Merge pull request #4750 from SparkiDev/etm-disable

TLS EncryptThenMac; fix when extension response sent
2025-07-29 18:27:29 +02:00 · 2022-01-13 13:33:57 -08:00
parent 8d7059497e 70b169e3f2
commit f81e15f342
3 changed files with 41 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -30022,6 +30022,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
            if (ret != 0)
                goto out;

+#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_ENCRYPT_THEN_MAC) && \
+    !defined(WOLFSSL_AEAD_ONLY)
+            if (ssl->options.encThenMac && ssl->specs.cipher_type == block) {
+                ret = TLSX_EncryptThenMac_Respond(ssl);
+                if (ret != 0)
+                    goto out;
+            }
+            else
+                ssl->options.encThenMac = 0;
+#endif
            if (ssl->options.clientState == CLIENT_KEYEXCHANGE_COMPLETE) {
                WOLFSSL_LEAVE("DoClientHello", ret);
                WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
@ -30049,6 +30059,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        else if (ret < 0)
            SendAlert(ssl, alert_fatal, handshake_failure);
 #endif
+#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_ENCRYPT_THEN_MAC) && \
+    !defined(WOLFSSL_AEAD_ONLY)
+        if (ret == 0 && ssl->options.encThenMac &&
+                                              ssl->specs.cipher_type == block) {
+            ret = TLSX_EncryptThenMac_Respond(ssl);
+        }
+        else
+            ssl->options.encThenMac = 0;
+#endif

 #ifdef WOLFSSL_DTLS
        if (ret == 0 && ssl->options.dtls)
--- a/src/tls.c
+++ b/src/tls.c
@ -5282,7 +5282,6 @@ static int TLSX_EncryptThenMac_Parse(WOLFSSL* ssl, const byte* input,
            ret = TLSX_EncryptThenMac_Use(ssl);
            if (ret != 0)
                return ret;
-            TLSX_SetResponse(ssl, TLSX_ENCRYPT_THEN_MAC);
        }
        return 0;
    }
@ -5320,6 +5319,24 @@ static int TLSX_EncryptThenMac_Use(WOLFSSL* ssl)
    return 0;
 }

+/**
+ * Set the Encrypt-Then-MAC extension as one to respond too.
+ *
+ * ssl      SSL object
+ * return EXT_MISSING when EncryptThenMac extension not in list.
+ */
+int TLSX_EncryptThenMac_Respond(WOLFSSL* ssl)
+{
+    TLSX* extension;
+
+    extension = TLSX_Find(ssl->extensions, TLSX_ENCRYPT_THEN_MAC);
+    if (extension == NULL)
+        return EXT_MISSING;
+    extension->resp = 1;
+
+    return 0;
+}
+
 #define ETM_GET_SIZE  TLSX_EncryptThenMac_GetSize
 #define ETM_WRITE     TLSX_EncryptThenMac_Write
 #define ETM_PARSE     TLSX_EncryptThenMac_Parse
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2600,6 +2600,10 @@ WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);

 #endif /* HAVE_SESSION_TICKET */

+#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+int TLSX_EncryptThenMac_Respond(WOLFSSL* ssl);
+#endif
+
 #ifdef WOLFSSL_TLS13
 /* Cookie extension information - cookie data. */
 typedef struct Cookie {