1 files changed, 27 insertions, 26 deletions

diff --git a/security/nss/lib/ssl/tls13hkdf.c b/security/nss/lib/ssl/tls13hkdf.c
index 8fa3375c6..7e69bb882 100644
--- a/security/nss/lib/ssl/tls13hkdf.c
+++ b/security/nss/lib/ssl/tls13hkdf.c
@@ -134,10 +134,10 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
      * Label, plus HandshakeHash. If it's ever to small, the code will abort.
      */
     PRUint8 info[256];
-    sslBuffer infoBuf = SSL_BUFFER(info);
+    PRUint8 *ptr = info;
+    unsigned int infoLen;
     PK11SymKey *derived;
-    SECStatus rv;
-    const char *kLabelPrefix = "tls13 ";
+    const char *kLabelPrefix = "TLS 1.3, ";
     const unsigned int kLabelPrefixLen = strlen(kLabelPrefix);
 
     if (handshakeHash) {
@@ -170,31 +170,29 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
      *  - HkdfLabel.label is "TLS 1.3, " + Label
      *
      */
-    rv = sslBuffer_AppendNumber(&infoBuf, keySize, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_AppendNumber(&infoBuf, labelLen + kLabelPrefixLen, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_Append(&infoBuf, kLabelPrefix, kLabelPrefixLen);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_Append(&infoBuf, label, labelLen);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen;
+    if (infoLen > sizeof(info)) {
+        PORT_Assert(0);
+        goto abort;
     }
-    rv = sslBuffer_AppendVariable(&infoBuf, handshakeHash, handshakeHashLen, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+
+    ptr = ssl_EncodeUintX(keySize, 2, ptr);
+    ptr = ssl_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr);
+    PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen);
+    ptr += kLabelPrefixLen;
+    PORT_Memcpy(ptr, label, labelLen);
+    ptr += labelLen;
+    ptr = ssl_EncodeUintX(handshakeHashLen, 1, ptr);
+    if (handshakeHash) {
+        PORT_Memcpy(ptr, handshakeHash, handshakeHashLen);
+        ptr += handshakeHashLen;
     }
+    PORT_Assert((ptr - info) == infoLen);
 
     params.bExtract = CK_FALSE;
     params.bExpand = CK_TRUE;
-    params.pInfo = SSL_BUFFER_BASE(&infoBuf);
-    params.ulInfoLen = SSL_BUFFER_LEN(&infoBuf);
+    params.pInfo = info;
+    params.ulInfoLen = infoLen;
     paramsi.data = (unsigned char *)&params;
     paramsi.len = sizeof(params);
 
@@ -213,17 +211,20 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
         char labelStr[100];
         PORT_Memcpy(labelStr, label, labelLen);
         labelStr[labelLen] = 0;
-        SSL_TRC(50, ("HKDF Expand: label='tls13 %s',requested length=%d",
+        SSL_TRC(50, ("HKDF Expand: label=[TLS 1.3, ] + '%s',requested length=%d",
                      labelStr, keySize));
     }
     PRINT_KEY(50, (NULL, "PRK", prk));
     PRINT_BUF(50, (NULL, "Hash", handshakeHash, handshakeHashLen));
-    PRINT_BUF(50, (NULL, "Info", SSL_BUFFER_BASE(&infoBuf),
-                   SSL_BUFFER_LEN(&infoBuf)));
+    PRINT_BUF(50, (NULL, "Info", info, infoLen));
     PRINT_KEY(50, (NULL, "Derived key", derived));
 #endif
 
     return SECSuccess;
+
+abort:
+    PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+    return SECFailure;
 }
 
 SECStatus