mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 10:47:28 +02:00
Fix for TLS PK callback issue with Ed25519/Ed448 and public key not being set.
This commit is contained in:
David Garske
@ -4877,7 +4877,7 @@ int Ed25519CheckPubKey(WOLFSSL* ssl)
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
/* Public key required for signing. */
|
/* Public key required for signing. */
|
||||||
if (!key->pubKeySet) {
|
if (key != NULL && !key->pubKeySet) {
|
||||||
DerBuffer* leaf = ssl->buffers.certificate;
|
DerBuffer* leaf = ssl->buffers.certificate;
|
||||||
DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert),
|
DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert),
|
||||||
ssl->heap, DYNAMIC_TYPE_DCERT);
|
ssl->heap, DYNAMIC_TYPE_DCERT);
|
||||||
@ -5211,7 +5211,7 @@ int Ed448CheckPubKey(WOLFSSL* ssl)
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
/* Public key required for signing. */
|
/* Public key required for signing. */
|
||||||
if (!key->pubKeySet) {
|
if (key != NULL && !key->pubKeySet) {
|
||||||
DerBuffer* leaf = ssl->buffers.certificate;
|
DerBuffer* leaf = ssl->buffers.certificate;
|
||||||
DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), ssl->heap,
|
DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), ssl->heap,
|
||||||
DYNAMIC_TYPE_DCERT);
|
DYNAMIC_TYPE_DCERT);
|
||||||
@ -5786,7 +5786,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
|
|||||||
WOLFSSL_MSG("Allowing no server private key (external)");
|
WOLFSSL_MSG("Allowing no server private key (external)");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
WOLFSSL_MSG("Server missing private key");
|
WOLFSSL_MSG("Server missing private key");
|
||||||
return NO_PRIVATE_KEY;
|
return NO_PRIVATE_KEY;
|
||||||
|
|||||||
12
src/ssl.c
12
src/ssl.c
@ -5851,7 +5851,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
|||||||
)) {
|
)) {
|
||||||
/* if using crypto or PK callbacks, try public key decode */
|
/* if using crypto or PK callbacks, try public key decode */
|
||||||
*idx = 0;
|
*idx = 0;
|
||||||
ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length);
|
ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key,
|
||||||
|
der->length);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
@ -5925,7 +5926,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
|||||||
)) {
|
)) {
|
||||||
/* if using crypto or PK callbacks, try public key decode */
|
/* if using crypto or PK callbacks, try public key decode */
|
||||||
*idx = 0;
|
*idx = 0;
|
||||||
ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key, der->length);
|
ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key,
|
||||||
|
der->length);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
@ -6131,7 +6133,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||||||
#ifdef HAVE_PKCS8
|
#ifdef HAVE_PKCS8
|
||||||
/* if private key try and remove PKCS8 header */
|
/* if private key try and remove PKCS8 header */
|
||||||
if (type == PRIVATEKEY_TYPE) {
|
if (type == PRIVATEKEY_TYPE) {
|
||||||
if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) {
|
if ((ret = ToTraditional_ex(der->buffer, der->length,
|
||||||
|
&algId)) > 0) {
|
||||||
/* Found PKCS8 header */
|
/* Found PKCS8 header */
|
||||||
/* ToTraditional_ex moves buff and returns adjusted length */
|
/* ToTraditional_ex moves buff and returns adjusted length */
|
||||||
der->length = ret;
|
der->length = ret;
|
||||||
@ -14872,7 +14875,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
|||||||
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
|
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
WOLFSSL_MSG("Allowing no server private key (external)");
|
WOLFSSL_MSG("Allowing no server private key "
|
||||||
|
"(external)");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -9552,7 +9552,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
|||||||
WOLFSSL_MSG("Allowing no server private key (external)");
|
WOLFSSL_MSG("Allowing no server private key (external)");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
WOLFSSL_MSG("accept error: server key required");
|
WOLFSSL_MSG("accept error: server key required");
|
||||||
WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY);
|
WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY);
|
||||||
|
|||||||
@ -4027,8 +4027,13 @@ static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
|
|||||||
ret = wc_ed25519_init(&myKey);
|
ret = wc_ed25519_init(&myKey);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
|
ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
|
||||||
if (ret == 0)
|
if (ret == 0) {
|
||||||
|
ret = wc_ed25519_make_public(&myKey, myKey.p, ED25519_PUB_KEY_SIZE);
|
||||||
|
}
|
||||||
|
if (ret == 0) {
|
||||||
|
myKey.pubKeySet = 1;
|
||||||
ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
|
ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
|
||||||
|
}
|
||||||
wc_ed25519_free(&myKey);
|
wc_ed25519_free(&myKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4191,8 +4196,13 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
|
|||||||
ret = wc_ed448_init(&myKey);
|
ret = wc_ed448_init(&myKey);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
|
ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
|
||||||
if (ret == 0)
|
if (ret == 0) {
|
||||||
|
ret = wc_ed448_make_public(&myKey, myKey.p, ED448_PUB_KEY_SIZE);
|
||||||
|
}
|
||||||
|
if (ret == 0) {
|
||||||
|
myKey.pubKeySet = 1;
|
||||||
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0);
|
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0);
|
||||||
|
}
|
||||||
wc_ed448_free(&myKey);
|
wc_ed448_free(&myKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user