From 6a1ae7ee5b6892e8d5f0f1f161d8ef049501d0cd Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 5 Apr 2017 09:59:21 -0700 Subject: [PATCH] =?UTF-8?q?Fix=20on=20server=20side=20to=20make=20sure=20S?= =?UTF-8?q?HA=20hash=20is=20setup=20even=20with=20NO=5FOLD=5FTLS.=20Fix=20?= =?UTF-8?q?to=20initialize=20hsHashes=20to=20zero.=20Fix=20in=20PickHashSi?= =?UTF-8?q?gAlgo=20to=20not=20default=20to=20SHA=20if=20NO=5FOLD=5FTLS=20i?= =?UTF-8?q?s=20defined=20(unless=20WOLFSSL=5FALLOW=5FTLS=5FSHA1=20is=20set?= =?UTF-8?q?).=20Fix=20to=20allow=20pre=20TLS=201.2=20for=20=E2=80=9CAES128?= =?UTF-8?q?-SHA256=E2=80=9D=20and=20=E2=80=9CAES256-SHA256=E2=80=9D.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/internal.c | 27 ++++++++++++++++++++------- wolfssl/internal.h | 10 +++++----- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/src/internal.c b/src/internal.c index 6cf1f05ba..752aaef4c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2202,14 +2202,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - if (tls1_2 && haveRSA) { + if (tls && haveRSA) { suites->suites[idx++] = 0; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - if (tls1_2 && haveRSA) { + if (tls && haveRSA) { suites->suites[idx++] = 0; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256; } @@ -3626,6 +3626,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) WOLFSSL_MSG("HS_Hashes Memory error"); return MEMORY_E; } + XMEMSET(ssl->hsHashes, 0, sizeof(HS_Hashes)); #ifndef NO_OLD_TLS #ifndef NO_MD5 @@ -10320,10 +10321,12 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) (void)hashes; if (ssl->options.tls) { -#if ! defined( NO_OLD_TLS ) + #if !defined(NO_MD5) && !defined(NO_OLD_TLS) wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5); + #endif + #if !defined(NO_SHA) wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha); -#endif + #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, @@ -10345,7 +10348,7 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) #endif } } -#if ! defined( NO_OLD_TLS ) +#if !defined(NO_OLD_TLS) else { BuildMD5_CertVerify(ssl, hashes->md5); BuildSHA_CertVerify(ssl, hashes->sha); @@ -13537,7 +13540,18 @@ static void PickHashSigAlgo(WOLFSSL* ssl, word32 i; ssl->suites->sigAlgo = ssl->specs.sig_algo; - ssl->suites->hashAlgo = sha_mac; + + /* set defaults */ + if (IsAtLeastTLSv1_2(ssl)) { + #ifdef WOLFSSL_ALLOW_TLS_SHA1 + ssl->suites->hashAlgo = sha_mac; + #else + ssl->suites->hashAlgo = sha256_mac; + #endif + } + else { + ssl->suites->hashAlgo = sha_mac; + } /* i+1 since peek a byte ahead for type */ for (i = 0; (i+1) < hashSigAlgoSz; i += 2) { @@ -16753,7 +16767,6 @@ int SendCertificateVerify(WOLFSSL* ssl) #endif } - /* idx is used to track verify pointer offset to output */ idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; verify = &output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ]; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index e3dc21205..d9b236b1d 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2246,10 +2246,12 @@ WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); /* hashes type */ typedef struct Hashes { - #ifndef NO_OLD_TLS + #if !defined(NO_MD5) && !defined(NO_OLD_TLS) byte md5[MD5_DIGEST_SIZE]; #endif - byte sha[SHA_DIGEST_SIZE]; + #if !defined(NO_SHA) + byte sha[SHA_DIGEST_SIZE]; + #endif #ifndef NO_SHA256 byte sha256[SHA256_DIGEST_SIZE]; #endif @@ -2730,14 +2732,12 @@ typedef struct MsgsReceived { typedef struct HS_Hashes { Hashes verifyHashes; Hashes certHashes; /* for cert verify */ -#ifndef NO_OLD_TLS #ifndef NO_SHA Sha hashSha; /* sha hash of handshake msgs */ #endif -#ifndef NO_MD5 +#if !defined(NO_MD5) && !defined(NO_OLD_TLS) Md5 hashMd5; /* md5 hash of handshake msgs */ #endif -#endif /* NO_OLD_TLS */ #ifndef NO_SHA256 Sha256 hashSha256; /* sha256 hash of handshake msgs */ #endif