yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/pr/2112' into mbedtls-2.7-proposed

Browse source
This commit is contained in:
Simon Butcher 2018-10-28 16:22:29 +00:00
parent 0ef20f765c 7e1913bfa8
commit 1222dddbd0
2 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -7,6 +7,9 @@ Bugfix
MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
* Fix a bug in the update function for SSL ticket keys which previously * Fix a bug in the update function for SSL ticket keys which previously
invalidated keys of a lifetime of less than a 1s. Fixes #1968. invalidated keys of a lifetime of less than a 1s. Fixes #1968.
* Fix a bug in the record decryption routine ssl_decrypt_buf()
which lead to accepting properly authenticated but improperly
padded records in case of CBC ciphersuites using Encrypt-then-MAC.
Changes Changes
* Add tests for session resumption in DTLS. * Add tests for session resumption in DTLS.

12
library/ssl_tls.c
View file

@ -2131,13 +2131,13 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
correct = 0; correct = 0;
} }
auth_done++; auth_done++;
/*
* Finally check the correct flag
*/
if( correct == 0 )
return( MBEDTLS_ERR_SSL_INVALID_MAC );
} }
/*
* Finally check the correct flag
*/
if( correct == 0 )
return( MBEDTLS_ERR_SSL_INVALID_MAC );
#endif /* SSL_SOME_MODES_USE_MAC */ #endif /* SSL_SOME_MODES_USE_MAC */
/* Make extra sure authentication was performed, exactly once */ /* Make extra sure authentication was performed, exactly once */