From 37133290832ac2d1389926eba7325125fdacbe8d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 4 Oct 2019 14:01:21 +0100 Subject: [PATCH] Send bad_record_mac instead of decryption_failed The decryption failed alert was deprecated a long time ago. It can provide an attacker too much information to be able to distinguish between MAC failures and decryption failures and can lead to oracle attacks. Instead we should always use the bad_record_mac alert for these issues. This fixes one instance that still exists. It does not represent a security issue in this case because it is only ever sent if the record is publicly invalid, i.e. we have detected it is invalid without using any secret material. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10093) --- ssl/record/ssl3_record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index a08b81c868..8e0b469cf4 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -594,7 +594,7 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_reset_read_sequence(&s->rlayer); return 1; } - SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD, + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); return -1; } -- 2.25.1