summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2020-02-23 17:59:04 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2020-02-23 17:59:04 +0000
commitec103febcdc2b88677ddccda0b04db6cfba414ba (patch)
tree9a94596c7f120d60453f16f6905c416481b2b5b3 /lib
parent8495b92047543113282c7304c2fcfb649c5f19d1 (diff)
The decryption_failed alert must not be sent by compliant implementations.
Use a bad_record_mac alert instead. Found with tlsfuzzer's ChaCha20 test. ok beck inoguchi jsing
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl_pkt.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index d3a372fc6d9..c6ec67545da 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.19 2020/02/21 16:16:59 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.20 2020/02/23 17:59:03 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -437,7 +437,7 @@ ssl3_get_record(SSL *s)
* 1: if the padding is valid
* -1: if the padding is invalid */
if (enc_err == 0) {
- al = SSL_AD_DECRYPTION_FAILED;
+ al = SSL_AD_BAD_RECORD_MAC;
SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
goto f_err;
}