Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use heap hint with wolfSSL_CTX_check_private_key #8070

Merged
merged 2 commits into from
Oct 21, 2024
Merged

use heap hint with wolfSSL_CTX_check_private_key #8070

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8fda4ce
use heap hint with wolfSSL_CTX_check_private_key
JacobBarthelmeh Oct 14, 2024
bc0a2c4
avoid warning for unused parameter with certain build configurations
JacobBarthelmeh Oct 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6347,7 +6347,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
#endif /* WOLF_PRIVATE_KEY_ID */
{
ret = wc_CheckPrivateKeyCert(buff, size, der, 0);
ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap);
ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
}

Expand Down Expand Up @@ -6407,7 +6407,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
#endif /* WOLF_PRIVATE_KEY_ID */
{
ret = wc_CheckPrivateKeyCert(buff, size, der, 1);
ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap);
ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/x509.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12984,7 +12984,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
#ifndef NO_CHECK_PRIVATE_KEY
return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
x509->pubKey.buffer, x509->pubKey.length,
(enum Key_Sum)x509->pubKeyOID) == 1 ?
(enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
#else
/* not compiled in */
Expand Down
29 changes: 16 additions & 13 deletions wolfcrypt/src/asn.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7446,9 +7446,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
* privKeySz : size of private key buffer
* pubKey : buffer holding DER format public key
* pubKeySz : size of public key buffer
* ks : type of key */
* ks : type of key
* heap : heap hint to use */
int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks)
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks,
void* heap)
{
int ret;
(void)privKeySz;
Expand Down Expand Up @@ -7485,14 +7487,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
#endif

if ((ret = wc_InitRsaKey(a, NULL)) < 0) {
if ((ret = wc_InitRsaKey(a, heap)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(b, NULL, DYNAMIC_TYPE_RSA);
XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return ret;
}
if ((ret = wc_InitRsaKey(b, NULL)) < 0) {
if ((ret = wc_InitRsaKey(b, heap)) < 0) {
wc_FreeRsaKey(a);
#ifdef WOLFSSL_SMALL_STACK
XFREE(b, NULL, DYNAMIC_TYPE_RSA);
Expand Down Expand Up @@ -7553,7 +7555,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
#endif

if ((ret = wc_ecc_init(key_pair)) < 0) {
if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
Expand All @@ -7571,7 +7573,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz);
#endif
wc_ecc_free(key_pair);
ret = wc_ecc_init(key_pair);
ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID);
if (ret == 0) {
ret = wc_ecc_import_private_key(privDer,
privSz, pubKey,
Expand Down Expand Up @@ -7622,7 +7624,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
return MEMORY_E;
#endif

if ((ret = wc_ed25519_init(key_pair)) < 0) {
if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519);
#endif
Expand Down Expand Up @@ -7672,7 +7674,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
return MEMORY_E;
#endif

if ((ret = wc_ed448_init(key_pair)) < 0) {
if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448);
#endif
Expand Down Expand Up @@ -7919,6 +7921,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
ret = 0;
}
(void)ks;
(void)heap;

return ret;
}
Expand All @@ -7933,7 +7936,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
* checkAlt : indicate if we check primary or alternative key
*/
int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
int checkAlt)
int checkAlt, void* heap)
{
int ret = 0;

Expand All @@ -7947,7 +7950,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
word32 idx = 0;
/* Dilithium has the largest public key at the moment */
word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL,
byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (decodedPubKey == NULL) {
ret = MEMORY_E;
Expand All @@ -7966,15 +7969,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
}
if (ret == 0) {
ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen,
(enum Key_Sum) der->sapkiOID);
(enum Key_Sum) der->sapkiOID, heap);
}
XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
else
#endif
{
ret = wc_CheckPrivateKey(key, keySz, der->publicKey,
der->pubKeySize, (enum Key_Sum) der->keyOID);
der->pubKeySize, (enum Key_Sum) der->keyOID, heap);
}

(void)checkAlt;
Expand Down
2 changes: 1 addition & 1 deletion wolfcrypt/src/pkcs12.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1112,7 +1112,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,

InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) {
if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) {
WOLFSSL_MSG("Key Pair found");
*cert = current->buffer;
*certSz = current->bufferSz;
Expand Down
6 changes: 4 additions & 2 deletions wolfssl/wolfcrypt/asn.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2382,9 +2382,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash,
int maxIdx, word32 sigOID);
WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz,
DecodedCert* der, int checkAlt);
DecodedCert* der, int checkAlt,
void* heap);
WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
const byte* pubKey, word32 pubKeySz,
enum Key_Sum ks, void* heap);
WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
#ifdef WOLFSSL_DH_EXTRA
WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
Expand Down
Loading