feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5913 from douzzer/20221219-no-sha-1-all-crypto

Browse Source 
20221219-no-sha-1-all-crypto
This commit is contained in:
David Garske
2022-12-22 17:02:58 -08:00
committed by GitHub
parent 1b18da7e87 455e76873c
commit 49d23cf60a
7 changed files with 147 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
configure.ac
View File

@ -2998,9 +2998,12 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ]
)
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
if test "$enable_dsa" = ""
then
ENABLED_DSA="yes"
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
then
ENABLED_DSA="yes"
fi
fi
if test "$ENABLED_DSA" = "no"
@ -4115,6 +4118,11 @@ else
fi
fi
if test "$ENABLED_SHA" = "no" && test "$ENABLED_DSA" != "no"
then
AC_MSG_ERROR([please disable DSA if disabling SHA-1.])
fi
# SipHash
AC_ARG_ENABLE([siphash],
@ -7746,8 +7754,9 @@ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_SHA" = "xno"],
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
test "x$ENABLED_SHA" = "xno" && \
test "x$ENABLED_SHA256" = "xno"],
[AC_MSG_ERROR([please enable sha or sha256 if enabling pkcs7.])])
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \

31
src/conf.c
View File

@ -330,7 +330,7 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
return 0;
}
/* Use SHA for hashing as OpenSSL uses a hash algorithm that is
/* Use SHA[256] for hashing as OpenSSL uses a hash algorithm that is
* "not as good as MD5, but still good" so using SHA should be more
* than good enough for this application. The produced hashes don't
* need to line up between OpenSSL and wolfSSL. The hashes are for
@ -338,19 +338,21 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
unsigned long wolfSSL_LH_strhash(const char *str)
{
unsigned long ret = 0;
#ifndef NO_SHA
wc_Sha sha;
int strLen;
#if !defined(NO_SHA)
wc_Sha sha;
byte digest[WC_SHA_DIGEST_SIZE];
#elif !defined(NO_SHA256)
wc_Sha256 sha;
byte digest[WC_SHA256_DIGEST_SIZE];
#endif
WOLFSSL_ENTER("wolfSSL_LH_strhash");
if (!str)
return 0;
#ifndef NO_SHA
strLen = (int)XSTRLEN(str);
#if !defined(NO_SHA)
if (wc_InitSha_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA1 Init failed");
return 0;
@ -366,6 +368,25 @@ unsigned long wolfSSL_LH_strhash(const char *str)
}
}
wc_ShaFree(&sha);
#elif !defined(NO_SHA256)
if (wc_InitSha256_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA256 Init failed");
return 0;
}
ret = wc_Sha256Update(&sha, (const byte *)str, (word32)strLen);
if (ret != 0) {
WOLFSSL_MSG("SHA256 Update failed");
} else {
ret = wc_Sha256Final(&sha, digest);
if (ret != 0) {
WOLFSSL_MSG("SHA256 Final failed");
}
}
wc_Sha256Free(&sha);
#endif
#if !defined(NO_SHA) || !defined(NO_SHA256)
if (ret != 0)
return 0;

86
tests/api.c
View File

@ -20334,7 +20334,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
int result = TEST_SKIPPED;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
&& !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
&& !defined(NO_SHA)
&& !defined(NO_SHA256)
RsaKey key;
WC_RNG rng;
int ret;
@ -20372,7 +20372,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
/* Encrypt */
if (ret == 0) {
ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
if (ret >= 0) {
idx = ret;
ret = 0;
@ -20397,8 +20397,8 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
#endif
if (ret == 0) {
ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
WC_MGF1SHA1, NULL, 0);
plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
WC_MGF1SHA256, NULL, 0);
}
if (ret >= 0) {
if (!XMEMCMP(plain, inStr, plainSz)) {
@ -20417,8 +20417,8 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
if (ret == 0) {
ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
&res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
WC_MGF1SHA1, NULL, 0);
&res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
WC_MGF1SHA256, NULL, 0);
if (ret >= 0) {
if (!XMEMCMP(inStr, res, plainSz)) {
@ -28014,7 +28014,11 @@ static int test_wc_PKCS7_EncodeSignedData(void)
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh;
#endif
pkcs7->rng = &rng;
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
@ -28078,7 +28082,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
word32 outputFootSz = (word32)sizeof(outputFoot);
byte data[FOURK_BUF];
wc_HashAlg hash;
#ifdef NO_SHA
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
#else
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
#endif
byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType);
@ -28164,7 +28172,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh;
#endif
pkcs7->rng = &rng;
/* calculate hash for content */
@ -28535,7 +28547,11 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
else {
pkcs7->encryptOID = ECDSAk;
}
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh;
#endif
pkcs7->rng = &rng;
if (withAttribs) {
/* include a signed attribute */
@ -28582,7 +28598,11 @@ static int test_wc_PKCS7_VerifySignedData(void)
int ret;
wc_HashAlg hash;
#ifdef NO_SHA
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
#else
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
#endif
byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType);
@ -28912,27 +28932,27 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
/* RSA certs and keys. */
#if defined(USE_CERT_BUFFERS_1024)
rsaCertSz = (word32)sizeof_client_cert_der_1024;
/* Allocate buffer space. */
AssertNotNull(rsaCert =
(byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
(byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_1024;
XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
#elif defined(USE_CERT_BUFFERS_2048)
rsaCertSz = (word32)sizeof_client_cert_der_2048;
/* Allocate buffer */
AssertNotNull(rsaCert =
(byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
(byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_2048;
XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
#else
@ -29173,7 +29193,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
wc_FreeRng(&rng);
#endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA)
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
!defined(NO_RSA) && !defined(NO_SHA)
{
byte out[7];
byte *cms;
@ -29202,7 +29223,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
AssertIntEQ(XMEMCMP(out, "test", 4), 0);
wc_PKCS7_Free(pkcs7);
}
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
res = TEST_RES_CHECK(1);
#endif /* HAVE_PKCS7 */
@ -29431,7 +29452,7 @@ static int test_wc_PKCS7_Degenerate(void)
} /* END test_wc_PKCS7_Degenerate() */
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER) && !defined(NO_DES3)
defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA)
static byte berContent[] = {
0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
@ -29621,7 +29642,9 @@ static byte berContent[] = {
0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00
};
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
* !NO_DES3 && !NO_SHA
*/
/*
* Testing wc_PKCS7_BER()
@ -29630,7 +29653,7 @@ static int test_wc_PKCS7_BER(void)
{
int res = TEST_SKIPPED;
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER)
!defined(NO_SHA) && defined(ASN_BER_TO_DER)
PKCS7* pkcs7;
char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
XFILE f;
@ -30505,7 +30528,11 @@ static int test_wolfSSL_lhash(void)
"We were born\n"
"Born to be wild";
#ifdef NO_SHA
AssertIntEQ(lh_strhash(testStr), 0xf9dc8a43);
#else
AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);
#endif
res = TEST_RES_CHECK(1);
#endif
@ -34421,7 +34448,11 @@ static int test_wolfSSL_PKCS7_certs(void)
for (i = 0; i < 2; i++) {
AssertNotNull(p7 = PKCS7_new());
p7->version = 1;
#ifdef NO_SHA
p7->hashOID = SHA256h;
#else
p7->hashOID = SHAh;
#endif
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
@ -38843,7 +38874,7 @@ static int test_wolfSSL_PKCS8_d2i(void)
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio);
#ifndef NO_DES3
#if !defined(NO_DES3) && !defined(NO_SHA)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write Encrypted PKCS#8 PEM to BIO. */
bytes = 1834;
@ -38853,7 +38884,7 @@ static int test_wolfSSL_PKCS8_d2i(void)
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif /* !NO_DES3 */
#endif /* !NO_DES3 && !NO_SHA */
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
EVP_PKEY_free(pkey);
@ -45346,7 +45377,12 @@ static int test_wolfSSL_EVP_get_digestbynid(void)
#ifndef NO_MD5
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
#endif
#ifndef NO_SHA
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
#endif
#ifndef NO_SHA256
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256));
#endif
AssertNull(wolfSSL_EVP_get_digestbynid(0));
return TEST_RES_CHECK(1);
@ -48993,7 +49029,11 @@ static int test_wolfssl_PKCS7(void)
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh;
#endif
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655);
@ -49304,7 +49344,11 @@ static int test_wolfSSL_PEM_write_bio_PKCS7(void)
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh;
#endif
pkcs7->signedAttribs = NULL;
pkcs7->signedAttribsSz = 0;

34
tests/srp.c
View File

@ -35,9 +35,6 @@
static byte username[] = "user";
static word32 usernameSz = 4;
static byte password[] = "password";
static word32 passwordSz = 8;
static byte srp_N[] = {
0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E,
0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3,
@ -55,6 +52,17 @@ static byte srp_salt[] = {
0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18
};
#ifdef NO_SHA
#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA256
#else /* SHA-1 */
#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA
static byte password[] = "password";
static word32 passwordSz = 8;
static byte srp_verifier[] = {
0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61,
0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47,
@ -111,17 +119,21 @@ static byte srp_server_proof[] = {
0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75
};
#endif /* SHA-1 */
static void test_SrpInit(void)
{
Srp srp;
/* invalid params */
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
SRP_CLIENT_SIDE));
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, (SrpSide)255));
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
(SrpSide)255));
/* success */
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
wc_SrpTerm(&srp);
}
@ -130,7 +142,7 @@ static void test_SrpSetUsername(void)
{
Srp srp;
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
/* invalid params */
AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
@ -148,7 +160,7 @@ static void test_SrpSetParams(void)
{
Srp srp;
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
/* invalid call order */
AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp,
@ -188,6 +200,8 @@ static void test_SrpSetParams(void)
wc_SrpTerm(&srp);
}
#ifndef NO_SHA
static void test_SrpSetPassword(void)
{
Srp srp;
@ -435,6 +449,8 @@ static void test_SrpGetProofAndVerify(void)
wc_SrpTerm(&srv);
}
#endif /* !NO_SHA */
static int sha512_key_gen(Srp* srp, byte* secret, word32 size)
{
wc_Sha512 hash;
@ -829,10 +845,12 @@ void SrpTest(void)
test_SrpInit();
test_SrpSetUsername();
test_SrpSetParams();
#ifndef NO_SHA
test_SrpSetPassword();
test_SrpGetPublic();
test_SrpComputeKey();
test_SrpGetProofAndVerify();
#endif /* !NO_SHA */
test_SrpKeyGenFunc_cb();
wolfCrypt_Cleanup();
#endif

2
wolfcrypt/src/pkcs7.c
View File

@ -10078,10 +10078,10 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
#if !defined(NO_PWDBASED) && !defined(NO_SHA)
ret = wc_PKCS7_DecryptPwri(pkcs7, in, inSz, idx,
decryptedKey, decryptedKeySz, recipFound);
break;
#else
return NOT_COMPILED_IN;
#endif
break;
case WC_PKCS7_DECRYPT_ORI:
ret = wc_PKCS7_DecryptOri(pkcs7, in, inSz, idx,

14
wolfcrypt/test/test.c
View File

@ -37474,6 +37474,19 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
int decodedSz = FOURK_BUF/2;
WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
#ifdef NO_SHA
#ifdef USE_CERT_BUFFERS_1024
0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9,
0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2,
0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06,
0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9
#else
0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36,
0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e,
0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4,
0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71
#endif
#else /* !NO_SHA */
#ifdef USE_CERT_BUFFERS_1024
0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
@ -37483,6 +37496,7 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
0xD7, 0x85, 0x65, 0xC0
#endif
#endif /* !NO_SHA */
};
decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

4
wolfssl/openssl/evp.h
View File

@ -733,12 +733,12 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
int keylen, unsigned char *out);
#if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \
!defined(NO_SHA)
!defined(NO_SHA256)
WOLFSSL_API int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen,
const unsigned char *salt, size_t saltlen,
word64 N, word64 r, word64 p,
word64 maxmem, unsigned char *key, size_t keylen);
#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */
#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA256 */
WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
int* pHash, int* pHashSz);