Don't use decryption_failed alert for TLS v1.1 or later.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c

index 2b3fd30e428882cb8a291ef1fc40e6756c780c5e..c418d3217ae7a62d81ed910caabb3a835cad062a 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -757,6 +757,8 @@ int tls1_enc(SSL *s, int send)
                         {
                         if (l == 0 || l%bs != 0)
                                 {
+                               if (s->version >= TLS1_1_VERSION)
+                                       return -1;
                                 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                                 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                 return 0;
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)