1 files changed, 4 insertions, 29 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index e07fc7e3f9..6ed04395b9 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.118 2022/02/21 18:22:20 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.119 2022/03/12 12:53:03 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -748,33 +748,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        }
        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-                /* 'Change Cipher Spec' is just a single byte, so we know
+                if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
-                 * exactly what the record payload has to look like */
+                        return ret;
-                /* XDTLS: check that epoch is consistent */
-                if ((rr->length != DTLS1_CCS_HEADER_LENGTH) ||
-                    (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
-                        goto fatal_err;
-                }
-                ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1);
-                /* We can't process a CCS now, because previous handshake
-                 * messages are still missing, so just drop it.
-                 */
-                if (!s->d1->change_cipher_spec_ok) {
-                        rr->length = 0;
-                        goto start;
-                }
-                s->d1->change_cipher_spec_ok = 0;
-                s->s3->change_cipher_spec = 1;
-                if (!ssl3_do_change_cipher_spec(s))
-                        goto err;
-                rr->length = 0;
                goto start;
        }
@@ -872,7 +847,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 fatal_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
        return (-1);
 }

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index e07fc7e3f9..6ed04395b9 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.118 2022/02/21 18:22:20 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.119 2022/03/12 12:53:03 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -748,33 +748,8 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
748	}	748	}
749		749
750	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {	750	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
751	/* 'Change Cipher Spec' is just a single byte, so we know	751	if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
752	* exactly what the record payload has to look like */	752	return ret;
753	/* XDTLS: check that epoch is consistent */
754	if ((rr->length != DTLS1_CCS_HEADER_LENGTH) \|\|
755	(rr->off != 0) \|\| (rr->data[0] != SSL3_MT_CCS)) {
756	al = SSL_AD_DECODE_ERROR;
757	SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
758	goto fatal_err;
759	}
760
761	ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1);
762
763	/* We can't process a CCS now, because previous handshake
764	* messages are still missing, so just drop it.
765	*/
766	if (!s->d1->change_cipher_spec_ok) {
767	rr->length = 0;
768	goto start;
769	}
770
771	s->d1->change_cipher_spec_ok = 0;
772
773	s->s3->change_cipher_spec = 1;
774	if (!ssl3_do_change_cipher_spec(s))
775	goto err;
776
777	rr->length = 0;
778	goto start;	753	goto start;
779	}	754	}
780		755
@@ -872,7 +847,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
872		847
873	fatal_err:	848	fatal_err:
874	ssl3_send_alert(s, SSL3_AL_FATAL, al);	849	ssl3_send_alert(s, SSL3_AL_FATAL, al);
875	err:	850
876	return (-1);	851	return (-1);
877	}	852	}
878		853