eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix and document minimum length of record ciphertext in TLS 1.3

Browse source 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2021-04-20 05:32:16 +01:00
parent 7887a77c25
commit edd5bf0a95
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
library/ssl_tls13_keys.c
View file

@ -808,9 +808,15 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
transform->ivlen = traffic_keys->iv_len; transform->ivlen = traffic_keys->iv_len;
transform->maclen = 0; transform->maclen = 0;
transform->fixed_ivlen = transform->ivlen; transform->fixed_ivlen = transform->ivlen;
transform->minlen = transform->taglen + 1;
transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4; transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
/* We add the true record content type (1 Byte) to the plaintext and
* then pad to the configured granularity. The mimimum length of the
* type-extended and padded plaintext is therefore the padding
* granularity. */
transform->minlen =
transform->taglen + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY;
return( 0 ); return( 0 );
} }