Improve DTLS record header parsing.

Rather than pulling out the epoch and then six bytes of sequence number, pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch off the start of the sequence number. ok inoguchi@ tb@
author: jsing <> 2021-09-04 14:15:52 +0000
committer: jsing <> 2021-09-04 14:15:52 +0000
commit: a9d8853125301b55e45f0243ec734a0fb4f3a8f3 (patch)
tree: 377bec3aa4e40d6b17931f17fad28f07687b0e07
parent: 602cb466b8b19bfd29b0df2df3e9a6ceb9e53791 (diff)
download: openbsd-a9d8853125301b55e45f0243ec734a0fb4f3a8f3.tar.gz
openbsd-a9d8853125301b55e45f0243ec734a0fb4f3a8f3.tar.bz2
openbsd-a9d8853125301b55e45f0243ec734a0fb4f3a8f3.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 22f0167c75..11e6d7f8f8 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.109 2021/08/31 13:34:55 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.110 2021/09/04 14:15:52 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -393,18 +393,18 @@ dtls1_get_record(SSL *s)
                if (!CBS_get_u16(&header, &ssl_version))
                        goto again;
-                /* sequence number is 64 bits, with top 2 bytes = epoch */
+                /* Sequence number is 64 bits, with top 2 bytes = epoch. */
-                if (!CBS_get_u16(&header, &epoch) ||
+                if (!CBS_get_bytes(&header, &seq_no, SSL3_SEQUENCE_SIZE))
-                    !CBS_get_bytes(&header, &seq_no, 6))
                        goto again;
+                if (!CBS_get_u16(&seq_no, &epoch))
-                if (!CBS_get_u16(&header, &len))
                        goto again;
                if (!CBS_write_bytes(&seq_no, &rr->seq_num[2],
                    sizeof(rr->seq_num) - 2, NULL))
                        goto again;
+                if (!CBS_get_u16(&header, &len))
+                        goto again;
                rr->type = type;
                rr->epoch = epoch;
                rr->length = len;
author	jsing <>	2021-09-04 14:15:52 +0000
committer	jsing <>	2021-09-04 14:15:52 +0000
commit	a9d8853125301b55e45f0243ec734a0fb4f3a8f3 (patch)
tree	377bec3aa4e40d6b17931f17fad28f07687b0e07
parent	602cb466b8b19bfd29b0df2df3e9a6ceb9e53791 (diff)
download	openbsd-a9d8853125301b55e45f0243ec734a0fb4f3a8f3.tar.gz openbsd-a9d8853125301b55e45f0243ec734a0fb4f3a8f3.tar.bz2 openbsd-a9d8853125301b55e45f0243ec734a0fb4f3a8f3.zip

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 22f0167c75..11e6d7f8f8 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.109 2021/08/31 13:34:55 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.110 2021/09/04 14:15:52 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -393,18 +393,18 @@ dtls1_get_record(SSL *s)
393	if (!CBS_get_u16(&header, &ssl_version))	393	if (!CBS_get_u16(&header, &ssl_version))
394	goto again;	394	goto again;
395		395
396	/* sequence number is 64 bits, with top 2 bytes = epoch */	396	/* Sequence number is 64 bits, with top 2 bytes = epoch. */
397	if (!CBS_get_u16(&header, &epoch) \|\|	397	if (!CBS_get_bytes(&header, &seq_no, SSL3_SEQUENCE_SIZE))
398	!CBS_get_bytes(&header, &seq_no, 6))
399	goto again;	398	goto again;
400		399	if (!CBS_get_u16(&seq_no, &epoch))
401	if (!CBS_get_u16(&header, &len))
402	goto again;	400	goto again;
403
404	if (!CBS_write_bytes(&seq_no, &rr->seq_num[2],	401	if (!CBS_write_bytes(&seq_no, &rr->seq_num[2],
405	sizeof(rr->seq_num) - 2, NULL))	402	sizeof(rr->seq_num) - 2, NULL))
406	goto again;	403	goto again;
407		404
		405	if (!CBS_get_u16(&header, &len))
		406	goto again;
		407
408	rr->type = type;	408	rr->type = type;
409	rr->epoch = epoch;	409	rr->epoch = epoch;
410	rr->length = len;	410	rr->length = len;