*/
if (auth_cipher)
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- else if (iv_size > 0)
+ else if (block_algo == CIPHER_STREAM && iv_size > 0)
_gnutls_auth_cipher_setiv(¶ms->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
}
int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
int auth_cipher = _gnutls_auth_cipher_is_aead(¶ms->write.cipher_state);
uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
+ unsigned iv_size;
+
+ iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
_gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
session, gnutls_cipher_get_name(params->cipher_algorithm), gnutls_mac_get_name(params->mac_algorithm),
cipher_data += AEAD_EXPLICIT_DATA_SIZE;
length += AEAD_EXPLICIT_DATA_SIZE;
}
+ else if (iv_size > 0)
+ _gnutls_auth_cipher_setiv(¶ms->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
}
else
{
unsigned int ver = gnutls_protocol_get_version (session);
unsigned int tag_size = _gnutls_auth_cipher_tag_len (¶ms->read.cipher_state);
unsigned int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
-
+ unsigned iv_size;
+
+ iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
/* actual decryption (inplace)
length_to_decrypt = ciphertext->size - tag_size;
}
+ else if (iv_size > 0)
+ { /* a stream cipher with explicit IV */
+ _gnutls_auth_cipher_setiv(¶ms->read.cipher_state, UINT64DATA(*sequence), 8);
+ length_to_decrypt = ciphertext->size;
+ }
else
{
if (ciphertext->size < tag_size)