mbedtls/ChangeLog.d/fix-ssl-cf-hmac-alt.txt

Bugfix
   * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
     (when the encrypt-then-MAC extension is not in use) with some ALT
     implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
     the affected side to wrongly reject valid messages. Fixes #4118.
Fix misuse of MD API in SSL constant-flow HMAC The sequence of calls starts-update-starts-update-finish is not a guaranteed valid way to abort an operation and start a new one. Our software implementation just happens to support it, but alt implementations may very well not support it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-05-17 10:28:08 +00:00			`Bugfix`
			`* Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites`
			`(when the encrypt-then-MAC extension is not in use) with some ALT`
			`implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing`
			`the affected side to wrongly reject valid messages. Fixes #4118.`