Merge pull request wolfSSL#203 from miyazakh/f-636_RSAwrong_var

dgarske · web-flow · commit 7003f0894807 · 2026-03-16T15:44:20.000-07:00
f-636: fix store-RSA-exp-wrong-var
diff --git a/src/genkey/clu_genkey_setup.c b/src/genkey/clu_genkey_setup.c
@@ -252,7 +252,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
                 else {
                     for (cur = argv[ret+1]; *cur && isdigit(*cur); ++cur);
                     if (*cur == '\0') {
-                        sizeArg = XATOI(argv[ret+1]);
+                        expArg = XATOI(argv[ret+1]);
                     }
                     else {
                         WOLFCLU_LOG(WOLFCLU_L0, "Invalid -exponent (%s), using 65537",
@@ -453,7 +453,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         ret = wolfCLU_checkForArg("-height", 7, argc, argv);
         if (ret > 0 || argv[ret+1] != NULL) {
             WOLFCLU_LOG(WOLFCLU_L0, "Height: %s", argv[ret+1]);
-            
+
             if (XSTRNCMP(argv[ret+1], "20", 2) == 0
                 || XSTRNCMP(argv[ret+1], "40", 2) == 0
                 || XSTRNCMP(argv[ret+1], "60", 2) == 0) {
@@ -475,7 +475,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         ret = wolfCLU_checkForArg("-layer", 6, argc, argv);
         if (ret > 0 || argv[ret+1] != NULL) {
             WOLFCLU_LOG(WOLFCLU_L0, "Layer: %s", argv[ret+1]);
-            
+
             switch (height) {
                 case 20:
                     if (XSTRNCMP(argv[ret+1], "2", 1) == 0) {
@@ -549,7 +549,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         }
 
         xmssmtParam[XMSSMT_NAME_MAX_LEN] = '\0';
-        
+
         /* check XMSS Param Length */
         WOLFCLU_LOG(WOLFCLU_L0, "XMSS^MT Param: %s", xmssmtParam);
         if (!(XSTRLEN(xmssmtParam) == XMSSMT_NAME_MIN_LEN
@@ -612,7 +612,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         ret = wolfCLU_checkForArg("-height", 7, argc, argv);
         if (ret > 0 || argv[ret+1] != NULL) {
             WOLFCLU_LOG(WOLFCLU_L0, "Height: %s", argv[ret+1]);
-            
+
             if (XSTRNCMP(argv[ret+1], "10", 2) == 0) {
                 XMEMCPY(xmssParam + xmssHeadLen, "10_256", hLen);
             }
@@ -636,7 +636,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         }
 
         xmssParam[XMSS_NAME_LEN] = '\0';
-        
+
         /* check XMSS Param Length */
         WOLFCLU_LOG(WOLFCLU_L0, "XMSS Param: %s", xmssParam);
         if (XSTRLEN(xmssParam) != XMSS_NAME_LEN) {
diff --git a/tests/genkey_sign_ver/genkey-sign-ver-test.sh b/tests/genkey_sign_ver/genkey-sign-ver-test.sh
@@ -176,6 +176,14 @@ DERPEMRAW="der"
 VERIFYOUTNAME="rsa-sigout"
 gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME}
 
+# Regression test: -exponent value must not overwrite -size (was stored in
+# sizeArg instead of expArg, corrupting the key size).
+./wolfssl -genkey rsa -size 2048 -exponent 65537 -out rsakey_exp \
+          -outform der -output KEYPAIR
+RESULT=$?
+[ $RESULT -ne 0 ] && printf '%s\n' "Failed rsa genkey with explicit -exponent" && exit 99
+rm -f rsakey_exp.priv rsakey_exp.pub
+
 ALGORITHM="ed25519"
 KEYFILENAME="edkey"
 SIGOUTNAME="ed-signed.sig"
