git.openssl.org Git - openssl.git/commit

author	Maxim Masiutin <maxim.masiutin@gmail.com>
	Tue, 29 Sep 2020 15:40:56 +0000 (18:40 +0300)
committer	Tomas Mraz <tmraz@fedoraproject.org>
	Fri, 2 Oct 2020 06:49:47 +0000 (08:49 +0200)
commit	62f27ab9dcf29876b15cdae704c3a04b4c8a6344
tree	3daef0559261ca803a7576007b08ddeefb3d0590	tree \| snapshot
parent	f21c9c64f53484d4abe25b76d29350ed683db855	commit \| diff

TLS AEAD ciphers: more bytes for key_block than needed

Fixes #12007
The key_block length was not written to trace, thus it was not obvious
that extra key_bytes were generated for TLS AEAD.

The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers
to figure out how many bytes from the key_block were needed for the IV.
The correct way was to take cipher mode (GCM, CCM, etc) into
consideration rather than simply callin the general function
EVP_CIPHER_iv_length.

The new function tls_iv_length_within_key_block takes this into
consideration.

Besides that, the order of addendums was counter-intuitive MAC length
was second, but it have to be first to correspond the order given in the RFC.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13035)