Fix and document minimum length of record ciphertext in TLS 1.3 Signed-off-by: Hanno Becker <hanno.becker@arm.com>

commit: edd5bf0a95d05d72c405be84011ea9638d2b966d [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue Apr 20 05:32:16 2021 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Aug 02 04:54:03 2021 +0100
tree: e0bcecd74aa4a8dcdb33ff9cea57938a6abdbbb4
parent: 7887a77c2507bfbddd2238a0a1a06f9b19d7f64e [diff]
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 0977cab..8270009 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c

@@ -808,9 +808,15 @@
     transform->ivlen       = traffic_keys->iv_len;
     transform->maclen      = 0;
     transform->fixed_ivlen = transform->ivlen;
-    transform->minlen      = transform->taglen + 1;
     transform->minor_ver   = MBEDTLS_SSL_MINOR_VERSION_4;
 
+    /* We add the true record content type (1 Byte) to the plaintext and
+     * then pad to the configured granularity. The mimimum length of the
+     * type-extended and padded plaintext is therefore the padding
+     * granularity. */
+    transform->minlen =
+        transform->taglen + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY;
+
     return( 0 );
 }
commit	edd5bf0a95d05d72c405be84011ea9638d2b966d	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue Apr 20 05:32:16 2021 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Aug 02 04:54:03 2021 +0100
tree	e0bcecd74aa4a8dcdb33ff9cea57938a6abdbbb4
parent	7887a77c2507bfbddd2238a0a1a06f9b19d7f64e [diff]