From 7d4faf7c901dbf9434c401081d5057a9cc8491a9 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 9 Mar 2015 09:05:06 -0700 Subject: [PATCH] make handshake hashes dynamic part of ssl, can be freed after handshake --- src/internal.c | 225 +++++++++++++++++++++----------------- src/ssl.c | 34 +++--- src/tls.c | 12 +- wolfssl/internal.h | 38 ++++--- wolfssl/wolfcrypt/types.h | 3 +- 5 files changed, 171 insertions(+), 141 deletions(-) diff --git a/src/internal.c b/src/internal.c index cfcbd8cae..98d8448e7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1769,6 +1769,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->rng = NULL; ssl->arrays = NULL; + ssl->hsHashes = NULL; /* default alert state (none) */ ssl->alert_history.last_rx.code = -1; @@ -1801,25 +1802,33 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) /* all done with init, now can return errors, call other stuff */ + /* hsHashes */ + ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap, + DYNAMIC_TYPE_HASHES); + if (ssl->hsHashes == NULL) { + WOLFSSL_MSG("HS_Hashes Memory error"); + return MEMORY_E; + } + #ifndef NO_OLD_TLS #ifndef NO_MD5 - wc_InitMd5(&ssl->hashMd5); + wc_InitMd5(&ssl->hsHashes->hashMd5); #endif #ifndef NO_SHA - ret = wc_InitSha(&ssl->hashSha); + ret = wc_InitSha(&ssl->hsHashes->hashSha); if (ret != 0) { return ret; } #endif #endif #ifndef NO_SHA256 - ret = wc_InitSha256(&ssl->hashSha256); + ret = wc_InitSha256(&ssl->hsHashes->hashSha256); if (ret != 0) { return ret; } #endif #ifdef WOLFSSL_SHA384 - ret = wc_InitSha384(&ssl->hashSha384); + ret = wc_InitSha384(&ssl->hsHashes->hashSha384); if (ret != 0) { return ret; } @@ -1877,6 +1886,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) } *ssl->suites = ctx->suites; + #ifndef NO_CERTS /* make sure server has cert and key unless using PSK or Anon */ if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon) @@ -1934,6 +1944,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); + XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); #ifndef NO_CERTS @@ -2039,6 +2050,10 @@ void FreeHandshakeResources(WOLFSSL* ssl) XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); ssl->suites = NULL; + /* hsHashes */ + XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); + ssl->hsHashes = NULL; + /* RNG */ if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) { #if defined(HAVE_HASHDRBG) || defined(NO_RC4) @@ -2569,10 +2584,10 @@ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) #endif #ifndef NO_OLD_TLS #ifndef NO_SHA - wc_ShaUpdate(&ssl->hashSha, adj, sz); + wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); #endif #ifndef NO_MD5 - wc_Md5Update(&ssl->hashMd5, adj, sz); + wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); #endif #endif @@ -2580,12 +2595,12 @@ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) int ret; #ifndef NO_SHA256 - ret = wc_Sha256Update(&ssl->hashSha256, adj, sz); + ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz); if (ret != 0) return ret; #endif #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Update(&ssl->hashSha384, adj, sz); + ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz); if (ret != 0) return ret; #endif @@ -2610,10 +2625,10 @@ static int HashInput(WOLFSSL* ssl, const byte* input, int sz) #ifndef NO_OLD_TLS #ifndef NO_SHA - wc_ShaUpdate(&ssl->hashSha, adj, sz); + wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); #endif #ifndef NO_MD5 - wc_Md5Update(&ssl->hashMd5, adj, sz); + wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); #endif #endif @@ -2621,12 +2636,12 @@ static int HashInput(WOLFSSL* ssl, const byte* input, int sz) int ret; #ifndef NO_SHA256 - ret = wc_Sha256Update(&ssl->hashSha256, adj, sz); + ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz); if (ret != 0) return ret; #endif #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Update(&ssl->hashSha384, adj, sz); + ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz); if (ret != 0) return ret; #endif @@ -3144,17 +3159,17 @@ static void BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender) byte md5_result[MD5_DIGEST_SIZE]; /* make md5 inner */ - wc_Md5Update(&ssl->hashMd5, sender, SIZEOF_SENDER); - wc_Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); - wc_Md5Update(&ssl->hashMd5, PAD1, PAD_MD5); - wc_Md5Final(&ssl->hashMd5, md5_result); + wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER); + wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN); + wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5); + wc_Md5Final(&ssl->hsHashes->hashMd5, md5_result); /* make md5 outer */ - wc_Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); - wc_Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); - wc_Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); + wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN); + wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5); + wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE); - wc_Md5Final(&ssl->hashMd5, hashes->md5); + wc_Md5Final(&ssl->hsHashes->hashMd5, hashes->md5); } @@ -3164,17 +3179,17 @@ static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender) byte sha_result[SHA_DIGEST_SIZE]; /* make sha inner */ - wc_ShaUpdate(&ssl->hashSha, sender, SIZEOF_SENDER); - wc_ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); - wc_ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA); - wc_ShaFinal(&ssl->hashSha, sha_result); + wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER); + wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN); + wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA); + wc_ShaFinal(&ssl->hsHashes->hashSha, sha_result); /* make sha outer */ - wc_ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); - wc_ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); - wc_ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); + wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN); + wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA); + wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE); - wc_ShaFinal(&ssl->hashSha, hashes->sha); + wc_ShaFinal(&ssl->hsHashes->hashSha, hashes->sha); } #endif @@ -3253,17 +3268,17 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) /* store current states, building requires get_digest which resets state */ #ifndef NO_OLD_TLS #ifndef NO_MD5 - md5[0] = ssl->hashMd5; + md5[0] = ssl->hsHashes->hashMd5; #endif #ifndef NO_SHA - sha[0] = ssl->hashSha; + sha[0] = ssl->hsHashes->hashSha; #endif #endif #ifndef NO_SHA256 - sha256[0] = ssl->hashSha256; + sha256[0] = ssl->hsHashes->hashSha256; #endif #ifdef WOLFSSL_SHA384 - sha384[0] = ssl->hashSha384; + sha384[0] = ssl->hsHashes->hashSha384; #endif #ifndef NO_TLS @@ -3281,18 +3296,18 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) /* restore */ #ifndef NO_OLD_TLS #ifndef NO_MD5 - ssl->hashMd5 = md5[0]; + ssl->hsHashes->hashMd5 = md5[0]; #endif #ifndef NO_SHA - ssl->hashSha = sha[0]; + ssl->hsHashes->hashSha = sha[0]; #endif #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - ssl->hashSha256 = sha256[0]; + ssl->hsHashes->hashSha256 = sha256[0]; #endif #ifdef WOLFSSL_SHA384 - ssl->hashSha384 = sha384[0]; + ssl->hsHashes->hashSha384 = sha384[0]; #endif } @@ -4629,7 +4644,7 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, #endif if (sniff == NO_SNIFF) { - if (XMEMCMP(input + *inOutIdx, &ssl->verifyHashes, size) != 0) { + if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){ WOLFSSL_MSG("Verify finished error on hashes"); return VERIFY_FINISHED_ERROR; } @@ -4928,12 +4943,6 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; } - /* hello_request not hashed */ - if (type != hello_request) { - ret = HashInput(ssl, input + *inOutIdx, size); - if (ret != 0) return ret; - } - #ifdef WOLFSSL_CALLBACKS /* add name later, add on record and handshake header part back on */ if (ssl->toInfoOn) { @@ -4972,6 +4981,12 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, return OUT_OF_ORDER_E; } + /* above checks handshake state */ + /* hello_request not hashed */ + if (type != hello_request) { + ret = HashInput(ssl, input + *inOutIdx, size); + if (ret != 0) return ret; + } switch (type) { @@ -6753,12 +6768,16 @@ int ProcessReply(WOLFSSL* ssl) if ( (ret = InitStreams(ssl)) != 0) return ret; #endif - if (ssl->options.resuming && ssl->options.side == - WOLFSSL_CLIENT_END) - ret = BuildFinished(ssl, &ssl->verifyHashes, server); - else if (!ssl->options.resuming && ssl->options.side == - WOLFSSL_SERVER_END) - ret = BuildFinished(ssl, &ssl->verifyHashes, client); + if (ssl->options.resuming && + ssl->options.side == WOLFSSL_CLIENT_END) { + ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, + server); + } + else if (!ssl->options.resuming && + ssl->options.side == WOLFSSL_SERVER_END) { + ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, + client); + } if (ret != 0) return ret; break; @@ -6976,16 +6995,16 @@ static void BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest) byte md5_result[MD5_DIGEST_SIZE]; /* make md5 inner */ - wc_Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); - wc_Md5Update(&ssl->hashMd5, PAD1, PAD_MD5); - wc_Md5Final(&ssl->hashMd5, md5_result); + wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN); + wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5); + wc_Md5Final(&ssl->hsHashes->hashMd5, md5_result); /* make md5 outer */ - wc_Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); - wc_Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); - wc_Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); + wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); + wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5); + wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE); - wc_Md5Final(&ssl->hashMd5, digest); + wc_Md5Final(&ssl->hsHashes->hashMd5, digest); } @@ -6994,16 +7013,16 @@ static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest) byte sha_result[SHA_DIGEST_SIZE]; /* make sha inner */ - wc_ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); - wc_ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA); - wc_ShaFinal(&ssl->hashSha, sha_result); + wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN); + wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA); + wc_ShaFinal(&ssl->hsHashes->hashSha, sha_result); /* make sha outer */ - wc_ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); - wc_ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); - wc_ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); + wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN); + wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA); + wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE); - wc_ShaFinal(&ssl->hashSha, digest); + wc_ShaFinal(&ssl->hsHashes->hashSha, digest); } #endif /* NO_CERTS */ #endif /* NO_OLD_TLS */ @@ -7015,31 +7034,31 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) { /* store current states, building requires get_digest which resets state */ #ifndef NO_OLD_TLS - Md5 md5 = ssl->hashMd5; - Sha sha = ssl->hashSha; + Md5 md5 = ssl->hsHashes->hashMd5; + Sha sha = ssl->hsHashes->hashSha; #endif #ifndef NO_SHA256 - Sha256 sha256 = ssl->hashSha256; + Sha256 sha256 = ssl->hsHashes->hashSha256; #endif #ifdef WOLFSSL_SHA384 - Sha384 sha384 = ssl->hashSha384; + Sha384 sha384 = ssl->hsHashes->hashSha384; #endif if (ssl->options.tls) { #if ! defined( NO_OLD_TLS ) - wc_Md5Final(&ssl->hashMd5, hashes->md5); - wc_ShaFinal(&ssl->hashSha, hashes->sha); + wc_Md5Final(&ssl->hsHashes->hashMd5, hashes->md5); + wc_ShaFinal(&ssl->hsHashes->hashSha, hashes->sha); #endif if (IsAtLeastTLSv1_2(ssl)) { int ret; #ifndef NO_SHA256 - ret = wc_Sha256Final(&ssl->hashSha256, hashes->sha256); + ret = wc_Sha256Final(&ssl->hsHashes->hashSha256,hashes->sha256); if (ret != 0) return ret; #endif #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Final(&ssl->hashSha384, hashes->sha384); + ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,hashes->sha384); if (ret != 0) return ret; #endif @@ -7052,15 +7071,15 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) } /* restore */ - ssl->hashMd5 = md5; - ssl->hashSha = sha; + ssl->hsHashes->hashMd5 = md5; + ssl->hsHashes->hashSha = sha; #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - ssl->hashSha256 = sha256; + ssl->hsHashes->hashSha256 = sha256; #endif #ifdef WOLFSSL_SHA384 - ssl->hashSha384 = sha384; + ssl->hsHashes->hashSha384 = sha384; #endif } @@ -7284,7 +7303,7 @@ int SendFinished(WOLFSSL* ssl) AddSession(ssl); /* just try */ #endif if (ssl->options.side == WOLFSSL_CLIENT_END) { - ret = BuildFinished(ssl, &ssl->verifyHashes, server); + ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, server); if (ret != 0) return ret; } else { @@ -7314,7 +7333,7 @@ int SendFinished(WOLFSSL* ssl) #endif } else { - ret = BuildFinished(ssl, &ssl->verifyHashes, client); + ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, client); if (ret != 0) return ret; } } @@ -10868,7 +10887,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, output = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; - ret = BuildCertHashes(ssl, &ssl->certHashes); + ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes); if (ret != 0) return ret; @@ -10906,7 +10925,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, byte* verify = (byte*)&output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ]; #ifndef NO_OLD_TLS - byte* signBuffer = ssl->certHashes.md5; + byte* signBuffer = ssl->hsHashes->certHashes.md5; #else byte* signBuffer = NULL; #endif @@ -10957,11 +10976,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifndef NO_OLD_TLS /* old tls default */ digestSz = SHA_DIGEST_SIZE; - digest = ssl->certHashes.sha; + digest = ssl->hsHashes->certHashes.sha; #else /* new tls default */ digestSz = SHA256_DIGEST_SIZE; - digest = ssl->certHashes.sha256; + digest = ssl->hsHashes->certHashes.sha256; #endif #ifdef HAVE_PK_CALLBACKS @@ -10974,19 +10993,19 @@ static void PickHashSigAlgo(WOLFSSL* ssl, if (IsAtLeastTLSv1_2(ssl)) { if (ssl->suites->hashAlgo == sha_mac) { #ifndef NO_SHA - digest = ssl->certHashes.sha; + digest = ssl->hsHashes->certHashes.sha; digestSz = SHA_DIGEST_SIZE; #endif } else if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 - digest = ssl->certHashes.sha256; + digest = ssl->hsHashes->certHashes.sha256; digestSz = SHA256_DIGEST_SIZE; #endif } else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef WOLFSSL_SHA384 - digest = ssl->certHashes.sha384; + digest = ssl->hsHashes->certHashes.sha384; digestSz = SHA384_DIGEST_SIZE; #endif } @@ -11031,7 +11050,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, if (ssl->suites->hashAlgo == sha_mac) { #ifndef NO_SHA - digest = ssl->certHashes.sha; + digest = ssl->hsHashes->certHashes.sha; typeH = SHAh; digestSz = SHA_DIGEST_SIZE; didSet = 1; @@ -11039,7 +11058,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, } else if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 - digest = ssl->certHashes.sha256; + digest = ssl->hsHashes->certHashes.sha256; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; didSet = 1; @@ -11047,7 +11066,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, } else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef WOLFSSL_SHA384 - digest = ssl->certHashes.sha384; + digest = ssl->hsHashes->certHashes.sha384; typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; didSet = 1; @@ -11057,11 +11076,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl, if (didSet == 0) { /* defaults */ #ifndef NO_OLD_TLS - digest = ssl->certHashes.sha; + digest = ssl->hsHashes->certHashes.sha; digestSz = SHA_DIGEST_SIZE; typeH = SHAh; #else - digest = ssl->certHashes.sha256; + digest = ssl->hsHashes->certHashes.sha256; digestSz = SHA256_DIGEST_SIZE; typeH = SHA256h; #endif @@ -11231,7 +11250,7 @@ int DoSessionTicket(WOLFSSL* ssl, ssl->expect_session_ticket = 0; - return BuildFinished(ssl, &ssl->verifyHashes, server); + return BuildFinished(ssl, &ssl->hsHashes->verifyHashes, server); } #endif /* HAVE_SESSION_TICKET */ @@ -12584,16 +12603,16 @@ int DoSessionTicket(WOLFSSL* ssl, /* manually hash input since different format */ #ifndef NO_OLD_TLS #ifndef NO_MD5 - wc_Md5Update(&ssl->hashMd5, input + idx, sz); + wc_Md5Update(&ssl->hsHashes->hashMd5, input + idx, sz); #endif #ifndef NO_SHA - wc_ShaUpdate(&ssl->hashSha, input + idx, sz); + wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz); #endif #endif #ifndef NO_SHA256 if (IsAtLeastTLSv1_2(ssl)) { - int shaRet = wc_Sha256Update(&ssl->hashSha256, input + idx, sz); - + int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256, + input + idx, sz); if (shaRet != 0) return shaRet; } @@ -13102,7 +13121,7 @@ int DoSessionTicket(WOLFSSL* ssl, byte encodedSig[MAX_ENCODED_SIG_SZ]; #endif word32 sigSz; - byte* digest = ssl->certHashes.sha; + byte* digest = ssl->hsHashes->certHashes.sha; int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; @@ -13119,14 +13138,14 @@ int DoSessionTicket(WOLFSSL* ssl, if (hashAlgo == sha256_mac) { #ifndef NO_SHA256 - digest = ssl->certHashes.sha256; + digest = ssl->hsHashes->certHashes.sha256; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } else if (hashAlgo == sha384_mac) { #ifdef WOLFSSL_SHA384 - digest = ssl->certHashes.sha384; + digest = ssl->hsHashes->certHashes.sha384; typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; #endif @@ -13144,8 +13163,10 @@ int DoSessionTicket(WOLFSSL* ssl, } else { if (outLen == FINISHED_SZ && out && XMEMCMP(out, - &ssl->certHashes, FINISHED_SZ) == 0) + &ssl->hsHashes->certHashes, + FINISHED_SZ) == 0) { ret = 0; /* verified */ + } } } #endif @@ -13153,7 +13174,7 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->peerEccDsaKeyPresent) { int verify = 0; int err = -1; - byte* digest = ssl->certHashes.sha; + byte* digest = ssl->hsHashes->certHashes.sha; word32 digestSz = SHA_DIGEST_SIZE; byte doUserEcc = 0; @@ -13171,13 +13192,13 @@ int DoSessionTicket(WOLFSSL* ssl, if (hashAlgo == sha256_mac) { #ifndef NO_SHA256 - digest = ssl->certHashes.sha256; + digest = ssl->hsHashes->certHashes.sha256; digestSz = SHA256_DIGEST_SIZE; #endif } else if (hashAlgo == sha384_mac) { #ifdef WOLFSSL_SHA384 - digest = ssl->certHashes.sha384; + digest = ssl->hsHashes->certHashes.sha384; digestSz = SHA384_DIGEST_SIZE; #endif } @@ -13715,7 +13736,7 @@ int DoSessionTicket(WOLFSSL* ssl, ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; #ifndef NO_CERTS if (ssl->options.verifyPeer) - ret = BuildCertHashes(ssl, &ssl->certHashes); + ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes); #endif } diff --git a/src/ssl.c b/src/ssl.c index ed2f6d855..321e4ac16 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -798,21 +798,21 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl) #ifndef NO_OLD_TLS #ifndef NO_MD5 - wc_InitMd5(&ssl->hashMd5); + wc_InitMd5(&ssl->hsHashes->hashMd5); #endif #ifndef NO_SHA - ret = wc_InitSha(&ssl->hashSha); + ret = wc_InitSha(&ssl->hsHashes->hashSha); if (ret !=0) return ret; #endif #endif /* NO_OLD_TLS */ #ifndef NO_SHA256 - ret = wc_InitSha256(&ssl->hashSha256); + ret = wc_InitSha256(&ssl->hsHashes->hashSha256); if (ret !=0) return ret; #endif #ifdef WOLFSSL_SHA384 - ret = wc_InitSha384(&ssl->hashSha384); + ret = wc_InitSha384(&ssl->hsHashes->hashSha384); if (ret !=0) return ret; #endif @@ -5101,23 +5101,24 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) if (ssl->options.dtls) { /* re-init hashes, exclude first hello and verify request */ #ifndef NO_OLD_TLS - wc_InitMd5(&ssl->hashMd5); - if ( (ssl->error = wc_InitSha(&ssl->hashSha)) != 0) { + wc_InitMd5(&ssl->hsHashes->hashMd5); + if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha)) + != 0) { WOLFSSL_ERROR(ssl->error); return SSL_FATAL_ERROR; } #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - if ( (ssl->error = - wc_InitSha256(&ssl->hashSha256)) != 0) { + if ( (ssl->error = wc_InitSha256( + &ssl->hsHashes->hashSha256)) != 0) { WOLFSSL_ERROR(ssl->error); return SSL_FATAL_ERROR; } #endif #ifdef WOLFSSL_SHA384 - if ( (ssl->error = - wc_InitSha384(&ssl->hashSha384)) != 0) { + if ( (ssl->error = wc_InitSha384( + &ssl->hsHashes->hashSha384)) != 0) { WOLFSSL_ERROR(ssl->error); return SSL_FATAL_ERROR; } @@ -5379,23 +5380,24 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); /* re-init hashes, exclude first hello and verify request */ #ifndef NO_OLD_TLS - wc_InitMd5(&ssl->hashMd5); - if ( (ssl->error = wc_InitSha(&ssl->hashSha)) != 0) { + wc_InitMd5(&ssl->hsHashes->hashMd5); + if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha)) + != 0) { WOLFSSL_ERROR(ssl->error); return SSL_FATAL_ERROR; } #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - if ( (ssl->error = - wc_InitSha256(&ssl->hashSha256)) != 0) { + if ( (ssl->error = wc_InitSha256( + &ssl->hsHashes->hashSha256)) != 0) { WOLFSSL_ERROR(ssl->error); return SSL_FATAL_ERROR; } #endif #ifdef WOLFSSL_SHA384 - if ( (ssl->error = - wc_InitSha384(&ssl->hashSha384)) != 0) { + if ( (ssl->error = wc_InitSha384( + &ssl->hsHashes->hashSha384)) != 0) { WOLFSSL_ERROR(ssl->error); return SSL_FATAL_ERROR; } diff --git a/src/tls.c b/src/tls.c index bdad78946..f13ee3c75 100644 --- a/src/tls.c +++ b/src/tls.c @@ -334,14 +334,14 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) word32 hashSz = FINISHED_SZ; #ifndef NO_OLD_TLS - wc_Md5Final(&ssl->hashMd5, handshake_hash); - wc_ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); + wc_Md5Final(&ssl->hsHashes->hashMd5, handshake_hash); + wc_ShaFinal(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); #endif - + if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 if (ssl->specs.mac_algorithm <= sha256_mac) { - int ret = wc_Sha256Final(&ssl->hashSha256, handshake_hash); + int ret = wc_Sha256Final(&ssl->hsHashes->hashSha256,handshake_hash); if (ret != 0) return ret; @@ -351,7 +351,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #endif #ifdef WOLFSSL_SHA384 if (ssl->specs.mac_algorithm == sha384_mac) { - int ret = wc_Sha384Final(&ssl->hashSha384, handshake_hash); + int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash); if (ret != 0) return ret; @@ -360,7 +360,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } #endif } - + if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) side = tls_client; else diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ebcb61c0d..d9b20006b 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2020,11 +2020,33 @@ typedef struct MsgsReceived { } MsgsReceived; +/* Handshake hashes */ +typedef struct HS_Hashes { + Hashes verifyHashes; + Hashes certHashes; /* for cert verify */ +#ifndef NO_OLD_TLS +#ifndef NO_SHA + Sha hashSha; /* sha hash of handshake msgs */ +#endif +#ifndef NO_MD5 + Md5 hashMd5; /* md5 hash of handshake msgs */ +#endif +#endif /* NO_OLD_TLS */ +#ifndef NO_SHA256 + Sha256 hashSha256; /* sha256 hash of handshake msgs */ +#endif +#ifdef WOLFSSL_SHA384 + Sha384 hashSha384; /* sha384 hash of handshake msgs */ +#endif +} HS_Hashes; + + /* wolfSSL ssl type */ struct WOLFSSL { WOLFSSL_CTX* ctx; Suites* suites; /* only need during handshake */ Arrays* arrays; + HS_Hashes* hsHashes; void* IOCB_ReadCtx; void* IOCB_WriteCtx; RNG* rng; @@ -2051,27 +2073,11 @@ struct WOLFSSL { ProtocolVersion chVersion; /* client hello version */ CipherSpecs specs; Keys keys; - Hashes verifyHashes; - Hashes certHashes; /* for cert verify */ Options options; #ifdef OPENSSL_EXTRA WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ #endif -#ifndef NO_OLD_TLS -#ifndef NO_SHA - Sha hashSha; /* sha hash of handshake msgs */ -#endif -#ifndef NO_MD5 - Md5 hashMd5; /* md5 hash of handshake msgs */ -#endif -#endif /* NO_OLD_TLS */ -#ifndef NO_SHA256 - Sha256 hashSha256; /* sha256 hash of handshake msgs */ -#endif -#ifdef WOLFSSL_SHA384 - Sha384 hashSha384; /* sha384 hash of handshake msgs */ -#endif #ifndef NO_RSA RsaKey* peerRsaKey; byte peerRsaKeyPresent; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index d729ce31b..a5ff1d3f2 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -267,7 +267,8 @@ DYNAMIC_TYPE_X509 = 42, DYNAMIC_TYPE_TLSX = 43, DYNAMIC_TYPE_OCSP = 44, - DYNAMIC_TYPE_SIGNATURE = 45 + DYNAMIC_TYPE_SIGNATURE = 45, + DYNAMIC_TYPE_HASHES = 46 }; /* max error buffer string size */