Improve DTLS hello request handling code.

Rather than manually checking multiple bytes, actually parse the DTLS
handshake message header, then check the values against what we parsed.

ok inoguchi@ tb@

1 files changed, 8 insertions, 2 deletions

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 0b952cf5f3..aafadf16ef 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.111 2021/09/04 14:24:28 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.112 2021/09/04 14:31:54 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -681,7 +681,13 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
             rr->length >= DTLS1_HM_HEADER_LENGTH && rr->off == 0 &&
             rr->data[0] == SSL3_MT_HELLO_REQUEST &&
             s->session != NULL && s->session->cipher != NULL) {
-                if (rr->data[1] != 0 || rr->data[2] != 0 || rr->data[3] != 0) {
+                struct hm_header_st msg_hdr;
+                CBS cbs;
+
+                CBS_init(&cbs, rr->data, rr->length);
+                if (!dtls1_get_message_header(&cbs, &msg_hdr))
+                        return -1;
+                if (msg_hdr.msg_len != 0) {
                         al = SSL_AD_DECODE_ERROR;
                         SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
                         goto fatal_err;