Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index d641b16..c39e032 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -103,7 +103,14 @@
unsigned char *p = dst;
- /* Add total length. */
+ /* Add the size of the expanded key material.
+ * We're hardcoding the high byte to 0 here assuming that we never use
+ * TLS 1.3 HKDF key expansion to more than 255 Bytes. */
+#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
+#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \
+ value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
+#endif
+
*p++ = 0;
*p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF );
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 73b8aaf..7089049 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -71,7 +71,12 @@
MBEDTLS_MD_MAX_SIZE
/* Maximum desired length for expanded key material generated
- * by HKDF-Expand-Label. */
+ * by HKDF-Expand-Label.
+ *
+ * Warning: If this ever needs to be increased, the implementation
+ * ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be
+ * adjusted since it currently assumes that HKDF key expansion
+ * is never used with more than 255 Bytes of output. */
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255
/**