wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

* Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.

Browse Source 
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
This commit is contained in:
David Garske
2018-04-09 06:58:10 -07:00
parent 5a46bdf6f6
commit a38576146e
15 changed files with 514 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cyassl/ctaocrypt/asn.h
View File

@ -38,10 +38,8 @@
#include <wolfssl/wolfcrypt/asn.h>
#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
#ifndef NO_FILESYSTEM
#define CyaSSL_PemCertToDer wolfSSL_PemCertToDer
#endif
#define CyaSSL_PemCertToDer wc_PemCertToDer
#endif
#endif /* CTAO_CRYPT_ASN_H */

1
cyassl/ssl.h
View File

@ -657,7 +657,6 @@
/* OpenSSL Compatibility Layer */
#define CyaSSL_PemCertToDer wolfSSL_PemCertToDer
#define CyaSSL_get_sessionID wolfSSL_get_sessionID
#define CyaSSL_get_peer_count wolfSSL_get_peer_count
#define CyaSSL_get_chain_cert wolfSSL_get_chain_cert

34
doc/dox_comments/header_files/asn.h
View File

@ -1,34 +0,0 @@
/*!
\ingroup ASN
\brief This function converts a pem certificate to a der certificate,
and places the resulting certificate in the derBuf buffer provided.
\return Success On success returns the size of the derBuf generated
\return BUFFER_E Returned if the size of derBuf is too small to hold
the certificate generated
\return MEMORY_E Returned if the call to XMALLOC fails
\param fileName path to the file containing a pem certificate to
convert to a der certificate
\param derBuf pointer to a char buffer in which to store the
converted certificate
\param derSz size of the char buffer in which to store the
converted certificate
_Example_
\code
char * file = “./certs/client-cert.pem”;
int derSz;
byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
derSz = wolfsSSL_PemCertToDer(file, der, EIGHTK_BUF);
if(derSz <= 0) {
//PemCertToDer error
}
\endcode
\sa none
*/
WOLFSSL_API
int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);

164
doc/dox_comments/header_files/asn_public.h
View File

@ -913,11 +913,11 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\sa wc_InitCert
\sa wc_MakeCert
*/
WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz,
WC_RNG*);
WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz,
WC_RNG*);
/*!
\ingroup Keys
\ingroup ASN
\brief Loads a PEM key from a file and converts to a DER encoded buffer.
@ -936,18 +936,18 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
char* some_file = "filename";
unsigned char der[];
if(wolfSSL_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
if(wc_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
{
//Handle Error
}
\endcode
\sa wolfSSL_PubKeyPemToDer
\sa wc_PubKeyPemToDer
*/
WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz);
WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz);
/*!
\ingroup Keys
\ingroup ASN
\brief Convert a PEM encoded public key to DER. Returns the number of
bytes written to the buffer or a negative value for an error.
@ -966,17 +966,53 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
byte some_pem[] = { Initialize with PEM key }
unsigned char out_buffer[1024]; // Ensure buffer is large enough to fit DER
if(wolfSSL_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer,
if(wc_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer,
sizeof(out_buffer)) < 0)
{
// Handle error
}
\endcode
\sa wolfSSL_PemPubKeyToDer
\sa wc_PemPubKeyToDer
*/
WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
/*!
\ingroup ASN
\brief This function converts a pem certificate to a der certificate,
and places the resulting certificate in the derBuf buffer provided.
\return Success On success returns the size of the derBuf generated
\return BUFFER_E Returned if the size of derBuf is too small to hold
the certificate generated
\return MEMORY_E Returned if the call to XMALLOC fails
\param fileName path to the file containing a pem certificate to
convert to a der certificate
\param derBuf pointer to a char buffer in which to store the
converted certificate
\param derSz size of the char buffer in which to store the
converted certificate
_Example_
\code
char * file = “./certs/client-cert.pem”;
int derSz;
byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
if(derSz <= 0) {
//PemCertToDer error
}
\endcode
\sa none
*/
WOLFSSL_API
int wc_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);
/*!
\ingroup ASN
@ -1015,7 +1051,7 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
pemSz = wc_DerToPem(der, derSz,pemFormatted,FOURK_BUF, CERT_TYPE);
\endcode
\sa wolfSSL_PemCertToDer
\sa wc_PemCertToDer
*/
WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
word32 outputSz, int type);
@ -1059,10 +1095,108 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
pemSz = wc_DerToPemEx(der, derSz,pemFormatted,FOURK_BUF, ,CERT_TYPE);
\endcode
\sa wolfSSL_PemCertToDer
\sa wc_PemCertToDer
*/
WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
word32 outputSz, byte *cipherIno, int type);
/*!
\ingroup CertsKeys
\brief Converts a key in PEM format to DER format.
\return int the function returns the number of bytes written to
the buffer on successful execution.
\return int negative int returned indicating an error.
\param pem a pointer to the PEM encoded certificate.
\param pemSz the size of the PEM buffer (pem)
\param buff a pointer to the copy of the buffer member of the
DerBuffer struct.
\param buffSz size of the buffer space allocated in the DerBuffer struct.
\param pass password passed into the function.
_Example_
\code
byte* loadBuf;
long fileSz = 0;
byte* bufSz;
static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
const char* keyFile,
int typeKey, const char* pasword);
bufSz = wc_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
(int)fileSz, password);
if(saveBufSz > 0){
// Bytes were written to the buffer.
}
\endcode
\sa wc_PemToDer
*/
WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*);
/*!
\ingroup CertsKeys
\brief This function converts a PEM formatted certificate to DER
format. Calls OpenSSL function PemToDer.
\return buffer returns the bytes written to the buffer.
\param pem pointer PEM formatted certificate.
\param pemSz size of the certificate.
\param buff buffer to be copied to DER format.
\param buffSz size of the buffer.
\param type Certificate file type found in asn_public.h enum CertType.
_Example_
\code
const unsigned char* pem;
int pemSz;
unsigned char buff[BUFSIZE];
int buffSz = sizeof(buff)/sizeof(char);
int type;
...
if(wc_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
// There were bytes written to buffer
}
\endcode
\sa wc_PemToDer
*/
WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
unsigned char*, int, int);
/*!
\ingroup CertsKeys
\brief Converts the PEM format to DER format.
\return int an int type representing the bytes written to buffer.
\param <0 returned for an error.
\param BAD_FUNC_ARG returned if the DER length is incorrect or if the
pem buff, or buffSz arguments are NULL.
_Example_
\code
unsigned char* pem = “pem file”;
int pemSz = sizeof(pem)/sizeof(char);
unsigned char* buff;
int buffSz;
...
if(wc_PubKeyPemToDer(pem, pemSz, buff, buffSz)!= SSL_SUCCESS){
// Conversion was not successful
}
\endcode
\sa wc_PubKeyPemToDer
\sa wc_PemPubKeyToDer
\sa wc_PemToDer
*/
WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
/*!
\ingroup ASN

128
doc/dox_comments/header_files/ssl.h
View File

@ -1366,38 +1366,7 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
\sa wolfSSL_use_certificate_chain_buffer
*/
WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
/*!
\ingroup openSSL
\brief Loads the PEM certificate from fileName and converts it into DER
format, placing the result into derBuffer which is of size derSz.
\return Success If successful the call will return the number of bytes
written to derBuffer.
\return SSL_BAD_FILE will be returned if the file doesnt exist, cant be
read, or is corrupted.
\return MEMORY_E will be returned if an out of memory condition occurs.
\return SSL_NO_PEM_HEADER will be returned if the PEM certificate header
cant be found.
\return BUFFER_E will be returned if a chain buffer is bigger than the
receiving buffer.
\param filename pointer to the name of the PEM-formatted certificate for
conversion.
\param derBuffer the buffer for which the converted PEM certificate will
be placed in DER format.
\param derSz size of derBuffer.
_Example_
\code
int derSz;
byte derBuf[...];
derSz = wolfSSL_PemCertToDer(“./cert.pem”, derBuf, sizeof(derBuf));
\endcode
\sa SSL_get_peer_certificate
*/
WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int);
/*!
\ingroup Setup
@ -7193,102 +7162,7 @@ WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
\sa wolfSSL_CTX_new
*/
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
/*!
\ingroup CertsKeys
\brief Converts a key in PEM format to DER format.
\return int the function returns the number of bytes written to
the buffer on successful execution.
\return int negative int returned indicating an error.
\param pem a pointer to the PEM encoded certificate.
\param pemSz the size of the PEM buffer (pem)
\param buff a pointer to the copy of the buffer member of the
DerBuffer struct.
\param buffSz size of the buffer space allocated in the DerBuffer struct.
\param pass password passed into the function.
_Example_
\code
byte* loadBuf;
long fileSz = 0;
byte* bufSz;
static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
const char* keyFile,
int typeKey, const char* pasword);
bufSz = wolfSSL_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
(int)fileSz, password);
if(saveBufSz > 0){
// Bytes were written to the buffer.
}
\endcode
\sa PemToDer
*/
WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*);
/*!
\ingroup CertsKeys
\brief This function converts a PEM formatted certificate to DER
format. Calls OpenSSL function PemToDer.
\return buffer returns the bytes written to the buffer.
\param pem pointer PEM formatted certificate.
\param pemSz size of the certificate.
\param buff buffer to be copied to DER format.
\param buffSz size of the buffer.
\param type Certificate file type found in asn_public.h enum CertType.
_Example_
\code
const unsigned char* pem;
int pemSz;
unsigned char buff[BUFSIZE];
int buffSz = sizeof(buff)/sizeof(char);
int type;
...
if(wolfSSL_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
// There were bytes written to buffer
}
\endcode
\sa PemToDer
*/
WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int,
unsigned char*, int, int);
/*!
\ingroup CertsKeys
\brief Converts the PEM format to DER format.
\return int an int type representing the bytes written to buffer.
\param <0 returned for an error.
\param BAD_FUNC_ARG returned if the DER length is incorrect or if the
pem buff, or buffSz arguments are NULL.
_Example_
\code
unsigned char* pem = “pem file”;
int pemSz = sizeof(pem)/sizeof(char);
unsigned char* buff;
int buffSz;
...
if(wolfSSL_PubKeyPemToDer(pem, pemSz, buff, buffSz)!= SSL_SUCCESS){
// Conversion was not successful
}
\endcode
\sa wolfSSL_PubKeyPemToDer
\sa wolfSSL_PemPubKeyToDer
\sa PemToDer
*/
WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
/*!
\brief Allows caller to set the Atomic User Record Processing
Mac/Encrypt Callback. The callback should return 0 for success

4
src/crl.c
View File

@ -442,6 +442,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
return BAD_FUNC_ARG;
if (type == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
if (ret == 0) {
myBuffer = der->buffer;
@ -452,6 +453,9 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
FreeDer(&der);
return -1;
}
#else
ret = NOT_COMPILED_IN;
#endif
}
#ifdef WOLFSSL_SMALL_STACK

2
src/sniffer.c
View File

@ -1189,7 +1189,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
ret = -1;
if (saveBuf != NULL) {
saveBufSz = wolfSSL_KeyPemToDer(loadBuf, (int)fileSz,
saveBufSz = wc_KeyPemToDer(loadBuf, (int)fileSz,
saveBuf, (int)fileSz, password);
if (saveBufSz < 0) {
saveBufSz = 0;

247
src/ssl.c
View File

@ -3040,47 +3040,6 @@ int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
/* Return bytes written to buff or < 0 for error */
int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
unsigned char* buff, int buffSz, int type)
{
int eccKey = 0;
int ret;
DerBuffer* der = NULL;
WOLFSSL_ENTER("wolfSSL_CertPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
WOLFSSL_MSG("Bad cert type");
return BAD_FUNC_ARG;
}
ret = PemToDer(pem, pemSz, type, &der, NULL, NULL, &eccKey);
if (ret < 0) {
WOLFSSL_MSG("Bad Pem To Der");
}
else {
if (der->length <= (word32)buffSz) {
XMEMCPY(buff, der->buffer, der->length);
ret = der->length;
}
else {
WOLFSSL_MSG("Bad der length");
ret = BAD_FUNC_ARG;
}
}
FreeDer(&der);
return ret;
}
#endif /* NO_CERTS */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
@ -3413,78 +3372,6 @@ void wolfSSL_EVP_init(void)
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */
#ifndef NO_CERTS
/* our KeyPemToDer password callback, password in userData */
static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
{
(void)rw;
if (userdata == NULL)
return 0;
XSTRNCPY(passwd, (char*)userdata, sz);
return min((word32)sz, (word32)XSTRLEN((char*)userdata));
}
/* Return bytes written to buff or < 0 for error */
int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz,
unsigned char* buff, int buffSz, const char* pass)
{
int eccKey = 0;
int ret;
DerBuffer* der = NULL;
#ifdef WOLFSSL_SMALL_STACK
EncryptedInfo* info = NULL;
#else
EncryptedInfo info[1];
#endif
WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_ENCRYPTEDINFO);
if (info == NULL)
return MEMORY_E;
#endif
XMEMSET(info, 0, sizeof(EncryptedInfo));
info->passwd_cb = OurPasswordCb;
info->passwd_userdata = (void*)pass;
ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
#endif
if (ret < 0) {
WOLFSSL_MSG("Bad Pem To Der");
}
else {
if (der->length <= (word32)buffSz) {
XMEMCPY(buff, der->buffer, der->length);
ret = der->length;
}
else {
WOLFSSL_MSG("Bad der length");
ret = BAD_FUNC_ARG;
}
}
FreeDer(&der);
return ret;
}
#endif /* !NO_CERTS */
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
@ -4385,14 +4272,17 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
WOLFSSL_MSG("Processing Cert Chain");
while (consumed < sz) {
int eccKey = 0;
DerBuffer* part = NULL;
word32 remain = (word32)(sz - consumed);
info->consumed = 0;
if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff + consumed, remain, type, &part,
heap, info, &eccKey);
heap, info, NULL);
#else
ret = NOT_COMPILED_IN;
#endif
}
else {
int length = remain;
@ -4532,9 +4422,14 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#endif
if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
#else
ret = NOT_COMPILED_IN;
#endif
}
else { /* ASN1 (DER) or RAW (NTRU) */
else {
/* ASN1 (DER) or RAW (NTRU) */
int length = (int)sz;
if (format == WOLFSSL_FILETYPE_ASN1) {
/* get length of der (read sequence) */
@ -4544,7 +4439,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
length += inOutIdx; /* include leading squence */
}
info->consumed = length;
if (ret == 0) {
ret = AllocDer(&der, (word32)length, type, heap);
if (ret == 0) {
@ -5303,6 +5200,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
#endif
if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL);
if (ret != 0) {
FreeDer(&der);
@ -5312,9 +5210,13 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
return ret;
}
InitDecodedCert(cert, der->buffer, der->length, cm->heap);
#else
ret = NOT_COMPILED_IN;
#endif
}
else
else {
InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
}
if (ret == 0)
ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
@ -6412,12 +6314,12 @@ static int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey)
{
WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
#ifdef WOLFSSL_PEM_TO_DER
unsigned char* mem;
int memSz;
int keySz;
WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8;
WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()");
if (bio == NULL) {
@ -6428,7 +6330,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
return NULL;
}
if ((keySz = wolfSSL_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) {
if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) {
WOLFSSL_MSG("Not PEM format");
keySz = memSz;
if ((keySz = ToTraditional((byte*)mem, (word32)keySz)) < 0) {
@ -6448,6 +6350,10 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
if (pkey != NULL) {
*pkey = pkcs8;
}
#else
(void)bio;
(void)pkey;
#endif /* WOLFSSL_PEM_TO_DER */
return pkcs8;
}
@ -7353,42 +7259,6 @@ int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
#endif /* NO_FILESYSTEM */
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
/* Return bytes written to buff or < 0 for error */
int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz,
unsigned char* buff, int buffSz)
{
int ret;
DerBuffer* der = NULL;
WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
if (ret < 0) {
WOLFSSL_MSG("Bad Pem To Der");
}
else {
if (der->length <= (word32)buffSz) {
XMEMCPY(buff, der->buffer, der->length);
ret = der->length;
}
else {
WOLFSSL_MSG("Bad der length");
ret = BAD_FUNC_ARG;
}
}
FreeDer(&der);
return ret;
}
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
@ -10735,17 +10605,21 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ret = WOLFSSL_BAD_FILETYPE;
else {
if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
FreeDer(&der);
ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
NULL, NULL);
#ifdef WOLFSSL_WPAS
#ifndef NO_DSA
#ifdef WOLFSSL_WPAS
#ifndef NO_DSA
if (ret < 0) {
ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap,
NULL, NULL);
}
#endif
#endif
#endif
#endif /* WOLFSSL_WPAS */
#else
ret = NOT_COMPILED_IN;
#endif /* WOLFSSL_PEM_TO_DER */
}
if (ret == 0) {
@ -14987,9 +14861,13 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, NULL, NULL) != 0) {
FreeDer(&der);
}
#else
ret = NOT_COMPILED_IN;
#endif
}
else {
ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL);
@ -17146,7 +17024,8 @@ int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
const char* file, long type)
{
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && \
(defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
int ret = WOLFSSL_FAILURE;
XFILE fp;
long sz;
@ -25038,7 +24917,8 @@ void *wolfSSL_OPENSSL_malloc(size_t a)
{
return XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL);
}
#if defined(WOLFSSL_KEY_GEN)
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
unsigned char* passwd, int passwdSz, byte **cipherInfo)
@ -25135,7 +25015,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_KEY_GEN */
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
/* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO
@ -25285,7 +25165,8 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
}
#endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
(defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
/* return code compliant with OpenSSL :
* 1 if success, 0 if error
@ -25441,7 +25322,8 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
return WOLFSSL_SUCCESS;
}
#endif /* NO_FILESYSTEM */
#endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
#endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA && WOLFSSL_PEM_TO_DER */
#ifdef HAVE_ECC
@ -26746,6 +26628,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
unsigned char* passwd, int passwdSz,
unsigned char **pem, int *plen)
{
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
byte *derBuf, *tmp, *cipherInfo = NULL;
int der_max_len = 0, derSz = 0;
const int type = ECC_PRIVATEKEY_TYPE;
@ -26850,6 +26733,15 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
return WOLFSSL_SUCCESS;
#else
(void)ecc;
(void)cipher;
(void)passwd;
(void)passwdSz;
(void)pem;
(void)plen;
return WOLFSSL_FAILURE;
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
}
#ifndef NO_FILESYSTEM
@ -26929,6 +26821,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
unsigned char* passwd, int passwdSz,
unsigned char **pem, int *plen)
{
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
byte *derBuf, *tmp, *cipherInfo = NULL;
int der_max_len = 0, derSz = 0;
const int type = DSA_PRIVATEKEY_TYPE;
@ -27033,6 +26926,15 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
return WOLFSSL_SUCCESS;
#else
(void)dsa;
(void)cipher;
(void)passwd;
(void)passwdSz;
(void)pem;
(void)plen;
return WOLFSSL_FAILURE;
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
}
#ifndef NO_FILESYSTEM
@ -27618,6 +27520,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
unsigned char* buf, int inLen, int* outLen)
{
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
const char* header = NULL;
const char* footer = NULL;
int headerLen;
@ -27671,6 +27574,14 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
*outLen += headerLen + footerLen;
return WOLFSSL_SUCCESS;
#else
(void)chain;
(void)idx;
(void)buf;
(void)inLen;
(void)outLen;
return WOLFSSL_FAILURE;
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
}
@ -28257,6 +28168,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
pem_password_cb *cb, void *u)
{
WOLFSSL_X509* x509 = NULL;
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
unsigned char* pem = NULL;
int pemSz;
long i = 0, l;
@ -28292,7 +28204,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#else
WOLFSSL_MSG("Unable to read file with NO_FILESYSTEM defined");
return NULL;
#endif
#endif /* !NO_FILESYSTEM */
}
else
return NULL;
@ -28336,6 +28248,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
(void)bp;
(void)x;
(void)cb;
(void)u;

4
tests/api.c
View File

@ -2926,11 +2926,11 @@ static void test_wolfSSL_PKCS8(void)
wolfSSL_CTX_free(ctx);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wolfSSL_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "yassl123"),
AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "yassl123"),
0);
/* test that error value is returned with a bad password */
AssertIntLT(wolfSSL_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "bad"), 0);
AssertIntLT(wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "bad"), 0);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */

296
wolfcrypt/src/asn.c
View File

@ -7083,6 +7083,63 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
}
int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
{
int ret = BAD_FUNC_ARG;
if (pDer) {
int dynType = 0;
DerBuffer* der;
/* Determine dynamic type */
switch (type) {
case CA_TYPE: dynType = DYNAMIC_TYPE_CA; break;
case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;
case CRL_TYPE: dynType = DYNAMIC_TYPE_CRL; break;
case DSA_TYPE: dynType = DYNAMIC_TYPE_DSA; break;
case ECC_TYPE: dynType = DYNAMIC_TYPE_ECC; break;
case RSA_TYPE: dynType = DYNAMIC_TYPE_RSA; break;
default: dynType = DYNAMIC_TYPE_KEY; break;
}
/* Setup new buffer */
*pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);
if (*pDer == NULL) {
return MEMORY_E;
}
XMEMSET(*pDer, 0, sizeof(DerBuffer) + length);
der = *pDer;
der->type = type;
der->dynType = dynType; /* Cache this for FreeDer */
der->heap = heap;
der->buffer = (byte*)der + sizeof(DerBuffer);
der->length = length;
ret = 0; /* Success */
}
return ret;
}
void FreeDer(DerBuffer** pDer)
{
if (pDer && *pDer)
{
DerBuffer* der = (DerBuffer*)*pDer;
/* ForceZero private keys */
if (der->type == PRIVATEKEY_TYPE) {
ForceZero(der->buffer, der->length);
}
der->buffer = NULL;
der->length = 0;
XFREE(der, der->heap, der->dynType);
*pDer = NULL;
}
}
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
/* Max X509 header length indicates the max length + 2 ('\n', '\0') */
#define MAX_X509_HEADER_SZ (37 + 2)
@ -7209,6 +7266,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
static const char* const kProcTypeHeader = "Proc-Type";
static const char* const kDecInfoHeader = "DEK-Info";
#ifdef WOLFSSL_PEM_TO_DER
#ifndef NO_DES3
static const char* const kEncTypeDes = "DES-CBC";
static const char* const kEncTypeDes3 = "DES-EDE3-CBC";
@ -7372,6 +7430,7 @@ static int wc_EncryptedInfoParse(EncryptedInfo* info,
return err;
}
#endif /* WOLFSSL_PEM_TO_DER */
#ifdef WOLFSSL_DER_TO_PEM
static int wc_EncryptedInfoAppend(char* dest, char* cipherInfo)
@ -7536,59 +7595,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
#endif /* WOLFSSL_DER_TO_PEM */
int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
{
int ret = BAD_FUNC_ARG;
if (pDer) {
int dynType = 0;
DerBuffer* der;
/* Determine dynamic type */
switch (type) {
case CA_TYPE: dynType = DYNAMIC_TYPE_CA; break;
case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;
case CRL_TYPE: dynType = DYNAMIC_TYPE_CRL; break;
case DSA_TYPE: dynType = DYNAMIC_TYPE_DSA; break;
case ECC_TYPE: dynType = DYNAMIC_TYPE_ECC; break;
case RSA_TYPE: dynType = DYNAMIC_TYPE_RSA; break;
default: dynType = DYNAMIC_TYPE_KEY; break;
}
/* Setup new buffer */
*pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);
if (*pDer == NULL) {
return MEMORY_E;
}
XMEMSET(*pDer, 0, sizeof(DerBuffer) + length);
der = *pDer;
der->type = type;
der->dynType = dynType; /* Cache this for FreeDer */
der->heap = heap;
der->buffer = (byte*)der + sizeof(DerBuffer);
der->length = length;
ret = 0; /* Success */
}
return ret;
}
void FreeDer(DerBuffer** pDer)
{
if (pDer && *pDer)
{
DerBuffer* der = (DerBuffer*)*pDer;
/* ForceZero private keys */
if (der->type == PRIVATEKEY_TYPE) {
ForceZero(der->buffer, der->length);
}
der->buffer = NULL;
der->length = 0;
XFREE(der, der->heap, der->dynType);
*pDer = NULL;
}
}
#ifdef WOLFSSL_PEM_TO_DER
/* Remove PEM header/footer, convert to ASN1, store any encrypted data
info->consumed tracks of PEM bytes consumed in case multiple parts */
@ -7804,11 +7811,160 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type,
}
#ifndef NO_FILESYSTEM
#ifdef WOLFSSL_CERT_GEN
/* our KeyPemToDer password callback, password in userData */
static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
{
(void)rw;
if (userdata == NULL)
return 0;
XSTRNCPY(passwd, (char*)userdata, sz);
return min((word32)sz, (word32)XSTRLEN((char*)userdata));
}
/* Return bytes written to buff or < 0 for error */
int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
unsigned char* buff, int buffSz, const char* pass)
{
int eccKey = 0;
int ret;
DerBuffer* der = NULL;
#ifdef WOLFSSL_SMALL_STACK
EncryptedInfo* info = NULL;
#else
EncryptedInfo info[1];
#endif
WOLFSSL_ENTER("wc_KeyPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_ENCRYPTEDINFO);
if (info == NULL)
return MEMORY_E;
#endif
XMEMSET(info, 0, sizeof(EncryptedInfo));
info->passwd_cb = OurPasswordCb;
info->passwd_userdata = (void*)pass;
ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
#endif
if (ret < 0) {
WOLFSSL_MSG("Bad Pem To Der");
}
else {
if (der->length <= (word32)buffSz) {
XMEMCPY(buff, der->buffer, der->length);
ret = der->length;
}
else {
WOLFSSL_MSG("Bad der length");
ret = BAD_FUNC_ARG;
}
}
FreeDer(&der);
return ret;
}
/* Return bytes written to buff or < 0 for error */
int wc_CertPemToDer(const unsigned char* pem, int pemSz,
unsigned char* buff, int buffSz, int type)
{
int eccKey = 0;
int ret;
DerBuffer* der = NULL;
WOLFSSL_ENTER("wc_CertPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
WOLFSSL_MSG("Bad cert type");
return BAD_FUNC_ARG;
}
ret = PemToDer(pem, pemSz, type, &der, NULL, NULL, &eccKey);
if (ret < 0) {
WOLFSSL_MSG("Bad Pem To Der");
}
else {
if (der->length <= (word32)buffSz) {
XMEMCPY(buff, der->buffer, der->length);
ret = der->length;
}
else {
WOLFSSL_MSG("Bad der length");
ret = BAD_FUNC_ARG;
}
}
FreeDer(&der);
return ret;
}
#endif /* WOLFSSL_PEM_TO_DER */
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
#ifndef NO_FILESYSTEM
#ifdef WOLFSSL_PEM_TO_DER
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
/* Return bytes written to buff or < 0 for error */
int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
unsigned char* buff, int buffSz)
{
int ret;
DerBuffer* der = NULL;
WOLFSSL_ENTER("wc_PubKeyPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
if (ret < 0) {
WOLFSSL_MSG("Bad Pem To Der");
}
else {
if (der->length <= (word32)buffSz) {
XMEMCPY(buff, der->buffer, der->length);
ret = der->length;
}
else {
WOLFSSL_MSG("Bad der length");
ret = BAD_FUNC_ARG;
}
}
FreeDer(&der);
return ret;
}
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
#endif /* WOLFSSL_PEM_TO_DER */
#ifdef WOLFSSL_CERT_GEN
/* load pem cert from file into der buffer, return der size or error */
int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
{
#ifdef WOLFSSL_SMALL_STACK
byte staticBuffer[1]; /* force XMALLOC */
@ -7822,7 +7978,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
XFILE file = XFOPEN(fileName, "rb");
DerBuffer* converted = NULL;
WOLFSSL_ENTER("wolfSSL_PemCertToDer");
WOLFSSL_ENTER("wc_PemCertToDer");
if (file == XBADFILE) {
ret = BUFFER_E;
@ -7851,9 +8007,11 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {
ret = BUFFER_E;
}
#ifdef WOLFSSL_PEM_TO_DER
else {
ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, NULL,NULL);
}
#endif
if (ret == 0) {
if (converted->length < (word32)derSz) {
@ -7874,12 +8032,11 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
return ret;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
/* load pem public key from file into der buffer, return der size or error */
int wolfSSL_PemPubKeyToDer(const char* fileName,
int wc_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz)
{
#ifdef WOLFSSL_SMALL_STACK
@ -7894,7 +8051,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
XFILE file = XFOPEN(fileName, "rb");
DerBuffer* converted = NULL;
WOLFSSL_ENTER("wolfSSL_PemPubKeyToDer");
WOLFSSL_ENTER("wc_PemPubKeyToDer");
if (file == XBADFILE) {
ret = BUFFER_E;
@ -7919,11 +8076,15 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
dynamic = 1;
}
if (ret == 0) {
if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz)
if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {
ret = BUFFER_E;
else
}
#ifdef WOLFSSL_PEM_TO_DER
else {
ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,
0, NULL, NULL);
}
#endif
if (ret == 0) {
if (converted->length < (word32)derSz) {
@ -7945,6 +8106,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
return ret;
}
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
#endif /* !NO_FILESYSTEM */
@ -10714,7 +10876,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
return MEMORY_E;
}
derSz = wolfSSL_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ);
derSz = wc_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ);
if (derSz <= 0)
{
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
@ -10876,7 +11038,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
return MEMORY_E;
}
derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF);
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
if (derSz <= 0)
{
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
@ -11300,7 +11462,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile)
WOLFSSL_MSG("wc_SetIssuer OOF Problem");
return MEMORY_E;
}
derSz = wolfSSL_PemCertToDer(issuerFile, der, EIGHTK_BUF);
derSz = wc_PemCertToDer(issuerFile, der, EIGHTK_BUF);
cert->selfSigned = 0;
ret = SetNameFromCert(&cert->issuer, der, derSz);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
@ -11320,7 +11482,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile)
WOLFSSL_MSG("wc_SetSubject OOF Problem");
return MEMORY_E;
}
derSz = wolfSSL_PemCertToDer(subjectFile, der, EIGHTK_BUF);
derSz = wc_PemCertToDer(subjectFile, der, EIGHTK_BUF);
ret = SetNameFromCert(&cert->subject, der, derSz);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
@ -11341,7 +11503,7 @@ int wc_SetAltNames(Cert* cert, const char* file)
WOLFSSL_MSG("wc_SetAltNames OOF Problem");
return MEMORY_E;
}
derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF);
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
ret = SetAltNamesFromCert(cert, der, derSz);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);

4
wolfcrypt/test/test.c
View File

@ -1042,12 +1042,12 @@ static int _SaveDerAndPem(const byte* der, int derSz,
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
FILE* pemFile;
#endif
#ifdef WOLFSSL_DER_TO_PEM
pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
if (pemSz < 0) {
return errBase + 2;
}
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
pemFile = fopen(filePem, "wb");
if (!pemFile) {

12
wolfssl/ssl.h
View File

@ -1702,10 +1702,14 @@ WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*);
WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int,
unsigned char*, int, int);
/* moved to asn.c, old names kept for backwards compatability */
#define wolfSSL_KeyPemToDer wc_KeyPemToDer
#define wolfSSL_CertPemToDer wc_CertPemToDer
#define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer
#define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer
#define wolfSSL_PemCertToDer wc_PemCertToDer
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
typedef void (*CbMissingCRL)(const char* url);

2
wolfssl/test.h
View File

@ -1323,7 +1323,7 @@ static INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
return MEMORY_E;
}
ret = wolfSSL_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
if (ret < 0) {
free(buf);
free(*derBuf);

44
wolfssl/wolfcrypt/asn_public.h
View File

@ -340,16 +340,40 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
#endif /* WOLFSSL_CERT_GEN */
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header,
const char** footer);
#endif
#ifdef WOLFSSL_PEM_TO_DER
WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*);
WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
unsigned char*, int, int);
#endif /* WOLFSSL_PEM_TO_DER */
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz);
WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz);
#endif
WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
#ifdef WOLFSSL_CERT_GEN
#ifndef NO_FILESYSTEM
WOLFSSL_API int wc_PemCertToDer(const char* fileName,
unsigned char* derBuf, int derSz);
#endif
#endif /* WOLFSSL_CERT_GEN */
#ifdef WOLFSSL_DER_TO_PEM
WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
word32 outputSz, int type);
@ -357,18 +381,6 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
word32 outputSz, byte *cipherIno, int type);
#endif
WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header,
const char** footer);
WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
#ifdef WOLFSSL_CERT_GEN
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_PemCertToDer(const char* fileName,
unsigned char* derBuf, int derSz);
#endif
#endif /* WOLFSSL_CERT_GEN */
#ifdef HAVE_ECC
/* private key helpers */
WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,

7
wolfssl/wolfcrypt/settings.h
View File

@ -1666,6 +1666,13 @@ extern void uITRON4_free(void *p) ;
#endif
#endif
/* support for disabling PEM to DER */
#if !defined(WOLFSSL_NO_PEM)
#undef WOLFSSL_PEM_TO_DER
#define WOLFSSL_PEM_TO_DER
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif