From b5fe3ddbfa12640d9b1a2aa616be0162c1d1adcb Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 2 Mar 2017 18:18:05 -0800 Subject: [PATCH] =?UTF-8?q?Fix=20to=20allow=20connection=20to=20IIS=20serv?= =?UTF-8?q?er=20which=20requires=20SHA1=20hash=20algo=20to=20be=20present?= =?UTF-8?q?=20in=20signature=5Falgos=20extension.=20Issue=20only=20exists?= =?UTF-8?q?=20when=20NO=5FOLD=5FTLS=20is=20defined.=20To=20enable=20SHA1?= =?UTF-8?q?=20with=20TLS=201.2=20define=20"WOLFSSL=5FALLOW=5FTLS=5FSHA1?= =?UTF-8?q?=E2=80=9D.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/internal.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/src/internal.c b/src/internal.c index 55a19d9fc..08d11f997 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1672,7 +1672,8 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif - #if !defined(NO_SHA) + #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif @@ -1691,7 +1692,8 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif - #if !defined(NO_SHA) + #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif @@ -14749,7 +14751,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) hashType = WC_HASH_TYPE_SHA; #endif break; @@ -17756,7 +17760,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) hashType = WC_HASH_TYPE_SHA; #endif break; @@ -17850,7 +17856,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) typeH = SHAh; #endif break; @@ -18020,7 +18028,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) hashType = WC_HASH_TYPE_SHA; #endif break; @@ -18109,7 +18119,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) typeH = SHAh; #endif break;