diff options
author | Jack Lloyd <[email protected]> | 2017-11-28 14:14:49 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-28 14:14:49 -0500 |
commit | c56cc4a056c8a442ed31ea2f47bb7e933569fcd4 (patch) | |
tree | 139fe4b93cf3e386cc361096f9e78cb4463b3dcd | |
parent | e093d94b1aad8e11236fb82c211665a7f2d97c7c (diff) |
Increase HMAC key size limit to 4096 bytes.
The previous limit of 512 bytes meant that TLS was unable to
negotiate using FFDHE-6144 or FFDHE-8192 groups.
-rw-r--r-- | src/lib/mac/hmac/hmac.cpp | 6 | ||||
-rw-r--r-- | src/lib/mac/hmac/hmac.h | 6 |
2 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp index 244946d88..532c98274 100644 --- a/src/lib/mac/hmac/hmac.cpp +++ b/src/lib/mac/hmac/hmac.cpp @@ -32,6 +32,12 @@ void HMAC::final_result(uint8_t mac[]) m_hash->update(m_ikey); } +Key_Length_Specification HMAC::key_spec() const + { + // Support very long lengths for things like PBKDF2 and the TLS PRF + return Key_Length_Specification(0, 4096); + } + /* * HMAC Key Schedule */ diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h index 253184895..800159432 100644 --- a/src/lib/mac/hmac/hmac.h +++ b/src/lib/mac/hmac/hmac.h @@ -25,11 +25,7 @@ class BOTAN_PUBLIC_API(2,0) HMAC final : public MessageAuthenticationCode size_t output_length() const override { return m_hash->output_length(); } - Key_Length_Specification key_spec() const override - { - // Absurd max length here is to support PBKDF2 - return Key_Length_Specification(0, 512); - } + Key_Length_Specification key_spec() const override; /** * @param hash the hash to use for HMACing |