From: Dr. Stephen Henson Date: Tue, 4 Jan 2011 19:34:20 +0000 (+0000) Subject: Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed X-Git-Tag: OpenSSL-fips-2_0-rc1~886 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a47577164c465cfccbabd820c0d8f362f0242e34;p=oweals%2Fopenssl.git Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert. --- diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index 8fa57347a9..becbab91c2 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) - { - SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return 0; - } + return -1; } EVP_Cipher(ds,rec->data,rec->input,l); diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index ee67561a89..467711077e 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -414,7 +414,8 @@ dtls1_process_record(SSL *s) goto err; /* otherwise enc_err == -1 */ - goto err; + al=SSL_AD_BAD_RECORD_MAC; + goto f_err; } #ifdef TLS_DEBUG