Update DTLS code to match CBC decoding in TLS.
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900)
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 3e60f50..032a855 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -291,7 +291,6 @@
unsigned char md[EVP_MAX_MD_SIZE];
short version;
unsigned mac_size;
- int clear=0;
size_t extra;
rr= &(s->s3->rrec);
@@ -410,8 +409,9 @@
* -1: if the padding is invalid */
if (enc_err == 0)
{
- /* SSLerr() and ssl3_send_alert() have been called */
- goto err;
+ al=SSL_AD_DECRYPTION_FAILED;
+ SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ goto f_err;
}
#ifdef TLS_DEBUG
@@ -421,14 +421,11 @@
#endif
/* r->length is now the compressed data plus mac */
- if ( (sess == NULL) ||
- (s->enc_read_ctx == NULL) ||
- (EVP_MD_CTX_md(s->read_hash) == NULL))
- clear=1;
-
- if (!clear)
+ if ((sess != NULL) &&
+ (s->enc_read_ctx != NULL) &&
+ (EVP_MD_CTX_md(s->read_hash) != NULL))
{
- /* !clear => s->read_hash != NULL => mac_size != -1 */
+ /* s->read_hash != NULL => mac_size != -1 */
unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size=EVP_MD_CTX_size(s->read_hash);
