Merge remote-tracking branch 'public/pr/2112' into mbedtls-2.7-proposed
diff --git a/ChangeLog b/ChangeLog
index 08790e3..aecf4a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
* Fix a bug in the update function for SSL ticket keys which previously
invalidated keys of a lifetime of less than a 1s. Fixes #1968.
+ * Fix a bug in the record decryption routine ssl_decrypt_buf()
+ which lead to accepting properly authenticated but improperly
+ padded records in case of CBC ciphersuites using Encrypt-then-MAC.
Changes
* Add tests for session resumption in DTLS.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index da55801..9bc3d10 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2131,13 +2131,13 @@
correct = 0;
}
auth_done++;
-
- /*
- * Finally check the correct flag
- */
- if( correct == 0 )
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
+
+ /*
+ * Finally check the correct flag
+ */
+ if( correct == 0 )
+ return( MBEDTLS_ERR_SSL_INVALID_MAC );
#endif /* SSL_SOME_MODES_USE_MAC */
/* Make extra sure authentication was performed, exactly once */