From 8ea953f8c032cbabae59eacd10112d35831a361c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 22 Apr 2022 10:20:42 -0600 Subject: [PATCH 1/3] add support for importing private only EC key to a WOLFSSL_EVP_PKEY struct --- tests/api.c | 15 +++++++++++++++ wolfcrypt/src/evp.c | 6 ++++++ 2 files changed, 21 insertions(+) diff --git a/tests/api.c b/tests/api.c index a35b674d1..736ac6013 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26372,6 +26372,21 @@ static int test_wc_EccPrivateKeyToDer (void) if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen); if (ret > 0) { + #ifdef OPENSSL_EXTRA + /* test importing private only into a PKEY struct */ + EC_KEY* ec; + EVP_PKEY* pkey; + const unsigned char* der = output; + + pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &der, ret); + AssertNotNull(pkey); + + der = output; + ec = d2i_ECPrivateKey(NULL, &der, ret); + AssertNotNull(ec); + AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ec), SSL_SUCCESS); + EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */ + #endif ret = 0; } } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 11311c701..59003f219 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7320,6 +7320,12 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) else #endif /* HAVE_PKCS8 */ { + if (ecc->type == ECC_PRIVATEKEY_ONLY) { + if (wc_ecc_make_pub(ecc, NULL) != MP_OKAY) { + return WOLFSSL_FAILURE; + } + } + /* if not, the pkey will be traditional ecc key */ if ((derSz = wc_EccKeyDerSize(ecc, 1)) > 0) { derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL); From cd2c7e1438425da654d835d4012994ebe21ba680 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 25 Apr 2022 09:01:24 -0600 Subject: [PATCH 2/3] guard on test case for ecc curves --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 736ac6013..1d9b44ec3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26372,7 +26372,7 @@ static int test_wc_EccPrivateKeyToDer (void) if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen); if (ret > 0) { - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) && defined(HAVE_ALL_CURVES) /* test importing private only into a PKEY struct */ EC_KEY* ec; EVP_PKEY* pkey; From 4de90efbe2797998e392a3c59ec90ac6bf9c5d99 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 23 Jun 2022 14:21:53 -0700 Subject: [PATCH 3/3] clear out PKEY when setting new key --- wolfcrypt/src/evp.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 59003f219..c1181f8c8 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7410,15 +7410,21 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) } int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) { + int ret; + if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; - pkey->type = EVP_PKEY_EC; - pkey->ecc = key; - pkey->ownEcc = 1; - /* try and populate public pkey_sz and pkey.ptr */ - return ECC_populate_EVP_PKEY(pkey, key); + ret = ECC_populate_EVP_PKEY(pkey, key); + if (ret == WOLFSSL_SUCCESS) { /* take ownership of key if can be used */ + clearEVPPkeyKeys(pkey); /* clear out any previous keys */ + + pkey->type = EVP_PKEY_EC; + pkey->ecc = key; + pkey->ownEcc = 1; + } + return ret; } #endif /* HAVE_ECC */ @@ -7905,6 +7911,7 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; + clearEVPPkeyKeys(pkey); pkey->type = EVP_PKEY_RSA; pkey->rsa = key; pkey->ownRsa = 1; @@ -7940,6 +7947,7 @@ int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; + clearEVPPkeyKeys(pkey); pkey->type = EVP_PKEY_DSA; pkey->dsa = key; pkey->ownDsa = 1; @@ -7954,6 +7962,7 @@ int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; + clearEVPPkeyKeys(pkey); pkey->type = EVP_PKEY_DH; pkey->dh = key; pkey->ownDh = 1;