From f86f4a8ca066a8b0ab37109fe7cdf10e8ae32a1c Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 26 Apr 2022 10:58:34 +1000
Subject: [PATCH] d2i_ECPrivateKey() takes DER encoded data

Code was incorrectly using data as a private key instead of DER
decoding.
Fixed i2d_EcPrivateKey() to output DER encoded data.
---
 src/ssl.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 65a9f7a4f..592cd56cb 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -32585,6 +32585,7 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out)
 WOLFSSL_EC_KEY *wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY **key, const unsigned char **in,
                                          long len)
 {
+    word32 idx = 0;
     WOLFSSL_EC_KEY *eckey = NULL;
     WOLFSSL_ENTER("wolfSSL_d2i_ECPrivateKey");
 
@@ -32598,9 +32599,9 @@ WOLFSSL_EC_KEY *wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY **key, const unsigned ch
         return NULL;
     }
 
-    if (wc_ecc_import_private_key(*in, (word32)len, NULL, 0,
-            (ecc_key*)eckey->internal) != MP_OKAY) {
-        WOLFSSL_MSG("wc_ecc_import_private_key error");
+    if (wc_EccPrivateKeyDecode(*in, &idx, (ecc_key*)eckey->internal,
+            (word32)len) != 0) {
+        WOLFSSL_MSG("wc_EccPrivateKeyDecode error");
         goto error;
     }
 
@@ -32625,7 +32626,7 @@ error:
 
 int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out)
 {
-    int len;
+    word32 len;
     byte* buf = NULL;
     WOLFSSL_ENTER("wolfSSL_i2d_ECPrivateKey");
 
@@ -32634,13 +32635,14 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out)
         return WOLFSSL_FAILURE;
     }
 
-    if (!in->inSet && SetECKeyInternal((WOLFSSL_EC_KEY*)in) != WOLFSSL_SUCCESS) {
+    if (!in->inSet && SetECKeyInternal(
+            (WOLFSSL_EC_KEY*)in) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("SetECKeyInternal error");
         return WOLFSSL_FAILURE;
     }
 
-    if ((len = wc_ecc_size((ecc_key*)in->internal)) <= 0) {
-        WOLFSSL_MSG("wc_ecc_size error");
+    if ((len = wc_EccKeyDerSize((ecc_key*)in->internal, 0)) <= 0) {
+        WOLFSSL_MSG("wc_EccKeyDerSize error");
         return WOLFSSL_FAILURE;
     }
 
@@ -32650,9 +32652,8 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out)
             return WOLFSSL_FAILURE;
         }
 
-        if (wc_ecc_export_private_only((ecc_key*)in->internal, buf,
-                (word32*)&len) != MP_OKAY) {
-            WOLFSSL_MSG("wc_ecc_export_private_only error");
+        if (wc_EccPrivateKeyToDer((ecc_key*)in->internal, buf, len) < 0) {
+            WOLFSSL_MSG("wc_EccPrivateKeyToDer error");
             XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             return WOLFSSL_FAILURE;
         }
@@ -32666,7 +32667,7 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out)
         }
     }
 
-    return len;
+    return (int)len;
 }
 
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form)