feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixes #71. Disable SHA works with TLS, PWDBASED, testing.

Browse Source
This commit is contained in:
John Safranek
2015-05-28 10:25:41 -07:00
parent b4a6ed1d7f
commit 77fe4f3a2e
10 changed files with 156 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -1775,8 +1775,6 @@ AC_ARG_ENABLE([examples],
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
# certs still have sha signatures for now
AS_IF([test "x$ENABLED_SHA" = "xno" && test "x$ENABLED_PSK" = "xno"], [ENABLED_EXAMPLES="no"])
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"]) AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])

6
src/crl.c
View File

@ -66,8 +66,8 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
{ {
WOLFSSL_ENTER("InitCRL_Entry"); WOLFSSL_ENTER("InitCRL_Entry");
XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE); XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
/* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE); /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
* copy the hash here if needed for optimized comparisons */ * copy the hash here if needed for optimized comparisons */
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE); XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE); XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
@ -152,7 +152,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
crle = crl->crlList; crle = crl->crlList;
while (crle) { while (crle) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) { if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
WOLFSSL_MSG("Found CRL Entry on list"); WOLFSSL_MSG("Found CRL Entry on list");
WOLFSSL_MSG("Checking next date validity"); WOLFSSL_MSG("Checking next date validity");

29
src/ssl.c
View File

@ -1797,7 +1797,7 @@ int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
#else #else
subjectHash = signers->subjectNameHash; subjectHash = signers->subjectNameHash;
#endif #endif
if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) { if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = 1; ret = 1;
break; break;
} }
@ -1831,7 +1831,7 @@ Signer* GetCA(void* vp, byte* hash)
#else #else
subjectHash = signers->subjectNameHash; subjectHash = signers->subjectNameHash;
#endif #endif
if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) { if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = signers; ret = signers;
break; break;
} }
@ -1861,7 +1861,8 @@ Signer* GetCAByName(void* vp, byte* hash)
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
signers = cm->caTable[row]; signers = cm->caTable[row];
while (signers && ret == NULL) { while (signers && ret == NULL) {
if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) { if (XMEMCMP(hash,
signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) {
ret = signers; ret = signers;
} }
signers = signers->next; signers = signers->next;
@ -1942,10 +1943,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
#endif #endif
#ifndef NO_SKID #ifndef NO_SKID
XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId, XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
SHA_DIGEST_SIZE); SIGNER_DIGEST_SIZE);
#endif #endif
XMEMCPY(signer->subjectNameHash, cert->subjectHash, XMEMCPY(signer->subjectNameHash, cert->subjectHash,
SHA_DIGEST_SIZE); SIGNER_DIGEST_SIZE);
signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
: 0xFFFF; : 0xFFFF;
signer->next = NULL; /* If Key Usage not set, all uses valid. */ signer->next = NULL; /* If Key Usage not set, all uses valid. */
@ -7458,6 +7459,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_MD5 */ #endif /* NO_MD5 */
#ifndef NO_SHA
void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha) void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
{ {
typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1]; typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
@ -7503,6 +7505,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_ENTER("SHA1_Final"); WOLFSSL_ENTER("SHA1_Final");
SHA_Final(input, sha); SHA_Final(input, sha);
} }
#endif /* NO_SHA */
void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256) void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
@ -7606,12 +7609,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_MD5 */ #endif /* NO_MD5 */
#ifndef NO_SHA
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
{ {
static const char* type = "SHA"; static const char* type = "SHA";
WOLFSSL_ENTER("EVP_sha1"); WOLFSSL_ENTER("EVP_sha1");
return type; return type;
} }
#endif /* NO_SHA */
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
@ -8225,11 +8230,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash); wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
} }
#endif #endif
#ifndef NO_SHA
/* has to be last since would pick or 256, 384, or 512 too */ /* has to be last since would pick or 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) { else if (XSTRNCMP(type, "SHA", 3) == 0) {
ctx->macType = SHA; ctx->macType = SHA;
wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash); wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash);
} }
#endif /* NO_SHA */
else else
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -12386,12 +12393,14 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (XSTRNCMP(type, "MD5", 3) == 0) { if (XSTRNCMP(type, "SHA256", 6) == 0) {
return MD5_DIGEST_SIZE;
}
else if (XSTRNCMP(type, "SHA256", 6) == 0) {
return SHA256_DIGEST_SIZE; return SHA256_DIGEST_SIZE;
} }
#ifndef NO_MD5
else if (XSTRNCMP(type, "MD5", 3) == 0) {
return MD5_DIGEST_SIZE;
}
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
else if (XSTRNCMP(type, "SHA384", 6) == 0) { else if (XSTRNCMP(type, "SHA384", 6) == 0) {
return SHA384_DIGEST_SIZE; return SHA384_DIGEST_SIZE;
@ -12402,10 +12411,12 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
return SHA512_DIGEST_SIZE; return SHA512_DIGEST_SIZE;
} }
#endif #endif
#ifndef NO_SHA
/* has to be last since would pick or 256, 384, or 512 too */ /* has to be last since would pick or 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) { else if (XSTRNCMP(type, "SHA", 3) == 0) {
return SHA_DIGEST_SIZE; return SHA_DIGEST_SIZE;
} }
#endif
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }

110
wolfcrypt/src/asn.c
View File

@ -941,9 +941,11 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
if (version == PKCS5v2) if (version == PKCS5v2)
ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations, ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
derivedLen, typeH); derivedLen, typeH);
#ifndef NO_SHA
else if (version == PKCS5) else if (version == PKCS5)
ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations, ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
derivedLen, typeH); derivedLen, typeH);
#endif
else if (version == PKCS12) { else if (version == PKCS12) {
int i, idx = 0; int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ]; byte unicodePasswd[MAX_UNICODE_SZ];
@ -1447,9 +1449,9 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthInfoSz = 0; cert->extAuthInfoSz = 0;
cert->extCrlInfo = NULL; cert->extCrlInfo = NULL;
cert->extCrlInfoSz = 0; cert->extCrlInfoSz = 0;
XMEMSET(cert->extSubjKeyId, 0, SHA_SIZE); XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE);
cert->extSubjKeyIdSet = 0; cert->extSubjKeyIdSet = 0;
XMEMSET(cert->extAuthKeyId, 0, SHA_SIZE); XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE);
cert->extAuthKeyIdSet = 0; cert->extAuthKeyIdSet = 0;
cert->extKeyUsageSet = 0; cert->extKeyUsageSet = 0;
cert->extKeyUsage = 0; cert->extKeyUsage = 0;
@ -1852,11 +1854,11 @@ static int GetKey(DecodedCert* cert)
/* process NAME, either issuer or subject */ /* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType) static int GetName(DecodedCert* cert, int nameType)
{ {
Sha sha; /* MUST have SHA-1 hash for cert names */
int length; /* length of all distinguished names */ int length; /* length of all distinguished names */
int dummy; int dummy;
int ret; int ret;
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject; char* full;
byte* hash;
word32 idx; word32 idx;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
DecodedName* dName = DecodedName* dName =
@ -1865,6 +1867,15 @@ static int GetName(DecodedCert* cert, int nameType)
WOLFSSL_MSG("Getting Cert Name"); WOLFSSL_MSG("Getting Cert Name");
if (nameType == ISSUER) {
full = cert->issuer;
hash = cert->issuerHash;
}
else {
full = cert->subject;
hash = cert->subjectHash;
}
if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) { if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
WOLFSSL_MSG("Trying optional prefix..."); WOLFSSL_MSG("Trying optional prefix...");
@ -1882,14 +1893,13 @@ static int GetName(DecodedCert* cert, int nameType)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
ret = wc_InitSha(&sha); #ifdef NO_SHA
ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash);
#else
ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash);
#endif
if (ret != 0) if (ret != 0)
return ret; return ret;
wc_ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
if (nameType == ISSUER)
wc_ShaFinal(&sha, cert->issuerHash);
else
wc_ShaFinal(&sha, cert->subjectHash);
length += cert->srcIdx; length += cert->srcIdx;
idx = 0; idx = 0;
@ -3811,19 +3821,18 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
cert->extAuthKeyIdSz = length; cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
if (length == SHA_SIZE) { if (length == KEYID_SIZE) {
XMEMCPY(cert->extAuthKeyId, input + idx, length); XMEMCPY(cert->extAuthKeyId, input + idx, length);
} }
else { else {
Sha sha; #ifdef NO_SHA
ret = wc_InitSha(&sha); ret = wc_Sha256Hash(input + idx, length, cert->extAuthKeyId);
if (ret != 0) #else
return ret; ret = wc_ShaHash(input + idx, length, cert->extAuthKeyId);
wc_ShaUpdate(&sha, input + idx, length); #endif
wc_ShaFinal(&sha, cert->extAuthKeyId);
} }
return 0; return ret;
} }
@ -3853,12 +3862,11 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
XMEMCPY(cert->extSubjKeyId, input + idx, length); XMEMCPY(cert->extSubjKeyId, input + idx, length);
} }
else { else {
Sha sha; #ifdef NO_SHA
ret = wc_InitSha(&sha); ret = wc_Sha256Hash(input + idx, length, cert->extSubjKeyId);
if (ret != 0) #else
return ret; ret = wc_ShaHash(input + idx, length, cert->extSubjKeyId);
wc_ShaUpdate(&sha, input + idx, length); #endif
wc_ShaFinal(&sha, cert->extSubjKeyId);
} }
return ret; return ret;
@ -4355,12 +4363,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
#ifndef NO_SKID #ifndef NO_SKID
if (cert->extSubjKeyIdSet == 0 if (cert->extSubjKeyIdSet == 0
&& cert->publicKey != NULL && cert->pubKeySize > 0) { && cert->publicKey != NULL && cert->pubKeySize > 0) {
Sha sha; #ifdef NO_SHA
ret = wc_InitSha(&sha); ret = wc_Sha256Hash(cert->publicKey, cert->pubKeySize,
cert->extSubjKeyId);
#else
ret = wc_ShaHash(cert->publicKey, cert->pubKeySize,
cert->extSubjKeyId);
#endif
if (ret != 0) if (ret != 0)
return ret; return ret;
wc_ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
wc_ShaFinal(&sha, cert->extSubjKeyId);
} }
#endif #endif
@ -4379,14 +4390,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
if (ca) { if (ca) {
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
/* Need the ca's public key hash for OCSP */ /* Need the ca's public key hash for OCSP */
{ #ifdef NO_SHA
Sha sha; ret = wc_Sha256Hash(ca->publicKey, ca->pubKeySize,
ret = wc_InitSha(&sha); cert->issuerKeyHash);
#else /* NO_SHA */
ret = wc_ShaHash(ca->publicKey, ca->pubKeySize,
cert->issuerKeyHash);
#endif /* NO_SHA */
if (ret != 0) if (ret != 0)
return ret; return ret;
wc_ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
wc_ShaFinal(&sha, cert->issuerKeyHash);
}
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */
/* try to confirm/verify signature */ /* try to confirm/verify signature */
if (!ConfirmSignature(cert->source + cert->certBegin, if (!ConfirmSignature(cert->source + cert->certBegin,
@ -7343,13 +7355,18 @@ int EncodeOcspRequest(OcspRequest* req)
WOLFSSL_ENTER("EncodeOcspRequest"); WOLFSSL_ENTER("EncodeOcspRequest");
#ifdef NO_SHA
algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0);
#else
algoSz = SetAlgoID(SHAh, algoArray, hashType, 0); algoSz = SetAlgoID(SHAh, algoArray, hashType, 0);
#endif
req->issuerHash = req->cert->issuerHash; req->issuerHash = req->cert->issuerHash;
issuerSz = SetDigest(req->cert->issuerHash, SHA_SIZE, issuerArray); issuerSz = SetDigest(req->cert->issuerHash, KEYID_SIZE, issuerArray);
req->issuerKeyHash = req->cert->issuerKeyHash; req->issuerKeyHash = req->cert->issuerKeyHash;
issuerKeySz = SetDigest(req->cert->issuerKeyHash, SHA_SIZE, issuerKeyArray); issuerKeySz = SetDigest(req->cert->issuerKeyHash,
KEYID_SIZE, issuerKeyArray);
req->serial = req->cert->serial; req->serial = req->cert->serial;
req->serialSz = req->cert->serialSz; req->serialSz = req->cert->serialSz;
@ -7453,14 +7470,14 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
} }
} }
cmp = XMEMCMP(req->issuerHash, resp->issuerHash, SHA_DIGEST_SIZE); cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
if (cmp != 0) if (cmp != 0)
{ {
WOLFSSL_MSG("\tissuerHash mismatch"); WOLFSSL_MSG("\tissuerHash mismatch");
return cmp; return cmp;
} }
cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, SHA_DIGEST_SIZE); cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
if (cmp != 0) if (cmp != 0)
{ {
WOLFSSL_MSG("\tissuerKeyHash mismatch"); WOLFSSL_MSG("\tissuerKeyHash mismatch");
@ -7487,13 +7504,12 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
#endif #endif
/* store SHA1 hash of NAME */ /* store SHA hash of NAME */
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx) int maxIdx)
{ {
Sha sha;
int length; /* length of all distinguished names */ int length; /* length of all distinguished names */
int ret = 0; int ret;
word32 dummy; word32 dummy;
WOLFSSL_ENTER("GetNameHash"); WOLFSSL_ENTER("GetNameHash");
@ -7515,15 +7531,15 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
if (GetSequence(source, idx, &length, maxIdx) < 0) if (GetSequence(source, idx, &length, maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
ret = wc_InitSha(&sha); #ifdef NO_SHA
if (ret != 0) ret = wc_Sha256Hash(source + dummy, length + *idx - dummy, hash);
return ret; #else
wc_ShaUpdate(&sha, source + dummy, length + *idx - dummy); ret = wc_ShaHash(source + dummy, length + *idx - dummy, hash);
wc_ShaFinal(&sha, hash); #endif
*idx += length; *idx += length;
return 0; return ret;
} }

2
wolfcrypt/src/pkcs7.c
View File

@ -188,7 +188,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize); XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
pkcs7->publicKeySz = dCert->pubKeySize; pkcs7->publicKeySz = dCert->pubKeySize;
XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, SHA_SIZE); XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
pkcs7->issuer = dCert->issuerRaw; pkcs7->issuer = dCert->issuerRaw;
pkcs7->issuerSz = dCert->issuerRawLen; pkcs7->issuerSz = dCert->issuerRawLen;
XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz); XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);

8
wolfcrypt/src/pwdbased.c
View File

@ -68,6 +68,7 @@
#endif /* WOLFSSL_HAVE_MIN */ #endif /* WOLFSSL_HAVE_MIN */
#ifndef NO_SHA
/* PBKDF1 needs at least SHA available */ /* PBKDF1 needs at least SHA available */
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType) int sLen, int iterations, int kLen, int hashType)
@ -130,6 +131,7 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
return 0; return 0;
} }
#endif /* NO_SHA */
int GetDigestSize(int hashType) int GetDigestSize(int hashType)
@ -142,9 +144,11 @@ int GetDigestSize(int hashType)
hLen = MD5_DIGEST_SIZE; hLen = MD5_DIGEST_SIZE;
break; break;
#endif #endif
#ifndef NO_SHA
case SHA: case SHA:
hLen = SHA_DIGEST_SIZE; hLen = SHA_DIGEST_SIZE;
break; break;
#endif
#ifndef NO_SHA256 #ifndef NO_SHA256
case SHA256: case SHA256:
hLen = SHA256_DIGEST_SIZE; hLen = SHA256_DIGEST_SIZE;
@ -264,10 +268,12 @@ int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
*u = MD5_DIGEST_SIZE; *u = MD5_DIGEST_SIZE;
break; break;
#endif #endif
#ifndef NO_SHA
case SHA: case SHA:
*v = SHA_BLOCK_SIZE; *v = SHA_BLOCK_SIZE;
*u = SHA_DIGEST_SIZE; *u = SHA_DIGEST_SIZE;
break; break;
#endif
#ifndef NO_SHA256 #ifndef NO_SHA256
case SHA256: case SHA256:
*v = SHA256_BLOCK_SIZE; *v = SHA256_BLOCK_SIZE;
@ -313,6 +319,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
} }
break; break;
#endif /* NO_MD5 */ #endif /* NO_MD5 */
#ifndef NO_SHA
case SHA: case SHA:
{ {
Sha sha; Sha sha;
@ -328,6 +335,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
} }
} }
break; break;
#endif /* NO_SHA */
#ifndef NO_SHA256 #ifndef NO_SHA256
case SHA256: case SHA256:
{ {

43
wolfcrypt/test/test.c
View File

@ -4409,9 +4409,10 @@ int openssl_test(void)
{ {
EVP_MD_CTX md_ctx; EVP_MD_CTX md_ctx;
testVector a, b, c, d, e, f; testVector a, b, c, d, e, f;
byte hash[SHA_DIGEST_SIZE*4]; /* max size */ byte hash[SHA256_DIGEST_SIZE*2]; /* max size */
(void)a; (void)a;
(void)b;
(void)c; (void)c;
(void)e; (void)e;
(void)f; (void)f;
@ -4436,6 +4437,8 @@ int openssl_test(void)
#endif /* NO_MD5 */ #endif /* NO_MD5 */
#ifndef NO_SHA
b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaa"; "aaaaaaaaaa";
@ -4453,6 +4456,8 @@ int openssl_test(void)
if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0) if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
return -72; return -72;
#endif /* NO_SHA */
d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
@ -4656,22 +4661,22 @@ int pkcs12_test(void)
byte derived[64]; byte derived[64];
const byte verify[] = { const byte verify[] = {
0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46, 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E, 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
}; };
const byte verify2[] = { const byte verify2[] = {
0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E, 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB, 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
}; };
int id = 1; int id = 1;
int kLen = 24; int kLen = 24;
int iterations = 1; int iterations = 1;
int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations, int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
kLen, SHA, id); iterations, kLen, SHA256, id);
if (ret < 0) if (ret < 0)
return -103; return -103;
@ -4680,8 +4685,8 @@ int pkcs12_test(void)
return -104; return -104;
iterations = 1000; iterations = 1000;
ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations, ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
kLen, SHA, id); iterations, kLen, SHA256, id);
if (ret < 0) if (ret < 0)
return -105; return -105;
@ -4701,12 +4706,12 @@ int pbkdf2_test(void)
byte derived[64]; byte derived[64];
const byte verify[] = { const byte verify[] = {
0xba, 0x9b, 0x3b, 0x95, 0x04, 0x4d, 0x78, 0x11, 0xec, 0xa1, 0xff, 0x3f, 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
0xea, 0x3a, 0xdb, 0x55, 0x3e, 0x54, 0x0b, 0xa0, 0x9f, 0xad, 0xe6, 0x81 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
}; };
int ret = wc_PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, int ret = wc_PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8,
iterations, kLen, SHA); iterations, kLen, SHA256);
if (ret != 0) if (ret != 0)
return ret; return ret;
@ -4717,6 +4722,7 @@ int pbkdf2_test(void)
} }
#ifndef NO_SHA
int pbkdf1_test(void) int pbkdf1_test(void)
{ {
char passwd[] = "password"; char passwd[] = "password";
@ -4738,11 +4744,15 @@ int pbkdf1_test(void)
return 0; return 0;
} }
#endif
int pwdbased_test(void) int pwdbased_test(void)
{ {
int ret = pbkdf1_test(); int ret = 0;
#ifndef NO_SHA
ret += pbkdf1_test();
#endif
ret += pbkdf2_test(); ret += pbkdf2_test();
return ret + pkcs12_test(); return ret + pkcs12_test();
@ -4968,7 +4978,8 @@ int ecc_test(void)
if (ret != 0) if (ret != 0)
return -1017; return -1017;
#if (defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES) #if !defined(NO_SHA) && \
((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))
{ {
/* test raw ECC key import */ /* test raw ECC key import */
Sha sha; Sha sha;

14
wolfssl/internal.h
View File

@ -433,6 +433,7 @@ typedef byte word24[3];
#endif #endif
#endif #endif
#if !defined(NO_DES3) #if !defined(NO_DES3)
#ifndef NO_SHA
#if !defined(NO_RSA) #if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
@ -440,6 +441,7 @@ typedef byte word24[3];
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#endif /* NO_SHA */
#endif #endif
#endif #endif
@ -1152,10 +1154,10 @@ struct WOLFSSL_CIPHER {
typedef struct OCSP_Entry OCSP_Entry; typedef struct OCSP_Entry OCSP_Entry;
#ifdef SHA_DIGEST_SIZE #ifdef NO_SHA
#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE #define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
#else #else
#define OCSP_DIGEST_SIZE 160 #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
#endif #endif
#ifdef NO_ASN #ifdef NO_ASN
@ -1189,10 +1191,10 @@ struct WOLFSSL_OCSP {
typedef struct CRL_Entry CRL_Entry; typedef struct CRL_Entry CRL_Entry;
#ifdef SHA_DIGEST_SIZE #ifdef NO_SHA
#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE #define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
#else #else
#define CRL_DIGEST_SIZE 160 #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
#endif #endif
#ifdef NO_ASN #ifdef NO_ASN

27
wolfssl/wolfcrypt/asn.h
View File

@ -48,6 +48,7 @@
#ifndef NO_MD5 #ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h> #include <wolfssl/wolfcrypt/md5.h>
#endif #endif
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */ #include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
#ifdef HAVE_ECC #ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>
@ -138,7 +139,11 @@ enum Misc_ASN {
ASN_BOOL_SIZE = 2, /* including type */ ASN_BOOL_SIZE = 2, /* including type */
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
SHA_SIZE = 20, #ifdef NO_SHA
KEYID_SIZE = SHA256_DIGEST_SIZE,
#else
KEYID_SIZE = SHA_DIGEST_SIZE,
#endif
RSA_INTS = 8, /* RSA ints in private key */ RSA_INTS = 8, /* RSA ints in private key */
MIN_DATE_SIZE = 13, MIN_DATE_SIZE = 13,
MAX_DATE_SIZE = 32, MAX_DATE_SIZE = 32,
@ -353,10 +358,10 @@ struct DecodedCert {
Base_entry* permittedNames; /* Permitted name bases */ Base_entry* permittedNames; /* Permitted name bases */
Base_entry* excludedNames; /* Excluded name bases */ Base_entry* excludedNames; /* Excluded name bases */
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
byte subjectHash[SHA_SIZE]; /* hash of all Names */ byte subjectHash[KEYID_SIZE]; /* hash of all Names */
byte issuerHash[SHA_SIZE]; /* hash of all Names */ byte issuerHash[KEYID_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */ byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */
byte* signature; /* not owned, points into raw cert */ byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */ char* subjectCN; /* CommonName */
@ -379,9 +384,9 @@ struct DecodedCert {
int extAuthInfoSz; /* length of the URI */ int extAuthInfoSz; /* length of the URI */
byte* extCrlInfo; /* CRL Distribution Points */ byte* extCrlInfo; /* CRL Distribution Points */
int extCrlInfoSz; /* length of the URI */ int extCrlInfoSz; /* length of the URI */
byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */ byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */ byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
byte extNameConstraintSet; byte extNameConstraintSet;
@ -471,10 +476,10 @@ struct DecodedCert {
}; };
#ifdef SHA_DIGEST_SIZE #ifdef NO_SHA
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
#else #else
#define SIGNER_DIGEST_SIZE 20 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
#endif #endif
/* CA Signers */ /* CA Signers */
@ -710,8 +715,8 @@ struct DecodedCRL {
word32 sigLength; /* length of signature */ word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */ word32 signatureOID; /* sum of algorithm object id */
byte* signature; /* pointer into raw source, not owned */ byte* signature; /* pointer into raw source, not owned */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */
byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */ byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */ byte nextDate[MAX_DATE_SIZE]; /* next update date */
byte lastDateFormat; /* format of last date */ byte lastDateFormat; /* format of last date */

2
wolfssl/wolfcrypt/pkcs7.h
View File

@ -80,7 +80,7 @@ typedef struct PKCS7 {
byte* singleCert; /* recipient cert, DER, not owner */ byte* singleCert; /* recipient cert, DER, not owner */
word32 singleCertSz; /* size of recipient cert buffer, bytes */ word32 singleCertSz; /* size of recipient cert buffer, bytes */
byte issuerHash[SHA_SIZE]; /* hash of all alt Names */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
byte* issuer; /* issuer name of singleCert */ byte* issuer; /* issuer name of singleCert */
word32 issuerSz; /* length of issuer name */ word32 issuerSz; /* length of issuer name */
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */