aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/d1_pkt.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2012-01-27 20:31:28 +0100
committermarha <marha@users.sourceforge.net>2012-01-27 20:31:28 +0100
commitc6a1477b0092762299491d79b3a8cb094c6456da (patch)
tree8458d152a6d4cecd8b2d88f3e7e6950128a53fb7 /openssl/ssl/d1_pkt.c
parenteb4c088eb71f93b9639f4ff651523d794f1433f7 (diff)
downloadvcxsrv-c6a1477b0092762299491d79b3a8cb094c6456da.tar.gz
vcxsrv-c6a1477b0092762299491d79b3a8cb094c6456da.tar.bz2
vcxsrv-c6a1477b0092762299491d79b3a8cb094c6456da.zip
update to openssl 1.0.0g
Diffstat (limited to 'openssl/ssl/d1_pkt.c')
-rw-r--r--openssl/ssl/d1_pkt.c41
1 files changed, 22 insertions, 19 deletions
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index 39aac73e1..de30a505a 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -375,6 +375,8 @@ dtls1_process_record(SSL *s)
SSL3_RECORD *rr;
unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE];
+ int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= &(s->s3->rrec);
@@ -409,13 +411,10 @@ dtls1_process_record(SSL *s)
enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0)
{
- /* decryption failed, silently discard message */
- if (enc_err < 0)
- {
- rr->length = 0;
- s->packet_length = 0;
- }
- goto err;
+ /* To minimize information leaked via timing, we will always
+ * perform all computations before discarding the message.
+ */
+ decryption_failed_or_bad_record_mac = 1;
}
#ifdef TLS_DEBUG
@@ -445,28 +444,32 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- goto err;
+ decryption_failed_or_bad_record_mac = 1;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length < mac_size)
+ if (rr->length >= mac_size)
{
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- goto err;
-#endif
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
}
- rr->length-=mac_size;
+ else
+ rr->length = 0;
i=s->method->ssl3_enc->mac(s,md,0);
- if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+ if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
{
- goto err;
+ decryption_failed_or_bad_record_mac = 1;
}
}
+ if (decryption_failed_or_bad_record_mac)
+ {
+ /* decryption failed, silently discard message */
+ rr->length = 0;
+ s->packet_length = 0;
+ goto err;
+ }
+
/* r->length is now just compressed */
if (s->expand != NULL)
{