Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed

2024-11-23 00:25:39 +01:00 · 2018-04-03 18:27:18 +01:00 · 2018-04-03 18:27:18 +01:00 · ac9939c096
commit ac9939c096
parent ee6c822076 04450488ec
2 changed files with 10 additions and 2 deletions
--- a/3
+++ b/3
@ -46,6 +46,9 @@ Changes
   * Verify that when (f_send, f_recv and f_recv_timeout) send or receive
     more than the required length an error is returned. Raised by
     Sam O'Connor in #1245.
+   * Improve robustness of mbedtls_ssl_derive_keys against the use of
+     HMAC functions with non-HMAC ciphersuites. Independently contributed
+     by Jiayuan Chen in #1377. Fixes #1437.

 = mbed TLS 2.1.11 branch released 2018-03-16

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -843,10 +843,15 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
    defined(MBEDTLS_SSL_PROTO_TLS1_2)
    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+    {
+        /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+           For AEAD-based ciphersuites, there is nothing to do here. */
+        if( mac_key_len != 0 )
        {
            mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
            mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
        }
+    }
    else
 #endif
    {