WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1893 from dgarske/ecdsa_hashalgo 

New build option to match ECDSA hash algo digest size with ephemeral key size
pull/1899/head
toddouska 2018-10-26 09:43:07 -07:00 committed by GitHub
parent 23445546c5 d21603334b
commit a6adfd434d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 55 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/internal.c
View File

@ -16512,9 +16512,60 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
ssl->suites->hashAlgo = sha512_mac; ssl->suites->hashAlgo = sha512_mac;
break; break;
} }
#endif
/* For ECDSA the `USE_ECDSA_KEYSZ_HASH_ALGO` build option will choose a hash
* algorithm that matches the ephemeral ECDHE key size or the next higest
* available. This workaround resolves issue with some peer's that do not
* properly support scenarios such as a P-256 key hashed with SHA512.
*/
#if defined(HAVE_ECC) && defined(USE_ECDSA_KEYSZ_HASH_ALGO)
if (sigAlgo == ssl->suites->sigAlgo && sigAlgo == ecc_dsa_sa_algo) {
word32 digestSz = 0;
switch (hashAlgo) {
#ifndef NO_SHA
case sha_mac:
digestSz = WC_SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case sha256_mac:
digestSz = WC_SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
digestSz = WC_SHA384_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case sha512_mac:
digestSz = WC_SHA512_DIGEST_SIZE;
break;
#endif
default:
continue;
}
/* For ecc_dsa_sa_algo, pick hash algo that is curve size unless
algorithm in not compiled in, then choose next highest */
if (digestSz == ssl->eccTempKeySz) {
ssl->suites->hashAlgo = hashAlgo;
ssl->suites->sigAlgo = sigAlgo;
return; /* done selected sig/hash algorithms */
}
/* not strong enough, so keep checking hashSigAlso list */
if (digestSz < ssl->eccTempKeySz)
continue;
/* mark as highest and check remainder of hashSigAlgo list */
ssl->suites->hashAlgo = hashAlgo;
ssl->suites->sigAlgo = sigAlgo;
}
else
#endif #endif
if (sigAlgo == ssl->suites->sigAlgo || (sigAlgo == rsa_pss_sa_algo && if (sigAlgo == ssl->suites->sigAlgo || (sigAlgo == rsa_pss_sa_algo &&
ssl->suites->sigAlgo == rsa_sa_algo)) { ssl->suites->sigAlgo == rsa_sa_algo)) {
/* pick highest available between both server and client */
switch (hashAlgo) { switch (hashAlgo) {
case sha_mac: case sha_mac:
#ifndef NO_SHA256 #ifndef NO_SHA256
@ -16526,8 +16577,10 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
case sha512_mac: case sha512_mac:
#endif #endif
/* not strong enough, so keep checking hashSigAlso list */
if (hashAlgo < ssl->suites->hashAlgo) if (hashAlgo < ssl->suites->hashAlgo)
continue; continue;
/* mark as highest and check remainder of hashSigAlgo list */
ssl->suites->hashAlgo = hashAlgo; ssl->suites->hashAlgo = hashAlgo;
ssl->suites->sigAlgo = sigAlgo; ssl->suites->sigAlgo = sigAlgo;
break; break;
@ -16540,13 +16593,12 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
ssl->suites->hashAlgo = ssl->specs.mac_algorithm; ssl->suites->hashAlgo = ssl->specs.mac_algorithm;
} }
} }
} }
#endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */ #endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
/* Initialisze HandShakeInfo */ /* Initialize HandShakeInfo */
void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl) void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl)
{ {
int i; int i;
@ -16599,7 +16651,7 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
#ifdef WOLFSSL_CALLBACKS #ifdef WOLFSSL_CALLBACKS
/* Initialisze TimeoutInfo */ /* Initialize TimeoutInfo */
void InitTimeoutInfo(TimeoutInfo* info) void InitTimeoutInfo(TimeoutInfo* info)
{ {
int i; int i;