Test mac-then-encrypt

Verify that the encrypt-then-mac negotiation is handled correctly. Additionally, when compiled with no-asm, this test ensures coverage for the constant-time MAC copying code in ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as well but it's nevertheless better to have an explicit handshake test for mac-then-encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-11-25 17:05:30 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-11-28 12:23:36 +0100
commit: b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516 (patch)
tree: 973e55ed7f1d45984268280f46f3da3e65caf5d1 /ssl/ssl_conf.c
parent: add CMS SHA1 signing test (diff)
download: openssl-b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516.tar.xz
openssl-b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 2382030f34..954e421129 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -357,6 +357,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
         SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
         SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
                      SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+        SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
     };
     if (value == NULL)
         return -3;
author	Emilia Kasper <emilia@openssl.org>	2016-11-25 17:05:30 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-11-28 12:23:36 +0100
commit	b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516 (patch)
tree	973e55ed7f1d45984268280f46f3da3e65caf5d1 /ssl/ssl_conf.c
parent	add CMS SHA1 signing test (diff)
download	openssl-b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516.tar.xz openssl-b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516.zip