From 584ebe1bcb183c91fe1fe35dd456691616b57d51 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 20 Oct 2017 14:24:51 +0100 Subject: [PATCH] Wrong identifier used to check Encrypt-then-MAC flag This commit fixes a comparison of ssl_session->encrypt_then_mac against the ETM-unrelated constant MBEDTLS_SSL_EXTENDED_MS_DISABLED. Instead, MBEDTLS_SSL_ETM_DISABLED should be used. The typo is has no functional effect since both constants have the same value 0. --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1002adfd5..9d1904c4d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1941,7 +1941,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { *olen = 0;