generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed

Browse Source 
alert.
This commit is contained in:
Dr. Stephen Henson 2011-01-04 19:33:22 +00:00
parent c222de16ce
commit fb5a0fb8f1
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/d1_enc.c
View File

@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
if (!send) if (!send)
{ {
if (l == 0 || l%bs != 0) if (l == 0 || l%bs != 0)
{ return -1;
SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0;
}
} }
EVP_Cipher(ds,rec->data,rec->input,l); EVP_Cipher(ds,rec->data,rec->input,l);

3
ssl/d1_pkt.c
View File

@ -414,7 +414,8 @@ dtls1_process_record(SSL *s)
goto err; goto err;
/* otherwise enc_err == -1 */ /* otherwise enc_err == -1 */
goto err; al=SSL_AD_BAD_RECORD_MAC;
goto f_err;
} }
#ifdef TLS_DEBUG #ifdef TLS_DEBUG