Skip to content

Commit

Permalink
use heap hint with wolfSSL_CTX_check_private_key
Browse files Browse the repository at this point in the history
  • Loading branch information
JacobBarthelmeh committed Oct 21, 2024
1 parent ea3a79e commit 5a28367
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 19 deletions.
4 changes: 2 additions & 2 deletions src/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -6347,7 +6347,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
#endif /* WOLF_PRIVATE_KEY_ID */
{
ret = wc_CheckPrivateKeyCert(buff, size, der, 0);
ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap);
ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
}

Expand Down Expand Up @@ -6407,7 +6407,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
#endif /* WOLF_PRIVATE_KEY_ID */
{
ret = wc_CheckPrivateKeyCert(buff, size, der, 1);
ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap);
ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/x509.c
Original file line number Diff line number Diff line change
Expand Up @@ -12984,7 +12984,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
#ifndef NO_CHECK_PRIVATE_KEY
return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
x509->pubKey.buffer, x509->pubKey.length,
(enum Key_Sum)x509->pubKeyOID) == 1 ?
(enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
#else
/* not compiled in */
Expand Down
28 changes: 15 additions & 13 deletions wolfcrypt/src/asn.c
Original file line number Diff line number Diff line change
Expand Up @@ -7446,9 +7446,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
* privKeySz : size of private key buffer
* pubKey : buffer holding DER format public key
* pubKeySz : size of public key buffer
* ks : type of key */
* ks : type of key
* heap : heap hint to use */
int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks)
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks,
void* heap)
{
int ret;
(void)privKeySz;
Expand Down Expand Up @@ -7485,14 +7487,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
#endif

if ((ret = wc_InitRsaKey(a, NULL)) < 0) {
if ((ret = wc_InitRsaKey(a, heap)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(b, NULL, DYNAMIC_TYPE_RSA);
XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return ret;
}
if ((ret = wc_InitRsaKey(b, NULL)) < 0) {
if ((ret = wc_InitRsaKey(b, heap)) < 0) {
wc_FreeRsaKey(a);
#ifdef WOLFSSL_SMALL_STACK
XFREE(b, NULL, DYNAMIC_TYPE_RSA);
Expand Down Expand Up @@ -7553,7 +7555,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
#endif

if ((ret = wc_ecc_init(key_pair)) < 0) {
if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
Expand All @@ -7571,7 +7573,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz);
#endif
wc_ecc_free(key_pair);
ret = wc_ecc_init(key_pair);
ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID);
if (ret == 0) {
ret = wc_ecc_import_private_key(privDer,
privSz, pubKey,
Expand Down Expand Up @@ -7622,7 +7624,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
return MEMORY_E;
#endif

if ((ret = wc_ed25519_init(key_pair)) < 0) {
if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519);
#endif
Expand Down Expand Up @@ -7672,7 +7674,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
return MEMORY_E;
#endif

if ((ret = wc_ed448_init(key_pair)) < 0) {
if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448);
#endif
Expand Down Expand Up @@ -7933,7 +7935,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
* checkAlt : indicate if we check primary or alternative key
*/
int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
int checkAlt)
int checkAlt, void* heap)
{
int ret = 0;

Expand All @@ -7947,7 +7949,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
word32 idx = 0;
/* Dilithium has the largest public key at the moment */
word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL,
byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (decodedPubKey == NULL) {
ret = MEMORY_E;
Expand All @@ -7966,15 +7968,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
}
if (ret == 0) {
ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen,
(enum Key_Sum) der->sapkiOID);
(enum Key_Sum) der->sapkiOID, heap);
}
XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
else
#endif
{
ret = wc_CheckPrivateKey(key, keySz, der->publicKey,
der->pubKeySize, (enum Key_Sum) der->keyOID);
der->pubKeySize, (enum Key_Sum) der->keyOID, heap);
}

(void)checkAlt;
Expand Down
2 changes: 1 addition & 1 deletion wolfcrypt/src/pkcs12.c
Original file line number Diff line number Diff line change
Expand Up @@ -1112,7 +1112,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,

InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) {
if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) {
WOLFSSL_MSG("Key Pair found");
*cert = current->buffer;
*certSz = current->bufferSz;
Expand Down
6 changes: 4 additions & 2 deletions wolfssl/wolfcrypt/asn.h
Original file line number Diff line number Diff line change
Expand Up @@ -2382,9 +2382,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash,
int maxIdx, word32 sigOID);
WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz,
DecodedCert* der, int checkAlt);
DecodedCert* der, int checkAlt,
void* heap);
WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
const byte* pubKey, word32 pubKeySz,
enum Key_Sum ks, void* heap);
WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
#ifdef WOLFSSL_DH_EXTRA
WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
Expand Down

0 comments on commit 5a28367

Please sign in to comment.