TLS 1.3 Cookie Hash: use stronger hash if no SHA-256

Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
This commit is contained in:
Sean Parkinson
2025-10-03 08:28:02 +10:00
parent 5804ba759a
commit e14cc3a34e
7 changed files with 96 additions and 40 deletions
+36 -17
View File
@@ -306,7 +306,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
case sha256_mac:
ret = wc_InitSha256_ex(&digest.sha256, ssl->heap, ssl->devId);
if (ret == 0) {
@@ -3601,14 +3601,21 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
cookieSz += OPAQUE16_LEN;
}
#if !defined(NO_SHA) && defined(NO_SHA256)
cookieType = SHA;
macSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
cookieType = WC_SHA256;
macSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
#elif defined(WOLFSSL_SHA384)
cookieType = WC_SHA384;
macSz = WC_SHA384_DIGEST_SIZE;
#elif defined(WOLFSSL_TLS13_SHA512)
cookieType = WC_SHA512;
macSz = WC_SHA512_DIGEST_SIZE;
#elif defined(WOLFSSL_SM3)
cookieType = WC_SM3;
macSz = WC_SM3_DIGEST_SIZE;
#else
#error "No digest to available to use with HMAC for cookies."
#endif /* NO_SHA */
ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
if (ret == 0) {
@@ -6456,14 +6463,21 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
return COOKIE_ERROR;
}
#if !defined(NO_SHA) && defined(NO_SHA256)
cookieType = SHA;
macSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
cookieType = WC_SHA256;
macSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
#elif defined(WOLFSSL_SHA384)
cookieType = WC_SHA384;
macSz = WC_SHA384_DIGEST_SIZE;
#elif defined(WOLFSSL_TLS13_SHA512)
cookieType = WC_SHA512;
macSz = WC_SHA512_DIGEST_SIZE;
#elif defined(WOLFSSL_SM3)
cookieType = WC_SM3;
macSz = WC_SM3_DIGEST_SIZE;
#else
#error "No digest to available to use with HMAC for cookies."
#endif /* NO_SHA */
if (cookieSz < ssl->specs.hash_size + macSz)
return HRR_COOKIE_ERROR;
@@ -8389,7 +8403,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
/* Digest the signature data. */
switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
case sha256_mac:
ret = wc_InitSha256(&digest.sha256);
if (ret == 0) {
@@ -8454,7 +8468,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
/* Digest the signature data. */
switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
case sha256_mac:
ret = wc_InitSha256(&digest.sha256);
if (ret == 0) {
@@ -13608,12 +13622,17 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
return SIDE_ERROR;
if (secretSz == 0) {
#if !defined(NO_SHA) && defined(NO_SHA256)
secretSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
secretSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
#elif defined(WOLFSSL_SHA384)
secretSz = WC_SHA384_DIGEST_SIZE;
#elif defined(WOLFSSL_TLS13_SHA512)
secretSz = WC_SHA512_DIGEST_SIZE;
#elif defined(WOLFSSL_SM3)
secretSz = WC_SM3_DIGEST_SIZE;
#else
#error "No digest to available to use with HMAC for cookies."
#endif /* NO_SHA */
}
if (secretSz != ssl->buffers.tls13CookieSecret.length) {
+39 -17
View File
@@ -3172,7 +3172,8 @@ static int test_wolfSSL_CertManagerLoadCABufferType(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
!defined(NO_RSA) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
!defined(NO_RSA) && !defined(NO_SHA256) && \
!defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
#if defined(WOLFSSL_PEM_TO_DER)
const char* ca_cert = "./certs/ca-cert.pem";
const char* int1_cert = "./certs/intermediate/ca-int-cert.pem";
@@ -5125,12 +5126,14 @@ static int test_wolfSSL_CertRsaPss(void)
(HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
(defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
XFILE f = XBADFILE;
#ifndef NO_SHA256
const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
#ifdef WOLFSSL_PEM_TO_DER
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
#else
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.der";
#endif
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
RSA_MAX_SIZE >= 3072
const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
@@ -5148,13 +5151,16 @@ static int test_wolfSSL_CertRsaPss(void)
WOLFSSL_CERT_MANAGER* cm = NULL;
ExpectNotNull(cm = wolfSSL_CertManagerNew());
#ifndef NO_SHA256
ExpectIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL));
#endif
#if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
ExpectIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL));
#endif
#ifndef NO_SHA256
ExpectTrue((f = XFOPEN(rsaPssSha256Cert, "rb")) != XBADFILE);
ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
if (f != XBADFILE) {
@@ -5164,6 +5170,7 @@ static int test_wolfSSL_CertRsaPss(void)
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
wc_FreeDecodedCert(&cert);
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
RSA_MAX_SIZE >= 3072
@@ -5177,6 +5184,9 @@ static int test_wolfSSL_CertRsaPss(void)
#endif
wolfSSL_CertManagerFree(cm);
(void)buf;
(void)bytes;
#endif
return EXPECT_RESULT();
@@ -9455,6 +9465,8 @@ cleanup:
static int test_wolfSSL_read_write(void)
{
EXPECT_DECLS;
#ifndef NO_SHA256
/* The unit testing for read and write shall happen simultaneously, since
* one can't do anything with one without the other. (Except for a failure
* test case.) This function will call all the others that will set up,
@@ -9478,7 +9490,6 @@ static int test_wolfSSL_read_write(void)
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
EXPECT_DECLS;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
@@ -9510,7 +9521,7 @@ static int test_wolfSSL_read_write(void)
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#endif
return EXPECT_RESULT();
}
@@ -25149,7 +25160,8 @@ static int test_wolfSSL_check_domain(void)
}
#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(OPENSSL_COMPATIBLE_DEFAULTS)
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256)
static const char* dn = NULL;
static int test_wolfSSL_check_domain_basic_client_ssl(WOLFSSL* ssl)
{
@@ -27846,8 +27858,8 @@ static int test_wolfSSL_SESSION(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_SESSION_CACHE)
!defined(NO_RSA) && !defined(NO_SHA256) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
WOLFSSL* ssl = NULL;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL_SESSION* sess = NULL;
@@ -37634,7 +37646,7 @@ static int test_X509_LOOKUP_add_dir(void)
*----------------------------------------------------------------------------*/
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
#if !defined(NO_RSA) || defined(HAVE_ECC)
#if (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_SHA256)
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
@@ -42012,6 +42024,7 @@ static int test_wolfSSL_dtls_stateless(void)
#ifdef HAVE_CERT_CHAIN_VALIDATION
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
#ifdef WOLFSSL_PEM_TO_DER
#ifndef NO_SHA256
static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
int ret;
@@ -42189,10 +42202,12 @@ static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
return ret;
}
#endif
static int test_various_pathlen_chains(void)
{
EXPECT_DECLS;
#ifndef NO_SHA256
WOLFSSL_CERT_MANAGER* cm = NULL;
/* Test chain G (large chain with varying pathLens) */
@@ -42245,6 +42260,7 @@ static int test_various_pathlen_chains(void)
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
wolfSSL_CertManagerFree(cm);
#endif
return EXPECT_RESULT();
}
@@ -47276,7 +47292,8 @@ static int test_dtls13_bad_epoch_ch(void)
(!defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
!defined(NO_DES3))) || !defined(WOLFSSL_NO_TLS12)) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(NO_SESSION_CACHE) && !defined(NO_SHA256)
static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
{
EXPECT_DECLS;
@@ -48581,8 +48598,9 @@ static int test_certreq_sighash_algos(void)
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_MAX_STRENGTH) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_TLS12)
!defined(NO_SHA256) && defined(WOLFSSL_SHA384) && \
defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) && \
!defined(WOLFSSL_NO_TLS12)
WOLFSSL_CTX *ctx_c = NULL;
WOLFSSL_CTX *ctx_s = NULL;
WOLFSSL *ssl_c = NULL;
@@ -49447,7 +49465,8 @@ static int test_self_signed_stapling(void)
static int test_tls_multi_handshakes_one_record(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256)
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
@@ -49652,7 +49671,8 @@ static int test_read_write_hs(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256)
WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL;
WOLFSSL *ssl_s = NULL, *ssl_c = NULL;
struct test_memio_ctx test_ctx;
@@ -49931,7 +49951,8 @@ static int test_get_signature_nid(void)
}
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(NO_SHA256)
static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
{
#ifndef NO_MD5
@@ -50024,7 +50045,8 @@ static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
static int test_tls_cert_store_unchanged(void)
{
EXPECT_DECLS;
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(NO_SHA256)
test_ssl_cbf client_cbf;
test_ssl_cbf server_cbf;
int i;
@@ -50255,7 +50277,7 @@ static int test_wolfSSL_SSLDisableRead(void)
static int test_wolfSSL_inject(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SHA256)
size_t i;
struct {
method_provider client_meth;
@@ -50683,6 +50705,7 @@ TEST_CASE testCases[] = {
#endif
TEST_DECL(test_EVP_PKEY_rsa),
TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
TEST_DECL(test_EVP_PKEY_ec),
TEST_DECL(test_wolfSSL_EVP_PKEY_encrypt),
TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_rsa),
@@ -51026,7 +51049,6 @@ TEST_CASE testCases[] = {
defined(WOLFSSL_PEM_TO_DER)
TEST_DECL(test_various_pathlen_chains),
#endif
TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
/*********************************
* SSL/TLS API tests
@@ -51072,7 +51094,7 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
(!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_SHA256)
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
/* Bad certificate signature tests */
TEST_DECL(test_EccSigFailure_cm),
+2 -1
View File
@@ -1247,7 +1247,8 @@ int test_dtls_record_cross_boundaries(void)
}
#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) */
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256)
/* This test that the DTLS record boundary check doesn't interfere with TLS
* records processing */
int test_records_span_network_boundaries(void)
+3 -1
View File
@@ -42,7 +42,7 @@ int test_wc_i2d_PKCS12(void)
EXPECT_DECLS;
#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
&& !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES) && !defined(NO_SHA)
&& !defined(NO_AES) && !defined(NO_SHA) && !defined(NO_SHA256)
WC_PKCS12* pkcs12 = NULL;
unsigned char der[FOURK_BUF * 2];
unsigned char* pt;
@@ -163,6 +163,7 @@ int test_wc_PKCS12_create(void)
{
EXPECT_DECLS;
#ifndef NO_SHA256
EXPECT_TEST(test_wc_PKCS12_create_once(-1, -1));
#if !defined(NO_RC4) && !defined(NO_SHA)
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_RC4_128, PBE_SHA1_RC4_128));
@@ -187,6 +188,7 @@ int test_wc_PKCS12_create(void)
#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \
!defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_DES3)
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_SHA1_DES3));
#endif
#endif
(void) test_wc_PKCS12_create_once;
+3 -2
View File
@@ -106,8 +106,9 @@ int test_wc_RsaPrivateKeyDecode(void)
int test_wc_RsaPublicKeyDecode(void)
{
EXPECT_DECLS;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024) || \
defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
#if !defined(NO_RSA) && !defined(NO_SHA256) && \
(defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
!defined(HAVE_FIPS)
RsaKey keyPub;
byte* tmp = NULL;
word32 idx = 0;
+12 -1
View File
@@ -18611,7 +18611,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
};
byte output[WC_SHA256_DIGEST_SIZE * 4];
byte output[32 * 4];
wc_test_ret_t ret;
WOLFSSL_ENTER("random_test");
@@ -20628,7 +20628,9 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
#ifdef WOLFSSL_SHA224
WC_MGF1SHA224,
#endif
#ifndef NO_SHA256
WC_MGF1SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_MGF1SHA384,
#endif
@@ -20643,7 +20645,9 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
#ifdef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
@@ -28297,6 +28301,7 @@ typedef struct {
* serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom
* hashed together. */
static const Tls13KdfTestVector tls13KdfTestVectors[] = {
#ifndef NO_SHA256
{ /* 1 */
WC_HASH_TYPE_SHA256, 35, 35,
{ /* PSK */
@@ -28520,6 +28525,7 @@ static const Tls13KdfTestVector tls13KdfTestVectors[] = {
0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b,
0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 }
},
#endif
#ifdef WOLFSSL_SHA384
{ /* 26 */
WC_HASH_TYPE_SHA384, 35, 35,
@@ -32339,6 +32345,7 @@ done:
!defined(NO_ECC_SIGN)
static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
{
#ifndef NO_SHA256
wc_test_ret_t ret;
word32 sigSz;
int size;
@@ -32383,6 +32390,10 @@ static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
#else
(void)rng;
(void)key;
#endif
return 0;
}
+1 -1
View File
@@ -4459,7 +4459,7 @@ WOLFSSL_LOCAL int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes);
#ifdef WOLFSSL_TLS13
typedef union Digest {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
wc_Sha256 sha256;
#endif
#ifdef WOLFSSL_SHA384