TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 73db8380cae7e16d284d6f66b60630bc6e0dab6e^1..73db8380cae7e16d284d6f66b60630bc6e0dab6e / .
commit73db8380cae7e16d284d6f66b60630bc6e0dab6e[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed Apr 04 09:19:12 2018 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Wed Apr 04 09:19:12 2018 +0200
treecfdb0278be97fce186bddf3f8bbb1c8b52b4d5c5
parentbe2371c3d960ea9f7376b801765125f328a36d09 [diff]
parentc96ccf4b3f2fc0c1336390cae25e4852d4d3411a [diff]
Merge remote-tracking branch 'upstream-public/pr/1547' into development-proposed

diff --git a/ChangeLog b/ChangeLog
index 0bb5e6d..f9fc6dc 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -72,6 +72,9 @@
    * In the SSL module, when f_send, f_recv or f_recv_timeout report
      transmitting more than the required length, return an error. Raised by
      Sam O'Connor in #1245.
+   * Improve robustness of mbedtls_ssl_derive_keys against the use of
+     HMAC functions with non-HMAC ciphersuites. Independently contributed
+     by Jiayuan Chen in #1377. Fixes #1437.
 
 = mbed TLS 2.8.0 branch released 2018-03-16
 

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index eabf341..4ca74fb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -855,8 +855,13 @@
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
     {
-        mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
-        mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+           For AEAD-based ciphersuites, there is nothing to do here. */
+        if( mac_key_len != 0 )
+        {
+            mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+            mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        }
     }
     else
 #endif