commit 2f3404bb810a0a78ff0415b846d6264c7c691361
author Steven Valdez <svaldez@google.com> Wed May 24 16:54:35 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri May 26 20:06:36 2017 +0000
tree 71b567f67786b9f95ca3b96ecda70930ec4c5baf
parent 2d04cf08cb3413ba9c7271a1884ceca00c56c7e2

Enforce incrementing counter for TLS 1.2 AES-GCM.

Change-Id: I7e790bc176369f2a57cc486c3dc960971faf019d
Reviewed-on: https://boringssl-review.googlesource.com/16625
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/t1_enc.c

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 9f11e05..6aa5e0c 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -338,7 +338,8 @@
   size_t mac_secret_len, fixed_iv_len;
   if (session->cipher == NULL ||
       !ssl_cipher_get_evp_aead(&aead, &mac_secret_len, &fixed_iv_len,
-                               session->cipher, ssl3_protocol_version(ssl))) {
+                               session->cipher, ssl3_protocol_version(ssl),
+                               SSL_is_dtls(ssl))) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
     return 0;
   }
@@ -428,7 +429,7 @@
   }
 
   SSL_AEAD_CTX *aead_ctx = SSL_AEAD_CTX_new(
-      is_read ? evp_aead_open : evp_aead_seal, ssl3_protocol_version(ssl),
+      is_read ? evp_aead_open : evp_aead_seal, ssl3_protocol_version(ssl), SSL_is_dtls(ssl),
       hs->new_cipher, key, key_len, mac_secret, mac_secret_len, iv, iv_len);
   if (aead_ctx == NULL) {
     return 0;