Add certificate callback. If set this is called whenever a certificate

[openssl.git] / ssl / d1_pkt.c
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index 5fe1321fcad2ffe9aa31b6f7c9b7058d6daa1b11..987af608358d914a72fa8a4620d7faf8188d22f0 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -179,7 +179,6 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
  static int dtls1_buffer_record(SSL *s, record_pqueue *q,
         unsigned char *priority);
  static int dtls1_process_record(SSL *s);
-static void dtls1_clear_timeouts(SSL *s);
  
  /* copy buffered record into SSL structure */
  static int
@@ -383,6 +382,8 @@ dtls1_process_record(SSL *s)
         SSL3_RECORD *rr;
         unsigned int mac_size;
         unsigned char md[EVP_MAX_MD_SIZE];
+       int decryption_failed_or_bad_record_mac = 0;
+       unsigned char *mac = NULL;
  
  
         rr= &(s->s3->rrec);
@@ -417,13 +418,10 @@ dtls1_process_record(SSL *s)
         enc_err = s->method->ssl3_enc->enc(s,0);
         if (enc_err <= 0)
                 {
-               /* decryption failed, silently discard message */
-               if (enc_err < 0)
-                       {
-                       rr->length = 0;
-                       s->packet_length = 0;
-                       }
-               goto err;
+               /* To minimize information leaked via timing, we will always
+                * perform all computations before discarding the message.
+                */
+               decryption_failed_or_bad_record_mac = 1;
                 }
  
  #ifdef TLS_DEBUG
@@ -453,28 +451,32 @@ printf("\n");
                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
                         goto f_err;
  #else
-                       goto err;
+                       decryption_failed_or_bad_record_mac = 1;
  #endif                 
                         }
                 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-               if (rr->length < mac_size)
+               if (rr->length >= mac_size)
                         {
-#if 0 /* OK only for stream ciphers */
-                       al=SSL_AD_DECODE_ERROR;
-                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
-                       goto f_err;
-#else
-                       goto err;
-#endif
+                       rr->length -= mac_size;
+                       mac = &rr->data[rr->length];
                         }
-               rr->length-=mac_size;
+               else
+                       rr->length = 0;
                 i=s->method->ssl3_enc->mac(s,md,0);
-               if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+               if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
                         {
-                       goto err;
+                       decryption_failed_or_bad_record_mac = 1;
                         }
                 }
  
+       if (decryption_failed_or_bad_record_mac)
+               {
+               /* decryption failed, silently discard message */
+               rr->length = 0;
+               s->packet_length = 0;
+               goto err;
+               }
+
         /* r->length is now just compressed */
         if (s->expand != NULL)
                 {
@@ -695,7 +697,6 @@ again:
                 goto again;   /* get another record */
                 }
  
-       dtls1_clear_timeouts(s);  /* done waiting */
         return(1);
  
         }
@@ -937,6 +938,19 @@ start:
                         dest = s->d1->alert_fragment;
                         dest_len = &s->d1->alert_fragment_len;
                         }
+#ifndef OPENSSL_NO_HEARTBEATS
+               else if (rr->type == TLS1_RT_HEARTBEAT)
+                       {
+                       dtls1_process_heartbeat(s);
+
+                       /* Exit and notify application to read again */
+                       rr->length = 0;
+                       s->rwstate=SSL_READING;
+                       BIO_clear_retry_flags(SSL_get_rbio(s));
+                       BIO_set_retry_read(SSL_get_rbio(s));
+                       return(-1);
+                       }
+#endif
                 /* else it's a CCS message, or application data or wrong */
                 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
                         {
@@ -1234,6 +1248,9 @@ start:
                  */
                 if (msg_hdr.type == SSL3_MT_FINISHED)
                         {
+                       if (dtls1_check_timeout_num(s) < 0)
+                               return -1;
+
                         dtls1_retransmit_buffered_messages(s);
                         rr->length = 0;
                         goto start;
@@ -1857,10 +1874,3 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
  
         memset(seq, 0x00, seq_bytes);
         }
-
-
-static void
-dtls1_clear_timeouts(SSL *s)
-       {
-       memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
-       }