wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for TLS PK callback issue with Ed25519/Ed448 and public key not being set.

Browse Source
This commit is contained in:
David Garske
2022-03-21 13:45:40 -07:00
parent 59665a44b5
commit aa38d99538
4 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/internal.c
View File

@ -4877,7 +4877,7 @@ int Ed25519CheckPubKey(WOLFSSL* ssl)
int ret = 0;
/* Public key required for signing. */
if (!key->pubKeySet) {
if (key != NULL && !key->pubKeySet) {
DerBuffer* leaf = ssl->buffers.certificate;
DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert),
ssl->heap, DYNAMIC_TYPE_DCERT);
@ -5211,7 +5211,7 @@ int Ed448CheckPubKey(WOLFSSL* ssl)
int ret = 0;
/* Public key required for signing. */
if (!key->pubKeySet) {
if (key != NULL && !key->pubKeySet) {
DerBuffer* leaf = ssl->buffers.certificate;
DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), ssl->heap,
DYNAMIC_TYPE_DCERT);
@ -5786,7 +5786,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
WOLFSSL_MSG("Allowing no server private key (external)");
}
else
#endif
#endif
{
WOLFSSL_MSG("Server missing private key");
return NO_PRIVATE_KEY;

12
src/ssl.c
View File

@ -5851,7 +5851,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
)) {
/* if using crypto or PK callbacks, try public key decode */
*idx = 0;
ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length);
ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key,
der->length);
}
#endif
if (ret == 0) {
@ -5925,7 +5926,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
)) {
/* if using crypto or PK callbacks, try public key decode */
*idx = 0;
ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key, der->length);
ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key,
der->length);
}
#endif
if (ret == 0) {
@ -6131,7 +6133,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef HAVE_PKCS8
/* if private key try and remove PKCS8 header */
if (type == PRIVATEKEY_TYPE) {
if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) {
if ((ret = ToTraditional_ex(der->buffer, der->length,
&algId)) > 0) {
/* Found PKCS8 header */
/* ToTraditional_ex moves buff and returns adjusted length */
der->length = ret;
@ -14872,7 +14875,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
#endif
) {
WOLFSSL_MSG("Allowing no server private key (external)");
WOLFSSL_MSG("Allowing no server private key "
"(external)");
}
else
#endif

2
src/tls13.c
View File

@ -9552,7 +9552,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
WOLFSSL_MSG("Allowing no server private key (external)");
}
else
#endif
#endif
{
WOLFSSL_MSG("accept error: server key required");
WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY);

14
wolfssl/test.h
View File

@ -4027,8 +4027,13 @@ static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
ret = wc_ed25519_init(&myKey);
if (ret == 0) {
ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
if (ret == 0)
if (ret == 0) {
ret = wc_ed25519_make_public(&myKey, myKey.p, ED25519_PUB_KEY_SIZE);
}
if (ret == 0) {
myKey.pubKeySet = 1;
ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
}
wc_ed25519_free(&myKey);
}
@ -4191,8 +4196,13 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
ret = wc_ed448_init(&myKey);
if (ret == 0) {
ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
if (ret == 0)
if (ret == 0) {
ret = wc_ed448_make_public(&myKey, myKey.p, ED448_PUB_KEY_SIZE);
}
if (ret == 0) {
myKey.pubKeySet = 1;
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0);
}
wc_ed448_free(&myKey);
}