EngineOutputRecord.java
=======================
294/296: Another great comment. I might suggest reversing the
comments so that the comment about AEAD is in the AEAD arm, and CBC is
outside.
I'm not sure I catch your ideas. ;-) Would you please show me the code?
Just a simple reversal of the lines so that the code you're talking
about is contained in the block that handles it:
if (!writeCipher.isAEADMode()) {
// DON'T encrypt the nonce_explicit for AEAD mode
dstBB.position(dstPos + headerSize);
} // The explicit IV in TLS 1.1 and later can be encrypted.
Hope that's clearer.
Looks like my logic is correct. If the cipher is not AEAD mode, the
explicit IV can be encrypted; (otherwise) if the cipher is AEAD mode,
don't encrypt the nonce_explicit.
if (!writeCipher.isAEADMode()) {
// The explicit IV in TLS 1.1 and later can be encrypted.
dstBB.position(dstPos + headerSize);
} // Otherwise, DON'T encrypt the nonce_explicit for AEAD mode
Good grief. I obviously need more sleep. My apologies. :(
Brad
