commit 28916ac8feb83852de9f94f7d2dcb6857d17991d
author Max Fillinger <maximilian.fillinger@foxcrypto.com> Tue Oct 29 18:49:30 2024 +0100
committer Max Fillinger <maximilian.fillinger@foxcrypto.com> Fri Mar 28 17:06:48 2025 +0100
tree aed726b43aed78c30be6c3055fe3d28daa2bf1d7
parent cf007ca8bba163c73f947eafaa527e2b94073f75

Increase allowed output size of HKDF-Expand-Label

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

library/ssl_tls13_keys.c

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index ef897e8..895176d 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -107,15 +107,13 @@
 
     unsigned char *p = dst;
 
-    /* Add the size of the expanded key material.
-     * We're hardcoding the high byte to 0 here assuming that we never use
-     * TLS 1.3 HKDF key expansion to more than 255 Bytes. */
-#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
-#error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \
-    value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
+    /* Add the size of the expanded key material. */
+#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > UINT16_MAX
+#error "The desired key length must fit into an uint16 but \
+    MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN is greater than UINT16_MAX"
 #endif
 
-    *p++ = 0;
+    *p++ = MBEDTLS_BYTE_1(desired_length);
     *p++ = MBEDTLS_BYTE_0(desired_length);
 
     /* Add label incl. prefix */