forked from wolfSSL/wolfssl
In d2iGenericKey(), if a falcon key is encountered, make a dummy pkey.
This allows apache-httpd to work without PQ-specific patch along with a previous pull request.
This commit is contained in:
Anthony Hu
64
src/ssl.c
64
src/ssl.c
@@ -8522,6 +8522,70 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
|
|||||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||||
#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
|
#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
|
||||||
|
|
||||||
|
#ifdef HAVE_LIBOQS
|
||||||
|
{
|
||||||
|
int isFalcon;
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
falcon_key *falcon = (falcon_key *)MALLOC(sizeof(falcon_key), NULL,
|
||||||
|
DYNAMIC_TYPE_FALCON);
|
||||||
|
if (falcon == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
falcon_key falcon[1];
|
||||||
|
#endif
|
||||||
|
XMEMSET(falcon, 0, sizeof(falcon_key));
|
||||||
|
|
||||||
|
/* test if Falcon key */
|
||||||
|
if (priv) {
|
||||||
|
/* Try level 1 */
|
||||||
|
isFalcon = wc_falcon_init(falcon) == 0 &&
|
||||||
|
wc_falcon_set_level(falcon, 1) == 0 &&
|
||||||
|
wc_falcon_import_private_only(mem, (word32)memSz,
|
||||||
|
falcon) == 0;
|
||||||
|
if (!isFalcon) {
|
||||||
|
/* Try level 5 */
|
||||||
|
isFalcon = wc_falcon_init(falcon) == 0 &&
|
||||||
|
wc_falcon_set_level(falcon, 5) == 0 &&
|
||||||
|
wc_falcon_import_private_only(mem, (word32)memSz,
|
||||||
|
falcon) == 0;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* Try level 1 */
|
||||||
|
isFalcon = wc_falcon_init(falcon) == 0 &&
|
||||||
|
wc_falcon_set_level(falcon, 1) == 0 &&
|
||||||
|
wc_falcon_import_public(mem, (word32)memSz, falcon) == 0;
|
||||||
|
|
||||||
|
if (!isFalcon) {
|
||||||
|
/* Try level 5 */
|
||||||
|
isFalcon = wc_falcon_init(falcon) == 0 &&
|
||||||
|
wc_falcon_set_level(falcon, 5) == 0 &&
|
||||||
|
wc_falcon_import_public(mem, (word32)memSz,
|
||||||
|
falcon) == 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
wc_falcon_free(falcon);
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
|
||||||
|
#endif
|
||||||
|
if (isFalcon) {
|
||||||
|
/* Create a fake Falcon EVP_PKEY. In the future, we might integrate
|
||||||
|
* Falcon into the compatibility layer. */
|
||||||
|
pkey = wolfSSL_EVP_PKEY_new();
|
||||||
|
if (pkey == NULL) {
|
||||||
|
WOLFSSL_MSG("Falcon wolfSSL_EVP_PKEY_new error");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
pkey->type = EVP_PKEY_FALCON;
|
||||||
|
pkey->pkey.ptr = NULL;
|
||||||
|
pkey->pkey_sz = 0;
|
||||||
|
return pkey;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
#endif /* HAVE_LIBOQS */
|
||||||
|
|
||||||
if (pkey == NULL) {
|
if (pkey == NULL) {
|
||||||
WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type");
|
WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -247,6 +247,7 @@ enum {
|
|||||||
NID_rc4 = 5,
|
NID_rc4 = 5,
|
||||||
EVP_PKEY_DH = NID_dhKeyAgreement,
|
EVP_PKEY_DH = NID_dhKeyAgreement,
|
||||||
EVP_PKEY_HMAC = NID_hmac,
|
EVP_PKEY_HMAC = NID_hmac,
|
||||||
|
EVP_PKEY_FALCON = 300,
|
||||||
AES_128_CFB1_TYPE = 24,
|
AES_128_CFB1_TYPE = 24,
|
||||||
AES_192_CFB1_TYPE = 25,
|
AES_192_CFB1_TYPE = 25,
|
||||||
AES_256_CFB1_TYPE = 26,
|
AES_256_CFB1_TYPE = 26,
|
||||||
|
|||||||
Reference in New Issue
Block a user