lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Increase allowed output size of HKDF-Expand-Label

Browse Source 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
This commit is contained in:
Max Fillinger
2024-10-29 18:49:30 +01:00
parent cf007ca8bb
commit 28916ac8fe
3 changed files with 11 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
library/ssl_tls13_keys.c
View File

@ -107,15 +107,13 @@ static void ssl_tls13_hkdf_encode_label(
unsigned char *p = dst; unsigned char *p = dst;
/* Add the size of the expanded key material. /* Add the size of the expanded key material. */
* We're hardcoding the high byte to 0 here assuming that we never use #if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > UINT16_MAX
* TLS 1.3 HKDF key expansion to more than 255 Bytes. */ #error "The desired key length must fit into an uint16 but \
#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN is greater than UINT16_MAX"
#error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \
value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
#endif #endif
*p++ = 0; *p++ = MBEDTLS_BYTE_1(desired_length);
*p++ = MBEDTLS_BYTE_0(desired_length); *p++ = MBEDTLS_BYTE_0(desired_length);
/* Add label incl. prefix */ /* Add label incl. prefix */

12
library/ssl_tls13_keys.h
View File

@ -70,13 +70,11 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels;
PSA_HASH_MAX_SIZE PSA_HASH_MAX_SIZE
/* Maximum desired length for expanded key material generated /* Maximum desired length for expanded key material generated
* by HKDF-Expand-Label. * by HKDF-Expand-Label. This algorithm can output up to 255 * hash_size
* * bytes of key material where hash_size is the output size of the
* Warning: If this ever needs to be increased, the implementation * underlying hash function. */
* ssl_tls13_hkdf_encode_label() in ssl_tls13_keys.c needs to be #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN \
* adjusted since it currently assumes that HKDF key expansion (255 * MBEDTLS_TLS1_3_MD_MAX_SIZE)
* is never used with more than 255 Bytes of output. */
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255
/** /**
* \brief The \c HKDF-Expand-Label function from * \brief The \c HKDF-Expand-Label function from

2
tests/suites/test_suite_ssl.data
View File

@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1
TLS 1.3 Keying Material Exporter: Consistent results, large keys TLS 1.3 Keying Material Exporter: Consistent results, large keys
depends_on:MBEDTLS_SSL_PROTO_TLS1_3 depends_on:MBEDTLS_SSL_PROTO_TLS1_3
ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX:0 ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:1024:0
TLS 1.3 Keying Material Exporter: Uses label TLS 1.3 Keying Material Exporter: Uses label
depends_on:MBEDTLS_SSL_PROTO_TLS1_3 depends_on:MBEDTLS_SSL_PROTO_TLS1_3