Merge remote-tracking branch 'restricted/pr/437' into development-restricted

commit: 3af567d4a79ffec27005e51642a592b82f0dc480 [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Tue Aug 28 15:33:59 2018 +0100
committer: Simon Butcher <simon.butcher@arm.com> Tue Aug 28 15:33:59 2018 +0100
tree: 6caad9d67726cbee5126ec88014b06d058eac93b
parent: 129fa82908ccd19ec357176a16dbb26cb27511a1 [diff]
parent: 3d8c90711b6ff7ae44d436c78f1bd0f4d06c7666 [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9b8c454..30b2f65 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1712,6 +1712,8 @@
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
         if( auth_done == 0 )
         {
+            unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+
             /*
              * MAC(MAC_write_key, seq_num +
              *     TLSCipherText.type +
@@ -1734,10 +1736,12 @@
             mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
             mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
                              ssl->out_iv, ssl->out_msglen );
-            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
-                             ssl->out_iv + ssl->out_msglen );
+            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac );
             mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
 
+            memcpy( ssl->out_iv + ssl->out_msglen, mac,
+                    ssl->transform_out->maclen );
+
             ssl->out_msglen += ssl->transform_out->maclen;
             auth_done++;
         }
commit	3af567d4a79ffec27005e51642a592b82f0dc480	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Tue Aug 28 15:33:59 2018 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Tue Aug 28 15:33:59 2018 +0100
tree	6caad9d67726cbee5126ec88014b06d058eac93b
parent	129fa82908ccd19ec357176a16dbb26cb27511a1 [diff]
parent	3d8c90711b6ff7ae44d436c78f1bd0f4d06c7666 [diff]