diff options
author | Bodo Möller <bodo@openssl.org> | 2001-09-20 18:35:52 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-09-20 18:35:52 +0000 |
commit | ee60d9fb282030be3f25e951b86d74d8f2dd1bdd (patch) | |
tree | 307f2414af069a1717aaa5a9906dd586024d2f2e /ssl/s3_enc.c | |
parent | be6d77005f0d474462ed5df896596d06402c05b2 (diff) | |
download | openssl-ee60d9fb282030be3f25e951b86d74d8f2dd1bdd.tar.gz |
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
Diffstat (limited to 'ssl/s3_enc.c')
-rw-r--r-- | ssl/s3_enc.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index ab63b6c8fb..13ef517731 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -393,8 +393,8 @@ int ssl3_enc(SSL *s, int send) if (l == 0 || l%bs != 0) { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; } } @@ -407,9 +407,10 @@ int ssl3_enc(SSL *s, int send) * padding bytes (except that last) are arbitrary */ if (i > bs) { - SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is + * a decryption error or a MAC verification failure. */ + return -1; } rec->length-=i; } |