diff --git a/src/pk.c b/src/pk.c index 615f1ad5f..dbed25a92 100644 --- a/src/pk.c +++ b/src/pk.c @@ -16495,7 +16495,8 @@ int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, if (ret == 0) { /* Encrypt private into buffer. */ - ret = TraditionalEnc((byte*)pkey->pkey.ptr, (word32)pkey->pkey_sz, + ret = TraditionalEnc((byte*)pkey->pkey.ptr + pkey->pkcs8HeaderSz, + (word32)pkey->pkey_sz - pkey->pkcs8HeaderSz, key, keySz, passwd, passwdSz, PKCS5, PBES2, encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL); if (ret > 0) { @@ -16576,8 +16577,9 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) if (ret >= 0) { /* Encode private key in PKCS#8 format. */ - ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr, - (word32)pkey->pkey_sz, algId, curveOid, oidSz); + ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr + + pkey->pkcs8HeaderSz, (word32)pkey->pkey_sz - pkey->pkcs8HeaderSz, + algId, curveOid, oidSz); } return ret; diff --git a/tests/api.c b/tests/api.c index d3872996d..ca4547d7a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33015,6 +33015,21 @@ static int test_wolfSSL_PKCS8_d2i(void) evpPkey = NULL; BIO_free(bio); bio = NULL; + + /* https://github.com/wolfSSL/wolfssl/issues/8610 */ + bytes = (int)XSTRLEN((void*)pkcs8_buffer); + ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); + ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes); + ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); + + ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, + (void*)"yassl123")); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, evpPkey, NULL, + NULL, 0, NULL, NULL), bytes); + EVP_PKEY_free(evpPkey); + evpPkey = NULL; + BIO_free(bio); + bio = NULL; #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */ EVP_PKEY_free(pkey); pkey = NULL;