feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Prime Number Testing

Browse Source 
1. Disable the new prime test from TLS while using FIPS or setting the flag WOLFSSL_OLD_PRIME_CHECK.
This commit is contained in:
John Safranek
2018-07-26 16:01:08 -07:00
parent 4b2a591a93
commit 31f1692cbf
1 changed files with 43 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/internal.c
View File

@ -19108,12 +19108,20 @@ int SendClientKeyExchange(WOLFSSL* ssl)
goto exit_scke; goto exit_scke;
} }
#if !defined(HAVE_FIPS) && !defined(WOLFSSL_OLD_PRIME_CHECK)
ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length, ssl->buffers.serverDH_G.length,
NULL, 0, 0, ssl->rng); NULL, 0, 0, ssl->rng);
#else
ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length);
#endif
if (ret != 0) { if (ret != 0) {
goto exit_scke; goto exit_scke;
} }
@ -19204,12 +19212,20 @@ int SendClientKeyExchange(WOLFSSL* ssl)
goto exit_scke; goto exit_scke;
} }
#if !defined(HAVE_FIPS) && !defined(WOLFSSL_OLD_PRIME_CHECK)
ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length, ssl->buffers.serverDH_G.length,
NULL, 0, 0, ssl->rng); NULL, 0, 0, ssl->rng);
#else
ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length);
#endif
if (ret != 0) { if (ret != 0) {
goto exit_scke; goto exit_scke;
} }
@ -20919,12 +20935,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
goto exit_sske; goto exit_sske;
} }
#if !defined(HAVE_FIPS) && !defined(WOLFSSL_OLD_PRIME_CHECK)
ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length, ssl->buffers.serverDH_G.length,
NULL, 0, 1, ssl->rng); NULL, 0, 0, ssl->rng);
#else
ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length);
#endif
if (ret != 0) { if (ret != 0) {
goto exit_sske; goto exit_sske;
} }
@ -24450,12 +24474,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
goto exit_dcke; goto exit_dcke;
} }
#if !defined(HAVE_FIPS) && !defined(WOLFSSL_OLD_PRIME_CHECK)
ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length, ssl->buffers.serverDH_G.length,
NULL, 0, 1, ssl->rng); NULL, 0, 0, ssl->rng);
#else
ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length);
#endif
/* set the max agree result size */ /* set the max agree result size */
ssl->arrays->preMasterSz = ENCRYPT_LEN; ssl->arrays->preMasterSz = ENCRYPT_LEN;
@ -24507,12 +24539,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
goto exit_dcke; goto exit_dcke;
} }
#if !defined(HAVE_FIPS) && !defined(WOLFSSL_OLD_PRIME_CHECK)
ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length, ssl->buffers.serverDH_G.length,
NULL, 0, 1, ssl->rng); NULL, 0, 0, ssl->rng);
#else
ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length);
#endif
break; break;
} }