wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow loading public key with PK callbacks also.

Browse Source
This commit is contained in:
David Garske
2021-10-18 14:11:28 -07:00
parent de8798f4be
commit 4e7ce45a8c
4 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
doc/dox_comments/header_files/ssl.h
View File

@@ -908,8 +908,9 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int)
If using an external key store and do not have the private key you can If using an external key store and do not have the private key you can
instead provide the public key and register the crypro callback to handle instead provide the public key and register the crypro callback to handle
the signing. For this you can build with --enable-cryptocb or the signing. For this you can build with either build with crypto callbacks
WOLF_CRYPTO_CB and register a crypto callback using or PK callbacks. To enable crypto callbacks use --enable-cryptocb
or WOLF_CRYPTO_CB and register a crypto callback using
wc_CryptoCb_RegisterDevice and set the associated devId using wc_CryptoCb_RegisterDevice and set the associated devId using
wolfSSL_CTX_SetDevId. wolfSSL_CTX_SetDevId.
@@ -1322,7 +1323,8 @@ WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int);
If using an external key store and do not have the private key you can If using an external key store and do not have the private key you can
instead provide the public key and register the crypro callback to handle instead provide the public key and register the crypro callback to handle
the signing. For this you can build with --enable-cryptocb or the signing. For this you can build with either build with crypto callbacks
or PK callbacks. To enable crypto callbacks use --enable-cryptocb or
WOLF_CRYPTO_CB and register a crypto callback using WOLF_CRYPTO_CB and register a crypto callback using
wc_CryptoCb_RegisterDevice and set the associated devId using wc_CryptoCb_RegisterDevice and set the associated devId using
wolfSSL_SetDevId. wolfSSL_SetDevId.

12
src/internal.c
View File

@@ -22084,8 +22084,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
/* Decode the key assuming it is an RSA private key. */ /* Decode the key assuming it is an RSA private key. */
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(RsaKey*)ssl->hsKey, ssl->buffers.key->length); (RsaKey*)ssl->hsKey, ssl->buffers.key->length);
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* if using crypto callbacks allow using a public key */ /* if using crypto or PK callbacks allow using a public key */
if (ret != 0 && ssl->devId != INVALID_DEVID) { if (ret != 0 && ssl->devId != INVALID_DEVID) {
WOLFSSL_MSG("Trying RSA public key with crypto callbacks"); WOLFSSL_MSG("Trying RSA public key with crypto callbacks");
idx = 0; idx = 0;
@@ -22139,8 +22139,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ecc_key*)ssl->hsKey, (ecc_key*)ssl->hsKey,
ssl->buffers.key->length); ssl->buffers.key->length);
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* if using crypto callbacks allow using a public key */ /* if using crypto or PK callbacks allow using a public key */
if (ret != 0 && ssl->devId != INVALID_DEVID) { if (ret != 0 && ssl->devId != INVALID_DEVID) {
WOLFSSL_MSG("Trying ECC public key with crypto callbacks"); WOLFSSL_MSG("Trying ECC public key with crypto callbacks");
idx = 0; idx = 0;
@@ -22192,8 +22192,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ed25519_key*)ssl->hsKey, (ed25519_key*)ssl->hsKey,
ssl->buffers.key->length); ssl->buffers.key->length);
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* if using crypto callbacks allow using a public key */ /* if using crypto or PK callbacks allow using a public key */
if (ret != 0 && ssl->devId != INVALID_DEVID) { if (ret != 0 && ssl->devId != INVALID_DEVID) {
WOLFSSL_MSG("Trying ED25519 public key with crypto callbacks"); WOLFSSL_MSG("Trying ED25519 public key with crypto callbacks");
idx = 0; idx = 0;

12
src/ssl.c
View File

@@ -5373,9 +5373,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (ret == 0) { if (ret == 0) {
*idx = 0; *idx = 0;
ret = wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length); ret = wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length);
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
if (ret != 0 && devId != INVALID_DEVID) { if (ret != 0 && devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */ /* if using crypto or PK callbacks, try public key decode */
*idx = 0; *idx = 0;
ret = wc_RsaPublicKeyDecode(der->buffer, idx, key, der->length); ret = wc_RsaPublicKeyDecode(der->buffer, idx, key, der->length);
} }
@@ -5443,9 +5443,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (wc_ecc_init_ex(key, heap, devId) == 0) { if (wc_ecc_init_ex(key, heap, devId) == 0) {
*idx = 0; *idx = 0;
ret = wc_EccPrivateKeyDecode(der->buffer, idx, key, der->length); ret = wc_EccPrivateKeyDecode(der->buffer, idx, key, der->length);
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
if (ret != 0 && devId != INVALID_DEVID) { if (ret != 0 && devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */ /* if using crypto or PK callbacks, try public key decode */
*idx = 0; *idx = 0;
ret = wc_EccPublicKeyDecode(der->buffer, idx, key, der->length); ret = wc_EccPublicKeyDecode(der->buffer, idx, key, der->length);
} }
@@ -5508,9 +5508,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (ret == 0) { if (ret == 0) {
*idx = 0; *idx = 0;
ret = wc_Ed25519PrivateKeyDecode(der->buffer, idx, key, der->length); ret = wc_Ed25519PrivateKeyDecode(der->buffer, idx, key, der->length);
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
if (ret != 0 && devId != INVALID_DEVID) { if (ret != 0 && devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */ /* if using crypto or PK callbacks, try public key decode */
*idx = 0; *idx = 0;
ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length); ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length);
} }

6
wolfcrypt/src/asn.c
View File

@@ -18825,8 +18825,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
} }
#endif #endif
else { else {
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* allow loading a public key for use with crypto callbacks */ /* allow loading a public key for use with crypto or PK callbacks */
type = PUBLICKEY_TYPE; type = PUBLICKEY_TYPE;
header = BEGIN_PUB_KEY; header = BEGIN_PUB_KEY;
footer = END_PUB_KEY; footer = END_PUB_KEY;
@@ -18949,7 +18949,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
*keyFormat = DSAk; *keyFormat = DSAk;
#endif #endif
} }
#ifdef WOLF_CRYPTO_CB #if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
else if (type == PUBLICKEY_TYPE) { else if (type == PUBLICKEY_TYPE) {
#ifndef NO_RSA #ifndef NO_RSA
if (header == BEGIN_RSA_PUB) if (header == BEGIN_RSA_PUB)