forked from wolfSSL/wolfssl
refactor PKCS12 parse key creation
This commit is contained in:
Jacob Barthelmeh
115
src/ssl.c
115
src/ssl.c
@ -63251,112 +63251,24 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
{
|
||||
word32 keyIdx = 0;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
RsaKey *key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
|
||||
if (key == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
#else
|
||||
RsaKey key[1];
|
||||
#endif
|
||||
|
||||
if (wc_InitRsaKey(key, heap) != 0) {
|
||||
ret = BAD_STATE_E;
|
||||
const unsigned char* pt = pk;
|
||||
if (wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, pkey, &pt, pkSz) !=
|
||||
NULL) {
|
||||
ret = 0;
|
||||
}
|
||||
else {
|
||||
if ((ret = wc_RsaPrivateKeyDecode(pk, &keyIdx, key, pkSz))
|
||||
== 0) {
|
||||
(*pkey)->type = EVP_PKEY_RSA;
|
||||
(*pkey)->rsa = wolfSSL_RSA_new();
|
||||
(*pkey)->ownRsa = 1; /* we own RSA */
|
||||
if ((*pkey)->rsa == NULL) {
|
||||
WOLFSSL_MSG("issue creating EVP RSA key");
|
||||
wolfSSL_X509_free(*cert); *cert = NULL;
|
||||
if (ca != NULL) {
|
||||
wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
|
||||
}
|
||||
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
|
||||
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_RSA);
|
||||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
if (wolfSSL_RSA_LoadDer_ex((*pkey)->rsa, pk, pkSz,
|
||||
WOLFSSL_RSA_LOAD_PRIVATE) != SSL_SUCCESS) {
|
||||
WOLFSSL_MSG("issue loading RSA key");
|
||||
wolfSSL_X509_free(*cert); *cert = NULL;
|
||||
if (ca != NULL) {
|
||||
wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
|
||||
}
|
||||
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
|
||||
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_RSA);
|
||||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Found PKCS12 RSA key");
|
||||
ret = 0; /* set in success state for upcoming ECC check */
|
||||
}
|
||||
wc_FreeRsaKey(key);
|
||||
}
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_RSA);
|
||||
#endif
|
||||
}
|
||||
#endif /* NO_RSA */
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
{
|
||||
word32 keyIdx = 0;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
ecc_key *key = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
|
||||
if (key == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
#else
|
||||
ecc_key key[1];
|
||||
#endif
|
||||
|
||||
if (ret != 0) { /* if is in fail state check if ECC key */
|
||||
if (wc_ecc_init(key) != 0) {
|
||||
wolfSSL_X509_free(*cert); *cert = NULL;
|
||||
if (ca != NULL) {
|
||||
wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
|
||||
}
|
||||
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
|
||||
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if ((ret = wc_EccPrivateKeyDecode(pk, &keyIdx, key, pkSz))
|
||||
!= 0) {
|
||||
wolfSSL_X509_free(*cert); *cert = NULL;
|
||||
if (ca != NULL) {
|
||||
wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
|
||||
}
|
||||
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
|
||||
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
|
||||
WOLFSSL_MSG("Bad PKCS12 key format");
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
(*pkey)->type = EVP_PKEY_EC;
|
||||
(*pkey)->pkey_curve = key->dp->oidSum;
|
||||
wc_ecc_free(key);
|
||||
WOLFSSL_MSG("Found PKCS12 ECC key");
|
||||
if (ret != 0) { /* if is in fail state check if ECC key */
|
||||
const unsigned char* pt = pk;
|
||||
if (wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, pkey, &pt, pkSz) !=
|
||||
NULL) {
|
||||
ret = 0;
|
||||
}
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
}
|
||||
#else
|
||||
if (ret != 0) { /* if is in fail state and no ECC then fail */
|
||||
@ -63370,10 +63282,9 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
(*pkey)->save_type = 0;
|
||||
(*pkey)->pkey_sz = pkSz;
|
||||
(*pkey)->pkey.ptr = (char*)pk;
|
||||
if (pkey != NULL && *pkey != NULL) {
|
||||
(*pkey)->save_type = 0;
|
||||
}
|
||||
}
|
||||
|
||||
(void)ret;
|
||||
|
||||
13
tests/api.c
13
tests/api.c
@ -8322,6 +8322,19 @@ static void test_wolfSSL_PKCS12(void)
|
||||
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
|
||||
AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
|
||||
WOLFSSL_SUCCESS);
|
||||
|
||||
/* check use of pkey after parse */
|
||||
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
|
||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
||||
#else
|
||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
|
||||
#endif
|
||||
AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
|
||||
SSL_CTX_free(ctx);
|
||||
#endif
|
||||
|
||||
AssertNotNull(pkey);
|
||||
AssertNotNull(cert);
|
||||
AssertNotNull(ca);
|
||||
|
||||
Reference in New Issue
Block a user