From 6e231f65c63b300ba81ba00037ddeee9b6b4f574 Mon Sep 17 00:00:00 2001
From: Junyeon LEE <junyeon2.lee@samsung.com>
Date: Thu, 6 Apr 2017 22:19:41 +0900
Subject: [PATCH] net/tls: fix a potential security hole that bypasses
 signature verification

This commit fixes a critical issue about ECDH_ANON key-exchange. When
MBEDTLS_KEY_EXCHANGE_ECDH_ANON_ENABLED is enabled, TLS client could
bypass the signature verification and it would makes security hole.

Change-Id: I6123552ab3e899919a6fc046a5c4600a3d1b9ca2
Signed-off-by: Junyeon LEE <junyeon2.lee@samsung.com>
---
 os/net/tls/ssl_cli.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/os/net/tls/ssl_cli.c b/os/net/tls/ssl_cli.c
index 36cdc3b..ff1a35c 100644
--- a/os/net/tls/ssl_cli.c
+++ b/os/net/tls/ssl_cli.c
@@ -2149,7 +2149,9 @@ defined(MBEDTLS_SSL_PROTO_TLS1_1)
 
 // Anonim cipher suite without sign, ecdh param only
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ANON_ENABLED)
-		goto exit;
+		if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ANON) {
+			goto exit;
+		}
 #endif
 		/*
 		 * Read signature
-- 
2.7.4