From f1ed5951e353ea4e5173cef5bd533cb9c9e52440 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 24 Mar 2022 14:15:28 +0100 Subject: [PATCH] ssl_srv.c: Mark ETM as disabled if cipher is not CBC Encrypt-Then-Mac (ETM) is supported in Mbed TLS server for TLS version geater than SSLv3 and only for the CBC cipher mode thus make it clear in the SSL context. The previous code was ok as long as the check of the ETM status was done only in the case of the CBC cipher mode but fragile as #5573 revealed. Signed-off-by: Ronald Cron --- library/ssl_srv.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1a63173204..8d5e39fe3a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2354,12 +2354,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - *olen = 0; - return; - } + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; /* * RFC 7366: "If a server receives an encrypt-then-MAC request extension @@ -2371,6 +2367,11 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ssl->session_negotiate->ciphersuite ) ) == NULL || ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || cipher->mode != MBEDTLS_MODE_CBC ) + { + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; + } + + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) { *olen = 0; return;