4 files changed, 30 insertions, 7 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 05669aea8e..2122fea936 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.124 2017/01/26 00:29:04 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.125 2017/01/26 07:20:57 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2064,6 +2064,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_WRONG_VERSION_NUMBER                       267
 #define SSL_R_X509_LIB                                   268
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
+#define SSL_R_PEER_BEHAVING_BADLY                        666
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 04742b60ca..efe3e9473f 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.30 2017/01/26 07:20:57 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -597,6 +597,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
         {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  , "wrong version number"},
         {ERR_REASON(SSL_R_X509_LIB)              , "x509 lib"},
         {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
+        {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY)   ,"peer is doing strange or hostile things"},
         {0, NULL}
 };
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6834592516..215d4ad0b0 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.170 2017/01/26 06:32:58 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.171 2017/01/26 07:20:57 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -352,6 +352,8 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_PKEY_GOST01         6
 #define SSL_PKEY_NUM            7
 
+#define SSL_MAX_EMPTY_RECORDS   32
+
 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
  *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
  * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
@@ -770,6 +772,8 @@ typedef struct ssl_internal_st {
         int rstate;     /* where we are when reading */
 
         int mac_packet;
+
+        int empty_record_count;
 } SSL_INTERNAL;
 
 typedef struct ssl3_state_internal_st {
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 6d1a8481ee..a58a4b6656 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.3 2017/01/26 06:39:08 beck Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.4 2017/01/26 07:20:57 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -337,7 +337,7 @@ ssl3_get_record(SSL *s)
         rr = &(S3I(s)->rrec);
         sess = s->session;
 
-again:
+ again:
         /* check if we have the header */
         if ((s->internal->rstate != SSL_ST_READ_BODY) ||
             (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) {
@@ -535,9 +535,26 @@ again:
         /* we have pulled in a full packet so zero things */
         s->internal->packet_length = 0;
 
-        /* just read a 0 length packet */
-        if (rr->length == 0)
+        if (rr->length == 0) {
+                /*
+                 * CBC countermeasures for known IV weaknesses
+                 * can legitimately insert single empty record,
+                 * so we allow ourselves to read once past a single
+                 * empty record without forcing want_read.
+                 */
+                if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
+                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                            SSL_R_PEER_BEHAVING_BADLY);
+                        return -1;
+                }
+                if (s->internal->empty_record_count > 1) {
+                        ssl_force_want_read(s);
+                        return -1;
+                }
                 goto again;
+        } else {
+                s->internal->empty_record_count = 0;
+        }
 
         return (1);