mirror of https://github.com/wolfSSL/wolfssl.git
Merge pull request #1307 from JacobBarthelmeh/Testing
fix check key pair match with ECCpull/1314/head
toddouska
GitHub
commit
2cdcd560a2
32
tests/api.c
32
tests/api.c
|
|
@ -13613,7 +13613,7 @@ static void test_wolfSSL_ASN1_TIME_print()
|
|||
static void test_wolfSSL_private_keys(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
|
||||
!defined(NO_FILESYSTEM)
|
||||
WOLFSSL* ssl;
|
||||
WOLFSSL_CTX* ctx;
|
||||
EVP_PKEY* pkey = NULL;
|
||||
|
|
@ -13623,6 +13623,7 @@ static void test_wolfSSL_private_keys(void)
|
|||
OpenSSL_add_all_digests();
|
||||
OpenSSL_add_all_algorithms();
|
||||
|
||||
#ifndef NO_RSA
|
||||
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
|
||||
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
|
||||
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
|
||||
|
|
@ -13662,12 +13663,41 @@ static void test_wolfSSL_private_keys(void)
|
|||
EVP_PKEY_free(pkey);
|
||||
SSL_free(ssl); /* frees x509 also since loaded into ssl */
|
||||
SSL_CTX_free(ctx);
|
||||
#endif /* end of RSA private key match tests */
|
||||
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
|
||||
AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
|
||||
WOLFSSL_FILETYPE_PEM));
|
||||
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
|
||||
WOLFSSL_FILETYPE_PEM));
|
||||
AssertNotNull(ssl = SSL_new(ctx));
|
||||
|
||||
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
|
||||
SSL_free(ssl);
|
||||
|
||||
|
||||
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
|
||||
WOLFSSL_FILETYPE_PEM));
|
||||
AssertNotNull(ssl = SSL_new(ctx));
|
||||
|
||||
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
|
||||
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
#endif /* end of ECC private key match tests */
|
||||
|
||||
|
||||
/* test existence of no-op macros in wolfssl/openssl/ssl.h */
|
||||
CONF_modules_free();
|
||||
ENGINE_cleanup();
|
||||
CONF_modules_unload();
|
||||
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
(void)pkey;
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1803,22 +1803,37 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
|
|||
|
||||
#ifdef HAVE_ECC
|
||||
if (der->keyOID == ECDSAk) {
|
||||
word32 keyIdx = 0;
|
||||
ecc_key key_pair;
|
||||
byte privDer[MAX_ECC_BYTES];
|
||||
word32 privSz = MAX_ECC_BYTES;
|
||||
word32 keyIdx = 0;
|
||||
|
||||
if ((ret = wc_ecc_init(&key_pair)) < 0)
|
||||
return ret;
|
||||
|
||||
if ((ret = wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair,
|
||||
keySz)) == 0) {
|
||||
WOLFSSL_MSG("Checking ECC key pair");
|
||||
keyIdx = 0;
|
||||
if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize,
|
||||
&key_pair)) == 0) {
|
||||
/* public and private extracted successfuly no check if is
|
||||
|
||||
if ((ret = wc_ecc_export_private_only(&key_pair, privDer, &privSz))
|
||||
== 0) {
|
||||
wc_ecc_free(&key_pair);
|
||||
ret = wc_ecc_init(&key_pair);
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_import_private_key((const byte*)privDer,
|
||||
privSz, (const byte*)der->publicKey,
|
||||
der->pubKeySize, &key_pair);
|
||||
}
|
||||
|
||||
/* public and private extracted successfuly now check if is
|
||||
* a pair and also do sanity checks on key. wc_ecc_check_key
|
||||
* checks that private * base generator equals pubkey */
|
||||
if ((ret = wc_ecc_check_key(&key_pair)) == 0)
|
||||
ret = 1;
|
||||
if (ret == 0) {
|
||||
if ((ret = wc_ecc_check_key(&key_pair)) == 0) {
|
||||
ret = 1;
|
||||
}
|
||||
}
|
||||
ForceZero(privDer, privSz);
|
||||
}
|
||||
}
|
||||
wc_ecc_free(&key_pair);
|
||||
|
|
|
|||
Loading…
Reference in New Issue