From 447558df12ba054818569cf8b35869ea8bb136de Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 07:36:33 +0100 Subject: [PATCH] Improve documentation of ssl_populate_transform() Signed-off-by: Hanno Becker --- library/ssl_tls.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fd0c8a7ab..116d2a26c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -973,9 +973,12 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, transform->taglen = ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; - /* All modes haves 96-bit IVs; - * GCM and CCM has 4 implicit and 8 explicit bytes - * ChachaPoly has all 12 bytes implicit + /* All modes haves 96-bit IVs, but the length of the static parts vary + * with mode and version: + * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes + * (to be concatenated with a dynamically chosen IV of 8 Bytes) + * - For ChaChaPoly in TLS 1.2, there's a static IV of 12 Bytes + * (to be XOR'ed with the 8 Byte record sequence number). */ transform->ivlen = 12; if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )