diff options
| author | marha <marha@users.sourceforge.net> | 2012-01-27 20:34:07 +0100 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2012-01-27 20:34:07 +0100 |
| commit | 829194c926fa1e3bd45e4fe740e0bc42efe6ace6 (patch) | |
| tree | 6b4b6de1185b25f8e6071b3204fcb69762bdc0ac /openssl/ssl/d1_pkt.c | |
| parent | 40bdd8b27f5c730b8d0c9a189e89fb51a5400611 (diff) | |
| parent | c6a1477b0092762299491d79b3a8cb094c6456da (diff) | |
| download | vcxsrv-829194c926fa1e3bd45e4fe740e0bc42efe6ace6.tar.gz vcxsrv-829194c926fa1e3bd45e4fe740e0bc42efe6ace6.tar.bz2 vcxsrv-829194c926fa1e3bd45e4fe740e0bc42efe6ace6.zip | |
Merge remote-tracking branch 'origin/released'
Conflicts:
openssl/Makefile
Diffstat (limited to 'openssl/ssl/d1_pkt.c')
| -rw-r--r-- | openssl/ssl/d1_pkt.c | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index 39aac73e1..de30a505a 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -375,6 +375,8 @@ dtls1_process_record(SSL *s) SSL3_RECORD *rr; unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; + int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); @@ -409,13 +411,10 @@ dtls1_process_record(SSL *s) enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err <= 0) { - /* decryption failed, silently discard message */ - if (enc_err < 0) - { - rr->length = 0; - s->packet_length = 0; - } - goto err; + /* To minimize information leaked via timing, we will always + * perform all computations before discarding the message. + */ + decryption_failed_or_bad_record_mac = 1; } #ifdef TLS_DEBUG @@ -445,28 +444,32 @@ printf("\n"); SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else - goto err; + decryption_failed_or_bad_record_mac = 1; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - goto err; -#endif + rr->length -= mac_size; + mac = &rr->data[rr->length]; } - rr->length-=mac_size; + else + rr->length = 0; i=s->method->ssl3_enc->mac(s,md,0); - if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { - goto err; + decryption_failed_or_bad_record_mac = 1; } } + if (decryption_failed_or_bad_record_mac) + { + /* decryption failed, silently discard message */ + rr->length = 0; + s->packet_length = 0; + goto err; + } + /* r->length is now just compressed */ if (s->expand != NULL) { |