wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use wc_HmacInit and wc_HmacFree in cookie logic

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2022-07-04 12:51:50 +02:00
parent 00391a5ace
commit a8adde66c8
1 changed files with 38 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
src/tls13.c
View File

@ -2823,23 +2823,29 @@ static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz)
cookieType = WC_SHA256; cookieType = WC_SHA256;
macSz = WC_SHA256_DIGEST_SIZE; macSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */ #endif /* NO_SHA256 */
XMEMSET(&cookieHmac, 0, sizeof(Hmac));
ret = wc_HmacSetKey(&cookieHmac, cookieType, ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
ssl->buffers.tls13CookieSecret.buffer, if (ret == 0) {
ssl->buffers.tls13CookieSecret.length); ret = wc_HmacSetKey(&cookieHmac, cookieType,
if (ret != 0) ssl->buffers.tls13CookieSecret.buffer,
return ret; ssl->buffers.tls13CookieSecret.length);
if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0) }
return ret; if (ret == 0)
ret = wc_HmacUpdate(&cookieHmac, hash, hashSz);
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
/* Tie cookie to peer address */ /* Tie cookie to peer address */
if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0 && if (ret == 0) {
(ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa, if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) {
ssl->buffers.dtlsCtx.peer.sz)) != 0) ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa,
return ret; ssl->buffers.dtlsCtx.peer.sz);
}
}
#endif #endif
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0) if (ret == 0)
ret = wc_HmacFinal(&cookieHmac, mac);
wc_HmacFree(&cookieHmac);
if (ret != 0)
return ret; return ret;
/* The cookie data is the hash and the integrity check. */ /* The cookie data is the hash and the integrity check. */
@ -4773,23 +4779,29 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz)
if (cookieSz < ssl->specs.hash_size + macSz) if (cookieSz < ssl->specs.hash_size + macSz)
return HRR_COOKIE_ERROR; return HRR_COOKIE_ERROR;
cookieSz -= macSz; cookieSz -= macSz;
XMEMSET(&cookieHmac, 0, sizeof(Hmac));
ret = wc_HmacSetKey(&cookieHmac, cookieType, ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
ssl->buffers.tls13CookieSecret.buffer, if (ret == 0) {
ssl->buffers.tls13CookieSecret.length); ret = wc_HmacSetKey(&cookieHmac, cookieType,
if (ret != 0) ssl->buffers.tls13CookieSecret.buffer,
return ret; ssl->buffers.tls13CookieSecret.length);
if ((ret = wc_HmacUpdate(&cookieHmac, cookie, cookieSz)) != 0) }
return ret; if (ret == 0)
ret = wc_HmacUpdate(&cookieHmac, cookie, cookieSz);
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
/* Tie cookie to peer address */ /* Tie cookie to peer address */
if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0 && if (ret == 0) {
(ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa, if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) {
ssl->buffers.dtlsCtx.peer.sz)) != 0) ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa,
return ret; ssl->buffers.dtlsCtx.peer.sz);
}
}
#endif #endif
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0) if (ret == 0)
ret = wc_HmacFinal(&cookieHmac, mac);
wc_HmacFree(&cookieHmac);
if (ret != 0)
return ret; return ret;
if (ConstantCompare(cookie + cookieSz, mac, macSz) != 0) if (ConstantCompare(cookie + cookieSz, mac, macSz) != 0)