Don't send back EtM extension if not using CBC

2025-07-29 11:41:15 +03:00 · 2014-11-04 15:44:06 +01:00
parent 08558e5b46
commit 78e745fc0a
2 changed files with 41 additions and 0 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1721,6 +1721,8 @@ static void ssl_write_encrypt_then_mac_ext( ssl_context *ssl,
                                            size_t *olen )
 {
    unsigned char *p = buf;
+    const ssl_ciphersuite_t *suite = NULL;
+    const cipher_info_t *cipher = NULL;

    if( ssl->session_negotiate->encrypt_then_mac == SSL_EXTENDED_MS_DISABLED ||
        ssl->minor_ver == SSL_MINOR_VERSION_0 )
@ -1729,6 +1731,21 @@ static void ssl_write_encrypt_then_mac_ext( ssl_context *ssl,
        return;
    }

+    /*
+     * RFC 7366: "If a server receives an encrypt-then-MAC request extension
+     * from a client and then selects a stream or Authenticated Encryption
+     * with Associated Data (AEAD) ciphersuite, it MUST NOT send an
+     * encrypt-then-MAC response extension back to the client."
+     */
+    if( ( suite = ssl_ciphersuite_from_id(
+                    ssl->session_negotiate->ciphersuite ) ) == NULL ||
+        ( cipher = cipher_info_from_type( suite->cipher ) ) == NULL ||
+        cipher->mode != POLARSSL_MODE_CBC )
+    {
+        *olen = 0;
+        return;
+    }
+
    SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );

    *p++ = (unsigned char)( ( TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );