diff options
Diffstat (limited to 'security/nss/lib/ssl/tls13hkdf.c')
-rw-r--r-- | security/nss/lib/ssl/tls13hkdf.c | 53 |
1 files changed, 27 insertions, 26 deletions
diff --git a/security/nss/lib/ssl/tls13hkdf.c b/security/nss/lib/ssl/tls13hkdf.c index 8fa3375c63..7e69bb8827 100644 --- a/security/nss/lib/ssl/tls13hkdf.c +++ b/security/nss/lib/ssl/tls13hkdf.c @@ -134,10 +134,10 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash, * Label, plus HandshakeHash. If it's ever to small, the code will abort. */ PRUint8 info[256]; - sslBuffer infoBuf = SSL_BUFFER(info); + PRUint8 *ptr = info; + unsigned int infoLen; PK11SymKey *derived; - SECStatus rv; - const char *kLabelPrefix = "tls13 "; + const char *kLabelPrefix = "TLS 1.3, "; const unsigned int kLabelPrefixLen = strlen(kLabelPrefix); if (handshakeHash) { @@ -170,31 +170,29 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash, * - HkdfLabel.label is "TLS 1.3, " + Label * */ - rv = sslBuffer_AppendNumber(&infoBuf, keySize, 2); - if (rv != SECSuccess) { - return SECFailure; - } - rv = sslBuffer_AppendNumber(&infoBuf, labelLen + kLabelPrefixLen, 1); - if (rv != SECSuccess) { - return SECFailure; - } - rv = sslBuffer_Append(&infoBuf, kLabelPrefix, kLabelPrefixLen); - if (rv != SECSuccess) { - return SECFailure; - } - rv = sslBuffer_Append(&infoBuf, label, labelLen); - if (rv != SECSuccess) { - return SECFailure; + infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen; + if (infoLen > sizeof(info)) { + PORT_Assert(0); + goto abort; } - rv = sslBuffer_AppendVariable(&infoBuf, handshakeHash, handshakeHashLen, 1); - if (rv != SECSuccess) { - return SECFailure; + + ptr = ssl_EncodeUintX(keySize, 2, ptr); + ptr = ssl_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr); + PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen); + ptr += kLabelPrefixLen; + PORT_Memcpy(ptr, label, labelLen); + ptr += labelLen; + ptr = ssl_EncodeUintX(handshakeHashLen, 1, ptr); + if (handshakeHash) { + PORT_Memcpy(ptr, handshakeHash, handshakeHashLen); + ptr += handshakeHashLen; } + PORT_Assert((ptr - info) == infoLen); params.bExtract = CK_FALSE; params.bExpand = CK_TRUE; - params.pInfo = SSL_BUFFER_BASE(&infoBuf); - params.ulInfoLen = SSL_BUFFER_LEN(&infoBuf); + params.pInfo = info; + params.ulInfoLen = infoLen; paramsi.data = (unsigned char *)¶ms; paramsi.len = sizeof(params); @@ -213,17 +211,20 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash, char labelStr[100]; PORT_Memcpy(labelStr, label, labelLen); labelStr[labelLen] = 0; - SSL_TRC(50, ("HKDF Expand: label='tls13 %s',requested length=%d", + SSL_TRC(50, ("HKDF Expand: label=[TLS 1.3, ] + '%s',requested length=%d", labelStr, keySize)); } PRINT_KEY(50, (NULL, "PRK", prk)); PRINT_BUF(50, (NULL, "Hash", handshakeHash, handshakeHashLen)); - PRINT_BUF(50, (NULL, "Info", SSL_BUFFER_BASE(&infoBuf), - SSL_BUFFER_LEN(&infoBuf))); + PRINT_BUF(50, (NULL, "Info", info, infoLen)); PRINT_KEY(50, (NULL, "Derived key", derived)); #endif return SECSuccess; + +abort: + PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE); + return SECFailure; } SECStatus |