lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Allow maximum label length in Hkdf-Expand-Label

Browse Source 
Previously, the length of the label was limited to the maximal length
that would be used in the TLS 1.3 key schedule. With the keying material
exporter, labels of up to 249 bytes may be used.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
This commit is contained in:
Max Fillinger
2024-11-25 20:38:04 +01:00
parent 9f843332e8
commit 5826883ca5
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
library/ssl_tls13_keys.h
View File

@ -60,8 +60,9 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels;
mbedtls_ssl_tls13_labels.LABEL, \
MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL)
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \
sizeof(union mbedtls_ssl_tls13_labels_union)
/* Maximum length of the label field in the HkdfLabel struct defined in
* RFC 8446, Section 7.1, excluding the "tls13 " prefix. */
#define MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN 249
/* The maximum length of HKDF contexts used in the TLS 1.3 standard.
* Since contexts are always hashes of message transcripts, this can