WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix for crypto callback not returning `CRYPTOCB_UNAVAILABLE`, which caused an invalid hash to be used for CSR signing. ZD 13949.

pull/311/head
David Garske 2022-04-05 11:53:47 -07:00
parent f82abd8c62
commit b9b157d9ef
2 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
certgen/README.md
View File

@ -263,7 +263,7 @@ Tested with these wolfSSL build options:
```sh ```sh
./autogen.sh # If cloned from GitHub ./autogen.sh # If cloned from GitHub
./configure --enable-certreq --enable-certgen --enable-certext --enable-cryptocb ./configure --enable-certreq --enable-certgen --enable-certext --enable-keygen --enable-cryptocb
make make
make check make check
sudo make install sudo make install

41
certgen/csr_cryptocb.c
View File

@ -44,6 +44,15 @@
#define ENABLE_CSR_EXAMPLE #define ENABLE_CSR_EXAMPLE
#endif #endif
/* Private and public key files for signing */
#define ECC_KEY_FILE "../certs/ecc-key.pem"
#define ECC_KEYPUB_FILE "../certs/ecc-keyPub.pem"
#define RSA_KEY_FILE "../certs/client-key.pem"
#define RSA_KEYPUB_FILE "../certs/client-keyPub.pem"
#define ED25519_KEY_FILE "../certs/ed25519-keyPriv.pem"
#define ED25519_KEYPUB_FILE "../certs/ed25519-keyPub.pem"
#ifdef ENABLE_CSR_EXAMPLE #ifdef ENABLE_CSR_EXAMPLE
static void usage(void) static void usage(void)
{ {
@ -74,25 +83,26 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
{ {
int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */ int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
myCryptoCbCtx* myCtx = (myCryptoCbCtx*)ctx; myCryptoCbCtx* myCtx = (myCryptoCbCtx*)ctx;
byte der[LARGE_TEMP_SZ];
word32 derSz;
word32 idx = 0; word32 idx = 0;
if (info == NULL) if (info == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ret = load_key_file(myCtx->keyFilePriv, der, &derSz, 0);
if (ret != 0) {
printf("Error %d loading %s\n", ret, myCtx->keyFilePriv);
return ret;
}
if (info->algo_type == WC_ALGO_TYPE_PK) { if (info->algo_type == WC_ALGO_TYPE_PK) {
byte der[LARGE_TEMP_SZ];
word32 derSz;
#ifdef DEBUG_CRYPTOCB #ifdef DEBUG_CRYPTOCB
printf("CryptoCb: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), printf("CryptoCb: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
GetPkTypeStr(info->pk.type), info->pk.type); GetPkTypeStr(info->pk.type), info->pk.type);
#endif #endif
ret = load_key_file(myCtx->keyFilePriv, der, &derSz, 0);
if (ret != 0) {
printf("Error %d loading %s\n", ret, myCtx->keyFilePriv);
return ret;
}
#ifndef NO_RSA #ifndef NO_RSA
if (info->pk.type == WC_PK_TYPE_RSA) { if (info->pk.type == WC_PK_TYPE_RSA) {
RsaKey rsaPriv; RsaKey rsaPriv;
@ -168,6 +178,9 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
#endif /* HAVE_ED25519 */ #endif /* HAVE_ED25519 */
} }
else {
ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
}
(void)devIdArg; (void)devIdArg;
(void)myCtx; (void)myCtx;
@ -366,20 +379,20 @@ static int gen_csr(const char* arg1)
/* setup test key */ /* setup test key */
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (type == ECC_TYPE) { if (type == ECC_TYPE) {
myCtx.keyFilePub = "../certs/ecc-keyPub.pem"; myCtx.keyFilePub = ECC_KEYPUB_FILE;
myCtx.keyFilePriv = "../certs/ecc-key.pem"; myCtx.keyFilePriv = ECC_KEY_FILE;
} }
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
if (type == RSA_TYPE) { if (type == RSA_TYPE) {
myCtx.keyFilePub = "../certs/client-keyPub.pem"; myCtx.keyFilePub = RSA_KEYPUB_FILE;
myCtx.keyFilePriv = "../certs/client-key.pem"; myCtx.keyFilePriv = RSA_KEY_FILE;
} }
#endif #endif
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
if (type == ED25519_TYPE) { if (type == ED25519_TYPE) {
myCtx.keyFilePub = "../certs/ed25519-keyPub.pem"; myCtx.keyFilePub = ED25519_KEYPUB_FILE;
myCtx.keyFilePriv = "../certs/ed25519-keyPriv.pem"; myCtx.keyFilePriv = ED25519_KEY_FILE;
} }
#endif #endif