From 91869f6028522cd5d7102fa321367f863e19d854 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 20 Dec 2022 00:42:05 -0600 Subject: [PATCH 1/2] minor fixes to accommodate --disable-sha in combination with --enable-all-crypto. --- configure.ac | 17 ++++++--- src/conf.c | 30 +++++++++++++--- tests/api.c | 80 +++++++++++++++++++++++++++++++++---------- tests/srp.c | 34 +++++++++++++----- wolfcrypt/src/pkcs7.c | 2 +- wolfcrypt/test/test.c | 14 ++++++++ wolfssl/openssl/evp.h | 4 +-- 7 files changed, 144 insertions(+), 37 deletions(-) diff --git a/configure.ac b/configure.ac index ae12f7287..f0eab6ae9 100644 --- a/configure.ac +++ b/configure.ac @@ -2998,9 +2998,12 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) -if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes" +if test "$enable_dsa" = "" then - ENABLED_DSA="yes" + if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes" + then + ENABLED_DSA="yes" + fi fi if test "$ENABLED_DSA" = "no" @@ -4115,6 +4118,11 @@ else fi fi +if test "$ENABLED_SHA" = "no" && test "$ENABLED_DSA" != "no" +then + AC_MSG_ERROR([please disable DSA if disabling SHA-1.]) +fi + # SipHash AC_ARG_ENABLE([siphash], @@ -7732,8 +7740,9 @@ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ [AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])]) AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ - test "x$ENABLED_SHA" = "xno"], - [AC_MSG_ERROR([please enable sha if enabling pkcs7.])]) + test "x$ENABLED_SHA" = "xno" && \ + test "x$ENABLED_SHA256" = "xno"], + [AC_MSG_ERROR([please enable sha or sha256 if enabling pkcs7.])]) AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ test "x$ENABLED_AES" = "xno" && \ diff --git a/src/conf.c b/src/conf.c index c8c2d40af..7391d6f15 100644 --- a/src/conf.c +++ b/src/conf.c @@ -330,7 +330,7 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val) return 0; } -/* Use SHA for hashing as OpenSSL uses a hash algorithm that is +/* Use SHA[256] for hashing as OpenSSL uses a hash algorithm that is * "not as good as MD5, but still good" so using SHA should be more * than good enough for this application. The produced hashes don't * need to line up between OpenSSL and wolfSSL. The hashes are for @@ -338,19 +338,22 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val) unsigned long wolfSSL_LH_strhash(const char *str) { unsigned long ret = 0; -#ifndef NO_SHA +#if !defined(NO_SHA) wc_Sha sha; int strLen; byte digest[WC_SHA_DIGEST_SIZE]; +#elif !defined(NO_SHA256) + wc_Sha256 sha; + int strLen; + byte digest[WC_SHA256_DIGEST_SIZE]; #endif WOLFSSL_ENTER("wolfSSL_LH_strhash"); if (!str) return 0; - -#ifndef NO_SHA strLen = (int)XSTRLEN(str); +#if !defined(NO_SHA) if (wc_InitSha_ex(&sha, NULL, 0) != 0) { WOLFSSL_MSG("SHA1 Init failed"); return 0; @@ -366,6 +369,25 @@ unsigned long wolfSSL_LH_strhash(const char *str) } } wc_ShaFree(&sha); +#elif !defined(NO_SHA256) + if (wc_InitSha256_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA256 Init failed"); + return 0; + } + + ret = wc_Sha256Update(&sha, (const byte *)str, (word32)strLen); + if (ret != 0) { + WOLFSSL_MSG("SHA256 Update failed"); + } else { + ret = wc_Sha256Final(&sha, digest); + if (ret != 0) { + WOLFSSL_MSG("SHA256 Final failed"); + } + } + wc_Sha256Free(&sha); +#endif + +#if !defined(NO_SHA) || !defined(NO_SHA256) if (ret != 0) return 0; diff --git a/tests/api.c b/tests/api.c index 77bde7d24..6273b5287 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20372,7 +20372,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void) /* Encrypt */ if (ret == 0) { ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA1, NULL, 0); if (ret >= 0) { idx = ret; ret = 0; @@ -20397,7 +20397,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void) #endif if (ret == 0) { ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, - plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, + plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA1, NULL, 0); } if (ret >= 0) { @@ -20417,7 +20417,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void) if (ret == 0) { ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, - &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, + &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA1, NULL, 0); if (ret >= 0) { @@ -28014,7 +28014,11 @@ static int test_wc_PKCS7_EncodeSignedData(void) pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; +#ifdef NO_SHA + pkcs7->hashOID = SHA256h; +#else pkcs7->hashOID = SHAh; +#endif pkcs7->rng = &rng; AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); @@ -28078,7 +28082,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void) word32 outputFootSz = (word32)sizeof(outputFoot); byte data[FOURK_BUF]; wc_HashAlg hash; +#ifdef NO_SHA + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#endif byte hashBuf[WC_MAX_DIGEST_SIZE]; word32 hashSz = wc_HashGetDigestSize(hashType); @@ -28164,7 +28172,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void) pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; +#ifdef NO_SHA + pkcs7->hashOID = SHA256h; +#else pkcs7->hashOID = SHAh; +#endif pkcs7->rng = &rng; /* calculate hash for content */ @@ -28535,7 +28547,11 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz, else { pkcs7->encryptOID = ECDSAk; } +#ifdef NO_SHA + pkcs7->hashOID = SHA256h; +#else pkcs7->hashOID = SHAh; +#endif pkcs7->rng = &rng; if (withAttribs) { /* include a signed attribute */ @@ -28582,7 +28598,11 @@ static int test_wc_PKCS7_VerifySignedData(void) int ret; wc_HashAlg hash; +#ifdef NO_SHA + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#endif byte hashBuf[WC_MAX_DIGEST_SIZE]; word32 hashSz = wc_HashGetDigestSize(hashType); @@ -28912,27 +28932,27 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) /* RSA certs and keys. */ #if defined(USE_CERT_BUFFERS_1024) + rsaCertSz = (word32)sizeof_client_cert_der_1024; /* Allocate buffer space. */ AssertNotNull(rsaCert = - (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ - rsaCertSz = (word32)sizeof_client_cert_der_1024; XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz); - AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_1024; + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz); #elif defined(USE_CERT_BUFFERS_2048) + rsaCertSz = (word32)sizeof_client_cert_der_2048; /* Allocate buffer */ AssertNotNull(rsaCert = - (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ - rsaCertSz = (word32)sizeof_client_cert_der_2048; XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz); - AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_2048; + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz); #else @@ -29173,7 +29193,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) wc_FreeRng(&rng); #endif -#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \ + !defined(NO_RSA) && !defined(NO_SHA) { byte out[7]; byte *cms; @@ -29202,7 +29223,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) AssertIntEQ(XMEMCMP(out, "test", 4), 0); wc_PKCS7_Free(pkcs7); } -#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */ +#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */ res = TEST_RES_CHECK(1); #endif /* HAVE_PKCS7 */ @@ -29431,7 +29452,7 @@ static int test_wc_PKCS7_Degenerate(void) } /* END test_wc_PKCS7_Degenerate() */ #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ - defined(ASN_BER_TO_DER) && !defined(NO_DES3) + defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA) static byte berContent[] = { 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30, @@ -29621,7 +29642,9 @@ static byte berContent[] = { 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */ +#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && + * !NO_DES3 && !NO_SHA + */ /* * Testing wc_PKCS7_BER() @@ -29630,7 +29653,7 @@ static int test_wc_PKCS7_BER(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ - defined(ASN_BER_TO_DER) + !defined(NO_SHA) && defined(ASN_BER_TO_DER) PKCS7* pkcs7; char fName[] = "./certs/test-ber-exp02-05-2022.p7b"; XFILE f; @@ -30505,7 +30528,11 @@ static int test_wolfSSL_lhash(void) "We were born\n" "Born to be wild"; +#ifdef NO_SHA + AssertIntEQ(lh_strhash(testStr), 0xf9dc8a43); +#else AssertIntEQ(lh_strhash(testStr), 0x5b7541dc); +#endif res = TEST_RES_CHECK(1); #endif @@ -34421,7 +34448,11 @@ static int test_wolfSSL_PKCS7_certs(void) for (i = 0; i < 2; i++) { AssertNotNull(p7 = PKCS7_new()); p7->version = 1; +#ifdef NO_SHA + p7->hashOID = SHA256h; +#else p7->hashOID = SHAh; +#endif AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); @@ -38843,7 +38874,7 @@ static int test_wolfSSL_PKCS8_d2i(void) AssertIntEQ(BIO_get_mem_data(bio, &p), bytes); AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); BIO_free(bio); -#ifndef NO_DES3 +#if !defined(NO_DES3) && !defined(NO_SHA) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write Encrypted PKCS#8 PEM to BIO. */ bytes = 1834; @@ -38853,7 +38884,7 @@ static int test_wolfSSL_PKCS8_d2i(void) (void*)"yassl123")); EVP_PKEY_free(evpPkey); BIO_free(bio); -#endif /* !NO_DES3 */ +#endif /* !NO_DES3 && !NO_SHA */ #endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ EVP_PKEY_free(pkey); @@ -45346,7 +45377,12 @@ static int test_wolfSSL_EVP_get_digestbynid(void) #ifndef NO_MD5 AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); #endif +#ifndef NO_SHA AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); +#endif +#ifndef NO_SHA256 + AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256)); +#endif AssertNull(wolfSSL_EVP_get_digestbynid(0)); return TEST_RES_CHECK(1); @@ -48993,7 +49029,11 @@ static int test_wolfssl_PKCS7(void) pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; +#ifdef NO_SHA + pkcs7->hashOID = SHA256h; +#else pkcs7->hashOID = SHAh; +#endif AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655); @@ -49304,7 +49344,11 @@ static int test_wolfSSL_PEM_write_bio_PKCS7(void) pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; +#ifdef NO_SHA + pkcs7->hashOID = SHA256h; +#else pkcs7->hashOID = SHAh; +#endif pkcs7->signedAttribs = NULL; pkcs7->signedAttribsSz = 0; diff --git a/tests/srp.c b/tests/srp.c index 9eb96ba6f..fe2886afe 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -35,9 +35,6 @@ static byte username[] = "user"; static word32 usernameSz = 4; -static byte password[] = "password"; -static word32 passwordSz = 8; - static byte srp_N[] = { 0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E, 0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3, @@ -55,6 +52,17 @@ static byte srp_salt[] = { 0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18 }; +#ifdef NO_SHA + +#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA256 + +#else /* SHA-1 */ + +#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA + +static byte password[] = "password"; +static word32 passwordSz = 8; + static byte srp_verifier[] = { 0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61, 0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47, @@ -111,17 +119,21 @@ static byte srp_server_proof[] = { 0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75 }; +#endif /* SHA-1 */ + static void test_SrpInit(void) { Srp srp; /* invalid params */ - AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT, + SRP_CLIENT_SIDE)); AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, (SrpSide)255)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, + (SrpSide)255)); /* success */ - AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE)); wc_SrpTerm(&srp); } @@ -130,7 +142,7 @@ static void test_SrpSetUsername(void) { Srp srp; - AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE)); /* invalid params */ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz)); @@ -148,7 +160,7 @@ static void test_SrpSetParams(void) { Srp srp; - AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE)); /* invalid call order */ AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp, @@ -188,6 +200,8 @@ static void test_SrpSetParams(void) wc_SrpTerm(&srp); } +#ifndef NO_SHA + static void test_SrpSetPassword(void) { Srp srp; @@ -435,6 +449,8 @@ static void test_SrpGetProofAndVerify(void) wc_SrpTerm(&srv); } +#endif /* !NO_SHA */ + static int sha512_key_gen(Srp* srp, byte* secret, word32 size) { wc_Sha512 hash; @@ -829,10 +845,12 @@ void SrpTest(void) test_SrpInit(); test_SrpSetUsername(); test_SrpSetParams(); +#ifndef NO_SHA test_SrpSetPassword(); test_SrpGetPublic(); test_SrpComputeKey(); test_SrpGetProofAndVerify(); +#endif /* !NO_SHA */ test_SrpKeyGenFunc_cb(); wolfCrypt_Cleanup(); #endif diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 76a17cb0b..7c205eac9 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -10078,10 +10078,10 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in, #if !defined(NO_PWDBASED) && !defined(NO_SHA) ret = wc_PKCS7_DecryptPwri(pkcs7, in, inSz, idx, decryptedKey, decryptedKeySz, recipFound); + break; #else return NOT_COMPILED_IN; #endif - break; case WC_PKCS7_DECRYPT_ORI: ret = wc_PKCS7_DecryptOri(pkcs7, in, inSz, idx, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d29d9aed9..1fbcc4105 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -37474,6 +37474,19 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint) int decodedSz = FOURK_BUF/2; WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = { +#ifdef NO_SHA +#ifdef USE_CERT_BUFFERS_1024 + 0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9, + 0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2, + 0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06, + 0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9 +#else + 0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36, + 0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e, + 0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4, + 0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71 +#endif +#else /* !NO_SHA */ #ifdef USE_CERT_BUFFERS_1024 0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34, 0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75, @@ -37483,6 +37496,7 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint) 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0 #endif +#endif /* !NO_SHA */ }; decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 96d7ac1ca..335d1e0db 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -733,12 +733,12 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, int keylen, unsigned char *out); #if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \ - !defined(NO_SHA) + !defined(NO_SHA256) WOLFSSL_API int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen, const unsigned char *salt, size_t saltlen, word64 N, word64 r, word64 p, word64 maxmem, unsigned char *key, size_t keylen); -#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */ +#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA256 */ WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, int* pHash, int* pHashSz); From 455e76873c867ad993be9412122db69f32de706a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 20 Dec 2022 10:43:33 -0600 Subject: [PATCH 2/2] peer review fixes re: minor fixes to accommodate --disable-sha in combination with --enable-all-crypto. --- src/conf.c | 3 +-- tests/api.c | 8 ++++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/conf.c b/src/conf.c index 7391d6f15..605069adf 100644 --- a/src/conf.c +++ b/src/conf.c @@ -338,13 +338,12 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val) unsigned long wolfSSL_LH_strhash(const char *str) { unsigned long ret = 0; + int strLen; #if !defined(NO_SHA) wc_Sha sha; - int strLen; byte digest[WC_SHA_DIGEST_SIZE]; #elif !defined(NO_SHA256) wc_Sha256 sha; - int strLen; byte digest[WC_SHA256_DIGEST_SIZE]; #endif WOLFSSL_ENTER("wolfSSL_LH_strhash"); diff --git a/tests/api.c b/tests/api.c index 6273b5287..99f9ab1f8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20334,7 +20334,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void) int result = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\ && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\ - && !defined(NO_SHA) + && !defined(NO_SHA256) RsaKey key; WC_RNG rng; int ret; @@ -20372,7 +20372,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void) /* Encrypt */ if (ret == 0) { ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA1, NULL, 0); + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); if (ret >= 0) { idx = ret; ret = 0; @@ -20398,7 +20398,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void) if (ret == 0) { ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, - WC_MGF1SHA1, NULL, 0); + WC_MGF1SHA256, NULL, 0); } if (ret >= 0) { if (!XMEMCMP(plain, inStr, plainSz)) { @@ -20418,7 +20418,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void) if (ret == 0) { ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, - WC_MGF1SHA1, NULL, 0); + WC_MGF1SHA256, NULL, 0); if (ret >= 0) { if (!XMEMCMP(inStr, res, plainSz)) {