mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes #71. Disable SHA works with TLS, PWDBASED, testing.

This commit is contained in:
John Safranek 2015-05-28 10:25:41 -07:00
parent b4a6ed1d7f
commit 77fe4f3a2e
10 changed files with 156 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -1775,8 +1775,6 @@ AC_ARG_ENABLE([examples],
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
# certs still have sha signatures for now
AS_IF([test "x$ENABLED_SHA" = "xno" && test "x$ENABLED_PSK" = "xno"], [ENABLED_EXAMPLES="no"])
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])

6
src/crl.c
View File

@ -66,8 +66,8 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
{
WOLFSSL_ENTER("InitCRL_Entry");
XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
/* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE);
XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
* copy the hash here if needed for optimized comparisons */
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
@ -152,7 +152,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
crle = crl->crlList;
while (crle) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
WOLFSSL_MSG("Found CRL Entry on list");
WOLFSSL_MSG("Checking next date validity");

29
src/ssl.c
View File

@ -1797,7 +1797,7 @@ int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
#else
subjectHash = signers->subjectNameHash;
#endif
if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = 1;
break;
}
@ -1831,7 +1831,7 @@ Signer* GetCA(void* vp, byte* hash)
#else
subjectHash = signers->subjectNameHash;
#endif
if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = signers;
break;
}
@ -1861,7 +1861,8 @@ Signer* GetCAByName(void* vp, byte* hash)
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
signers = cm->caTable[row];
while (signers && ret == NULL) {
if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
if (XMEMCMP(hash,
signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) {
ret = signers;
}
signers = signers->next;
@ -1942,10 +1943,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
#endif
#ifndef NO_SKID
XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
SHA_DIGEST_SIZE);
SIGNER_DIGEST_SIZE);
#endif
XMEMCPY(signer->subjectNameHash, cert->subjectHash,
SHA_DIGEST_SIZE);
SIGNER_DIGEST_SIZE);
signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
: 0xFFFF;
signer->next = NULL; /* If Key Usage not set, all uses valid. */
@ -7458,6 +7459,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_MD5 */
#ifndef NO_SHA
void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
{
typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
@ -7503,6 +7505,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_ENTER("SHA1_Final");
SHA_Final(input, sha);
}
#endif /* NO_SHA */
void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
@ -7606,12 +7609,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_MD5 */
#ifndef NO_SHA
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
{
static const char* type = "SHA";
WOLFSSL_ENTER("EVP_sha1");
return type;
}
#endif /* NO_SHA */
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
@ -8225,11 +8230,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
}
#endif
#ifndef NO_SHA
/* has to be last since would pick or 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) {
ctx->macType = SHA;
wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash);
}
#endif /* NO_SHA */
else
return BAD_FUNC_ARG;
@ -12386,12 +12393,14 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
return BAD_FUNC_ARG;
}
if (XSTRNCMP(type, "MD5", 3) == 0) {
return MD5_DIGEST_SIZE;
}
else if (XSTRNCMP(type, "SHA256", 6) == 0) {
if (XSTRNCMP(type, "SHA256", 6) == 0) {
return SHA256_DIGEST_SIZE;
}
#ifndef NO_MD5
else if (XSTRNCMP(type, "MD5", 3) == 0) {
return MD5_DIGEST_SIZE;
}
#endif
#ifdef WOLFSSL_SHA384
else if (XSTRNCMP(type, "SHA384", 6) == 0) {
return SHA384_DIGEST_SIZE;
@ -12402,10 +12411,12 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
return SHA512_DIGEST_SIZE;
}
#endif
#ifndef NO_SHA
/* has to be last since would pick or 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) {
return SHA_DIGEST_SIZE;
}
#endif
return BAD_FUNC_ARG;
}

116
wolfcrypt/src/asn.c
View File

@ -941,9 +941,11 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
if (version == PKCS5v2)
ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
derivedLen, typeH);
#ifndef NO_SHA
else if (version == PKCS5)
ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
derivedLen, typeH);
#endif
else if (version == PKCS12) {
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
@ -1447,9 +1449,9 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthInfoSz = 0;
cert->extCrlInfo = NULL;
cert->extCrlInfoSz = 0;
XMEMSET(cert->extSubjKeyId, 0, SHA_SIZE);
XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE);
cert->extSubjKeyIdSet = 0;
XMEMSET(cert->extAuthKeyId, 0, SHA_SIZE);
XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE);
cert->extAuthKeyIdSet = 0;
cert->extKeyUsageSet = 0;
cert->extKeyUsage = 0;
@ -1852,11 +1854,11 @@ static int GetKey(DecodedCert* cert)
/* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType)
{
Sha sha; /* MUST have SHA-1 hash for cert names */
int length; /* length of all distinguished names */
int dummy;
int ret;
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
char* full;
byte* hash;
word32 idx;
#ifdef OPENSSL_EXTRA
DecodedName* dName =
@ -1865,6 +1867,15 @@ static int GetName(DecodedCert* cert, int nameType)
WOLFSSL_MSG("Getting Cert Name");
if (nameType == ISSUER) {
full = cert->issuer;
hash = cert->issuerHash;
}
else {
full = cert->subject;
hash = cert->subjectHash;
}
if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
WOLFSSL_MSG("Trying optional prefix...");
@ -1882,14 +1893,13 @@ static int GetName(DecodedCert* cert, int nameType)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
ret = wc_InitSha(&sha);
#ifdef NO_SHA
ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash);
#else
ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash);
#endif
if (ret != 0)
return ret;
wc_ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
if (nameType == ISSUER)
wc_ShaFinal(&sha, cert->issuerHash);
else
wc_ShaFinal(&sha, cert->subjectHash);
length += cert->srcIdx;
idx = 0;
@ -3811,19 +3821,18 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
if (length == SHA_SIZE) {
if (length == KEYID_SIZE) {
XMEMCPY(cert->extAuthKeyId, input + idx, length);
}
else {
Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
return ret;
wc_ShaUpdate(&sha, input + idx, length);
wc_ShaFinal(&sha, cert->extAuthKeyId);
#ifdef NO_SHA
ret = wc_Sha256Hash(input + idx, length, cert->extAuthKeyId);
#else
ret = wc_ShaHash(input + idx, length, cert->extAuthKeyId);
#endif
}
return 0;
return ret;
}
@ -3853,12 +3862,11 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
XMEMCPY(cert->extSubjKeyId, input + idx, length);
}
else {
Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
return ret;
wc_ShaUpdate(&sha, input + idx, length);
wc_ShaFinal(&sha, cert->extSubjKeyId);
#ifdef NO_SHA
ret = wc_Sha256Hash(input + idx, length, cert->extSubjKeyId);
#else
ret = wc_ShaHash(input + idx, length, cert->extSubjKeyId);
#endif
}
return ret;
@ -4355,12 +4363,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
#ifndef NO_SKID
if (cert->extSubjKeyIdSet == 0
&& cert->publicKey != NULL && cert->pubKeySize > 0) {
Sha sha;
ret = wc_InitSha(&sha);
#ifdef NO_SHA
ret = wc_Sha256Hash(cert->publicKey, cert->pubKeySize,
cert->extSubjKeyId);
#else
ret = wc_ShaHash(cert->publicKey, cert->pubKeySize,
cert->extSubjKeyId);
#endif
if (ret != 0)
return ret;
wc_ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
wc_ShaFinal(&sha, cert->extSubjKeyId);
}
#endif
@ -4379,14 +4390,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
if (ca) {
#ifdef HAVE_OCSP
/* Need the ca's public key hash for OCSP */
{
Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
return ret;
wc_ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
wc_ShaFinal(&sha, cert->issuerKeyHash);
}
#ifdef NO_SHA
ret = wc_Sha256Hash(ca->publicKey, ca->pubKeySize,
cert->issuerKeyHash);
#else /* NO_SHA */
ret = wc_ShaHash(ca->publicKey, ca->pubKeySize,
cert->issuerKeyHash);
#endif /* NO_SHA */
if (ret != 0)
return ret;
#endif /* HAVE_OCSP */
/* try to confirm/verify signature */
if (!ConfirmSignature(cert->source + cert->certBegin,
@ -7343,13 +7355,18 @@ int EncodeOcspRequest(OcspRequest* req)
WOLFSSL_ENTER("EncodeOcspRequest");
#ifdef NO_SHA
algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0);
#else
algoSz = SetAlgoID(SHAh, algoArray, hashType, 0);
#endif
req->issuerHash = req->cert->issuerHash;
issuerSz = SetDigest(req->cert->issuerHash, SHA_SIZE, issuerArray);
issuerSz = SetDigest(req->cert->issuerHash, KEYID_SIZE, issuerArray);
req->issuerKeyHash = req->cert->issuerKeyHash;
issuerKeySz = SetDigest(req->cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
issuerKeySz = SetDigest(req->cert->issuerKeyHash,
KEYID_SIZE, issuerKeyArray);
req->serial = req->cert->serial;
req->serialSz = req->cert->serialSz;
@ -7453,14 +7470,14 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
}
}
cmp = XMEMCMP(req->issuerHash, resp->issuerHash, SHA_DIGEST_SIZE);
cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
if (cmp != 0)
{
WOLFSSL_MSG("\tissuerHash mismatch");
return cmp;
}
cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, SHA_DIGEST_SIZE);
cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
if (cmp != 0)
{
WOLFSSL_MSG("\tissuerKeyHash mismatch");
@ -7487,13 +7504,12 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
#endif
/* store SHA1 hash of NAME */
/* store SHA hash of NAME */
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx)
{
Sha sha;
int length; /* length of all distinguished names */
int ret = 0;
int ret;
word32 dummy;
WOLFSSL_ENTER("GetNameHash");
@ -7515,15 +7531,15 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
if (GetSequence(source, idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
ret = wc_InitSha(&sha);
if (ret != 0)
return ret;
wc_ShaUpdate(&sha, source + dummy, length + *idx - dummy);
wc_ShaFinal(&sha, hash);
#ifdef NO_SHA
ret = wc_Sha256Hash(source + dummy, length + *idx - dummy, hash);
#else
ret = wc_ShaHash(source + dummy, length + *idx - dummy, hash);
#endif
*idx += length;
return 0;
return ret;
}

2
wolfcrypt/src/pkcs7.c
View File

@ -188,7 +188,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
pkcs7->publicKeySz = dCert->pubKeySize;
XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, SHA_SIZE);
XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
pkcs7->issuer = dCert->issuerRaw;
pkcs7->issuerSz = dCert->issuerRawLen;
XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);

8
wolfcrypt/src/pwdbased.c
View File

@ -68,6 +68,7 @@
#endif /* WOLFSSL_HAVE_MIN */
#ifndef NO_SHA
/* PBKDF1 needs at least SHA available */
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType)
@ -130,6 +131,7 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
return 0;
}
#endif /* NO_SHA */
int GetDigestSize(int hashType)
@ -142,9 +144,11 @@ int GetDigestSize(int hashType)
hLen = MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case SHA:
hLen = SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case SHA256:
hLen = SHA256_DIGEST_SIZE;
@ -264,10 +268,12 @@ int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
*u = MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case SHA:
*v = SHA_BLOCK_SIZE;
*u = SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case SHA256:
*v = SHA256_BLOCK_SIZE;
@ -313,6 +319,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
}
break;
#endif /* NO_MD5 */
#ifndef NO_SHA
case SHA:
{
Sha sha;
@ -328,6 +335,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
}
}
break;
#endif /* NO_SHA */
#ifndef NO_SHA256
case SHA256:
{

43
wolfcrypt/test/test.c
View File

@ -4409,9 +4409,10 @@ int openssl_test(void)
{
EVP_MD_CTX md_ctx;
testVector a, b, c, d, e, f;
byte hash[SHA_DIGEST_SIZE*4]; /* max size */
byte hash[SHA256_DIGEST_SIZE*2]; /* max size */
(void)a;
(void)b;
(void)c;
(void)e;
(void)f;
@ -4436,6 +4437,8 @@ int openssl_test(void)
#endif /* NO_MD5 */
#ifndef NO_SHA
b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaa";
@ -4453,6 +4456,8 @@ int openssl_test(void)
if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
return -72;
#endif /* NO_SHA */
d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
@ -4656,22 +4661,22 @@ int pkcs12_test(void)
byte derived[64];
const byte verify[] = {
0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46,
0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E,
0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3
0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
};
const byte verify2[] = {
0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E,
0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB,
0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F
0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
};
int id = 1;
int kLen = 24;
int iterations = 1;
int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
kLen, SHA, id);
int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
iterations, kLen, SHA256, id);
if (ret < 0)
return -103;
@ -4680,8 +4685,8 @@ int pkcs12_test(void)
return -104;
iterations = 1000;
ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
kLen, SHA, id);
ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
iterations, kLen, SHA256, id);
if (ret < 0)
return -105;
@ -4701,12 +4706,12 @@ int pbkdf2_test(void)
byte derived[64];
const byte verify[] = {
0xba, 0x9b, 0x3b, 0x95, 0x04, 0x4d, 0x78, 0x11, 0xec, 0xa1, 0xff, 0x3f,
0xea, 0x3a, 0xdb, 0x55, 0x3e, 0x54, 0x0b, 0xa0, 0x9f, 0xad, 0xe6, 0x81
0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
};
int ret = wc_PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8,
iterations, kLen, SHA);
iterations, kLen, SHA256);
if (ret != 0)
return ret;
@ -4717,6 +4722,7 @@ int pbkdf2_test(void)
}
#ifndef NO_SHA
int pbkdf1_test(void)
{
char passwd[] = "password";
@ -4738,11 +4744,15 @@ int pbkdf1_test(void)
return 0;
}
#endif
int pwdbased_test(void)
{
int ret = pbkdf1_test();
int ret = 0;
#ifndef NO_SHA
ret += pbkdf1_test();
#endif
ret += pbkdf2_test();
return ret + pkcs12_test();
@ -4968,7 +4978,8 @@ int ecc_test(void)
if (ret != 0)
return -1017;
#if (defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES)
#if !defined(NO_SHA) && \
((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))
{
/* test raw ECC key import */
Sha sha;

26
wolfssl/internal.h
View File

@ -433,13 +433,15 @@ typedef byte word24[3];
#endif
#endif
#if !defined(NO_DES3)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#ifndef NO_SHA
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#endif /* NO_SHA */
#endif
#endif
@ -1152,10 +1154,10 @@ struct WOLFSSL_CIPHER {
typedef struct OCSP_Entry OCSP_Entry;
#ifdef SHA_DIGEST_SIZE
#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
#ifdef NO_SHA
#define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
#else
#define OCSP_DIGEST_SIZE 160
#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
#endif
#ifdef NO_ASN
@ -1189,10 +1191,10 @@ struct WOLFSSL_OCSP {
typedef struct CRL_Entry CRL_Entry;
#ifdef SHA_DIGEST_SIZE
#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
#ifdef NO_SHA
#define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
#else
#define CRL_DIGEST_SIZE 160
#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
#endif
#ifdef NO_ASN

27
wolfssl/wolfcrypt/asn.h
View File

@ -48,6 +48,7 @@
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
#endif
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
@ -138,7 +139,11 @@ enum Misc_ASN {
ASN_BOOL_SIZE = 2, /* including type */
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
SHA_SIZE = 20,
#ifdef NO_SHA
KEYID_SIZE = SHA256_DIGEST_SIZE,
#else
KEYID_SIZE = SHA_DIGEST_SIZE,
#endif
RSA_INTS = 8, /* RSA ints in private key */
MIN_DATE_SIZE = 13,
MAX_DATE_SIZE = 32,
@ -353,10 +358,10 @@ struct DecodedCert {
Base_entry* permittedNames; /* Permitted name bases */
Base_entry* excludedNames; /* Excluded name bases */
#endif /* IGNORE_NAME_CONSTRAINTS */
byte subjectHash[SHA_SIZE]; /* hash of all Names */
byte issuerHash[SHA_SIZE]; /* hash of all Names */
byte subjectHash[KEYID_SIZE]; /* hash of all Names */
byte issuerHash[KEYID_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP
byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */
byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */
@ -379,9 +384,9 @@ struct DecodedCert {
int extAuthInfoSz; /* length of the URI */
byte* extCrlInfo; /* CRL Distribution Points */
int extCrlInfoSz; /* length of the URI */
byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */
byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */
byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
#ifndef IGNORE_NAME_CONSTRAINTS
byte extNameConstraintSet;
@ -471,10 +476,10 @@ struct DecodedCert {
};
#ifdef SHA_DIGEST_SIZE
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
#ifdef NO_SHA
#define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
#else
#define SIGNER_DIGEST_SIZE 20
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
#endif
/* CA Signers */
@ -710,8 +715,8 @@ struct DecodedCRL {
word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */
byte* signature; /* pointer into raw source, not owned */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */
byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
byte lastDateFormat; /* format of last date */

2
wolfssl/wolfcrypt/pkcs7.h
View File

@ -80,7 +80,7 @@ typedef struct PKCS7 {
byte* singleCert; /* recipient cert, DER, not owner */
word32 singleCertSz; /* size of recipient cert buffer, bytes */
byte issuerHash[SHA_SIZE]; /* hash of all alt Names */
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
byte* issuer; /* issuer name of singleCert */
word32 issuerSz; /* length of issuer name */
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */