commit d8e0cec63b56c8971b4c57789e36fe17c7aab2e4
author Jaeden Amero <jaeden.amero@arm.com> Tue Apr 03 18:27:54 2018 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Tue Apr 03 18:27:54 2018 +0100
tree 2c4a18f255ed58e3f67238c061b54ef92855ba10
parent b5f53b10393f73a1d66c5b08f51d0bbeb0b7bdc6
parent f3df741d8f2b216850961616bb75b67c56e9ec5c

Merge remote-tracking branch 'upstream-public/pr/1464' into mbedtls-2.7-proposed

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 2c14930..362f303 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -53,6 +53,9 @@
    * Verify that when (f_send, f_recv and f_recv_timeout) send or receive
      more than the required length an error is returned. Raised by
      Sam O'Connor in #1245.
+   * Improve robustness of mbedtls_ssl_derive_keys against the use of
+     HMAC functions with non-HMAC ciphersuites. Independently contributed
+     by Jiayuan Chen in #1377. Fixes #1437.
 
 = mbed TLS 2.7.2 branch released 2018-03-16
 

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 28905c9..d386dfa 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -855,8 +855,13 @@
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
     {
-        mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
-        mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+           For AEAD-based ciphersuites, there is nothing to do here. */
+        if( mac_key_len != 0 )
+        {
+            mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+            mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        }
     }
     else
 #endif