summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDennis Jackson <djackson@mozilla.com>2023-02-20 16:13:13 +0000
committerDennis Jackson <djackson@mozilla.com>2023-02-20 16:13:13 +0000
commita785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb (patch)
tree84d3ad40a187885a5193edb8eb0b1f3968c2ead6 /lib
parent3ae306371f68350fc85e68e527811017a1c27ae5 (diff)
downloadnss-hg-a785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb.tar.gz
Bug 1789436: Fix build failure on Windows. r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D170360
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/ssl3ext.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
index c4f9c92d4..de7523566 100644
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -1133,7 +1133,14 @@ tls_ClientHelloExtensionPermutationSetup(sslSocket *ss)
/* Psk Extension and then NULL entry MUST be last. */
const size_t permutationLen = buildersLen - 2;
- sslExtensionBuilder *builders = PORT_Alloc(buildersSize);
+ /* There shouldn't already be a stored permutation. */
+ PR_ASSERT(!ss->ssl3.hs.chExtensionPermutation);
+
+ /* This shuffle handles up to 256 extensions. */
+ PR_ASSERT(buildersLen < 256);
+ uint8_t permutation[256] = { 0 };
+
+ sslExtensionBuilder *builders = PORT_ZAlloc(buildersSize);
if (!builders) {
return SECFailure;
}
@@ -1142,15 +1149,14 @@ tls_ClientHelloExtensionPermutationSetup(sslSocket *ss)
PORT_Memcpy(builders, clientHelloSendersTLS, buildersSize);
/* Get permutation randoms. */
- uint8_t random[permutationLen];
- if (PK11_GenerateRandom(random, permutationLen) != SECSuccess) {
+ if (PK11_GenerateRandom(permutation, permutationLen) != SECSuccess) {
PORT_Free(builders);
return SECFailure;
}
/* Fisher-Yates Shuffle */
for (size_t i = permutationLen - 1; i > 0; i--) {
- size_t idx = random[i - 1] % (i + 1);
+ size_t idx = permutation[i - 1] % (i + 1);
sslExtensionBuilder tmp = builders[i];
builders[i] = builders[idx];
builders[idx] = tmp;
@@ -1158,13 +1164,9 @@ tls_ClientHelloExtensionPermutationSetup(sslSocket *ss)
/* Make sure that Psk extension is penultimate (before NULL entry). */
PR_ASSERT(builders[buildersLen - 2].ex_type == ssl_tls13_pre_shared_key_xtn);
+ PR_ASSERT(builders[buildersLen - 2].ex_sender == clientHelloSendersTLS[buildersLen - 2].ex_sender);
- if (ss->ssl3.hs.chExtensionPermutation) {
- PORT_Free(builders);
- return SECFailure;
- }
ss->ssl3.hs.chExtensionPermutation = builders;
-
return SECSuccess;
}
View Lorry Controller Status