Merge pull request #4430 from embhorn/zd12976

Add support for X9.42 header
2021-10-05 23:47:42 +07:00
parent 310a75ff43 1440b8966d
commit 43ffe26133
6 changed files with 39 additions and 2 deletions
--- a/certs/include.am
+++ b/certs/include.am
@ -61,7 +61,8 @@ EXTRA_DIST += \
 	     certs/csr.signed.der \
 	     certs/csr.ext.der \
 	     certs/entity-no-ca-bool-cert.pem \
-	     certs/entity-no-ca-bool-key.pem
+	     certs/entity-no-ca-bool-key.pem \
+	     certs/x942dh2048.pem

 EXTRA_DIST += \
 	     certs/ca-key.der \
--- a/certs/x942dh2048.pem
+++ b/certs/x942dh2048.pem
@ -0,0 +1,14 @@
+-----BEGIN X9.42 DH PARAMETERS-----
+MIICKQKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW
+26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5
+S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF
+2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB
+pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451
+uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze
+vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e
+kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2
+xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK
+gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh
+vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+gId
+AIAcDTTFjZP+mXF3EB+AU1pHOM68vziambNjces=
+-----END X9.42 DH PARAMETERS-----
--- a/src/ssl.c
+++ b/src/ssl.c
@ -16190,6 +16190,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                FreeDer(&der);
                ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
                               NULL, NULL);
+                if (ret < 0) {
+                    /* Also try X9.42 format */
+                    ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, ctx->heap,
+                               NULL, NULL);
+                }
    #ifdef WOLFSSL_WPAS
        #ifndef NO_DSA
                if (ret < 0) {
@ -45235,6 +45240,10 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x,
    }

    ret = PemToDer(mem, size, DH_PARAM_TYPE, &der, NULL, NULL, NULL);
+    if (ret < 0) {
+        /* Also try X9.42 format */
+        ret = PemToDer(mem, size, X942_PARAM_TYPE, &der, NULL, NULL, NULL);
+    }
    if (ret != 0)
        goto end;

--- a/tests/api.c
+++ b/tests/api.c
@ -39528,8 +39528,13 @@ static void test_wolfSSL_PEM_read_DHparams(void)
    derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
    AssertIntEQ(derOutSz, derExpectedSz);
    AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
-    DH_free(dh);

+    /* Test parsing with X9.42 header */
+    fp = XFOPEN("./certs/x942dh2048.pem", "rb");
+    AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
+    XFCLOSE(fp);
+
+    DH_free(dh);
    printf(resultFmt, passed);
 #endif
 }
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -18221,6 +18221,8 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
 #ifndef NO_DH
    wcchar BEGIN_DH_PARAM   = "-----BEGIN DH PARAMETERS-----";
    wcchar END_DH_PARAM     = "-----END DH PARAMETERS-----";
+    wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----";
+    wcchar END_X942_PARAM   = "-----END X9.42 DH PARAMETERS-----";
 #endif
 #ifndef NO_DSA
    wcchar BEGIN_DSA_PARAM  = "-----BEGIN DSA PARAMETERS-----";
@ -18295,6 +18297,11 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
            if (footer) *footer = END_DH_PARAM;
            ret = 0;
            break;
+        case X942_PARAM_TYPE:
+            if (header) *header = BEGIN_X942_PARAM;
+            if (footer) *footer = END_X942_PARAM;
+            ret = 0;
+            break;
    #endif
    #ifndef NO_DSA
        case DSA_PARAM_TYPE:
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@ -133,6 +133,7 @@ enum CertType {
    PKCS8_ENC_PRIVATEKEY_TYPE,
    DETECT_CERT_TYPE,
    DH_PRIVATEKEY_TYPE,
+    X942_PARAM_TYPE,
 };