From 299510e889853f2c95ce1ccb0aeeedc074618b07 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 9 Jul 2021 16:55:11 +0200 Subject: [PATCH] Correction to comments and changelog removed Signed-off-by: TRodziewicz --- ChangeLog.d/issue4564.txt | 3 --- library/ssl_misc.h | 11 +++-------- tests/suites/test_suite_ssl.function | 4 +++- 3 files changed, 6 insertions(+), 12 deletions(-) delete mode 100644 ChangeLog.d/issue4564.txt diff --git a/ChangeLog.d/issue4564.txt b/ChangeLog.d/issue4564.txt deleted file mode 100644 index 286c31b37b..0000000000 --- a/ChangeLog.d/issue4564.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Remove all instances of MBEDTLS_SSL_MINOR_VERSION_1 and - MBEDTLS_SSL_MINOR_VERSION_2 and related dead code and tests. Fixes #4564. diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e16f4f4147..9c82bc36c3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -661,18 +661,13 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * - For stream/CBC, (static) encryption/decryption keys for the digest. * - For AEAD transformations, the size (potentially 0) of an explicit, * random initialization vector placed in encrypted records. - * - For some transformations (currently AEAD) an implicit IV. It may be static - * (e.g. AEAD) or dynamic (e.g. CBC) and (if present) is combined with the - * explicit IV in a transformation-dependent way (e.g. appending in TLS 1.2 - * and XOR'ing in TLS 1.3). + * - For some transformations (currently AEAD) an implicit IV. It is static + * and (if present) is combined with the explicit IV in a transformation- + * -dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3). * - For stream/CBC, a flag determining the order of encryption and MAC. * - The details of the transformation depend on the SSL/TLS version. * - The length of the authentication tag. * - * Note: These parameters are constant across multiple encryption/decryption - * operations. For CBC, the implicit IV needs to be updated after each - * operation. - * * The struct below refines this abstract view as follows: * - The cipher underlying the transformation is managed in * cipher contexts cipher_ctx_{enc/dec}, which must have the diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 93d6256bde..36fbf77dea 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3464,7 +3464,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, * Test record decryption for CBC without EtM, focused on the verification * of padding and MAC. * - * Actually depends on TLS 1.2 and AES. + * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since + * the test framework doesn't support alternation in dependency statements, + * just depend on AES. * * The length_selector argument is interpreted as follows: * - if it's -1, the plaintext length is 0 and minimal padding is applied