From e81269b57e84e517d2ede23ba8fb075767873ac5 Mon Sep 17 00:00:00 2001 From: "Henry D. Case" Date: Fri, 10 Aug 2018 20:50:12 +0100 Subject: [PATCH] Revert "Small refactoring of record encryption code" This reverts commit 1782162852522c3a1f9360bdeb9a22091968dc56. --- conn.go | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/conn.go b/conn.go index 397f9af..689c5ca 100644 --- a/conn.go +++ b/conn.go @@ -472,6 +472,12 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) { case aead: // explicitIVLen is always 0 for TLS1.3 payloadLen := len(b.data) - recordHeaderLen - explicitIVLen + overhead := c.Overhead() + if hc.version >= VersionTLS13 { + overhead++ // TODO(kk): why this is done? + } + b.resize(len(b.data) + overhead) + nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] if len(nonce) == 0 { nonce = hc.seq[:] @@ -485,24 +491,17 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) { copy(hc.additionalData[8:], b.data[:3]) binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen)) additionalData = hc.additionalData[:] - b.resize(len(b.data) + c.Overhead()) } else { - // In TLS1.3 1 byte of content type is encrypted - innerPlaintextLen := payloadLen + 1 - payload = payload[:innerPlaintextLen] - payload[innerPlaintextLen-1] = b.data[0] - - // opaque_type + // opaque type + payload = payload[:len(payload)+1] + payload[len(payload)-1] = b.data[0] b.data[0] = byte(recordTypeApplicationData) // Add AD header, see 5.2 of RFC8446 additionalData = make([]byte, 5) - additionalData[0] = b.data[0] + additionalData[0] = byte(recordTypeApplicationData) binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12) - binary.BigEndian.PutUint16(additionalData[3:], uint16(innerPlaintextLen+c.Overhead())) - - // make room for TLSCiphertext.encrypted_record - b.resize(innerPlaintextLen + recordHeaderLen + c.Overhead()) + binary.BigEndian.PutUint16(additionalData[3:], uint16(payloadLen+overhead)) } c.Seal(payload[:0], nonce, payload, additionalData)