wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2739 from dgarske/pkcs8_ed25519

Browse Source 
Added PKCS8 support for ED25519
This commit is contained in:
JacobBarthelmeh
2020-01-24 10:56:40 -08:00
committed by GitHub
parent b9f39b7c06 2cd3474e9d
commit 695b126a1c
4 changed files with 122 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
src/ssl.c
View File

@@ -5232,8 +5232,7 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der,
int* keySz, word32* idx, int* resetSuites, int *rsaKey, int *eccKey,
int *ed25519Key, void* heap, int devId)
int* keySz, word32* idx, int* resetSuites, int* keyFormat, void* heap, int devId)
{
int ret = 0;
@@ -5242,11 +5241,11 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (ctx == NULL && ssl == NULL)
return BAD_FUNC_ARG;
if (!der || !keySz || !idx || !resetSuites || !rsaKey || !eccKey || !ed25519Key)
if (!der || !keySz || !idx || !resetSuites || !keyFormat)
return BAD_FUNC_ARG;
#ifndef NO_RSA
if (ret == 0 && !*eccKey && !*ed25519Key) {
if (ret == 0 && (*keyFormat == 0 || *keyFormat == RSAk)) {
/* make sure RSA key can be used */
#ifdef WOLFSSL_SMALL_STACK
RsaKey* key = NULL;
@@ -5265,13 +5264,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
*idx = 0;
if (wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length)
!= 0) {
#ifdef HAVE_ECC
/* could have DER ECC (or pkcs8 ecc), no easy way to tell */
*eccKey = 1; /* try it next */
#elif defined(HAVE_ED25519)
*ed25519Key = 1; /* try it next */
#else
WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
#if !defined(HAVE_ECC) && !defined(HAVE_ED25519)
WOLFSSL_MSG("RSA decode failed and ECC/ED25519 not enabled to try");
ret = WOLFSSL_BAD_FILE;
#endif
}
@@ -5294,8 +5288,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
ctx->privateKeySz = *keySz;
}
*rsaKey = 1;
(void)rsaKey; /* for no ecc builds */
*keyFormat = RSAk;
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
ssl->options.haveStaticECC = 0;
@@ -5312,7 +5305,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
}
#endif
#ifdef HAVE_ECC
if (ret == 0 && !*rsaKey && !*ed25519Key) {
if (ret == 0 && (*keyFormat == 0 || *keyFormat == ECDSAk)) {
/* make sure ECC key can be used */
#ifdef WOLFSSL_SMALL_STACK
ecc_key* key = NULL;
@@ -5339,7 +5332,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
ret = ECC_KEY_SIZE_E;
}
*eccKey = 1;
*keyFormat = ECDSAk;
if (ssl) {
ssl->options.haveStaticECC = 1;
ssl->buffers.keyType = ecc_dsa_sa_algo;
@@ -5355,8 +5348,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
*resetSuites = 1;
}
}
else
*eccKey = 0;
wc_ecc_free(key);
}
@@ -5367,7 +5358,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
}
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
if (ret == 0 && !*rsaKey && !*eccKey) {
if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED25519k)) {
/* make sure Ed25519 key can be used */
#ifdef WOLFSSL_SMALL_STACK
ed25519_key* key = NULL;
@@ -5410,7 +5401,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
ctx->privateKeySz = *keySz;
}
*ed25519Key = 1;
*keyFormat = ED25519k;
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
*resetSuites = 1;
}
@@ -5437,9 +5428,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */
int ret = 0;
int done = 0;
int eccKey = 0;
int ed25519Key = 0;
int rsaKey = 0;
int keyFormat = 0;
int resetSuites = 0;
void* heap = wolfSSL_CTX_GetHeap(ctx, ssl);
int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
@@ -5455,7 +5444,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
EncryptedInfo info[1];
#endif
(void)rsaKey;
(void)devId;
(void)idx;
(void)keySz;
@@ -5488,7 +5476,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
ret = PemToDer(buff, sz, type, &der, heap, info, &keyFormat);
#else
ret = NOT_COMPILED_IN;
#endif
@@ -5497,12 +5485,19 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* ASN1 (DER) or RAW (NTRU) */
int length = (int)sz;
if (format == WOLFSSL_FILETYPE_ASN1) {
/* get length of der (read sequence) */
/* get length of der (read sequence or octet string) */
word32 inOutIdx = 0;
if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) {
if (GetSequence(buff, &inOutIdx, &length, (word32)sz) >= 0) {
length += inOutIdx; /* include leading sequence */
}
/* get length using octect string (allowed for private key types) */
else if (type == PRIVATEKEY_TYPE &&
GetOctetString(buff, &inOutIdx, &length, (word32)sz) >= 0) {
length += inOutIdx; /* include leading oct string */
}
else {
ret = ASN_PARSE_E;
}
length += inOutIdx; /* include leading sequence */
}
info->consumed = length;
@@ -5640,22 +5635,16 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
else if (type == PRIVATEKEY_TYPE && format != WOLFSSL_FILETYPE_RAW) {
#if defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8)
/* attempt to detect key type */
if (algId == RSAk)
rsaKey = 1;
else if (algId == ECDSAk)
eccKey = 1;
else if (algId == ED25519k)
ed25519Key = 1;
keyFormat = algId;
#endif
ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites,
&rsaKey, &eccKey, &ed25519Key, heap, devId);
&keyFormat, heap, devId);
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
/* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */
/* If private key type PKCS8 header wasn't already removed (algoId == 0) */
if ((ret != 0 || (!rsaKey && !eccKey && !ed25519Key))
if ((ret != 0 || keyFormat == 0)
&& format != WOLFSSL_FILETYPE_PEM && info->passwd_cb && algId == 0)
{
int passwordSz = NAME_SZ;
@@ -5692,7 +5681,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
XFREE(password, heap, DYNAMIC_TYPE_STRING);
#endif
ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx,
&resetSuites, &rsaKey, &eccKey, &ed25519Key, heap, devId);
&resetSuites, &keyFormat, heap, devId);
}
#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
@@ -5702,9 +5691,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (ret != 0)
return ret;
if (!rsaKey && !eccKey && !ed25519Key)
if (keyFormat == 0)
return WOLFSSL_BAD_FILE;
(void)ed25519Key;
(void)devId;
}
else if (type == CERT_TYPE) {
@@ -35263,14 +35252,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
if (keyFormat) {
/* keyFormat is Key_Sum enum */
if (keyFormat == ECDSAk)
if (keyFormat == RSAk)
type = EVP_PKEY_RSA;
else if (keyFormat == ECDSAk)
type = EVP_PKEY_EC;
else if (keyFormat == DSAk)
type = EVP_PKEY_DSA;
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
else if (keyFormat == DHk)
type = EVP_PKEY_DH;
#endif
}
else {
/* Default to RSA if format is not set */

38
tests/api.c
View File

@@ -4783,7 +4783,7 @@ static void test_wolfSSL_no_password_cb(void)
#ifdef TEST_PKCS8_ENC
/* for PKCS8 test case */
static WC_INLINE int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
{
int flag = 0;
@@ -4895,7 +4895,7 @@ static void test_wolfSSL_PKCS8(void)
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif /* !NO_RSA */
#endif /* !NO_RSA && !NO_SHA */
#if defined(HAVE_ECC) && !defined(NO_SHA)
/* test loading PEM PKCS8 encrypted ECC Key file */
@@ -4936,7 +4936,7 @@ static void test_wolfSSL_PKCS8(void)
/* leave flag as "okay" */
flag = 1;
#endif /* HAVE_ECC */
#endif /* HAVE_ECC && !NO_SHA */
#endif /* TEST_PKCS8_ENC */
@@ -4998,6 +4998,37 @@ static void test_wolfSSL_PKCS8(void)
#endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
}
static void test_wolfSSL_PKCS8_ED25519(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519)
const byte encPrivKey[] = \
"-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
"MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
"DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
"OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
"2L9W4v7swXkV+X+a1ww=\n"
"-----END ENCRYPTED PRIVATE KEY-----\n";
const char password[] = "abcdefghijklmnopqrstuvwxyz";
byte der[FOURK_BUF];
WOLFSSL_CTX* ctx;
int bytes;
XMEMSET(der, 0, sizeof(der));
AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
(word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
/* Testing functions dealing with PKCS5 */
static void test_wolfSSL_PKCS5(void)
{
@@ -30154,6 +30185,7 @@ void ApiTest(void)
test_wolfSSL_PKCS12();
test_wolfSSL_no_password_cb();
test_wolfSSL_PKCS8();
test_wolfSSL_PKCS8_ED25519();
test_wolfSSL_PKCS5();
test_wolfSSL_URI();
test_wolfSSL_TBS();

118
wolfcrypt/src/asn.c
View File

@@ -138,16 +138,16 @@ extern int wc_InitRsaHw(RsaKey* key);
#endif
#endif
#ifdef WOLFSSL_RENESAS_TSIP_TLS
WOLFSSL_LOCAL void tsip_inform_key_position(const word32 key_n_start,
void tsip_inform_key_position(const word32 key_n_start,
const word32 key_n_len, const word32 key_e_start,
const word32 key_e_len);
WOLFSSL_LOCAL int tsip_tls_CertVerify(const byte *cert, word32 certSz,
int tsip_tls_CertVerify(const byte *cert, word32 certSz,
const byte *signature, word32 sigSz,
word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len,
byte *tsip_encRsaKeyIdx);
#endif
WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
int GetLength(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
return GetLength_ex(input, inOutIdx, len, maxIdx, 1);
@@ -155,7 +155,7 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
/* give option to check length value found against index. 1 to check 0 to not */
WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check)
{
int length = 0;
@@ -290,7 +290,7 @@ static int GetHeader(const byte* input, byte* tag, word32* inOutIdx, int* len,
return length;
}
WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
return GetASNHeader(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
@@ -298,7 +298,7 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
}
WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check)
{
return GetASNHeader_ex(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
@@ -306,7 +306,7 @@ WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
}
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
return GetASNHeader(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
@@ -314,7 +314,7 @@ WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
}
WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check)
{
return GetASNHeader_ex(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
@@ -423,7 +423,7 @@ static int SetBoolean(int val, byte* output)
* invalid.
* Otherwise, the number of bytes in the ASN.1 data.
*/
static int GetOctetString(const byte* input, word32* inOutIdx, int* len,
int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx);
@@ -714,7 +714,7 @@ static int SetASNIntRSA(void* n, byte* output)
#endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */
/* Windows header clash for WinCE using GetVersion */
WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
int GetMyVersion(const byte* input, word32* inOutIdx,
int* version, word32 maxIdx)
{
word32 idx = *inOutIdx;
@@ -741,7 +741,7 @@ WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
#ifndef NO_PWDBASED
/* Get small count integer, 32 bits or less */
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
{
word32 idx = *inOutIdx;
word32 len;
@@ -778,7 +778,7 @@ WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
/* Set small integer, 32 bits or less. DER encoding with no leading 0s
* returns total amount written including ASN tag and length byte on success */
WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx)
int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx)
{
word32 idx = *inOutIdx;
word32 len = 0;
@@ -960,7 +960,7 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output)
word32 SetBitString(word32 len, byte unusedBits, byte* output)
{
word32 idx = 0;
@@ -2502,7 +2502,7 @@ static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx)
return 0;
}
WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx)
{
int length;
@@ -5406,7 +5406,7 @@ WOLFSSL_API int EccEnumToNID(int n)
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn)
int wc_OBJ_sn2nid(const char *sn)
{
const struct {
const char *sn;
@@ -6252,7 +6252,7 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len)
#if defined(USE_WOLF_VALIDDATE)
/* to the second */
WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b)
int DateGreaterThan(const struct tm* a, const struct tm* b)
{
if (a->tm_year > b->tm_year)
return 1;
@@ -6648,7 +6648,7 @@ static word32 BytePrecision(word32 value)
}
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output)
word32 SetLength(word32 length, byte* output)
{
word32 i = 0, j;
@@ -6672,45 +6672,27 @@ WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output)
return i;
}
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header)
{
int i = 0;
if (output == NULL)
return BAD_FUNC_ARG;
if (header) {
output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
output[i++] = 3;
}
output[i++] = ASN_INTEGER;
output[i++] = 0x01;
output[i++] = (byte)version;
return i;
}
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output)
word32 SetSequence(word32 len, byte* output)
{
if (output)
output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED;
return SetLength(len, output ? output + 1 : NULL) + 1;
}
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output)
word32 SetOctetString(word32 len, byte* output)
{
output[0] = ASN_OCTET_STRING;
return SetLength(len, output + 1) + 1;
}
/* Write a set header to output */
WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output)
word32 SetSet(word32 len, byte* output)
{
output[0] = ASN_SET | ASN_CONSTRUCTED;
return SetLength(len, output + 1) + 1;
}
WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
{
output[0] = ((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0)
@@ -6718,7 +6700,7 @@ WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output
return SetLength(len, output + 1) + 1;
}
WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output)
word32 SetExplicit(byte number, word32 len, byte* output)
{
output[0] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
return SetLength(len, output + 1) + 1;
@@ -6780,7 +6762,7 @@ static WC_INLINE int IsSigAlgoECDSA(int algoOID)
}
#endif
WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
{
word32 tagSz, idSz, seqSz, algoSz = 0;
const byte* algoName = 0;
@@ -8768,9 +8750,9 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
#ifdef __cplusplus
extern "C" {
#endif
WOLFSSL_LOCAL Signer* GetCA(void* signers, byte* hash);
Signer* GetCA(void* signers, byte* hash);
#ifndef NO_SKID
WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash);
Signer* GetCAByName(void* signers, byte* hash);
#endif
#ifdef __cplusplus
}
@@ -9539,7 +9521,25 @@ void FreeTrustedPeerTable(TrustedPeerCert** table, int rows, void* heap)
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
int SetMyVersion(word32 version, byte* output, int header)
{
int i = 0;
if (output == NULL)
return BAD_FUNC_ARG;
if (header) {
output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
output[i++] = 3;
}
output[i++] = ASN_INTEGER;
output[i++] = 0x01;
output[i++] = (byte)version;
return i;
}
int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
word32 outputSz, int maxSnSz)
{
int i;
@@ -9585,7 +9585,7 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
#endif /* !NO_CERTS */
WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx)
{
int result = 0;
@@ -10330,18 +10330,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
/* pkcs8 key, convert and adjust length */
if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) {
der->length = ret;
#if !defined(NO_DSA)
if (algId == DSAk)
*keyFormat = DSAk;
#endif
#ifdef HAVE_ECC
if (algId == ECDSAk)
*keyFormat = ECDSAk;
#endif
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
if (algId == DHk)
*keyFormat = DHk;
#endif
if (keyFormat) {
*keyFormat = algId;
}
}
else {
/* ignore failure here and assume key is not pkcs8 wrapped */
@@ -10385,14 +10376,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
if (ret >= 0) {
der->length = ret;
if ((algId == ECDSAk) && (keyFormat != NULL))
*keyFormat = ECDSAk;
else if ((algId == DSAk) && (keyFormat != NULL))
*keyFormat = DSAk;
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
else if ((algId == DHk) && (keyFormat != NULL))
*keyFormat = DHk;
#endif
if (keyFormat) {
*keyFormat = algId;
}
ret = 0;
}
#else
@@ -16444,7 +16430,7 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
/* store WC_SHA hash of NAME */
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx)
{
int length; /* length of all distinguished names */

8
wolfssl/wolfcrypt/asn.h
View File

@@ -432,10 +432,8 @@ enum Key_Sum {
RSAk = 645,
NTRUk = 274,
ECDSAk = 518,
ED25519k = 256
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
,DHk = 647 /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
#endif
ED25519k = 256,
DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
};
#if !defined(NO_AES) || defined(HAVE_PKCS7)
@@ -1114,6 +1112,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check);
WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,