From d903059e054363dcdf1f5d7cd1123ee32fa55667 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 1 Mar 2017 19:07:13 -0800 Subject: [PATCH 1/2] Fixes to allow signature_algorithms extension to send SHA1 (if enabled) and NO_OLD_TLS is defined. This resolves an issue connected to ISS servers. --- src/internal.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/internal.c b/src/internal.c index 3c5f39c7f..55a19d9fc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1672,7 +1672,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif - #if !defined(NO_SHA) && !defined(NO_OLD_TLS) + #if !defined(NO_SHA) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif @@ -1691,7 +1691,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif - #if !defined(NO_SHA) && !defined(NO_OLD_TLS) + #if !defined(NO_SHA) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif @@ -14749,7 +14749,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #endif break; case sha_mac: - #ifndef NO_OLD_TLS + #ifndef NO_SHA hashType = WC_HASH_TYPE_SHA; #endif break; @@ -17756,7 +17756,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_OLD_TLS + #ifndef NO_SHA hashType = WC_HASH_TYPE_SHA; #endif break; @@ -17850,7 +17850,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_OLD_TLS + #ifndef NO_SHA typeH = SHAh; #endif break; @@ -18020,7 +18020,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_OLD_TLS + #ifndef NO_SHA hashType = WC_HASH_TYPE_SHA; #endif break; @@ -18109,7 +18109,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_OLD_TLS + #ifndef NO_SHA typeH = SHAh; #endif break; From b5fe3ddbfa12640d9b1a2aa616be0162c1d1adcb Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 2 Mar 2017 18:18:05 -0800 Subject: [PATCH 2/2] =?UTF-8?q?Fix=20to=20allow=20connection=20to=20IIS=20?= =?UTF-8?q?server=20which=20requires=20SHA1=20hash=20algo=20to=20be=20pres?= =?UTF-8?q?ent=20in=20signature=5Falgos=20extension.=20Issue=20only=20exis?= =?UTF-8?q?ts=20when=20NO=5FOLD=5FTLS=20is=20defined.=20To=20enable=20SHA1?= =?UTF-8?q?=20with=20TLS=201.2=20define=20"WOLFSSL=5FALLOW=5FTLS=5FSHA1?= =?UTF-8?q?=E2=80=9D.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/internal.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/src/internal.c b/src/internal.c index 55a19d9fc..08d11f997 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1672,7 +1672,8 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif - #if !defined(NO_SHA) + #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif @@ -1691,7 +1692,8 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif - #if !defined(NO_SHA) + #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif @@ -14749,7 +14751,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) hashType = WC_HASH_TYPE_SHA; #endif break; @@ -17756,7 +17760,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) hashType = WC_HASH_TYPE_SHA; #endif break; @@ -17850,7 +17856,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) typeH = SHAh; #endif break; @@ -18020,7 +18028,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) hashType = WC_HASH_TYPE_SHA; #endif break; @@ -18109,7 +18119,9 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif break; case sha_mac: - #ifndef NO_SHA + #if !defined(NO_SHA) && \ + (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) typeH = SHAh; #endif break;