src/internal.c,src/wolfio.c: fallback to SHA256 when NO_SHA, in LoadCertByIssuer(), MicriumGenerateCookie(), uIPGenerateCookie(), and GNRC_GenerateCookie();

douzzer · douzzer · commit 7569cfdff813 · 2023-11-15T00:09:22.000-06:00
tests/api.c: when NO_SHA, omit test_wolfSSL_CertManagerCheckOCSPResponse() and test_wolfSSL_CheckOCSPResponse() (both use static artifacts with SHA1 name and key hashes).
diff --git a/src/internal.c b/src/internal.c
@@ -13219,9 +13219,11 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
 
     len = wolfSSL_i2d_X509_NAME_canon(issuer, &pbuf);
     if (len > 0) {
-        #ifndef NO_SHA
+    #if defined(NO_SHA) && !defined(NO_SHA256)
+        retHash = wc_Sha256Hash((const byte*)pbuf, len, dgt);
+    #elif !defined(NO_SHA)
         retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
-        #endif
+    #endif
         if (retHash == 0) {
             /* 4 bytes in little endian as unsigned long */
             hash = (((unsigned long)dgt[3] << 24) |
diff --git a/src/wolfio.c b/src/wolfio.c
@@ -2505,7 +2505,11 @@ int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
         return GEN_COOKIE_E;
     }
 
+#if defined(NO_SHA) && !defined(NO_SHA256)
+    ret = wc_Sha256Hash((byte*)&peer, peerSz, digest);
+#else
     ret = wc_ShaHash((byte*)&peer, peerSz, digest);
+#endif
     if (ret != 0)
         return ret;
 
@@ -2813,7 +2817,11 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
     XMEMSET(token, 0, sizeof(token));
     XMEMCPY(token, &ctx->peer_addr, sizeof(uip_ipaddr_t));
     XMEMCPY(token + sizeof(uip_ipaddr_t), &ctx->peer_port, sizeof(word16));
+#if defined(NO_SHA) && !defined(NO_SHA256)
+    ret = wc_Sha256Hash(token, sizeof(uip_ipaddr_t) + sizeof(word16), digest);
+#else
     ret = wc_ShaHash(token, sizeof(uip_ipaddr_t) + sizeof(word16), digest);
+#endif
     if (ret != 0)
         return ret;
     if (sz > WC_SHA_DIGEST_SIZE)
@@ -2895,7 +2903,11 @@ int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
         token_size = GNRC_MAX_TOKEN_SIZE;
     XMEMSET(token, 0, GNRC_MAX_TOKEN_SIZE);
     XMEMCPY(token, &ctx->peer_addr, token_size);
+#if defined(NO_SHA) && !defined(NO_SHA256)
+    ret = wc_Sha256Hash(token, token_size, digest);
+#else
     ret = wc_ShaHash(token, token_size, digest);
+#endif
     if (ret != 0)
         return ret;
     if (sz > WC_SHA_DIGEST_SIZE)
diff --git a/tests/api.c b/tests/api.c
@@ -3196,7 +3196,7 @@ static int test_wolfSSL_CertManagerCRL(void)
 static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_OCSP) && !defined(NO_RSA)
+#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA)
 /* Need one of these for wolfSSL_OCSP_REQUEST_new. */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
     defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
@@ -3516,7 +3516,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 static int test_wolfSSL_CheckOCSPResponse(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL)
+#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \
+       defined(OPENSSL_ALL)
     const char* responseFile = "./certs/ocsp/test-response.der";
     const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
     const char* responseNoInternFile =
