Compute outgoing MAC in temporary buffer for MAC-then-Encrypt

A previous commit changed the record encryption function `ssl_encrypt_buf` to compute the MAC in a temporary buffer and copying the relevant part of it (which is strictly smaller if the truncated HMAC extension is used) to the outgoing message buffer. However, the change was only made in case Encrypt-Then-MAC was enabled, but not in case of MAC-Then-Encrypt. While this doesn't constitute a problem, for the sake of uniformity this commit changes `ssl_encrypt_buf` to compute the MAC in a temporary buffer in this case, too.
2018-01-05 16:24:22 +00:00 · 2018-01-05 16:24:22 +00:00 · 3d8c90711b
commit 3d8c90711b
parent 07d1078cdc
1 changed files with 6 additions and 2 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1530,6 +1530,8 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
        if( auth_done == 0 )
        {
+            unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+
            /*
             * MAC(MAC_write_key, seq_num +
             *     TLSCipherText.type +
@ -1552,10 +1554,12 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
                             ssl->out_iv, ssl->out_msglen );
-            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
-                             ssl->out_iv + ssl->out_msglen );
+            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac );
            mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );

+            memcpy( ssl->out_iv + ssl->out_msglen, mac,
+                    ssl->transform_out->maclen );
+
            ssl->out_msglen += ssl->transform_out->maclen;
            auth_done++;
        }