wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge wolfSSL master.

Browse Source
This commit is contained in:
jrblixt
2017-03-21 15:33:40 -06:00
parent 739436d7a8
commit 88679a6a0c
3 changed files with 62 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

279
src/internal.c
View File

@@ -3576,10 +3576,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#ifndef NO_OLD_TLS
#ifndef NO_MD5
ret = wc_InitMd5(&ssl->hsHashes->hashMd5);
if (ret != 0) {
return ret;
}
wc_InitMd5(&ssl->hsHashes->hashMd5);
#endif
#ifndef NO_SHA
ret = wc_InitSha(&ssl->hsHashes->hashSha);
@@ -4800,10 +4797,7 @@ static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
#endif
#ifndef NO_MD5
ret = wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
if (ret != 0) {
return ret;
}
wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
#endif
#endif /* NO_OLD_TLS */
@@ -4851,16 +4845,10 @@ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
#endif
#ifndef NO_OLD_TLS
#ifndef NO_SHA
ret = wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
if (ret != 0) {
return ret;
}
wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
#endif
#ifndef NO_MD5
ret = wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
if (ret != 0) {
return ret;
}
wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
#endif
#endif
@@ -5530,7 +5518,7 @@ static const byte PAD2[PAD_MD5] =
static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{
int ret;
byte md5_result[MD5_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
@@ -5554,75 +5542,18 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
/* make md5 inner */
md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
ret = wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,
SECRET_LEN);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
/* make md5 outer */
ret = wc_InitMd5(md5_2) ;
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(md5_2, ssl->arrays->masterSecret,SECRET_LEN);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(md5_2, PAD2, PAD_MD5);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Final(md5_2, hashes->md5);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_InitMd5(md5_2) ;
wc_Md5Update(md5_2, ssl->arrays->masterSecret,SECRET_LEN);
wc_Md5Update(md5_2, PAD2, PAD_MD5);
wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
wc_Md5Final(md5_2, hashes->md5);
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10217,9 +10148,10 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
byte result[MAX_DIGEST_SIZE];
word32 digestSz = ssl->specs.hash_size; /* actual sizes */
word32 padSz = ssl->specs.pad_size;
int ret = 0;
Md5 md5;
Sha sha;
int ret;
/* data */
byte seq[SEQ_SZ];
@@ -10237,109 +10169,45 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
WriteSEQ(ssl, verify, seq);
if (ssl->specs.mac_algorithm == md5_mac) {
ret = wc_InitMd5(&md5);
if (ret != 0) {
return ret;
}
wc_InitMd5(&md5);
/* inner */
ret = wc_Md5Update(&md5, macSecret, digestSz);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, PAD1, padSz);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, seq, SEQ_SZ);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, conLen, sizeof(conLen));
if (ret != 0) {
return ret;
}
wc_Md5Update(&md5, macSecret, digestSz);
wc_Md5Update(&md5, PAD1, padSz);
wc_Md5Update(&md5, seq, SEQ_SZ);
wc_Md5Update(&md5, conLen, sizeof(conLen));
/* in buffer */
ret = wc_Md5Update(&md5, in, sz);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, result);
if (ret != 0) {
return ret;
}
wc_Md5Update(&md5, in, sz);
wc_Md5Final(&md5, result);
/* outer */
ret = wc_Md5Update(&md5, macSecret, digestSz);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, PAD2, padSz);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, result, digestSz);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, digest);
if (ret != 0) {
return ret;
}
wc_Md5Update(&md5, macSecret, digestSz);
wc_Md5Update(&md5, PAD2, padSz);
wc_Md5Update(&md5, result, digestSz);
wc_Md5Final(&md5, digest);
}
else {
ret = wc_InitSha(&sha);
if (ret != 0)
return ret;
/* inner */
ret = wc_ShaUpdate(&sha, macSecret, digestSz);
if (ret != 0) {
return ret;
}
ret = wc_ShaUpdate(&sha, PAD1, padSz);
if (ret != 0) {
return ret;
}
ret = wc_ShaUpdate(&sha, seq, SEQ_SZ);
if (ret != 0) {
return ret;
}
ret = wc_ShaUpdate(&sha, conLen, sizeof(conLen));
if (ret != 0) {
return ret;
}
wc_ShaUpdate(&sha, macSecret, digestSz);
wc_ShaUpdate(&sha, PAD1, padSz);
wc_ShaUpdate(&sha, seq, SEQ_SZ);
wc_ShaUpdate(&sha, conLen, sizeof(conLen));
/* in buffer */
ret = wc_ShaUpdate(&sha, in, sz);
if (ret != 0) {
return ret;
}
ret = wc_ShaFinal(&sha, result);
if (ret != 0) {
return ret;
}
wc_ShaUpdate(&sha, in, sz);
wc_ShaFinal(&sha, result);
/* outer */
ret = wc_ShaUpdate(&sha, macSecret, digestSz);
if (ret != 0) {
return ret;
}
ret = wc_ShaUpdate(&sha, PAD2, padSz);
if (ret != 0) {
return ret;
}
ret = wc_ShaUpdate(&sha, result, digestSz);
if (ret != 0) {
return ret;
}
ret = wc_ShaFinal(&sha, digest);
if (ret != 0) {
return ret;
}
wc_ShaUpdate(&sha, macSecret, digestSz);
wc_ShaUpdate(&sha, PAD2, padSz);
wc_ShaUpdate(&sha, result, digestSz);
wc_ShaFinal(&sha, digest);
}
return ret;
return 0;
}
#ifndef NO_CERTS
static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
static void BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
{
int ret;
byte md5_result[MD5_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
@@ -10352,75 +10220,23 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
/* make md5 inner */
md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
ret = wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,
SECRET_LEN);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
/* make md5 outer */
ret = wc_InitMd5(md5_2) ;
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(md5_2, ssl->arrays->masterSecret, SECRET_LEN);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(md5_2, PAD2, PAD_MD5);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_InitMd5(md5_2) ;
wc_Md5Update(md5_2, ssl->arrays->masterSecret, SECRET_LEN);
wc_Md5Update(md5_2, PAD2, PAD_MD5);
wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
ret = wc_Md5Final(md5_2, digest);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_Md5Final(md5_2, digest);
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
@@ -10497,10 +10313,7 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
}
#if ! defined( NO_OLD_TLS )
else {
ret = BuildMD5_CertVerify(ssl, hashes->md5);
if (ret != 0) {
return ret;
}
BuildMD5_CertVerify(ssl, hashes->md5);
BuildSHA_CertVerify(ssl, hashes->sha);
}
#endif

77
src/ssl.c
View File

@@ -1669,10 +1669,7 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
#ifndef NO_OLD_TLS
#ifndef NO_MD5
ret = wc_InitMd5(&ssl->hsHashes->hashMd5);
if (ret != 0) {
return ret;
}
wc_InitMd5(&ssl->hsHashes->hashMd5);
#endif
#ifndef NO_SHA
ret = wc_InitSha(&ssl->hsHashes->hashSha);
@@ -7768,9 +7765,6 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
int wolfSSL_connect(WOLFSSL* ssl)
{
int neededState;
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_DTLS)
int ret;
#endif
WOLFSSL_ENTER("SSL_connect()");
@@ -7862,17 +7856,14 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
/* re-init hashes, exclude first hello and verify request */
#ifndef NO_OLD_TLS
ret = wc_InitMd5(&ssl->hsHashes->hashMd5);
if (ret) {
return ret;
}
#ifndef NO_OLD_TLS
wc_InitMd5(&ssl->hsHashes->hashMd5);
if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha))
!= 0) {
WOLFSSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
#endif
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
if ( (ssl->error = wc_InitSha256(
@@ -10704,7 +10695,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
int keyLeft;
int ivLeft;
int keyOutput = 0;
int ret;
byte digest[MD5_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
Md5* md5 = NULL;
@@ -10721,10 +10711,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
(void)type;
WOLFSSL_ENTER("wolfSSL_EVP_BytesToKey");
ret = wc_InitMd5(md5);
if (ret != 0) {
return ret;
}
wc_InitMd5(md5);
/* only support MD5 for now */
if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
@@ -10769,56 +10756,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
while (keyOutput < (keyLen + ivLen)) {
int digestLeft = MD5_DIGEST_SIZE;
/* D_(i - 1) */
if (keyOutput) { /* first time D_0 is empty */
ret = wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
}
if (keyOutput) /* first time D_0 is empty */
wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
/* data */
ret = wc_Md5Update(md5, data, sz);
if (ret !=0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_Md5Update(md5, data, sz);
/* salt */
if (salt) {
ret = wc_Md5Update(md5, salt, EVP_SALT_SIZE);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
}
ret = wc_Md5Final(md5, digest);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
if (salt)
wc_Md5Update(md5, salt, EVP_SALT_SIZE);
wc_Md5Final(md5, digest);
/* count */
for (j = 1; j < count; j++) {
ret = wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Final(md5, digest);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
wc_Md5Final(md5, digest);
}
if (keyLeft) {

17
wolfcrypt/test/test.c
View File

@@ -1132,7 +1132,6 @@ int md5_test(void)
testVector a, b, c, d, e;
testVector test_md5[5];
int times = sizeof(test_md5) / sizeof(testVector), i;
int ret;
a.input = "abc";
a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
@@ -1172,21 +1171,11 @@ int md5_test(void)
test_md5[3] = d;
test_md5[4] = e;
ret = wc_InitMd5(&md5);
if (ret != 0) {
return ret;
}
wc_InitMd5(&md5);
for (i = 0; i < times; ++i) {
ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
(word32)test_md5[i].inLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, hash);
if (ret != 0){
return ret;
}
wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen);
wc_Md5Final(&md5, hash);
if (XMEMCMP(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0)
return -5 - i;