Update DTLS code to match CBC decoding in TLS.

This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.

1 files changed, 7 insertions, 10 deletions

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index dd98e698bf..dba6653589 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -291,7 +291,6 @@ static int ssl3_get_record(SSL *s)
 	unsigned char md[EVP_MAX_MD_SIZE];
 	short version;
 	unsigned mac_size;
-	int clear=0;
 	size_t extra;
 
 	rr= &(s->s3->rrec);
@@ -408,8 +407,9 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 	 *    -1: if the padding is invalid */
 	if (enc_err == 0)
 		{
-		/* SSLerr() and ssl3_send_alert() have been called */
-		goto err;
+		al=SSL_AD_DECRYPTION_FAILED;
+		SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+		goto f_err;
 		}
 
 #ifdef TLS_DEBUG
@@ -419,14 +419,11 @@ printf("\n");
 #endif
 
 	/* r->length is now the compressed data plus mac */
-	if (	(sess == NULL) ||
-		(s->enc_read_ctx == NULL) ||
-		(EVP_MD_CTX_md(s->read_hash) == NULL))
-		clear=1;
-
-	if (!clear)
+	if ((sess != NULL) &&
+	    (s->enc_read_ctx != NULL) &&
+	    (EVP_MD_CTX_md(s->read_hash) != NULL))
 		{
-		/* !clear => s->read_hash != NULL => mac_size != -1 */
+		/* s->read_hash != NULL => mac_size != -1 */
 		unsigned char *mac = NULL;
 		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
 		mac_size=EVP_MD_CTX_size(s->read_hash);