Browse Source

wolfSSL Compatibility support for OpenVPN

* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
David Garske 4 years ago
parent
commit
2bae1d27a1

+ 2 - 1
.gitignore

@@ -324,10 +324,11 @@ doc/pdf
 # XCODE Index
 IDE/XCODE/Index
 
-# ARM DS-5
+# ARM DS-5 && Eclipse
 \.settings/
 \.cproject
 \.project
+\.autotools
 
 # Renesas e2studio
 /IDE/Renesas/e2studio/Projects/test/src/smc_gen

BIN
certs/client-cert-ext.der


+ 93 - 0
certs/client-cert-ext.pem

@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            7e:ff:c6:42:4f:83:8b:1f:1a:9d:4e:2f:ba:27:9f:97:d7:e2:ea:ab
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Sep 20 14:13:15 2019 GMT
+            Not After : Jun 16 14:13:15 2022 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+            X509v3 Authority Key Identifier: 
+                keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:7E:FF:C6:42:4F:83:8B:1F:1A:9D:4E:2F:BA:27:9F:97:D7:E2:EA:AB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Alternative Name: 
+                DNS:example.com
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         46:c2:a5:a6:32:84:b0:68:03:41:de:37:da:c3:b8:46:71:3a:
+         31:aa:1a:f0:81:28:c3:07:37:61:17:7d:10:45:ee:ef:cd:c0:
+         19:2f:9e:95:01:5d:d6:09:13:8e:19:ea:da:27:75:66:21:e1:
+         bd:f8:97:a0:b5:8b:9e:71:13:26:75:50:34:f5:ac:8e:f8:d3:
+         89:d7:52:0a:f2:5f:3e:07:c2:02:e0:36:73:75:30:a9:5a:ba:
+         24:ef:fb:28:08:0d:31:53:84:3d:fd:1d:92:f9:15:da:01:7c:
+         20:70:d5:b6:0d:ea:3a:f1:85:90:b1:c3:b7:71:20:cb:03:22:
+         f3:8f:e5:02:4f:b1:77:1c:97:17:2c:3b:e9:41:1a:18:7c:89:
+         d9:8e:5f:34:6c:66:9c:61:79:f5:bd:df:68:2e:14:cc:11:d7:
+         e5:ce:9f:8a:0d:86:94:15:86:fa:32:0f:90:18:d1:2d:df:16:
+         56:58:09:25:91:21:c2:d3:f6:7e:c8:49:aa:00:d7:61:c7:9d:
+         d2:23:b1:7f:96:b0:79:6e:8b:09:38:2f:13:e1:48:9e:9a:28:
+         d4:08:44:73:29:52:49:eb:9d:fb:a6:f8:1f:2e:c5:d3:31:52:
+         86:ea:18:99:1d:73:ab:4b:f3:7c:6f:f5:84:c3:96:fb:02:36:
+         d9:13:64:8b
+-----BEGIN CERTIFICATE-----
+MIIFCDCCA/CgAwIBAgIUfv/GQk+Dix8anU4vuiefl9fi6qswDQYJKoZIhvcNAQEL
+BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
+aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xOTA5MjAxNDEzMTVaFw0yMjA2MTYxNDEz
+MTVaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
+bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
+CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDDA9Er/jmkMkU7U8iEKyp8dJq9qipSB0fWpjayBzKO0Lppe8bDRJ7UgUj9
+LWiii2e7oXXINixK0hv3i7rPDfnv7PGBHnubA0eav2XMf2UkaaboFIlb5DT3xbAU
+k/Vnezp6eOEBVlaRphNCjdI8QJxM79GG3zdRGwyhO/Xxo0o15OHOlt8bfr9Ol9AQ
+6KgIMIGvIAtDFMV0Z7Qygm+NhsKIQJk2g7oeQHIiF9dSZSRzsM7vGc2u/3hse8AS
+A9ROcg1QbTujO6OZXp3I2QyFs9mK2VQm2236rLv/JUzE0Xn0cdOGQBgTsGO1ck4w
+xJeEhi1WL9cV93/ArvX8W+X7obrTAgMBAAGjggE6MIIBNjAdBgNVHQ4EFgQUM9hF
+Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
+JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
+DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
+EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUfv/GQk+Dix8anU4vuiefl9fi
+6qswDAYDVR0TBAUwAwEB/zAWBgNVHREEDzANggtleGFtcGxlLmNvbTAOBgNVHQ8B
+Af8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAEbCpaYyhLBoA0HeN9rDuEZxOjGq
+GvCBKMMHN2EXfRBF7u/NwBkvnpUBXdYJE44Z6tondWYh4b34l6C1i55xEyZ1UDT1
+rI7404nXUgryXz4HwgLgNnN1MKlauiTv+ygIDTFThD39HZL5FdoBfCBw1bYN6jrx
+hZCxw7dxIMsDIvOP5QJPsXcclxcsO+lBGhh8idmOXzRsZpxhefW932guFMwR1+XO
+n4oNhpQVhvoyD5AY0S3fFlZYCSWRIcLT9n7ISaoA12HHndIjsX+WsHluiwk4LxPh
+SJ6aKNQIRHMpUknrnfum+B8uxdMxUobqGJkdc6tL83xv9YTDlvsCNtkTZIs=
+-----END CERTIFICATE-----

+ 5 - 2
certs/include.am

@@ -51,7 +51,9 @@ EXTRA_DIST += \
 	     certs/ecc-privOnlyCert.pem \
 	     certs/dh3072.pem \
 	     certs/client-cert-3072.pem \
-	     certs/client-key-3072.pem
+	     certs/client-key-3072.pem \
+	     certs/client-cert-ext.pem
+
 EXTRA_DIST += \
 	     certs/ca-key.der \
 	     certs/ca-cert.der \
@@ -75,7 +77,8 @@ EXTRA_DIST += \
 	     certs/server-ecc.der \
 	     certs/server-ecc-self.der \
 	     certs/server-ecc-rsa.der \
-	     certs/server-cert-chain.der
+	     certs/server-cert-chain.der \
+	     certs/client-cert-ext.der
 
 # ECC CA prime256v1
 EXTRA_DIST += \

+ 1 - 0
certs/renewcerts/wolfssl.cnf

@@ -124,6 +124,7 @@ authorityKeyIdentifier=keyid,issuer
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints=CA:true
+subjectAltName=DNS:example.com
 
 #wolfssl extensions for intermediate CAs
 [wolfssl_opts_ICA]

+ 36 - 0
src/bio.c

@@ -1306,6 +1306,42 @@ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
       return 0;
 }
 
+int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio)
+{
+    int len;
+#ifndef NO_FILESYSTEM
+    long memSz;
+    XFILE file;
+    long curr = 0;
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_BIO_get_len");
+
+    if ((len = wolfSSL_BIO_pending(bio)) > 0) {
+    }
+#ifndef NO_FILESYSTEM
+    else if (bio->type == WOLFSSL_BIO_FILE) {
+        if (wolfSSL_BIO_get_fp(bio, &file) != WOLFSSL_SUCCESS)
+            len = BAD_FUNC_ARG;
+        if (len == 0) {
+            curr = XFTELL(file);
+            if (curr < 0) {
+                len = WOLFSSL_BAD_FILE;
+            }
+            if (XFSEEK(file, 0, XSEEK_END) != 0)
+                len = WOLFSSL_BAD_FILE;
+        }
+        if (len == 0) {
+            memSz = XFTELL(file) - curr;
+            len = (int)memSz;
+            if (XFSEEK(file, curr, SEEK_SET) != 0)
+                len = WOLFSSL_BAD_FILE;
+        }
+    }
+#endif
+    return len;
+}
+
 
 void wolfSSL_BIO_set_callback(WOLFSSL_BIO *bio, wolf_bio_info_cb callback_func)
 {

File diff suppressed because it is too large
+ 456 - 332
src/ssl.c


+ 437 - 122
tests/api.c

@@ -1837,7 +1837,7 @@ static void test_wolfSSL_ECDSA_SIG(void)
 /* Test function for wolfSSL_EVP_get_cipherbynid.
  */
 
-# if defined(OPENSSL_EXTRA)
+#ifdef OPENSSL_EXTRA
 static void test_wolfSSL_EVP_get_cipherbynid(void)
 {
 #ifndef NO_AES
@@ -1914,7 +1914,7 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
     #else
         AssertNull(c);
     #endif
-#endif
+#endif /* !NO_AES */
 
 #ifndef NO_DES3
     AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
@@ -1925,7 +1925,7 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
 #ifdef WOLFSSL_DES_ECB
     AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
 #endif
-#endif /*NO_DES3*/
+#endif /* !NO_DES3 */
 
 #ifdef HAVE_IDEA
     AssertNotNull(strcmp("EVP_IDEA_CBC", wolfSSL_EVP_get_cipherbynid(34)));
@@ -1935,7 +1935,27 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
   AssertNull(wolfSSL_EVP_get_cipherbynid(1));
 
 }
-#endif
+
+static void test_wolfSSL_EVP_CIPHER_CTX()
+{
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+    const EVP_CIPHER *init = EVP_aes_128_cbc();
+    const EVP_CIPHER *test = NULL;
+    byte key[AES_128_KEY_SIZE] = {0};
+    byte iv[AES_IV_SIZE] = {0};
+
+    AssertNotNull(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
+    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
+    test = EVP_CIPHER_CTX_cipher(ctx);
+    AssertTrue(init == test);
+    AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
+
+    EVP_CIPHER_CTX_free(ctx);
+#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
+}
+#endif /* OPENSSL_EXTRA */
 
 /*----------------------------------------------------------------------------*
  | IO
@@ -4337,7 +4357,7 @@ static void test_wolfSSL_PKCS12(void)
     WOLFSSL_X509     *cert;
     WOLFSSL_X509     *x509;
     WOLFSSL_X509     *tmp;
-    WOLF_STACK_OF(WOLFSSL_X509) *ca;
+    STACK_OF(WOLFSSL_X509) *ca;
 
     printf(testingFmt, "wolfSSL_PKCS12()");
 
@@ -4568,6 +4588,61 @@ static void test_wolfSSL_PKCS12(void)
     #define TEST_PKCS8_ENC
 #endif
 
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
+    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
+{
+    (void)passwd;
+    (void)sz;
+    (void)rw;
+    (void)userdata;
+    Fail(("Password callback should not be called by default"),
+            ("Password callback was called without attempting "
+             "to first decipher private key without password."));
+    return 0;
+}
+#endif
+
+static void test_wolfSSL_no_password_cb(void)
+{
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
+    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+    WOLFSSL_CTX* ctx;
+    byte buffer[FOURK_BUF];
+    const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
+    const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
+    XFILE f;
+    int bytes;
+
+    printf(testingFmt, "test_wolfSSL_no_password_cb()");
+
+#ifndef NO_WOLFSSL_CLIENT
+    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
+#else
+    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
+#endif
+    wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
+
+    AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
+    bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
+    XFCLOSE(f);
+    AssertIntLE(bytes, sizeof(buffer));
+    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
+                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+    AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
+    bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
+    XFCLOSE(f);
+    AssertIntLE(bytes, sizeof(buffer));
+    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
+                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+
+    wolfSSL_CTX_free(ctx);
+
+    printf(resultFmt, passed);
+#endif
+}
+
 #ifdef TEST_PKCS8_ENC
 /* for PKCS8 test case */
 static WC_INLINE int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
@@ -18447,11 +18522,46 @@ static void test_wolfSSL_X509_NAME(void)
     AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
     XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
 
+
+    AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
+    AssertIntEQ(X509_NAME_cmp(a, b), 0);
+    X509_NAME_free((X509_NAME*)b);
+
     X509_free(x509);
 
     printf(resultFmt, passed);
     #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
 }
+
+static void test_wolfSSL_X509_INFO(void)
+{
+#if defined(OPENSSL_ALL)
+    STACK_OF(X509_INFO) *info_stack;
+    X509_INFO *info;
+    BIO *cert;
+    int i;
+
+    printf(testingFmt, "wolfSSL_X509_INFO");
+
+    AssertNotNull(cert = BIO_new_file(cliCertFileExt, "r"));
+    AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
+    for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
+        AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
+        AssertNotNull(info->x509);
+        AssertNull(info->crl);
+    }
+    sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
+    BIO_free(cert);
+
+    AssertNotNull(cert = BIO_new_file(cliCertFileExt, "r"));
+    AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
+    sk_X509_INFO_free(info_stack);
+    BIO_free(cert);
+
+    printf(resultFmt, passed);
+#endif
+}
+
 static void test_wolfSSL_X509_subject_name_hash(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
@@ -18501,6 +18611,7 @@ static void test_wolfSSL_DES(void)
 
     /* set odd parity for success case */
     DES_set_odd_parity(&myDes);
+    AssertIntEQ(DES_check_key_parity(&myDes), 1);
     printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]);
     AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
     for (i = 0; i < sizeof(DES_key_schedule); i++) {
@@ -18685,7 +18796,8 @@ static void test_wolfSSL_certs(void)
     X509*  x509;
     WOLFSSL*     ssl;
     WOLFSSL_CTX* ctx;
-    WOLF_STACK_OF(ASN1_OBJECT)* sk;
+    STACK_OF(ASN1_OBJECT)* sk;
+    ASN1_BIT_STRING* bit_str;
     int crit;
 
     printf(testingFmt, "wolfSSL_certs()");
@@ -18712,7 +18824,7 @@ static void test_wolfSSL_certs(void)
     #endif /* HAVE_PK_CALLBACKS */
 
     /* create and use x509 */
-    x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
+    x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
     AssertNotNull(x509);
     AssertIntEQ(SSL_use_certificate(ssl, x509), WOLFSSL_SUCCESS);
 
@@ -18746,101 +18858,101 @@ static void test_wolfSSL_certs(void)
     #endif /* !NO_SHA && !NO_SHA256*/
 
     /* test and checkout X509 extensions */
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_basic_constraints,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_basic_constraints,
             &crit, NULL);
     AssertNotNull(sk);
     AssertIntEQ(crit, 0);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_key_usage,
-            &crit, NULL);
-    /* AssertNotNull(sk); NID not yet supported */
-    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    bit_str = (ASN1_BIT_STRING*)X509_get_ext_d2i(x509, NID_key_usage, &crit, NULL);
+    AssertNotNull(bit_str);
+    AssertIntEQ(crit, 1);
+    AssertIntEQ(bit_str->type, NID_key_usage);
+    ASN1_BIT_STRING_free(bit_str);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
             &crit, NULL);
     /* AssertNotNull(sk); no extension set */
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
             NID_authority_key_identifier, &crit, NULL);
     AssertNotNull(sk);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
             NID_private_key_usage_period, &crit, NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name,
             &crit, NULL);
     /* AssertNotNull(sk); no alt names set */
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_GENERAL_NAME_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_issuer_alt_name,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_issuer_alt_name,
             &crit, NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_info_access, &crit,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_info_access, &crit,
             NULL);
     /* AssertNotNull(sk); no auth info set */
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_sinfo_access,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_sinfo_access,
             &crit, NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_name_constraints,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_name_constraints,
             &crit, NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
             NID_certificate_policies, &crit, NULL);
     #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
         AssertNull(sk);
     #else
         /* AssertNotNull(sk); no cert policy set */
     #endif
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_mappings,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_mappings,
             &crit, NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_constraints,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_constraints,
             &crit, NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_inhibit_any_policy,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_inhibit_any_policy,
             &crit, NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_tlsfeature, &crit,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_tlsfeature, &crit,
             NULL);
     /* AssertNotNull(sk); NID not yet supported */
     AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);
 
     /* test invalid cases */
     crit = 0;
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL);
     AssertNull(sk);
     AssertIntEQ(crit, -1);
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
             NULL, NULL);
     AssertNull(sk);
 
@@ -20196,7 +20308,7 @@ static void test_wolfSSL_X509_STORE_CTX(void)
     /* test X509_STORE_CTX_get/set_ex_data */
     {
         int i = 0, tmpData = 5;
-        int* tmpDataRet;
+        void* tmpDataRet;
         AssertNotNull(ctx = X509_STORE_CTX_new());
     #if defined(HAVE_EX_DATA) || defined(FORTRESS)
         for (i = 0; i < MAX_EX_DATA; i++) {
@@ -20204,7 +20316,7 @@ static void test_wolfSSL_X509_STORE_CTX(void)
                         WOLFSSL_SUCCESS);
             tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
             AssertNotNull(tmpDataRet);
-            AssertIntEQ(tmpData, *tmpDataRet);
+            AssertIntEQ(tmpData, *(int*)tmpDataRet);
         }
     #else
         AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
@@ -20387,18 +20499,27 @@ static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
 
 static void test_wolfSSL_CTX_set_client_CA_list(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
     !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX* ctx;
-    WOLF_STACK_OF(WOLFSSL_X509_NAME)* names = NULL;
-    WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_list = NULL;
+    X509_NAME* name = NULL;
+    STACK_OF(X509_NAME)* names = NULL;
+    STACK_OF(X509_NAME)* ca_list = NULL;
+    int i, names_len;
 
     printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    names = wolfSSL_load_client_CA_file(cliCertFile);
+    names = SSL_load_client_CA_file(cliCertFile);
     AssertNotNull(names);
-    wolfSSL_CTX_set_client_CA_list(ctx,names);
-    AssertNotNull(ca_list = wolfSSL_SSL_CTX_get_client_CA_list(ctx));
+    SSL_CTX_set_client_CA_list(ctx,names);
+    AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
+
+    AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
+    for (i=0; i<names_len; i++) {
+        AssertNotNull(name = sk_X509_NAME_value(names, i));
+        AssertIntEQ(sk_X509_NAME_find(names, name), i);
+    }
+
     wolfSSL_CTX_free(ctx);
     printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA  && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
@@ -20411,25 +20532,25 @@ static void test_wolfSSL_CTX_add_client_CA(void)
     WOLFSSL_CTX* ctx;
     WOLFSSL_X509* x509;
     WOLFSSL_X509* x509_a;
-    WOLF_STACK_OF(WOLFSSLX509_NAME)* ca_list;
+    STACK_OF(X509_NAME)* ca_list;
     int ret = 0;
 
     printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
-    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
     /* Add client cert */
-    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
+    AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
                                                       SSL_FILETYPE_PEM));
-    ret = wolfSSL_CTX_add_client_CA(ctx, x509);
-    AssertIntEQ(ret ,SSL_SUCCESS);
-    AssertNotNull(ca_list = wolfSSL_SSL_CTX_get_client_CA_list(ctx));
+    ret = SSL_CTX_add_client_CA(ctx, x509);
+    AssertIntEQ(ret, SSL_SUCCESS);
+    AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
     /* Add another client cert */
-    AssertNotNull(x509_a = wolfSSL_X509_load_certificate_file(cliCertFile,
+    AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
                                                         SSL_FILETYPE_PEM));
-    AssertIntEQ(wolfSSL_CTX_add_client_CA(ctx, x509_a),SSL_SUCCESS);
+    AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);
 
-    wolfSSL_X509_free(x509);
-    wolfSSL_X509_free(x509_a);
-    wolfSSL_CTX_free(ctx);
+    X509_free(x509);
+    X509_free(x509_a);
+    SSL_CTX_free(ctx);
 
     printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA  && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
@@ -21493,6 +21614,26 @@ static void test_wolfSSL_ASN1_STRING(void)
     #endif
 }
 
+static void test_wolfSSL_ASN1_BIT_STRING(void)
+{
+#ifdef OPENSSL_ALL
+    ASN1_BIT_STRING* str;
+
+    printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()");
+    AssertNotNull(str = ASN1_BIT_STRING_new());
+
+    AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
+    AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
+
+    ASN1_BIT_STRING_free(str);
+    printf(resultFmt, passed);
+#endif
+}
+
 
 static void test_wolfSSL_DES_ecb_encrypt(void)
 {
@@ -22331,7 +22472,7 @@ static void test_wolfSSL_ERR_print_errors(void)
 static void test_wolfSSL_HMAC(void)
 {
     #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
-    HMAC_CTX hmac;
+    HMAC_CTX* hmac;
     ENGINE* e = NULL;
     const unsigned char key[] = "simple test key";
     unsigned char hash[WC_MAX_DIGEST_SIZE];
@@ -22340,17 +22481,20 @@ static void test_wolfSSL_HMAC(void)
 
     printf(testingFmt, "wolfSSL_HMAC()");
 
-    HMAC_CTX_init(&hmac);
-    AssertIntEQ(HMAC_Init_ex(&hmac, (void*)key, (int)sizeof(key),
+    AssertNotNull(hmac = HMAC_CTX_new());
+    HMAC_CTX_init(hmac);
+    AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key),
                 EVP_sha256(), e), SSL_SUCCESS);
 
     /* re-using test key as data to hash */
-    AssertIntEQ(HMAC_Update(&hmac, key, (int)sizeof(key)), SSL_SUCCESS);
-    AssertIntEQ(HMAC_Update(&hmac, NULL, 0), SSL_SUCCESS);
-    AssertIntEQ(HMAC_Final(&hmac, hash, &len), SSL_SUCCESS);
+    AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
+    AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
+    AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
     AssertIntEQ(len, (int)WC_SHA256_DIGEST_SIZE);
+    AssertIntEQ(HMAC_size(hmac), WC_SHA256_DIGEST_SIZE);
 
-    HMAC_cleanup(&hmac);
+    HMAC_cleanup(hmac);
+    HMAC_CTX_free(hmac);
 #endif
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
@@ -22385,7 +22529,8 @@ static void test_wolfSSL_OBJ(void)
  * mode
  */
 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
-    !defined(HAVE_FIPS) && !defined(NO_SHA)
+    !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
+    defined(WOLFSSL_CERT_GEN)
     ASN1_OBJECT *obj = NULL;
     char buf[50];
 
@@ -22407,6 +22552,11 @@ static void test_wolfSSL_OBJ(void)
         "./certs/ca-ecc384-cert.der",
         #endif
         NULL};
+    ASN1_OBJECT *field_name_obj = NULL;
+    int lastpos = -1;
+    int tmp = -1;
+    ASN1_STRING *asn1 = NULL;
+    unsigned char *buf_dyn = NULL;
 
     PKCS12 *p12;
     int boolRet;
@@ -22442,6 +22592,26 @@ static void test_wolfSSL_OBJ(void)
         XFCLOSE(fp);
         AssertNotNull(x509Name = X509_get_issuer_name(x509));
         AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
+
+        /* Get the Common Name by using OBJ_txt2obj */
+        AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
+        do
+        {
+            lastpos = tmp;
+            tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
+        } while (tmp > -1);
+        AssertIntNE(lastpos, -1);
+        ASN1_OBJECT_free(field_name_obj);
+        AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
+        AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
+        AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
+        /*
+         * All Common Names should be www.wolfssl.com
+         * This makes testing easier as we can test for the expected value.
+         */
+        AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
+        OPENSSL_free(buf_dyn);
+
         AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
         for (j = 0; j < numNames; j++)
         {
@@ -22620,8 +22790,8 @@ static void test_wolfSSL_OBJ_txt2obj(void)
 
 static void test_wolfSSL_X509_NAME_ENTRY(void)
 {
-    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) \
-    && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
     X509*      x509;
     BIO*       bio;
     X509_NAME* nm;
@@ -22658,10 +22828,11 @@ static void test_wolfSSL_X509_NAME_ENTRY(void)
                 0x0c, cn, (int)sizeof(cn)));
     AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
 
+#ifdef WOLFSSL_CERT_EXT
     AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
                                            (byte*)"support@wolfssl.com", 19, -1,
                                            1), WOLFSSL_SUCCESS);
-
+#endif
     X509_NAME_ENTRY_free(entry);
 
     /* Test add entry by NID */
@@ -22672,7 +22843,7 @@ static void test_wolfSSL_X509_NAME_ENTRY(void)
     X509_free(x509); /* free's nm */
 
     printf(resultFmt, passed);
-    #endif
+#endif
 }
 
 
@@ -23382,15 +23553,16 @@ static void test_wolfSSL_sk_GENERAL_NAME(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
     !defined(NO_RSA)
     X509* x509;
+    GENERAL_NAME* gn;
     unsigned char buf[4096];
     const unsigned char* bufPt;
-    int bytes;
+    int bytes, i;
     XFILE f;
     STACK_OF(GENERAL_NAME)* sk;
 
     printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");
 
-    f = XFOPEN(cliCertDerFile, "rb");
+    f = XFOPEN(cliCertDerFileExt, "rb");
     AssertTrue((f != XBADFILE));
     AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
     XFCLOSE(f);
@@ -23398,38 +23570,25 @@ static void test_wolfSSL_sk_GENERAL_NAME(void)
     bufPt = buf;
     AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
 
-    /* current cert has no alt names */
-    AssertNull(sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
                 NID_subject_alt_name, NULL, NULL));
 
-    AssertIntEQ(sk_GENERAL_NAME_num(sk), -1);
-#if 0
+    AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
     for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
-        GENERAL_NAME* gn = sk_GENERAL_NAME_value(sk, i);
-        if (gn == NULL) {
-            printf("massive failure\n");
-            return -1;
-        }
+        AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));
 
-        if (gn->type == GEN_DNS) {
+        switch (gn->type) {
+        case GEN_DNS:
             printf("found type GEN_DNS\n");
-            printf("length = %d\n", gn->d.ia5->length);
-            printf("data = %s\n", (char*)gn->d.ia5->data);
-        }
-
-        if (gn->type == GEN_EMAIL) {
+            break;
+        case GEN_EMAIL:
             printf("found type GEN_EMAIL\n");
-            printf("length = %d\n", gn->d.ia5->length);
-            printf("data = %s\n", (char*)gn->d.ia5->data);
-        }
-
-        if (gn->type == GEN_URI) {
+            break;
+        case GEN_URI:
             printf("found type GEN_URI\n");
-            printf("length = %d\n", gn->d.ia5->length);
-            printf("data = %s\n", (char*)gn->d.ia5->data);
+            break;
         }
     }
-#endif
     X509_free(x509);
     sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
 
@@ -23463,13 +23622,28 @@ static void test_wolfSSL_MD4(void)
 
 static void test_wolfSSL_RSA(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
+    defined(WOLFSSL_KEY_GEN)
     RSA* rsa;
+    const BIGNUM *n;
+    const BIGNUM *e;
+    const BIGNUM *d;
 
     printf(testingFmt, "wolfSSL_RSA()");
 
     AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
     AssertIntEQ(RSA_size(rsa), 256);
+    RSA_get0_key(rsa, &n, &e, &d);
+    AssertPtrEq(rsa->n, n);
+    AssertPtrEq(rsa->e, e);
+    AssertPtrEq(rsa->d, d);
+    AssertNotNull(n = BN_new());
+    AssertNotNull(e = BN_new());
+    AssertNotNull(d = BN_new());
+    AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
+    AssertPtrEq(rsa->n, n);
+    AssertPtrEq(rsa->e, e);
+    AssertPtrEq(rsa->d, d);
     RSA_free(rsa);
 
 #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
@@ -23608,6 +23782,45 @@ static void test_wolfSSL_RSA_get0_key(void)
 
         RSA_free(rsa);
     }
+    printf(resultFmt, passed);
+#endif
+}
+
+static void test_wolfSSL_RSA_meth(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+    RSA *rsa;
+    RSA_METHOD *rsa_meth;
+
+    printf(testingFmt, "test_wolfSSL_RSA_meth");
+
+#ifdef WOLFSSL_KEY_GEN
+    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+    RSA_free(rsa);
+#else
+    AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+#endif
+
+    AssertNotNull(rsa_meth =
+            RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));
+
+    AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
+
+    AssertNotNull(rsa = RSA_new());
+    AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
+    AssertPtrEq(RSA_get_method(rsa), rsa_meth);
+    AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
+    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
+    AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
+
+    /* rsa_meth is freed here */
+    RSA_free(rsa);
 
     printf(resultFmt, passed);
 #endif
@@ -25061,35 +25274,76 @@ static void test_wolfSSL_X509_EXTENSION_get_critical(void)
 static void test_wolfSSL_X509V3_EXT_print(void)
 {
 #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
-    FILE* f;
-    WOLFSSL_X509* x509;
-    X509_EXTENSION * ext = NULL;
-    int loc;
-    BIO *bio = NULL;
+    printf(testingFmt, "wolfSSL_X509V3_EXT_print");
 
-    AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
-    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
-    fclose(f);
+    {
+        FILE* f;
+        WOLFSSL_X509* x509;
+        X509_EXTENSION * ext = NULL;
+        int loc;
+        BIO *bio = NULL;
 
-    AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
+        AssertNotNull(f = fopen(svrCertFile, "rb"));
+        AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
+        fclose(f);
 
-    loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
-    AssertIntGT(loc, -1);
-    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
-    AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+        AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
 
-    loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
-    AssertIntGT(loc, -1);
-    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
-    AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
+        AssertIntGT(loc, -1);
+        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
 
-    loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
-    AssertIntGT(loc, -1);
-    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
-    AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
+        AssertIntGT(loc, -1);
+        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
 
-    wolfSSL_BIO_free(bio);
-    wolfSSL_X509_free(x509);
+        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
+        AssertIntGT(loc, -1);
+        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+
+        wolfSSL_BIO_free(bio);
+        wolfSSL_X509_free(x509);
+    }
+
+    {
+        X509 *x509;
+        BIO *bio;
+        X509_EXTENSION *ext;
+        unsigned int i;
+        unsigned int idx;
+        /* Some NIDs to test with */
+        int nids[] = {
+                /* NID_key_usage, currently X509_get_ext returns this as a bit
+                 * string, which messes up X509V3_EXT_print */
+                /* NID_ext_key_usage, */
+                NID_subject_alt_name,
+        };
+        int* n;
+
+        printf(testingFmt, "wolfSSL_X509V3_EXT_print");
+        AssertNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+
+        AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
+            WOLFSSL_FILETYPE_PEM));
+
+        printf("\nPrinting extension values:\n");
+
+        for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
+            /* X509_get_ext_by_NID should return 3 for now. If that changes then
+             * update the index */
+            AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
+            AssertNotNull(ext = X509_get_ext(x509, idx));
+            AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
+            printf("\n");
+        }
+
+        BIO_free(bio);
+        X509_free(x509);
+    }
+    printf(resultFmt, passed);
 #endif
 }
 
@@ -25253,6 +25507,31 @@ static void test_wolfSSL_OCSP_get0_info()
 #endif /* OPENSSL_EXTRA & HAVE_OCSP */
 }
 
+static void test_wolfSSL_EC_get_builtin_curves(void)
+{
+#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
+    EC_builtin_curve* curves = NULL;
+    size_t crv_len = 0;
+    size_t i = 0;
+
+    printf(testingFmt, "wolfSSL_EC_get_builtin_curves");
+
+    AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
+    AssertNotNull(curves = (EC_builtin_curve*)
+            XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER));
+    AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
+
+    for (i = 0; i < crv_len; i++)
+    {
+        AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
+    }
+
+    XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    printf(resultFmt, passed);
+#endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
+}
+
 static void test_no_op_functions(void)
 {
     #if defined(OPENSSL_EXTRA)
@@ -25881,9 +26160,11 @@ static void test_EVP_PKEY_rsa(void)
     AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
     AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
     AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
+    AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
     wolfSSL_EVP_PKEY_free(pkey);
 
     printf(resultFmt, passed);
+
 #endif
 }
 
@@ -27069,6 +27350,7 @@ static void test_wolfSSL_X509_CRL(void)
         "./certs/crl/eccSrvCRL.pem",
         ""
     };
+    BIO *bio;
 
 #ifdef HAVE_TEST_d2i_X509_CRL_fp
     char der[][100] = {
@@ -27098,6 +27380,14 @@ static void test_wolfSSL_X509_CRL(void)
         XFCLOSE(fp);
     }
 
+    for (i = 0; pem[i][0] != '\0'; i++)
+    {
+        AssertNotNull(bio = BIO_new_file(pem[i], "r"));
+        AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
+        X509_CRL_free(crl);
+        BIO_free(bio);
+    }
+
 #ifdef HAVE_TEST_d2i_X509_CRL_fp
     for(i = 0; der[i][0] != '\0'; i++){
         fp = XFOPEN(der[i], "rb");
@@ -27661,6 +27951,23 @@ static void test_wolfSSL_RSA_print()
     printf(resultFmt, passed);
 #endif
 }
+
+static void test_wolfSSL_BIO_get_len()
+{
+#if defined(OPENSSL_EXTRA)
+    BIO *bio;
+    const char txt[] = "Some example text to push to the BIO.";
+    printf(testingFmt, "wolfSSL_BIO_get_len");
+
+    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+    AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
+    AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
+
+    BIO_free(bio);
+    printf(resultFmt, passed);
+#endif
+}
+
 static void test_wolfSSL_ASN1_STRING_print(void){
 #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
     ASN1_STRING* asnStr = NULL;
@@ -28310,6 +28617,7 @@ void ApiTest(void)
     /* X509 tests */
     test_wolfSSL_X509_NAME_get_entry();
     test_wolfSSL_PKCS12();
+    test_wolfSSL_no_password_cb();
     test_wolfSSL_PKCS8();
     test_wolfSSL_PKCS5();
     test_wolfSSL_URI();
@@ -28331,6 +28639,7 @@ void ApiTest(void)
 
     /* compatibility tests */
     test_wolfSSL_X509_NAME();
+    test_wolfSSL_X509_INFO();
     test_wolfSSL_X509_subject_name_hash();
     test_wolfSSL_DES();
     test_wolfSSL_certs();
@@ -28374,6 +28683,7 @@ void ApiTest(void)
     test_wolfSSL_PEM_read_bio();
     test_wolfSSL_BIO();
     test_wolfSSL_ASN1_STRING();
+    test_wolfSSL_ASN1_BIT_STRING();
     test_wolfSSL_X509();
     test_wolfSSL_X509_VERIFY_PARAM();
     test_wolfSSL_X509_sign();
@@ -28419,6 +28729,7 @@ void ApiTest(void)
     test_wolfSSL_RSA();
     test_wolfSSL_RSA_DER();
     test_wolfSSL_RSA_get0_key();
+    test_wolfSSL_RSA_meth();
     test_wolfSSL_verify_depth();
     test_wolfSSL_HMAC_CTX();
     test_wolfSSL_msg_callback();
@@ -28456,6 +28767,7 @@ void ApiTest(void)
     test_wolfSSL_X509_CA_num();
     test_wolfSSL_X509_get_version();
     test_wolfSSL_X509_print();
+    test_wolfSSL_BIO_get_len();
     test_wolfSSL_RSA_verify();
     test_wolfSSL_X509V3_EXT_get();
     test_wolfSSL_X509V3_EXT_d2i();
@@ -28472,6 +28784,8 @@ void ApiTest(void)
     test_wolfSSL_ASN1_STRING_print();
     test_openssl_generate_key_and_cert();
 
+    test_wolfSSL_EC_get_builtin_curves();
+
     /* test the no op functions for compatibility */
     test_no_op_functions();
 
@@ -28653,6 +28967,7 @@ void ApiTest(void)
 #ifdef OPENSSL_EXTRA
     /*wolfSSL_EVP_get_cipherbynid test*/
     test_wolfSSL_EVP_get_cipherbynid();
+    test_wolfSSL_EVP_CIPHER_CTX();
     test_wolfSSL_EC();
     test_wolfSSL_ECDSA_SIG();
 #endif

+ 13 - 0
tests/unit.h

@@ -89,6 +89,19 @@
 #define AssertStrGE(x, y) AssertStr(x, y, >=,  <)
 #define AssertStrLE(x, y) AssertStr(x, y, <=,  >)
 
+#define AssertPtr(x, y, op, er) do {                                           \
+    void* _x = (void*)x;                                                       \
+    void* _y = (void*)y;                                                       \
+    Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));    \
+} while(0)
+
+#define AssertPtrEq(x, y) AssertPtr(x, y, ==, !=)
+#define AssertPtrNE(x, y) AssertInt(x, y, !=, ==)
+#define AssertPtrGT(x, y) AssertInt(x, y,  >, <=)
+#define AssertPtrLT(x, y) AssertInt(x, y,  <, >=)
+#define AssertPtrGE(x, y) AssertInt(x, y, >=,  <)
+#define AssertPtrLE(x, y) AssertInt(x, y, <=,  >)
+
 
 void ApiTest(void);
 int  SuiteTest(int argc, char** argv);

+ 30 - 20
wolfcrypt/src/evp.c

@@ -489,6 +489,7 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    unsigned char *out, int *outl)
 {
     int fl;
+    int ret = WOLFSSL_SUCCESS;
     if (ctx == NULL || out == NULL || outl == NULL)
         return BAD_FUNC_ARG;
 
@@ -512,48 +513,56 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
     if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
         if (ctx->bufUsed != 0) return WOLFSSL_FAILURE;
         *outl = 0;
-        return WOLFSSL_SUCCESS;
     }
-    if (ctx->enc) {
+    else if (ctx->enc) {
         if (ctx->block_size == 1) {
             *outl = 0;
-            return WOLFSSL_SUCCESS;
         }
-        if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) {
+        else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) {
             padBlock(ctx);
             PRINT_BUF(ctx->buf, ctx->block_size);
-            if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0)
-                return WOLFSSL_FAILURE;
-
-            PRINT_BUF(out, ctx->block_size);
-            *outl = ctx->block_size;
+            if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+                PRINT_BUF(out, ctx->block_size);
+                *outl = ctx->block_size;
+            }
         }
-    } else {
+    }
+    else {
         if (ctx->block_size == 1) {
             *outl = 0;
-            return WOLFSSL_SUCCESS;
         }
-        if ((ctx->bufUsed % ctx->block_size) != 0) {
+        else if ((ctx->bufUsed % ctx->block_size) != 0) {
             *outl = 0;
             /* not enough padding for decrypt */
-            return WOLFSSL_FAILURE;
+            ret = WOLFSSL_FAILURE;
         }
-        if (ctx->lastUsed) {
+        else if (ctx->lastUsed) {
             PRINT_BUF(ctx->lastBlock, ctx->block_size);
             if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) {
                 XMEMCPY(out, ctx->lastBlock, fl);
                 *outl = fl;
+                if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
+                    /* return error in cases where the block length is incorrect */
+                    ret = WOLFSSL_FAILURE;
+                }
             }
             else {
-                return WOLFSSL_FAILURE;
+                ret = WOLFSSL_FAILURE;
             }
         }
-       /* return error in cases where the block length is incorrect */
-        if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
-            return WOLFSSL_FAILURE;
+        else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
+            /* return error in cases where the block length is incorrect */
+            ret = WOLFSSL_FAILURE;
         }
     }
-    return WOLFSSL_SUCCESS;
+    if (ret == WOLFSSL_SUCCESS) {
+        /* reset cipher state after final */
+        wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1);
+    }
+    return ret;
 }
 
 
@@ -2046,7 +2055,8 @@ int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
     if (pass == NULL) {
         passlen = 0;
         pass = nostring;
-    } else if (passlen == -1) {
+    }
+    else if (passlen == -1) {
         passlen = (int)XSTRLEN(pass);
     }
 

+ 3 - 1
wolfssl/internal.h

@@ -3455,6 +3455,7 @@ typedef struct Arrays {
 #define STACK_TYPE_NULL               8
 #define STACK_TYPE_X509_NAME          9
 #define STACK_TYPE_CONF_VALUE         10
+#define STACK_TYPE_X509_INFO          11
 
 struct WOLFSSL_STACK {
     unsigned long num; /* number of nodes in stack
@@ -3462,6 +3463,7 @@ struct WOLFSSL_STACK {
     #if defined(OPENSSL_ALL)
     wolf_sk_compare_cb comp;
     #endif
+
     union {
         WOLFSSL_X509*          x509;
         WOLFSSL_X509_NAME*     name;
@@ -3474,7 +3476,7 @@ struct WOLFSSL_STACK {
         WOLFSSL_CONF_VALUE*    conf;
         void*                  generic;
         char*                  string;
-        WOLFSSL_GENERAL_NAME* gn;
+        WOLFSSL_GENERAL_NAME*  gn;
     } data;
     void* heap; /* memory heap hint */
     WOLFSSL_STACK* next;

+ 2 - 0
wolfssl/openssl/bio.h

@@ -68,6 +68,8 @@
 #define BIO_gets      wolfSSL_BIO_gets
 #define BIO_puts      wolfSSL_BIO_puts
 
+#define BIO_should_retry(...)           1
+
 #define BIO_TYPE_FILE WOLFSSL_BIO_FILE
 #define BIO_TYPE_BIO  WOLFSSL_BIO_BIO
 #define BIO_TYPE_MEM  WOLFSSL_BIO_MEMORY

+ 0 - 4
wolfssl/openssl/buffer.h

@@ -40,10 +40,6 @@ WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 #define BUF_MEM_grow wolfSSL_BUF_MEM_grow
 #define BUF_MEM_free wolfSSL_BUF_MEM_free
 
-/* error codes */
-#define ERR_R_MALLOC_FAILURE  MEMORY_E
-
-
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif

+ 0 - 2
wolfssl/openssl/crypto.h

@@ -46,8 +46,6 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 #define SSLeay_version wolfSSLeay_version
 #define SSLeay wolfSSLeay
 
-#define OpenSSL_version wolfSSLeay_version
-
 #define SSLEAY_VERSION 0x0090600fL
 #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
 #define CRYPTO_lock wc_LockMutex_ex

+ 2 - 0
wolfssl/openssl/des.h

@@ -84,6 +84,7 @@ WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
 WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*);
 WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*,
                                        WOLFSSL_DES_key_schedule*, int);
+WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock*);
 
 
 typedef WOLFSSL_DES_cblock DES_cblock;
@@ -103,6 +104,7 @@ typedef WOLFSSL_DES_LONG DES_LONG;
 #define DES_ecb_encrypt       wolfSSL_DES_ecb_encrypt
 #define DES_ede3_cbc_encrypt  wolfSSL_DES_ede3_cbc_encrypt
 #define DES_cbc_cksum         wolfSSL_DES_cbc_cksum
+#define DES_check_key_parity  wolfSSL_DES_check_key_parity
 
 #ifdef __cplusplus
     } /* extern "C" */

+ 17 - 0
wolfssl/openssl/ec.h

@@ -102,6 +102,12 @@ struct WOLFSSL_EC_KEY {
     char           exSet;        /* external set from internal ? */
 };
 
+typedef struct WOLFSSL_EC_builtin_curve{
+    int nid;
+    const char *comment;
+} WOLFSSL_EC_builtin_curve;
+
+typedef WOLFSSL_EC_builtin_curve      EC_builtin_curve;
 
 #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1
 #define WOLFSSL_EC_KEY_LOAD_PUBLIC  2
@@ -159,6 +165,8 @@ WOLFSSL_API
 int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
                                WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API
+int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
 void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
 WOLFSSL_API
 WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
@@ -185,6 +193,9 @@ WOLFSSL_API
 int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
                                     const WOLFSSL_EC_POINT *a);
 
+WOLFSSL_API
+size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_builtin_curve *r, size_t nitems);
+
 #ifndef HAVE_SELFTEST
 WOLFSSL_API
 char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
@@ -192,6 +203,10 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
                                  WOLFSSL_BN_CTX* ctx);
 #endif
 
+#ifndef HAVE_ECC
+#define OPENSSL_NO_EC
+#endif
+
 #define EC_KEY_new                      wolfSSL_EC_KEY_new
 #define EC_KEY_free                     wolfSSL_EC_KEY_free
 #define EC_KEY_get0_public_key          wolfSSL_EC_KEY_get0_public_key
@@ -211,6 +226,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 #define EC_GROUP_get_curve_name         wolfSSL_EC_GROUP_get_curve_name
 #define EC_GROUP_get_degree             wolfSSL_EC_GROUP_get_degree
 #define EC_GROUP_get_order              wolfSSL_EC_GROUP_get_order
+#define EC_GROUP_order_bits             wolfSSL_EC_GROUP_order_bits
 
 #define EC_POINT_new                    wolfSSL_EC_POINT_new
 #define EC_POINT_free                   wolfSSL_EC_POINT_free
@@ -226,6 +242,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 #endif
 
 #define EC_POINT_dump                   wolfSSL_EC_POINT_dump
+#define EC_get_builtin_curves           wolfSSL_EC_get_builtin_curves
 
 #define EC_curve_nid2nist               wolfSSL_EC_curve_nid2nist
 

+ 19 - 0
wolfssl/openssl/err.h

@@ -28,5 +28,24 @@
 #define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
 #define ERR_peek_last_error              wolfSSL_ERR_peek_last_error
 
+/* fatal error */
+#define ERR_R_MALLOC_FAILURE                    MEMORY_E
+#define ERR_R_PASSED_NULL_PARAMETER             BAD_FUNC_ARG
+#define ERR_R_DISABLED                          NOT_COMPILED_IN
+#define ERR_R_PASSED_INVALID_ARGUMENT           BAD_FUNC_ARG
+#define RSA_R_UNKNOWN_PADDING_TYPE              RSA_PAD_E
+
+/* SSL function codes */
+#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
+#define SSL_F_SSL_USE_PRIVATEKEY                3
+
+/* reasons */
+#define ERR_R_SYS_LIB                           1
+#define PKCS12_R_MAC_VERIFY_FAILURE             2
+
+#define RSAerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define SSLerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+
 #endif /* WOLFSSL_OPENSSL_ERR_ */
 

+ 19 - 2
wolfssl/openssl/evp.h

@@ -293,6 +293,7 @@ WOLFSSL_API int  wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx);
 WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name);
 WOLFSSL_API const WOLFSSL_EVP_MD     *wolfSSL_EVP_get_digestbyname(const char *name);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher);
 
 WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
                                      const WOLFSSL_EVP_MD* type);
@@ -326,7 +327,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx,
 WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
                                               const unsigned char *sig,
                                               size_t siglen);
-WOLFSSL_API int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out,
+WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out,
                               unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
                               WOLFSSL_ENGINE* eng);
 
@@ -405,14 +406,17 @@ WOLFSSL_API int  wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
 
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 
 WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey,
                                             WOLFSSL_RSA* key);
 WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
                                                WOLFSSL_EC_KEY* key);
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
-WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key);
 
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
@@ -518,6 +522,7 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 #define WOLFSSL_EVP_CIPH_GCM_MODE           0x6
 #define WOLFSSL_EVP_CIPH_CCM_MODE           0x7
 #define WOLFSSL_EVP_CIPH_NO_PADDING       0x100
+#define EVP_CIPH_VARIABLE_LENGTH          0x200
 #define WOLFSSL_EVP_CIPH_TYPE_INIT         0xff
 
 /* end OpenSSH compat */
@@ -597,6 +602,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
 #define EVP_CIPHER_CTX_key_length     wolfSSL_EVP_CIPHER_CTX_key_length
 #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length
 #define EVP_CIPHER_CTX_mode           wolfSSL_EVP_CIPHER_CTX_mode
+#define EVP_CIPHER_CTX_cipher         wolfSSL_EVP_CIPHER_CTX_cipher
 
 #define EVP_CIPHER_iv_length          wolfSSL_EVP_CIPHER_iv_length
 #define EVP_CIPHER_key_length         wolfSSL_EVP_Cipher_key_length
@@ -633,6 +639,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
 #define EVP_PKEY_get1_RSA              wolfSSL_EVP_PKEY_get1_RSA
 #define EVP_PKEY_get1_DSA              wolfSSL_EVP_PKEY_get1_DSA
 #define EVP_PKEY_set1_RSA              wolfSSL_EVP_PKEY_set1_RSA
+#define EVP_PKEY_get0_EC_KEY           wolfSSL_EVP_PKEY_get0_EC_KEY
 #define EVP_PKEY_get1_EC_KEY           wolfSSL_EVP_PKEY_get1_EC_KEY
 #define EVP_PKEY_get0_hmac             wolfSSL_EVP_PKEY_get0_hmac
 #define EVP_PKEY_new_mac_key           wolfSSL_EVP_PKEY_new_mac_key
@@ -688,6 +695,8 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
 #define OpenSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf
 #define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf
 
+#define NO_PADDING_BLOCK_SIZE      1
+
 #define PKCS5_PBKDF2_HMAC_SHA1     wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
 #define PKCS5_PBKDF2_HMAC          wolfSSL_PKCS5_PBKDF2_HMAC
 
@@ -708,6 +717,14 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
     #define EVP_MAX_MD_SIZE   64     /* sha512 */
 #endif
 
+#ifndef EVP_MAX_KEY_LENGTH
+#define EVP_MAX_KEY_LENGTH    64
+#endif
+
+#ifndef EVP_MAX_IV_LENGTH
+#define EVP_MAX_IV_LENGTH     16
+#endif
+
 #ifndef EVP_MAX_BLOCK_LENGTH
     #define EVP_MAX_BLOCK_LENGTH   32  /* 2 * blocklen(AES)? */
     /* They define this as 32. Using the same value here. */

+ 7 - 0
wolfssl/openssl/hmac.h

@@ -58,6 +58,7 @@ typedef struct WOLFSSL_HMAC_CTX {
 } WOLFSSL_HMAC_CTX;
 
 
+WOLFSSL_API WOLFSSL_HMAC_CTX* wolfSSL_HMAC_CTX_new(void);
 WOLFSSL_API int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx);
 WOLFSSL_API int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des,
                                        WOLFSSL_HMAC_CTX* src);
@@ -71,18 +72,24 @@ WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx,
 WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
                                   unsigned int* len);
 WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx);
+WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
+WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
 
 typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
 
 #define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g))
 
+#define HMAC_CTX_new wolfSSL_HMAC_CTX_new
 #define HMAC_CTX_init wolfSSL_HMAC_CTX_Init
 #define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy
+#define HMAC_CTX_free wolfSSL_HMAC_CTX_free
+#define HMAC_CTX_reset wolfSSL_HMAC_cleanup
 #define HMAC_Init_ex  wolfSSL_HMAC_Init_ex
 #define HMAC_Init     wolfSSL_HMAC_Init
 #define HMAC_Update   wolfSSL_HMAC_Update
 #define HMAC_Final    wolfSSL_HMAC_Final
 #define HMAC_cleanup  wolfSSL_HMAC_cleanup
+#define HMAC_size     wolfSSL_HMAC_size
 
 
 #ifdef __cplusplus

+ 1 - 0
wolfssl/openssl/include.am

@@ -39,6 +39,7 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/ssl23.h \
                          wolfssl/openssl/ssl.h \
                          wolfssl/openssl/stack.h \
+                         wolfssl/openssl/tls1.h \
                          wolfssl/openssl/ui.h \
                          wolfssl/openssl/x509.h \
                          wolfssl/openssl/x509_vfy.h \

+ 48 - 4
wolfssl/openssl/rsa.h

@@ -27,7 +27,6 @@
 
 #include <wolfssl/openssl/bn.h>
 
-
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -38,6 +37,16 @@
 #define RSA_PKCS1_PSS_PADDING  2
 #define RSA_NO_PADDING         3
 
+/* Emulate OpenSSL flags */
+#define RSA_METHOD_FLAG_NO_CHECK        (1 << 1)
+#define RSA_FLAG_CACHE_PUBLIC           (1 << 2)
+#define RSA_FLAG_CACHE_PRIVATE          (1 << 3)
+#define RSA_FLAG_BLINDING               (1 << 4)
+#define RSA_FLAG_THREAD_SAFE            (1 << 5)
+#define RSA_FLAG_EXT_PKEY               (1 << 6)
+#define RSA_FLAG_NO_BLINDING            (1 << 7)
+#define RSA_FLAG_NO_CONSTTIME           (1 << 8)
+
 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
 typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
 #define WOLFSSL_RSA_TYPE_DEFINED
@@ -45,6 +54,13 @@ typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
 
 typedef WOLFSSL_RSA                   RSA;
 
+typedef struct WOLFSSL_RSA_METHOD {
+    int flags;
+    char *name;
+} WOLFSSL_RSA_METHOD;
+
+typedef WOLFSSL_RSA_METHOD            RSA_METHOD;
+
 struct WOLFSSL_RSA {
 #ifdef WC_RSA_BLINDING
     WC_RNG* rng;              /* for PrivateDecrypt blinding */
@@ -62,9 +78,11 @@ struct WOLFSSL_RSA {
     char           inSet;     /* internal set from external ? */
     char           exSet;     /* external set from internal ? */
     char           ownRng;    /* flag for if the rng should be free'd */
+#if defined(OPENSSL_EXTRA)
+    WOLFSSL_RSA_METHOD* meth;
+#endif
 };
 
-
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
 WOLFSSL_API void        wolfSSL_RSA_free(WOLFSSL_RSA*);
 
@@ -95,8 +113,17 @@ WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
 WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
 WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt);
 
-WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r,
-                  const WOLFSSL_BIGNUM **n, const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d);
+WOLFSSL_API WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags);
+WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth);
+WOLFSSL_API int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *rsa, void* p);
+WOLFSSL_API int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth);
+WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa);
+WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n,
+                                      const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d);
+WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
+                                     WOLFSSL_BIGNUM *d);
+WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r);
+WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags);
 
 #define WOLFSSL_RSA_LOAD_PRIVATE 1
 #define WOLFSSL_RSA_LOAD_PUBLIC  2
@@ -116,6 +143,23 @@ WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r,
 #define RSA_sign           wolfSSL_RSA_sign
 #define RSA_verify         wolfSSL_RSA_verify
 #define RSA_public_decrypt wolfSSL_RSA_public_decrypt
+#define EVP_PKEY_get0_RSA  wolfSSL_EVP_PKEY_get0_RSA
+
+#define RSA_meth_new            wolfSSL_RSA_meth_new
+#define RSA_meth_free           wolfSSL_RSA_meth_free
+#define RSA_meth_set_pub_enc    wolfSSL_RSA_meth_set
+#define RSA_meth_set_pub_dec    wolfSSL_RSA_meth_set
+#define RSA_meth_set_priv_enc   wolfSSL_RSA_meth_set
+#define RSA_meth_set_priv_dec   wolfSSL_RSA_meth_set
+#define RSA_meth_set_init       wolfSSL_RSA_meth_set
+#define RSA_meth_set_finish     wolfSSL_RSA_meth_set
+#define RSA_meth_set0_app_data  wolfSSL_RSA_meth_set
+#define RSA_get_method          wolfSSL_RSA_get_method
+#define RSA_set_method          wolfSSL_RSA_set_method
+#define RSA_get0_key            wolfSSL_RSA_get0_key
+#define RSA_set0_key            wolfSSL_RSA_set0_key
+#define RSA_flags               wolfSSL_RSA_flags
+#define RSA_set_flags           wolfSSL_RSA_set_flags
 
 #define RSA_get0_key       wolfSSL_RSA_get0_key
 

+ 48 - 4
wolfssl/openssl/ssl.h

@@ -35,7 +35,9 @@
 #include <wolfssl/ssl.h>
 #endif /* OPENSSL_EXTRA_SSL_GUARD */
 
+#include <wolfssl/openssl/tls1.h>
 #include <wolfssl/openssl/evp.h>
+#include <wolfssl/openssl/bio.h>
 #ifdef OPENSSL_EXTRA
 #include <wolfssl/openssl/crypto.h>
 #endif
@@ -89,6 +91,7 @@ typedef WOLFSSL_ASN1_INTEGER   ASN1_INTEGER;
 typedef WOLFSSL_ASN1_OBJECT    ASN1_OBJECT;
 typedef WOLFSSL_ASN1_STRING    ASN1_STRING;
 typedef WOLFSSL_ASN1_TYPE      ASN1_TYPE;
+typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
 typedef WOLFSSL_dynlock_value  CRYPTO_dynlock_value;
 typedef WOLFSSL_BUF_MEM        BUF_MEM;
 typedef WOLFSSL_GENERAL_NAMES  GENERAL_NAMES;
@@ -249,7 +252,12 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
 #define SSL_library_init                wolfSSL_library_init
 #define SSL_CTX_set_session_cache_mode  wolfSSL_CTX_set_session_cache_mode
 #define SSL_CTX_set_cipher_list         wolfSSL_CTX_set_cipher_list
+#define SSL_CTX_set_ciphersuites        wolfSSL_CTX_set_cipher_list
 #define SSL_set_cipher_list             wolfSSL_set_cipher_list
+/* wolfSSL does not support security levels */
+#define SSL_CTX_set_security_level(...)
+/* wolfSSL does not support expoting keying material */
+#define SSL_export_keying_material(...) 0
 
 #define SSL_set_ex_data                 wolfSSL_set_ex_data
 #define SSL_get_shutdown                wolfSSL_get_shutdown
@@ -294,6 +302,9 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
 #endif
 
 #define DSA_dup_DH                      wolfSSL_DSA_dup_DH
+/* wolfSSL does not support DSA as the cert public key */
+#define EVP_PKEY_get0_DSA(...)          NULL
+#define DSA_bits(...)                   0
 
 #define i2d_X509_bio                    wolfSSL_i2d_X509_bio
 #define d2i_X509_bio                    wolfSSL_d2i_X509_bio
@@ -301,11 +312,13 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
 #define i2d_X509                        wolfSSL_i2d_X509
 #define d2i_X509                        wolfSSL_d2i_X509
 #define PEM_read_bio_X509               wolfSSL_PEM_read_bio_X509
+#define PEM_read_bio_X509_CRL           wolfSSL_PEM_read_bio_X509_CRL
 #define PEM_read_bio_X509_AUX           wolfSSL_PEM_read_bio_X509_AUX
 #define PEM_read_X509                   wolfSSL_PEM_read_X509
 #define PEM_X509_INFO_read_bio          wolfSSL_PEM_X509_INFO_read_bio
 #define PEM_write_bio_X509              wolfSSL_PEM_write_bio_X509
 #define PEM_write_bio_X509_AUX          wolfSSL_PEM_write_bio_X509_AUX
+#define PEM_X509_INFO_read_bio          wolfSSL_PEM_X509_INFO_read_bio
 #define i2d_PrivateKey                  wolfSSL_i2d_PrivateKey
 
 #define i2d_X509_REQ                    wolfSSL_i2d_X509_REQ
@@ -324,13 +337,12 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
 #define X509_digest                     wolfSSL_X509_digest
 #define X509_get_ext_count              wolfSSL_X509_get_ext_count
 #define X509_get_ext_d2i                wolfSSL_X509_get_ext_d2i
-#define X509_get_ext_by_NID             wolfSSL_X509_get_ext_by_NID
 #define X509_get_ext                    wolfSSL_X509_get_ext
 #define X509_get_ext_by_NID             wolfSSL_X509_get_ext_by_NID
-#define X509_add_ext                    wolfSSL_X509_add_ext
 #define X509_get_issuer_name            wolfSSL_X509_get_issuer_name
 #define X509_get_subject_name           wolfSSL_X509_get_subject_name
 #define X509_get_pubkey                 wolfSSL_X509_get_pubkey
+#define X509_get0_pubkey                wolfSSL_X509_get_pubkey
 #define X509_get_notBefore              wolfSSL_X509_get_notBefore
 #define X509_get_notAfter               wolfSSL_X509_get_notAfter
 #define X509_get_serialNumber           wolfSSL_X509_get_serialNumber
@@ -399,6 +411,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
 #define X509_NAME_free                  wolfSSL_X509_NAME_free
 #define X509_NAME_dup                   wolfSSL_X509_NAME_dup
 #define X509_NAME_get_text_by_NID       wolfSSL_X509_NAME_get_text_by_NID
+#define X509_NAME_get_index_by_OBJ      wolfSSL_X509_NAME_get_index_by_OBJ
 #define X509_NAME_cmp                   wolfSSL_X509_NAME_cmp
 #define X509_NAME_ENTRY_free            wolfSSL_X509_NAME_ENTRY_free
 #define X509_NAME_ENTRY_create_by_NID   wolfSSL_X509_NAME_ENTRY_create_by_NID
@@ -501,6 +514,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_OBJECT_free_contents       wolfSSL_X509_OBJECT_free_contents
 #define X509_subject_name_hash          wolfSSL_X509_subject_name_hash
 
+#define X509_check_purpose(...)         0
+
 #define OCSP_parse_url                  wolfSSL_OCSP_parse_url
 
 #define MD4_Init                        wolfSSL_MD4_Init
@@ -530,6 +545,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define BIO_f_ssl                       wolfSSL_BIO_f_ssl
 #define BIO_new_socket                  wolfSSL_BIO_new_socket
 #define SSL_set_bio                     wolfSSL_set_bio
+#define BIO_set_ssl                     wolfSSL_BIO_set_ssl
 #define BIO_eof                         wolfSSL_BIO_eof
 #define BIO_set_ss                      wolfSSL_BIO_set_ss
 
@@ -560,8 +576,12 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define SSL_get_ex_new_index            wolfSSL_get_ex_new_index
 
+#define ASN1_BIT_STRING_new             wolfSSL_ASN1_BIT_STRING_new
+#define ASN1_BIT_STRING_free            wolfSSL_ASN1_BIT_STRING_free
+#define ASN1_BIT_STRING_get_bit         wolfSSL_ASN1_BIT_STRING_get_bit
+#define ASN1_BIT_STRING_set_bit         wolfSSL_ASN1_BIT_STRING_set_bit
 
-typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
+#define sk_ASN1_OBJECT_free             wolfSSL_sk_ASN1_OBJECT_free
 
 #define ASN1_TIME_adj                   wolfSSL_ASN1_TIME_adj
 #define ASN1_TIME_print                 wolfSSL_ASN1_TIME_print
@@ -599,7 +619,7 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
 
 #define SSL_load_client_CA_file         wolfSSL_load_client_CA_file
 
-#define SSL_CTX_get_client_CA_list      wolfSSL_SSL_CTX_get_client_CA_list
+#define SSL_CTX_get_client_CA_list      wolfSSL_CTX_get_client_CA_list
 #define SSL_CTX_set_client_CA_list      wolfSSL_CTX_set_client_CA_list
 #define SSL_CTX_set_client_cert_cb      wolfSSL_CTX_set_client_cert_cb
 #define SSL_CTX_set_cert_store          wolfSSL_CTX_set_cert_store
@@ -624,6 +644,7 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
 #define RSA_generate_key                wolfSSL_RSA_generate_key
 #define SSL_CTX_set_tmp_rsa_callback    wolfSSL_CTX_set_tmp_rsa_callback
 #define RSA_print                       wolfSSL_RSA_print
+#define RSA_bits                        wolfSSL_RSA_size
 
 #define PEM_def_callback                wolfSSL_PEM_def_callback
 
@@ -725,7 +746,9 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
 #define BIO_prf                         wolfSSL_BIO_prf
 
 #define sk_num                          wolfSSL_sk_num
+#define sk_ASN1_OBJECT_num              wolfSSL_sk_num
 #define sk_value                        wolfSSL_sk_value
+#define sk_ASN1_OBJECT_value            wolfSSL_sk_value
 
 #define d2i_PKCS12_bio                  wolfSSL_d2i_PKCS12_bio
 #define d2i_PKCS12_fp                   wolfSSL_d2i_PKCS12_fp
@@ -790,6 +813,8 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
 
 #define SSL_dup_CA_list                 wolfSSL_dup_CA_list
 
+#define sk_X509_NAME_find               wolfSSL_sk_X509_NAME_find
+
 enum {
     GEN_DNS   = 0x02, /* ASN_DNS_TYPE */
     GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */
@@ -958,11 +983,14 @@ enum {
 #define SSL_SESSION_get_id              wolfSSL_SESSION_get_id
 #define SSL_SESSION_print               wolfSSL_SESSION_print
 #define sk_GENERAL_NAME_pop_free        wolfSSL_sk_GENERAL_NAME_pop_free
+#define sk_GENERAL_NAME_free            wolfSSL_sk_GENERAL_NAME_free
+#define sk_ASN1_OBJECT_pop_free         wolfSSL_sk_ASN1_OBJECT_pop_free
 #define GENERAL_NAME_free               wolfSSL_GENERAL_NAME_free
 #define GENERAL_NAMES_free              wolfSSL_GENERAL_NAMES_free
 
 #define AUTHORITY_INFO_ACCESS_free      wolfSSL_AUTHORITY_INFO_ACCESS_free
 #define sk_ACCESS_DESCRIPTION_pop_free  wolfSSL_sk_ACCESS_DESCRIPTION_pop_free
+#define sk_ACCESS_DESCRIPTION_free      wolfSSL_sk_ACCESS_DESCRIPTION_free
 #define ACCESS_DESCRIPTION_free         NULL
 
 #define SSL3_AL_FATAL                   2
@@ -1110,6 +1138,22 @@ enum {
 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       (0xc02b)
 #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
 
+#define EVP_CIPHER_mode                 WOLFSSL_CIPHER_mode
+/* WOLFSSL_EVP_CIPHER is just the string name of the cipher */
+#define EVP_CIPHER_name(x)              x
+#define EVP_MD_CTX_reset                wolfSSL_EVP_MD_CTX_cleanup
+/* WOLFSSL_EVP_MD is just the string name of the digest */
+#define EVP_MD_name(x)                  x
+#define X509_STORE_get0_objects         wolfSSL_X509_STORE_get0_objects
+#define sk_X509_OBJECT_num              wolfSSL_sk_X509_OBJECT_num
+#define sk_X509_OBJECT_value            wolfSSL_sk_X509_OBJECT_value
+#define sk_X509_OBJECT_delete           wolfSSL_sk_X509_OBJECT_delete
+#define X509_OBJECT_free                wolfSSL_X509_OBJECT_free
+#define X509_OBJECT_get_type(x)         0
+#define EVP_CIPHER_nid                  wolfSSL_EVP_CIPHER_nid
+
+#define OpenSSL_version(x)              wolfSSL_lib_version()
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

+ 4 - 8
wolfssl/openssl/stack.h

@@ -30,19 +30,15 @@
 
 typedef void (*wolfSSL_sk_freefunc)(void *);
 
-WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK *);
+WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
 WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *);
 WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data);
 WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *));
-WOLFSSL_API
-void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk);
+WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk);
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void);
-WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
 
-WOLFSSL_API
-int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher);
-WOLFSSL_API
-WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
+WOLFSSL_API int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher);
+WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_cipher(void);
 
 #define OPENSSL_sk_free       wolfSSL_sk_free

+ 46 - 0
wolfssl/openssl/tls1.h

@@ -0,0 +1,46 @@
+/* tls1.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_OPENSSL_TLS1_H_
+#define WOLFSSL_OPENSSL_TLS1_H_
+
+#ifndef TLS1_VERSION
+#define TLS1_VERSION                    0x0301
+#endif
+
+#ifndef TLS1_1_VERSION
+#define TLS1_1_VERSION                  0x0302
+#endif
+
+#ifndef TLS1_2_VERSION
+#define TLS1_2_VERSION                  0x0303
+#endif
+
+#ifndef TLS1_3_VERSION
+#define TLS1_3_VERSION                  0x0304
+#endif
+
+#ifndef TLS_MAX_VERSION
+#define TLS_MAX_VERSION                 TLS1_3_VERSION
+#endif
+
+#endif /* WOLFSSL_OPENSSL_TLS1_H_ */

+ 3 - 0
wolfssl/openssl/x509.h

@@ -18,3 +18,6 @@
 #define X509_FLAG_NO_AUX        (1UL << 10)
 #define X509_FLAG_NO_ATTRIBUTES (1UL << 11)
 #define X509_FLAG_NO_IDS        (1UL << 12)
+
+#define XN_FLAG_FN_SN           0
+#define XN_FLAG_SEP_CPLUS_SPC   2

+ 14 - 10
wolfssl/openssl/x509v3.h

@@ -31,8 +31,13 @@
     extern "C" {
 #endif
 
+#define X509_PURPOSE_SSL_CLIENT       0
+#define X509_PURPOSE_SSL_SERVER       1
+
+#define NS_SSL_CLIENT                 0
+#define NS_SSL_SERVER                 1
+
 /* Forward reference */
-typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method;
 
 typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
 typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
@@ -53,6 +58,14 @@ struct WOLFSSL_v3_ext_method {
     X509V3_EXT_I2R i2r;
 };
 
+struct WOLFSSL_X509_EXTENSION {
+    WOLFSSL_ASN1_OBJECT *obj;
+    WOLFSSL_ASN1_BOOLEAN crit;
+    WOLFSSL_ASN1_STRING value;
+    WOLFSSL_v3_ext_method ext_method;
+    WOLFSSL_STACK* ext_sk; /* For extension specific data */
+};
+
 #define WOLFSSL_ASN1_BOOLEAN int
 #define GEN_OTHERNAME   0
 #define GEN_EMAIL       1
@@ -68,14 +81,6 @@ struct WOLFSSL_v3_ext_method {
 
 #define X509V3_CTX         WOLFSSL_X509V3_CTX
 
-struct WOLFSSL_X509_EXTENSION {
-    WOLFSSL_ASN1_OBJECT *obj;
-    WOLFSSL_ASN1_BOOLEAN crit;
-    WOLFSSL_ASN1_STRING value;
-    WOLFSSL_v3_ext_method ext_method;
-    WOLFSSL_STACK* ext_sk; /* For extension specific data */
-};
-
 typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
 typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
 typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
@@ -98,7 +103,6 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
 #define ASN1_OCTET_STRING         WOLFSSL_ASN1_STRING
 #define X509V3_EXT_get            wolfSSL_X509V3_EXT_get
 #define X509V3_EXT_d2i            wolfSSL_X509V3_EXT_d2i
-#define X509V3_EXT_print   wolfSSL_X509V3_EXT_print
 #define i2s_ASN1_OCTET_STRING     wolfSSL_i2s_ASN1_STRING
 #define X509V3_EXT_print          wolfSSL_X509V3_EXT_print
 #define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid

+ 49 - 20
wolfssl/ssl.h

@@ -126,6 +126,7 @@ typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY;
 typedef struct WOLFSSL_X509_ALGOR WOLFSSL_X509_ALGOR;
 typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
 typedef struct WC_PKCS12          WOLFSSL_X509_PKCS12;
+typedef struct WOLFSSL_X509_INFO  WOLFSSL_X509_INFO;
 
 typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
 typedef struct WOLFSSL_SOCKADDR     WOLFSSL_SOCKADDR;
@@ -180,6 +181,7 @@ typedef struct WOLFSSL_ASN1_TIME      WOLFSSL_ASN1_TIME;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
 typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
 typedef struct WOLFSSL_X509V3_CTX     WOLFSSL_X509V3_CTX;
+typedef struct WOLFSSL_v3_ext_method  WOLFSSL_v3_ext_method;
 
 typedef struct WOLFSSL_ASN1_STRING      WOLFSSL_ASN1_STRING;
 typedef struct WOLFSSL_dynlock_value    WOLFSSL_dynlock_value;
@@ -282,7 +284,7 @@ struct WOLFSSL_ASN1_OBJECT {
     int    grp;  /* type of OID, i.e. oidCertPolicyType */
     int    nid;
     unsigned int  objSz;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_APACHE_HTTPD)
     int ca;
     WOLFSSL_ASN1_INTEGER *pathlen;
 #endif
@@ -374,7 +376,6 @@ struct WOLFSSL_X509_INFO {
     char              *enc_data;
     int               num;
 };
-typedef struct WOLFSSL_X509_INFO WOLFSSL_X509_INFO;
 
 #define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
 
@@ -1020,8 +1021,11 @@ typedef int WOLFSSL_LHASH;
 #endif
 
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
+WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
 WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
+WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
 
 #if defined(HAVE_OCSP)
 #include "wolfssl/ocsp.h"
@@ -1049,15 +1053,17 @@ WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(
         WOLFSSL_STACK* sk, int i);
 WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
-                                       void f (WOLFSSL_GENERAL_NAME*));
+                                       void (*f) (WOLFSSL_GENERAL_NAME*));
+WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES* name);
 WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_AUTHORITY_INFO_ACCESS_free(
         WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk);
 WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value(
         WOLFSSL_STACK* sk, int idx);
+WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk,
-        void f (WOLFSSL_ACCESS_DESCRIPTION*));
+        void (*f) (WOLFSSL_ACCESS_DESCRIPTION*));
 WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
         WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
         void f (WOLFSSL_X509_EXTENSION*));
@@ -1072,7 +1078,7 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
 WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
 WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free(
                 WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
-                void (*func)(WOLFSSL_ASN1_OBJECT*));
+                void (*f)(WOLFSSL_ASN1_OBJECT*));
 WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
@@ -1197,6 +1203,7 @@ WOLFSSL_API int  wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
 WOLFSSL_API int  wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
 WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
 WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
+WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio);
 
 WOLFSSL_API void        wolfSSL_RAND_screen(void);
 WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
@@ -1263,8 +1270,8 @@ WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509,
         const WOLFSSL_ASN1_TIME* t);
 WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509,
         const WOLFSSL_ASN1_TIME* t);
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509* x509);
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509* x509);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509,
         WOLFSSL_ASN1_INTEGER* s);
 WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v);
@@ -1389,8 +1396,11 @@ WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t,
 #endif
 
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list(
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
         const WOLFSSL_CTX *s);
+/* depricated function name */
+#define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list
+
 WOLFSSL_API void  wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
                                                WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
@@ -3039,6 +3049,11 @@ struct WOLFSSL_X509_NAME_ENTRY {
     int set;
     int size;
 };
+
+WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
+                                                   const WOLFSSL_ASN1_OBJECT *obj,
+                                                   int idx);
+
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 
@@ -3064,7 +3079,7 @@ enum {
 };
 
 /* Object functions */
-WOLFSSL_API const char *  wolfSSL_OBJ_nid2sn(int n);
+WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n);
 WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
 WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
 
@@ -3102,7 +3117,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int
 WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
             const WOLFSSL_X509_NAME* y);
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
-WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
+WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
 WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
 WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
                                                      int nid, int* c, int* idx);
@@ -3178,6 +3194,8 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
                                               unsigned char* out, size_t outSz);
 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
+        WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
         (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
@@ -3232,6 +3250,7 @@ WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509);
 #ifndef NO_FILESYSTEM
 WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
 WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c);
 #endif
 
 #endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
@@ -3247,9 +3266,6 @@ WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
     || defined(OPENSSL_EXTRA)
 
 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
-#ifndef NO_FILESYSTEM
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int close_flag);
-#endif
 WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
 WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
     WOLFSSL_DH **x, pem_password_cb *cb, void *u);
@@ -3334,7 +3350,7 @@ WOLFSSL_API int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)*,
     WOLFSSL_X509_INFO*);
 WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
 WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*,
-    void f (WOLFSSL_X509_INFO*));
+    void (*f) (WOLFSSL_X509_INFO*));
 WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
 
 typedef int (*wolf_sk_compare_cb)(const void* const *a,
@@ -3351,14 +3367,22 @@ WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WO
 WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
-    void f (WOLFSSL_X509_NAME*));
+    void (*f) (WOLFSSL_X509_NAME*));
 WOLFSSL_API void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME) *);
 
+WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s);
+
 WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
         unsigned long);
 
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void);
+WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*);
 WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
                             const WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
+                            const WOLFSSL_ASN1_BIT_STRING*, int);
+WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
+                            WOLFSSL_ASN1_BIT_STRING*, int, int);
 
 WOLFSSL_API int        wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
 
@@ -3366,9 +3390,11 @@ WOLFSSL_API int  wolfSSL_version(WOLFSSL*);
 
 WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
 
-WOLFSSL_API void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int);
 
-WOLFSSL_API void* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
+
+WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
 
 WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
 
@@ -3417,8 +3443,13 @@ WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val);
 
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
                                WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
+        wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *);
+WOLFSSL_API WOLFSSL_X509_OBJECT*
+        wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i);
+WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a);
 
-WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
+WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
 
 #if defined(OPENSSL_ALL) || \
@@ -3533,8 +3564,6 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *
 WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
     WOLFSSL_X509 *subject);
 
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x);
-
 WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
     WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
 #endif /* HAVE_OCSP */

+ 4 - 0
wolfssl/test.h

@@ -298,6 +298,8 @@
 #define svrKeyFile     "certs/server-key.pem"
 #define cliCertFile    "certs/client-cert.pem"
 #define cliCertDerFile "certs/client-cert.der"
+#define cliCertFileExt "certs/client-cert-ext.pem"
+#define cliCertDerFileExt "certs/client-cert-ext.der"
 #define cliKeyFile     "certs/client-key.pem"
 #define ntruCertFile   "certs/ntru-cert.pem"
 #define ntruKeyFile    "certs/ntru-key.raw"
@@ -324,6 +326,8 @@
 #define svrKeyFile     "./certs/server-key.pem"
 #define cliCertFile    "./certs/client-cert.pem"
 #define cliCertDerFile "./certs/client-cert.der"
+#define cliCertFileExt "./certs/client-cert-ext.pem"
+#define cliCertDerFileExt "./certs/client-cert-ext.der"
 #define cliKeyFile     "./certs/client-key.pem"
 #define ntruCertFile   "./certs/ntru-cert.pem"
 #define ntruKeyFile    "./certs/ntru-key.raw"

+ 3 - 1
wolfssl/wolfcrypt/asn.h

@@ -112,6 +112,7 @@ enum ASN_Tags {
 #define ASN_GENERALIZED_TIME_MAX 68
 
 enum DN_Tags {
+    ASN_DN_NULL       = 0x00,
     ASN_COMMON_NAME   = 0x03,   /* CN */
     ASN_SUR_NAME      = 0x04,   /* SN */
     ASN_SERIAL_NUMBER = 0x05,   /* serialNumber */
@@ -164,6 +165,7 @@ enum DN_Tags {
 enum
 {
     NID_undef = 0,
+    NID_netscape_cert_type = NID_undef,
     NID_des = 66,
     NID_des3 = 67,
     NID_sha256 = 672,
@@ -617,7 +619,7 @@ struct DecodedName {
     int     dcLen[DOMAIN_COMPONENT_MAX];
     int     dcNum;
     int     dcMode;
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     /* hold the location / order with which each of the DN tags was found
      *
      * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.

Some files were not shown because too many files changed in this diff