diff options
| author | Matt Caswell <matt@openssl.org> | 2016-11-17 18:00:17 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-11-29 23:31:10 +0000 |
| commit | bebc0c7d85a7484f1c5d0123f24cdc3c6b150243 (patch) | |
| tree | 61127e8e2f69031b9a82c42d972960b6735419e2 /engines | |
| parent | 54d028aa0f5dc50ec64a8d99ed43b81519b0443b (diff) | |
| download | openssl-bebc0c7d85a7484f1c5d0123f24cdc3c6b150243.tar.gz | |
Use the TLSv1.3 nonce construction
This updates the record layer to use the TLSv1.3 style nonce construciton.
It also updates TLSProxy and ossltest to be able to recognise the new
layout.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'engines')
| -rw-r--r-- | engines/e_ossltest.c | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index afa5edfeec..32d3118e70 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -617,33 +617,46 @@ int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - const size_t datalen = inl - EVP_GCM_TLS_EXPLICIT_IV_LEN - - EVP_GCM_TLS_TAG_LEN; - unsigned char *tmpbuf = OPENSSL_malloc(datalen); + unsigned char *tmpbuf = OPENSSL_malloc(inl); - if (tmpbuf == NULL) + if (tmpbuf == NULL && inl > 0) return -1; /* Remember what we were asked to encrypt */ - memcpy(tmpbuf, in + EVP_GCM_TLS_EXPLICIT_IV_LEN, datalen); + memcpy(tmpbuf, in, inl); /* Go through the motions of encrypting it */ EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl); /* - * Throw it all away and just use the plaintext as the output with empty - * IV and tag + * Throw it all away and just use the plaintext as the output */ - memset(out, 0, inl); - memcpy(out + EVP_GCM_TLS_EXPLICIT_IV_LEN, tmpbuf, datalen); + memcpy(out, tmpbuf, inl); OPENSSL_free(tmpbuf); - return 1; + return inl; } static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { + int ret; + /* Pass the ctrl down */ - return EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr); + ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr); + + if (ret <= 0) + return ret; + + switch(type) { + case EVP_CTRL_AEAD_GET_TAG: + /* Always give the same tag */ + memset(ptr, 0, EVP_GCM_TLS_TAG_LEN); + break; + + default: + break; + } + + return 1; } |