ea72bd0b60
The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
10 lines
256 B
Plaintext
10 lines
256 B
Plaintext
# These test vectors have been taken from
|
|
# http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
|
|
|
|
KEY: 000102030405060708090A0B0C0D0E0F
|
|
NONCE:
|
|
IN: 00112233445566778899AABBCCDDEEFF
|
|
AD:
|
|
CT: 1FA68B0A8112B447AEF34BD8FB5A7B82
|
|
TAG: 9D3E862371D2CFE5
|