diff options
| author | Primiano Tucci <primiano@google.com> | 2014-09-30 14:46:28 +0100 |
|---|---|---|
| committer | Primiano Tucci <primiano@google.com> | 2014-09-30 14:46:28 +0100 |
| commit | 7c4e52cd7aebb9f2fa64355c58bc75509685da94 (patch) | |
| tree | bbdd45cda3f7f15eae3f9dfa9ac4d6a604d82479 /ssl/t1_enc.c | |
| parent | 208436baefdf6180355219406c666c259c7fc450 (diff) | |
| parent | 885164b8d921ef7dba08b9e5ae031bf7350bf4ff (diff) | |
| download | src-7c4e52cd7aebb9f2fa64355c58bc75509685da94.tar.gz | |
Merge from Chromium at DEPS revision 267aeeb8d85candroid-cts-5.1_r9android-cts-5.1_r8android-cts-5.1_r7android-cts-5.1_r6android-cts-5.1_r5android-cts-5.1_r4android-cts-5.1_r3android-cts-5.1_r28android-cts-5.1_r27android-cts-5.1_r26android-cts-5.1_r25android-cts-5.1_r24android-cts-5.1_r23android-cts-5.1_r22android-cts-5.1_r21android-cts-5.1_r20android-cts-5.1_r2android-cts-5.1_r19android-cts-5.1_r18android-cts-5.1_r17android-cts-5.1_r16android-cts-5.1_r15android-cts-5.1_r14android-cts-5.1_r13android-cts-5.1_r10android-cts-5.1_r1android-5.1.1_r9android-5.1.1_r8android-5.1.1_r7android-5.1.1_r6android-5.1.1_r5android-5.1.1_r4android-5.1.1_r38android-5.1.1_r37android-5.1.1_r36android-5.1.1_r35android-5.1.1_r34android-5.1.1_r33android-5.1.1_r30android-5.1.1_r3android-5.1.1_r29android-5.1.1_r28android-5.1.1_r26android-5.1.1_r25android-5.1.1_r24android-5.1.1_r23android-5.1.1_r22android-5.1.1_r20android-5.1.1_r2android-5.1.1_r19android-5.1.1_r18android-5.1.1_r17android-5.1.1_r16android-5.1.1_r15android-5.1.1_r14android-5.1.1_r13android-5.1.1_r12android-5.1.1_r10android-5.1.1_r1android-5.1.0_r5android-5.1.0_r4android-5.1.0_r3android-5.1.0_r1lollipop-mr1-wfc-releaselollipop-mr1-releaselollipop-mr1-fi-releaselollipop-mr1-devlollipop-mr1-cts-release
This commit was generated by merge_to_master.py.
Change-Id: I9b1c013632df72dcd4e450d6a3b7749444191f77
Diffstat (limited to 'ssl/t1_enc.c')
| -rw-r--r-- | ssl/t1_enc.c | 34 |
1 files changed, 7 insertions, 27 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 743c359..ca6bf6c 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -495,9 +495,8 @@ int tls1_change_cipher_state(SSL *s, int which) unsigned key_len, iv_len, mac_secret_len; const unsigned char *key_data; - /* Reset sequence number to zero. - * TODO(davidben): Is this redundant with dtls1_reset_seq_numbers? */ - if (SSL_IS_DTLS(s)) + /* Reset sequence number to zero. */ + if (!SSL_IS_DTLS(s)) memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8); /* key_arg is used for SSLv2. We don't need it for TLS. */ @@ -522,11 +521,7 @@ int tls1_change_cipher_state(SSL *s, int which) else { key_len = EVP_CIPHER_key_length(cipher); - - if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) - iv_len = EVP_GCM_TLS_FIXED_IV_LEN; - else - iv_len = EVP_CIPHER_iv_length(cipher); + iv_len = EVP_CIPHER_iv_length(cipher); } key_data = s->s3->tmp.key_block; @@ -601,7 +596,9 @@ int tls1_setup_key_block(SSL *s) goto cipher_unavailable_err; key_len = EVP_AEAD_key_length(aead); iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher); - if (!ssl_cipher_get_mac(s->session, &hash, &mac_type, &mac_secret_size)) + if ((s->session->cipher->algorithm2 & + SSL_CIPHER_ALGORITHM2_STATEFUL_AEAD) && + !ssl_cipher_get_mac(s->session, &hash, &mac_type, &mac_secret_size)) goto cipher_unavailable_err; /* For "stateful" AEADs (i.e. compatibility with pre-AEAD * cipher suites) the key length reported by @@ -618,11 +615,7 @@ int tls1_setup_key_block(SSL *s) if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size)) goto cipher_unavailable_err; key_len = EVP_CIPHER_key_length(c); - - if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) - iv_len = EVP_GCM_TLS_FIXED_IV_LEN; - else - iv_len = EVP_CIPHER_iv_length(c); + iv_len = EVP_CIPHER_iv_length(c); } s->s3->tmp.new_aead=aead; @@ -676,10 +669,8 @@ printf("\nkey block\n"); if (s->session->cipher != NULL) { -#ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) s->s3->need_record_splitting = 0; -#endif } } @@ -914,11 +905,6 @@ int tls1_enc(SSL *s, int send) /* we need to add 'i' padding bytes of value j */ j=i-1; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) - { - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - j++; - } for (k=(int)l; k<(int)(l+i); k++) rec->input[k]=j; l+=i; @@ -954,12 +940,6 @@ int tls1_enc(SSL *s, int send) ?(i<0) :(i==0)) return -1; /* AEAD can fail to verify MAC */ - if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) - { - rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - } #ifdef KSSL_DEBUG { |