fixup! Add the TLS13-KDF OpenSSL Key Derivation Function

latchset · Sep 30, 2024 · c5b4410 · c5b4410
1 parent 96cd98e
commit c5b4410
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/src/kdf.c b/src/kdf.c
@@ -274,13 +274,14 @@ static int p11prov_hkdf_derive(void *ctx, unsigned char *key, size_t keylen,
  *         opaque context<0..255> = Context;
  *     } HkdfLabel;
  */
-#define TLS13_HL_LENGTH_SIZE 2
+#define TLS13_HL_KEY_SIZE 2
+#define TLS13_HL_KEY_MAX_LENGTH 65535
 #define TLS13_HL_LABEL_SIZE 1
 #define TLS13_HL_LABEL_MAX_LENGTH 255
 #define TLS13_HL_CONTEXT_SIZE 1
 #define TLS13_HL_CONTEXT_MAX_LENGTH 255
 #define TLS13_HKDF_LABEL_MAX_SIZE \
-    (TLS13_HL_LENGTH_SIZE + TLS13_HL_LABEL_SIZE + TLS13_HL_LABEL_MAX_LENGTH \
+    (TLS13_HL_KEY_SIZE + TLS13_HL_LABEL_SIZE + TLS13_HL_LABEL_MAX_LENGTH \
      + TLS13_HL_CONTEXT_SIZE + TLS13_HL_CONTEXT_MAX_LENGTH)
 
 static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx,
@@ -316,7 +317,8 @@ static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx,
     if (prefix == NULL || prefixlen == 0 || label == NULL || labellen == 0
         || (prefixlen + labellen > TLS13_HL_LABEL_MAX_LENGTH)
         || (datalen > 0 && data == NULL) || (datalen == 0 && data != NULL)
-        || (datalen > TLS13_HL_CONTEXT_MAX_LENGTH)) {
+        || (datalen > TLS13_HL_CONTEXT_MAX_LENGTH)
+        || (keylen > TLS13_HL_KEY_MAX_LENGTH)) {
         return CKR_ARGUMENTS_BAD;
     }
 
@@ -405,9 +407,6 @@ static CK_RV p11prov_tls13_derive_secret(P11PROV_KDF_CTX *hkdfctx,
         }
 
         /* In OpenSSL the salt is used as the derivation key */
-        /* FIXME: OpenSSL sets the length to hashlen w/o checks,
-         * this may be a bug or intentional, further investigation needed
-         * [opened https://github.com/openssl/openssl/issues/25557] */
         ret = inner_pkcs11_key(hkdfctx, hkdfctx->salt, hkdfctx->saltlen, &ek);
         if (ret != CKR_OK) {
             return ret;