diff --git a/certs/include.am b/certs/include.am index b9c7ce9d3..971c268a4 100644 --- a/certs/include.am +++ b/certs/include.am @@ -61,7 +61,8 @@ EXTRA_DIST += \ certs/csr.signed.der \ certs/csr.ext.der \ certs/entity-no-ca-bool-cert.pem \ - certs/entity-no-ca-bool-key.pem + certs/entity-no-ca-bool-key.pem \ + certs/x942dh2048.pem EXTRA_DIST += \ certs/ca-key.der \ diff --git a/certs/x942dh2048.pem b/certs/x942dh2048.pem new file mode 100644 index 000000000..8887cb174 --- /dev/null +++ b/certs/x942dh2048.pem @@ -0,0 +1,14 @@ +-----BEGIN X9.42 DH PARAMETERS----- +MIICKQKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW +26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5 +S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF +2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB +pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451 +uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze +vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e +kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2 +xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK +gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh +vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+gId +AIAcDTTFjZP+mXF3EB+AU1pHOM68vziambNjces= +-----END X9.42 DH PARAMETERS----- diff --git a/src/ssl.c b/src/ssl.c index b6ef0b98f..aa3f3453e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16190,6 +16190,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) FreeDer(&der); ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL, NULL); + if (ret < 0) { + /* Also try X9.42 format */ + ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, ctx->heap, + NULL, NULL); + } #ifdef WOLFSSL_WPAS #ifndef NO_DSA if (ret < 0) { @@ -45235,6 +45240,10 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x, } ret = PemToDer(mem, size, DH_PARAM_TYPE, &der, NULL, NULL, NULL); + if (ret < 0) { + /* Also try X9.42 format */ + ret = PemToDer(mem, size, X942_PARAM_TYPE, &der, NULL, NULL, NULL); + } if (ret != 0) goto end; diff --git a/tests/api.c b/tests/api.c index 49544720d..1525b3178 100644 --- a/tests/api.c +++ b/tests/api.c @@ -39528,8 +39528,13 @@ static void test_wolfSSL_PEM_read_DHparams(void) derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf); AssertIntEQ(derOutSz, derExpectedSz); AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0); - DH_free(dh); + /* Test parsing with X9.42 header */ + fp = XFOPEN("./certs/x942dh2048.pem", "rb"); + AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL)); + XFCLOSE(fp); + + DH_free(dh); printf(resultFmt, passed); #endif } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3b701bd5a..d9170ed87 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -18221,6 +18221,8 @@ wcchar END_CERT = "-----END CERTIFICATE-----"; #ifndef NO_DH wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; wcchar END_DH_PARAM = "-----END DH PARAMETERS-----"; + wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----"; + wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----"; #endif #ifndef NO_DSA wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; @@ -18295,6 +18297,11 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) if (footer) *footer = END_DH_PARAM; ret = 0; break; + case X942_PARAM_TYPE: + if (header) *header = BEGIN_X942_PARAM; + if (footer) *footer = END_X942_PARAM; + ret = 0; + break; #endif #ifndef NO_DSA case DSA_PARAM_TYPE: diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index f39272a8a..778ea65e1 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -133,6 +133,7 @@ enum CertType { PKCS8_ENC_PRIVATEKEY_TYPE, DETECT_CERT_TYPE, DH_PRIVATEKEY_TYPE, + X942_PARAM_TYPE, };