Test mac-then-encrypt

Verify that the encrypt-then-mac negotiation is handled correctly. Additionally, when compiled with no-asm, this test ensures coverage for the constant-time MAC copying code in ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as well but it's nevertheless better to have an explicit handshake test for mac-then-encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-11-25 17:05:30 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-11-28 12:23:36 +0100
commit: b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516 (patch)
tree: 973e55ed7f1d45984268280f46f3da3e65caf5d1 /CHANGES
parent: c6d67f09f34d8203c5bad7171ed45ec8771c9764 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index ee574dd296..0916a27a21 100644
--- a/CHANGES
+++ b/CHANGES
@@ -18,6 +18,9 @@
   *) Heartbeat support has been removed; the ABI is changed for now.
      [Richard Levitte, Rich Salz]
 
+  *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
+     [Emilia Käsper]
+
  Changes between 1.1.0b and 1.1.0c [xx XXX xxxx]
 
   *) ChaCha20/Poly1305 heap-buffer-overflow
author	Emilia Kasper <emilia@openssl.org>	2016-11-25 17:05:30 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-11-28 12:23:36 +0100
commit	b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516 (patch)
tree	973e55ed7f1d45984268280f46f3da3e65caf5d1 /CHANGES
parent	c6d67f09f34d8203c5bad7171ed45ec8771c9764 (diff)