Return correct ConnectionTrafficSecrets variant when AES-256-GCM is…

… negotiated. 55bb279 inadvertently changed `extract_keys` to always return `ConnectionTrafficSecrets::Aes128Gcm`, even when AES-256-GCM was negotiated. This change fixes it by restoring the key length check. Fixes #1833
rustls · Mar 25, 2024 · 2d5c80e · 2d5c80e
1 parent 77ffe49
commit 2d5c80e
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs
@@ -168,9 +168,11 @@ impl Tls12AeadAlgorithm for GcmAlgorithm {
         write_iv: &[u8],
         explicit: &[u8],
     ) -> Result<ConnectionTrafficSecrets, UnsupportedOperationError> {
-        Ok(ConnectionTrafficSecrets::Aes128Gcm {
-            key,
-            iv: gcm_iv(write_iv, explicit),
+        let iv = gcm_iv(write_iv, explicit);
+        Ok(match self.0.key_len() {
+            16 => ConnectionTrafficSecrets::Aes128Gcm { key, iv },
+            32 => ConnectionTrafficSecrets::Aes256Gcm { key, iv },
+            _ => unreachable!(),
         })
     }
 }