From 16e9ae2f95f3b57cf46d90845965a19c2f97ed98 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 16:36:59 +0100 Subject: [PATCH] Treat an invalid record after decryption as fatal If a record exhibits an invalid feature only after successful authenticated decryption, this is a protocol violation by the peer and should hence lead to connection failure. The previous code, however, would silently ignore such records. This commit fixes this. So far, the only case to which this applies is the non-acceptance of empty non-AD records in TLS 1.2. With the present commit, such records lead to connection failure, while previously, they were silently ignored. With the introduction of the Connection ID extension (or TLS 1.3), this will also apply to records whose real content type -- which is only revealed during authenticated decryption -- is invalid. --- library/ssl_tls.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a8c3de942..35433d23c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5472,8 +5472,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { /* Silently discard invalid records */ - if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD || - ret == MBEDTLS_ERR_SSL_INVALID_MAC ) + if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) { /* Except when waiting for Finished as a bad mac here * probably means something went wrong in the handshake