diff options
author | Hanno Becker <hanno.becker@arm.com> | 2020-09-16 09:45:27 +0100 |
---|---|---|
committer | Hanno Becker <hanno.becker@arm.com> | 2020-09-16 09:50:17 +0100 |
commit | 531fe3054ce4bf685a45cfd82e0bd695cb9f5903 (patch) | |
tree | d1a837f57f71fd38e72da26f5a15f6270bf63c58 | |
parent | 61baae7c9fbf62fd8d5b80bf0835a69ddad11040 (diff) | |
download | mbed-tls-531fe3054ce4bf685a45cfd82e0bd695cb9f5903.tar.gz |
Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
-rw-r--r-- | library/ssl_tls13_keys.c | 9 | ||||
-rw-r--r-- | library/ssl_tls13_keys.h | 7 |
2 files changed, 14 insertions, 2 deletions
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index d641b1620..c39e0322b 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -103,7 +103,14 @@ static void ssl_tls1_3_hkdf_encode_label( unsigned char *p = dst; - /* Add total length. */ + /* Add the size of the expanded key material. + * We're hardcoding the high byte to 0 here assuming that we never use + * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ +#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 +#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \ + value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" +#endif + *p++ = 0; *p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF ); diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 73b8aaf1c..7089049ce 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -71,7 +71,12 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; MBEDTLS_MD_MAX_SIZE /* Maximum desired length for expanded key material generated - * by HKDF-Expand-Label. */ + * by HKDF-Expand-Label. + * + * Warning: If this ever needs to be increased, the implementation + * ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be + * adjusted since it currently assumes that HKDF key expansion + * is never used with more than 255 Bytes of output. */ #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255 /** |