From 394767c18454fb0e9084c218906f448404d6d6fe Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 16:24:22 +0000 Subject: [PATCH] Compute outgoing MAC in temporary buffer for MAC-then-Encrypt A previous commit changed the record encryption function `ssl_encrypt_buf` to compute the MAC in a temporary buffer and copying the relevant part of it (which is strictly smaller if the truncated HMAC extension is used) to the outgoing message buffer. However, the change was only made in case Encrypt-Then-MAC was enabled, but not in case of MAC-Then-Encrypt. While this doesn't constitute a problem, for the sake of uniformity this commit changes `ssl_encrypt_buf` to compute the MAC in a temporary buffer in this case, too. --- library/ssl_tls.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9d45532cc..0b3903e75 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1521,6 +1521,8 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( auth_done == 0 ) { + unsigned char mac[MBEDTLS_SSL_MAC_ADD]; + /* * MAC(MAC_write_key, seq_num + * TLSCipherText.type + @@ -1543,10 +1545,12 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_iv, ssl->out_msglen ); - mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, - ssl->out_iv + ssl->out_msglen ); + mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac ); mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); + memcpy( ssl->out_iv + ssl->out_msglen, mac, + ssl->transform_out->maclen ); + ssl->out_msglen += ssl->transform_out->maclen; auth_done++; }