Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key.

certs/3072/include.am

@@ -6,4 +6,5 @@ EXTRA_DIST += \
          certs/3072/client-cert.der \
          certs/3072/client-cert.pem \
 		 certs/3072/client-key.der \
-         certs/3072/client-key.pem
+         certs/3072/client-key.pem \
+		 certs/3072/client-keyPub.der

certs/client-cert-3072.pem

@@ -1,107 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 13102646209338242161 (0xb5d5f34e7d397471)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Validity
-            Not Before: Apr 13 15:23:09 2018 GMT
-            Not After : Jan  7 15:23:09 2021 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:af:48:ed:92:25:bb:e3:2a:ea:05:68:44:8d:c0:
-                    94:7f:06:d0:12:3e:ff:56:5d:7d:c9:75:a9:43:6a:
-                    0b:73:6b:ff:20:a2:d8:a7:fa:b5:28:04:72:7e:e8:
-                    16:a6:a9:03:61:e7:ec:85:67:38:6f:15:8c:81:91:
-                    ca:92:d5:5f:41:11:71:e8:81:76:20:b6:a1:60:35:
-                    84:33:9d:e6:a5:5d:75:c8:8f:df:03:9d:7e:c3:7c:
-                    89:08:be:95:8f:39:9c:37:06:8f:53:6b:0c:e2:63:
-                    dd:da:49:35:e4:52:8b:c1:69:00:12:c5:e2:74:b9:
-                    be:10:a3:23:96:af:fa:34:54:e3:31:db:ac:ec:58:
-                    2e:98:9e:11:1e:df:9f:a1:cc:44:1d:3e:b0:b4:37:
-                    79:8c:c3:f9:19:9c:ff:08:79:ba:4b:0b:1c:7b:a7:
-                    d6:d2:50:b6:d6:ba:af:95:50:97:10:9e:f9:6e:49:
-                    d1:9d:68:f5:95:2b:09:27:a3:68:76:2c:c1:a8:aa:
-                    ca:98:cb:c9:37:77:0c:fc:7c:3a:5d:81:56:5e:65:
-                    ee:f0:e0:1f:1c:b6:c6:f7:dd:19:18:6b:a5:5b:a8:
-                    71:7f:de:35:c9:19:26:b1:90:d6:6d:d0:b4:82:cd:
-                    5f:1a:0c:66:b5:de:94:d3:bd:09:ff:fb:96:f0:b5:
-                    32:fe:0e:c1:06:09:79:07:0e:cc:d9:f6:f4:d6:f6:
-                    7b:a3:bb:82:37:b3:54:02:66:4f:b9:8a:20:f4:53:
-                    35:23:ad:c8:40:c1:e0:50:98:51:20:52:ae:ef:a3:
-                    1a:1c:2b:18:8c:c3:88:2e:91:a4:c1:dd:7b:20:b7:
-                    9b:6a:6a:57:0a:59:f6:cd:b7:ea:42:d5:45:21:67:
-                    37:0f:57:b0:bf:f5:bd:01:30:2c:ad:08:3f:77:10:
-                    2c:b4:57:29:c0:8a:b3:b6:41:ea:c7:b3:96:19:9a:
-                    4c:31:f6:bc:ce:1e:48:dd:ce:88:a5:86:b1:d0:dd:
-                    a3:d4:7d:f8:d7:dc:d2:27:d0:45
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                CC:81:03:F3:0A:30:C9:1E:66:9D:CE:D4:9C:2A:2A:A7:EB:53:93:5B
-            X509v3 Authority Key Identifier: 
-                keyid:CC:81:03:F3:0A:30:C9:1E:66:9D:CE:D4:9C:2A:2A:A7:EB:53:93:5B
-                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:B5:D5:F3:4E:7D:39:74:71
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         a6:ac:1e:20:0c:ea:46:15:52:0e:14:39:36:f5:2a:44:39:e7:
-         c5:6b:42:1c:00:7a:ca:58:b5:d0:17:44:70:ea:5c:45:4d:99:
-         e9:2c:8d:89:1b:53:f9:5a:00:86:ed:b1:45:c4:71:c5:13:b2:
-         ce:79:b5:27:b1:92:f0:fd:c6:e2:7e:71:e9:a1:0d:92:b5:a9:
-         91:70:21:a0:32:60:05:98:0b:30:6e:26:81:4b:6a:90:e2:1b:
-         e0:7d:c4:e9:ae:84:cb:38:e7:00:1a:c8:9a:98:5e:80:d4:c2:
-         10:ad:4e:e8:9b:f9:e8:24:95:42:05:34:11:a8:2e:19:14:75:
-         f9:ed:f9:e7:ae:20:fd:a3:8b:5e:87:dd:b9:fa:46:eb:26:67:
-         61:40:7a:32:4f:55:d5:90:21:b7:dc:05:06:d8:a3:06:2e:44:
-         ac:28:8a:79:6a:bc:2a:ef:47:44:b6:7c:98:a7:6a:99:6e:0e:
-         55:23:a4:db:ff:95:f3:03:04:87:53:56:6d:95:c2:0e:61:90:
-         4a:ca:54:76:a9:41:2f:3f:22:8e:33:a3:b2:e3:b5:04:c0:bd:
-         f0:05:03:f1:6a:fa:39:b1:49:55:d4:bc:71:fb:22:79:4f:e5:
-         68:fe:c7:e1:df:29:3b:26:82:a3:eb:a6:ba:0a:9e:c3:ef:53:
-         a1:75:16:ce:2c:0b:8b:5d:a0:26:43:00:15:0f:12:72:ed:de:
-         62:91:5c:83:c8:a2:b9:9d:be:f4:1f:5a:44:be:d2:86:0f:7c:
-         11:16:1d:34:67:ef:03:2b:ff:81:83:cc:5d:a7:47:65:a5:cf:
-         56:9f:e5:57:33:a0:3f:03:e9:48:46:e9:4c:6c:d2:b4:10:f0:
-         0c:1f:ea:32:d1:6b:cb:97:27:ca:3b:24:52:21:c5:e3:ca:c3:
-         c1:83:d7:91:03:61:20:af:e2:2c:94:fb:a2:39:16:6a:2f:78:
-         f3:d7:ad:a7:a6:e1:7e:c0:98:2c:56:a1:84:14:b8:37:60:d3:
-         e8:ef:1c:3e:69:2b
------BEGIN CERTIFICATE-----
-MIIFyjCCBDKgAwIBAgIJALXV8059OXRxMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
-A1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFtbWluZy0zMDcyMRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
-BgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3MjEY
-MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr0jtkiW7
-4yrqBWhEjcCUfwbQEj7/Vl19yXWpQ2oLc2v/IKLYp/q1KARyfugWpqkDYefshWc4
-bxWMgZHKktVfQRFx6IF2ILahYDWEM53mpV11yI/fA51+w3yJCL6VjzmcNwaPU2sM
-4mPd2kk15FKLwWkAEsXidLm+EKMjlq/6NFTjMdus7FgumJ4RHt+focxEHT6wtDd5
-jMP5GZz/CHm6Swsce6fW0lC21rqvlVCXEJ75bknRnWj1lSsJJ6NodizBqKrKmMvJ
-N3cM/Hw6XYFWXmXu8OAfHLbG990ZGGulW6hxf941yRkmsZDWbdC0gs1fGgxmtd6U
-070J//uW8LUy/g7BBgl5Bw7M2fb01vZ7o7uCN7NUAmZPuYog9FM1I63IQMHgUJhR
-IFKu76MaHCsYjMOILpGkwd17ILebampXCln2zbfqQtVFIWc3D1ewv/W9ATAsrQg/
-dxAstFcpwIqztkHqx7OWGZpMMfa8zh5I3c6IpYax0N2j1H3419zSJ9BFAgMBAAGj
-ggEHMIIBAzAdBgNVHQ4EFgQUzIED8wowyR5mnc7UnCoqp+tTk1swgdMGA1UdIwSB
-yzCByIAUzIED8wowyR5mnc7UnCoqp+tTk1uhgaSkgaEwgZ4xCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3
-b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1taW5nLTMwNzIxGDAWBgNVBAMM
-D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
-bYIJALXV8059OXRxMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAKas
-HiAM6kYVUg4UOTb1KkQ558VrQhwAespYtdAXRHDqXEVNmeksjYkbU/laAIbtsUXE
-ccUTss55tSexkvD9xuJ+cemhDZK1qZFwIaAyYAWYCzBuJoFLapDiG+B9xOmuhMs4
-5wAayJqYXoDUwhCtTuib+egklUIFNBGoLhkUdfnt+eeuIP2ji16H3bn6RusmZ2FA
-ejJPVdWQIbfcBQbYowYuRKwoinlqvCrvR0S2fJinapluDlUjpNv/lfMDBIdTVm2V
-wg5hkErKVHapQS8/Io4zo7LjtQTAvfAFA/Fq+jmxSVXUvHH7InlP5Wj+x+HfKTsm
-gqPrproKnsPvU6F1Fs4sC4tdoCZDABUPEnLt3mKRXIPIormdvvQfWkS+0oYPfBEW
-HTRn7wMr/4GDzF2nR2Wlz1af5VczoD8D6UhG6Uxs0rQQ8Awf6jLRa8uXJ8o7JFIh
-xePKw8GD15EDYSCv4iyU+6I5FmovePPXraem4X7AmCxWoYQUuDdg0+jvHD5pKw==
------END CERTIFICATE-----

certs/client-key-3072.pem

@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCvSO2SJbvjKuoF
-aESNwJR/BtASPv9WXX3JdalDagtza/8gotin+rUoBHJ+6BamqQNh5+yFZzhvFYyB
-kcqS1V9BEXHogXYgtqFgNYQznealXXXIj98DnX7DfIkIvpWPOZw3Bo9TawziY93a
-STXkUovBaQASxeJ0ub4QoyOWr/o0VOMx26zsWC6YnhEe35+hzEQdPrC0N3mMw/kZ
-nP8IebpLCxx7p9bSULbWuq+VUJcQnvluSdGdaPWVKwkno2h2LMGoqsqYy8k3dwz8
-fDpdgVZeZe7w4B8ctsb33RkYa6VbqHF/3jXJGSaxkNZt0LSCzV8aDGa13pTTvQn/
-+5bwtTL+DsEGCXkHDszZ9vTW9nuju4I3s1QCZk+5iiD0UzUjrchAweBQmFEgUq7v
-oxocKxiMw4gukaTB3Xsgt5tqalcKWfbNt+pC1UUhZzcPV7C/9b0BMCytCD93ECy0
-VynAirO2QerHs5YZmkwx9rzOHkjdzoilhrHQ3aPUffjX3NIn0EUCAwEAAQKCAYBz
-146qd6WkjEf9KtujkxKQoMACTwAQ49itu8UReJP4w/boarckzNvMhqPkmx3dJvXF
-TrFRuNXjFCq3ttJaGAnLxuuw7V5UYF5mZvfn5QL5ZrrgwbRxfzS3nSYzUUEmVryW
-4Q734lexhq6oBJpJOwSB3hLeVUlEOz0RYb+zZrnEvBUqbjPqPp0M3+oQrVmiZIzf
-hv7hG4iJLzsBYnBp+YjU75LzZgjjFdTANMC1vX0Yzvepm7+ceDFVVAvI1oXDE/AQ
-ABIzyDGk4qmypwLJ7jqAQcZVpIltJRVYBqq7UE7ZlsJ3Z08Vy0XkTyYliogWlPYW
-c612Jcabp8z6P1KTcWGo2EfKmj8kRqs9Z3y1AFr3Zsd3KwscjgoKl/C8JnKlPYQo
-tsnRhJneqXz61fa11kgRo7KWrS3gzEc9R5FpeYR8zU80ycXNC3LT/r9kIbpEHe6u
-ju5S7sINTMd6GMz5uXOzoSiojZeHLgYatvMpoEMpSTJrYZEd8iHg+lbQr8rafgEC
-gcEA46EqlOF9sTa3JP25P51+Dpd4LAwR81b2LKLNEYYH8uRnlkM126DqA6/WFy7O
-xwIV3xr2irYZXEF/pZDGegxxcNTVmtHTjtXuxKiXBGzxyIgDsAHa8ZNLmA37W1cn
-t2TaPqeh89eh8FZDHjKsRN6OWBreNk9iSouZOEkK/7KwDObgYI1vdOMKgKvjdIri
-XTSmltfmRmfbcp6z56ViboSLkh29mRzijokLGo9xM69uTzDKMh8UFoyzUfv6gTfw
-rRUtAoHBAMUhofp9yqStYepPL/hvNuPsr/CMwFxzYHZT6LeVE3fdH3w5pjK6XeAp
-AGe+2YcKqtpso6alnfnnTH4XhGnGO0wCTxQDGkWX0Xs8bt2eiHyG0Rn6Ry6/r1hr
-DrAEYbXDuFm0MCC11glJhWvCaWvKhNzsWc7WtQB6+QVgk1ek8Ich4DnC9TtbG4SK
-agAsDBrtbJbOgWa9BA1vLIkriuAfzOYTLQevAViIzmvfIKpM7BcyPmBfaMWM/gPO
-jIGKJNjGeQKBwGVWQpa1LDfQnAgjzGy9uHjWhfFWDke+1ylX8ON0P+WqOVNz6G42
-XPf3N+BqPjPqgcIpRsjJ+NBReHpE0ZdUIsyQc+fQsdZM91clltWpipozszCQIuCZ
-KnYvA0/OpSfIBkEOb9MWlElinc670GV4jvY6P+L9xExbiYK9QeBDtIyJ3CofzRbE
-XNCbtU8U5WGJJwDQbPu7EL8eWAkwX3nEGD6cbuPTMCk0aXURltvjpcArgFh/7Xl8
-efhtrUAJn2PuoQKBwAvHcrJRCebFJXCmwqsJmjIMVob9IhFkI4NuiB1QHxWudM8r
-cq7dS/a0/H02fjD/hi3/B9hRVRs1ovB130eivLBSAv+jH9LAu5etiMJdUrJ+K8ht
-mAtHEOcrnnkOCfiedUmG5slNlDiB2CMUPtBeDYpV5Rfi5HXe4zpbBvLZvDWW5JsO
-9zBQxVgqHSNdfmutfCuWs0y8Rp224uZfX7D8tXWZ97rZzi7IHe18K6uBZSoNqoR/
-rvb+8b6wfNzQsFrzoQKBwF69oVncsP7Nv8awy6D/MppuhwCi24vFTa7h4BfCQxS5
-vlWYdjsQZNyRH2mpEWiHMQuTXXFX2c5JYJx4cKe0MkqtTESfC4APkjShTCxxGrA3
-TfyWsZ0dO6XdWKIJuRBD9dcrOTt/PYYBdJveFEja4ts6taOH78whvX7bVA5SmpSY
-l2i77spfstkfUGgtEJipZbUs0ZSHSRVbSpgxOIFwIhRe+wSfN8t8e+g8PvhX1kM9
-YHkIqaBL1AXGLFCRYm4FIA==
------END PRIVATE KEY-----

certs/include.am

@@ -50,8 +50,6 @@ EXTRA_DIST += \
 	     certs/ecc-privOnlyKey.pem \
 	     certs/ecc-privOnlyCert.pem \
 	     certs/dh3072.pem \
-	     certs/client-cert-3072.pem \
-	     certs/client-key-3072.pem \
 	     certs/client-cert-ext.pem
 
 EXTRA_DIST += \

certs/renewcerts.sh

@@ -127,25 +127,7 @@ run_renewcerts(){
     mv tmp.pem client-cert.pem
     echo "End of section"
     echo "---------------------------------------------------------------------"
-    ############################################################
-    #### update the self-signed (3072-bit) client-cert.pem #####
-    ############################################################
-    echo "Updating 3072-bit client-cert.pem"
-    echo ""
-    #pipe the following arguments to openssl req...
-    echo -e "US\\nMontana\\nBozeman\\nwolfSSL_3072\\nProgramming-3072\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -newkey rsa:3072 -keyout client-key-3072.pem -config ./wolfssl.cnf -nodes -out client-cert-3072.csr
-    check_result $? "Step 1"
 
-
-    openssl x509 -req -in client-cert-3072.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key-3072.pem -out client-cert-3072.pem
-    check_result $? "Step 2"
-    rm client-cert-3072.csr
-
-    openssl x509 -in client-cert-3072.pem -text > tmp.pem
-    check_result $? "Step 3"
-    mv tmp.pem client-cert-3072.pem
-    echo "End of section"
-    echo "---------------------------------------------------------------------"
     ############################################################
     #### update the self-signed (1024-bit) client-cert.pem #####
     ############################################################
@@ -183,6 +165,7 @@ run_renewcerts(){
     mv ./3072/tmp.pem ./3072/client-cert.pem
 
     openssl rsa -in ./3072/client-key.pem -outform der -out ./3072/client-key.der
+    openssl rsa -inform pem -in ./3072/client-key.pem -outform der -out ./3072/client-keyPub.der -pubout
     openssl x509 -in ./3072/client-cert.pem -outform der -out ./3072/client-cert.der
 
     echo "End of section"

gencertbuf.pl

@@ -82,6 +82,7 @@ my @fileList_3072 = (
         [ "./certs/dsa3072.der", "dsa_key_der_3072" ],
         [ "./certs/rsa3072.der", "rsa_key_der_3072" ],
         [ "./certs/3072/client-key.der", "client_key_der_3072" ],
+        [ "./certs/3072/client-keyPub.der", "client_keypub_der_3072" ],
         [ "./certs/3072/client-cert.der", "client_cert_der_3072" ],
         );
 

tests/test.conf

@@ -1961,13 +1961,13 @@
 # server TLSv1.2 RSA 3072-bit DH 3072-bit
 -v 3
 -D certs/dh3072.pem
--A certs/client-cert-3072.pem
+-A certs/3072/client-cert.pem
 
 # client TLSv1.2 RSA 3072-bit DH 3072-bit
 -v 3
 -D certs/dh3072.pem
--c certs/client-cert-3072.pem
--k certs/client-key-3072.pem
+-c certs/3072/client-cert.pem
+-k certs/3072/client-key.pem
 
 # server good certificate common name
 -v 3

wolfcrypt/test/test.c

@@ -10986,8 +10986,8 @@ int rsa_no_pad_test(void)
     word32 idx     = 0;
     word32 outSz   = RSA_TEST_BYTES;
     word32 plainSz = RSA_TEST_BYTES;
-#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) \
-                                    && !defined(NO_FILESYSTEM)
+#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
+    !defined(USE_CERT_BUFFERS_3072) && !defined(NO_FILESYSTEM)
     XFILE  file;
 #endif
     DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
@@ -11021,6 +11021,8 @@ int rsa_no_pad_test(void)
     XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
 #elif defined(USE_CERT_BUFFERS_2048)
     XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
+#elif defined(USE_CERT_BUFFERS_3072)
+    XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
 #elif !defined(NO_FILESYSTEM)
     file = XFOPEN(clientKey, "rb");
     if (!file) {
@@ -12487,6 +12489,9 @@ int rsa_test(void)
 #elif defined(USE_CERT_BUFFERS_2048)
     XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
     bytes = sizeof_client_keypub_der_2048;
+#elif defined(USE_CERT_BUFFERS_2048)
+    XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
+    bytes = sizeof_client_keypub_der_3072;
 #else
     file = XFOPEN(clientKeyPub, "rb");
     if (!file) {
@@ -15765,7 +15770,7 @@ int openssl_pkey1_test(void)
 {
     int ret = 0;
 #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    !defined(NO_SHA) && !defined(USE_CERT_BUFFERS_1024)
+    !defined(NO_SHA)
     EVP_PKEY_CTX* dec = NULL;
     EVP_PKEY_CTX* enc = NULL;
     EVP_PKEY* pubKey  = NULL;
@@ -15776,16 +15781,31 @@ int openssl_pkey1_test(void)
     const unsigned char* clikey;
     unsigned char tmp[FOURK_BUF];
     long cliKeySz;
-    unsigned char cipher[256];
-    unsigned char plain[256];
+    unsigned char cipher[RSA_TEST_BYTES];
+    unsigned char plain[RSA_TEST_BYTES];
     size_t outlen = sizeof(cipher);
+    int expKeyLen = 2048;
 
-#if defined(USE_CERT_BUFFERS_2048)
+#if defined(USE_CERT_BUFFERS_1024)
+    XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
+    cliKeySz = (long)sizeof_client_key_der_1024;
+
+    x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
+            sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
+    expKeyLen = 1024;
+#elif defined(USE_CERT_BUFFERS_2048)
     XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
     cliKeySz = (long)sizeof_client_key_der_2048;
 
     x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
             sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
+#elif defined(USE_CERT_BUFFERS_3072)
+    XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
+    cliKeySz = (long)sizeof_client_key_der_3072;
+
+    x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
+            sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
+    expKeyLen = 3072;
 #else
     XFILE f;
 
@@ -15829,12 +15849,12 @@ int openssl_pkey1_test(void)
     }
 
     /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
-    if (EVP_PKEY_bits(prvKey) != 2048) {
+    if (EVP_PKEY_bits(prvKey) != expKeyLen) {
         ret = -7705;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_size(prvKey) != 256) {
+    if (EVP_PKEY_size(prvKey) != expKeyLen/8) {
         ret = -7706;
         goto openssl_pkey1_test_done;
     }

wolfssl/certs_test.h

@@ -2491,6 +2491,55 @@ static const unsigned char client_key_der_3072[] =
 };
 static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072);
 
+/* ./certs/3072/client-keyPub.der, 3072-bit */
+static const unsigned char client_keypub_der_3072[] =
+{
+        0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+        0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
+        0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, 0x01, 0x8A, 0x02, 0x82,
+        0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8,
+        0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A,
+        0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0,
+        0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73,
+        0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA,
+        0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA,
+        0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3,
+        0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02,
+        0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F,
+        0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B,
+        0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06,
+        0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C,
+        0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA,
+        0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A,
+        0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06,
+        0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27,
+        0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06,
+        0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2,
+        0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF,
+        0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5,
+        0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79,
+        0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8,
+        0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78,
+        0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9,
+        0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD,
+        0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB,
+        0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA,
+        0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61,
+        0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3,
+        0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1,
+        0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26,
+        0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC,
+        0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B,
+        0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73,
+        0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7,
+        0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA,
+        0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45,
+        0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE,
+        0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01,
+        0x00, 0x01
+};
+static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072);
+
 /* ./certs/3072/client-cert.der, 3072-bit */
 static const unsigned char client_cert_der_3072[] =
 {