From c24b7d1041d1d53ba17b0feeb2dc9f5e4533a289 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Thu, 20 Feb 2025 21:04:28 +0000
Subject: [PATCH] ocsp: use SHA-256 for responder name if no-sha

---
 wolfcrypt/src/asn.c     | 4 ++--
 wolfssl/wolfcrypt/asn.h | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 1969b3429..8792d382a 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -36950,7 +36950,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
         /* compute the hash of the name */
         resp->responderIdType = OCSP_RESPONDER_ID_NAME;
         ret = CalcHashId_ex(source + idx, length,
-                resp->responderId.nameHash, WC_SHA);
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
         if (ret != 0)
             return ret;
         idx += length;
@@ -37070,7 +37070,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
             ret = CalcHashId_ex(
                 dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.data,
                 dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.length,
-                resp->responderId.nameHash, WC_SHA);
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
         } else {
             resp->responderIdType = OCSP_RESPONDER_ID_KEY;
             if (dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT].length
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 67de9651d..abe037334 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -2733,6 +2733,11 @@ struct OcspEntry
 };
 
 #define OCSP_RESPONDER_ID_KEY_SZ 20
+#if !defined(NO_SHA)
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA
+#else
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA256
+#endif
 enum responderIdType {
     OCSP_RESPONDER_ID_INVALID = 0,
     OCSP_RESPONDER_ID_NAME = 1,