From 18cb47d15856a55b498c1011d26d7c72e8f90124 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 23 Feb 2020 17:59:03 +0000
Subject: The decryption_failed alert must not be sent by compliant
 implementations. Use a bad_record_mac alert instead.

Found with tlsfuzzer's ChaCha20 test.

ok beck inoguchi jsing
---
 src/lib/libssl/ssl_pkt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index d3a372fc6d..c6ec67545d 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.19 2020/02/21 16:16:59 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.20 2020/02/23 17:59:03 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -437,7 +437,7 @@ ssl3_get_record(SSL *s)
 	 *    1: if the padding is valid
 	 *    -1: if the padding is invalid */
 	if (enc_err == 0) {
-		al = SSL_AD_DECRYPTION_FAILED;
+		al = SSL_AD_BAD_RECORD_MAC;
 		SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
 		goto f_err;
 	}
-- 
cgit v1.2.3-55-g6feb