Revert "Small refactoring of record encryption code"
This reverts commit 1782162852
.
This commit is contained in:
parent
1782162852
commit
e81269b57e
23
conn.go
23
conn.go
@ -472,6 +472,12 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
|
|||||||
case aead:
|
case aead:
|
||||||
// explicitIVLen is always 0 for TLS1.3
|
// explicitIVLen is always 0 for TLS1.3
|
||||||
payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
|
payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
|
||||||
|
overhead := c.Overhead()
|
||||||
|
if hc.version >= VersionTLS13 {
|
||||||
|
overhead++ // TODO(kk): why this is done?
|
||||||
|
}
|
||||||
|
b.resize(len(b.data) + overhead)
|
||||||
|
|
||||||
nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
|
nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
|
||||||
if len(nonce) == 0 {
|
if len(nonce) == 0 {
|
||||||
nonce = hc.seq[:]
|
nonce = hc.seq[:]
|
||||||
@ -485,24 +491,17 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
|
|||||||
copy(hc.additionalData[8:], b.data[:3])
|
copy(hc.additionalData[8:], b.data[:3])
|
||||||
binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen))
|
binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen))
|
||||||
additionalData = hc.additionalData[:]
|
additionalData = hc.additionalData[:]
|
||||||
b.resize(len(b.data) + c.Overhead())
|
|
||||||
} else {
|
} else {
|
||||||
// In TLS1.3 1 byte of content type is encrypted
|
// opaque type
|
||||||
innerPlaintextLen := payloadLen + 1
|
payload = payload[:len(payload)+1]
|
||||||
payload = payload[:innerPlaintextLen]
|
payload[len(payload)-1] = b.data[0]
|
||||||
payload[innerPlaintextLen-1] = b.data[0]
|
|
||||||
|
|
||||||
// opaque_type
|
|
||||||
b.data[0] = byte(recordTypeApplicationData)
|
b.data[0] = byte(recordTypeApplicationData)
|
||||||
|
|
||||||
// Add AD header, see 5.2 of RFC8446
|
// Add AD header, see 5.2 of RFC8446
|
||||||
additionalData = make([]byte, 5)
|
additionalData = make([]byte, 5)
|
||||||
additionalData[0] = b.data[0]
|
additionalData[0] = byte(recordTypeApplicationData)
|
||||||
binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12)
|
binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12)
|
||||||
binary.BigEndian.PutUint16(additionalData[3:], uint16(innerPlaintextLen+c.Overhead()))
|
binary.BigEndian.PutUint16(additionalData[3:], uint16(payloadLen+overhead))
|
||||||
|
|
||||||
// make room for TLSCiphertext.encrypted_record
|
|
||||||
b.resize(innerPlaintextLen + recordHeaderLen + c.Overhead())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Seal(payload[:0], nonce, payload, additionalData)
|
c.Seal(payload[:0], nonce, payload, additionalData)
|
||||||
|
Loading…
Reference in New Issue
Block a user