diff options
author | Ingela Anderton Andin <[email protected]> | 2010-11-12 12:04:58 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2010-11-12 12:04:58 +0100 |
commit | 49f6d49d77adb123800f5ff7b7726a8aecb3a87c (patch) | |
tree | 34af4f57091cac8d80b294c07b503bbac4f796f0 /lib/ssl/src/ssl_cipher.erl | |
parent | 7bfe74c3aca1a676a989d33e27059b59bad083c5 (diff) | |
parent | 7400f4e990c0e33c0b1f1638f055a2a7c76b4fa3 (diff) | |
download | otp-49f6d49d77adb123800f5ff7b7726a8aecb3a87c.tar.gz otp-49f6d49d77adb123800f5ff7b7726a8aecb3a87c.tar.bz2 otp-49f6d49d77adb123800f5ff7b7726a8aecb3a87c.zip |
Merge branch 'ia/ssl-decryption-error/OTP-8930' into dev
* ia/ssl-decryption-error/OTP-8930:
Added "DECRYPTION_FAILED ALERT" for block decipher failure.
Diffstat (limited to 'lib/ssl/src/ssl_cipher.erl')
-rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 9824e17fcd..175d589931 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -164,22 +164,22 @@ decipher(?AES, HashSz, CipherState, Fragment, Version) -> block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0, HashSz, Fragment, Version) -> - ?DBG_HEX(Key), - ?DBG_HEX(IV), - ?DBG_HEX(Fragment), - T = Fun(Key, IV, Fragment), - ?DBG_HEX(T), - GBC = generic_block_cipher_from_bin(T, HashSz), - case is_correct_padding(GBC, Version) of - true -> - Content = GBC#generic_block_cipher.content, - Mac = GBC#generic_block_cipher.mac, - CipherState1 = CipherState0#cipher_state{iv=next_iv(Fragment, IV)}, - {Content, Mac, CipherState1}; - false -> - ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC) + try Fun(Key, IV, Fragment) of + Text -> + GBC = generic_block_cipher_from_bin(Text, HashSz), + case is_correct_padding(GBC, Version) of + true -> + Content = GBC#generic_block_cipher.content, + Mac = GBC#generic_block_cipher.mac, + CipherState1 = CipherState0#cipher_state{iv=next_iv(Fragment, IV)}, + {Content, Mac, CipherState1}; + false -> + ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC) + end + catch + _:_ -> + ?ALERT_REC(?FATAL, ?DECRYPTION_FAILED) end. - %%-------------------------------------------------------------------- -spec suites(tls_version()) -> [cipher_suite()]. %% |