 +582,7 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL_CONNECTION *s)
 
     case TLS_ST_SR_KEY_UPDATE:
         if (SSL_CONNECTION_IS_DTLS13(s)) {
-            s->d1->msg_being_acked = SSL3_MT_KEY_UPDATE;
+            st->ack_state = TLS_ST_SR_KEY_UPDATE;
             st->hand_state = TLS_ST_SW_ACK;
             return WRITE_TRAN_CONTINUE;
         }
@@ -616,15 +616,14 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL_CONNECTION *s)
         st->hand_state = TLS_ST_OK;
         return WRITE_TRAN_CONTINUE;
     case TLS_ST_SW_ACK:
-        if (s->d1->msg_being_acked == SSL3_MT_FINISHED) {
+        if (st->ack_state == TLS_ST_SR_FINISHED) {
             if (s->ext.ticket_expected && s->num_tickets > s->sent_tickets)
                 st->hand_state = TLS_ST_SW_SESSION_TICKET;
             else
                 st->hand_state = TLS_ST_OK;
-        } else if (s->d1->msg_being_acked == SSL3_MT_KEY_UPDATE)
+        } else if (st->ack_state == TLS_ST_SR_KEY_UPDATE)
             st->hand_state = TLS_ST_OK;
 
-        s->d1->msg_being_acked = -1; // Clear state
         return WRITE_TRAN_CONTINUE;
     }
 }