cjson
fuzzing
inputs
test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9library_config
cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmaketests
inputs
test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expectedjson-patch-tests
.editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.jsonunity
auto
colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.pydocs
ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txtexamples
unity_config.hcurl
.github
scripts
cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yamlworkflows
appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.ymlCMake
CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmakedocs
cmdline-opts
.gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.mdexamples
.checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.cinternals
BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.mdlibcurl
opts
CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.incinclude
curl
Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.hlib
curlx
base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.hvauth
cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.hvquic
curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.hvtls
apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.hm4
.gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4projects
OS400
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.hWindows
tmpl
.gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filtersvms
Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.hscripts
.checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurlsrc
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.htests
certs
.gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prmdata
.gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999http
testenv
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.pylibtest
.gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.hserver
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.ctunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.cunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.cexamples
.env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.luainiparser
example
iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.initest
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.hjinjac
libjinjac
src
CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.htest
.gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinjalibev
Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1luajit
doc
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm
dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.luasrc
host
.gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.cjit
.gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.luawolfssl
.github
workflows
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.ymlIDE
ARDUINO
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.hECLIPSE
Espressif
ESP-IDF
examples
template
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266wolfssl_benchmark
VisualGDB
wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbprojwolfssl_client
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbprojwolfssl_server
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbprojwolfssl_test
VisualGDB
wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbprojGCC-ARM
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ldIAR-EWARM
embOS
SAMV71_XULT
embOS_SAMV71_XULT_user_settings
user_settings.h user_settings_simple_example.h user_settings_verbose_example.hembOS_wolfcrypt_benchmark_SAMV71_XULT
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewpINTIME-RTOS
Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxprojMQX
Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.hMSVS-2019-AZSPHERE
wolfssl_new_azsphere
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.cNETOS
Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.cPlatformIO
examples
wolfssl_benchmark
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspaceROWLEY-CROSSWORKS-ARM
Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzpRenesas
e2studio
RA6M3
README.md README_APRA6M_en.md README_APRA6M_jp.md include.amRX72N
EnvisionKit
Simple
README_EN.md README_JP.mdwolfssl_demo
key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.cSTM32Cube
README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.hWIN
README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxprojWIN-SRTP-KDF-140-3
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojWIN10
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojXCODE
Benchmark
include.amXilinxSDK
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.capple-universal
wolfssl-multiplatform
iotsafe
Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.hmynewt
README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.shcerts
1024
ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pemcrl
extra-crls
ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pemdilithium
bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.amecc
bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnfed25519
ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pemed448
ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pemexternal
DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.amintermediate
ca_false_intermediate
gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conflms
bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.ammldsa
README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.derocsp
imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.derp521
ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pemrpk
client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.derrsapss
ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pemslhdsa
bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pemsm2
ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pemstatickeys
dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pemtest
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7stest-pathlen
assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.shtest-serial0
ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pemxmss
bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.amcmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.indebian
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.indoc
dox_comments
header_files
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.hheader_files-ja
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
examples
async
Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.hconfigs
README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.hechoclient
echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quitlinuxkm
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.cm4
ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4mqx
wolfcrypt_benchmark
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfcrypt_test
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfssl_client
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchscripts
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.shsrc
bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.ctests
api
api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.hwolfcrypt
benchmark
README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.amsrc
port
Espressif
esp_crt_bundle
README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.pyRenesas
README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.carm
armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.ccaam
README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.cdevcrypto
README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.criscv
riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.cwolfssl
openssl
aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.hwolfcrypt
port
Renesas
renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.hcaam
caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.hwrapper
Ada
examples
src
aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adbtests
src
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adbCSharp
wolfSSL-Example-IOCallbacks
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csprojwolfSSL-TLS-ServerThreaded
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csprojrust
wolfssl-wolfcrypt
src
aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rstests
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rszephyr
samples
wolfssl_benchmark
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.confwolfssl_test
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl/src/ssl_certman.c
raw
1/* ssl_certman.c
2 *
3 * Copyright (C) 2006-2026 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
23
24#include <wolfssl/internal.h>
25
26#if !defined(WOLFSSL_SSL_CERTMAN_INCLUDED)
27 #ifndef WOLFSSL_IGNORE_FILE_WARN
28 #warning ssl_certman.c not to be compiled separately from ssl.c
29 #endif
30#else
31
32#ifndef NO_CERTS
33
34/* Pick an available TLS method.
35 *
36 * Used when creating temporary WOLFSSL_CTX.
37 *
38 * @return A TLS method on success.
39 * @return NULL when no TLS method built into wolfSSL.
40 */
41static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
42{
43 (void)heap;
44 #ifndef NO_WOLFSSL_CLIENT
45 #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
46 return wolfSSLv3_client_method_ex(heap);
47 #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
48 return wolfTLSv1_client_method_ex(heap);
49 #elif !defined(NO_OLD_TLS)
50 return wolfTLSv1_1_client_method_ex(heap);
51 #elif !defined(WOLFSSL_NO_TLS12)
52 return wolfTLSv1_2_client_method_ex(heap);
53 #elif defined(WOLFSSL_TLS13)
54 return wolfTLSv1_3_client_method_ex(heap);
55 #else
56 return NULL;
57 #endif
58 #elif !defined(NO_WOLFSSL_SERVER)
59 #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
60 return wolfSSLv3_server_method_ex(heap);
61 #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
62 return wolfTLSv1_server_method_ex(heap);
63 #elif !defined(NO_OLD_TLS)
64 return wolfTLSv1_1_server_method_ex(heap);
65 #elif !defined(WOLFSSL_NO_TLS12)
66 return wolfTLSv1_2_server_method_ex(heap);
67 #elif defined(WOLFSSL_TLS13)
68 return wolfTLSv1_3_server_method_ex(heap);
69 #else
70 return NULL;
71 #endif
72 #else
73 return NULL;
74 #endif
75}
76
77static void DoCertManagerFree(WOLFSSL_CERT_MANAGER* cm);
78
79/* Create a new certificate manager with a heap hint.
80 *
81 * @param [in] heap Heap hint.
82 * @return Certificate manager object on success.
83 * @return NULL on failure.
84 */
85WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
86{
87 int err = 0;
88 WOLFSSL_CERT_MANAGER* cm;
89
90 WOLFSSL_ENTER("wolfSSL_CertManagerNew");
91 if (heap == NULL) {
92 WOLFSSL_MSG("heap param is null");
93 }
94 else {
95 /* Some systems may have heap in unexpected segments. (IRAM vs DRAM) */
96 WOLFSSL_MSG_EX("heap param = %p", heap);
97 }
98 WOLFSSL_MSG_EX("DYNAMIC_TYPE_CERT_MANAGER Allocating = %d bytes",
99 (word32)sizeof(WOLFSSL_CERT_MANAGER));
100
101 /* Allocate memory for certificate manager. */
102 cm = (WOLFSSL_CERT_MANAGER*)XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap,
103 DYNAMIC_TYPE_CERT_MANAGER);
104 if (cm == NULL) {
105 WOLFSSL_MSG_EX("XMALLOC failed to allocate WOLFSSL_CERT_MANAGER %d "
106 "bytes.", (int)sizeof(WOLFSSL_CERT_MANAGER));
107 err = 1;
108 }
109 if (!err) {
110 /* Reset all fields. */
111 XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
112 /* Set heap hint early so cleanup can use it. */
113 cm->heap = heap;
114
115 /* Create a mutex for use when modify table of stored CAs. */
116 if (wc_InitMutex(&cm->caLock) != 0) {
117 WOLFSSL_MSG("Bad mutex init");
118 err = 1;
119 }
120 else {
121 cm->caLockInit = 1;
122 }
123 }
124 if (!err) {
125 /* Initialize reference count. */
126 wolfSSL_RefInit(&cm->ref, &err);
127 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
128 if (err != 0) {
129 WOLFSSL_MSG("Bad reference count init");
130 }
131 else {
132 cm->refInit = 1;
133 }
134 #else
135 cm->refInit = 1;
136 #endif
137 }
138#ifdef WOLFSSL_TRUST_PEER_CERT
139 if (!err) {
140 /* Create a mutex for use when modify table of trusted peers. */
141 if (wc_InitMutex(&cm->tpLock) != 0) {
142 WOLFSSL_MSG("Bad mutex init");
143 err = 1;
144 }
145 else {
146 cm->tpLockInit = 1;
147 }
148 }
149#endif
150 if (!err) {
151 /* Set default minimum key sizes allowed. */
152 #ifndef NO_RSA
153 cm->minRsaKeySz = MIN_RSAKEY_SZ;
154 #endif
155 #ifdef HAVE_ECC
156 cm->minEccKeySz = MIN_ECCKEY_SZ;
157 #endif
158 #ifdef HAVE_FALCON
159 cm->minFalconKeySz = MIN_FALCONKEY_SZ;
160 #endif /* HAVE_FALCON */
161 #ifdef HAVE_DILITHIUM
162 cm->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
163 #endif /* HAVE_DILITHIUM */
164 }
165
166 /* Dispose of certificate manager on error. The reference count may not
167 * have been initialized, so bypass the ref check and free directly. */
168 if (err && (cm != NULL)) {
169 DoCertManagerFree(cm);
170 cm = NULL;
171 }
172 return cm;
173}
174
175/* Create a new certificate manager.
176 *
177 * @return Certificate manager object on success.
178 * @return NULL on failure.
179 */
180WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
181{
182 /* No heap hint. */
183 return wolfSSL_CertManagerNew_ex(NULL);
184}
185
186/* Unconditionally dispose of all resources owned by the certificate manager
187 * and free cm itself, bypassing any reference count check. Only frees the
188 * sub-resources that are marked as initialized in the cm bitfield, so it is
189 * safe to call on a cm that was only partially initialized by
190 * wolfSSL_CertManagerNew_ex.
191 *
192 * @param [in, out] cm Certificate manager (must be non-NULL).
193 */
194static void DoCertManagerFree(WOLFSSL_CERT_MANAGER* cm)
195{
196#ifdef HAVE_CRL
197 /* Dispose of CRL handler. */
198 if (cm->crl != NULL) {
199 /* Dispose of CRL object - indicating dynamically allocated. */
200 FreeCRL(cm->crl, 1);
201 }
202#endif
203
204#ifdef HAVE_OCSP
205 /* Dispose of OCSP handler. */
206 if (cm->ocsp != NULL) {
207 FreeOCSP(cm->ocsp, 1);
208 }
209 /* Dispose of URL. */
210 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
211#if !defined(NO_WOLFSSL_SERVER) && \
212 (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
213 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
214 /* Dispose of OCSP stapling handler. */
215 if (cm->ocsp_stapling) {
216 FreeOCSP(cm->ocsp_stapling, 1);
217 }
218#endif
219#endif /* HAVE_OCSP */
220
221 /* Dispose of CA table and mutex. */
222 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
223 if (cm->caLockInit) {
224 wc_FreeMutex(&cm->caLock);
225 }
226
227#ifdef WOLFSSL_TRUST_PEER_CERT
228 /* Dispose of trusted peer table and mutex. */
229 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
230 if (cm->tpLockInit) {
231 wc_FreeMutex(&cm->tpLock);
232 }
233#endif
234
235 /* Dispose of reference count. */
236 if (cm->refInit) {
237 wolfSSL_RefFree(&cm->ref);
238 }
239 /* Dispose of certificate manager memory. */
240 XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
241}
242
243/* Dispose of certificate manager.
244 *
245 * @param [in, out] cm Certificate manager.
246 */
247void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
248{
249 WOLFSSL_ENTER("wolfSSL_CertManagerFree");
250
251 /* Validate parameter. */
252 if (cm != NULL) {
253 int doFree = 0;
254 int ret;
255
256 /* Decrement reference count and check if value is 0. */
257 wolfSSL_RefDec(&cm->ref, &doFree, &ret);
258 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
259 if (ret != 0) {
260 WOLFSSL_MSG("Couldn't lock cm mutex");
261 }
262 #else
263 (void)ret;
264 #endif
265 if (doFree) {
266 DoCertManagerFree(cm);
267 }
268 }
269}
270
271/* Increase reference count on certificate manager.
272 *
273 * @param [in, out] cm Certificate manager.
274 * @return WOLFSSL_SUCCESS on success.
275 * @return 0 when cm is NULL or locking mutex fails.
276 */
277int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm)
278{
279 int ret = WOLFSSL_SUCCESS;
280
281 /* Validate parameter. */
282 if (cm == NULL) {
283 ret = 0;
284 }
285 if (ret == WOLFSSL_SUCCESS) {
286 int err;
287
288 /* Increment reference. */
289 wolfSSL_RefInc(&cm->ref, &err);
290 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
291 if (err) {
292 WOLFSSL_MSG("Failed to lock cm mutex");
293 ret = 0;
294 }
295 #else
296 (void)err;
297 #endif
298 }
299
300 return ret;
301}
302
303#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
304#if defined(WOLFSSL_SIGNER_DER_CERT)
305static WC_INLINE int wolfssl_cm_get_certs_der(WOLFSSL_CERT_MANAGER* cm,
306 DerBuffer*** buffers, int* cnt)
307{
308 int err = 0;
309 Signer* signers = NULL;
310 DerBuffer** certBuffers = NULL;
311 int i = 0;
312 word32 row = 0;
313 int numCerts = 0;
314
315 /* Iterate once to get the number of certs, for memory allocation
316 * purposes. */
317 for (row = 0; row < CA_TABLE_SIZE; row++) {
318 /* Get signer information of CAs in a row. */
319 signers = cm->caTable[row];
320 /* Count each signer in row that has a DER certificate buffer. */
321 while ((signers != NULL) && (signers->derCert != NULL) &&
322 (signers->derCert->buffer != NULL)) {
323 ++numCerts;
324 signers = signers->next;
325 }
326 }
327 /* Check we found certificates. */
328 if (numCerts == 0) {
329 err = 1;
330 }
331
332 if (!err) {
333 /* Allocate memory for pointers to each DER buffer. */
334 certBuffers = (DerBuffer**)XMALLOC(
335 sizeof(DerBuffer*) * (size_t)numCerts, cm->heap,
336 DYNAMIC_TYPE_TMP_BUFFER);
337 if (certBuffers == NULL) {
338 err = 1;
339 }
340 }
341 if (!err) {
342 /* Reset pointers. */
343 XMEMSET(certBuffers, 0, sizeof(DerBuffer*) * (size_t)numCerts);
344 }
345
346 /* Copy the certs locally so that we can release the caLock. If the lock
347 * is held when wolfSSL_d2i_X509 is called, GetCA will also try to get
348 * the lock, leading to deadlock. */
349 for (row = 0; (!err) && (row < CA_TABLE_SIZE); row++) {
350 /* Get signer information of CAs in a row. */
351 signers = cm->caTable[row];
352 /* Copy each DER certificate buffer of signers in a row. */
353 while ((signers != NULL) && (signers->derCert != NULL) &&
354 (signers->derCert->buffer != NULL)) {
355 /* Allocate memory to hold DER certificate buffer. */
356 int ret = AllocDer(&certBuffers[i], signers->derCert->length,
357 CA_TYPE, cm->heap);
358 if (ret < 0) {
359 err = 1;
360 break;
361 }
362
363 /* Copy buffer into array element. */
364 XMEMCPY(certBuffers[i]->buffer, signers->derCert->buffer,
365 signers->derCert->length);
366 certBuffers[i]->length = signers->derCert->length;
367
368 /* Store in next index. */
369 ++i;
370 /* Move on to next signer in row. */
371 signers = signers->next;
372 }
373 }
374
375 *buffers = certBuffers;
376 *cnt = numCerts;
377 return err;
378}
379
380/* Retrieve stack of X509 certificates in a certificate manager (CM).
381 *
382 * @param [in] cm Certificate manager.
383 *
384 * @return Stack of X509 certs on success
385 * @return NULL on failure.
386 */
387WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
388{
389 WOLFSSL_STACK* sk = NULL;
390 int numCerts = 0;
391 DerBuffer** certBuffers = NULL;
392 int i = 0;
393 int err = 0;
394
395 WOLFSSL_ENTER("wolfSSL_CertManagerGetCerts");
396
397 /* Validate parameter. */
398 if (cm == NULL) {
399 err = 1;
400 }
401 if (!err) {
402 /* Create an empty certificate stack to return. */
403 sk = wolfSSL_sk_X509_new_null();
404 if (sk == NULL) {
405 err = 1;
406 }
407 }
408 /* Lock CA table. */
409 if ((!err) && (wc_LockMutex(&cm->caLock) != 0)) {
410 err = 1;
411 }
412 if (!err) {
413 err = wolfssl_cm_get_certs_der(cm, &certBuffers, &numCerts);
414 /* Release CA lock. */
415 wc_UnLockMutex(&cm->caLock);
416 }
417
418 /* Put each DER certificate buffer into a stack of WOLFSSL_X509 */
419 for (i = 0; (!err) && (i < numCerts); ++i) {
420 const byte* derBuffer = NULL;
421 WOLFSSL_X509* x509 = NULL;
422
423 /* Get pointer to DER encoding of certificate. */
424 derBuffer = certBuffers[i]->buffer;
425 /* Decode certificate. */
426 wolfSSL_d2i_X509(&x509, &derBuffer, (int)certBuffers[i]->length);
427 if (x509 == NULL) {
428 err = 1;
429 }
430
431 /* Decode certificate. */
432 if ((!err) && (wolfSSL_sk_X509_push(sk, x509) <= 0)) {
433 wolfSSL_X509_free(x509);
434 x509 = NULL;
435 err = 1;
436 }
437 }
438
439 if (certBuffers != NULL) {
440 /* Dispose of temporary cert storage (for access outside of lock). */
441 for (i = 0; i < numCerts && certBuffers[i] != NULL; ++i) {
442 FreeDer(&certBuffers[i]);
443 }
444 XFREE(certBuffers, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
445 }
446
447 /* Dispose of stack of certificates on error. */
448 if (err && (sk != NULL)) {
449 wolfSSL_sk_X509_pop_free(sk, NULL);
450 sk = NULL;
451 }
452 return sk;
453}
454
455#endif /* WOLFSSL_SIGNER_DER_CERT */
456#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM */
457
458/* Unload the CA signer table.
459 *
460 * @param [in] cm Certificate manager.
461 * @return WOLFSSL_SUCCESS on success.
462 * @return BAD_FUNC_ARG when cm is NULL.
463 * @return BAD_MUTEX_E when locking fails.
464 */
465int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
466{
467 int ret = WOLFSSL_SUCCESS;
468
469 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadCAs");
470
471 /* Validate parameter. */
472 if (cm == NULL) {
473 ret = BAD_FUNC_ARG;
474 }
475 /* Lock CA table. */
476 if ((ret == WOLFSSL_SUCCESS) && (wc_LockMutex(&cm->caLock) != 0)) {
477 ret = BAD_MUTEX_E;
478 }
479 if (ret == WOLFSSL_SUCCESS) {
480 /* Dispose of CA table. */
481 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
482
483 /* Unlock CA table. */
484 wc_UnLockMutex(&cm->caLock);
485 }
486
487 return ret;
488}
489
490int wolfSSL_CertManagerUnloadTypeCerts(
491 WOLFSSL_CERT_MANAGER* cm, byte type)
492{
493 int ret = WOLFSSL_SUCCESS;
494
495 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTypeCerts");
496
497 /* Validate parameter. */
498 if (cm == NULL) {
499 ret = BAD_FUNC_ARG;
500 }
501 /* Lock CA table. */
502 if ((ret == WOLFSSL_SUCCESS) && (wc_LockMutex(&cm->caLock) != 0)) {
503 ret = BAD_MUTEX_E;
504 }
505 if (ret == WOLFSSL_SUCCESS) {
506 /* Dispose of CA table. */
507 FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, type,
508 cm->heap);
509
510 /* Unlock CA table. */
511 wc_UnLockMutex(&cm->caLock);
512 }
513
514 return ret;
515}
516
517#if defined(OPENSSL_EXTRA)
518static int wolfSSL_CertManagerUnloadTempIntermediateCerts(
519 WOLFSSL_CERT_MANAGER* cm)
520{
521 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts");
522 return wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_TEMP_CA);
523}
524#endif
525
526int wolfSSL_CertManagerUnloadIntermediateCerts(
527 WOLFSSL_CERT_MANAGER* cm)
528{
529 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
530 return wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_CHAIN_CA);
531}
532
533#ifdef WOLFSSL_TRUST_PEER_CERT
534/* Unload the trusted peers table.
535 *
536 * @param [in] cm Certificate manager.
537 * @return WOLFSSL_SUCCESS on success.
538 * @return BAD_FUNC_ARG when cm is NULL.
539 * @return BAD_MUTEX_E when locking fails.
540 */
541int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
542{
543 int ret = WOLFSSL_SUCCESS;
544
545 WOLFSSL_ENTER("wolfSSL_CertManagerUnload_trust_peers");
546
547 /* Validate parameter. */
548 if (cm == NULL) {
549 ret = BAD_FUNC_ARG;
550 }
551 /* Lock trusted peers table. */
552 if ((ret == WOLFSSL_SUCCESS) && (wc_LockMutex(&cm->tpLock) != 0)) {
553 ret = BAD_MUTEX_E;
554 }
555 if (ret == WOLFSSL_SUCCESS) {
556 /* Dispose of trusted peers table. */
557 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
558
559 /* Unlock trusted peers table. */
560 wc_UnLockMutex(&cm->tpLock);
561 }
562
563 return ret;
564}
565#endif /* WOLFSSL_TRUST_PEER_CERT */
566
567/* Load certificate/s from buffer with flags and type.
568 *
569 * @param [in] cm Certificate manager.
570 * @param [in] buff Buffer holding encoding of certificate.
571 * @param [in] sz Length in bytes of data in buffer.
572 * @param [in] format Format of encoding. Valid values:
573 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
574 * @param [in] userChain Indicates buffer holds chain of certificates.
575 * @param [in] flags Flags to modify behaviour of loading. Valid flags:
576 * WOLFSSL_LOAD_FLAG_IGNORE_ERR,
577 * WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY,
578 * WOLFSSL_LOAD_FLAG_PEM_CA_ONLY,
579 * WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR, and
580 * WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE.
581 * @param [in] type The CA cert's type, used in the internal CA
582 table. Defaults to WOLFSSL_USER_CA, passing
583 in WOLFSSL_USER_CA = noop. Recommended to
584 set to WOLFSSL_USER_INTER when loading
585 intermediate certs to allow unloading via
586 wolfSSL_CertManagerUnloadTypeCerts.
587 * @return WOLFSSL_SUCCESS on success.
588 * @return WOLFSSL_FATAL_ERROR when cm is NULL or failed create WOLFSSL_CTX.
589 * @return Other values on loading failure.
590 */
591int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm,
592 const unsigned char* buff, long sz, int format, int userChain,
593 word32 flags, int type)
594{
595 int ret = WOLFSSL_SUCCESS;
596 WOLFSSL_CTX* tmp = NULL;
597 DecodedCert* dCert = NULL;
598 DerBuffer* der = NULL;
599
600 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABufferType");
601
602 /* Validate parameters. */
603 if (cm == NULL) {
604 WOLFSSL_MSG("No CertManager error");
605 ret = WOLFSSL_FATAL_ERROR;
606 }
607 /* Allocate a temporary WOLFSSL_CTX to load with. */
608 if ((ret == WOLFSSL_SUCCESS) && ((tmp =
609 wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
610 WOLFSSL_MSG("CTX new failed");
611 ret = WOLFSSL_FATAL_ERROR;
612 }
613 if (ret == WOLFSSL_SUCCESS) {
614 /* Some configurations like OPENSSL_COMPATIBLE_DEFAULTS may turn off
615 * verification by default. Let's restore our desired defaults. */
616 wolfSSL_CTX_set_verify(tmp, WOLFSSL_VERIFY_DEFAULT, NULL);
617
618 /* Replace certificate manager with one to load certificate/s into. */
619 wolfSSL_CertManagerFree(tmp->cm);
620 tmp->cm = cm;
621
622 /* Load certificate buffer. */
623 ret = wolfSSL_CTX_load_verify_buffer_ex(tmp, buff, sz, format,
624 userChain, flags);
625
626 /* Clear certificate manager in WOLFSSL_CTX so it won't be freed. */
627 tmp->cm = NULL;
628 }
629 if (ret == WOLFSSL_SUCCESS && type != WOLFSSL_USER_CA) {
630 dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
631 DYNAMIC_TYPE_DCERT);
632
633 if (dCert == NULL) {
634 ret = WOLFSSL_FATAL_ERROR;
635 } else {
636 XMEMSET(dCert, 0, sizeof(DecodedCert));
637 if (format == WOLFSSL_FILETYPE_PEM) {
638 #ifndef WOLFSSL_PEM_TO_DER
639 ret = NOT_COMPILED_IN;
640 #else
641 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL);
642 if (!ret) {
643 /* Replace buffer pointer and size with DER buffer. */
644 buff = der->buffer;
645 sz = (long)der->length;
646 ret = WOLFSSL_SUCCESS;
647 } else {
648 WOLFSSL_ERROR(ret);
649 ret = WOLFSSL_FATAL_ERROR;
650 }
651 #endif
652 }
653
654 if (ret == WOLFSSL_SUCCESS) {
655 wc_InitDecodedCert(dCert, buff,
656 (word32)sz, cm->heap);
657 ret = wc_ParseCert(dCert, CERT_TYPE, NO_VERIFY, NULL);
658 if (ret) {
659 ret = WOLFSSL_FATAL_ERROR;
660 } else {
661 ret = SetCAType(cm, dCert->extSubjKeyId, type);
662 }
663 }
664
665 if (dCert) {
666 wc_FreeDecodedCert(dCert);
667 XFREE(dCert, cm->heap, DYNAMIC_TYPE_DCERT);
668 }
669 if (der) {
670 FreeDer(&der);
671 }
672 }
673 }
674
675 /* Dispose of temporary WOLFSSL_CTX. */
676 wolfSSL_CTX_free(tmp);
677 return ret;
678
679}
680
681/* Load certificate/s from buffer with flags.
682 *
683 * @param [in] cm Certificate manager.
684 * @param [in] buff Buffer holding encoding of certificate.
685 * @param [in] sz Length in bytes of data in buffer.
686 * @param [in] format Format of encoding. Valid values:
687 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
688 * @param [in] userChain Indicates buffer holds chain of certificates.
689 * @param [in] flags Flags to modify behaviour of loading. Valid flags:
690 * WOLFSSL_LOAD_FLAG_IGNORE_ERR,
691 * WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY,
692 * WOLFSSL_LOAD_FLAG_PEM_CA_ONLY,
693 * WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR, and
694 * WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE.
695 * @return WOLFSSL_SUCCESS on success.
696 * @return WOLFSSL_FATAL_ERROR when cm is NULL or failed create WOLFSSL_CTX.
697 * @return Other values on loading failure.
698 */
699int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
700 const unsigned char* buff, long sz, int format, int userChain, word32 flags)
701{
702 return wolfSSL_CertManagerLoadCABufferType(cm, buff, sz, format, userChain,
703 flags, WOLFSSL_USER_CA);
704}
705
706/* Load certificate/s from buffer into table.
707 *
708 * Uses default load verification flags and is not a user chain.
709 *
710 * @param [in] cm Certificate manager.
711 * @param [in] buff Buffer holding encoding of certificate.
712 * @param [in] sz Length in bytes of data in buffer.
713 * @param [in] format Format of encoding. Valid values:
714 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
715 * @return WOLFSSL_SUCCESS on success.
716 * @return WOLFSSL_FATAL_ERROR when cm is NULL or failed create WOLFSSL_CTX.
717 * @return Other values on loading failure.
718 */
719int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
720 const unsigned char* buff, long sz, int format)
721{
722 return wolfSSL_CertManagerLoadCABuffer_ex(cm, buff, sz, format, 0,
723 WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
724}
725
726#ifndef NO_WOLFSSL_CM_VERIFY
727/* Set the verification callback into certificate manager.
728 *
729 * @param [in] cm Certificate manager.
730 * @param [in] vc Verification callback.
731 */
732void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
733{
734 WOLFSSL_ENTER("wolfSSL_CertManagerSetVerify");
735 if (cm != NULL) {
736 cm->verifyCallback = vc;
737 }
738}
739#endif /* !NO_WOLFSSL_CM_VERIFY */
740
741#ifdef WC_ASN_UNKNOWN_EXT_CB
742void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
743 wc_UnknownExtCallback cb)
744{
745 WOLFSSL_ENTER("wolfSSL_CertManagerSetUnknownExtCallback");
746 if (cm != NULL) {
747 cm->unknownExtCallback = cb;
748 }
749
750}
751#endif /* WC_ASN_UNKNOWN_EXT_CB */
752
753#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \
754 defined(OPENSSL_EXTRA)
755/* Verify the certificate.
756 *
757 * Uses the verification callback if available.
758 *
759 * @param [in] cm Certificate manager.
760 * @param [in] buff Buffer holding encoded certificate.
761 * @param [in] sz Size in bytes of data in buffer.
762 * @param [in] format Format of encoding. Valid values:
763 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
764 * @param [in] prev_err Previous error. Passed to callback.
765 * @return WOLFSSL_SUCCESS on success.
766 * @return MEMORY_E when dynamic memory allocation fails.
767 * @return NOT_COMPILED_IN when converting from PEM to DER is not a feature of
768 * the wolfSSL build.
769 */
770int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff,
771 long sz, int format, int prev_err)
772{
773 int ret = 0;
774 int fatal = 0;
775 DerBuffer* der = NULL;
776 WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
777
778 WOLFSSL_ENTER("CM_VerifyBuffer_ex");
779
780 (void)prev_err;
781
782 /* Allocate memory for decoded certificate. */
783 WC_ALLOC_VAR_EX(cert, DecodedCert, 1, cm->heap, DYNAMIC_TYPE_DCERT,
784 {
785 ret=MEMORY_E;
786 fatal=1;
787 });
788 if (WC_VAR_OK(cert))
789 {
790 /* Reset fields of decoded certificate. */
791 XMEMSET(cert, 0, sizeof(DecodedCert));
792
793 if (format == WOLFSSL_FILETYPE_PEM) {
794 #ifndef WOLFSSL_PEM_TO_DER
795 ret = NOT_COMPILED_IN;
796 fatal = 1;
797 #else
798 /* Convert to DER from PEM. */
799 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL);
800 if (ret != 0) {
801 fatal = 1;
802 }
803 else {
804 /* Replace buffer pointer and size with DER buffer. */
805 buff = der->buffer;
806 sz = (long)der->length;
807 }
808 #endif
809 }
810 }
811 if (ret == 0) {
812 /* Create a decoded certificate with DER buffer. */
813 InitDecodedCert(cert, buff, (word32)sz, cm->heap);
814
815#ifdef WC_ASN_UNKNOWN_EXT_CB
816 if (cm->unknownExtCallback != NULL)
817 wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
818#endif
819
820 /* Parse DER into decoded certificate fields and verify signature
821 * against a known CA. */
822 ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm, NULL);
823 }
824
825#ifdef HAVE_CRL
826 if ((ret == 0) && cm->crlEnabled) {
827 /* Check for a CRL for the CA and check validity of certificate. */
828 ret = CheckCertCRL(cm->crl, cert);
829 }
830#endif
831
832 (void)fatal;
833
834#if !defined(NO_WOLFSSL_CM_VERIFY) && \
835 (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
836 /* Use callback to perform verification too if available. */
837 if ((!fatal) && cm->verifyCallback) {
838 WC_DECLARE_VAR(args, ProcPeerCertArgs, 1, 0);
839 buffer certBuf;
840
841 #ifdef WOLFSSL_SMALL_STACK
842 /* Allocate memory for object to hold arguments for callback. */
843 args = (ProcPeerCertArgs*)XMALLOC(sizeof(ProcPeerCertArgs), cm->heap,
844 DYNAMIC_TYPE_TMP_BUFFER);
845 if (args == NULL) {
846 ret = MEMORY_E;
847 fatal = 1;
848 }
849 if (!fatal)
850 #endif
851 {
852 XMEMSET(args, 0, sizeof(ProcPeerCertArgs));
853
854 /* DER encoding. */
855 certBuf.buffer = (byte*)buff;
856 certBuf.length = (unsigned int)sz;
857
858 /* One certificate available. */
859 args->totalCerts = 1;
860 args->certs = &certBuf;
861 args->dCert = cert;
862 args->dCertInit = 1;
863
864 /* Replace value in ret with an error value passed in. */
865 if (prev_err != 0) {
866 ret = prev_err;
867 }
868 /* Use callback to verify certificate. */
869 ret = DoVerifyCallback(cm, NULL, ret, args);
870 }
871 WC_FREE_VAR_EX(args, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
872 }
873#endif
874
875 /* Dispose of allocated memory. */
876 FreeDecodedCert(cert);
877 FreeDer(&der);
878 WC_FREE_VAR_EX(cert, cm->heap, DYNAMIC_TYPE_DCERT);
879
880 /* Convert the ret value to a return value. */
881 return (ret == 0) ? WOLFSSL_SUCCESS : ret;
882}
883
884/* Verify the certificate.
885 *
886 * Uses the verification callback if available.
887 *
888 * @param [in] cm Certificate manager.
889 * @param [in] buff Buffer holding encoded certificate.
890 * @param [in] sz Size in bytes of data in buffer.
891 * @param [in] format Format of encoding. Valid values:
892 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
893 * @param [in] prev_err Previous error. Passed to callback.
894 * @return WOLFSSL_SUCCESS on success.
895 * @return BAD_FUNC_ARG when cm or buff is NULL or sz is negative or zero.
896 * @return WOLFSSL_BAD_FILETYPE when format is invalid.
897 * @return MEMORY_E when dynamic memory allocation fails.
898 * @return NOT_COMPILED_IN when converting from PEM to DER is not a feature of
899 * the wolfSSL build.
900 */
901int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
902 const unsigned char* buff, long sz, int format)
903{
904 int ret;
905
906 WOLFSSL_ENTER("wolfSSL_CertManagerVerifyBuffer");
907
908 /* Validate parameters. */
909 if ((cm == NULL) || (buff == NULL) || (sz <= 0)) {
910 ret = BAD_FUNC_ARG;
911 }
912 else if ((format != WOLFSSL_FILETYPE_ASN1) &&
913 (format != WOLFSSL_FILETYPE_PEM)) {
914 ret = WOLFSSL_BAD_FILETYPE;
915 }
916 else {
917 /* No previous error. */
918 ret = CM_VerifyBuffer_ex(cm, buff, sz, format, 0);
919 }
920
921 return ret;
922}
923#endif /* (!NO_WOLFSSL_CLIENT || !WOLFSSL_NO_CLIENT_AUTH) || OPENSSL_EXTRA */
924
925#ifndef NO_FILESYSTEM
926
927#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \
928 defined(OPENSSL_EXTRA)
929/* Verify the certificate loaded from a file.
930 *
931 * Uses the verification callback if available.
932 *
933 * @param [in] cm Certificate manager.
934 * @param [in] format Format of encoding. Valid values:
935 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
936 * @param [in] prev_err Previous error. Passed to callback.
937 * @return WOLFSSL_SUCCESS on success.
938 * @return BAD_FUNC_ARG when cm or buff is NULL or sz is negative.
939 * @return WOLFSSL_BAD_FILETYPE when format is invalid.
940 * @return WOLFSSL_BAD_FILE when reading the certificate file fails.
941 * @return MEMORY_E when dynamic memory allocation fails.
942 * @return NOT_COMPILED_IN when converting from PEM to DER is not a feature of
943 * the wolfSSL build.
944 */
945int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
946 int format)
947{
948 int ret = WOLFSSL_SUCCESS;
949#ifndef WOLFSSL_SMALL_STACK
950 byte staticBuffer[FILE_BUFFER_SIZE];
951#endif
952 byte* buff = NULL;
953 long sz = 0;
954 XFILE file = XBADFILE;
955
956 WOLFSSL_ENTER("wolfSSL_CertManagerVerify");
957
958#ifndef WOLFSSL_SMALL_STACK
959 buff = staticBuffer;
960#endif
961
962 /* Validate parameters. cm and format validated in:
963 * wolfSSL_CertManagerVerifyBuffer */
964 if ((cm == NULL) || (fname == NULL)) {
965 ret = BAD_FUNC_ARG;
966 }
967
968 /* Open the file containing a certificate. */
969 if ((ret == WOLFSSL_SUCCESS) &&
970 ((file = XFOPEN(fname, "rb")) == XBADFILE)) {
971 ret = WOLFSSL_BAD_FILE;
972 }
973 /* Get the length of the file. */
974 if (ret == WOLFSSL_SUCCESS) {
975 ret = wolfssl_file_len(file, &sz);
976 if (ret == 0) {
977 ret = WOLFSSL_SUCCESS;
978 }
979 }
980 /* Allocate dynamic memory for file contents if no static buffer or too
981 * small. */
982#ifndef WOLFSSL_SMALL_STACK
983 if ((ret == WOLFSSL_SUCCESS) && (sz > (long)sizeof(staticBuffer)))
984#else
985
986 if (ret == WOLFSSL_SUCCESS)
987#endif
988 {
989 WOLFSSL_MSG("Getting dynamic buffer");
990 buff = (byte*)XMALLOC((size_t)sz, cm->heap, DYNAMIC_TYPE_FILE);
991 if (buff == NULL) {
992 ret = WOLFSSL_BAD_FILE;
993 }
994 }
995 /* Read all the file into buffer. */
996 if ((ret == WOLFSSL_SUCCESS) && (XFREAD(buff, 1, (size_t)sz, file) !=
997 (size_t)sz)) {
998 ret = WOLFSSL_BAD_FILE;
999 }
1000 /* Close file if opened. */
1001 if (file != XBADFILE) {
1002 XFCLOSE(file);
1003 }
1004 if (ret == WOLFSSL_SUCCESS) {
1005 /* Verify the certificate read. */
1006 ret = wolfSSL_CertManagerVerifyBuffer(cm, buff, sz, format);
1007 }
1008
1009 /* Dispose of buffer if it was allocated. */
1010#ifndef WOLFSSL_SMALL_STACK
1011 if (buff != staticBuffer)
1012#endif
1013 {
1014 if (cm != NULL) {
1015 XFREE(buff, cm->heap, DYNAMIC_TYPE_FILE);
1016 }
1017 }
1018 return ret;
1019}
1020#endif
1021
1022/* Load the CA file and/or certificate files in a path.
1023 *
1024 * @param [in] cm Certificate manager.
1025 * @param [in] file Name of CA file.
1026 * @param [in] path Path to a directory containing certificates.
1027 * @return WOLFSSL_SUCCESS on success.
1028 * @return WOLFSSL_FATAL_ERROR when cm is NULL or unable to create WOLFSSL_CTX.
1029 * @return Otherwise failure.
1030 */
1031int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
1032 const char* path)
1033{
1034 int ret = WOLFSSL_SUCCESS;
1035 WOLFSSL_CTX* tmp = NULL;
1036
1037 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCA");
1038
1039 /* Validate parameters. file and path validated in:
1040 * wolfSSL_CTX_load_verify_locations*/
1041 if (cm == NULL) {
1042 WOLFSSL_MSG("No CertManager error");
1043 ret = WOLFSSL_FATAL_ERROR;
1044 }
1045 /* Create temporary WOLFSSL_CTX. */
1046 if ((ret == WOLFSSL_SUCCESS) && ((tmp =
1047 wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
1048 WOLFSSL_MSG("CTX new failed");
1049 ret = WOLFSSL_FATAL_ERROR;
1050 }
1051 if (ret == WOLFSSL_SUCCESS) {
1052 /* Some configurations like OPENSSL_COMPATIBLE_DEFAULTS may turn off
1053 * verification by default. Let's restore our desired defaults. */
1054 wolfSSL_CTX_set_verify(tmp, WOLFSSL_VERIFY_DEFAULT, NULL);
1055
1056 /* Replace certificate manager with one to load certificate/s into. */
1057 wolfSSL_CertManagerFree(tmp->cm);
1058 tmp->cm = cm;
1059
1060 /* Load certificate from file and path. */
1061 ret = wolfSSL_CTX_load_verify_locations(tmp, file, path);
1062
1063 /* Clear certificate manager in WOLFSSL_CTX so it won't be freed. */
1064 tmp->cm = NULL;
1065 }
1066
1067 /* Dispose of temporary WOLFSSL_CTX. */
1068 wolfSSL_CTX_free(tmp);
1069 return ret;
1070}
1071
1072#endif /* NO_FILESYSTEM */
1073
1074#if defined(PERSIST_CERT_CACHE)
1075
1076/* Version of layout of cache of CA certificates. */
1077#define WOLFSSL_CACHE_CERT_VERSION 1
1078
1079/* CA certificates cache information. */
1080typedef struct {
1081 /* Cache certificate layout version id. */
1082 int version;
1083 /* Number of hash table rows. Maximum of CA_TABLE_SIZE. */
1084 int rows;
1085 /* Number of columns per row. */
1086 int columns[CA_TABLE_SIZE];
1087 /* Size of Signer object. */
1088 int signerSz;
1089} CertCacheHeader;
1090
1091/* current cert persistence layout is:
1092
1093 1) CertCacheHeader
1094 2) caTable
1095
1096 update WOLFSSL_CERT_CACHE_VERSION if change layout for the following
1097 PERSIST_CERT_CACHE functions
1098*/
1099
1100
1101/* Return number of bytes of memory needed to persist this signer.
1102 *
1103 * Assumes we have locked CA table.
1104 *
1105 * @param [in] Signer Signer entry in CA table.
1106 * @return Number of bytes.
1107 */
1108static WC_INLINE int cm_get_signer_memory(Signer* signer)
1109{
1110 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
1111 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
1112
1113#if !defined(NO_SKID)
1114 sz += (int)sizeof(signer->subjectKeyIdHash);
1115#endif
1116
1117 /* Add dynamic bytes needed. */
1118 sz += (int)signer->pubKeySize;
1119 sz += signer->nameLen;
1120
1121 return sz;
1122}
1123
1124
1125/* Return number of bytes of memory needed to persist this row.
1126 *
1127 * Assumes we have locked CA table.
1128 *
1129 * @param [in] row A row of signers from the CA table.
1130 * @return Number of bytes.
1131 */
1132static WC_INLINE int cm_get_cert_cache_row_memory(Signer* row)
1133{
1134 int sz = 0;
1135
1136 /* Each signer in row. */
1137 while (row != NULL) {
1138 /* Add in size of this signer. */
1139 sz += cm_get_signer_memory(row);
1140 row = row->next;
1141 }
1142
1143 return sz;
1144}
1145
1146
1147/* Return the number of bytes of memory to persist cert cache.
1148 *
1149 * Assumes we have locked CA table.
1150 *
1151 * @param [in] cm Certificate manager.
1152 * @return Number of bytes.
1153 */
1154static WC_INLINE int cm_get_cert_cache_mem_size(WOLFSSL_CERT_MANAGER* cm)
1155{
1156 int sz;
1157 int i;
1158
1159 sz = sizeof(CertCacheHeader);
1160
1161 /* Each row in table. */
1162 for (i = 0; i < CA_TABLE_SIZE; i++) {
1163 /* Add in size of this row. */
1164 sz += cm_get_cert_cache_row_memory(cm->caTable[i]);
1165 }
1166
1167 return sz;
1168}
1169
1170
1171/* Get count of columns for each row.
1172 *
1173 * Assumes we have locked CA table.
1174 *
1175 * @param [in] cm Certificate manager.
1176 * @param [in] columns Array of row counts.
1177 */
1178static WC_INLINE void cm_set_cert_header_Columns(WOLFSSL_CERT_MANAGER* cm,
1179 int* columns)
1180{
1181 int i;
1182 Signer* row;
1183
1184 /* Each row in table. */
1185 for (i = 0; i < CA_TABLE_SIZE; i++) {
1186 int count = 0;
1187
1188 /* Get row from table. */
1189 row = cm->caTable[i];
1190 /* Each entry in row. */
1191 while (row != NULL) {
1192 /* Update count. */
1193 ++count;
1194 row = row->next;
1195 }
1196 /* Store row count. */
1197 columns[i] = count;
1198 }
1199}
1200
1201
1202/* Restore whole cert row from memory,
1203 *
1204 * Assumes we have locked CA table.
1205 *
1206 * @param [in] cm Certificate manager.
1207 * @param [in] current Buffer containing rows.
1208 * @param [in] row Row number being restored.
1209 * @param [in] listSz Number of entries in row.
1210 * @param [in] end End of data in buffer.
1211 * @return Number of bytes consumed on success.
1212 * @return PARSE_ERROR when listSz is less than zero.
1213 * @return BUFFER_E when buffer is too small.
1214 * @return MEMORY_E when dynamic memory allocation fails.
1215 * @return Negative value on error.
1216 */
1217static WC_INLINE int cm_restore_cert_row(WOLFSSL_CERT_MANAGER* cm,
1218 byte* current, int row, int listSz, const byte* end)
1219{
1220 int ret = 0;
1221 int idx = 0;
1222
1223 /* Validate parameters. */
1224 if (listSz < 0) {
1225 WOLFSSL_MSG("Row header corrupted, negative value");
1226 ret = PARSE_ERROR;
1227 }
1228
1229 /* Process all entries. */
1230 while ((ret == 0) && (listSz > 0)) {
1231 Signer* signer = NULL;
1232 byte* publicKey;
1233 byte* start = current + idx; /* for end checks on this signer */
1234 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
1235 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
1236 #ifndef NO_SKID
1237 minSz += (int)sizeof(signer->subjectKeyIdHash);
1238 #endif
1239
1240 /* Check minimal size of bytes available. */
1241 if (start + minSz > end) {
1242 WOLFSSL_MSG("Would overread restore buffer");
1243 ret = BUFFER_E;
1244 }
1245 /* Make a new signer. */
1246 if ((ret == 0) && ((signer = MakeSigner(cm->heap)) == NULL)) {
1247 ret = MEMORY_E;
1248 }
1249
1250 if (ret == 0) {
1251 /* Copy in public key size. */
1252 XMEMCPY(&signer->pubKeySize, current + idx,
1253 sizeof(signer->pubKeySize));
1254 idx += (int)sizeof(signer->pubKeySize);
1255
1256 /* Copy in public key OID. */
1257 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
1258 idx += (int)sizeof(signer->keyOID);
1259
1260 /* Check bytes available for public key. */
1261 if (start + minSz + signer->pubKeySize > end) {
1262 WOLFSSL_MSG("Would overread restore buffer");
1263 ret = BUFFER_E;
1264 }
1265 }
1266 if (ret == 0) {
1267 /* Allocate memory for public key to be stored in. */
1268 publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
1269 DYNAMIC_TYPE_KEY);
1270 if (publicKey == NULL) {
1271 ret = MEMORY_E;
1272 }
1273 }
1274
1275 if (ret == 0) {
1276 /* Copy in public key. */
1277 XMEMCPY(publicKey, current + idx, signer->pubKeySize);
1278 signer->publicKey = publicKey;
1279 idx += (int)signer->pubKeySize;
1280
1281 /* Copy in certificate name length. */
1282 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
1283 idx += (int)sizeof(signer->nameLen);
1284
1285 /* Check bytes available for certificate name. */
1286 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
1287 WOLFSSL_MSG("Would overread restore buffer");
1288 ret = BUFFER_E;
1289 }
1290 }
1291 if (ret == 0) {
1292 /* Allocate memory for public key to be stored in. */
1293 signer->name = (char*)XMALLOC((size_t)signer->nameLen, cm->heap,
1294 DYNAMIC_TYPE_SUBJECT_CN);
1295 if (signer->name == NULL) {
1296 ret = MEMORY_E;
1297 }
1298 }
1299
1300 if (ret == 0) {
1301 /* Copy in certificate name. */
1302 /* safe cast -- allocated by above XMALLOC(). */
1303 XMEMCPY((void *)(wc_ptr_t)signer->name, current + idx,
1304 (size_t)signer->nameLen);
1305 idx += signer->nameLen;
1306
1307 /* Copy in hash of subject name. */
1308 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
1309 idx += SIGNER_DIGEST_SIZE;
1310
1311 #ifndef NO_SKID
1312 /* Copy in hash of subject key. */
1313 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
1314 idx += SIGNER_DIGEST_SIZE;
1315 #endif
1316
1317 /* Make next Signer the head of the row. */
1318 signer->next = cm->caTable[row];
1319 /* Add Signer to start of row. */
1320 cm->caTable[row] = signer;
1321
1322 /* Done one more Signer. */
1323 --listSz;
1324 }
1325
1326 if ((ret != 0) && (signer != NULL)) {
1327 /* Dispose of allocated signer. */
1328 FreeSigner(signer, cm->heap);
1329 }
1330 }
1331
1332 if (ret == 0) {
1333 /* Return the number of bytes used on success. */
1334 ret = idx;
1335 }
1336 return ret;
1337}
1338
1339
1340/* Store whole CA certificate row into memory.
1341 *
1342 * Assumes we have locked CA table.
1343 *
1344 * @param [in] cm Certificate manager.
1345 * @param [in] current Buffer to write to.
1346 * @param [in] row Row number being stored.
1347 * @return Number of bytes added.
1348 */
1349static WC_INLINE int cm_store_cert_row(WOLFSSL_CERT_MANAGER* cm, byte* current,
1350 int row)
1351{
1352 int added = 0;
1353 Signer* list;
1354
1355 /* Get the row - a linked list. */
1356 list = cm->caTable[row];
1357 /* Each certificate in row. */
1358 while (list != NULL) {
1359 /* Public key size. */
1360 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
1361 added += (int)sizeof(list->pubKeySize);
1362
1363 /* Public key OID. */
1364 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
1365 added += (int)sizeof(list->keyOID);
1366
1367 /* Public key. */
1368 XMEMCPY(current + added, list->publicKey, (size_t)list->pubKeySize);
1369 added += (int)list->pubKeySize;
1370
1371 /* Certificate name length. */
1372 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
1373 added += (int)sizeof(list->nameLen);
1374
1375 /* Certificate name. */
1376 XMEMCPY(current + added, list->name, (size_t)list->nameLen);
1377 added += list->nameLen;
1378
1379 /* Hash of subject name. */
1380 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
1381 added += SIGNER_DIGEST_SIZE;
1382
1383 #ifndef NO_SKID
1384 /* Hash of public key. */
1385 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
1386 added += SIGNER_DIGEST_SIZE;
1387 #endif
1388
1389 /* Next certificate in row. */
1390 list = list->next;
1391 }
1392
1393 return added;
1394}
1395
1396
1397/* Persist CA certificate cache to memory.
1398 *
1399 * Assumes we have locked CA table.
1400 *
1401 * @param [in] cm Certificate manager.
1402 * @param [in] mem Memory to persist into.
1403 * @param [in] sz Size in bytes of memory.
1404 * @return WOLFSSL_SUCCESS on success.
1405 * @return BUFFER_E when memory is too small.
1406 */
1407static WC_INLINE int cm_do_mem_save_cert_cache(WOLFSSL_CERT_MANAGER* cm,
1408 void* mem, int sz)
1409{
1410 int ret = WOLFSSL_SUCCESS;
1411 int realSz;
1412 int i;
1413
1414 WOLFSSL_ENTER("cm_do_mem_save_cert_cache");
1415
1416 /* Calculate amount of memory required to store CA certificate table. */
1417 realSz = cm_get_cert_cache_mem_size(cm);
1418 if (realSz > sz) {
1419 WOLFSSL_MSG("Mem output buffer too small");
1420 ret = BUFFER_E;
1421 }
1422 if (ret == WOLFSSL_SUCCESS) {
1423 byte* current;
1424 CertCacheHeader hdr;
1425
1426 /* Create header for storage. */
1427 hdr.version = WOLFSSL_CACHE_CERT_VERSION;
1428 hdr.rows = CA_TABLE_SIZE;
1429 cm_set_cert_header_Columns(cm, hdr.columns);
1430 hdr.signerSz = (int)sizeof(Signer);
1431
1432 /* Copy header into memory. */
1433 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
1434 current = (byte*)mem + sizeof(CertCacheHeader);
1435
1436 /* Each row of table. */
1437 for (i = 0; i < CA_TABLE_SIZE; ++i) {
1438 /* Append row to memory. */
1439 current += cm_store_cert_row(cm, current, i);
1440 }
1441 }
1442
1443 return ret;
1444}
1445
1446
1447#if !defined(NO_FILESYSTEM)
1448
1449/* Persist CA certificate cache to file.
1450 *
1451 * Locks CA table.
1452 *
1453 * @param [in] cm Certificate manager.
1454 * @param [in] fname File name to write to.
1455 * @return WOLFSSL_SUCCESS on success.
1456 * @return WOLFSSL_BAD_FILE when opening file fails.
1457 * @return BAD_MUTEX_E when locking fails.
1458 * @return MEMORY_E when dynamic memory allocation fails.
1459 * @return FWRITE_ERROR when writing to file fails.
1460 */
1461int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
1462{
1463 XFILE file;
1464 int ret = WOLFSSL_SUCCESS;
1465
1466 WOLFSSL_ENTER("CM_SaveCertCache");
1467
1468 /* Open file for writing. */
1469 file = XFOPEN(fname, "w+b");
1470 if (file == XBADFILE) {
1471 WOLFSSL_MSG("Couldn't open cert cache save file");
1472 ret = WOLFSSL_BAD_FILE;
1473 }
1474
1475 /* Lock CA table. */
1476 if ((ret == WOLFSSL_SUCCESS) && (wc_LockMutex(&cm->caLock) != 0)) {
1477 WOLFSSL_MSG("wc_LockMutex on caLock failed");
1478 ret = BAD_MUTEX_E;
1479 }
1480
1481 if (ret == WOLFSSL_SUCCESS) {
1482 byte* mem;
1483 /* Calculate size of memory required to store CA table. */
1484 size_t memSz = (size_t)cm_get_cert_cache_mem_size(cm);
1485 /* Allocate memory to hold CA table. */
1486 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
1487 if (mem == NULL) {
1488 WOLFSSL_MSG("Alloc for tmp buffer failed");
1489 ret = MEMORY_E;
1490 }
1491 if (ret == WOLFSSL_SUCCESS) {
1492 /* Store CA table in memory. */
1493 ret = cm_do_mem_save_cert_cache(cm, mem, (int)memSz);
1494 }
1495 if (ret == WOLFSSL_SUCCESS) {
1496 /* Write memory to file. */
1497 int sz = (int)XFWRITE(mem, memSz, 1, file);
1498 if (sz != 1) {
1499 WOLFSSL_MSG("Cert cache file write failed");
1500 ret = FWRITE_ERROR;
1501 }
1502 }
1503 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
1504
1505 /* Unlock CA table. */
1506 wc_UnLockMutex(&cm->caLock);
1507 }
1508
1509 /* Close file. */
1510 if (file != XBADFILE) {
1511 XFCLOSE(file);
1512 }
1513 return ret;
1514}
1515
1516
1517/* Restore CA certificate cache from file.
1518 *
1519 * @param [in] cm Certificate manager.
1520 * @param [in] fname File name to write to.
1521 * @return WOLFSSL_SUCCESS on success.
1522 * @return WOLFSSL_BAD_FILE when opening or using file fails.
1523 * @return MEMORY_E when dynamic memory allocation fails.
1524 * @return FREAD_ERROR when reading from file fails.
1525 */
1526int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
1527{
1528 XFILE file;
1529 int ret = WOLFSSL_SUCCESS;
1530 int memSz = 0;
1531 byte* mem = NULL;
1532
1533 WOLFSSL_ENTER("CM_RestoreCertCache");
1534
1535 /* Open file for reading. */
1536 file = XFOPEN(fname, "rb");
1537 if (file == XBADFILE) {
1538 WOLFSSL_MSG("Couldn't open cert cache save file");
1539 ret = WOLFSSL_BAD_FILE;
1540 }
1541
1542 if (ret == WOLFSSL_SUCCESS) {
1543 /* Read file into allocated memory. */
1544 ret = wolfssl_read_file(file, (char**)&mem, &memSz);
1545 if (ret == 0) {
1546 ret = WOLFSSL_SUCCESS;
1547 }
1548 }
1549 if (ret == WOLFSSL_SUCCESS) {
1550 /* Create the CA certificate table from memory. */
1551 ret = CM_MemRestoreCertCache(cm, mem, memSz);
1552 if (ret != WOLFSSL_SUCCESS) {
1553 WOLFSSL_MSG("Mem restore cert cache failed");
1554 }
1555 }
1556
1557 /* Dispose of dynamic memory read into. */
1558 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
1559 /* Close file. */
1560 if (file != XBADFILE) {
1561 XFCLOSE(file);
1562 }
1563 return ret;
1564}
1565
1566#endif /* NO_FILESYSTEM */
1567
1568
1569/* Persist CA certificate cache to memory.
1570 *
1571 * Locks CA table.
1572 *
1573 * @param [in] cm Certificate manager.
1574 * @param [in] mem Memory to persist into.
1575 * @param [in] sz Size in bytes of memory.
1576 * @param [out] used Number of bytes used when persisting cache.
1577 * @return WOLFSSL_SUCCESS on success.
1578 * @return BAD_MUTEX_E when locking fails.
1579 * @return BUFFER_E when memory is too small.
1580 */
1581int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
1582{
1583 int ret = WOLFSSL_SUCCESS;
1584
1585 WOLFSSL_ENTER("CM_MemSaveCertCache");
1586
1587 /* Lock CA table. */
1588 if (wc_LockMutex(&cm->caLock) != 0) {
1589 WOLFSSL_MSG("wc_LockMutex on caLock failed");
1590 ret = BAD_MUTEX_E;
1591 }
1592 if (ret == WOLFSSL_SUCCESS) {
1593 /* Save CA table into memory. */
1594 ret = cm_do_mem_save_cert_cache(cm, mem, sz);
1595 if (ret == WOLFSSL_SUCCESS) {
1596 /* Get the number of bytes used. */
1597 *used = cm_get_cert_cache_mem_size(cm);
1598 }
1599
1600 /* Unlock CA table. */
1601 wc_UnLockMutex(&cm->caLock);
1602 }
1603
1604 return ret;
1605}
1606
1607
1608/* Restore CA certificate table from memory,
1609 *
1610 * Locks CA table.
1611 *
1612 * @param [in] cm Certificate manager.
1613 * @param [in] mem Buffer containing rows.
1614 * @param [in] sz Size in bytes of data in buffer.
1615 * @return WOLFSSL_SUCCESS on success.
1616 * @return BUFFER_E when buffer is too small.
1617 * @return BAD_MUTEX_E when locking fails.
1618 * @return MEMORY_E when dynamic memory allocation fails.
1619 */
1620int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz)
1621{
1622 int ret = WOLFSSL_SUCCESS;
1623 int i;
1624 CertCacheHeader* hdr = (CertCacheHeader*)mem;
1625 byte* current = (byte*)mem + sizeof(CertCacheHeader);
1626 byte* end = (byte*)mem + sz; /* don't go over */
1627
1628 WOLFSSL_ENTER("CM_MemRestoreCertCache");
1629
1630 /* Check memory available is bigger than cache header. */
1631 if ((sz < (int)sizeof(CertCacheHeader)) || (current > end)) {
1632 WOLFSSL_MSG("Cert Cache Memory buffer too small");
1633 ret = BUFFER_E;
1634 }
1635
1636 /* Validate the cache header. */
1637 if ((ret == WOLFSSL_SUCCESS) &&
1638 ((hdr->version != WOLFSSL_CACHE_CERT_VERSION) ||
1639 (hdr->rows != CA_TABLE_SIZE) ||
1640 (hdr->signerSz != (int)sizeof(Signer)))) {
1641 WOLFSSL_MSG("Cert Cache Memory header mismatch");
1642 ret = CACHE_MATCH_ERROR;
1643 }
1644
1645 /* Lock CA table. */
1646 if ((ret == WOLFSSL_SUCCESS) && (wc_LockMutex(&cm->caLock) != 0)) {
1647 WOLFSSL_MSG("wc_LockMutex on caLock failed");
1648 ret = BAD_MUTEX_E;
1649 }
1650
1651 if (ret == WOLFSSL_SUCCESS) {
1652 /* Dispose of current CA certificate table. */
1653 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
1654
1655 /* Each row. */
1656 for (i = 0; i < CA_TABLE_SIZE; ++i) {
1657 /* Restore a row from memory. */
1658 int added = cm_restore_cert_row(cm, current, i, hdr->columns[i],
1659 end);
1660 /* Bail on error. */
1661 if (added < 0) {
1662 WOLFSSL_MSG("cm_restore_cert_row error");
1663 ret = added;
1664 break;
1665 }
1666 /* Update pointer to data of next row. */
1667 current += added;
1668 }
1669
1670 /* Unlock CA table. */
1671 wc_UnLockMutex(&cm->caLock);
1672 }
1673
1674 return ret;
1675}
1676
1677
1678/* Calculate size of CA certificate cache when persisted to memory.
1679 *
1680 * Locks CA table.
1681 *
1682 * @param [in] cm Certificate manager.
1683 * @return Number of bytes on success.
1684 * @return BAD_MUTEX_E when locking fails.
1685 */
1686int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
1687{
1688 int ret;
1689
1690 WOLFSSL_ENTER("CM_GetCertCacheMemSize");
1691
1692 /* Lock CA table. */
1693 if (wc_LockMutex(&cm->caLock) != 0) {
1694 WOLFSSL_MSG("wc_LockMutex on caLock failed");
1695 ret = BAD_MUTEX_E;
1696 }
1697 else {
1698 /* Calculate memory size. */
1699 ret = cm_get_cert_cache_mem_size(cm);
1700
1701 /* Unlock CA table. */
1702 wc_UnLockMutex(&cm->caLock);
1703 }
1704
1705 return ret;
1706}
1707
1708#endif /* PERSIST_CERT_CACHE */
1709
1710/*******************************************************************************
1711 * CRL handling
1712 ******************************************************************************/
1713
1714/* Enables/disables the use of CRLs when validating certificates.
1715 *
1716 * @param [in] cm Certificate manager.
1717 * @param [in] options Options for using CRLs. Valid flags:
1718 * WOLFSSL_CRL_CHECKALL, WOLFSSL_CRL_CHECK.
1719 * @return WOLFSSL_SUCCESS on success.
1720 * @return WOLFSSL_FAILURE when initializing the CRL object fails.
1721 * @return BAD_FUNC_ARG when cm is NULL.
1722 * @return MEMORY_E when dynamic memory allocation fails.
1723 * @return NOT_COMPILED_IN when the CRL feature is disabled.
1724 */
1725int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
1726{
1727 int ret = WOLFSSL_SUCCESS;
1728
1729 WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
1730
1731 (void)options;
1732
1733 /* Validate parameters. */
1734 if (cm == NULL) {
1735 ret = BAD_FUNC_ARG;
1736 }
1737
1738#if defined(OPENSSL_COMPATIBLE_DEFAULTS)
1739 /* If disabling then don't worry about whether CRL feature is enabled. */
1740 if ((ret == WOLFSSL_SUCCESS) && (options == 0)) {
1741 /* Disable leaf CRL check. */
1742 cm->crlEnabled = 0;
1743 /* Disable all CRL checks. */
1744 cm->crlCheckAll = 0;
1745 }
1746 else
1747#endif
1748 if (ret == WOLFSSL_SUCCESS) {
1749#ifndef HAVE_CRL
1750 /* CRL feature not enabled. */
1751 ret = NOT_COMPILED_IN;
1752#else
1753 /* Create CRL object if not present. */
1754 if (cm->crl == NULL) {
1755 /* Allocate memory for CRL object. */
1756 cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
1757 DYNAMIC_TYPE_CRL);
1758 if (cm->crl == NULL) {
1759 ret = MEMORY_E;
1760 }
1761 if (ret == WOLFSSL_SUCCESS) {
1762 /* Reset fields of CRL object. */
1763 XMEMSET(cm->crl, 0, sizeof(WOLFSSL_CRL));
1764 /* Initialize CRL object. */
1765 if (InitCRL(cm->crl, cm) != 0) {
1766 WOLFSSL_MSG("Init CRL failed");
1767 /* Dispose of CRL object - indicating dynamically allocated.
1768 */
1769 FreeCRL(cm->crl, 1);
1770 cm->crl = NULL;
1771 ret = WOLFSSL_FAILURE;
1772 }
1773 }
1774 }
1775
1776 if (ret == WOLFSSL_SUCCESS) {
1777 #if defined(HAVE_CRL_IO) && defined(USE_WOLFSSL_IO)
1778 /* Use built-in callback to lookup CRL from URL. */
1779 cm->crl->crlIOCb = EmbedCrlLookup;
1780 #endif
1781 #if defined(OPENSSL_COMPATIBLE_DEFAULTS)
1782 if ((options & WOLFSSL_CRL_CHECKALL) ||
1783 (options & WOLFSSL_CRL_CHECK))
1784 #endif
1785 {
1786 /* Enable leaf CRL check. */
1787 cm->crlEnabled = 1;
1788 if (options & WOLFSSL_CRL_CHECKALL) {
1789 /* Enable all CRL check. */
1790 cm->crlCheckAll = 1;
1791 }
1792 }
1793 }
1794#endif
1795 }
1796
1797 return ret;
1798}
1799
1800
1801/* Disables the CRL checks.
1802 *
1803 * @param [in] cm Certificate manager.
1804 * @return WOLFSSL_SUCCESS on success.
1805 * @return BAD_FUNC_ARG when cm is NULL.
1806 */
1807int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
1808{
1809 int ret = WOLFSSL_SUCCESS;
1810
1811 WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
1812
1813 /* Validate parameter. */
1814 if (cm == NULL) {
1815 ret = BAD_FUNC_ARG;
1816 }
1817 if (ret == WOLFSSL_SUCCESS) {
1818 /* Disable CRL checking. */
1819 cm->crlEnabled = 0;
1820 cm->crlCheckAll = 0;
1821 }
1822
1823 return ret;
1824}
1825
1826#ifdef HAVE_CRL
1827
1828/* Load CRL for use.
1829 *
1830 * @param [in] cm Certificate manager.
1831 * @param [in] buff Buffer holding CRL.
1832 * @param [in] sz Size in bytes of CRL in buffer.
1833 * @param [in] type Format of encoding. Valid values:
1834 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
1835 * @return WOLFSSL_SUCCESS on success.
1836 * @return BAD_FUNC_ARG when cm or buff is NULL or sz is negative or zero.
1837 * @return DUPE_ENTRY_E if the same or a newer CRL already exists in the cm.
1838 * @return WOLFSSL_FATAL_ERROR when creating CRL object fails.
1839 */
1840int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
1841 const unsigned char* buff, long sz, int type)
1842{
1843 int ret = WOLFSSL_SUCCESS;
1844
1845 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRLBuffer");
1846
1847 /* Validate parameters. */
1848 if ((cm == NULL) || (buff == NULL) || (sz <= 0)) {
1849 ret = BAD_FUNC_ARG;
1850 }
1851
1852 /* Create a CRL object if not available and enable CRL checking. */
1853 if ((ret == WOLFSSL_SUCCESS) && (cm->crl == NULL) &&
1854 (wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK) !=
1855 WOLFSSL_SUCCESS)) {
1856 WOLFSSL_MSG("Enable CRL failed");
1857 ret = WOLFSSL_FATAL_ERROR;
1858 }
1859
1860 if (ret == WOLFSSL_SUCCESS) {
1861 /* Load CRL into CRL object of the certificate manager. */
1862 ret = BufferLoadCRL(cm->crl, buff, sz, type, VERIFY);
1863 }
1864
1865 return ret;
1866}
1867
1868/* Free the CRL object of the certificate manager.
1869 *
1870 * @param [in] cm Certificate manager.
1871 * @return WOLFSSL_SUCCESS on success.
1872 * @return BAD_FUNC_ARG when cm is NULL.
1873 */
1874int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm)
1875{
1876 int ret = WOLFSSL_SUCCESS;
1877
1878 WOLFSSL_ENTER("wolfSSL_CertManagerFreeCRL");
1879
1880 /* Validate parameter. */
1881 if (cm == NULL) {
1882 ret = BAD_FUNC_ARG;
1883 }
1884 /* Check whether CRL object exists. */
1885 if ((ret == WOLFSSL_SUCCESS) && (cm->crl != NULL)) {
1886 /* Dispose of CRL object - indicating dynamically allocated. */
1887 FreeCRL(cm->crl, 1);
1888 cm->crl = NULL;
1889 }
1890
1891 return ret;
1892}
1893
1894/* Check DER encoded certificate against CRLs if checking enabled.
1895 *
1896 * @param [in] cm Certificate manager.
1897 * @param [in] der DER encode certificate.
1898 * @param [in] sz Size in bytes of DER encode certificate.
1899 * @return WOLFSSL_SUCCESS on success.
1900 * @return BAD_FUNC_ARG when cm or der is NULL or sz is negative or zero.
1901 * @return MEMORY_E when dynamic memory allocation fails.
1902 */
1903int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
1904 const unsigned char* der, int sz)
1905{
1906 int ret = 0;
1907 WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
1908
1909 WOLFSSL_ENTER("wolfSSL_CertManagerCheckCRL");
1910
1911 /* Validate parameters. */
1912 if ((cm == NULL) || (der == NULL) || (sz <= 0)) {
1913 ret = BAD_FUNC_ARG;
1914 }
1915
1916 /* Check if CRL checking enabled. */
1917 if ((ret == 0) && cm->crlEnabled) {
1918 /* Allocate memory for decoded certificate. */
1919 WC_ALLOC_VAR_EX(cert, DecodedCert, 1, NULL, DYNAMIC_TYPE_DCERT,
1920 ret=MEMORY_E);
1921 if (WC_VAR_OK(cert))
1922 {
1923 /* Initialize decoded certificate with buffer. */
1924 InitDecodedCert(cert, der, (word32)sz, NULL);
1925
1926 /* Parse certificate and perform CRL checks. */
1927 ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm, NULL);
1928 if (ret != 0) {
1929 WOLFSSL_MSG("ParseCert failed");
1930 }
1931 /* Do CRL checks with decoded certificate. */
1932 else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
1933 WOLFSSL_MSG("CheckCertCRL failed");
1934 }
1935
1936 /* Dispose of dynamically allocated memory. */
1937 FreeDecodedCert(cert);
1938 WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT);
1939 }
1940 }
1941
1942 return (ret == 0) ? WOLFSSL_SUCCESS : ret;
1943}
1944
1945/* Set the missing CRL callback.
1946 *
1947 * @param [in] cm Certificate manager.
1948 * @param [in] cb Missing CRL callback.
1949 * @return WOLFSSL_SUCCESS on success.
1950 * @return BAD_FUNC_ARG when cm is NULL.
1951 */
1952int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
1953{
1954 int ret = WOLFSSL_SUCCESS;
1955
1956 WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
1957
1958 /* Validate parameters. */
1959 if (cm == NULL) {
1960 ret = BAD_FUNC_ARG;
1961 }
1962 if (ret == WOLFSSL_SUCCESS) {
1963 /* Store callback. */
1964 cm->cbMissingCRL = cb;
1965 }
1966
1967 return ret;
1968}
1969
1970int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm, crlErrorCb cb,
1971 void* ctx)
1972{
1973 int ret = WOLFSSL_SUCCESS;
1974
1975 WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
1976
1977 /* Validate parameters. */
1978 if (cm == NULL) {
1979 ret = BAD_FUNC_ARG;
1980 }
1981 if (ret == WOLFSSL_SUCCESS) {
1982 /* Store callback. */
1983 cm->crlCb = cb;
1984 cm->crlCbCtx = ctx;
1985 }
1986
1987 return ret;
1988}
1989
1990#ifdef HAVE_CRL_UPDATE_CB
1991int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
1992 const byte* buff, long sz, int type)
1993{
1994 return GetCRLInfo(cm->crl, info, buff, sz, type);
1995}
1996
1997/* Set the callback to be called when a CRL entry has
1998 * been updated (new entry had the same issuer hash and
1999 * a newer CRL number).
2000 *
2001 * @param [in] cm Certificate manager.
2002 * @param [in] cb CRL update callback.
2003 * @return WOLFSSL_SUCCESS on success.
2004 * @return BAD_FUNC_ARG when cm is NULL.
2005 */
2006int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm, CbUpdateCRL cb)
2007{
2008 int ret = WOLFSSL_SUCCESS;
2009
2010 WOLFSSL_ENTER("wolfSSL_CertManagerSetCRLUpdate_Cb");
2011
2012 /* Validate parameters. */
2013 if (cm == NULL) {
2014 ret = BAD_FUNC_ARG;
2015 }
2016 if (ret == WOLFSSL_SUCCESS) {
2017 /* Store callback. */
2018 cm->cbUpdateCRL = cb;
2019 }
2020
2021 return ret;
2022}
2023#endif
2024
2025#ifdef HAVE_CRL_IO
2026/* Set the CRL I/O callback.
2027 *
2028 * @param [in] cm Certificate manager.
2029 * @param [in] cb CRL I/O callback.
2030 * @return WOLFSSL_SUCCESS on success.
2031 * @return BAD_FUNC_ARG when cm is NULL.
2032 */
2033int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, CbCrlIO cb)
2034{
2035 int ret = WOLFSSL_SUCCESS;
2036
2037 /* Validate parameters. */
2038 if (cm == NULL) {
2039 ret = BAD_FUNC_ARG;
2040 }
2041 if ((ret == WOLFSSL_SUCCESS) && (cm->crl != NULL)) {
2042 /* Store callback. */
2043 cm->crl->crlIOCb = cb;
2044 }
2045
2046 return ret;
2047}
2048#endif
2049
2050#ifndef NO_FILESYSTEM
2051/* Load CRL/s from path with the option of monitoring for changes.
2052 *
2053 * @param [in] cm Certificate manager.
2054 * @param [in] path Path to a directory containing CRLs.
2055 * @param [in] type Format of encoding. Valid values:
2056 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
2057 * @param [in] monitor Whether to monitor path for changes to files.
2058 * @return WOLFSSL_SUCCESS on success.
2059 * @return BAD_FUNC_ARG when cm or path is NULL.
2060 * @return WOLFSSL_FATAL_ERROR when enabling CRLs fails.
2061 */
2062int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path,
2063 int type, int monitor)
2064{
2065 int ret = WOLFSSL_SUCCESS;
2066
2067 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRL");
2068
2069 /* Validate parameters. */
2070 if ((cm == NULL) || (path == NULL)) {
2071 ret = BAD_FUNC_ARG;
2072 }
2073
2074 /* Create a CRL object if not available. */
2075 if ((ret == WOLFSSL_SUCCESS) && (cm->crl == NULL) &&
2076 (wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK) !=
2077 WOLFSSL_SUCCESS)) {
2078 WOLFSSL_MSG("Enable CRL failed");
2079 ret = WOLFSSL_FATAL_ERROR;
2080 }
2081
2082 if (ret == WOLFSSL_SUCCESS) {
2083 /* Load CRLs from path into CRL object of certificate manager. */
2084 ret = LoadCRL(cm->crl, path, type, monitor);
2085 }
2086
2087 return ret;
2088}
2089
2090/* Load CRL from file.
2091 *
2092 * @param [in] cm Certificate manager.
2093 * @param [in] file Path to a directory containing CRLs.
2094 * @param [in] type Format of encoding. Valid values:
2095 * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
2096 * @return WOLFSSL_SUCCESS on success.
2097 * @return BAD_FUNC_ARG when cm or file is NULL.
2098 * @return WOLFSSL_FATAL_ERROR when enabling CRLs fails.
2099 */
2100int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm, const char* file,
2101 int type)
2102{
2103 int ret = WOLFSSL_SUCCESS;
2104
2105 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRLFile");
2106
2107 /* Validate parameters. */
2108 if ((cm == NULL) || (file == NULL)) {
2109 ret = BAD_FUNC_ARG;
2110 }
2111
2112 /* Create a CRL object if not available. */
2113 if ((ret == WOLFSSL_SUCCESS) && (cm->crl == NULL) &&
2114 (wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK) !=
2115 WOLFSSL_SUCCESS)) {
2116 WOLFSSL_MSG("Enable CRL failed");
2117 ret = WOLFSSL_FATAL_ERROR;
2118 }
2119
2120 if (ret == WOLFSSL_SUCCESS) {
2121 /* Load CRL file into CRL object of certificate manager. */
2122 ret = ProcessFile(NULL, file, type, CRL_TYPE, NULL, 0, cm->crl, VERIFY);
2123 }
2124
2125 return ret;
2126}
2127#endif /* !NO_FILESYSTEM */
2128
2129#endif /* HAVE_CRL */
2130
2131/*******************************************************************************
2132 * OCSP handling
2133 ******************************************************************************/
2134
2135/* Enables OCSP when validating certificates and sets options.
2136 *
2137 * @param [in] cm Certificate manager.
2138 * @param [in] options Options for using OCSP. Valid flags:
2139 * WOLFSSL_OCSP_URL_OVERRIDE, WOLFSSL_OCSP_NO_NONCE,
2140 * WOLFSSL_OCSP_CHECKALL.
2141 * @return WOLFSSL_SUCCESS on success.
2142 * @return 0 when initializing the OCSP object fails.
2143 * @return BAD_FUNC_ARG when cm is NULL.
2144 * @return MEMORY_E when dynamic memory allocation fails.
2145 * @return NOT_COMPILED_IN when the OCSP feature is disabled.
2146 */
2147int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
2148{
2149 int ret = WOLFSSL_SUCCESS;
2150
2151 (void)options;
2152
2153 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSP");
2154
2155 /* Validate parameters. */
2156 if (cm == NULL) {
2157 ret = BAD_FUNC_ARG;
2158 }
2159
2160#ifndef HAVE_OCSP
2161 if (ret == WOLFSSL_SUCCESS) {
2162 /* OCSP feature not enabled. */
2163 ret = NOT_COMPILED_IN;
2164 }
2165#else
2166 if (ret == WOLFSSL_SUCCESS) {
2167 /* Check whether OCSP object is available. */
2168 if (cm->ocsp == NULL) {
2169 /* Allocate memory for OCSP object. */
2170 cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
2171 DYNAMIC_TYPE_OCSP);
2172 if (cm->ocsp == NULL) {
2173 ret = MEMORY_E;
2174 }
2175 if (ret == WOLFSSL_SUCCESS) {
2176 /* Reset the fields of the OCSP object. */
2177 XMEMSET(cm->ocsp, 0, sizeof(WOLFSSL_OCSP));
2178 /* Initialize the OCSP object. */
2179 if (InitOCSP(cm->ocsp, cm) != 0) {
2180 WOLFSSL_MSG("Init OCSP failed");
2181 /* Dispose of OCSP object - indicating dynamically
2182 * allocated. */
2183 FreeOCSP(cm->ocsp, 1);
2184 cm->ocsp = NULL;
2185 ret = 0;
2186 }
2187 }
2188 }
2189 }
2190 if (ret == WOLFSSL_SUCCESS) {
2191 /* Enable OCSP checking. */
2192 cm->ocspEnabled = 1;
2193 /* Enable URL override if requested. */
2194 if (options & WOLFSSL_OCSP_URL_OVERRIDE) {
2195 cm->ocspUseOverrideURL = 1;
2196 }
2197 /* Set nonce option for creating OCSP requests. */
2198 cm->ocspSendNonce = (options & WOLFSSL_OCSP_NO_NONCE) !=
2199 WOLFSSL_OCSP_NO_NONCE;
2200 /* Set all OCSP checks on if requested. */
2201 if (options & WOLFSSL_OCSP_CHECKALL) {
2202 cm->ocspCheckAll = 1;
2203 }
2204 #ifndef WOLFSSL_USER_IO
2205 /* Set built-in OCSP lookup. */
2206 cm->ocspIOCb = EmbedOcspLookup;
2207 cm->ocspRespFreeCb = EmbedOcspRespFree;
2208 cm->ocspIOCtx = cm->heap;
2209 #endif /* WOLFSSL_USER_IO */
2210 }
2211#endif /* HAVE_OCSP */
2212
2213 return ret;
2214}
2215
2216/* Disables the OCSP checks.
2217 *
2218 * @param [in] cm Certificate manager.
2219 * @return WOLFSSL_SUCCESS on success.
2220 * @return BAD_FUNC_ARG when cm is NULL.
2221 */
2222int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm)
2223{
2224 int ret = WOLFSSL_SUCCESS;
2225
2226 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSP");
2227
2228 /* Validate parameter. */
2229 if (cm == NULL) {
2230 ret = BAD_FUNC_ARG;
2231 }
2232 if (ret == WOLFSSL_SUCCESS) {
2233 /* Disable use of OCSP with certificate validation. */
2234 cm->ocspEnabled = 0;
2235 }
2236
2237 return ret;
2238}
2239
2240/* Enables OCSP stapling with certificates in manager.
2241 *
2242 * @param [in] cm Certificate manager.
2243 * @param [in] options Options for using OCSP. Valid flags:
2244 * WOLFSSL_OCSP_URL_OVERRIDE, WOLFSSL_OCSP_NO_NONCE,
2245 * WOLFSSL_OCSP_CHECKALL.
2246 * @return WOLFSSL_SUCCESS on success.
2247 * @return 0 when initializing the OCSP stapling object fails.
2248 * @return BAD_FUNC_ARG when cm is NULL.
2249 * @return MEMORY_E when dynamic memory allocation fails.
2250 * @return NOT_COMPILED_IN when the OCSP stapling feature is disabled.
2251 */
2252int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
2253{
2254 int ret = WOLFSSL_SUCCESS;
2255
2256 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling");
2257
2258 /* Validate parameters. */
2259 if (cm == NULL) {
2260 ret = BAD_FUNC_ARG;
2261 }
2262
2263#if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
2264 !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2265 if (ret == WOLFSSL_SUCCESS) {
2266 /* OCSP stapling feature not enabled. */
2267 ret = NOT_COMPILED_IN;
2268 }
2269#else
2270#ifndef NO_WOLFSSL_SERVER
2271 if (ret == WOLFSSL_SUCCESS) {
2272 /* Check whether OCSP object is available. */
2273 if (cm->ocsp_stapling == NULL) {
2274 /* Allocate memory for OCSP stapling object. */
2275 cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP),
2276 cm->heap, DYNAMIC_TYPE_OCSP);
2277 if (cm->ocsp_stapling == NULL) {
2278 ret = MEMORY_E;
2279 }
2280 if (ret == WOLFSSL_SUCCESS) {
2281 /* Reset the fields of the OCSP object. */
2282 XMEMSET(cm->ocsp_stapling, 0, sizeof(WOLFSSL_OCSP));
2283 /* Initialize the OCSP stapling object. */
2284 if (InitOCSP(cm->ocsp_stapling, cm) != 0) {
2285 WOLFSSL_MSG("Init OCSP failed");
2286 /* Dispose of OCSP stapling object - indicating dynamically
2287 * allocated. */
2288 FreeOCSP(cm->ocsp_stapling, 1);
2289 cm->ocsp_stapling = NULL;
2290 ret = 0;
2291 }
2292 }
2293 }
2294 }
2295#ifndef WOLFSSL_USER_IO
2296 if (ret == WOLFSSL_SUCCESS) {
2297 /* Set built-in OCSP lookup. */
2298 cm->ocspIOCb = EmbedOcspLookup;
2299 cm->ocspRespFreeCb = EmbedOcspRespFree;
2300 cm->ocspIOCtx = cm->heap;
2301 }
2302#endif /* WOLFSSL_USER_IO */
2303#endif /* NO_WOLFSSL_SERVER */
2304 if (ret == WOLFSSL_SUCCESS) {
2305 /* Enable OCSP stapling. */
2306 cm->ocspStaplingEnabled = 1;
2307 }
2308#endif /* HAVE_CERTIFICATE_STATUS_REQUEST ||
2309 * HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
2310
2311 return ret;
2312}
2313
2314/* Disables OCSP Stapling.
2315 *
2316 * @param [in] cm Certificate manager.
2317 * @return WOLFSSL_SUCCESS on success.
2318 * @return BAD_FUNC_ARG when cm is NULL.
2319 */
2320int wolfSSL_CertManagerDisableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
2321{
2322 int ret = WOLFSSL_SUCCESS;
2323
2324 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSPStapling");
2325
2326 /* Validate parameter. */
2327 if (cm == NULL) {
2328 ret = BAD_FUNC_ARG;
2329 }
2330 if (ret == WOLFSSL_SUCCESS) {
2331 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
2332 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2333 /* Disable use of OCSP Stapling. */
2334 cm->ocspStaplingEnabled = 0;
2335 #else
2336 /* OCSP stapling feature not enabled. */
2337 ret = NOT_COMPILED_IN;
2338 #endif
2339 }
2340
2341 return ret;
2342}
2343
2344/* Enable the must use OCSP Stapling option.
2345 *
2346 * @param [in] cm Certificate manager.
2347 * @return WOLFSSL_SUCCESS on success.
2348 * @return BAD_FUNC_ARG when cm is NULL.
2349 */
2350int wolfSSL_CertManagerEnableOCSPMustStaple(WOLFSSL_CERT_MANAGER* cm)
2351{
2352 int ret = WOLFSSL_SUCCESS;
2353
2354 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPMustStaple");
2355
2356 /* Validate parameter. */
2357 if (cm == NULL) {
2358 ret = BAD_FUNC_ARG;
2359 }
2360 if (ret == WOLFSSL_SUCCESS) {
2361#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
2362 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2363 #ifndef NO_WOLFSSL_CLIENT
2364 /* Enable must use OCSP Stapling option. */
2365 cm->ocspMustStaple = 1;
2366 #endif
2367#else
2368 /* OCSP stapling feature not enabled. */
2369 ret = NOT_COMPILED_IN;
2370#endif
2371 }
2372
2373 return ret;
2374}
2375
2376/* Disable the must use OCSP Stapling option.
2377 *
2378 * @param [in] cm Certificate manager.
2379 * @return WOLFSSL_SUCCESS on success.
2380 * @return BAD_FUNC_ARG when cm is NULL.
2381 */
2382int wolfSSL_CertManagerDisableOCSPMustStaple(WOLFSSL_CERT_MANAGER* cm)
2383{
2384 int ret = WOLFSSL_SUCCESS;
2385
2386 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSPMustStaple");
2387
2388 /* Validate parameter. */
2389 if (cm == NULL) {
2390 ret = BAD_FUNC_ARG;
2391 }
2392
2393 if (ret == WOLFSSL_SUCCESS) {
2394#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
2395 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2396 #ifndef NO_WOLFSSL_CLIENT
2397 /* Disable must use OCSP Stapling option. */
2398 cm->ocspMustStaple = 0;
2399 #endif
2400#else
2401 /* OCSP stapling feature not enabled. */
2402 ret = NOT_COMPILED_IN;
2403#endif
2404 }
2405
2406 return ret;
2407}
2408
2409#ifdef HAVE_OCSP
2410/* Check DER encoded certificate against with OCSP if checking enabled.
2411 *
2412 * @param [in] cm Certificate manager.
2413 * @param [in] der DER encode certificate.
2414 * @param [in] sz Size in bytes of DER encode certificate.
2415 * @return WOLFSSL_SUCCESS on success.
2416 * @return BAD_FUNC_ARG when cm or der is NULL or sz is negative or 0.
2417 * @return MEMORY_E when dynamic memory allocation fails.
2418 */
2419int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
2420 const unsigned char* der, int sz)
2421{
2422 int ret = 0;
2423 WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
2424
2425 WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP");
2426
2427 /* Validate parameters. */
2428 if ((cm == NULL) || (der == NULL) || (sz <= 0)) {
2429 ret = BAD_FUNC_ARG;
2430 }
2431
2432 /* Check if OCSP checking enabled. */
2433 if ((ret == 0) && cm->ocspEnabled) {
2434 /* Allocate memory for decoded certificate. */
2435 WC_ALLOC_VAR_EX(cert, DecodedCert, 1, cm->heap, DYNAMIC_TYPE_DCERT,
2436 ret=MEMORY_E);
2437 if (WC_VAR_OK(cert))
2438 {
2439 /* Initialize decoded certificate with buffer. */
2440 InitDecodedCert(cert, der, (word32)sz, NULL);
2441
2442 /* Parse certificate and perform CRL checks. */
2443 ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL);
2444 if (ret != 0) {
2445 WOLFSSL_MSG("ParseCert failed");
2446 }
2447 /* Do OCSP checks with decoded certificate. */
2448 else if ((ret = CheckCertOCSP(cm->ocsp, cert)) != 0) {
2449 WOLFSSL_MSG("CheckCertOCSP failed");
2450 }
2451
2452 /* Dispose of dynamically allocated memory. */
2453 FreeDecodedCert(cert);
2454 WC_FREE_VAR_EX(cert, cm->heap, DYNAMIC_TYPE_DCERT);
2455 }
2456 }
2457
2458 return (ret == 0) ? WOLFSSL_SUCCESS : ret;
2459}
2460
2461/* Check OCSP response.
2462 *
2463 * @param [in] cm Certificate manager.
2464 * @param [in] response Buffer holding OCSP response.
2465 * @param [in] responseSz Size in bytes of OCSP response.
2466 * @param [in] responseBuffer Buffer to copy response into.
2467 * @param [in] status Place to store certificate status.
2468 * @param [in] entry Place to store OCSP entry.
2469 * @param [in] ocspRequest OCSP request to match with response.
2470 * @return WOLFSSL_SUCCESS on success.
2471 * @return BAD_FUNC_ARG when cm or response is NULL.
2472 */
2473int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *cm,
2474 byte *response, int responseSz, buffer *responseBuffer,
2475 CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest)
2476{
2477 int ret = 0;
2478
2479 WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSPResponse");
2480
2481 /* Validate parameters. */
2482 if ((cm == NULL) || (response == NULL)) {
2483 ret = BAD_FUNC_ARG;
2484 }
2485 if ((ret == 0) && cm->ocspEnabled) {
2486 /* Check OCSP response with OCSP object from certificate manager. */
2487 ret = CheckOcspResponse(cm->ocsp, response, responseSz, responseBuffer,
2488 status, entry, ocspRequest, NULL);
2489 }
2490
2491 return (ret == 0) ? WOLFSSL_SUCCESS : ret;
2492}
2493
2494/* Set the OCSP override URL.
2495 *
2496 * @param [in] cm Certificate manager.
2497 * @param [in] url URL to get an OCSP response from.
2498 * @return WOLFSSL_SUCCESS on success.
2499 * @return BAD_FUNC_ARG when cm is NULL.
2500 * @return MEMORY_E when dynamic memory allocation fails.
2501 */
2502int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
2503 const char* url)
2504{
2505 int ret = WOLFSSL_SUCCESS;
2506
2507 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
2508
2509 /* Validate parameters. */
2510 if (cm == NULL) {
2511 ret = BAD_FUNC_ARG;
2512 }
2513
2514 if (ret == WOLFSSL_SUCCESS) {
2515 /* Dispose of old URL. */
2516 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
2517 if (url != NULL) {
2518 /* Calculate size of URL string. Include terminator character. */
2519 int urlSz = (int)XSTRLEN(url) + 1;
2520 /* Allocate memory for URL to be copied into. */
2521 cm->ocspOverrideURL = (char*)XMALLOC((size_t)urlSz, cm->heap,
2522 DYNAMIC_TYPE_URL);
2523 if (cm->ocspOverrideURL == NULL) {
2524 ret = MEMORY_E;
2525 }
2526 if (ret == WOLFSSL_SUCCESS) {
2527 /* Copy URL into certificate manager. */
2528 XMEMCPY(cm->ocspOverrideURL, url, (size_t)urlSz);
2529 }
2530 }
2531 else {
2532 /* No URL to set so make it NULL. */
2533 cm->ocspOverrideURL = NULL;
2534 }
2535 }
2536
2537 return ret;
2538}
2539
2540/* Set the OCSP I/O callback, OCSP response free callback and related data.
2541 *
2542 * @param [in] cm Certificate manager.
2543 * @param [in] ioCb OCSP callback.
2544 * @param [in] respFreeCb Callback to free OCSP response buffer.
2545 * @param [in] ioCbCtx Context data to pass to OCSP callbacks.
2546 * @return WOLFSSL_SUCCESS on success.
2547 * @return BAD_FUNC_ARG when cm is NULL.
2548 */
2549int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm, CbOCSPIO ioCb,
2550 CbOCSPRespFree respFreeCb, void* ioCbCtx)
2551{
2552 int ret = WOLFSSL_SUCCESS;
2553
2554 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSP_Cb");
2555
2556 /* Validate parameters. */
2557 if (cm == NULL) {
2558 ret = BAD_FUNC_ARG;
2559 }
2560 if (ret == WOLFSSL_SUCCESS) {
2561 /* Set callbacks and data into certificate manager. */
2562 cm->ocspIOCb = ioCb;
2563 cm->ocspRespFreeCb = respFreeCb;
2564 cm->ocspIOCtx = ioCbCtx;
2565 }
2566
2567 return ret;
2568}
2569
2570#endif /* HAVE_OCSP */
2571
2572/******************************************************************************
2573 * Internal APIs that use WOLFSSL_CERT_MANAGER
2574 ******************************************************************************/
2575
2576/* hash is the SHA digest of name, just use first 32 bits as hash */
2577static WC_INLINE word32 HashSigner(const byte* hash)
2578{
2579 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
2580}
2581
2582
2583/* does CA already exist on signer list */
2584int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
2585{
2586 Signer* signers;
2587 int ret = 0;
2588 word32 row;
2589
2590 if (cm == NULL || hash == NULL) {
2591 return ret;
2592 }
2593
2594 row = HashSigner(hash);
2595
2596 if (wc_LockMutex(&cm->caLock) != 0) {
2597 return ret;
2598 }
2599 signers = cm->caTable[row];
2600 while (signers) {
2601 byte* subjectHash;
2602
2603 #ifndef NO_SKID
2604 subjectHash = signers->subjectKeyIdHash;
2605 #else
2606 subjectHash = signers->subjectNameHash;
2607 #endif
2608
2609 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
2610 ret = 1; /* success */
2611 break;
2612 }
2613 signers = signers->next;
2614 }
2615 wc_UnLockMutex(&cm->caLock);
2616
2617 return ret;
2618}
2619
2620#ifdef WOLFSSL_TRUST_PEER_CERT
2621/* hash is the SHA digest of name, just use first 32 bits as hash */
2622static WC_INLINE word32 TrustedPeerHashSigner(const byte* hash)
2623{
2624 return MakeWordFromHash(hash) % TP_TABLE_SIZE;
2625}
2626
2627/* does trusted peer already exist on signer list */
2628int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert)
2629{
2630 TrustedPeerCert* tp;
2631 int ret = 0;
2632 word32 row = TrustedPeerHashSigner(cert->subjectHash);
2633
2634 if (wc_LockMutex(&cm->tpLock) != 0)
2635 return ret;
2636 tp = cm->tpTable[row];
2637 while (tp) {
2638 if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
2639 SIGNER_DIGEST_SIZE) == 0)
2640 #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
2641 && (XMEMCMP(cert->issuerHash, tp->issuerHash,
2642 SIGNER_DIGEST_SIZE) == 0)
2643 #endif
2644 )
2645 ret = 1;
2646 #ifndef NO_SKID
2647 if (cert->extSubjKeyIdSet) {
2648 /* Compare SKID as well if available */
2649 if (ret == 1 && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash,
2650 SIGNER_DIGEST_SIZE) != 0)
2651 ret = 0;
2652 }
2653 #endif
2654 if (ret == 1)
2655 break;
2656 tp = tp->next;
2657 }
2658 wc_UnLockMutex(&cm->tpLock);
2659
2660 return ret;
2661}
2662
2663/* return Trusted Peer if found, otherwise NULL
2664 type is what to match on
2665 */
2666TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert)
2667{
2668 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
2669 TrustedPeerCert* ret = NULL;
2670 TrustedPeerCert* tp = NULL;
2671 word32 row;
2672
2673 if (cm == NULL || cert == NULL)
2674 return NULL;
2675
2676 row = TrustedPeerHashSigner(cert->subjectHash);
2677
2678 if (wc_LockMutex(&cm->tpLock) != 0)
2679 return ret;
2680
2681 tp = cm->tpTable[row];
2682 while (tp) {
2683 if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
2684 SIGNER_DIGEST_SIZE) == 0)
2685 #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
2686 && (XMEMCMP(cert->issuerHash, tp->issuerHash,
2687 SIGNER_DIGEST_SIZE) == 0)
2688 #endif
2689 )
2690 ret = tp;
2691 #ifndef NO_SKID
2692 if (cert->extSubjKeyIdSet) {
2693 /* Compare SKID as well if available */
2694 if (ret != NULL && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash,
2695 SIGNER_DIGEST_SIZE) != 0)
2696 ret = NULL;
2697 }
2698 #endif
2699 if (ret != NULL)
2700 break;
2701 tp = tp->next;
2702 }
2703 wc_UnLockMutex(&cm->tpLock);
2704
2705 return ret;
2706}
2707
2708
2709int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert)
2710{
2711 if (tp == NULL || cert == NULL)
2712 return BAD_FUNC_ARG;
2713
2714 /* subject key id or subject hash has been compared when searching
2715 tpTable for the cert from function GetTrustedPeer */
2716
2717 /* compare signatures */
2718 if (tp->sigLen == cert->sigLength) {
2719 if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) {
2720 return WOLFSSL_FAILURE;
2721 }
2722 }
2723 else {
2724 return WOLFSSL_FAILURE;
2725 }
2726
2727 return WOLFSSL_SUCCESS;
2728}
2729#endif /* WOLFSSL_TRUST_PEER_CERT */
2730
2731/* return CA if found, otherwise NULL */
2732Signer* GetCA(void* vp, byte* hash)
2733{
2734 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
2735 Signer* ret = NULL;
2736 Signer* signers;
2737 word32 row = 0;
2738
2739 if (cm == NULL || hash == NULL)
2740 return NULL;
2741
2742 row = HashSigner(hash);
2743
2744 if (wc_LockMutex(&cm->caLock) != 0)
2745 return ret;
2746
2747 signers = cm->caTable[row];
2748 while (signers) {
2749 byte* subjectHash;
2750 #ifndef NO_SKID
2751 subjectHash = signers->subjectKeyIdHash;
2752 #else
2753 subjectHash = signers->subjectNameHash;
2754 #endif
2755 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
2756 ret = signers;
2757 break;
2758 }
2759 signers = signers->next;
2760 }
2761 wc_UnLockMutex(&cm->caLock);
2762
2763 return ret;
2764}
2765
2766#if defined(HAVE_OCSP)
2767Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
2768{
2769 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
2770 Signer* ret = NULL;
2771 Signer* signers;
2772 int row;
2773
2774 if (cm == NULL || keyHash == NULL)
2775 return NULL;
2776
2777 /* try lookup using keyHash as subjKeyID first */
2778 ret = GetCA(vp, (byte*)keyHash);
2779 if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
2780 return ret;
2781 }
2782
2783 /* if we can't find the cert, we have to scan the full table */
2784 if (wc_LockMutex(&cm->caLock) != 0)
2785 return NULL;
2786
2787 /* Unfortunately we need to look through the entire table */
2788 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
2789 for (signers = cm->caTable[row]; signers != NULL;
2790 signers = signers->next) {
2791 if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
2792 ret = signers;
2793 break;
2794 }
2795 }
2796 }
2797
2798 wc_UnLockMutex(&cm->caLock);
2799 return ret;
2800}
2801#endif
2802#ifdef WOLFSSL_AKID_NAME
2803Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
2804 const byte* serial, word32 serialSz)
2805{
2806 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
2807 Signer* ret = NULL;
2808 Signer* signers;
2809 byte nameHash[SIGNER_DIGEST_SIZE];
2810 byte serialHash[SIGNER_DIGEST_SIZE];
2811 word32 row;
2812
2813 if (cm == NULL || issuer == NULL || issuerSz == 0 ||
2814 serial == NULL || serialSz == 0)
2815 return NULL;
2816
2817 if (CalcHashId(issuer, issuerSz, nameHash) != 0 ||
2818 CalcHashId(serial, serialSz, serialHash) != 0)
2819 return NULL;
2820
2821 if (wc_LockMutex(&cm->caLock) != 0)
2822 return ret;
2823
2824 /* Unfortunately we need to look through the entire table */
2825 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
2826 for (signers = cm->caTable[row]; signers != NULL;
2827 signers = signers->next) {
2828 if (XMEMCMP(signers->issuerNameHash, nameHash, SIGNER_DIGEST_SIZE)
2829 == 0 && XMEMCMP(signers->serialHash, serialHash,
2830 SIGNER_DIGEST_SIZE) == 0) {
2831 ret = signers;
2832 break;
2833 }
2834 }
2835 }
2836
2837 wc_UnLockMutex(&cm->caLock);
2838
2839 return ret;
2840}
2841#endif
2842
2843#ifndef NO_SKID
2844/* return CA if found, otherwise NULL. Walk through hash table. */
2845Signer* GetCAByName(void* vp, byte* hash)
2846{
2847 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
2848 Signer* ret = NULL;
2849 Signer* signers;
2850 word32 row;
2851
2852 if (cm == NULL)
2853 return NULL;
2854
2855 if (wc_LockMutex(&cm->caLock) != 0)
2856 return ret;
2857
2858 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
2859 signers = cm->caTable[row];
2860 while (signers && ret == NULL) {
2861 if (XMEMCMP(hash, signers->subjectNameHash,
2862 SIGNER_DIGEST_SIZE) == 0) {
2863 ret = signers;
2864 }
2865 signers = signers->next;
2866 }
2867 }
2868 wc_UnLockMutex(&cm->caLock);
2869
2870 return ret;
2871}
2872#endif
2873
2874#ifdef WOLFSSL_TRUST_PEER_CERT
2875/* add a trusted peer cert to linked list */
2876int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
2877{
2878 int ret = 0;
2879 int row = 0;
2880 TrustedPeerCert* peerCert;
2881 DecodedCert* cert;
2882 DerBuffer* der = *pDer;
2883
2884 WOLFSSL_MSG("Adding a Trusted Peer Cert");
2885
2886 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
2887 DYNAMIC_TYPE_DCERT);
2888 if (cert == NULL) {
2889 FreeDer(&der);
2890 return MEMORY_E;
2891 }
2892
2893 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
2894 if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
2895 FreeDecodedCert(cert);
2896 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
2897 FreeDer(&der);
2898 return ret;
2899 }
2900 WOLFSSL_MSG("\tParsed new trusted peer cert");
2901
2902 peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap,
2903 DYNAMIC_TYPE_CERT);
2904 if (peerCert == NULL) {
2905 FreeDecodedCert(cert);
2906 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
2907 FreeDer(&der);
2908 return MEMORY_E;
2909 }
2910 XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
2911
2912 if (AlreadyTrustedPeer(cm, cert)) {
2913 WOLFSSL_MSG("\tAlready have this CA, not adding again");
2914 FreeTrustedPeer(peerCert, cm->heap);
2915 (void)ret;
2916 }
2917 else {
2918 /* add trusted peer signature */
2919 peerCert->sigLen = cert->sigLength;
2920 peerCert->sig = (byte *)XMALLOC(cert->sigLength, cm->heap,
2921 DYNAMIC_TYPE_SIGNATURE);
2922 if (peerCert->sig == NULL) {
2923 FreeDecodedCert(cert);
2924 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
2925 FreeTrustedPeer(peerCert, cm->heap);
2926 FreeDer(&der);
2927 return MEMORY_E;
2928 }
2929 XMEMCPY(peerCert->sig, cert->signature, cert->sigLength);
2930
2931 /* add trusted peer name */
2932 peerCert->nameLen = cert->subjectCNLen;
2933 peerCert->name = cert->subjectCN;
2934 #ifndef IGNORE_NAME_CONSTRAINTS
2935 peerCert->permittedNames = cert->permittedNames;
2936 peerCert->excludedNames = cert->excludedNames;
2937 #endif
2938
2939 /* add SKID when available and hash of name */
2940 #ifndef NO_SKID
2941 XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId,
2942 SIGNER_DIGEST_SIZE);
2943 #endif
2944 XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
2945 SIGNER_DIGEST_SIZE);
2946 #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
2947 XMEMCPY(peerCert->issuerHash, cert->issuerHash,
2948 SIGNER_DIGEST_SIZE);
2949 #endif
2950 /* If Key Usage not set, all uses valid. */
2951 peerCert->next = NULL;
2952 cert->subjectCN = 0;
2953 #ifndef IGNORE_NAME_CONSTRAINTS
2954 cert->permittedNames = NULL;
2955 cert->excludedNames = NULL;
2956 #endif
2957
2958 row = (int)TrustedPeerHashSigner(peerCert->subjectNameHash);
2959
2960 if (wc_LockMutex(&cm->tpLock) == 0) {
2961 peerCert->next = cm->tpTable[row];
2962 cm->tpTable[row] = peerCert; /* takes ownership */
2963 wc_UnLockMutex(&cm->tpLock);
2964 }
2965 else {
2966 WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed");
2967 FreeDecodedCert(cert);
2968 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
2969 FreeTrustedPeer(peerCert, cm->heap);
2970 FreeDer(&der);
2971 return BAD_MUTEX_E;
2972 }
2973 }
2974
2975 WOLFSSL_MSG("\tFreeing parsed trusted peer cert");
2976 FreeDecodedCert(cert);
2977 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
2978 WOLFSSL_MSG("\tFreeing der trusted peer cert");
2979 FreeDer(&der);
2980 WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert");
2981 WOLFSSL_LEAVE("AddTrustedPeer", ret);
2982
2983 return WOLFSSL_SUCCESS;
2984}
2985#endif /* WOLFSSL_TRUST_PEER_CERT */
2986
2987int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s)
2988{
2989 byte* subjectHash;
2990 Signer* signers;
2991 word32 row;
2992
2993 if (cm == NULL || s == NULL)
2994 return BAD_FUNC_ARG;
2995
2996#ifndef NO_SKID
2997 subjectHash = s->subjectKeyIdHash;
2998#else
2999 subjectHash = s->subjectNameHash;
3000#endif
3001
3002 if (AlreadySigner(cm, subjectHash)) {
3003 FreeSigner(s, cm->heap);
3004 return 0;
3005 }
3006
3007 row = HashSigner(subjectHash);
3008
3009 if (wc_LockMutex(&cm->caLock) != 0)
3010 return BAD_MUTEX_E;
3011
3012 signers = cm->caTable[row];
3013 s->next = signers;
3014 cm->caTable[row] = s;
3015
3016 wc_UnLockMutex(&cm->caLock);
3017 return 0;
3018}
3019
3020/* owns der, internal now uses too */
3021/* type flag ids from user or from chain received during verify
3022 don't allow chain ones to be added w/o isCA extension */
3023int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
3024{
3025 int ret = 0;
3026 Signer* signer = NULL;
3027 word32 row = 0;
3028 byte* subjectHash = NULL;
3029 WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
3030 DerBuffer* der = *pDer;
3031
3032 WOLFSSL_MSG_CERT_LOG("Adding a CA");
3033
3034 if (cm == NULL) {
3035 FreeDer(pDer);
3036 return BAD_FUNC_ARG;
3037 }
3038
3039 #ifdef WOLFSSL_SMALL_STACK
3040 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
3041 if (cert == NULL) {
3042 FreeDer(pDer);
3043 return MEMORY_E;
3044 }
3045 #endif
3046
3047 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
3048
3049#ifdef WC_ASN_UNKNOWN_EXT_CB
3050 if (cm->unknownExtCallback != NULL) {
3051 wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
3052 }
3053#endif
3054
3055 WOLFSSL_MSG_CERT("\tParsing new CA");
3056 ret = ParseCert(cert, CA_TYPE, verify, cm);
3057
3058 WOLFSSL_MSG("\tParsed new CA");
3059#ifdef WOLFSSL_DEBUG_CERTS
3060 {
3061 const char* err_msg;
3062 if (ret == 0) {
3063 WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer: '%s'",
3064 cert->issuer);
3065 WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'",
3066 cert->subject);
3067 }
3068 else {
3069 WOLFSSL_MSG_CERT(
3070 WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA");
3071 err_msg = wc_GetErrorString(ret);
3072 WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s",
3073 ret, err_msg);
3074 }
3075 }
3076#endif /* WOLFSSL_DEBUG_CERTS */
3077
3078#ifndef NO_SKID
3079 subjectHash = cert->extSubjKeyId;
3080#else
3081 subjectHash = cert->subjectHash;
3082#endif
3083
3084 /* check CA key size */
3085 if (verify && (ret == 0 )) {
3086 switch (cert->keyOID) {
3087 #ifndef NO_RSA
3088 #ifdef WC_RSA_PSS
3089 case RSAPSSk:
3090 #endif
3091 case RSAk:
3092 if (cm->minRsaKeySz < 0 ||
3093 cert->pubKeySize < (word16)cm->minRsaKeySz) {
3094 ret = RSA_KEY_SIZE_E;
3095 WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error");
3096 WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; "
3097 "minRsaKeySz = %d",
3098 cert->pubKeySize, cm->minRsaKeySz);
3099 }
3100 break;
3101 #endif /* !NO_RSA */
3102 #ifdef HAVE_ECC
3103 case ECDSAk:
3104 if (cm->minEccKeySz < 0 ||
3105 cert->pubKeySize < (word16)cm->minEccKeySz) {
3106 ret = ECC_KEY_SIZE_E;
3107 WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error");
3108 WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; "
3109 "minEccKeySz = %d",
3110 cert->pubKeySize, cm->minEccKeySz);
3111 }
3112 break;
3113 #endif /* HAVE_ECC */
3114 #ifdef HAVE_ED25519
3115 case ED25519k:
3116 if (cm->minEccKeySz < 0 ||
3117 ED25519_KEY_SIZE < (word16)cm->minEccKeySz) {
3118 ret = ECC_KEY_SIZE_E;
3119 WOLFSSL_MSG("\tCA ECC key size error");
3120 }
3121 break;
3122 #endif /* HAVE_ED25519 */
3123 #ifdef HAVE_ED448
3124 case ED448k:
3125 if (cm->minEccKeySz < 0 ||
3126 ED448_KEY_SIZE < (word16)cm->minEccKeySz) {
3127 ret = ECC_KEY_SIZE_E;
3128 WOLFSSL_MSG("\tCA ECC key size error");
3129 }
3130 break;
3131 #endif /* HAVE_ED448 */
3132 #if defined(HAVE_FALCON)
3133 case FALCON_LEVEL1k:
3134 if (cm->minFalconKeySz < 0 ||
3135 FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) {
3136 ret = FALCON_KEY_SIZE_E;
3137 WOLFSSL_MSG("\tCA Falcon level 1 key size error");
3138 }
3139 break;
3140 case FALCON_LEVEL5k:
3141 if (cm->minFalconKeySz < 0 ||
3142 FALCON_LEVEL5_KEY_SIZE < (word16)cm->minFalconKeySz) {
3143 ret = FALCON_KEY_SIZE_E;
3144 WOLFSSL_MSG("\tCA Falcon level 5 key size error");
3145 }
3146 break;
3147 #endif /* HAVE_FALCON */
3148 #if defined(HAVE_DILITHIUM)
3149 #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
3150 case DILITHIUM_LEVEL2k:
3151 if (cm->minDilithiumKeySz < 0 ||
3152 DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
3153 ret = DILITHIUM_KEY_SIZE_E;
3154 WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
3155 }
3156 break;
3157 case DILITHIUM_LEVEL3k:
3158 if (cm->minDilithiumKeySz < 0 ||
3159 DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
3160 ret = DILITHIUM_KEY_SIZE_E;
3161 WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
3162 }
3163 break;
3164 case DILITHIUM_LEVEL5k:
3165 if (cm->minDilithiumKeySz < 0 ||
3166 DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
3167 ret = DILITHIUM_KEY_SIZE_E;
3168 WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
3169 }
3170 break;
3171 #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
3172 case ML_DSA_LEVEL2k:
3173 if (cm->minDilithiumKeySz < 0 ||
3174 ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
3175 ret = DILITHIUM_KEY_SIZE_E;
3176 WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
3177 }
3178 break;
3179 case ML_DSA_LEVEL3k:
3180 if (cm->minDilithiumKeySz < 0 ||
3181 ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
3182 ret = DILITHIUM_KEY_SIZE_E;
3183 WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
3184 }
3185 break;
3186 case ML_DSA_LEVEL5k:
3187 if (cm->minDilithiumKeySz < 0 ||
3188 ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
3189 ret = DILITHIUM_KEY_SIZE_E;
3190 WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
3191 }
3192 break;
3193 #endif /* HAVE_DILITHIUM */
3194
3195 default:
3196 WOLFSSL_MSG("\tNo key size check done on CA");
3197 break; /* no size check if key type is not in switch */
3198 }
3199 }
3200
3201 if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA &&
3202 type != WOLFSSL_TEMP_CA) {
3203 WOLFSSL_MSG("\tCan't add as CA if not actually one");
3204 ret = NOT_CA_ERROR;
3205 }
3206#ifndef ALLOW_INVALID_CERTSIGN
3207 else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
3208 type != WOLFSSL_TEMP_CA && !cert->selfSigned &&
3209 (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
3210 /* Intermediate CA certs are required to have the keyCertSign
3211 * extension set. User loaded root certs are not. */
3212 WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
3213 ret = NOT_CA_ERROR;
3214 }
3215#endif
3216 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
3217 WOLFSSL_MSG("\tAlready have this CA, not adding again");
3218 (void)ret;
3219 }
3220 else if (ret == 0) {
3221 /* take over signer parts */
3222 signer = MakeSigner(cm->heap);
3223 if (!signer)
3224 ret = MEMORY_ERROR;
3225 }
3226 if (ret == 0 && signer != NULL) {
3227 ret = FillSigner(signer, cert, type, der);
3228
3229 if (ret == 0){
3230 #ifndef NO_SKID
3231 row = HashSigner(signer->subjectKeyIdHash);
3232 #else
3233 row = HashSigner(signer->subjectNameHash);
3234 #endif
3235 }
3236
3237 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
3238 /* Verify CA by TSIP so that generated tsip key is going to */
3239 /* be able to be used for peer's cert verification */
3240 /* TSIP is only able to handle USER CA, and only one CA. */
3241 /* Therefore, it doesn't need to call TSIP again if there is already */
3242 /* verified CA. */
3243 if ( ret == 0 && signer != NULL ) {
3244 signer->cm_idx = row;
3245 if (type == WOLFSSL_USER_CA) {
3246 if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
3247 cert->maxIdx,
3248 cert->sigCtx.CertAtt.pubkey_n_start,
3249 cert->sigCtx.CertAtt.pubkey_n_len - 1,
3250 cert->sigCtx.CertAtt.pubkey_e_start,
3251 cert->sigCtx.CertAtt.pubkey_e_len - 1,
3252 row/* cm index */))
3253 < 0)
3254 WOLFSSL_MSG("Renesas_RootCertVerify() failed");
3255 else
3256 WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
3257 }
3258 }
3259 #endif /* TSIP or SCE */
3260
3261 if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
3262 signer->next = cm->caTable[row];
3263 cm->caTable[row] = signer; /* takes ownership */
3264 wc_UnLockMutex(&cm->caLock);
3265 if (cm->caCacheCallback)
3266 cm->caCacheCallback(der->buffer, (int)der->length, type);
3267 }
3268 else {
3269 WOLFSSL_MSG("\tCA Mutex Lock failed");
3270 ret = BAD_MUTEX_E;
3271 }
3272 }
3273
3274 WOLFSSL_MSG("\tFreeing Parsed CA");
3275 FreeDecodedCert(cert);
3276 if (ret != 0 && signer != NULL)
3277 FreeSigner(signer, cm->heap);
3278 WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT);
3279 WOLFSSL_MSG("\tFreeing der CA");
3280 FreeDer(pDer);
3281 WOLFSSL_MSG("\t\tOK Freeing der CA");
3282
3283 WOLFSSL_LEAVE("AddCA", ret);
3284
3285 return ret == 0 ? WOLFSSL_SUCCESS : ret;
3286}
3287
3288/* Removes the CA with the passed in subject hash from the
3289 cert manager's CA cert store. */
3290int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
3291{
3292 Signer* current;
3293 Signer** prev;
3294 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
3295 word32 row;
3296
3297 WOLFSSL_MSG("Removing a CA");
3298
3299 if (cm == NULL || hash == NULL) {
3300 return BAD_FUNC_ARG;
3301 }
3302
3303 row = HashSigner(hash);
3304
3305 if (wc_LockMutex(&cm->caLock) != 0) {
3306 return BAD_MUTEX_E;
3307 }
3308 current = cm->caTable[row];
3309 prev = &cm->caTable[row];
3310 while (current) {
3311 byte* subjectHash;
3312
3313 #ifndef NO_SKID
3314 subjectHash = current->subjectKeyIdHash;
3315 #else
3316 subjectHash = current->subjectNameHash;
3317 #endif
3318
3319 if ((current->type == type) &&
3320 (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0)) {
3321 *prev = current->next;
3322 FreeSigner(current, cm->heap);
3323 ret = WOLFSSL_SUCCESS;
3324 break;
3325 }
3326 prev = ¤t->next;
3327 current = current->next;
3328 }
3329 wc_UnLockMutex(&cm->caLock);
3330
3331 WOLFSSL_LEAVE("RemoveCA", ret);
3332
3333 return ret;
3334}
3335
3336/* Sets the CA with the passed in subject hash
3337 to the provided type. */
3338int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
3339{
3340 Signer* current;
3341 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
3342 word32 row;
3343
3344 WOLFSSL_MSG_EX("Setting CA to type %d", type);
3345
3346 if (cm == NULL || hash == NULL ||
3347 type < WOLFSSL_USER_CA || type > WOLFSSL_USER_INTER) {
3348 return ret;
3349 }
3350
3351 row = HashSigner(hash);
3352
3353 if (wc_LockMutex(&cm->caLock) != 0) {
3354 return ret;
3355 }
3356 current = cm->caTable[row];
3357 while (current) {
3358 byte* subjectHash;
3359
3360 #ifndef NO_SKID
3361 subjectHash = current->subjectKeyIdHash;
3362 #else
3363 subjectHash = current->subjectNameHash;
3364 #endif
3365
3366 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
3367 current->type = (byte)type;
3368 ret = WOLFSSL_SUCCESS;
3369 break;
3370 }
3371 current = current->next;
3372 }
3373 wc_UnLockMutex(&cm->caLock);
3374
3375 WOLFSSL_LEAVE("SetCAType", ret);
3376
3377 return ret;
3378}
3379
3380#endif /* NO_CERTS */
3381
3382#endif /* !WOLFSSL_SSL_CERTMAN_INCLUDED */