Fix to detect larger key size requirement based on FP_MAX_BITS. Fix for TLSv1.3 to allow server_hello for TLSX_SUPPORTED_GROUPS. ZD 4754.

2025-08-03 20:54:41 +02:00 · 2019-02-01 09:53:30 -08:00
parent 0b2bbc33bd
commit c080050c80
2 changed files with 4 additions and 2 deletions
--- a/src/tls.c
+++ b/src/tls.c
@@ -9646,6 +9646,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
 #ifdef WOLFSSL_TLS13
                if (IsAtLeastTLSv1_3(ssl->ctx->method->version) &&
                        msgType != client_hello &&
+                        msgType != server_hello &&
                        msgType != encrypted_extensions) {
                    return EXT_NOT_ALLOWED;
                }
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1160,8 +1160,9 @@ enum Misc {
    HELLO_EXT_EXTMS = 0x0017,   /* ID for the extended master secret ext */
    SECRET_LEN      = WOLFSSL_MAX_MASTER_KEY_LENGTH,
                                /* pre RSA and all master */
-#if defined(WOLFSSL_MYSQL_COMPATIBLE)
-    ENCRYPT_LEN     = 1024,     /* allow larger static buffer with mysql */
+#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+    (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
+    ENCRYPT_LEN     = 1024,     /* allow 8192 bit static buffer */
 #else
    ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
 #endif