commit ac9939c096a174f1876f2b74a14b79328026fe47
author Jaeden Amero <jaeden.amero@arm.com> Tue Apr 03 18:27:18 2018 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Tue Apr 03 18:27:18 2018 +0100
tree 51213aed27bafdac7e84bd7535476e2fc7f17686
parent ee6c822076c323ab6846016e133a2ddb0f1d1290
parent 04450488ec7df9f573da78b4b2346894eadf0d73

Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 683a028..60dba27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,9 @@
    * Verify that when (f_send, f_recv and f_recv_timeout) send or receive
      more than the required length an error is returned. Raised by
      Sam O'Connor in #1245.
+   * Improve robustness of mbedtls_ssl_derive_keys against the use of
+     HMAC functions with non-HMAC ciphersuites. Independently contributed
+     by Jiayuan Chen in #1377. Fixes #1437.
 
 = mbed TLS 2.1.11 branch released 2018-03-16
 

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3462490..94a8088 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -844,8 +844,13 @@
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
     {
-        mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
-        mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+           For AEAD-based ciphersuites, there is nothing to do here. */
+        if( mac_key_len != 0 )
+        {
+            mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+            mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        }
     }
     else
 #endif