ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-11 01:11:42 +08:00
Code Issues Releases Wiki Activity

Fix max. label length in key material exporter

Browse Source 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
This commit is contained in:
Max Fillinger 2024-11-21 12:33:46 +01:00
parent 97a287953f
commit 76bb753054
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/ssl.h
View File

@ -5790,7 +5790,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
* \param key_len Length of the key to generate in bytes, must be at most * \param key_len Length of the key to generate in bytes, must be at most
* MBEDTLS_SSL_EXPORT_MAX_KEY_LEN (8160). * MBEDTLS_SSL_EXPORT_MAX_KEY_LEN (8160).
* \param label Label for which to generate the key of length label_len. * \param label Label for which to generate the key of length label_len.
* \param label_len Length of label in bytes. Must be at most 250 in TLS 1.3. * \param label_len Length of label in bytes. Must be at most 249 in TLS 1.3.
* \param context Context of the key. Can be NULL if context_len or use_context is 0. * \param context Context of the key. Can be NULL if context_len or use_context is 0.
* \param context_len Length of context. Must be < 2^16 in TLS 1.2. * \param context_len Length of context. Must be < 2^16 in TLS 1.2.
* \param use_context Indicates if a context should be used in deriving the key. * \param use_context Indicates if a context should be used in deriving the key.

6
library/ssl_tls.c
View File

@ -10124,13 +10124,13 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl,
const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const size_t hash_len = PSA_HASH_LENGTH(hash_alg);
const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret;
/* The length of the label must be at most 250 bytes to fit into the HkdfLabel /* The length of the label must be at most 249 bytes to fit into the HkdfLabel
* struct as defined in RFC 8446, Section 7.1. * struct as defined in RFC 8446, Section 7.1.
* *
* The length of the context is unlimited even though the context field in the * The length of the context is unlimited even though the context field in the
* struct can only hold up to 256 bytes. This is because we place a *hash* of * struct can only hold up to 255 bytes. This is because we place a *hash* of
* the context in the field. */ * the context in the field. */
if (label_len > 250) { if (label_len > 249) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
} }

2
tests/suites/test_suite_ssl.data
View File

@ -3509,7 +3509,7 @@ ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1:
TLS 1.3 Keying Material Exporter: Label too long TLS 1.3 Keying Material Exporter: Label too long
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1
ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:251:10 ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10
TLS 1.3 Keying Material Exporter: Handshake not done TLS 1.3 Keying Material Exporter: Handshake not done
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1