summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_enc.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/d1_enc.c59
1 files changed, 15 insertions, 44 deletions
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 07a5e97ce5..712c4647f2 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -126,20 +126,28 @@
126#include <openssl/des.h> 126#include <openssl/des.h>
127#endif 127#endif
128 128
129/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
130 *
131 * Returns:
132 * 0: (in non-constant time) if the record is publically invalid (i.e. too
133 * short etc).
134 * 1: if the record's padding is valid / the encryption was successful.
135 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
136 * an internal error occured. */
129int dtls1_enc(SSL *s, int send) 137int dtls1_enc(SSL *s, int send)
130 { 138 {
131 SSL3_RECORD *rec; 139 SSL3_RECORD *rec;
132 EVP_CIPHER_CTX *ds; 140 EVP_CIPHER_CTX *ds;
133 unsigned long l; 141 unsigned long l;
134 int bs,i,ii,j,k,n=0; 142 int bs,i,j,k,mac_size=0;
135 const EVP_CIPHER *enc; 143 const EVP_CIPHER *enc;
136 144
137 if (send) 145 if (send)
138 { 146 {
139 if (EVP_MD_CTX_md(s->write_hash)) 147 if (EVP_MD_CTX_md(s->write_hash))
140 { 148 {
141 n=EVP_MD_CTX_size(s->write_hash); 149 mac_size=EVP_MD_CTX_size(s->write_hash);
142 if (n < 0) 150 if (mac_size < 0)
143 return -1; 151 return -1;
144 } 152 }
145 ds=s->enc_write_ctx; 153 ds=s->enc_write_ctx;
@@ -164,9 +172,8 @@ int dtls1_enc(SSL *s, int send)
164 { 172 {
165 if (EVP_MD_CTX_md(s->read_hash)) 173 if (EVP_MD_CTX_md(s->read_hash))
166 { 174 {
167 n=EVP_MD_CTX_size(s->read_hash); 175 mac_size=EVP_MD_CTX_size(s->read_hash);
168 if (n < 0) 176 OPENSSL_assert(mac_size >= 0);
169 return -1;
170 } 177 }
171 ds=s->enc_read_ctx; 178 ds=s->enc_read_ctx;
172 rec= &(s->s3->rrec); 179 rec= &(s->s3->rrec);
@@ -231,7 +238,7 @@ int dtls1_enc(SSL *s, int send)
231 if (!send) 238 if (!send)
232 { 239 {
233 if (l == 0 || l%bs != 0) 240 if (l == 0 || l%bs != 0)
234 return -1; 241 return 0;
235 } 242 }
236 243
237 EVP_Cipher(ds,rec->data,rec->input,l); 244 EVP_Cipher(ds,rec->data,rec->input,l);
@@ -246,43 +253,7 @@ int dtls1_enc(SSL *s, int send)
246#endif /* KSSL_DEBUG */ 253#endif /* KSSL_DEBUG */
247 254
248 if ((bs != 1) && !send) 255 if ((bs != 1) && !send)
249 { 256 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
250 ii=i=rec->data[l-1]; /* padding_length */
251 i++;
252 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
253 {
254 /* First packet is even in size, so check */
255 if ((memcmp(s->s3->read_sequence,
256 "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
257 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
258 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
259 i--;
260 }
261 /* TLS 1.0 does not bound the number of padding bytes by the block size.
262 * All of them must have value 'padding_length'. */
263 if (i + bs > (int)rec->length)
264 {
265 /* Incorrect padding. SSLerr() and ssl3_alert are done
266 * by caller: we don't want to reveal whether this is
267 * a decryption error or a MAC verification failure
268 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
269 */
270 return -1;
271 }
272 for (j=(int)(l-i); j<(int)l; j++)
273 {
274 if (rec->data[j] != ii)
275 {
276 /* Incorrect padding */
277 return -1;
278 }
279 }
280 rec->length-=i;
281
282 rec->data += bs; /* skip the implicit IV */
283 rec->input += bs;
284 rec->length -= bs;
285 }
286 } 257 }
287 return(1); 258 return(1);
288 } 259 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 07:15:07 +0000