diff options
| author | tb <> | 2020-02-23 17:59:03 +0000 |
|---|---|---|
| committer | tb <> | 2020-02-23 17:59:03 +0000 |
| commit | f7068da762f1722779f9014bd142022d4edb6198 (patch) | |
| tree | 2ce89507c167f7d3e5f930c05c1572f954208297 /src/lib/libssl/ssl_pkt.c | |
| parent | 44f7380f9835fc1d4d0472a15e3b8a1891612b69 (diff) | |
| download | openbsd-f7068da762f1722779f9014bd142022d4edb6198.tar.gz openbsd-f7068da762f1722779f9014bd142022d4edb6198.tar.bz2 openbsd-f7068da762f1722779f9014bd142022d4edb6198.zip | |
The decryption_failed alert must not be sent by compliant implementations.
Use a bad_record_mac alert instead.
Found with tlsfuzzer's ChaCha20 test.
ok beck inoguchi jsing
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
| -rw-r--r-- | src/lib/libssl/ssl_pkt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index d3a372fc6d..c6ec67545d 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_pkt.c,v 1.19 2020/02/21 16:16:59 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.20 2020/02/23 17:59:03 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -437,7 +437,7 @@ ssl3_get_record(SSL *s) | |||
| 437 | * 1: if the padding is valid | 437 | * 1: if the padding is valid |
| 438 | * -1: if the padding is invalid */ | 438 | * -1: if the padding is invalid */ |
| 439 | if (enc_err == 0) { | 439 | if (enc_err == 0) { |
| 440 | al = SSL_AD_DECRYPTION_FAILED; | 440 | al = SSL_AD_BAD_RECORD_MAC; |
| 441 | SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | 441 | SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); |
| 442 | goto f_err; | 442 | goto f_err; |
| 443 | } | 443 | } |