refactors record encryption code (#122)

conn.go

@@ -472,12 +472,6 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
 		case aead:
 			// explicitIVLen is always 0 for TLS1.3
 			payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
-			overhead := c.Overhead()
-			if hc.version >= VersionTLS13 {
-				overhead++ // TODO(kk): why this is done?
-			}
-			b.resize(len(b.data) + overhead)
-
 			nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
 			if len(nonce) == 0 {
 				nonce = hc.seq[:]
@@ -491,19 +485,23 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
 				copy(hc.additionalData[8:], b.data[:3])
 				binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen))
 				additionalData = hc.additionalData[:]
+				b.resize(len(b.data) + c.Overhead())
 			} else {
-				// opaque type
-				payload = payload[:len(payload)+1]
-				payload[len(payload)-1] = b.data[0]
+				// 1 byte of content type is appended to payload and encrypted
+				payload = append(payload, b.data[0])
+
+				// opaque_type
 				b.data[0] = byte(recordTypeApplicationData)
 
 				// Add AD header, see 5.2 of RFC8446
 				additionalData = make([]byte, 5)
-				additionalData[0] = byte(recordTypeApplicationData)
+				additionalData[0] = b.data[0]
 				binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12)
-				binary.BigEndian.PutUint16(additionalData[3:], uint16(payloadLen+overhead))
-			}
+				binary.BigEndian.PutUint16(additionalData[3:], uint16(len(payload)+c.Overhead()))
 
+				// make room for TLSCiphertext.encrypted_record
+				b.resize(len(payload) + recordHeaderLen + c.Overhead())
+			}
 			c.Seal(payload[:0], nonce, payload, additionalData)
 		case cbcMode:
 			blockSize := c.BlockSize()