mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 00:55:36 +00:00
Fail when encountering invalid CBC padding in EtM records
This commit changes the behavior of the record decryption routine `ssl_decrypt_buf()` in the following situation: 1. A CBC ciphersuite with Encrypt-then-MAC is used. 2. A record with valid MAC but invalid CBC padding is received. In this situation, the previous code would not raise and error but instead forward the decrypted packet, including the wrong padding, to the user. This commit changes this behavior to return the error MBEDTLS_ERR_SSL_INVALID_MAC instead. While erroneous, the previous behavior does not constitute a security flaw since it can only happen for properly authenticated records, that is, if the peer makes a mistake while preparing the padded plaintext.
This commit is contained in:
parent
7a539a57d7
commit
ca31b47188
|
@ -2131,13 +2131,13 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
|
|||
correct = 0;
|
||||
}
|
||||
auth_done++;
|
||||
|
||||
/*
|
||||
* Finally check the correct flag
|
||||
*/
|
||||
if( correct == 0 )
|
||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
|
||||
/*
|
||||
* Finally check the correct flag
|
||||
*/
|
||||
if( correct == 0 )
|
||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
#endif /* SSL_SOME_MODES_USE_MAC */
|
||||
|
||||
/* Make extra sure authentication was performed, exactly once */
|
||||
|
|
Loading…
Reference in a new issue