commit 76bb753054cf84827ed5196593a6244538b54a8d
author Max Fillinger <maximilian.fillinger@foxcrypto.com> Thu Nov 21 12:33:46 2024 +0100
committer Max Fillinger <maximilian.fillinger@foxcrypto.com> Wed Apr 16 11:24:50 2025 +0200
tree 5c51d948cd168af2c45005b4c0c6b8244c6bdea5
parent 97a287953ffc35a17cc67b5697e5856c623f8bb2

Fix max. label length in key material exporter

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0c3fc84..d964611 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -10124,13 +10124,13 @@
     const size_t hash_len = PSA_HASH_LENGTH(hash_alg);
     const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret;
 
-    /* The length of the label must be at most 250 bytes to fit into the HkdfLabel
+    /* The length of the label must be at most 249 bytes to fit into the HkdfLabel
      * struct as defined in RFC 8446, Section 7.1.
      *
      * The length of the context is unlimited even though the context field in the
-     * struct can only hold up to 256 bytes. This is because we place a *hash* of
+     * struct can only hold up to 255 bytes. This is because we place a *hash* of
      * the context in the field. */
-    if (label_len > 250) {
+    if (label_len > 249) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }