Using Decode Raw RSA Private Key

1. Add a check for wc_RsaPrivateKeyDecodeRaw() to configure. 2. If wc_RsaPrivateKeyDecodeRaw() is available, use it to load the private key from GetOpenSshKeyRsa(). If unavailable, process the key the original way.
wolfSSL · Jun 1, 2024 · daca934 · daca934
1 parent 0e72885
commit daca934
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 2 deletions.
diff --git a/configure.ac b/configure.ac
@@ -127,7 +127,7 @@ AC_ARG_WITH(wolfssl,
 )
 
 AC_CHECK_LIB([wolfssl],[wolfCrypt_Init],,[AC_MSG_ERROR([libwolfssl is required for ${PACKAGE}. It can be obtained from https://www.wolfssl.com/download.html/ .])])
-AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket wc_ecc_set_rng])
+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket wc_ecc_set_rng wc_RsaPrivateKeyDecodeRaw])
 AC_CHECK_DECLS([[pread],[pwrite]],,[unistd.h])
 
 # DEBUG

diff --git a/src/internal.c b/src/internal.c
@@ -1353,6 +1353,44 @@ int IdentifyAsn1Key(const byte* in, word32 inSz, int isPrivate, void* heap)
 
 
 #ifndef WOLFSSH_NO_RSA
+
+#ifdef HAVE_WC_RSAPRIVATEKEYDECODERAW
+
+/*
+ * Utility for GetOpenSshKey() to read in RSA keys.
+ */
+static int GetOpenSshKeyRsa(RsaKey* key,
+        const byte* buf, word32 len, word32* idx)
+{
+    const byte *n, *e, *d, *u, *p, *q;
+    word32 nSz, eSz, dSz, uSz, pSz, qSz;
+    int ret;
+
+    ret = wc_InitRsaKey(key, NULL);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&nSz, &n, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&eSz, &e, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&dSz, &d, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&uSz, &u, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&pSz, &p, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&qSz, &q, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = wc_RsaPrivateKeyDecodeRaw(n, nSz, e, eSz, d, dSz,
+                u, uSz, p, pSz, q, qSz, NULL, 0, NULL, 0, key);
+
+    if (ret != WS_SUCCESS)
+        ret = WS_RSA_E;
+
+    return ret;
+}
+
+#else /* HAVE_WC_RSAPRIVATEKEYDECODERAW */
+
 /*
  * Utility function to read an Mpint from the stream directly into a mp_int.
  */
@@ -1427,7 +1465,11 @@ static int GetOpenSshKeyRsa(RsaKey* key,
 
     return ret;
 }
-#endif
+
+#endif /* HAVE_WC_RSAPRIVATEKEYDECODERAW */
+
+#endif /* WOLFSSH_NO_RSA */
+
 
 #ifndef WOLFSSH_NO_ECDSA
 /*