Adjust minimum length for EtM
This commit is contained in:
parent
78e745fc0a
commit
169dd6a514
2 changed files with 37 additions and 5 deletions
|
@ -601,12 +601,23 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
{
|
||||
/*
|
||||
* GenericBlockCipher:
|
||||
* first multiple of blocklen greater than maclen
|
||||
* + IV except for SSL3 and TLS 1.0
|
||||
* 1. if EtM is in use: one block plus MAC
|
||||
* otherwise: * first multiple of blocklen greater than maclen
|
||||
* 2. IV except for SSL3 and TLS 1.0
|
||||
*/
|
||||
transform->minlen = transform->maclen
|
||||
+ cipher_info->block_size
|
||||
- transform->maclen % cipher_info->block_size;
|
||||
#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
|
||||
if( session->encrypt_then_mac == SSL_ETM_ENABLED )
|
||||
{
|
||||
transform->minlen = transform->maclen
|
||||
+ cipher_info->block_size;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
transform->minlen = transform->maclen
|
||||
+ cipher_info->block_size
|
||||
- transform->maclen % cipher_info->block_size;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_0 ||
|
||||
|
|
|
@ -1864,6 +1864,13 @@ run_test "Small packet TLS 1.0 BlockCipher" \
|
|||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.0 BlockCipher without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1 \
|
||||
|
@ -1887,6 +1894,13 @@ run_test "Small packet TLS 1.1 BlockCipher" \
|
|||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.1 BlockCipher without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.1 StreamCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
|
@ -1917,6 +1931,13 @@ run_test "Small packet TLS 1.2 BlockCipher" \
|
|||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.2 BlockCipher without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1_2 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
|
||||
|
|
Loading…
Reference in a new issue