提交 a4757716 编写于 作者: D Dr. Stephen Henson

Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed

alert.
上级 09d84e03
......@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
if (!send)
{
if (l == 0 || l%bs != 0)
{
SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0;
}
return -1;
}
EVP_Cipher(ds,rec->data,rec->input,l);
......
......@@ -414,7 +414,8 @@ dtls1_process_record(SSL *s)
goto err;
/* otherwise enc_err == -1 */
goto err;
al=SSL_AD_BAD_RECORD_MAC;
goto f_err;
}
#ifdef TLS_DEBUG
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册