From 62ae1d302319ce1f79d8a85e52a532b24e366f94 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 14 Jun 2017 09:33:27 +1000 Subject: [PATCH 1/2] Fix for private key only ECC key. --- wolfcrypt/src/asn.c | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2e853a828..0062182a7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9956,29 +9956,24 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, XMEMCPY(priv, &input[*inOutIdx], privSz); *inOutIdx += length; - if ((*inOutIdx + 1) > inSz) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return BUFFER_E; - } + if (ret == 0 && (*inOutIdx + 1) < inSz) { + /* prefix 0, may have */ + b = input[*inOutIdx]; + if (b == ECC_PREFIX_0) { + *inOutIdx += 1; - /* prefix 0, may have */ - b = input[*inOutIdx]; - if (b == ECC_PREFIX_0) { - *inOutIdx += 1; - - if (GetLength(input, inOutIdx, &length, inSz) <= 0) - ret = ASN_PARSE_E; - else { - ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, inSz); - if (ret == 0) { - if ((ret = CheckCurve(oidSum)) < 0) - ret = ECC_CURVE_OID_E; - else { - curve_id = ret; - ret = 0; + if (GetLength(input, inOutIdx, &length, inSz) <= 0) + ret = ASN_PARSE_E; + else { + ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, + inSz); + if (ret == 0) { + if ((ret = CheckCurve(oidSum)) < 0) + ret = ECC_CURVE_OID_E; + else { + curve_id = ret; + ret = 0; + } } } } From 13c4fe6cc4d295060be77cc403e0f1a3e2d71c32 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 14 Jun 2017 09:44:26 +1000 Subject: [PATCH 2/2] Add test --- certs/ecc-privOnlyCert.pem | 8 ++++++++ certs/ecc-privOnlyKey.pem | 4 ++++ certs/include.am | 4 +++- tests/test.conf | 9 +++++++++ 4 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 certs/ecc-privOnlyCert.pem create mode 100644 certs/ecc-privOnlyKey.pem diff --git a/certs/ecc-privOnlyCert.pem b/certs/ecc-privOnlyCert.pem new file mode 100644 index 000000000..f0c5cd955 --- /dev/null +++ b/certs/ecc-privOnlyCert.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE----- +MIIBJDCByaADAgECAgEAMAwGCCqGSM49BAMCBQAwGjELMAkGA1UEChMCV1IxCzAJBgNVBAYTAkRF +MB4XDTE3MDIwNjE0NTY0MVoXDTE4MDIwNjE0NTY0MVowGjELMAkGA1UEChMCV1IxCzAJBgNVBAYT +AkRFMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJcD9Frgr8rgKHt2szmJSfFgKYH1Xddq9EcHV +KupUa3bmPTb33VGXa6gm/numvZZVhVCdmn5pAdhDRYnZ/korJjAMBggqhkjOPQQDAgUAA0gAMEUC +IDnBQOHgHIudh7nFB0wG/WFMoUutVFN0uQPbVJSWwbQHAiEAmw25n+eEMgMK4Gi7qH1lzxm11WX0 +jM1gxQSGZTaja8s= +-----END CERTIFICATE----- diff --git a/certs/ecc-privOnlyKey.pem b/certs/ecc-privOnlyKey.pem new file mode 100644 index 000000000..952a90951 --- /dev/null +++ b/certs/ecc-privOnlyKey.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBmlE/nixmHCpmplUopbqNEo+jJE40p +wfkxzH01tAWqcQ== +-----END PRIVATE KEY----- diff --git a/certs/include.am b/certs/include.am index 72ef15232..cc1a68802 100644 --- a/certs/include.am +++ b/certs/include.am @@ -34,7 +34,9 @@ EXTRA_DIST += \ certs/server-revoked-key.pem \ certs/wolfssl-website-ca.pem \ certs/test-servercert.p12 \ - certs/dsaparams.pem + certs/dsaparams.pem \ + certs/ecc-privOnlyKey.pem \ + certs/ecc-privOnlyCert.pem EXTRA_DIST += \ certs/ca-key.der \ certs/ca-cert.der \ diff --git a/tests/test.conf b/tests/test.conf index e8223797e..cdfb56de9 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2190,3 +2190,12 @@ -A ./certs/server-ecc.pem -t +# server TLSv1.2 private-only key +-v 3 +-c ./certs/ecc-privOnlyCert.pem +-k ./certs/ecc-privOnlyKey.pem + +# client TLSv1.2 private-only key on server +-v 3 +-d +