Hi, everyone.
This is in reference to openssl-SNAP-20101222 and
openssl-1.0.1-stable-SNAP-20101004.
RFC 4346 (TLS 1.1) section 7.2.2 says that bad_record_mac MUST be
returned if a received record decrypts in an invalid way, including
having an invalid size. However, there seems to be a path that returns
decryption_failed and never returns bad_record_mac:
ssl3_get_record() calls:
enc_err = s->method->ssl3_enc->enc(s,0);
which calls tls1_enc(). If that finds a record length that's either
zero or not a multiple of the block length, then it sends
decryption_failed and returns zero.
ssl3_get_record() sees the return value (enc_err) is zero and goes to
err, which exits.
At that point, bad_record_mac has not been returned, which seems to
violate the requirement.
Am I misinterpreting the code, or does this need to be fixed? (The fix
would seem to be for tls1_enc() to return bad_record_mac instead of
decryption_failed for TLS 1.1 and later.)
thanks,
Paul
________________________________________________________________________
_____________________________
Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office:
949.856.7748 | paul.suh...@quantum.com
Preserving the World's Most Important Data. Yours.(tm)
----------------------------------------------------------------------
The information contained in this transmission may be confidential. Any
disclosure, copying, or further distribution of confidential information is not
permitted unless such privilege is explicitly granted in writing by Quantum.
Quantum reserves the right to have electronic communications, including email
and attachments, sent across its networks filtered through anti virus and spam
software programs and retain such messages in order to comply with applicable
data security and retention requirements. Quantum is not responsible for the
proper and complete transmission of the substance of this communication or for
any delay in its receipt.
