review comments

bigbrett · bigbrett · commit 2151a1b8a1f8 · 2025-05-12T11:43:56.000-06:00
diff --git a/tests/api.c b/tests/api.c
@@ -22755,7 +22755,7 @@ static int test_wc_GetPubKeyDerFromCert(void)
     return EXPECT_RESULT();
 }
 
-static int test_wc_ExportX509PubKeyWithSpki(void)
+static int test_wc_GetSubjectPubKeyInfoDerFromCert(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) || defined(HAVE_ECC)
@@ -22809,8 +22809,8 @@ static int test_wc_ExportX509PubKeyWithSpki(void)
 #endif
 
     /* good test case - RSA DER cert */
-    ExpectIntEQ(wc_ExportX509PubKeyWithSpki(rsaCertDer, rsaCertDerSz, keyDer,
-                                            &keyDerSz), 0);
+    ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, rsaCertDerSz,
+                                                   keyDer, &keyDerSz), 0);
     ExpectIntGT(keyDerSz, 0);
 
     /* sanity check, verify we can import DER public key */
@@ -22823,18 +22823,20 @@ static int test_wc_ExportX509PubKeyWithSpki(void)
 
     /* bad args: certDer */
     keyDerSz = (word32)sizeof(keyDer);
-    ExpectIntEQ(wc_ExportX509PubKeyWithSpki(NULL, rsaCertDerSz, keyDer,
-                                            &keyDerSz),
+    ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(NULL, rsaCertDerSz, keyDer,
+                                                   &keyDerSz),
                 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: 0 sized certSz */
     keyDerSz = (word32)sizeof(keyDer);
-    ExpectIntEQ(wc_ExportX509PubKeyWithSpki(rsaCertDer, 0, keyDer, &keyDerSz),
+    ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, 0, keyDer,
+                                                   &keyDerSz),
                 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: NULL inout size */
-    ExpectIntEQ(ret = wc_ExportX509PubKeyWithSpki(rsaCertDer, rsaCertDerSz,
-                                                  keyDer, NULL),
+    ExpectIntEQ(ret = wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer,
+                                                         rsaCertDerSz, keyDer,
+                                                         NULL),
                 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Certificate Request Tests */
@@ -22849,8 +22851,10 @@ static int test_wc_ExportX509PubKeyWithSpki(void)
 
         /* good test case - RSA DER certificate request */
         keyDerSz = sizeof(keyDer);
-        ExpectIntEQ(ret = wc_ExportX509PubKeyWithSpki(rsaCertDer, rsaCertDerSz,
-                                                      keyDer, &keyDerSz), 0);
+        ExpectIntEQ(ret = wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer,
+                                                             rsaCertDerSz,
+                                                             keyDer,
+                                                             &keyDerSz), 0);
         ExpectIntGT(keyDerSz, 0);
 
         /* sanity check, verify we can import DER public key */
@@ -22878,8 +22882,8 @@ static int test_wc_ExportX509PubKeyWithSpki(void)
     /* good test case - ECC */
     XMEMSET(keyDer, 0, sizeof(keyDer));
     keyDerSz = sizeof(keyDer);
-    ExpectIntEQ(wc_ExportX509PubKeyWithSpki(eccCert, eccCertSz, keyDer,
-                                            &keyDerSz), 0);
+    ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(eccCert, eccCertSz, keyDer,
+                                                   &keyDerSz), 0);
     ExpectIntGT(keyDerSz, 0);
 
     /* sanity check, verify we can import DER public key */
@@ -66987,7 +66991,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_PubKeyPemToDer),
     TEST_DECL(test_wc_PemPubKeyToDer),
     TEST_DECL(test_wc_GetPubKeyDerFromCert),
-    TEST_DECL(test_wc_ExportX509PubKeyWithSpki),
+    TEST_DECL(test_wc_GetSubjectPubKeyInfoDerFromCert),
     TEST_DECL(test_wc_CheckCertSigPubKey),
 
     /* wolfCrypt ASN tests */
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -24628,59 +24628,60 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
  * @return BAD_FUNC_ARG if certDer is NULL, certSz is 0, or pubKeyDerSz is NULL
  * @return BUFFER_E if the provided buffer is too small
  */
-WOLFSSL_API int wc_ExportX509PubKeyWithSpki(const byte* certDer, word32 certSz,
-                                            byte*   pubKeyDer,
-                                            word32* pubKeyDerSz)
+WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer,
+                                                   word32 certSz,
+                                                   byte* pubKeyDer,
+                                                   word32* pubKeyDerSz)
 {
     DecodedCert cert;
     int         ret;
     word32      startIdx;
     word32      idx;
     word32      length;
-    int         badDate = 0;
+    int         badDate;
 
     if (certDer == NULL || certSz == 0 || pubKeyDerSz == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    /* Initialize decoded cert structure */
+    length = 0;
+    badDate = 0;
+
     wc_InitDecodedCert(&cert, certDer, certSz, NULL);
 
     /* Parse up to the SubjectPublicKeyInfo */
     ret = wc_GetPubX509(&cert, 0, &badDate);
-    if (ret < 0) {
-        wc_FreeDecodedCert(&cert);
-        return ret;
-    }
+    if (ret >= 0) {
+        /* Save the starting index of SubjectPublicKeyInfo */
+        startIdx = cert.srcIdx;
 
-    /* Save the starting index of SubjectPublicKeyInfo */
-    startIdx = cert.srcIdx;
+        /* Get the length of the SubjectPublicKeyInfo sequence */
+        idx = startIdx;
+        ret = GetSequence(certDer, &idx, (int*)&length, certSz);
+        if (ret >= 0) {
+            /* Calculate total length including sequence header */
+            length += (idx - startIdx);
 
-    /* Get the length of the SubjectPublicKeyInfo sequence */
-    idx = startIdx;
-    ret = GetSequence(certDer, &idx, (int*)&length, certSz);
-    if (ret < 0) {
-        wc_FreeDecodedCert(&cert);
-        return ret;
+            /* Copy the SubjectPublicKeyInfo if buffer provided */
+            if (pubKeyDer != NULL) {
+                if (*pubKeyDerSz < (word32)length) {
+                    ret = BUFFER_E;
+                }
+                else {
+                    XMEMCPY(pubKeyDer, &certDer[startIdx], length);
+                }
+            }
+        }
     }
 
-    /* Calculate total length including sequence header */
-    length += (idx - startIdx);
-
-    /* Copy the SubjectPublicKeyInfo if buffer provided */
-    if (pubKeyDer != NULL) {
-        if (*pubKeyDerSz < (word32)length) {
-            wc_FreeDecodedCert(&cert);
-            return BUFFER_E;
-        }
-        XMEMCPY(pubKeyDer, &certDer[startIdx], length);
+    if (ret >= 0) {
+        ret = 0;
     }
 
-    /* Return the size */
     *pubKeyDerSz = length;
-
     wc_FreeDecodedCert(&cert);
-    return 0;
+
+    return ret;
 }
 
 
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
@@ -879,8 +879,9 @@ WOLFSSL_API int  wc_ParseCert(
 
 WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
                                         byte* derKey, word32* derKeySz);
-WOLFSSL_API int wc_ExportX509PubKeyWithSpki(const byte* cert, word32 certSz,
-                                            byte* pubKey, word32* pubKeySz);
+WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* cert,
+                                                   word32 certSz, byte* pubKey,
+                                                   word32* pubKeySz);
 
 #ifdef WOLFSSL_FPKI
 WOLFSSL_API int wc_GetUUIDFromCert(struct DecodedCert* cert,
