Hi, everyone. This is in reference to openssl-SNAP-20101222 and openssl-1.0.1-stable-SNAP-20101004.
RFC 4346 (TLS 1.1) section 7.2.2 says that bad_record_mac MUST be returned if a received record decrypts in an invalid way, including having an invalid size. However, there seems to be a path that returns decryption_failed and never returns bad_record_mac: ssl3_get_record() calls: enc_err = s->method->ssl3_enc->enc(s,0); which calls tls1_enc(). If that finds a record length that's either zero or not a multiple of the block length, then it sends decryption_failed and returns zero. ssl3_get_record() sees the return value (enc_err) is zero and goes to err, which exits. At that point, bad_record_mac has not been returned, which seems to violate the requirement. Am I misinterpreting the code, or does this need to be fixed? (The fix would seem to be for tls1_enc() to return bad_record_mac instead of decryption_failed for TLS 1.1 and later.) thanks, Paul ________________________________________________________________________ _____________________________ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com Preserving the World's Most Important Data. Yours.(tm) ---------------------------------------------------------------------- The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.