From 8db1e7ef7ae69fd881d0476e731136c1ebf79e29 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Tue, 31 May 2022 19:03:59 +0200 Subject: [PATCH] ssl3_record_tls13.c: preliminarily fix tests and add TODOs --- ssl/record/ssl3_record_tls13.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index d9251fa4f5845..8472a616f492a 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -102,8 +102,8 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } else if (alg_enc & SSL_CHACHA20) { taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; } else { -#if 1 - taglen = 16; +#if 0 + taglen = 16; /* TODO this likely goes wrong for existing ciphers */ #else SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -121,7 +121,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } /* Set up IV */ - ivlen = 16; +#if 0 + ivlen = 16; /* TODO this goes wrong for existing ciphers */ +#endif if (ivlen < SEQ_NUM_SIZE) { /* Should not happen */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -164,15 +166,15 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 0; } - /*Check if it is a MAC cipher. We need to increase the record length.*/ - +#if 0 + /* Check if it is a MAC cipher. We need to increase the record length. */ if (sending) { - int hmac_size = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, taglen, rec->data + rec->length); + int hmac_size = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, taglen, rec->data + rec->length); /* TODO this goes wrong for other ciphers */ if (hmac_size > 0){ - rec->length += hmac_size; //Add the hash resulted from hmac. + rec->length += hmac_size; /* Add the hash resulted from hmac. */ } } - +#endif /* * For CCM we must explicitly set the total plaintext length before we add @@ -191,12 +193,15 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 0; } +#if 0 + /* Check if it is a MAC cipher. We need to decrease the record length. */ if (!sending) { - int hmac_size = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, taglen, rec->data + rec->length); + int hmac_size = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, taglen, rec->data + rec->length); /* TODO this goes wrong for other ciphers */ if (hmac_size > 0){ - rec->length -= hmac_size; //Remove the hash resulted from hmac. + rec->length -= hmac_size; /* Remove the hash resulted from hmac. */ } } +#endif if (sending) { /* Add the tag */