generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't use decryption_failed alert for TLS v1.1 or later.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2011-01-04 19:39:42 +00:00
parent a8515e2d28
commit 4577b38d22
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/t1_enc.c
View File

@ -757,6 +757,8 @@ int tls1_enc(SSL *s, int send)
{ {
if (l == 0 || l%bs != 0) if (l == 0 || l%bs != 0)
{ {
if (s->version >= TLS1_1_VERSION)
return -1;
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0; return 0;