diff --git a/src/internal.c b/src/internal.c index c7bba481be4..cbe49380d80 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4413,9 +4413,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef WOLFSSL_TLS13 ssl->buffers.certChainCnt = ctx->certChainCnt; #endif - ssl->buffers.key = ctx->privateKey; - ssl->buffers.keyType = ctx->privateKeyType; - ssl->buffers.keySz = ctx->privateKeySz; + ssl->buffers.key = ctx->privateKey; + ssl->buffers.keyType = ctx->privateKeyType; + ssl->buffers.keyId = ctx->privateKeyId; + ssl->buffers.keySz = ctx->privateKeySz; + ssl->buffers.keyDevId = ctx->privateKeyDevId; #endif #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ !defined(NO_ED25519_CLIENT_AUTH) @@ -16927,6 +16929,49 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) ERROR_OUT(NO_PRIVATE_KEY, exit_dpk); } +#ifdef HAVE_PKCS11 + if (ssl->buffers.keyDevId != INVALID_DEVID && ssl->buffers.keyId) { + if (ssl->buffers.keyType == rsa_sa_algo) + ssl->hsType = DYNAMIC_TYPE_RSA; + else if (ssl->buffers.keyType == ecc_dsa_sa_algo) + ssl->hsType = DYNAMIC_TYPE_ECC; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; + } + + if (ssl->buffers.keyType == rsa_sa_algo) { + ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey, + ssl->buffers.key->buffer, ssl->buffers.key->length, + ssl->heap, ssl->buffers.keyDevId); + if (ret == 0) { + if (ssl->buffers.keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)ssl->buffers.keySz; + } + } + else if (ssl->buffers.keyType == ecc_dsa_sa_algo) { + ret = wc_ecc_init_id((ecc_key*)ssl->hsKey, ssl->buffers.key->buffer, + ssl->buffers.key->length, ssl->heap, + ssl->buffers.keyDevId); + if (ret == 0) { + if (ssl->buffers.keySz < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)ssl->buffers.keySz; + } + } + goto exit_dpk; + } +#endif + #ifndef NO_RSA if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) { ssl->hsType = DYNAMIC_TYPE_RSA; @@ -22012,97 +22057,46 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif case rsa_sa_algo: { - word32 i = 0; - int keySz; + word16 keySz; - ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ssl->buffers.keyType = rsa_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); if (ret != 0) { goto exit_sske; } - ret = wc_RsaPrivateKeyDecode( - ssl->buffers.key->buffer, - &i, - (RsaKey*)ssl->hsKey, - ssl->buffers.key->length); - if (ret != 0) { - goto exit_sske; - } - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); - if (keySz < 0) { /* test if keySz has error */ - ERROR_OUT(keySz, exit_sske); - } - args->tmpSigSz = (word32)keySz; - if (keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA signature key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_sske); - } break; } #endif /* !NO_RSA */ #ifdef HAVE_ECC case ecc_dsa_sa_algo: { - word32 i = 0; - - ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_sske; - } + word16 keySz; - ret = wc_EccPrivateKeyDecode( - ssl->buffers.key->buffer, - &i, - (ecc_key*)ssl->hsKey, - ssl->buffers.key->length); + ssl->buffers.keyType = ecc_dsa_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); if (ret != 0) { goto exit_sske; } /* worst case estimate */ - args->tmpSigSz = wc_ecc_sig_size( - (ecc_key*)ssl->hsKey); - - /* check the minimum ECC key size */ - if (wc_ecc_size((ecc_key*)ssl->hsKey) < - ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_sske); - } + args->tmpSigSz = keySz; break; } #endif #ifdef HAVE_ED25519 case ed25519_sa_algo: { - word32 i = 0; + word16 keySz; - ssl->hsType = DYNAMIC_TYPE_ED25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_sske; - } - - ret = wc_Ed25519PrivateKeyDecode( - ssl->buffers.key->buffer, - &i, - (ed25519_key*)ssl->hsKey, - ssl->buffers.key->length); + ssl->buffers.keyType = ed25519_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); if (ret != 0) { goto exit_sske; } /* worst case estimate */ args->tmpSigSz = ED25519_SIG_SIZE; - - /* check the minimum ECC key size */ - if (ED25519_KEY_SIZE < - ssl->options.minEccKeySz) { - WOLFSSL_MSG("Ed25519 key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_sske); - } break; } #endif /* HAVE_ED25519 */ @@ -22307,7 +22301,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, preSigSz = args->length; if (!ssl->options.usingAnon_cipher) { - int keySz; + word16 keySz; /* sig length */ args->length += LENGTH_SZ; @@ -22322,22 +22316,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } else { - word32 i = 0; - - ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ssl->buffers.keyType == 0) + ssl->buffers.keyType = rsa_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); if (ret != 0) { goto exit_sske; } - - ret = wc_RsaPrivateKeyDecode( - ssl->buffers.key->buffer, &i, - (RsaKey*)ssl->hsKey, - ssl->buffers.key->length); - if (ret != 0) { - goto exit_sske; - } - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); } if (keySz <= 0) { /* test if keySz has error */ @@ -22347,11 +22331,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->tmpSigSz = (word32)keySz; args->length += args->tmpSigSz; - if (keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_sske); - } - if (IsAtLeastTLSv1_2(ssl)) { args->length += HASH_SIG_SIZE; } @@ -25014,30 +24993,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef NO_RSA case rsa_kea: { - word32 i = 0; - int keySz; + word16 keySz; - ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ssl->buffers.keyType = rsa_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); if (ret != 0) { goto exit_dcke; } - - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, - &i, (RsaKey*)ssl->hsKey, ssl->buffers.key->length); - if (ret != 0) { - goto exit_dcke; - } - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); - if (keySz < 0) { /* test if keySz has error */ - ERROR_OUT(keySz, exit_dcke); - } args->length = (word32)keySz; - - if (keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("Peer RSA key is too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_dcke); - } ssl->arrays->preMasterSz = SECRET_LEN; if (ssl->options.tls) { @@ -25172,27 +25135,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* handle static private key */ if (ssl->specs.static_ecdh && ssl->ecdhCurveOID != ECC_X25519_OID) { - word32 i = 0; + word16 keySz; - ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ssl->buffers.keyType = ecc_dsa_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); if (ret != 0) { goto exit_dcke; } - - ret = wc_EccPrivateKeyDecode( - ssl->buffers.key->buffer, - &i, - (ecc_key*)ssl->hsKey, - ssl->buffers.key->length); - if (ret == 0) { - private_key = (ecc_key*)ssl->hsKey; - if (wc_ecc_size(private_key) < - ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dcke); - } - } + private_key = (ecc_key*)ssl->hsKey; } #endif diff --git a/src/ssl.c b/src/ssl.c index 6aa0a970b6c..9c655791d00 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11156,6 +11156,28 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0); } +#ifdef HAVE_PKCS11 + int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id, + long sz, int devId, long keySz) + { + int ret = WOLFSSL_FAILURE; + + FreeDer(&ctx->privateKey); + if (AllocDer(&ctx->privateKey, sz, PRIVATEKEY_TYPE, ctx->heap) == 0) { + XMEMCPY(ctx->privateKey->buffer, id, sz); + ctx->privateKeyId = 1; + ctx->privateKeySz = keySz; + if (devId != INVALID_DEVID) + ctx->privateKeyDevId = devId; + else + ctx->privateKeyDevId = ctx->devId; + + ret = WOLFSSL_SUCCESS; + } + + return ret; + } +#endif int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, const unsigned char* in, long sz, int format) @@ -11291,6 +11313,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl, NULL, 0); } +#ifdef HAVE_PKCS11 + int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id, + long sz, int devId, long keySz) + { + int ret = WOLFSSL_FAILURE; + + FreeDer(&ssl->buffers.key); + if (AllocDer(&ssl->buffers.key, sz, PRIVATEKEY_TYPE, ssl->heap) == 0) { + XMEMCPY(ssl->buffers.key->buffer, id, sz); + ssl->buffers.weOwnKey = 1; + ssl->buffers.keyId = 1; + ssl->buffers.keySz = keySz; + if (devId != INVALID_DEVID) + ssl->buffers.keyId = devId; + else + ssl->buffers.keyId = ssl->devId; + + ret = WOLFSSL_SUCCESS; + } + + return ret; + } +#endif + int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, const unsigned char* in, long sz, int format) { @@ -12348,7 +12394,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); if (ret == WOLFSSL_FAILURE) goto end; - + ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt, EVP_SALT_SIZE, count, hashType, NULL); if (ret == 0) @@ -13055,7 +13101,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx) { return(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(ctx))); } - + /* Deep copy of EVP_MD hasher * return WOLFSSL_SUCCESS on success */ static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, @@ -13447,7 +13493,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->enc = enc ? 1 : 0; if (key) { ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0) return ret; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 81ccd2f109f..ed8a7ddde84 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4351,6 +4351,10 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, key->state = ECC_STATE_SIGN_DO; if ((err = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY){ + #if !defined(WOLFSSL_ASYNC_CRYPT) && defined(WOLFSSL_SMALL_STACK) + XFREE(s, key->heap, DYNAMIC_TYPE_ECC); + XFREE(r, key->heap, DYNAMIC_TYPE_ECC); + #endif break; } @@ -4361,6 +4365,10 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); #endif if (err < 0) { + #if !defined(WOLFSSL_ASYNC_CRYPT) && defined(WOLFSSL_SMALL_STACK) + XFREE(s, key->heap, DYNAMIC_TYPE_ECC); + XFREE(r, key->heap, DYNAMIC_TYPE_ECC); + #endif break; } diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index 26c807059ac..a288f8b74f7 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -650,7 +650,9 @@ static int Pkcs11FindKeyById(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass, rv = session->func->C_FindObjects(session->handle, key, 1, &count); if (rv != CKR_OK) ret = WC_HW_E; - session->func->C_FindObjectsFinal(session->handle); + rv = session->func->C_FindObjectsFinal(session->handle); + if (rv != CKR_OK) + ret = WC_HW_E; } if (ret == 0 && count == 0) ret = WC_HW_E; @@ -660,6 +662,50 @@ static int Pkcs11FindKeyById(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass, #endif #ifndef NO_RSA +/** + * Find the PKCS#11 object containing the RSA public or private key data with + * the modulus specified. + * + * @param key [out] Henadle to key object. + * @param keyClass [in] Public or private key class. + * @param session [in] Session object. + * @param rsaKey [in] RSA key with modulus to search on. + * @return WC_HW_E when a PKCS#11 library call fails. + * 0 on success. + */ +static int Pkcs11FindRsaKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass, + Pkcs11Session* session, RsaKey* rsaKey) +{ + int ret = 0; + CK_RV rv; + CK_ULONG count; + CK_ATTRIBUTE keyTemplate[] = { + { CKA_CLASS, &keyClass, sizeof(keyClass) }, + { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, + { CKA_MODULUS, NULL, 0 }, + }; + CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate); + + /* Set the modulus. */ + keyTemplate[2].pValue = rsaKey->n.raw.buf; + keyTemplate[2].ulValueLen = rsaKey->n.raw.len; + + rv = session->func->C_FindObjectsInit(session->handle, keyTemplate, + keyTmplCnt); + if (rv != CKR_OK) + ret = WC_HW_E; + if (ret == 0) { + rv = session->func->C_FindObjects(session->handle, key, 1, &count); + if (rv != CKR_OK) + ret = WC_HW_E; + rv = session->func->C_FindObjectsFinal(session->handle); + if (rv != CKR_OK) + ret = WC_HW_E; + } + + return ret; +} + /** * Exponentiate the input with the public part of the RSA key. * Used in public encrypt and decrypt. @@ -676,6 +722,7 @@ static int Pkcs11RsaPublic(Pkcs11Session* session, wc_CryptoInfo* info) CK_MECHANISM mech; CK_ULONG outLen; CK_OBJECT_HANDLE publicKey = NULL_PTR; + int sessionKey = 0; CK_ATTRIBUTE keyTemplate[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, @@ -692,17 +739,24 @@ static int Pkcs11RsaPublic(Pkcs11Session* session, wc_CryptoInfo* info) } if (ret == 0) { - /* Set the modulus and public exponent data. */ - keyTemplate[3].pValue = info->pk.rsa.key->n.raw.buf; - keyTemplate[3].ulValueLen = info->pk.rsa.key->n.raw.len; - keyTemplate[4].pValue = info->pk.rsa.key->e.raw.buf; - keyTemplate[4].ulValueLen = info->pk.rsa.key->e.raw.len; - - /* Create an object containing public key data for device to use. */ - rv = session->func->C_CreateObject(session->handle, keyTemplate, + if ((sessionKey = !mp_iszero(&info->pk.rsa.key->e))) { + /* Set the modulus and public exponent data. */ + keyTemplate[3].pValue = info->pk.rsa.key->n.raw.buf; + keyTemplate[3].ulValueLen = info->pk.rsa.key->n.raw.len; + keyTemplate[4].pValue = info->pk.rsa.key->e.raw.buf; + keyTemplate[4].ulValueLen = info->pk.rsa.key->e.raw.len; + + /* Create an object containing public key data for device to use. */ + rv = session->func->C_CreateObject(session->handle, keyTemplate, keyTmplCnt, &publicKey); - if (rv != CKR_OK) - ret = WC_HW_E; + if (rv != CKR_OK) + ret = WC_HW_E; + } + else { + ret = Pkcs11FindKeyById(&publicKey, CKO_PUBLIC_KEY, CKK_RSA, + session, info->pk.rsa.key->id, + info->pk.rsa.key->idLen); + } } if (ret == 0) { @@ -726,54 +780,12 @@ static int Pkcs11RsaPublic(Pkcs11Session* session, wc_CryptoInfo* info) if (ret == 0) *info->pk.rsa.outLen = (word32)outLen; - if (publicKey != NULL_PTR) + if (sessionKey) session->func->C_DestroyObject(session->handle, publicKey); return ret; } -/** - * Find the PKCS#11 object containing the RSA public or private key data with - * the modulus specified. - * - * @param key [out] Henadle to key object. - * @param keyClass [in] Public or private key class. - * @param session [in] Session object. - * @param rsaKey [in] RSA key with modulus to search on. - * @return WC_HW_E when a PKCS#11 library call fails. - * 0 on success. - */ -static int Pkcs11FindRsaKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass, - Pkcs11Session* session, RsaKey* rsaKey) -{ - int ret = 0; - CK_RV rv; - CK_ULONG count; - CK_ATTRIBUTE keyTemplate[] = { - { CKA_CLASS, &keyClass, sizeof(keyClass) }, - { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_MODULUS, NULL, 0 }, - }; - CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate); - - /* Set the modulus. */ - keyTemplate[2].pValue = rsaKey->n.raw.buf; - keyTemplate[2].ulValueLen = rsaKey->n.raw.len; - - rv = session->func->C_FindObjectsInit(session->handle, keyTemplate, - keyTmplCnt); - if (rv != CKR_OK) - ret = WC_HW_E; - if (ret == 0) { - rv = session->func->C_FindObjects(session->handle, key, 1, &count); - if (rv != CKR_OK) - ret = WC_HW_E; - session->func->C_FindObjectsFinal(session->handle); - } - - return ret; -} - /** * Exponentiate the input with the private part of the RSA key. * Used in private encrypt and decrypt. @@ -1087,7 +1099,9 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass, rv = session->func->C_FindObjects(session->handle, key, 1, &count); if (rv != CKR_OK) ret = WC_HW_E; - session->func->C_FindObjectsFinal(session->handle); + rv = session->func->C_FindObjectsFinal(session->handle); + if (rv != CKR_OK) + ret = WC_HW_E; } if (ecPoint != NULL) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index da39c5ec62c..5ad9cb5ff93 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -22900,7 +22900,6 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifndef WC_NO_RNG static byte seed[] = { 0x00, 0x00, 0x00, 0x01 }; word32 len; - int i; /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */ while (info->seed.sz > 0) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 182c345fd67..5ecfe638b87 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2497,8 +2497,10 @@ struct WOLFSSL_CTX { int certChainCnt; #endif DerBuffer* privateKey; - byte privateKeyType; + byte privateKeyType:7; + byte privateKeyId:1; int privateKeySz; + int privateKeyDevId; WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ #endif #ifdef KEEP_OUR_CERT @@ -3078,8 +3080,10 @@ typedef struct Buffers { #ifndef NO_CERTS DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ - byte keyType; /* Type of key: RSA, ECC, Ed25519 */ + byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */ + byte keyId:1; /* Key data is an id not data */ int keySz; /* Size of RSA key */ + int keyDevId; /* Device Id for key */ DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ /* chain after self, in DER, with leading size for each cert */ #ifdef WOLFSSL_TLS13 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 51e5620c685..44bc2367bed 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1733,6 +1733,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*, const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*, + const unsigned char*, long, int, long); WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*, @@ -1745,6 +1747,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, int derSz); WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*, + long, int, long); WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,