generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2229

Browse Source 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.
This commit is contained in:
Dr. Stephen Henson 2010-04-14 00:09:55 +00:00
parent 9f4dd3e3e3
commit 30e8defe52
1 changed files with 11 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
ssl/d1_pkt.c
View File

@ -417,7 +417,7 @@ dtls1_process_record(SSL *s)
goto err; goto err;
/* otherwise enc_err == -1 */ /* otherwise enc_err == -1 */
goto decryption_failed_or_bad_record_mac; goto err;
} }
#ifdef TLS_DEBUG #ifdef TLS_DEBUG
@ -447,7 +447,7 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err; goto f_err;
#else #else
goto decryption_failed_or_bad_record_mac; goto err;
#endif #endif
} }
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */ /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@ -458,14 +458,14 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err; goto f_err;
#else #else
goto decryption_failed_or_bad_record_mac; goto err;
#endif #endif
} }
rr->length-=mac_size; rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0); i=s->method->ssl3_enc->mac(s,md,0);
if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
{ {
goto decryption_failed_or_bad_record_mac; goto err;
} }
} }
@ -507,14 +507,6 @@ printf("\n");
dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
return(1); return(1);
decryption_failed_or_bad_record_mac:
/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
* SSL 3.0 only has 'bad_record_mac'. But unless a decryption
* failure is directly visible from the ciphertext anyway,
* we should not reveal which kind of error occured -- this
* might become visible to an attacker (e.g. via logfile) */
al=SSL_AD_BAD_RECORD_MAC;
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
err: err:
@ -547,8 +539,7 @@ int dtls1_get_record(SSL *s)
/* The epoch may have changed. If so, process all the /* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */ * pending records. This is a non-blocking operation. */
if ( ! dtls1_process_buffered_records(s)) dtls1_process_buffered_records(s);
return 0;
/* if we're renegotiating, then there may be buffered records */ /* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s)) if (dtls1_get_processed_record(s))
@ -683,8 +674,12 @@ again:
goto again; goto again;
} }
if ( ! dtls1_process_record(s)) if (!dtls1_process_record(s))
return(0); {
rr->length = 0;
s->packet_length = 0; /* dump this record */
goto again; /* get another record */
}
dtls1_clear_timeouts(s); /* done waiting */ dtls1_clear_timeouts(s); /* done waiting */
return(1); return(1);