From 7004b2eafcafc7c9f24c4d5251d0ec9e7c96e733 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 1 Apr 2013 13:49:21 -0700
Subject: [PATCH] certs still use SHA hash for names

---
 ctaocrypt/src/asn.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 72dee4f9f..4986fb02b 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -1436,9 +1436,7 @@ static int GetKey(DecodedCert* cert)
 /* process NAME, either issuer or subject */
 static int GetName(DecodedCert* cert, int nameType)
 {
-#ifndef NO_SHA
-    Sha    sha;
-#endif
+    Sha    sha;     /* MUST have SHA-1 hash for cert names */
     int    length;  /* length of all distinguished names */
     int    dummy;
     char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
@@ -1463,14 +1461,12 @@ static int GetName(DecodedCert* cert, int nameType)
     if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
         return ASN_PARSE_E;
 
-#ifndef NO_SHA
     InitSha(&sha);
     ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
     if (nameType == ISSUER)
         ShaFinal(&sha, cert->issuerHash);
     else
         ShaFinal(&sha, cert->subjectHash);
-#endif
 
     length += cert->srcIdx;
     idx = 0;