diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-02-23 17:59:04 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-02-23 17:59:04 +0000 |
| commit | ec103febcdc2b88677ddccda0b04db6cfba414ba (patch) | |
| tree | 9a94596c7f120d60453f16f6905c416481b2b5b3 | |
| parent | 8495b92047543113282c7304c2fcfb649c5f19d1 (diff) | |
The decryption_failed alert must not be sent by compliant implementations.
Use a bad_record_mac alert instead.
Found with tlsfuzzer's ChaCha20 test.
ok beck inoguchi jsing
| -rw-r--r-- | lib/libssl/ssl_pkt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index d3a372fc6d9..c6ec67545da 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.19 2020/02/21 16:16:59 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.20 2020/02/23 17:59:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -437,7 +437,7 @@ ssl3_get_record(SSL *s) * 1: if the padding is valid * -1: if the padding is invalid */ if (enc_err == 0) { - al = SSL_AD_DECRYPTION_FAILED; + al = SSL_AD_BAD_RECORD_MAC; SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); goto f_err; } |