commit e33ac0e71d9ea52143333223a318b38f3ce1ee52
author Ben Laurie <ben@links.org> Mon Jan 28 17:34:33 2013 +0000
committer Dr. Stephen Henson <steve@openssl.org> Wed Feb 06 14:19:07 2013 +0000
tree 3b16600f753e187393f2a4b60515e9fcc9cf04e6
parent 93cab6b319e354517841ae202fb884f7e45bb48e

Update DTLS code to match CBC decoding in TLS.

This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900)

ssl/d1_enc.c

diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index da42348..712c464 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -126,6 +126,14 @@
 #include <openssl/des.h>
 #endif
 
+/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured. */
 int dtls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
@@ -165,8 +173,7 @@
 		if (EVP_MD_CTX_md(s->read_hash))
 			{
 			mac_size=EVP_MD_CTX_size(s->read_hash);
-			if (mac_size < 0)
-				return -1;
+			OPENSSL_assert(mac_size >= 0);
 			}
 		ds=s->enc_read_ctx;
 		rec= &(s->s3->rrec);
@@ -231,7 +238,7 @@
 		if (!send)
 			{
 			if (l == 0 || l%bs != 0)
-				return -1;
+				return 0;
 			}
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);