From 40c8562dc2a756c9e1cb814f0783995a83b64426 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 15 Jan 2020 09:56:32 -0800 Subject: [PATCH] Added PKCS8 support for ED25519. --- src/ssl.c | 13 ++++++++++--- wolfcrypt/src/asn.c | 12 +++--------- wolfssl/wolfcrypt/asn.h | 8 ++++---- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ef7d29bb1..923716bbe 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5497,12 +5497,19 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, /* ASN1 (DER) or RAW (NTRU) */ int length = (int)sz; if (format == WOLFSSL_FILETYPE_ASN1) { - /* get length of der (read sequence) */ + /* get length of der (read sequence or octet string) */ word32 inOutIdx = 0; - if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) { + if (GetSequence(buff, &inOutIdx, &length, (word32)sz) >= 0) { + length += inOutIdx; /* include leading sequence */ + } + /* get length using octect string (allowed for private key types) */ + else if (type == PRIVATEKEY_TYPE && + GetOctetString(buff, &inOutIdx, &length, (word32)sz) >= 0) { + length += inOutIdx; /* include leading oct string */ + } + else { ret = ASN_PARSE_E; } - length += inOutIdx; /* include leading sequence */ } info->consumed = length; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3bf8f2def..ea8349c2e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -423,7 +423,7 @@ static int SetBoolean(int val, byte* output) * invalid. * Otherwise, the number of bytes in the ASN.1 data. */ -static int GetOctetString(const byte* input, word32* inOutIdx, int* len, +int GetOctetString(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) { return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx); @@ -10385,14 +10385,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (ret >= 0) { der->length = ret; - if ((algId == ECDSAk) && (keyFormat != NULL)) - *keyFormat = ECDSAk; - else if ((algId == DSAk) && (keyFormat != NULL)) - *keyFormat = DSAk; - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - else if ((algId == DHk) && (keyFormat != NULL)) - *keyFormat = DHk; - #endif + if (keyFormat) + *keyFormat = algId; ret = 0; } #else diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 72ac9e108..0ab501c8e 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -432,10 +432,8 @@ enum Key_Sum { RSAk = 645, NTRUk = 274, ECDSAk = 518, - ED25519k = 256 - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - ,DHk = 647 /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ - #endif + ED25519k = 256, + DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ }; #if !defined(NO_AES) || defined(HAVE_PKCS7) @@ -1114,6 +1112,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check); +WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,