Use contants for Chacha/Poly, redo algorithm expressions.

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-06 19:25:34 +00:00 · 2017-02-06 19:25:34 +00:00 · 20fc2051d2
commit 20fc2051d2
parent ec07b1d872
2 changed files with 11 additions and 4 deletions
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@ -374,6 +374,9 @@ typedef struct {
 /* Length of CCM8 tag for TLS */
 # define EVP_CCM8_TLS_TAG_LEN                            8

+/* Length of tag for TLS */
+# define EVP_CHACHAPOLY_TLS_TAG_LEN                      16
+
 typedef struct evp_cipher_info_st {
    const EVP_CIPHER *cipher;
    unsigned char iv[EVP_MAX_IV_LENGTH];
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@ -29,6 +29,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
    unsigned char *seq;
    int lenu, lenf;
    SSL3_RECORD *rec = &recs[0];
+    uint32_t alg_enc = s->s3->tmp.new_cipher->algorithm_enc;

    if (n_recs != 1) {
        /* Should not happen */
@ -53,17 +54,20 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
    }
    ivlen = EVP_CIPHER_CTX_iv_length(ctx);

-    if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CCM_MODE) {
-        if (s->s3->tmp.new_cipher->algorithm_enc
-                & (SSL_AES128CCM8 | SSL_AES256CCM8))
+    if (alg_enc & SSL_AESCCM) {
+        if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
            taglen = EVP_CCM8_TLS_TAG_LEN;
         else
            taglen = EVP_CCM_TLS_TAG_LEN;
         if (send && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
                                         NULL) <= 0)
            return -1;
-    } else {
+    } else if (alg_enc & SSL_AESGCM) {
        taglen = EVP_GCM_TLS_TAG_LEN;
+    } else if (alg_enc & SSL_CHACHA20) {
+        taglen = EVP_CHACHAPOLY_TLS_TAG_LEN;
+    } else {
+        return -1;
    }

    if (!send) {