wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 21:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

#424

Browse Source 
Refactor d2i key API to use common code
This commit is contained in:
Juliusz Sosinowicz
2021-10-19 15:51:29 +02:00
parent 4d5dceaa4e
commit 9386a882b9
3 changed files with 71 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
src/ssl.c
View File

@@ -8031,25 +8031,15 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
#endif /* !NO_BIO */ #endif /* !NO_BIO */
static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
const unsigned char** in, long inSz, int priv)
/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure.
*
* out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL
* in DER buffer to convert
* inSz size of in buffer
*
* returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL
* on fail
*/
WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
const unsigned char** in, long inSz)
{ {
WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY* pkey = NULL;
const unsigned char* mem; const unsigned char* mem;
long memSz = inSz; long memSz = inSz;
WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); WOLFSSL_ENTER("d2iGenericKey");
if (in == NULL || inSz < 0) { if (in == NULL || inSz < 0) {
WOLFSSL_MSG("Bad argument"); WOLFSSL_MSG("Bad argument");
@@ -8071,8 +8061,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
XMEMSET(rsa, 0, sizeof(RsaKey)); XMEMSET(rsa, 0, sizeof(RsaKey));
/* test if RSA key */ /* test if RSA key */
isRsaKey = wc_InitRsaKey(rsa, NULL) == 0 && if (priv)
wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0; isRsaKey = wc_InitRsaKey(rsa, NULL) == 0 &&
wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0;
else
isRsaKey = wc_InitRsaKey(rsa, NULL) == 0 &&
wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0;
wc_FreeRsaKey(rsa); wc_FreeRsaKey(rsa);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
@@ -8083,7 +8077,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
if (pkey != NULL) { if (pkey != NULL) {
pkey->pkey_sz = keyIdx; pkey->pkey_sz = keyIdx;
pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
DYNAMIC_TYPE_PUBLIC_KEY); priv ? DYNAMIC_TYPE_PRIVATE_KEY :
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkey->pkey.ptr == NULL) { if (pkey->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
@@ -8102,8 +8097,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
} }
if (wolfSSL_RSA_LoadDer_ex(pkey->rsa, if (wolfSSL_RSA_LoadDer_ex(pkey->rsa,
(const unsigned char*)pkey->pkey.ptr, (const unsigned char*)pkey->pkey.ptr,
pkey->pkey_sz, WOLFSSL_RSA_LOAD_PUBLIC) != 1) { pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
: WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
} }
@@ -8130,8 +8126,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
#endif #endif
XMEMSET(ecc, 0, sizeof(ecc_key)); XMEMSET(ecc, 0, sizeof(ecc_key));
isEccKey = wc_ecc_init(ecc) == 0 && if (priv)
wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0; isEccKey = wc_ecc_init(ecc) == 0 &&
wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0;
else
isEccKey = wc_ecc_init(ecc) == 0 &&
wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0;
wc_ecc_free(ecc); wc_ecc_free(ecc);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); XFREE(ecc, NULL, DYNAMIC_TYPE_ECC);
@@ -8142,7 +8142,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
if (pkey != NULL) { if (pkey != NULL) {
pkey->pkey_sz = keyIdx; pkey->pkey_sz = keyIdx;
pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL,
DYNAMIC_TYPE_PUBLIC_KEY); priv ? DYNAMIC_TYPE_PRIVATE_KEY :
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkey->pkey.ptr == NULL) { if (pkey->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
@@ -8161,8 +8162,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
} }
if (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc, if (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc,
(const unsigned char*)pkey->pkey.ptr, (const unsigned char*)pkey->pkey.ptr,
pkey->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) { pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
: WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
} }
@@ -8189,8 +8191,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
#endif #endif
XMEMSET(dsa, 0, sizeof(DsaKey)); XMEMSET(dsa, 0, sizeof(DsaKey));
isDsaKey = wc_InitDsaKey(dsa) == 0 && if (priv)
wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0; isDsaKey = wc_InitDsaKey(dsa) == 0 &&
wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0;
else
isDsaKey = wc_InitDsaKey(dsa) == 0 &&
wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0;
wc_FreeDsaKey(dsa); wc_FreeDsaKey(dsa);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
@@ -8203,7 +8209,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
if (pkey != NULL) { if (pkey != NULL) {
pkey->pkey_sz = keyIdx; pkey->pkey_sz = keyIdx;
pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
DYNAMIC_TYPE_PUBLIC_KEY); priv ? DYNAMIC_TYPE_PRIVATE_KEY :
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkey->pkey.ptr == NULL) { if (pkey->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
@@ -8221,10 +8228,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
return NULL; return NULL;
} }
if (wolfSSL_DSA_LoadDer_ex(pkey->dsa, if (wolfSSL_DSA_LoadDer_ex(pkey->dsa,
(const unsigned char*)pkey->pkey.ptr, (const unsigned char*)pkey->pkey.ptr,
pkey->pkey_sz, WOLFSSL_DSA_LOAD_PUBLIC) != 1) { pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
: WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
} }
@@ -8267,7 +8274,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
if (pkey != NULL) { if (pkey != NULL) {
pkey->pkey_sz = (int)memSz; pkey->pkey_sz = (int)memSz;
pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
DYNAMIC_TYPE_PUBLIC_KEY); priv ? DYNAMIC_TYPE_PRIVATE_KEY :
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkey->pkey.ptr == NULL) { if (pkey->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
@@ -8315,7 +8323,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
if (wc_InitDhKey(&dh) != 0) if (wc_InitDhKey(&dh) != 0)
return NULL; return NULL;
ret = wc_DhPublicKeyDecode(mem, &keyIdx, &dh, (word32)memSz); ret = wc_DhKeyDecode(mem, &keyIdx, &dh, (word32)memSz);
wc_FreeDhKey(&dh); wc_FreeDhKey(&dh);
if (ret == 0) { if (ret == 0) {
@@ -8324,7 +8332,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
pkey->type = EVP_PKEY_DH; pkey->type = EVP_PKEY_DH;
pkey->pkey_sz = (int)memSz; pkey->pkey_sz = (int)memSz;
pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
DYNAMIC_TYPE_PUBLIC_KEY); priv ? DYNAMIC_TYPE_PRIVATE_KEY :
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkey->pkey.ptr == NULL) { if (pkey->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
return NULL; return NULL;
@@ -8343,24 +8352,15 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
key = (DhKey*)pkey->dh->internal; key = (DhKey*)pkey->dh->internal;
keyIdx = 0; keyIdx = 0;
if (wc_DhPublicKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0) if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0)
{ {
elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB; elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB;
if( SetDhExternal_ex(pkey->dh, elements) if (priv)
== WOLFSSL_SUCCESS ){ elements |= ELEMENT_PRV;
if(SetDhExternal_ex(pkey->dh, elements)
== WOLFSSL_SUCCESS ) {
return pkey; return pkey;
} }
/*
if (SetIndividualExternal(&(pkey->dh->p), &key->p)
== WOLFSSL_SUCCESS &&
SetIndividualExternal(&(pkey->dh->g), &key->g)
== WOLFSSL_SUCCESS &&
SetIndividualExternal(&(pkey->dh->q), &key->q)
== WOLFSSL_SUCCESS &&
SetIndividualExternal(&(pkey->dh->pub_key), &key->pub)
== WOLFSSL_SUCCESS) {
return pkey;
} */
} }
else { else {
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
@@ -8377,6 +8377,24 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
} }
return pkey; return pkey;
}
/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure.
*
* out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL
* in DER buffer to convert
* inSz size of in buffer
*
* returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL
* on fail
*/
WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
const unsigned char** in, long inSz)
{
WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY");
return d2iGenericKey(out, in, inSz, 0);
} }
/* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */ /* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */
@@ -46462,106 +46480,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out,
unsigned char** in, long inSz) unsigned char** in, long inSz)
{ {
WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP");
const unsigned char* mem; return d2iGenericKey(out, (const unsigned char**)in, inSz, 1);
long memSz = inSz;
WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP()");
if (in == NULL || *in == NULL || inSz < 0) {
WOLFSSL_MSG("Bad argument");
return NULL;
}
mem = *in;
#if !defined(NO_RSA)
{
RsaKey rsa;
word32 keyIdx = 0;
/* test if RSA key */
if (wc_InitRsaKey(&rsa, NULL) == 0 &&
wc_RsaPrivateKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) {
wc_FreeRsaKey(&rsa);
pkey = wolfSSL_EVP_PKEY_new();
if (pkey != NULL) {
pkey->pkey_sz = keyIdx;
pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
DYNAMIC_TYPE_PRIVATE_KEY);
if (pkey->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
pkey->type = EVP_PKEY_RSA;
if (out != NULL) {
*out = pkey;
}
pkey->ownRsa = 1;
pkey->rsa = wolfSSL_RSA_new();
if (pkey->rsa == NULL) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
if (wolfSSL_RSA_LoadDer_ex(pkey->rsa,
(const unsigned char*)pkey->pkey.ptr,
pkey->pkey_sz, WOLFSSL_RSA_LOAD_PRIVATE) != 1) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
return pkey;
}
}
wc_FreeRsaKey(&rsa);
}
#endif /* NO_RSA */
#ifdef HAVE_ECC
{
word32 keyIdx = 0;
ecc_key ecc;
/* test if ecc key */
if (wc_ecc_init(&ecc) == 0 &&
wc_EccPrivateKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) {
wc_ecc_free(&ecc);
pkey = wolfSSL_EVP_PKEY_new();
if (pkey != NULL) {
pkey->pkey_sz = keyIdx;
pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL,
DYNAMIC_TYPE_PRIVATE_KEY);
if (pkey->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
pkey->type = EVP_PKEY_EC;
pkey->ownEcc = 1;
pkey->ecc = wolfSSL_EC_KEY_new();
if (pkey->ecc == NULL) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
if (wolfSSL_EC_KEY_LoadDer(pkey->ecc,
(const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz)
!= WOLFSSL_SUCCESS) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
if (out != NULL) {
*out = pkey;
}
return pkey;
}
}
wc_ecc_free(&ecc);
}
#endif /* HAVE_ECC */
return pkey;
} }
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || WOLFSSL_WPAS_SMALL*/ #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || WOLFSSL_WPAS_SMALL*/

4
wolfcrypt/src/asn.c
View File

@@ -8578,8 +8578,8 @@ static const ASNItem dsaPubKeyASN[] = {
* @return ASN_BITSTR_E when the expected BIT_STRING tag is not found. * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
* @return ASN_UNKNOWN_OID_E when the OID cannot be verified. * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
*/ */
int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
word32 inSz) word32 inSz)
{ {
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
int length; int length;

4
wolfssl/wolfcrypt/types.h
View File

@@ -462,11 +462,11 @@ decouple library dependencies with standard string, memory and so on.
#endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_DEBUG_MEMORY */
#elif !defined(FREERTOS) && !defined(FREERTOS_TCP) #elif !defined(FREERTOS) && !defined(FREERTOS_TCP)
#ifdef WOLFSSL_DEBUG_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
#else #else
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
#endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_DEBUG_MEMORY */