mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wolfSSL_PEM_write_bio_PUBKEY needs to write only the public part (#4354)

Browse Source 
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part

The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.

* Add heap hint to `wolfSSL_RSA_To_Der`

* Correct function name in logs
This commit is contained in:
Juliusz Sosinowicz 2021-09-15 09:34:43 +02:00 committed by GitHub
parent d86aed210b
commit 4ad8b07c1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 158 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

274
src/ssl.c
View File

@ -34675,7 +34675,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey)
static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, void* heap)
{
int derSz = 0;
int ret;
@ -34712,7 +34712,7 @@ static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey)
}
if (outBuf) {
if (!(derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
if (!(derBuf = (byte*)XMALLOC(derSz, heap, DYNAMIC_TYPE_TMP_BUFFER))) {
WOLFSSL_MSG("malloc failed");
WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", MEMORY_ERROR);
return MEMORY_ERROR;
@ -34728,12 +34728,12 @@ static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey)
if (derSz < 0) {
WOLFSSL_MSG("wc_RsaKeyToPublicDer failed");
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
else {
if (*outBuf) {
XMEMCPY(*outBuf, derBuf, derSz);
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
else {
*outBuf = derBuf;
@ -34788,7 +34788,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key,
int derSz;
byte* derBuf = NULL;
if ((derSz = wolfSSL_RSA_To_Der(key, &derBuf, 0)) < 0) {
if ((derSz = wolfSSL_RSA_To_Der(key, &derBuf, 0, bio->heap)) < 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
return WOLFSSL_FAILURE;
}
@ -34821,13 +34821,15 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key,
}
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
/* forward declaration for wolfSSL_PEM_write_bio_RSA_PUBKEY */
static int WriteBioPUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key);
/* Takes an RSA public key and writes it out to a WOLFSSL_BIO
* Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
*/
int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
{
int ret = 0, derSz = 0;
byte *derBuf = NULL;
int ret = 0;
WOLFSSL_EVP_PKEY* pkey = NULL;
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSA_PUBKEY");
@ -34848,28 +34850,7 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
pkey->rsa = rsa;
pkey->ownRsa = 0;
if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
return WOLFSSL_FAILURE;
}
if (derBuf == NULL) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed to get buffer");
return WOLFSSL_FAILURE;
}
pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (pkey->pkey.ptr == NULL) {
WOLFSSL_MSG("key malloc failed");
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
pkey->pkey_sz = derSz;
XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey);
ret = WriteBioPUBKEY(bio, pkey);
wolfSSL_EVP_PKEY_free(pkey);
return ret;
@ -34908,44 +34889,117 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_RSA** rsa,
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) && !defined(NO_RSA) */
/* Takes a public key and writes it out to a WOLFSSL_BIO
* Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
*/
int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
static int WriteBioPUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
{
byte* keyDer;
int pemSz;
int ret;
byte* tmp;
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY");
int pemSz;
byte* pemBuf;
int derSz = 0;
byte* derBuf = NULL;
if (bio == NULL || key == NULL) {
WOLFSSL_MSG("Bad parameters");
return WOLFSSL_FAILURE;
}
keyDer = (byte*)key->pkey.ptr;
switch (key->type) {
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA:
if ((derSz = wolfSSL_RSA_To_Der(key->rsa, &derBuf, 1, bio->heap))
< 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
break;
}
break;
#endif
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
defined(WOLFSSL_CERT_GEN))
case EVP_PKEY_DSA:
if (key->dsa == NULL) {
WOLFSSL_MSG("key->dsa is null");
break;
}
derSz = MAX_DSA_PUBKEY_SZ;
derBuf = (byte*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
WOLFSSL_MSG("malloc failed");
break;
}
/* Key to DER */
derSz = wc_DsaKeyToPublicDer((DsaKey*)key->dsa->internal, derBuf,
derSz);
if (derSz < 0) {
WOLFSSL_MSG("wc_DsaKeyToDer failed");
break;
}
break;
#endif
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
case EVP_PKEY_EC:
{
if (key->ecc == NULL) {
WOLFSSL_MSG("key->ecc is null");
break;
}
derSz = wc_EccPublicKeyDerSize((ecc_key*)key->ecc->internal, 1);
if (derSz <= 0) {
WOLFSSL_MSG("wc_EccPublicKeyDerSize failed");
break;
}
derBuf = (byte*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
WOLFSSL_MSG("malloc failed");
break;
}
derSz = wc_EccPublicKeyToDer((ecc_key*)key->ecc->internal, derBuf,
derSz, 1);
if (derSz < 0) {
WOLFSSL_MSG("wc_EccPublicKeyToDer failed");
break;
}
break;
}
#endif
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
case EVP_PKEY_DH:
WOLFSSL_MSG("Writing DH PUBKEY not supported!");
break;
#endif
default:
WOLFSSL_MSG("Unknown Key type!");
break;
}
pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, PUBLICKEY_TYPE);
if (derBuf == NULL || derSz <= 0) {
if (derBuf != NULL)
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
return WOLFSSL_FAILURE;
}
pemSz = wc_DerToPem(derBuf, derSz, NULL, 0, PUBLICKEY_TYPE);
if (pemSz < 0) {
WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", pemSz);
WOLFSSL_LEAVE("WriteBioPUBKEY", pemSz);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
return WOLFSSL_FAILURE;
}
tmp = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
if (tmp == NULL) {
return MEMORY_E;
pemBuf = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (pemBuf == NULL) {
WOLFSSL_LEAVE("WriteBioPUBKEY", pemSz);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
return WOLFSSL_FAILURE;
}
ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz,
NULL, PUBLICKEY_TYPE);
ret = wc_DerToPem(derBuf, derSz, pemBuf, pemSz, PUBLICKEY_TYPE);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
if (ret < 0) {
WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", ret);
XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
WOLFSSL_LEAVE("WriteBioPUBKEY", ret);
XFREE(pemBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE;
}
ret = wolfSSL_BIO_write(bio, tmp, pemSz);
XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
ret = wolfSSL_BIO_write(bio, pemBuf, pemSz);
XFREE(pemBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != pemSz) {
WOLFSSL_MSG("Unable to write full PEM to BIO");
return WOLFSSL_FAILURE;
@ -34954,6 +35008,16 @@ int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
return WOLFSSL_SUCCESS;
}
/* Takes a public key and writes it out to a WOLFSSL_BIO
* Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
*/
int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
{
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY");
return WriteBioPUBKEY(bio, key);
}
/* Takes a private key and writes it out to a WOLFSSL_BIO
* Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
*/
@ -35023,8 +35087,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
return MEMORY_E;
}
ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz,
NULL, type);
ret = wc_DerToPem(keyDer, key->pkey_sz, tmp, pemSz, type);
if (ret < 0) {
WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret);
XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
@ -35077,7 +35140,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
}
}
if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0)) < 0) {
if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0, rsa->heap)) < 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
return WOLFSSL_FAILURE;
}
@ -35089,7 +35152,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
byte *tmpBuf;
/* Add space for padding */
if (!(tmpBuf = (byte*)XREALLOC(derBuf, derSz + blockSz, NULL,
if (!(tmpBuf = (byte*)XREALLOC(derBuf, derSz + blockSz, rsa->heap,
DYNAMIC_TYPE_TMP_BUFFER))) {
WOLFSSL_MSG("Extending DER buffer failed");
XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
@ -35101,7 +35164,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
passwd, passwdSz, &cipherInfo, derSz + blockSz);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("EncryptDerKey failed");
XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER);
return ret;
}
@ -35118,7 +35181,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM);
if (tmp == NULL) {
WOLFSSL_MSG("malloc failed");
XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER);
if (cipherInfo != NULL)
XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
return WOLFSSL_FAILURE;
@ -35128,13 +35191,13 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
*plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type);
if (*plen <= 0) {
WOLFSSL_MSG("wc_DerToPemEx failed");
XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER);
XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
if (cipherInfo != NULL)
XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
return WOLFSSL_FAILURE;
}
XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_DER);
if (cipherInfo != NULL)
XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
@ -37955,8 +38018,7 @@ WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio,
*/
int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
{
int ret = 0, der_max_len = 0, derSz = 0;
byte *derBuf;
int ret = 0;
WOLFSSL_EVP_PKEY* pkey;
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY");
@ -37978,39 +38040,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
pkey->ownEcc = 0; /* pkey does not own ECC */
pkey->type = EVP_PKEY_EC;
/* 4 > size of pub, priv + ASN.1 additional information */
der_max_len = 4 * wc_ecc_size((ecc_key*)ec->internal) + AES_BLOCK_SIZE;
derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
WOLFSSL_MSG("Malloc failed");
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
/* convert key to der format */
derSz = wc_EccPublicKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len, 1);
if (derSz < 0) {
WOLFSSL_MSG("wc_EccPublicKeyToDer failed");
XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (pkey->pkey.ptr == NULL) {
WOLFSSL_MSG("key malloc failed");
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
/* add der info to the evp key */
pkey->pkey_sz = derSz;
XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if((ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey)) != WOLFSSL_SUCCESS){
if((ret = WriteBioPUBKEY(bio, pkey)) != WOLFSSL_SUCCESS){
WOLFSSL_MSG("wolfSSL_PEM_write_bio_PUBKEY failed");
}
wolfSSL_EVP_PKEY_free(pkey);
@ -38292,7 +38322,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
pkey->ownDsa = 0;
/* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
der_max_len = MAX_DSA_PRIVKEY_SZ;
derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
@ -38336,8 +38366,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
*/
int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
{
int ret = 0, derMax = 0, derSz = 0;
byte *derBuf;
int ret = 0;
WOLFSSL_EVP_PKEY* pkey;
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSA_PUBKEY");
@ -38357,45 +38386,7 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
pkey->dsa = dsa;
pkey->ownDsa = 0;
/* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
derMax = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_DER);
if (derBuf == NULL) {
WOLFSSL_MSG("malloc failed");
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
/* Key to DER */
derSz = wc_DsaKeyToPublicDer((DsaKey*)dsa->internal, derBuf, derMax);
if (derSz < 0) {
WOLFSSL_MSG("wc_DsaKeyToDer failed");
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_DER);
if (pkey->pkey.ptr == NULL) {
WOLFSSL_MSG("key malloc failed");
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
pkey->pkey_sz = derSz;
XMEMSET(pkey->pkey.ptr, 0, derSz);
if (XMEMCPY(pkey->pkey.ptr, derBuf, derSz) == NULL) {
WOLFSSL_MSG("XMEMCPY failed");
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
XFREE(pkey->pkey.ptr, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL_EVP_PKEY_free(pkey);
return WOLFSSL_FAILURE;
}
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey);
ret = WriteBioPUBKEY(bio, pkey);
wolfSSL_EVP_PKEY_free(pkey);
return ret;
}
@ -38436,8 +38427,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
}
}
/* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
der_max_len = MAX_DSA_PRIVKEY_SZ;
derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER);
if (derBuf == NULL) {
@ -39316,7 +39306,8 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp)
return BAD_FUNC_ARG;
}
if ((ret = wolfSSL_RSA_To_Der(rsa, pp, 0)) < 0) {
/* No heap hint as this gets returned to the user */
if ((ret = wolfSSL_RSA_To_Der(rsa, pp, 0, NULL)) < 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
return WOLFSSL_FAILURE;
}
@ -39335,7 +39326,8 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
return BAD_FUNC_ARG;
}
if ((ret = wolfSSL_RSA_To_Der(rsa, (byte**)pp, 1)) < 0) {
/* No heap hint as this gets returned to the user */
if ((ret = wolfSSL_RSA_To_Der(rsa, (byte**)pp, 1, NULL)) < 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
return WOLFSSL_FAILURE;
}
@ -39741,7 +39733,7 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa)
return NULL;
}
if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) {
if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
return NULL;
}
@ -39752,7 +39744,7 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa)
wolfSSL_RSA_free(local);
local = NULL;
}
XFREE(derBuf, NULL, DYNAMIC_TYPE_ASN1);
XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_ASN1);
return local;
}
#endif

17
tests/api.c
View File

@ -29603,6 +29603,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
EVP_PKEY* pkey2 = NULL;
unsigned char extra[10];
int i;
BIO* pub_bio = NULL;
printf(testingFmt, "wolfSSL_PEM_PrivateKey()");
@ -29610,6 +29611,8 @@ static void test_wolfSSL_PEM_PrivateKey(void)
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
@ -29619,6 +29622,19 @@ static void test_wolfSSL_PEM_PrivateKey(void)
&server_key, (long)sizeof_server_key_der_2048));
AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
WOLFSSL_SUCCESS);
AssertIntGT(BIO_pending(bio), 0);
AssertIntEQ(BIO_pending(bio), 1679);
/* Check if the pubkey API writes only the public key */
#ifdef WOLFSSL_KEY_GEN
AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
AssertIntGT(BIO_pending(pub_bio), 0);
/* Previously both the private key and the pubkey calls would write
* out the private key and the PEM header was the only difference.
* The public PEM should be significantly shorter than the
* private key versison. */
AssertIntEQ(BIO_pending(pub_bio), 451);
#endif
/* test creating new EVP_PKEY with good args */
AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
@ -29642,6 +29658,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
}
BIO_free(pub_bio);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);

9
wolfssl/wolfcrypt/asn.h
View File

@ -782,6 +782,7 @@ enum Misc_ASN {
RSA_INTS = 8, /* RSA ints in private key */
DSA_PARAM_INTS = 3, /* DSA paramater ints */
RSA_PUB_INTS = 2, /* RSA ints in public key */
DSA_PUB_INTS = 4, /* DSA ints in public key */
DSA_INTS = 5, /* DSA ints in private key */
MIN_DATE_SIZE = 12,
MAX_DATE_SIZE = 32,
@ -802,6 +803,7 @@ enum Misc_ASN {
MAX_SIG_SZ = 256,
MAX_ALGO_SZ = 20,
MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */
MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
@ -812,9 +814,14 @@ enum Misc_ASN {
MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */
MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
MAX_DSA_INT_SZ = 389, /* DSA raw sz 3072 for bits + tag + len(4) */
MAX_DSA_PUBKEY_SZ = (DSA_PUB_INTS * MAX_DSA_INT_SZ) + (2 * MAX_SEQ_SZ) +
2 + MAX_LENGTH_SZ, /* Maximum size of a DSA public
key taken from wc_SetDsaPublicKey. */
MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ +
MAX_VERSION_SZ, /* Maximum size of a DSA Private
key taken from DsaKeyIntsToDer. */
MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */