cjson
fuzzing
inputs
test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9library_config
cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmaketests
inputs
test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expectedjson-patch-tests
.editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.jsonunity
auto
colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.pydocs
ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txtexamples
unity_config.hcurl
.github
scripts
cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yamlworkflows
appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.ymlCMake
CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmakedocs
cmdline-opts
.gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.mdexamples
.checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.cinternals
BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.mdlibcurl
opts
CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.incinclude
curl
Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.hlib
curlx
base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.hvauth
cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.hvquic
curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.hvtls
apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.hm4
.gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4projects
OS400
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.hWindows
tmpl
.gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filtersvms
Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.hscripts
.checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurlsrc
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.htests
certs
.gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prmdata
.gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999http
testenv
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.pylibtest
.gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.hserver
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.ctunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.cunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.cexamples
.env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.luainiparser
example
iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.initest
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.hjinjac
libjinjac
src
CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.htest
.gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinjalibev
Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1luajit
doc
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm
dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.luasrc
host
.gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.cjit
.gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.luawolfssl
.github
workflows
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.ymlIDE
ARDUINO
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.hECLIPSE
Espressif
ESP-IDF
examples
template
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266wolfssl_benchmark
VisualGDB
wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbprojwolfssl_client
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbprojwolfssl_server
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbprojwolfssl_test
VisualGDB
wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbprojGCC-ARM
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ldIAR-EWARM
embOS
SAMV71_XULT
embOS_SAMV71_XULT_user_settings
user_settings.h user_settings_simple_example.h user_settings_verbose_example.hembOS_wolfcrypt_benchmark_SAMV71_XULT
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewpINTIME-RTOS
Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxprojMQX
Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.hMSVS-2019-AZSPHERE
wolfssl_new_azsphere
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.cNETOS
Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.cPlatformIO
examples
wolfssl_benchmark
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspaceROWLEY-CROSSWORKS-ARM
Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzpRenesas
e2studio
RA6M3
README.md README_APRA6M_en.md README_APRA6M_jp.md include.amRX72N
EnvisionKit
Simple
README_EN.md README_JP.mdwolfssl_demo
key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.cSTM32Cube
README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.hWIN
README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxprojWIN-SRTP-KDF-140-3
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojWIN10
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojXCODE
Benchmark
include.amXilinxSDK
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.capple-universal
wolfssl-multiplatform
iotsafe
Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.hmynewt
README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.shcerts
1024
ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pemcrl
extra-crls
ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pemdilithium
bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.amecc
bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnfed25519
ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pemed448
ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pemexternal
DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.amintermediate
ca_false_intermediate
gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conflms
bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.ammldsa
README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.derocsp
imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.derp521
ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pemrpk
client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.derrsapss
ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pemslhdsa
bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pemsm2
ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pemstatickeys
dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pemtest
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7stest-pathlen
assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.shtest-serial0
ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pemxmss
bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.amcmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.indebian
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.indoc
dox_comments
header_files
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.hheader_files-ja
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
examples
async
Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.hconfigs
README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.hechoclient
echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quitlinuxkm
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.cm4
ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4mqx
wolfcrypt_benchmark
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfcrypt_test
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfssl_client
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchscripts
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.shsrc
bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.ctests
api
api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.hwolfcrypt
benchmark
README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.amsrc
port
Espressif
esp_crt_bundle
README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.pyRenesas
README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.carm
armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.ccaam
README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.cdevcrypto
README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.criscv
riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.cwolfssl
openssl
aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.hwolfcrypt
port
Renesas
renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.hcaam
caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.hwrapper
Ada
examples
src
aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adbtests
src
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adbCSharp
wolfSSL-Example-IOCallbacks
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csprojwolfSSL-TLS-ServerThreaded
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csprojrust
wolfssl-wolfcrypt
src
aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rstests
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rszephyr
samples
wolfssl_benchmark
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.confwolfssl_test
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl/src/ocsp.c
raw
1/* ocsp.c
2 *
3 * Copyright (C) 2006-2026 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
23
24 /* Name change compatibility layer no longer needs to be included here */
25
26/*
27 * WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK:
28 * Disable looking for an authorized responder in the verification path of
29 * the issuer. This will make the authorized responder only look at the
30 * OCSP response signer and direct issuer.
31 */
32
33/*
34 * OCSP responder missing features:
35 * - Support for multiple requests and responses in a single OCSP exchange
36 * - Support name-based responder ID
37 * - Support for singleExtensions
38 */
39
40#ifndef WOLFCRYPT_ONLY
41#ifdef HAVE_OCSP
42
43#include <wolfssl/error-ssl.h>
44#include <wolfssl/ocsp.h>
45#include <wolfssl/internal.h>
46
47#ifdef NO_INLINE
48 #include <wolfssl/wolfcrypt/misc.h>
49#else
50 #define WOLFSSL_MISC_INCLUDED
51 #include <wolfcrypt/src/misc.c>
52#endif
53
54/* Allocates and initializes a WOLFSSL_OCSP object. Returns pointer on success, NULL on failure. */
55WOLFSSL_OCSP* wc_NewOCSP(WOLFSSL_CERT_MANAGER* cm)
56{
57 WOLFSSL_OCSP* ocsp = NULL;
58 ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm ? cm->heap : NULL, DYNAMIC_TYPE_OCSP);
59 if (ocsp == NULL)
60 return NULL;
61 if (InitOCSP(ocsp, cm) != 0) {
62 XFREE(ocsp, cm ? cm->heap : NULL, DYNAMIC_TYPE_OCSP);
63 return NULL;
64 }
65 return ocsp;
66}
67
68/* Frees a WOLFSSL_OCSP object allocated by wc_NewOCSP. */
69void wc_FreeOCSP(WOLFSSL_OCSP* ocsp)
70{
71 if (ocsp) {
72 FreeOCSP(ocsp, 1);
73 }
74}
75
76int wc_CheckCertOcspResponse(WOLFSSL_OCSP *ocsp, DecodedCert *cert,
77 byte *response, int responseSz, void* heap)
78{
79 int ret = WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E);
80
81#ifdef WOLFSSL_SMALL_STACK
82 OcspRequest* ocspRequest;
83#else
84 OcspRequest ocspRequest[1];
85#endif
86
87
88#ifdef WOLFSSL_SMALL_STACK
89 ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
90 DYNAMIC_TYPE_TMP_BUFFER);
91 if (ocspRequest == NULL) {
92 WOLFSSL_LEAVE("wc_CheckCertOcspResponse", MEMORY_ERROR);
93 return MEMORY_E;
94 }
95#endif
96
97 if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
98 ocsp->cm->heap) == 0) {
99 ret = CheckOcspResponse(ocsp, response, responseSz, NULL, NULL, NULL,
100 ocspRequest, heap);
101 FreeOcspRequest(ocspRequest);
102 }
103
104#ifdef WOLFSSL_SMALL_STACK
105 XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
106#endif
107
108 WOLFSSL_LEAVE("wc_CheckCertOcspResponse", ret);
109 return ret;
110}
111
112int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm)
113{
114 WOLFSSL_ENTER("InitOCSP");
115
116 ForceZero(ocsp, sizeof(WOLFSSL_OCSP));
117
118 if (wc_InitMutex(&ocsp->ocspLock) != 0)
119 return BAD_MUTEX_E;
120
121 ocsp->cm = cm;
122
123 return 0;
124}
125
126
127static int InitOcspEntry(OcspEntry* entry, OcspRequest* request)
128{
129 WOLFSSL_ENTER("InitOcspEntry");
130
131 ForceZero(entry, sizeof(OcspEntry));
132
133 XMEMCPY(entry->issuerHash, request->issuerHash, OCSP_DIGEST_SIZE);
134 XMEMCPY(entry->issuerKeyHash, request->issuerKeyHash, OCSP_DIGEST_SIZE);
135
136 return 0;
137}
138
139
140static void FreeOcspEntry(OcspEntry* entry, void* heap)
141{
142 CertStatus *status, *next;
143
144 if (entry == NULL || !entry->ownStatus)
145 return;
146
147 WOLFSSL_ENTER("FreeOcspEntry");
148
149 for (status = entry->status; status; status = next) {
150 next = status->next;
151
152 XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS);
153
154#ifdef OPENSSL_EXTRA
155 if (status->serialInt) {
156 if (status->serialInt->isDynamic) {
157 XFREE(status->serialInt->data, NULL, DYNAMIC_TYPE_OPENSSL);
158 }
159 XFREE(status->serialInt, NULL, DYNAMIC_TYPE_OPENSSL);
160 }
161 status->serialInt = NULL;
162#endif
163
164 XFREE(status, heap, DYNAMIC_TYPE_OCSP_STATUS);
165 }
166
167 (void)heap;
168}
169
170
171void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
172{
173 OcspEntry *entry, *next;
174 void* heap = (ocsp->cm != NULL) ? ocsp->cm->heap : NULL;
175
176 WOLFSSL_ENTER("FreeOCSP");
177
178 for (entry = ocsp->ocspList; entry; entry = next) {
179 next = entry->next;
180 FreeOcspEntry(entry, heap);
181 XFREE(entry, heap, DYNAMIC_TYPE_OCSP_ENTRY);
182 }
183
184 wc_FreeMutex(&ocsp->ocspLock);
185
186 if (dynamic)
187 XFREE(ocsp, heap, DYNAMIC_TYPE_OCSP);
188
189}
190
191
192static int xstat2err(int st)
193{
194 switch (st) {
195 case CERT_GOOD:
196 return 0;
197 case CERT_REVOKED:
198 return OCSP_CERT_REVOKED;
199 default:
200 return OCSP_CERT_UNKNOWN;
201 }
202}
203
204int CheckCertOCSP_ex(WOLFSSL_OCSP* ocsp, DecodedCert* cert, WOLFSSL* ssl)
205{
206 int ret = WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL);
207
208 WC_DECLARE_VAR(ocspRequest, OcspRequest, 1, 0);
209
210 WOLFSSL_ENTER("CheckCertOCSP");
211
212
213#ifdef WOLFSSL_SMALL_STACK
214 ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
215 DYNAMIC_TYPE_TMP_BUFFER);
216 if (ocspRequest == NULL) {
217 WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
218 return MEMORY_E;
219 }
220#endif
221
222 if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
223 ocsp->cm->heap) == 0) {
224 ocspRequest->ssl = ssl;
225 ret = CheckOcspRequest(ocsp, ocspRequest, NULL, NULL);
226
227 FreeOcspRequest(ocspRequest);
228 }
229
230 WC_FREE_VAR_EX(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
231
232 WOLFSSL_LEAVE("CheckCertOCSP", ret);
233 return ret;
234}
235int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert)
236{
237 return CheckCertOCSP_ex(ocsp, cert, NULL);
238}
239
240static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request,
241 OcspEntry** entry)
242{
243 WOLFSSL_ENTER("GetOcspEntry");
244
245 *entry = NULL;
246
247 if (wc_LockMutex(&ocsp->ocspLock) != 0) {
248 WOLFSSL_LEAVE("GetOcspEntry", BAD_MUTEX_E);
249 return BAD_MUTEX_E;
250 }
251
252 for (*entry = ocsp->ocspList; *entry; *entry = (*entry)->next)
253 if (XMEMCMP((*entry)->issuerHash, request->issuerHash,
254 OCSP_DIGEST_SIZE) == 0
255 && XMEMCMP((*entry)->issuerKeyHash, request->issuerKeyHash,
256 OCSP_DIGEST_SIZE) == 0)
257 break;
258
259 if (*entry == NULL) {
260 *entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry),
261 ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY);
262 if (*entry) {
263 InitOcspEntry(*entry, request);
264 (*entry)->next = ocsp->ocspList;
265 ocsp->ocspList = *entry;
266 }
267 }
268
269 wc_UnLockMutex(&ocsp->ocspLock);
270
271 return *entry ? 0 : MEMORY_ERROR;
272}
273
274
275/* Mallocs responseBuffer->buffer and is up to caller to free on success
276 *
277 * Returns OCSP status
278 */
279static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
280 OcspEntry* entry, CertStatus** status, buffer* responseBuffer,
281 void* heap)
282{
283 int ret = WC_NO_ERR_TRACE(OCSP_INVALID_STATUS);
284
285 WOLFSSL_ENTER("GetOcspStatus");
286
287 (void)heap;
288 *status = NULL;
289
290 if (wc_LockMutex(&ocsp->ocspLock) != 0) {
291 WOLFSSL_LEAVE("GetOcspStatus", BAD_MUTEX_E);
292 return BAD_MUTEX_E;
293 }
294
295 for (*status = entry->status; *status; *status = (*status)->next)
296 if ((*status)->serialSz == request->serialSz
297 && !XMEMCMP((*status)->serial, request->serial, (size_t)(*status)->serialSz))
298 break;
299
300 if (responseBuffer && *status && !(*status)->rawOcspResponse) {
301 /* force fetching again */
302 ret = OCSP_INVALID_STATUS;
303 }
304 else if (*status) {
305#ifndef NO_ASN_TIME
306 if (XVALIDATE_DATE((*status)->thisDate,
307 (*status)->thisDateFormat, ASN_BEFORE, MAX_DATE_SIZE)
308 && ((*status)->nextDate[0] != 0)
309 && XVALIDATE_DATE((*status)->nextDate,
310 (*status)->nextDateFormat, ASN_AFTER, MAX_DATE_SIZE))
311#endif
312 {
313 ret = xstat2err((*status)->status);
314
315 if (responseBuffer) {
316 responseBuffer->buffer = (byte*)XMALLOC(
317 (*status)->rawOcspResponseSz, heap,
318 DYNAMIC_TYPE_TMP_BUFFER);
319
320 if (responseBuffer->buffer) {
321 responseBuffer->length = (*status)->rawOcspResponseSz;
322 XMEMCPY(responseBuffer->buffer,
323 (*status)->rawOcspResponse,
324 (*status)->rawOcspResponseSz);
325 }
326 }
327 }
328 }
329
330 wc_UnLockMutex(&ocsp->ocspLock);
331
332 return ret;
333}
334
335/* Check that the response for validity. Store result in status.
336 *
337 * ocsp Context object for OCSP status.
338 * response OCSP response message data.
339 * responseSz Length of OCSP response message data.
340 * responseBuffer Buffer object to return the response with.
341 * status The certificate status object.
342 * entry The OCSP entry for this certificate.
343 * ocspRequest Request corresponding to response.
344 * heap Heap hint used for responseBuffer
345 * returns OCSP_LOOKUP_FAIL when the response is bad and 0 otherwise.
346 */
347int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
348 WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status,
349 OcspEntry *entry, OcspRequest *ocspRequest, void* heap)
350{
351#ifdef WOLFSSL_SMALL_STACK
352 CertStatus* newStatus;
353 OcspEntry* newSingle;
354 OcspResponse* ocspResponse;
355#else
356 CertStatus newStatus[1];
357 OcspEntry newSingle[1];
358 OcspResponse ocspResponse[1];
359#endif
360 int ret;
361 int validated = 0; /* ocsp validation flag */
362
363 (void)heap;
364
365#ifdef WOLFSSL_SMALL_STACK
366 newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
367 DYNAMIC_TYPE_OCSP_STATUS);
368 newSingle = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
369 DYNAMIC_TYPE_OCSP_ENTRY);
370 ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
371 DYNAMIC_TYPE_OCSP_REQUEST);
372
373 if (newStatus == NULL || newSingle == NULL || ocspResponse == NULL) {
374 XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS);
375 XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
376 XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
377
378 WOLFSSL_LEAVE("CheckOcspResponse", MEMORY_ERROR);
379 return MEMORY_E;
380 }
381#endif
382 InitOcspResponse(ocspResponse, newSingle, newStatus, response,
383 (word32)responseSz, ocsp->cm->heap);
384#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(NO_TLS)
385 if (ocspRequest != NULL && ocspRequest->ssl != NULL &&
386 TLSX_CSR2_IsMulti(((WOLFSSL*)ocspRequest->ssl)->extensions)) {
387 ocspResponse->pendingCAs = TLSX_CSR2_GetPendingSigners(((WOLFSSL*)ocspRequest->ssl)->extensions);
388 }
389#endif
390 ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0, 0);
391 if (ret != 0) {
392 ocsp->error = ret;
393 WOLFSSL_LEAVE("OcspResponseDecode failed", ocsp->error);
394 goto end;
395 }
396
397 if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) {
398 WOLFSSL_MSG("OcspResponse status bad");
399 goto end;
400 }
401 if (ocspRequest != NULL) {
402 /* Has the chance to bubble up response changing ocspResponse->single to
403 no longer be pointing at newSingle */
404 ret = CompareOcspReqResp(ocspRequest, ocspResponse);
405 if (ret != 0) {
406 goto end;
407 }
408 }
409
410 if (responseBuffer) {
411 responseBuffer->buffer = (byte*)XMALLOC((size_t)responseSz, heap,
412 DYNAMIC_TYPE_TMP_BUFFER);
413
414 if (responseBuffer->buffer) {
415 responseBuffer->length = (unsigned int)responseSz;
416 XMEMCPY(responseBuffer->buffer, response, (size_t)responseSz);
417 }
418 }
419
420 ret = xstat2err(ocspResponse->single->status->status);
421 if (ret == 0) {
422 validated = 1;
423 }
424
425 if (wc_LockMutex(&ocsp->ocspLock) != 0) {
426 ret = BAD_MUTEX_E;
427 goto end;
428 }
429
430 if (status != NULL) {
431 XFREE(status->rawOcspResponse, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
432
433 /* Replace existing certificate entry with updated */
434 ocspResponse->single->status->next = status->next;
435 XMEMCPY(status, ocspResponse->single->status, sizeof(CertStatus));
436 }
437 else if (entry != NULL) {
438 /* Save new certificate entry */
439 status = (CertStatus*)XMALLOC(sizeof(CertStatus),
440 ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
441 if (status != NULL) {
442 XMEMCPY(status, ocspResponse->single->status, sizeof(CertStatus));
443 status->next = entry->status;
444 entry->status = status;
445 entry->ownStatus = 1;
446 entry->totalStatus++;
447 }
448 }
449
450 if (status && responseBuffer && responseBuffer->buffer) {
451 status->rawOcspResponse = (byte*)XMALLOC(responseBuffer->length,
452 ocsp->cm->heap,
453 DYNAMIC_TYPE_OCSP_STATUS);
454
455 if (status->rawOcspResponse) {
456 status->rawOcspResponseSz = responseBuffer->length;
457 XMEMCPY(status->rawOcspResponse, responseBuffer->buffer,
458 responseBuffer->length);
459 }
460 }
461
462 wc_UnLockMutex(&ocsp->ocspLock);
463
464end:
465 if (ret == 0 && validated == 1) {
466 WOLFSSL_MSG("New OcspResponse validated");
467 }
468 else if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED)) {
469 WOLFSSL_MSG("OCSP revoked");
470 }
471 else if (ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) {
472 WOLFSSL_MSG("OCSP unknown");
473 }
474 else {
475 WOLFSSL_MSG("OCSP lookup failure");
476 ret = OCSP_LOOKUP_FAIL;
477 }
478
479 FreeOcspResponse(ocspResponse);
480 WC_FREE_VAR_EX(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS);
481 WC_FREE_VAR_EX(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
482 WC_FREE_VAR_EX(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
483 return ret;
484}
485
486/* 0 on success */
487/* allow user to override the maximum request size at build-time */
488#ifndef OCSP_MAX_REQUEST_SZ
489#define OCSP_MAX_REQUEST_SZ 2048
490#endif
491int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
492 buffer* responseBuffer, void* heap)
493{
494 OcspEntry* entry = NULL;
495 CertStatus* status = NULL;
496 byte* request = NULL;
497 int requestSz = OCSP_MAX_REQUEST_SZ;
498 int responseSz = 0;
499 byte* response = NULL;
500 const char* url = NULL;
501 int urlSz = 0;
502 int ret = -1;
503 WOLFSSL* ssl;
504 void* ioCtx;
505
506 WOLFSSL_ENTER("CheckOcspRequest");
507
508 if (ocsp == NULL || ocspRequest == NULL)
509 return BAD_FUNC_ARG;
510
511 if (responseBuffer) {
512 responseBuffer->buffer = NULL;
513 responseBuffer->length = 0;
514 }
515
516 ret = GetOcspEntry(ocsp, ocspRequest, &entry);
517 if (ret != 0)
518 return ret;
519
520 ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer,
521 heap);
522 if (ret != WC_NO_ERR_TRACE(OCSP_INVALID_STATUS))
523 return ret;
524
525 if (responseBuffer) {
526 XFREE(responseBuffer->buffer, heap, DYNAMIC_TYPE_TMP_BUFFER);
527 responseBuffer->buffer = NULL;
528 }
529
530 /* get SSL and IOCtx */
531 ssl = (WOLFSSL*)ocspRequest->ssl;
532 ioCtx = (ssl && ssl->ocspIOCtx != NULL) ?
533 ssl->ocspIOCtx : ocsp->cm->ocspIOCtx;
534
535 if (ocsp->cm->ocspUseOverrideURL) {
536 url = ocsp->cm->ocspOverrideURL;
537 if (url != NULL && url[0] != '\0')
538 urlSz = (int)XSTRLEN(url);
539 else
540 return OCSP_NEED_URL;
541 }
542 else if (ocspRequest->urlSz != 0 && ocspRequest->url != NULL) {
543 url = (const char *)ocspRequest->url;
544 urlSz = ocspRequest->urlSz;
545 }
546 else {
547 /* cert doesn't have extAuthInfo, assuming CERT_GOOD */
548 WOLFSSL_MSG("Cert has no OCSP URL, assuming CERT_GOOD");
549 return 0;
550 }
551
552 request = (byte*)XMALLOC((size_t)requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
553 if (request == NULL) {
554 WOLFSSL_LEAVE("CheckOcspRequest", MEMORY_ERROR);
555 return MEMORY_ERROR;
556 }
557
558 requestSz = EncodeOcspRequest(ocspRequest, request, (word32)requestSz);
559 if (requestSz > 0 && ocsp->cm->ocspIOCb) {
560 responseSz = ocsp->cm->ocspIOCb(ioCtx, url, urlSz,
561 request, requestSz, &response);
562 }
563 if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
564 ret = OCSP_WANT_READ;
565 }
566 else if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT)){
567 ret = HTTP_TIMEOUT;
568 }
569
570 XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
571
572 if (responseSz >= 0 && response) {
573 ret = CheckOcspResponse(ocsp, response, responseSz, responseBuffer, status,
574 entry, ocspRequest, heap);
575 }
576
577 if (response != NULL && ocsp->cm->ocspRespFreeCb)
578 ocsp->cm->ocspRespFreeCb(ioCtx, response);
579
580 /* Keep responseBuffer in the case of getting to response check. Caller
581 * should free responseBuffer after checking OCSP return value in "ret" */
582 WOLFSSL_LEAVE("CheckOcspRequest", ret);
583 return ret;
584}
585
586#ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
587static int CheckOcspResponderChain(OcspEntry* single, byte* issuerNameHash,
588 byte* issuerKeyHash, void* vp, Signer* pendingCAs) {
589 /* Attempt to build a chain up to cert's issuer */
590 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
591 Signer* ca = NULL;
592 Signer* prev = NULL;
593 int passed = 0;
594
595 /*
596 * Relation between certs:
597 * CA
598 * / \
599 * intermediate(s) cert in OCSP response
600 * | with OCSP key usage ext
601 * issuer of cert
602 * in OCSP request
603 */
604
605 if (issuerKeyHash == NULL)
606 return 0;
607
608 /* Select CertID issuer by key hash so a same-DN / different-key trust
609 * anchor cannot hijack the starting point. */
610 ca = GetCAByKeyHash(cm, single->issuerKeyHash);
611 if (ca != NULL && XMEMCMP(ca->subjectNameHash, single->issuerHash,
612 OCSP_DIGEST_SIZE) != 0) {
613 ca = NULL;
614 }
615#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
616 if (ca == NULL && pendingCAs != NULL) {
617 ca = findSignerByKeyHash(pendingCAs, single->issuerKeyHash);
618 if (ca != NULL && XMEMCMP(ca->subjectNameHash, single->issuerHash,
619 OCSP_DIGEST_SIZE) != 0) {
620 ca = NULL;
621 }
622 }
623#else
624 (void)pendingCAs;
625#endif
626 for (; ca != NULL && ca != prev;
627 prev = ca) {
628 Signer* parent = GetCAByName(cm, ca->issuerNameHash);
629#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
630 if (parent == NULL && pendingCAs != NULL) {
631 parent = findSignerByName(pendingCAs, ca->issuerNameHash);
632 }
633#endif
634 if (parent == NULL || parent == ca)
635 break;
636
637 if (XMEMCMP(parent->subjectNameHash, issuerNameHash,
638 OCSP_DIGEST_SIZE) == 0 &&
639 XMEMCMP(parent->subjectKeyHash, issuerKeyHash,
640 KEYID_SIZE) == 0) {
641 WOLFSSL_MSG("\tOCSP Response signed by authorized "
642 "responder delegated by issuer "
643 "(found in chain)");
644 passed = 1;
645 break;
646 }
647 ca = parent;
648 }
649 return passed;
650}
651#endif
652
653/* Enforce https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2. Both halves
654 * of CertID (issuerNameHash and issuerKeyHash) must match; name-only matching
655 * would authorize a same-DN / different-key CA. issuerKeyHash may be NULL when
656 * unavailable, which disables the delegated branch. */
657int CheckOcspResponder(OcspResponse *bs, byte* subjectNameHash,
658 byte* subjectKeyHash, byte extExtKeyUsage, byte* issuerNameHash,
659 byte* issuerKeyHash, void* vp)
660{
661 int ret = 0;
662 OcspEntry* single;
663
664 /* Both evaluate to enum values so can't use a pre-processor check */
665 WOLFSSL_ASSERT_EQ(OCSP_DIGEST_SIZE, SIGNER_DIGEST_SIZE);
666
667 (void)vp;
668
669 WOLFSSL_ENTER("CheckOcspResponder");
670
671 /* In the future if this API is used more then it could be beneficial to
672 * implement calling InitDecodedCert and ParseCertRelative here
673 * automatically when cert == NULL. */
674 if (bs == NULL || subjectNameHash == NULL || issuerNameHash == NULL)
675 return BAD_FUNC_ARG;
676
677 for (single = bs->single; single != NULL; single = single->next) {
678 int passed = 0;
679
680 if (subjectKeyHash != NULL &&
681 XMEMCMP(subjectNameHash, single->issuerHash,
682 OCSP_DIGEST_SIZE) == 0 &&
683 XMEMCMP(subjectKeyHash, single->issuerKeyHash,
684 KEYID_SIZE) == 0) {
685 WOLFSSL_MSG("\tOCSP Response signed by issuer");
686 passed = 1;
687 }
688 else if ((extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) != 0) {
689 if (issuerKeyHash != NULL &&
690 XMEMCMP(issuerNameHash, single->issuerHash,
691 OCSP_DIGEST_SIZE) == 0 &&
692 XMEMCMP(issuerKeyHash, single->issuerKeyHash,
693 KEYID_SIZE) == 0) {
694 WOLFSSL_MSG("\tOCSP Response signed by authorized responder "
695 "delegated by issuer");
696 passed = 1;
697 }
698#ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
699 else if (vp != NULL) {
700 passed = CheckOcspResponderChain(single, issuerNameHash,
701 issuerKeyHash, vp, bs->pendingCAs);
702 }
703#endif
704 }
705
706 if (!passed) {
707 WOLFSSL_MSG("\tOCSP Responder not authorized");
708 ret = BAD_OCSP_RESPONDER;
709 break;
710 }
711 }
712 return ret;
713}
714
715
716OcspRequest* wc_OcspRequest_new(void* heap)
717{
718 OcspRequest* request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), heap,
719 DYNAMIC_TYPE_OCSP_REQUEST);
720 if (request != NULL) {
721 XMEMSET(request, 0, sizeof(OcspRequest));
722 request->heap = heap;
723 }
724
725 return request;
726}
727
728void wc_OcspRequest_free(OcspRequest* request)
729{
730 if (request != NULL) {
731 FreeOcspRequest(request);
732 XFREE(request, request->heap, DYNAMIC_TYPE_OCSP_REQUEST);
733 }
734}
735
736OcspResponse* wc_OcspResponse_new(void* heap)
737{
738 OcspResponse* response = (OcspResponse*)XMALLOC(sizeof(OcspResponse),
739 heap,
740 DYNAMIC_TYPE_OCSP_RESPONSE);
741 if (response != NULL) {
742 XMEMSET(response, 0, sizeof(OcspResponse));
743 response->heap = heap;
744 }
745
746 return response;
747}
748
749void wc_OcspResponse_free(OcspResponse* response)
750{
751 if (response != NULL) {
752 FreeOcspResponse(response);
753 XFREE(response, response->heap, DYNAMIC_TYPE_OCSP_RESPONSE);
754 }
755}
756
757/* compatibility layer OCSP functions */
758#ifdef OPENSSL_EXTRA
759int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
760 WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
761 WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
762 WOLFSSL_ASN1_TIME** nextupd)
763{
764 WOLFSSL_OCSP_SINGLERESP* single;
765
766 if (bs == NULL || id == NULL)
767 return WOLFSSL_FAILURE;
768
769 single = bs->single;
770 while (single != NULL) {
771 if (single->status != NULL && id->status != NULL &&
772 (XMEMCMP(single->status->serial, id->status->serial,
773 (size_t)single->status->serialSz) == 0)
774 && (XMEMCMP(single->issuerHash, id->issuerHash, OCSP_DIGEST_SIZE) == 0)
775 && (XMEMCMP(single->issuerKeyHash, id->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) {
776 break;
777 }
778 single = single->next;
779 }
780
781 if (single == NULL)
782 return WOLFSSL_FAILURE;
783
784 if (status != NULL)
785 *status = single->status->status;
786#ifdef WOLFSSL_OCSP_PARSE_STATUS
787 if (thisupd != NULL)
788 *thisupd = &single->status->thisDateParsed;
789 if (nextupd != NULL)
790 *nextupd = &single->status->nextDateParsed;
791#else
792 if (thisupd != NULL)
793 *thisupd = NULL;
794 if (nextupd != NULL)
795 *nextupd = NULL;
796#endif
797
798 /* TODO: Not needed for Nginx or httpd */
799 if (reason != NULL)
800 *reason = 0;
801 if (revtime != NULL)
802 *revtime = NULL;
803
804 return WOLFSSL_SUCCESS;
805}
806
807const char *wolfSSL_OCSP_cert_status_str(long s)
808{
809 switch (s) {
810 case CERT_GOOD:
811 return "good";
812 case CERT_REVOKED:
813 return "revoked";
814 case CERT_UNKNOWN:
815 return "unknown";
816 default:
817 return "(UNKNOWN)";
818 }
819}
820
821int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
822 WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec)
823{
824 (void)thisupd;
825 (void)nextupd;
826 (void)sec;
827 (void)maxsec;
828 /* Dates validated in DecodeSingleResponse. */
829 return WOLFSSL_SUCCESS;
830}
831
832void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId)
833{
834 FreeOcspEntry(certId, NULL);
835 XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
836}
837
838WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
839 const WOLFSSL_EVP_MD *dgst, const WOLFSSL_X509 *subject,
840 const WOLFSSL_X509 *issuer)
841{
842 WOLFSSL_OCSP_CERTID* certId = NULL;
843 CertStatus* certStatus = NULL;
844 WOLFSSL_CERT_MANAGER* cm = NULL;
845 int ret = -1;
846 DerBuffer* derCert = NULL;
847 int dgstType;
848 WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
849
850 if (dgst == NULL) {
851 dgstType = WC_HASH_TYPE_SHA;
852 }
853 else if (wolfSSL_EVP_get_hashinfo(dgst, &dgstType, NULL) !=
854 WOLFSSL_SUCCESS) {
855 return NULL;
856 }
857
858 if (dgstType != OCSP_DIGEST)
859 return NULL;
860
861 cm = wolfSSL_CertManagerNew();
862 if (cm == NULL
863 || subject == NULL || subject->derCert == NULL
864 || issuer == NULL || issuer->derCert == NULL)
865 goto out;
866
867 WC_ALLOC_VAR_EX(cert, DecodedCert, 1, cm->heap, DYNAMIC_TYPE_DCERT,
868 goto out);
869
870 ret = AllocDer(&derCert, issuer->derCert->length,
871 issuer->derCert->type, NULL);
872 if (ret == 0) {
873 /* AddCA() frees the buffer. */
874 XMEMCPY(derCert->buffer, issuer->derCert->buffer,
875 issuer->derCert->length);
876 ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
877 if (ret != WOLFSSL_SUCCESS) {
878 goto out;
879 }
880 derCert = NULL;
881 }
882
883 ret = -1;
884
885 certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID),
886 cm->heap, DYNAMIC_TYPE_OPENSSL);
887 if (certId == NULL)
888 goto out;
889
890 certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), cm->heap,
891 DYNAMIC_TYPE_OPENSSL);
892 if (certStatus == NULL)
893 goto out;
894
895 XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
896 XMEMSET(certStatus, 0, sizeof(CertStatus));
897
898 certId->status = certStatus;
899 certId->ownStatus = 1;
900
901 InitDecodedCert(cert, subject->derCert->buffer,
902 subject->derCert->length, NULL);
903 if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL) != 0) {
904 FreeDecodedCert(cert);
905 goto out;
906 }
907 else {
908 certId->hashAlgoOID = wc_HashGetOID(OCSP_DIGEST);
909 XMEMCPY(certId->issuerHash, cert->issuerHash, OCSP_DIGEST_SIZE);
910 XMEMCPY(certId->issuerKeyHash, cert->issuerKeyHash, OCSP_DIGEST_SIZE);
911 XMEMCPY(certId->status->serial, cert->serial, (size_t)cert->serialSz);
912 certId->status->serialSz = cert->serialSz;
913 FreeDecodedCert(cert);
914 }
915
916 ret = 0;
917
918out:
919
920 if (ret != 0) {
921 if (derCert != NULL)
922 FreeDer(&derCert);
923 if (cm != NULL) {
924 XFREE(certId, cm->heap, DYNAMIC_TYPE_OPENSSL);
925 certId = NULL;
926 XFREE(certStatus, cm->heap, DYNAMIC_TYPE_OPENSSL);
927 }
928 }
929
930#ifdef WOLFSSL_SMALL_STACK
931 if (cm != NULL)
932 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
933#endif
934
935 if (cm != NULL)
936 wolfSSL_CertManagerFree(cm);
937
938 return certId;
939}
940
941void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse)
942{
943 wolfSSL_OCSP_RESPONSE_free(basicResponse);
944}
945
946/* Calculate ancode CertID DER encoding following RFC 6960:
947 CertID ::= SEQUENCE {
948 hashAlgorithm AlgorithmIdentifier,
949 issuerNameHash OCTET STRING,
950 issuerKeyHash OCTET STRING,
951 serialNumber CertificateSerialNumber }
952*/
953static int OcspEncodeCertID(WOLFSSL_OCSP_CERTID* id, byte* output,
954 word32* totalSz, word32* intSize)
955{
956 word32 idx = 0;
957 int ret;
958
959 if (id == NULL || totalSz == NULL || intSize == NULL ||
960 (output != NULL && (*totalSz == 0 || *totalSz <= *intSize)))
961 return BAD_FUNC_ARG;
962
963 if (output != NULL) {
964 ret = SetSequence(*intSize, output);
965 if (ret < 0)
966 return ret;
967 idx += ret;
968 }
969
970 ret = SetAlgoID(id->hashAlgoOID, ((output != NULL) ? output + idx : output),
971 oidHashType, 0);
972 if (ret <= 0)
973 return -1;
974 idx += ret;
975
976 /* issuerNameHash */
977 ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output));
978 if (ret < 0)
979 return ret;
980 idx += ret;
981 if (output != NULL)
982 XMEMCPY(output + idx, id->issuerHash, OCSP_DIGEST_SIZE);
983 idx += OCSP_DIGEST_SIZE;
984
985 /* issuerKeyHash */
986 ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output));
987 if (ret < 0)
988 return ret;
989 idx += ret;
990 if (output != NULL)
991 XMEMCPY(output + idx, id->issuerKeyHash, OCSP_DIGEST_SIZE);
992 idx += OCSP_DIGEST_SIZE;
993
994 /* serialNumber */
995 ret = SetASNInt(id->status->serialSz, id->status->serial[0], ((output != NULL) ? output + idx : output));
996 if (ret < 0)
997 return ret;
998 idx += ret;
999 if (output != NULL)
1000 XMEMCPY(output + idx, id->status->serial, id->status->serialSz);
1001 idx += id->status->serialSz;
1002
1003 if (output == NULL) {
1004 *intSize = idx;
1005 ret = SetSequence(idx, NULL);
1006 if (ret < 0)
1007 return ret;
1008 idx += ret;
1009 *totalSz = idx;
1010 }
1011 else if (idx != *totalSz) {
1012 return BUFFER_E;
1013 }
1014
1015 return 0;
1016}
1017
1018static int OcspRespIdMatches(OcspResponse* resp, const byte* NameHash,
1019 const byte* keyHash)
1020{
1021 if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) {
1022 return XMEMCMP(NameHash, resp->responderId.nameHash,
1023 SIGNER_DIGEST_SIZE) == 0;
1024 }
1025 else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) {
1026 return XMEMCMP(keyHash, resp->responderId.keyHash,
1027 OCSP_RESPONDER_ID_KEY_SZ) == 0;
1028 }
1029
1030 return 0;
1031}
1032
1033static int OcspFindSigner(WOLFSSL_OCSP_BASICRESP *resp,
1034 WOLF_STACK_OF(WOLFSSL_X509) *certs, DecodedCert **signer, int *embedded,
1035 unsigned long flags)
1036{
1037 WOLFSSL_X509 *signer_x509 = NULL;
1038 DecodedCert *certDecoded;
1039 int i;
1040
1041 certDecoded = (DecodedCert *)XMALLOC(sizeof(*certDecoded), resp->heap,
1042 DYNAMIC_TYPE_DCERT);
1043 if (certDecoded == NULL)
1044 return MEMORY_E;
1045
1046 for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) {
1047 signer_x509 = wolfSSL_sk_X509_value(certs, i);
1048 if (signer_x509 == NULL)
1049 continue;
1050
1051 InitDecodedCert(certDecoded, signer_x509->derCert->buffer,
1052 signer_x509->derCert->length, resp->heap);
1053 if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY,
1054 NULL, NULL) == 0) {
1055 if (OcspRespIdMatches(resp, certDecoded->subjectHash,
1056 certDecoded->subjectKeyHash)) {
1057 *signer = certDecoded;
1058 *embedded = 0;
1059 return 0;
1060 }
1061 }
1062 FreeDecodedCert(certDecoded);
1063 }
1064
1065 if (flags & WOLFSSL_OCSP_NOINTERN) {
1066 XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT);
1067 return ASN_NO_SIGNER_E;
1068 }
1069
1070 /* not found in certs, search the cert embedded in the response */
1071 InitDecodedCert(certDecoded, resp->cert, resp->certSz, resp->heap);
1072 if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
1073 if (OcspRespIdMatches(resp, certDecoded->subjectHash,
1074 certDecoded->subjectKeyHash)) {
1075 *signer = certDecoded;
1076 *embedded = 1;
1077 return 0;
1078 }
1079 }
1080 FreeDecodedCert(certDecoded);
1081
1082 XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT);
1083 return ASN_NO_SIGNER_E;
1084}
1085
1086static int OcspVerifySigner(WOLFSSL_OCSP_BASICRESP *resp, DecodedCert *cert,
1087 WOLFSSL_X509_STORE *st, unsigned long flags)
1088{
1089 WC_DECLARE_VAR(c, DecodedCert, 1, 0);
1090
1091 int ret = -1;
1092 if (st == NULL)
1093 return ASN_OCSP_CONFIRM_E;
1094
1095 WC_ALLOC_VAR_EX(c, DecodedCert, 1, NULL, DYNAMIC_TYPE_DCERT,
1096 return MEMORY_E);
1097
1098 InitDecodedCert(c, cert->source, cert->maxIdx, NULL);
1099 if (ParseCertRelative(c, CERT_TYPE, VERIFY, st->cm, NULL) != 0) {
1100 ret = ASN_OCSP_CONFIRM_E;
1101 goto err;
1102 }
1103#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
1104 if ((flags & WOLFSSL_OCSP_NOCHECKS) == 0) {
1105 ret = CheckOcspResponder(resp, c->subjectHash, c->subjectKeyHash,
1106 c->extExtKeyUsage, c->issuerHash,
1107 (c->ca != NULL) ? c->ca->subjectKeyHash : NULL,
1108 st->cm);
1109 }
1110 else {
1111 ret = 0;
1112 }
1113#else
1114 (void)resp;
1115 (void)flags;
1116 ret = 0;
1117#endif
1118
1119err:
1120 FreeDecodedCert(c);
1121 WC_FREE_VAR_EX(c, NULL, DYNAMIC_TYPE_DCERT);
1122 return ret;
1123}
1124/* Signature verified in DecodeBasicOcspResponse.
1125 * But no store available to verify certificate. */
1126int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP* bs,
1127 WOLF_STACK_OF(WOLFSSL_X509) * certs, WOLFSSL_X509_STORE* st,
1128 unsigned long flags)
1129{
1130 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
1131 int embedded;
1132 DecodedCert *cert = NULL;
1133
1134 if (bs == NULL)
1135 return WOLFSSL_FAILURE;
1136
1137 ret = OcspFindSigner(bs, certs, &cert, &embedded, flags);
1138 if (ret != 0) {
1139 WOLFSSL_MSG("OCSP no signer found");
1140 return WOLFSSL_FAILURE;
1141 }
1142
1143 /* skip certificate verification if cert in certs and TRUST_OTHER is true */
1144 if (!embedded && (flags & WOLFSSL_OCSP_TRUSTOTHER) != 0)
1145 flags |= WOLFSSL_OCSP_NOVERIFY;
1146
1147 /* verify response signature */
1148 ret = ConfirmSignature(
1149 &cert->sigCtx,
1150 bs->response, bs->responseSz,
1151 cert->publicKey, cert->pubKeySize, cert->keyOID,
1152 bs->sig, bs->sigSz, bs->sigOID, bs->sigParams, bs->sigParamsSz,
1153 NULL);
1154
1155 if (ret != 0) {
1156 WOLFSSL_MSG("OCSP signature verification failed");
1157 ret = -1;
1158 goto err;
1159 }
1160
1161 if ((flags & WOLFSSL_OCSP_NOVERIFY) == 0) {
1162 ret = OcspVerifySigner(bs, cert, st, flags);
1163 }
1164
1165err:
1166 FreeDecodedCert(cert);
1167 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
1168 return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
1169}
1170
1171void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response)
1172{
1173 OcspEntry *s, *sNext;
1174 if (response == NULL)
1175 return;
1176
1177
1178 s = response->single;
1179 while (s != NULL) {
1180 sNext = s->next;
1181 FreeOcspEntry(s, NULL);
1182 XFREE(s, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
1183 s = sNext;
1184 }
1185
1186 XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1187
1188 XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
1189}
1190
1191#ifndef NO_BIO
1192OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
1193 OcspResponse** response)
1194{
1195 byte* data;
1196 byte* p;
1197 int len;
1198 int dataAlloced = 0;
1199 OcspResponse* ret = NULL;
1200
1201 if (bio == NULL)
1202 return NULL;
1203
1204 if (bio->type == WOLFSSL_BIO_MEMORY) {
1205 len = wolfSSL_BIO_get_mem_data(bio, &data);
1206 if (len <= 0 || data == NULL) {
1207 return NULL;
1208 }
1209 }
1210#ifndef NO_FILESYSTEM
1211 else if (bio->type == WOLFSSL_BIO_FILE) {
1212 long fcur;
1213 long flen;
1214
1215 if (bio->ptr.fh == NULL)
1216 return NULL;
1217
1218 fcur = XFTELL(bio->ptr.fh);
1219 if (fcur < 0)
1220 return NULL;
1221 if(XFSEEK(bio->ptr.fh, 0, SEEK_END) != 0)
1222 return NULL;
1223 flen = XFTELL(bio->ptr.fh);
1224 if (flen < 0)
1225 return NULL;
1226 if (XFSEEK(bio->ptr.fh, fcur, SEEK_SET) != 0)
1227 return NULL;
1228
1229 /* check calculated length */
1230 fcur = flen - fcur;
1231 if (fcur > MAX_WOLFSSL_FILE_SIZE || fcur <= 0)
1232 return NULL;
1233
1234 data = (byte*)XMALLOC((size_t)fcur, 0, DYNAMIC_TYPE_TMP_BUFFER);
1235 if (data == NULL)
1236 return NULL;
1237 dataAlloced = 1;
1238
1239 len = wolfSSL_BIO_read(bio, (char *)data, (int)flen);
1240 }
1241#endif
1242 else
1243 return NULL;
1244
1245 if (len > 0) {
1246 p = data;
1247 ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p,
1248 len);
1249 }
1250
1251 if (dataAlloced)
1252 XFREE(data, 0, DYNAMIC_TYPE_TMP_BUFFER);
1253
1254 return ret;
1255}
1256#endif /* !NO_BIO */
1257
1258OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
1259 const unsigned char** data, int len)
1260{
1261 OcspResponse *resp = NULL;
1262 word32 idx = 0;
1263 int length = 0;
1264 int ret;
1265
1266 if (data == NULL)
1267 return NULL;
1268
1269 if (response != NULL)
1270 resp = *response;
1271 if (resp == NULL) {
1272 resp = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
1273 DYNAMIC_TYPE_OCSP_REQUEST);
1274 if (resp == NULL)
1275 return NULL;
1276 XMEMSET(resp, 0, sizeof(OcspResponse));
1277 }
1278
1279 resp->source = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1280 if (resp->source == NULL) {
1281 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
1282 return NULL;
1283 }
1284 resp->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
1285 DYNAMIC_TYPE_OCSP_ENTRY);
1286 if (resp->single == NULL) {
1287 XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1288 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
1289 return NULL;
1290 }
1291 XMEMSET(resp->single, 0, sizeof(OcspEntry));
1292 resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
1293 DYNAMIC_TYPE_OCSP_STATUS);
1294 resp->single->ownStatus = 1;
1295 if (resp->single->status == NULL) {
1296 XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1297 XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
1298 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
1299 return NULL;
1300 }
1301 XMEMSET(resp->single->status, 0, sizeof(CertStatus));
1302
1303 XMEMCPY(resp->source, *data, (size_t)len);
1304 resp->maxIdx = (word32)len;
1305
1306 ret = OcspResponseDecode(resp, NULL, NULL, 1, 1);
1307 if (ret != 0 && ret != WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E)) {
1308 /* for just converting from a DER to an internal structure the CA may
1309 * not yet be known to this function for signature verification */
1310 wolfSSL_OCSP_RESPONSE_free(resp);
1311 return NULL;
1312 }
1313
1314 if (GetSequence(*data, &idx, &length, (word32)len) >= 0)
1315 (*data) += idx + length;
1316
1317 if (response != NULL && *response == NULL)
1318 *response = resp;
1319
1320 return resp;
1321}
1322
1323int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
1324 unsigned char** data)
1325{
1326 if (response == NULL)
1327 return BAD_FUNC_ARG;
1328
1329 if (response->source == NULL)
1330 return BAD_FUNC_ARG;
1331
1332 if (data == NULL)
1333 return (int)response->maxIdx;
1334
1335 if (*data == NULL) {
1336 *data = (unsigned char*)XMALLOC(response->maxIdx, NULL,
1337 DYNAMIC_TYPE_OPENSSL);
1338 if (*data == NULL)
1339 return -1;
1340 XMEMCPY(*data, response->source, response->maxIdx);
1341 }
1342 else {
1343 XMEMCPY(*data, response->source, response->maxIdx);
1344 *data += response->maxIdx;
1345 }
1346
1347 return (int)response->maxIdx;
1348}
1349
1350int wolfSSL_OCSP_response_status(OcspResponse *response)
1351{
1352 if (response == NULL)
1353 return -1;
1354 return response->responseStatus;
1355}
1356
1357const char *wolfSSL_OCSP_response_status_str(long s)
1358{
1359 switch (s) {
1360 case OCSP_SUCCESSFUL:
1361 return "successful";
1362 case OCSP_MALFORMED_REQUEST:
1363 return "malformedrequest";
1364 case OCSP_INTERNAL_ERROR:
1365 return "internalerror";
1366 case OCSP_TRY_LATER:
1367 return "trylater";
1368 case OCSP_SIG_REQUIRED:
1369 return "sigrequired";
1370 case OCSP_UNAUTHORIZED:
1371 return "unauthorized";
1372 default:
1373 return "(UNKNOWN)";
1374 }
1375}
1376
1377WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
1378{
1379 WOLFSSL_OCSP_BASICRESP* bs;
1380 const unsigned char *ptr;
1381
1382 if (response == NULL || response->source == NULL)
1383 return NULL;
1384
1385 ptr = response->source;
1386 bs = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, response->maxIdx);
1387 return bs;
1388}
1389
1390OcspRequest* wolfSSL_OCSP_REQUEST_new(void)
1391{
1392 OcspRequest* request;
1393
1394 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
1395 DYNAMIC_TYPE_OPENSSL);
1396 if (request != NULL)
1397 XMEMSET(request, 0, sizeof(OcspRequest));
1398
1399 return request;
1400}
1401
1402void wolfSSL_OCSP_REQUEST_free(OcspRequest* request)
1403{
1404 FreeOcspRequest(request);
1405 XFREE(request, NULL, DYNAMIC_TYPE_OPENSSL);
1406}
1407
1408int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
1409{
1410 int size;
1411
1412 if (request == NULL)
1413 return BAD_FUNC_ARG;
1414
1415 size = EncodeOcspRequest(request, NULL, 0);
1416 if (size <= 0 || data == NULL)
1417 return size;
1418
1419 size = EncodeOcspRequest(request, *data, (word32) size);
1420 if (size > 0)
1421 *data += size;
1422
1423 return size;
1424}
1425
1426WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
1427 WOLFSSL_OCSP_CERTID *cid)
1428{
1429 if (req == NULL || cid == NULL || cid->status == NULL)
1430 return NULL;
1431
1432 if (req->cid != NULL)
1433 wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid);
1434 /* Keep to free */
1435 req->cid = (void*)cid;
1436
1437 XMEMCPY(req->issuerHash, cid->issuerHash, WC_MAX_DIGEST_SIZE);
1438 XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, WC_MAX_DIGEST_SIZE);
1439 req->hashAlg = (int)cid->hashAlgoOID;
1440 if (cid->status->serialSz > req->serialSz) {
1441 XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
1442 req->serial = (byte*)XMALLOC((size_t)cid->status->serialSz,
1443 req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
1444 if (req->serial == NULL)
1445 return NULL;
1446 }
1447 XMEMCPY(req->serial, cid->status->serial, (size_t)cid->status->serialSz);
1448 req->serialSz = cid->status->serialSz;
1449
1450 return req;
1451}
1452
1453WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id)
1454{
1455 WOLFSSL_OCSP_CERTID* certId;
1456
1457 if (id == NULL)
1458 return NULL;
1459
1460 certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID),
1461 NULL, DYNAMIC_TYPE_OPENSSL);
1462 if (certId == NULL)
1463 return NULL;
1464
1465 XMEMCPY(certId, id, sizeof(WOLFSSL_OCSP_CERTID));
1466 certId->next = NULL;
1467 certId->rawCertId = NULL;
1468 certId->rawCertIdSize = 0;
1469
1470 /* Deep-copy the status to avoid double-free */
1471 if (id->status != NULL) {
1472 certId->status = (CertStatus*)XMALLOC(sizeof(CertStatus),
1473 NULL, DYNAMIC_TYPE_OCSP_STATUS);
1474 if (certId->status == NULL) {
1475 XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
1476 return NULL;
1477 }
1478 XMEMCPY(certId->status, id->status, sizeof(CertStatus));
1479 certId->status->next = NULL;
1480 /* Don't share dynamically allocated fields */
1481 certId->status->rawOcspResponse = NULL;
1482 certId->status->rawOcspResponseSz = 0;
1483 certId->status->serialInt = NULL;
1484#ifdef WOLFSSL_OCSP_PARSE_STATUS
1485 certId->status->thisDateAsn = NULL;
1486 certId->status->nextDateAsn = NULL;
1487#endif
1488 }
1489 certId->ownStatus = 1;
1490
1491 return certId;
1492}
1493
1494#ifndef NO_BIO
1495int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
1496 WOLFSSL_OCSP_REQUEST *req)
1497{
1498 int size = -1;
1499 unsigned char* data = NULL;
1500
1501 WOLFSSL_ENTER("wolfSSL_i2d_OCSP_REQUEST_bio");
1502 if (out == NULL || req == NULL)
1503 return WOLFSSL_FAILURE;
1504
1505 size = wolfSSL_i2d_OCSP_REQUEST(req, NULL);
1506 if (size > 0) {
1507 data = (unsigned char*) XMALLOC((size_t)size, out->heap,
1508 DYNAMIC_TYPE_TMP_BUFFER);
1509 }
1510
1511 if (data != NULL) {
1512 unsigned char* dataOrig = data;
1513 size = wolfSSL_i2d_OCSP_REQUEST(req, &data);
1514 data = dataOrig;
1515 }
1516
1517 if (size <= 0) {
1518 XFREE(data, out->heap, DYNAMIC_TYPE_TMP_BUFFER);
1519 return WOLFSSL_FAILURE;
1520 }
1521
1522 if (wolfSSL_BIO_write(out, data, size) == (int)size) {
1523 XFREE(data, out->heap, DYNAMIC_TYPE_TMP_BUFFER);
1524 return WOLFSSL_SUCCESS;
1525 }
1526
1527 XFREE(data, out->heap, DYNAMIC_TYPE_TMP_BUFFER);
1528 return WOLFSSL_FAILURE;
1529}
1530#endif /* !NO_BIO */
1531
1532int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data)
1533{
1534 int allocated = 0;
1535 word32 derSz = 0;
1536 word32 intSz = 0;
1537 int ret;
1538 WOLFSSL_ENTER("wolfSSL_i2d_OCSP_CERTID");
1539
1540 if (id == NULL)
1541 return -1;
1542
1543 if (id->rawCertId != NULL) {
1544 derSz = id->rawCertIdSize;
1545 }
1546 else {
1547 ret = OcspEncodeCertID(id, NULL, &derSz, &intSz);
1548 if (ret != 0) {
1549 WOLFSSL_MSG("Failed to calculate CertID size");
1550 return -1;
1551 }
1552 }
1553
1554 if (data == NULL) {
1555 return derSz;
1556 }
1557
1558 if (*data == NULL) {
1559 /* Allocate buffer for DER encoding */
1560 *data = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
1561 if (*data == NULL) {
1562 WOLFSSL_MSG("Failed to allocate memory for CertID DER encoding");
1563 return -1;
1564 }
1565 allocated = 1;
1566 }
1567
1568 if (id->rawCertId != NULL) {
1569 XMEMCPY(*data, id->rawCertId, id->rawCertIdSize);
1570 }
1571 else {
1572 ret = OcspEncodeCertID(id, *data, &derSz, &intSz);
1573 if (ret < 0) {
1574 WOLFSSL_MSG("Failed to encode CertID");
1575 if (allocated) {
1576 XFREE(*data, NULL, DYNAMIC_TYPE_OPENSSL);
1577 *data = NULL;
1578 }
1579 return -1;
1580 }
1581 }
1582
1583 if (!allocated)
1584 *data += derSz;
1585
1586 return derSz;
1587}
1588
1589WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
1590 const unsigned char** derIn,
1591 int length)
1592{
1593 WOLFSSL_OCSP_CERTID *cid = NULL;
1594 int isAllocated = 0;
1595 word32 idx = 0;
1596 int ret;
1597
1598 if (derIn == NULL || *derIn == NULL || length <= 0)
1599 return NULL;
1600
1601 if (cidOut != NULL && *cidOut != NULL) {
1602 cid = *cidOut;
1603 FreeOcspEntry(cid, NULL);
1604 }
1605 else {
1606 cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
1607 DYNAMIC_TYPE_OPENSSL);
1608 if (cid == NULL)
1609 return NULL;
1610 isAllocated = 1;
1611 }
1612
1613 XMEMSET(cid, 0, sizeof(WOLFSSL_OCSP_CERTID));
1614 cid->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
1615 DYNAMIC_TYPE_OCSP_STATUS);
1616 if (cid->status == NULL) {
1617 XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
1618 return NULL;
1619 }
1620 XMEMSET(cid->status, 0, sizeof(CertStatus));
1621 cid->ownStatus = 1;
1622
1623 ret = OcspDecodeCertID(*derIn, &idx, length, cid);
1624 if (ret != 0) {
1625 FreeOcspEntry(cid, NULL);
1626 if (isAllocated) {
1627 XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
1628 }
1629 return NULL;
1630 }
1631
1632 *derIn += idx;
1633
1634 if (isAllocated && cidOut != NULL)
1635 *cidOut = cid;
1636
1637 return cid;
1638}
1639
1640const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
1641 const WOLFSSL_OCSP_SINGLERESP *single)
1642{
1643 return single;
1644}
1645
1646/**
1647 * Compare two WOLFSSL_OCSP_CERTID objects
1648 * @param a
1649 * @param b
1650 * @return 0 on success and when objects have the same id otherwise either
1651 * the id's don't match or an error occurred
1652 */
1653int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b)
1654{
1655 int ret = 0;
1656 if (a == NULL || b == NULL)
1657 return WOLFSSL_FATAL_ERROR;
1658
1659 ret = a->hashAlgoOID != b->hashAlgoOID;
1660 if (ret == 0)
1661 ret = XMEMCMP(a->issuerHash, b->issuerHash, OCSP_DIGEST_SIZE);
1662 if (ret == 0)
1663 ret = XMEMCMP(a->issuerKeyHash, b->issuerKeyHash, OCSP_DIGEST_SIZE);
1664 if (ret == 0) {
1665 if (a->status != NULL && b->status != NULL) {
1666 if (a->status->serialSz == b->status->serialSz)
1667 ret = XMEMCMP(a->status->serial, b->status->serial,
1668 (size_t)a->status->serialSz);
1669 else
1670 ret = -1;
1671 }
1672 else if (a->status != b->status) {
1673 /* If either is not null then return non-zero */
1674 ret = -1;
1675 }
1676 }
1677 return ret;
1678}
1679
1680int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
1681 int *reason,
1682 WOLFSSL_ASN1_TIME **revtime,
1683 WOLFSSL_ASN1_TIME **thisupd,
1684 WOLFSSL_ASN1_TIME **nextupd)
1685{
1686 if (single == NULL || single->status == NULL)
1687 return -1;
1688
1689#ifdef WOLFSSL_OCSP_PARSE_STATUS
1690 if (thisupd != NULL)
1691 *thisupd = &single->status->thisDateParsed;
1692 if (nextupd != NULL)
1693 *nextupd = &single->status->nextDateParsed;
1694#else
1695 if (thisupd != NULL)
1696 *thisupd = NULL;
1697 if (nextupd != NULL)
1698 *nextupd = NULL;
1699#endif
1700 if (reason != NULL)
1701 *reason = 0;
1702 if (revtime != NULL)
1703 *revtime = NULL;
1704
1705 return single->status->status;
1706}
1707
1708int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs)
1709{
1710 WOLFSSL_OCSP_SINGLERESP* single;
1711 int count = 0;
1712
1713 if (bs == NULL)
1714 return WOLFSSL_FAILURE;
1715
1716 single = bs->single;
1717 while(single != NULL)
1718 {
1719 ++count;
1720 single = single->next;
1721 }
1722
1723 return count;
1724}
1725
1726WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx)
1727{
1728 WOLFSSL_OCSP_SINGLERESP* single;
1729 int currIdx = 0;
1730
1731 if (bs == NULL)
1732 return NULL;
1733
1734 single = bs->single;
1735 while(single != NULL && currIdx != idx)
1736 {
1737 single = single->next;
1738 ++currIdx;
1739 }
1740
1741 return single;
1742}
1743
1744#endif /* OPENSSL_EXTRA */
1745
1746#ifdef OPENSSL_ALL
1747
1748/*******************************************************************************
1749 * START OF WOLFSSL_OCSP_REQ_CTX API
1750 ******************************************************************************/
1751
1752enum ocspReqStates {
1753 ORS_INVALID = 0,
1754 ORS_HEADER_ADDED,
1755 ORS_REQ_DONE
1756};
1757
1758enum ocspReqIOStates {
1759 ORIOS_INVALID = 0,
1760 ORIOS_WRITE,
1761 ORIOS_READ
1762};
1763
1764WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, int maxline)
1765{
1766 WOLFSSL_OCSP_REQ_CTX* ret = NULL;
1767
1768 WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_new");
1769
1770 if (maxline <= 0)
1771 maxline = OCSP_MAX_REQUEST_SZ;
1772
1773 ret = (WOLFSSL_OCSP_REQ_CTX*)XMALLOC(sizeof(*ret), NULL,
1774 DYNAMIC_TYPE_OPENSSL);
1775 if (ret != NULL) {
1776 XMEMSET(ret, 0, sizeof(*ret));
1777 ret->buf = (byte*)XMALLOC((word32)maxline, NULL, DYNAMIC_TYPE_OPENSSL);
1778 if (ret->buf == NULL)
1779 goto error;
1780 ret->reqResp = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
1781 ret->bufLen = maxline;
1782 ret->bio = bio;
1783 ret->ioState = ORIOS_WRITE;
1784 }
1785
1786 return ret;
1787error:
1788 wolfSSL_OCSP_REQ_CTX_free(ret);
1789 return NULL;
1790}
1791
1792void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx)
1793{
1794 WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_free");
1795 if (ctx != NULL) {
1796 if (ctx->buf != NULL)
1797 XFREE(ctx->buf, NULL, DYNAMIC_TYPE_OPENSSL);
1798 if (ctx->reqResp != NULL)
1799 wolfSSL_BIO_free(ctx->reqResp);
1800 XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
1801 }
1802}
1803
1804WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
1805 const char *path, OcspRequest *req, int maxline)
1806{
1807 WOLFSSL_OCSP_REQ_CTX* ret = NULL;
1808
1809 WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_new");
1810
1811 ret = wolfSSL_OCSP_REQ_CTX_new(bio, maxline);
1812 if (ret == NULL)
1813 return NULL;
1814
1815 if (wolfSSL_OCSP_REQ_CTX_http(ret, "POST", path) != WOLFSSL_SUCCESS)
1816 goto error;
1817
1818 if (req != NULL &&
1819 wolfSSL_OCSP_REQ_CTX_set1_req(ret, req) != WOLFSSL_SUCCESS)
1820 goto error;
1821
1822 return ret;
1823error:
1824 wolfSSL_OCSP_REQ_CTX_free(ret);
1825 return NULL;
1826}
1827
1828int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
1829 const char *name, const char *value)
1830{
1831 WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_add1_header");
1832
1833 if (ctx == NULL || name == NULL) {
1834 WOLFSSL_MSG("Bad parameter");
1835 return WOLFSSL_FAILURE;
1836 }
1837 if (wolfSSL_BIO_puts(ctx->reqResp, name) <= 0) {
1838 WOLFSSL_MSG("wolfSSL_BIO_puts error");
1839 return WOLFSSL_FAILURE;
1840 }
1841 if (value != NULL) {
1842 if (wolfSSL_BIO_write(ctx->reqResp, ": ", 2) != 2) {
1843 WOLFSSL_MSG("wolfSSL_BIO_write error");
1844 return WOLFSSL_FAILURE;
1845 }
1846 if (wolfSSL_BIO_puts(ctx->reqResp, value) <= 0) {
1847 WOLFSSL_MSG("wolfSSL_BIO_puts error");
1848 return WOLFSSL_FAILURE;
1849 }
1850 }
1851 if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
1852 WOLFSSL_MSG("wolfSSL_BIO_write error");
1853 return WOLFSSL_FAILURE;
1854 }
1855
1856 ctx->state = ORS_HEADER_ADDED;
1857
1858 return WOLFSSL_SUCCESS;
1859}
1860
1861int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx, const char *op,
1862 const char *path)
1863{
1864 static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
1865
1866 WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_http");
1867
1868 if (ctx == NULL || op == NULL) {
1869 WOLFSSL_MSG("Bad parameter");
1870 return WOLFSSL_FAILURE;
1871 }
1872
1873 if (path == NULL)
1874 path = "/";
1875
1876 if (wolfSSL_BIO_printf(ctx->reqResp, http_hdr, op, path) <= 0) {
1877 WOLFSSL_MSG("WOLFSSL_OCSP_REQ_CTX: wolfSSL_BIO_printf error");
1878 return WOLFSSL_FAILURE;
1879 }
1880
1881 ctx->state = ORS_HEADER_ADDED;
1882
1883 return WOLFSSL_SUCCESS;
1884}
1885
1886int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx, OcspRequest *req)
1887{
1888 static const char req_hdr[] =
1889 "Content-Type: application/ocsp-request\r\n"
1890 "Content-Length: %d\r\n\r\n";
1891 /* Should be enough to hold Content-Length */
1892 char req_hdr_buf[sizeof(req_hdr) + 10];
1893 int req_hdr_buf_len;
1894 int req_len = wolfSSL_i2d_OCSP_REQUEST(req, NULL);
1895
1896 WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_set1_req");
1897
1898 if (ctx == NULL || req == NULL) {
1899 WOLFSSL_MSG("Bad parameters");
1900 return WOLFSSL_FAILURE;
1901 }
1902
1903 if (req_len <= 0) {
1904 WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request len error");
1905 return WOLFSSL_FAILURE;
1906 }
1907
1908 req_hdr_buf_len =
1909 XSNPRINTF(req_hdr_buf, sizeof(req_hdr_buf), req_hdr, req_len);
1910 if (req_hdr_buf_len >= (int)sizeof(req_hdr_buf)) {
1911 WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request too long");
1912 return WOLFSSL_FAILURE;
1913 }
1914
1915 if (wolfSSL_BIO_write(ctx->reqResp, req_hdr_buf, req_hdr_buf_len) <= 0) {
1916 WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: wolfSSL_BIO_write error");
1917 return WOLFSSL_FAILURE;
1918 }
1919
1920 if (wolfSSL_i2d_OCSP_REQUEST_bio(ctx->reqResp, req) <= 0) {
1921 WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request i2d error");
1922 return WOLFSSL_FAILURE;
1923 }
1924
1925 ctx->state = ORS_REQ_DONE;
1926
1927 return WOLFSSL_SUCCESS;
1928}
1929
1930static int OCSP_REQ_CTX_bio_cb(char *buf, int sz, void *ctx)
1931{
1932 return BioReceiveInternal((WOLFSSL_BIO*)ctx, NULL, buf, sz);
1933}
1934
1935int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx)
1936{
1937 WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_nbio");
1938
1939 if (ctx == NULL) {
1940 WOLFSSL_MSG("Bad parameters");
1941 return WOLFSSL_FAILURE;
1942 }
1943
1944 switch ((enum ocspReqIOStates)ctx->ioState) {
1945 case ORIOS_WRITE:
1946 case ORIOS_READ:
1947 break;
1948 case ORIOS_INVALID:
1949 default:
1950 WOLFSSL_MSG("Invalid ctx->ioState state");
1951 return WOLFSSL_FAILURE;
1952 }
1953
1954 if (ctx->ioState == ORIOS_WRITE) {
1955 switch ((enum ocspReqStates)ctx->state) {
1956 case ORS_HEADER_ADDED:
1957 /* Write final new line to complete http header */
1958 if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
1959 WOLFSSL_MSG("wolfSSL_BIO_write error");
1960 return WOLFSSL_FAILURE;
1961 }
1962 break;
1963 case ORS_REQ_DONE:
1964 break;
1965 case ORS_INVALID:
1966 default:
1967 WOLFSSL_MSG("Invalid WOLFSSL_OCSP_REQ_CTX state");
1968 return WOLFSSL_FAILURE;
1969 }
1970 }
1971
1972 switch ((enum ocspReqIOStates)ctx->ioState) {
1973 case ORIOS_WRITE:
1974 {
1975 const unsigned char *req;
1976 int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&req);
1977 if (reqLen <= 0) {
1978 WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error");
1979 return WOLFSSL_FAILURE;
1980 }
1981 while (ctx->sent < reqLen) {
1982 int sent = wolfSSL_BIO_write(ctx->bio, req + ctx->sent,
1983 reqLen - ctx->sent);
1984 if (sent <= 0) {
1985 if (wolfSSL_BIO_should_retry(ctx->bio))
1986 return WOLFSSL_FATAL_ERROR;
1987 WOLFSSL_MSG("wolfSSL_BIO_write error");
1988 ctx->ioState = ORIOS_INVALID;
1989 return 0;
1990 }
1991 ctx->sent += sent;
1992 }
1993 ctx->sent = 0;
1994 ctx->ioState = ORIOS_READ;
1995 (void)wolfSSL_BIO_reset(ctx->reqResp);
1996 FALL_THROUGH;
1997 }
1998 case ORIOS_READ:
1999 {
2000 byte* resp = NULL;
2001 int respLen;
2002 int ret;
2003
2004 if (ctx->buf == NULL) /* Should be allocated in new call */
2005 return WOLFSSL_FAILURE;
2006
2007 ret = wolfIO_HttpProcessResponseOcspGenericIO(OCSP_REQ_CTX_bio_cb,
2008 ctx->bio, &resp, ctx->buf, ctx->bufLen, NULL);
2009 if (ret <= 0) {
2010 if (resp != NULL)
2011 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
2012 if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) ||
2013 ret == WC_NO_ERR_TRACE(OCSP_WANT_READ))
2014 {
2015 return WOLFSSL_FATAL_ERROR;
2016 }
2017 return WOLFSSL_FAILURE;
2018 }
2019 respLen = ret;
2020 ret = wolfSSL_BIO_write(ctx->reqResp, resp, respLen);
2021 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
2022 if (ret != respLen) {
2023 WOLFSSL_MSG("wolfSSL_BIO_write error");
2024 return WOLFSSL_FAILURE;
2025 }
2026 break;
2027 }
2028 case ORIOS_INVALID:
2029 default:
2030 WOLFSSL_MSG("Invalid ctx->ioState state");
2031 return WOLFSSL_FAILURE;
2032 }
2033
2034 return WOLFSSL_SUCCESS;
2035}
2036
2037int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx)
2038{
2039 int ret;
2040 int len;
2041 const unsigned char *resp = NULL;
2042
2043 WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_nbio");
2044
2045 if (presp == NULL)
2046 return WOLFSSL_FAILURE;
2047
2048 ret = wolfSSL_OCSP_REQ_CTX_nbio(ctx);
2049 if (ret != WOLFSSL_SUCCESS)
2050 return ret;
2051
2052 len = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&resp);
2053 if (len <= 0)
2054 return WOLFSSL_FAILURE;
2055 return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL
2056 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
2057}
2058
2059/*******************************************************************************
2060 * END OF WOLFSSL_OCSP_REQ_CTX API
2061 ******************************************************************************/
2062
2063#ifndef NO_WOLFSSL_STUB
2064int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext,
2065 int idx)
2066{
2067 WOLFSSL_STUB("wolfSSL_OCSP_REQUEST_add_ext");
2068 (void)req;
2069 (void)ext;
2070 (void)idx;
2071 return WOLFSSL_FATAL_ERROR;
2072}
2073#endif
2074
2075#ifndef NO_WOLFSSL_STUB
2076OcspResponse* wolfSSL_OCSP_response_create(int status,
2077 WOLFSSL_OCSP_BASICRESP* bs)
2078{
2079 WOLFSSL_STUB("wolfSSL_OCSP_response_create");
2080 (void)status;
2081 (void)bs;
2082 return NULL;
2083}
2084#endif
2085
2086#ifndef NO_WOLFSSL_STUB
2087const char* wolfSSL_OCSP_crl_reason_str(long s)
2088{
2089 WOLFSSL_STUB("wolfSSL_OCSP_crl_reason_str");
2090 (void)s;
2091 return NULL;
2092}
2093#endif
2094
2095/* Returns elements of an OCSP_CERTID struct. Currently only supports
2096 * returning the serial number, and returns an error if user requests
2097 * any of name, pmd, and/or keyHash.
2098 * Return 1 on success, 0 on failure */
2099int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
2100 WOLFSSL_ASN1_OBJECT **pmd, WOLFSSL_ASN1_STRING **keyHash,
2101 WOLFSSL_ASN1_INTEGER **serial, WOLFSSL_OCSP_CERTID *cid)
2102{
2103 WOLFSSL_ENTER("wolfSSL_OCSP_id_get0_info");
2104
2105 if (cid == NULL)
2106 return 0;
2107
2108 /* build up ASN1_INTEGER for serial */
2109 if (serial != NULL) {
2110 int i = 0;
2111 WOLFSSL_ASN1_INTEGER* ser;
2112
2113 ser = wolfSSL_ASN1_INTEGER_new();
2114 if (ser == NULL)
2115 return 0;
2116
2117 if (cid->status->serialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) {
2118 /* allocate data buffer, +2 for type and length */
2119 ser->data = (unsigned char*)XMALLOC((size_t)cid->status->serialSz + 2, NULL,
2120 DYNAMIC_TYPE_OPENSSL);
2121 if (ser->data == NULL) {
2122 wolfSSL_ASN1_INTEGER_free(ser);
2123 return 0;
2124 }
2125 ser->dataMax = (unsigned int)cid->status->serialSz + 2;
2126 ser->isDynamic = 1;
2127 } else {
2128 /* Use array instead of dynamic memory */
2129 ser->data = ser->intData;
2130 ser->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
2131 }
2132
2133 #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
2134 /* Serial number starts at 0 index of ser->data */
2135 XMEMCPY(&ser->data[i], cid->status->serial,
2136 (size_t)cid->status->serialSz);
2137 ser->length = cid->status->serialSz;
2138 #else
2139 ser->data[i++] = ASN_INTEGER;
2140 i += SetLength(cid->status->serialSz, ser->data + i);
2141 XMEMCPY(&ser->data[i], cid->status->serial,
2142 (size_t)cid->status->serialSz);
2143 ser->length = i + cid->status->serialSz;
2144 #endif
2145
2146 cid->status->serialInt = ser;
2147 *serial = ser;
2148 }
2149
2150 /* Not needed for Apache, return error if user is requesting */
2151 if (name != NULL || pmd != NULL || keyHash != NULL) {
2152 if (name != NULL)
2153 *name = NULL;
2154
2155 if (pmd != NULL)
2156 *pmd = NULL;
2157
2158 if (keyHash != NULL)
2159 *keyHash = NULL;
2160 return 0;
2161 }
2162
2163 return 1;
2164}
2165
2166int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val,
2167 int sz)
2168{
2169 WC_RNG rng;
2170
2171 WOLFSSL_ENTER("wolfSSL_OCSP_request_add1_nonce");
2172
2173 if (req == NULL || sz > MAX_OCSP_NONCE_SZ) {
2174 WOLFSSL_MSG("Bad parameter");
2175 return WOLFSSL_FAILURE;
2176 }
2177
2178 if (sz <= 0)
2179 sz = MAX_OCSP_NONCE_SZ;
2180
2181 if (val != NULL) {
2182 XMEMCPY(req->nonce, val, (size_t)sz);
2183 }
2184 else {
2185 if (
2186#ifndef HAVE_FIPS
2187 wc_InitRng_ex(&rng, req->heap, INVALID_DEVID)
2188#else
2189 wc_InitRng(&rng)
2190#endif
2191 != 0) {
2192 WOLFSSL_MSG("RNG init failed");
2193 return WOLFSSL_FAILURE;
2194 }
2195 if (wc_RNG_GenerateBlock(&rng, req->nonce, (word32)sz) != 0) {
2196 WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
2197 wc_FreeRng(&rng);
2198 return WOLFSSL_FAILURE;
2199 }
2200 wc_FreeRng(&rng);
2201 }
2202 req->nonceSz = sz;
2203
2204 return WOLFSSL_SUCCESS;
2205}
2206
2207/* Returns result of OCSP nonce comparison. Return values:
2208 * 1 - nonces are both present and equal
2209 * 2 - both nonces are absent
2210 * 3 - nonce only present in response
2211 * -1 - nonce only present in request
2212 * 0 - both nonces present and equal
2213 */
2214int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
2215{
2216 const byte* reqNonce = NULL;
2217 const byte* rspNonce = NULL;
2218 int reqNonceSz = 0;
2219 int rspNonceSz = 0;
2220
2221 WOLFSSL_ENTER("wolfSSL_OCSP_check_nonce");
2222
2223 if (req != NULL) {
2224 reqNonce = req->nonce;
2225 reqNonceSz = req->nonceSz;
2226 }
2227
2228 if (bs != NULL) {
2229 rspNonce = bs->nonce;
2230 rspNonceSz = bs->nonceSz;
2231 }
2232
2233 /* nonce absent in both req and rsp */
2234 if (reqNonce == NULL && rspNonce == NULL)
2235 return 2;
2236
2237 /* nonce present in rsp only */
2238 if (reqNonce == NULL && rspNonce != NULL)
2239 return 3;
2240
2241 /* nonce present in req only */
2242 if (reqNonce != NULL && rspNonce == NULL)
2243 return WOLFSSL_FATAL_ERROR;
2244
2245 /* nonces are present and equal, return 1. Extra NULL check for fixing
2246 scan-build warning. */
2247 if (reqNonceSz == rspNonceSz && reqNonce && rspNonce) {
2248 if (XMEMCMP(reqNonce, rspNonce, (size_t)reqNonceSz) == 0)
2249 return 1;
2250 }
2251
2252 /* nonces are present but not equal */
2253 return 0;
2254}
2255
2256#endif /* OPENSSL_ALL */
2257
2258#ifdef HAVE_OCSP_RESPONDER
2259
2260/* Free a CA entry and all its resources */
2261static void FreeOcspResponderCa(OcspResponderCa* ca, void* heap)
2262{
2263 OcspResponderCertStatus* status;
2264 OcspResponderCertStatus* nextStatus;
2265
2266 if (ca == NULL)
2267 return;
2268
2269 /* Free private key */
2270#ifndef NO_RSA
2271 if (ca->keyType == RSAk) {
2272 wc_FreeRsaKey(&ca->key.rsa);
2273 }
2274#endif
2275#ifdef HAVE_ECC
2276 if (ca->keyType == ECDSAk) {
2277 wc_ecc_free(&ca->key.ecc);
2278 }
2279#endif
2280
2281 /* Free certificate DER if allocated */
2282 if (ca->certDer != NULL) {
2283 XFREE(ca->certDer, heap, DYNAMIC_TYPE_OCSP);
2284 }
2285
2286 /* Free certificate status list */
2287 status = ca->statuses;
2288 while (status != NULL) {
2289 nextStatus = status->next;
2290 XFREE(status, heap, DYNAMIC_TYPE_OCSP);
2291 status = nextStatus;
2292 }
2293
2294 XFREE(ca, heap, DYNAMIC_TYPE_OCSP);
2295}
2296
2297/* Allocate and initialize an OCSP Responder */
2298OcspResponder* wc_OcspResponder_new(void* heap, int sendCerts)
2299{
2300 OcspResponder* responder;
2301
2302 WOLFSSL_ENTER("wc_OcspResponder_new");
2303
2304 responder = (OcspResponder*)XMALLOC(sizeof(OcspResponder), heap,
2305 DYNAMIC_TYPE_OCSP);
2306 if (responder != NULL) {
2307 XMEMSET(responder, 0, sizeof(OcspResponder));
2308 responder->heap = heap;
2309 responder->sendCerts = sendCerts ? 1 : 0;
2310 if (wc_InitRng(&responder->rng) != 0) {
2311 XFREE(responder, heap, DYNAMIC_TYPE_OCSP);
2312 responder = NULL;
2313 }
2314 }
2315 return responder;
2316}
2317
2318/* Free an OCSP Responder */
2319void wc_OcspResponder_free(OcspResponder* responder)
2320{
2321 WOLFSSL_ENTER("wc_OcspResponder_free");
2322 if (responder != NULL) {
2323 OcspResponderCa* ca;
2324 OcspResponderCa* nextCa;
2325 /* Free all CAs */
2326 ca = responder->caList;
2327 while (ca != NULL) {
2328 nextCa = ca->next;
2329 FreeOcspResponderCa(ca, responder->heap);
2330 ca = nextCa;
2331 }
2332 wc_FreeRng(&responder->rng);
2333 XFREE(responder, responder->heap, DYNAMIC_TYPE_OCSP);
2334 }
2335}
2336
2337int wc_OcspResponder_AddSigner(OcspResponder* responder,
2338 const byte* signerDer, word32 signerDerSz,
2339 const byte* keyDer, word32 keyDerSz,
2340 /* Necessary when adding an authorized responder */
2341 const byte* issuerCertDer, word32 issuerCertDerSz)
2342{
2343 int ret = -1;
2344 OcspResponderCa* ca = NULL;
2345 DecodedCert* decoded = NULL;
2346 word32 keyOID = 0;
2347
2348 WOLFSSL_ENTER("wc_OcspResponder_AddSigner");
2349
2350 if (responder == NULL || signerDer == NULL || signerDerSz == 0 ||
2351 keyDer == NULL || keyDerSz == 0 ||
2352 (issuerCertDerSz != 0 && issuerCertDer == NULL))
2353 return BAD_FUNC_ARG;
2354
2355 /* Allocate CA structure */
2356 ca = (OcspResponderCa*)XMALLOC(sizeof(OcspResponderCa), responder->heap,
2357 DYNAMIC_TYPE_OCSP);
2358 if (ca == NULL) {
2359 ret = MEMORY_E;
2360 goto out;
2361 }
2362 XMEMSET(ca, 0, sizeof(OcspResponderCa));
2363
2364 /* Parse certificate */
2365 decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), responder->heap,
2366 DYNAMIC_TYPE_OCSP);
2367 if (decoded == NULL) {
2368 ret = MEMORY_E;
2369 goto out;
2370 }
2371
2372 wc_InitDecodedCert(decoded, signerDer, signerDerSz, responder->heap);
2373 ret = wc_ParseCert(decoded, CERT_TYPE, 0, NULL);
2374 if (ret != 0)
2375 goto out;
2376
2377 ret = wc_CheckPrivateKeyCert(keyDer, keyDerSz, decoded, 1, responder->heap);
2378 if (ret != 1) {
2379 ret = (ret == 0) ? BAD_FUNC_ARG : ret;
2380 goto out;
2381 }
2382 keyOID = decoded->keyOID;
2383
2384 ret = wc_ShaHash(decoded->publicKeyForHash, decoded->pubKeyForHashSize,
2385 ca->responderKeyHash);
2386 if (ret != 0)
2387 goto out;
2388
2389 /* Now place the real issuer into decoded and perform cert can actually
2390 * sign for issuer. */
2391 if (issuerCertDer != NULL && issuerCertDerSz > 0) {
2392 char issuer[WC_ASN_NAME_MAX];
2393
2394 if (signerDerSz == issuerCertDerSz &&
2395 XMEMCMP(signerDer, issuerCertDer, signerDerSz) == 0) {
2396 /* API misuse */
2397 ret = BAD_FUNC_ARG;
2398 goto out;
2399 }
2400 if ((decoded->extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) {
2401 /* Cert is not authorized for OCSP signing */
2402 ret = BAD_FUNC_ARG;
2403 goto out;
2404 }
2405 XMEMCPY(issuer, decoded->issuer, WC_ASN_NAME_MAX);
2406
2407 /* Use allocated DecodedCert */
2408 wc_FreeDecodedCert(decoded);
2409 wc_InitDecodedCert(decoded, issuerCertDer, issuerCertDerSz,
2410 responder->heap);
2411 ret = wc_ParseCert(decoded, CERT_TYPE, 0, NULL);
2412 if (ret != 0)
2413 goto out;
2414
2415 if (XSTRNCMP(issuer, decoded->subject, WC_ASN_NAME_MAX) != 0) {
2416 /* Issuer name in responder cert does not match subject of issuer cert */
2417 ret = BAD_FUNC_ARG;
2418 goto out;
2419 }
2420
2421 ca->authResp = 1;
2422 }
2423
2424 /* Use responder cert's subject and public key for hashes */
2425 if (decoded->subjectRawForHash == NULL ||
2426 decoded->subjectRawForHashLen <= 0) {
2427 ret = BAD_FUNC_ARG;
2428 goto out;
2429 }
2430 ret = AsnHashesHash(&ca->issuerHashes, decoded->subjectRawForHash,
2431 (word32)decoded->subjectRawForHashLen);
2432 if (ret != 0)
2433 goto out;
2434 if (decoded->publicKeyForHash == NULL || decoded->pubKeyForHashSize == 0) {
2435 ret = BAD_FUNC_ARG;
2436 goto out;
2437 }
2438 ret = AsnHashesHash(&ca->issuerKeyHashes, decoded->publicKeyForHash,
2439 decoded->pubKeyForHashSize);
2440 if (ret != 0)
2441 goto out;
2442
2443 /* Extract necessary info from decoded cert */
2444 XMEMCPY(ca->subject, decoded->subject, WC_ASN_NAME_MAX);
2445
2446 /* Store raw certificate DER if sendCerts is enabled */
2447 if (responder->sendCerts) {
2448 ca->certDer = (byte*)XMALLOC(signerDerSz, responder->heap, DYNAMIC_TYPE_OCSP);
2449 if (ca->certDer == NULL) {
2450 ret = MEMORY_E;
2451 goto out;
2452 }
2453 XMEMCPY(ca->certDer, signerDer, signerDerSz);
2454 ca->certDerSz = signerDerSz;
2455 }
2456
2457 /* Load the private key */
2458#ifndef NO_RSA
2459 if (keyOID == RSAk) {
2460 ret = wc_InitRsaKey(&ca->key.rsa, responder->heap);
2461 if (ret == 0) {
2462 word32 idx = 0;
2463 ca->keyType = RSAk;
2464 ret = wc_RsaPrivateKeyDecode(keyDer, &idx, &ca->key.rsa, keyDerSz);
2465 }
2466 if (ret != 0)
2467 goto out;
2468 }
2469 else
2470#endif
2471#ifdef HAVE_ECC
2472 if (keyOID == ECDSAk) {
2473 ret = wc_ecc_init_ex(&ca->key.ecc, responder->heap, INVALID_DEVID);
2474 if (ret == 0) {
2475 word32 idx = 0;
2476 ca->keyType = ECDSAk;
2477 ret = wc_EccPrivateKeyDecode(keyDer, &idx, &ca->key.ecc, keyDerSz);
2478 }
2479 if (ret != 0)
2480 goto out;
2481 }
2482 else
2483#endif
2484 {
2485 ret = NOT_COMPILED_IN;
2486 goto out;
2487 }
2488
2489 /* Check for duplicates before adding */
2490 {
2491 OcspResponderCa* existing = responder->caList;
2492 while (existing != NULL) {
2493 if (XMEMCMP(&existing->issuerHashes, &ca->issuerHashes,
2494 sizeof(AsnHashes)) == 0 &&
2495 XMEMCMP(&existing->issuerKeyHashes, &ca->issuerKeyHashes,
2496 sizeof(AsnHashes)) == 0) {
2497 ret = DUPE_ENTRY_E;
2498 goto out;
2499 }
2500 existing = existing->next;
2501 }
2502 }
2503
2504 /* Add CA to list */
2505 ca->next = responder->caList;
2506 responder->caList = ca;
2507 ca = NULL; /* Ownership transferred */
2508 ret = 0;
2509
2510out:
2511 if (decoded != NULL) {
2512 wc_FreeDecodedCert(decoded);
2513 XFREE(decoded, responder->heap, DYNAMIC_TYPE_OCSP);
2514 }
2515 if (ca != NULL)
2516 FreeOcspResponderCa(ca, responder->heap);
2517 return ret;
2518}
2519
2520/* Find Auth CA by issuer hashes from request */
2521static OcspResponderCa* FindCaByHashes(OcspResponder* responder,
2522 const byte* issuerHash, const byte* issuerKeyHash, int hashAlg)
2523{
2524 OcspResponderCa* ca = responder->caList;
2525
2526 while (ca != NULL) {
2527 int hashSz = 0;
2528 const byte* caIssuerHash = AsnHashesGetHash(&ca->issuerHashes,
2529 hashAlg, &hashSz);
2530 const byte* caKeyHash = AsnHashesGetHash(&ca->issuerKeyHashes,
2531 hashAlg, &hashSz);
2532
2533 if (caIssuerHash != NULL && caKeyHash != NULL && hashSz > 0 &&
2534 XMEMCMP(caIssuerHash, issuerHash, (size_t)hashSz) == 0 &&
2535 XMEMCMP(caKeyHash, issuerKeyHash, (size_t)hashSz) == 0) {
2536 return ca;
2537 }
2538 ca = ca->next;
2539 }
2540
2541 return NULL;
2542}
2543
2544/* Find certificate status in a CA */
2545static OcspResponderCertStatus* FindCertStatus(OcspResponderCa* ca,
2546 const byte* serial, word32 serialSz)
2547{
2548 OcspResponderCertStatus* status = ca->statuses;
2549
2550 while (status != NULL) {
2551 if (status->serialSz == (int)serialSz &&
2552 XMEMCMP(status->serial, serial, serialSz) == 0) {
2553 return status;
2554 }
2555 status = status->next;
2556 }
2557
2558 return NULL;
2559}
2560
2561/* Find Auth CA by subject string */
2562static OcspResponderCa* FindCaBySubject(OcspResponder* responder,
2563 const char* caSubject, word32 caSubjectSz)
2564{
2565 OcspResponderCa* ca = responder->caList;
2566
2567 while (ca != NULL) {
2568 word32 subjectLen = (word32)XSTRLEN(ca->subject);
2569 if (subjectLen == caSubjectSz &&
2570 XMEMCMP(ca->subject, caSubject, caSubjectSz) == 0) {
2571 return ca;
2572 }
2573 ca = ca->next;
2574 }
2575
2576 return NULL;
2577}
2578
2579/* Add a certificate status for a specific CA */
2580int wc_OcspResponder_SetCertStatus(OcspResponder* responder,
2581 const char* caSubject, word32 caSubjectSz,
2582 const byte* serial, word32 serialSz, enum Ocsp_Cert_Status status,
2583 time_t revocationTime, enum WC_CRL_Reason revocationReason,
2584 word32 validityPeriod)
2585{
2586 OcspResponderCa* ca = NULL;
2587 OcspResponderCertStatus* certStatus = NULL;
2588 int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
2589 int isNew = 0;
2590
2591 WOLFSSL_ENTER("wc_OcspResponder_SetCertStatus");
2592
2593 if (responder == NULL || caSubject == NULL || caSubjectSz == 0 ||
2594 serial == NULL || serialSz == 0 || serialSz > EXTERNAL_SERIAL_SIZE)
2595 goto out;
2596
2597 if (status != CERT_GOOD && status != CERT_REVOKED &&
2598 status != CERT_UNKNOWN)
2599 goto out;
2600
2601 /* Validate revocation parameters when status is REVOKED */
2602 if (status == CERT_REVOKED) {
2603 if (revocationTime <= 0)
2604 goto out;
2605 if (revocationReason < WC_CRL_REASON_UNSPECIFIED ||
2606 revocationReason > WC_CRL_REASON_AA_COMPROMISE)
2607 goto out;
2608 /* Skip value 7 which is not used */
2609 if (revocationReason == 7)
2610 goto out;
2611 }
2612
2613 if (status == CERT_GOOD && validityPeriod == 0)
2614 goto out;
2615 if (status != CERT_GOOD && validityPeriod != 0)
2616 goto out;
2617
2618 /* Find the CA */
2619 ca = FindCaBySubject(responder, caSubject, caSubjectSz);
2620 if (ca == NULL) {
2621 ret = ASN_NO_SIGNER_E;
2622 goto out;
2623 }
2624
2625 /* Check if status already exists for this serial */
2626 certStatus = FindCertStatus(ca, serial, serialSz);
2627 if (certStatus == NULL) {
2628 /* Allocate new status entry */
2629 certStatus = (OcspResponderCertStatus*)XMALLOC(
2630 sizeof(OcspResponderCertStatus), responder->heap, DYNAMIC_TYPE_OCSP);
2631 if (certStatus == NULL) {
2632 ret = MEMORY_E;
2633 goto out;
2634 }
2635 XMEMSET(certStatus, 0, sizeof(OcspResponderCertStatus));
2636 XMEMCPY(certStatus->serial, serial, serialSz);
2637 certStatus->serialSz = serialSz;
2638 isNew = 1;
2639 }
2640
2641 certStatus->status = status;
2642 certStatus->validityPeriod = 0;
2643 if (status == CERT_REVOKED) {
2644 ret = GetFormattedTime_ex(&revocationTime, certStatus->revocationDate,
2645 sizeof(certStatus->revocationDate), ASN_GENERALIZED_TIME);
2646 if (ret <= 0) {
2647 WOLFSSL_MSG("Failed to format revocation time");
2648 goto out;
2649 }
2650 certStatus->revocationDateSz = (word32)ret;
2651 certStatus->revocationReason = revocationReason;
2652 }
2653 else if (status == CERT_GOOD) {
2654 certStatus->validityPeriod = validityPeriod;
2655 }
2656
2657 if (isNew) {
2658 /* Add to CA's status list */
2659 certStatus->next = ca->statuses;
2660 ca->statuses = certStatus;
2661 certStatus = NULL; /* Ownership transferred */
2662 }
2663 ret = 0;
2664
2665out:
2666 if (isNew && certStatus != NULL)
2667 XFREE(certStatus, responder->heap, DYNAMIC_TYPE_OCSP);
2668
2669 return ret;
2670}
2671
2672static int OcspResponse_WriteResponse(OcspResponder* responder, byte* response,
2673 word32* responseSz, OcspResponderCa* ca,
2674 OcspResponderCertStatus* certStatus, OcspRequest* req)
2675{
2676 OcspResponse resp;
2677 CertStatus status;
2678 OcspEntry entry;
2679 int ret = 0;
2680 time_t now;
2681 RsaKey* rsaKey = NULL;
2682 ecc_key* eccKey = NULL;
2683 int respInited = 0;
2684 int hashSz = 0;
2685 const byte* caIssuerHash = NULL;
2686 const byte* caKeyHash = NULL;
2687 int hashAlg = -1;
2688
2689 WOLFSSL_ASSERT_SIZEOF_EQ(resp.responderId.keyHash, ca->responderKeyHash);
2690
2691 WOLFSSL_ENTER("OcspResponse_WriteResponse");
2692
2693 if (responseSz == NULL || ca == NULL || certStatus == NULL ||
2694 certStatus->serialSz > EXTERNAL_SERIAL_SIZE) {
2695 ret = BAD_FUNC_ARG;
2696 goto out;
2697 }
2698
2699 InitOcspResponse(&resp, &entry, &status, NULL, 0, responder->heap);
2700 respInited = 1;
2701
2702 resp.responseStatus = OCSP_SUCCESSFUL;
2703
2704 status.status = certStatus->status;
2705
2706 XMEMCPY(status.serial, certStatus->serial, certStatus->serialSz);
2707 status.serialSz = (byte)certStatus->serialSz;
2708
2709 /* Copy revocation information if status is REVOKED */
2710 if (certStatus->status == CERT_REVOKED) {
2711 XMEMCPY(status.revocationDate, certStatus->revocationDate,
2712 certStatus->revocationDateSz);
2713 status.revocationDateSz = certStatus->revocationDateSz;
2714 status.revocationReason = (byte)certStatus->revocationReason;
2715 }
2716
2717 now = wc_Time(NULL);
2718 ret = GetFormattedTime_ex(&now, status.thisDate, sizeof(status.thisDate),
2719 ASN_GENERALIZED_TIME);
2720 if (ret <= 0) {
2721 WOLFSSL_MSG("Failed to format thisUpdate time");
2722 goto out;
2723 }
2724 XMEMCPY(resp.producedDate, status.thisDate, ret);
2725 resp.producedDateSz = status.thisDateSz = (byte)(ret);
2726 resp.producedDateFormat = status.thisDateFormat = ASN_GENERALIZED_TIME;
2727
2728 /* Set nextUpdate if validity period is specified (for CERT_GOOD) */
2729 if (certStatus->status == CERT_GOOD && certStatus->validityPeriod > 0) {
2730 time_t nextTime = now + (time_t)certStatus->validityPeriod;
2731 ret = GetFormattedTime_ex(&nextTime, status.nextDate,
2732 sizeof(status.nextDate), ASN_GENERALIZED_TIME);
2733 if (ret <= 0) {
2734 WOLFSSL_MSG("Failed to format nextUpdate time");
2735 goto out;
2736 }
2737 status.nextDateSz = (byte)ret;
2738 status.nextDateFormat = ASN_GENERALIZED_TIME;
2739 }
2740
2741 /* Set certificate if sendCerts is enabled */
2742 if (responder->sendCerts && ca->certDer != NULL) {
2743 resp.cert = ca->certDer;
2744 resp.certSz = ca->certDerSz;
2745 }
2746
2747 /* Copy nonce from request to response if present */
2748 if (req != NULL && req->nonceSz > 0) {
2749 resp.nonce = req->nonce;
2750 resp.nonceSz = req->nonceSz;
2751 }
2752
2753 /* Echo the hash algorithm from the request */
2754 if (req == NULL) {
2755 hashAlg = SHAh; /* Fall back to SHA-1 as its required for OCSP */
2756 }
2757 else {
2758 hashAlg = req->hashAlg;
2759 }
2760 caIssuerHash = AsnHashesGetHash(&ca->issuerHashes, hashAlg, &hashSz);
2761 caKeyHash = AsnHashesGetHash(&ca->issuerKeyHashes, hashAlg, &hashSz);
2762 if (caIssuerHash == NULL || caKeyHash == NULL || hashSz <= 0) {
2763 ret = ASN_SIG_HASH_E;
2764 goto out;
2765 }
2766 entry.hashAlgoOID = (word32)hashAlg;
2767 XMEMCPY(entry.issuerHash, caIssuerHash, (size_t)hashSz);
2768 XMEMCPY(entry.issuerKeyHash, caKeyHash, (size_t)hashSz);
2769
2770 resp.responderIdType = OCSP_RESPONDER_ID_KEY;
2771 XMEMCPY(resp.responderId.keyHash, ca->responderKeyHash, WC_SHA_DIGEST_SIZE);
2772
2773 /* TODO allow user to set algo */
2774 if (ca->keyType == RSAk) {
2775 rsaKey = &ca->key.rsa;
2776 resp.sigOID = CTC_SHA256wRSA;
2777 }
2778 else if (ca->keyType == ECDSAk) {
2779 eccKey = &ca->key.ecc;
2780 resp.sigOID = CTC_SHA256wECDSA;
2781 }
2782 else {
2783 ret = NOT_COMPILED_IN;
2784 goto out;
2785 }
2786
2787 ret = OcspResponseEncode(&resp, response, responseSz, rsaKey, eccKey,
2788 &responder->rng);
2789 if (ret != 0) {
2790 WOLFSSL_MSG("Failed to encode OCSP response");
2791 goto out;
2792 }
2793
2794 ret = 0;
2795out:
2796 if (respInited)
2797 FreeOcspResponse(&resp);
2798 return ret;
2799}
2800
2801/* Generate OCSP response for a request */
2802int wc_OcspResponder_WriteResponse(OcspResponder* responder,
2803 const byte* request, word32 requestSz,
2804 byte* response, word32* responseSz)
2805{
2806 int ret = 0;
2807 OcspRequest req;
2808 OcspResponderCa* ca = NULL;
2809 OcspResponderCertStatus* certStatus = NULL;
2810 int reqInited = 0;
2811
2812 WOLFSSL_ENTER("wc_OcspResponder_WriteResponse");
2813
2814 if (responder == NULL || request == NULL || requestSz == 0) {
2815 ret = BAD_FUNC_ARG;
2816 goto out;
2817 }
2818
2819 XMEMSET(&req, 0, sizeof(OcspRequest));
2820
2821 /* Decode the OCSP request */
2822 ret = DecodeOcspRequest(&req, request, requestSz);
2823 if (ret != 0) {
2824 WOLFSSL_MSG("Failed to decode OCSP request");
2825 goto out;
2826 }
2827 reqInited = 1;
2828
2829 /* Find the CA by issuer hashes */
2830 ca = FindCaByHashes(responder, req.issuerHash, req.issuerKeyHash,
2831 req.hashAlg);
2832 if (ca == NULL) {
2833 WOLFSSL_MSG("No matching CA found for request");
2834 ret = ASN_NO_SIGNER_E;
2835 goto out;
2836 }
2837
2838 /* Find the certificate status */
2839 certStatus = FindCertStatus(ca, req.serial, req.serialSz);
2840 if (certStatus == NULL) {
2841 /* RFC 6960: 'unknown' is a per-certificate status inside a successful
2842 * OCSPResponse, not an error response. Generate a successful response
2843 * with CERT_UNKNOWN so clients can distinguish it from UNAUTHORIZED. */
2844 OcspResponderCertStatus unknownStatus;
2845 WOLFSSL_MSG("No status for requested certificate, responding unknown");
2846 if (req.serialSz > EXTERNAL_SERIAL_SIZE) {
2847 ret = BUFFER_E;
2848 goto out;
2849 }
2850 XMEMSET(&unknownStatus, 0, sizeof(unknownStatus));
2851 XMEMCPY(unknownStatus.serial, req.serial, req.serialSz);
2852 unknownStatus.serialSz = req.serialSz;
2853 unknownStatus.status = CERT_UNKNOWN;
2854 ret = OcspResponse_WriteResponse(responder, response, responseSz, ca,
2855 &unknownStatus, &req);
2856 }
2857 else {
2858 WOLFSSL_MSG("Found CA and certificate status");
2859 ret = OcspResponse_WriteResponse(responder, response, responseSz, ca,
2860 certStatus, &req);
2861 }
2862
2863out:
2864 if (reqInited)
2865 FreeOcspRequest(&req);
2866 WOLFSSL_LEAVE("wc_OcspResponder_WriteResponse", ret);
2867 return ret;
2868}
2869
2870int wc_OcspResponder_WriteErrorResponse(enum Ocsp_Response_Status status,
2871 byte* response, word32* responseSz)
2872{
2873 int ret = 0;
2874 OcspResponse resp;
2875 int respInited = 0;
2876
2877 WOLFSSL_ENTER("wc_OcspResponder_WriteErrorResponse");
2878
2879 if (responseSz == NULL) {
2880 ret = BAD_FUNC_ARG;
2881 goto out;
2882 }
2883
2884 /* Validate status - OCSP_SUCCESSFUL is not allowed for error responses */
2885 if (status == OCSP_SUCCESSFUL) {
2886 WOLFSSL_MSG("OCSP_SUCCESSFUL is not a valid error status");
2887 ret = BAD_FUNC_ARG;
2888 goto out;
2889 }
2890
2891 /* Validate that status is a known enumeration value */
2892 if (status != OCSP_MALFORMED_REQUEST &&
2893 status != OCSP_INTERNAL_ERROR &&
2894 status != OCSP_TRY_LATER &&
2895 status != OCSP_SIG_REQUIRED &&
2896 status != OCSP_UNAUTHORIZED) {
2897 WOLFSSL_MSG("Invalid OCSP response status");
2898 ret = BAD_FUNC_ARG;
2899 goto out;
2900 }
2901
2902 /* Initialize a minimal OCSP response structure */
2903 InitOcspResponse(&resp, NULL, NULL, NULL, 0, NULL);
2904 respInited = 1;
2905
2906 /* Set the error status */
2907 resp.responseStatus = (byte)status;
2908
2909 /* Encode the error response (no responseBytes, just status) */
2910 ret = OcspResponseEncode(&resp, response, responseSz, NULL, NULL, NULL);
2911 if (ret != 0) {
2912 WOLFSSL_MSG("Failed to encode OCSP error response");
2913 goto out;
2914 }
2915
2916 ret = 0;
2917out:
2918 if (respInited)
2919 FreeOcspResponse(&resp);
2920 return ret;
2921}
2922
2923#endif /* HAVE_OCSP_RESPONDER */
2924
2925/* Helper functions for testing */
2926int wc_InitOcspRequest(OcspRequest* req, DecodedCert* cert,
2927 byte useNonce, void* heap)
2928{
2929 return InitOcspRequest(req, cert, useNonce, heap);
2930}
2931
2932int wc_EncodeOcspRequest(OcspRequest* req, byte* output,
2933 word32 size)
2934{
2935 return EncodeOcspRequest(req, output, size);
2936}
2937
2938#else /* HAVE_OCSP */
2939
2940
2941#ifdef _MSC_VER
2942 /* 4206 warning for blank file */
2943 #pragma warning(disable: 4206)
2944#endif
2945
2946
2947#endif /* HAVE_OCSP */
2948#endif /* WOLFCRYPT_ONLY */