diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 48de3d008..56967cd12 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -38,6 +38,9 @@ #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, +#define MBEDTLS_EVOLVE_INPUT_SIZE (PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)? \ + PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE + struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = { /* This seems to work in C, despite the string literal being one @@ -333,7 +336,7 @@ int mbedtls_ssl_tls13_evolve_secret( psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; size_t hlen, ilen; unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; - unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 }; + unsigned char tmp_input [ MBEDTLS_EVOLVE_INPUT_SIZE ] = { 0 }; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6b28a2fe9..1cc1c9821 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2964,26 +2964,26 @@ ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 SSL TLS 1.3 Key schedule: Secret evolution #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Initial secret to Early Secret -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_key_evolution:PSA_ALG_SHA_256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a" SSL TLS 1.3 Key schedule: Secret evolution #2 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Early secret to Handshake Secret -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_key_evolution:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a" SSL TLS 1.3 Key schedule: Secret evolution #3 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Handshake secret to Master Secret -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_key_evolution:PSA_ALG_SHA_256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" SSL TLS 1.3 Key schedule: HKDF Expand Label #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a" SSL TLS 1.3 Key schedule: HKDF Expand Label #2