feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

PKCS #11 SSL: detect key size when certificate set

Browse Source
This commit is contained in:
Sean Parkinson
2020-10-26 15:23:09 +10:00
parent 19f10cd382
commit 43aeac4cf4
1 changed files with 16 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/ssl.c
View File

@@ -5533,7 +5533,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
#ifdef HAVE_PK_CALLBACKS #if defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS)
int keyType = 0; int keyType = 0;
#endif #endif
@@ -5641,16 +5641,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
switch (cert->keyOID) { switch (cert->keyOID) {
#ifndef NO_RSA #ifndef NO_RSA
case RSAk: case RSAk:
#ifdef HAVE_PK_CALLBACKS #if defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS)
keyType = rsa_sa_algo; keyType = rsa_sa_algo;
#endif
#ifdef HAVE_PKCS11
if (ctx) {
ctx->privateKeyType = rsa_sa_algo;
}
else {
ssl->buffers.keyType = rsa_sa_algo;
}
#endif #endif
/* Determine RSA key size by parsing public key */ /* Determine RSA key size by parsing public key */
idx = 0; idx = 0;
@@ -5677,16 +5669,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#endif /* !NO_RSA */ #endif /* !NO_RSA */
#ifdef HAVE_ECC #ifdef HAVE_ECC
case ECDSAk: case ECDSAk:
#ifdef HAVE_PK_CALLBACKS #if defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS)
keyType = ecc_dsa_sa_algo; keyType = ecc_dsa_sa_algo;
#endif
#ifdef HAVE_PKCS11
if (ctx) {
ctx->privateKeyType = ecc_dsa_sa_algo;
}
else {
ssl->buffers.keyType = ecc_dsa_sa_algo;
}
#endif #endif
/* Determine ECC key size based on curve */ /* Determine ECC key size based on curve */
keySz = wc_ecc_get_curve_size_from_id( keySz = wc_ecc_get_curve_size_from_id(
@@ -5710,16 +5694,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
case ED25519k: case ED25519k:
#ifdef HAVE_PK_CALLBACKS #if defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS)
keyType = ed25519_sa_algo; keyType = ed25519_sa_algo;
#endif
#ifdef HAVE_PKCS11
if (ctx) {
ctx->privateKeyType = ed25519_sa_algo;
}
else {
ssl->buffers.keyType = ed25519_sa_algo;
}
#endif #endif
/* ED25519 is fixed key size */ /* ED25519 is fixed key size */
keySz = ED25519_KEY_SIZE; keySz = ED25519_KEY_SIZE;
@@ -5741,16 +5717,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#endif /* HAVE_ED25519 */ #endif /* HAVE_ED25519 */
#ifdef HAVE_ED448 #ifdef HAVE_ED448
case ED448k: case ED448k:
#ifdef HAVE_PK_CALLBACKS #if defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS)
keyType = ed448_sa_algo; keyType = ed448_sa_algo;
#endif
#ifdef HAVE_PKCS11
if (ctx) {
ctx->privateKeyType = ed448_sa_algo;
}
else {
ssl->buffers.keyType = ed448_sa_algo;
}
#endif #endif
/* ED448 is fixed key size */ /* ED448 is fixed key size */
keySz = ED448_KEY_SIZE; keySz = ED448_KEY_SIZE;
@@ -5776,12 +5744,20 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
break; /* do no check if not a case for the key */ break; /* do no check if not a case for the key */
} }
#if defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS)
if (ssl
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
if (ssl && ssl->buffers.keyType == 0) { && ssl->buffers.keyType == 0
#endif
) {
ssl->buffers.keyType = keyType; ssl->buffers.keyType = keyType;
ssl->buffers.keySz = keySz; ssl->buffers.keySz = keySz;
} }
else if (ctx && ctx->privateKeyType == 0) { else if (ctx
#ifdef HAVE_PK_CALLBACKS
&& ctx->privateKeyType == 0
#endif
) {
ctx->privateKeyType = keyType; ctx->privateKeyType = keyType;
ctx->privateKeySz = keySz; ctx->privateKeySz = keySz;
} }