_gnutls_epoch_set_keys: do not forbid random padding in TLS1.x CBC ciphersuites

Since some point in 3.6.x we updated the calculation of maximum record size, however that did not include the possibility of random record padding available for CBC ciphersuites which exceeds the maximum. This commit allows for larger sizes for these ciphersuites to account for random padding as applied by gnutls 2.12.x. Resolves: #811 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-08-03 21:51:58 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2019-09-06 09:44:56 +0200
commit: daa49b9e455d262a1a2bc1b641e72dc004e2cb3e (patch)
tree: f00d09e42ac1e549673831d088cece476664c294 /NEWS
parent: 5074fb7f22c0d09ad0ceb57bd8f9420ae9dc74d3 (diff)
download: gnutls-daa49b9e455d262a1a2bc1b641e72dc004e2cb3e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 1e3658840d..e0320042c3 100644
--- a/NEWS
+++ b/NEWS
@@ -15,10 +15,14 @@ See the end for copying conditions.
 ** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2
    functions that will perform in-place encryption/decryption on data buffers (#718).
 
+** libgnutls: added interoperability tests with gnutls 2.12.x; addressed
+   issue with large record handling due to random padding (#811).
+
 ** API and ABI modifications:
 gnutls_aead_cipher_encryptv2: Added
 gnutls_aead_cipher_decryptv2: Added
 
+
 * Version 3.6.9 (released 2019-07-25)
 
 ** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-08-03 21:51:58 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-09-06 09:44:56 +0200
commit	daa49b9e455d262a1a2bc1b641e72dc004e2cb3e (patch)
tree	f00d09e42ac1e549673831d088cece476664c294 /NEWS
parent	5074fb7f22c0d09ad0ceb57bd8f9420ae9dc74d3 (diff)
download	gnutls-daa49b9e455d262a1a2bc1b641e72dc004e2cb3e.tar.gz