|
|
@@ -6913,68 +6913,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
-#ifndef NO_CHECK_PRIVATE_KEY
|
|
|
-/* Check private against public in certificate for match
|
|
|
- *
|
|
|
- * ctx WOLFSSL_CTX structure to check private key in
|
|
|
- *
|
|
|
- * Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */
|
|
|
-int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
|
|
|
-{
|
|
|
-#ifdef WOLFSSL_SMALL_STACK
|
|
|
- DecodedCert* der = NULL;
|
|
|
-#else
|
|
|
- DecodedCert der[1];
|
|
|
-#endif
|
|
|
- word32 size;
|
|
|
- byte* buff;
|
|
|
- int ret;
|
|
|
-
|
|
|
- WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");
|
|
|
-
|
|
|
- if (ctx == NULL || ctx->certificate == NULL) {
|
|
|
- return WOLFSSL_FAILURE;
|
|
|
- }
|
|
|
-
|
|
|
-#ifndef NO_CERTS
|
|
|
-#ifdef WOLFSSL_SMALL_STACK
|
|
|
- der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
|
|
|
- if (der == NULL)
|
|
|
- return MEMORY_E;
|
|
|
-#endif
|
|
|
-
|
|
|
- size = ctx->certificate->length;
|
|
|
- buff = ctx->certificate->buffer;
|
|
|
- InitDecodedCert(der, buff, size, ctx->heap);
|
|
|
- if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
|
|
- FreeDecodedCert(der);
|
|
|
- #ifdef WOLFSSL_SMALL_STACK
|
|
|
- XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
|
|
- #endif
|
|
|
- return WOLFSSL_FAILURE;
|
|
|
- }
|
|
|
-
|
|
|
- size = ctx->privateKey->length;
|
|
|
- buff = ctx->privateKey->buffer;
|
|
|
- ret = wc_CheckPrivateKey(buff, size, der);
|
|
|
- FreeDecodedCert(der);
|
|
|
-#ifdef WOLFSSL_SMALL_STACK
|
|
|
- XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
|
|
-#endif
|
|
|
-
|
|
|
- if (ret == 1) {
|
|
|
- return WOLFSSL_SUCCESS;
|
|
|
- }
|
|
|
- else {
|
|
|
- return WOLFSSL_FAILURE;
|
|
|
- }
|
|
|
-#else
|
|
|
- WOLFSSL_MSG("NO_CERTS is defined, can not check private key");
|
|
|
- return WOLFSSL_FAILURE;
|
|
|
-#endif
|
|
|
-}
|
|
|
-#endif /* !NO_CHECK_PRIVATE_KEY */
|
|
|
-
|
|
|
|
|
|
#ifdef HAVE_CRL
|
|
|
|
|
|
@@ -7373,6 +7311,68 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
|
|
|
|
|
|
#endif /* NO_FILESYSTEM */
|
|
|
|
|
|
+#ifndef NO_CHECK_PRIVATE_KEY
|
|
|
+/* Check private against public in certificate for match
|
|
|
+ *
|
|
|
+ * ctx WOLFSSL_CTX structure to check private key in
|
|
|
+ *
|
|
|
+ * Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */
|
|
|
+int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
|
|
|
+{
|
|
|
+#ifdef WOLFSSL_SMALL_STACK
|
|
|
+ DecodedCert* der = NULL;
|
|
|
+#else
|
|
|
+ DecodedCert der[1];
|
|
|
+#endif
|
|
|
+ word32 size;
|
|
|
+ byte* buff;
|
|
|
+ int ret;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");
|
|
|
+
|
|
|
+ if (ctx == NULL || ctx->certificate == NULL) {
|
|
|
+ return WOLFSSL_FAILURE;
|
|
|
+ }
|
|
|
+
|
|
|
+#ifndef NO_CERTS
|
|
|
+#ifdef WOLFSSL_SMALL_STACK
|
|
|
+ der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
|
|
|
+ if (der == NULL)
|
|
|
+ return MEMORY_E;
|
|
|
+#endif
|
|
|
+
|
|
|
+ size = ctx->certificate->length;
|
|
|
+ buff = ctx->certificate->buffer;
|
|
|
+ InitDecodedCert(der, buff, size, ctx->heap);
|
|
|
+ if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
|
|
+ FreeDecodedCert(der);
|
|
|
+ #ifdef WOLFSSL_SMALL_STACK
|
|
|
+ XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
|
|
+ #endif
|
|
|
+ return WOLFSSL_FAILURE;
|
|
|
+ }
|
|
|
+
|
|
|
+ size = ctx->privateKey->length;
|
|
|
+ buff = ctx->privateKey->buffer;
|
|
|
+ ret = wc_CheckPrivateKey(buff, size, der);
|
|
|
+ FreeDecodedCert(der);
|
|
|
+#ifdef WOLFSSL_SMALL_STACK
|
|
|
+ XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
|
|
|
+#endif
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ return WOLFSSL_SUCCESS;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ return WOLFSSL_FAILURE;
|
|
|
+ }
|
|
|
+#else
|
|
|
+ WOLFSSL_MSG("NO_CERTS is defined, can not check private key");
|
|
|
+ return WOLFSSL_FAILURE;
|
|
|
+#endif
|
|
|
+}
|
|
|
+#endif /* !NO_CHECK_PRIVATE_KEY */
|
|
|
+
|
|
|
#ifdef OPENSSL_EXTRA
|
|
|
/* put SSL type in extra for now, not very common */
|
|
|
|
David Garske