aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/d1_pkt.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2012-01-27 20:34:07 +0100
committermarha <marha@users.sourceforge.net>2012-01-27 20:34:07 +0100
commit829194c926fa1e3bd45e4fe740e0bc42efe6ace6 (patch)
tree6b4b6de1185b25f8e6071b3204fcb69762bdc0ac /openssl/ssl/d1_pkt.c
parent40bdd8b27f5c730b8d0c9a189e89fb51a5400611 (diff)
parentc6a1477b0092762299491d79b3a8cb094c6456da (diff)
downloadvcxsrv-829194c926fa1e3bd45e4fe740e0bc42efe6ace6.tar.gz
vcxsrv-829194c926fa1e3bd45e4fe740e0bc42efe6ace6.tar.bz2
vcxsrv-829194c926fa1e3bd45e4fe740e0bc42efe6ace6.zip
Merge remote-tracking branch 'origin/released'
Conflicts: openssl/Makefile
Diffstat (limited to 'openssl/ssl/d1_pkt.c')
-rw-r--r--openssl/ssl/d1_pkt.c41
1 files changed, 22 insertions, 19 deletions
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index 39aac73e1..de30a505a 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -375,6 +375,8 @@ dtls1_process_record(SSL *s)
SSL3_RECORD *rr;
unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE];
+ int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= &(s->s3->rrec);
@@ -409,13 +411,10 @@ dtls1_process_record(SSL *s)
enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0)
{
- /* decryption failed, silently discard message */
- if (enc_err < 0)
- {
- rr->length = 0;
- s->packet_length = 0;
- }
- goto err;
+ /* To minimize information leaked via timing, we will always
+ * perform all computations before discarding the message.
+ */
+ decryption_failed_or_bad_record_mac = 1;
}
#ifdef TLS_DEBUG
@@ -445,28 +444,32 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- goto err;
+ decryption_failed_or_bad_record_mac = 1;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length < mac_size)
+ if (rr->length >= mac_size)
{
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- goto err;
-#endif
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
}
- rr->length-=mac_size;
+ else
+ rr->length = 0;
i=s->method->ssl3_enc->mac(s,md,0);
- if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+ if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
{
- goto err;
+ decryption_failed_or_bad_record_mac = 1;
}
}
+ if (decryption_failed_or_bad_record_mac)
+ {
+ /* decryption failed, silently discard message */
+ rr->length = 0;
+ s->packet_length = 0;
+ goto err;
+ }
+
/* r->length is now just compressed */
if (s->expand != NULL)
{