From ee4e27afe2798559889e109922279debcfd5b6a1 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 21 Feb 2019 17:13:43 +1000
Subject: [PATCH] Fix lengths to support large DH params

---
 wolfssl/internal.h           | 10 +++++++++-
 wolfssl/wolfcrypt/hash.h     |  6 +++---
 wolfssl/wolfcrypt/settings.h | 23 +++++++++++++++++++++++
 3 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index afff15db8..c52c93078 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1167,11 +1167,20 @@ enum Misc {
     HELLO_EXT_EXTMS = 0x0017,   /* ID for the extended master secret ext */
     SECRET_LEN      = WOLFSSL_MAX_MASTER_KEY_LENGTH,
                                 /* pre RSA and all master */
+    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
     (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
+#ifndef NO_PSK
+    ENCRYPT_LEN     = 1024 + MAX_PSK_ID_LEN + 2,   /* 8192 bit static buffer */
+#else
     ENCRYPT_LEN     = 1024,     /* allow 8192 bit static buffer */
+#endif
+#else
+#ifndef NO_PSK
+    ENCRYPT_LEN     = 512 + MAX_PSK_ID_LEN + 2,    /* 4096 bit static buffer */
 #else
     ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
+#endif
 #endif
     SIZEOF_SENDER   =  4,       /* clnt or srvr           */
     FINISHED_SZ     = 36,       /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
@@ -1361,7 +1370,6 @@ enum Misc {
     DTLS_TIMEOUT_MAX        = 64, /* default max timeout for DTLS receive */
     DTLS_TIMEOUT_MULTIPLIER =  2, /* default timeout multiplier for DTLS recv */
 
-    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
     NULL_TERM_LEN      =   1,  /* length of null '\0' termination character */
     MAX_PSK_KEY_LEN    =  64,  /* max psk key supported */
     MIN_PSK_ID_LEN     =   6,  /* min length of identities */
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 26d4ce523..e0817f007 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -195,11 +195,11 @@ WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
 
 enum max_prf {
 #ifdef HAVE_FFDHE_8192
-    MAX_PRF_HALF        = 512, /* Maximum half secret len */
+    MAX_PRF_HALF        = 516, /* Maximum half secret len */
 #elif defined(HAVE_FFDHE_6144)
-    MAX_PRF_HALF        = 384, /* Maximum half secret len */
+    MAX_PRF_HALF        = 388, /* Maximum half secret len */
 #else
-    MAX_PRF_HALF        = 256, /* Maximum half secret len */
+    MAX_PRF_HALF        = 260, /* Maximum half secret len */
 #endif
     MAX_PRF_LABSEED     = 128, /* Maximum label + seed len */
     MAX_PRF_DIG         = 224  /* Maximum digest len      */
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index eed0a1288..35d32961f 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1815,6 +1815,29 @@ extern void uITRON4_free(void *p) ;
         #define HAVE_FFDHE
     #endif
 #endif
+#ifdef FP_MAX_BITS
+    #if defined(HAVE_FFDHE_8192) && FP_MAX_BITS < 16384
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     16384
+    #endif
+    #if defined(HAVE_FFDHE_6144) && FP_MAX_BITS < 12288
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     12288
+    #endif
+    #if defined(HAVE_FFDHE_4096) && FP_MAX_BITS < 8192
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     8192
+    #endif
+    #if defined(HAVE_FFDHE_3072) && FP_MAX_BITS < 6144
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     6144
+    #endif
+    #if defined(HAVE_FFDHE_2048) && FP_MAX_BITS < 4096
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+#endif
+
 
 /* both CURVE and ED small math should be enabled */
 #ifdef CURVED25519_SMALL