Fix key_len check in TLS-Exporter The length of the generated key must fit into a uint16_t, so it must not be larger than 0xffff. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

commit: 1466bf88974bf7ad40e1a3a6179ba3b48f5002b0 [log] [tgz]
author: Max Fillinger <maximilian.fillinger@foxcrypto.com> Mon Aug 12 13:20:46 2024 +0200
committer: Max Fillinger <maximilian.fillinger@foxcrypto.com> Wed Apr 16 11:20:49 2025 +0200
tree: 15e6b897bf4ba239972b1fc9823614353f4d2630
parent: 77a447ba975038aaf9e023ca9deed7158947de76 [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3c1c5cf..4fe13ff 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -10111,7 +10111,7 @@
     const size_t hash_len = PSA_HASH_LENGTH(hash_alg);
     const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret;
 
-    if (key_len > 0xff || label_len > 250) {
+    if (key_len > 0xffff || label_len > 250) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
commit	1466bf88974bf7ad40e1a3a6179ba3b48f5002b0	[log] [tgz]
author	Max Fillinger <maximilian.fillinger@foxcrypto.com>	Mon Aug 12 13:20:46 2024 +0200
committer	Max Fillinger <maximilian.fillinger@foxcrypto.com>	Wed Apr 16 11:20:49 2025 +0200
tree	15e6b897bf4ba239972b1fc9823614353f4d2630
parent	77a447ba975038aaf9e023ca9deed7158947de76 [diff]