mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-09 12:00:54 +02:00
+14
-6
@@ -38436,13 +38436,21 @@ static int AddPSKtoPreMasterSecret(WOLFSSL* ssl)
|
||||
|
||||
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_ENCRYPT_THEN_MAC) && \
|
||||
!defined(WOLFSSL_AEAD_ONLY)
|
||||
if (ssl->options.encThenMac && ssl->specs.cipher_type == block) {
|
||||
ret = TLSX_EncryptThenMac_Respond(ssl);
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
/* Only respond to ETM here when resumption actually succeeded;
|
||||
* HandleTlsResumption populates ssl->specs via SetCipherSpecs only
|
||||
* on the success path. If resumption failed, resuming has been
|
||||
* cleared and ssl->specs.cipher_type is still zero-initialized,
|
||||
* so we must defer the ETM decision until after MatchSuite. */
|
||||
if (ssl->options.resuming) {
|
||||
if (ssl->options.encThenMac &&
|
||||
ssl->specs.cipher_type == block) {
|
||||
ret = TLSX_EncryptThenMac_Respond(ssl);
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
}
|
||||
else
|
||||
ssl->options.encThenMac = 0;
|
||||
}
|
||||
else
|
||||
ssl->options.encThenMac = 0;
|
||||
#endif
|
||||
if (ssl->options.clientState == CLIENT_KEYEXCHANGE_COMPLETE) {
|
||||
WOLFSSL_LEAVE("DoClientHello", ret);
|
||||
|
||||
Reference in New Issue
Block a user