yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-25 01:11:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4541 from mpg/fix-ssl-cf-hmac-alt-2.x

Browse source 
[Backport 2.x] Fix misuse of MD API in SSL constant-flow HMAC
This commit is contained in:
Gilles Peskine 2021-06-07 20:53:48 +02:00 committed by GitHub
parent 62da8ac37a 21bfbdd703
commit 7a4c7589c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog.d/fix-ssl-cf-hmac-alt.txt Normal file
View file

@ -0,0 +1,5 @@
Bugfix
* Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
(when the encrypt-then-MAC extension is not in use) with some ALT
implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
the affected side to wrongly reject valid messages. Fixes #4118.

3
library/ssl_msg.c
View file

@ -1241,6 +1241,9 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
}
/* The context needs to finish() before it starts() again */
MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
/* Now compute HASH(okey + inner_hash) */
MD_CHK( mbedtls_md_starts( ctx ) );
MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );