2 files changed, 12 insertions, 2 deletions

diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 669626aefb..91f1876980 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -395,7 +395,12 @@ decipher_aead(Type, #cipher_state{key = Key} = CipherState, AAD0, CipherFragment
     try
         Nonce = decrypt_nonce(Type, CipherState, CipherFragment),
         {AAD, CipherText, CipherTag} = aead_ciphertext_split(Type, CipherState, CipherFragment, AAD0),
-	ssl_cipher:aead_decrypt(Type, Key, Nonce, CipherText, CipherTag, AAD) 
+	case ssl_cipher:aead_decrypt(Type, Key, Nonce, CipherText, CipherTag, AAD) of
+	    Content when is_binary(Content) ->
+		Content;
+	    _ ->
+                ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC, decryption_failed)
+	end
     catch
 	_:_ ->
             ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC, decryption_failed)
diff --git a/lib/ssl/src/tls_record_1_3.erl b/lib/ssl/src/tls_record_1_3.erl
index 5f1c64eae6..97331e1510 100644
--- a/lib/ssl/src/tls_record_1_3.erl
+++ b/lib/ssl/src/tls_record_1_3.erl
@@ -267,7 +267,12 @@ decipher_aead(CipherFragment, BulkCipherAlgo, Key, Seq, IV, TagLen) ->
         AAD = additional_data(erlang:iolist_size(CipherFragment)),
         Nonce = nonce(Seq, IV),
         {CipherText, CipherTag} = aead_ciphertext_split(CipherFragment, TagLen),
-	ssl_cipher:aead_decrypt(BulkCipherAlgo, Key, Nonce, CipherText, CipherTag, AAD)
+	case ssl_cipher:aead_decrypt(BulkCipherAlgo, Key, Nonce, CipherText, CipherTag, AAD) of
+	    Content when is_binary(Content) ->
+		Content;
+	    _ ->
+                ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC, decryption_failed)
+	end
     catch
 	_:_ ->
             ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC, decryption_failed)