Improve wc_DhKeyToDer for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string).

certs/statickeys/gen-static.sh

@@ -10,7 +10,6 @@ openssl ec -inform pem -in certs/statickeys/ecc-secp256r1.pem -outform der -out
 # Using one generated and capture with wolfSSL using wc_DhGenerateKeyPair (openssl generates DH keys with 2048-bits... based on the DH "p" prime size)
 #openssl genpkey -paramfile certs/statickeys/dh-ffdhe2048-params.pem -out certs/statickeys/dh-ffdhe2048.der
 openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform pem -out certs/statickeys/dh-ffdhe2048.pem
-openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform der -out certs/statickeys/dh-ffdhe2048-pub.der -pubout
 # Export DH public key as DER and convert to PEM
-openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048-pub.der -outform pem -out certs/statickeys/dh-ffdhe2048-pub.pem
-openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048-pub.der -outform pem -out certs/statickeys/dh-ffdhe2048-pub.pem -pubin
+openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform der -out certs/statickeys/dh-ffdhe2048-pub.der -pubout
+openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform pem -out certs/statickeys/dh-ffdhe2048-pub.pem -pubout

wolfcrypt/src/asn.c

@@ -4811,7 +4811,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     else {
         /* bit string: public */
         pubSz = SetASNIntMP(&key->pub, -1, NULL);
-        idx = 1 + SetLength(pubSz, NULL) + pubSz; /* +1 for ASN_BIT_STRING */
+        idx = SetBitString(pubSz, 0, NULL) + pubSz;
     }
     keySz = idx;