Implement wolfSSL_X509_check_private_key

2020-10-06 17:06:38 +02:00 · 2020-10-06 17:06:38 +02:00 · 2197748a51
parent cb84213ffd
commit 2197748a51
2 changed files with 74 additions and 7 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -42326,7 +42326,7 @@ err:

        /* If s is numerical value, try to sum oid */
        ret = EncodePolicyOID(out, &outSz, s, NULL);
-        if (ret == 0) {
+        if (ret == 0 && outSz > 0) {
            /* If numerical encode succeeded then just
             * create object from that because sums are
             * not unique and can cause confusion. */
@ -42448,15 +42448,49 @@ err:

 #ifdef OPENSSL_EXTRA

-#ifndef NO_WOLFSSL_STUB
    int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
    {
-        (void) x509;
-        (void) key;
-        WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
-        WOLFSSL_STUB("X509_check_private_key");
+        DecodedCert dc;
+        byte* der;
+        int derSz;
+        int ret;

-        return WOLFSSL_SUCCESS;
+        WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+
+        if (!x509 || !key) {
+            WOLFSSL_MSG("Bad parameter");
+            return WOLFSSL_FAILURE;
+        }
+
+        der = (byte*)wolfSSL_X509_get_der(x509, &derSz);
+        if (der == NULL) {
+            WOLFSSL_MSG("wolfSSL_X509_get_der error");
+            return WOLFSSL_FAILURE;
+        }
+
+        InitDecodedCert(&dc, der, derSz, x509->heap);
+
+        if (ParseCertRelative(&dc, CERT_TYPE, NO_VERIFY, NULL) != 0) {
+            FreeDecodedCert(&dc);
+            return WOLFSSL_FAILURE;
+        }
+
+        der = (byte*)key->pkey.ptr;
+        derSz = key->pkey_sz;
+        ret = wc_CheckPrivateKey(der, derSz, &dc);
+        FreeDecodedCert(&dc);
+        return ret == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+    }
+
+#ifndef NO_WOLFSSL_STUB
+    WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
+        WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
+    {
+        (void) sk;
+        WOLFSSL_ENTER("wolfSSL_dup_CA_list");
+        WOLFSSL_STUB("SSL_dup_CA_list");
+
+        return NULL;
    }
 #endif

--- a/tests/api.c
+++ b/tests/api.c
@ -25924,6 +25924,38 @@ static void test_wolfSSL_certs(void)
 #endif /* OPENSSL_EXTRA && !NO_CERTS */
 }

+static void test_wolfSSL_X509_check_private_key(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+        defined(USE_CERT_BUFFERS_2048)
+    X509*  x509;
+    EVP_PKEY* pkey;
+    const byte* key;
+
+    printf(testingFmt, "wolfSSL_X509_check_private_key()");
+
+    /* Check with correct key */
+    AssertNotNull((x509 = X509_load_certificate_file(cliCertFile,
+                                                     SSL_FILETYPE_PEM)));
+    key = client_key_der_2048;
+    AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
+                &key, (long)sizeof_client_key_der_2048));
+    AssertIntEQ(X509_check_private_key(x509, pkey), 1);
+    EVP_PKEY_free(pkey);
+
+    /* Check with wrong key */
+    key = server_key_der_2048;
+    AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
+                &key, (long)sizeof_server_key_der_2048));
+    AssertIntEQ(X509_check_private_key(x509, pkey), 0);
+    EVP_PKEY_free(pkey);
+
+
+    X509_free(x509);
+    printf(resultFmt, passed);
+#endif
+}
+

 static void test_wolfSSL_ASN1_TIME_print(void)
 {
@ -39558,6 +39590,7 @@ void ApiTest(void)
    test_wolfSSL_X509_check_host();
    test_wolfSSL_DES();
    test_wolfSSL_certs();
+    test_wolfSSL_X509_check_private_key();
    test_wolfSSL_ASN1_TIME_print();
    test_wolfSSL_ASN1_UTCTIME_print();
    test_wolfSSL_ASN1_GENERALIZEDTIME_free();