Fix and document minimum length of record ciphertext in TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 0977cab..8270009 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -808,9 +808,15 @@
transform->ivlen = traffic_keys->iv_len;
transform->maclen = 0;
transform->fixed_ivlen = transform->ivlen;
- transform->minlen = transform->taglen + 1;
transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
+ /* We add the true record content type (1 Byte) to the plaintext and
+ * then pad to the configured granularity. The mimimum length of the
+ * type-extended and padded plaintext is therefore the padding
+ * granularity. */
+ transform->minlen =
+ transform->taglen + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY;
+
return( 0 );
}