Refactor stackalloc usage in TLS
5 files changed, 18 insertions, 7 deletions
diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
index b1b42f4bf..1903065f1 100644
--- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs
+++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
@@ -237,7 +237,10 @@ namespace Org.BouncyCastle.Tls.Crypto
int contextLength = context.Length;
int expandedLabelLength = Tls13Prefix.Length + labelLength;
- Span<byte> hkdfLabel = stackalloc byte[2 + (1 + expandedLabelLength) + (1 + contextLength)];
+ int hkdfLabelLength = 2 + (1 + expandedLabelLength) + (1 + contextLength);
+ Span<byte> hkdfLabel = hkdfLabelLength <= 512
+ ? stackalloc byte[hkdfLabelLength]
+ : new byte[hkdfLabelLength];
// uint16 length
{
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
index 73fc9e98a..046e6883f 100644
--- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
int keyBlockSize = (2 * keySize) + (2 * m_fixed_iv_length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+ Span<byte> keyBlock = keyBlockSize <= 512
+ ? stackalloc byte[keyBlockSize]
+ : new byte[keyBlockSize];
TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
if (isServer)
diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
index c8774f9bb..ed9d68649 100644
--- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
@@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+ Span<byte> keyBlock = keyBlockSize <= 512
+ ? stackalloc byte[keyBlockSize]
+ : new byte[keyBlockSize];
TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
@@ -88,8 +90,8 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
if (m_useExplicitIV)
{
- clientCipher.Init(stackalloc byte[clientIVLength]);
- serverCipher.Init(stackalloc byte[serverIVLength]);
+ clientCipher.Init(clientIVLength <= 64 ? stackalloc byte[clientIVLength] : new byte[clientIVLength]);
+ serverCipher.Init(serverIVLength <= 64 ? stackalloc byte[serverIVLength] : new byte[serverIVLength]);
}
else
{
diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
index b21e46eed..5b6b5663a 100644
--- a/crypto/src/tls/crypto/impl/TlsNullCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
@@ -21,7 +21,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
int keyBlockSize = clientMac.MacLength + serverMac.MacLength;
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+ Span<byte> keyBlock = keyBlockSize <= 512
+ ? stackalloc byte[keyBlockSize]
+ : new byte[keyBlockSize];
TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
index 6fe2da491..683806347 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
@@ -168,7 +168,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
byte[] okm = new byte[length];
- Span<byte> t = stackalloc byte[hashLen];
+ Span<byte> t = hashLen <= 128
+ ? stackalloc byte[hashLen]
+ : new byte[hashLen];
byte counter = 0x00;
int pos = 0;
|
