diff --git a/certs/include.am b/certs/include.am index 0df422e37..dccd84fa7 100644 --- a/certs/include.am +++ b/certs/include.am @@ -39,6 +39,7 @@ EXTRA_DIST += \ certs/server-keyPkcs8Enc.pem \ certs/server-keyPkcs8Enc.der \ certs/server-keyPkcs8.pem \ + certs/server-pub-key.pem \ certs/server-revoked-cert.pem \ certs/server-revoked-key.pem \ certs/wolfssl-website-ca.pem \ diff --git a/certs/server-pub-key.pem b/certs/server-pub-key.pem new file mode 100644 index 000000000..c90f5c4f2 --- /dev/null +++ b/certs/server-pub-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScB +ZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8 +yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF +9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1m +UQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOV +oXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t +1wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/src/bio.c b/src/bio.c index 8984dc7d0..1575657a9 100644 --- a/src/bio.c +++ b/src/bio.c @@ -670,7 +670,7 @@ exit_chain: if (front != NULL && front->infoCb != NULL) { ret = (int)front->infoCb(front, WOLFSSL_BIO_CB_WRITE | WOLFSSL_BIO_CB_RETURN, - (const char*)data, 0, 0, ret); + (const char*)data, len, 0, ret); } if (frmt != NULL) { diff --git a/tests/api.c b/tests/api.c index 5c68a1f34..aec38d16e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28758,6 +28758,12 @@ static void test_wolfSSL_PEM_bio_RSAKey(void) BIO_free(bio); RSA_free(rsa); + /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ + AssertNotNull(bio = BIO_new_file("./certs/server-pub-key.pem", "rb")); + AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + RSA_free(rsa); + #ifdef HAVE_ECC /* ensure that non-rsa keys do not work */ AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index edf55f7e4..bfa112152 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -18190,6 +18190,8 @@ wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; wcchar END_X509_CRL = "-----END X509 CRL-----"; wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; +wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----"; +wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----"; wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----"; wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; @@ -18724,42 +18726,57 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (headerEnd) { break; - } else + } + if (type == PRIVATEKEY_TYPE) { if (header == BEGIN_RSA_PRIV) { - header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY; - } else - if (header == BEGIN_PRIV_KEY) { - header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY; - } else + header = BEGIN_PRIV_KEY; + footer = END_PRIV_KEY; + } + else if (header == BEGIN_PRIV_KEY) { + header = BEGIN_ENC_PRIV_KEY; + footer = END_ENC_PRIV_KEY; + } +#ifdef HAVE_ECC + else if (header == BEGIN_ENC_PRIV_KEY) { + header = BEGIN_EC_PRIV; + footer = END_EC_PRIV; + } + else if (header == BEGIN_EC_PRIV) { + header = BEGIN_DSA_PRIV; + footer = END_DSA_PRIV; + } +#endif +#if defined(HAVE_ED25519) || defined(HAVE_ED448) #ifdef HAVE_ECC - if (header == BEGIN_ENC_PRIV_KEY) { - header = BEGIN_EC_PRIV; footer = END_EC_PRIV; - } else - if (header == BEGIN_EC_PRIV) { - header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV; - } else + else if (header == BEGIN_DSA_PRIV) { + #else + else if (header == BEGIN_ENC_PRIV_KEY) { #endif - #if defined(HAVE_ED25519) || defined(HAVE_ED448) - #ifdef HAVE_ECC - if (header == BEGIN_DSA_PRIV) - #else - if (header == BEGIN_ENC_PRIV_KEY) - #endif - { - header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; - } else - #endif - { + header = BEGIN_EDDSA_PRIV; + footer = END_EDDSA_PRIV; + } +#endif + else { break; } - } else + } + else if (type == PUBLICKEY_TYPE) { + if (header == BEGIN_PUB_KEY) { + header = BEGIN_RSA_PUB; + footer = END_RSA_PUB; + } + else { + break; + } + } #ifdef HAVE_CRL - if ((type == CRL_TYPE) && (header != BEGIN_X509_CRL)) { - header = BEGIN_X509_CRL; footer = END_X509_CRL; - } else + else if ((type == CRL_TYPE) && (header != BEGIN_X509_CRL)) { + header = BEGIN_X509_CRL; + footer = END_X509_CRL; + } #endif - { + else { break; } } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 83ebdb595..9843d40f5 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7442,18 +7442,18 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) pkey->rsa = key; pkey->ownRsa = 1; - /* try and populate public pkey_sz and pkey.ptr */ + /* try and populate pkey_sz and pkey.ptr */ if (key->internal) { RsaKey* rsa = (RsaKey*)key->internal; - int ret = wc_RsaPublicKeyDerSize(rsa, 1); + int ret = wc_RsaKeyToDer(rsa, NULL, 0); if (ret > 0) { int derSz = ret; - char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (derBuf) { - ret = wc_RsaKeyToPublicDer(rsa, (byte*)derBuf, derSz); + ret = wc_RsaKeyToDer(rsa, derBuf, derSz); if (ret >= 0) { pkey->pkey_sz = ret; - pkey->pkey.ptr = derBuf; + pkey->pkey.ptr = (char*)derBuf; } else { /* failure - okay to ignore */ XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);