From 2dfe1327e582694a5d6186385640d8d3d0debc9b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 10 Sep 2020 09:23:12 +0100 Subject: [PATCH] Fix miscalculation of maximum TLS 1.3 HKDF label length Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 54742f3b4..5a6204eda 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -75,6 +75,8 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = * the HkdfLabel structure on success. */ +static const char tls1_3_label_prefix[6] = "tls13 "; + #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \ ( 2 /* expansion length */ \ + 1 /* label length */ \ @@ -84,6 +86,7 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ + sizeof(tls1_3_label_prefix) + \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) @@ -93,8 +96,8 @@ static void ssl_tls1_3_hkdf_encode_label( const unsigned char *ctx, size_t clen, unsigned char *dst, size_t *dlen ) { - const char label_prefix[6] = "tls13 "; - size_t total_label_len = sizeof( label_prefix ) + llen; + size_t total_label_len = + sizeof(tls1_3_label_prefix) + llen; size_t total_hkdf_lbl_len = SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen ); @@ -106,8 +109,8 @@ static void ssl_tls1_3_hkdf_encode_label( /* Add label incl. prefix */ *p++ = (unsigned char)( total_label_len & 0xFF ); - memcpy( p, label_prefix, sizeof(label_prefix) ); - p += sizeof(label_prefix); + memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); + p += sizeof(tls1_3_label_prefix); memcpy( p, label, llen ); p += llen;