From c5b44109d3d6c2c08eb558e10dca9b1a457709d0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 30 Sep 2024 12:12:31 -0400 Subject: [PATCH] fixup! Add the TLS13-KDF OpenSSL Key Derivation Function --- src/kdf.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/kdf.c b/src/kdf.c index fd4fe218..252fd9f8 100644 --- a/src/kdf.c +++ b/src/kdf.c @@ -274,13 +274,14 @@ static int p11prov_hkdf_derive(void *ctx, unsigned char *key, size_t keylen, * opaque context<0..255> = Context; * } HkdfLabel; */ -#define TLS13_HL_LENGTH_SIZE 2 +#define TLS13_HL_KEY_SIZE 2 +#define TLS13_HL_KEY_MAX_LENGTH 65535 #define TLS13_HL_LABEL_SIZE 1 #define TLS13_HL_LABEL_MAX_LENGTH 255 #define TLS13_HL_CONTEXT_SIZE 1 #define TLS13_HL_CONTEXT_MAX_LENGTH 255 #define TLS13_HKDF_LABEL_MAX_SIZE \ - (TLS13_HL_LENGTH_SIZE + TLS13_HL_LABEL_SIZE + TLS13_HL_LABEL_MAX_LENGTH \ + (TLS13_HL_KEY_SIZE + TLS13_HL_LABEL_SIZE + TLS13_HL_LABEL_MAX_LENGTH \ + TLS13_HL_CONTEXT_SIZE + TLS13_HL_CONTEXT_MAX_LENGTH) static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx, @@ -316,7 +317,8 @@ static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx, if (prefix == NULL || prefixlen == 0 || label == NULL || labellen == 0 || (prefixlen + labellen > TLS13_HL_LABEL_MAX_LENGTH) || (datalen > 0 && data == NULL) || (datalen == 0 && data != NULL) - || (datalen > TLS13_HL_CONTEXT_MAX_LENGTH)) { + || (datalen > TLS13_HL_CONTEXT_MAX_LENGTH) + || (keylen > TLS13_HL_KEY_MAX_LENGTH)) { return CKR_ARGUMENTS_BAD; } @@ -405,9 +407,6 @@ static CK_RV p11prov_tls13_derive_secret(P11PROV_KDF_CTX *hkdfctx, } /* In OpenSSL the salt is used as the derivation key */ - /* FIXME: OpenSSL sets the length to hashlen w/o checks, - * this may be a bug or intentional, further investigation needed - * [opened https://github.com/openssl/openssl/issues/25557] */ ret = inner_pkcs11_key(hkdfctx, hkdfctx->salt, hkdfctx->saltlen, &ek); if (ret != CKR_OK) { return ret;