AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Correction to comments and changelog removed

Browse Source 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz 2021-07-09 16:55:11 +02:00
parent 458280e67c
commit 299510e889
3 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.d/issue4564.txt
View File

@ -1,3 +0,0 @@
Removals
* Remove all instances of MBEDTLS_SSL_MINOR_VERSION_1 and
MBEDTLS_SSL_MINOR_VERSION_2 and related dead code and tests. Fixes #4564.

11
library/ssl_misc.h
View File

@ -661,18 +661,13 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
* - For stream/CBC, (static) encryption/decryption keys for the digest.
* - For AEAD transformations, the size (potentially 0) of an explicit,
* random initialization vector placed in encrypted records.
* - For some transformations (currently AEAD) an implicit IV. It may be static
* (e.g. AEAD) or dynamic (e.g. CBC) and (if present) is combined with the
* explicit IV in a transformation-dependent way (e.g. appending in TLS 1.2
* and XOR'ing in TLS 1.3).
* - For some transformations (currently AEAD) an implicit IV. It is static
* and (if present) is combined with the explicit IV in a transformation-
* -dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3).
* - For stream/CBC, a flag determining the order of encryption and MAC.
* - The details of the transformation depend on the SSL/TLS version.
* - The length of the authentication tag.
*
* Note: These parameters are constant across multiple encryption/decryption
* operations. For CBC, the implicit IV needs to be updated after each
* operation.
*
* The struct below refines this abstract view as follows:
* - The cipher underlying the transformation is managed in
* cipher contexts cipher_ctx_{enc/dec}, which must have the

4
tests/suites/test_suite_ssl.function
View File

@ -3464,7 +3464,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
* Test record decryption for CBC without EtM, focused on the verification
* of padding and MAC.
*
* Actually depends on TLS 1.2 and AES.
* Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since
* the test framework doesn't support alternation in dependency statements,
* just depend on AES.
*
* The length_selector argument is interpreted as follows:
* - if it's -1, the plaintext length is 0 and minimal padding is applied