diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-09-01 14:01:36 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-09-01 14:01:36 +0000 |
commit | 6a662a45f3d15ae6d0cd895320d21a566fb55fea (patch) | |
tree | 24df0380a792ed8d30b3bb3ae35dc3e3e152f9c1 /ssl | |
parent | 24d0524f317e167c1a35bde1e4a67edab2806c3e (diff) | |
download | openssl-new-6a662a45f3d15ae6d0cd895320d21a566fb55fea.tar.gz |
PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_pkt.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index b840a15a12..e4f47e98e6 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -369,13 +369,13 @@ dtls1_process_record(SSL *s) enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err <= 0) { - if (enc_err == 0) - /* SSLerr() and ssl3_send_alert() have been called */ - goto err; - - /* otherwise enc_err == -1 */ - al=SSL_AD_BAD_RECORD_MAC; - goto f_err; + /* decryption failed, silently discard message */ + if (enc_err < 0) + { + rr->length = 0; + s->packet_length = 0; + } + goto err; } #ifdef TLS_DEBUG @@ -616,10 +616,12 @@ again: /* If this record is from the next epoch (either HM or ALERT), * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. */ + * cannot be processed at this time. However, do not buffer + * anything while listening. + */ if (is_next_epoch) { - if (SSL_in_init(s) || s->in_handshake) + if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num); } |