From 28b686a8ca62f1e0b6cdeeaff7eb076dc0392140 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 23 Apr 2020 16:11:54 -0700 Subject: [PATCH] * Exposed useful sizes `MAX_X509_HEADER_SZ` and `PEM_LINE_SZ` * Refactor the PEM saving code in `test.c`, so its not using large 4K buffer and calculates based on DER. * Enable ECC key generation test even without `WOLFSSL_KEY_GEN`. * Added `ECC_KEYGEN_SIZE` macro for ECC key generation testing. * Refactor ECC DER key generation to use `ECC_BUFSIZE`. --- wolfcrypt/src/asn.c | 5 +- wolfcrypt/src/coding.c | 2 +- wolfcrypt/test/test.c | 236 ++++++++++++++-------------------------- wolfssl/wolfcrypt/asn.h | 5 +- 4 files changed, 89 insertions(+), 159 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 066f66c81..11e58a7cb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9798,9 +9798,8 @@ void wc_FreeDer(DerBuffer** pDer) #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) -/* Max X509 header length indicates the max length + 2 ('\n', '\0') */ -#define MAX_X509_HEADER_SZ (37 + 2) - +/* Note: If items added make sure MAX_X509_HEADER_SZ is + updated to reflect maximum length */ wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; wcchar END_CERT = "-----END CERTIFICATE-----"; #ifdef WOLFSSL_CERT_REQ diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index f6c814e01..c94efb03e 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -29,6 +29,7 @@ #ifndef NO_CODING #include +#include /* For PEM_LINE_SZ */ #include #include @@ -36,7 +37,6 @@ enum { BAD = 0xFF, /* invalid encoding */ PAD = '=', - PEM_LINE_SZ = 64, BASE64_MIN = 0x2B, BASE16_MIN = 0x30, }; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index dd795a46c..8e405de09 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -120,11 +120,7 @@ #include #include #include -#if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER) - #include -#else - #include -#endif +#include #include #include #include @@ -1286,18 +1282,17 @@ initDefaultName(); #endif /* NO_MAIN_DRIVER */ /* helper to save DER, convert to PEM and save PEM */ -#if !defined(NO_ASN) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ - (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) +#if !defined(NO_ASN) && \ + ((!defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)) || defined(HAVE_ECC)) #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) -#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) +#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB) #else -#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, NULL, NULL, pT, eB) +#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB) #endif static int _SaveDerAndPem(const byte* der, int derSz, - byte* pem, int pemSz, const char* fileDer, - const char* filePem, int pemType, int errBase) + const char* fileDer, const char* filePem, int pemType, int errBase) { #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) int ret; @@ -1314,32 +1309,50 @@ static int _SaveDerAndPem(const byte* der, int derSz, } #endif - if (pem && filePem) { +#ifdef WOLFSSL_DER_TO_PEM + if (filePem) { #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) XFILE pemFile; #endif - #ifdef WOLFSSL_DER_TO_PEM + byte* pem; + int pemSz; + + /* calculate PEM size */ + pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType); + if (pemSz < 0) { + return pemSz; + } + pem = XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + return MEMORY_E; + } + /* Convert to PEM */ pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType); if (pemSz < 0) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return errBase + 2; } - #endif #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) pemFile = XFOPEN(filePem, "wb"); if (!pemFile) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return errBase + 3; } ret = (int)XFWRITE(pem, 1, pemSz, pemFile); XFCLOSE(pemFile); if (ret != pemSz) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return errBase + 4; } #endif + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } +#endif /* WOLFSSL_DER_TO_PEM */ /* suppress unused variable warnings */ (void)filePem; (void)fileDer; + (void)pemType; return 0; } @@ -10357,12 +10370,10 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem"; static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der"; #endif - #ifdef WOLFSSL_KEY_GEN static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem"; static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der"; static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der"; static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der"; - #endif #if defined(WOLFSSL_CERT_GEN) || \ (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) static const char* certEccDerFile = CERT_PREFIX "certecc.der"; @@ -12229,7 +12240,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) { RsaKey caKey; byte* der; - byte* pem = NULL; int ret; Cert* myCert = NULL; int certSz; @@ -12255,10 +12265,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) if (der == NULL) { ERROR_OUT(-7619, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7620, exit_rsa); - } myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (myCert == NULL) { ERROR_OUT(-7621, exit_rsa); @@ -12337,8 +12343,8 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, - certPemFile, CERT_TYPE, -5578); + ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile, + CERT_TYPE, -5578); if (ret != 0) { goto exit_rsa; } @@ -12500,8 +12506,8 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, - otherCertPemFile, CERT_TYPE, -5598); + ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile, + CERT_TYPE, -5598); if (ret != 0) { goto exit_rsa; } @@ -12510,7 +12516,6 @@ exit_rsa: wc_FreeRsaKey(&caKey); XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -12525,7 +12530,6 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) ecc_key caEccKey; ecc_key caEccKeyPub; byte* der; - byte* pem = NULL; Cert* myCert = NULL; int certSz; size_t bytes3; @@ -12547,10 +12551,6 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) if (der == NULL) { ERROR_OUT(-7645, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7646, exit_rsa); - } myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (myCert == NULL) { ERROR_OUT(-7647, exit_rsa); @@ -12697,8 +12697,8 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, - certEccRsaPemFile, CERT_TYPE, -5616); + ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile, + CERT_TYPE, -5616); if (ret != 0) { goto exit_rsa; } @@ -12710,8 +12710,6 @@ exit_rsa: XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); myCert = NULL; - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; @@ -12727,7 +12725,6 @@ static int rsa_keygen_test(WC_RNG* rng) RsaKey genKey; int ret; byte* der = NULL; - byte* pem = NULL; word32 idx = 0; int derSz = 0; #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) @@ -12766,17 +12763,13 @@ static int rsa_keygen_test(WC_RNG* rng) if (der == NULL) { ERROR_OUT(-7665, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7666, exit_rsa); - } derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { ERROR_OUT(-7667, exit_rsa); } - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, + ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, PRIVATEKEY_TYPE, -5555); if (ret != 0) { goto exit_rsa; @@ -12798,10 +12791,6 @@ static int rsa_keygen_test(WC_RNG* rng) exit_rsa: wc_FreeRsaKey(&genKey); - if (pem != NULL) { - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - } if (der != NULL) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; @@ -12816,7 +12805,6 @@ int rsa_test(void) int ret; byte* tmp; byte* der = NULL; - byte* pem = NULL; size_t bytes; WC_RNG rng; RsaKey key; @@ -13698,10 +13686,6 @@ int rsa_test(void) if (der == NULL) { ERROR_OUT(-7758, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7759, exit_rsa); - } certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key, public_key_len, &rng); @@ -13735,8 +13719,8 @@ int rsa_test(void) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, "./ntru-cert.der", - "./ntru-cert.pem", CERT_TYPE, -5637); + ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem", + CERT_TYPE, -5637); if (ret != 0) { goto exit_rsa; } @@ -13753,8 +13737,6 @@ int rsa_test(void) } #endif - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; } @@ -13768,10 +13750,6 @@ int rsa_test(void) if (der == NULL) { ERROR_OUT(-7765, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7766, exit_rsa); - } if (wc_InitCert(&req)) { ERROR_OUT(-7767, exit_rsa); @@ -13846,8 +13824,8 @@ int rsa_test(void) } derSz = ret; - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, certReqDerFile, - certReqPemFile, CERTREQ_TYPE, -5650); + ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile, + CERTREQ_TYPE, -5650); if (ret != 0) { goto exit_rsa; } @@ -13857,8 +13835,6 @@ int rsa_test(void) ERROR_OUT(-7776, exit_rsa); } - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; } @@ -13878,7 +13854,6 @@ exit_rsa: wc_FreeRsaKey(&caKey); #endif - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); @@ -14606,7 +14581,6 @@ int dsa_test(void) #ifdef WOLFSSL_KEY_GEN { byte* der; - byte* pem; int derSz = 0; DsaKey derIn; DsaKey genKey; @@ -14631,25 +14605,17 @@ int dsa_test(void) wc_FreeDsaKey(&genKey); return -8011; } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&genKey); - return -8012; - } derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -8013; } - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, - keyPemFile, DSA_PRIVATEKEY_TYPE, -5814); + ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, + DSA_PRIVATEKEY_TYPE, -5814); if (ret != 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return ret; } @@ -14657,7 +14623,6 @@ int dsa_test(void) ret = wc_InitDsaKey(&derIn); if (ret != 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -8014; } @@ -14666,7 +14631,6 @@ int dsa_test(void) ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz); if (ret != 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); return -8015; @@ -14674,7 +14638,6 @@ int dsa_test(void) wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* WOLFSSL_KEY_GEN */ @@ -17714,6 +17677,10 @@ int x963kdf_test(void) #ifdef HAVE_ECC +#ifndef ECC_KEYGEN_SIZE + /* size to use for ECC key gen tests */ + #define ECC_KEYGEN_SIZE 32 +#endif #ifdef BENCH_EMBEDDED #define ECC_SHARED_SIZE 128 #else @@ -18212,9 +18179,9 @@ done: static int ecc_test_make_pub(WC_RNG* rng) { ecc_key key; - unsigned char* exportBuf; - unsigned char* tmp; - unsigned char msg[] = "test wolfSSL ECC public gen"; + byte exportBuf[ECC_BUFSIZE]; + byte tmp[ECC_BUFSIZE]; + const byte* msg = (const byte*)"test wolfSSL ECC public gen"; word32 x, tmpSz; int ret = 0; ecc_point* pubPoint = NULL; @@ -18231,33 +18198,15 @@ static int ecc_test_make_pub(WC_RNG* rng) wc_ecc_init_ex(&key, HEAP_HINT, devId); #ifdef USE_CERT_BUFFERS_256 - tmp = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return -9613; - } - exportBuf = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9614; - } XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256); tmpSz = (size_t)sizeof_ecc_key_der_256; #else - tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return -9615; - } - exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9616; - } file = XFOPEN(eccKeyDerFile, "rb"); if (!file) { ERROR_OUT(-9617, done); } - tmpSz = (word32)XFREAD(tmp, 1, FOURK_BUF, file); + tmpSz = (word32)XFREAD(tmp, 1, sizeof(tmp), file); XFCLOSE(file); #endif /* USE_CERT_BUFFERS_256 */ @@ -18279,7 +18228,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } #ifdef HAVE_ECC_KEY_EXPORT - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { ERROR_OUT(-9621, done); @@ -18293,7 +18242,7 @@ static int ecc_test_make_pub(WC_RNG* rng) ERROR_OUT(-9622, done); } - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { ERROR_OUT(-9623, done); @@ -18321,7 +18270,7 @@ static int ecc_test_make_pub(WC_RNG* rng) #ifdef HAVE_ECC_KEY_EXPORT /* export should still fail, is private only key */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { ERROR_OUT(-9627, done); @@ -18329,13 +18278,13 @@ static int ecc_test_make_pub(WC_RNG* rng) #endif /* HAVE_ECC_KEY_EXPORT */ #if defined(WOLFSSL_CRYPTOCELL) /* create a new key since building private key from public key is unsupported */ - ret = wc_ecc_make_key(rng, 32, &key); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key); if (ret == 0) { ERROR_OUT(-9628, done); } #endif #ifdef HAVE_ECC_SIGN - tmpSz = FOURK_BUF; + tmpSz = sizeof(tmp); ret = 0; do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -18369,7 +18318,7 @@ static int ecc_test_make_pub(WC_RNG* rng) TEST_SLEEP(); #ifdef HAVE_ECC_KEY_EXPORT /* exporting the public part should now work */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret != 0) { ERROR_OUT(-9632, done); @@ -18381,7 +18330,7 @@ static int ecc_test_make_pub(WC_RNG* rng) #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) /* now test private only key with creating a shared secret */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { ERROR_OUT(-9633, done); @@ -18396,7 +18345,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } /* check that public export fails with private only key */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { ERROR_OUT(-9635, done); @@ -18404,7 +18353,7 @@ static int ecc_test_make_pub(WC_RNG* rng) /* make public key for shared secret */ wc_ecc_init_ex(&pub, HEAP_HINT, devId); - ret = wc_ecc_make_key(rng, 32, &pub); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &pub); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -18413,7 +18362,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } TEST_SLEEP(); - x = FOURK_BUF; + x = sizeof(exportBuf); do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -18433,9 +18382,6 @@ static int ecc_test_make_pub(WC_RNG* rng) done: - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ecc_del_point_h(pubPoint, HEAP_HINT); wc_ecc_free(&key); @@ -18492,7 +18438,6 @@ static int ecc_test_key_decode(WC_RNG* rng, int keySize) } #endif /* HAVE_ECC_KEY_IMPORT */ -#ifdef WOLFSSL_KEY_GEN static int ecc_test_key_gen(WC_RNG* rng, int keySize) { int ret = 0; @@ -18500,20 +18445,9 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) #ifdef HAVE_PKCS8 word32 pkcs8Sz; #endif - byte* der; - byte* pem; + byte der[ECC_BUFSIZE]; ecc_key userA; - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - return -9638; - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9639; - } - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); if (ret != 0) goto done; @@ -18531,19 +18465,19 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) goto done; TEST_SLEEP(); - derSz = wc_EccKeyToDer(&userA, der, FOURK_BUF); + derSz = wc_EccKeyToDer(&userA, der, sizeof(der)); if (derSz < 0) { ERROR_OUT(derSz, done); } - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, eccCaKeyTempFile, - eccCaKeyPemFile, ECC_PRIVATEKEY_TYPE, -8347); + ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile, + ECC_PRIVATEKEY_TYPE, -8347); if (ret != 0) { goto done; } /* test export of public key */ - derSz = wc_EccPublicKeyToDer(&userA, der, FOURK_BUF, 1); + derSz = wc_EccPublicKeyToDer(&userA, der, sizeof(der), 1); if (derSz < 0) { ERROR_OUT(derSz, done); } @@ -18551,8 +18485,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(-9640, done); } - ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile, - NULL, 0, -8348); + ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348); if (ret != 0) { goto done; } @@ -18569,8 +18502,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(-9641, done); } - ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile, - NULL, 0, -8349); + ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349); if (ret != 0) { goto done; } @@ -18578,13 +18510,10 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) done: - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&userA); return ret; } -#endif /* WOLFSSL_KEY_GEN */ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, int curve_id, const ecc_set_type* dp) @@ -18959,7 +18888,6 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) } #endif -#ifdef WOLFSSL_KEY_GEN ret = ecc_test_key_decode(rng, keySize); if (ret < 0) { if (ret == ECC_CURVE_OID_E) { @@ -18981,7 +18909,6 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) return ret; } } -#endif return 0; } @@ -19491,7 +19418,7 @@ static int ecc_def_curve_test(WC_RNG *rng) goto done; } - ret = wc_ecc_make_key(rng, 32, &key); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -19813,22 +19740,23 @@ static int ecc_test_cert_gen(WC_RNG* rng) #ifdef WOLFSSL_TEST_CERT DecodedCert decode; #endif - byte* der; - byte* pem = NULL; +#ifdef WOLFSSL_SMALL_STACK + byte* der = NULL; +#else + byte der[FOURK_BUF]; +#endif ecc_key caEccKey; ecc_key certPubKey; XMEMSET(&caEccKey, 0, sizeof(caEccKey)); XMEMSET(&certPubKey, 0, sizeof(certPubKey)); +#ifdef WOLFSSL_SMALL_STACK der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-9817, exit); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { ERROR_OUT(-9818, exit); } +#endif /* Get cert private key */ #ifdef ENABLE_ECC384_CERT_GEN_TEST @@ -19879,7 +19807,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) ERROR_OUT(-9823, exit); } - ret = wc_ecc_make_key(rng, 32, &certPubKey); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &certPubKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -19979,19 +19907,19 @@ static int ecc_test_cert_gen(WC_RNG* rng) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccDerFile, - certEccPemFile, CERT_TYPE, -6735); + ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile, + CERT_TYPE, -6735); if (ret != 0) { goto exit; } exit: +#ifdef WOLFSSL_SMALL_STACK + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif wc_ecc_free(&certPubKey); wc_ecc_free(&caEccKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } #endif /* WOLFSSL_CERT_GEN */ @@ -20008,7 +19936,7 @@ static int ecc_test_allocator(WC_RNG* rng) ERROR_OUT(-9833, exit); } - ret = wc_ecc_make_key(rng, 32, key); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); if (ret != 0) { ERROR_OUT(-9834, exit); } @@ -20208,7 +20136,7 @@ int ecc_encrypt_test(void) if (ret != 0) goto done; - ret = wc_ecc_make_key(&rng, 32, &userA); + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userA); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -20216,7 +20144,7 @@ int ecc_encrypt_test(void) ret = -10001; goto done; } - ret = wc_ecc_make_key(&rng, 32, &userB); + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userB); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 6bdda029b..686d09c29 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -326,6 +326,8 @@ enum Misc_ASN { /* Maximum DER digest size */ MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest ASN header size */ + /* Max X509 header length indicates the max length + 2 ('\n', '\0') */ + MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */ #ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_REQ /* Max encoded cert req attributes length */ @@ -377,7 +379,8 @@ enum Misc_ASN { PKCS5_SALT_SZ = 8, - PEM_LINE_LEN = 80, /* PEM line max + fudge */ + PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */ + PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ };