Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites In case full SSL frames arrived, they were rejected because an overly strict padding check.

commit: 61885c7f7f036d67a16f6730525377db3bb95324 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 25 12:59:03 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 25 12:59:51 2014 +0200
tree: 7654e0a16afef2f169053fb069a6cafe5f68620c
parent: fdba46885b0cc849d0ce061878676f9a1fbe7efd [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index d58df3a..1d3277c 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -11,6 +11,8 @@
    * Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan
      Karger)
    * cert_write app should use subject of issuer certificate as issuer of cert
+   * Fix false reject in padding check in ssl_decrypt_buf() for CBC
+     ciphersuites, for full SSL frames of data.
 
 = PolarSSL 1.3.6 released on 2014-04-11
commit	61885c7f7f036d67a16f6730525377db3bb95324	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Fri Apr 25 12:59:03 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Fri Apr 25 12:59:51 2014 +0200
tree	7654e0a16afef2f169053fb069a6cafe5f68620c
parent	fdba46885b0cc849d0ce061878676f9a1fbe7efd [diff] [blame]