1 files changed, 5 insertions, 6 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 4f15015145..14ff8221be 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.88 2021/01/13 18:38:34 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.89 2021/01/19 18:57:09 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -642,13 +642,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                return (0);
        }
+        /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
-        if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
+        if (type == rr->type) {
-        {
                /* make sure that we are not getting application data when we
                 * are doing a handshake for the first time */
-                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+                if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
-                        (s->enc_read_ctx == NULL)) {
+                    !tls12_record_layer_read_protected(s->internal->rl)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 4f15015145..14ff8221be 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.88 2021/01/13 18:38:34 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.89 2021/01/19 18:57:09 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -642,13 +642,12 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
642	return (0);	642	return (0);
643	}	643	}
644		644
645		645	/* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
646	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */	646	if (type == rr->type) {
647	{
648	/* make sure that we are not getting application data when we	647	/* make sure that we are not getting application data when we
649	* are doing a handshake for the first time */	648	* are doing a handshake for the first time */
650	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	649	if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
651	(s->enc_read_ctx == NULL)) {	650	!tls12_record_layer_read_protected(s->internal->rl)) {
652	al = SSL_AD_UNEXPECTED_MESSAGE;	651	al = SSL_AD_UNEXPECTED_MESSAGE;
653	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);	652	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
654	goto f_err;	653	goto f_err;