wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2947 from SparkiDev/tls13_integ_fix

Browse Source 
Fix TLS 1.3 integrity only for interop
This commit is contained in:
toddouska
2020-05-28 13:48:43 -07:00
committed by GitHub
parent 5360783d7e eed5943b6f
commit 5962931b21
2 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/keys.c
View File

@@ -1074,7 +1074,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = WC_SHA256_DIGEST_SIZE / 2;
ssl->specs.key_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.block_size = 0;
ssl->specs.iv_size = HMAC_NONCE_SZ;
ssl->specs.aead_mac_size = WC_SHA256_DIGEST_SIZE;
@@ -1092,7 +1092,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = WC_SHA384_DIGEST_SIZE / 2;
ssl->specs.key_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.block_size = 0;
ssl->specs.iv_size = HMAC_NONCE_SZ;
ssl->specs.aead_mac_size = WC_SHA384_DIGEST_SIZE;
@@ -2931,11 +2931,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (side == WOLFSSL_CLIENT_END) {
if (enc) {
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
HMAC_NONCE_SZ);
hmacRet = wc_HmacSetKey(enc->hmac, hashType,
keys->client_write_key, specs->key_size);
if (hmacRet != 0) return hmacRet;
}
if (dec) {
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
HMAC_NONCE_SZ);
hmacRet = wc_HmacSetKey(dec->hmac, hashType,
keys->server_write_key, specs->key_size);
if (hmacRet != 0) return hmacRet;
@@ -2943,11 +2947,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
else {
if (enc) {
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
HMAC_NONCE_SZ);
hmacRet = wc_HmacSetKey(enc->hmac, hashType,
keys->server_write_key, specs->key_size);
if (hmacRet != 0) return hmacRet;
}
if (dec) {
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
HMAC_NONCE_SZ);
hmacRet = wc_HmacSetKey(dec->hmac, hashType,
keys->client_write_key, specs->key_size);
if (hmacRet != 0) return hmacRet;

15
wolfssl/internal.h
View File

@@ -72,6 +72,9 @@
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h>
#endif
#if defined(WOLFSSL_SHA384)
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef HAVE_OCSP
#include <wolfssl/ocsp.h>
#endif
@@ -1355,7 +1358,17 @@ enum Misc {
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
#elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#endif
#ifdef HAVE_SELFTEST