1 files changed, 21 insertions, 19 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 4c450d2cb9..18d0ec5a3f 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.86 2021/01/13 18:20:54 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.87 2021/01/13 18:32:00 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -184,8 +184,10 @@ satsub64be(const unsigned char *v1, const unsigned char *v2)
 static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
    int len, int peek);
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
+static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+    const unsigned char *seq);
+static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap,
+    const unsigned char *seq);
 static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr,
    unsigned int *is_next_epoch);
 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
@@ -414,10 +416,15 @@ again:
                    !CBS_get_bytes(&header, &seq_no, 6))
                        goto again;
+                if (!CBS_get_u16(&header, &len))
+                        goto again;
                if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
                    sizeof(S3I(s)->read_sequence) - 2, NULL))
                        goto again;
-                if (!CBS_get_u16(&header, &len))
+                if (!CBS_write_bytes(&seq_no, &rr->seq_num[2],
+                    sizeof(rr->seq_num) - 2, NULL))
                        goto again;
                rr->type = type;
@@ -466,7 +473,7 @@ again:
         */
        if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&
            p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
-            !dtls1_record_replay_check(s, bitmap))
+            !dtls1_record_replay_check(s, bitmap, rr->seq_num))
                goto again;
        /* just read a 0 length packet */
@@ -484,7 +491,7 @@ again:
                            rr->seq_num) < 0)
                                return (-1);
                        /* Mark receipt of record. */
-                        dtls1_record_bitmap_update(s, bitmap);
+                        dtls1_record_bitmap_update(s, bitmap, rr->seq_num);
                }
                goto again;
        }
@@ -493,7 +500,7 @@ again:
                goto again;
        /* Mark receipt of record. */
-        dtls1_record_bitmap_update(s, bitmap);
+        dtls1_record_bitmap_update(s, bitmap, rr->seq_num);
        return (1);
 }
@@ -1128,34 +1135,30 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 }
 static int
-dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
+dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
+    const unsigned char *seq)
 {
-        int cmp;
        unsigned int shift;
-        const unsigned char *seq = S3I(s)->read_sequence;
+        int cmp;
        cmp = satsub64be(seq, bitmap->max_seq_num);
-        if (cmp > 0) {
+        if (cmp > 0)
-                memcpy (S3I(s)->rrec.seq_num, seq, 8);
                return 1; /* this record in new */
-        }
        shift = -cmp;
        if (shift >= sizeof(bitmap->map)*8)
                return 0; /* stale, outside the window */
        else if (bitmap->map & (1UL << shift))
                return 0; /* record previously received */
-        memcpy(S3I(s)->rrec.seq_num, seq, 8);
        return 1;
 }
 static void
-dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap,
+    const unsigned char *seq)
 {
-        int cmp;
        unsigned int shift;
-        const unsigned char *seq = S3I(s)->read_sequence;
+        int cmp;
        cmp = satsub64be(seq, bitmap->max_seq_num);
        if (cmp > 0) {
@@ -1172,7 +1175,6 @@ dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
        }
 }
 int
 dtls1_dispatch_alert(SSL *s)
 {

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 4c450d2cb9..18d0ec5a3f 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.86 2021/01/13 18:20:54 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.87 2021/01/13 18:32:00 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -184,8 +184,10 @@ satsub64be(const unsigned char v1, const unsigned char v2)
184		184
185	static int have_handshake_fragment(SSL s, int type, unsigned char buf,	185	static int have_handshake_fragment(SSL s, int type, unsigned char buf,
186	int len, int peek);	186	int len, int peek);
187	static int dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap);	187	static int dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap,
188	static void dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap);	188	const unsigned char *seq);
		189	static void dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap,
		190	const unsigned char *seq);
189	static DTLS1_BITMAP dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL *rr,	191	static DTLS1_BITMAP dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL *rr,
190	unsigned int *is_next_epoch);	192	unsigned int *is_next_epoch);
191	static int dtls1_buffer_record(SSL s, record_pqueue q,	193	static int dtls1_buffer_record(SSL s, record_pqueue q,
@@ -414,10 +416,15 @@ again:
414	!CBS_get_bytes(&header, &seq_no, 6))	416	!CBS_get_bytes(&header, &seq_no, 6))
415	goto again;	417	goto again;
416		418
		419	if (!CBS_get_u16(&header, &len))
		420	goto again;
		421
417	if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),	422	if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
418	sizeof(S3I(s)->read_sequence) - 2, NULL))	423	sizeof(S3I(s)->read_sequence) - 2, NULL))
419	goto again;	424	goto again;
420	if (!CBS_get_u16(&header, &len))	425
		426	if (!CBS_write_bytes(&seq_no, &rr->seq_num[2],
		427	sizeof(rr->seq_num) - 2, NULL))
421	goto again;	428	goto again;
422		429
423	rr->type = type;	430	rr->type = type;
@@ -466,7 +473,7 @@ again:
466	*/	473	*/
467	if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&	474	if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&
468	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&	475	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
469	!dtls1_record_replay_check(s, bitmap))	476	!dtls1_record_replay_check(s, bitmap, rr->seq_num))
470	goto again;	477	goto again;
471		478
472	/* just read a 0 length packet */	479	/* just read a 0 length packet */
@@ -484,7 +491,7 @@ again:
484	rr->seq_num) < 0)	491	rr->seq_num) < 0)
485	return (-1);	492	return (-1);
486	/* Mark receipt of record. */	493	/* Mark receipt of record. */
487	dtls1_record_bitmap_update(s, bitmap);	494	dtls1_record_bitmap_update(s, bitmap, rr->seq_num);
488	}	495	}
489	goto again;	496	goto again;
490	}	497	}
@@ -493,7 +500,7 @@ again:
493	goto again;	500	goto again;
494		501
495	/* Mark receipt of record. */	502	/* Mark receipt of record. */
496	dtls1_record_bitmap_update(s, bitmap);	503	dtls1_record_bitmap_update(s, bitmap, rr->seq_num);
497		504
498	return (1);	505	return (1);
499	}	506	}
@@ -1128,34 +1135,30 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1128	}	1135	}
1129		1136
1130	static int	1137	static int
1131	dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap)	1138	dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap,
		1139	const unsigned char *seq)
1132	{	1140	{
1133	int cmp;
1134	unsigned int shift;	1141	unsigned int shift;
1135	const unsigned char *seq = S3I(s)->read_sequence;	1142	int cmp;
1136		1143
1137	cmp = satsub64be(seq, bitmap->max_seq_num);	1144	cmp = satsub64be(seq, bitmap->max_seq_num);
1138	if (cmp > 0) {	1145	if (cmp > 0)
1139	memcpy (S3I(s)->rrec.seq_num, seq, 8);
1140	return 1; /* this record in new */	1146	return 1; /* this record in new */
1141	}
1142	shift = -cmp;	1147	shift = -cmp;
1143	if (shift >= sizeof(bitmap->map)*8)	1148	if (shift >= sizeof(bitmap->map)*8)
1144	return 0; /* stale, outside the window */	1149	return 0; /* stale, outside the window */
1145	else if (bitmap->map & (1UL << shift))	1150	else if (bitmap->map & (1UL << shift))
1146	return 0; /* record previously received */	1151	return 0; /* record previously received */
1147		1152
1148	memcpy(S3I(s)->rrec.seq_num, seq, 8);
1149	return 1;	1153	return 1;
1150	}	1154	}
1151		1155
1152
1153	static void	1156	static void
1154	dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap)	1157	dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap,
		1158	const unsigned char *seq)
1155	{	1159	{
1156	int cmp;
1157	unsigned int shift;	1160	unsigned int shift;
1158	const unsigned char *seq = S3I(s)->read_sequence;	1161	int cmp;
1159		1162
1160	cmp = satsub64be(seq, bitmap->max_seq_num);	1163	cmp = satsub64be(seq, bitmap->max_seq_num);
1161	if (cmp > 0) {	1164	if (cmp > 0) {
@@ -1172,7 +1175,6 @@ dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap)
1172	}	1175	}
1173	}	1176	}
1174		1177
1175
1176	int	1178	int
1177	dtls1_dispatch_alert(SSL *s)	1179	dtls1_dispatch_alert(SSL *s)
1178	{	1180	{