diff --git a/src/ssl.c b/src/ssl.c index 3c64098ec..9d31e6e18 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8101,17 +8101,21 @@ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, unsigned char** { unsigned char* pt; int sz; + word16 pkcs8HeaderSz = 0; if (!key || !key->pkey_sz) return WOLFSSL_FATAL_ERROR; - sz = key->pkey_sz; + /* return the key without PKCS8 for compatibility */ + if (key->pkey_sz < key->pkcs8HeaderSz) + pkcs8HeaderSz = key->pkcs8HeaderSz; + sz = key->pkey_sz - pkcs8HeaderSz; if (der) { pt = (unsigned char*)key->pkey.ptr; if (*der) { /* since this function signature has no size value passed in it is * assumed that the user has allocated a large enough buffer */ - XMEMCPY(*der, pt, sz); + XMEMCPY(*der, pt + pkcs8HeaderSz, sz); *der += sz; } else { @@ -8119,7 +8123,7 @@ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, unsigned char** if (*der == NULL) { return WOLFSSL_FATAL_ERROR; } - XMEMCPY(*der, pt, sz); + XMEMCPY(*der, pt + pkcs8HeaderSz, sz); } } return sz; @@ -8146,7 +8150,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, { int ret; word32 idx = 0, algId; - byte hasPkcs8Header = 0; + word16 pkcs8HeaderSz = 0; WOLFSSL_EVP_PKEY* local; WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); @@ -8161,7 +8165,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx, (word32)inSz, &algId)) > 0) { WOLFSSL_MSG("Found PKCS8 header"); - hasPkcs8Header = 1; + pkcs8HeaderSz = (word16)idx; if ((type == EVP_PKEY_RSA && algId != RSAk) || (type == EVP_PKEY_EC && algId != ECDSAk) || @@ -8191,7 +8195,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, local->type = type; local->pkey_sz = (int)inSz; - local->hasPkcs8Header = hasPkcs8Header; + local->pkcs8HeaderSz = pkcs8HeaderSz; local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (local->pkey.ptr == NULL) { wolfSSL_EVP_PKEY_free(local); @@ -21829,7 +21833,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src) dup->pub_key->inSet = src->pub_key->inSet; dup->pub_key->exSet = src->pub_key->exSet; - dup->hasPkcs8Header = src->hasPkcs8Header; + dup->pkcs8HeaderSz = src->pkcs8HeaderSz; /* Copy private key */ if (src->priv_key->internal == NULL || dup->priv_key->internal == NULL) { @@ -39602,14 +39606,14 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, return WOLFSSL_FATAL_ERROR; } - rsa->hasPkcs8Header = 0; + rsa->pkcs8HeaderSz = 0; #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) /* Check if input buffer has PKCS8 header. In the case that it does not * have a PKCS8 header then do not error out. */ if ((ret = ToTraditionalInline_ex((const byte*)derBuf, &idx, (word32)derSz, &algId)) > 0) { WOLFSSL_MSG("Found PKCS8 header"); - rsa->hasPkcs8Header = 1; + rsa->pkcs8HeaderSz = (word16)idx; } else { if (ret != ASN_PARSE_E) { @@ -40149,14 +40153,14 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, return WOLFSSL_FATAL_ERROR; } - key->hasPkcs8Header = 0; + key->pkcs8HeaderSz = 0; #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) /* Check if input buffer has PKCS8 header. In the case that it does not * have a PKCS8 header then do not error out. */ if ((ret = ToTraditionalInline_ex((const byte*)derBuf, &idx, (word32)derSz, &algId)) > 0) { WOLFSSL_MSG("Found PKCS8 header"); - key->hasPkcs8Header = 1; + key->pkcs8HeaderSz = (word16)idx; } else { if (ret != ASN_PARSE_E) { diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index be0f9752d..db7c286a2 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6117,7 +6117,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) pkey->rsa = key; pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */ pkey->type = EVP_PKEY_RSA; - pkey->hasPkcs8Header = key->hasPkcs8Header; + pkey->pkcs8HeaderSz = key->pkcs8HeaderSz; if (key->inSet == 0) { if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); @@ -6135,7 +6135,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) if (ret > 0) { derSz = ret; #ifdef HAVE_PKCS8 - if (key->hasPkcs8Header) { + if (key->pkcs8HeaderSz) { ret = wc_CreatePKCS8Key(NULL, (word32*)&pkcs8Sz, NULL, derSz, RSAk, NULL, 0); if (ret == LENGTH_ONLY_E) ret = 0; @@ -6161,7 +6161,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) if (ret > 0) { derSz = ret; #ifdef HAVE_PKCS8 - if (key->hasPkcs8Header) { + if (key->pkcs8HeaderSz) { byte* keyBuf = derBuf; int keySz = derSz; derSz = pkcs8Sz; @@ -6557,7 +6557,7 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) return WOLFSSL_FAILURE; ecc = (ecc_key*)key->internal; - if (key->hasPkcs8Header) { + if (key->pkcs8HeaderSz) { /* when key has pkcs8 header the pkey should too */ if (wc_EccKeyToPKCS8(ecc, NULL, (word32*)&derSz) == LENGTH_ONLY_E) { byte* derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL); @@ -6568,7 +6568,7 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) } pkey->pkey_sz = (int)derSz; pkey->pkey.ptr = (char*)derBuf; - pkey->hasPkcs8Header = 1; + pkey->pkcs8HeaderSz = key->pkcs8HeaderSz; return WOLFSSL_SUCCESS; } else { diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index 6fe6d914d..abf47ef5f 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -119,11 +119,11 @@ struct WOLFSSL_EC_KEY { void* internal; /* our ECC Key */ char form; /* Either POINT_CONVERSION_UNCOMPRESSED or * POINT_CONVERSION_COMPRESSED */ + word16 pkcs8HeaderSz; /* option bits */ byte inSet:1; /* internal set from external ? */ byte exSet:1; /* external set from internal ? */ - byte hasPkcs8Header:1; }; struct WOLFSSL_EC_BUILTIN_CURVE { diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 86aa2a873..c1bf4437f 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -87,12 +87,12 @@ typedef struct WOLFSSL_RSA { wolfSSL_Mutex refMutex; /* ref count mutex */ int refCount; /* reference count */ #endif + word16 pkcs8HeaderSz; /* bits */ byte inSet:1; /* internal set from external ? */ byte exSet:1; /* external set from internal ? */ byte ownRng:1; /* flag for if the rng should be free'd */ - byte hasPkcs8Header:1; } WOLFSSL_RSA; #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c90acee97..a7455cdf3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -370,13 +370,13 @@ struct WOLFSSL_EVP_PKEY { #ifdef HAVE_ECC int pkey_curve; #endif + word16 pkcs8HeaderSz; /* option bits */ byte ownDh:1; /* if struct owns DH and should free it */ byte ownEcc:1; /* if struct owns ECC and should free it */ byte ownDsa:1; /* if struct owns DSA and should free it */ byte ownRsa:1; /* if struct owns RSA and should free it */ - byte hasPkcs8Header:1; }; typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; #ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */