Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

dtls13: support Authentication and Integrity-Only Cipher Suites

See RFC 9150. To enable the feature use HAVE_NULL_CIPHER compilation flag.
Marco Oliverio 1 year ago
parent
5f1ce09dce
commit
31ed2a2bbb
1 changed files with 15 additions and 0 deletions
Split View Show Diff Stats
  1. 15 0
      src/dtls13.c

+ 15 - 0
src/dtls13.c
View File 

@@ -301,6 +301,12 @@ static int Dtls13EncryptDecryptRecordNumber(WOLFSSL* ssl, byte* seq,
 
     byte mask[DTLS13_RN_MASK_SIZE];
 
     int ret;
 
 
+#ifdef HAVE_NULL_CIPHER
 
+    /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
 
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null)
 
+        return 0;
 
+#endif /*HAVE_NULL_CIPHER */
 
+
 
     ret = Dtls13GetRnMask(ssl, ciphertext, mask, dir);
 
     if (ret != 0)
 
         return ret;
 
@@ -2266,6 +2272,15 @@ int Dtls13SetRecordNumberKeys(WOLFSSL* ssl, enum encrypt_side side)
 
     }
 
 #endif /* HAVE_CHACHA */
 
 
+#ifdef HAVE_NULL_CIPHER
 
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null) {
 
+#ifdef WOLFSSL_DEBUG_TLS
 
+        WOLFSSL_MSG("Skipping Record Number key provisioning with null cipher");
 
+#endif /* WOLFSSL_DEBUG_TLS */
 
+        return 0;
 
+    }
 
+#endif /* HAVE_NULL_CIPHER */
 
+
 
     return NOT_COMPILED_IN;
 
 }