Allow use of truncated HMAC with TLS_hmac checking

2025-07-30 18:57:27 +02:00 · 2020-04-02 08:52:40 +10:00
parent 3bd52b166b
commit e23a6b46b0
1 changed files with 14 additions and 11 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -1174,6 +1174,12 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
    Hmac   hmac;
    byte   myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
    int    ret = 0;
 #ifdef HAVE_TRUNCATED_HMAC
    word32 hashSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
                                        : ssl->specs.hash_size;
 #else
    word32 hashSz = ssl->specs.hash_size;
 #endif
    if (ssl == NULL)
        return BAD_FUNC_ARG;
@ -1182,8 +1188,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
    /* Fuzz "in" buffer with sz to be used in HMAC algorithm */
    if (ssl->fuzzerCb) {
        if (verify && padSz >= 0) {
-            ssl->fuzzerCb(ssl, in, sz + ssl->specs.hash_size + padSz + 1,
+            ssl->fuzzerCb(ssl, in, sz + hashSz + padSz + 1, FUZZ_HMAC,
-                FUZZ_HMAC, ssl->fuzzerCtx);
+                          ssl->fuzzerCtx);
        }
        else {
            ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
@ -1221,21 +1227,18 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
    !defined(HAVE_SELFTEST)
    #ifdef HAVE_BLAKE2
            if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
-                ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
+                ret = Hmac_UpdateFinal(&hmac, digest, in,
-                                               ssl->specs.hash_size + padSz + 1,
+                                              sz + hashSz + padSz + 1, myInner);
                                               myInner);
            }
            else
    #endif
            {
-                ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz +
+                ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
-                                               ssl->specs.hash_size + padSz + 1,
+                                              sz + hashSz + padSz + 1, myInner);
                                               myInner);
            }
 #else
-            ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
+            ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,
-                                               ssl->specs.hash_size + padSz + 1,
+                                                                       myInner);
                                               myInner);
 #endif
        }
        else {