commit 169dd6a514142902665f5f9890f338bb251d2a46
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Nov 04 16:15:39 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 16:00:50 2014 +0100
tree 6becc410e15a3cc5844748b602fe261e613f38a6
parent 78e745fc0a5ab2895946f9b5ba5e268558908541

Adjust minimum length for EtM

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4132e47..8c981cf 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -601,12 +601,23 @@
         {
             /*
              * GenericBlockCipher:
-             * first multiple of blocklen greater than maclen
-             * + IV except for SSL3 and TLS 1.0
+             * 1. if EtM is in use: one block plus MAC
+             *    otherwise: * first multiple of blocklen greater than maclen
+             * 2. IV except for SSL3 and TLS 1.0
              */
-            transform->minlen = transform->maclen
-                                + cipher_info->block_size
-                                - transform->maclen % cipher_info->block_size;
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+            if( session->encrypt_then_mac == SSL_ETM_ENABLED )
+            {
+                transform->minlen = transform->maclen
+                                  + cipher_info->block_size;
+            }
+            else
+#endif
+            {
+                transform->minlen = transform->maclen
+                                  + cipher_info->block_size
+                                  - transform->maclen % cipher_info->block_size;
+            }
 
 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
             if( ssl->minor_ver == SSL_MINOR_VERSION_0 ||