aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-28 14:14:49 -0500
committerJack Lloyd <[email protected]>2017-11-28 14:14:49 -0500
commitc56cc4a056c8a442ed31ea2f47bb7e933569fcd4 (patch)
tree139fe4b93cf3e386cc361096f9e78cb4463b3dcd
parente093d94b1aad8e11236fb82c211665a7f2d97c7c (diff)
Increase HMAC key size limit to 4096 bytes.
The previous limit of 512 bytes meant that TLS was unable to negotiate using FFDHE-6144 or FFDHE-8192 groups.
-rw-r--r--src/lib/mac/hmac/hmac.cpp6
-rw-r--r--src/lib/mac/hmac/hmac.h6
2 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp
index 244946d88..532c98274 100644
--- a/src/lib/mac/hmac/hmac.cpp
+++ b/src/lib/mac/hmac/hmac.cpp
@@ -32,6 +32,12 @@ void HMAC::final_result(uint8_t mac[])
m_hash->update(m_ikey);
}
+Key_Length_Specification HMAC::key_spec() const
+ {
+ // Support very long lengths for things like PBKDF2 and the TLS PRF
+ return Key_Length_Specification(0, 4096);
+ }
+
/*
* HMAC Key Schedule
*/
diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h
index 253184895..800159432 100644
--- a/src/lib/mac/hmac/hmac.h
+++ b/src/lib/mac/hmac/hmac.h
@@ -25,11 +25,7 @@ class BOTAN_PUBLIC_API(2,0) HMAC final : public MessageAuthenticationCode
size_t output_length() const override { return m_hash->output_length(); }
- Key_Length_Specification key_spec() const override
- {
- // Absurd max length here is to support PBKDF2
- return Key_Length_Specification(0, 512);
- }
+ Key_Length_Specification key_spec() const override;
/**
* @param hash the hash to use for HMACing