From 27b34d5bad4766ab8b4d6b81d4571b946b70f55a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 20 Oct 2017 14:24:51 +0100 Subject: [PATCH] Wrong identifier used to check Encrypt-then-MAC flag This commit fixes a comparison of ssl_session->encrypt_then_mac against the ETM-unrelated constant MBEDTLS_SSL_EXTENDED_MS_DISABLED. Instead, MBEDTLS_SSL_ETM_DISABLED should be used. The typo is has no functional effect since both constants have the same value 0. --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 37f415dd1..f98e9e8a9 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2042,7 +2042,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { *olen = 0;