diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c index 2be3256..098bb2d 100644 --- a/ssl/ssl_rec.c +++ b/ssl/ssl_rec.c @@ -142,7 +142,7 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv) This is necessary for AEAD ciphers, because we must wait to fully initialize the cipher in order to include the implicit IV */ - if(cs->enc==0x3b || cs->enc==0x3c){ + if(IS_AEAD_CIPHER(cs)){ sk=NULL; iv=NULL; } @@ -208,8 +208,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) UCHAR *mac,*iv,aead_tag[13],aead_nonce[12]; CRDUMP("Ciphertext",in,inl); - - if(d->cs->enc==0x3b || d->cs->enc==0x3c){ + if(IS_AEAD_CIPHER(d->cs)){ memcpy(aead_nonce,d->implicit_iv->data,d->implicit_iv->len); memcpy(aead_nonce+d->implicit_iv->len,in,12-d->implicit_iv->len); in+=12-d->implicit_iv->len; diff --git a/ssl/ssl_rec.h b/ssl/ssl_rec.h index 203f55f..fa91b00 100644 --- a/ssl/ssl_rec.h +++ b/ssl/ssl_rec.h @@ -55,5 +55,6 @@ int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp, int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d, int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); +#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c) #endif diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 499680e..32946e9 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -889,7 +889,7 @@ static int ssl_generate_keying_material(ssl,d) /* Compute the key block. First figure out how much data we need*/ /* Ideally find a cleaner way to check for AEAD cipher */ - needed=(ssl->cs->enc!=0x3b && ssl->cs->enc!=0x3c)?ssl->cs->dig_len*2:0; + needed=!IS_AEAD_CIPHER(ssl->cs)?ssl->cs->dig_len*2:0; needed+=ssl->cs->bits / 4; if(ssl->cs->block>1) needed+=ssl->cs->block*2; @@ -902,7 +902,7 @@ static int ssl_generate_keying_material(ssl,d) ptr=key_block->data; /* Ideally find a cleaner way to check for AEAD cipher */ - if(ssl->cs->enc!=0x3b && ssl->cs->enc!=0x3c){ + if(!IS_AEAD_CIPHER(ssl->cs)){ c_mk=ptr; ptr+=ssl->cs->dig_len; s_mk=ptr; ptr+=ssl->cs->dig_len; }