Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed

author Dr. Stephen Henson <steve@openssl.org>

Tue, 4 Jan 2011 19:33:01 +0000 (19:33 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 4 Jan 2011 19:33:01 +0000 (19:33 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:33:01 +0000 (19:33 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:33:01 +0000 (19:33 +0000)
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c

index 4a6c9090314d293c62c708c0aa6f748d9eb0d54f..bb96c8a20ccf10794304bf6d8df6ac60424953e2 100644 (file)
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -220,11 +220,7 @@ int dtls1_enc(SSL *s, int send)
                 if (!send)
                         {
                         if (l == 0 || l%bs != 0)
-                               {
-                               SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-                               return 0;
-                               }
+                               return -1;
                         }
                 
                 EVP_Cipher(ds,rec->data,rec->input,l);
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index 3f19077af111ee5c25a8e018d45e44f6e980851f..b840a15a12d68bfb26af1a504e04d42d2ac95105 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -374,7 +374,8 @@ dtls1_process_record(SSL *s)
                         goto err;
  
                 /* otherwise enc_err == -1 */
-               goto err;
+               al=SSL_AD_BAD_RECORD_MAC;
+               goto f_err;
                 }
  
  #ifdef TLS_DEBUG
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 4 Jan 2011 19:33:01 +0000 (19:33 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 4 Jan 2011 19:33:01 +0000 (19:33 +0000)
ssl/d1_enc.c		patch \| blob \| history
ssl/d1_pkt.c		patch \| blob \| history