Merge pull request #1331 from JacobBarthelmeh/Compatibility-Layer

add comments and better error checking for PKCS8 strip
2025-08-01 19:54:40 +02:00 · 2018-02-02 10:50:29 -08:00
parent c66ebb6748 1428934ad5
commit d63373066b
3 changed files with 24 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7132,6 +7132,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out,
 {
    WOLFSSL_EVP_PKEY* local;
    word32 idx = 0;
+    int    ret;

    WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey");

@@ -7140,9 +7141,18 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out,
        return NULL;
    }

-    if (ToTraditionalInline((const byte*)(*in), &idx, (word32)inSz) > 0) {
+    /* Check if input buffer has PKCS8 header. In the case that it does not
+     * have a PKCS8 header then do not error out. */
+    if ((ret = ToTraditionalInline((const byte*)(*in), &idx, (word32)inSz))
+            > 0) {
        WOLFSSL_MSG("Found and removed PKCS8 header");
    }
+    else {
+        if (ret != ASN_PARSE_E) {
+            WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
+            return NULL;
+        }
+    }

    if (out != NULL && *out != NULL) {
        wolfSSL_EVP_PKEY_free(*out);
--- a/tests/api.c
+++ b/tests/api.c
@@ -13808,6 +13808,8 @@ static void test_wolfSSL_private_keys(void)
 #ifdef USE_CERT_BUFFERS_2048
    {
    const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
+    unsigned char buf[FOURK_BUF];
+    word32 bufSz;

    AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
                (unsigned char*)client_key_der_2048,
@@ -13838,6 +13840,15 @@ static void test_wolfSSL_private_keys(void)
    AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
                &server_key, (long)sizeof_server_key_der_2048));
    AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
+
+    /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
+    bufSz = FOURK_BUF;
+    AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
+                    (byte*)server_key_der_2048, sizeof_server_key_der_2048,
+                    RSAk, NULL, 0)), 0);
+    server_key = (const unsigned char*)buf;
+    AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
+                (long)bufSz));
    }
 #endif

--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -9117,7 +9117,8 @@ int rsa_test(void)
        int         certSz;
        size_t      bytes3;
        word32      idx3 = 0;
-    #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
+    #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
+        || !defined(USE_CERT_BUFFERS_256)
        FILE*       file3;
    #endif
    #ifdef WOLFSSL_TEST_CERT