wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix DTLS+OPENSSLALL+FIPS Failure

Browse Source 
There was a problem with the combination of DTLS, OpenSSL Compatibility,
and FIPSv2 where the DTLS server would fail out because a HMAC key was
too short. FIPS requires a HMAC key be a minimum size. The DTLS server
uses HMAC to generate the first cookie key when initialized. When using
OpenSSL, the feature for creating a DTLS endpoint with its side being
set late is tested. The DTLS cookie wasn't getting set at init because
the server was "neither" at the time. Added a call to set cookie when
initializing a neither endpoint into a server.
This commit is contained in:
John Safranek
2019-10-18 16:28:44 -07:00
parent 0e73af8b88
commit 26793359a2
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@ -1626,6 +1626,17 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
} }
#endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */ #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
int ret;
ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
if (ret != 0) {
WOLFSSL_MSG("DTLS Cookie Secret error");
return ret;
}
}
#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
return InitSSL_Suites(ssl); return InitSSL_Suites(ssl);
} }
#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */