wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

SHA1 client certificate validation fails if NO_OLD_TLS is specified

Open t0x1c opened this issue 3 years ago • 4 comments

Version

5.1.1

Description

wolfSSL server is configured to validate client certificate. Client presents a certificate signed with RSA/SHA1. NO_OLD_TLS is specified, which cancels out SHA1. But it's brought back with WOLFSSL_ALLOW_TLS_SHA1.

DoCertificateVerify fails: after call to wc_EncodeSignature following XMEMCMP fails with non-zero result.

Looks like some conditional parts of the code check for both flags (like !NO_OLD_TLS || WOLFSSL_ALLOW_TLS_SHA1), but some other SHA-related parts only check for NO_OLD_TLS, so some parts of the code don't get executed (example: HashRaw in internal.c)

t0x1c avatar Jan 24 '22 15:01 t0x1c

@t0x1c

I've created #4793 to fix this issue. Please let me know if this addresses your concerns in this issue.

embhorn avatar Jan 26 '22 14:01 embhorn

Sorry for late response. I tried to apply your changes to 5.1.1 release code, and it looks like it's not enough - server still assumes certificate invalid. I searched for NO_OLD_TLS usage and there are many more conditional places involving SHA computations, though I'm not sure which of them are used for certificate validation: InitHandshakeHashes, FreeHandshakeHashes, BuildFinished, SendCertificateVerify, SendServerKeyExchange, maybe more..

t0x1c avatar Feb 01 '22 23:02 t0x1c

Hi @t0x1c

I've revisited this issue and added support for the behavior you requested in #4793

embhorn avatar Jun 01 '22 19:06 embhorn

thanks! my hands are full, cant verify it right now, but assuming the changes it should work

t0x1c avatar Jun 02 '22 20:06 t0x1c