ocsp: use SHA-256 for responder name if no-sha

2025-08-02 20:24:39 +02:00 · 2025-02-20 21:04:28 +00:00
parent 8b80cb10d6
commit c24b7d1041
2 changed files with 7 additions and 2 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -36950,7 +36950,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
        /* compute the hash of the name */
        resp->responderIdType = OCSP_RESPONDER_ID_NAME;
        ret = CalcHashId_ex(source + idx, length,
-                resp->responderId.nameHash, WC_SHA);
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
        if (ret != 0)
            return ret;
        idx += length;
@@ -37070,7 +37070,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
            ret = CalcHashId_ex(
                dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.data,
                dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.length,
-                resp->responderId.nameHash, WC_SHA);
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
        } else {
            resp->responderIdType = OCSP_RESPONDER_ID_KEY;
            if (dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT].length
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -2733,6 +2733,11 @@ struct OcspEntry
 };

 #define OCSP_RESPONDER_ID_KEY_SZ 20
+#if !defined(NO_SHA)
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA
+#else
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA256
+#endif
 enum responderIdType {
    OCSP_RESPONDER_ID_INVALID = 0,
    OCSP_RESPONDER_ID_NAME = 1,