From 769075dfb679f7be45d40e733bdae8214513e417 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Sat, 24 Nov 2012 11:26:46 +0100 Subject: [PATCH] Fixed dependency on POLARSSL_SHA4_C in ssl modules --- include/polarssl/config.h | 1 + library/ssl_cli.c | 2 ++ library/ssl_tls.c | 27 +++++++++++++++++++++++++-- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 1ce28e51c..dac70e715 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -696,6 +696,7 @@ * library/x509parse.c * * This module adds support for SHA-224 and SHA-256. + * This module is required for the SSL/TLS 1.2 PRF function. */ #define POLARSSL_SHA2_C diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 16b32004d..a71671007 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -804,7 +804,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) else { sha2_context sha2; +#if defined(POLARSSL_SHA4_C) sha4_context sha4; +#endif n = ssl->in_hslen - ( end - p ) - 8; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 04ee6ffa0..e0a64ab06 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -233,6 +233,7 @@ static int tls_prf_sha256( unsigned char *secret, size_t slen, char *label, return( 0 ); } +#if defined(POLARSSL_SHA4_C) static int tls_prf_sha384( unsigned char *secret, size_t slen, char *label, unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ) @@ -271,21 +272,25 @@ static int tls_prf_sha384( unsigned char *secret, size_t slen, char *label, return( 0 ); } +#endif static void ssl_update_checksum_start(ssl_context *, unsigned char *, size_t); static void ssl_update_checksum_md5sha1(ssl_context *, unsigned char *, size_t); static void ssl_update_checksum_sha256(ssl_context *, unsigned char *, size_t); -static void ssl_update_checksum_sha384(ssl_context *, unsigned char *, size_t); static void ssl_calc_verify_ssl(ssl_context *,unsigned char *); static void ssl_calc_verify_tls(ssl_context *,unsigned char *); static void ssl_calc_verify_tls_sha256(ssl_context *,unsigned char *); -static void ssl_calc_verify_tls_sha384(ssl_context *,unsigned char *); static void ssl_calc_finished_ssl(ssl_context *,unsigned char *,int); static void ssl_calc_finished_tls(ssl_context *,unsigned char *,int); static void ssl_calc_finished_tls_sha256(ssl_context *,unsigned char *,int); + +#if defined(POLARSSL_SHA4_C) +static void ssl_update_checksum_sha384(ssl_context *, unsigned char *, size_t); +static void ssl_calc_verify_tls_sha384(ssl_context *,unsigned char *); static void ssl_calc_finished_tls_sha384(ssl_context *,unsigned char *,int); +#endif int ssl_derive_keys( ssl_context *ssl ) { @@ -315,6 +320,7 @@ int ssl_derive_keys( ssl_context *ssl ) handshake->calc_verify = ssl_calc_verify_tls; handshake->calc_finished = ssl_calc_finished_tls; } +#if defined(POLARSSL_SHA4_C) else if( session->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || session->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { @@ -322,6 +328,7 @@ int ssl_derive_keys( ssl_context *ssl ) handshake->calc_verify = ssl_calc_verify_tls_sha384; handshake->calc_finished = ssl_calc_finished_tls_sha384; } +#endif else { handshake->tls_prf = tls_prf_sha256; @@ -766,6 +773,7 @@ void ssl_calc_verify_tls_sha256( ssl_context *ssl, unsigned char hash[32] ) return; } +#if defined(POLARSSL_SHA4_C) void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] ) { sha4_context sha4; @@ -780,6 +788,7 @@ void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] ) return; } +#endif /* * SSLv3.0 MAC functions @@ -2390,13 +2399,19 @@ int ssl_parse_change_cipher_spec( ssl_context *ssl ) void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite ) { +#if !defined(POLARSSL_SHA4_C) + ((void) ciphersuite); +#endif + if( ssl->minor_ver < SSL_MINOR_VERSION_3 ) ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; +#if defined(POLARSSL_SHA4_C) else if ( ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { ssl->handshake->update_checksum = ssl_update_checksum_sha384; } +#endif else ssl->handshake->update_checksum = ssl_update_checksum_sha256; } @@ -2407,7 +2422,9 @@ static void ssl_update_checksum_start( ssl_context *ssl, unsigned char *buf, md5_update( &ssl->handshake->fin_md5 , buf, len ); sha1_update( &ssl->handshake->fin_sha1, buf, len ); sha2_update( &ssl->handshake->fin_sha2, buf, len ); +#if defined(POLARSSL_SHA4_C) sha4_update( &ssl->handshake->fin_sha4, buf, len ); +#endif } static void ssl_update_checksum_md5sha1( ssl_context *ssl, unsigned char *buf, @@ -2423,11 +2440,13 @@ static void ssl_update_checksum_sha256( ssl_context *ssl, unsigned char *buf, sha2_update( &ssl->handshake->fin_sha2, buf, len ); } +#if defined(POLARSSL_SHA4_C) static void ssl_update_checksum_sha384( ssl_context *ssl, unsigned char *buf, size_t len ) { sha4_update( &ssl->handshake->fin_sha4, buf, len ); } +#endif static void ssl_calc_finished_ssl( ssl_context *ssl, unsigned char *buf, int from ) @@ -2598,6 +2617,7 @@ static void ssl_calc_finished_tls_sha256( SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } +#if defined(POLARSSL_SHA4_C) static void ssl_calc_finished_tls_sha384( ssl_context *ssl, unsigned char *buf, int from ) { @@ -2640,6 +2660,7 @@ static void ssl_calc_finished_tls_sha384( SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } +#endif void ssl_handshake_wrapup( ssl_context *ssl ) { @@ -2831,7 +2852,9 @@ int ssl_handshake_init( ssl_context *ssl ) md5_starts( &ssl->handshake->fin_md5 ); sha1_starts( &ssl->handshake->fin_sha1 ); sha2_starts( &ssl->handshake->fin_sha2, 0 ); +#if defined(POLARSSL_SHA4_C) sha4_starts( &ssl->handshake->fin_sha4, 1 ); +#endif ssl->handshake->update_checksum = ssl_update_checksum_start; ssl->handshake->sig_alg = SSL_HASH_SHA1;