Fix error codes.

[oweals/openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 3e60f5018c41c3e11fdb6298dcc68235f6c85eaf..35fcddf5b1c45d63f5ed70e85f89d5088988e9ab 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -290,8 +290,7 @@ static int ssl3_get_record(SSL *s)
        unsigned char *p;
        unsigned char md[EVP_MAX_MD_SIZE];
        short version;
-       unsigned mac_size;
-       int clear=0;
+       unsigned mac_size, orig_len;
        size_t extra;
 
        rr= &(s->s3->rrec);
@@ -401,7 +400,6 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 
        /* decrypt in place in 'rr->input' */
        rr->data=rr->input;
-       rr->orig_len=rr->length;
 
        enc_err = s->method->ssl3_enc->enc(s,0);
        /* enc_err is:
@@ -410,8 +408,9 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
         *    -1: if the padding is invalid */
        if (enc_err == 0)
                {
-               /* SSLerr() and ssl3_send_alert() have been called */
-               goto err;
+               al=SSL_AD_DECRYPTION_FAILED;
+               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+               goto f_err;
                }
 
 #ifdef TLS_DEBUG
@@ -421,28 +420,28 @@ printf("\n");
 #endif
 
        /* r->length is now the compressed data plus mac */
-       if (    (sess == NULL) ||
-               (s->enc_read_ctx == NULL) ||
-               (EVP_MD_CTX_md(s->read_hash) == NULL))
-               clear=1;
-
-       if (!clear)
+       if ((sess != NULL) &&
+           (s->enc_read_ctx != NULL) &&
+           (EVP_MD_CTX_md(s->read_hash) != NULL))
                {
-               /* !clear => s->read_hash != NULL => mac_size != -1 */
+               /* s->read_hash != NULL => mac_size != -1 */
                unsigned char *mac = NULL;
                unsigned char mac_tmp[EVP_MAX_MD_SIZE];
                mac_size=EVP_MD_CTX_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
 
+               /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+               orig_len = rr->length+((unsigned int)rr->type>>8);
+
                /* orig_len is the length of the record before any padding was
                 * removed. This is public information, as is the MAC in use,
                 * therefore we can safely process the record in a different
                 * amount of time if it's too short to possibly contain a MAC.
                 */
-               if (rr->orig_len < mac_size ||
+               if (orig_len < mac_size ||
                    /* CBC records must have a padding length byte too. */
                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-                    rr->orig_len < mac_size+1))
+                    orig_len < mac_size+1))
                        {
                        al=SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
@@ -457,12 +456,12 @@ printf("\n");
                         * without leaking the contents of the padding bytes.
                         * */
                        mac = mac_tmp;
-                       ssl3_cbc_copy_mac(mac_tmp, rr, mac_size);
+                       ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
                        rr->length -= mac_size;
                        }
                else
                        {
-                       /* In this case there's no padding, so |rec->orig_len|
+                       /* In this case there's no padding, so |orig_len|
                         * equals |rec->length| and we checked that there's
                         * enough bytes for |mac_size| above. */
                        rr->length -= mac_size;