generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2573

Browse Source 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
This commit is contained in:
Dr. Stephen Henson 2011-09-01 14:02:02 +00:00
parent b5bd966ea4
commit d2650c3a4a
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ssl/d1_pkt.c
View File

@ -409,13 +409,13 @@ dtls1_process_record(SSL *s)
enc_err = s->method->ssl3_enc->enc(s,0); enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0) if (enc_err <= 0)
{ {
if (enc_err == 0) /* decryption failed, silently discard message */
/* SSLerr() and ssl3_send_alert() have been called */ if (enc_err < 0)
goto err; {
rr->length = 0;
/* otherwise enc_err == -1 */ s->packet_length = 0;
al=SSL_AD_BAD_RECORD_MAC; }
goto f_err; goto err;
} }
#ifdef TLS_DEBUG #ifdef TLS_DEBUG
@ -658,10 +658,12 @@ again:
/* If this record is from the next epoch (either HM or ALERT), /* If this record is from the next epoch (either HM or ALERT),
* and a handshake is currently in progress, buffer it since it * and a handshake is currently in progress, buffer it since it
* cannot be processed at this time. */ * cannot be processed at this time. However, do not buffer
* anything while listening.
*/
if (is_next_epoch) if (is_next_epoch)
{ {
if (SSL_in_init(s) || s->in_handshake) if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
{ {
dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
} }