mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
Merge pull request #5913 from douzzer/20221219-no-sha-1-all-crypto
20221219-no-sha-1-all-crypto
This commit is contained in:
David Garske
GitHub
17
configure.ac
17
configure.ac
@ -2998,9 +2998,12 @@ AC_ARG_ENABLE([dsa],
|
||||
[ ENABLED_DSA=no ]
|
||||
)
|
||||
|
||||
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
|
||||
if test "$enable_dsa" = ""
|
||||
then
|
||||
ENABLED_DSA="yes"
|
||||
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
|
||||
then
|
||||
ENABLED_DSA="yes"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_DSA" = "no"
|
||||
@ -4115,6 +4118,11 @@ else
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SHA" = "no" && test "$ENABLED_DSA" != "no"
|
||||
then
|
||||
AC_MSG_ERROR([please disable DSA if disabling SHA-1.])
|
||||
fi
|
||||
|
||||
|
||||
# SipHash
|
||||
AC_ARG_ENABLE([siphash],
|
||||
@ -7746,8 +7754,9 @@ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
||||
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
|
||||
|
||||
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
||||
test "x$ENABLED_SHA" = "xno"],
|
||||
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
|
||||
test "x$ENABLED_SHA" = "xno" && \
|
||||
test "x$ENABLED_SHA256" = "xno"],
|
||||
[AC_MSG_ERROR([please enable sha or sha256 if enabling pkcs7.])])
|
||||
|
||||
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
||||
test "x$ENABLED_AES" = "xno" && \
|
||||
|
||||
31
src/conf.c
31
src/conf.c
@ -330,7 +330,7 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Use SHA for hashing as OpenSSL uses a hash algorithm that is
|
||||
/* Use SHA[256] for hashing as OpenSSL uses a hash algorithm that is
|
||||
* "not as good as MD5, but still good" so using SHA should be more
|
||||
* than good enough for this application. The produced hashes don't
|
||||
* need to line up between OpenSSL and wolfSSL. The hashes are for
|
||||
@ -338,19 +338,21 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
|
||||
unsigned long wolfSSL_LH_strhash(const char *str)
|
||||
{
|
||||
unsigned long ret = 0;
|
||||
#ifndef NO_SHA
|
||||
wc_Sha sha;
|
||||
int strLen;
|
||||
#if !defined(NO_SHA)
|
||||
wc_Sha sha;
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
#elif !defined(NO_SHA256)
|
||||
wc_Sha256 sha;
|
||||
byte digest[WC_SHA256_DIGEST_SIZE];
|
||||
#endif
|
||||
WOLFSSL_ENTER("wolfSSL_LH_strhash");
|
||||
|
||||
if (!str)
|
||||
return 0;
|
||||
|
||||
#ifndef NO_SHA
|
||||
strLen = (int)XSTRLEN(str);
|
||||
|
||||
#if !defined(NO_SHA)
|
||||
if (wc_InitSha_ex(&sha, NULL, 0) != 0) {
|
||||
WOLFSSL_MSG("SHA1 Init failed");
|
||||
return 0;
|
||||
@ -366,6 +368,25 @@ unsigned long wolfSSL_LH_strhash(const char *str)
|
||||
}
|
||||
}
|
||||
wc_ShaFree(&sha);
|
||||
#elif !defined(NO_SHA256)
|
||||
if (wc_InitSha256_ex(&sha, NULL, 0) != 0) {
|
||||
WOLFSSL_MSG("SHA256 Init failed");
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = wc_Sha256Update(&sha, (const byte *)str, (word32)strLen);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("SHA256 Update failed");
|
||||
} else {
|
||||
ret = wc_Sha256Final(&sha, digest);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("SHA256 Final failed");
|
||||
}
|
||||
}
|
||||
wc_Sha256Free(&sha);
|
||||
#endif
|
||||
|
||||
#if !defined(NO_SHA) || !defined(NO_SHA256)
|
||||
if (ret != 0)
|
||||
return 0;
|
||||
|
||||
|
||||
86
tests/api.c
86
tests/api.c
@ -20334,7 +20334,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
|
||||
int result = TEST_SKIPPED;
|
||||
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
|
||||
&& !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
|
||||
&& !defined(NO_SHA)
|
||||
&& !defined(NO_SHA256)
|
||||
RsaKey key;
|
||||
WC_RNG rng;
|
||||
int ret;
|
||||
@ -20372,7 +20372,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
|
||||
/* Encrypt */
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
|
||||
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
|
||||
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
|
||||
if (ret >= 0) {
|
||||
idx = ret;
|
||||
ret = 0;
|
||||
@ -20397,8 +20397,8 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
|
||||
plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
|
||||
WC_MGF1SHA1, NULL, 0);
|
||||
plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
|
||||
WC_MGF1SHA256, NULL, 0);
|
||||
}
|
||||
if (ret >= 0) {
|
||||
if (!XMEMCMP(plain, inStr, plainSz)) {
|
||||
@ -20417,8 +20417,8 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
|
||||
&res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
|
||||
WC_MGF1SHA1, NULL, 0);
|
||||
&res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
|
||||
WC_MGF1SHA256, NULL, 0);
|
||||
|
||||
if (ret >= 0) {
|
||||
if (!XMEMCMP(inStr, res, plainSz)) {
|
||||
@ -28014,7 +28014,11 @@ static int test_wc_PKCS7_EncodeSignedData(void)
|
||||
pkcs7->privateKey = key;
|
||||
pkcs7->privateKeySz = (word32)sizeof(key);
|
||||
pkcs7->encryptOID = RSAk;
|
||||
#ifdef NO_SHA
|
||||
pkcs7->hashOID = SHA256h;
|
||||
#else
|
||||
pkcs7->hashOID = SHAh;
|
||||
#endif
|
||||
pkcs7->rng = &rng;
|
||||
|
||||
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
|
||||
@ -28078,7 +28082,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
|
||||
word32 outputFootSz = (word32)sizeof(outputFoot);
|
||||
byte data[FOURK_BUF];
|
||||
wc_HashAlg hash;
|
||||
#ifdef NO_SHA
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
|
||||
#else
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
|
||||
#endif
|
||||
byte hashBuf[WC_MAX_DIGEST_SIZE];
|
||||
word32 hashSz = wc_HashGetDigestSize(hashType);
|
||||
|
||||
@ -28164,7 +28172,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
|
||||
pkcs7->privateKey = key;
|
||||
pkcs7->privateKeySz = (word32)sizeof(key);
|
||||
pkcs7->encryptOID = RSAk;
|
||||
#ifdef NO_SHA
|
||||
pkcs7->hashOID = SHA256h;
|
||||
#else
|
||||
pkcs7->hashOID = SHAh;
|
||||
#endif
|
||||
pkcs7->rng = &rng;
|
||||
|
||||
/* calculate hash for content */
|
||||
@ -28535,7 +28547,11 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
|
||||
else {
|
||||
pkcs7->encryptOID = ECDSAk;
|
||||
}
|
||||
#ifdef NO_SHA
|
||||
pkcs7->hashOID = SHA256h;
|
||||
#else
|
||||
pkcs7->hashOID = SHAh;
|
||||
#endif
|
||||
pkcs7->rng = &rng;
|
||||
if (withAttribs) {
|
||||
/* include a signed attribute */
|
||||
@ -28582,7 +28598,11 @@ static int test_wc_PKCS7_VerifySignedData(void)
|
||||
|
||||
int ret;
|
||||
wc_HashAlg hash;
|
||||
#ifdef NO_SHA
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
|
||||
#else
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
|
||||
#endif
|
||||
byte hashBuf[WC_MAX_DIGEST_SIZE];
|
||||
word32 hashSz = wc_HashGetDigestSize(hashType);
|
||||
|
||||
@ -28912,27 +28932,27 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
|
||||
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
|
||||
/* RSA certs and keys. */
|
||||
#if defined(USE_CERT_BUFFERS_1024)
|
||||
rsaCertSz = (word32)sizeof_client_cert_der_1024;
|
||||
/* Allocate buffer space. */
|
||||
AssertNotNull(rsaCert =
|
||||
(byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
|
||||
(byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
|
||||
/* Init buffer. */
|
||||
rsaCertSz = (word32)sizeof_client_cert_der_1024;
|
||||
XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
|
||||
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
|
||||
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
|
||||
|
||||
#elif defined(USE_CERT_BUFFERS_2048)
|
||||
rsaCertSz = (word32)sizeof_client_cert_der_2048;
|
||||
/* Allocate buffer */
|
||||
AssertNotNull(rsaCert =
|
||||
(byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
|
||||
(byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
|
||||
/* Init buffer. */
|
||||
rsaCertSz = (word32)sizeof_client_cert_der_2048;
|
||||
XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
|
||||
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
|
||||
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
|
||||
|
||||
#else
|
||||
@ -29173,7 +29193,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
|
||||
wc_FreeRng(&rng);
|
||||
#endif
|
||||
|
||||
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA)
|
||||
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
|
||||
!defined(NO_RSA) && !defined(NO_SHA)
|
||||
{
|
||||
byte out[7];
|
||||
byte *cms;
|
||||
@ -29202,7 +29223,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
|
||||
AssertIntEQ(XMEMCMP(out, "test", 4), 0);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
}
|
||||
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */
|
||||
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
|
||||
|
||||
res = TEST_RES_CHECK(1);
|
||||
#endif /* HAVE_PKCS7 */
|
||||
@ -29431,7 +29452,7 @@ static int test_wc_PKCS7_Degenerate(void)
|
||||
} /* END test_wc_PKCS7_Degenerate() */
|
||||
|
||||
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
|
||||
defined(ASN_BER_TO_DER) && !defined(NO_DES3)
|
||||
defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA)
|
||||
static byte berContent[] = {
|
||||
0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
|
||||
0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
|
||||
@ -29621,7 +29642,9 @@ static byte berContent[] = {
|
||||
0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00
|
||||
};
|
||||
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */
|
||||
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
|
||||
* !NO_DES3 && !NO_SHA
|
||||
*/
|
||||
|
||||
/*
|
||||
* Testing wc_PKCS7_BER()
|
||||
@ -29630,7 +29653,7 @@ static int test_wc_PKCS7_BER(void)
|
||||
{
|
||||
int res = TEST_SKIPPED;
|
||||
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
|
||||
defined(ASN_BER_TO_DER)
|
||||
!defined(NO_SHA) && defined(ASN_BER_TO_DER)
|
||||
PKCS7* pkcs7;
|
||||
char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
|
||||
XFILE f;
|
||||
@ -30505,7 +30528,11 @@ static int test_wolfSSL_lhash(void)
|
||||
"We were born\n"
|
||||
"Born to be wild";
|
||||
|
||||
#ifdef NO_SHA
|
||||
AssertIntEQ(lh_strhash(testStr), 0xf9dc8a43);
|
||||
#else
|
||||
AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);
|
||||
#endif
|
||||
|
||||
res = TEST_RES_CHECK(1);
|
||||
#endif
|
||||
@ -34421,7 +34448,11 @@ static int test_wolfSSL_PKCS7_certs(void)
|
||||
for (i = 0; i < 2; i++) {
|
||||
AssertNotNull(p7 = PKCS7_new());
|
||||
p7->version = 1;
|
||||
#ifdef NO_SHA
|
||||
p7->hashOID = SHA256h;
|
||||
#else
|
||||
p7->hashOID = SHAh;
|
||||
#endif
|
||||
AssertNotNull(bio = BIO_new(BIO_s_file()));
|
||||
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
|
||||
AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
|
||||
@ -38843,7 +38874,7 @@ static int test_wolfSSL_PKCS8_d2i(void)
|
||||
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
|
||||
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
|
||||
BIO_free(bio);
|
||||
#ifndef NO_DES3
|
||||
#if !defined(NO_DES3) && !defined(NO_SHA)
|
||||
AssertNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
/* Write Encrypted PKCS#8 PEM to BIO. */
|
||||
bytes = 1834;
|
||||
@ -38853,7 +38884,7 @@ static int test_wolfSSL_PKCS8_d2i(void)
|
||||
(void*)"yassl123"));
|
||||
EVP_PKEY_free(evpPkey);
|
||||
BIO_free(bio);
|
||||
#endif /* !NO_DES3 */
|
||||
#endif /* !NO_DES3 && !NO_SHA */
|
||||
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
@ -45346,7 +45377,12 @@ static int test_wolfSSL_EVP_get_digestbynid(void)
|
||||
#ifndef NO_MD5
|
||||
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256));
|
||||
#endif
|
||||
AssertNull(wolfSSL_EVP_get_digestbynid(0));
|
||||
|
||||
return TEST_RES_CHECK(1);
|
||||
@ -48993,7 +49029,11 @@ static int test_wolfssl_PKCS7(void)
|
||||
pkcs7->privateKey = key;
|
||||
pkcs7->privateKeySz = (word32)sizeof(key);
|
||||
pkcs7->encryptOID = RSAk;
|
||||
#ifdef NO_SHA
|
||||
pkcs7->hashOID = SHA256h;
|
||||
#else
|
||||
pkcs7->hashOID = SHAh;
|
||||
#endif
|
||||
AssertNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
|
||||
AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655);
|
||||
@ -49304,7 +49344,11 @@ static int test_wolfSSL_PEM_write_bio_PKCS7(void)
|
||||
pkcs7->privateKey = key;
|
||||
pkcs7->privateKeySz = (word32)sizeof(key);
|
||||
pkcs7->encryptOID = RSAk;
|
||||
#ifdef NO_SHA
|
||||
pkcs7->hashOID = SHA256h;
|
||||
#else
|
||||
pkcs7->hashOID = SHAh;
|
||||
#endif
|
||||
pkcs7->signedAttribs = NULL;
|
||||
pkcs7->signedAttribsSz = 0;
|
||||
|
||||
|
||||
34
tests/srp.c
34
tests/srp.c
@ -35,9 +35,6 @@
|
||||
static byte username[] = "user";
|
||||
static word32 usernameSz = 4;
|
||||
|
||||
static byte password[] = "password";
|
||||
static word32 passwordSz = 8;
|
||||
|
||||
static byte srp_N[] = {
|
||||
0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E,
|
||||
0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3,
|
||||
@ -55,6 +52,17 @@ static byte srp_salt[] = {
|
||||
0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18
|
||||
};
|
||||
|
||||
#ifdef NO_SHA
|
||||
|
||||
#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA256
|
||||
|
||||
#else /* SHA-1 */
|
||||
|
||||
#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA
|
||||
|
||||
static byte password[] = "password";
|
||||
static word32 passwordSz = 8;
|
||||
|
||||
static byte srp_verifier[] = {
|
||||
0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61,
|
||||
0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47,
|
||||
@ -111,17 +119,21 @@ static byte srp_server_proof[] = {
|
||||
0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75
|
||||
};
|
||||
|
||||
#endif /* SHA-1 */
|
||||
|
||||
static void test_SrpInit(void)
|
||||
{
|
||||
Srp srp;
|
||||
|
||||
/* invalid params */
|
||||
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
|
||||
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
|
||||
SRP_CLIENT_SIDE));
|
||||
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
|
||||
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, (SrpSide)255));
|
||||
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
|
||||
(SrpSide)255));
|
||||
|
||||
/* success */
|
||||
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
|
||||
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
|
||||
|
||||
wc_SrpTerm(&srp);
|
||||
}
|
||||
@ -130,7 +142,7 @@ static void test_SrpSetUsername(void)
|
||||
{
|
||||
Srp srp;
|
||||
|
||||
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
|
||||
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
|
||||
|
||||
/* invalid params */
|
||||
AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
|
||||
@ -148,7 +160,7 @@ static void test_SrpSetParams(void)
|
||||
{
|
||||
Srp srp;
|
||||
|
||||
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
|
||||
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
|
||||
|
||||
/* invalid call order */
|
||||
AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp,
|
||||
@ -188,6 +200,8 @@ static void test_SrpSetParams(void)
|
||||
wc_SrpTerm(&srp);
|
||||
}
|
||||
|
||||
#ifndef NO_SHA
|
||||
|
||||
static void test_SrpSetPassword(void)
|
||||
{
|
||||
Srp srp;
|
||||
@ -435,6 +449,8 @@ static void test_SrpGetProofAndVerify(void)
|
||||
wc_SrpTerm(&srv);
|
||||
}
|
||||
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
static int sha512_key_gen(Srp* srp, byte* secret, word32 size)
|
||||
{
|
||||
wc_Sha512 hash;
|
||||
@ -829,10 +845,12 @@ void SrpTest(void)
|
||||
test_SrpInit();
|
||||
test_SrpSetUsername();
|
||||
test_SrpSetParams();
|
||||
#ifndef NO_SHA
|
||||
test_SrpSetPassword();
|
||||
test_SrpGetPublic();
|
||||
test_SrpComputeKey();
|
||||
test_SrpGetProofAndVerify();
|
||||
#endif /* !NO_SHA */
|
||||
test_SrpKeyGenFunc_cb();
|
||||
wolfCrypt_Cleanup();
|
||||
#endif
|
||||
|
||||
@ -10078,10 +10078,10 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
|
||||
#if !defined(NO_PWDBASED) && !defined(NO_SHA)
|
||||
ret = wc_PKCS7_DecryptPwri(pkcs7, in, inSz, idx,
|
||||
decryptedKey, decryptedKeySz, recipFound);
|
||||
break;
|
||||
#else
|
||||
return NOT_COMPILED_IN;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case WC_PKCS7_DECRYPT_ORI:
|
||||
ret = wc_PKCS7_DecryptOri(pkcs7, in, inSz, idx,
|
||||
|
||||
@ -37474,6 +37474,19 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
|
||||
int decodedSz = FOURK_BUF/2;
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
|
||||
#ifdef NO_SHA
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9,
|
||||
0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2,
|
||||
0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06,
|
||||
0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9
|
||||
#else
|
||||
0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36,
|
||||
0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e,
|
||||
0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4,
|
||||
0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71
|
||||
#endif
|
||||
#else /* !NO_SHA */
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
|
||||
0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
|
||||
@ -37483,6 +37496,7 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
|
||||
0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
|
||||
0xD7, 0x85, 0x65, 0xC0
|
||||
#endif
|
||||
#endif /* !NO_SHA */
|
||||
};
|
||||
|
||||
decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
@ -733,12 +733,12 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
|
||||
int keylen, unsigned char *out);
|
||||
|
||||
#if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \
|
||||
!defined(NO_SHA)
|
||||
!defined(NO_SHA256)
|
||||
WOLFSSL_API int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen,
|
||||
const unsigned char *salt, size_t saltlen,
|
||||
word64 N, word64 r, word64 p,
|
||||
word64 maxmem, unsigned char *key, size_t keylen);
|
||||
#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */
|
||||
#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA256 */
|
||||
|
||||
WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
|
||||
int* pHash, int* pHashSz);
|
||||
|
||||
Reference in New Issue
Block a user