diff options
Diffstat (limited to 'ssl/d1_enc.c')
| -rw-r--r-- | ssl/d1_enc.c | 53 |
1 files changed, 15 insertions, 38 deletions
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index baa75f9186..0ff1b41ae1 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -131,11 +131,17 @@ int dtls1_enc(SSL *s, int send) SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; - int bs,i,ii,j,k; + int bs,i,j,k,mac_size=0; const EVP_CIPHER *enc; if (send) { + if (EVP_MD_CTX_md(s->write_hash)) + { + mac_size=EVP_MD_CTX_size(s->write_hash); + if (mac_size < 0) + return -1; + } ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) @@ -156,6 +162,12 @@ int dtls1_enc(SSL *s, int send) } else { + if (EVP_MD_CTX_md(s->read_hash)) + { + mac_size=EVP_MD_CTX_size(s->read_hash); + if (mac_size < 0) + return -1; + } ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) @@ -234,44 +246,9 @@ int dtls1_enc(SSL *s, int send) } #endif /* KSSL_DEBUG */ + rec->orig_len = rec->length; if ((bs != 1) && !send) - { - ii=i=rec->data[l-1]; /* padding_length */ - i++; - if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) - { - /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, - "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) - s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - i--; - } - /* TLS 1.0 does not bound the number of padding bytes by the block size. - * All of them must have value 'padding_length'. */ - if (i + bs > (int)rec->length) - { - /* Incorrect padding. SSLerr() and ssl3_alert are done - * by caller: we don't want to reveal whether this is - * a decryption error or a MAC verification failure - * (see http://www.openssl.org/~bodo/tls-cbc.txt) - */ - return -1; - } - for (j=(int)(l-i); j<(int)l; j++) - { - if (rec->data[j] != ii) - { - /* Incorrect padding */ - return -1; - } - } - rec->length-=i; - - rec->data += bs; /* skip the implicit IV */ - rec->input += bs; - rec->length -= bs; - } + return tls1_cbc_remove_padding(s, rec, bs, mac_size); } return(1); } |