158a159,161
>
> /* Set proper sequence number for mac calculation */
> memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
256,258d258
< DTLS1_RECORD_DATA *rdata;
< rdata = (DTLS1_RECORD_DATA *)item->data;
<
331c331
< int i,al;
---
> int al;
377c377
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
403c403
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
414c414
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
418c418
< i=s->method->ssl3_enc->mac(s,md,0);
---
> s->method->ssl3_enc->mac(s,md,0);
421c421
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
463,470d462
< decryption_failed_or_bad_record_mac:
< /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
< * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
< * failure is directly visible from the ciphertext anyway,
< * we should not reveal which kind of error occured -- this
< * might become visible to an attacker (e.g. via logfile) */
< al=SSL_AD_BAD_RECORD_MAC;
< SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
492d483
< SSL_SESSION *sess;
499d489
< sess=s->session;
503,504c493
< if ( ! dtls1_process_buffered_records(s))
< return 0;
---
> dtls1_process_buffered_records(s);
627,635c616,625
< /* If this record is from the next epoch (either HM or ALERT), buffer it
< * since it cannot be processed at this time.
< * Records from the next epoch are marked as received even though they are
< * not processed, so as to prevent any potential resource DoS attack */
< if (is_next_epoch)
< {
< dtls1_record_bitmap_update(s, bitmap);
< dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
< rr->length = 0;
---
> /* If this record is from the next epoch (either HM or ALERT),
> * and a handshake is currently in progress, buffer it since it
> * cannot be processed at this time. */
> if (is_next_epoch)
> {
> if (SSL_in_init(s) || s->in_handshake)
> {
> dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
> }
> rr->length = 0;
640,641c630,635
< if ( ! dtls1_process_record(s))
< return(0);
---
> if (!dtls1_process_record(s))
> {
> rr->length = 0;
> s->packet_length=0; /* dump this record */
> goto again; /* get another record */
> }
769c763
< dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
---
> dtls1_buffer_record(s, &(s->d1->buffered_app_data), &rr->seq_num);
>
> /* Set proper sequence number for mac calculation */
> memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
256,258d258
< DTLS1_RECORD_DATA *rdata;
< rdata = (DTLS1_RECORD_DATA *)item->data;
<
331c331
< int i,al;
---
> int al;
377c377
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
403c403
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
414c414
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
418c418
< i=s->method->ssl3_enc->mac(s,md,0);
---
> s->method->ssl3_enc->mac(s,md,0);
421c421
< goto decryption_failed_or_bad_record_mac;
---
> goto err;
463,470d462
< decryption_failed_or_bad_record_mac:
< /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
< * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
< * failure is directly visible from the ciphertext anyway,
< * we should not reveal which kind of error occured -- this
< * might become visible to an attacker (e.g. via logfile) */
< al=SSL_AD_BAD_RECORD_MAC;
< SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
492d483
< SSL_SESSION *sess;
499d489
< sess=s->session;
503,504c493
< if ( ! dtls1_process_buffered_records(s))
< return 0;
---
> dtls1_process_buffered_records(s);
627,635c616,625
< /* If this record is from the next epoch (either HM or ALERT), buffer it
< * since it cannot be processed at this time.
< * Records from the next epoch are marked as received even though they are
< * not processed, so as to prevent any potential resource DoS attack */
< if (is_next_epoch)
< {
< dtls1_record_bitmap_update(s, bitmap);
< dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
< rr->length = 0;
---
> /* If this record is from the next epoch (either HM or ALERT),
> * and a handshake is currently in progress, buffer it since it
> * cannot be processed at this time. */
> if (is_next_epoch)
> {
> if (SSL_in_init(s) || s->in_handshake)
> {
> dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
> }
> rr->length = 0;
640,641c630,635
< if ( ! dtls1_process_record(s))
< return(0);
---
> if (!dtls1_process_record(s))
> {
> rr->length = 0;
> s->packet_length=0; /* dump this record */
> goto again; /* get another record */
> }
769c763
< dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
---
> dtls1_buffer_record(s, &(s->d1->buffered_app_data), &rr->seq_num);