PR: 2229
authorDr. Stephen Henson <steve@openssl.org>
Wed, 14 Apr 2010 00:09:55 +0000 (00:09 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 14 Apr 2010 00:09:55 +0000 (00:09 +0000)
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.

ssl/d1_pkt.c

index 93b3408be53e8024b3c85c88c8215e377df8278a..a5439d544fbeb98bda1436680c3e235e46e0b292 100644 (file)
@@ -417,7 +417,7 @@ dtls1_process_record(SSL *s)
                        goto err;
 
                /* otherwise enc_err == -1 */
-               goto decryption_failed_or_bad_record_mac;
+               goto err;
                }
 
 #ifdef TLS_DEBUG
@@ -447,7 +447,7 @@ printf("\n");
                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
                        goto f_err;
 #else
-                       goto decryption_failed_or_bad_record_mac;
+                       goto err;
 #endif                 
                        }
                /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -458,14 +458,14 @@ printf("\n");
                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
 #else
-                       goto decryption_failed_or_bad_record_mac;
+                       goto err;
 #endif
                        }
                rr->length-=mac_size;
                i=s->method->ssl3_enc->mac(s,md,0);
                if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
                        {
-                       goto decryption_failed_or_bad_record_mac;
+                       goto err;
                        }
                }
 
@@ -507,14 +507,6 @@ printf("\n");
        dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
        return(1);
 
-decryption_failed_or_bad_record_mac:
-       /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
-        * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
-        * failure is directly visible from the ciphertext anyway,
-        * we should not reveal which kind of error occured -- this
-        * might become visible to an attacker (e.g. via logfile) */
-       al=SSL_AD_BAD_RECORD_MAC;
-       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
@@ -547,8 +539,7 @@ int dtls1_get_record(SSL *s)
 
        /* The epoch may have changed.  If so, process all the
         * pending records.  This is a non-blocking operation. */
-       if ( ! dtls1_process_buffered_records(s))
-            return 0;
+       dtls1_process_buffered_records(s);
 
        /* if we're renegotiating, then there may be buffered records */
        if (dtls1_get_processed_record(s))
@@ -683,8 +674,12 @@ again:
                goto again;
                }
 
-       if ( ! dtls1_process_record(s))
-               return(0);
+       if (!dtls1_process_record(s))
+               {
+               rr->length = 0;
+               s->packet_length = 0;  /* dump this record */
+               goto again;   /* get another record */
+               }
 
        dtls1_clear_timeouts(s);  /* done waiting */
        return(1);