src/internal.c,src/wolfio.c: fallback to SHA256 when NO_SHA, in LoadCertByIssuer(), MicriumGenerateCookie(), uIPGenerateCookie(), and GNRC_GenerateCookie();

tests/api.c: when NO_SHA, omit test_wolfSSL_CertManagerCheckOCSPResponse() and test_wolfSSL_CheckOCSPResponse() (both use static artifacts with SHA1 name and key hashes).
2023-11-15 00:01:04 -06:00 · 2023-11-15 00:01:04 -06:00 · 7569cfdff8
commit 7569cfdff8
parent 6a3451ca54
3 changed files with 19 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -13219,9 +13219,11 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)

    len = wolfSSL_i2d_X509_NAME_canon(issuer, &pbuf);
    if (len > 0) {
-        #ifndef NO_SHA
+    #if defined(NO_SHA) && !defined(NO_SHA256)
+        retHash = wc_Sha256Hash((const byte*)pbuf, len, dgt);
+    #elif !defined(NO_SHA)
        retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
-        #endif
+    #endif
        if (retHash == 0) {
            /* 4 bytes in little endian as unsigned long */
            hash = (((unsigned long)dgt[3] << 24) |
--- a/src/wolfio.c
+++ b/src/wolfio.c
@ -2505,7 +2505,11 @@ int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
        return GEN_COOKIE_E;
    }

+#if defined(NO_SHA) && !defined(NO_SHA256)
+    ret = wc_Sha256Hash((byte*)&peer, peerSz, digest);
+#else
    ret = wc_ShaHash((byte*)&peer, peerSz, digest);
+#endif
    if (ret != 0)
        return ret;

@ -2813,7 +2817,11 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
    XMEMSET(token, 0, sizeof(token));
    XMEMCPY(token, &ctx->peer_addr, sizeof(uip_ipaddr_t));
    XMEMCPY(token + sizeof(uip_ipaddr_t), &ctx->peer_port, sizeof(word16));
+#if defined(NO_SHA) && !defined(NO_SHA256)
+    ret = wc_Sha256Hash(token, sizeof(uip_ipaddr_t) + sizeof(word16), digest);
+#else
    ret = wc_ShaHash(token, sizeof(uip_ipaddr_t) + sizeof(word16), digest);
+#endif
    if (ret != 0)
        return ret;
    if (sz > WC_SHA_DIGEST_SIZE)
@ -2895,7 +2903,11 @@ int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
        token_size = GNRC_MAX_TOKEN_SIZE;
    XMEMSET(token, 0, GNRC_MAX_TOKEN_SIZE);
    XMEMCPY(token, &ctx->peer_addr, token_size);
+#if defined(NO_SHA) && !defined(NO_SHA256)
+    ret = wc_Sha256Hash(token, token_size, digest);
+#else
    ret = wc_ShaHash(token, token_size, digest);
+#endif
    if (ret != 0)
        return ret;
    if (sz > WC_SHA_DIGEST_SIZE)
--- a/tests/api.c
+++ b/tests/api.c
@ -3196,7 +3196,7 @@ static int test_wolfSSL_CertManagerCRL(void)
 static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 {
    EXPECT_DECLS;
-#if defined(HAVE_OCSP) && !defined(NO_RSA)
+#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA)
 /* Need one of these for wolfSSL_OCSP_REQUEST_new. */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
@ -3516,7 +3516,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 static int test_wolfSSL_CheckOCSPResponse(void)
 {
    EXPECT_DECLS;
-#if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL)
+#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \
+       defined(OPENSSL_ALL)
    const char* responseFile = "./certs/ocsp/test-response.der";
    const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
    const char* responseNoInternFile =