Google Git
Sign in
boringssl / boringssl / f0fd37323bfb173d88a782653259f4766d4f09ba^! / .
commitf0fd37323bfb173d88a782653259f4766d4f09ba[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sat Aug 30 21:56:06 2014 -0400
committerAdam Langley <agl@google.com>Tue Sep 02 22:42:26 2014 +0000
tree1c17666996cf84e0c9e96c1500c61fd749c97578
parent8a5825e4c7238eef74f8a7ad5b054914e16899cb [diff]
Remove remnants of EVP_CIPHER-based AES_GCM cipher.

Those codepaths are never hit.

Change-Id: Ib6908ebe90ab667774785298fdc3f96acc4b50df
Reviewed-on: https://boringssl-review.googlesource.com/1693
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index e80734e..4af096d 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c

@@ -181,13 +181,6 @@
 			}
 		}
 
-	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
-		{
-		/* padding is already verified */
-		rec->length -= padding_length + 1;
-		return 1;
-		}
-
 	good = constant_time_ge(rec->length, overhead+padding_length);
 	/* The padding consists of a length byte at the end of the record and
 	 * then that many bytes of padding, all with the same value as the

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 12c5467..864e48d 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c

@@ -760,9 +760,6 @@
 			if (eivlen <= 1)
 				eivlen = 0;
 			}
-		/* Need explicit part of IV for GCM mode */
-		else if (mode == EVP_CIPH_GCM_MODE)
-			eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
 		else
 			eivlen = 0;
 		}

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 691b5fd..8361007 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c

@@ -354,8 +354,7 @@
 	if (!ssl_cipher_get_mac(s, md, mac_pkey_type, mac_secret_size))
 		return 0;
 
-	if ((*enc != NULL) &&
-	    (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+	if ((*enc != NULL) && (*md != NULL) &&
 	    (!mac_pkey_type||*mac_pkey_type != NID_undef))
 		{
 		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index a2d96d6..abe5183 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c

@@ -521,11 +521,7 @@
 	else
 		{
 		key_len = EVP_CIPHER_key_length(cipher);
-
-		if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
-			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
-		else
-			iv_len = EVP_CIPHER_iv_length(cipher);
+		iv_len = EVP_CIPHER_iv_length(cipher);
 		}
 
 	key_data = s->s3->tmp.key_block;
@@ -617,11 +613,7 @@
 		if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size))
 			goto cipher_unavailable_err;
 		key_len = EVP_CIPHER_key_length(c);
-
-		if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
-		else
-			iv_len = EVP_CIPHER_iv_length(c);
+		iv_len = EVP_CIPHER_iv_length(c);
 		}
 
 	s->s3->tmp.new_aead=aead;
@@ -951,12 +943,6 @@
 						?(i<0)
 						:(i==0))
 			return -1;	/* AEAD can fail to verify MAC */
-		if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send)
-			{
-			rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			}
 
 #ifdef KSSL_DEBUG
 		{