From 0cdde2d1072fe9ee735cd0efb15dcc80683d86e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 9 Jul 2014 18:03:10 +0200
Subject: [PATCH] Fix minlen for GCM suites

---
 library/ssl_tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bda170dc9..103dc1f6b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -452,14 +452,14 @@ int ssl_derive_keys( ssl_context *ssl )
 #if defined(POLARSSL_GCM_C)
         case TLS_RSA_WITH_AES_128_GCM_SHA256:
         case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
-            transform->keylen = 16; transform->minlen = 1;
+            transform->keylen = 16; transform->minlen = 24;
             transform->ivlen  = 12; transform->maclen = 0;
             transform->fixed_ivlen = 4;
             break;
 
         case TLS_RSA_WITH_AES_256_GCM_SHA384:
         case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
-            transform->keylen = 32; transform->minlen = 1;
+            transform->keylen = 32; transform->minlen = 24;
             transform->ivlen  = 12; transform->maclen = 0;
             transform->fixed_ivlen = 4;
             break;