Prioritize incoming certificate requests by the order of CERTEQ payloads

in the received message.

ok patrick@

4 files changed, 14 insertions, 15 deletions

diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 30ead42c79f..483c4a636c9 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.154 2020/07/21 08:03:38 tobhe Exp $	*/
+/*	$OpenBSD: iked.h,v 1.155 2020/08/11 20:51:06 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -525,9 +525,9 @@ RB_HEAD(iked_addrpool6, iked_sa);
 struct iked_certreq {
 	struct ibuf			*cr_data;
 	uint8_t				 cr_type;
-	SLIST_ENTRY(iked_certreq)	 cr_entry;
+	SIMPLEQ_ENTRY(iked_certreq)	 cr_entry;
 };
-SLIST_HEAD(iked_certreqs, iked_certreq);
+SIMPLEQ_HEAD(iked_certreqs, iked_certreq);
 
 struct iked_message {
 	struct ibuf		*msg_data;
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index bc5c8a5f6f0..352d3c7e3ab 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.237 2020/07/21 08:03:38 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.238 2020/08/11 20:51:06 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -3066,7 +3066,7 @@ ikev2_handle_certreq(struct iked* env, struct iked_message *msg)
 	 * We could alternatively extract the CA from the peer certificate
 	 * to find a matching local one.
 	 */
-	if (SLIST_EMPTY(&msg->msg_certreqs)) {
+	if (SIMPLEQ_EMPTY(&msg->msg_certreqs)) {
 		if (sa->sa_policy->pol_certreqtype)
 			crtype = sa->sa_policy->pol_certreqtype;
 		else
@@ -3075,9 +3075,8 @@ ikev2_handle_certreq(struct iked* env, struct iked_message *msg)
 		    crtype, 0, ibuf_data(env->sc_certreq),
 		    ibuf_size(env->sc_certreq), PROC_CERT);
 	} else {
-		while ((cr = SLIST_FIRST(&msg->msg_certreqs))) {
-
-			if (SLIST_NEXT(cr, cr_entry) != NULL)
+		while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) {
+			if (SIMPLEQ_NEXT(cr, cr_entry) != NULL)
 				more = 1;
 			else
 				more = 0;
@@ -3088,7 +3087,7 @@ ikev2_handle_certreq(struct iked* env, struct iked_message *msg)
 			    PROC_CERT);
 
 			ibuf_release(cr->cr_data);
-			SLIST_REMOVE_HEAD(&msg->msg_certreqs, cr_entry);
+			SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry);
 			free(cr);
 		}
 	}
diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c
index c865b6f3d96..e9c188c9992 100644
--- a/sbin/iked/ikev2_msg.c
+++ b/sbin/iked/ikev2_msg.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_msg.c,v 1.69 2020/07/08 21:35:35 tobhe Exp $	*/
+/*	$OpenBSD: ikev2_msg.c,v 1.70 2020/08/11 20:51:06 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -97,7 +97,7 @@ ikev2_msg_cb(int fd, short event, void *arg)
 		return;
 
 	TAILQ_INIT(&msg.msg_proposals);
-	SLIST_INIT(&msg.msg_certreqs);
+	SIMPLEQ_INIT(&msg.msg_certreqs);
 	msg.msg_fd = fd;
 
 	if (hdr.ike_version == IKEV1_VERSION)
@@ -205,9 +205,9 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)
 		msg->msg_cookie2 = NULL;
 
 		config_free_proposals(&msg->msg_proposals, 0);
-		while ((cr = SLIST_FIRST(&msg->msg_certreqs))) {
+		while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) {
 			ibuf_release(cr->cr_data);
-			SLIST_REMOVE_HEAD(&msg->msg_certreqs, cr_entry);
+			SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry);
 			free(cr);
 		}
 	}
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index 6fc901a351c..a83d86a5cbe 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.90 2020/08/10 19:35:39 tobhe Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.91 2020/08/11 20:51:06 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -873,7 +873,7 @@ ikev2_pld_certreq(struct iked *env, struct ikev2_payload *pld,
 		return (-1);
 	}
 	cr->cr_type = cert.cert_type;
-	SLIST_INSERT_HEAD(&msg->msg_parent->msg_certreqs, cr, cr_entry);
+	SIMPLEQ_INSERT_TAIL(&msg->msg_parent->msg_certreqs, cr, cr_entry);
 
 	return (0);
 }