feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Allow private key only ECC key to be loaded

Browse Source
This commit is contained in:
Sean Parkinson
2017-04-10 09:52:15 +10:00
committed by Sean Parkinson
parent c7e57e9c6c
commit c6ce1fe330
2 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/api.c
View File

@ -2768,14 +2768,14 @@ static void test_wolfSSL_X509_LOOKUP_load_file(void)
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
X509_FILETYPE_PEM), 1); X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCert, SSL_FILETYPE_PEM), AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
1); SSL_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCert, SSL_FILETYPE_PEM), AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
ASN_NO_SIGNER_E); SSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1); X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCert, SSL_FILETYPE_PEM), AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
1); SSL_FILETYPE_PEM), 1);
wolfSSL_X509_STORE_free(store); wolfSSL_X509_STORE_free(store);

12
wolfcrypt/src/asn.c
View File

@ -9481,7 +9481,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
{ {
word32 oidSum; word32 oidSum;
int version, length; int version, length;
int privSz, pubSz; int privSz, pubSz = 0;
byte b; byte b;
int ret = 0; int ret = 0;
int curve_id = ECC_CURVE_DEF; int curve_id = ECC_CURVE_DEF;
@ -9492,6 +9492,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
byte priv[ECC_MAXSIZE+1]; byte priv[ECC_MAXSIZE+1];
byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */ byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */
#endif #endif
byte* pubData = NULL;
if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -9560,7 +9561,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
} }
} }
if (ret == 0) { if (ret == 0 && (*inOutIdx + 1) < inSz) {
/* prefix 1 */ /* prefix 1 */
b = input[*inOutIdx]; b = input[*inOutIdx];
*inOutIdx += 1; *inOutIdx += 1;
@ -9580,8 +9581,6 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
if (pubSz < 2*(ECC_MAXSIZE+1)) { if (pubSz < 2*(ECC_MAXSIZE+1)) {
XMEMCPY(pub, &input[*inOutIdx], pubSz); XMEMCPY(pub, &input[*inOutIdx], pubSz);
*inOutIdx += length; *inOutIdx += length;
ret = wc_ecc_import_private_key_ex(priv, privSz, pub,
pubSz, key, curve_id);
} }
else else
ret = BUFFER_E; ret = BUFFER_E;
@ -9589,6 +9588,11 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
} }
} }
if (ret == 0) {
ret = wc_ecc_import_private_key_ex(priv, privSz, pubData, pubSz, key,
curve_id);
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);