Merge branch 'etm' into dtls

* etm: Fix warning in reduced config Update Changelog for EtM Keep EtM state across renegotiations Adjust minimum length for EtM Don't send back EtM extension if not using CBC Fix for the RFC erratum Implement EtM Preparation for EtM Implement initial negotiation of EtM Conflicts: include/polarssl/check_config.h
2025-07-28 00:21:48 +03:00 · 2014-11-06 01:36:32 +01:00
parent 56d985d0a6 9d7821d774
commit f9d778d635
10 changed files with 531 additions and 23 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -102,6 +102,7 @@ int main( int argc, char *argv[] )
 #define DFL_HS_TO_MAX           0
 #define DFL_FALLBACK            -1
 #define DFL_EXTENDED_MS         -1
+#define DFL_ETM                 -1

 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
 #define GET_REQUEST_END "\r\n\r\n"
@ -146,6 +147,7 @@ struct options
    uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
    int fallback;               /* is this a fallback connection?           */
    char extended_ms;           /* negotiate extended master secret?        */
+    char etm;       ;           /* negotiate encrypt then mac?     ?        */
 } opt;

 static void my_debug( void *ctx, int level, const char *str )
@ -321,6 +323,13 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
 #define USAGE_EMS ""
 #endif

+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+    "    etm=0/1             default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
 #define USAGE \
    "\n usage: ssl_client2 param=<>...\n"                   \
    "\n acceptable parameters:\n"                           \
@ -356,6 +365,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
    USAGE_ALPN                                              \
    USAGE_FALLBACK                                          \
    USAGE_EMS                                               \
+    USAGE_ETM                                               \
    "\n"                                                    \
    "    min_version=%%s      default: \"\" (ssl3)\n"       \
    "    max_version=%%s      default: \"\" (tls1_2)\n"     \
@ -463,6 +473,7 @@ int main( int argc, char *argv[] )
    opt.hs_to_max           = DFL_HS_TO_MAX;
    opt.fallback            = DFL_FALLBACK;
    opt.extended_ms         = DFL_EXTENDED_MS;
+    opt.etm                 = DFL_ETM;

    for( i = 1; i < argc; i++ )
    {
@ -605,6 +616,15 @@ int main( int argc, char *argv[] )
                default: goto usage;
            }
        }
+        else if( strcmp( p, "etm" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0: opt.etm = SSL_ETM_DISABLED; break;
+                case 1: opt.etm = SSL_ETM_ENABLED; break;
+                default: goto usage;
+            }
+        }
        else if( strcmp( p, "min_version" ) == 0 )
        {
            if( strcmp( q, "ssl3" ) == 0 )
@ -1022,6 +1042,11 @@ int main( int argc, char *argv[] )
        ssl_set_extended_master_secret( &ssl, opt.extended_ms );
 #endif

+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+    if( opt.etm != DFL_ETM )
+        ssl_set_encrypt_then_mac( &ssl, opt.etm );
+#endif
+
 #if defined(POLARSSL_SSL_ALPN)
    if( opt.alpn_string != NULL )
        if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )