diff options
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index e0c0f0cc9a..39aac73e10 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -375,7 +375,6 @@ dtls1_process_record(SSL *s) | |||
| 375 | SSL3_RECORD *rr; | 375 | SSL3_RECORD *rr; |
| 376 | unsigned int mac_size; | 376 | unsigned int mac_size; |
| 377 | unsigned char md[EVP_MAX_MD_SIZE]; | 377 | unsigned char md[EVP_MAX_MD_SIZE]; |
| 378 | int decryption_failed_or_bad_record_mac = 0; | ||
| 379 | 378 | ||
| 380 | 379 | ||
| 381 | rr= &(s->s3->rrec); | 380 | rr= &(s->s3->rrec); |
| @@ -410,10 +409,13 @@ dtls1_process_record(SSL *s) | |||
| 410 | enc_err = s->method->ssl3_enc->enc(s,0); | 409 | enc_err = s->method->ssl3_enc->enc(s,0); |
| 411 | if (enc_err <= 0) | 410 | if (enc_err <= 0) |
| 412 | { | 411 | { |
| 413 | /* To minimize information leaked via timing, we will always | 412 | /* decryption failed, silently discard message */ |
| 414 | * perform all computations before discarding the message. | 413 | if (enc_err < 0) |
| 415 | */ | 414 | { |
| 416 | decryption_failed_or_bad_record_mac = 1; | 415 | rr->length = 0; |
| 416 | s->packet_length = 0; | ||
| 417 | } | ||
| 418 | goto err; | ||
| 417 | } | 419 | } |
| 418 | 420 | ||
| 419 | #ifdef TLS_DEBUG | 421 | #ifdef TLS_DEBUG |
| @@ -443,7 +445,7 @@ printf("\n"); | |||
| 443 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | 445 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); |
| 444 | goto f_err; | 446 | goto f_err; |
| 445 | #else | 447 | #else |
| 446 | decryption_failed_or_bad_record_mac = 1; | 448 | goto err; |
| 447 | #endif | 449 | #endif |
| 448 | } | 450 | } |
| 449 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ | 451 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ |
| @@ -454,25 +456,17 @@ printf("\n"); | |||
| 454 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); | 456 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); |
| 455 | goto f_err; | 457 | goto f_err; |
| 456 | #else | 458 | #else |
| 457 | decryption_failed_or_bad_record_mac = 1; | 459 | goto err; |
| 458 | #endif | 460 | #endif |
| 459 | } | 461 | } |
| 460 | rr->length-=mac_size; | 462 | rr->length-=mac_size; |
| 461 | i=s->method->ssl3_enc->mac(s,md,0); | 463 | i=s->method->ssl3_enc->mac(s,md,0); |
| 462 | if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) | 464 | if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) |
| 463 | { | 465 | { |
| 464 | decryption_failed_or_bad_record_mac = 1; | 466 | goto err; |
| 465 | } | 467 | } |
| 466 | } | 468 | } |
| 467 | 469 | ||
| 468 | if (decryption_failed_or_bad_record_mac) | ||
| 469 | { | ||
| 470 | /* decryption failed, silently discard message */ | ||
| 471 | rr->length = 0; | ||
| 472 | s->packet_length = 0; | ||
| 473 | goto err; | ||
| 474 | } | ||
| 475 | |||
| 476 | /* r->length is now just compressed */ | 470 | /* r->length is now just compressed */ |
| 477 | if (s->expand != NULL) | 471 | if (s->expand != NULL) |
| 478 | { | 472 | { |