Improve DTLS record header parsing.

Rather than pulling out the epoch and then six bytes of sequence number,
pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch
off the start of the sequence number.

ok inoguchi@ tb@

1 files changed, 7 insertions, 7 deletions

diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 22f0167c750..11e6d7f8f86 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.109 2021/08/31 13:34:55 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.110 2021/09/04 14:15:52 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -393,18 +393,18 @@ dtls1_get_record(SSL *s)
 		if (!CBS_get_u16(&header, &ssl_version))
 			goto again;
 
-		/* sequence number is 64 bits, with top 2 bytes = epoch */
-		if (!CBS_get_u16(&header, &epoch) ||
-		    !CBS_get_bytes(&header, &seq_no, 6))
+		/* Sequence number is 64 bits, with top 2 bytes = epoch. */
+		if (!CBS_get_bytes(&header, &seq_no, SSL3_SEQUENCE_SIZE))
 			goto again;
-
-		if (!CBS_get_u16(&header, &len))
+		if (!CBS_get_u16(&seq_no, &epoch))
 			goto again;
-
 		if (!CBS_write_bytes(&seq_no, &rr->seq_num[2],
 		    sizeof(rr->seq_num) - 2, NULL))
 			goto again;
 
+		if (!CBS_get_u16(&header, &len))
+			goto again;
+
 		rr->type = type;
 		rr->epoch = epoch;
 		rr->length = len;