Files
wolfssl/wolfcrypt
Juliusz Sosinowicz 08f2f9376a Add EVP_PKEY encoded public key get/set compatibility functions
Implement wolfSSL_EVP_PKEY_set1_encoded_public_key and
wolfSSL_EVP_PKEY_get1_encoded_public_key in the OpenSSL compatibility
layer. Both the new OpenSSL 3.0 names and the deprecated
EVP_PKEY_{set1,get1}_tls_encodedpoint names map to these single
implementations.

Supported key types:
- EC: uncompressed octet point (0x04 || X || Y), reusing
  i2o_ECPublicKey / o2i_ECPublicKey. set1 also syncs the internal
  wolfCrypt key (SetECKeyInternal) so the key is usable by
  EVP_PKEY_derive, and refreshes the cached DER.
- X25519 / X448: raw little-endian public key (RFC 7748).

set1 is failure-atomic for every key type: the replacement key is built
in a temporary and the existing key is only freed once the import
succeeds, so a failed set1 leaves the original EVP_PKEY intact. get1
NULLs out *ppub on entry (after validating ppub) so callers never use or
free a stale pointer when the function returns 0.

Both functions are compiled under OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL
(matching the OpenSSL-compat macros and the EVP_PKEY struct members they
use) rather than requiring a specific key type, avoiding undefined
references at link time in builds without HAVE_ECC / HAVE_CURVE25519 /
HAVE_CURVE448. Per-key-type #ifdefs gate which cases are supported; the EC
case additionally requires OPENSSL_EXTRA for its i2o/o2i helpers.

Adds test_wolfSSL_EVP_PKEY_encoded_public_key covering NULL handling, EC
encode/decode round-trip and ECDH agreement, X25519/X448 round-trips,
deprecated-name parity, and that a wrong-length set1 leaves the existing
X25519/X448 key intact and usable.
2026-06-08 15:30:39 +02:00
..