From 05330541eaf9037c92706eea311e9f971da03193 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 24 Jul 2018 12:54:15 +0100 Subject: [PATCH] Revise ChangeLog entry for empty data records fixes --- ChangeLog | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e0e2ea952..8888f994b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,11 +37,12 @@ Bugfix * Fix compiler warning of 'use before initialisation' in mbedtls_pk_parse_key(). Found by Martin Boye Petersen and fixed by Dawid Drozd. #1098 - * Fix decryption of zero length messages (all padding) in some circumstances: - DTLS 1.0 and 1.2, and CBC ciphersuites using encrypt-then-MAC. Most often - seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek - (#1632) and by Conor Murphy on the forum. Fix contributed by Espressif - Systems. + * Fix decryption for zero length messages (which contain all padding) when a + CBC based ciphersuite is used together with Encrypt-then-MAC. Previously, + such a message was wrongly reported as an invalid record and therefore lead + to the connection being terminated. Seen most often with OpenSSL using + TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix + contributed by Espressif Systems. Fixes #1632 * Fail when receiving a TLS alert message with an invalid length, or invalid zero-length messages when using TLS 1.2. Contributed by Espressif Systems. * Fix ssl_client2 example to send application data with 0-length content