Don't crash when processing a zero-length, TLS >= 1.1 record.

[openssl.git] / ssl / t1_enc.c

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 8153b2ca4326dfbd9b54f3a47e18e8266c3d4b59..4b31742783d6d60308d8c52281b06bf9e5a6768b 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -691,6 +691,15 @@ err:
        return(ret);
        }
 
+/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured.
+ */
 int tls1_enc(SSL *s, int send)
        {
        SSL3_RECORD *rec;
@@ -841,8 +850,6 @@ int tls1_enc(SSL *s, int send)
                        {
                        if (l == 0 || l%bs != 0)
                                {
-                               if (s->version >= TLS1_1_VERSION)
-                                       return -1;
                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                return 0;
@@ -870,8 +877,6 @@ int tls1_enc(SSL *s, int send)
                }
 #endif /* KSSL_DEBUG */
 
-               rec->orig_len = rec->length;
-
                ret = 1;
                if (EVP_MD_CTX_md(s->read_hash) != NULL)
                        mac_size = EVP_MD_CTX_size(s->read_hash);