Merge remote-tracking branch 'upstream-public/pr/1464' into mbedtls-2.7-proposed

2025-02-24 11:06:45 +00:00 · 2018-04-03 18:27:54 +01:00 · 2018-04-03 18:27:54 +01:00 · d8e0cec63b
parent b5f53b1039 f3df741d8f
commit d8e0cec63b
2 changed files with 10 additions and 2 deletions
--- a/3
+++ b/3
@ -53,6 +53,9 @@ Changes
   * Verify that when (f_send, f_recv and f_recv_timeout) send or receive
     more than the required length an error is returned. Raised by
     Sam O'Connor in #1245.
+   * Improve robustness of mbedtls_ssl_derive_keys against the use of
+     HMAC functions with non-HMAC ciphersuites. Independently contributed
+     by Jiayuan Chen in #1377. Fixes #1437.

 = mbed TLS 2.7.2 branch released 2018-03-16

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -855,8 +855,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
    defined(MBEDTLS_SSL_PROTO_TLS1_2)
    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
    {
-        mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
-        mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+           For AEAD-based ciphersuites, there is nothing to do here. */
+        if( mac_key_len != 0 )
+        {
+            mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+            mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        }
    }
    else
 #endif