Fix wolfSSL_EVP_PKEY_print_public

2025-07-31 19:24:42 +02:00 · 2021-02-23 07:57:45 +09:00
parent e25284c690
commit a7cca8a99b
3 changed files with 73 additions and 10 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7877,7 +7877,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
    #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
    #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */

-    #if !defined(NO_DH) && defined(OPENSSL_EXTRA)
+    #if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
    #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
            (HAVE_FIPS_VERSION > 2))
    {
@@ -7935,7 +7935,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
        }
    }
    #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-    #endif /* !NO_DH &&  OPENSSL_EXTRA */
+    #endif /* !NO_DH &&  OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */

    if (pkey == NULL) {
        WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type");
--- a/tests/api.c
+++ b/tests/api.c
@@ -2439,8 +2439,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void)

    BIO_gets(wbio, line, sizeof(line));
    res = XSTRNCMP( line,
-           "       bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n",
-    sizeof("       bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n"));
+           "       00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n",
+    sizeof("       00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n"));
    AssertIntEQ(res,0);

    /* skip to the end of modulus element*/
@@ -32207,7 +32207,7 @@ static void test_wolfSSL_d2i_PUBKEY(void)
 #endif

 #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \
-defined(OPENSSL_EXTRA) && !defined(WOLFSSL_DH_EXTRA)
+defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
            (HAVE_FIPS_VERSION > 2))
    /* DH PUBKEY test */
@@ -40836,6 +40836,7 @@ void ApiTest(void)
    test_wolfSSL_EVP_MD_hmac_signing();
    test_wolfSSL_EVP_MD_rsa_signing();
    test_wolfSSL_EVP_MD_ecc_signing();
+    test_wolfSSL_EVP_PKEY_print_public();
    test_wolfSSL_CTX_add_extra_chain_cert();
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
    test_wolfSSL_ERR_peek_last_error_line();
@@ -41066,7 +41067,6 @@ void ApiTest(void)
    test_EVP_PKEY_rsa();
    test_wolfSSL_EVP_PKEY_encrypt();
    test_wolfSSL_EVP_PKEY_sign();
-    test_wolfSSL_EVP_PKEY_print_public();
    test_EVP_PKEY_ec();
    test_EVP_PKEY_cmp();
    /* OpenSSL error API tests */
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -6935,21 +6935,84 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input,
 static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
    int indent, int bitlen, ASN1_PCTX* pctx)
 {
-    int res;
    byte buff[128] = { 0 };

    word32 inOutIdx = 0;
+    int length = 0;
    word32 nSz = 0;         /* size of modulus */
    word32 eSz = 0;         /* size of public exponent */
    byte*  n   = NULL;
    byte*  e   = NULL;       /* pointer to modulus/exponent */
-
+    word32 localIdx;
+    word32 oid;
+    byte   tag;
    (void)pctx;

-    if ((res = wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, pkeySz,
-            (const byte**)&n, &nSz, (const byte**)&e, &eSz)) != 0) {
+    if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0)
        return WOLFSSL_FAILURE;
+
+    localIdx = inOutIdx;
+    if (GetASNTag(pkey, &localIdx, &tag, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    if (tag != ASN_INTEGER) {
+        /* not from decoded cert, will have algo id, skip past */
+        if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0)
+            return WOLFSSL_FAILURE;
+
+        if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) != 0)
+            return WOLFSSL_FAILURE;
+
+        /* Option NULL ASN.1 tag */
+        if (inOutIdx  >= (word32)pkeySz)
+            return WOLFSSL_FAILURE;
+
+        localIdx = inOutIdx;
+        if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0)
+            return WOLFSSL_FAILURE;
+
+        if (tag != ASN_TAG_NULL)
+            return WOLFSSL_FAILURE;
+
+        inOutIdx ++;
+
+        /* should have bit tag length and seq next */
+        if( CheckBitString(pkey, &inOutIdx, NULL, pkeySz, 1, NULL) != 0)
+            return WOLFSSL_FAILURE;
+
+        if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0)
+            return WOLFSSL_FAILURE;
    }
+    /* Get modulus */
+    if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz ) < 0)
+        return WOLFSSL_FAILURE;
+
+    if (tag != ASN_INTEGER)
+        return WOLFSSL_FAILURE;
+
+    if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    nSz = length;
+    n   = (byte*)(&pkey[inOutIdx]);
+    inOutIdx += length;
+
+    /* Get exponent */
+
+    if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    if (tag != ASN_INTEGER)
+        return WOLFSSL_FAILURE;
+
+    if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    eSz = length;
+    e   = (byte*)(&pkey[inOutIdx]);
+
+    /* print out public key elements */
+
    int idx = 0;
    int wsz = 0;