|
@@ -1520,41 +1520,82 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
|
|
|
#endif /* HAVE_USER_RSA */
|
|
|
#endif /* NO_RSA */
|
|
|
|
|
|
-/* Remove PKCS8 header, move beginning of traditional to beginning of input */
|
|
|
-int ToTraditional(byte* input, word32 sz)
|
|
|
+/* Remove PKCS8 header, place inOutIdx at beginning of traditional,
|
|
|
+ * return traditional length on success, negative on error */
|
|
|
+int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz)
|
|
|
{
|
|
|
- word32 inOutIdx = 0, oid;
|
|
|
+ word32 idx, oid;
|
|
|
int version, length;
|
|
|
|
|
|
- if (GetSequence(input, &inOutIdx, &length, sz) < 0)
|
|
|
+ if (input == NULL || inOutIdx == NULL)
|
|
|
+ return BAD_FUNC_ARG;
|
|
|
+
|
|
|
+ idx = *inOutIdx;
|
|
|
+
|
|
|
+ if (GetSequence(input, &idx, &length, sz) < 0)
|
|
|
return ASN_PARSE_E;
|
|
|
|
|
|
- if (GetMyVersion(input, &inOutIdx, &version, sz) < 0)
|
|
|
+ if (GetMyVersion(input, &idx, &version, sz) < 0)
|
|
|
return ASN_PARSE_E;
|
|
|
|
|
|
- if (GetAlgoId(input, &inOutIdx, &oid, oidKeyType, sz) < 0)
|
|
|
+ if (GetAlgoId(input, &idx, &oid, oidKeyType, sz) < 0)
|
|
|
return ASN_PARSE_E;
|
|
|
|
|
|
- if (input[inOutIdx] == ASN_OBJECT_ID) {
|
|
|
+ if (input[idx] == ASN_OBJECT_ID) {
|
|
|
/* pkcs8 ecc uses slightly different format */
|
|
|
- inOutIdx++; /* past id */
|
|
|
- if (GetLength(input, &inOutIdx, &length, sz) < 0)
|
|
|
+ idx++; /* past id */
|
|
|
+ if (GetLength(input, &idx, &length, sz) < 0)
|
|
|
return ASN_PARSE_E;
|
|
|
- inOutIdx += length; /* over sub id, key input will verify */
|
|
|
+ idx += length; /* over sub id, key input will verify */
|
|
|
}
|
|
|
|
|
|
- if (input[inOutIdx++] != ASN_OCTET_STRING)
|
|
|
+ if (input[idx++] != ASN_OCTET_STRING)
|
|
|
return ASN_PARSE_E;
|
|
|
|
|
|
- if (GetLength(input, &inOutIdx, &length, sz) < 0)
|
|
|
+ if (GetLength(input, &idx, &length, sz) < 0)
|
|
|
return ASN_PARSE_E;
|
|
|
|
|
|
+ *inOutIdx = idx;
|
|
|
+
|
|
|
+ return length;
|
|
|
+}
|
|
|
+
|
|
|
+/* Remove PKCS8 header, move beginning of traditional to beginning of input */
|
|
|
+int ToTraditional(byte* input, word32 sz)
|
|
|
+{
|
|
|
+ word32 inOutIdx = 0;
|
|
|
+ int length;
|
|
|
+
|
|
|
+ if (input == NULL)
|
|
|
+ return BAD_FUNC_ARG;
|
|
|
+
|
|
|
+ length = ToTraditionalInline(input, &inOutIdx, sz);
|
|
|
+ if (length < 0)
|
|
|
+ return length;
|
|
|
+
|
|
|
XMEMMOVE(input, input + inOutIdx, length);
|
|
|
|
|
|
return length;
|
|
|
}
|
|
|
|
|
|
|
|
|
+/* find beginning of traditional key inside PKCS#8 unencrypted buffer
|
|
|
+ * return traditional length on success, with inOutIdx at beginning of
|
|
|
+ * traditional
|
|
|
+ * return negative on failure/error */
|
|
|
+int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz)
|
|
|
+{
|
|
|
+ int length;
|
|
|
+
|
|
|
+ if (input == NULL || inOutIdx == NULL || (*inOutIdx > sz))
|
|
|
+ return BAD_FUNC_ARG;
|
|
|
+
|
|
|
+ length = ToTraditionalInline(input, inOutIdx, sz);
|
|
|
+
|
|
|
+ return length;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
/* check that the private key is a pair for the public key in certificate
|
|
|
* return 1 (true) on match
|
|
|
* return 0 or negative value on failure/error
|