From 4a8512750710b7abda17c63c7bf837df14d167c2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 8 Jun 2021 09:55:56 -0700 Subject: [PATCH] Improve `wc_DhKeyToDer` for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string). --- certs/statickeys/dh-ffdhe2048-pub.der | Bin 552 -> 552 bytes certs/statickeys/gen-static.sh | 5 ++--- wolfcrypt/src/asn.c | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/certs/statickeys/dh-ffdhe2048-pub.der b/certs/statickeys/dh-ffdhe2048-pub.der index e7b3393d1e9a9133310539b3083a8f762569ce93..6a817a526ff4b30701cdf0322881d5d550c1e24f 100644 GIT binary patch delta 13 UcmZ3%vVw)hpovLkBZ~?X02wg@5C8xG delta 13 UcmZ3%vVw)hpovL&BZ~?X02wR;4*&oF diff --git a/certs/statickeys/gen-static.sh b/certs/statickeys/gen-static.sh index f81e52709..dc92757db 100644 --- a/certs/statickeys/gen-static.sh +++ b/certs/statickeys/gen-static.sh @@ -10,7 +10,6 @@ openssl ec -inform pem -in certs/statickeys/ecc-secp256r1.pem -outform der -out # Using one generated and capture with wolfSSL using wc_DhGenerateKeyPair (openssl generates DH keys with 2048-bits... based on the DH "p" prime size) #openssl genpkey -paramfile certs/statickeys/dh-ffdhe2048-params.pem -out certs/statickeys/dh-ffdhe2048.der openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform pem -out certs/statickeys/dh-ffdhe2048.pem -openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform der -out certs/statickeys/dh-ffdhe2048-pub.der -pubout # Export DH public key as DER and convert to PEM -openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048-pub.der -outform pem -out certs/statickeys/dh-ffdhe2048-pub.pem -openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048-pub.der -outform pem -out certs/statickeys/dh-ffdhe2048-pub.pem -pubin +openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform der -out certs/statickeys/dh-ffdhe2048-pub.der -pubout +openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform pem -out certs/statickeys/dh-ffdhe2048-pub.pem -pubout diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 94ea32a28..a02a6d5a5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4811,7 +4811,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) else { /* bit string: public */ pubSz = SetASNIntMP(&key->pub, -1, NULL); - idx = 1 + SetLength(pubSz, NULL) + pubSz; /* +1 for ASN_BIT_STRING */ + idx = SetBitString(pubSz, 0, NULL) + pubSz; } keySz = idx;