ssl_tls.c: Use ETM status only in CBC mode case Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: fb39f15fa1fac02bb963cd8f9eb700725009453a [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Fri Mar 25 14:36:28 2022 +0100
committer: Ronald Cron <ronald.cron@arm.com> Fri Mar 25 16:50:18 2022 +0100
tree: 666a45753affd1c9fe3cce99a852e1ddd6fe55b8
parent: 862902dd5704bfbd52732a7028d0de36e00a06b4 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0177add..2ff3249 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7450,9 +7450,9 @@
             goto end;
         }
 
-        if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ||
-              transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) &&
-            transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
+        if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) ||
+            ( ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) &&
+              ( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) ) )
             /* mbedtls_ct_hmac() requires the key to be exportable */
             psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
                                                   PSA_KEY_USAGE_VERIFY_HASH );
commit	fb39f15fa1fac02bb963cd8f9eb700725009453a	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Fri Mar 25 14:36:28 2022 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Fri Mar 25 16:50:18 2022 +0100
tree	666a45753affd1c9fe3cce99a852e1ddd6fe55b8
parent	862902dd5704bfbd52732a7028d0de36e00a06b4 [diff] [blame]