1 files changed, 14 insertions, 12 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 9723edfea4..0dc2333708 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.72 2022/11/26 16:08:56 tb Exp $ */
+/*      $OpenBSD: tls13_handshake.c,v 1.73 2024/02/03 19:57:14 tb Exp $ */
 /*
 * Copyright (c) 2018-2021 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -546,22 +546,24 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
                return TLS13_IO_FAILURE;
        ret = TLS13_IO_FAILURE;
-        if (action->recv(ctx, &cbs)) {
+        if (!action->recv(ctx, &cbs))
-                if (CBS_len(&cbs) != 0) {
+                goto err;
-                        tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
-                            "trailing data in handshake message", NULL);
+        if (CBS_len(&cbs) != 0) {
-                        ctx->alert = TLS13_ALERT_DECODE_ERROR;
+                tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
-                } else {
+                    "trailing data in handshake message", NULL);
-                        ret = TLS13_IO_SUCCESS;
+                ctx->alert = TLS13_ALERT_DECODE_ERROR;
-                }
+                goto err;
        }
+        ret = TLS13_IO_SUCCESS;
+        if (ctx->ssl->method->version < TLS1_3_VERSION)
+                ret = TLS13_IO_USE_LEGACY;
+ err:
        tls13_handshake_msg_free(ctx->hs_msg);
        ctx->hs_msg = NULL;
-        if (ctx->ssl->method->version < TLS1_3_VERSION)
-                return TLS13_IO_USE_LEGACY;
        return ret;
 }

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 9723edfea4..0dc2333708 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_handshake.c,v 1.72 2022/11/26 16:08:56 tb Exp $ */	1	/* $OpenBSD: tls13_handshake.c,v 1.73 2024/02/03 19:57:14 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2021 Theo Buehler <tb@openbsd.org>	3	* Copyright (c) 2018-2021 Theo Buehler <tb@openbsd.org>
4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -546,22 +546,24 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
546	return TLS13_IO_FAILURE;	546	return TLS13_IO_FAILURE;
547		547
548	ret = TLS13_IO_FAILURE;	548	ret = TLS13_IO_FAILURE;
549	if (action->recv(ctx, &cbs)) {	549	if (!action->recv(ctx, &cbs))
550	if (CBS_len(&cbs) != 0) {	550	goto err;
551	tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,	551
552	"trailing data in handshake message", NULL);	552	if (CBS_len(&cbs) != 0) {
553	ctx->alert = TLS13_ALERT_DECODE_ERROR;	553	tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
554	} else {	554	"trailing data in handshake message", NULL);
555	ret = TLS13_IO_SUCCESS;	555	ctx->alert = TLS13_ALERT_DECODE_ERROR;
556	}	556	goto err;
557	}	557	}
558		558
		559	ret = TLS13_IO_SUCCESS;
		560	if (ctx->ssl->method->version < TLS1_3_VERSION)
		561	ret = TLS13_IO_USE_LEGACY;
		562
		563	err:
559	tls13_handshake_msg_free(ctx->hs_msg);	564	tls13_handshake_msg_free(ctx->hs_msg);
560	ctx->hs_msg = NULL;	565	ctx->hs_msg = NULL;
561		566
562	if (ctx->ssl->method->version < TLS1_3_VERSION)
563	return TLS13_IO_USE_LEGACY;
564
565	return ret;	567	return ret;
566	}	568	}
567		569