Add bounds check for output length in HKDF expand operation JDK-8145252-TLS13-branch
authorjnimeh
Wed, 30 May 2018 11:36:46 -0700
branchJDK-8145252-TLS13-branch
changeset 56637 d66751750b72
parent 56636 ef5c16991f27
child 56645 c10dbcaed048
Add bounds check for output length in HKDF expand operation Summary: Make the HKDF expand operation conform to the specification by limiting the allowed output length.
src/java.base/share/classes/sun/security/ssl/HKDF.java
--- a/src/java.base/share/classes/sun/security/ssl/HKDF.java	Wed May 30 11:34:58 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/HKDF.java	Wed May 30 11:36:46 2018 -0700
@@ -141,6 +141,12 @@
         // Calculate the number of rounds of HMAC that are needed to
         // meet the requested data.  Then set up the buffers we will need.
         Objects.requireNonNull(pseudoRandKey, "A null PRK is not allowed.");
+
+        // Output from the expand operation must be <= 255 * hmac length
+        if (outLen > 255 * hmacLen) {
+            throw new IllegalArgumentException("Requested output length " +
+                    "exceeds maximum length allowed for HKDF expansion");
+        }
         hmacObj.init(pseudoRandKey);
         if (info == null) {
             info = new byte[0];