diff --git a/tests/api.c b/tests/api.c index bcfb2216f..60db1b4fb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -22755,7 +22755,7 @@ static int test_wc_GetPubKeyDerFromCert(void) return EXPECT_RESULT(); } -static int test_wc_ExportX509PubKeyWithSpki(void) +static int test_wc_GetSubjectPubKeyInfoDerFromCert(void) { EXPECT_DECLS; #if !defined(NO_RSA) || defined(HAVE_ECC) @@ -22809,8 +22809,8 @@ static int test_wc_ExportX509PubKeyWithSpki(void) #endif /* good test case - RSA DER cert */ - ExpectIntEQ(wc_ExportX509PubKeyWithSpki(rsaCertDer, rsaCertDerSz, keyDer, - &keyDerSz), 0); + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, rsaCertDerSz, + keyDer, &keyDerSz), 0); ExpectIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ @@ -22823,18 +22823,20 @@ static int test_wc_ExportX509PubKeyWithSpki(void) /* bad args: certDer */ keyDerSz = (word32)sizeof(keyDer); - ExpectIntEQ(wc_ExportX509PubKeyWithSpki(NULL, rsaCertDerSz, keyDer, - &keyDerSz), + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(NULL, rsaCertDerSz, keyDer, + &keyDerSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* bad args: 0 sized certSz */ keyDerSz = (word32)sizeof(keyDer); - ExpectIntEQ(wc_ExportX509PubKeyWithSpki(rsaCertDer, 0, keyDer, &keyDerSz), + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, 0, keyDer, + &keyDerSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* bad args: NULL inout size */ - ExpectIntEQ(ret = wc_ExportX509PubKeyWithSpki(rsaCertDer, rsaCertDerSz, - keyDer, NULL), + ExpectIntEQ(ret = wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, + rsaCertDerSz, keyDer, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Certificate Request Tests */ @@ -22849,8 +22851,10 @@ static int test_wc_ExportX509PubKeyWithSpki(void) /* good test case - RSA DER certificate request */ keyDerSz = sizeof(keyDer); - ExpectIntEQ(ret = wc_ExportX509PubKeyWithSpki(rsaCertDer, rsaCertDerSz, - keyDer, &keyDerSz), 0); + ExpectIntEQ(ret = wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, + rsaCertDerSz, + keyDer, + &keyDerSz), 0); ExpectIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ @@ -22878,8 +22882,8 @@ static int test_wc_ExportX509PubKeyWithSpki(void) /* good test case - ECC */ XMEMSET(keyDer, 0, sizeof(keyDer)); keyDerSz = sizeof(keyDer); - ExpectIntEQ(wc_ExportX509PubKeyWithSpki(eccCert, eccCertSz, keyDer, - &keyDerSz), 0); + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(eccCert, eccCertSz, keyDer, + &keyDerSz), 0); ExpectIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ @@ -66987,7 +66991,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_PubKeyPemToDer), TEST_DECL(test_wc_PemPubKeyToDer), TEST_DECL(test_wc_GetPubKeyDerFromCert), - TEST_DECL(test_wc_ExportX509PubKeyWithSpki), + TEST_DECL(test_wc_GetSubjectPubKeyInfoDerFromCert), TEST_DECL(test_wc_CheckCertSigPubKey), /* wolfCrypt ASN tests */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 6384f1eef..e201e5bbe 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -24628,59 +24628,60 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, * @return BAD_FUNC_ARG if certDer is NULL, certSz is 0, or pubKeyDerSz is NULL * @return BUFFER_E if the provided buffer is too small */ -WOLFSSL_API int wc_ExportX509PubKeyWithSpki(const byte* certDer, word32 certSz, - byte* pubKeyDer, - word32* pubKeyDerSz) +WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer, + word32 certSz, + byte* pubKeyDer, + word32* pubKeyDerSz) { DecodedCert cert; int ret; word32 startIdx; word32 idx; word32 length; - int badDate = 0; + int badDate; if (certDer == NULL || certSz == 0 || pubKeyDerSz == NULL) { return BAD_FUNC_ARG; } - /* Initialize decoded cert structure */ + length = 0; + badDate = 0; + wc_InitDecodedCert(&cert, certDer, certSz, NULL); /* Parse up to the SubjectPublicKeyInfo */ ret = wc_GetPubX509(&cert, 0, &badDate); - if (ret < 0) { - wc_FreeDecodedCert(&cert); - return ret; - } + if (ret >= 0) { + /* Save the starting index of SubjectPublicKeyInfo */ + startIdx = cert.srcIdx; - /* Save the starting index of SubjectPublicKeyInfo */ - startIdx = cert.srcIdx; + /* Get the length of the SubjectPublicKeyInfo sequence */ + idx = startIdx; + ret = GetSequence(certDer, &idx, (int*)&length, certSz); + if (ret >= 0) { + /* Calculate total length including sequence header */ + length += (idx - startIdx); - /* Get the length of the SubjectPublicKeyInfo sequence */ - idx = startIdx; - ret = GetSequence(certDer, &idx, (int*)&length, certSz); - if (ret < 0) { - wc_FreeDecodedCert(&cert); - return ret; - } - - /* Calculate total length including sequence header */ - length += (idx - startIdx); - - /* Copy the SubjectPublicKeyInfo if buffer provided */ - if (pubKeyDer != NULL) { - if (*pubKeyDerSz < (word32)length) { - wc_FreeDecodedCert(&cert); - return BUFFER_E; + /* Copy the SubjectPublicKeyInfo if buffer provided */ + if (pubKeyDer != NULL) { + if (*pubKeyDerSz < (word32)length) { + ret = BUFFER_E; + } + else { + XMEMCPY(pubKeyDer, &certDer[startIdx], length); + } + } } - XMEMCPY(pubKeyDer, &certDer[startIdx], length); } - /* Return the size */ - *pubKeyDerSz = length; + if (ret >= 0) { + ret = 0; + } + *pubKeyDerSz = length; wc_FreeDecodedCert(&cert); - return 0; + + return ret; } diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 2f95d5194..b2b067a41 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -879,8 +879,9 @@ WOLFSSL_API int wc_ParseCert( WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert, byte* derKey, word32* derKeySz); -WOLFSSL_API int wc_ExportX509PubKeyWithSpki(const byte* cert, word32 certSz, - byte* pubKey, word32* pubKeySz); +WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* cert, + word32 certSz, byte* pubKey, + word32* pubKeySz); #ifdef WOLFSSL_FPKI WOLFSSL_API int wc_GetUUIDFromCert(struct DecodedCert* cert,