Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
authorDr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:33:22 +0000 (19:33 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:33:22 +0000 (19:33 +0000)
alert.

ssl/d1_enc.c
ssl/d1_pkt.c

index 8fa57347a99e646d5f30b49a87673e2934270585..becbab91c219617452c9bacda251dadaf93331ee 100644 (file)
@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
                if (!send)
                        {
                        if (l == 0 || l%bs != 0)
-                               {
-                               SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-                               return 0;
-                               }
+                               return -1;
                        }
                
                EVP_Cipher(ds,rec->data,rec->input,l);
index 1fd58bf598a706411559bf1ce8695ba76cbbf68c..c1051422258ae096e7840176b981204414fa0efe 100644 (file)
@@ -414,7 +414,8 @@ dtls1_process_record(SSL *s)
                        goto err;
 
                /* otherwise enc_err == -1 */
-               goto err;
+               al=SSL_AD_BAD_RECORD_MAC;
+               goto f_err;
                }
 
 #ifdef TLS_DEBUG