Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev

Fix misuse of MD API in SSL constant-flow HMAC
2025-01-03 23:43:40 +00:00 · 2021-06-07 20:53:33 +02:00 · 2021-06-07 20:53:33 +02:00 · 8d4e32b888
commit 8d4e32b888
parent d285b11f21 5ca21db813
2 changed files with 8 additions and 0 deletions
--- a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
+++ b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
@ -0,0 +1,5 @@
+Bugfix
+   * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
+     (when the encrypt-then-MAC extension is not in use) with some ALT
+     implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
+     the affected side to wrongly reject valid messages. Fixes #4118.
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -1148,6 +1148,9 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
            MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
    }

+    /* The context needs to finish() before it starts() again */
+    MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
    /* Now compute HASH(okey + inner_hash) */
    MD_CHK( mbedtls_md_starts( ctx ) );
    MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );