diff --git a/src/internal.c b/src/internal.c index cac28ecb8..5b7bc0f68 100644 --- a/src/internal.c +++ b/src/internal.c @@ -16969,17 +16969,6 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz) /* Reset state */ ssl->decrypt.state = CIPHER_STATE_BEGIN; - /* handle mac error case */ - if (ret == VERIFY_MAC_ERROR) { - if (!ssl->options.dtls) { - SendAlert(ssl, alert_fatal, bad_record_mac); - } - #ifdef WOLFSSL_DTLS_DROP_STATS - if (ssl->options.dtls) - ssl->macDropCount++; - #endif /* WOLFSSL_DTLS_DROP_STATS */ - } - return ret; } @@ -18490,20 +18479,20 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #ifdef WOLFSSL_TLS13 byte *aad = (byte*)&ssl->curRL; word16 aad_size = RECORD_HEADER_SZ; -#ifdef WOLFSSL_DTLS13 + #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { /* aad now points to the record header */ aad = ssl->dtls13CurRL; aad_size = ssl->dtls13CurRlLength; } -#endif /* WOLFSSL_DTLS13 */ + #endif /* WOLFSSL_DTLS13 */ /* Don't send an alert for DTLS. We will just drop it * silently later. */ ret = DecryptTls13(ssl, in->buffer + in->idx, in->buffer + in->idx, ssl->curSize, - aad, aad_size, !ssl->options.dtls); + aad, aad_size); #else ret = DECRYPT_ERROR; #endif /* WOLFSSL_TLS13 */ @@ -18534,7 +18523,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* If in DTLS mode, if the decrypt fails for any * reason, pretend the datagram never happened. */ if (ssl->options.dtls) { - WOLFSSL_MSG("DTLS: Ignoring decrypted failed record"); + WOLFSSL_MSG("DTLS: Ignoring failed decryption"); ssl->options.processReply = doProcessInit; ssl->buffers.inputBuffer.idx = ssl->buffers.inputBuffer.length; @@ -18567,13 +18556,16 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) return 0; } WOLFSSL_MSG("Too much EarlyData!"); + SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR(TOO_MUCH_EARLY_DATA); + return TOO_MUCH_EARLY_DATA; } } #endif SendAlert(ssl, alert_fatal, bad_record_mac); /* Push error once we know that we will error out here */ WOLFSSL_ERROR(ret); - return DECRYPT_ERROR; + return ret; } } diff --git a/src/sniffer.c b/src/sniffer.c index bc68559d0..72a99901a 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -4790,7 +4790,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz, #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { - ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ, 0); + ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ); } else #endif diff --git a/src/tls13.c b/src/tls13.c index 0632b0103..ed520847c 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2278,11 +2278,10 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output, * sz The length of the encrypted data plus authentication tag. * aad The additional authentication data. * aadSz The size of the addition authentication data. - * doAlert Generate alert on error (set to 0 for sniffer use cases) * returns 0 on success, otherwise failure. */ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, - const byte* aad, word16 aadSz, int doAlert) + const byte* aad, word16 aadSz) { int ret = 0; word16 dataSz = sz - ssl->specs.aead_mac_size; @@ -2477,17 +2476,6 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, break; } -#ifndef WOLFSSL_EARLY_DATA - if (ret < 0) { - if (doAlert) { - SendAlert(ssl, alert_fatal, bad_record_mac); - } - ret = VERIFY_MAC_ERROR; - } -#else - (void)doAlert; -#endif - return ret; } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index b526dc074..24393d8ca 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1867,8 +1867,7 @@ WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, - word16 sz, const byte* aad, word16 aadSz, - int doAlert); + word16 sz, const byte* aad, word16 aadSz); WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte type, word32 size, word32 totalSz);