Merge pull request #3647 from dgarske/zd11424

Fix for TLS v1.3 early data mac digest
2021-01-18 13:31:44 -08:00 · 2021-01-18 13:31:44 -08:00 · b1c8825e74
commit b1c8825e74
parent 67d4f7c37b eda1b52ee2
2 changed files with 20 additions and 13 deletions
--- a/src/keys.c
+++ b/src/keys.c
@ -2909,6 +2909,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                    return MEMORY_E;
            }

+            if (enc) {
+                if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
+                    WOLFSSL_MSG("HmacInit failed in SetKeys");
+                    XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER);
+                    enc->hmac = NULL;
+                    return ASYNC_INIT_E;
+                }
+            }
+
            if (dec && dec->hmac == NULL) {
                dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
                                                           DYNAMIC_TYPE_CIPHER);
@ -2916,15 +2925,11 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                    return MEMORY_E;
            }

-            if (enc) {
-                if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
-                    WOLFSSL_MSG("HmacInit failed in SetKeys");
-                    return ASYNC_INIT_E;
-                }
-            }
            if (dec) {
                if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
                    WOLFSSL_MSG("HmacInit failed in SetKeys");
+                    XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER);
+                    dec->hmac = NULL;
                    return ASYNC_INIT_E;
                }
            }
--- a/src/tls13.c
+++ b/src/tls13.c
@ -1545,7 +1545,7 @@ static WC_INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv,
 }

 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-/* Encrypt with ChaCha20 and create authenication tag with Poly1305.
+/* Encrypt with ChaCha20 and create authentication tag with Poly1305.
 *
 * ssl     The SSL/TLS object.
 * output  The buffer to write encrypted data and authentication tag into.
@ -1600,7 +1600,7 @@ static int ChaCha20Poly1305_Encrypt(WOLFSSL* ssl, byte* output,
 #endif

 #ifdef HAVE_NULL_CIPHER
-/* Create authenication tag and copy data over input.
+/* Create authentication tag and copy data over input.
 *
 * ssl     The SSL/TLS object.
 * output  The buffer to copy data into.
@ -1826,7 +1826,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
 }

 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-/* Decrypt with ChaCha20 and check authenication tag with Poly1305.
+/* Decrypt with ChaCha20 and check authentication tag with Poly1305.
 *
 * ssl     The SSL/TLS object.
 * output  The buffer to write decrypted data into.
@ -7191,12 +7191,14 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                    return ret;
                }
        #ifdef WOLFSSL_EARLY_DATA
-                if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
-                    return ret;
-        #else
+                if (ssl->earlyData != no_early_data) {
+                    if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
+                        return ret;
+                }
+                else
+        #endif
                if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
                    return ret;
-        #endif
            }

            if (type == finished) {