diff options
author | Jack Lloyd <[email protected]> | 2016-09-01 13:40:26 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-09-01 14:16:38 -0400 |
commit | 507d926da825fbc1d9d74b4517dbab47702c66b9 (patch) | |
tree | 22ac0e4a9c85fb3583d478a41ba1c46aeced5ec3 /src/lib/tls | |
parent | e4656be6a8e601b64c759906bacf543388b3cf22 (diff) |
Cipher_Mode API improvements
The Cipher_Mode::update API is more general than needed to just
support ciphers (this is due to it previously being an API of
Transform which before 8b85b780515 was Cipher_Mode's base class)
Define a less general interface `process` which either processes the
blocks in-place, producing exactly as much output as there was input,
or (SIV/CCM case) saves the entire message for processing in `finish`.
These two uses cover all current or anticipated cipher modes.
Leaves `update` for compatability with existing callers; all that is
needed is an inline function forwarding to `process`.
Removes the return type from `start` - in all cipher implementations,
this always returned an empty vector.
Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used
for argument checking in some places, which is not right at all.
Diffstat (limited to 'src/lib/tls')
-rw-r--r-- | src/lib/tls/tls_record.cpp | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 877b81b41..4a52aa4a9 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -190,7 +190,6 @@ void write_record(secure_vector<byte>& output, const std::vector<byte> nonce = cs->aead_nonce(seq); - // wrong if start returns something const size_t rec_size = ctext_size + cs->nonce_bytes_from_record(); BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field"); @@ -203,13 +202,11 @@ void write_record(secure_vector<byte>& output, { output += std::make_pair(&nonce[cs->nonce_bytes_from_handshake()], cs->nonce_bytes_from_record()); } - BOTAN_ASSERT(aead->start(nonce).empty(), "AEAD doesn't return anything from start"); - - const size_t offset = output.size(); + const size_t header_size = output.size(); output += std::make_pair(msg.get_data(), msg.get_size()); - aead->finish(output, offset); - BOTAN_ASSERT(output.size() == offset + ctext_size, "Expected size"); + aead->start(nonce); + aead->finish(output, header_size); BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE, "Produced ciphertext larger than protocol allows"); @@ -469,7 +466,7 @@ void decrypt_record(secure_vector<byte>& output, cs.format_ad(record_sequence, record_type, record_version, static_cast<u16bit>(ptext_size)) ); - output += aead->start(nonce); + aead->start(nonce); const size_t offset = output.size(); output += std::make_pair(msg, msg_length); |