wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 21:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix lengths to support large DH params

Browse Source
This commit is contained in:
Sean Parkinson
2019-02-21 17:13:43 +10:00
parent b4996e35fa
commit ee4e27afe2
3 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfssl/internal.h
View File

@@ -1167,11 +1167,20 @@ enum Misc {
HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
/* pre RSA and all master */ /* pre RSA and all master */
MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
(defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192) (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
#ifndef NO_PSK
ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */
#else
ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */
#endif
#else
#ifndef NO_PSK
ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */
#else #else
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
#endif
#endif #endif
SIZEOF_SENDER = 4, /* clnt or srvr */ SIZEOF_SENDER = 4, /* clnt or srvr */
FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
@@ -1361,7 +1370,6 @@ enum Misc {
DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
NULL_TERM_LEN = 1, /* length of null '\0' termination character */ NULL_TERM_LEN = 1, /* length of null '\0' termination character */
MAX_PSK_KEY_LEN = 64, /* max psk key supported */ MAX_PSK_KEY_LEN = 64, /* max psk key supported */
MIN_PSK_ID_LEN = 6, /* min length of identities */ MIN_PSK_ID_LEN = 6, /* min length of identities */

6
wolfssl/wolfcrypt/hash.h
View File

@@ -195,11 +195,11 @@ WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
enum max_prf { enum max_prf {
#ifdef HAVE_FFDHE_8192 #ifdef HAVE_FFDHE_8192
MAX_PRF_HALF = 512, /* Maximum half secret len */ MAX_PRF_HALF = 516, /* Maximum half secret len */
#elif defined(HAVE_FFDHE_6144) #elif defined(HAVE_FFDHE_6144)
MAX_PRF_HALF = 384, /* Maximum half secret len */ MAX_PRF_HALF = 388, /* Maximum half secret len */
#else #else
MAX_PRF_HALF = 256, /* Maximum half secret len */ MAX_PRF_HALF = 260, /* Maximum half secret len */
#endif #endif
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
MAX_PRF_DIG = 224 /* Maximum digest len */ MAX_PRF_DIG = 224 /* Maximum digest len */

23
wolfssl/wolfcrypt/settings.h
View File

@@ -1815,6 +1815,29 @@ extern void uITRON4_free(void *p) ;
#define HAVE_FFDHE #define HAVE_FFDHE
#endif #endif
#endif #endif
#ifdef FP_MAX_BITS
#if defined(HAVE_FFDHE_8192) && FP_MAX_BITS < 16384
#undef FP_MAX_BITS
#define FP_MAX_BITS 16384
#endif
#if defined(HAVE_FFDHE_6144) && FP_MAX_BITS < 12288
#undef FP_MAX_BITS
#define FP_MAX_BITS 12288
#endif
#if defined(HAVE_FFDHE_4096) && FP_MAX_BITS < 8192
#undef FP_MAX_BITS
#define FP_MAX_BITS 8192
#endif
#if defined(HAVE_FFDHE_3072) && FP_MAX_BITS < 6144
#undef FP_MAX_BITS
#define FP_MAX_BITS 6144
#endif
#if defined(HAVE_FFDHE_2048) && FP_MAX_BITS < 4096
#undef FP_MAX_BITS
#define FP_MAX_BITS 4096
#endif
#endif
/* both CURVE and ED small math should be enabled */ /* both CURVE and ED small math should be enabled */
#ifdef CURVED25519_SMALL #ifdef CURVED25519_SMALL