Google Git
Sign in
boringssl/boringssl.git/7f1d5d5932e123d3999453c0cd80c8538d5527c6^!/.
commit
7f1d5d5932e123d3999453c0cd80c8538d5527c6
[log]
author
David Benjamin <davidben@chromium.org>
Wed Jan 14 17:24:53 2015 -0500
committer
Adam Langley <agl@google.com>
Fri Jan 16 02:05:45 2015 +0000
tree
55c2a802831615970ec76739a1162398fc5533e7
parent
f0eb1698291c00c60f76f8207b9fa9c079e75c12 [diff]
Follow-ups from recent patch train.

Comment fixups and a mismerge in aead_test. Also some buffer was larger than
needed.

Change-Id: I0e158089f42801575833684912f9edb206f61007
Reviewed-on: https://boringssl-review.googlesource.com/2870
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/cipher/aead_test.c b/crypto/cipher/aead_test.c
index df8123b..dac022f 100644
--- a/crypto/cipher/aead_test.c
+++ b/crypto/cipher/aead_test.c

@@ -157,15 +157,6 @@
       return 0;
     }
 
-    /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
-     * reset after each operation. */
-    EVP_AEAD_CTX_cleanup(&ctx);
-    if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],
-                           NULL)) {
-      fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
-      return 0;
-    }
-
     /* Garbage at the end isn't ignored. */
     out[ciphertext_len] = 0;
     if (EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, ciphertext_len + 1,
@@ -176,6 +167,15 @@
     }
     ERR_clear_error();
 
+    /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
+     * reset after each operation. */
+    EVP_AEAD_CTX_cleanup(&ctx);
+    if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],
+                           NULL)) {
+      fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
+      return 0;
+    }
+
     /* Verify integrity is checked. */
     out[0] ^= 0x80;
     if (EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, ciphertext_len, bufs[NONCE],

diff --git a/crypto/cipher/e_ssl3.c b/crypto/cipher/e_ssl3.c
index 1b54109..d9dec68 100644
--- a/crypto/cipher/e_ssl3.c
+++ b/crypto/cipher/e_ssl3.c

@@ -58,7 +58,7 @@
   EVP_MD_CTX md_ctx;
   EVP_MD_CTX_init(&md_ctx);
 
-  uint8_t pad[EVP_MAX_MD_SIZE];
+  uint8_t pad[48];
   uint8_t tmp[EVP_MAX_MD_SIZE];
   memset(pad, 0x36, pad_len);
   if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) ||
@@ -192,7 +192,7 @@
     return 0;
   }
 
-  if (ad_len != 11 - 2) {
+  if (ad_len != 11 - 2 /* length bytes */) {
     OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_AD_SIZE);
     return 0;
   }
@@ -275,7 +275,7 @@
     return 0;
   }
 
-  if (ad_len != 11 - 2) {
+  if (ad_len != 11 - 2 /* length bytes */) {
     OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_AD_SIZE);
     return 0;
   }

diff --git a/crypto/cipher/e_tls.c b/crypto/cipher/e_tls.c
index 2134bad..8ac1aae 100644
--- a/crypto/cipher/e_tls.c
+++ b/crypto/cipher/e_tls.c

@@ -164,7 +164,7 @@
     return 0;
   }
 
-  if (ad_len != 13 - 2) {
+  if (ad_len != 13 - 2 /* length bytes */) {
     OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_AD_SIZE);
     return 0;
   }
@@ -266,7 +266,7 @@
     return 0;
   }
 
-  if (ad_len != 13 - 2) {
+  if (ad_len != 13 - 2 /* length bytes */) {
     OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_AD_SIZE);
     return 0;
   }

diff --git a/crypto/cipher/internal.h b/crypto/cipher/internal.h
index bd49f57..2b8fb05 100644
--- a/crypto/cipher/internal.h
+++ b/crypto/cipher/internal.h

@@ -165,7 +165,7 @@
  * record.
  *
  *   md: the hash function used in the HMAC.
- *     tls_cbc_record_digest_supported must return true for this hash.
+ *     EVP_tls_cbc_record_digest_supported must return true for this hash.
  *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
  *   md_out_size: the number of output bytes is written here.
  *   header: the 13-byte, TLS record header.