feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg.

Browse Source
This commit is contained in:
Daniel Pouzzner
2021-08-27 17:16:06 -05:00
parent ddda108de6
commit f1c1f76851
2 changed files with 31 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/ssl.c
View File

@@ -56161,36 +56161,55 @@ static int wolfssl_conf_value_cmp(const WOLFSSL_CONF_VALUE *a,
} }
} }
/* Use MD5 for hashing as OpenSSL uses a hash algorithm that is /* Use SHA for hashing as OpenSSL uses a hash algorithm that is
* "not as good as MD5, but still good" so using MD5 should * "not as good as MD5, but still good" so using SHA should be more
* be good enough for this application. The produced hashes don't * than good enough for this application. The produced hashes don't
* need to line up between OpenSSL and wolfSSL. The hashes are for * need to line up between OpenSSL and wolfSSL. The hashes are for
* internal indexing only */ * internal indexing only */
unsigned long wolfSSL_LH_strhash(const char *str) unsigned long wolfSSL_LH_strhash(const char *str)
{ {
unsigned long ret = 0; unsigned long ret = 0;
#ifndef NO_MD5 #ifndef NO_SHA
wc_Sha sha;
int strLen; int strLen;
byte digest[WC_MD5_DIGEST_SIZE]; byte digest[WC_SHA_DIGEST_SIZE];
#endif #endif
WOLFSSL_ENTER("wolfSSL_LH_strhash"); WOLFSSL_ENTER("wolfSSL_LH_strhash");
if (!str) if (!str)
return 0; return 0;
#ifndef NO_MD5 #ifndef NO_SHA
strLen = (int)XSTRLEN(str); strLen = (int)XSTRLEN(str);
if (wc_Md5Hash((const byte*)str, strLen, digest) != 0) {
WOLFSSL_MSG("wc_Md5Hash error"); if (wc_InitSha_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA1 Init failed");
return 0; return 0;
} }
ret = 0;
do {
if (wc_ShaUpdate(&sha, (const byte *)str, (word32)strLen) != 0) {
WOLFSSL_MSG("SHA1 Update failed");
break;
}
if (wc_ShaFinal(&sha, digest) != 0) {
WOLFSSL_MSG("SHA1 Final failed");
break;
}
ret = 1;
} while (0);
wc_ShaFree(&sha);
if (ret == 0)
return 0;
/* Take first 4 bytes in small endian as unsigned long */ /* Take first 4 bytes in small endian as unsigned long */
ret = (unsigned int)digest[0]; ret = (unsigned int)digest[0];
ret |= ((unsigned int)digest[1] << 8 ); ret |= ((unsigned int)digest[1] << 8 );
ret |= ((unsigned int)digest[2] << 16); ret |= ((unsigned int)digest[2] << 16);
ret |= ((unsigned int)digest[3] << 24); ret |= ((unsigned int)digest[3] << 24);
#else #else
WOLFSSL_MSG("No md5 available for wolfSSL_LH_strhash"); WOLFSSL_MSG("No SHA available for wolfSSL_LH_strhash");
#endif #endif
return ret; return ret;
} }

4
tests/api.c
View File

@@ -29505,7 +29505,7 @@ static void test_wolfSSL_lhash(void)
printf(testingFmt, "wolfSSL_LH_strhash()"); printf(testingFmt, "wolfSSL_LH_strhash()");
AssertIntEQ(lh_strhash(testStr), 0xb1231320); AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
@@ -42923,7 +42923,9 @@ static void test_wolfSSL_EVP_get_digestbynid(void)
printf(testingFmt, "wolfSSL_EVP_get_digestbynid"); printf(testingFmt, "wolfSSL_EVP_get_digestbynid");
#ifndef NO_MD5
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
#endif
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
AssertNull(wolfSSL_EVP_get_digestbynid(0)); AssertNull(wolfSSL_EVP_get_digestbynid(0));