diff --git a/src/ssl.c b/src/ssl.c index 77737b396..149594eb0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5232,8 +5232,7 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff, } static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der, - int* keySz, word32* idx, int* resetSuites, int *rsaKey, int *eccKey, - int *ed25519Key, void* heap, int devId) + int* keySz, word32* idx, int* resetSuites, int* keyFormat, void* heap, int devId) { int ret = 0; @@ -5242,11 +5241,11 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der if (ctx == NULL && ssl == NULL) return BAD_FUNC_ARG; - if (!der || !keySz || !idx || !resetSuites || !rsaKey || !eccKey || !ed25519Key) + if (!der || !keySz || !idx || !resetSuites || !keyFormat) return BAD_FUNC_ARG; #ifndef NO_RSA - if (ret == 0 && !*eccKey && !*ed25519Key) { + if (ret == 0 && (*keyFormat == 0 || *keyFormat == RSAk)) { /* make sure RSA key can be used */ #ifdef WOLFSSL_SMALL_STACK RsaKey* key = NULL; @@ -5265,13 +5264,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der *idx = 0; if (wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length) != 0) { - #ifdef HAVE_ECC - /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ - *eccKey = 1; /* try it next */ - #elif defined(HAVE_ED25519) - *ed25519Key = 1; /* try it next */ - #else - WOLFSSL_MSG("RSA decode failed and ECC not enabled to try"); + #if !defined(HAVE_ECC) && !defined(HAVE_ED25519) + WOLFSSL_MSG("RSA decode failed and ECC/ED25519 not enabled to try"); ret = WOLFSSL_BAD_FILE; #endif } @@ -5294,8 +5288,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der ctx->privateKeySz = *keySz; } - *rsaKey = 1; - (void)rsaKey; /* for no ecc builds */ + *keyFormat = RSAk; if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { ssl->options.haveStaticECC = 0; @@ -5312,7 +5305,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der } #endif #ifdef HAVE_ECC - if (ret == 0 && !*rsaKey && !*ed25519Key) { + if (ret == 0 && (*keyFormat == 0 || *keyFormat == ECDSAk)) { /* make sure ECC key can be used */ #ifdef WOLFSSL_SMALL_STACK ecc_key* key = NULL; @@ -5339,7 +5332,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der ret = ECC_KEY_SIZE_E; } - *eccKey = 1; + *keyFormat = ECDSAk; if (ssl) { ssl->options.haveStaticECC = 1; ssl->buffers.keyType = ecc_dsa_sa_algo; @@ -5355,8 +5348,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der *resetSuites = 1; } } - else - *eccKey = 0; wc_ecc_free(key); } @@ -5367,7 +5358,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der } #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 - if (ret == 0 && !*rsaKey && !*eccKey) { + if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED25519k)) { /* make sure Ed25519 key can be used */ #ifdef WOLFSSL_SMALL_STACK ed25519_key* key = NULL; @@ -5410,7 +5401,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der ctx->privateKeySz = *keySz; } - *ed25519Key = 1; + *keyFormat = ED25519k; if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { *resetSuites = 1; } @@ -5437,9 +5428,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */ int ret = 0; int done = 0; - int eccKey = 0; - int ed25519Key = 0; - int rsaKey = 0; + int keyFormat = 0; int resetSuites = 0; void* heap = wolfSSL_CTX_GetHeap(ctx, ssl); int devId = wolfSSL_CTX_GetDevId(ctx, ssl); @@ -5455,7 +5444,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, EncryptedInfo info[1]; #endif - (void)rsaKey; (void)devId; (void)idx; (void)keySz; @@ -5488,7 +5476,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (format == WOLFSSL_FILETYPE_PEM) { #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey); + ret = PemToDer(buff, sz, type, &der, heap, info, &keyFormat); #else ret = NOT_COMPILED_IN; #endif @@ -5497,12 +5485,19 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, /* ASN1 (DER) or RAW (NTRU) */ int length = (int)sz; if (format == WOLFSSL_FILETYPE_ASN1) { - /* get length of der (read sequence) */ + /* get length of der (read sequence or octet string) */ word32 inOutIdx = 0; - if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) { + if (GetSequence(buff, &inOutIdx, &length, (word32)sz) >= 0) { + length += inOutIdx; /* include leading sequence */ + } + /* get length using octect string (allowed for private key types) */ + else if (type == PRIVATEKEY_TYPE && + GetOctetString(buff, &inOutIdx, &length, (word32)sz) >= 0) { + length += inOutIdx; /* include leading oct string */ + } + else { ret = ASN_PARSE_E; } - length += inOutIdx; /* include leading sequence */ } info->consumed = length; @@ -5640,22 +5635,16 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, } else if (type == PRIVATEKEY_TYPE && format != WOLFSSL_FILETYPE_RAW) { #if defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8) - /* attempt to detect key type */ - if (algId == RSAk) - rsaKey = 1; - else if (algId == ECDSAk) - eccKey = 1; - else if (algId == ED25519k) - ed25519Key = 1; + keyFormat = algId; #endif ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites, - &rsaKey, &eccKey, &ed25519Key, heap, devId); + &keyFormat, heap, devId); #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) /* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */ /* If private key type PKCS8 header wasn't already removed (algoId == 0) */ - if ((ret != 0 || (!rsaKey && !eccKey && !ed25519Key)) + if ((ret != 0 || keyFormat == 0) && format != WOLFSSL_FILETYPE_PEM && info->passwd_cb && algId == 0) { int passwordSz = NAME_SZ; @@ -5692,7 +5681,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, XFREE(password, heap, DYNAMIC_TYPE_STRING); #endif ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, - &resetSuites, &rsaKey, &eccKey, &ed25519Key, heap, devId); + &resetSuites, &keyFormat, heap, devId); } #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ @@ -5702,9 +5691,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (ret != 0) return ret; - if (!rsaKey && !eccKey && !ed25519Key) + if (keyFormat == 0) return WOLFSSL_BAD_FILE; - (void)ed25519Key; + (void)devId; } else if (type == CERT_TYPE) { @@ -35263,14 +35252,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, if (keyFormat) { /* keyFormat is Key_Sum enum */ - if (keyFormat == ECDSAk) + if (keyFormat == RSAk) + type = EVP_PKEY_RSA; + else if (keyFormat == ECDSAk) type = EVP_PKEY_EC; else if (keyFormat == DSAk) type = EVP_PKEY_DSA; - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) else if (keyFormat == DHk) type = EVP_PKEY_DH; - #endif } else { /* Default to RSA if format is not set */ diff --git a/tests/api.c b/tests/api.c index b29cc2805..76d2f2310 100644 --- a/tests/api.c +++ b/tests/api.c @@ -4783,7 +4783,7 @@ static void test_wolfSSL_no_password_cb(void) #ifdef TEST_PKCS8_ENC /* for PKCS8 test case */ -static WC_INLINE int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) +static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) { int flag = 0; @@ -4895,7 +4895,7 @@ static void test_wolfSSL_PKCS8(void) flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - #endif /* !NO_RSA */ + #endif /* !NO_RSA && !NO_SHA */ #if defined(HAVE_ECC) && !defined(NO_SHA) /* test loading PEM PKCS8 encrypted ECC Key file */ @@ -4936,7 +4936,7 @@ static void test_wolfSSL_PKCS8(void) /* leave flag as "okay" */ flag = 1; - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC && !NO_SHA */ #endif /* TEST_PKCS8_ENC */ @@ -4998,6 +4998,37 @@ static void test_wolfSSL_PKCS8(void) #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */ } +static void test_wolfSSL_PKCS8_ED25519(void) +{ +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) + const byte encPrivKey[] = \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" + "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n" + "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n" + "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n" + "2L9W4v7swXkV+X+a1ww=\n" + "-----END ENCRYPTED PRIVATE KEY-----\n"; + const char password[] = "abcdefghijklmnopqrstuvwxyz"; + byte der[FOURK_BUF]; + WOLFSSL_CTX* ctx; + int bytes; + + XMEMSET(der, 0, sizeof(der)); + AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, + (word32)sizeof(der), password)), 0); +#ifndef NO_WOLFSSL_SERVER + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif +} + /* Testing functions dealing with PKCS5 */ static void test_wolfSSL_PKCS5(void) { @@ -30154,6 +30185,7 @@ void ApiTest(void) test_wolfSSL_PKCS12(); test_wolfSSL_no_password_cb(); test_wolfSSL_PKCS8(); + test_wolfSSL_PKCS8_ED25519(); test_wolfSSL_PKCS5(); test_wolfSSL_URI(); test_wolfSSL_TBS(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 652bf5cd9..710716d1f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -138,16 +138,16 @@ extern int wc_InitRsaHw(RsaKey* key); #endif #endif #ifdef WOLFSSL_RENESAS_TSIP_TLS -WOLFSSL_LOCAL void tsip_inform_key_position(const word32 key_n_start, +void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len, const word32 key_e_start, const word32 key_e_len); -WOLFSSL_LOCAL int tsip_tls_CertVerify(const byte *cert, word32 certSz, +int tsip_tls_CertVerify(const byte *cert, word32 certSz, const byte *signature, word32 sigSz, word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, byte *tsip_encRsaKeyIdx); #endif -WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, +int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) { return GetLength_ex(input, inOutIdx, len, maxIdx, 1); @@ -155,7 +155,7 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, /* give option to check length value found against index. 1 to check 0 to not */ -WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len, +int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check) { int length = 0; @@ -290,7 +290,7 @@ static int GetHeader(const byte* input, byte* tag, word32* inOutIdx, int* len, return length; } -WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, +int GetSequence(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) { return GetASNHeader(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len, @@ -298,7 +298,7 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, } -WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, +int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check) { return GetASNHeader_ex(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len, @@ -306,7 +306,7 @@ WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, } -WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, +int GetSet(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) { return GetASNHeader(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len, @@ -314,7 +314,7 @@ WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, } -WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len, +int GetSet_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check) { return GetASNHeader_ex(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len, @@ -423,7 +423,7 @@ static int SetBoolean(int val, byte* output) * invalid. * Otherwise, the number of bytes in the ASN.1 data. */ -static int GetOctetString(const byte* input, word32* inOutIdx, int* len, +int GetOctetString(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) { return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx); @@ -714,7 +714,7 @@ static int SetASNIntRSA(void* n, byte* output) #endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */ /* Windows header clash for WinCE using GetVersion */ -WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, +int GetMyVersion(const byte* input, word32* inOutIdx, int* version, word32 maxIdx) { word32 idx = *inOutIdx; @@ -741,7 +741,7 @@ WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, #ifndef NO_PWDBASED /* Get small count integer, 32 bits or less */ -WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) +int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) { word32 idx = *inOutIdx; word32 len; @@ -778,7 +778,7 @@ WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, /* Set small integer, 32 bits or less. DER encoding with no leading 0s * returns total amount written including ASN tag and length byte on success */ -WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx) +int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx) { word32 idx = *inOutIdx; word32 len = 0; @@ -960,7 +960,7 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len, * output Buffer to write into. * returns the number of bytes added to the buffer. */ -WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output) +word32 SetBitString(word32 len, byte unusedBits, byte* output) { word32 idx = 0; @@ -2502,7 +2502,7 @@ static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx) return 0; } -WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, +int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx) { int length; @@ -5406,7 +5406,7 @@ WOLFSSL_API int EccEnumToNID(int n) #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn) +int wc_OBJ_sn2nid(const char *sn) { const struct { const char *sn; @@ -6252,7 +6252,7 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len) #if defined(USE_WOLF_VALIDDATE) /* to the second */ -WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b) +int DateGreaterThan(const struct tm* a, const struct tm* b) { if (a->tm_year > b->tm_year) return 1; @@ -6648,7 +6648,7 @@ static word32 BytePrecision(word32 value) } -WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output) +word32 SetLength(word32 length, byte* output) { word32 i = 0, j; @@ -6672,45 +6672,27 @@ WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output) return i; } -WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header) -{ - int i = 0; - - if (output == NULL) - return BAD_FUNC_ARG; - - if (header) { - output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; - output[i++] = 3; - } - output[i++] = ASN_INTEGER; - output[i++] = 0x01; - output[i++] = (byte)version; - - return i; -} - -WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output) +word32 SetSequence(word32 len, byte* output) { if (output) output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; return SetLength(len, output ? output + 1 : NULL) + 1; } -WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output) +word32 SetOctetString(word32 len, byte* output) { output[0] = ASN_OCTET_STRING; return SetLength(len, output + 1) + 1; } /* Write a set header to output */ -WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output) +word32 SetSet(word32 len, byte* output) { output[0] = ASN_SET | ASN_CONSTRUCTED; return SetLength(len, output + 1) + 1; } -WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output) +word32 SetImplicit(byte tag, byte number, word32 len, byte* output) { output[0] = ((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0) @@ -6718,7 +6700,7 @@ WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output return SetLength(len, output + 1) + 1; } -WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output) +word32 SetExplicit(byte number, word32 len, byte* output) { output[0] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number; return SetLength(len, output + 1) + 1; @@ -6780,7 +6762,7 @@ static WC_INLINE int IsSigAlgoECDSA(int algoOID) } #endif -WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) +word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) { word32 tagSz, idSz, seqSz, algoSz = 0; const byte* algoName = 0; @@ -8768,9 +8750,9 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm) #ifdef __cplusplus extern "C" { #endif - WOLFSSL_LOCAL Signer* GetCA(void* signers, byte* hash); + Signer* GetCA(void* signers, byte* hash); #ifndef NO_SKID - WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash); + Signer* GetCAByName(void* signers, byte* hash); #endif #ifdef __cplusplus } @@ -9539,7 +9521,25 @@ void FreeTrustedPeerTable(TrustedPeerCert** table, int rows, void* heap) } #endif /* WOLFSSL_TRUST_PEER_CERT */ -WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, +int SetMyVersion(word32 version, byte* output, int header) +{ + int i = 0; + + if (output == NULL) + return BAD_FUNC_ARG; + + if (header) { + output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; + output[i++] = 3; + } + output[i++] = ASN_INTEGER; + output[i++] = 0x01; + output[i++] = (byte)version; + + return i; +} + +int SetSerialNumber(const byte* sn, word32 snSz, byte* output, word32 outputSz, int maxSnSz) { int i; @@ -9585,7 +9585,7 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, #endif /* !NO_CERTS */ -WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, +int GetSerialNumber(const byte* input, word32* inOutIdx, byte* serial, int* serialSz, word32 maxIdx) { int result = 0; @@ -10330,18 +10330,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type, /* pkcs8 key, convert and adjust length */ if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) { der->length = ret; - #if !defined(NO_DSA) - if (algId == DSAk) - *keyFormat = DSAk; - #endif - #ifdef HAVE_ECC - if (algId == ECDSAk) - *keyFormat = ECDSAk; - #endif - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - if (algId == DHk) - *keyFormat = DHk; - #endif + if (keyFormat) { + *keyFormat = algId; + } } else { /* ignore failure here and assume key is not pkcs8 wrapped */ @@ -10385,14 +10376,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (ret >= 0) { der->length = ret; - if ((algId == ECDSAk) && (keyFormat != NULL)) - *keyFormat = ECDSAk; - else if ((algId == DSAk) && (keyFormat != NULL)) - *keyFormat = DSAk; - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - else if ((algId == DHk) && (keyFormat != NULL)) - *keyFormat = DHk; - #endif + if (keyFormat) { + *keyFormat = algId; + } ret = 0; } #else @@ -16444,7 +16430,7 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp) /* store WC_SHA hash of NAME */ -WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, +int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx) { int length; /* length of all distinguished names */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 72ac9e108..0ab501c8e 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -432,10 +432,8 @@ enum Key_Sum { RSAk = 645, NTRUk = 274, ECDSAk = 518, - ED25519k = 256 - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - ,DHk = 647 /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ - #endif + ED25519k = 256, + DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ }; #if !defined(NO_AES) || defined(HAVE_PKCS7) @@ -1114,6 +1112,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check); +WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,