Allow private key only ECC key to be loaded

2017-04-10 09:52:15 +10:00
parent c7e57e9c6c
commit c6ce1fe330
2 changed files with 14 additions and 10 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -2768,14 +2768,14 @@ static void test_wolfSSL_X509_LOOKUP_load_file(void)
    AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
                                                         X509_FILETYPE_PEM), 1);

-    AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCert, SSL_FILETYPE_PEM),
-                1);
-    AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCert, SSL_FILETYPE_PEM),
-                ASN_NO_SIGNER_E);
+    AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
+                SSL_FILETYPE_PEM), 1);
+    AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
+                SSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
    AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
                                              X509_FILETYPE_PEM), 1);
-    AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCert, SSL_FILETYPE_PEM),
-                1);
+    AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
+                SSL_FILETYPE_PEM), 1);

    wolfSSL_X509_STORE_free(store);

--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -9481,7 +9481,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
 {
    word32 oidSum;
    int    version, length;
-    int    privSz, pubSz;
+    int    privSz, pubSz = 0;
    byte   b;
    int    ret = 0;
    int    curve_id = ECC_CURVE_DEF;
@ -9492,6 +9492,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
    byte priv[ECC_MAXSIZE+1];
    byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */
 #endif
+    byte* pubData = NULL;

    if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
        return BAD_FUNC_ARG;
@ -9560,7 +9561,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
        }
    }

-    if (ret == 0) {
+    if (ret == 0 && (*inOutIdx + 1) < inSz) {
        /* prefix 1 */
        b = input[*inOutIdx];
        *inOutIdx += 1;
@ -9580,8 +9581,6 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
                if (pubSz < 2*(ECC_MAXSIZE+1)) {
                    XMEMCPY(pub, &input[*inOutIdx], pubSz);
                    *inOutIdx += length;
-                    ret = wc_ecc_import_private_key_ex(priv, privSz, pub,
-                                                    pubSz, key, curve_id);
                }
                else
                    ret = BUFFER_E;
@ -9589,6 +9588,11 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
        }
    }

+    if (ret == 0) {
+        ret = wc_ecc_import_private_key_ex(priv, privSz, pubData, pubSz, key,
+                                                                      curve_id);
+    }
+
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(pub,  NULL, DYNAMIC_TYPE_TMP_BUFFER);