CBC mode: Allow zero-length message fragments (100% padding)

Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2026-02-19 08:43:02 +00:00 · 2018-06-19 15:57:50 +10:00
parent 7d728bd70e
commit b512bc1d29
2 changed files with 12 additions and 7 deletions
--- a/5
+++ b/5
@@ -34,6 +34,11 @@ Bugfix
     i386 with SSE2. Found by László Langó. Fixes #1550
   * Fix namespacing in header files. Remove the `mbedtls` namespacing in
     the `#include` in the header files. Resolves #857
+   * Fix decryption of zero length messages (all padding) in some circumstances:
+     DTLS 1.0 and 1.2, and CBC ciphersuites using encrypt-then-MAC. Most often
+     seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
+     (#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
+     Systems.

 Changes
   * Change the shebang line in Perl scripts to look up perl in the PATH.