aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-09-01 13:40:26 -0400
committerJack Lloyd <[email protected]>2016-09-01 14:16:38 -0400
commit507d926da825fbc1d9d74b4517dbab47702c66b9 (patch)
tree22ac0e4a9c85fb3583d478a41ba1c46aeced5ec3 /src/lib/tls
parente4656be6a8e601b64c759906bacf543388b3cf22 (diff)
Cipher_Mode API improvements
The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tls_record.cpp11
1 files changed, 4 insertions, 7 deletions
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index 877b81b41..4a52aa4a9 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -190,7 +190,6 @@ void write_record(secure_vector<byte>& output,
const std::vector<byte> nonce = cs->aead_nonce(seq);
- // wrong if start returns something
const size_t rec_size = ctext_size + cs->nonce_bytes_from_record();
BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field");
@@ -203,13 +202,11 @@ void write_record(secure_vector<byte>& output,
{
output += std::make_pair(&nonce[cs->nonce_bytes_from_handshake()], cs->nonce_bytes_from_record());
}
- BOTAN_ASSERT(aead->start(nonce).empty(), "AEAD doesn't return anything from start");
-
- const size_t offset = output.size();
+ const size_t header_size = output.size();
output += std::make_pair(msg.get_data(), msg.get_size());
- aead->finish(output, offset);
- BOTAN_ASSERT(output.size() == offset + ctext_size, "Expected size");
+ aead->start(nonce);
+ aead->finish(output, header_size);
BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE,
"Produced ciphertext larger than protocol allows");
@@ -469,7 +466,7 @@ void decrypt_record(secure_vector<byte>& output,
cs.format_ad(record_sequence, record_type, record_version, static_cast<u16bit>(ptext_size))
);
- output += aead->start(nonce);
+ aead->start(nonce);
const size_t offset = output.size();
output += std::make_pair(msg, msg_length);