Topic: [SOLVED] wc_RsaKeyToPublicDer error when key is 4096 bits

Hello,
I have problem with wc_RsaKeyToPublicDer function when I use private key 4096 bits length.
When I use 2048 or 3072 key length everything is ok.
I generated private key by the function: 
wc_MakeRsaKey(&key_, 4096, 65537, &rng);

....
int error = wc_RsaKeyToPublicDer(&privateKey4096bits, data, data_size);

I have got error: BUFFER_E = -132,  /* output buffer too small or input too large */
I have large output buffer, so I don't have to small.
I debug asn.c  file, it seems that input is too large. But 4096 key length is acceptable by WolfSSl library:
RSA_MIN_SIZE = 512,
RSA_MAX_SIZE = 4096,

Please see my debug comments bellow.
Maybe is problem with variable leadingBit = 1, maybe should be leadingBit = 0

asn.c  file from Wolfssl libray:

/* USER RSA ifdef portions used instead of refactor in consideration for
   possible fips build */
/* Write a public RSA key to output */
static int SetRsaPublicKey(byte* output, RsaKey* key,
                           int outLen, int with_header)
{
#ifdef WOLFSSL_SMALL_STACK
    byte* n = NULL;
    byte* e = NULL;
#else
    byte n[MAX_RSA_INT_SZ];
    byte e[MAX_RSA_E_SZ];
#endif
    byte seq[MAX_SEQ_SZ];
    byte len[MAX_LENGTH_SZ + 1];  /* trailing 0 */
    int  nSz;
    int  eSz;
    int  seqSz;
    int  lenSz;
    int  idx;
    int  rawLen;
    int  leadingBit;
    int  err;

    if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ)
        return BAD_FUNC_ARG;

    /* n */
#ifdef WOLFSSL_SMALL_STACK
    n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (n == NULL)
        return MEMORY_E;
#endif

#ifdef HAVE_USER_RSA
    leadingBit = wc_Rsa_leading_bit(key->n);
    rawLen = wc_Rsa_unsigned_bin_size(key->n) + leadingBit;
#else
    leadingBit = mp_leading_bit(&key->n);                                 // I have leadingBit =1
    rawLen = mp_unsigned_bin_size(&key->n) + leadingBit;          // rawLen = 513

#endif
    n[0] = ASN_INTEGER;
    nSz  = SetLength(rawLen, n + 1) + 1;  /* int tag */                //nSz = 4

    if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {                             // 4 + 513 < 517 I've got BUFFER_E  error
        if (leadingBit)
            n[nSz] = 0;
#ifdef HAVE_USER_RSA
        err = wc_Rsa_to_unsigned_bin(key->n, n + nSz, rawLen);
#else
        err = mp_to_unsigned_bin(&key->n, n + nSz + leadingBit);
#endif
        if (err == MP_OKAY)
            nSz += rawLen;
        else {
#ifdef WOLFSSL_SMALL_STACK
            XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
            return MP_TO_E;
        }
    }
    else {
#ifdef WOLFSSL_SMALL_STACK
        XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
        return BUFFER_E;
    }

Post's attachments

private_key_generated.der 2.29 kb, 1 downloads since 2016-09-06 

You don't have the permssions to download the attachments of this post.

Share

Re: [SOLVED] wc_RsaKeyToPublicDer error when key is 4096 bits

When I temporary comment below line in the file asn.c in the wolfssl library:
if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
It seems that I've got correct public key. I can Encrypt/Decrypt data properly.
So, maybe this condition is not correct ?
.... < MAX_RSA_INT_SZ)

Share

Re: [SOLVED] wc_RsaKeyToPublicDer error when key is 4096 bits

Hi pstudni,

Thanks for the detailed report and key file.  We'll work on reproducing this issue and get back to you shortly.

Thanks,
Chris

4 (edited by Kaleb J. Himes 2016-09-20 15:29:25)

Re: [SOLVED] wc_RsaKeyToPublicDer error when key is 4096 bits

Hi pstudni,

A commit has been made to address your issue. Please find here: https://github.com/wolfSSL/wolfssl/pull/544

Kind Regards,

- Kaleb

Re: [SOLVED] wc_RsaKeyToPublicDer error when key is 4096 bits

Thanks, now it works.

Share