commit 28dd49faecf567bd946503dd4e3aa65985e659dd
author Dr. Stephen Henson <steve@openssl.org> Wed Aug 03 15:37:22 2011 +0000
committer Dr. Stephen Henson <steve@openssl.org> Wed Aug 03 15:37:22 2011 +0000
tree f667a5fdb9176f418011edbdcabf9b9fe6e14ffc
parent 3699ec605602cf8ce7400bdbd164ebd9ed658b4c

Expand range of ctrls for AES GCM to support retrieval and setting of
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.

ssl/s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index d1a18ee..eba442d 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -742,12 +742,18 @@
 	plen=p; 
 	p+=2;
 	/* Explicit IV length, block ciphers and TLS version 1.1 or later */
-	if (s->enc_write_ctx && s->version >= TLS1_1_VERSION
-		&& EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)
+	if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
 		{
-		eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
-		if (eivlen <= 1)
-			eivlen = 0;
+		int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+		if (mode == EVP_CIPH_CBC_MODE)
+			{
+			eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+			if (eivlen <= 1)
+				eivlen = 0;
+			}
+		/* Need explicit part of IV for GCM mode */
+		else if (mode == EVP_CIPH_GCM_MODE)
+			eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
 		}
 	else 
 		eivlen = 0;