mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
Merge pull request #3431 from kaleb-himes/NO_FILESYSTEM_FIX
Remove file system constraint on wolfSSL_CTX_check_private_key()
This commit is contained in:
David Garske
GitHub
124
src/ssl.c
124
src/ssl.c
@ -6913,68 +6913,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef NO_CHECK_PRIVATE_KEY
|
||||
/* Check private against public in certificate for match
|
||||
*
|
||||
* ctx WOLFSSL_CTX structure to check private key in
|
||||
*
|
||||
* Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */
|
||||
int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
|
||||
{
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DecodedCert* der = NULL;
|
||||
#else
|
||||
DecodedCert der[1];
|
||||
#endif
|
||||
word32 size;
|
||||
byte* buff;
|
||||
int ret;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");
|
||||
|
||||
if (ctx == NULL || ctx->certificate == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifndef NO_CERTS
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
|
||||
if (der == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
size = ctx->certificate->length;
|
||||
buff = ctx->certificate->buffer;
|
||||
InitDecodedCert(der, buff, size, ctx->heap);
|
||||
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
||||
FreeDecodedCert(der);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
size = ctx->privateKey->length;
|
||||
buff = ctx->privateKey->buffer;
|
||||
ret = wc_CheckPrivateKey(buff, size, der);
|
||||
FreeDecodedCert(der);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
|
||||
if (ret == 1) {
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
else {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#else
|
||||
WOLFSSL_MSG("NO_CERTS is defined, can not check private key");
|
||||
return WOLFSSL_FAILURE;
|
||||
#endif
|
||||
}
|
||||
#endif /* !NO_CHECK_PRIVATE_KEY */
|
||||
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
|
||||
@ -7373,6 +7311,68 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
|
||||
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
#ifndef NO_CHECK_PRIVATE_KEY
|
||||
/* Check private against public in certificate for match
|
||||
*
|
||||
* ctx WOLFSSL_CTX structure to check private key in
|
||||
*
|
||||
* Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */
|
||||
int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
|
||||
{
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DecodedCert* der = NULL;
|
||||
#else
|
||||
DecodedCert der[1];
|
||||
#endif
|
||||
word32 size;
|
||||
byte* buff;
|
||||
int ret;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");
|
||||
|
||||
if (ctx == NULL || ctx->certificate == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifndef NO_CERTS
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
|
||||
if (der == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
size = ctx->certificate->length;
|
||||
buff = ctx->certificate->buffer;
|
||||
InitDecodedCert(der, buff, size, ctx->heap);
|
||||
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
||||
FreeDecodedCert(der);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
size = ctx->privateKey->length;
|
||||
buff = ctx->privateKey->buffer;
|
||||
ret = wc_CheckPrivateKey(buff, size, der);
|
||||
FreeDecodedCert(der);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
|
||||
if (ret == 1) {
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
else {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#else
|
||||
WOLFSSL_MSG("NO_CERTS is defined, can not check private key");
|
||||
return WOLFSSL_FAILURE;
|
||||
#endif
|
||||
}
|
||||
#endif /* !NO_CHECK_PRIVATE_KEY */
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* put SSL type in extra for now, not very common */
|
||||
|
||||
|
||||
@ -2014,7 +2014,7 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
|
||||
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
|
||||
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY)
|
||||
#if !defined(NO_CHECK_PRIVATE_KEY)
|
||||
WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
|
||||
#endif
|
||||
WOLFSSL_API void wolfSSL_ERR_free_strings(void);
|
||||
|
||||
Reference in New Issue
Block a user