commit 699cafaea27c72ea68aa85bd8a4e18afb879e272
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 27 13:57:03 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 16:00:50 2014 +0100
tree ae1f68b549b18c1b597e7a3911d923cd3ffa440e
parent b3c6a97b31eebbd8867f1ee99e54d34fb9028d85

Implement initial negotiation of EtM

Not implemented yet:
- actually using EtM
- conditions on renegotiation

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c8b7fa2..e8f2b7f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1071,6 +1071,15 @@
 
     SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
 
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+    if( ssl->session_out != NULL &&
+        ssl->session_out->encrypt_then_mac == SSL_ETM_ENABLED )
+    {
+        // WIP
+        SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+    }
+#endif
+
     /*
      * Add MAC before encrypt, except for AEAD modes
      */
@@ -3474,6 +3483,10 @@
     memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
     memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
 
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+    ssl->encrypt_then_mac = SSL_ETM_ENABLED;
+#endif
+
 #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
     ssl->extended_ms = SSL_EXTENDED_MS_ENABLED;
 #endif
@@ -4025,6 +4038,13 @@
 }
 #endif
 
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+void ssl_set_encrypt_then_mac( ssl_context *ssl, char etm )
+{
+    ssl->encrypt_then_mac = etm;
+}
+#endif
+
 #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
 void ssl_set_extended_master_secret( ssl_context *ssl, char ems )
 {