feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Further cleanup for Hashes.sha when not required. Gate all TLS SHA-1 on either old TLS or WOLFSSL_ALLOW_TLS_SHA1.

Browse Source
This commit is contained in:
David Garske
2023-12-21 09:41:29 -08:00
parent 41d4f4a972
commit 0d212d8055
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@ -4644,7 +4644,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
static void SetDigest(WOLFSSL* ssl, int hashAlgo) static void SetDigest(WOLFSSL* ssl, int hashAlgo)
{ {
switch (hashAlgo) { switch (hashAlgo) {
#ifndef NO_SHA #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
case sha_mac: case sha_mac:
ssl->options.dontFreeDigest = 1; ssl->options.dontFreeDigest = 1;
ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha; ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
@ -22028,7 +22029,7 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
#endif /* !NO_MD5 && !NO_OLD_TLS */ #endif /* !NO_MD5 && !NO_OLD_TLS */
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1)) defined(WOLFSSL_ALLOW_TLS_SHA1))
static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest) static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
{ {
int ret; int ret;

3
wolfssl/internal.h
View File

@ -4176,7 +4176,8 @@ typedef struct Hashes {
#if !defined(NO_MD5) && !defined(NO_OLD_TLS) #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
byte md5[WC_MD5_DIGEST_SIZE]; byte md5[WC_MD5_DIGEST_SIZE];
#endif #endif
#if !defined(NO_SHA) #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
byte sha[WC_SHA_DIGEST_SIZE]; byte sha[WC_SHA_DIGEST_SIZE];
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256