# HG changeset patch
# User jnimeh
# Date 1527705406 25200
# Node ID d66751750b728ef84dfbfff9d7977ec84769c656
# Parent  ef5c16991f276b19f50293ce20aa220fe8d5ac0c
Add bounds check for output length in HKDF expand operation
Summary: Make the HKDF expand operation conform to the specification by limiting the allowed output length.

diff -r ef5c16991f27 -r d66751750b72 src/java.base/share/classes/sun/security/ssl/HKDF.java
--- a/src/java.base/share/classes/sun/security/ssl/HKDF.java	Wed May 30 11:34:58 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/HKDF.java	Wed May 30 11:36:46 2018 -0700
@@ -141,6 +141,12 @@
         // Calculate the number of rounds of HMAC that are needed to
         // meet the requested data.  Then set up the buffers we will need.
         Objects.requireNonNull(pseudoRandKey, "A null PRK is not allowed.");
+
+        // Output from the expand operation must be <= 255 * hmac length
+        if (outLen > 255 * hmacLen) {
+            throw new IllegalArgumentException("Requested output length " +
+                    "exceeds maximum length allowed for HKDF expansion");
+        }
         hmacObj.init(pseudoRandKey);
         if (info == null) {
             info = new byte[0];