mirror of https://github.com/ctz/rustls
Return correct `ConnectionTrafficSecrets` variant when AES-256-GCM is negotiated.
55bb27953d
inadvertently changed `extract_keys`
to always return `ConnectionTrafficSecrets::Aes128Gcm`, even when AES-256-GCM
was negotiated. This change fixes it by restoring the key length check.
Fixes #1833
This commit is contained in:
parent
546a85d912
commit
3f5d37e976
|
@ -162,9 +162,11 @@ impl Tls12AeadAlgorithm for GcmAlgorithm {
|
|||
write_iv: &[u8],
|
||||
explicit: &[u8],
|
||||
) -> Result<ConnectionTrafficSecrets, UnsupportedOperationError> {
|
||||
Ok(ConnectionTrafficSecrets::Aes128Gcm {
|
||||
key,
|
||||
iv: gcm_iv(write_iv, explicit),
|
||||
let iv = gcm_iv(write_iv, explicit);
|
||||
Ok(match self.0.key_len() {
|
||||
16 => ConnectionTrafficSecrets::Aes128Gcm { key, iv },
|
||||
32 => ConnectionTrafficSecrets::Aes256Gcm { key, iv },
|
||||
_ => unreachable!(),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue