Added support for ECC private key with PKCS8 parsing. Fix is to attempt pkcs8 parse for -----BEGIN EC PRIVATE KEY----- and if parse fails to treat as normal private key. ZD 4379.

2018-10-16 16:56:42 -07:00
parent f7eb8bf080
commit 0d7d8f54e0
1 changed files with 12 additions and 4 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -8512,12 +8512,20 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                      der->buffer, &der->length) < 0)
        return BUFFER_E;

-    if (header == BEGIN_PRIV_KEY && !encrypted_key) {
+    if ((header == BEGIN_PRIV_KEY
+#ifdef HAVE_ECC
+         || header == BEGIN_EC_PRIV
+#endif
+        ) && !encrypted_key)
+    {
        /* pkcs8 key, convert and adjust length */
-        if ((ret = ToTraditional(der->buffer, der->length)) < 0)
-            return ret;
+        if ((ret = ToTraditional(der->buffer, der->length)) > 0) {
+            der->length = ret;
+        }
+        else {
+            /* ignore failure here and assume key is not pkcs8 wrapped */
+        }

-        der->length = ret;
        return 0;
    }