mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:05:35 +00:00
Use seq_num as AEAD nonce by default
This commit is contained in:
parent
a6c5ea2c43
commit
d056ce0e3e
|
@ -1,5 +1,11 @@
|
||||||
PolarSSL ChangeLog (Sorted per branch, date)
|
PolarSSL ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= PolarSSL 1.3.z branch
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to
|
||||||
|
switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
|
||||||
|
|
||||||
= PolarSSL 1.3.9 released 2014-10-20
|
= PolarSSL 1.3.9 released 2014-10-20
|
||||||
Security
|
Security
|
||||||
* Lowest common hash was selected from signature_algorithms extension in
|
* Lowest common hash was selected from signature_algorithms extension in
|
||||||
|
|
|
@ -781,6 +781,18 @@
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_SELF_TEST
|
#define POLARSSL_SELF_TEST
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_SSL_AEAD_RANDOM_IV
|
||||||
|
*
|
||||||
|
* Generate a random IV rather than using the record sequence number as a
|
||||||
|
* nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
|
||||||
|
*
|
||||||
|
* Using the sequence number is generally recommended.
|
||||||
|
*
|
||||||
|
* Uncomment this macro to always use random IVs with AEAD ciphersuites.
|
||||||
|
*/
|
||||||
|
//#define POLARSSL_SSL_AEAD_RANDOM_IV
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
|
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
|
||||||
*
|
*
|
||||||
|
|
|
@ -1137,6 +1137,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||||
/*
|
/*
|
||||||
* Generate IV
|
* Generate IV
|
||||||
*/
|
*/
|
||||||
|
#if defined(POLARSSL_SSL_AEAD_RANDOM_IV)
|
||||||
ret = ssl->f_rng( ssl->p_rng,
|
ret = ssl->f_rng( ssl->p_rng,
|
||||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||||
|
@ -1146,6 +1147,18 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||||
memcpy( ssl->out_iv,
|
memcpy( ssl->out_iv,
|
||||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||||
|
#else
|
||||||
|
if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
|
||||||
|
{
|
||||||
|
/* Reminder if we ever add an AEAD mode with a different size */
|
||||||
|
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||||
|
ssl->out_ctr, 8 );
|
||||||
|
memcpy( ssl->out_iv, ssl->out_ctr, 8 );
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
|
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
|
||||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||||
|
|
Loading…
Reference in a new issue