feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Remove file system constraint on wolfSSL_CTX_check_private_key()

Browse Source
This commit is contained in:
kaleb-himes
2020-10-27 08:57:46 -06:00
parent 2ebb47ec32
commit f934fb03bd
2 changed files with 63 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
src/ssl.c
View File

@ -6913,68 +6913,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
return ret;
}
#ifndef NO_CHECK_PRIVATE_KEY
/* Check private against public in certificate for match
*
* ctx WOLFSSL_CTX structure to check private key in
*
* Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */
int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
{
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* der = NULL;
#else
DecodedCert der[1];
#endif
word32 size;
byte* buff;
int ret;
WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");
if (ctx == NULL || ctx->certificate == NULL) {
return WOLFSSL_FAILURE;
}
#ifndef NO_CERTS
#ifdef WOLFSSL_SMALL_STACK
der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
if (der == NULL)
return MEMORY_E;
#endif
size = ctx->certificate->length;
buff = ctx->certificate->buffer;
InitDecodedCert(der, buff, size, ctx->heap);
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
FreeDecodedCert(der);
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
#endif
return WOLFSSL_FAILURE;
}
size = ctx->privateKey->length;
buff = ctx->privateKey->buffer;
ret = wc_CheckPrivateKey(buff, size, der);
FreeDecodedCert(der);
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
#endif
if (ret == 1) {
return WOLFSSL_SUCCESS;
}
else {
return WOLFSSL_FAILURE;
}
#else
WOLFSSL_MSG("NO_CERTS is defined, can not check private key");
return WOLFSSL_FAILURE;
#endif
}
#endif /* !NO_CHECK_PRIVATE_KEY */
#ifdef HAVE_CRL
@ -7373,6 +7311,68 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
#endif /* NO_FILESYSTEM */
#ifndef NO_CHECK_PRIVATE_KEY
/* Check private against public in certificate for match
*
* ctx WOLFSSL_CTX structure to check private key in
*
* Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */
int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
{
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* der = NULL;
#else
DecodedCert der[1];
#endif
word32 size;
byte* buff;
int ret;
WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");
if (ctx == NULL || ctx->certificate == NULL) {
return WOLFSSL_FAILURE;
}
#ifndef NO_CERTS
#ifdef WOLFSSL_SMALL_STACK
der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
if (der == NULL)
return MEMORY_E;
#endif
size = ctx->certificate->length;
buff = ctx->certificate->buffer;
InitDecodedCert(der, buff, size, ctx->heap);
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
FreeDecodedCert(der);
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
#endif
return WOLFSSL_FAILURE;
}
size = ctx->privateKey->length;
buff = ctx->privateKey->buffer;
ret = wc_CheckPrivateKey(buff, size, der);
FreeDecodedCert(der);
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
#endif
if (ret == 1) {
return WOLFSSL_SUCCESS;
}
else {
return WOLFSSL_FAILURE;
}
#else
WOLFSSL_MSG("NO_CERTS is defined, can not check private key");
return WOLFSSL_FAILURE;
#endif
}
#endif /* !NO_CHECK_PRIVATE_KEY */
#ifdef OPENSSL_EXTRA
/* put SSL type in extra for now, not very common */

2
wolfssl/ssl.h
View File

@ -2014,7 +2014,7 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY)
#if !defined(NO_CHECK_PRIVATE_KEY)
WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
#endif
WOLFSSL_API void wolfSSL_ERR_free_strings(void);