PR Review

1. Add test keys.
2. Add API test for wolfSSH_ReadKey_file().
3. Fix allocation issue found using the API test.
4. Add a header that configure updates with the location of the keys
   directory for the tests.

.gitignore

@@ -40,6 +40,7 @@ stamp-h*
 build-aux/
 wolfssh-config
 aminclude.am
+tests/keys.h
 
 # vim
 *.swp

configure.ac

@@ -324,7 +324,7 @@ AC_SUBST([AM_CFLAGS])
 AC_SUBST([AM_LDFLAGS])
 
 # FINAL
-AC_CONFIG_FILES([Makefile wolfssh/version.h])
+AC_CONFIG_FILES([Makefile wolfssh/version.h tests/keys.h])
 
 AX_CREATE_GENERIC_CONFIG
 

keys/id_ecdsa

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTAqdBgCp8bYSq2kQQ48/Ud8Iy6Mjnb
+/fpB3LfSE/1kx9VaaE4FL3i9Gg2vDV0eLGM3PWksFNPhULxtcYJyjaBjAAAAqJAeleSQHp
+XkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMCp0GAKnxthKraR
+BDjz9R3wjLoyOdv9+kHct9IT/WTH1VpoTgUveL0aDa8NXR4sYzc9aSwU0+FQvG1xgnKNoG
+MAAAAgPrOgktioNqad/wHNC/rt/zVrpNqDnOwg9tNDFMOTwo8AAAANYm9iQGxvY2FsaG9z
+dAECAw==
+-----END OPENSSH PRIVATE KEY-----

keys/id_ecdsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMCp0GAKnxthKraRBDjz9R3wjLoyOdv9+kHct9IT/WTH1VpoTgUveL0aDa8NXR4sYzc9aSwU0+FQvG1xgnKNoGM= bob@localhost

keys/id_rsa

@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEAy2cigZDlpBT+X2MJHAoHnfeFf6+LHm6BDkAT8V9ejHA4dY0Aepb6
+NbV6u/oYZlueKPeAZ3GNztR9szoL6FSlMvkd9oqvfoxjTGu71T0981ybJelqqGATGtevHU
+6Jko/I0+lgSQFKWQJ7D3Dj2zlZpIXB2Q7xl/i9kFZgaIqFhUHdWO9JMOwCFwoDrhd8v5xk
+y1v3OIIZDxiYxVIKbf2J07WbwiSFAxXfiX8TjUBDLFmtqt1AF6LjAyGyaRICXkaGJQ/QJ9
+sX85h9bkiPlGNAtQGQtNUg3tC9GqOkZ9tCKY1Efh/r0zosOA7ufxg6ymLpq1C4LU/4ENGH
+kuRPAKvu8wAAA8gztJfmM7SX5gAAAAdzc2gtcnNhAAABAQDLZyKBkOWkFP5fYwkcCged94
+V/r4seboEOQBPxX16McDh1jQB6lvo1tXq7+hhmW54o94BncY3O1H2zOgvoVKUy+R32iq9+
+jGNMa7vVPT3zXJsl6WqoYBMa168dTomSj8jT6WBJAUpZAnsPcOPbOVmkhcHZDvGX+L2QVm
+BoioWFQd1Y70kw7AIXCgOuF3y/nGTLW/c4ghkPGJjFUgpt/YnTtZvCJIUDFd+JfxONQEMs
+Wa2q3UAXouMDIbJpEgJeRoYlD9An2xfzmH1uSI+UY0C1AZC01SDe0L0ao6Rn20IpjUR+H+
+vTOiw4Du5/GDrKYumrULgtT/gQ0YeS5E8Aq+7zAAAAAwEAAQAAAQEAvbdBiQXkGyn1pHST
+/5IfTqia3OCX6td5ChicQUsJvgXBs2rDopQFZmkRxBjd/0K+/0jyfAl/EgZCBBRFHPsuZp
+/S4ayzSV6aE6J8vMT1bnLWxwKyl7+csjGwRK6HRKtVzsnjI9TPSrw0mc9ax5PzV6/mgZUd
+o/i+nszh+UASj5mYrBGqMiINspzX6YC+qoUHor3rEJOd9p1aO+N5+1fDKiDnlkM5IO0Qsz
+GktuwL0fzv9zBnGfnWVJz3CorfP1OW5KCtrDn7BnkQf1eBeVLzq/uoglUjS4DNnVfLA67D
+O4ZfwtnoW8Gr2R+KdvnypvHnDeY5X51r5PDgL4+7z47pWQAAAIBNFcAzHHE19ISGN8YRHk
+23/r/3zfvzHU68GSKR1Xj/Y4LSdRTpSm3wBrdQ17f5B4V7RVl2CJvoPekTggnBDQlLJ7fU
+NU93/nZrY9teYdrNh03buL54VVb5tUM+KN+27zERlTj0/LmYJupN97sZXmlgKsvLbcsnM2
+i7HuQQaFnsIQAAAIEA5wqFVatT9yovt8pS7rAyYUL/cqc50TZ/5Nwfy5uasRyf1BphHwEW
+LEimBemVc+VrNwAkt6MFWuloK5ssqb1ubvtRI8Mntd15rRfZtq/foS3J8FJxueXLDWlECy
+PmVyfVN1Vv4ZeirBy9BTYLiSuxMes+HYks3HucQhxIN1j8SA0AAACBAOFgRjfWXv1/93Jp
+6CCJ5c98MWP+zu1FbLIlklxPb85osZqlazXHNPPEtblC4z+OqRGMCsv2683anU4ZzcTFIk
+JS3lzeJ3tdAH4osQ5etKkV4mcdCmeRpjudB9VbaziVhPX02qkPWpM0ckPrgB3hVNUDPz89
+GtJd3mlhyY5IfFL/AAAADWJvYkBsb2NhbGhvc3QBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

keys/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLZyKBkOWkFP5fYwkcCged94V/r4seboEOQBPxX16McDh1jQB6lvo1tXq7+hhmW54o94BncY3O1H2zOgvoVKUy+R32iq9+jGNMa7vVPT3zXJsl6WqoYBMa168dTomSj8jT6WBJAUpZAnsPcOPbOVmkhcHZDvGX+L2QVmBoioWFQd1Y70kw7AIXCgOuF3y/nGTLW/c4ghkPGJjFUgpt/YnTtZvCJIUDFd+JfxONQEMsWa2q3UAXouMDIbJpEgJeRoYlD9An2xfzmH1uSI+UY0C1AZC01SDe0L0ao6Rn20IpjUR+H+vTOiw4Du5/GDrKYumrULgtT/gQ0YeS5E8Aq+7z bob@localhost

keys/include.am

@@ -22,5 +22,6 @@ EXTRA_DIST+= \
             keys/server-cert.der keys/server-cert.pem \
             keys/fred-cert.der keys/fred-cert.pem \
             keys/server-key.pem keys/fred-key.der keys/fred-key.pem \
+            keys/id_ecdsa keys/id_ecdsa.pub keys/id_rsa keys/id_rsa.pub \
             keys/renewcerts.sh keys/renewcerts.cnf
 

src/ssh.c

@@ -1523,7 +1523,7 @@ static int DoSshPubKey(const byte* in, word32 inSz, byte** out,
          * function */
         newKeySz = ((word32)WSTRLEN(key) * 3 + 3) / 4;
         if (*out == NULL) {
-            newKey = (byte*)WMALLOC(*outSz, heap, DYNTYPE_PRIVKEY);
+            newKey = (byte*)WMALLOC(newKeySz, heap, DYNTYPE_PRIVKEY);
             if (newKey == NULL) {
                 ret = WS_MEMORY_E;
             }

tests/api.c

@@ -20,6 +20,7 @@
 
 #ifdef HAVE_CONFIG_H
     #include <config.h>
+    #include "tests/keys.h"
 #endif
 
 #ifdef WOLFSSL_USER_SETTINGS
@@ -586,6 +587,135 @@ static void test_wolfSSH_CertMan(void)
 }
 
 
+#ifndef WOLFSSH_KEYS_PATH
+    #define WOLFSSH_KEYS_PATH "./keys/"
+#endif
+#define KEY_BUF_SZ 2048
+
+static void test_wolfSSH_ReadKey(void)
+{
+    byte *key, *keyCheck;
+    const byte* keyType;
+    word32 keySz, keyTypeSz;
+    int ret;
+    byte isPrivate;
+
+    /* OpenSSH Format, ssh-rsa, private, need alloc */
+    key = NULL;
+    keySz = 0;
+    keyType = NULL;
+    keyTypeSz = 0;
+    isPrivate = 0;
+    ret = wolfSSH_ReadKey_file(WOLFSSH_KEYS_PATH "id_rsa",
+            &key, &keySz, &keyType, &keyTypeSz, &isPrivate, NULL);
+    AssertIntEQ(ret, WS_SUCCESS);
+    AssertNotNull(key);
+    AssertIntGT(keySz, 0);
+    AssertStrEQ(keyType, "ssh-rsa");
+    AssertIntEQ(keyTypeSz, (word32)WSTRLEN("ssh-rsa"));
+    AssertTrue(isPrivate);
+    WFREE(key, NULL, DYNTYPE_FILE);
+
+    /* SSL PEM Format, ssh-rsa, private, need alloc */
+    key = NULL;
+    keySz = 0;
+    keyType = NULL;
+    keyTypeSz = 0;
+    isPrivate = 0;
+    ret = wolfSSH_ReadKey_file(WOLFSSH_KEYS_PATH "hansel-key-rsa.pem",
+            &key, &keySz, &keyType, &keyTypeSz, &isPrivate, NULL);
+    AssertIntEQ(ret, WS_SUCCESS);
+    AssertNotNull(key);
+    AssertIntGT(keySz, 0);
+    AssertStrEQ(keyType, "ssh-rsa");
+    AssertIntEQ(keyTypeSz, (word32)WSTRLEN("ssh-rsa"));
+    AssertTrue(isPrivate);
+    WFREE(key, NULL, DYNTYPE_FILE);
+
+    /* OpenSSH Format, ssh-rsa, public, need alloc */
+    key = NULL;
+    keySz = 0;
+    keyType = NULL;
+    keyTypeSz = 0;
+    isPrivate = 0;
+    ret = wolfSSH_ReadKey_file(WOLFSSH_KEYS_PATH "id_rsa.pub",
+            &key, &keySz, &keyType, &keyTypeSz, &isPrivate, NULL);
+    AssertIntEQ(ret, WS_SUCCESS);
+    AssertNotNull(key);
+    AssertIntGT(keySz, 0);
+    AssertStrEQ(keyType, "ssh-rsa");
+    AssertIntEQ(keyTypeSz, (word32)WSTRLEN("ssh-rsa"));
+    AssertFalse(isPrivate);
+    WFREE(key, NULL, DYNTYPE_FILE);
+
+    /* OpenSSH Format, ecdsa-sha2-nistp256, private, need alloc */
+    key = NULL;
+    keySz = 0;
+    keyType = NULL;
+    keyTypeSz = 0;
+    isPrivate = 0;
+    ret = wolfSSH_ReadKey_file(WOLFSSH_KEYS_PATH "id_ecdsa",
+            &key, &keySz, &keyType, &keyTypeSz, &isPrivate, NULL);
+    AssertIntEQ(ret, WS_SUCCESS);
+    AssertNotNull(key);
+    AssertIntGT(keySz, 0);
+    AssertStrEQ(keyType, "ecdsa-sha2-nistp256");
+    AssertIntEQ(keyTypeSz, (word32)WSTRLEN("ecdsa-sha2-nistp256"));
+    AssertTrue(isPrivate);
+    WFREE(key, NULL, DYNTYPE_FILE);
+
+    /* SSL DER Format, ecdsa-sha2-nistp256, private, need alloc */
+    key = NULL;
+    keySz = 0;
+    keyType = NULL;
+    keyTypeSz = 0;
+    isPrivate = 0;
+    ret = wolfSSH_ReadKey_file(WOLFSSH_KEYS_PATH "hansel-key-ecc.der",
+            &key, &keySz, &keyType, &keyTypeSz, &isPrivate, NULL);
+    AssertIntEQ(ret, WS_SUCCESS);
+    AssertNotNull(key);
+    AssertIntGT(keySz, 0);
+    AssertStrEQ(keyType, "ecdsa-sha2-nistp256");
+    AssertIntEQ(keyTypeSz, (word32)WSTRLEN("ecdsa-sha2-nistp256"));
+    AssertTrue(isPrivate);
+    WFREE(key, NULL, DYNTYPE_FILE);
+
+    /* OpenSSH Format, ecdsa-sha2-nistp256, public, need alloc */
+    key = NULL;
+    keySz = 0;
+    keyType = NULL;
+    keyTypeSz = 0;
+    isPrivate = 0;
+    ret = wolfSSH_ReadKey_file(WOLFSSH_KEYS_PATH "id_ecdsa.pub",
+            &key, &keySz, &keyType, &keyTypeSz, &isPrivate, NULL);
+    AssertIntEQ(ret, WS_SUCCESS);
+    AssertNotNull(key);
+    AssertIntGT(keySz, 0);
+    AssertStrEQ(keyType, "ecdsa-sha2-nistp256");
+    AssertIntEQ(keyTypeSz, (word32)WSTRLEN("ecdsa-sha2-nistp256"));
+    AssertFalse(isPrivate);
+    WFREE(key, NULL, DYNTYPE_FILE);
+
+    /* OpenSSH Format, ssh-rsa, private, no alloc */
+    keyCheck = (byte*)WMALLOC(KEY_BUF_SZ, NULL, DYNTYPE_FILE);
+    AssertNotNull(keyCheck);
+    key = keyCheck;
+    keySz = KEY_BUF_SZ;
+    keyType = NULL;
+    keyTypeSz = 0;
+    isPrivate = 0;
+    ret = wolfSSH_ReadKey_file(WOLFSSH_KEYS_PATH "id_rsa",
+            &key, &keySz, &keyType, &keyTypeSz, &isPrivate, NULL);
+    AssertIntEQ(ret, WS_SUCCESS);
+    AssertTrue(key == keyCheck);
+    AssertIntGT(keySz, 0);
+    AssertStrEQ(keyType, "ssh-rsa");
+    AssertIntEQ(keyTypeSz, (word32)WSTRLEN("ssh-rsa"));
+    AssertTrue(isPrivate);
+    WFREE(keyCheck, NULL, DYNTYPE_FILE);
+}
+
+
 #ifdef WOLFSSH_SCP
 
 static int my_ScpRecv(WOLFSSH* ssh, int state, const char* basePath,
@@ -1100,6 +1230,7 @@ int wolfSSH_ApiTest(int argc, char** argv)
     test_wolfSSH_CTX_UsePrivateKey_buffer();
     test_wolfSSH_CTX_UseCert_buffer();
     test_wolfSSH_CertMan();
+    test_wolfSSH_ReadKey();
 
     /* SCP tests */
     test_wolfSSH_SCP_CB();

tests/keys.h.in

@@ -0,0 +1,31 @@
+/* keys.h.in
+ *
+ * Copyright (C) 2014-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSH.
+ *
+ * wolfSSH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with wolfSSH.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * The keys header provides the path to the source's keys directory so
+ * that VPATH builds will work.
+ */
+
+#ifndef WOLFSSH_TESTS_KEYS_H
+#define WOLFSSH_TESTS_KEYS_H
+
+#define WOLFSSH_KEYS_PATH "@abs_top_srcdir@/keys/"
+
+#endif /* WOLFSSH_TESTS_KEYS_H */