Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index ab63b6c8fb31a7c9440ad40864157e074d66eeba..13ef517731392e3f19ae5d7da4bf97642544e0f7 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -393,8 +393,8 @@ int ssl3_enc(SSL *s, int send)
                        if (l == 0 || l%bs != 0)
                                {
                                SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
-                               return(0);
+                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+                               return 0;
                                }
                        }
                
@@ -407,9 +407,10 @@ int ssl3_enc(SSL *s, int send)
                         * padding bytes (except that last) are arbitrary */
                        if (i > bs)
                                {
-                               SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
-                               return(0);
+                               /* Incorrect padding. SSLerr() and ssl3_alert are done
+                                * by caller: we don't want to reveal whether this is
+                                * a decryption error or a MAC verification failure. */
+                               return -1;
                                }
                        rec->length-=i;
                        }