Fix mistake in previous comment change Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

commit: 5122dc621931c5ec03b8c2c905860044e88892b4 [log] [tgz]
author: Max Fillinger <maximilian.fillinger@foxcrypto.com> Mon Dec 02 19:34:40 2024 +0100
committer: Max Fillinger <maximilian.fillinger@foxcrypto.com> Wed Apr 16 11:24:50 2025 +0200
tree: 989f13d9b0ef2c7a388caa0d1860369dfcb89eef
parent: 7833b180088b796046ddce95691451936fb322cb [diff]
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 3d31013..0eae6fd 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c

@@ -59,7 +59,12 @@
  *
  * Parameters:
  * - desired_length: Length of expanded key material.
- *                   As the type implies, this must be less than 2**16 bytes.
+ *                   The length field can hold numbers up to 2**16, but HKDF
+ *                   can only generate outputs of up to 255 * HASH_LEN bytes.
+ *                   It is the caller's responsibility to ensure that this
+ *                   limit is not exceeded. In TLS 1.3, SHA256 is the hash
+ *                   function with the smallest block size, so a length
+ *                   <= 255 * 32 = 8160 is always safe.
  * - (label, label_len): label + label length, without "tls13 " prefix
  *                       The label length MUST be less than or equal to
  *                       MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN.
commit	5122dc621931c5ec03b8c2c905860044e88892b4	[log] [tgz]
author	Max Fillinger <maximilian.fillinger@foxcrypto.com>	Mon Dec 02 19:34:40 2024 +0100
committer	Max Fillinger <maximilian.fillinger@foxcrypto.com>	Wed Apr 16 11:24:50 2025 +0200
tree	989f13d9b0ef2c7a388caa0d1860369dfcb89eef
parent	7833b180088b796046ddce95691451936fb322cb [diff]