From c3dbe29f21e078c47846904e3c55f895e48c1ec2 Mon Sep 17 00:00:00 2001
From: Bill Phipps <bill@wolfssl.com>
Date: Tue, 8 Apr 2025 15:17:54 -0400
Subject: [PATCH] Update to expose reasonable DER buffer sizes for
 Curve448/25519

---
 tests/api/test_ed448.c         | 6 +++---
 wolfcrypt/test/test.c          | 4 ++--
 wolfssl/wolfcrypt/curve25519.h | 6 ++++++
 wolfssl/wolfcrypt/curve448.h   | 6 ++++++
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/tests/api/test_ed448.c b/tests/api/test_ed448.c
index 87ec0e17d..e496d470f 100644
--- a/tests/api/test_ed448.c
+++ b/tests/api/test_ed448.c
@@ -415,7 +415,7 @@ int test_wc_Ed448PublicKeyToDer(void)
 #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
     ed448_key key;
-    byte      derBuf[1024];
+    byte      derBuf[CURVE448_BUFSIZE];
 
     XMEMSET(&key, 0, sizeof(ed448_key));
 
@@ -458,7 +458,7 @@ int test_wc_Ed448KeyToDer(void)
     EXPECT_DECLS;
 #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    byte      output[ONEK_BUF];
+    byte      output[CURVE448_BUFSIZE];
     ed448_key ed448Key;
     WC_RNG    rng;
     word32    inLen;
@@ -497,7 +497,7 @@ int test_wc_Ed448PrivateKeyToDer(void)
     EXPECT_DECLS;
 #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    byte      output[ONEK_BUF];
+    byte      output[CURVE448_BUFSIZE];
     ed448_key ed448PrivKey;
     WC_RNG    rng;
     word32    inLen;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 6147323f1..d54164668 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -35544,8 +35544,8 @@ static wc_test_ret_t curve255519_der_test(void)
         0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26
     };
     curve25519_key key;
-    byte output[128];
-    word32 outputSz = 128;
+    byte output[CURVE25519_BUFSIZE];
+    word32 outputSz = (word32)sizeof(output);
     word32 idx;
 
     ret = wc_curve25519_init_ex(&key, HEAP_HINT, devId);
diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h
index 79fb6d9af..c2ff16cc3 100644
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -45,6 +45,12 @@
 #define CURVE25519_KEYSIZE 32
 #define CURVE25519_PUB_KEY_SIZE 32
 
+enum {
+    CURVE25519_BUFSIZE = 128,  /* for exported DER keys temp buffer */
+
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(CURVE25519)
+};
+
 #ifdef WOLFSSL_NAMES_STATIC
 typedef char curve25519_str[12];
 #else
diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h
index 756c8a3d5..d5043a2c1 100644
--- a/wolfssl/wolfcrypt/curve448.h
+++ b/wolfssl/wolfcrypt/curve448.h
@@ -43,6 +43,12 @@
 #define CURVE448_KEY_SIZE        56
 #define CURVE448_PUB_KEY_SIZE    56
 
+enum {
+    CURVE448_BUFSIZE = 128,  /* for DER exported keys temp buffer */
+
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(CURVE448)
+};
+
 #ifndef WC_CURVE448KEY_TYPE_DEFINED
     typedef struct curve448_key curve448_key;
     #define WC_CURVE448KEY_TYPE_DEFINED