mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-18 23:42:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/pr/2111' into development-proposed

Browse Source
This commit is contained in:
Simon Butcher 2018-10-28 16:22:18 +00:00
commit 17a0fab345
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -19,6 +19,9 @@ Bugfix
invalidated keys of a lifetime of less than a 1s. Fixes #1968. invalidated keys of a lifetime of less than a 1s. Fixes #1968.
* Fix failure in hmac_drbg in the benchmark sample application, when * Fix failure in hmac_drbg in the benchmark sample application, when
MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
* Fix a bug in the record decryption routine ssl_decrypt_buf()
which lead to accepting properly authenticated but improperly
padded records in case of CBC ciphersuites using Encrypt-then-MAC.
Changes Changes
* Removed support for Yotta as a build tool. * Removed support for Yotta as a build tool.

2
library/ssl_tls.c
View File

@ -2307,13 +2307,13 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
correct = 0; correct = 0;
} }
auth_done++; auth_done++;
}
/* /*
* Finally check the correct flag * Finally check the correct flag
*/ */
if( correct == 0 ) if( correct == 0 )
return( MBEDTLS_ERR_SSL_INVALID_MAC ); return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
#endif /* SSL_SOME_MODES_USE_MAC */ #endif /* SSL_SOME_MODES_USE_MAC */
/* Make extra sure authentication was performed, exactly once */ /* Make extra sure authentication was performed, exactly once */