wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix TLS v1.2 case where SHA-1 could be used uninitialized. Exclude the SHA1 struct from HS_Hashes when not needed. Fixes mix-match of the SHA-1 with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1.

Browse Source
This commit is contained in:
David Garske
2023-12-19 12:30:53 -08:00
parent fb5eab8f79
commit 41d4f4a972
2 changed files with 29 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/internal.c
View File

@@ -6839,8 +6839,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
} }
XMEMSET(ssl->hsHashes, 0, sizeof(HS_Hashes)); XMEMSET(ssl->hsHashes, 0, sizeof(HS_Hashes));
#ifndef NO_OLD_TLS #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
#ifndef NO_MD5
ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId); ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
if (ret != 0) if (ret != 0)
return ret; return ret;
@@ -6848,7 +6847,8 @@ int InitHandshakeHashes(WOLFSSL* ssl)
wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY); wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
#endif #endif
#endif #endif
#ifndef NO_SHA #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId); ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
if (ret != 0) if (ret != 0)
return ret; return ret;
@@ -6856,7 +6856,6 @@ int InitHandshakeHashes(WOLFSSL* ssl)
wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY); wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
#endif #endif
#endif #endif
#endif /* !NO_OLD_TLS */
#ifndef NO_SHA256 #ifndef NO_SHA256
ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId); ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
if (ret != 0) if (ret != 0)
@@ -6896,14 +6895,13 @@ int InitHandshakeHashes(WOLFSSL* ssl)
void FreeHandshakeHashes(WOLFSSL* ssl) void FreeHandshakeHashes(WOLFSSL* ssl)
{ {
if (ssl->hsHashes) { if (ssl->hsHashes) {
#ifndef NO_OLD_TLS #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
#ifndef NO_MD5
wc_Md5Free(&ssl->hsHashes->hashMd5); wc_Md5Free(&ssl->hsHashes->hashMd5);
#endif #endif
#ifndef NO_SHA #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
wc_ShaFree(&ssl->hsHashes->hashSha); wc_ShaFree(&ssl->hsHashes->hashSha);
#endif #endif
#endif /* !NO_OLD_TLS */
#ifndef NO_SHA256 #ifndef NO_SHA256
wc_Sha256Free(&ssl->hsHashes->hashSha256); wc_Sha256Free(&ssl->hsHashes->hashSha256);
#endif #endif
@@ -9836,14 +9834,13 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
} }
#endif /* WOLFSSL_RENESAS_TSIP_TLS */ #endif /* WOLFSSL_RENESAS_TSIP_TLS */
#ifndef NO_OLD_TLS #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
#ifndef NO_SHA defined(WOLFSSL_ALLOW_TLS_SHA1))
wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz); wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz);
#endif #endif
#ifndef NO_MD5 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz); wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz);
#endif #endif
#endif /* NO_OLD_TLS */
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256 #ifndef NO_SHA256
@@ -11454,7 +11451,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
if (ret == 0) if (ret == 0)
ret = wc_Md5Update(md5, sender, SIZEOF_SENDER); ret = wc_Md5Update(md5, sender, SIZEOF_SENDER);
if (ret == 0) if (ret == 0)
ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN); ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
if (ret == 0) if (ret == 0)
ret = wc_Md5Update(md5, PAD1, PAD_MD5); ret = wc_Md5Update(md5, PAD1, PAD_MD5);
if (ret == 0) if (ret == 0)
@@ -11464,7 +11461,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
if (ret == 0) { if (ret == 0) {
ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId); ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
if (ret == 0) { if (ret == 0) {
ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN); ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
if (ret == 0) if (ret == 0)
ret = wc_Md5Update(md5, PAD2, PAD_MD5); ret = wc_Md5Update(md5, PAD2, PAD_MD5);
if (ret == 0) if (ret == 0)
@@ -11500,7 +11497,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
if (ret == 0) if (ret == 0)
ret = wc_ShaUpdate(sha, sender, SIZEOF_SENDER); ret = wc_ShaUpdate(sha, sender, SIZEOF_SENDER);
if (ret == 0) if (ret == 0)
ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN); ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
if (ret == 0) if (ret == 0)
ret = wc_ShaUpdate(sha, PAD1, PAD_SHA); ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
if (ret == 0) if (ret == 0)
@@ -11510,7 +11507,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
if (ret == 0) { if (ret == 0) {
ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId); ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
if (ret == 0) { if (ret == 0) {
ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN); ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
if (ret == 0) if (ret == 0)
ret = wc_ShaUpdate(sha, PAD2, PAD_SHA); ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
if (ret == 0) if (ret == 0)
@@ -21992,7 +21989,8 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
int ret; int ret;
byte md5_result[WC_MD5_DIGEST_SIZE]; byte md5_result[WC_MD5_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
wc_Md5* md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX); wc_Md5* md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), ssl->heap,
DYNAMIC_TYPE_HASHCTX);
#else #else
wc_Md5 md5[1]; wc_Md5 md5[1];
#endif #endif
@@ -22000,7 +21998,7 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
/* make md5 inner */ /* make md5 inner */
ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */ ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */
if (ret == 0) if (ret == 0)
ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN); ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
if (ret == 0) if (ret == 0)
ret = wc_Md5Update(md5, PAD1, PAD_MD5); ret = wc_Md5Update(md5, PAD1, PAD_MD5);
if (ret == 0) if (ret == 0)
@@ -22036,7 +22034,8 @@ static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
int ret; int ret;
byte sha_result[WC_SHA_DIGEST_SIZE]; byte sha_result[WC_SHA_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
wc_Sha* sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX); wc_Sha* sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), ssl->heap,
DYNAMIC_TYPE_HASHCTX);
#else #else
wc_Sha sha[1]; wc_Sha sha[1];
#endif #endif
@@ -22044,7 +22043,7 @@ static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
/* make sha inner */ /* make sha inner */
ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */ ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
if (ret == 0) if (ret == 0)
ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN); ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
if (ret == 0) if (ret == 0)
ret = wc_ShaUpdate(sha, PAD1, PAD_SHA); ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
if (ret == 0) if (ret == 0)
@@ -22054,7 +22053,7 @@ static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
if (ret == 0) { if (ret == 0) {
ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId); ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
if (ret == 0) { if (ret == 0) {
ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN); ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
if (ret == 0) if (ret == 0)
ret = wc_ShaUpdate(sha, PAD2, PAD_SHA); ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
if (ret == 0) if (ret == 0)
@@ -22085,7 +22084,8 @@ int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes)
if (ret != 0) if (ret != 0)
return ret; return ret;
#endif #endif
#if !defined(NO_SHA) #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
ret = wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha); ret = wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
if (ret != 0) if (ret != 0)
return ret; return ret;
@@ -34935,7 +34935,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifndef NO_SHA #ifndef NO_SHA
wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz); wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
#endif #endif
#endif #endif /* !NO_OLD_TLS */
#ifndef NO_SHA256 #ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256, int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,

3
wolfssl/internal.h
View File

@@ -5189,7 +5189,8 @@ typedef struct MsgsReceived {
typedef struct HS_Hashes { typedef struct HS_Hashes {
Hashes verifyHashes; Hashes verifyHashes;
Hashes certHashes; /* for cert verify */ Hashes certHashes; /* for cert verify */
#ifndef NO_SHA #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
wc_Sha hashSha; /* sha hash of handshake msgs */ wc_Sha hashSha; /* sha hash of handshake msgs */
#endif #endif
#if !defined(NO_MD5) && !defined(NO_OLD_TLS) #if !defined(NO_MD5) && !defined(NO_OLD_TLS)