commit 2f3404bb810a0a78ff0415b846d6264c7c691361
author Steven Valdez <svaldez@google.com> Wed May 24 16:54:35 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri May 26 20:06:36 2017 +0000
tree 71b567f67786b9f95ca3b96ecda70930ec4c5baf
parent 2d04cf08cb3413ba9c7271a1884ceca00c56c7e2

Enforce incrementing counter for TLS 1.2 AES-GCM.

Change-Id: I7e790bc176369f2a57cc486c3dc960971faf019d
Reviewed-on: https://boringssl-review.googlesource.com/16625
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/tls13_enc.c

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 3a7009c..2137fe2 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -137,7 +137,7 @@
   const EVP_AEAD *aead;
   size_t discard;
   if (!ssl_cipher_get_evp_aead(&aead, &discard, &discard, session->cipher,
-                               version)) {
+                               version, SSL_is_dtls(ssl))) {
     return 0;
   }
 
@@ -160,8 +160,9 @@
     return 0;
   }
 
-  SSL_AEAD_CTX *traffic_aead = SSL_AEAD_CTX_new(
-      direction, version, session->cipher, key, key_len, NULL, 0, iv, iv_len);
+  SSL_AEAD_CTX *traffic_aead =
+      SSL_AEAD_CTX_new(direction, version, SSL_is_dtls(ssl), session->cipher,
+                       key, key_len, NULL, 0, iv, iv_len);
   if (traffic_aead == NULL) {
     return 0;
   }