Code Review Request for 7030966, Support AEAD CipherSuites (JSSE part of JEP 115)

Bradford Wetmore bradford.wetmore at oracle.com
Sat Jan 19 08:09:18 UTC 2013


>>>> EngineOutputRecord.java
>>>> =======================
>>>> 294/296:  Another great comment.  I might suggest reversing the
>>>> comments so that the comment about AEAD is in the AEAD arm, and CBC is
>>>> outside.
>>>>
>>> I'm not sure I catch your ideas. ;-) Would you please show me the code?
>>
>> Just a simple reversal of the lines so that the code you're talking
>> about is contained in the block that handles it:
>>
>>      if (!writeCipher.isAEADMode()) {
>>          // DON'T encrypt the nonce_explicit for AEAD mode
>>          dstBB.position(dstPos + headerSize);
>>      }   // The explicit IV in TLS 1.1 and later can be encrypted.
>>
>> Hope that's clearer.
>>
> Looks like my logic is correct.  If the cipher is not AEAD mode, the
> explicit IV can be encrypted; (otherwise) if the cipher is AEAD mode,
> don't encrypt the nonce_explicit.
>
>     if (!writeCipher.isAEADMode()) {
>         // The explicit IV in TLS 1.1 and later can be encrypted.
>         dstBB.position(dstPos + headerSize);
>     }   // Otherwise, DON'T encrypt the nonce_explicit for AEAD mode

Good grief.  I obviously need more sleep.  My apologies.  :(

Brad




More information about the security-dev mailing list