commit abbf365b6d53ed3445ba2bb40ffb8d5d07245cd4
author Martin Kreichgauer <martinkr@google.com> Fri Jul 21 16:27:54 2017 -0700
committer Adam Langley <agl@google.com> Fri Jul 28 21:42:25 2017 +0000
tree 981fd6a504d59fd93fae61ea8113aedca8cd7e92
parent 182b573329ea53590697a7c37aa876bb61713afb

Make the bssl::SealRecord out_suffix arg fixed length.

Similarly, add EVP_AEAD_CTX_tag_len which computes the exact tag length
for required by EVP_AEAD_CTX_seal_scatter.

Change-Id: I069b0ad16fab314fd42f6048a3c1dc45e8376f7f
Reviewed-on: https://boringssl-review.googlesource.com/18324
Reviewed-by: Adam Langley <agl@google.com>

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 2297964..4556fb7 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -3773,12 +3773,11 @@
   const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
   std::vector<uint8_t> prefix(
       bssl::SealRecordPrefixLen(client.get(), record.size())),
-      body(record.size()), suffix(bssl::SealRecordMaxSuffixLen(client.get()));
-  size_t suffix_size;
+      body(record.size()),
+      suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
   ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
                                bssl::MakeSpan(body), bssl::MakeSpan(suffix),
-                               &suffix_size, record));
-  suffix.resize(suffix_size);
+                               record));
 
   std::vector<uint8_t> sealed;
   sealed.insert(sealed.end(), prefix.begin(), prefix.end());
@@ -3819,12 +3818,10 @@
   std::vector<uint8_t> record = plaintext;
   std::vector<uint8_t> prefix(
       bssl::SealRecordPrefixLen(client.get(), record.size())),
-      suffix(bssl::SealRecordMaxSuffixLen(client.get()));
-  size_t suffix_size;
+      suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
   ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
                                bssl::MakeSpan(record), bssl::MakeSpan(suffix),
-                               &suffix_size, record));
-  suffix.resize(suffix_size);
+                               record));
   record.insert(record.begin(), prefix.begin(), prefix.end());
   record.insert(record.end(), suffix.begin(), suffix.end());
 
@@ -3860,12 +3857,10 @@
   std::vector<uint8_t> record = plaintext;
   std::vector<uint8_t> prefix(
       bssl::SealRecordPrefixLen(client.get(), record.size())),
-      suffix(bssl::SealRecordMaxSuffixLen(client.get()));
-  size_t suffix_size;
+      suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
   ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
                                bssl::MakeSpan(record), bssl::MakeSpan(suffix),
-                               &suffix_size, record));
-  suffix.resize(suffix_size);
+                               record));
   record.insert(record.begin(), prefix.begin(), prefix.end());
   record.insert(record.end(), suffix.begin(), suffix.end());
   record.insert(record.end(), {5, 4, 3, 2, 1});
@@ -3901,8 +3896,8 @@
   std::vector<uint8_t> record = {1, 2, 3, 4, 5};
   std::vector<uint8_t> prefix(
       bssl::SealRecordPrefixLen(client.get(), record.size())),
-      suffix(bssl::SealRecordMaxSuffixLen(client.get()));
-  size_t suffix_size;
+      body(record.size()),
+      suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
 
   auto expect_err = []() {
     int err = ERR_get_error();
@@ -3912,31 +3907,31 @@
   };
   EXPECT_FALSE(bssl::SealRecord(
       client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
-      bssl::MakeSpan(record), bssl::MakeSpan(suffix), &suffix_size, record));
+      bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
   expect_err();
   EXPECT_FALSE(bssl::SealRecord(
       client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
-      bssl::MakeSpan(record), bssl::MakeSpan(suffix), &suffix_size, record));
+      bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
   expect_err();
 
   EXPECT_FALSE(
       bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
                        bssl::MakeSpan(record.data(), record.size() - 1),
-                       bssl::MakeSpan(suffix), &suffix_size, record));
+                       bssl::MakeSpan(suffix), record));
   expect_err();
   EXPECT_FALSE(
       bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
                        bssl::MakeSpan(record.data(), record.size() + 1),
-                       bssl::MakeSpan(suffix), &suffix_size, record));
+                       bssl::MakeSpan(suffix), record));
   expect_err();
 
   EXPECT_FALSE(bssl::SealRecord(
       client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
-      bssl::MakeSpan(suffix.data(), suffix.size() - 1), &suffix_size, record));
+      bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
   expect_err();
   EXPECT_FALSE(bssl::SealRecord(
       client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
-      bssl::MakeSpan(suffix.data(), suffix.size() + 1), &suffix_size, record));
+      bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
   expect_err();
 }