diff options
author | kris <kris@FreeBSD.org> | 2002-01-27 03:13:07 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2002-01-27 03:13:07 +0000 |
commit | 1f8c2aa1763b5d8a328b2fd4053396e94ea48d35 (patch) | |
tree | 844bea9e360a2132b36667e0042dd30ac9f931ff /crypto/openssl/ssl/t1_enc.c | |
parent | 3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6 (diff) | |
download | FreeBSD-src-1f8c2aa1763b5d8a328b2fd4053396e94ea48d35.zip FreeBSD-src-1f8c2aa1763b5d8a328b2fd4053396e94ea48d35.tar.gz |
Initial import of OpenSSL 0.9.6c
Diffstat (limited to 'crypto/openssl/ssl/t1_enc.c')
-rw-r--r-- | crypto/openssl/ssl/t1_enc.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index a0758e9..ff4f0c8 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -452,8 +452,8 @@ int tls1_enc(SSL *s, int send) if (l == 0 || l%bs != 0) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; } } @@ -476,17 +476,18 @@ int tls1_enc(SSL *s, int send) * All of them must have value 'padding_length'. */ if (i > (int)rec->length) { - SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return(0); + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is + * a decryption error or a MAC verification failure + * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ + return -1; } for (j=(int)(l-i); j<(int)l; j++) { if (rec->data[j] != ii) { - SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return(0); + /* Incorrect padding */ + return -1; } } rec->length-=i; |