Add bounds check for output length in HKDF expand operation
Summary: Make the HKDF expand operation conform to the specification by limiting the allowed output length.
--- a/src/java.base/share/classes/sun/security/ssl/HKDF.java Wed May 30 11:34:58 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/HKDF.java Wed May 30 11:36:46 2018 -0700
@@ -141,6 +141,12 @@
// Calculate the number of rounds of HMAC that are needed to
// meet the requested data. Then set up the buffers we will need.
Objects.requireNonNull(pseudoRandKey, "A null PRK is not allowed.");
+
+ // Output from the expand operation must be <= 255 * hmac length
+ if (outLen > 255 * hmacLen) {
+ throw new IllegalArgumentException("Requested output length " +
+ "exceeds maximum length allowed for HKDF expansion");
+ }
hmacObj.init(pseudoRandKey);
if (info == null) {
info = new byte[0];