projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-163.tar.gz
[apple/security.git] / SecureTransport / tls1Callouts.cpp
diff --git a/SecureTransport/tls1Callouts.cpp b/SecureTransport/tls1Callouts.cpp
index a1c4c30532fab655bdd078a4154242fa98c3d902..e27ffe1b1debcedd56bcdec5ee5e48766d9ce947 100644 (file)
--- a/SecureTransport/tls1Callouts.cpp
+++ b/SecureTransport/tls1Callouts.cpp
@@ -275,8 +275,8 @@ static OSStatus tls1DecryptRecord(
     
     if ((ctx->readCipher.symCipher->blockSize > 0) &&
         ((payload->length % ctx->readCipher.symCipher->blockSize) != 0)) {
-               SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx);
-        return errSSLProtocol;
+               SSLFatalSessionAlert(SSL_AlertRecordOverflow, ctx);
+        return errSSLRecordOverflow;
     }
 
     /* Decrypt in place */
@@ -284,8 +284,8 @@ static OSStatus tls1DecryptRecord(
                *payload, 
                &ctx->readCipher, 
                ctx)) != 0)
-    {   SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx);
-        return err;
+    {   SSLFatalSessionAlert(SSL_AlertDecryptError, ctx);
+        return errSSLDecryptionFail;
     }
     
        /* Locate content within decrypted payload */
@@ -300,17 +300,17 @@ static OSStatus tls1DecryptRecord(
                 * has a special case here dealing with some kind of bug related to
                 * even size packets...beware... */
                if(padSize > payload->length) {
-                       SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx);
+                       SSLFatalSessionAlert(SSL_AlertDecodeError, ctx);
                sslErrorLog("tls1DecryptRecord: bad padding length (%d)\n", 
                        (unsigned)payload->data[payload->length - 1]);
-            return errSSLProtocol;
+            return errSSLDecryptionFail;
                }
                padChars = payload->data + payload->length - padSize;
                while(padChars < (payload->data + payload->length)) {
                        if(*padChars++ != padSize) {
-                               SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx);
+                               SSLFatalSessionAlert(SSL_AlertDecodeError, ctx);
                                sslErrorLog("tls1DecryptRecord: bad padding value\n");
-                               return errSSLProtocol;
+                               return errSSLDecryptionFail;
                        }
                }
                /* Remove block size padding and its one-byte length */
@@ -323,7 +323,7 @@ static OSStatus tls1DecryptRecord(
         if ((err = SSLVerifyMac(type, content, 
                                payload->data + content.length, ctx)) != 0)
         {   SSLFatalSessionAlert(SSL_AlertBadRecordMac, ctx);
-            return err;
+            return errSSLBadRecordMac;
         }
     
     *payload = content;     /* Modify payload buffer to indicate content length */
mirror of Security