Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't

reveal whether illegal block cipher padding was found or a MAC verification error occured. In ssl/s2_pkt.c, verify that the purported number of padding bytes is in the legal range.
author: Bodo Möller <bodo@openssl.org> 2001-09-20 18:35:52 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-09-20 18:35:52 +0000
commit: ee60d9fb282030be3f25e951b86d74d8f2dd1bdd (patch)
tree: 307f2414af069a1717aaa5a9906dd586024d2f2e /ssl/s3_enc.c
parent: be6d77005f0d474462ed5df896596d06402c05b2 (diff)
download: openssl-ee60d9fb282030be3f25e951b86d74d8f2dd1bdd.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index ab63b6c8fb..13ef517731 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -393,8 +393,8 @@ int ssl3_enc(SSL *s, int send)
 			if (l == 0 || l%bs != 0)
 				{
 				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
-				return(0);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+				return 0;
 				}
 			}
 		
@@ -407,9 +407,10 @@ int ssl3_enc(SSL *s, int send)
 			 * padding bytes (except that last) are arbitrary */
 			if (i > bs)
 				{
-				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
-				return(0);
+				/* Incorrect padding. SSLerr() and ssl3_alert are done
+				 * by caller: we don't want to reveal whether this is
+				 * a decryption error or a MAC verification failure. */
+				return -1;
 				}
 			rec->length-=i;
 			}
author	Bodo Möller <bodo@openssl.org>	2001-09-20 18:35:52 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-09-20 18:35:52 +0000
commit	ee60d9fb282030be3f25e951b86d74d8f2dd1bdd (patch)
tree	307f2414af069a1717aaa5a9906dd586024d2f2e /ssl/s3_enc.c
parent	be6d77005f0d474462ed5df896596d06402c05b2 (diff)
download	openssl-ee60d9fb282030be3f25e951b86d74d8f2dd1bdd.tar.gz