From ee8be22a3f9cd2c5dc89463c486ad5cc0f827f9c Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Mon, 7 Jul 2025 09:26:47 +0900 Subject: [PATCH] Fix Qt nightly jenkins failure PBKDF1 encrpted key --- src/pk.c | 6 ++--- tests/api.c | 57 +++++++++++++++++++++++++++++++++++++++++++++ wolfcrypt/src/asn.c | 10 +++++++- 3 files changed, 68 insertions(+), 5 deletions(-) diff --git a/src/pk.c b/src/pk.c index c2d70d567..6f920f697 100644 --- a/src/pk.c +++ b/src/pk.c @@ -507,12 +507,10 @@ static int der_to_enc_pem_alloc(unsigned char* der, int derSz, byte* cipherInfo = NULL; int pemSz = 0; int hashType = WC_HASH_TYPE_NONE; -#if !defined(NO_SHA256) - hashType = WC_SHA256; +#if !defined(NO_MD5) + hashType = WC_MD5; #elif !defined(NO_SHA) hashType = WC_SHA; -#elif !defined(NO_MD5) - hashType = WC_MD5; #endif /* Macro doesn't always use it. */ diff --git a/tests/api.c b/tests/api.c index 1c20975fc..a8e213fa7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -47805,6 +47805,62 @@ static int test_wolfSSL_PKCS7_SIGNED_new(void) } #ifndef NO_BIO + +static int test_wolfSSL_PEM_write_bio_encryptedKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + defined(WOLFSSL_ENCRYPTED_KEYS) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_DES3) + RSA* rsaKey = NULL; + RSA* retKey = NULL; + const EVP_CIPHER *cipher = NULL; + BIO* bio = NULL; + BIO* retbio = NULL; + byte* out; + const char* password = "wolfssl"; + word32 passwordSz =(word32)XSTRLEN((char*)password); + int membufSz = 0; + +#if defined(USE_CERT_BUFFERS_2048) + const byte* key = client_key_der_2048; + word32 keySz = sizeof_client_key_der_2048; +#elif defined(USE_CERT_BUFFERS_1024) + const byte* key = client_key_der_1024; + word32 keySz = sizeof_client_key_der_1024; +#endif + /* Import Rsa Key */ + ExpectNotNull(rsaKey = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_RSA_LoadDer_ex(rsaKey, key, keySz, + WOLFSSL_RSA_LOAD_PRIVATE), 1); + + ExpectNotNull(cipher = EVP_des_ede3_cbc()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsaKey, cipher, + (byte*)password, passwordSz, NULL, NULL), 1); + ExpectIntGT((membufSz = BIO_get_mem_data(bio, &out)), 0); + ExpectNotNull(retbio = BIO_new_mem_buf(out, membufSz)); + ExpectNotNull((retKey = PEM_read_bio_RSAPrivateKey(retbio, NULL, + NULL, (void*)password))); + if (bio != NULL) { + BIO_free(bio); + } + if (retbio != NULL) { + BIO_free(retbio); + } + if (retKey != NULL) { + RSA_free(retKey); + } + if (rsaKey != NULL) { + RSA_free(rsaKey); + } +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_PEM_write_bio_PKCS7(void) { EXPECT_DECLS; @@ -67968,6 +68024,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_PKCS7_SIGNED_new), #ifndef NO_BIO TEST_DECL(test_wolfSSL_PEM_write_bio_PKCS7), + TEST_DECL(test_wolfSSL_PEM_write_bio_encryptedKey), #ifdef HAVE_SMIME TEST_DECL(test_wolfSSL_SMIME_read_PKCS7), TEST_DECL(test_wolfSSL_SMIME_write_PKCS7), diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bf4ae6c13..1b463b616 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -26848,6 +26848,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #ifdef OPENSSL_EXTRA char beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ char endBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ +#endif +#ifdef WOLFSSL_ENCRYPTED_KEYS + int hashType = WC_HASH_TYPE_NONE; +#if !defined(NO_MD5) + hashType = WC_MD5; +#elif !defined(NO_SHA) + hashType = WC_SHA; +#endif #endif WOLFSSL_ENTER("PemToDer"); @@ -27214,7 +27222,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #endif ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, - (byte*)password, passwordSz, WC_MD5); + (byte*)password, passwordSz, hashType); #ifndef NO_WOLFSSL_SKIP_TRAILING_PAD #ifndef NO_DES3