forked from wolfSSL/wolfssl
Merge pull request #3199 from dgarske/openssl_sha
Fix for building openssl compat without SHA-1
This commit is contained in:
toddouska
GitHub
113
src/ssl.c
113
src/ssl.c
@ -4141,7 +4141,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
|
|||||||
static WC_INLINE word32 MakeWordFromHash(const byte* hashID)
|
static WC_INLINE word32 MakeWordFromHash(const byte* hashID)
|
||||||
{
|
{
|
||||||
return ((word32)hashID[0] << 24) | ((word32)hashID[1] << 16) |
|
return ((word32)hashID[0] << 24) | ((word32)hashID[1] << 16) |
|
||||||
(hashID[2] << 8) | hashID[3];
|
((word32)hashID[2] << 8) | (word32)hashID[3];
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* !NO_CERTS || !NO_SESSION_CACHE */
|
#endif /* !NO_CERTS || !NO_SESSION_CACHE */
|
||||||
@ -19783,9 +19783,10 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
|
#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA) || !defined(NO_SHA256))
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
* wolfSSL_X509_subject_name_hash - compute the hash digest of the raw subject name
|
* wolfSSL_X509_subject_name_hash - compute the hash digest of the raw subject name
|
||||||
|
* This function prefers SHA-1 (if available) for compatibility
|
||||||
*
|
*
|
||||||
* RETURNS:
|
* RETURNS:
|
||||||
* The beginning of the hash digest. Otherwise, returns zero.
|
* The beginning of the hash digest. Otherwise, returns zero.
|
||||||
@ -19795,36 +19796,59 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
|
|||||||
*/
|
*/
|
||||||
unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
|
unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
|
||||||
{
|
{
|
||||||
word32 ret = 0;
|
unsigned long ret = 0;
|
||||||
int retHash;
|
int retHash = NOT_COMPILED_IN;
|
||||||
WOLFSSL_X509_NAME *subjectName = NULL;
|
WOLFSSL_X509_NAME *subjectName = NULL;
|
||||||
|
byte digest[WC_MAX_DIGEST_SIZE];
|
||||||
|
|
||||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
if (x509 == NULL) {
|
||||||
byte digest[PIC32_DIGEST_SIZE];
|
return ret;
|
||||||
#else
|
|
||||||
byte digest[WC_SHA_DIGEST_SIZE];
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (x509 == NULL){
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
subjectName = wolfSSL_X509_get_subject_name((WOLFSSL_X509*)x509);
|
subjectName = wolfSSL_X509_get_subject_name((WOLFSSL_X509*)x509);
|
||||||
|
if (subjectName != NULL) {
|
||||||
if (subjectName != NULL){
|
#ifndef NO_SHA
|
||||||
retHash = wc_ShaHash((const byte*)subjectName->name,
|
retHash = wc_ShaHash((const byte*)subjectName->name,
|
||||||
(word32)subjectName->sz, digest);
|
(word32)subjectName->sz, digest);
|
||||||
|
#elif !defined(NO_SHA256)
|
||||||
if(retHash != 0){
|
retHash = wc_Sha256Hash((const byte*)subjectName->name,
|
||||||
WOLFSSL_MSG("Hash of X509 subjectName has failed");
|
(word32)subjectName->sz, digest);
|
||||||
return WOLFSSL_FAILURE;
|
#endif
|
||||||
|
if (retHash == 0) {
|
||||||
|
ret = (unsigned long)MakeWordFromHash(digest);
|
||||||
}
|
}
|
||||||
ret = MakeWordFromHash(digest);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return (unsigned long)ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA && !NO_SHA */
|
|
||||||
|
unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509)
|
||||||
|
{
|
||||||
|
unsigned long ret = 0;
|
||||||
|
int retHash = NOT_COMPILED_IN;
|
||||||
|
WOLFSSL_X509_NAME *issuerName = NULL;
|
||||||
|
byte digest[WC_MAX_DIGEST_SIZE];
|
||||||
|
|
||||||
|
if (x509 == NULL) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
issuerName = wolfSSL_X509_get_issuer_name((WOLFSSL_X509*)x509);
|
||||||
|
if (issuerName != NULL) {
|
||||||
|
#ifndef NO_SHA
|
||||||
|
retHash = wc_ShaHash((const byte*)issuerName->name,
|
||||||
|
(word32)issuerName->sz, digest);
|
||||||
|
#elif !defined(NO_SHA256)
|
||||||
|
retHash = wc_Sha256Hash((const byte*)issuerName->name,
|
||||||
|
(word32)issuerName->sz, digest);
|
||||||
|
#endif
|
||||||
|
if (retHash == 0) {
|
||||||
|
ret = (unsigned long)MakeWordFromHash(digest);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif /* OPENSSL_EXTRA && (!NO_SHA || !NO_SHA256) */
|
||||||
|
|
||||||
WOLFSSL_ABI
|
WOLFSSL_ABI
|
||||||
WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
|
WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
|
||||||
@ -20056,7 +20080,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
|
|||||||
|
|
||||||
#if defined(OPENSSL_ALL)
|
#if defined(OPENSSL_ALL)
|
||||||
/* Takes two WOLFSSL_X509* certificates and performs a Sha hash of each, if the
|
/* Takes two WOLFSSL_X509* certificates and performs a Sha hash of each, if the
|
||||||
* has values are the same, then it will do an XMEMCMP to confirm they are
|
* hash values are the same, then it will do an XMEMCMP to confirm they are
|
||||||
* identical. Returns a 0 when certificates match, returns a negative number
|
* identical. Returns a 0 when certificates match, returns a negative number
|
||||||
* when certificates are not a match.
|
* when certificates are not a match.
|
||||||
*/
|
*/
|
||||||
@ -20064,64 +20088,31 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||||||
{
|
{
|
||||||
const byte* derA;
|
const byte* derA;
|
||||||
const byte* derB;
|
const byte* derB;
|
||||||
int retHashA;
|
|
||||||
int retHashB;
|
|
||||||
int outSzA = 0;
|
int outSzA = 0;
|
||||||
int outSzB = 0;
|
int outSzB = 0;
|
||||||
|
|
||||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
|
||||||
byte digestA[PIC32_DIGEST_SIZE];
|
|
||||||
byte digestB[PIC32_DIGEST_SIZE];
|
|
||||||
#else
|
|
||||||
byte digestA[WC_SHA_DIGEST_SIZE];
|
|
||||||
byte digestB[WC_SHA_DIGEST_SIZE];
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (a == NULL || b == NULL){
|
if (a == NULL || b == NULL){
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
derA = wolfSSL_X509_get_der((WOLFSSL_X509*)a, &outSzA);
|
derA = wolfSSL_X509_get_der((WOLFSSL_X509*)a, &outSzA);
|
||||||
if(derA == NULL){
|
if (derA == NULL){
|
||||||
WOLFSSL_MSG("wolfSSL_X509_get_der - certificate A has failed");
|
WOLFSSL_MSG("wolfSSL_X509_get_der - certificate A has failed");
|
||||||
return WOLFSSL_FATAL_ERROR;
|
return WOLFSSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
derB = wolfSSL_X509_get_der((WOLFSSL_X509*)b, &outSzB);
|
derB = wolfSSL_X509_get_der((WOLFSSL_X509*)b, &outSzB);
|
||||||
if(derB == NULL){
|
if (derB == NULL){
|
||||||
WOLFSSL_MSG("wolfSSL_X509_get_der - certificate B has failed");
|
WOLFSSL_MSG("wolfSSL_X509_get_der - certificate B has failed");
|
||||||
return WOLFSSL_FATAL_ERROR;
|
return WOLFSSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
retHashA = wc_ShaHash(derA, (word32)outSzA, digestA);
|
if (outSzA != outSzB || XMEMCMP(derA, derB, outSzA) != 0) {
|
||||||
if(retHashA != 0){
|
|
||||||
WOLFSSL_MSG("Hash of certificate A has failed");
|
|
||||||
return WOLFSSL_FATAL_ERROR;
|
|
||||||
}
|
|
||||||
retHashB = wc_ShaHash(derB, (word32)outSzB, digestB);
|
|
||||||
if(retHashB != 0){
|
|
||||||
WOLFSSL_MSG("Hash of certificate B has failed");
|
|
||||||
return WOLFSSL_FATAL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (outSzA == outSzB){
|
|
||||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
|
||||||
if(XMEMCMP(digestA, digestB, PIC32_DIGEST_SIZE) != 0){
|
|
||||||
return WOLFSSL_FATAL_ERROR;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
if(XMEMCMP(digestA, digestB, WC_SHA_DIGEST_SIZE) != 0){
|
|
||||||
return WOLFSSL_FATAL_ERROR;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
else{
|
|
||||||
WOLFSSL_LEAVE("wolfSSL_X509_cmp", 0);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else{
|
|
||||||
WOLFSSL_LEAVE("wolfSSL_X509_cmp", WOLFSSL_FATAL_ERROR);
|
WOLFSSL_LEAVE("wolfSSL_X509_cmp", WOLFSSL_FATAL_ERROR);
|
||||||
return WOLFSSL_FATAL_ERROR;
|
return WOLFSSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WOLFSSL_LEAVE("wolfSSL_X509_cmp", 0);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_ALL */
|
#endif /* OPENSSL_ALL */
|
||||||
|
|
||||||
|
|||||||
29
tests/api.c
29
tests/api.c
@ -23047,7 +23047,7 @@ static void test_wolfSSL_X509_INFO(void)
|
|||||||
static void test_wolfSSL_X509_subject_name_hash(void)
|
static void test_wolfSSL_X509_subject_name_hash(void)
|
||||||
{
|
{
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
|
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
|
||||||
&& !defined(NO_SHA) && !defined(NO_RSA)
|
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
|
||||||
|
|
||||||
X509* x509;
|
X509* x509;
|
||||||
X509_NAME* subjectName = NULL;
|
X509_NAME* subjectName = NULL;
|
||||||
@ -23059,10 +23059,32 @@ static void test_wolfSSL_X509_subject_name_hash(void)
|
|||||||
SSL_FILETYPE_PEM));
|
SSL_FILETYPE_PEM));
|
||||||
|
|
||||||
AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
|
AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
|
||||||
|
|
||||||
ret = X509_subject_name_hash(x509);
|
ret = X509_subject_name_hash(x509);
|
||||||
|
AssertIntNE(ret, 0);
|
||||||
|
|
||||||
AssertIntNE(ret, WOLFSSL_FAILURE);
|
X509_free(x509);
|
||||||
|
printf(resultFmt, passed);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
static void test_wolfSSL_X509_issuer_name_hash(void)
|
||||||
|
{
|
||||||
|
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
|
||||||
|
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
|
||||||
|
|
||||||
|
X509* x509;
|
||||||
|
X509_NAME* issuertName = NULL;
|
||||||
|
unsigned long ret = 0;
|
||||||
|
|
||||||
|
printf(testingFmt, "wolfSSL_X509_issuer_name_hash()");
|
||||||
|
|
||||||
|
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
|
||||||
|
SSL_FILETYPE_PEM));
|
||||||
|
|
||||||
|
AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
|
||||||
|
ret = X509_issuer_name_hash(x509);
|
||||||
|
AssertIntNE(ret, 0);
|
||||||
|
|
||||||
X509_free(x509);
|
X509_free(x509);
|
||||||
printf(resultFmt, passed);
|
printf(resultFmt, passed);
|
||||||
@ -35536,6 +35558,7 @@ void ApiTest(void)
|
|||||||
test_wolfSSL_X509_NAME();
|
test_wolfSSL_X509_NAME();
|
||||||
test_wolfSSL_X509_INFO();
|
test_wolfSSL_X509_INFO();
|
||||||
test_wolfSSL_X509_subject_name_hash();
|
test_wolfSSL_X509_subject_name_hash();
|
||||||
|
test_wolfSSL_X509_issuer_name_hash();
|
||||||
test_wolfSSL_DES();
|
test_wolfSSL_DES();
|
||||||
test_wolfSSL_certs();
|
test_wolfSSL_certs();
|
||||||
test_wolfSSL_ASN1_TIME_print();
|
test_wolfSSL_ASN1_TIME_print();
|
||||||
|
|||||||
@ -379,7 +379,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||||||
#define X509_get_ext wolfSSL_X509_get_ext
|
#define X509_get_ext wolfSSL_X509_get_ext
|
||||||
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
|
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
|
||||||
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
|
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
|
||||||
|
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
|
||||||
#define X509_get_subject_name wolfSSL_X509_get_subject_name
|
#define X509_get_subject_name wolfSSL_X509_get_subject_name
|
||||||
|
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
|
||||||
#define X509_get_pubkey wolfSSL_X509_get_pubkey
|
#define X509_get_pubkey wolfSSL_X509_get_pubkey
|
||||||
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
|
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
|
||||||
#define X509_get_notBefore wolfSSL_X509_get_notBefore
|
#define X509_get_notBefore wolfSSL_X509_get_notBefore
|
||||||
@ -415,6 +417,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||||||
#define X509_email_free wolfSSL_X509_email_free
|
#define X509_email_free wolfSSL_X509_email_free
|
||||||
#define X509_check_issued wolfSSL_X509_check_issued
|
#define X509_check_issued wolfSSL_X509_check_issued
|
||||||
#define X509_dup wolfSSL_X509_dup
|
#define X509_dup wolfSSL_X509_dup
|
||||||
|
#define X509_add_ext wolfSSL_X509_add_ext
|
||||||
|
|
||||||
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
|
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
|
||||||
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
|
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
|
||||||
@ -573,7 +576,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
|||||||
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
|
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
|
||||||
|
|
||||||
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
|
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
|
||||||
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
|
|
||||||
|
|
||||||
#define X509_check_purpose(...) 0
|
#define X509_check_purpose(...) 0
|
||||||
|
|
||||||
|
|||||||
@ -1331,8 +1331,10 @@ WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
|
|||||||
#endif
|
#endif
|
||||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
|
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
|
||||||
WOLFSSL_X509*);
|
WOLFSSL_X509*);
|
||||||
|
WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
|
||||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
|
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
|
||||||
WOLFSSL_X509*);
|
WOLFSSL_X509*);
|
||||||
|
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
|
||||||
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
|
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
|
||||||
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
|
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
|
||||||
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
|
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
|
||||||
@ -3895,7 +3897,6 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
|
|||||||
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
|
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
|
||||||
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
|
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
|
||||||
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
|
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
|
||||||
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
|
|
||||||
|
|
||||||
|
|
||||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||||
|
|||||||
Reference in New Issue
Block a user