The branch master has been updated
via d724da69389196cdb9ef8db036656882fbc5a6ab (commit)
from bc42cf51c8b2a22282bb3cdf6303e230dc7b7873 (commit)
- Log -----------------------------------------------------------------
commit d724da69389196cdb9ef8db036656882fbc5a6ab
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Sun Nov 28 10:21:21 2021 +0100
No EtM for GOST ciphers in TLS 1.2
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17150)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions_clnt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index d6d4e55ce7..c5de5ca5ba 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1695,7 +1695,11 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* Ignore if inappropriate ciphersuite */
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
&& s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD
- && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4)
+ && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4
+ && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT
+ && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12
+ && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA
+ && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK)
s->ext.use_etm = 1;
return 1;