Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / abbf365b6d53ed3445ba2bb40ffb8d5d07245cd4^! / . / include / openssl / ssl.h
commitabbf365b6d53ed3445ba2bb40ffb8d5d07245cd4[log] [tgz]
authorMartin Kreichgauer <martinkr@google.com>Fri Jul 21 16:27:54 2017 -0700
committerAdam Langley <agl@google.com>Fri Jul 28 21:42:25 2017 +0000
tree981fd6a504d59fd93fae61ea8113aedca8cd7e92
parent182b573329ea53590697a7c37aa876bb61713afb [diff] [blame]
Make the bssl::SealRecord out_suffix arg fixed length.

Similarly, add EVP_AEAD_CTX_tag_len which computes the exact tag length
for required by EVP_AEAD_CTX_seal_scatter.

Change-Id: I069b0ad16fab314fd42f6048a3c1dc45e8376f7f
Reviewed-on: https://boringssl-review.googlesource.com/18324
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 31af857..6bbf15d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -4620,8 +4620,16 @@
                                            uint8_t *out_alert,
                                            Span<uint8_t> in);
 
-OPENSSL_EXPORT size_t SealRecordPrefixLen(SSL *ssl, size_t plaintext_len);
-OPENSSL_EXPORT size_t SealRecordMaxSuffixLen(SSL *ssl);
+OPENSSL_EXPORT size_t SealRecordPrefixLen(const SSL *ssl, size_t plaintext_len);
+
+/* SealRecordSuffixLen returns the length of the suffix written by |SealRecord|.
+ *
+ * |plaintext_len| must be equal to the size of the plaintext passed to
+ * |SealRecord|.
+ *
+ * |plaintext_len| must not exceed |SSL3_RT_MAX_PLAINTEXT_LENGTH|. The returned
+ * suffix length will not exceed |SSL3_RT_MAX_ENCRYPTED_OVERHEAD|. */
+OPENSSL_EXPORT size_t SealRecordSuffixLen(const SSL *ssl, size_t plaintext_len);
 
 /*  *** EXPERIMENTAL -- DO NOT USE ***
  *
@@ -4630,9 +4638,9 @@
  * returns true on success or false if an error occurred.
  *
  * The length of |out_prefix| must equal |SealRecordPrefixLen|. The length of
- * |out| must equal the length of |in|. The length of |out_suffix| must equal
- * |MaxSealRecordSuffixLen|. |*out_suffix_len| is set to the actual number of
- * bytes written to |out_suffix|.
+ * |out| must equal the length of |in|, which must not exceed
+ * |SSL3_RT_MAX_PLAINTEXT_LENGTH|. The length of |out_suffix| must equal
+ * |SealRecordSuffixLen|.
  *
  * If enabled, |SealRecord| may perform TLS 1.0 CBC 1/n-1 record splitting.
  * |SealRecordPrefixLen| accounts for the required overhead if that is the case.
@@ -4641,7 +4649,7 @@
  * |out_prefix| and |out_suffix| may not alias anything. */
 OPENSSL_EXPORT bool SealRecord(SSL *ssl, Span<uint8_t> out_prefix,
                                Span<uint8_t> out, Span<uint8_t> out_suffix,
-                               size_t *out_suffix_len, Span<const uint8_t> in);
+                               Span<const uint8_t> in);
 
 }  // namespace bssl