mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-09 18:20:49 +02:00
Fixes for various build options (!NO_RSA, HAVE_ECC, NO_PKCS8, NO_PKCS12). Added new NO_CHECK_PRIVATE_KEY to allow reduce code size when not required.
This commit is contained in:
@@ -6279,7 +6279,7 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_CHECK_PRIVATE_KEY
|
||||
/* Check private against public in certificate for match
|
||||
*
|
||||
* ctx WOLFSSL_CTX structure to check private key in
|
||||
@@ -6339,10 +6339,11 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
|
||||
return WOLFSSL_FAILURE;
|
||||
#endif
|
||||
}
|
||||
#endif /* !NO_CHECK_PRIVATE_KEY */
|
||||
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
|
||||
|
||||
/* check CRL if enabled, WOLFSSL_SUCCESS */
|
||||
int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
|
||||
{
|
||||
|
||||
+25
-17
@@ -4390,8 +4390,8 @@ static void test_wolfSSL_PKCS12(void)
|
||||
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
|
||||
defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && \
|
||||
!defined(NO_PWDBASED) && !defined(NO_RSA)
|
||||
defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
|
||||
(!defined(NO_RSA) || defined(HAVE_ECC))
|
||||
#define TEST_PKCS8_ENC
|
||||
#endif
|
||||
|
||||
@@ -4425,10 +4425,14 @@ static void test_wolfSSL_PKCS8(void)
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
|
||||
byte buffer[FOURK_BUF];
|
||||
byte der[FOURK_BUF];
|
||||
#ifndef NO_RSA
|
||||
const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
|
||||
const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
|
||||
#endif
|
||||
const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
|
||||
const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
|
||||
const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
|
||||
const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
|
||||
#ifdef HAVE_ECC
|
||||
const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
|
||||
#endif
|
||||
XFILE f;
|
||||
int bytes;
|
||||
WOLFSSL_CTX* ctx;
|
||||
@@ -4438,8 +4442,10 @@ static void test_wolfSSL_PKCS8(void)
|
||||
word32 x = 0;
|
||||
#endif
|
||||
#ifdef TEST_PKCS8_ENC
|
||||
const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
|
||||
const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
|
||||
#ifndef NO_RSA
|
||||
const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
|
||||
const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
|
||||
const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
|
||||
@@ -4466,13 +4472,14 @@ static void test_wolfSSL_PKCS8(void)
|
||||
#ifdef TEST_PKCS8_ENC
|
||||
wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
|
||||
wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
|
||||
flag = 1; /* used by password callback as return code */
|
||||
|
||||
#ifndef NO_RSA
|
||||
/* test loading PEM PKCS8 encrypted file */
|
||||
f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
|
||||
AssertTrue((f != XBADFILE));
|
||||
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
|
||||
XFCLOSE(f);
|
||||
flag = 1; /* used by password callback as return code */
|
||||
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
|
||||
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
|
||||
|
||||
@@ -4502,6 +4509,7 @@ static void test_wolfSSL_PKCS8(void)
|
||||
flag = 0; /* used by password callback as return code */
|
||||
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
/* test loading PEM PKCS8 encrypted ECC Key file */
|
||||
@@ -4542,10 +4550,11 @@ static void test_wolfSSL_PKCS8(void)
|
||||
|
||||
/* leave flag as "okay" */
|
||||
flag = 1;
|
||||
#endif
|
||||
#endif /* HAVE_ECC */
|
||||
#endif /* TEST_PKCS8_ENC */
|
||||
|
||||
|
||||
#ifndef NO_RSA
|
||||
/* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
|
||||
f = XFOPEN(serverKeyPkcs8DerFile, "rb");
|
||||
AssertTrue((f != XBADFILE));
|
||||
@@ -4561,14 +4570,13 @@ static void test_wolfSSL_PKCS8(void)
|
||||
XFCLOSE(f);
|
||||
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
|
||||
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
|
||||
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
/* Test PKCS8 PEM ECC key no crypt */
|
||||
f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
|
||||
AssertTrue((f != XBADFILE));
|
||||
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
|
||||
XFCLOSE(f);
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
/* Test PKCS8 PEM ECC key no crypt */
|
||||
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
|
||||
@@ -4583,12 +4591,7 @@ static void test_wolfSSL_PKCS8(void)
|
||||
wc_ecc_free(&key);
|
||||
}
|
||||
AssertIntEQ(ret, 0);
|
||||
#else
|
||||
AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der,
|
||||
(word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
/* Test PKCS8 DER ECC key no crypt */
|
||||
f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
|
||||
AssertTrue((f != XBADFILE));
|
||||
@@ -4598,7 +4601,10 @@ static void test_wolfSSL_PKCS8(void)
|
||||
/* Test using a PKCS8 ECC PEM */
|
||||
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
#else
|
||||
AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der,
|
||||
(word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
@@ -18459,6 +18465,7 @@ static void test_wolfSSL_private_keys(void)
|
||||
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
|
||||
(unsigned char*)client_key_der_2048,
|
||||
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
|
||||
#ifndef NO_CHECK_PRIVATE_KEY
|
||||
#ifndef HAVE_USER_RSA
|
||||
/* Should mismatch now that a different private key loaded */
|
||||
AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
|
||||
@@ -18469,6 +18476,7 @@ static void test_wolfSSL_private_keys(void)
|
||||
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
|
||||
/* After loading back in DER format of original key, should match */
|
||||
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
|
||||
#endif /* !NO_CHECK_PRIVATE_KEY */
|
||||
|
||||
/* pkey not set yet, expecting to fail */
|
||||
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
|
||||
|
||||
+24
-6
@@ -2312,7 +2312,7 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
|
||||
#endif /* HAVE_USER_RSA */
|
||||
#endif /* NO_RSA */
|
||||
|
||||
#ifdef HAVE_PKCS8
|
||||
#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
|
||||
|
||||
/* Remove PKCS8 header, place inOutIdx at beginning of traditional,
|
||||
* return traditional length on success, negative on error */
|
||||
@@ -2383,6 +2383,10 @@ int ToTraditional(byte* input, word32 sz)
|
||||
return ToTraditional_ex(input, sz, &oid);
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS8 || HAVE_PKCS12 */
|
||||
|
||||
#ifdef HAVE_PKCS8
|
||||
|
||||
/* find beginning of traditional key inside PKCS#8 unencrypted buffer
|
||||
* return traditional length on success, with inOutIdx at beginning of
|
||||
* traditional
|
||||
@@ -2513,7 +2517,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
|
||||
|
||||
#endif /* HAVE_PKCS8 */
|
||||
|
||||
#ifdef HAVE_PKCS12
|
||||
#if defined(HAVE_PKCS12) || !defined(NO_CHECK_PRIVATE_KEY)
|
||||
/* check that the private key is a pair for the public key in certificate
|
||||
* return 1 (true) on match
|
||||
* return 0 or negative value on failure/error
|
||||
@@ -2716,11 +2720,11 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS12 */
|
||||
#endif /* HAVE_PKCS12 || !NO_CHECK_PRIVATE_KEY */
|
||||
|
||||
#ifndef NO_PWDBASED
|
||||
|
||||
#ifdef HAVE_PKCS8
|
||||
#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
|
||||
/* Check To see if PKCS version algo is supported, set id if it is return 0
|
||||
< 0 on error */
|
||||
static int CheckAlgo(int first, int second, int* id, int* version, int* blockSz)
|
||||
@@ -2780,7 +2784,6 @@ static int CheckAlgo(int first, int second, int* id, int* version, int* blockSz)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Check To see if PKCS v2 algo is supported, set id if it is return 0
|
||||
< 0 on error */
|
||||
static int CheckAlgoV2(int oid, int* id, int* blockSz)
|
||||
@@ -2810,6 +2813,9 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz)
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS8 || HAVE_PKCS12 */
|
||||
|
||||
#ifdef HAVE_PKCS8
|
||||
|
||||
int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
int* algoID, void* heap)
|
||||
@@ -2894,6 +2900,10 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS8 */
|
||||
|
||||
#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
|
||||
|
||||
#define PKCS8_MIN_BLOCK_SIZE 8
|
||||
static int Pkcs8Pad(byte* buf, int sz, int blockSz)
|
||||
{
|
||||
@@ -2913,6 +2923,10 @@ static int Pkcs8Pad(byte* buf, int sz, int blockSz)
|
||||
return sz + padSz;
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS8 || HAVE_PKCS12 */
|
||||
|
||||
#ifdef HAVE_PKCS8
|
||||
|
||||
/*
|
||||
* Used when creating PKCS12 shrouded key bags
|
||||
* vPKCS is the version of PKCS to use
|
||||
@@ -3353,6 +3367,10 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS8 */
|
||||
|
||||
#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
|
||||
|
||||
/* Remove Encrypted PKCS8 header, move beginning of traditional to beginning
|
||||
of input */
|
||||
int ToTraditionalEnc(byte* input, word32 sz,const char* password,
|
||||
@@ -3496,7 +3514,7 @@ exit_tte:
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS8 */
|
||||
#endif /* HAVE_PKCS8 || HAVE_PKCS12 */
|
||||
|
||||
#ifdef HAVE_PKCS12
|
||||
|
||||
|
||||
@@ -440,6 +440,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
|
||||
ret = wc_PBKDF1(key, (byte*)password, passwordSz,
|
||||
salt, saltSz, iterations, derivedLen, typeH);
|
||||
#endif
|
||||
#ifdef HAVE_PKCS12
|
||||
else if (version == PKCS12v1) {
|
||||
int i, idx = 0;
|
||||
byte unicodePasswd[MAX_UNICODE_SZ];
|
||||
@@ -465,6 +466,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
|
||||
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz,
|
||||
iterations, 8, typeH, 2);
|
||||
}
|
||||
#endif /* HAVE_PKCS12 */
|
||||
else {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
@@ -15798,6 +15798,7 @@ int scrypt_test(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_PKCS12
|
||||
int pkcs12_test(void)
|
||||
{
|
||||
const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
@@ -15849,7 +15850,7 @@ int pkcs12_test(void)
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* HAVE_PKCS12 */
|
||||
|
||||
int pbkdf2_test(void)
|
||||
{
|
||||
@@ -15914,9 +15915,11 @@ int pwdbased_test(void)
|
||||
ret = pbkdf2_test();
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#ifdef HAVE_PKCS12
|
||||
ret = pkcs12_test();
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif
|
||||
#ifdef HAVE_SCRYPT
|
||||
ret = scrypt_test();
|
||||
if (ret != 0)
|
||||
|
||||
Reference in New Issue
Block a user