Merge pull request #4430 from embhorn/zd12976

Add support for X9.42 header

certs/include.am

@@ -61,7 +61,8 @@ EXTRA_DIST += \
 	     certs/csr.signed.der \
 	     certs/csr.ext.der \
 	     certs/entity-no-ca-bool-cert.pem \
-	     certs/entity-no-ca-bool-key.pem
+	     certs/entity-no-ca-bool-key.pem \
+	     certs/x942dh2048.pem
 
 EXTRA_DIST += \
 	     certs/ca-key.der \

certs/x942dh2048.pem

@@ -0,0 +1,14 @@
+-----BEGIN X9.42 DH PARAMETERS-----
+MIICKQKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW
+26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5
+S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF
+2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB
+pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451
+uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze
+vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e
+kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2
+xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK
+gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh
+vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+gId
+AIAcDTTFjZP+mXF3EB+AU1pHOM68vziambNjces=
+-----END X9.42 DH PARAMETERS-----

src/ssl.c

@@ -16190,6 +16190,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 FreeDer(&der);
                 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
                                NULL, NULL);
+                if (ret < 0) {
+                    /* Also try X9.42 format */
+                    ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, ctx->heap,
+                               NULL, NULL);
+                }
     #ifdef WOLFSSL_WPAS
         #ifndef NO_DSA
                 if (ret < 0) {
@@ -45235,6 +45240,10 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x,
     }
 
     ret = PemToDer(mem, size, DH_PARAM_TYPE, &der, NULL, NULL, NULL);
+    if (ret < 0) {
+        /* Also try X9.42 format */
+        ret = PemToDer(mem, size, X942_PARAM_TYPE, &der, NULL, NULL, NULL);
+    }
     if (ret != 0)
         goto end;
 

tests/api.c

@@ -39528,8 +39528,13 @@ static void test_wolfSSL_PEM_read_DHparams(void)
     derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
     AssertIntEQ(derOutSz, derExpectedSz);
     AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
-    DH_free(dh);
 
+    /* Test parsing with X9.42 header */
+    fp = XFOPEN("./certs/x942dh2048.pem", "rb");
+    AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
+    XFCLOSE(fp);
+
+    DH_free(dh);
     printf(resultFmt, passed);
 #endif
 }

wolfcrypt/src/asn.c

@@ -18221,6 +18221,8 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
 #ifndef NO_DH
     wcchar BEGIN_DH_PARAM   = "-----BEGIN DH PARAMETERS-----";
     wcchar END_DH_PARAM     = "-----END DH PARAMETERS-----";
+    wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----";
+    wcchar END_X942_PARAM   = "-----END X9.42 DH PARAMETERS-----";
 #endif
 #ifndef NO_DSA
     wcchar BEGIN_DSA_PARAM  = "-----BEGIN DSA PARAMETERS-----";
@@ -18295,6 +18297,11 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             if (footer) *footer = END_DH_PARAM;
             ret = 0;
             break;
+        case X942_PARAM_TYPE:
+            if (header) *header = BEGIN_X942_PARAM;
+            if (footer) *footer = END_X942_PARAM;
+            ret = 0;
+            break;
     #endif
     #ifndef NO_DSA
         case DSA_PARAM_TYPE:

wolfssl/wolfcrypt/asn_public.h

@@ -133,6 +133,7 @@ enum CertType {
     PKCS8_ENC_PRIVATEKEY_TYPE,
     DETECT_CERT_TYPE,
     DH_PRIVATEKEY_TYPE,
+    X942_PARAM_TYPE,
 };