Compute the delegated credentials length prefix with CBB. The length prefix is trivial in this case, but using CBB means we'll check if the length fits in a u16. Change-Id: I7deb2348fd7784e4f7d951f56dc176df3df9ef17 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35785 Reviewed-by: Adam Langley <agl@google.com>

commit: 85eef297eea7a60c9fbcf83d7faf05580cf515da [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Mar 29 23:38:36 2019 -0500
committer: Adam Langley <agl@google.com> Mon Apr 29 16:14:38 2019 +0000
tree: ed34cfd2a5132dc4007cb6ca25e59cff4abbc679
parent: a486c6c842102c18089c6ff5ddc417b3a0f04867 [diff]
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index ba5719f..bd0bb4f 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc

@@ -488,10 +488,10 @@
 
   if (ssl_signing_with_dc(hs)) {
     const CRYPTO_BUFFER *raw = dc->raw.get();
+    CBB child;
     if (!CBB_add_u16(&extensions, TLSEXT_TYPE_delegated_credential) ||
-        !CBB_add_u16(&extensions, CRYPTO_BUFFER_len(raw)) ||
-        !CBB_add_bytes(&extensions,
-                       CRYPTO_BUFFER_data(raw),
+        !CBB_add_u16_length_prefixed(&extensions, &child) ||
+        !CBB_add_bytes(&child, CRYPTO_BUFFER_data(raw),
                        CRYPTO_BUFFER_len(raw)) ||
         !CBB_flush(&extensions)) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
commit	85eef297eea7a60c9fbcf83d7faf05580cf515da	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Mar 29 23:38:36 2019 -0500
committer	Adam Langley <agl@google.com>	Mon Apr 29 16:14:38 2019 +0000
tree	ed34cfd2a5132dc4007cb6ca25e59cff4abbc679
parent	a486c6c842102c18089c6ff5ddc417b3a0f04867 [diff]