diff options
author | nelsonb%netscape.com <devnull@localhost> | 2002-08-07 20:01:51 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2002-08-07 20:01:51 +0000 |
commit | 9fbee693afc5184c7878e882b535ffb36fb80c92 (patch) | |
tree | 247e04203f045aadd4ef957c4173d5c1a3bff1ba | |
parent | 245a4875a2cf5644fe279f5d5ea82751af4bf227 (diff) | |
download | nss-hg-9fbee693afc5184c7878e882b535ffb36fb80c92.tar.gz |
Fix bug 160207 by changing the error alerts we send for failed decryption.
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 5b1d1d4a1..ef59ac71a 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -7448,8 +7448,8 @@ const ssl3BulkCipherDef *cipher_def; if (rv != SECSuccess) { ssl_ReleaseSpecReadLock(ss); ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); - if (isTLS) - (void)SSL3_SendAlert(ss, alert_fatal, decryption_failed); + SSL3_SendAlert(ss, alert_fatal, + isTLS ? decryption_failed : bad_record_mac); ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); return SECFailure; } @@ -7469,9 +7469,8 @@ const ssl3BulkCipherDef *cipher_def; bad_pad: /* must not hold spec lock when calling SSL3_SendAlert. */ ssl_ReleaseSpecReadLock(ss); - /* SSL3 doesn't have an alert for bad padding, so use bad mac. */ - SSL3_SendAlert(ss, alert_fatal, - isTLS ? decryption_failed : bad_record_mac); + /* SSL3 & TLS must send bad_record_mac if padding check fails. */ + SSL3_SendAlert(ss, alert_fatal, bad_record_mac); PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); return SECFailure; } |