mirror of https://github.com/wolfSSL/wolfssl
Fixes #71. Disable SHA works with TLS, PWDBASED, testing.
This commit is contained in:
parent
b4a6ed1d7f
commit
77fe4f3a2e
|
@ -1775,8 +1775,6 @@ AC_ARG_ENABLE([examples],
|
|||
|
||||
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
|
||||
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
|
||||
# certs still have sha signatures for now
|
||||
AS_IF([test "x$ENABLED_SHA" = "xno" && test "x$ENABLED_PSK" = "xno"], [ENABLED_EXAMPLES="no"])
|
||||
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
|
||||
|
||||
|
||||
|
|
|
@ -66,8 +66,8 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
|
|||
{
|
||||
WOLFSSL_ENTER("InitCRL_Entry");
|
||||
|
||||
XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
|
||||
/* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE);
|
||||
XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
|
||||
/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
|
||||
* copy the hash here if needed for optimized comparisons */
|
||||
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
|
||||
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
|
||||
|
@ -152,7 +152,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
|
|||
crle = crl->crlList;
|
||||
|
||||
while (crle) {
|
||||
if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
|
||||
if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
|
||||
WOLFSSL_MSG("Found CRL Entry on list");
|
||||
WOLFSSL_MSG("Checking next date validity");
|
||||
|
||||
|
|
29
src/ssl.c
29
src/ssl.c
|
@ -1797,7 +1797,7 @@ int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
|
|||
#else
|
||||
subjectHash = signers->subjectNameHash;
|
||||
#endif
|
||||
if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
|
||||
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
|
||||
ret = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -1831,7 +1831,7 @@ Signer* GetCA(void* vp, byte* hash)
|
|||
#else
|
||||
subjectHash = signers->subjectNameHash;
|
||||
#endif
|
||||
if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
|
||||
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
|
||||
ret = signers;
|
||||
break;
|
||||
}
|
||||
|
@ -1861,7 +1861,8 @@ Signer* GetCAByName(void* vp, byte* hash)
|
|||
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
|
||||
signers = cm->caTable[row];
|
||||
while (signers && ret == NULL) {
|
||||
if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
|
||||
if (XMEMCMP(hash,
|
||||
signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) {
|
||||
ret = signers;
|
||||
}
|
||||
signers = signers->next;
|
||||
|
@ -1942,10 +1943,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||
#endif
|
||||
#ifndef NO_SKID
|
||||
XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
|
||||
SHA_DIGEST_SIZE);
|
||||
SIGNER_DIGEST_SIZE);
|
||||
#endif
|
||||
XMEMCPY(signer->subjectNameHash, cert->subjectHash,
|
||||
SHA_DIGEST_SIZE);
|
||||
SIGNER_DIGEST_SIZE);
|
||||
signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
|
||||
: 0xFFFF;
|
||||
signer->next = NULL; /* If Key Usage not set, all uses valid. */
|
||||
|
@ -7458,6 +7459,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||
#endif /* NO_MD5 */
|
||||
|
||||
|
||||
#ifndef NO_SHA
|
||||
void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
|
||||
{
|
||||
typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
|
||||
|
@ -7503,6 +7505,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||
WOLFSSL_ENTER("SHA1_Final");
|
||||
SHA_Final(input, sha);
|
||||
}
|
||||
#endif /* NO_SHA */
|
||||
|
||||
|
||||
void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
|
||||
|
@ -7606,12 +7609,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||
#endif /* NO_MD5 */
|
||||
|
||||
|
||||
#ifndef NO_SHA
|
||||
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
|
||||
{
|
||||
static const char* type = "SHA";
|
||||
WOLFSSL_ENTER("EVP_sha1");
|
||||
return type;
|
||||
}
|
||||
#endif /* NO_SHA */
|
||||
|
||||
|
||||
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
|
||||
|
@ -8225,11 +8230,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||
wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
/* has to be last since would pick or 256, 384, or 512 too */
|
||||
else if (XSTRNCMP(type, "SHA", 3) == 0) {
|
||||
ctx->macType = SHA;
|
||||
wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash);
|
||||
}
|
||||
#endif /* NO_SHA */
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
|
@ -12386,12 +12393,14 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
|
|||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (XSTRNCMP(type, "MD5", 3) == 0) {
|
||||
return MD5_DIGEST_SIZE;
|
||||
}
|
||||
else if (XSTRNCMP(type, "SHA256", 6) == 0) {
|
||||
if (XSTRNCMP(type, "SHA256", 6) == 0) {
|
||||
return SHA256_DIGEST_SIZE;
|
||||
}
|
||||
#ifndef NO_MD5
|
||||
else if (XSTRNCMP(type, "MD5", 3) == 0) {
|
||||
return MD5_DIGEST_SIZE;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
else if (XSTRNCMP(type, "SHA384", 6) == 0) {
|
||||
return SHA384_DIGEST_SIZE;
|
||||
|
@ -12402,10 +12411,12 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
|
|||
return SHA512_DIGEST_SIZE;
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
/* has to be last since would pick or 256, 384, or 512 too */
|
||||
else if (XSTRNCMP(type, "SHA", 3) == 0) {
|
||||
return SHA_DIGEST_SIZE;
|
||||
}
|
||||
#endif
|
||||
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
|
|
@ -941,9 +941,11 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
|
|||
if (version == PKCS5v2)
|
||||
ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
|
||||
derivedLen, typeH);
|
||||
#ifndef NO_SHA
|
||||
else if (version == PKCS5)
|
||||
ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
|
||||
derivedLen, typeH);
|
||||
#endif
|
||||
else if (version == PKCS12) {
|
||||
int i, idx = 0;
|
||||
byte unicodePasswd[MAX_UNICODE_SZ];
|
||||
|
@ -1447,9 +1449,9 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
|
|||
cert->extAuthInfoSz = 0;
|
||||
cert->extCrlInfo = NULL;
|
||||
cert->extCrlInfoSz = 0;
|
||||
XMEMSET(cert->extSubjKeyId, 0, SHA_SIZE);
|
||||
XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE);
|
||||
cert->extSubjKeyIdSet = 0;
|
||||
XMEMSET(cert->extAuthKeyId, 0, SHA_SIZE);
|
||||
XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE);
|
||||
cert->extAuthKeyIdSet = 0;
|
||||
cert->extKeyUsageSet = 0;
|
||||
cert->extKeyUsage = 0;
|
||||
|
@ -1852,11 +1854,11 @@ static int GetKey(DecodedCert* cert)
|
|||
/* process NAME, either issuer or subject */
|
||||
static int GetName(DecodedCert* cert, int nameType)
|
||||
{
|
||||
Sha sha; /* MUST have SHA-1 hash for cert names */
|
||||
int length; /* length of all distinguished names */
|
||||
int dummy;
|
||||
int ret;
|
||||
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
|
||||
char* full;
|
||||
byte* hash;
|
||||
word32 idx;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
DecodedName* dName =
|
||||
|
@ -1865,6 +1867,15 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||
|
||||
WOLFSSL_MSG("Getting Cert Name");
|
||||
|
||||
if (nameType == ISSUER) {
|
||||
full = cert->issuer;
|
||||
hash = cert->issuerHash;
|
||||
}
|
||||
else {
|
||||
full = cert->subject;
|
||||
hash = cert->subjectHash;
|
||||
}
|
||||
|
||||
if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
|
||||
WOLFSSL_MSG("Trying optional prefix...");
|
||||
|
||||
|
@ -1882,14 +1893,13 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
ret = wc_InitSha(&sha);
|
||||
#ifdef NO_SHA
|
||||
ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash);
|
||||
#else
|
||||
ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash);
|
||||
#endif
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
wc_ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
|
||||
if (nameType == ISSUER)
|
||||
wc_ShaFinal(&sha, cert->issuerHash);
|
||||
else
|
||||
wc_ShaFinal(&sha, cert->subjectHash);
|
||||
|
||||
length += cert->srcIdx;
|
||||
idx = 0;
|
||||
|
@ -3811,19 +3821,18 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
|
|||
cert->extAuthKeyIdSz = length;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
if (length == SHA_SIZE) {
|
||||
if (length == KEYID_SIZE) {
|
||||
XMEMCPY(cert->extAuthKeyId, input + idx, length);
|
||||
}
|
||||
else {
|
||||
Sha sha;
|
||||
ret = wc_InitSha(&sha);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
wc_ShaUpdate(&sha, input + idx, length);
|
||||
wc_ShaFinal(&sha, cert->extAuthKeyId);
|
||||
#ifdef NO_SHA
|
||||
ret = wc_Sha256Hash(input + idx, length, cert->extAuthKeyId);
|
||||
#else
|
||||
ret = wc_ShaHash(input + idx, length, cert->extAuthKeyId);
|
||||
#endif
|
||||
}
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
@ -3853,12 +3862,11 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
|
|||
XMEMCPY(cert->extSubjKeyId, input + idx, length);
|
||||
}
|
||||
else {
|
||||
Sha sha;
|
||||
ret = wc_InitSha(&sha);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
wc_ShaUpdate(&sha, input + idx, length);
|
||||
wc_ShaFinal(&sha, cert->extSubjKeyId);
|
||||
#ifdef NO_SHA
|
||||
ret = wc_Sha256Hash(input + idx, length, cert->extSubjKeyId);
|
||||
#else
|
||||
ret = wc_ShaHash(input + idx, length, cert->extSubjKeyId);
|
||||
#endif
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
@ -4355,12 +4363,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
|||
#ifndef NO_SKID
|
||||
if (cert->extSubjKeyIdSet == 0
|
||||
&& cert->publicKey != NULL && cert->pubKeySize > 0) {
|
||||
Sha sha;
|
||||
ret = wc_InitSha(&sha);
|
||||
#ifdef NO_SHA
|
||||
ret = wc_Sha256Hash(cert->publicKey, cert->pubKeySize,
|
||||
cert->extSubjKeyId);
|
||||
#else
|
||||
ret = wc_ShaHash(cert->publicKey, cert->pubKeySize,
|
||||
cert->extSubjKeyId);
|
||||
#endif
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
wc_ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
|
||||
wc_ShaFinal(&sha, cert->extSubjKeyId);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -4379,14 +4390,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
|||
if (ca) {
|
||||
#ifdef HAVE_OCSP
|
||||
/* Need the ca's public key hash for OCSP */
|
||||
{
|
||||
Sha sha;
|
||||
ret = wc_InitSha(&sha);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
wc_ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
|
||||
wc_ShaFinal(&sha, cert->issuerKeyHash);
|
||||
}
|
||||
#ifdef NO_SHA
|
||||
ret = wc_Sha256Hash(ca->publicKey, ca->pubKeySize,
|
||||
cert->issuerKeyHash);
|
||||
#else /* NO_SHA */
|
||||
ret = wc_ShaHash(ca->publicKey, ca->pubKeySize,
|
||||
cert->issuerKeyHash);
|
||||
#endif /* NO_SHA */
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif /* HAVE_OCSP */
|
||||
/* try to confirm/verify signature */
|
||||
if (!ConfirmSignature(cert->source + cert->certBegin,
|
||||
|
@ -7343,13 +7355,18 @@ int EncodeOcspRequest(OcspRequest* req)
|
|||
|
||||
WOLFSSL_ENTER("EncodeOcspRequest");
|
||||
|
||||
#ifdef NO_SHA
|
||||
algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0);
|
||||
#else
|
||||
algoSz = SetAlgoID(SHAh, algoArray, hashType, 0);
|
||||
#endif
|
||||
|
||||
req->issuerHash = req->cert->issuerHash;
|
||||
issuerSz = SetDigest(req->cert->issuerHash, SHA_SIZE, issuerArray);
|
||||
|
||||
issuerSz = SetDigest(req->cert->issuerHash, KEYID_SIZE, issuerArray);
|
||||
|
||||
req->issuerKeyHash = req->cert->issuerKeyHash;
|
||||
issuerKeySz = SetDigest(req->cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
|
||||
issuerKeySz = SetDigest(req->cert->issuerKeyHash,
|
||||
KEYID_SIZE, issuerKeyArray);
|
||||
|
||||
req->serial = req->cert->serial;
|
||||
req->serialSz = req->cert->serialSz;
|
||||
|
@ -7453,14 +7470,14 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
|
|||
}
|
||||
}
|
||||
|
||||
cmp = XMEMCMP(req->issuerHash, resp->issuerHash, SHA_DIGEST_SIZE);
|
||||
cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
|
||||
if (cmp != 0)
|
||||
{
|
||||
WOLFSSL_MSG("\tissuerHash mismatch");
|
||||
return cmp;
|
||||
}
|
||||
|
||||
cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, SHA_DIGEST_SIZE);
|
||||
cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
|
||||
if (cmp != 0)
|
||||
{
|
||||
WOLFSSL_MSG("\tissuerKeyHash mismatch");
|
||||
|
@ -7487,13 +7504,12 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
|
|||
#endif
|
||||
|
||||
|
||||
/* store SHA1 hash of NAME */
|
||||
/* store SHA hash of NAME */
|
||||
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
|
||||
int maxIdx)
|
||||
{
|
||||
Sha sha;
|
||||
int length; /* length of all distinguished names */
|
||||
int ret = 0;
|
||||
int ret;
|
||||
word32 dummy;
|
||||
|
||||
WOLFSSL_ENTER("GetNameHash");
|
||||
|
@ -7515,15 +7531,15 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
|
|||
if (GetSequence(source, idx, &length, maxIdx) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
ret = wc_InitSha(&sha);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
wc_ShaUpdate(&sha, source + dummy, length + *idx - dummy);
|
||||
wc_ShaFinal(&sha, hash);
|
||||
#ifdef NO_SHA
|
||||
ret = wc_Sha256Hash(source + dummy, length + *idx - dummy, hash);
|
||||
#else
|
||||
ret = wc_ShaHash(source + dummy, length + *idx - dummy, hash);
|
||||
#endif
|
||||
|
||||
*idx += length;
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -188,7 +188,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
|
|||
|
||||
XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
|
||||
pkcs7->publicKeySz = dCert->pubKeySize;
|
||||
XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, SHA_SIZE);
|
||||
XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
|
||||
pkcs7->issuer = dCert->issuerRaw;
|
||||
pkcs7->issuerSz = dCert->issuerRawLen;
|
||||
XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
|
||||
|
|
|
@ -68,6 +68,7 @@
|
|||
#endif /* WOLFSSL_HAVE_MIN */
|
||||
|
||||
|
||||
#ifndef NO_SHA
|
||||
/* PBKDF1 needs at least SHA available */
|
||||
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
|
||||
int sLen, int iterations, int kLen, int hashType)
|
||||
|
@ -130,6 +131,7 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* NO_SHA */
|
||||
|
||||
|
||||
int GetDigestSize(int hashType)
|
||||
|
@ -142,9 +144,11 @@ int GetDigestSize(int hashType)
|
|||
hLen = MD5_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case SHA:
|
||||
hLen = SHA_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
case SHA256:
|
||||
hLen = SHA256_DIGEST_SIZE;
|
||||
|
@ -264,10 +268,12 @@ int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
|
|||
*u = MD5_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case SHA:
|
||||
*v = SHA_BLOCK_SIZE;
|
||||
*u = SHA_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
case SHA256:
|
||||
*v = SHA256_BLOCK_SIZE;
|
||||
|
@ -313,6 +319,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
|
|||
}
|
||||
break;
|
||||
#endif /* NO_MD5 */
|
||||
#ifndef NO_SHA
|
||||
case SHA:
|
||||
{
|
||||
Sha sha;
|
||||
|
@ -328,6 +335,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
|
|||
}
|
||||
}
|
||||
break;
|
||||
#endif /* NO_SHA */
|
||||
#ifndef NO_SHA256
|
||||
case SHA256:
|
||||
{
|
||||
|
|
|
@ -4409,9 +4409,10 @@ int openssl_test(void)
|
|||
{
|
||||
EVP_MD_CTX md_ctx;
|
||||
testVector a, b, c, d, e, f;
|
||||
byte hash[SHA_DIGEST_SIZE*4]; /* max size */
|
||||
byte hash[SHA256_DIGEST_SIZE*2]; /* max size */
|
||||
|
||||
(void)a;
|
||||
(void)b;
|
||||
(void)c;
|
||||
(void)e;
|
||||
(void)f;
|
||||
|
@ -4436,6 +4437,8 @@ int openssl_test(void)
|
|||
|
||||
#endif /* NO_MD5 */
|
||||
|
||||
#ifndef NO_SHA
|
||||
|
||||
b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaa";
|
||||
|
@ -4453,6 +4456,8 @@ int openssl_test(void)
|
|||
if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
|
||||
return -72;
|
||||
|
||||
#endif /* NO_SHA */
|
||||
|
||||
|
||||
d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
|
||||
d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
|
||||
|
@ -4656,22 +4661,22 @@ int pkcs12_test(void)
|
|||
byte derived[64];
|
||||
|
||||
const byte verify[] = {
|
||||
0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46,
|
||||
0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E,
|
||||
0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3
|
||||
0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
|
||||
0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
|
||||
0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
|
||||
};
|
||||
|
||||
const byte verify2[] = {
|
||||
0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E,
|
||||
0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB,
|
||||
0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F
|
||||
0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
|
||||
0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
|
||||
0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
|
||||
};
|
||||
|
||||
int id = 1;
|
||||
int kLen = 24;
|
||||
int iterations = 1;
|
||||
int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
|
||||
kLen, SHA, id);
|
||||
int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
|
||||
iterations, kLen, SHA256, id);
|
||||
|
||||
if (ret < 0)
|
||||
return -103;
|
||||
|
@ -4680,8 +4685,8 @@ int pkcs12_test(void)
|
|||
return -104;
|
||||
|
||||
iterations = 1000;
|
||||
ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
|
||||
kLen, SHA, id);
|
||||
ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
|
||||
iterations, kLen, SHA256, id);
|
||||
if (ret < 0)
|
||||
return -105;
|
||||
|
||||
|
@ -4701,12 +4706,12 @@ int pbkdf2_test(void)
|
|||
byte derived[64];
|
||||
|
||||
const byte verify[] = {
|
||||
0xba, 0x9b, 0x3b, 0x95, 0x04, 0x4d, 0x78, 0x11, 0xec, 0xa1, 0xff, 0x3f,
|
||||
0xea, 0x3a, 0xdb, 0x55, 0x3e, 0x54, 0x0b, 0xa0, 0x9f, 0xad, 0xe6, 0x81
|
||||
0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
|
||||
0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
|
||||
};
|
||||
|
||||
int ret = wc_PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8,
|
||||
iterations, kLen, SHA);
|
||||
iterations, kLen, SHA256);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
|
@ -4717,6 +4722,7 @@ int pbkdf2_test(void)
|
|||
}
|
||||
|
||||
|
||||
#ifndef NO_SHA
|
||||
int pbkdf1_test(void)
|
||||
{
|
||||
char passwd[] = "password";
|
||||
|
@ -4738,11 +4744,15 @@ int pbkdf1_test(void)
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int pwdbased_test(void)
|
||||
{
|
||||
int ret = pbkdf1_test();
|
||||
int ret = 0;
|
||||
#ifndef NO_SHA
|
||||
ret += pbkdf1_test();
|
||||
#endif
|
||||
ret += pbkdf2_test();
|
||||
|
||||
return ret + pkcs12_test();
|
||||
|
@ -4968,7 +4978,8 @@ int ecc_test(void)
|
|||
if (ret != 0)
|
||||
return -1017;
|
||||
|
||||
#if (defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES)
|
||||
#if !defined(NO_SHA) && \
|
||||
((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))
|
||||
{
|
||||
/* test raw ECC key import */
|
||||
Sha sha;
|
||||
|
|
|
@ -433,13 +433,15 @@ typedef byte word24[3];
|
|||
#endif
|
||||
#endif
|
||||
#if !defined(NO_DES3)
|
||||
#if !defined(NO_RSA)
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
#if !defined(NO_RSA)
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#endif
|
||||
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
#endif /* NO_SHA */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -1152,10 +1154,10 @@ struct WOLFSSL_CIPHER {
|
|||
|
||||
typedef struct OCSP_Entry OCSP_Entry;
|
||||
|
||||
#ifdef SHA_DIGEST_SIZE
|
||||
#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
|
||||
#ifdef NO_SHA
|
||||
#define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
|
||||
#else
|
||||
#define OCSP_DIGEST_SIZE 160
|
||||
#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
|
||||
#endif
|
||||
|
||||
#ifdef NO_ASN
|
||||
|
@ -1189,10 +1191,10 @@ struct WOLFSSL_OCSP {
|
|||
|
||||
typedef struct CRL_Entry CRL_Entry;
|
||||
|
||||
#ifdef SHA_DIGEST_SIZE
|
||||
#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
|
||||
#ifdef NO_SHA
|
||||
#define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
|
||||
#else
|
||||
#define CRL_DIGEST_SIZE 160
|
||||
#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
|
||||
#endif
|
||||
|
||||
#ifdef NO_ASN
|
||||
|
|
|
@ -48,6 +48,7 @@
|
|||
#ifndef NO_MD5
|
||||
#include <wolfssl/wolfcrypt/md5.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
|
||||
#ifdef HAVE_ECC
|
||||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
|
@ -138,7 +139,11 @@ enum Misc_ASN {
|
|||
ASN_BOOL_SIZE = 2, /* including type */
|
||||
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
|
||||
ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
|
||||
SHA_SIZE = 20,
|
||||
#ifdef NO_SHA
|
||||
KEYID_SIZE = SHA256_DIGEST_SIZE,
|
||||
#else
|
||||
KEYID_SIZE = SHA_DIGEST_SIZE,
|
||||
#endif
|
||||
RSA_INTS = 8, /* RSA ints in private key */
|
||||
MIN_DATE_SIZE = 13,
|
||||
MAX_DATE_SIZE = 32,
|
||||
|
@ -353,10 +358,10 @@ struct DecodedCert {
|
|||
Base_entry* permittedNames; /* Permitted name bases */
|
||||
Base_entry* excludedNames; /* Excluded name bases */
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
byte subjectHash[SHA_SIZE]; /* hash of all Names */
|
||||
byte issuerHash[SHA_SIZE]; /* hash of all Names */
|
||||
byte subjectHash[KEYID_SIZE]; /* hash of all Names */
|
||||
byte issuerHash[KEYID_SIZE]; /* hash of all Names */
|
||||
#ifdef HAVE_OCSP
|
||||
byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */
|
||||
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
|
||||
#endif /* HAVE_OCSP */
|
||||
byte* signature; /* not owned, points into raw cert */
|
||||
char* subjectCN; /* CommonName */
|
||||
|
@ -379,9 +384,9 @@ struct DecodedCert {
|
|||
int extAuthInfoSz; /* length of the URI */
|
||||
byte* extCrlInfo; /* CRL Distribution Points */
|
||||
int extCrlInfoSz; /* length of the URI */
|
||||
byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */
|
||||
byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
|
||||
byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
|
||||
byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */
|
||||
byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
|
||||
byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
byte extNameConstraintSet;
|
||||
|
@ -471,10 +476,10 @@ struct DecodedCert {
|
|||
};
|
||||
|
||||
|
||||
#ifdef SHA_DIGEST_SIZE
|
||||
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
|
||||
#ifdef NO_SHA
|
||||
#define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
|
||||
#else
|
||||
#define SIGNER_DIGEST_SIZE 20
|
||||
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
|
||||
#endif
|
||||
|
||||
/* CA Signers */
|
||||
|
@ -710,8 +715,8 @@ struct DecodedCRL {
|
|||
word32 sigLength; /* length of signature */
|
||||
word32 signatureOID; /* sum of algorithm object id */
|
||||
byte* signature; /* pointer into raw source, not owned */
|
||||
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
|
||||
byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */
|
||||
byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */
|
||||
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
|
||||
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
|
||||
byte nextDate[MAX_DATE_SIZE]; /* next update date */
|
||||
byte lastDateFormat; /* format of last date */
|
||||
|
|
|
@ -80,7 +80,7 @@ typedef struct PKCS7 {
|
|||
|
||||
byte* singleCert; /* recipient cert, DER, not owner */
|
||||
word32 singleCertSz; /* size of recipient cert buffer, bytes */
|
||||
byte issuerHash[SHA_SIZE]; /* hash of all alt Names */
|
||||
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
|
||||
byte* issuer; /* issuer name of singleCert */
|
||||
word32 issuerSz; /* length of issuer name */
|
||||
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
|
||||
|
|
Loading…
Reference in New Issue