luna - wolfssl/wolfcrypt/src/evp

   1/* evp_pk.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
  23
  24#if !defined(WOLFSSL_EVP_PK_INCLUDED)
  25    #ifndef WOLFSSL_IGNORE_FILE_WARN
  26        #warning evp_pk.c does not need to be compiled separately from ssl.c
  27    #endif
  28#elif defined(WOLFCRYPT_ONLY)
  29#else
  30
  31/*******************************************************************************
  32 * START OF d2i APIs
  33 ******************************************************************************/
  34
  35#ifndef NO_CERTS
  36
  37#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  38/**
  39 * Make an EVP PKEY and put data and type in.
  40 *
  41 * @param [in, out] out    On in, an EVP PKEY or NULL.
  42 *                         On out, an EVP PKEY or NULL.
  43 * @param [in]      mem    Memory containing key data.
  44 * @param [in]      memSz  Size of key data in bytes.
  45 * @param [in]      priv   1 means private key, 0 means public key.
  46 * @param [in]      type   The type of public/private key.
  47 * @return  1 on success.
  48 * @return  0 otherwise.
  49 */
  50static int d2i_make_pkey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
  51    word32 memSz, int priv, int type)
  52{
  53    WOLFSSL_EVP_PKEY* pkey;
  54    int ret = 1;
  55
  56    /* Get or create the EVP PKEY object. */
  57    if (*out != NULL) {
  58        pkey = *out;
  59    }
  60    else {
  61        pkey = wolfSSL_EVP_PKEY_new();
  62        if (pkey == NULL) {
  63            WOLFSSL_MSG("wolfSSL_EVP_PKEY_new error");
  64            return 0;
  65        }
  66    }
  67
  68    /* Set the size and allocate memory for key data to be copied into. */
  69    pkey->pkey_sz = (int)memSz;
  70    if (memSz > 0) {
  71        pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
  72            priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY);
  73        if (pkey->pkey.ptr == NULL) {
  74            ret = 0;
  75        }
  76        if (ret == 1) {
  77            /* Copy in key data. */
  78            XMEMCPY(pkey->pkey.ptr, mem, memSz);
  79        }
  80    }
  81    if (ret == 1) {
  82        /* Set key type passed in and return object. */
  83        pkey->type = type;
  84        *out = pkey;
  85    }
  86    if ((ret == 0) && (*out == NULL)) {
  87        /* Dispose of object allocated in this function. */
  88        wolfSSL_EVP_PKEY_free(pkey);
  89    }
  90
  91    return ret;
  92}
  93
  94#if !defined(NO_RSA)
  95/**
  96 * Try to make an RSA EVP PKEY from data.
  97 *
  98 * @param [in, out] out    On in, an EVP PKEY or NULL.
  99 *                         On out, an EVP PKEY or NULL.
 100 * @param [in]      mem    Memory containing key data.
 101 * @param [in]      memSz  Size of key data in bytes.
 102 * @param [in]      priv   1 means private key, 0 means public key.
 103 * @return  1 on success.
 104 * @return  0 when input was recognized as this key type but
 105 *            object creation/import failed.
 106 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 107 */
 108static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 109    long memSz, int priv)
 110{
 111    WOLFSSL_RSA* rsaObj = NULL;
 112    word32 keyIdx = 0;
 113    int isRsaKey;
 114    int ret = 1;
 115    WC_DECLARE_VAR(rsa, RsaKey, 1, NULL);
 116
 117    WC_ALLOC_VAR_EX(rsa, RsaKey, 1, NULL, DYNAMIC_TYPE_RSA, return 0);
 118
 119    XMEMSET(rsa, 0, sizeof(RsaKey));
 120
 121    if (wc_InitRsaKey(rsa, NULL) != 0) {
 122        WC_FREE_VAR_EX(rsa, NULL, DYNAMIC_TYPE_RSA);
 123        return 0;
 124    }
 125    /* Try decoding data as an RSA private/public key. */
 126    if (priv) {
 127        isRsaKey =
 128            (wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0);
 129    }
 130    else {
 131        isRsaKey =
 132            (wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0);
 133    }
 134    wc_FreeRsaKey(rsa);
 135    WC_FREE_VAR_EX(rsa, NULL, DYNAMIC_TYPE_RSA);
 136
 137    if (!isRsaKey) {
 138        return WOLFSSL_FATAL_ERROR;
 139    }
 140
 141    /* Create RSA key object from data. */
 142    rsaObj = wolfssl_rsa_d2i(NULL, mem, keyIdx,
 143        priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC);
 144    if (rsaObj == NULL) {
 145        ret = 0;
 146    }
 147    if (ret == 1) {
 148        /* Create an EVP PKEY object. */
 149        ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_RSA);
 150    }
 151    if (ret == 1) {
 152        /* Put RSA key object into EVP PKEY object. */
 153        (*out)->ownRsa = 1;
 154        (*out)->rsa = rsaObj;
 155    }
 156    if (ret == 0) {
 157        wolfSSL_RSA_free(rsaObj);
 158    }
 159
 160    return ret;
 161}
 162#endif /* !NO_RSA */
 163
 164#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
 165/**
 166 * Try to make an ECC EVP PKEY from data.
 167 *
 168 * @param [in, out] out    On in, an EVP PKEY or NULL.
 169 *                         On out, an EVP PKEY or NULL.
 170 * @param [in]      mem    Memory containing key data.
 171 * @param [in]      memSz  Size of key data in bytes.
 172 * @param [in]      priv   1 means private key, 0 means public key.
 173 * @return  1 on success.
 174 * @return  0 when input was recognized as this key type but
 175 *            object creation/import failed.
 176 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 177 */
 178static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 179    long memSz, int priv)
 180{
 181    WOLFSSL_EC_KEY* ec = NULL;
 182    word32  keyIdx = 0;
 183    int     isEccKey;
 184    int     ret = 1;
 185    WC_DECLARE_VAR(ecc, ecc_key, 1, NULL);
 186
 187    WC_ALLOC_VAR_EX(ecc, ecc_key, 1, NULL, DYNAMIC_TYPE_ECC, return 0);
 188
 189    XMEMSET(ecc, 0, sizeof(ecc_key));
 190
 191    if (wc_ecc_init(ecc) != 0) {
 192        WC_FREE_VAR_EX(ecc, NULL, DYNAMIC_TYPE_ECC);
 193        return 0;
 194    }
 195
 196    /* Try decoding data as an ECC private/public key. */
 197    if (priv) {
 198        isEccKey =
 199            (wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0);
 200    }
 201    else {
 202        isEccKey =
 203            (wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0);
 204    }
 205    wc_ecc_free(ecc);
 206    WC_FREE_VAR_EX(ecc, NULL, DYNAMIC_TYPE_ECC);
 207
 208    if (!isEccKey) {
 209        return WOLFSSL_FATAL_ERROR;
 210    }
 211
 212    /* Create EC key object from data. */
 213    ec = wolfSSL_EC_KEY_new();
 214    if (ec == NULL) {
 215        ret = 0;
 216    }
 217    if ((ret == 1) && (wolfSSL_EC_KEY_LoadDer_ex(ec, mem, keyIdx,
 218            priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) {
 219        ret = 0;
 220    }
 221    if (ret == 1) {
 222        /* Create an EVP PKEY object. */
 223        ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_EC);
 224    }
 225    if (ret == 1) {
 226        /* Put RSA key object into EVP PKEY object. */
 227        (*out)->ownEcc = 1;
 228        (*out)->ecc = ec;
 229    }
 230    if (ret == 0) {
 231        wolfSSL_EC_KEY_free(ec);
 232    }
 233
 234    return ret;
 235}
 236#endif /* HAVE_ECC && OPENSSL_EXTRA */
 237
 238#ifdef HAVE_ED25519
 239/**
 240 * Try to make an Ed25519 EVP PKEY from data.
 241 *
 242 * @param [in, out] out    On in, an EVP PKEY or NULL.
 243 *                         On out, an EVP PKEY or NULL.
 244 * @param [in]      mem    Memory containing key data.
 245 * @param [in]      memSz  Size of key data in bytes.
 246 * @param [in]      priv   1 means private key, 0 means public key.
 247 * @return  1 on success.
 248 * @return  0 when input was recognized as this key type but object
 249 *            creation/import failed.
 250 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 251 */
 252static int d2iTryEd25519Key(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 253    long memSz, int priv)
 254{
 255    ed25519_key* edKey = NULL;
 256    word32 keyIdx = 0;
 257    int isEdKey;
 258    int ret = 1;
 259    void* heap = NULL;
 260
 261    if (*out != NULL) {
 262        heap = (*out)->heap;
 263    }
 264
 265    edKey = wolfSSL_ED25519_new(heap, INVALID_DEVID);
 266    if (edKey == NULL) {
 267        return 0;
 268    }
 269
 270    /* Decode data as an Ed25519 key in DER form (SubjectPublicKeyInfo for
 271     * public keys, PKCS#8 PrivateKeyInfo for private keys). */
 272    if (priv) {
 273        isEdKey = (wc_Ed25519PrivateKeyDecode(mem, &keyIdx, edKey,
 274            (word32)memSz) == 0);
 275    }
 276    else {
 277        isEdKey = (wc_Ed25519PublicKeyDecode(mem, &keyIdx, edKey,
 278            (word32)memSz) == 0);
 279    }
 280
 281    if (!isEdKey) {
 282        wolfSSL_ED25519_free(edKey);
 283        return WOLFSSL_FATAL_ERROR;
 284    }
 285
 286    /* Create an EVP PKEY object holding the input DER bytes. If the caller
 287     * already populated the EVP PKEY with the input bytes (pkey.ptr set),
 288     * skip the allocate/copy. */
 289    if (*out == NULL || (*out)->pkey.ptr == NULL) {
 290        ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_ED25519);
 291    }
 292    if (ret == 1) {
 293        (*out)->ownEd25519 = 1;
 294        (*out)->ed25519 = edKey;
 295    }
 296    else {
 297        wolfSSL_ED25519_free(edKey);
 298    }
 299
 300    return ret;
 301}
 302#endif /* HAVE_ED25519 */
 303
 304#ifdef HAVE_ED448
 305/**
 306 * Try to make an Ed448 EVP PKEY from data.
 307 *
 308 * @param [in, out] out    On in, an EVP PKEY or NULL.
 309 *                         On out, an EVP PKEY or NULL.
 310 * @param [in]      mem    Memory containing key data.
 311 * @param [in]      memSz  Size of key data in bytes.
 312 * @param [in]      priv   1 means private key, 0 means public key.
 313 * @return  1 on success.
 314 * @return  0 when input was recognized as this key type but object
 315 *            creation/import failed.
 316 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 317 */
 318static int d2iTryEd448Key(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 319    long memSz, int priv)
 320{
 321    ed448_key* edKey = NULL;
 322    word32 keyIdx = 0;
 323    int isEdKey;
 324    int ret = 1;
 325    void* heap = NULL;
 326
 327    if (*out != NULL) {
 328        heap = (*out)->heap;
 329    }
 330
 331    edKey = wolfSSL_ED448_new(heap, INVALID_DEVID);
 332    if (edKey == NULL) {
 333        return 0;
 334    }
 335
 336    /* Decode data as an Ed448 key in DER form (SubjectPublicKeyInfo for
 337     * public keys, PKCS#8 PrivateKeyInfo for private keys). */
 338    if (priv) {
 339        isEdKey = (wc_Ed448PrivateKeyDecode(mem, &keyIdx, edKey,
 340            (word32)memSz) == 0);
 341    }
 342    else {
 343        isEdKey = (wc_Ed448PublicKeyDecode(mem, &keyIdx, edKey,
 344            (word32)memSz) == 0);
 345    }
 346
 347    if (!isEdKey) {
 348        wolfSSL_ED448_free(edKey);
 349        return WOLFSSL_FATAL_ERROR;
 350    }
 351
 352    /* Create an EVP PKEY object holding the input DER bytes. If the caller
 353     * already populated the EVP PKEY with the input bytes (pkey.ptr set),
 354     * skip the allocate/copy. */
 355    if (*out == NULL || (*out)->pkey.ptr == NULL) {
 356        ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_ED448);
 357    }
 358    if (ret == 1) {
 359        (*out)->ownEd448 = 1;
 360        (*out)->ed448 = edKey;
 361    }
 362    else {
 363        wolfSSL_ED448_free(edKey);
 364    }
 365
 366    return ret;
 367}
 368#endif /* HAVE_ED448 */
 369
 370/* Create a new EVP_PKEY from raw Ed25519 or Ed448 key material.
 371 *
 372 * Used for for callers who already have the raw key bytes and shouldn't need
 373 * to rewrap them in an SPKI just to decode.
 374 *
 375 * @param [in] type  WC_EVP_PKEY_ED25519 or WC_EVP_PKEY_ED448.
 376 * @param [in] e     Engine. Ignored; accepted for OpenSSL API parity.
 377 * @param [in] pub   Raw public key bytes.
 378 * @param [in] len   Length of pub. Must match the curve's public key size
 379 *                   (ED25519_PUB_KEY_SIZE or ED448_PUB_KEY_SIZE).
 380 * @return  WOLFSSL_EVP_PKEY on success, NULL on failure.
 381 */
 382WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_public_key(int type,
 383    WOLFSSL_ENGINE* e, const unsigned char* pub, size_t len)
 384{
 385    WOLFSSL_EVP_PKEY* pkey;
 386    int ok = 0;
 387
 388    (void)e;
 389    WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_raw_public_key");
 390
 391    if (pub == NULL || len == 0) {
 392        return NULL;
 393    }
 394
 395    pkey = wolfSSL_EVP_PKEY_new();
 396    if (pkey == NULL) {
 397        return NULL;
 398    }
 399
 400    switch (type) {
 401    #ifdef HAVE_ED25519
 402        case WC_EVP_PKEY_ED25519: {
 403            ed25519_key* edKey;
 404            if (len != ED25519_PUB_KEY_SIZE) {
 405                break;
 406            }
 407            edKey = wolfSSL_ED25519_new(pkey->heap, INVALID_DEVID);
 408            if (edKey == NULL) {
 409                break;
 410            }
 411            if (wc_ed25519_import_public(pub, (word32)len, edKey) != 0) {
 412                wolfSSL_ED25519_free(edKey);
 413                break;
 414            }
 415            pkey->type       = WC_EVP_PKEY_ED25519;
 416            pkey->ed25519    = edKey;
 417            pkey->ownEd25519 = 1;
 418            ok = 1;
 419            break;
 420        }
 421    #endif
 422    #ifdef HAVE_ED448
 423        case WC_EVP_PKEY_ED448: {
 424            ed448_key* edKey;
 425            if (len != ED448_PUB_KEY_SIZE) {
 426                break;
 427            }
 428            edKey = wolfSSL_ED448_new(pkey->heap, INVALID_DEVID);
 429            if (edKey == NULL) {
 430                break;
 431            }
 432            if (wc_ed448_import_public(pub, (word32)len, edKey) != 0) {
 433                wolfSSL_ED448_free(edKey);
 434                break;
 435            }
 436            pkey->type     = WC_EVP_PKEY_ED448;
 437            pkey->ed448    = edKey;
 438            pkey->ownEd448 = 1;
 439            ok = 1;
 440            break;
 441        }
 442    #endif
 443        default:
 444            break;
 445    }
 446
 447    if (!ok) {
 448        wolfSSL_EVP_PKEY_free(pkey);
 449        return NULL;
 450    }
 451
 452    /* Stash the raw bytes so callers that later serialize the EVP_PKEY see
 453     * consistent state. */
 454    pkey->pkey.ptr = (char*)XMALLOC(len, pkey->heap, DYNAMIC_TYPE_PUBLIC_KEY);
 455    if (pkey->pkey.ptr == NULL) {
 456        wolfSSL_EVP_PKEY_free(pkey);
 457        return NULL;
 458    }
 459    XMEMCPY(pkey->pkey.ptr, pub, len);
 460    pkey->pkey_sz = (int)len;
 461
 462    return pkey;
 463}
 464
 465/* Private-key counterpart to wolfSSL_EVP_PKEY_new_raw_public_key. The raw
 466 * input is the 32-byte seed (Ed25519) or 57-byte seed (Ed448).
 467 */
 468WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_private_key(int type,
 469    WOLFSSL_ENGINE* e, const unsigned char* priv, size_t len)
 470{
 471    WOLFSSL_EVP_PKEY* pkey;
 472    int ok = 0;
 473
 474    (void)e;
 475    WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_raw_private_key");
 476
 477    if (priv == NULL || len == 0) {
 478        return NULL;
 479    }
 480
 481    pkey = wolfSSL_EVP_PKEY_new();
 482    if (pkey == NULL) {
 483        return NULL;
 484    }
 485
 486    switch (type) {
 487    #ifdef HAVE_ED25519
 488        case WC_EVP_PKEY_ED25519: {
 489            ed25519_key* edKey;
 490            if (len != ED25519_KEY_SIZE) {
 491                break;
 492            }
 493            edKey = wolfSSL_ED25519_new(pkey->heap, INVALID_DEVID);
 494            if (edKey == NULL) {
 495                break;
 496            }
 497            if (wc_ed25519_import_private_only(priv, (word32)len, edKey)
 498                    != 0) {
 499                wolfSSL_ED25519_free(edKey);
 500                break;
 501            }
 502            pkey->type       = WC_EVP_PKEY_ED25519;
 503            pkey->ed25519    = edKey;
 504            pkey->ownEd25519 = 1;
 505            ok = 1;
 506            break;
 507        }
 508    #endif
 509    #ifdef HAVE_ED448
 510        case WC_EVP_PKEY_ED448: {
 511            ed448_key* edKey;
 512            if (len != ED448_KEY_SIZE) {
 513                break;
 514            }
 515            edKey = wolfSSL_ED448_new(pkey->heap, INVALID_DEVID);
 516            if (edKey == NULL) {
 517                break;
 518            }
 519            if (wc_ed448_import_private_only(priv, (word32)len, edKey) != 0) {
 520                wolfSSL_ED448_free(edKey);
 521                break;
 522            }
 523            pkey->type     = WC_EVP_PKEY_ED448;
 524            pkey->ed448    = edKey;
 525            pkey->ownEd448 = 1;
 526            ok = 1;
 527            break;
 528        }
 529    #endif
 530        default:
 531            break;
 532    }
 533
 534    if (!ok) {
 535        wolfSSL_EVP_PKEY_free(pkey);
 536        return NULL;
 537    }
 538
 539    pkey->pkey.ptr = (char*)XMALLOC(len, pkey->heap, DYNAMIC_TYPE_PRIVATE_KEY);
 540    if (pkey->pkey.ptr == NULL) {
 541        wolfSSL_EVP_PKEY_free(pkey);
 542        return NULL;
 543    }
 544    XMEMCPY(pkey->pkey.ptr, priv, len);
 545    pkey->pkey_sz = (int)len;
 546
 547    return pkey;
 548}
 549
 550#if !defined(NO_DSA)
 551/**
 552 * Try to make a DSA EVP PKEY from data.
 553 *
 554 * @param [in, out] out    On in, an EVP PKEY or NULL.
 555 *                         On out, an EVP PKEY or NULL.
 556 * @param [in]      mem    Memory containing key data.
 557 * @param [in]      memSz  Size of key data in bytes.
 558 * @param [in]      priv   1 means private key, 0 means public key.
 559 * @return  1 on success.
 560 * @return  0 when input was recognized as this key type but
 561 *            object creation/import failed.
 562 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 563 */
 564static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 565    long memSz, int priv)
 566{
 567    WOLFSSL_DSA* dsaObj;
 568    word32 keyIdx = 0;
 569    int     isDsaKey;
 570    int     ret = 1;
 571    WC_DECLARE_VAR(dsa, DsaKey, 1, NULL);
 572
 573    WC_ALLOC_VAR_EX(dsa, DsaKey, 1, NULL, DYNAMIC_TYPE_DSA, return 0);
 574
 575    XMEMSET(dsa, 0, sizeof(DsaKey));
 576
 577    if (wc_InitDsaKey(dsa) != 0) {
 578        WC_FREE_VAR_EX(dsa, NULL, DYNAMIC_TYPE_DSA);
 579        return 0;
 580    }
 581
 582    /* Try decoding data as a DSA private/public key. */
 583    if (priv) {
 584        isDsaKey =
 585            (wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0);
 586    }
 587    else {
 588        isDsaKey =
 589            (wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0);
 590    }
 591    wc_FreeDsaKey(dsa);
 592    WC_FREE_VAR_EX(dsa, NULL, DYNAMIC_TYPE_DSA);
 593
 594    /* test if DSA key */
 595    if (!isDsaKey) {
 596        return WOLFSSL_FATAL_ERROR;
 597    }
 598
 599    /* Create DSA key object from data. */
 600    dsaObj = wolfSSL_DSA_new();
 601    if (dsaObj == NULL) {
 602        ret = 0;
 603    }
 604    if ((ret == 1) && (wolfSSL_DSA_LoadDer_ex(dsaObj, mem, keyIdx,
 605            priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) {
 606        ret = 0;
 607    }
 608    if (ret == 1) {
 609        /* Create an EVP PKEY object. */
 610        ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DSA);
 611    }
 612    if (ret == 1) {
 613        /* Put RSA key object into EVP PKEY object. */
 614        (*out)->ownDsa = 1;
 615        (*out)->dsa = dsaObj;
 616    }
 617    if (ret == 0) {
 618        wolfSSL_DSA_free(dsaObj);
 619    }
 620
 621    return ret;
 622}
 623#endif /* NO_DSA */
 624
 625#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
 626#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
 627    (HAVE_FIPS_VERSION > 2))
 628/**
 629 * Try to make a DH EVP PKEY from data.
 630 *
 631 * @param [in, out] out    On in, an EVP PKEY or NULL.
 632 *                         On out, an EVP PKEY or NULL.
 633 * @param [in]      mem    Memory containing key data.
 634 * @param [in]      memSz  Size of key data in bytes.
 635 * @param [in]      priv   1 means private key, 0 means public key.
 636 * @return  1 on success.
 637 * @return  0 when input was recognized as this key type but
 638 *            object creation/import failed.
 639 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 640 */
 641static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 642    long memSz, int priv)
 643{
 644    WOLFSSL_DH* dhObj;
 645    int isDhKey;
 646    word32 keyIdx = 0;
 647    int ret = 1;
 648    WC_DECLARE_VAR(dh, DhKey, 1, NULL);
 649
 650    WC_ALLOC_VAR_EX(dh, DhKey, 1, NULL, DYNAMIC_TYPE_DH, return 0);
 651
 652    XMEMSET(dh, 0, sizeof(DhKey));
 653
 654    if (wc_InitDhKey(dh) != 0) {
 655        WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH);
 656        return 0;
 657    }
 658
 659    /* Try decoding data as a DH public key. */
 660    isDhKey = (wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz) == 0);
 661    wc_FreeDhKey(dh);
 662    WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH);
 663
 664    /* test if DH key */
 665    if (!isDhKey) {
 666        return WOLFSSL_FATAL_ERROR;
 667    }
 668
 669    /* Create DH key object from data. */
 670    dhObj = wolfSSL_DH_new();
 671    if (dhObj == NULL) {
 672        ret = 0;
 673    }
 674    if ((ret == 1) && (wolfSSL_DH_LoadDer(dhObj, mem, keyIdx) != 1)) {
 675        ret = 0;
 676    }
 677    if (ret == 1) {
 678        /* Create an EVP PKEY object. */
 679        ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DH);
 680    }
 681    if (ret == 1) {
 682        /* Put RSA key object into EVP PKEY object. */
 683        (*out)->ownDh = 1;
 684        (*out)->dh = dhObj;
 685    }
 686    if (ret == 0) {
 687        wolfSSL_DH_free(dhObj);
 688    }
 689
 690    return ret;
 691}
 692#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 693#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
 694
 695#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
 696#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
 697        (HAVE_FIPS_VERSION > 2))
 698/**
 699 * Try to make a DH EVP PKEY from data.
 700 *
 701 * @param [in, out] out    On in, an EVP PKEY or NULL.
 702 *                         On out, an EVP PKEY or NULL.
 703 * @param [in]      mem    Memory containing key data.
 704 * @param [in]      memSz  Size of key data in bytes.
 705 * @param [in]      priv   1 means private key, 0 means public key.
 706 * @return  1 on success.
 707 * @return  0 when input was recognized as this key type but
 708 *            object creation/import failed.
 709 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 710 */
 711static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 712    long memSz, int priv)
 713{
 714    WOLFSSL_DH* dhObj = NULL;
 715    word32  keyIdx = 0;
 716    DhKey*  key = NULL;
 717    int elements;
 718    int ret = 1;
 719
 720    /* Create DH key object from data. */
 721    dhObj = wolfSSL_DH_new();
 722    if (dhObj == NULL) {
 723        ret = WOLFSSL_FATAL_ERROR;
 724    }
 725
 726    if (ret == 1) {
 727        key = (DhKey*)dhObj->internal;
 728        /* Try decoding data as a DH public key. */
 729        if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) != 0) {
 730            ret = WOLFSSL_FATAL_ERROR;
 731        }
 732    }
 733    if (ret == 1) {
 734        /* DH key has data and is external to DH object. */
 735        elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB;
 736        if (priv) {
 737            elements |= ELEMENT_PRV;
 738        }
 739        if (SetDhExternal_ex(dhObj, elements) != WOLFSSL_SUCCESS) {
 740            ret = 0;
 741        }
 742    }
 743    if (ret == 1) {
 744        /* Create an EVP PKEY object. */
 745        ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DH);
 746    }
 747    if (ret == 1) {
 748        /* Put DH key object into EVP PKEY object. */
 749        (*out)->ownDh = 1;
 750        (*out)->dh = dhObj;
 751    }
 752    else if (dhObj != NULL) {
 753        wolfSSL_DH_free(dhObj);
 754    }
 755
 756    return ret;
 757}
 758#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 759#endif /* !NO_DH &&  OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
 760
 761#ifdef HAVE_FALCON
 762/**
 763 * Attempt to import a private Falcon key at a specified level.
 764 *
 765 * @param [in] falcon  Falcon key object.
 766 * @param [in] level   Level of Falcon key.
 767 * @param [in] mem     Memory containing key data.
 768 * @param [in] memSz   Size of key data in bytes.
 769 * @return  1 on success.
 770 * @return  0 otherwise.
 771 */
 772static int d2i_falcon_priv_key_level(falcon_key* falcon, byte level,
 773    const unsigned char* mem, long memSz)
 774{
 775    word32 idx = 0;
 776    return (wc_falcon_set_level(falcon, level) == 0) &&
 777           (wc_Falcon_PrivateKeyDecode(mem, &idx, falcon,
 778                                        (word32)memSz) == 0);
 779}
 780
 781/**
 782 * Attempt to import a public Falcon key at a specified level.
 783 *
 784 * @param [in] falcon  Falcon key object.
 785 * @param [in] level   Level of Falcon key.
 786 * @param [in] mem     Memory containing key data.
 787 * @param [in] memSz   Size of key data in bytes.
 788 * @return  1 on success.
 789 * @return  0 otherwise.
 790 */
 791static int d2i_falcon_pub_key_level(falcon_key* falcon, byte level,
 792    const unsigned char* mem, long memSz)
 793{
 794    return (wc_falcon_set_level(falcon, level) == 0) &&
 795           (wc_falcon_import_public(mem, (word32)memSz, falcon) == 0);
 796}
 797
 798/**
 799 * Try to make a Falcon EVP PKEY from data.
 800 *
 801 * @param [in, out] out    On in, an EVP PKEY or NULL.
 802 *                         On out, an EVP PKEY or NULL.
 803 * @param [in]      mem    Memory containing key data.
 804 * @param [in]      memSz  Size of key data in bytes.
 805 * @param [in]      priv   1 means private key, 0 means public key.
 806 * @return  1 on success.
 807 * @return  0 when input was recognized as this key type but
 808 *            object creation/import failed.
 809 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 810 */
 811static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 812    long memSz, int priv)
 813{
 814    int isFalcon = 0;
 815    WC_DECLARE_VAR(falcon, falcon_key, 1, NULL);
 816
 817    WC_ALLOC_VAR_EX(falcon, falcon_key, 1, NULL, DYNAMIC_TYPE_FALCON,
 818        return 0);
 819
 820    if (wc_falcon_init(falcon) != 0) {
 821        WC_FREE_VAR_EX(falcon, NULL, DYNAMIC_TYPE_FALCON);
 822        return 0;
 823    }
 824
 825    /* Try decoding data as a Falcon private/public key. */
 826    if (priv) {
 827        /* Try level 1 */
 828        isFalcon = d2i_falcon_priv_key_level(falcon, 1, mem, memSz);
 829        if (!isFalcon) {
 830            /* Try level 5 */
 831            isFalcon = d2i_falcon_priv_key_level(falcon, 5, mem, memSz);
 832        }
 833    }
 834    else {
 835        /* Try level 1 */
 836        isFalcon = d2i_falcon_pub_key_level(falcon, 1, mem, memSz);
 837        if (!isFalcon) {
 838            /* Try level 5 */
 839            isFalcon = d2i_falcon_pub_key_level(falcon, 5, mem, memSz);
 840        }
 841    }
 842    /* Dispose of any Falcon key created. */
 843    wc_falcon_free(falcon);
 844    WC_FREE_VAR_EX(falcon, NULL, DYNAMIC_TYPE_FALCON);
 845
 846    if (!isFalcon) {
 847        return WOLFSSL_FATAL_ERROR;
 848    }
 849
 850    /* Create an EVP PKEY object. */
 851    return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_FALCON);
 852}
 853#endif /* HAVE_FALCON */
 854
 855#ifdef HAVE_DILITHIUM
 856/**
 857 * Try to make a Dilithium EVP PKEY from data.
 858 *
 859 * Accepts either raw key bytes or DER (PKCS#8 / SPKI). Raw bytes are
 860 * size-keyed, so each level is tried in turn. DER input is decoded once,
 861 * letting the decoder auto-detect the level from the OID.
 862 *
 863 * @param [in, out] out    On in, an EVP PKEY or NULL.
 864 *                         On out, an EVP PKEY or NULL.
 865 * @param [in]      mem    Memory containing key data.
 866 * @param [in]      memSz  Size of key data in bytes.
 867 * @param [in]      priv   1 means private key, 0 means public key.
 868 * @return  1 on success.
 869 * @return  0 when input was recognized as this key type but
 870 *            object creation/import failed.
 871 * @return  WOLFSSL_FATAL_ERROR when input is not this key type.
 872 */
 873static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 874    long memSz, int priv)
 875{
 876    static const byte levels[] = { WC_ML_DSA_44, WC_ML_DSA_65, WC_ML_DSA_87 };
 877    word32 inSz = (word32)memSz;
 878    word32 keyIdx = 0;
 879    int isDilithium = 0;
 880    int i, numLevels, rc;
 881    WC_DECLARE_VAR(dilithium, dilithium_key, 1, NULL);
 882
 883#if !defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
 884    if (priv) {
 885        return WOLFSSL_FATAL_ERROR;
 886    }
 887#endif
 888
 889    WC_ALLOC_VAR_EX(dilithium, dilithium_key, 1, NULL, DYNAMIC_TYPE_DILITHIUM,
 890        return 0);
 891
 892    if (wc_dilithium_init(dilithium) != 0) {
 893        WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
 894        return 0;
 895    }
 896
 897    /* Raw key bytes are size-keyed, try each level */
 898    numLevels = (int)(sizeof(levels) / sizeof(levels[0]));
 899    for (i = 0; i < numLevels && !isDilithium; i++) {
 900        if (wc_dilithium_set_level(dilithium, levels[i]) != 0) {
 901            continue;
 902        }
 903    #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
 904        if (priv) {
 905            rc = wc_dilithium_import_private(mem, inSz, dilithium);
 906        }
 907        else
 908    #endif
 909        {
 910            rc = wc_dilithium_import_public(mem, inSz, dilithium);
 911        }
 912        if (rc == 0) {
 913            isDilithium = 1;
 914        }
 915    }
 916
 917    /* DER input includes auto level detection */
 918    if (!isDilithium) {
 919        wc_dilithium_free(dilithium);
 920        if (wc_dilithium_init(dilithium) != 0) {
 921            WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
 922            return 0;
 923        }
 924    #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
 925        if (priv) {
 926            rc = wc_Dilithium_PrivateKeyDecode(mem, &keyIdx, dilithium, inSz);
 927        }
 928        else
 929    #endif
 930        {
 931            rc = wc_Dilithium_PublicKeyDecode(mem, &keyIdx, dilithium, inSz);
 932        }
 933        if (rc == 0) {
 934            isDilithium = 1;
 935        }
 936    }
 937
 938    wc_dilithium_free(dilithium);
 939    WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
 940
 941    if (!isDilithium) {
 942        return WOLFSSL_FATAL_ERROR;
 943    }
 944
 945    return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_DILITHIUM);
 946}
 947#endif /* HAVE_DILITHIUM */
 948
 949/**
 950 * Try to make a WOLFSSL_EVP_PKEY from data.
 951 *
 952 * @param [in, out] out    On in, an EVP PKEY or NULL.
 953 *                         On out, an EVP PKEY or NULL.
 954 * @param [in]      mem    Memory containing key data.
 955 * @param [in]      memSz  Size of key data in bytes.
 956 * @param [in]      priv   1 means private key, 0 means public key.
 957 * @return  Non-NULL WOLFSSL_EVP_PKEY* on success.
 958 * @return  NULL on bad arguments or unrecognized input type.
 959 */
 960static WOLFSSL_EVP_PKEY* d2i_evp_pkey_try(WOLFSSL_EVP_PKEY** out,
 961    const unsigned char** in, long inSz, int priv)
 962{
 963    WOLFSSL_EVP_PKEY* pkey = NULL;
 964    int found = 0;
 965
 966    WOLFSSL_ENTER("d2i_evp_pkey_try");
 967
 968    if (in == NULL || *in == NULL || inSz < 0) {
 969        WOLFSSL_MSG("Bad argument");
 970        return NULL;
 971    }
 972
 973    if ((out != NULL) && (*out != NULL)) {
 974        pkey = *out;
 975    }
 976
 977#if !defined(NO_RSA)
 978    if (d2iTryRsaKey(&pkey, *in, inSz, priv) >= 0) {
 979        found = 1;
 980    }
 981    else
 982#endif /* NO_RSA */
 983#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
 984    if (d2iTryEccKey(&pkey, *in, inSz, priv) >= 0) {
 985        found = 1;
 986    }
 987    else
 988#endif /* HAVE_ECC && OPENSSL_EXTRA */
 989#if !defined(NO_DSA)
 990    if (d2iTryDsaKey(&pkey, *in, inSz, priv) >= 0) {
 991        found = 1;
 992    }
 993    else
 994#endif /* NO_DSA */
 995#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
 996#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
 997    (HAVE_FIPS_VERSION > 2))
 998    if (d2iTryDhKey(&pkey, *in, inSz, priv) >= 0) {
 999        found = 1;
1000    }
1001    else
1002#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
1003#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
1004
1005#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
1006#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
1007        (HAVE_FIPS_VERSION > 2))
1008    if (d2iTryAltDhKey(&pkey, *in, inSz, priv) >= 0) {
1009        found = 1;
1010    }
1011    else
1012#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
1013#endif /* !NO_DH &&  OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
1014
1015#ifdef HAVE_ED25519
1016    if (d2iTryEd25519Key(&pkey, *in, inSz, priv) >= 0) {
1017        found = 1;
1018    }
1019    else
1020#endif /* HAVE_ED25519 */
1021#ifdef HAVE_ED448
1022    if (d2iTryEd448Key(&pkey, *in, inSz, priv) >= 0) {
1023        found = 1;
1024    }
1025    else
1026#endif /* HAVE_ED448 */
1027#ifdef HAVE_FALCON
1028    if (d2iTryFalconKey(&pkey, *in, inSz, priv) >= 0) {
1029        found = 1;
1030    }
1031    else
1032#endif /* HAVE_FALCON */
1033#ifdef HAVE_DILITHIUM
1034    if (d2iTryDilithiumKey(&pkey, *in, inSz, priv) >= 0) {
1035        found = 1;
1036    }
1037    else
1038#endif /* HAVE_DILITHIUM */
1039    {
1040        WOLFSSL_MSG("d2i_evp_pkey_try couldn't determine key type");
1041    }
1042
1043    if (!found) {
1044        return NULL;
1045    }
1046
1047    if ((pkey != NULL) && (out != NULL)) {
1048        *out = pkey;
1049    }
1050    return pkey;
1051}
1052#endif /* OPENSSL_EXTRA || WPA_SMALL */
1053
1054#ifdef OPENSSL_EXTRA
1055/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure.
1056 *
1057 * @param [in, out] out   Pointer to new WOLFSSL_EVP_PKEY structure.
1058 *                        Can be NULL.
1059 * @param [in, out] in    DER buffer to convert.
1060 * @param [in]      inSz  Size of in buffer.
1061 * @return  Pointer to a new WOLFSSL_EVP_PKEY structure on success.
1062 * @return  NULL on failure. *out is left unchanged on failure; caller
1063 *          retains ownership of any pre-existing key passed via *out.
1064 */
1065WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
1066    const unsigned char** in, long inSz)
1067{
1068    WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY");
1069    return d2i_evp_pkey_try(out, in, inSz, 0);
1070}
1071
1072#ifndef NO_BIO
1073/* Converts a DER encoded public key in a BIO to a WOLFSSL_EVP_PKEY structure.
1074 *
1075 * @param [in]  bio  BIO to read DER from.
1076 * @param [out] out  New WOLFSSL_EVP_PKEY pointer when not NULL.
1077 * @return  Pointer to a new WOLFSSL_EVP_PKEY structure on success.
1078 * @return  NULL on failure.
1079 */
1080WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
1081    WOLFSSL_EVP_PKEY** out)
1082{
1083    unsigned char* mem;
1084    long memSz;
1085    WOLFSSL_EVP_PKEY* pkey = NULL;
1086
1087    WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio");
1088
1089    /* Validate parameters. */
1090    if (bio == NULL) {
1091        return NULL;
1092    }
1093
1094    /* Get length of data in BIO. */
1095    memSz = wolfSSL_BIO_get_len(bio);
1096    if (memSz <= 0) {
1097        return NULL;
1098    }
1099    /* Allocate memory to read all of BIO data into. */
1100    mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap,
1101        DYNAMIC_TYPE_TMP_BUFFER);
1102    if (mem == NULL) {
1103        return NULL;
1104    }
1105    /* Read all data into allocated buffer. */
1106    if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) {
1107        /* Create a WOLFSSL_EVP_PKEY from data. */
1108        pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz);
1109        if (out != NULL && pkey != NULL) {
1110            /* Return new WOLFSSL_EVP_PKEY through parameter. */
1111            *out = pkey;
1112        }
1113    }
1114
1115    /* Dispose of memory holding BIO data. */
1116    XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
1117    return pkey;
1118}
1119#endif /* !NO_BIO */
1120#endif /* OPENSSL_EXTRA */
1121
1122#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \
1123    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || \
1124    defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL)
1125/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure.
1126 *
1127 * @param [in, out] out   Pointer to new WOLFSSL_EVP_PKEY structure.
1128 *                        Can be NULL.
1129 * @param [in, out] in    DER buffer to convert.
1130 * @param [in]      inSz  Size of in buffer.
1131 * @return  Pointer to a new WOLFSSL_EVP_PKEY structure on success.
1132 * @return  NULL on failure. *out is left unchanged on failure; caller
1133 *          retains ownership of any pre-existing key passed via *out.
1134 */
1135WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out,
1136    unsigned char** in, long inSz)
1137{
1138    WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP");
1139    return d2i_evp_pkey_try(out, (const unsigned char**)in, inSz, 1);
1140}
1141#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT ||
1142        * WOLFSSL_WPAS_SMALL*/
1143
1144#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \
1145    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
1146
1147#ifndef NO_BIO
1148/* Converts a DER encoded private key in a BIO to a WOLFSSL_EVP_PKEY structure.
1149 *
1150 * @param [in]  bio  BIO to read DER from.
1151 * @param [out] out  New WOLFSSL_EVP_PKEY pointer when not NULL.
1152 * @return  Pointer to a new WOLFSSL_EVP_PKEY structure on success.
1153 * @return  NULL on failure.
1154 */
1155WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
1156    WOLFSSL_EVP_PKEY** out)
1157{
1158    unsigned char* mem = NULL;
1159    int memSz = 0;
1160    WOLFSSL_EVP_PKEY* key = NULL;
1161
1162    WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio");
1163
1164    /* Validate parameters. */
1165    if (bio == NULL) {
1166        return NULL;
1167    }
1168
1169    /* Get length of data in BIO. */
1170    memSz = wolfSSL_BIO_get_len(bio);
1171    if (memSz <= 0) {
1172        WOLFSSL_MSG("wolfSSL_BIO_get_len() failure");
1173        return NULL;
1174    }
1175    /* Allocate memory to read all of BIO data into. */
1176    mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap,
1177        DYNAMIC_TYPE_TMP_BUFFER);
1178    if (mem == NULL) {
1179        WOLFSSL_MSG("Malloc failure");
1180        return NULL;
1181    }
1182
1183    /* Read all of data. */
1184    if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) {
1185        /* Determines key type and returns the new private EVP_PKEY object */
1186        if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) ==
1187                NULL) {
1188            WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure");
1189            XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
1190            return NULL;
1191        }
1192
1193        /* Write extra data back into bio object if necessary. */
1194        if (memSz > key->pkey_sz) {
1195            wolfSSL_BIO_write(bio, mem + key->pkey_sz, memSz - key->pkey_sz);
1196            if (wolfSSL_BIO_get_len(bio) <= 0) {
1197                WOLFSSL_MSG("Failed to write memory to bio");
1198                XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
1199                return NULL;
1200            }
1201        }
1202
1203        /* Return key through parameter if required. */
1204        if (out != NULL) {
1205            *out = key;
1206        }
1207    }
1208
1209    /* Dispose of memory holding BIO data. */
1210    XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
1211    return key;
1212}
1213#endif /* !NO_BIO */
1214
1215#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_NGINX ||
1216        * WOLFSSL_QT */
1217
1218#ifdef OPENSSL_EXTRA
1219/* Reads in a DER format key. If PKCS8 headers are found they are stripped off.
1220 *
1221 * @param [in]      type  Type of key.
1222 * @param [in, out] out   Newly created WOLFSSL_EVP_PKEY structure.
1223 * @param [in, out] in    Pointer to input key DER.
1224 *                        Pointer is advanced the same number of bytes read on
1225 *                        success.
1226 * @param [in]      inSz  Size of in buffer.
1227 * @return  A non null pointer on success.
1228 * @return  NULL on failure.
1229 */
1230static WOLFSSL_EVP_PKEY* d2i_evp_pkey(int type, WOLFSSL_EVP_PKEY** out,
1231    const unsigned char **in, long inSz, int priv)
1232{
1233    int ret = 0;
1234    word32 idx = 0, algId;
1235    word16 pkcs8HeaderSz = 0;
1236    WOLFSSL_EVP_PKEY* local;
1237    const unsigned char* p;
1238    int opt;
1239
1240    (void)opt;
1241
1242    /* Validate parameters. */
1243    if (in == NULL || inSz < 0) {
1244        WOLFSSL_MSG("Bad argument");
1245        return NULL;
1246    }
1247
1248    if (priv == 1) {
1249        /* Check if input buffer has PKCS8 header. In the case that it does not
1250         * have a PKCS8 header then do not error out. */
1251        if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx,
1252                (word32)inSz, &algId)) >= 0) {
1253            WOLFSSL_MSG("Found PKCS8 header");
1254            pkcs8HeaderSz = (word16)idx;
1255
1256            /* Check header algorithm id matches algorithm type passed in. */
1257            if ((type == WC_EVP_PKEY_RSA && algId != RSAk
1258            #ifdef WC_RSA_PSS
1259                 && algId != RSAPSSk
1260            #endif
1261                 ) ||
1262                (type == WC_EVP_PKEY_EC && algId != ECDSAk) ||
1263                (type == WC_EVP_PKEY_DSA && algId != DSAk) ||
1264                (type == WC_EVP_PKEY_DH && algId != DHk)
1265            #ifdef HAVE_ED25519
1266                || (type == WC_EVP_PKEY_ED25519 && algId != ED25519k)
1267            #endif
1268            #ifdef HAVE_ED448
1269                || (type == WC_EVP_PKEY_ED448 && algId != ED448k)
1270            #endif
1271                ) {
1272                WOLFSSL_MSG("PKCS8 does not match EVP key type");
1273                return NULL;
1274            }
1275
1276            (void)idx; /* not used */
1277        }
1278        /* Ensure no error occurred try to remove any PKCS#8 header. */
1279        else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
1280            WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
1281            return NULL;
1282        }
1283    }
1284
1285    /* Dispose of any WOLFSSL_EVP_PKEY passed in. */
1286    if (out != NULL && *out != NULL) {
1287        wolfSSL_EVP_PKEY_free(*out);
1288        *out = NULL;
1289    }
1290    /* Create a new WOLFSSL_EVP_PKEY and populate. */
1291    local = wolfSSL_EVP_PKEY_new();
1292    if (local == NULL) {
1293        return NULL;
1294    }
1295    local->type          = type;
1296    local->pkey_sz       = (int)inSz;
1297    local->pkcs8HeaderSz = pkcs8HeaderSz;
1298    local->pkey.ptr      = (char*)XMALLOC((size_t)inSz, NULL,
1299                                          DYNAMIC_TYPE_PUBLIC_KEY);
1300    if (local->pkey.ptr == NULL) {
1301        wolfSSL_EVP_PKEY_free(local);
1302        return NULL;
1303    }
1304    XMEMCPY(local->pkey.ptr, *in, (size_t)inSz);
1305    p = (const unsigned char*)local->pkey.ptr;
1306
1307    /* Create an algorithm specific object into WOLFSSL_EVP_PKEY. */
1308    switch (type) {
1309#ifndef NO_RSA
1310        case WC_EVP_PKEY_RSA:
1311            /* Create a WOLFSSL_RSA object. */
1312            local->ownRsa = 1;
1313            opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC;
1314            local->rsa = wolfssl_rsa_d2i(NULL, p, local->pkey_sz, opt);
1315            if (local->rsa == NULL) {
1316                wolfSSL_EVP_PKEY_free(local);
1317                return NULL;
1318            }
1319            break;
1320#endif /* NO_RSA */
1321#ifdef HAVE_ECC
1322        case WC_EVP_PKEY_EC:
1323            /* Create a WOLFSSL_EC object. */
1324            local->ownEcc = 1;
1325            local->ecc = wolfSSL_EC_KEY_new();
1326            if (local->ecc == NULL) {
1327                wolfSSL_EVP_PKEY_free(local);
1328                return NULL;
1329            }
1330            opt = priv ? WOLFSSL_EC_KEY_LOAD_PRIVATE :
1331                         WOLFSSL_EC_KEY_LOAD_PUBLIC;
1332            if (wolfSSL_EC_KEY_LoadDer_ex(local->ecc, p, local->pkey_sz, opt) !=
1333                    WOLFSSL_SUCCESS) {
1334                wolfSSL_EVP_PKEY_free(local);
1335                return NULL;
1336            }
1337            break;
1338#endif /* HAVE_ECC */
1339#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
1340#ifndef NO_DSA
1341        case WC_EVP_PKEY_DSA:
1342            /* Create a WOLFSSL_DSA object. */
1343            local->ownDsa = 1;
1344            local->dsa = wolfSSL_DSA_new();
1345            if (local->dsa == NULL) {
1346                wolfSSL_EVP_PKEY_free(local);
1347                return NULL;
1348            }
1349            opt = priv ? WOLFSSL_DSA_LOAD_PRIVATE : WOLFSSL_DSA_LOAD_PUBLIC;
1350            if (wolfSSL_DSA_LoadDer_ex(local->dsa, p, local->pkey_sz, opt) !=
1351                    WOLFSSL_SUCCESS) {
1352                wolfSSL_EVP_PKEY_free(local);
1353                return NULL;
1354            }
1355            break;
1356#endif /* NO_DSA */
1357#ifndef NO_DH
1358#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
1359        case WC_EVP_PKEY_DH:
1360            /* Create a WOLFSSL_DH object. */
1361            local->ownDh = 1;
1362            local->dh = wolfSSL_DH_new();
1363            if (local->dh == NULL) {
1364                wolfSSL_EVP_PKEY_free(local);
1365                return NULL;
1366            }
1367            if (wolfSSL_DH_LoadDer(local->dh, p, local->pkey_sz) !=
1368                    WOLFSSL_SUCCESS) {
1369                wolfSSL_EVP_PKEY_free(local);
1370                return NULL;
1371            }
1372            break;
1373#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
1374#endif /* HAVE_DH */
1375#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */
1376#ifdef HAVE_ED25519
1377        case WC_EVP_PKEY_ED25519:
1378            /* local->pkey.ptr already holds the input bytes, so
1379             * d2iTryEd25519Key will skip the d2i_make_pkey allocate/copy
1380             * and just decode into local->ed25519. */
1381            if (d2iTryEd25519Key(&local, p, local->pkey_sz, priv) != 1) {
1382                wolfSSL_EVP_PKEY_free(local);
1383                return NULL;
1384            }
1385            break;
1386#endif /* HAVE_ED25519 */
1387#ifdef HAVE_ED448
1388        case WC_EVP_PKEY_ED448:
1389            /* See WC_EVP_PKEY_ED25519 case above. */
1390            if (d2iTryEd448Key(&local, p, local->pkey_sz, priv) != 1) {
1391                wolfSSL_EVP_PKEY_free(local);
1392                return NULL;
1393            }
1394            break;
1395#endif /* HAVE_ED448 */
1396        default:
1397            WOLFSSL_MSG("Unsupported key type");
1398            wolfSSL_EVP_PKEY_free(local);
1399            return NULL;
1400    }
1401
1402    /* Advance pointer and return through parameter when required on success. */
1403    if (local != NULL) {
1404        if (local->pkey_sz <= (int)inSz) {
1405            *in += local->pkey_sz;
1406        }
1407        if (out != NULL) {
1408            *out = local;
1409        }
1410    }
1411
1412    /* Return newly allocated WOLFSSL_EVP_PKEY structure. */
1413    return local;
1414}
1415
1416/* Reads in a DER format key.
1417 *
1418 * @param [in]      type  Type of key.
1419 * @param [in, out] out   Newly created WOLFSSL_EVP_PKEY structure.
1420 * @param [in, out] in    Pointer to input key DER.
1421 *                        Pointer is advanced the same number of bytes read on
1422 *                        success.
1423 * @param [in]      inSz  Size of in buffer.
1424 * @return  A non null pointer on success.
1425 * @return  NULL on failure.
1426 */
1427WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
1428        const unsigned char **in, long inSz)
1429{
1430    WOLFSSL_ENTER("wolfSSL_d2i_PublicKey");
1431
1432    return d2i_evp_pkey(type, out, in, inSz, 0);
1433}
1434
1435/* Reads in a DER format key. If PKCS8 headers are found they are stripped off.
1436 *
1437 * @param [in]      type  Type of key.
1438 * @param [in, out] out   Newly created WOLFSSL_EVP_PKEY structure.
1439 * @param [in, out] in    Pointer to input key DER.
1440 *                        Pointer is advanced the same number of bytes read on
1441 *                        success.
1442 * @param [in]      inSz  Size of in buffer.
1443 * @return  A non null pointer on success.
1444 * @return  NULL on failure.
1445 */
1446WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out,
1447        const unsigned char **in, long inSz)
1448{
1449    WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey");
1450
1451    return d2i_evp_pkey(type, out, in, inSz, 1);
1452}
1453#endif /* OPENSSL_EXTRA */
1454
1455#ifdef OPENSSL_ALL
1456/* Detect RSA or EC key and decode private key DER.
1457 *
1458 * @param [in, out] pkey    Newly created WOLFSSL_EVP_PKEY structure.
1459 * @param [in, out] pp      Pointer to private key DER data.
1460 * @param [in]      length  Length in bytes of DER data.
1461 */
1462WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
1463    const unsigned char** pp, long length)
1464{
1465    int ret;
1466    WOLFSSL_EVP_PKEY* key = NULL;
1467    const byte* der = *pp;
1468    word32 idx = 0;
1469    int len = 0;
1470    int cnt = 0;
1471    word32 algId;
1472    word32 keyLen = (word32)length;
1473
1474    /* Take off PKCS#8 wrapper if found. */
1475    if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) {
1476        der += idx;
1477        keyLen = (word32)len;
1478    }
1479
1480    idx = 0;
1481    len = 0;
1482    /* Use the number of elements in the outer sequence to determine key type.
1483     */
1484    ret = GetSequence(der, &idx, &len, keyLen);
1485    if (ret >= 0) {
1486        word32 end = idx + (word32)len;
1487        while (ret >= 0 && idx < end) {
1488            /* Skip type */
1489            idx++;
1490            /* Get length and skip over - keeping count */
1491            len = 0;
1492            ret = GetLength(der, &idx, &len, keyLen);
1493            if (ret >= 0) {
1494                if (idx + (word32)len > end) {
1495                    ret = ASN_PARSE_E;
1496                }
1497                else {
1498                    idx += (word32)len;
1499                    cnt++;
1500                }
1501            }
1502        }
1503    }
1504
1505    if (ret >= 0) {
1506        int type;
1507        /* ECC includes version, private[, curve][, public key] */
1508        if (cnt >= 2 && cnt <= 4) {
1509            type = WC_EVP_PKEY_EC;
1510        }
1511        else {
1512            type = WC_EVP_PKEY_RSA;
1513        }
1514
1515        /* Decode the detected type of private key. */
1516        key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen);
1517        /* Update the pointer to after the DER data. */
1518        *pp = der;
1519    }
1520
1521    return key;
1522}
1523
1524#if !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
1525/* Read all of the BIO data into a newly allocated buffer.
1526 *
1527 * @param [in]  bio   BIO to read from.
1528 * @param [out] data  Allocated buffer holding all BIO data.
1529 * @return  Number of bytes allocated and read.
1530 * @return  MEMORY_E on dynamic memory allocation failure.
1531 * @return  Other negative on error.
1532 */
1533static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
1534{
1535    int ret = 0;
1536    byte* mem = NULL;
1537
1538    /* Get length of data in BIO. */
1539    ret = wolfSSL_BIO_get_len(bio);
1540    if (ret > 0) {
1541        /* Allocate memory big enough to hold data in BIO. */
1542        mem = (byte*)XMALLOC((size_t)ret, bio->heap, DYNAMIC_TYPE_OPENSSL);
1543        if (mem == NULL) {
1544            WOLFSSL_MSG("Memory error");
1545            ret = MEMORY_E;
1546        }
1547        if (ret >= 0) {
1548            /* Read data from BIO. */
1549            if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) {
1550                XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
1551                ret = MEMORY_E;
1552                mem = NULL;
1553            }
1554        }
1555    }
1556
1557    /* Return allocated buffer with data from BIO. */
1558    *data = mem;
1559    return ret;
1560}
1561
1562/* Convert the algorithm id to a key type.
1563 *
1564 * @param [in] algId  Algorithm Id.
1565 * @return  Key type on success.
1566 * @return  WC_EVP_PKEY_NONE when algorithm id not supported.
1567 */
1568static int wolfssl_i_alg_id_to_key_type(word32 algId)
1569{
1570    int type;
1571
1572    /* Convert algorithm id into EVP PKEY id. */
1573    switch (algId) {
1574#ifndef NO_RSA
1575        case RSAk:
1576    #ifdef WC_RSA_PSS
1577        case RSAPSSk:
1578    #endif
1579            type = WC_EVP_PKEY_RSA;
1580            break;
1581#endif
1582    #ifdef HAVE_ECC
1583        case ECDSAk:
1584            type = WC_EVP_PKEY_EC;
1585            break;
1586    #endif
1587    #ifndef NO_DSA
1588        case DSAk:
1589            type = WC_EVP_PKEY_DSA;
1590            break;
1591    #endif
1592    #ifndef NO_DH
1593        case DHk:
1594            type = WC_EVP_PKEY_DH;
1595            break;
1596    #endif
1597        default:
1598            WOLFSSL_MSG("PKEY algorithm, from PKCS#8 header, not supported");
1599            type = WC_EVP_PKEY_NONE;
1600            break;
1601    }
1602
1603    return type;
1604}
1605
1606/* Creates an WOLFSSL_EVP_PKEY from PKCS#8 encrypted private DER in a BIO.
1607 *
1608 * Uses the PEM default password callback when cb is NULL.
1609 *
1610 * @param [in]      bio   BIO to read DER from.
1611 * @param [in, out] pkey  Newly created WOLFSSL_EVP_PKEY structure.
1612 * @param [in]      cb    Password callback. May be NULL.
1613 * @param [in]      ctx   Password callback context. May be NULL.
1614 * @return  A non null pointer on success.
1615 * @return  NULL on failure.
1616 */
1617WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
1618    WOLFSSL_EVP_PKEY** pkey, wc_pem_password_cb* cb, void* ctx)
1619{
1620    int ret;
1621    const byte* p;
1622    byte* der = NULL;
1623    int len;
1624    word32 algId;
1625    WOLFSSL_EVP_PKEY* key;
1626    int type;
1627    char password[NAME_SZ];
1628    int passwordSz;
1629
1630    /* Get the data from the BIO into a newly allocated buffer. */
1631    if ((len = bio_get_data(bio, &der)) < 0)
1632        return NULL;
1633
1634    /* Use the PEM default callback if none supplied. */
1635    if (cb == NULL) {
1636        cb = wolfSSL_PEM_def_callback;
1637    }
1638    /* Get the password. */
1639    passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx);
1640    if (passwordSz < 0) {
1641        XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
1642        return NULL;
1643    }
1644#ifdef WOLFSSL_CHECK_MEM_ZERO
1645    wc_MemZero_Add("wolfSSL_d2i_PKCS8PrivateKey_bio password", password,
1646        passwordSz);
1647#endif
1648
1649    /* Decrypt the PKCS#8 encrypted private key and get algorithm. */
1650    ret = ToTraditionalEnc(der, (word32)len, password, passwordSz, &algId);
1651    ForceZero(password, (word32)passwordSz);
1652#ifdef WOLFSSL_CHECK_MEM_ZERO
1653    wc_MemZero_Check(password, passwordSz);
1654#endif
1655    if (ret < 0) {
1656        XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
1657        return NULL;
1658    }
1659
1660    /* Get the key type from the algorithm id of the PKCS#8 header. */
1661    if ((type = wolfssl_i_alg_id_to_key_type(algId)) == WC_EVP_PKEY_NONE) {
1662        XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
1663        return NULL;
1664    }
1665
1666    /* Decode private key with the known type. */
1667    p = der;
1668    key = d2i_evp_pkey(type, pkey, &p, len, 1);
1669
1670    /* Dispose of memory holding BIO data. */
1671    XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
1672    return key;
1673}
1674#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
1675#endif /* OPENSSL_ALL */
1676
1677#ifdef OPENSSL_EXTRA
1678/* Reads in a PKCS#8 DER format key.
1679 *
1680 * @param [in, out] pkey    Newly created WOLFSSL_PKCS8_PRIV_KEY_INFO structure.
1681 * @param [in, out] keyBuf  Pointer to input key DER.
1682 *                          Pointer is advanced the same number of bytes read on
1683 *                          success.
1684 * @param [in]      keyLen  Number of bytes in keyBuf.
1685 * @return  A non null pointer on success.
1686 * @return  NULL on failure.
1687 */
1688WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
1689    WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf,
1690    long keyLen)
1691{
1692    WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
1693#ifdef WOLFSSL_PEM_TO_DER
1694    int ret;
1695    DerBuffer* pkcs8Der = NULL;
1696    DerBuffer rawDer;
1697    EncryptedInfo info;
1698    int advanceLen = 0;
1699
1700    /* Clear the encryption information and DER buffer. */
1701    XMEMSET(&info, 0, sizeof(info));
1702    XMEMSET(&rawDer, 0, sizeof(rawDer));
1703
1704    /* Validate parameters. */
1705    if ((keyBuf == NULL) || (*keyBuf == NULL) || (keyLen <= 0)) {
1706        WOLFSSL_MSG("Bad key PEM/DER args");
1707        return NULL;
1708    }
1709
1710    /* Try to decode the PEM into DER. */
1711    ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info,
1712        NULL);
1713    if (ret >= 0) {
1714        /* Cache the amount of data in PEM formatted private key. */
1715        advanceLen = (int)info.consumed;
1716    }
1717    else {
1718        /* Not PEM - create a DerBuffer with the PKCS#8 DER data. */
1719        WOLFSSL_MSG("Not PEM format");
1720        ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
1721        if (ret == 0) {
1722            XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen);
1723        }
1724    }
1725
1726    if (ret == 0) {
1727        /* Verify this is PKCS8 Key */
1728        word32 inOutIdx = 0;
1729        word32 algId;
1730
1731        ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx,
1732            pkcs8Der->length, &algId);
1733        if (ret >= 0) {
1734            if (advanceLen == 0) {
1735                /* Set only if not PEM */
1736                advanceLen = (int)inOutIdx + ret;
1737            }
1738            if (algId == DHk) {
1739                /* Special case for DH as we expect the DER buffer to be always
1740                 * be in PKCS8 format */
1741                rawDer.buffer = pkcs8Der->buffer;
1742                rawDer.length = inOutIdx + (word32)ret;
1743            }
1744            else {
1745                rawDer.buffer = pkcs8Der->buffer + inOutIdx;
1746                rawDer.length = (word32)ret;
1747            }
1748            ret = 0; /* good DER */
1749        }
1750    }
1751
1752    if (ret == 0) {
1753        /* Create a WOLFSSL_EVP_PKEY for a WOLFSSL_PKCS8_PRIV_KEY_INFO. */
1754        pkcs8 = wolfSSL_EVP_PKEY_new();
1755        if (pkcs8 == NULL) {
1756            ret = MEMORY_E;
1757        }
1758    }
1759    if (ret == 0) {
1760        /* Allocate memory to hold DER. */
1761        pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL,
1762            DYNAMIC_TYPE_PUBLIC_KEY);
1763        if (pkcs8->pkey.ptr == NULL) {
1764            ret = MEMORY_E;
1765        }
1766    }
1767    if (ret == 0) {
1768        /* Copy in DER data and size. */
1769        XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length);
1770        pkcs8->pkey_sz = (int)rawDer.length;
1771    }
1772
1773    /* Dispose of PKCS#8 DER data - raw DER reference data in pkcs8Der. */
1774    FreeDer(&pkcs8Der);
1775    if (ret != 0) {
1776        /* Dispose of WOLFSSL_PKCS8_PRIV_KEY_INFO object on error. */
1777        wolfSSL_EVP_PKEY_free(pkcs8);
1778        pkcs8 = NULL;
1779    }
1780    else {
1781        /* Advance the buffer past the key on success. */
1782        *keyBuf += advanceLen;
1783    }
1784    if (pkey != NULL) {
1785        /* Return the WOLFSSL_PKCS8_PRIV_KEY_INFO object through parameter. */
1786        *pkey = pkcs8;
1787    }
1788#else
1789    (void)pkey;
1790    (void)keyBuf;
1791    (void)keyLen;
1792#endif /* WOLFSSL_PEM_TO_DER */
1793
1794    /* Return new WOLFSSL_PKCS8_PRIV_KEY_INFO object. */
1795    return pkcs8;
1796}
1797
1798#ifndef NO_BIO
1799/* Converts a DER format key read from BIO to a PKCS#8 structure.
1800 *
1801 * @param [in]  bio  Input BIO to read DER from.
1802 * @param [out] pkey If not NULL then this pointer will be overwritten with a
1803 *                   new PKCS8 structure.
1804 * @return  A WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success
1805 * @return  NULL on failure.
1806 */
1807WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
1808    WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey)
1809{
1810    WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
1811#ifdef WOLFSSL_PEM_TO_DER
1812    unsigned char* mem = NULL;
1813    int memSz;
1814
1815    WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio");
1816
1817    /* Validate parameters. */
1818    if (bio == NULL) {
1819        return NULL;
1820    }
1821
1822    /* Get the memory buffer from the BIO. */
1823    if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) {
1824        return NULL;
1825    }
1826
1827    /* Decode the PKCS#8 key into a WOLFSSL_PKCS8_PRIV_KEY_INFO object. */
1828    pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz);
1829#else
1830    (void)bio;
1831    (void)pkey;
1832#endif /* WOLFSSL_PEM_TO_DER */
1833
1834    /* Return new WOLFSSL_PKCS8_PRIV_KEY_INFO object. */
1835    return pkcs8;
1836}
1837#endif /* !NO_BIO */
1838
1839#ifdef WOLF_PRIVATE_KEY_ID
1840/* Create an EVP structure for use with crypto callbacks.
1841 *
1842 * @param [in]  type   Type of private key.
1843 * @param [out] out    WOLFSSL_EVP_PKEY object created.
1844 * @param [in]  heap   Heap hint for dynamic memory allocation.
1845 * @param [in]  devId  Device id.
1846 * @return  A new WOLFSSL_EVP_PKEY object on success.
1847 * @return  NULL on failure.
1848 */
1849WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
1850    void* heap, int devId)
1851{
1852    WOLFSSL_EVP_PKEY* local;
1853
1854    /* Dispose of any object passed in through out. */
1855    if (out != NULL && *out != NULL) {
1856        wolfSSL_EVP_PKEY_free(*out);
1857        *out = NULL;
1858    }
1859
1860    /* Create a local WOLFSSL_EVP_PKEY to be decoded into. */
1861    local = wolfSSL_EVP_PKEY_new_ex(heap);
1862    if (local == NULL) {
1863        return NULL;
1864    }
1865    local->type          = type;
1866    local->pkey_sz       = 0;
1867    local->pkcs8HeaderSz = 0;
1868
1869    switch (type) {
1870#ifndef NO_RSA
1871        case WC_EVP_PKEY_RSA:
1872        {
1873            /* Create a WOLFSSL_RSA object into WOLFSSL_EVP_PKEY. */
1874            local->rsa = wolfSSL_RSA_new_ex(heap, devId);
1875            if (local->rsa == NULL) {
1876                wolfSSL_EVP_PKEY_free(local);
1877                return NULL;
1878            }
1879            local->ownRsa = 1;
1880            /* Algorithm specific object set into WOLFSL_EVP_PKEY. */
1881            local->rsa->inSet = 1;
1882        #ifdef WOLF_CRYPTO_CB
1883            ((RsaKey*)local->rsa->internal)->devId = devId;
1884        #endif
1885            break;
1886        }
1887#endif /* !NO_RSA */
1888#ifdef HAVE_ECC
1889        case WC_EVP_PKEY_EC:
1890        {
1891            ecc_key* key;
1892
1893            /* Create a WOLFSSL_EC object into WOLFSSL_EVP_PKEY. */
1894            local->ecc = wolfSSL_EC_KEY_new_ex(heap, devId);
1895            if (local->ecc == NULL) {
1896                wolfSSL_EVP_PKEY_free(local);
1897                return NULL;
1898            }
1899            local->ownEcc = 1;
1900            /* Algorithm specific object set into WOLFSL_EVP_PKEY. */
1901            local->ecc->inSet = 1;
1902
1903            /* Get wolfSSL EC key and set fields. */
1904            key = (ecc_key*)local->ecc->internal;
1905        #ifdef WOLF_CRYPTO_CB
1906            key->devId = devId;
1907        #endif
1908            key->type = ECC_PRIVATEKEY;
1909            /* key is required to have a key size / curve set, although
1910             * actual one used is determined by devId callback function. */
1911            wc_ecc_set_curve(key, ECDHE_SIZE, ECC_CURVE_DEF);
1912            break;
1913        }
1914#endif /* HAVE_ECC */
1915        default:
1916            WOLFSSL_MSG("Unsupported private key id type");
1917            wolfSSL_EVP_PKEY_free(local);
1918            return NULL;
1919    }
1920
1921    /* Return new WOLFSSL_EVP_PKEY through parameter if required. */
1922    if (local != NULL && out != NULL) {
1923        *out = local;
1924    }
1925    /* Return new WOLFSSL_EVP_PKEY. */
1926    return local;
1927}
1928#endif /* WOLF_PRIVATE_KEY_ID */
1929#endif /* OPENSSL_EXTRA */
1930
1931/*******************************************************************************
1932 * END OF d2i APIs
1933 ******************************************************************************/
1934
1935/*******************************************************************************
1936 * START OF i2d APIs
1937 ******************************************************************************/
1938
1939#ifdef OPENSSL_ALL
1940/* Encode PKCS#8 key as DER data.
1941 *
1942 * @param [in]  key  PKCS#8 private key to encode.
1943 * @param [out] pp   Pointer to buffer of encoded data.
1944 * @return  Length of DER encoded data on success.
1945 * @return  Less than zero on failure.
1946 */
1947int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp)
1948{
1949    word32 keySz = 0;
1950    unsigned char* out;
1951    int len;
1952
1953    WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY");
1954
1955    /* Validate parameters. */
1956    if (key == NULL) {
1957        return WOLFSSL_FATAL_ERROR;
1958    }
1959
1960    /* Get the length of DER encoding. */
1961    if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
1962        return WOLFSSL_FATAL_ERROR;
1963    }
1964    len = (int)keySz;
1965
1966    /* Return the length when output parameter is NULL. */
1967    if ((pp == NULL) || (len == 0)) {
1968        return len;
1969    }
1970
1971    /* Allocate memory for DER encoding if NULL passed in for output buffer. */
1972    if (*pp == NULL) {
1973        out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
1974        if (out == NULL) {
1975            return WOLFSSL_FATAL_ERROR;
1976        }
1977    }
1978    else {
1979        /* Use buffer passed in - assume it is big enough. */
1980        out = *pp;
1981    }
1982
1983    /* Encode the PKCS#8 key into the output buffer. */
1984    if (pkcs8_encode(key, out, &keySz) != len) {
1985        if (*pp == NULL) {
1986            XFREE(out, NULL, DYNAMIC_TYPE_ASN1);
1987        }
1988        return WOLFSSL_FATAL_ERROR;
1989    }
1990
1991    /* Return new output buffer or move pointer passed encoded data. */
1992    if (*pp == NULL) {
1993        *pp = out;
1994    }
1995    else {
1996        *pp += len;
1997    }
1998
1999    return len;
2000}
2001#endif
2002
2003#ifdef OPENSSL_EXTRA
2004
2005#if !defined(NO_ASN) && !defined(NO_PWDBASED)
2006/* Get raw pointer to DER buffer from WOLFSSL_EVP_PKEY.
2007 *
2008 * Assumes der is large enough if passed in.
2009 *
2010 * @param [in]  key  WOLFSSL_EVP_PKEY to get DER buffer for.
2011 * @param [out] der  Buffer holding DER encoding. May be NULL.
2012 * @return  Size of DER encoding on success.
2013 * @return  Less than 0 on failure.
2014 */
2015static int wolfssl_i_evp_pkey_get_der(const WOLFSSL_EVP_PKEY* key,
2016    unsigned char** der)
2017{
2018    int sz;
2019    word16 pkcs8HeaderSz;
2020
2021    /* Validate parameters. */
2022    if ((key == NULL) || (key->pkey_sz == 0)) {
2023        return WOLFSSL_FATAL_ERROR;
2024    }
2025
2026    /* If pkcs8HeaderSz is invalid, return all of the DER encoding. */
2027    pkcs8HeaderSz = 0;
2028    if (key->pkey_sz > key->pkcs8HeaderSz) {
2029        pkcs8HeaderSz = key->pkcs8HeaderSz;
2030    }
2031    /* Calculate the size of the DER encoding to return. */
2032    sz = key->pkey_sz - pkcs8HeaderSz;
2033    /* Returning encoding when DER is not NULL. */
2034    if (der != NULL) {
2035        unsigned char* pt = (unsigned char*)key->pkey.ptr;
2036        int bufferPassedIn = ((*der) != NULL);
2037
2038        if (!bufferPassedIn) {
2039            /* Allocate buffer to hold DER encoding. */
2040            *der = (unsigned char*)XMALLOC((size_t)sz, NULL,
2041                DYNAMIC_TYPE_OPENSSL);
2042            if (*der == NULL) {
2043                return WOLFSSL_FATAL_ERROR;
2044            }
2045        }
2046        /* Copy in non-PKCS#8 DER encoding. */
2047        XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz);
2048        /* Step past encoded key when buffer provided. */
2049        if (bufferPassedIn) {
2050            *der += sz;
2051        }
2052    }
2053
2054    /* Return size of DER encoded data. */
2055    return sz;
2056}
2057
2058/* Encode key as unencrypted DER data.
2059 *
2060 * @param [in]  key  PKCS#8 private key to encode.
2061 * @param [out] der  Pointer to buffer of encoded data.
2062 * @return  Length of DER encoded data on success.
2063 * @return  Less than zero on failure.
2064 */
2065int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der)
2066{
2067    return wolfssl_i_evp_pkey_get_der(key, der);
2068}
2069
2070#ifndef NO_BIO
2071/* Encode key as unencrypted DER data and write to BIO.
2072 *
2073 * @param [in]  bio  BIO to write data to.
2074 * @param [in]  key  PKCS#8 private key to encode.
2075 * @return  Length of DER encoded data on success.
2076 * @return  Less than zero on failure.
2077 */
2078int wolfSSL_i2d_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
2079{
2080    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
2081    int derSz = 0;
2082    byte* der = NULL;
2083
2084    if (bio == NULL || key == NULL) {
2085        return WOLFSSL_FAILURE;
2086    }
2087
2088    derSz = wolfSSL_i2d_PrivateKey(key, &der);
2089    if (derSz <= 0) {
2090        WOLFSSL_MSG("wolfSSL_i2d_PrivateKey (for getting size) failed");
2091        return WOLFSSL_FAILURE;
2092    }
2093
2094    if (wolfSSL_BIO_write(bio, der, derSz) != derSz) {
2095        goto cleanup;
2096    }
2097
2098    ret = WOLFSSL_SUCCESS;
2099
2100cleanup:
2101    XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
2102    return ret;
2103}
2104#endif
2105
2106#ifdef HAVE_ECC
2107/* Encode EC key as public key DER.
2108 *
2109 * @param [in]  key  WOLFSSL_EVP_KEY object to encode.
2110 * @param [in]  ec   WOLFSSL_EC_KEY object to encode.
2111 * @param [out] der  Buffer with DER encoding of EC public key.
2112 * @return  Public key DER encoding size on success.
2113 * @return  WOLFSSL_FATAL_ERROR when dynamic memory allocation fails.
2114 * @return  WOLFSSL_FATAL_ERROR when encoding fails.
2115 */
2116static int wolfssl_i_i2d_ecpublickey(const WOLFSSL_EVP_PKEY* key,
2117    const WOLFSSL_EC_KEY *ec, unsigned char **der)
2118{
2119    word32 pub_derSz = 0;
2120    int ret;
2121    unsigned char *local_der = NULL;
2122    word32 local_derSz = 0;
2123    unsigned char *pub_der = NULL;
2124    ecc_key *eccKey = NULL;
2125    word32 inOutIdx = 0;
2126
2127    /* We need to get the DER, then convert it to a public key. But what we get
2128     * might be a buffered private key so we need to decode it and then encode
2129     * the public part. */
2130    ret = wolfssl_i_evp_pkey_get_der(key, &local_der);
2131    if (ret <= 0) {
2132        /* In this case, there was no buffered DER at all. This could be the
2133         * case where the key that was passed in was generated. So now we
2134         * have to create the local DER. */
2135        local_derSz = (word32)wolfSSL_i2d_ECPrivateKey(ec, &local_der);
2136        if (local_derSz == 0) {
2137            ret = WOLFSSL_FATAL_ERROR;
2138        }
2139    } else {
2140        local_derSz = (word32)ret;
2141        ret = 0;
2142    }
2143
2144    if (ret == 0) {
2145        eccKey = (ecc_key *)XMALLOC(sizeof(*eccKey), NULL, DYNAMIC_TYPE_ECC);
2146        if (eccKey == NULL) {
2147            WOLFSSL_MSG("Failed to allocate key buffer.");
2148            ret = WOLFSSL_FATAL_ERROR;
2149        }
2150    }
2151
2152    /* Initialize a wolfCrypt ECC key. */
2153    if (ret == 0) {
2154        ret = wc_ecc_init(eccKey);
2155    }
2156    if (ret == 0) {
2157        /* Decode the DER data with wolfCrypt ECC key. */
2158        ret = wc_EccPublicKeyDecode(local_der, &inOutIdx, eccKey, local_derSz);
2159        if (ret < 0) {
2160            /* We now try again as x.963 [point type][x][opt y]. */
2161            ret = wc_ecc_import_x963(local_der, local_derSz, eccKey);
2162        }
2163    }
2164
2165    if (ret == 0) {
2166        /* Get the size of the encoding of the public key DER. */
2167        pub_derSz = (word32)wc_EccPublicKeyDerSize(eccKey, 1);
2168        if ((int)pub_derSz <= 0) {
2169            ret = WOLFSSL_FAILURE;
2170        }
2171    }
2172
2173    if (ret == 0) {
2174        /* Allocate memory for public key DER encoding. */
2175        pub_der = (unsigned char*)XMALLOC(pub_derSz, NULL,
2176            DYNAMIC_TYPE_PUBLIC_KEY);
2177        if (pub_der == NULL) {
2178            WOLFSSL_MSG("Failed to allocate output buffer.");
2179            ret = WOLFSSL_FATAL_ERROR;
2180        }
2181    }
2182
2183    if (ret == 0) {
2184        /* Encode public key as DER. */
2185        pub_derSz = (word32)wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 1);
2186        if ((int)pub_derSz <= 0) {
2187            ret = WOLFSSL_FATAL_ERROR;
2188        }
2189    }
2190
2191    /* This block is for actually returning the DER of the public key */
2192    if ((ret == 0) && (der != NULL)) {
2193        int bufferPassedIn = ((*der) != NULL);
2194        if (!bufferPassedIn) {
2195            *der = (unsigned char*)XMALLOC(pub_derSz, NULL,
2196                DYNAMIC_TYPE_PUBLIC_KEY);
2197            if (*der == NULL) {
2198                WOLFSSL_MSG("Failed to allocate output buffer.");
2199                ret = WOLFSSL_FATAL_ERROR;
2200            }
2201        }
2202        if (ret == 0) {
2203            XMEMCPY(*der, pub_der, pub_derSz);
2204            if (bufferPassedIn) {
2205                *der += pub_derSz;
2206            }
2207        }
2208    }
2209
2210    /* Dispose of allocated objects. */
2211    XFREE(pub_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
2212    XFREE(local_der, NULL, DYNAMIC_TYPE_OPENSSL);
2213    wc_ecc_free(eccKey);
2214    XFREE(eccKey, NULL, DYNAMIC_TYPE_ECC);
2215
2216    /* Return error or the size of the DER encoded public key. */
2217    if (ret == 0) {
2218        ret = (int)pub_derSz;
2219    }
2220    return ret;
2221}
2222#endif
2223
2224/* Encode the WOLFSSL_EVP_PKEY object as public key DER.
2225 *
2226 * @param [in]  key  WOLFSLS_EVP_PKEY object to encode.
2227 * @param [out] der  Buffer with DER encoding of public key.
2228 * @return  Public key DER encoding size on success.
2229 * @return  WOLFSSL_FATAL_ERROR when key is NULL.
2230 * @return  WOLFSSL_FATAL_ERROR when key type not supported.
2231 * @return  WOLFSSL_FATAL_ERROR when dynamic memory allocation fails.
2232 */
2233int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
2234{
2235    int ret;
2236
2237    /* Validate parameters. */
2238    if (key == NULL) {
2239        return WOLFSSL_FATAL_ERROR;
2240    }
2241
2242    /* Encode based on key type. */
2243    switch (key->type) {
2244    #ifndef NO_RSA
2245        case WC_EVP_PKEY_RSA:
2246            return wolfSSL_i2d_RSAPublicKey(key->rsa, der);
2247    #endif
2248    #ifdef HAVE_ECC
2249        case WC_EVP_PKEY_EC:
2250            return wolfssl_i_i2d_ecpublickey(key, key->ecc, der);
2251    #endif
2252        default:
2253            ret = WOLFSSL_FATAL_ERROR;
2254            break;
2255    }
2256
2257    return ret;
2258}
2259
2260/* Encode the WOLFSSL_EVP_PKEY object as public key DER.
2261 *
2262 * @param [in]  key  WOLFSLS_EVP_PKEY object to encode.
2263 * @param [out] der  Buffer with DER encoding of public key.
2264 * @return  Public key DER encoding size on success.
2265 * @return  WOLFSSL_FATAL_ERROR when key is NULL.
2266 * @return  WOLFSSL_FATAL_ERROR when key type not supported.
2267 * @return  WOLFSSL_FATAL_ERROR when dynamic memory allocation fails.
2268 */
2269int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
2270{
2271    return wolfSSL_i2d_PublicKey(key, der);
2272}
2273#endif /* !NO_ASN && !NO_PWDBASED */
2274
2275#endif /* OPENSSL_EXTRA */
2276
2277#endif /* !NO_CERTS */
2278
2279/*******************************************************************************
2280 * END OF i2d APIs
2281 ******************************************************************************/
2282
2283#endif /* !WOLFSSL_EVP_PK_INCLUDED */
2284