X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ftls13_enc.c;h=b6825d20c2dc0bba5c199fef9c76dbbab8d88d35;hp=22db2f8237333292bc2a8644690679f53fbd8f4e;hb=610ea181a85ffafdbebe5a123817becbbfdae30f;hpb=7426cd343d99d3d82e3fb06c8df18e5cc6bcec75 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 22db2f8237..b6825d20c2 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -13,7 +13,14 @@ #include #include -#define TLS13_MAX_LABEL_LEN 246 +/* + * RFC 8446, 7.1 Key Schedule, says: + * Note: With common hash functions, any label longer than 12 characters + * requires an additional iteration of the hash function to compute. + * The labels in this specification have all been chosen to fit within + * this limit. + */ +#define TLS13_MAX_LABEL_LEN 12 /* Always filled with zeros */ static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; @@ -29,14 +36,15 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen) { - const unsigned char label_prefix[] = "tls13 "; + static const unsigned char label_prefix[] = "tls13 "; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); int ret; size_t hkdflabellen; size_t hashlen; /* - * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined - * prefix and label + bytes for the label itself + bytes for the hash + * 2 bytes for length of derived secret + 1 byte for length of combined + * prefix and label + bytes for the label itself + 1 byte length of hash + * + bytes for the hash itself */ unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN @@ -271,6 +279,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret, hashlen); + OPENSSL_cleanse(finsecret, sizeof(finsecret)); } if (key == NULL