feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4154 from SparkiDev/hmac_update_ct

Browse Source 
TLS hmac: handle truncated mac in Hmac_UpdateFinal_CT()
This commit is contained in:
David Garske
2021-06-24 09:28:22 -07:00
committed by GitHub
parent 92a4e30b69 5cf7e17820
commit 97ab1bb013
3 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/internal.c
View File

@ -15433,7 +15433,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
* either increment the size by (macSz + padLen + 1) before use or check on
* the size to make sure is valid. */
ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen,
content, 1, PEER_ORDER);
content, 1, PEER_ORDER);
good |= MaskMac(input, pLen, ssl->specs.hash_size, verify);
/* Non-zero on failure. */

10
src/tls.c
View File

@ -870,13 +870,13 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
* returns 0 on success, otherwise failure.
*/
static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
word32 sz, byte* header)
word32 sz, int macLen, byte* header)
{
byte lenBytes[8];
int i, j;
unsigned int k;
int blockBits, blockMask;
int lastBlockLen, macLen, extraLen, eocIndex;
int lastBlockLen, extraLen, eocIndex;
int blocks, safeBlocks, lenBlock, eocBlock;
unsigned int maxLen;
int blockSz, padSz;
@ -889,7 +889,6 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
case WC_SHA:
blockSz = WC_SHA_BLOCK_SIZE;
blockBits = 6;
macLen = WC_SHA_DIGEST_SIZE;
padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
break;
#endif /* !NO_SHA */
@ -898,7 +897,6 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
case WC_SHA256:
blockSz = WC_SHA256_BLOCK_SIZE;
blockBits = 6;
macLen = WC_SHA256_DIGEST_SIZE;
padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
break;
#endif /* !NO_SHA256 */
@ -907,7 +905,6 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
case WC_SHA384:
blockSz = WC_SHA384_BLOCK_SIZE;
blockBits = 7;
macLen = WC_SHA384_DIGEST_SIZE;
padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
break;
#endif /* WOLFSSL_SHA384 */
@ -916,7 +913,6 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
case WC_SHA512:
blockSz = WC_SHA512_BLOCK_SIZE;
blockBits = 7;
macLen = WC_SHA512_DIGEST_SIZE;
padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
break;
#endif /* WOLFSSL_SHA512 */
@ -1225,7 +1221,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
#endif
{
ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
sz + hashSz + padSz + 1, myInner);
sz + hashSz + padSz + 1, hashSz, myInner);
}
#else
ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,

3
wolfssl/test.h
View File

@ -2043,7 +2043,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
}
}
#ifdef WOLFSSL_TLS13
static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
const char* hint, char* identity, unsigned int id_max_len,
unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
@ -2100,6 +2100,7 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
return 32; /* length of key in octets or 0 for error */
}
#endif
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)