Google Git
Sign in
boringssl/boringssl.git/85eef297eea7a60c9fbcf83d7faf05580cf515da^!/.
commit
85eef297eea7a60c9fbcf83d7faf05580cf515da
[log]
author
David Benjamin <davidben@google.com>
Fri Mar 29 23:38:36 2019 -0500
committer
Adam Langley <agl@google.com>
Mon Apr 29 16:14:38 2019 +0000
tree
ed34cfd2a5132dc4007cb6ca25e59cff4abbc679
parent
a486c6c842102c18089c6ff5ddc417b3a0f04867 [diff]
Compute the delegated credentials length prefix with CBB.

The length prefix is trivial in this case, but using CBB means we'll
check if the length fits in a u16.

Change-Id: I7deb2348fd7784e4f7d951f56dc176df3df9ef17
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35785
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index ba5719f..bd0bb4f 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc

@@ -488,10 +488,10 @@
 
   if (ssl_signing_with_dc(hs)) {
     const CRYPTO_BUFFER *raw = dc->raw.get();
+    CBB child;
     if (!CBB_add_u16(&extensions, TLSEXT_TYPE_delegated_credential) ||
-        !CBB_add_u16(&extensions, CRYPTO_BUFFER_len(raw)) ||
-        !CBB_add_bytes(&extensions,
-                       CRYPTO_BUFFER_data(raw),
+        !CBB_add_u16_length_prefixed(&extensions, &child) ||
+        !CBB_add_bytes(&child, CRYPTO_BUFFER_data(raw),
                        CRYPTO_BUFFER_len(raw)) ||
         !CBB_flush(&extensions)) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);