lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Implement initial negotiation of EtM

Browse Source 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
This commit is contained in:
Manuel Pégourié-Gonnard
2014-10-27 13:57:03 +01:00
parent b3c6a97b31
commit 699cafaea2
9 changed files with 308 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
library/ssl_tls.c
View File

@ -1071,6 +1071,15 @@ static int ssl_encrypt_buf( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
if( ssl->session_out != NULL &&
ssl->session_out->encrypt_then_mac == SSL_ETM_ENABLED )
{
// WIP
SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
}
#endif
/*
* Add MAC before encrypt, except for AEAD modes
*/
@ -3474,6 +3483,10 @@ int ssl_init( ssl_context *ssl )
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
ssl->encrypt_then_mac = SSL_ETM_ENABLED;
#endif
#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
ssl->extended_ms = SSL_EXTENDED_MS_ENABLED;
#endif
@ -4025,6 +4038,13 @@ void ssl_set_fallback( ssl_context *ssl, char fallback )
}
#endif
#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
void ssl_set_encrypt_then_mac( ssl_context *ssl, char etm )
{
ssl->encrypt_then_mac = etm;
}
#endif
#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
void ssl_set_extended_master_secret( ssl_context *ssl, char ems )
{