* Added SHA256

* Return code checked for get_random() * MD2 code removed. git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@238 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2025-07-30 16:24:09 +03:00 · 2014-11-19 03:51:22 +00:00
parent 9ef84f9234
commit 82a7638efa
15 changed files with 531 additions and 288 deletions
--- a/ssl/x509.c
+++ b/ssl/x509.c
@ -120,7 +120,7 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;

 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
+    /* use the appropriate signature algorithm (SHA1/MD5/SHA256) */
    if (x509_ctx->sig_type == SIG_TYPE_MD5)
    {
        MD5_CTX md5_ctx;
@ -139,14 +139,14 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
        SHA1_Final(sha_dgst, &sha_ctx);
        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
    }
-    else if (x509_ctx->sig_type == SIG_TYPE_MD2)
+    else if (x509_ctx->sig_type == SIG_TYPE_SHA256)
    {
-        MD2_CTX md2_ctx;
-        uint8_t md2_dgst[MD2_SIZE];
-        MD2_Init(&md2_ctx);
-        MD2_Update(&md2_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        MD2_Final(md2_dgst, &md2_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
+        SHA256_CTX sha256_ctx;
+        uint8_t sha256_dgst[SHA256_SIZE];
+        SHA256_Init(&sha256_ctx);
+        SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        SHA256_Final(sha256_dgst, &sha256_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
    }

    if (cert[offset] == ASN1_V3_DATA)
@ -483,14 +483,17 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
    printf("Sig Type:\t\t\t");
    switch (cert->sig_type)
    {
+        case SIG_TYPE_MD2:
+            printf("MD2\n");
+            break;
        case SIG_TYPE_MD5:
            printf("MD5\n");
            break;
        case SIG_TYPE_SHA1:
            printf("SHA1\n");
            break;
-        case SIG_TYPE_MD2:
-            printf("MD2\n");
+        case SIG_TYPE_SHA256:
+            printf("SHA256\n");
            break;
        default:
            printf("Unrecognized: %d\n", cert->sig_type);