SHA1 client certificate validation fails if NO_OLD_TLS is specified

[t0x1c]

Version

5.1.1

Description

wolfSSL server is configured to validate client certificate. Client presents a certificate signed with RSA/SHA1.
NO_OLD_TLS is specified, which cancels out SHA1. But it's brought back with WOLFSSL_ALLOW_TLS_SHA1.

DoCertificateVerify fails: after call to wc_EncodeSignature following XMEMCMP fails with non-zero result.

Looks like some conditional parts of the code check for both flags (like !NO_OLD_TLS || WOLFSSL_ALLOW_TLS_SHA1), but some other SHA-related parts only check for NO_OLD_TLS, so some parts of the code don't get executed (example: HashRaw in internal.c)

[embhorn]

@t0x1c

I've created #4793 to fix this issue. Please let me know if this addresses your concerns in this issue.

[t0x1c]

Sorry for late response. I tried to apply your changes to 5.1.1 release code, and it looks like it's not enough - server still assumes certificate invalid. I searched for NO_OLD_TLS usage and there are many more conditional places involving SHA computations, though I'm not sure which of them are used for certificate validation: InitHandshakeHashes, FreeHandshakeHashes, BuildFinished, SendCertificateVerify, SendServerKeyExchange, maybe more..

[embhorn]

Hi @t0x1c

I've revisited this issue and added support for the behavior you requested in #4793

[t0x1c]

thanks! my hands are full, cant verify it right now, but assuming the changes it should work

[embhorn]

Fixed by #7070