Fix misuse of MD API in SSL constant-flow HMAC

The sequence of calls starts-update-starts-update-finish is not a guaranteed valid way to abort an operation and start a new one. Our software implementation just happens to support it, but alt implementations may very well not support it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-08-08 17:42:09 +03:00 · 2021-05-17 12:28:08 +02:00
parent 5605911fd3
commit 5ca21db813
2 changed files with 8 additions and 0 deletions
--- a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
+++ b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
+     (when the encrypt-then-MAC extension is not in use) with some ALT
+     implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
+     the affected side to wrongly reject valid messages. Fixes #4118.