1 files changed, 31 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 17f93f551b..03f95977f7 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.10 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.11 2017/10/08 16:24:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -311,19 +311,44 @@ f_err:
 int
 ssl3_send_change_cipher_spec(SSL *s, int a, int b)
 {
-        unsigned char *p;
+        size_t outlen;
+        CBB cbb;
+        memset(&cbb, 0, sizeof(cbb));
        if (S3I(s)->hs.state == a) {
-                p = (unsigned char *)s->internal->init_buf->data;
+                if (!CBB_init_fixed(&cbb, s->internal->init_buf->data,
-                *p = SSL3_MT_CCS;
+                    s->internal->init_buf->length))
-                s->internal->init_num = 1;
+                        goto err;
+                if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
+                        goto err;
+                if (!CBB_finish(&cbb, NULL, &outlen))
+                        goto err;
+                if (outlen > INT_MAX)
+                        goto err;
+                s->internal->init_num = (int)outlen;
                s->internal->init_off = 0;
+                if (SSL_IS_DTLS(s)) {
+                        D1I(s)->handshake_write_seq =
+                            D1I(s)->next_handshake_write_seq;
+                        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+                            D1I(s)->handshake_write_seq, 0, 0);
+                        dtls1_buffer_message(s, 1);
+                }
                S3I(s)->hs.state = b;
        }
        /* SSL3_ST_CW_CHANGE_B */
-        return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
+        return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+ err:
+        CBB_cleanup(&cbb);
+        return -1;
 }
 static int

diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 17f93f551b..03f95977f7 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_both.c,v 1.10 2017/08/12 02:55:22 jsing Exp $ */	1	/* $OpenBSD: ssl_both.c,v 1.11 2017/10/08 16:24:02 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -311,19 +311,44 @@ f_err:
311	int	311	int
312	ssl3_send_change_cipher_spec(SSL *s, int a, int b)	312	ssl3_send_change_cipher_spec(SSL *s, int a, int b)
313	{	313	{
314	unsigned char *p;	314	size_t outlen;
		315	CBB cbb;
		316
		317	memset(&cbb, 0, sizeof(cbb));
315		318
316	if (S3I(s)->hs.state == a) {	319	if (S3I(s)->hs.state == a) {
317	p = (unsigned char *)s->internal->init_buf->data;	320	if (!CBB_init_fixed(&cbb, s->internal->init_buf->data,
318	*p = SSL3_MT_CCS;	321	s->internal->init_buf->length))
319	s->internal->init_num = 1;	322	goto err;
		323	if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
		324	goto err;
		325	if (!CBB_finish(&cbb, NULL, &outlen))
		326	goto err;
		327
		328	if (outlen > INT_MAX)
		329	goto err;
		330
		331	s->internal->init_num = (int)outlen;
320	s->internal->init_off = 0;	332	s->internal->init_off = 0;
321		333
		334	if (SSL_IS_DTLS(s)) {
		335	D1I(s)->handshake_write_seq =
		336	D1I(s)->next_handshake_write_seq;
		337	dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
		338	D1I(s)->handshake_write_seq, 0, 0);
		339	dtls1_buffer_message(s, 1);
		340	}
		341
322	S3I(s)->hs.state = b;	342	S3I(s)->hs.state = b;
323	}	343	}
324		344
325	/* SSL3_ST_CW_CHANGE_B */	345	/* SSL3_ST_CW_CHANGE_B */
326	return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));	346	return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
		347
		348	err:
		349	CBB_cleanup(&cbb);
		350
		351	return -1;
327	}	352	}
328		353
329	static int	354	static int