Fix warnings.

[openssl.git] / ssl / d1_pkt.c
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index 93b3408be53e8024b3c85c88c8215e377df8278a..1fd58bf598a706411559bf1ce8695ba76cbbf68c 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s)
      item = pqueue_peek(s->d1->unprocessed_rcds.q);
      if (item)
          {
-        DTLS1_RECORD_DATA *rdata;
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        
          /* Check if epoch is current. */
          if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
              return(1);  /* Nothing to do. */
@@ -417,7 +414,7 @@ dtls1_process_record(SSL *s)
                         goto err;
  
                 /* otherwise enc_err == -1 */
-               goto decryption_failed_or_bad_record_mac;
+               goto err;
                 }
  
  #ifdef TLS_DEBUG
@@ -447,7 +444,7 @@ printf("\n");
                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
                         goto f_err;
  #else
-                       goto decryption_failed_or_bad_record_mac;
+                       goto err;
  #endif                 
                         }
                 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -458,14 +455,14 @@ printf("\n");
                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                         goto f_err;
  #else
-                       goto decryption_failed_or_bad_record_mac;
+                       goto err;
  #endif
                         }
                 rr->length-=mac_size;
                 i=s->method->ssl3_enc->mac(s,md,0);
                 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
                         {
-                       goto decryption_failed_or_bad_record_mac;
+                       goto err;
                         }
                 }
  
@@ -507,14 +504,6 @@ printf("\n");
         dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
         return(1);
  
-decryption_failed_or_bad_record_mac:
-       /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
-        * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
-        * failure is directly visible from the ciphertext anyway,
-        * we should not reveal which kind of error occured -- this
-        * might become visible to an attacker (e.g. via logfile) */
-       al=SSL_AD_BAD_RECORD_MAC;
-       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
  f_err:
         ssl3_send_alert(s,SSL3_AL_FATAL,al);
  err:
@@ -536,19 +525,16 @@ int dtls1_get_record(SSL *s)
         int ssl_major,ssl_minor;
         int i,n;
         SSL3_RECORD *rr;
-       SSL_SESSION *sess;
         unsigned char *p = NULL;
         unsigned short version;
         DTLS1_BITMAP *bitmap;
         unsigned int is_next_epoch;
  
         rr= &(s->s3->rrec);
-       sess=s->session;
  
         /* The epoch may have changed.  If so, process all the
          * pending records.  This is a non-blocking operation. */
-       if ( ! dtls1_process_buffered_records(s))
-            return 0;
+       dtls1_process_buffered_records(s);
  
         /* if we're renegotiating, then there may be buffered records */
         if (dtls1_get_processed_record(s))
@@ -683,8 +669,12 @@ again:
                 goto again;
                 }
  
-       if ( ! dtls1_process_record(s))
-               return(0);
+       if (!dtls1_process_record(s))
+               {
+               rr->length = 0;
+               s->packet_length = 0;  /* dump this record */
+               goto again;   /* get another record */
+               }
  
         dtls1_clear_timeouts(s);  /* done waiting */
         return(1);