Experimental encrypt-then-mac support.

Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-22 18:12:33 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-08 14:14:03 +0200
commit: 5e3ff62c345c976cd1ffbcc5e6042f55264977f5 (patch)
tree: 16c9ffcc2468e21f5ee445e440c835857ed94c81 /ssl/s3_enc.c
parent: Set TLS v1.2 disabled mask properly. (diff)
download: openssl-5e3ff62c345c976cd1ffbcc5e6042f55264977f5.tar.xz
openssl-5e3ff62c345c976cd1ffbcc5e6042f55264977f5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index b334aba5d3..f1b2641853 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -418,7 +418,7 @@ int ssl3_setup_key_block(SSL *s)
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
-	if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp))
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp, 0))
 		{
 		SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
 		return(0);
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-22 18:12:33 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-08 14:14:03 +0200
commit	5e3ff62c345c976cd1ffbcc5e6042f55264977f5 (patch)
tree	16c9ffcc2468e21f5ee445e440c835857ed94c81 /ssl/s3_enc.c
parent	Set TLS v1.2 disabled mask properly. (diff)
download	openssl-5e3ff62c345c976cd1ffbcc5e6042f55264977f5.tar.xz openssl-5e3ff62c345c976cd1ffbcc5e6042f55264977f5.zip