summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--crypto/src/tls/crypto/TlsCryptoUtilities.cs5
-rw-r--r--crypto/src/tls/crypto/impl/TlsAeadCipher.cs4
-rw-r--r--crypto/src/tls/crypto/impl/TlsBlockCipher.cs8
-rw-r--r--crypto/src/tls/crypto/impl/TlsNullCipher.cs4
-rw-r--r--crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs4
5 files changed, 18 insertions, 7 deletions
diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
index b1b42f4bf..1903065f1 100644
--- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs
+++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
@@ -237,7 +237,10 @@ namespace Org.BouncyCastle.Tls.Crypto
             int contextLength = context.Length;
             int expandedLabelLength = Tls13Prefix.Length + labelLength;
 
-            Span<byte> hkdfLabel = stackalloc byte[2 + (1 + expandedLabelLength) + (1 + contextLength)];
+            int hkdfLabelLength = 2 + (1 + expandedLabelLength) + (1 + contextLength);
+            Span<byte> hkdfLabel = hkdfLabelLength <= 512
+                ? stackalloc byte[hkdfLabelLength]
+                : new byte[hkdfLabelLength];
 
             // uint16 length
             {
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
index 73fc9e98a..046e6883f 100644
--- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             int keyBlockSize = (2 * keySize) + (2 * m_fixed_iv_length);
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-            Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+            Span<byte> keyBlock = keyBlockSize <= 512
+                ? stackalloc byte[keyBlockSize]
+                : new byte[keyBlockSize];
             TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
 
             if (isServer)
diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
index c8774f9bb..ed9d68649 100644
--- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
@@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-            Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+            Span<byte> keyBlock = keyBlockSize <= 512
+                ? stackalloc byte[keyBlockSize]
+                : new byte[keyBlockSize];
             TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
 
             clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
@@ -88,8 +90,8 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 
             if (m_useExplicitIV)
             {
-                clientCipher.Init(stackalloc byte[clientIVLength]);
-                serverCipher.Init(stackalloc byte[serverIVLength]);
+                clientCipher.Init(clientIVLength <= 64 ? stackalloc byte[clientIVLength] : new byte[clientIVLength]);
+                serverCipher.Init(serverIVLength <= 64 ? stackalloc byte[serverIVLength] : new byte[serverIVLength]);
             }
             else
             {
diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
index b21e46eed..5b6b5663a 100644
--- a/crypto/src/tls/crypto/impl/TlsNullCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
@@ -21,7 +21,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             int keyBlockSize = clientMac.MacLength + serverMac.MacLength;
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-            Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+            Span<byte> keyBlock = keyBlockSize <= 512
+                ? stackalloc byte[keyBlockSize]
+                : new byte[keyBlockSize];
             TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
 
             clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
index 6fe2da491..683806347 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
@@ -168,7 +168,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
 
                 byte[] okm = new byte[length];
 
-                Span<byte> t = stackalloc byte[hashLen];
+                Span<byte> t = hashLen <= 128
+                    ? stackalloc byte[hashLen]
+                    : new byte[hashLen];
                 byte counter = 0x00;
 
                 int pos = 0;