feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

dtls13: support Authentication and Integrity-Only Cipher Suites

Browse Source 
See RFC 9150. To enable the feature use HAVE_NULL_CIPHER compilation flag.
This commit is contained in:
Marco Oliverio
2023-04-12 12:14:51 +00:00
parent 5f1ce09dce
commit 31ed2a2bbb
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/dtls13.c
View File

@@ -301,6 +301,12 @@ static int Dtls13EncryptDecryptRecordNumber(WOLFSSL* ssl, byte* seq,
byte mask[DTLS13_RN_MASK_SIZE]; byte mask[DTLS13_RN_MASK_SIZE];
int ret; int ret;
#ifdef HAVE_NULL_CIPHER
/* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null)
return 0;
#endif /*HAVE_NULL_CIPHER */
ret = Dtls13GetRnMask(ssl, ciphertext, mask, dir); ret = Dtls13GetRnMask(ssl, ciphertext, mask, dir);
if (ret != 0) if (ret != 0)
return ret; return ret;
@@ -2266,6 +2272,15 @@ int Dtls13SetRecordNumberKeys(WOLFSSL* ssl, enum encrypt_side side)
} }
#endif /* HAVE_CHACHA */ #endif /* HAVE_CHACHA */
#ifdef HAVE_NULL_CIPHER
if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null) {
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Skipping Record Number key provisioning with null cipher");
#endif /* WOLFSSL_DEBUG_TLS */
return 0;
}
#endif /* HAVE_NULL_CIPHER */
return NOT_COMPILED_IN; return NOT_COMPILED_IN;
} }