Untangle ssl3_get_message() return values.

This function currently has a long return type that may be <= 0 on
error/retry (which is then cast to an int in order to return it up the
stack), or it returns the length of the handshake message (on success).
This obviously means that 0 can be returned for both success and failure,
which is the reason why a separate 'ok' argument has to exist.

Untangle this mess by changing the return value to an int that indicates
success (1) or error/retry (<= 0). The length never needs to actually be
returned as it is already stored in s->internal->init_num (which is where
the return value is read from anyway).

ok tb@

6 files changed, 139 insertions, 166 deletions

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 4c014be6a9..7365968db6 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.78 2021/09/04 14:24:28 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.79 2021/10/23 08:34:36 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -368,13 +368,13 @@ dtls1_do_write(SSL *s, int type)
  * Read an entire handshake message.  Handshake messages arrive in
  * fragments.
  */
-long
-dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+int
+dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
 {
-        int i, al;
         struct hm_header_st *msg_hdr;
         unsigned char *p;
         unsigned long msg_len;
+        int i, al, ok;
 
         /*
          * s3->internal->tmp is used to store messages that are unexpected, caused
@@ -387,21 +387,20 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                         SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
                         goto fatal_err;
                 }
-                *ok = 1;
                 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
                 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
-                return s->internal->init_num;
+                return 1;
         }
 
         msg_hdr = &D1I(s)->r_msg_hdr;
         memset(msg_hdr, 0, sizeof(struct hm_header_st));
 
  again:
-        i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+        i = dtls1_get_message_fragment(s, st1, stn, max, &ok);
         if (i == DTLS1_HM_BAD_FRAGMENT ||
             i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
                 goto again;
-        else if (i <= 0 && !*ok)
+        else if (i <= 0 && !ok)
                 return i;
 
         p = (unsigned char *)s->internal->init_buf->data;
@@ -425,15 +424,13 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                 D1I(s)->handshake_read_seq++;
 
         s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-        return s->internal->init_num;
+        return 1;
 
  fatal_err:
         ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        *ok = 0;
         return -1;
 }
 
-
 static int
 dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 {
@@ -847,8 +844,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
                 goto fatal_err;
         }
 
-        *ok = 1;
-
         /*
          * Note that s->internal->init_num is *not* used as current offset in
          * s->internal->init_buf->data, but as a counter summing up fragments'
@@ -856,6 +851,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
          * length, we assume we have got all the fragments.
          */
         s->internal->init_num = frag_len;
+        *ok = 1;
         return frag_len;
 
  fatal_err:
diff --git a/src/lib/libssl/dtls_locl.h b/src/lib/libssl/dtls_locl.h
index 4cf8827ec3..306fab2559 100644
--- a/src/lib/libssl/dtls_locl.h
+++ b/src/lib/libssl/dtls_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls_locl.h,v 1.7 2021/09/04 14:24:28 jsing Exp $ */
+/* $OpenBSD: dtls_locl.h,v 1.8 2021/10/23 08:34:36 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -223,7 +223,7 @@ void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
 long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int dtls1_get_message(SSL *s, int st1, int stn, int mt, long max);
 int dtls1_get_record(SSL *s);
 
 __END_HIDDEN_DECLS
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index f3d50d6f9c..637f34582f 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.35 2021/09/03 13:19:12 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.36 2021/10/23 08:34:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -208,14 +208,12 @@ ssl3_send_finished(SSL *s, int state_a, int state_b)
 int
 ssl3_get_finished(SSL *s, int a, int b)
 {
-        int al, ok, md_len;
-        long n;
+        int al, md_len, ret;
         CBS cbs;
 
         /* should actually be 36+4 :-) */
-        n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64)) <= 0)
+                return ret;
 
         /* If this occurs, we have missed a message */
         if (!S3I(s)->change_cipher_spec) {
@@ -227,13 +225,13 @@ ssl3_get_finished(SSL *s, int a, int b)
 
         md_len = TLS1_FINISH_MAC_LENGTH;
 
-        if (n < 0) {
+        if (s->internal->init_num < 0) {
                 al = SSL_AD_DECODE_ERROR;
                 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
                 goto fatal_err;
         }
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
 
         if (S3I(s)->hs.peer_finished_len != md_len ||
             CBS_len(&cbs) != md_len) {
@@ -397,8 +395,8 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk)
  * The first four bytes (msg_type and length) are read in state 'st1',
  * the body is read in state 'stn'.
  */
-long
-ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+int
+ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
 {
         unsigned char *p;
         uint32_t l;
@@ -408,7 +406,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         uint8_t u8;
 
         if (SSL_is_dtls(s))
-                return (dtls1_get_message(s, st1, stn, mt, max, ok));
+                return dtls1_get_message(s, st1, stn, mt, max);
 
         if (S3I(s)->hs.tls12.reuse_message) {
                 S3I(s)->hs.tls12.reuse_message = 0;
@@ -417,11 +415,10 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                         SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
                         goto fatal_err;
                 }
-                *ok = 1;
                 s->internal->init_msg = s->internal->init_buf->data +
                     SSL3_HM_HEADER_LENGTH;
                 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
-                return s->internal->init_num;
+                return 1;
         }
 
         p = (unsigned char *)s->internal->init_buf->data;
@@ -436,7 +433,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                                     SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0);
                                 if (i <= 0) {
                                         s->internal->rwstate = SSL_READING;
-                                        *ok = 0;
                                         return i;
                                 }
                                 s->internal->init_num += i;
@@ -501,7 +497,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                     &p[s->internal->init_num], n, 0);
                 if (i <= 0) {
                         s->internal->rwstate = SSL_READING;
-                        *ok = 0;
                         return i;
                 }
                 s->internal->init_num += i;
@@ -518,14 +513,12 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                     (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH);
         }
 
-        *ok = 1;
-        return (s->internal->init_num);
+        return 1;
 
  fatal_err:
         ssl3_send_alert(s, SSL3_AL_FATAL, al);
  err:
-        *ok = 0;
-        return (-1);
+        return -1;
 }
 
 int
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index bcf5108975..8a4c54e7b7 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.112 2021/10/23 08:13:02 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.113 2021/10/23 08:34:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -779,16 +779,14 @@ ssl3_send_client_hello(SSL *s)
 int
 ssl3_get_dtls_hello_verify(SSL *s)
 {
-        long n;
-        int al, ok = 0;
+        CBS hello_verify_request, cookie;
         size_t cookie_len;
         uint16_t ssl_version;
-        CBS hello_verify_request, cookie;
+        int al, ret;
 
-        n = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
-            DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
+            DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0)
+                return ret;
 
         if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
                 D1I(s)->send_cookie = 0;
@@ -796,10 +794,11 @@ ssl3_get_dtls_hello_verify(SSL *s)
                 return (1);
         }
 
-        if (n < 0)
+        if (s->internal->init_num < 0)
                 goto decode_err;
 
-        CBS_init(&hello_verify_request, s->internal->init_msg, n);
+        CBS_init(&hello_verify_request, s->internal->init_msg,
+            s->internal->init_num);
 
         if (!CBS_get_u16(&hello_verify_request, &ssl_version))
                 goto decode_err;
@@ -848,20 +847,18 @@ ssl3_get_server_hello(SSL *s)
         const SSL_METHOD *method;
         unsigned long alg_k;
         size_t outlen;
-        int al, ok;
-        long n;
+        int al, ret;
 
         s->internal->first_packet = 1;
-        n = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
-            SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
+            SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0)
+                return ret;
         s->internal->first_packet = 0;
 
-        if (n < 0)
+        if (s->internal->init_num < 0)
                 goto decode_err;
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
 
         if (SSL_is_dtls(s)) {
                 if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
@@ -1103,19 +1100,19 @@ ssl3_get_server_hello(SSL *s)
 int
 ssl3_get_server_certificate(SSL *s)
 {
-        int                      al, i, ok, ret = -1;
-        long                     n;
-        CBS                      cbs, cert_list;
-        X509                    *x = NULL;
-        const unsigned char     *q;
-        STACK_OF(X509)          *sk = NULL;
-        SESS_CERT               *sc;
-        EVP_PKEY                *pkey = NULL;
-
-        n = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
-            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
-        if (!ok)
-                return ((int)n);
+        int al, i, ret;
+        CBS cbs, cert_list;
+        X509 *x = NULL;
+        const unsigned char *q;
+        STACK_OF(X509) *sk = NULL;
+        SESS_CERT *sc;
+        EVP_PKEY *pkey = NULL;
+
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
+            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
+                return ret;
+
+        ret = -1;
 
         if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
                 S3I(s)->hs.tls12.reuse_message = 1;
@@ -1128,16 +1125,15 @@ ssl3_get_server_certificate(SSL *s)
                 goto fatal_err;
         }
 
-
         if ((sk = sk_X509_new_null()) == NULL) {
                 SSLerror(s, ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
-        if (n < 0)
+        if (s->internal->init_num < 0)
                 goto decode_err;
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
         if (CBS_len(&cbs) < 3)
                 goto decode_err;
 
@@ -1463,9 +1459,9 @@ ssl3_get_server_key_exchange(SSL *s)
         EVP_PKEY *pkey = NULL;
         EVP_MD_CTX md_ctx;
         const unsigned char *param;
-        long n, alg_k, alg_a;
-        int al, ok;
         size_t param_len;
+        long alg_k, alg_a;
+        int al, ret;
 
         EVP_MD_CTX_init(&md_ctx);
 
@@ -1476,15 +1472,14 @@ ssl3_get_server_key_exchange(SSL *s)
          * Use same message size as in ssl3_get_certificate_request()
          * as ServerKeyExchange message may be skipped.
          */
-        n = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
-            SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
+            SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0)
+                return ret;
 
-        if (n < 0)
+        if (s->internal->init_num < 0)
                 goto err;
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
 
         if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
                 /*
@@ -1617,17 +1612,17 @@ ssl3_get_server_key_exchange(SSL *s)
 int
 ssl3_get_certificate_request(SSL *s)
 {
-        int                      ok, ret = 0;
-        long                     n;
-        CBS                      cert_request, cert_types, rdn_list;
-        X509_NAME               *xn = NULL;
-        const unsigned char     *q;
-        STACK_OF(X509_NAME)     *ca_sk = NULL;
-
-        n = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A,
-            SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
-        if (!ok)
-                return ((int)n);
+        CBS cert_request, cert_types, rdn_list;
+        X509_NAME *xn = NULL;
+        const unsigned char *q;
+        STACK_OF(X509_NAME) *ca_sk = NULL;
+        int ret;
+
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A,
+            SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list)) <= 0)
+                return ret;
+
+        ret = 0;
 
         S3I(s)->hs.tls12.cert_request = 0;
 
@@ -1654,9 +1649,9 @@ ssl3_get_certificate_request(SSL *s)
                 goto err;
         }
 
-        if (n < 0)
+        if (s->internal->init_num < 0)
                 goto decode_err;
-        CBS_init(&cert_request, s->internal->init_msg, n);
+        CBS_init(&cert_request, s->internal->init_msg, s->internal->init_num);
 
         if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
                 SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -1761,15 +1756,15 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
 int
 ssl3_get_new_session_ticket(SSL *s)
 {
-        int                      ok, al, ret = 0;
-        uint32_t                 lifetime_hint;
-        long                     n;
-        CBS                      cbs, session_ticket;
+        uint32_t lifetime_hint;
+        CBS cbs, session_ticket;
+        int al, ret;
+
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
+            SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0)
+                return ret;
 
-        n = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
-            SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
-        if (!ok)
-                return ((int)n);
+        ret = 0;
 
         if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
                 S3I(s)->hs.tls12.reuse_message = 1;
@@ -1781,13 +1776,13 @@ ssl3_get_new_session_ticket(SSL *s)
                 goto fatal_err;
         }
 
-        if (n < 0) {
+        if (s->internal->init_num < 0) {
                 al = SSL_AD_DECODE_ERROR;
                 SSLerror(s, SSL_R_LENGTH_MISMATCH);
                 goto fatal_err;
         }
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
         if (!CBS_get_u32(&cbs, &lifetime_hint) ||
             !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
             CBS_len(&cbs) != 0) {
@@ -1833,15 +1828,13 @@ ssl3_get_new_session_ticket(SSL *s)
 int
 ssl3_get_cert_status(SSL *s)
 {
-        CBS                      cert_status, response;
-        int                      ok, al;
-        long                     n;
-        uint8_t                  status_type;
+        CBS cert_status, response;
+        uint8_t status_type;
+        int al, ret;
 
-        n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
-            SSL3_ST_CR_CERT_STATUS_B, -1, 16384, &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
+            SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0)
+                return ret;
 
         if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
                 /*
@@ -1849,8 +1842,6 @@ ssl3_get_cert_status(SSL *s)
                  * response, and has decided to head directly to key exchange.
                  */
                 if (s->ctx->internal->tlsext_status_cb) {
-                        int ret;
-
                         free(s->internal->tlsext_ocsp_resp);
                         s->internal->tlsext_ocsp_resp = NULL;
                         s->internal->tlsext_ocsp_resp_len = 0;
@@ -1879,14 +1870,14 @@ ssl3_get_cert_status(SSL *s)
                 goto fatal_err;
         }
 
-        if (n < 0) {
+        if (s->internal->init_num < 0) {
                 /* need at least status type + length */
                 al = SSL_AD_DECODE_ERROR;
                 SSLerror(s, SSL_R_LENGTH_MISMATCH);
                 goto fatal_err;
         }
 
-        CBS_init(&cert_status, s->internal->init_msg, n);
+        CBS_init(&cert_status, s->internal->init_msg, s->internal->init_num);
         if (!CBS_get_u8(&cert_status, &status_type) ||
             CBS_len(&cert_status) < 3) {
                 /* need at least status type + length */
@@ -1939,23 +1930,21 @@ ssl3_get_cert_status(SSL *s)
 int
 ssl3_get_server_done(SSL *s)
 {
-        int     ok, ret = 0;
-        long    n;
+        int ret;
 
-        n = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
-            SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
-            30, /* should be very small, like 0 :-) */ &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
+            SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, 
+            30 /* should be very small, like 0 :-) */)) <= 0)
+                return ret;
 
-        if (n > 0) {
+        if (s->internal->init_num != 0) {
                 /* should contain no data */
                 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
                 SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                return (-1);
+                return -1;
         }
-        ret = 1;
-        return (ret);
+
+        return 1;
 }
 
 static int
@@ -2756,18 +2745,16 @@ ssl3_check_cert_and_algorithm(SSL *s)
 int
 ssl3_check_finished(SSL *s)
 {
-        int     ok;
-        long    n;
+        int ret;
 
         /* If we have no ticket it cannot be a resumed session. */
         if (!s->session->tlsext_tick)
                 return (1);
         /* this function is called when we really expect a Certificate
          * message, so permit appropriate message length */
-        n = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
-            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
+            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
+                return ret;
 
         S3I(s)->hs.tls12.reuse_message = 1;
         if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6a6903d95b..62f874061e 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.360 2021/10/23 08:13:02 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.361 2021/10/23 08:34:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1365,7 +1365,7 @@ int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
 int ssl3_do_write(SSL *s, int type);
 int ssl3_send_alert(SSL *s, int level, int desc);
 int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
 int ssl3_send_finished(SSL *s, int state_a, int state_b);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 3a37fc7e09..1bbe551b3c 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.119 2021/09/03 13:18:01 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.120 2021/10/23 08:34:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -779,8 +779,7 @@ ssl3_get_client_hello(SSL *s)
         uint16_t client_version;
         uint8_t comp_method;
         int comp_null;
-        int i, j, ok, al, ret = -1, cookie_valid = 0;
-        long n;
+        int i, j, al, ret, cookie_valid = 0;
         unsigned long id;
         SSL_CIPHER *c;
         STACK_OF(SSL_CIPHER) *ciphers = NULL;
@@ -795,22 +794,22 @@ ssl3_get_client_hello(SSL *s)
          * If we are SSLv3, we will respond with SSLv3, even if prompted with
          * TLSv1.
          */
-        if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
                 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
-        }
 
         s->internal->first_packet = 1;
-        n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
+        if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
             SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
-            SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-        if (!ok)
-                return ((int)n);
+            SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
+                return ret;
         s->internal->first_packet = 0;
 
-        if (n < 0)
+        ret = -1;
+
+        if (s->internal->init_num < 0)
                 goto err;
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
 
         /* Parse client hello up until the extensions (if any). */
         if (!CBS_get_u16(&cbs, &client_version))
@@ -2055,20 +2054,18 @@ int
 ssl3_get_client_key_exchange(SSL *s)
 {
         unsigned long alg_k;
-        int al, ok;
+        int al, ret;
         CBS cbs;
-        long n;
 
         /* 2048 maxlen is a guess.  How long a key does that permit? */
-        n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
-            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
+            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0)
+                return ret;
 
-        if (n < 0)
+        if (s->internal->init_num < 0)
                 goto err;
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
 
         alg_k = S3I(s)->hs.cipher->algorithm_mkey;
 
@@ -2113,24 +2110,24 @@ ssl3_get_cert_verify(SSL *s)
         EVP_PKEY *pkey = NULL;
         X509 *peer = NULL;
         EVP_MD_CTX mctx;
-        int al, ok, verify;
+        int al, verify;
         const unsigned char *hdata;
         size_t hdatalen;
         int type = 0;
-        int ret = 0;
-        long n;
+        int ret;
 
         EVP_MD_CTX_init(&mctx);
 
-        n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
-            SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-        if (!ok)
-                return ((int)n);
+        if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
+            SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
+                return ret;
 
-        if (n < 0)
+        ret = 0;
+
+        if (s->internal->init_num < 0)
                 goto err;
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
 
         if (s->session->peer != NULL) {
                 peer = s->session->peer;
@@ -2329,16 +2326,16 @@ int
 ssl3_get_client_certificate(SSL *s)
 {
         CBS cbs, client_certs;
-        int i, ok, al, ret = -1;
         X509 *x = NULL;
-        long n;
         const unsigned char *q;
         STACK_OF(X509) *sk = NULL;
+        int i, al, ret;
+
+        if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
+            -1, s->internal->max_cert_list)) <= 0)
+                return ret;
 
-        n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
-            -1, s->internal->max_cert_list, &ok);
-        if (!ok)
-                return ((int)n);
+        ret = -1;
 
         if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
                 if ((s->verify_mode & SSL_VERIFY_PEER) &&
@@ -2367,10 +2364,10 @@ ssl3_get_client_certificate(SSL *s)
                 goto fatal_err;
         }
 
-        if (n < 0)
+        if (s->internal->init_num < 0)
                 goto decode_err;
 
-        CBS_init(&cbs, s->internal->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
 
         if ((sk = sk_X509_new_null()) == NULL) {
                 SSLerror(s, ERR_R_MALLOC_FAILURE);