Merge pull request #2877 from SparkiDev/tls_hmac_trunc
Allow use of truncated HMAC with TLS_hmac checking
This commit is contained in:
toddouska
GitHub
commit
154dd552e9
25
src/tls.c
25
src/tls.c
@ -1174,6 +1174,12 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
|
|||||||
Hmac hmac;
|
Hmac hmac;
|
||||||
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
|
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
#ifdef HAVE_TRUNCATED_HMAC
|
||||||
|
word32 hashSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
|
||||||
|
: ssl->specs.hash_size;
|
||||||
|
#else
|
||||||
|
word32 hashSz = ssl->specs.hash_size;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ssl == NULL)
|
if (ssl == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
@ -1182,8 +1188,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
|
|||||||
/* Fuzz "in" buffer with sz to be used in HMAC algorithm */
|
/* Fuzz "in" buffer with sz to be used in HMAC algorithm */
|
||||||
if (ssl->fuzzerCb) {
|
if (ssl->fuzzerCb) {
|
||||||
if (verify && padSz >= 0) {
|
if (verify && padSz >= 0) {
|
||||||
ssl->fuzzerCb(ssl, in, sz + ssl->specs.hash_size + padSz + 1,
|
ssl->fuzzerCb(ssl, in, sz + hashSz + padSz + 1, FUZZ_HMAC,
|
||||||
FUZZ_HMAC, ssl->fuzzerCtx);
|
ssl->fuzzerCtx);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
|
ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
|
||||||
@ -1221,21 +1227,18 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
|
|||||||
!defined(HAVE_SELFTEST)
|
!defined(HAVE_SELFTEST)
|
||||||
#ifdef HAVE_BLAKE2
|
#ifdef HAVE_BLAKE2
|
||||||
if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
|
if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
|
||||||
ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
|
ret = Hmac_UpdateFinal(&hmac, digest, in,
|
||||||
ssl->specs.hash_size + padSz + 1,
|
sz + hashSz + padSz + 1, myInner);
|
||||||
myInner);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz +
|
ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
|
||||||
ssl->specs.hash_size + padSz + 1,
|
sz + hashSz + padSz + 1, myInner);
|
||||||
myInner);
|
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
|
ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,
|
||||||
ssl->specs.hash_size + padSz + 1,
|
myInner);
|
||||||
myInner);
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user