summaryrefslogtreecommitdiff
path: root/security/nss/lib/ssl/tls13hkdf.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/tls13hkdf.c')
-rw-r--r--security/nss/lib/ssl/tls13hkdf.c53
1 files changed, 27 insertions, 26 deletions
diff --git a/security/nss/lib/ssl/tls13hkdf.c b/security/nss/lib/ssl/tls13hkdf.c
index 8fa3375c63..7e69bb8827 100644
--- a/security/nss/lib/ssl/tls13hkdf.c
+++ b/security/nss/lib/ssl/tls13hkdf.c
@@ -134,10 +134,10 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
* Label, plus HandshakeHash. If it's ever to small, the code will abort.
*/
PRUint8 info[256];
- sslBuffer infoBuf = SSL_BUFFER(info);
+ PRUint8 *ptr = info;
+ unsigned int infoLen;
PK11SymKey *derived;
- SECStatus rv;
- const char *kLabelPrefix = "tls13 ";
+ const char *kLabelPrefix = "TLS 1.3, ";
const unsigned int kLabelPrefixLen = strlen(kLabelPrefix);
if (handshakeHash) {
@@ -170,31 +170,29 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
* - HkdfLabel.label is "TLS 1.3, " + Label
*
*/
- rv = sslBuffer_AppendNumber(&infoBuf, keySize, 2);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- rv = sslBuffer_AppendNumber(&infoBuf, labelLen + kLabelPrefixLen, 1);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- rv = sslBuffer_Append(&infoBuf, kLabelPrefix, kLabelPrefixLen);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- rv = sslBuffer_Append(&infoBuf, label, labelLen);
- if (rv != SECSuccess) {
- return SECFailure;
+ infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen;
+ if (infoLen > sizeof(info)) {
+ PORT_Assert(0);
+ goto abort;
}
- rv = sslBuffer_AppendVariable(&infoBuf, handshakeHash, handshakeHashLen, 1);
- if (rv != SECSuccess) {
- return SECFailure;
+
+ ptr = ssl_EncodeUintX(keySize, 2, ptr);
+ ptr = ssl_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr);
+ PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen);
+ ptr += kLabelPrefixLen;
+ PORT_Memcpy(ptr, label, labelLen);
+ ptr += labelLen;
+ ptr = ssl_EncodeUintX(handshakeHashLen, 1, ptr);
+ if (handshakeHash) {
+ PORT_Memcpy(ptr, handshakeHash, handshakeHashLen);
+ ptr += handshakeHashLen;
}
+ PORT_Assert((ptr - info) == infoLen);
params.bExtract = CK_FALSE;
params.bExpand = CK_TRUE;
- params.pInfo = SSL_BUFFER_BASE(&infoBuf);
- params.ulInfoLen = SSL_BUFFER_LEN(&infoBuf);
+ params.pInfo = info;
+ params.ulInfoLen = infoLen;
paramsi.data = (unsigned char *)&params;
paramsi.len = sizeof(params);
@@ -213,17 +211,20 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
char labelStr[100];
PORT_Memcpy(labelStr, label, labelLen);
labelStr[labelLen] = 0;
- SSL_TRC(50, ("HKDF Expand: label='tls13 %s',requested length=%d",
+ SSL_TRC(50, ("HKDF Expand: label=[TLS 1.3, ] + '%s',requested length=%d",
labelStr, keySize));
}
PRINT_KEY(50, (NULL, "PRK", prk));
PRINT_BUF(50, (NULL, "Hash", handshakeHash, handshakeHashLen));
- PRINT_BUF(50, (NULL, "Info", SSL_BUFFER_BASE(&infoBuf),
- SSL_BUFFER_LEN(&infoBuf)));
+ PRINT_BUF(50, (NULL, "Info", info, infoLen));
PRINT_KEY(50, (NULL, "Derived key", derived));
#endif
return SECSuccess;
+
+abort:
+ PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+ return SECFailure;
}
SECStatus