diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-01-04 19:33:01 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-01-04 19:33:01 +0000 |
| commit | 119e912a8340e1ca869c415bc3b374a0ceaecd81 (patch) | |
| tree | f77e5448dff5dac91f5235bca98961418037673c /ssl | |
| parent | f4a4a0fdc7843c927f23113771e8cdbf4d05089a (diff) | |
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_enc.c | 6 | ||||
| -rw-r--r-- | ssl/d1_pkt.c | 3 |
2 files changed, 3 insertions, 6 deletions
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index 4a6c909031..bb96c8a20c 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -220,11 +220,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) - { - SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return 0; - } + return -1; } EVP_Cipher(ds,rec->data,rec->input,l); diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 3f19077af1..b840a15a12 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -374,7 +374,8 @@ dtls1_process_record(SSL *s) goto err; /* otherwise enc_err == -1 */ - goto err; + al=SSL_AD_BAD_RECORD_MAC; + goto f_err; } #ifdef TLS_DEBUG |