diff --git a/src/ssl.c b/src/ssl.c index 39d80ef2a..d68673dfa 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -34675,7 +34675,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, #endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) -static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey) +static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, void* heap) { int derSz = 0; int ret; @@ -34712,7 +34712,7 @@ static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey) } if (outBuf) { - if (!(derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER))) { + if (!(derBuf = (byte*)XMALLOC(derSz, heap, DYNAMIC_TYPE_TMP_BUFFER))) { WOLFSSL_MSG("malloc failed"); WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", MEMORY_ERROR); return MEMORY_ERROR; @@ -34728,12 +34728,12 @@ static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey) if (derSz < 0) { WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); } else { if (*outBuf) { XMEMCPY(*outBuf, derBuf, derSz); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); } else { *outBuf = derBuf; @@ -34788,7 +34788,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, int derSz; byte* derBuf = NULL; - if ((derSz = wolfSSL_RSA_To_Der(key, &derBuf, 0)) < 0) { + if ((derSz = wolfSSL_RSA_To_Der(key, &derBuf, 0, bio->heap)) < 0) { WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } @@ -34821,13 +34821,15 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, } #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) +/* forward declaration for wolfSSL_PEM_write_bio_RSA_PUBKEY */ +static int WriteBioPUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); + /* Takes an RSA public key and writes it out to a WOLFSSL_BIO * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE */ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) { - int ret = 0, derSz = 0; - byte *derBuf = NULL; + int ret = 0; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSA_PUBKEY"); @@ -34848,28 +34850,7 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) pkey->rsa = rsa; pkey->ownRsa = 0; - if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) { - WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); - return WOLFSSL_FAILURE; - } - - if (derBuf == NULL) { - WOLFSSL_MSG("wolfSSL_RSA_To_Der failed to get buffer"); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey); + ret = WriteBioPUBKEY(bio, pkey); wolfSSL_EVP_PKEY_free(pkey); return ret; @@ -34908,44 +34889,117 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_RSA** rsa, #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) && !defined(NO_RSA) */ -/* Takes a public key and writes it out to a WOLFSSL_BIO - * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE - */ -int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +static int WriteBioPUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) { - byte* keyDer; - int pemSz; int ret; - byte* tmp; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY"); + int pemSz; + byte* pemBuf; + int derSz = 0; + byte* derBuf = NULL; if (bio == NULL || key == NULL) { + WOLFSSL_MSG("Bad parameters"); return WOLFSSL_FAILURE; } - keyDer = (byte*)key->pkey.ptr; + switch (key->type) { +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) + case EVP_PKEY_RSA: + if ((derSz = wolfSSL_RSA_To_Der(key->rsa, &derBuf, 1, bio->heap)) + < 0) { + WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); + break; + } + break; +#endif +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) + case EVP_PKEY_DSA: + if (key->dsa == NULL) { + WOLFSSL_MSG("key->dsa is null"); + break; + } + derSz = MAX_DSA_PUBKEY_SZ; + derBuf = (byte*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + break; + } + /* Key to DER */ + derSz = wc_DsaKeyToPublicDer((DsaKey*)key->dsa->internal, derBuf, + derSz); + if (derSz < 0) { + WOLFSSL_MSG("wc_DsaKeyToDer failed"); + break; + } + break; +#endif +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) + case EVP_PKEY_EC: + { + if (key->ecc == NULL) { + WOLFSSL_MSG("key->ecc is null"); + break; + } + derSz = wc_EccPublicKeyDerSize((ecc_key*)key->ecc->internal, 1); + if (derSz <= 0) { + WOLFSSL_MSG("wc_EccPublicKeyDerSize failed"); + break; + } + derBuf = (byte*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + break; + } + derSz = wc_EccPublicKeyToDer((ecc_key*)key->ecc->internal, derBuf, + derSz, 1); + if (derSz < 0) { + WOLFSSL_MSG("wc_EccPublicKeyToDer failed"); + break; + } + break; + } +#endif +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + case EVP_PKEY_DH: + WOLFSSL_MSG("Writing DH PUBKEY not supported!"); + break; +#endif + default: + WOLFSSL_MSG("Unknown Key type!"); + break; + } - pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, PUBLICKEY_TYPE); + if (derBuf == NULL || derSz <= 0) { + if (derBuf != NULL) + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); + return WOLFSSL_FAILURE; + } + + pemSz = wc_DerToPem(derBuf, derSz, NULL, 0, PUBLICKEY_TYPE); if (pemSz < 0) { - WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", pemSz); + WOLFSSL_LEAVE("WriteBioPUBKEY", pemSz); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); return WOLFSSL_FAILURE; } - tmp = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (tmp == NULL) { - return MEMORY_E; + + pemBuf = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pemBuf == NULL) { + WOLFSSL_LEAVE("WriteBioPUBKEY", pemSz); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); + return WOLFSSL_FAILURE; } - ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz, - NULL, PUBLICKEY_TYPE); + ret = wc_DerToPem(derBuf, derSz, pemBuf, pemSz, PUBLICKEY_TYPE); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); if (ret < 0) { - WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", ret); - XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); + WOLFSSL_LEAVE("WriteBioPUBKEY", ret); + XFREE(pemBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } - ret = wolfSSL_BIO_write(bio, tmp, pemSz); - XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); + ret = wolfSSL_BIO_write(bio, pemBuf, pemSz); + XFREE(pemBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (ret != pemSz) { WOLFSSL_MSG("Unable to write full PEM to BIO"); return WOLFSSL_FAILURE; @@ -34954,6 +35008,16 @@ int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) return WOLFSSL_SUCCESS; } +/* Takes a public key and writes it out to a WOLFSSL_BIO + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +{ + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY"); + + return WriteBioPUBKEY(bio, key); +} + /* Takes a private key and writes it out to a WOLFSSL_BIO * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE */ @@ -35023,8 +35087,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, return MEMORY_E; } - ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz, - NULL, type); + ret = wc_DerToPem(keyDer, key->pkey_sz, tmp, pemSz, type); if (ret < 0) { WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret); XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); @@ -35077,7 +35140,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, } } - if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0)) < 0) { + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0, rsa->heap)) < 0) { WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } @@ -35089,7 +35152,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, byte *tmpBuf; /* Add space for padding */ - if (!(tmpBuf = (byte*)XREALLOC(derBuf, derSz + blockSz, NULL, + if (!(tmpBuf = (byte*)XREALLOC(derBuf, derSz + blockSz, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER))) { WOLFSSL_MSG("Extending DER buffer failed"); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); @@ -35101,7 +35164,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, passwd, passwdSz, &cipherInfo, derSz + blockSz); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("EncryptDerKey failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER); return ret; } @@ -35118,7 +35181,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM); if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return WOLFSSL_FAILURE; @@ -35128,13 +35191,13 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type); if (*plen <= 0) { WOLFSSL_MSG("wc_DerToPemEx failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER); XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return WOLFSSL_FAILURE; } - XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); @@ -37955,8 +38018,7 @@ WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, */ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) { - int ret = 0, der_max_len = 0, derSz = 0; - byte *derBuf; + int ret = 0; WOLFSSL_EVP_PKEY* pkey; WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY"); @@ -37978,39 +38040,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) pkey->ownEcc = 0; /* pkey does not own ECC */ pkey->type = EVP_PKEY_EC; - /* 4 > size of pub, priv + ASN.1 additional information */ - der_max_len = 4 * wc_ecc_size((ecc_key*)ec->internal) + AES_BLOCK_SIZE; - - derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("Malloc failed"); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - - /* convert key to der format */ - derSz = wc_EccPublicKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len, 1); - if (derSz < 0) { - WOLFSSL_MSG("wc_EccPublicKeyToDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - - /* add der info to the evp key */ - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - - if((ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey)) != WOLFSSL_SUCCESS){ + if((ret = WriteBioPUBKEY(bio, pkey)) != WOLFSSL_SUCCESS){ WOLFSSL_MSG("wolfSSL_PEM_write_bio_PUBKEY failed"); } wolfSSL_EVP_PKEY_free(pkey); @@ -38292,7 +38322,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, pkey->ownDsa = 0; /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE; + der_max_len = MAX_DSA_PRIVKEY_SZ; derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (derBuf == NULL) { @@ -38336,8 +38366,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, */ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa) { - int ret = 0, derMax = 0, derSz = 0; - byte *derBuf; + int ret = 0; WOLFSSL_EVP_PKEY* pkey; WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSA_PUBKEY"); @@ -38357,45 +38386,7 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa) pkey->dsa = dsa; pkey->ownDsa = 0; - /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - derMax = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE; - - derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_DER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - - /* Key to DER */ - derSz = wc_DsaKeyToPublicDer((DsaKey*)dsa->internal, derBuf, derMax); - if (derSz < 0) { - WOLFSSL_MSG("wc_DsaKeyToDer failed"); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_DER); - - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMSET(pkey->pkey.ptr, 0, derSz); - - if (XMEMCPY(pkey->pkey.ptr, derBuf, derSz) == NULL) { - WOLFSSL_MSG("XMEMCPY failed"); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); - XFREE(pkey->pkey.ptr, bio->heap, DYNAMIC_TYPE_DER); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); - ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey); + ret = WriteBioPUBKEY(bio, pkey); wolfSSL_EVP_PKEY_free(pkey); return ret; } @@ -38436,8 +38427,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, } } - /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE; + der_max_len = MAX_DSA_PRIVKEY_SZ; derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER); if (derBuf == NULL) { @@ -39316,7 +39306,8 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) return BAD_FUNC_ARG; } - if ((ret = wolfSSL_RSA_To_Der(rsa, pp, 0)) < 0) { + /* No heap hint as this gets returned to the user */ + if ((ret = wolfSSL_RSA_To_Der(rsa, pp, 0, NULL)) < 0) { WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } @@ -39335,7 +39326,8 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp) return BAD_FUNC_ARG; } - if ((ret = wolfSSL_RSA_To_Der(rsa, (byte**)pp, 1)) < 0) { + /* No heap hint as this gets returned to the user */ + if ((ret = wolfSSL_RSA_To_Der(rsa, (byte**)pp, 1, NULL)) < 0) { WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } @@ -39741,7 +39733,7 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) return NULL; } - if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) { + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) { WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return NULL; } @@ -39752,7 +39744,7 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) wolfSSL_RSA_free(local); local = NULL; } - XFREE(derBuf, NULL, DYNAMIC_TYPE_ASN1); + XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_ASN1); return local; } #endif diff --git a/tests/api.c b/tests/api.c index 60c4a4123..9753712f5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29603,6 +29603,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) EVP_PKEY* pkey2 = NULL; unsigned char extra[10]; int i; + BIO* pub_bio = NULL; printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); @@ -29610,6 +29611,8 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); + AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE); AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long)sizeof_server_key_der_2048)); @@ -29619,6 +29622,19 @@ static void test_wolfSSL_PEM_PrivateKey(void) &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); + AssertIntGT(BIO_pending(bio), 0); + AssertIntEQ(BIO_pending(bio), 1679); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + AssertIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + AssertIntEQ(BIO_pending(pub_bio), 451); +#endif + /* test creating new EVP_PKEY with good args */ AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); @@ -29642,6 +29658,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR); } + BIO_free(pub_bio); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index d025bce4d..8205188ce 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -782,6 +782,7 @@ enum Misc_ASN { RSA_INTS = 8, /* RSA ints in private key */ DSA_PARAM_INTS = 3, /* DSA paramater ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ + DSA_PUB_INTS = 4, /* DSA ints in public key */ DSA_INTS = 5, /* DSA ints in private key */ MIN_DATE_SIZE = 12, MAX_DATE_SIZE = 32, @@ -802,6 +803,7 @@ enum Misc_ASN { MAX_SIG_SZ = 256, MAX_ALGO_SZ = 20, MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */ + MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ @@ -812,9 +814,14 @@ enum Misc_ASN { MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ MAX_DSA_INT_SZ = 389, /* DSA raw sz 3072 for bits + tag + len(4) */ + MAX_DSA_PUBKEY_SZ = (DSA_PUB_INTS * MAX_DSA_INT_SZ) + (2 * MAX_SEQ_SZ) + + 2 + MAX_LENGTH_SZ, /* Maximum size of a DSA public + key taken from wc_SetDsaPublicKey. */ + MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ + + MAX_VERSION_SZ, /* Maximum size of a DSA Private + key taken from DsaKeyIntsToDer. */ MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ - MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ MAX_RSA_E_SZ = 16, /* Max RSA public e size */ MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */