diff --git a/src/internal.c b/src/internal.c index a5f3317fb..88403d1cf 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4877,7 +4877,7 @@ int Ed25519CheckPubKey(WOLFSSL* ssl) int ret = 0; /* Public key required for signing. */ - if (!key->pubKeySet) { + if (key != NULL && !key->pubKeySet) { DerBuffer* leaf = ssl->buffers.certificate; DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), ssl->heap, DYNAMIC_TYPE_DCERT); @@ -5211,7 +5211,7 @@ int Ed448CheckPubKey(WOLFSSL* ssl) int ret = 0; /* Public key required for signing. */ - if (!key->pubKeySet) { + if (key != NULL && !key->pubKeySet) { DerBuffer* leaf = ssl->buffers.certificate; DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), ssl->heap, DYNAMIC_TYPE_DCERT); @@ -5786,7 +5786,7 @@ int InitSSL_Suites(WOLFSSL* ssl) WOLFSSL_MSG("Allowing no server private key (external)"); } else - #endif + #endif { WOLFSSL_MSG("Server missing private key"); return NO_PRIVATE_KEY; diff --git a/src/ssl.c b/src/ssl.c index 9f3fe33e1..115d368ce 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5851,7 +5851,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der )) { /* if using crypto or PK callbacks, try public key decode */ *idx = 0; - ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length); + ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, + der->length); } #endif if (ret == 0) { @@ -5925,7 +5926,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der )) { /* if using crypto or PK callbacks, try public key decode */ *idx = 0; - ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key, der->length); + ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key, + der->length); } #endif if (ret == 0) { @@ -6131,7 +6133,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef HAVE_PKCS8 /* if private key try and remove PKCS8 header */ if (type == PRIVATEKEY_TYPE) { - if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) { + if ((ret = ToTraditional_ex(der->buffer, der->length, + &algId)) > 0) { /* Found PKCS8 header */ /* ToTraditional_ex moves buff and returns adjusted length */ der->length = ret; @@ -14872,7 +14875,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) #endif ) { - WOLFSSL_MSG("Allowing no server private key (external)"); + WOLFSSL_MSG("Allowing no server private key " + "(external)"); } else #endif diff --git a/src/tls13.c b/src/tls13.c index 7c467c6fe..d5f0b0c6e 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -9552,7 +9552,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) WOLFSSL_MSG("Allowing no server private key (external)"); } else - #endif + #endif { WOLFSSL_MSG("accept error: server key required"); WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY); diff --git a/wolfssl/test.h b/wolfssl/test.h index 4edc4c312..d3f57ad46 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -4027,8 +4027,13 @@ static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, ret = wc_ed25519_init(&myKey); if (ret == 0) { ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) + if (ret == 0) { + ret = wc_ed25519_make_public(&myKey, myKey.p, ED25519_PUB_KEY_SIZE); + } + if (ret == 0) { + myKey.pubKeySet = 1; ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey); + } wc_ed25519_free(&myKey); } @@ -4191,8 +4196,13 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, ret = wc_ed448_init(&myKey); if (ret == 0) { ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) + if (ret == 0) { + ret = wc_ed448_make_public(&myKey, myKey.p, ED448_PUB_KEY_SIZE); + } + if (ret == 0) { + myKey.pubKeySet = 1; ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0); + } wc_ed448_free(&myKey); }