From ab91d139720a2b36ae115470aa6c507b3745adb8 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Sun, 19 Apr 2026 10:59:15 +0300 Subject: [PATCH 1/7] Initial commit to add some more openssl compatibility layer functions --- src/bio.c | 24 ++++++++++ src/ssl.c | 23 +++++++-- tests/api.c | 96 +++++++++++++++++++++++++++++++++++++- tests/api/test_ossl_bio.c | 37 +++++++++++++++ tests/api/test_ossl_bio.h | 4 +- wolfcrypt/src/evp_pk.c | 39 ++++++++++++++++ wolfssl/openssl/bio.h | 2 + wolfssl/openssl/opensslv.h | 15 ++++++ wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 7 +++ 10 files changed, 241 insertions(+), 7 deletions(-) diff --git a/src/bio.c b/src/bio.c index b9dfe6b7dd..94252fa3d8 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2109,6 +2109,30 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) return WOLFSSL_SUCCESS; } +/* Returns a unique index for a new custom BIO type. + * In OpenSSL, custom BIO types start at BIO_TYPE_START (128|0x0200). + * wolfSSL uses a simpler scheme starting at 128. + * + * @return New unique BIO type index on success. + * @return -1 when the index space is exhausted. + */ +int wolfSSL_BIO_get_new_index(void) +{ + static int bio_type_idx = WOLFSSL_BIO_TYPE_START; + int idx; + + WOLFSSL_ENTER("wolfSSL_BIO_get_new_index"); + + idx = bio_type_idx; + if (idx > WOLFSSL_BIO_TYPE_MAX + WOLFSSL_BIO_TYPE_START) { + WOLFSSL_MSG("BIO type index space exhausted"); + return -1; + } + bio_type_idx++; + + return idx; +} + /* creates a new custom WOLFSSL_BIO_METHOD */ WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int type, const char *name) { diff --git a/src/ssl.c b/src/ssl.c index c2a5827c9d..6849b43a8d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8615,10 +8615,25 @@ const char* wolfSSL_lib_version(void) #ifdef OPENSSL_EXTRA #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L -const char* wolfSSL_OpenSSL_version(int a) -{ - (void)a; - return "wolfSSL " LIBWOLFSSL_VERSION_STRING; +const char* wolfSSL_OpenSSL_version(int type) +{ + WOLFSSL_ENTER("wolfSSL_OpenSSL_version"); + switch (type) { + case OPENSSL_VERSION: + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; + case OPENSSL_CFLAGS: + return "compiler: information not available"; + case OPENSSL_BUILT_ON: + return "built on: " __DATE__ " " __TIME__; + case OPENSSL_PLATFORM: + return "platform: information not available"; + case OPENSSL_DIR: + return "OPENSSLDIR: \"\""; + case OPENSSL_ENGINES_DIR: + return "ENGINESDIR: N/A"; + default: + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; + } } #else const char* wolfSSL_OpenSSL_version(void) diff --git a/tests/api.c b/tests/api.c index 32b90b9a07..895cf76260 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18791,6 +18791,70 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) return EXPECT_RESULT(); } +static int test_wolfSSL_i2d_PUBKEY_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + EVP_PKEY* pkey2 = NULL; + + /* NULL parameter tests */ + ExpectIntEQ(wolfSSL_i2d_PUBKEY_bio(NULL, NULL), WOLFSSL_FAILURE); + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + { + const unsigned char* p = client_keypub_der_2048; + /* Load an RSA public key from DER buffer */ + ExpectNotNull(pkey = d2i_PUBKEY(NULL, &p, + sizeof_client_keypub_der_2048)); + + /* Write it to BIO */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PUBKEY_bio(bio, pkey), WOLFSSL_SUCCESS); + + /* Read it back and verify round-trip */ + ExpectNotNull(pkey2 = d2i_PUBKEY_bio(bio, NULL)); + + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + } +#endif + +#if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC) + { + const unsigned char* p = ecc_clikeypub_der_256; + /* Load an ECC public key from DER buffer */ + ExpectNotNull(pkey = d2i_PUBKEY(NULL, &p, + sizeof_ecc_clikeypub_der_256)); + + /* Write it to BIO */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PUBKEY_bio(bio, pkey), WOLFSSL_SUCCESS); + + /* Read it back and verify round-trip */ + ExpectNotNull(pkey2 = d2i_PUBKEY_bio(bio, NULL)); + + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + } +#endif + + (void)pkey; + (void)pkey2; + (void)bio; +#endif + return EXPECT_RESULT(); +} + #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \ !defined(NO_TLS) static int test_wolfSSL_d2i_PrivateKeys_bio(void) @@ -27921,12 +27985,39 @@ static int test_wolfSSL_OpenSSL_version(void) const char* ver; #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L - ExpectNotNull(ver = OpenSSL_version(0)); + ExpectNotNull(ver = OpenSSL_version(OPENSSL_VERSION)); + ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, + XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + + /* Test OPENSSL_CFLAGS type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_CFLAGS)); + ExpectNotNull(XSTRSTR(ver, "compiler:")); + + /* Test OPENSSL_BUILT_ON type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_BUILT_ON)); + ExpectNotNull(XSTRSTR(ver, "built on:")); + + /* Test OPENSSL_PLATFORM type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_PLATFORM)); + ExpectNotNull(XSTRSTR(ver, "platform:")); + + /* Test OPENSSL_DIR type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_DIR)); + ExpectNotNull(XSTRSTR(ver, "OPENSSLDIR:")); + + /* Test OPENSSL_ENGINES_DIR type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_ENGINES_DIR)); + ExpectNotNull(XSTRSTR(ver, "ENGINESDIR:")); + + /* Test unknown type falls back to version string */ + ExpectNotNull(ver = OpenSSL_version(99)); + ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, + XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); #else ExpectNotNull(ver = OpenSSL_version()); -#endif ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); +#endif #endif return EXPECT_RESULT(); } @@ -35028,6 +35119,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey_ecc), #ifndef NO_BIO TEST_DECL(test_wolfSSL_d2i_PUBKEY), + TEST_DECL(test_wolfSSL_i2d_PUBKEY_bio), #endif TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams), TEST_DECL(test_wolfSSL_i2d_PrivateKey), diff --git a/tests/api/test_ossl_bio.c b/tests/api/test_ossl_bio.c index b111fd4468..170dd417d2 100644 --- a/tests/api/test_ossl_bio.c +++ b/tests/api/test_ossl_bio.c @@ -1866,5 +1866,42 @@ int test_wolfSSL_BIO_get_init(void) return EXPECT_RESULT(); } +int test_wolfSSL_BIO_get_new_index(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + int idx1, idx2, idx3; + BIO_METHOD* meth = NULL; + BIO* bio = NULL; + + /* Get three consecutive indices - should be unique and >= 128 */ + idx1 = BIO_get_new_index(); + idx2 = BIO_get_new_index(); + idx3 = BIO_get_new_index(); + + ExpectIntGE(idx1, BIO_TYPE_START); + ExpectIntGE(idx2, BIO_TYPE_START); + ExpectIntGE(idx3, BIO_TYPE_START); + + /* Each index must be unique */ + ExpectIntNE(idx1, idx2); + ExpectIntNE(idx2, idx3); + ExpectIntNE(idx1, idx3); + + /* Indices should be sequential */ + ExpectIntEQ(idx2, idx1 + 1); + ExpectIntEQ(idx3, idx2 + 1); + + /* Use returned index with BIO_meth_new */ + ExpectNotNull(meth = BIO_meth_new(idx1, "custom_test")); + ExpectNotNull(bio = BIO_new(meth)); + ExpectIntEQ(BIO_method_type(bio), idx1); + + BIO_free(bio); + BIO_meth_free(meth); +#endif + return EXPECT_RESULT(); +} + #endif /* !NO_BIO */ diff --git a/tests/api/test_ossl_bio.h b/tests/api/test_ossl_bio.h index acf13fb776..a8edfa539d 100644 --- a/tests/api/test_ossl_bio.h +++ b/tests/api/test_ossl_bio.h @@ -48,6 +48,7 @@ int test_wolfSSL_BIO_set_conn_hostname(void); int test_wolfSSL_BIO_ctrl_pending_chain(void); int test_wolfSSL_BIO_meth_type_large(void); int test_wolfSSL_BIO_get_init(void); +int test_wolfSSL_BIO_get_new_index(void); #define TEST_OSSL_BIO_DECLS \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_gets), \ @@ -68,7 +69,8 @@ int test_wolfSSL_BIO_get_init(void); TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_set_conn_hostname), \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_ctrl_pending_chain), \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_meth_type_large), \ - TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_init) + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_init), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_new_index) #define TEST_OSSL_BIO_TLS_DECLS \ TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_connect), \ diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index 777f012e3c..f075d1c4c8 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -2427,6 +2427,45 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) { return wolfSSL_i2d_PublicKey(key, der); } + +#ifndef NO_BIO +/* Encode public key as DER data and write to BIO. + * + * @param [in] bio BIO to write data to. + * @param [in] key Public key to encode. + * @return WOLFSSL_SUCCESS on success. + * @return WOLFSSL_FAILURE on failure. + */ +int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int derSz = 0; + byte* der = NULL; + + WOLFSSL_ENTER("wolfSSL_i2d_PUBKEY_bio"); + + if (bio == NULL || key == NULL) { + return WOLFSSL_FAILURE; + } + + derSz = wolfSSL_i2d_PUBKEY(key, &der); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, der, derSz) != derSz) { + goto cleanup; + } + + ret = WOLFSSL_SUCCESS; + +cleanup: + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + return ret; +} +#endif /* !NO_BIO */ + #endif /* !NO_ASN && !NO_PWDBASED */ #endif /* OPENSSL_EXTRA */ diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index f797d94ab5..f34bc1450c 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -138,6 +138,8 @@ #define BIO_TYPE_BIO WOLFSSL_BIO_BIO #define BIO_TYPE_MEM WOLFSSL_BIO_MEMORY #define BIO_TYPE_BASE64 WOLFSSL_BIO_BASE64 +#define BIO_TYPE_START WOLFSSL_BIO_TYPE_START +#define BIO_get_new_index wolfSSL_BIO_get_new_index #define BIO_vprintf wolfSSL_BIO_vprintf #define BIO_printf wolfSSL_BIO_printf diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index df75d9e0d4..a11284c9c3 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -68,6 +68,21 @@ #ifndef OPENSSL_VERSION #define OPENSSL_VERSION 0 #endif +#ifndef OPENSSL_CFLAGS + #define OPENSSL_CFLAGS 1 +#endif +#ifndef OPENSSL_BUILT_ON + #define OPENSSL_BUILT_ON 2 +#endif +#ifndef OPENSSL_PLATFORM + #define OPENSSL_PLATFORM 3 +#endif +#ifndef OPENSSL_DIR + #define OPENSSL_DIR 4 +#endif +#ifndef OPENSSL_ENGINES_DIR + #define OPENSSL_ENGINES_DIR 5 +#endif #ifndef OPENSSL_IS_WOLFSSL #define OPENSSL_IS_WOLFSSL diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 063500675e..680b2a1665 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -273,6 +273,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_CTX_set_ecdh_auto wolfSSL_CTX_set_ecdh_auto #define i2d_PUBKEY wolfSSL_i2d_PUBKEY +#define i2d_PUBKEY_bio wolfSSL_i2d_PUBKEY_bio #define i2d_X509_PUBKEY wolfSSL_i2d_X509_PUBKEY #define d2i_PUBKEY wolfSSL_d2i_PUBKEY #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 738828b127..dc00bc4ab6 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -772,6 +772,11 @@ enum BIO_TYPE { WOLFSSL_BIO_NULL = 10 }; +/* Starting index for custom BIO types returned by wolfSSL_BIO_get_new_index. + * Matches OpenSSL BIO_TYPE_START (128). */ +#define WOLFSSL_BIO_TYPE_START 128 +#define WOLFSSL_BIO_TYPE_MAX 255 + enum BIO_FLAGS { WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01, WOLFSSL_BIO_FLAG_READ = 0x02, @@ -2180,6 +2185,7 @@ WOLFSSL_API int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_should_read(WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_should_write(WOLFSSL_BIO *bio); +WOLFSSL_API int wolfSSL_BIO_get_new_index(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int type, const char* name); WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD* biom); WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_write_cb biom_write); @@ -2472,6 +2478,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, const unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der); +WOLFSSL_API int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey, From 91da17ffe5314b79b9f245af313c96ba9bba19e5 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Thu, 23 Apr 2026 21:27:48 +0300 Subject: [PATCH 2/7] Refactor : fix some buggy logic + cleaned code --- src/bio.c | 9 +-------- src/ssl.c | 6 +++--- tests/api/test_ossl_bio.c | 11 +++++++---- wolfcrypt/src/evp_pk.c | 6 ++++-- 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/src/bio.c b/src/bio.c index 94252fa3d8..b59b2c9bec 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2109,13 +2109,6 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) return WOLFSSL_SUCCESS; } -/* Returns a unique index for a new custom BIO type. - * In OpenSSL, custom BIO types start at BIO_TYPE_START (128|0x0200). - * wolfSSL uses a simpler scheme starting at 128. - * - * @return New unique BIO type index on success. - * @return -1 when the index space is exhausted. - */ int wolfSSL_BIO_get_new_index(void) { static int bio_type_idx = WOLFSSL_BIO_TYPE_START; @@ -2124,7 +2117,7 @@ int wolfSSL_BIO_get_new_index(void) WOLFSSL_ENTER("wolfSSL_BIO_get_new_index"); idx = bio_type_idx; - if (idx > WOLFSSL_BIO_TYPE_MAX + WOLFSSL_BIO_TYPE_START) { + if (idx > WOLFSSL_BIO_TYPE_MAX) { WOLFSSL_MSG("BIO type index space exhausted"); return -1; } diff --git a/src/ssl.c b/src/ssl.c index 6849b43a8d..b6007605a2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8628,7 +8628,7 @@ const char* wolfSSL_OpenSSL_version(int type) case OPENSSL_PLATFORM: return "platform: information not available"; case OPENSSL_DIR: - return "OPENSSLDIR: \"\""; + return "OPENSSLDIR: N/A"; case OPENSSL_ENGINES_DIR: return "ENGINESDIR: N/A"; default: @@ -8640,8 +8640,8 @@ const char* wolfSSL_OpenSSL_version(void) { return "wolfSSL " LIBWOLFSSL_VERSION_STRING; } -#endif /* WOLFSSL_QT */ -#endif +#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ +#endif /* OPENSSL_EXTRA */ /* current library version in hex */ diff --git a/tests/api/test_ossl_bio.c b/tests/api/test_ossl_bio.c index 170dd417d2..7a4e739232 100644 --- a/tests/api/test_ossl_bio.c +++ b/tests/api/test_ossl_bio.c @@ -1874,23 +1874,26 @@ int test_wolfSSL_BIO_get_new_index(void) BIO_METHOD* meth = NULL; BIO* bio = NULL; - /* Get three consecutive indices - should be unique and >= 128 */ + /* Get three consecutive indices - should be unique and in valid range */ idx1 = BIO_get_new_index(); idx2 = BIO_get_new_index(); idx3 = BIO_get_new_index(); ExpectIntGE(idx1, BIO_TYPE_START); + ExpectIntLE(idx1, WOLFSSL_BIO_TYPE_MAX); ExpectIntGE(idx2, BIO_TYPE_START); + ExpectIntLE(idx2, WOLFSSL_BIO_TYPE_MAX); ExpectIntGE(idx3, BIO_TYPE_START); + ExpectIntLE(idx3, WOLFSSL_BIO_TYPE_MAX); /* Each index must be unique */ ExpectIntNE(idx1, idx2); ExpectIntNE(idx2, idx3); ExpectIntNE(idx1, idx3); - /* Indices should be sequential */ - ExpectIntEQ(idx2, idx1 + 1); - ExpectIntEQ(idx3, idx2 + 1); + /* Each consecutive call must return a strictly increasing value */ + ExpectIntGT(idx2, idx1); + ExpectIntGT(idx3, idx2); /* Use returned index with BIO_meth_new */ ExpectNotNull(meth = BIO_meth_new(idx1, "custom_test")); diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index f075d1c4c8..a5a1412f2f 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -2448,8 +2448,10 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) return WOLFSSL_FAILURE; } + /* Let wolfSSL_i2d_PUBKEY allocate the buffer (pass NULL to trigger + * internal allocation). We free it ourselves after writing to the BIO. */ derSz = wolfSSL_i2d_PUBKEY(key, &der); - if (derSz <= 0) { + if (derSz <= 0 || der == NULL) { WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); return WOLFSSL_FAILURE; } @@ -2461,7 +2463,7 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) ret = WOLFSSL_SUCCESS; cleanup: - XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } #endif /* !NO_BIO */ From d54c9c6a840974382328cb3605d9e0c82c4444f3 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Sun, 26 Apr 2026 09:57:14 +0300 Subject: [PATCH 3/7] Fix: Handle build errors with .deb package + date build time --- src/ssl.c | 4 ++++ tests/api.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index b6007605a2..c02f309c02 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8624,7 +8624,11 @@ const char* wolfSSL_OpenSSL_version(int type) case OPENSSL_CFLAGS: return "compiler: information not available"; case OPENSSL_BUILT_ON: +#ifdef HAVE_REPRODUCIBLE_BUILD + return "built on: date not available"; +#else return "built on: " __DATE__ " " __TIME__; +#endif case OPENSSL_PLATFORM: return "platform: information not available"; case OPENSSL_DIR: diff --git a/tests/api.c b/tests/api.c index 895cf76260..d977f152f6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18794,7 +18794,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) static int test_wolfSSL_i2d_PUBKEY_bio(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) BIO* bio = NULL; EVP_PKEY* pkey = NULL; EVP_PKEY* pkey2 = NULL; From a36775175d78095905bc3bfa07d6f6adfe2596fa Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Wed, 29 Apr 2026 13:20:12 +0300 Subject: [PATCH 4/7] Fix note regarding unitest handling --- tests/api.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/tests/api.c b/tests/api.c index d977f152f6..1f11bde3d0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27987,37 +27987,40 @@ static int test_wolfSSL_OpenSSL_version(void) #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L ExpectNotNull(ver = OpenSSL_version(OPENSSL_VERSION)); - ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, - XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); /* Test OPENSSL_CFLAGS type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_CFLAGS)); - ExpectNotNull(XSTRSTR(ver, "compiler:")); + ExpectStrEQ(ver, "compiler: information not available"); /* Test OPENSSL_BUILT_ON type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_BUILT_ON)); - ExpectNotNull(XSTRSTR(ver, "built on:")); +#ifdef HAVE_REPRODUCIBLE_BUILD + ExpectStrEQ(ver, "built on: date not available"); +#else + /* __DATE__/__TIME__ differ between translation units, so just check + * the prefix is present. */ + ExpectNotNull(XSTRSTR(ver, "built on: ")); +#endif /* Test OPENSSL_PLATFORM type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_PLATFORM)); - ExpectNotNull(XSTRSTR(ver, "platform:")); + ExpectStrEQ(ver, "platform: information not available"); /* Test OPENSSL_DIR type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_DIR)); - ExpectNotNull(XSTRSTR(ver, "OPENSSLDIR:")); + ExpectStrEQ(ver, "OPENSSLDIR: N/A"); /* Test OPENSSL_ENGINES_DIR type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_ENGINES_DIR)); - ExpectNotNull(XSTRSTR(ver, "ENGINESDIR:")); + ExpectStrEQ(ver, "ENGINESDIR: N/A"); /* Test unknown type falls back to version string */ ExpectNotNull(ver = OpenSSL_version(99)); - ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, - XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); #else ExpectNotNull(ver = OpenSSL_version()); - ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, - XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); #endif #endif return EXPECT_RESULT(); From c2e2984a06ec6b41ffb33d982d15fdae96af542e Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Fri, 22 May 2026 19:15:34 +0300 Subject: [PATCH 5/7] Refactor - Implement PR fix for better behavior --- src/ssl.c | 2 +- wolfcrypt/src/evp_pk.c | 22 +++++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index c02f309c02..d77ab25445 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8636,7 +8636,7 @@ const char* wolfSSL_OpenSSL_version(int type) case OPENSSL_ENGINES_DIR: return "ENGINESDIR: N/A"; default: - return "wolfSSL " LIBWOLFSSL_VERSION_STRING; + return "not available"; } } #else diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index a5a1412f2f..c03a2a4818 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -2441,6 +2441,7 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int derSz = 0; byte* der = NULL; + byte* derPtr = NULL; WOLFSSL_ENTER("wolfSSL_i2d_PUBKEY_bio"); @@ -2448,14 +2449,25 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) return WOLFSSL_FAILURE; } - /* Let wolfSSL_i2d_PUBKEY allocate the buffer (pass NULL to trigger - * internal allocation). We free it ourselves after writing to the BIO. */ - derSz = wolfSSL_i2d_PUBKEY(key, &der); - if (derSz <= 0 || der == NULL) { - WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); + derSz = wolfSSL_i2d_PUBKEY(key, NULL); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PUBKEY size query failed"); + return WOLFSSL_FAILURE; + } + + der = (byte*)XMALLOC((size_t)derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("XMALLOC failed"); return WOLFSSL_FAILURE; } + derPtr = der; + derSz = wolfSSL_i2d_PUBKEY(key, &derPtr); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); + goto cleanup; + } + if (wolfSSL_BIO_write(bio, der, derSz) != derSz) { goto cleanup; } From 87e032ea48d729ba9b1f6614e0055e386f81a5f2 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Sun, 7 Jun 2026 09:21:54 +0300 Subject: [PATCH 6/7] Fix - change test string default case --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 1f11bde3d0..f571d20bb8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28017,7 +28017,7 @@ static int test_wolfSSL_OpenSSL_version(void) /* Test unknown type falls back to version string */ ExpectNotNull(ver = OpenSSL_version(99)); - ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); + ExpectStrEQ(ver, "not available"); #else ExpectNotNull(ver = OpenSSL_version()); ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); From e127cb165b21f4af7330660a876a1f762a5a4d92 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Sun, 21 Jun 2026 15:16:45 +0300 Subject: [PATCH 7/7] Remove old comment --- tests/api.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index f571d20bb8..2bc61b38fb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28015,7 +28015,6 @@ static int test_wolfSSL_OpenSSL_version(void) ExpectNotNull(ver = OpenSSL_version(OPENSSL_ENGINES_DIR)); ExpectStrEQ(ver, "ENGINESDIR: N/A"); - /* Test unknown type falls back to version string */ ExpectNotNull(ver = OpenSSL_version(99)); ExpectStrEQ(ver, "not available"); #else