diff options
author | Dennis Jackson <djackson@mozilla.com> | 2023-02-20 16:13:13 +0000 |
---|---|---|
committer | Dennis Jackson <djackson@mozilla.com> | 2023-02-20 16:13:13 +0000 |
commit | a785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb (patch) | |
tree | 84d3ad40a187885a5193edb8eb0b1f3968c2ead6 /lib | |
parent | 3ae306371f68350fc85e68e527811017a1c27ae5 (diff) | |
download | nss-hg-a785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb.tar.gz |
Bug 1789436: Fix build failure on Windows. r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D170360
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/ssl3ext.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index c4f9c92d4..de7523566 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -1133,7 +1133,14 @@ tls_ClientHelloExtensionPermutationSetup(sslSocket *ss) /* Psk Extension and then NULL entry MUST be last. */ const size_t permutationLen = buildersLen - 2; - sslExtensionBuilder *builders = PORT_Alloc(buildersSize); + /* There shouldn't already be a stored permutation. */ + PR_ASSERT(!ss->ssl3.hs.chExtensionPermutation); + + /* This shuffle handles up to 256 extensions. */ + PR_ASSERT(buildersLen < 256); + uint8_t permutation[256] = { 0 }; + + sslExtensionBuilder *builders = PORT_ZAlloc(buildersSize); if (!builders) { return SECFailure; } @@ -1142,15 +1149,14 @@ tls_ClientHelloExtensionPermutationSetup(sslSocket *ss) PORT_Memcpy(builders, clientHelloSendersTLS, buildersSize); /* Get permutation randoms. */ - uint8_t random[permutationLen]; - if (PK11_GenerateRandom(random, permutationLen) != SECSuccess) { + if (PK11_GenerateRandom(permutation, permutationLen) != SECSuccess) { PORT_Free(builders); return SECFailure; } /* Fisher-Yates Shuffle */ for (size_t i = permutationLen - 1; i > 0; i--) { - size_t idx = random[i - 1] % (i + 1); + size_t idx = permutation[i - 1] % (i + 1); sslExtensionBuilder tmp = builders[i]; builders[i] = builders[idx]; builders[idx] = tmp; @@ -1158,13 +1164,9 @@ tls_ClientHelloExtensionPermutationSetup(sslSocket *ss) /* Make sure that Psk extension is penultimate (before NULL entry). */ PR_ASSERT(builders[buildersLen - 2].ex_type == ssl_tls13_pre_shared_key_xtn); + PR_ASSERT(builders[buildersLen - 2].ex_sender == clientHelloSendersTLS[buildersLen - 2].ex_sender); - if (ss->ssl3.hs.chExtensionPermutation) { - PORT_Free(builders); - return SECFailure; - } ss->ssl3.hs.chExtensionPermutation = builders; - return SECSuccess; } |