Merge pull request #4628 from ronald-cron-arm/dhm-key-generation-bias
dhm: Fix bias in private key generation
diff --git a/.travis.yml b/.travis.yml
index 8789c44..9ba98ab 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -32,12 +32,6 @@
script:
- tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges'
- - name: macOS
- os: osx
- compiler: clang
- script:
- - tests/scripts/all.sh -k test_default_out_of_box
-
- name: Windows
os: windows
script:
diff --git a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
new file mode 100644
index 0000000..e77613f
--- /dev/null
+++ b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix a regression introduced in 2.16.8 which broke (D)TLS CBC ciphersuites
+ (when the encrypt-then-MAC extension is not in use) with some ALT
+ implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
+ the affected side to wrongly reject valid messages. Fixes #4118.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a00b439..1a0794a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1895,6 +1895,9 @@
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
}
+ /* The context needs to finish() before it starts() again */
+ MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
/* Now compute HASH(okey + inner_hash) */
MD_CHK( mbedtls_md_starts( ctx ) );
MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );