feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3199 from dgarske/openssl_sha

Browse Source 
Fix for building openssl compat without SHA-1
This commit is contained in:
toddouska
2020-08-06 15:59:26 -07:00
committed by GitHub
parent 132adeac14 435eabfb4b
commit 82d927d40f
4 changed files with 83 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
src/ssl.c
View File

@@ -4141,7 +4141,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
static WC_INLINE word32 MakeWordFromHash(const byte* hashID) static WC_INLINE word32 MakeWordFromHash(const byte* hashID)
{ {
return ((word32)hashID[0] << 24) | ((word32)hashID[1] << 16) | return ((word32)hashID[0] << 24) | ((word32)hashID[1] << 16) |
(hashID[2] << 8) | hashID[3]; ((word32)hashID[2] << 8) | (word32)hashID[3];
} }
#endif /* !NO_CERTS || !NO_SESSION_CACHE */ #endif /* !NO_CERTS || !NO_SESSION_CACHE */
@@ -19783,9 +19783,10 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
return NULL; return NULL;
} }
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA) #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA) || !defined(NO_SHA256))
/****************************************************************************** /******************************************************************************
* wolfSSL_X509_subject_name_hash - compute the hash digest of the raw subject name * wolfSSL_X509_subject_name_hash - compute the hash digest of the raw subject name
* This function prefers SHA-1 (if available) for compatibility
* *
* RETURNS: * RETURNS:
* The beginning of the hash digest. Otherwise, returns zero. * The beginning of the hash digest. Otherwise, returns zero.
@@ -19795,36 +19796,59 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
*/ */
unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509) unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
{ {
word32 ret = 0; unsigned long ret = 0;
int retHash; int retHash = NOT_COMPILED_IN;
WOLFSSL_X509_NAME *subjectName = NULL; WOLFSSL_X509_NAME *subjectName = NULL;
byte digest[WC_MAX_DIGEST_SIZE];
#ifdef WOLFSSL_PIC32MZ_HASH
byte digest[PIC32_DIGEST_SIZE];
#else
byte digest[WC_SHA_DIGEST_SIZE];
#endif
if (x509 == NULL) { if (x509 == NULL) {
return WOLFSSL_FAILURE; return ret;
} }
subjectName = wolfSSL_X509_get_subject_name((WOLFSSL_X509*)x509); subjectName = wolfSSL_X509_get_subject_name((WOLFSSL_X509*)x509);
if (subjectName != NULL) { if (subjectName != NULL) {
#ifndef NO_SHA
retHash = wc_ShaHash((const byte*)subjectName->name, retHash = wc_ShaHash((const byte*)subjectName->name,
(word32)subjectName->sz, digest); (word32)subjectName->sz, digest);
#elif !defined(NO_SHA256)
if(retHash != 0){ retHash = wc_Sha256Hash((const byte*)subjectName->name,
WOLFSSL_MSG("Hash of X509 subjectName has failed"); (word32)subjectName->sz, digest);
return WOLFSSL_FAILURE; #endif
if (retHash == 0) {
ret = (unsigned long)MakeWordFromHash(digest);
} }
ret = MakeWordFromHash(digest);
} }
return (unsigned long)ret; return ret;
} }
#endif /* OPENSSL_EXTRA && !NO_SHA */
unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509)
{
unsigned long ret = 0;
int retHash = NOT_COMPILED_IN;
WOLFSSL_X509_NAME *issuerName = NULL;
byte digest[WC_MAX_DIGEST_SIZE];
if (x509 == NULL) {
return ret;
}
issuerName = wolfSSL_X509_get_issuer_name((WOLFSSL_X509*)x509);
if (issuerName != NULL) {
#ifndef NO_SHA
retHash = wc_ShaHash((const byte*)issuerName->name,
(word32)issuerName->sz, digest);
#elif !defined(NO_SHA256)
retHash = wc_Sha256Hash((const byte*)issuerName->name,
(word32)issuerName->sz, digest);
#endif
if (retHash == 0) {
ret = (unsigned long)MakeWordFromHash(digest);
}
}
return ret;
}
#endif /* OPENSSL_EXTRA && (!NO_SHA || !NO_SHA256) */
WOLFSSL_ABI WOLFSSL_ABI
WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert) WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
@@ -20056,7 +20080,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
#if defined(OPENSSL_ALL) #if defined(OPENSSL_ALL)
/* Takes two WOLFSSL_X509* certificates and performs a Sha hash of each, if the /* Takes two WOLFSSL_X509* certificates and performs a Sha hash of each, if the
* has values are the same, then it will do an XMEMCMP to confirm they are * hash values are the same, then it will do an XMEMCMP to confirm they are
* identical. Returns a 0 when certificates match, returns a negative number * identical. Returns a 0 when certificates match, returns a negative number
* when certificates are not a match. * when certificates are not a match.
*/ */
@@ -20064,19 +20088,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
{ {
const byte* derA; const byte* derA;
const byte* derB; const byte* derB;
int retHashA;
int retHashB;
int outSzA = 0; int outSzA = 0;
int outSzB = 0; int outSzB = 0;
#ifdef WOLFSSL_PIC32MZ_HASH
byte digestA[PIC32_DIGEST_SIZE];
byte digestB[PIC32_DIGEST_SIZE];
#else
byte digestA[WC_SHA_DIGEST_SIZE];
byte digestB[WC_SHA_DIGEST_SIZE];
#endif
if (a == NULL || b == NULL){ if (a == NULL || b == NULL){
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -20092,36 +20106,13 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
retHashA = wc_ShaHash(derA, (word32)outSzA, digestA); if (outSzA != outSzB || XMEMCMP(derA, derB, outSzA) != 0) {
if(retHashA != 0){
WOLFSSL_MSG("Hash of certificate A has failed");
return WOLFSSL_FATAL_ERROR;
}
retHashB = wc_ShaHash(derB, (word32)outSzB, digestB);
if(retHashB != 0){
WOLFSSL_MSG("Hash of certificate B has failed");
return WOLFSSL_FATAL_ERROR;
}
if (outSzA == outSzB){
#ifdef WOLFSSL_PIC32MZ_HASH
if(XMEMCMP(digestA, digestB, PIC32_DIGEST_SIZE) != 0){
return WOLFSSL_FATAL_ERROR;
}
#else
if(XMEMCMP(digestA, digestB, WC_SHA_DIGEST_SIZE) != 0){
return WOLFSSL_FATAL_ERROR;
}
#endif
else{
WOLFSSL_LEAVE("wolfSSL_X509_cmp", 0);
return 0;
}
}
else{
WOLFSSL_LEAVE("wolfSSL_X509_cmp", WOLFSSL_FATAL_ERROR); WOLFSSL_LEAVE("wolfSSL_X509_cmp", WOLFSSL_FATAL_ERROR);
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
WOLFSSL_LEAVE("wolfSSL_X509_cmp", 0);
return 0;
} }
#endif /* OPENSSL_ALL */ #endif /* OPENSSL_ALL */

29
tests/api.c
View File

@@ -23047,7 +23047,7 @@ static void test_wolfSSL_X509_INFO(void)
static void test_wolfSSL_X509_subject_name_hash(void) static void test_wolfSSL_X509_subject_name_hash(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_SHA) && !defined(NO_RSA) && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509; X509* x509;
X509_NAME* subjectName = NULL; X509_NAME* subjectName = NULL;
@@ -23059,10 +23059,32 @@ static void test_wolfSSL_X509_subject_name_hash(void)
SSL_FILETYPE_PEM)); SSL_FILETYPE_PEM));
AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
ret = X509_subject_name_hash(x509); ret = X509_subject_name_hash(x509);
AssertIntNE(ret, 0);
AssertIntNE(ret, WOLFSSL_FAILURE); X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_issuer_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509;
X509_NAME* issuertName = NULL;
unsigned long ret = 0;
printf(testingFmt, "wolfSSL_X509_issuer_name_hash()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
ret = X509_issuer_name_hash(x509);
AssertIntNE(ret, 0);
X509_free(x509); X509_free(x509);
printf(resultFmt, passed); printf(resultFmt, passed);
@@ -35536,6 +35558,7 @@ void ApiTest(void)
test_wolfSSL_X509_NAME(); test_wolfSSL_X509_NAME();
test_wolfSSL_X509_INFO(); test_wolfSSL_X509_INFO();
test_wolfSSL_X509_subject_name_hash(); test_wolfSSL_X509_subject_name_hash();
test_wolfSSL_X509_issuer_name_hash();
test_wolfSSL_DES(); test_wolfSSL_DES();
test_wolfSSL_certs(); test_wolfSSL_certs();
test_wolfSSL_ASN1_TIME_print(); test_wolfSSL_ASN1_TIME_print();

4
wolfssl/openssl/ssl.h
View File

@@ -379,7 +379,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_get_ext wolfSSL_X509_get_ext #define X509_get_ext wolfSSL_X509_get_ext
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID #define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name #define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name #define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore #define X509_get_notBefore wolfSSL_X509_get_notBefore
@@ -415,6 +417,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_email_free wolfSSL_X509_email_free #define X509_email_free wolfSSL_X509_email_free
#define X509_check_issued wolfSSL_X509_check_issued #define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup #define X509_dup wolfSSL_X509_dup
#define X509_add_ext wolfSSL_X509_add_ext
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
@@ -573,7 +576,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value #define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents #define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_check_purpose(...) 0 #define X509_check_purpose(...) 0

3
wolfssl/ssl.h
View File

@@ -1331,8 +1331,10 @@ WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
#endif #endif
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
WOLFSSL_X509*); WOLFSSL_X509*);
WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
WOLFSSL_X509*); WOLFSSL_X509*);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
@@ -3895,7 +3897,6 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u); WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey( WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length); WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */