diff --git a/src/ssl.c b/src/ssl.c index f7e33db4a..cade505f7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -32057,7 +32057,8 @@ int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *dmp1, r->iqmp = iqmp; } - return WOLFSSL_SUCCESS; + return SetRsaInternal(r) == WOLFSSL_SUCCESS ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } void wolfSSL_RSA_get0_factors(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **p, @@ -32099,7 +32100,8 @@ int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *p, WOLFSSL_BIGNUM * r->q = q; } - return WOLFSSL_SUCCESS; + return SetRsaInternal(r) == WOLFSSL_SUCCESS ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n, @@ -33842,7 +33844,8 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) } /* private key */ - key->type = ECC_PRIVATEKEY; + if (!mp_iszero(&key->k)) + key->type = ECC_PRIVATEKEY; } eckey->inSet = 1; @@ -37908,7 +37911,7 @@ void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags) int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *r, int flags) { - return r ? r->meth->flags & flags : 0; + return r && r->meth ? r->meth->flags & flags : 0; } #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) @@ -38014,7 +38017,8 @@ int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e, r->d = d; } - return 1; + return SetRsaInternal(r) == WOLFSSL_SUCCESS ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } #endif /* OPENSSL_EXTRA */ #endif /* NO_RSA */ @@ -38141,6 +38145,15 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal, derSz); } + if (ret < 0 && opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) { + /* Might be in PKCS8 format so let's try */ + idx = 0; + ret = ToTraditionalInline(derBuf, &idx, (word32)derSz); + if (ret > 0) { + ret = wc_EccPrivateKeyDecode(derBuf, &idx, + (ecc_key*)key->internal, derSz); + } + } if (ret < 0) { if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) { WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); @@ -48134,14 +48147,18 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) key = (RsaKey*)rsa->internal; - if (SetIndividualInternal(rsa->n, &key->n) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("rsa n key error"); - return WOLFSSL_FATAL_ERROR; + if (rsa->n != NULL) { + if (SetIndividualInternal(rsa->n, &key->n) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("rsa n key error"); + return WOLFSSL_FATAL_ERROR; + } } - if (SetIndividualInternal(rsa->e, &key->e) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("rsa e key error"); - return WOLFSSL_FATAL_ERROR; + if (rsa->e != NULL) { + if (SetIndividualInternal(rsa->e, &key->e) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("rsa e key error"); + return WOLFSSL_FATAL_ERROR; + } } /* public key */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 96134c4d9..c7631828f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6060,48 +6060,123 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) } #ifndef NO_RSA -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey) +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) +static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey) { - if (!pkey) { - return NULL; - } - return pkey->rsa; -} + int ret = 0; + int derSz = 0; + word32 pkcs8Sz = 0; + byte* derBuf = NULL; + RsaKey* rsa = NULL; + WOLFSSL_RSA *key = NULL; -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_RSA* local; - - WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA"); - - if (key == NULL) { - return NULL; + if (pkey == NULL || pkey->rsa == NULL || pkey->rsa->internal == NULL) { + WOLFSSL_MSG("bad parameter"); + return WOLFSSL_FAILURE; } - local = wolfSSL_RSA_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure"); - return NULL; - } + key = pkey->rsa; + rsa = (RsaKey*)pkey->rsa->internal; - if (key->type == EVP_PKEY_RSA) { - if (wolfSSL_RSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_RSA_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_RSA_free(local); - local = NULL; + /* Get DER size */ + if (rsa->type == RSA_PRIVATE) { + ret = wc_RsaKeyToDer(rsa, NULL, 0); + if (ret > 0) { + derSz = ret; + #ifdef HAVE_PKCS8 + if (key->pkcs8HeaderSz) { + ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, NULL, derSz, + RSAk, NULL, 0); + if (ret == LENGTH_ONLY_E) + ret = 0; } + #endif } } else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an RSA key"); - wolfSSL_RSA_free(local); - local = NULL; + ret = wc_RsaKeyToPublicDer(rsa, NULL, 0); + if (ret > 0) + derSz = ret; } - return local; + + if (derSz == 0 || ret < 0) { + WOLFSSL_MSG("Error getting RSA DER size"); + return WOLFSSL_FAILURE; + } + + derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz, + pkey->heap, DYNAMIC_TYPE_DER); + if (derBuf == NULL) { + WOLFSSL_MSG("EVP_PKEY_set1_RSA malloc failed"); + return WOLFSSL_FAILURE; + } + /* Old pointer is invalid from this point on */ + pkey->pkey.ptr = (char*)derBuf; + + if (rsa->type == RSA_PRIVATE) { + ret = wc_RsaKeyToDer(rsa, derBuf, derSz); + if (ret > 0) { + derSz = ret; + #ifdef HAVE_PKCS8 + if (key->pkcs8HeaderSz) { + byte* keyBuf = derBuf; + int keySz = derSz; + derSz = pkcs8Sz; + /* Need new buffer for PKCS8 since we can't + * do this in-place */ + derBuf = (byte*)XMALLOC(pkcs8Sz, pkey->heap, + DYNAMIC_TYPE_DER); + if (derBuf != NULL) { + ret = wc_CreatePKCS8Key(derBuf, (word32*)&derSz, keyBuf, + keySz, RSAk, NULL, 0); + XFREE(keyBuf, pkey->heap, DYNAMIC_TYPE_DER); + pkey->pkey.ptr = (char*)derBuf; + } + else + ret = MEMORY_E; + } + #endif + } + } + else { + /* Public key to DER */ + ret = wc_RsaKeyToPublicDer(rsa, derBuf, derSz); + if (ret > 0) + derSz = ret; + } + + if (ret < 0) { + WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed"); + return WOLFSSL_FAILURE; + } + else { + pkey->pkey_sz = derSz; + return WOLFSSL_SUCCESS; + } +} +#endif + +WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey) +{ + WOLFSSL_MSG("wolfSSL_EVP_PKEY_get0_RSA"); + + if (pkey == NULL) + return NULL; + + return pkey->rsa; +} + +WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* pkey) +{ + WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA"); + + if (pkey == NULL || pkey->rsa == NULL) + return NULL; + + if (wolfSSL_RSA_up_ref(pkey->rsa) != WOLFSSL_SUCCESS) + return NULL; + + return pkey->rsa; } /* with set1 functions the pkey struct does not own the RSA structure @@ -6110,13 +6185,6 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) */ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) { -#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA) - int ret; - int derSz = 0; - int pkcs8Sz = 0; - byte* derBuf = NULL; - RsaKey* rsa = NULL; -#endif WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; @@ -6140,82 +6208,12 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) } } -#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA) - rsa = (RsaKey*)key->internal; - - /* Get DER size */ - derSz = 0; - if (rsa->type == RSA_PRIVATE) { - ret = wc_RsaKeyToDer(rsa, NULL, 0); - if (ret > 0) { - derSz = ret; - #ifdef HAVE_PKCS8 - if (key->pkcs8HeaderSz) { - ret = wc_CreatePKCS8Key(NULL, (word32*)&pkcs8Sz, NULL, derSz, - RSAk, NULL, 0); - if (ret == LENGTH_ONLY_E) ret = 0; - } - #endif - } - } - else { - ret = wc_RsaKeyToPublicDer(rsa, NULL, 0); - if (ret > 0) - derSz = ret; - } - - if (ret >= 0 && derSz >= 0) { - derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (derBuf == NULL) { - WOLFSSL_MSG("EVP_PKEY_set1_RSA malloc failed"); - return WOLFSSL_FAILURE; - } - - if (rsa->type == RSA_PRIVATE) { - ret = wc_RsaKeyToDer(rsa, derBuf, derSz); - if (ret > 0) { - derSz = ret; - #ifdef HAVE_PKCS8 - if (key->pkcs8HeaderSz) { - byte* keyBuf = derBuf; - int keySz = derSz; - derSz = pkcs8Sz; - derBuf = (byte*)XMALLOC(pkcs8Sz, pkey->heap, - DYNAMIC_TYPE_DER); - if (derBuf == NULL) - ret = MEMORY_E; - else { - ret = wc_CreatePKCS8Key(derBuf, (word32*)&derSz, keyBuf, - keySz, RSAk, NULL, 0); - } - XFREE(keyBuf, pkey->heap, DYNAMIC_TYPE_DER); - } - #endif - } - } - else { - /* Public key to DER */ - ret = wc_RsaKeyToPublicDer(rsa, derBuf, derSz); - if (ret > 0) - derSz = ret; - } - } - - if (ret < 0) { - if (rsa->type == RSA_PRIVATE) { - WOLFSSL_MSG("EVP_PKEY_set1_RSA private failed"); - } - else { - WOLFSSL_MSG("EVP_PKEY_set1_RSA public failed"); - } - if (derBuf) - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_DER); +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) + if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed"); return WOLFSSL_FAILURE; } - - pkey->pkey.ptr = (char*)derBuf; - pkey->pkey_sz = derSz; -#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !HAVE_USER_RSA */ +#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */ #ifdef WC_RSA_BLINDING if (key->ownRng == 0) { @@ -6565,6 +6563,7 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) /* try and populate public pkey_sz and pkey.ptr */ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) { +<<<<<<< master int derSz = 0; ecc_key* ecc; @@ -6588,11 +6587,24 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) } else { XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL); +======= + word32 derSz = 0; + byte* derBuf = NULL; + if (!pkey || !ecc) + return WOLFSSL_FAILURE; + if (ecc->type == ECC_PRIVATEKEY || ecc->type == ECC_PRIVATEKEY_ONLY) { + if (wc_EccKeyToPKCS8(ecc, NULL, &derSz) == LENGTH_ONLY_E) { + derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); + if (derBuf != NULL) { + if (wc_EccKeyToPKCS8(ecc, derBuf, &derSz) < 0) { + XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); +>>>>>>> WIP derBuf = NULL; } } } } +<<<<<<< master else { /* if not, the pkey will be traditional ecc key */ if ((derSz = wc_EccKeyDerSize(ecc, 1)) > 0) { @@ -6608,12 +6620,27 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) } else { XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL); +======= + else if (ecc->type == ECC_PUBLICKEY) { + if ((derSz = (word32)wc_EccPublicKeyDerSize(ecc, 1)) > 0) { + derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); + if (derBuf != NULL) { + if (wc_EccPublicKeyToDer(ecc, derBuf, derSz, 1) < 0) { + XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); +>>>>>>> WIP derBuf = NULL; } } } } - return WOLFSSL_FAILURE; + if (derBuf != NULL) { + pkey->pkey_sz = (int)derSz; + pkey->pkey.ptr = (char*)derBuf; + return WOLFSSL_SUCCESS; + } + else { + return WOLFSSL_FAILURE; + } } int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)