commit e698f59a258d98c8f50c6b23389108ab90c574a9
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Oct 14 19:36:36 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:56 2014 +0200
tree aafd443272e2d46dba5d9aa51d82f9fe9f7cfbd1
parent b0643d152d9f47f45e344195c43c9eb9a013940d

Add tests for ssl_set_dtls_badmac_limit()

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 0f210b9..39e3a41 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -126,6 +126,7 @@
 #define DFL_ANTI_REPLAY         -1
 #define DFL_HS_TO_MIN           0
 #define DFL_HS_TO_MAX           0
+#define DFL_BADMAC_LIMIT        -1
 
 #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
     "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
@@ -192,6 +193,7 @@
     int anti_replay;            /* Use anti-replay for DTLS? -1 for default */
     uint32_t hs_to_min;         /* Initial value of DTLS handshake timer    */
     uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
+    int badmac_limit;           /* Limit of records with bad MAC            */
 } opt;
 
 static void my_debug( void *ctx, int level, const char *str )
@@ -325,11 +327,18 @@
 
 #if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
 #define USAGE_ANTI_REPLAY \
-    "    anti_replay=0/1     default: (library default = enabled)\n"
+    "    anti_replay=0/1     default: (library default: enabled)\n"
 #else
 #define USAGE_ANTI_REPLAY ""
 #endif
 
+#if defined(POLARSSL_SSL_DTLS_BADMAC_LIMIT)
+#define USAGE_BADMAC_LIMIT \
+    "    badmac_limit=%%d     default: (library default: disabled)\n"
+#else
+#define USAGE_BADMAC_LIMIT ""
+#endif
+
 #if defined(POLARSSL_SSL_PROTO_DTLS)
 #define USAGE_DTLS \
     "    dtls=%%d             default: 0 (TLS)\n"                           \
@@ -352,6 +361,7 @@
     USAGE_DTLS                                              \
     USAGE_COOKIES                                           \
     USAGE_ANTI_REPLAY                                       \
+    USAGE_BADMAC_LIMIT                                      \
     "\n"                                                    \
     "    auth_mode=%%s        default: \"optional\"\n"      \
     "                        options: none, optional, required\n" \
@@ -772,6 +782,7 @@
     opt.anti_replay         = DFL_ANTI_REPLAY;
     opt.hs_to_min           = DFL_HS_TO_MIN;
     opt.hs_to_max           = DFL_HS_TO_MAX;
+    opt.badmac_limit        = DFL_BADMAC_LIMIT;
 
     for( i = 1; i < argc; i++ )
     {
@@ -1003,6 +1014,12 @@
             if( opt.anti_replay < 0 || opt.anti_replay > 1)
                 goto usage;
         }
+        else if( strcmp( p, "badmac_limit" ) == 0 )
+        {
+            opt.badmac_limit = atoi( q );
+            if( opt.badmac_limit < 0 )
+                goto usage;
+        }
         else if( strcmp( p, "hs_timeout" ) == 0 )
         {
             if( ( p = strchr( q, '-' ) ) == NULL )
@@ -1458,9 +1475,12 @@
 
 #if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
         if( opt.anti_replay != DFL_ANTI_REPLAY )
-        {
             ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
-        }
+#endif
+
+#if defined(POLARSSL_SSL_DTLS_BADMAC_LIMIT)
+        if( opt.badmac_limit != DFL_BADMAC_LIMIT )
+            ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit );
 #endif
     }
 #endif /* POLARSSL_SSL_PROTO_DTLS */