Commit 5e3ff62c authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Experimental encrypt-then-mac support. 

Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt

To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10

For non-compliant peers (i.e. just about everything) this should have no
effect.
parent 226751ae

CHANGES

+14 −0
Original line number Diff line number Diff line
@@ -4,6 +4,20 @@ 


 Changes between 1.0.x and 1.1.0  [xx XXX xxxx]



  *) Experimental encrypt-then-mac support.

    

     Experimental support for encrypt then mac from

     draft-gutmann-tls-encrypt-then-mac-02.txt

    

     To enable it set the appropriate extension number (0x10 for the test

     server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10

    

     For non-compliant peers (i.e. just about everything) this should have no

     effect.



     WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.

     [Steve Henson]



  *) Add callbacks supporting generation and retrieval of supplemental

     data entries.

     [Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie]

apps/s_cb.c

+5 −0
Original line number Diff line number Diff line
@@ -1023,6 +1023,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, 
		extname = "next protocol";

		break;

#endif

#ifdef TLSEXT_TYPE_encrypt_then_mac

		case TLSEXT_TYPE_encrypt_then_mac:

		extname = "encrypt-then-mac";

		break;

#endif



		default:

		extname = "unknown";

ssl/s2_clnt.c

+1 −1
Original line number Diff line number Diff line
@@ -623,7 +623,7 @@ static int client_master_key(SSL *s) 
	if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)

		{



		if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))

		if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0))

			{

			ssl2_return_error(s,SSL2_PE_NO_CIPHER);

			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

ssl/s2_enc.c

+1 −1
Original line number Diff line number Diff line
@@ -68,7 +68,7 @@ int ssl2_enc_init(SSL *s, int client) 
	const EVP_MD *md;

	int num;



	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))

	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0))

		{

		ssl2_return_error(s,SSL2_PE_NO_CIPHER);

		SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

ssl/s2_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -452,7 +452,7 @@ static int get_client_master_key(SSL *s) 


	is_export=SSL_C_IS_EXPORT(s->session->cipher);

	

	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))

	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0))

		{

		ssl2_return_error(s,SSL2_PE_NO_CIPHER);

		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);