wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5913 from douzzer/20221219-no-sha-1-all-crypto

Browse Source 
20221219-no-sha-1-all-crypto
This commit is contained in:
David Garske
2022-12-22 17:02:58 -08:00
committed by GitHub
parent 1b18da7e87 455e76873c
commit 49d23cf60a
7 changed files with 147 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
configure.ac
View File

@ -2998,9 +2998,12 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ] [ ENABLED_DSA=no ]
) )
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes" if test "$enable_dsa" = ""
then then
ENABLED_DSA="yes" if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
then
ENABLED_DSA="yes"
fi
fi fi
if test "$ENABLED_DSA" = "no" if test "$ENABLED_DSA" = "no"
@ -4115,6 +4118,11 @@ else
fi fi
fi fi
if test "$ENABLED_SHA" = "no" && test "$ENABLED_DSA" != "no"
then
AC_MSG_ERROR([please disable DSA if disabling SHA-1.])
fi
# SipHash # SipHash
AC_ARG_ENABLE([siphash], AC_ARG_ENABLE([siphash],
@ -7746,8 +7754,9 @@ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])]) [AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_SHA" = "xno"], test "x$ENABLED_SHA" = "xno" && \
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])]) test "x$ENABLED_SHA256" = "xno"],
[AC_MSG_ERROR([please enable sha or sha256 if enabling pkcs7.])])
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \ test "x$ENABLED_AES" = "xno" && \

31
src/conf.c
View File

@ -330,7 +330,7 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
return 0; return 0;
} }
/* Use SHA for hashing as OpenSSL uses a hash algorithm that is /* Use SHA[256] for hashing as OpenSSL uses a hash algorithm that is
* "not as good as MD5, but still good" so using SHA should be more * "not as good as MD5, but still good" so using SHA should be more
* than good enough for this application. The produced hashes don't * than good enough for this application. The produced hashes don't
* need to line up between OpenSSL and wolfSSL. The hashes are for * need to line up between OpenSSL and wolfSSL. The hashes are for
@ -338,19 +338,21 @@ static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
unsigned long wolfSSL_LH_strhash(const char *str) unsigned long wolfSSL_LH_strhash(const char *str)
{ {
unsigned long ret = 0; unsigned long ret = 0;
#ifndef NO_SHA
wc_Sha sha;
int strLen; int strLen;
#if !defined(NO_SHA)
wc_Sha sha;
byte digest[WC_SHA_DIGEST_SIZE]; byte digest[WC_SHA_DIGEST_SIZE];
#elif !defined(NO_SHA256)
wc_Sha256 sha;
byte digest[WC_SHA256_DIGEST_SIZE];
#endif #endif
WOLFSSL_ENTER("wolfSSL_LH_strhash"); WOLFSSL_ENTER("wolfSSL_LH_strhash");
if (!str) if (!str)
return 0; return 0;
#ifndef NO_SHA
strLen = (int)XSTRLEN(str); strLen = (int)XSTRLEN(str);
#if !defined(NO_SHA)
if (wc_InitSha_ex(&sha, NULL, 0) != 0) { if (wc_InitSha_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA1 Init failed"); WOLFSSL_MSG("SHA1 Init failed");
return 0; return 0;
@ -366,6 +368,25 @@ unsigned long wolfSSL_LH_strhash(const char *str)
} }
} }
wc_ShaFree(&sha); wc_ShaFree(&sha);
#elif !defined(NO_SHA256)
if (wc_InitSha256_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA256 Init failed");
return 0;
}
ret = wc_Sha256Update(&sha, (const byte *)str, (word32)strLen);
if (ret != 0) {
WOLFSSL_MSG("SHA256 Update failed");
} else {
ret = wc_Sha256Final(&sha, digest);
if (ret != 0) {
WOLFSSL_MSG("SHA256 Final failed");
}
}
wc_Sha256Free(&sha);
#endif
#if !defined(NO_SHA) || !defined(NO_SHA256)
if (ret != 0) if (ret != 0)
return 0; return 0;

86
tests/api.c
View File

@ -20334,7 +20334,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
int result = TEST_SKIPPED; int result = TEST_SKIPPED;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\ #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
&& !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\ && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
&& !defined(NO_SHA) && !defined(NO_SHA256)
RsaKey key; RsaKey key;
WC_RNG rng; WC_RNG rng;
int ret; int ret;
@ -20372,7 +20372,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
/* Encrypt */ /* Encrypt */
if (ret == 0) { if (ret == 0) {
ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng, ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
if (ret >= 0) { if (ret >= 0) {
idx = ret; idx = ret;
ret = 0; ret = 0;
@ -20397,8 +20397,8 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
#endif #endif
if (ret == 0) { if (ret == 0) {
ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
WC_MGF1SHA1, NULL, 0); WC_MGF1SHA256, NULL, 0);
} }
if (ret >= 0) { if (ret >= 0) {
if (!XMEMCMP(plain, inStr, plainSz)) { if (!XMEMCMP(plain, inStr, plainSz)) {
@ -20417,8 +20417,8 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
if (ret == 0) { if (ret == 0) {
ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
&res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
WC_MGF1SHA1, NULL, 0); WC_MGF1SHA256, NULL, 0);
if (ret >= 0) { if (ret >= 0) {
if (!XMEMCMP(inStr, res, plainSz)) { if (!XMEMCMP(inStr, res, plainSz)) {
@ -28014,7 +28014,11 @@ static int test_wc_PKCS7_EncodeSignedData(void)
pkcs7->privateKey = key; pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk; pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh; pkcs7->hashOID = SHAh;
#endif
pkcs7->rng = &rng; pkcs7->rng = &rng;
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
@ -28078,7 +28082,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
word32 outputFootSz = (word32)sizeof(outputFoot); word32 outputFootSz = (word32)sizeof(outputFoot);
byte data[FOURK_BUF]; byte data[FOURK_BUF];
wc_HashAlg hash; wc_HashAlg hash;
#ifdef NO_SHA
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
#else
enum wc_HashType hashType = WC_HASH_TYPE_SHA; enum wc_HashType hashType = WC_HASH_TYPE_SHA;
#endif
byte hashBuf[WC_MAX_DIGEST_SIZE]; byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType); word32 hashSz = wc_HashGetDigestSize(hashType);
@ -28164,7 +28172,11 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
pkcs7->privateKey = key; pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk; pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh; pkcs7->hashOID = SHAh;
#endif
pkcs7->rng = &rng; pkcs7->rng = &rng;
/* calculate hash for content */ /* calculate hash for content */
@ -28535,7 +28547,11 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
else { else {
pkcs7->encryptOID = ECDSAk; pkcs7->encryptOID = ECDSAk;
} }
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh; pkcs7->hashOID = SHAh;
#endif
pkcs7->rng = &rng; pkcs7->rng = &rng;
if (withAttribs) { if (withAttribs) {
/* include a signed attribute */ /* include a signed attribute */
@ -28582,7 +28598,11 @@ static int test_wc_PKCS7_VerifySignedData(void)
int ret; int ret;
wc_HashAlg hash; wc_HashAlg hash;
#ifdef NO_SHA
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
#else
enum wc_HashType hashType = WC_HASH_TYPE_SHA; enum wc_HashType hashType = WC_HASH_TYPE_SHA;
#endif
byte hashBuf[WC_MAX_DIGEST_SIZE]; byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType); word32 hashSz = wc_HashGetDigestSize(hashType);
@ -28912,27 +28932,27 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
!defined(NO_SHA256) || defined(WOLFSSL_SHA512))) !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
/* RSA certs and keys. */ /* RSA certs and keys. */
#if defined(USE_CERT_BUFFERS_1024) #if defined(USE_CERT_BUFFERS_1024)
rsaCertSz = (word32)sizeof_client_cert_der_1024;
/* Allocate buffer space. */ /* Allocate buffer space. */
AssertNotNull(rsaCert = AssertNotNull(rsaCert =
(byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */ /* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_1024;
XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz); XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_1024; rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz); XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
#elif defined(USE_CERT_BUFFERS_2048) #elif defined(USE_CERT_BUFFERS_2048)
rsaCertSz = (word32)sizeof_client_cert_der_2048;
/* Allocate buffer */ /* Allocate buffer */
AssertNotNull(rsaCert = AssertNotNull(rsaCert =
(byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */ /* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_2048;
XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz); XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_2048; rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz); XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
#else #else
@ -29173,7 +29193,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
wc_FreeRng(&rng); wc_FreeRng(&rng);
#endif #endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
!defined(NO_RSA) && !defined(NO_SHA)
{ {
byte out[7]; byte out[7];
byte *cms; byte *cms;
@ -29202,7 +29223,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
AssertIntEQ(XMEMCMP(out, "test", 4), 0); AssertIntEQ(XMEMCMP(out, "test", 4), 0);
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
} }
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */ #endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
res = TEST_RES_CHECK(1); res = TEST_RES_CHECK(1);
#endif /* HAVE_PKCS7 */ #endif /* HAVE_PKCS7 */
@ -29431,7 +29452,7 @@ static int test_wc_PKCS7_Degenerate(void)
} /* END test_wc_PKCS7_Degenerate() */ } /* END test_wc_PKCS7_Degenerate() */
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER) && !defined(NO_DES3) defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA)
static byte berContent[] = { static byte berContent[] = {
0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30, 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
@ -29621,7 +29642,9 @@ static byte berContent[] = {
0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00 0x00, 0x00, 0x00, 0x00, 0x00
}; };
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */ #endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
* !NO_DES3 && !NO_SHA
*/
/* /*
* Testing wc_PKCS7_BER() * Testing wc_PKCS7_BER()
@ -29630,7 +29653,7 @@ static int test_wc_PKCS7_BER(void)
{ {
int res = TEST_SKIPPED; int res = TEST_SKIPPED;
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER) !defined(NO_SHA) && defined(ASN_BER_TO_DER)
PKCS7* pkcs7; PKCS7* pkcs7;
char fName[] = "./certs/test-ber-exp02-05-2022.p7b"; char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
XFILE f; XFILE f;
@ -30505,7 +30528,11 @@ static int test_wolfSSL_lhash(void)
"We were born\n" "We were born\n"
"Born to be wild"; "Born to be wild";
#ifdef NO_SHA
AssertIntEQ(lh_strhash(testStr), 0xf9dc8a43);
#else
AssertIntEQ(lh_strhash(testStr), 0x5b7541dc); AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);
#endif
res = TEST_RES_CHECK(1); res = TEST_RES_CHECK(1);
#endif #endif
@ -34421,7 +34448,11 @@ static int test_wolfSSL_PKCS7_certs(void)
for (i = 0; i < 2; i++) { for (i = 0; i < 2; i++) {
AssertNotNull(p7 = PKCS7_new()); AssertNotNull(p7 = PKCS7_new());
p7->version = 1; p7->version = 1;
#ifdef NO_SHA
p7->hashOID = SHA256h;
#else
p7->hashOID = SHAh; p7->hashOID = SHAh;
#endif
AssertNotNull(bio = BIO_new(BIO_s_file())); AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
@ -38843,7 +38874,7 @@ static int test_wolfSSL_PKCS8_d2i(void)
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes); AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio); BIO_free(bio);
#ifndef NO_DES3 #if !defined(NO_DES3) && !defined(NO_SHA)
AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write Encrypted PKCS#8 PEM to BIO. */ /* Write Encrypted PKCS#8 PEM to BIO. */
bytes = 1834; bytes = 1834;
@ -38853,7 +38884,7 @@ static int test_wolfSSL_PKCS8_d2i(void)
(void*)"yassl123")); (void*)"yassl123"));
EVP_PKEY_free(evpPkey); EVP_PKEY_free(evpPkey);
BIO_free(bio); BIO_free(bio);
#endif /* !NO_DES3 */ #endif /* !NO_DES3 && !NO_SHA */
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ #endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
@ -45346,7 +45377,12 @@ static int test_wolfSSL_EVP_get_digestbynid(void)
#ifndef NO_MD5 #ifndef NO_MD5
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
#endif #endif
#ifndef NO_SHA
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
#endif
#ifndef NO_SHA256
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256));
#endif
AssertNull(wolfSSL_EVP_get_digestbynid(0)); AssertNull(wolfSSL_EVP_get_digestbynid(0));
return TEST_RES_CHECK(1); return TEST_RES_CHECK(1);
@ -48993,7 +49029,11 @@ static int test_wolfssl_PKCS7(void)
pkcs7->privateKey = key; pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk; pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh; pkcs7->hashOID = SHAh;
#endif
AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655); AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655);
@ -49304,7 +49344,11 @@ static int test_wolfSSL_PEM_write_bio_PKCS7(void)
pkcs7->privateKey = key; pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk; pkcs7->encryptOID = RSAk;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh; pkcs7->hashOID = SHAh;
#endif
pkcs7->signedAttribs = NULL; pkcs7->signedAttribs = NULL;
pkcs7->signedAttribsSz = 0; pkcs7->signedAttribsSz = 0;

34
tests/srp.c
View File

@ -35,9 +35,6 @@
static byte username[] = "user"; static byte username[] = "user";
static word32 usernameSz = 4; static word32 usernameSz = 4;
static byte password[] = "password";
static word32 passwordSz = 8;
static byte srp_N[] = { static byte srp_N[] = {
0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E, 0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E,
0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3, 0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3,
@ -55,6 +52,17 @@ static byte srp_salt[] = {
0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18 0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18
}; };
#ifdef NO_SHA
#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA256
#else /* SHA-1 */
#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA
static byte password[] = "password";
static word32 passwordSz = 8;
static byte srp_verifier[] = { static byte srp_verifier[] = {
0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61, 0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61,
0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47, 0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47,
@ -111,17 +119,21 @@ static byte srp_server_proof[] = {
0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75 0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75
}; };
#endif /* SHA-1 */
static void test_SrpInit(void) static void test_SrpInit(void)
{ {
Srp srp; Srp srp;
/* invalid params */ /* invalid params */
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
SRP_CLIENT_SIDE));
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE)); AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, (SrpSide)255)); AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
(SrpSide)255));
/* success */ /* success */
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
wc_SrpTerm(&srp); wc_SrpTerm(&srp);
} }
@ -130,7 +142,7 @@ static void test_SrpSetUsername(void)
{ {
Srp srp; Srp srp;
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
/* invalid params */ /* invalid params */
AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz)); AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
@ -148,7 +160,7 @@ static void test_SrpSetParams(void)
{ {
Srp srp; Srp srp;
AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
/* invalid call order */ /* invalid call order */
AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp, AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp,
@ -188,6 +200,8 @@ static void test_SrpSetParams(void)
wc_SrpTerm(&srp); wc_SrpTerm(&srp);
} }
#ifndef NO_SHA
static void test_SrpSetPassword(void) static void test_SrpSetPassword(void)
{ {
Srp srp; Srp srp;
@ -435,6 +449,8 @@ static void test_SrpGetProofAndVerify(void)
wc_SrpTerm(&srv); wc_SrpTerm(&srv);
} }
#endif /* !NO_SHA */
static int sha512_key_gen(Srp* srp, byte* secret, word32 size) static int sha512_key_gen(Srp* srp, byte* secret, word32 size)
{ {
wc_Sha512 hash; wc_Sha512 hash;
@ -829,10 +845,12 @@ void SrpTest(void)
test_SrpInit(); test_SrpInit();
test_SrpSetUsername(); test_SrpSetUsername();
test_SrpSetParams(); test_SrpSetParams();
#ifndef NO_SHA
test_SrpSetPassword(); test_SrpSetPassword();
test_SrpGetPublic(); test_SrpGetPublic();
test_SrpComputeKey(); test_SrpComputeKey();
test_SrpGetProofAndVerify(); test_SrpGetProofAndVerify();
#endif /* !NO_SHA */
test_SrpKeyGenFunc_cb(); test_SrpKeyGenFunc_cb();
wolfCrypt_Cleanup(); wolfCrypt_Cleanup();
#endif #endif

2
wolfcrypt/src/pkcs7.c
View File

@ -10078,10 +10078,10 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
#if !defined(NO_PWDBASED) && !defined(NO_SHA) #if !defined(NO_PWDBASED) && !defined(NO_SHA)
ret = wc_PKCS7_DecryptPwri(pkcs7, in, inSz, idx, ret = wc_PKCS7_DecryptPwri(pkcs7, in, inSz, idx,
decryptedKey, decryptedKeySz, recipFound); decryptedKey, decryptedKeySz, recipFound);
break;
#else #else
return NOT_COMPILED_IN; return NOT_COMPILED_IN;
#endif #endif
break;
case WC_PKCS7_DECRYPT_ORI: case WC_PKCS7_DECRYPT_ORI:
ret = wc_PKCS7_DecryptOri(pkcs7, in, inSz, idx, ret = wc_PKCS7_DecryptOri(pkcs7, in, inSz, idx,

14
wolfcrypt/test/test.c
View File

@ -37474,6 +37474,19 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
int decodedSz = FOURK_BUF/2; int decodedSz = FOURK_BUF/2;
WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = { WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
#ifdef NO_SHA
#ifdef USE_CERT_BUFFERS_1024
0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9,
0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2,
0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06,
0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9
#else
0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36,
0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e,
0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4,
0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71
#endif
#else /* !NO_SHA */
#ifdef USE_CERT_BUFFERS_1024 #ifdef USE_CERT_BUFFERS_1024
0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34, 0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75, 0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
@ -37483,6 +37496,7 @@ static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
0xD7, 0x85, 0x65, 0xC0 0xD7, 0x85, 0x65, 0xC0
#endif #endif
#endif /* !NO_SHA */
}; };
decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

4
wolfssl/openssl/evp.h
View File

@ -733,12 +733,12 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
int keylen, unsigned char *out); int keylen, unsigned char *out);
#if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \ #if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \
!defined(NO_SHA) !defined(NO_SHA256)
WOLFSSL_API int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen, WOLFSSL_API int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen,
const unsigned char *salt, size_t saltlen, const unsigned char *salt, size_t saltlen,
word64 N, word64 r, word64 p, word64 N, word64 r, word64 p,
word64 maxmem, unsigned char *key, size_t keylen); word64 maxmem, unsigned char *key, size_t keylen);
#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */ #endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA256 */
WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
int* pHash, int* pHashSz); int* pHash, int* pHashSz);