[openssl] master update
Matt Caswell
matt at openssl.org
Mon Oct 7 07:29:49 UTC 2019
The branch master has been updated
via 37133290832ac2d1389926eba7325125fdacbe8d (commit)
from a56f68adb7aaada4848d422125bee87ea6c3f483 (commit)
- Log -----------------------------------------------------------------
commit 37133290832ac2d1389926eba7325125fdacbe8d
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 4 14:01:21 2019 +0100
Send bad_record_mac instead of decryption_failed
The decryption failed alert was deprecated a long time ago. It can
provide an attacker too much information to be able to distinguish between
MAC failures and decryption failures and can lead to oracle attacks.
Instead we should always use the bad_record_mac alert for these issues.
This fixes one instance that still exists. It does not represent a
security issue in this case because it is only ever sent if the record is
publicly invalid, i.e. we have detected it is invalid without using any
secret material.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10093)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/ssl3_record.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index a08b81c868..8e0b469cf4 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -594,7 +594,7 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_reset_read_sequence(&s->rlayer);
return 1;
}
- SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
+ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
return -1;
}
More information about the openssl-commits
mailing list