Bug 1272016 - Fix error code for too short record. r=mt
authorEKR <ekr@rtfm.com>
Wed, 11 May 2016 08:09:00 +0200
changeset 12155 d41484fd938ceec9375fcbb05d35953222728dd0
parent 12154 7e53ffa95952846d7dcb66a715a6ddf819597926
child 12158 0768f4a49f965945ebf3f886956d8f6b9772f9eb
push id1208
push userekr@mozilla.com
push dateThu, 12 May 2016 17:33:42 +0000
reviewersmt
bugs1272016
Bug 1272016 - Fix error code for too short record. r=mt
external_tests/ssl_gtest/ssl_extension_unittest.cc
lib/ssl/tls13con.c
--- a/external_tests/ssl_gtest/ssl_extension_unittest.cc
+++ b/external_tests/ssl_gtest/ssl_extension_unittest.cc
@@ -668,18 +668,18 @@ TEST_P(TlsExtensionTest13, ModifyDraftVe
 // timeout on the server.
 TEST_F(TlsExtensionTest13Stream, DropServerKeyShare) {
   EnsureTlsSetup();
   server_->SetPacketFilter(
       new TlsExtensionDropper(ssl_tls13_key_share_xtn));
   ConnectExpectFail();
   EXPECT_EQ(SSL_ERROR_MISSING_KEY_SHARE, client_->error_code());
   // We are trying to decrypt but we can't. Kind of a screwy error
-  // from the TLS 1.3 stack (should probably be too short).
-  EXPECT_EQ(SSL_ERROR_RX_RECORD_TOO_LONG, server_->error_code());
+  // from the TLS 1.3 stack.
+  EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
 }
 #endif
 
 INSTANTIATE_TEST_CASE_P(ExtensionStream, TlsExtensionTestGeneric,
                         ::testing::Combine(
                           TlsConnectTestBase::kTlsModesStream,
                           TlsConnectTestBase::kTlsVAll));
 INSTANTIATE_TEST_CASE_P(ExtensionDatagram, TlsExtensionTestGeneric,
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -2704,17 +2704,17 @@ tls13_UnprotectRecord(sslSocket *ss, SSL
                 SSL_GETPID(), ss->fd, cText->buf->len));
 
     /* We can perform this test in variable time because the record's total
      * length and the ciphersuite are both public knowledge. */
     if (cText->buf->len < cipher_def->tag_size) {
         SSL_TRC(3,
                 ("%d: TLS13[%d]: record too short to contain valid AEAD data",
                  SSL_GETPID(), ss->fd));
-        PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
         return SECFailure;
     }
 
     /* Verify that the content type is right, even though we overwrite it. */
     if (cText->type != content_application_data) {
         SSL_TRC(3,
                 ("%d: TLS13[%d]: record has invalid exterior content type=%d",
                  SSL_GETPID(), ss->fd, cText->type));