Merge pull request #8970 from miyazakh/qt_jenkins_encryptedKey4PBKDF1

Fix Qt nightly Jenkins failure

Author: dgarske

src/pk.c

@@ -507,12 +507,10 @@ static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
     byte* cipherInfo = NULL;
     int pemSz = 0;
     int hashType = WC_HASH_TYPE_NONE;
-#if !defined(NO_SHA256)
-    hashType = WC_SHA256;
+#if !defined(NO_MD5)
+    hashType = WC_MD5;
 #elif !defined(NO_SHA)
     hashType = WC_SHA;
-#elif !defined(NO_MD5)
-    hashType = WC_MD5;
 #endif
 
     /* Macro doesn't always use it. */

tests/api.c

@@ -47811,6 +47811,62 @@ static int test_wolfSSL_PKCS7_SIGNED_new(void)
 }
 
 #ifndef NO_BIO
+
+static int test_wolfSSL_PEM_write_bio_encryptedKey(void)
+{
+    EXPECT_DECLS;
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
+    defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
+    defined(WOLFSSL_ENCRYPTED_KEYS) && \
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+    !defined(NO_DES3)
+    RSA* rsaKey = NULL;
+    RSA* retKey = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    BIO* bio = NULL;
+    BIO* retbio = NULL;
+    byte* out;
+    const char* password = "wolfssl";
+    word32 passwordSz =(word32)XSTRLEN((char*)password);
+    int membufSz = 0;
+
+#if defined(USE_CERT_BUFFERS_2048)
+    const byte* key = client_key_der_2048;
+    word32      keySz = sizeof_client_key_der_2048;
+#elif defined(USE_CERT_BUFFERS_1024)
+    const byte* key = client_key_der_1024;
+    word32      keySz = sizeof_client_key_der_1024;
+#endif
+    /* Import Rsa Key */
+    ExpectNotNull(rsaKey = wolfSSL_RSA_new());
+    ExpectIntEQ(wolfSSL_RSA_LoadDer_ex(rsaKey, key, keySz,
+                                        WOLFSSL_RSA_LOAD_PRIVATE), 1);
+
+    ExpectNotNull(cipher = EVP_des_ede3_cbc());
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsaKey, cipher,
+                                (byte*)password, passwordSz, NULL, NULL), 1);
+    ExpectIntGT((membufSz = BIO_get_mem_data(bio, &out)), 0);
+    ExpectNotNull(retbio = BIO_new_mem_buf(out, membufSz));
+    ExpectNotNull((retKey = PEM_read_bio_RSAPrivateKey(retbio, NULL,
+                                NULL, (void*)password)));
+    if (bio != NULL) {
+        BIO_free(bio);
+    }
+    if (retbio != NULL) {
+        BIO_free(retbio);
+    }
+    if (retKey != NULL) {
+        RSA_free(retKey);
+    }
+    if (rsaKey != NULL) {
+        RSA_free(rsaKey);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_PEM_write_bio_PKCS7(void)
 {
     EXPECT_DECLS;
@@ -67974,6 +68030,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_PKCS7_SIGNED_new),
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_PEM_write_bio_PKCS7),
+    TEST_DECL(test_wolfSSL_PEM_write_bio_encryptedKey),
 #ifdef HAVE_SMIME
     TEST_DECL(test_wolfSSL_SMIME_read_PKCS7),
     TEST_DECL(test_wolfSSL_SMIME_write_PKCS7),

wolfcrypt/src/asn.c

@@ -26848,6 +26848,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 #ifdef OPENSSL_EXTRA
     char        beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */
     char        endBuf[PEM_LINE_LEN + 1];   /* add 1 for null terminator */
+#endif
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+    int hashType = WC_HASH_TYPE_NONE;
+#if !defined(NO_MD5)
+    hashType = WC_MD5;
+#elif !defined(NO_SHA)
+    hashType = WC_SHA;
+#endif
 #endif
 
     WOLFSSL_ENTER("PemToDer");
@@ -27214,7 +27222,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                 #endif
 
                     ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
-                        (byte*)password, passwordSz, WC_MD5);
+                        (byte*)password, passwordSz, hashType);
 
 #ifndef NO_WOLFSSL_SKIP_TRAILING_PAD
                 #ifndef NO_DES3