From 862902dd5704bfbd52732a7028d0de36e00a06b4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 24 Mar 2022 14:15:28 +0100 Subject: [PATCH] ssl_srv.c: Mark ETM as disabled if cipher is not CBC Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS 1.2 server only for the CBC cipher mode thus make it clear in the SSL context. The previous code was ok as long as the check of the ETM status was done only in the case of the CBC cipher mode but fragile as #5573 revealed. Signed-off-by: Ronald Cron --- library/ssl_srv.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 094fca893..e9fa63311 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2047,12 +2047,6 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_cipher_info_t *cipher = NULL; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) - { - *olen = 0; - return; - } - /* * RFC 7366: "If a server receives an encrypt-then-MAC request extension * from a client and then selects a stream or Authenticated Encryption @@ -2069,6 +2063,11 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || cipher->mode != MBEDTLS_MODE_CBC ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ + { + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; + } + + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) { *olen = 0; return;