Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed

alert.
2011-01-04 19:33:01 +00:00
parent f4a4a0fdc7
commit 119e912a83
2 changed files with 3 additions and 6 deletions
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -220,11 +220,7 @@ int dtls1_enc(SSL *s, int send)
 		if (!send)
 			{
 			if (l == 0 || l%bs != 0)
-				{
-				SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-				return 0;
-				}
+				return -1;
 			}
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -374,7 +374,8 @@ dtls1_process_record(SSL *s)
 			goto err;

 		/* otherwise enc_err == -1 */
-		goto err;
+		al=SSL_AD_BAD_RECORD_MAC;
+		goto f_err;
 		}

 #ifdef TLS_DEBUG