summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ssl/tls13hashstate.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/tls13hashstate.c')
-rw-r--r--security/nss/lib/ssl/tls13hashstate.c34
1 files changed, 19 insertions, 15 deletions
diff --git a/security/nss/lib/ssl/tls13hashstate.c b/security/nss/lib/ssl/tls13hashstate.c
index e3232f524..cc0ed286b 100644
--- a/security/nss/lib/ssl/tls13hashstate.c
+++ b/security/nss/lib/ssl/tls13hashstate.c
@@ -88,36 +88,37 @@ tls13_RecoverHashState(sslSocket *ss,
{
SECStatus rv;
unsigned char plaintext[1024];
- SECItem ptItem = { siBuffer, plaintext, 0 };
+ unsigned int plaintextLen = 0;
sslBuffer messageBuf = SSL_BUFFER_EMPTY;
- PRUint32 sentinel;
- PRUint32 cipherSuite;
- PRUint32 group;
+ PRUint64 sentinel;
+ PRUint64 cipherSuite;
+ PRUint64 group;
const sslNamedGroupDef *selectedGroup;
- PRUint32 appTokenLen;
- PRUint8 *appToken;
+ PRUint64 appTokenLen;
rv = ssl_SelfEncryptUnprotect(ss, cookie, cookieLen,
- ptItem.data, &ptItem.len, sizeof(plaintext));
+ plaintext, &plaintextLen, sizeof(plaintext));
if (rv != SECSuccess) {
return SECFailure;
}
+ sslReader reader = SSL_READER(plaintext, plaintextLen);
+
/* Should start with 0xff. */
- rv = ssl3_ConsumeNumberFromItem(&ptItem, &sentinel, 1);
+ rv = sslRead_ReadNumber(&reader, 1, &sentinel);
if ((rv != SECSuccess) || (sentinel != 0xff)) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
return SECFailure;
}
/* The cipher suite should be the same or there are some shenanigans. */
- rv = ssl3_ConsumeNumberFromItem(&ptItem, &cipherSuite, 2);
+ rv = sslRead_ReadNumber(&reader, 2, &cipherSuite);
if (rv != SECSuccess) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
return SECFailure;
}
/* The named group, if any. */
- rv = ssl3_ConsumeNumberFromItem(&ptItem, &group, 2);
+ rv = sslRead_ReadNumber(&reader, 2, &group);
if (rv != SECSuccess) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
return SECFailure;
@@ -126,7 +127,7 @@ tls13_RecoverHashState(sslSocket *ss,
/* Application token. */
PORT_Assert(ss->xtnData.applicationToken.len == 0);
- rv = ssl3_ConsumeNumberFromItem(&ptItem, &appTokenLen, 2);
+ rv = sslRead_ReadNumber(&reader, 2, &appTokenLen);
if (rv != SECSuccess) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
return SECFailure;
@@ -137,15 +138,18 @@ tls13_RecoverHashState(sslSocket *ss,
return SECFailure;
}
ss->xtnData.applicationToken.len = appTokenLen;
- rv = ssl3_ConsumeFromItem(&ptItem, &appToken, appTokenLen);
+ sslReadBuffer appTokenReader = { 0 };
+ rv = sslRead_Read(&reader, appTokenLen, &appTokenReader);
if (rv != SECSuccess) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
return SECFailure;
}
- PORT_Memcpy(ss->xtnData.applicationToken.data, appToken, appTokenLen);
+ PORT_Assert(appTokenReader.len == appTokenLen);
+ PORT_Memcpy(ss->xtnData.applicationToken.data, appTokenReader.buf, appTokenLen);
/* The remainder is the hash. */
- if (ptItem.len != tls13_GetHashSize(ss)) {
+ unsigned int hashLen = SSL_READER_REMAINING(&reader);
+ if (hashLen != tls13_GetHashSize(ss)) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
return SECFailure;
}
@@ -153,7 +157,7 @@ tls13_RecoverHashState(sslSocket *ss,
/* Now reinject the message. */
SSL_ASSERT_HASHES_EMPTY(ss);
rv = ssl_HashHandshakeMessageInt(ss, ssl_hs_message_hash, 0,
- ptItem.data, ptItem.len);
+ SSL_READER_CURRENT(&reader), hashLen);
if (rv != SECSuccess) {
return SECFailure;
}