Use seq_num as AEAD nonce by default

2025-08-01 10:06:53 +03:00 · 2014-10-29 22:29:20 +01:00
parent a6c5ea2c43
commit d056ce0e3e
3 changed files with 31 additions and 0 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -781,6 +781,18 @@
 */
 #define POLARSSL_SELF_TEST

+/**
+ * \def POLARSSL_SSL_AEAD_RANDOM_IV
+ *
+ * Generate a random IV rather than using the record sequence number as a
+ * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
+ *
+ * Using the sequence number is generally recommended.
+ *
+ * Uncomment this macro to always use random IVs with AEAD ciphersuites.
+ */
+//#define POLARSSL_SSL_AEAD_RANDOM_IV
+
 /**
 * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
 *