Fix lengths to support large DH params

2025-08-03 20:54:41 +02:00 · 2019-02-21 17:13:43 +10:00
parent b4996e35fa
commit ee4e27afe2
3 changed files with 35 additions and 4 deletions
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1167,11 +1167,20 @@ enum Misc {
    HELLO_EXT_EXTMS = 0x0017,   /* ID for the extended master secret ext */
    SECRET_LEN      = WOLFSSL_MAX_MASTER_KEY_LENGTH,
                                /* pre RSA and all master */
+    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
    (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
+#ifndef NO_PSK
+    ENCRYPT_LEN     = 1024 + MAX_PSK_ID_LEN + 2,   /* 8192 bit static buffer */
+#else
    ENCRYPT_LEN     = 1024,     /* allow 8192 bit static buffer */
+#endif
+#else
+#ifndef NO_PSK
+    ENCRYPT_LEN     = 512 + MAX_PSK_ID_LEN + 2,    /* 4096 bit static buffer */
 #else
    ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
+#endif
 #endif
    SIZEOF_SENDER   =  4,       /* clnt or srvr           */
    FINISHED_SZ     = 36,       /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
@@ -1361,7 +1370,6 @@ enum Misc {
    DTLS_TIMEOUT_MAX        = 64, /* default max timeout for DTLS receive */
    DTLS_TIMEOUT_MULTIPLIER =  2, /* default timeout multiplier for DTLS recv */

-    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
    NULL_TERM_LEN      =   1,  /* length of null '\0' termination character */
    MAX_PSK_KEY_LEN    =  64,  /* max psk key supported */
    MIN_PSK_ID_LEN     =   6,  /* min length of identities */
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -195,11 +195,11 @@ WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);

 enum max_prf {
 #ifdef HAVE_FFDHE_8192
-    MAX_PRF_HALF        = 512, /* Maximum half secret len */
+    MAX_PRF_HALF        = 516, /* Maximum half secret len */
 #elif defined(HAVE_FFDHE_6144)
-    MAX_PRF_HALF        = 384, /* Maximum half secret len */
+    MAX_PRF_HALF        = 388, /* Maximum half secret len */
 #else
-    MAX_PRF_HALF        = 256, /* Maximum half secret len */
+    MAX_PRF_HALF        = 260, /* Maximum half secret len */
 #endif
    MAX_PRF_LABSEED     = 128, /* Maximum label + seed len */
    MAX_PRF_DIG         = 224  /* Maximum digest len      */
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1815,6 +1815,29 @@ extern void uITRON4_free(void *p) ;
        #define HAVE_FFDHE
    #endif
 #endif
+#ifdef FP_MAX_BITS
+    #if defined(HAVE_FFDHE_8192) && FP_MAX_BITS < 16384
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     16384
+    #endif
+    #if defined(HAVE_FFDHE_6144) && FP_MAX_BITS < 12288
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     12288
+    #endif
+    #if defined(HAVE_FFDHE_4096) && FP_MAX_BITS < 8192
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     8192
+    #endif
+    #if defined(HAVE_FFDHE_3072) && FP_MAX_BITS < 6144
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     6144
+    #endif
+    #if defined(HAVE_FFDHE_2048) && FP_MAX_BITS < 4096
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+#endif
+

 /* both CURVE and ED small math should be enabled */
 #ifdef CURVED25519_SMALL