Code Review Request for 7030966, Support AEAD CipherSuites (JSSE part of JEP 115)
Bradford Wetmore
bradford.wetmore at oracle.com
Sat Jan 19 08:09:18 UTC 2013
>>>> EngineOutputRecord.java
>>>> =======================
>>>> 294/296: Another great comment. I might suggest reversing the
>>>> comments so that the comment about AEAD is in the AEAD arm, and CBC is
>>>> outside.
>>>>
>>> I'm not sure I catch your ideas. ;-) Would you please show me the code?
>>
>> Just a simple reversal of the lines so that the code you're talking
>> about is contained in the block that handles it:
>>
>> if (!writeCipher.isAEADMode()) {
>> // DON'T encrypt the nonce_explicit for AEAD mode
>> dstBB.position(dstPos + headerSize);
>> } // The explicit IV in TLS 1.1 and later can be encrypted.
>>
>> Hope that's clearer.
>>
> Looks like my logic is correct. If the cipher is not AEAD mode, the
> explicit IV can be encrypted; (otherwise) if the cipher is AEAD mode,
> don't encrypt the nonce_explicit.
>
> if (!writeCipher.isAEADMode()) {
> // The explicit IV in TLS 1.1 and later can be encrypted.
> dstBB.position(dstPos + headerSize);
> } // Otherwise, DON'T encrypt the nonce_explicit for AEAD mode
Good grief. I obviously need more sleep. My apologies. :(
Brad
More information about the security-dev
mailing list