rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

Return correct `ConnectionTrafficSecrets` variant when AES-256-GCM is negotiated. 

55bb27953d inadvertently changed `extract_keys`
to always return `ConnectionTrafficSecrets::Aes128Gcm`, even when AES-256-GCM
was negotiated. This change fixes it by restoring the key length check.

Fixes #1833
This commit is contained in:
Arnav Singh 2024-03-02 02:09:34 -08:00 committed by Joe Birr-Pixton
parent 546a85d912
commit 3f5d37e976
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rustls/src/crypto/ring/tls12.rs
View File

@ -162,9 +162,11 @@ impl Tls12AeadAlgorithm for GcmAlgorithm {
write_iv: &[u8],
explicit: &[u8],
) -> Result<ConnectionTrafficSecrets, UnsupportedOperationError> {
Ok(ConnectionTrafficSecrets::Aes128Gcm {
key,
iv: gcm_iv(write_iv, explicit),
let iv = gcm_iv(write_iv, explicit);
Ok(match self.0.key_len() {
16 => ConnectionTrafficSecrets::Aes128Gcm { key, iv },
32 => ConnectionTrafficSecrets::Aes256Gcm { key, iv },
_ => unreachable!(),
})
}