PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Don't drop DTLS connection if mac or decryption failed.
This commit is contained in:
Dr. Stephen Henson
27
ssl/d1_pkt.c
27
ssl/d1_pkt.c
@@ -417,7 +417,7 @@ dtls1_process_record(SSL *s)
|
||||
goto err;
|
||||
|
||||
/* otherwise enc_err == -1 */
|
||||
goto decryption_failed_or_bad_record_mac;
|
||||
goto err;
|
||||
}
|
||||
|
||||
#ifdef TLS_DEBUG
|
||||
@@ -447,7 +447,7 @@ printf("\n");
|
||||
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
|
||||
goto f_err;
|
||||
#else
|
||||
goto decryption_failed_or_bad_record_mac;
|
||||
goto err;
|
||||
#endif
|
||||
}
|
||||
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
|
||||
@@ -458,14 +458,14 @@ printf("\n");
|
||||
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
#else
|
||||
goto decryption_failed_or_bad_record_mac;
|
||||
goto err;
|
||||
#endif
|
||||
}
|
||||
rr->length-=mac_size;
|
||||
i=s->method->ssl3_enc->mac(s,md,0);
|
||||
if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
|
||||
{
|
||||
goto decryption_failed_or_bad_record_mac;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -507,14 +507,6 @@ printf("\n");
|
||||
dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
|
||||
return(1);
|
||||
|
||||
decryption_failed_or_bad_record_mac:
|
||||
/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
|
||||
* SSL 3.0 only has 'bad_record_mac'. But unless a decryption
|
||||
* failure is directly visible from the ciphertext anyway,
|
||||
* we should not reveal which kind of error occured -- this
|
||||
* might become visible to an attacker (e.g. via logfile) */
|
||||
al=SSL_AD_BAD_RECORD_MAC;
|
||||
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
err:
|
||||
@@ -547,8 +539,7 @@ int dtls1_get_record(SSL *s)
|
||||
|
||||
/* The epoch may have changed. If so, process all the
|
||||
* pending records. This is a non-blocking operation. */
|
||||
if ( ! dtls1_process_buffered_records(s))
|
||||
return 0;
|
||||
dtls1_process_buffered_records(s);
|
||||
|
||||
/* if we're renegotiating, then there may be buffered records */
|
||||
if (dtls1_get_processed_record(s))
|
||||
@@ -683,8 +674,12 @@ again:
|
||||
goto again;
|
||||
}
|
||||
|
||||
if ( ! dtls1_process_record(s))
|
||||
return(0);
|
||||
if (!dtls1_process_record(s))
|
||||
{
|
||||
rr->length = 0;
|
||||
s->packet_length = 0; /* dump this record */
|
||||
goto again; /* get another record */
|
||||
}
|
||||
|
||||
dtls1_clear_timeouts(s); /* done waiting */
|
||||
return(1);
|
||||
|
||||
Reference in New Issue
Block a user