Init SoftHSMv2 support

- wolfSSL_EVP_PKEY_set1_DH: If both private and public present, output private key - ToTraditionalInline_ex2: Add DH checking - wc_ecc_get_curve_id: check index is not negative - Fix i2d_PKCS8_PRIV_KEY_INFO to actually output pkcs8 instead of just der - wolfSSL_EVP_PKEY2PKCS8: Create duplicate to avoid double free - wolfSSL_DH_generate_key: Fix case where not enough buffer was allocated for 128 bit case - pkcs8_encode: Add DSA and DH support - wolfSSL_d2i_PKCS8_PKEY: Correctly advance buffer - RSA_LOW_MEM: export all integers in compat layer - Add softhsm action - Define - OPENSSL_DH_MAX_MODULUS_BITS - OPENSSL_DSA_MAX_MODULUS_BITS - OPENSSL_RSA_MAX_MODULUS_BITS - Implement - BN_mul_word - i2d_ECPKParameters - PEM_write_bio_PKCS8_PRIV_KEY_INFO - PEM_read_bio_PKCS8_PRIV_KEY_INFO - i2d_PKCS8_PRIV_KEY_INFO - RSA_padding_add_PKCS1_PSS_mgf1 - RSA_verify_PKCS1_PSS_mgf1
2026-02-01 11:59:19 +01:00 · 2024-08-27 15:26:46 +02:00
parent ef063aac2f
commit 901384e704
19 changed files with 569 additions and 73 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7174,6 +7174,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
                    ret = ASN_PARSE_E;
                }
                break;
+        #endif
+        #ifndef NO_DH
+            case DHk:
+                /* Neither NULL item nor OBJECT_ID item allowed. */
+                if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
+                    (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
+                    ret = ASN_PARSE_E;
+                }
+                break;
        #endif
            /* DSAk not supported. */
            /* Falcon, Dilithium and Sphincs not supported. */
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4262,7 +4262,7 @@ int wc_ecc_get_curve_idx(int curve_id)

 int wc_ecc_get_curve_id(int curve_idx)
 {
-    if (wc_ecc_is_valid_idx(curve_idx)) {
+    if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) {
        return ecc_sets[curve_idx].id;
    }
    return ECC_CURVE_INVALID;
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -9051,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
    /* Get size of DER buffer only */
    if (havePublic && !havePrivate) {
        ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
        ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz);
    } else {
        ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
@@ -9071,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
    /* Fill DER buffer */
    if (havePublic && !havePrivate) {
        ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
        ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz);
    } else {
        ret = wc_DhParamsToDer(dhkey,derBuf,&derSz);
@@ -9770,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
 /* this function just casts and returns pointer */
 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
 {
-    return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
+    if (pkey == NULL || pkey->pkey.ptr == NULL) {
+        return NULL;
+    }
+
+    return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr,
+        pkey->pkey_sz);
 }
 #endif

--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -5128,6 +5128,12 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho);
 #define WOLFSSL_SP_PRIME_GEN
 #endif

+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA)
+/* Determine when mp_mul_d is required */
+#define WOLFSSL_SP_MUL_D
+#endif
+
 /* Set the multi-precision number to zero.
 *
 * Assumes a is not NULL.
@@ -6553,7 +6559,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r)
    !defined(NO_DH) || defined(HAVE_ECC) || \
    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
     !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
+    defined(WOLFSSL_SP_MUL_D)
 /* Multiply a by digit n and put result into r shifting up o digits.
 *   r = (a * n) << (o * SP_WORD_SIZE)
 *
@@ -6636,8 +6643,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
 #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
        *  WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */

-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+#ifdef WOLFSSL_SP_MUL_D
 /* Multiply a by digit n and put result into r. r = a * n
 *
 * @param  [in]   a  SP integer to multiply.
@@ -6675,8 +6681,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r)

    return err;
 }
-#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
-        * (WOLFSSL_KEY_GEN && !NO_RSA) */
+#endif /* WOLFSSL_SP_MUL_D */

 /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \