diff options
-rw-r--r-- | crypto/src/tls/crypto/TlsCryptoUtilities.cs | 5 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/TlsAeadCipher.cs | 4 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/TlsBlockCipher.cs | 8 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/TlsNullCipher.cs | 4 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs | 4 |
5 files changed, 18 insertions, 7 deletions
diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs index b1b42f4bf..1903065f1 100644 --- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs +++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs @@ -237,7 +237,10 @@ namespace Org.BouncyCastle.Tls.Crypto int contextLength = context.Length; int expandedLabelLength = Tls13Prefix.Length + labelLength; - Span<byte> hkdfLabel = stackalloc byte[2 + (1 + expandedLabelLength) + (1 + contextLength)]; + int hkdfLabelLength = 2 + (1 + expandedLabelLength) + (1 + contextLength); + Span<byte> hkdfLabel = hkdfLabelLength <= 512 + ? stackalloc byte[hkdfLabelLength] + : new byte[hkdfLabelLength]; // uint16 length { diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs index 73fc9e98a..046e6883f 100644 --- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs +++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs @@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl int keyBlockSize = (2 * keySize) + (2 * m_fixed_iv_length); #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> keyBlock = stackalloc byte[keyBlockSize]; + Span<byte> keyBlock = keyBlockSize <= 512 + ? stackalloc byte[keyBlockSize] + : new byte[keyBlockSize]; TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock); if (isServer) diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs index c8774f9bb..ed9d68649 100644 --- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs +++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs @@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> keyBlock = stackalloc byte[keyBlockSize]; + Span<byte> keyBlock = keyBlockSize <= 512 + ? stackalloc byte[keyBlockSize] + : new byte[keyBlockSize]; TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock); clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..]; @@ -88,8 +90,8 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl if (m_useExplicitIV) { - clientCipher.Init(stackalloc byte[clientIVLength]); - serverCipher.Init(stackalloc byte[serverIVLength]); + clientCipher.Init(clientIVLength <= 64 ? stackalloc byte[clientIVLength] : new byte[clientIVLength]); + serverCipher.Init(serverIVLength <= 64 ? stackalloc byte[serverIVLength] : new byte[serverIVLength]); } else { diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs index b21e46eed..5b6b5663a 100644 --- a/crypto/src/tls/crypto/impl/TlsNullCipher.cs +++ b/crypto/src/tls/crypto/impl/TlsNullCipher.cs @@ -21,7 +21,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl int keyBlockSize = clientMac.MacLength + serverMac.MacLength; #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> keyBlock = stackalloc byte[keyBlockSize]; + Span<byte> keyBlock = keyBlockSize <= 512 + ? stackalloc byte[keyBlockSize] + : new byte[keyBlockSize]; TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock); clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..]; diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs index 6fe2da491..683806347 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs @@ -168,7 +168,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC byte[] okm = new byte[length]; - Span<byte> t = stackalloc byte[hashLen]; + Span<byte> t = hashLen <= 128 + ? stackalloc byte[hashLen] + : new byte[hashLen]; byte counter = 0x00; int pos = 0; |