mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
toddouska 2013-12-02 12:07:17 -08:00
commit 986e2b5694
4 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@ -1191,7 +1191,8 @@ if test "x$ENABLED_TLSX" = "xyes"
then
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT"
ENABLED_TRUNCATED_HMAC=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
fi
#valgrind

1
cyassl/internal.h
View File

@ -608,6 +608,7 @@ enum Misc {
CERT_HEADER_SZ = 3, /* always 3 bytes */
REQ_HEADER_SZ = 2, /* cert request header sz */
HINT_LEN_SZ = 2, /* length of hint size field */
TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */

39
src/internal.c
View File

@ -4267,23 +4267,27 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
/* check cipher text size for sanity */
static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
{
word32 minLength = 0;
#ifdef HAVE_TRUNCATED_HMAC
word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SIZE
: ssl->specs.hash_size;
#else
word32 minLength = ssl->specs.hash_size; /* covers stream */
#endif
if (ssl->specs.cipher_type == block) {
if (encryptSz % ssl->specs.block_size) {
CYASSL_MSG("Block ciphertext not block size");
return SANITY_CIPHER_E;
}
minLength = ssl->specs.hash_size + 1; /* pad byte */
minLength++; /* pad byte */
if (ssl->specs.block_size > minLength)
minLength = ssl->specs.block_size;
if (ssl->options.tls1_1)
minLength += ssl->specs.block_size; /* explicit IV */
}
else if (ssl->specs.cipher_type == stream) {
minLength = ssl->specs.hash_size;
}
else if (ssl->specs.cipher_type == aead) {
minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR */
}
@ -4727,7 +4731,12 @@ static INLINE int VerifyMac(CYASSL* ssl, const byte* input, word32 msgSz,
int ret;
word32 pad = 0;
word32 padByte = 0;
#ifdef HAVE_TRUNCATED_HMAC
word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
: ssl->specs.hash_size;
#else
word32 digestSz = ssl->specs.hash_size;
#endif
byte verify[MAX_DIGEST_SIZE];
if (ssl->specs.cipher_type == block) {
@ -5312,7 +5321,12 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
int type)
{
#ifdef HAVE_TRUNCATED_HMAC
word32 digestSz = min(ssl->specs.hash_size,
ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size);
#else
word32 digestSz = ssl->specs.hash_size;
#endif
word32 sz = RECORD_HEADER_SZ + inSz + digestSz;
word32 pad = 0, i;
word32 idx = RECORD_HEADER_SZ;
@ -5388,8 +5402,19 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
#endif
}
else {
if (ssl->specs.cipher_type != aead)
ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, type, 0);
if (ssl->specs.cipher_type != aead) {
#ifdef HAVE_TRUNCATED_HMAC
if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) {
byte hmac[MAX_DIGEST_SIZE];
ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz, type, 0);
XMEMCPY(output + idx, hmac, digestSz);
} else
#endif
ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz,
type, 0);
}
if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0)
return ret;

3
src/tls.c
View File

@ -1141,9 +1141,6 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
ssl->truncated_hmac = 1;
#error "TRUNCATED HMAC IS NOT FINISHED YET \
(contact moises@wolfssl.com for more info)"
return 0;
}