feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

GetHash in SendBuffered, BuildTlsFinished. HashFinal in FreeHandshakeResources.

Browse Source
This commit is contained in:
Takashi Kojo
2015-06-15 09:46:16 +09:00
parent d9ccc51f58
commit 89d39a6073
2 changed files with 27 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
src/internal.c
View File

@ -1833,11 +1833,30 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#endif #endif
} }
#ifdef WOLFSSL_TI_HASH
static void HashFinal(WOLFSSL * ssl) {
byte dummyHash[32] ;
#ifndef NO_MD5
wc_Md5Final(&(ssl->hsHashes->hashMd5), dummyHash) ;
#endif
#ifndef NO_SHA
wc_ShaFinal(&(ssl->hsHashes->hashSha), dummyHash) ;
#endif
#ifndef NO_SHA256
wc_Sha256Final(&(ssl->hsHashes->hashSha256), dummyHash) ;
#endif
}
#else
#define HashFinal(ssl)
#endif
/* Free any handshake resources no longer needed */ /* Free any handshake resources no longer needed */
void FreeHandshakeResources(WOLFSSL* ssl) void FreeHandshakeResources(WOLFSSL* ssl)
{ {
HashFinal(ssl) ;
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) { if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources"); WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
@ -2677,7 +2696,6 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
ssl->buffers.inputBuffer.length = usedLength; ssl->buffers.inputBuffer.length = usedLength;
} }
int SendBuffered(WOLFSSL* ssl) int SendBuffered(WOLFSSL* ssl)
{ {
if (ssl->ctx->CBIOSend == NULL) { if (ssl->ctx->CBIOSend == NULL) {
@ -3015,14 +3033,14 @@ static void BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER); wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN); wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5); wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
wc_Md5Final(&ssl->hsHashes->hashMd5, md5_result); wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
/* make md5 outer */ /* make md5 outer */
wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN); wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5); wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5);
wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE); wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE);
wc_Md5Final(&ssl->hsHashes->hashMd5, hashes->md5); wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
} }
@ -3035,14 +3053,14 @@ static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER); wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER);
wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN); wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA); wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
wc_ShaFinal(&ssl->hsHashes->hashSha, sha_result); wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
/* make sha outer */ /* make sha outer */
wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN); wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA); wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA);
wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE); wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE);
wc_ShaFinal(&ssl->hsHashes->hashSha, hashes->sha); wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
} }
#endif #endif
@ -3052,33 +3070,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{ {
int ret = 0; int ret = 0;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
#ifndef NO_OLD_TLS
#ifndef NO_MD5
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef NO_SHA
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
#ifndef NO_SHA256
Sha256* sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
#else #else
#ifndef NO_OLD_TLS
#ifndef NO_MD5
Md5 md5[1];
#endif
#ifndef NO_SHA
Sha sha[1];
#endif
#endif
#ifndef NO_SHA256
Sha256 sha256[1];
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
Sha384 sha384[1]; Sha384 sha384[1];
#endif #endif
@ -3086,32 +3081,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if (ssl == NULL if (ssl == NULL
#ifndef NO_OLD_TLS
#ifndef NO_MD5
|| md5 == NULL
#endif
#ifndef NO_SHA
|| sha == NULL
#endif
#endif
#ifndef NO_SHA256
|| sha256 == NULL
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
|| sha384 == NULL || sha384 == NULL
#endif #endif
) { ) {
#ifndef NO_OLD_TLS
#ifndef NO_MD5
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef NO_SHA
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
#ifndef NO_SHA256
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
@ -3120,17 +3093,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif #endif
/* store current states, building requires get_digest which resets state */ /* store current states, building requires get_digest which resets state */
#ifndef NO_OLD_TLS
#ifndef NO_MD5
md5[0] = ssl->hsHashes->hashMd5;
#endif
#ifndef NO_SHA
sha[0] = ssl->hsHashes->hashSha;
#endif
#endif
#ifndef NO_SHA256
sha256[0] = ssl->hsHashes->hashSha256;
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
sha384[0] = ssl->hsHashes->hashSha384; sha384[0] = ssl->hsHashes->hashSha384;
#endif #endif
@ -3148,35 +3110,13 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif #endif
/* restore */ /* restore */
#ifndef NO_OLD_TLS
#ifndef NO_MD5
ssl->hsHashes->hashMd5 = md5[0];
#endif
#ifndef NO_SHA
ssl->hsHashes->hashSha = sha[0];
#endif
#endif
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
ssl->hsHashes->hashSha256 = sha256[0];
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
ssl->hsHashes->hashSha384 = sha384[0]; ssl->hsHashes->hashSha384 = sha384[0];
#endif #endif
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
#ifndef NO_OLD_TLS
#ifndef NO_MD5
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef NO_SHA
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
#ifndef NO_SHA256
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
@ -6697,6 +6637,7 @@ int ProcessReply(WOLFSSL* ssl)
/* input exhausted? */ /* input exhausted? */
if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length) if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length)
return 0; return 0;
/* more messages per record */ /* more messages per record */
else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) { else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
WOLFSSL_MSG("More messages in record"); WOLFSSL_MSG("More messages in record");
@ -6909,13 +6850,6 @@ static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
{ {
/* store current states, building requires get_digest which resets state */ /* store current states, building requires get_digest which resets state */
#ifndef NO_OLD_TLS
Md5 md5 = ssl->hsHashes->hashMd5;
Sha sha = ssl->hsHashes->hashSha;
#endif
#ifndef NO_SHA256
Sha256 sha256 = ssl->hsHashes->hashSha256;
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
Sha384 sha384 = ssl->hsHashes->hashSha384; Sha384 sha384 = ssl->hsHashes->hashSha384;
#endif #endif
@ -6955,13 +6889,8 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
} }
/* restore */ /* restore */
ssl->hsHashes->hashMd5 = md5;
ssl->hsHashes->hashSha = sha;
#endif #endif
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
ssl->hsHashes->hashSha256 = sha256;
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
ssl->hsHashes->hashSha384 = sha384; ssl->hsHashes->hashSha384 = sha384;
#endif #endif

6
src/tls.c
View File

@ -335,14 +335,14 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
word32 hashSz = FINISHED_SZ; word32 hashSz = FINISHED_SZ;
#ifndef NO_OLD_TLS #ifndef NO_OLD_TLS
wc_Md5Final(&ssl->hsHashes->hashMd5, handshake_hash); wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
wc_ShaFinal(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
#endif #endif
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256 #ifndef NO_SHA256
if (ssl->specs.mac_algorithm <= sha256_mac) { if (ssl->specs.mac_algorithm <= sha256_mac) {
int ret = wc_Sha256Final(&ssl->hsHashes->hashSha256,handshake_hash); int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
if (ret != 0) if (ret != 0)
return ret; return ret;