Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Padding-only Application Data frames seem to be decoded incorrectly in CBC ciphers #1632
mbed TLS build:
Peer device TLS stack and version
Steps to reproduce
After running the above commands, you can see something like this:
The client receives 16
The problem seems to be caused by the way padding is handled in
And in this case both
Another issue is: why padding that is considered incorrect is passed to the application layer instead of e.g. causing an error code to be returned from
Disclaimer: I don't consider myself an expert in TLS or cryptography in general by any means; my analysis is based on a humble programmer's common sense, and I do realize that it does not always work in the field of security. It might be the case that it is OpenSSL where the actual bug is.
thank you very much for your report!
You are entirely right, this is a known bug in Mbed TLS that we are aware of for a while and are tracking it internally; another customer also reported it recently in the Mbed TLS forum.
Also, your analysis of the source of the problem matches ours.
A fix for this bug will hopefully be available soon, although I cannot make any promises on when exactly we will be able to schedule time for this.
Thank you very much for your interest and help - good catch!