wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Comments and further relaxing of some other hmac restrictions

Browse Source
This commit is contained in:
kaleb-himes
2024-04-25 18:26:43 -04:00
parent 49e9c06679
commit 766c3b5ad8
3 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfcrypt/src/hmac.c
View File

@ -1275,7 +1275,12 @@ int wolfSSL_GetHmacMaxSize(void)
ret = wc_HmacInit(myHmac, heap, devId); ret = wc_HmacInit(myHmac, heap, devId);
if (ret == 0) { if (ret == 0) {
#if FIPS_VERSION3_GE(6,0,0)
ret = wc_HmacSetKey_ex(myHmac, type, localSalt, saltSz,
FIPS_ALLOW_SHORT);
#else
ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz); ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
#endif
if (ret == 0) if (ret == 0)
ret = wc_HmacUpdate(myHmac, inKey, inKeySz); ret = wc_HmacUpdate(myHmac, inKey, inKeySz);
if (ret == 0) if (ret == 0)
@ -1356,7 +1361,12 @@ int wolfSSL_GetHmacMaxSize(void)
word32 tmpSz = (n == 1) ? 0 : hashSz; word32 tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx; word32 left = outSz - outIdx;
#if FIPS_VERSION3_GE(6,0,0)
ret = wc_HmacSetKey_ex(myHmac, type, inKey, inKeySz,
FIPS_ALLOW_SHORT);
#else
ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz); ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz);
#endif
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacUpdate(myHmac, tmp, tmpSz); ret = wc_HmacUpdate(myHmac, tmp, tmpSz);

8
wolfcrypt/src/rsa.c
View File

@ -4510,7 +4510,8 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,
if (q != NULL) { if (q != NULL) {
int valid = 0; int valid = 0;
/* 5.4 - check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */ /* 5.4 (186-4) 5.5 (186-5) -
* check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */
ret = wc_CompareDiffPQ(p, q, nlen, &valid); ret = wc_CompareDiffPQ(p, q, nlen, &valid);
if ((ret != MP_OKAY) || (!valid)) goto notOkay; if ((ret != MP_OKAY) || (!valid)) goto notOkay;
prime = q; prime = q;
@ -4518,14 +4519,15 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,
else else
prime = p; prime = p;
/* 4.4,5.5 - Check that prime >= (2^(1/2))(2^((nlen/2)-1)) /* 4.4,5.5 (186-4) 4.4,5.4 (186-5) -
* Check that prime >= (2^(1/2))(2^((nlen/2)-1))
* This is a comparison against lowerBound */ * This is a comparison against lowerBound */
ret = mp_read_unsigned_bin(tmp1, lower_bound, (word32)nlen/16); ret = mp_read_unsigned_bin(tmp1, lower_bound, (word32)nlen/16);
if (ret != MP_OKAY) goto notOkay; if (ret != MP_OKAY) goto notOkay;
ret = mp_cmp(prime, tmp1); ret = mp_cmp(prime, tmp1);
if (ret == MP_LT) goto exit; if (ret == MP_LT) goto exit;
/* 4.5,5.6 - Check that GCD(p-1, e) == 1 */ /* 4.5,5.6 (186-4 & 186-5) - Check that GCD(p-1, e) == 1 */
ret = mp_sub_d(prime, 1, tmp1); /* tmp1 = prime-1 */ ret = mp_sub_d(prime, 1, tmp1); /* tmp1 = prime-1 */
if (ret != MP_OKAY) goto notOkay; if (ret != MP_OKAY) goto notOkay;
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO

4
wolfssl/wolfcrypt/hmac.h
View File

@ -43,6 +43,10 @@
WOLFSSL_LOCAL int wolfCrypt_FIPS_HMAC_sanity(void); WOLFSSL_LOCAL int wolfCrypt_FIPS_HMAC_sanity(void);
#endif #endif
#if FIPS_VERSION3_GE(6,0,0)
#define FIPS_ALLOW_SHORT 1
#endif
/* avoid redefinition of structs */ /* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0) #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0)