mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-01 21:14:14 +01:00
Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
parent
61baae7c9f
commit
531fe3054c
@ -103,7 +103,14 @@ static void ssl_tls1_3_hkdf_encode_label(
|
|||||||
|
|
||||||
unsigned char *p = dst;
|
unsigned char *p = dst;
|
||||||
|
|
||||||
/* Add total length. */
|
/* Add the size of the expanded key material.
|
||||||
|
* We're hardcoding the high byte to 0 here assuming that we never use
|
||||||
|
* TLS 1.3 HKDF key expansion to more than 255 Bytes. */
|
||||||
|
#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
|
||||||
|
#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \
|
||||||
|
value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
|
||||||
|
#endif
|
||||||
|
|
||||||
*p++ = 0;
|
*p++ = 0;
|
||||||
*p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF );
|
*p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF );
|
||||||
|
|
||||||
|
@ -71,7 +71,12 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
|
|||||||
MBEDTLS_MD_MAX_SIZE
|
MBEDTLS_MD_MAX_SIZE
|
||||||
|
|
||||||
/* Maximum desired length for expanded key material generated
|
/* Maximum desired length for expanded key material generated
|
||||||
* by HKDF-Expand-Label. */
|
* by HKDF-Expand-Label.
|
||||||
|
*
|
||||||
|
* Warning: If this ever needs to be increased, the implementation
|
||||||
|
* ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be
|
||||||
|
* adjusted since it currently assumes that HKDF key expansion
|
||||||
|
* is never used with more than 255 Bytes of output. */
|
||||||
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255
|
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user