From eed5943b6f0c645e8347d74582160ba07419a2b8 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 5 May 2020 10:05:20 +1000 Subject: [PATCH] Fix TLS 1.3 integrity only for interop Make key size the size of the digest. --- src/keys.c | 12 ++++++++++-- wolfssl/internal.h | 15 ++++++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/keys.c b/src/keys.c index 55b2d9bed..4b4e6a43d 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1074,7 +1074,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; - ssl->specs.key_size = WC_SHA256_DIGEST_SIZE / 2; + ssl->specs.key_size = WC_SHA256_DIGEST_SIZE; ssl->specs.block_size = 0; ssl->specs.iv_size = HMAC_NONCE_SZ; ssl->specs.aead_mac_size = WC_SHA256_DIGEST_SIZE; @@ -1092,7 +1092,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; - ssl->specs.key_size = WC_SHA384_DIGEST_SIZE / 2; + ssl->specs.key_size = WC_SHA384_DIGEST_SIZE; ssl->specs.block_size = 0; ssl->specs.iv_size = HMAC_NONCE_SZ; ssl->specs.aead_mac_size = WC_SHA384_DIGEST_SIZE; @@ -2931,11 +2931,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (side == WOLFSSL_CLIENT_END) { if (enc) { + XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, + HMAC_NONCE_SZ); hmacRet = wc_HmacSetKey(enc->hmac, hashType, keys->client_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; } if (dec) { + XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, + HMAC_NONCE_SZ); hmacRet = wc_HmacSetKey(dec->hmac, hashType, keys->server_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; @@ -2943,11 +2947,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } else { if (enc) { + XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, + HMAC_NONCE_SZ); hmacRet = wc_HmacSetKey(enc->hmac, hashType, keys->server_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; } if (dec) { + XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, + HMAC_NONCE_SZ); hmacRet = wc_HmacSetKey(dec->hmac, hashType, keys->client_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a60ad2cda..68865bf0a 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -72,6 +72,9 @@ #ifndef NO_SHA256 #include #endif +#if defined(WOLFSSL_SHA384) + #include +#endif #ifdef HAVE_OCSP #include #endif @@ -1355,7 +1358,17 @@ enum Misc { (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, #else - MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, + #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13) + #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48 + MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE, + #elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32 + MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE, + #else + MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, + #endif + #else + MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, + #endif #endif #ifdef HAVE_SELFTEST