From c4b7723a8738a91a788a6b899a8a31bf8889a9c3 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Sun, 19 Apr 2026 10:59:15 +0300 Subject: [PATCH 1/6] Initial commit to add some more openssl compatibility layer functions --- src/bio.c | 24 ++++++++++ src/ssl.c | 23 +++++++-- tests/api.c | 96 +++++++++++++++++++++++++++++++++++++- tests/api/test_ossl_bio.c | 37 +++++++++++++++ tests/api/test_ossl_bio.h | 4 +- wolfcrypt/src/evp_pk.c | 39 ++++++++++++++++ wolfssl/openssl/bio.h | 2 + wolfssl/openssl/opensslv.h | 15 ++++++ wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 7 +++ 10 files changed, 241 insertions(+), 7 deletions(-) diff --git a/src/bio.c b/src/bio.c index 13fdef3a5df..02ccdb55e75 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2099,6 +2099,30 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) return WOLFSSL_SUCCESS; } +/* Returns a unique index for a new custom BIO type. + * In OpenSSL, custom BIO types start at BIO_TYPE_START (128|0x0200). + * wolfSSL uses a simpler scheme starting at 128. + * + * @return New unique BIO type index on success. + * @return -1 when the index space is exhausted. + */ +int wolfSSL_BIO_get_new_index(void) +{ + static int bio_type_idx = WOLFSSL_BIO_TYPE_START; + int idx; + + WOLFSSL_ENTER("wolfSSL_BIO_get_new_index"); + + idx = bio_type_idx; + if (idx > WOLFSSL_BIO_TYPE_MAX + WOLFSSL_BIO_TYPE_START) { + WOLFSSL_MSG("BIO type index space exhausted"); + return -1; + } + bio_type_idx++; + + return idx; +} + /* creates a new custom WOLFSSL_BIO_METHOD */ WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int type, const char *name) { diff --git a/src/ssl.c b/src/ssl.c index c215101175c..891f0cae603 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10856,10 +10856,25 @@ const char* wolfSSL_lib_version(void) #ifdef OPENSSL_EXTRA #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L -const char* wolfSSL_OpenSSL_version(int a) -{ - (void)a; - return "wolfSSL " LIBWOLFSSL_VERSION_STRING; +const char* wolfSSL_OpenSSL_version(int type) +{ + WOLFSSL_ENTER("wolfSSL_OpenSSL_version"); + switch (type) { + case OPENSSL_VERSION: + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; + case OPENSSL_CFLAGS: + return "compiler: information not available"; + case OPENSSL_BUILT_ON: + return "built on: " __DATE__ " " __TIME__; + case OPENSSL_PLATFORM: + return "platform: information not available"; + case OPENSSL_DIR: + return "OPENSSLDIR: \"\""; + case OPENSSL_ENGINES_DIR: + return "ENGINESDIR: N/A"; + default: + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; + } } #else const char* wolfSSL_OpenSSL_version(void) diff --git a/tests/api.c b/tests/api.c index 6208cc2b2dd..8568861a3a3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18519,6 +18519,70 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) return EXPECT_RESULT(); } +static int test_wolfSSL_i2d_PUBKEY_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + EVP_PKEY* pkey2 = NULL; + + /* NULL parameter tests */ + ExpectIntEQ(wolfSSL_i2d_PUBKEY_bio(NULL, NULL), WOLFSSL_FAILURE); + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + { + const unsigned char* p = client_keypub_der_2048; + /* Load an RSA public key from DER buffer */ + ExpectNotNull(pkey = d2i_PUBKEY(NULL, &p, + sizeof_client_keypub_der_2048)); + + /* Write it to BIO */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PUBKEY_bio(bio, pkey), WOLFSSL_SUCCESS); + + /* Read it back and verify round-trip */ + ExpectNotNull(pkey2 = d2i_PUBKEY_bio(bio, NULL)); + + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + } +#endif + +#if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC) + { + const unsigned char* p = ecc_clikeypub_der_256; + /* Load an ECC public key from DER buffer */ + ExpectNotNull(pkey = d2i_PUBKEY(NULL, &p, + sizeof_ecc_clikeypub_der_256)); + + /* Write it to BIO */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PUBKEY_bio(bio, pkey), WOLFSSL_SUCCESS); + + /* Read it back and verify round-trip */ + ExpectNotNull(pkey2 = d2i_PUBKEY_bio(bio, NULL)); + + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + } +#endif + + (void)pkey; + (void)pkey2; + (void)bio; +#endif + return EXPECT_RESULT(); +} + #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \ !defined(NO_TLS) static int test_wolfSSL_d2i_PrivateKeys_bio(void) @@ -27620,12 +27684,39 @@ static int test_wolfSSL_OpenSSL_version(void) const char* ver; #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L - ExpectNotNull(ver = OpenSSL_version(0)); + ExpectNotNull(ver = OpenSSL_version(OPENSSL_VERSION)); + ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, + XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + + /* Test OPENSSL_CFLAGS type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_CFLAGS)); + ExpectNotNull(XSTRSTR(ver, "compiler:")); + + /* Test OPENSSL_BUILT_ON type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_BUILT_ON)); + ExpectNotNull(XSTRSTR(ver, "built on:")); + + /* Test OPENSSL_PLATFORM type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_PLATFORM)); + ExpectNotNull(XSTRSTR(ver, "platform:")); + + /* Test OPENSSL_DIR type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_DIR)); + ExpectNotNull(XSTRSTR(ver, "OPENSSLDIR:")); + + /* Test OPENSSL_ENGINES_DIR type */ + ExpectNotNull(ver = OpenSSL_version(OPENSSL_ENGINES_DIR)); + ExpectNotNull(XSTRSTR(ver, "ENGINESDIR:")); + + /* Test unknown type falls back to version string */ + ExpectNotNull(ver = OpenSSL_version(99)); + ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, + XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); #else ExpectNotNull(ver = OpenSSL_version()); -#endif ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); +#endif #endif return EXPECT_RESULT(); } @@ -34672,6 +34763,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey_ecc), #ifndef NO_BIO TEST_DECL(test_wolfSSL_d2i_PUBKEY), + TEST_DECL(test_wolfSSL_i2d_PUBKEY_bio), #endif TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams), TEST_DECL(test_wolfSSL_i2d_PrivateKey), diff --git a/tests/api/test_ossl_bio.c b/tests/api/test_ossl_bio.c index 45c8e94086c..cf9b87ec3c9 100644 --- a/tests/api/test_ossl_bio.c +++ b/tests/api/test_ossl_bio.c @@ -1827,5 +1827,42 @@ int test_wolfSSL_BIO_get_init(void) return EXPECT_RESULT(); } +int test_wolfSSL_BIO_get_new_index(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + int idx1, idx2, idx3; + BIO_METHOD* meth = NULL; + BIO* bio = NULL; + + /* Get three consecutive indices - should be unique and >= 128 */ + idx1 = BIO_get_new_index(); + idx2 = BIO_get_new_index(); + idx3 = BIO_get_new_index(); + + ExpectIntGE(idx1, BIO_TYPE_START); + ExpectIntGE(idx2, BIO_TYPE_START); + ExpectIntGE(idx3, BIO_TYPE_START); + + /* Each index must be unique */ + ExpectIntNE(idx1, idx2); + ExpectIntNE(idx2, idx3); + ExpectIntNE(idx1, idx3); + + /* Indices should be sequential */ + ExpectIntEQ(idx2, idx1 + 1); + ExpectIntEQ(idx3, idx2 + 1); + + /* Use returned index with BIO_meth_new */ + ExpectNotNull(meth = BIO_meth_new(idx1, "custom_test")); + ExpectNotNull(bio = BIO_new(meth)); + ExpectIntEQ(BIO_method_type(bio), idx1); + + BIO_free(bio); + BIO_meth_free(meth); +#endif + return EXPECT_RESULT(); +} + #endif /* !NO_BIO */ diff --git a/tests/api/test_ossl_bio.h b/tests/api/test_ossl_bio.h index d401193b147..d1335c6aecf 100644 --- a/tests/api/test_ossl_bio.h +++ b/tests/api/test_ossl_bio.h @@ -47,6 +47,7 @@ int test_wolfSSL_BIO_set_conn_hostname(void); int test_wolfSSL_BIO_ctrl_pending_chain(void); int test_wolfSSL_BIO_meth_type_large(void); int test_wolfSSL_BIO_get_init(void); +int test_wolfSSL_BIO_get_new_index(void); #define TEST_OSSL_BIO_DECLS \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_gets), \ @@ -66,7 +67,8 @@ int test_wolfSSL_BIO_get_init(void); TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_set_conn_hostname), \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_ctrl_pending_chain), \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_meth_type_large), \ - TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_init) + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_init), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_new_index) #define TEST_OSSL_BIO_TLS_DECLS \ TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_connect), \ diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index 7c9f25539ce..13455127957 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -2420,6 +2420,45 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) { return wolfSSL_i2d_PublicKey(key, der); } + +#ifndef NO_BIO +/* Encode public key as DER data and write to BIO. + * + * @param [in] bio BIO to write data to. + * @param [in] key Public key to encode. + * @return WOLFSSL_SUCCESS on success. + * @return WOLFSSL_FAILURE on failure. + */ +int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int derSz = 0; + byte* der = NULL; + + WOLFSSL_ENTER("wolfSSL_i2d_PUBKEY_bio"); + + if (bio == NULL || key == NULL) { + return WOLFSSL_FAILURE; + } + + derSz = wolfSSL_i2d_PUBKEY(key, &der); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, der, derSz) != derSz) { + goto cleanup; + } + + ret = WOLFSSL_SUCCESS; + +cleanup: + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + return ret; +} +#endif /* !NO_BIO */ + #endif /* !NO_ASN && !NO_PWDBASED */ #endif /* OPENSSL_EXTRA */ diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index f797d94ab58..f34bc1450cf 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -138,6 +138,8 @@ #define BIO_TYPE_BIO WOLFSSL_BIO_BIO #define BIO_TYPE_MEM WOLFSSL_BIO_MEMORY #define BIO_TYPE_BASE64 WOLFSSL_BIO_BASE64 +#define BIO_TYPE_START WOLFSSL_BIO_TYPE_START +#define BIO_get_new_index wolfSSL_BIO_get_new_index #define BIO_vprintf wolfSSL_BIO_vprintf #define BIO_printf wolfSSL_BIO_printf diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index df75d9e0d43..a11284c9c34 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -68,6 +68,21 @@ #ifndef OPENSSL_VERSION #define OPENSSL_VERSION 0 #endif +#ifndef OPENSSL_CFLAGS + #define OPENSSL_CFLAGS 1 +#endif +#ifndef OPENSSL_BUILT_ON + #define OPENSSL_BUILT_ON 2 +#endif +#ifndef OPENSSL_PLATFORM + #define OPENSSL_PLATFORM 3 +#endif +#ifndef OPENSSL_DIR + #define OPENSSL_DIR 4 +#endif +#ifndef OPENSSL_ENGINES_DIR + #define OPENSSL_ENGINES_DIR 5 +#endif #ifndef OPENSSL_IS_WOLFSSL #define OPENSSL_IS_WOLFSSL diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 063500675e1..680b2a1665b 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -273,6 +273,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_CTX_set_ecdh_auto wolfSSL_CTX_set_ecdh_auto #define i2d_PUBKEY wolfSSL_i2d_PUBKEY +#define i2d_PUBKEY_bio wolfSSL_i2d_PUBKEY_bio #define i2d_X509_PUBKEY wolfSSL_i2d_X509_PUBKEY #define d2i_PUBKEY wolfSSL_d2i_PUBKEY #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 713c5a55c07..4969d6ceec3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -772,6 +772,11 @@ enum BIO_TYPE { WOLFSSL_BIO_NULL = 10 }; +/* Starting index for custom BIO types returned by wolfSSL_BIO_get_new_index. + * Matches OpenSSL BIO_TYPE_START (128). */ +#define WOLFSSL_BIO_TYPE_START 128 +#define WOLFSSL_BIO_TYPE_MAX 255 + enum BIO_FLAGS { WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01, WOLFSSL_BIO_FLAG_READ = 0x02, @@ -2176,6 +2181,7 @@ WOLFSSL_API int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_should_read(WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_should_write(WOLFSSL_BIO *bio); +WOLFSSL_API int wolfSSL_BIO_get_new_index(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int type, const char* name); WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD* biom); WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_write_cb biom_write); @@ -2468,6 +2474,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, const unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der); +WOLFSSL_API int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey, From ab662642f2fdfb77358448d9145b0f6fbb1a68d0 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Thu, 23 Apr 2026 21:27:48 +0300 Subject: [PATCH 2/6] Refactor : fix some buggy logic + cleaned code --- src/bio.c | 9 +-------- src/ssl.c | 6 +++--- tests/api/test_ossl_bio.c | 11 +++++++---- wolfcrypt/src/evp_pk.c | 6 ++++-- 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/src/bio.c b/src/bio.c index 02ccdb55e75..39419ab6365 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2099,13 +2099,6 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) return WOLFSSL_SUCCESS; } -/* Returns a unique index for a new custom BIO type. - * In OpenSSL, custom BIO types start at BIO_TYPE_START (128|0x0200). - * wolfSSL uses a simpler scheme starting at 128. - * - * @return New unique BIO type index on success. - * @return -1 when the index space is exhausted. - */ int wolfSSL_BIO_get_new_index(void) { static int bio_type_idx = WOLFSSL_BIO_TYPE_START; @@ -2114,7 +2107,7 @@ int wolfSSL_BIO_get_new_index(void) WOLFSSL_ENTER("wolfSSL_BIO_get_new_index"); idx = bio_type_idx; - if (idx > WOLFSSL_BIO_TYPE_MAX + WOLFSSL_BIO_TYPE_START) { + if (idx > WOLFSSL_BIO_TYPE_MAX) { WOLFSSL_MSG("BIO type index space exhausted"); return -1; } diff --git a/src/ssl.c b/src/ssl.c index 891f0cae603..1b438fc3a5a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10869,7 +10869,7 @@ const char* wolfSSL_OpenSSL_version(int type) case OPENSSL_PLATFORM: return "platform: information not available"; case OPENSSL_DIR: - return "OPENSSLDIR: \"\""; + return "OPENSSLDIR: N/A"; case OPENSSL_ENGINES_DIR: return "ENGINESDIR: N/A"; default: @@ -10881,8 +10881,8 @@ const char* wolfSSL_OpenSSL_version(void) { return "wolfSSL " LIBWOLFSSL_VERSION_STRING; } -#endif /* WOLFSSL_QT */ -#endif +#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ +#endif /* OPENSSL_EXTRA */ /* current library version in hex */ diff --git a/tests/api/test_ossl_bio.c b/tests/api/test_ossl_bio.c index cf9b87ec3c9..9506438fc10 100644 --- a/tests/api/test_ossl_bio.c +++ b/tests/api/test_ossl_bio.c @@ -1835,23 +1835,26 @@ int test_wolfSSL_BIO_get_new_index(void) BIO_METHOD* meth = NULL; BIO* bio = NULL; - /* Get three consecutive indices - should be unique and >= 128 */ + /* Get three consecutive indices - should be unique and in valid range */ idx1 = BIO_get_new_index(); idx2 = BIO_get_new_index(); idx3 = BIO_get_new_index(); ExpectIntGE(idx1, BIO_TYPE_START); + ExpectIntLE(idx1, WOLFSSL_BIO_TYPE_MAX); ExpectIntGE(idx2, BIO_TYPE_START); + ExpectIntLE(idx2, WOLFSSL_BIO_TYPE_MAX); ExpectIntGE(idx3, BIO_TYPE_START); + ExpectIntLE(idx3, WOLFSSL_BIO_TYPE_MAX); /* Each index must be unique */ ExpectIntNE(idx1, idx2); ExpectIntNE(idx2, idx3); ExpectIntNE(idx1, idx3); - /* Indices should be sequential */ - ExpectIntEQ(idx2, idx1 + 1); - ExpectIntEQ(idx3, idx2 + 1); + /* Each consecutive call must return a strictly increasing value */ + ExpectIntGT(idx2, idx1); + ExpectIntGT(idx3, idx2); /* Use returned index with BIO_meth_new */ ExpectNotNull(meth = BIO_meth_new(idx1, "custom_test")); diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index 13455127957..6246bacafb6 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -2441,8 +2441,10 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) return WOLFSSL_FAILURE; } + /* Let wolfSSL_i2d_PUBKEY allocate the buffer (pass NULL to trigger + * internal allocation). We free it ourselves after writing to the BIO. */ derSz = wolfSSL_i2d_PUBKEY(key, &der); - if (derSz <= 0) { + if (derSz <= 0 || der == NULL) { WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); return WOLFSSL_FAILURE; } @@ -2454,7 +2456,7 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) ret = WOLFSSL_SUCCESS; cleanup: - XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } #endif /* !NO_BIO */ From ff59aa1f977aa2a1347ef19ecc2ad56b48ae2ddf Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Sun, 26 Apr 2026 09:57:14 +0300 Subject: [PATCH 3/6] Fix: Handle build errors with .deb package + date build time --- src/ssl.c | 4 ++++ tests/api.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 1b438fc3a5a..1cdcbf709c8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10865,7 +10865,11 @@ const char* wolfSSL_OpenSSL_version(int type) case OPENSSL_CFLAGS: return "compiler: information not available"; case OPENSSL_BUILT_ON: +#ifdef HAVE_REPRODUCIBLE_BUILD + return "built on: date not available"; +#else return "built on: " __DATE__ " " __TIME__; +#endif case OPENSSL_PLATFORM: return "platform: information not available"; case OPENSSL_DIR: diff --git a/tests/api.c b/tests/api.c index 8568861a3a3..8120a6c4e50 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18522,7 +18522,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) static int test_wolfSSL_i2d_PUBKEY_bio(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) BIO* bio = NULL; EVP_PKEY* pkey = NULL; EVP_PKEY* pkey2 = NULL; From aae8160e2c49bd4e9c2e14b6ffbfb61c2a6a2714 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Wed, 29 Apr 2026 13:20:12 +0300 Subject: [PATCH 4/6] Fix note regarding unitest handling --- tests/api.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/tests/api.c b/tests/api.c index 8120a6c4e50..c2c99374989 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27686,37 +27686,40 @@ static int test_wolfSSL_OpenSSL_version(void) #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L ExpectNotNull(ver = OpenSSL_version(OPENSSL_VERSION)); - ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, - XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); /* Test OPENSSL_CFLAGS type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_CFLAGS)); - ExpectNotNull(XSTRSTR(ver, "compiler:")); + ExpectStrEQ(ver, "compiler: information not available"); /* Test OPENSSL_BUILT_ON type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_BUILT_ON)); - ExpectNotNull(XSTRSTR(ver, "built on:")); +#ifdef HAVE_REPRODUCIBLE_BUILD + ExpectStrEQ(ver, "built on: date not available"); +#else + /* __DATE__/__TIME__ differ between translation units, so just check + * the prefix is present. */ + ExpectNotNull(XSTRSTR(ver, "built on: ")); +#endif /* Test OPENSSL_PLATFORM type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_PLATFORM)); - ExpectNotNull(XSTRSTR(ver, "platform:")); + ExpectStrEQ(ver, "platform: information not available"); /* Test OPENSSL_DIR type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_DIR)); - ExpectNotNull(XSTRSTR(ver, "OPENSSLDIR:")); + ExpectStrEQ(ver, "OPENSSLDIR: N/A"); /* Test OPENSSL_ENGINES_DIR type */ ExpectNotNull(ver = OpenSSL_version(OPENSSL_ENGINES_DIR)); - ExpectNotNull(XSTRSTR(ver, "ENGINESDIR:")); + ExpectStrEQ(ver, "ENGINESDIR: N/A"); /* Test unknown type falls back to version string */ ExpectNotNull(ver = OpenSSL_version(99)); - ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, - XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); #else ExpectNotNull(ver = OpenSSL_version()); - ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, - XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); + ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); #endif #endif return EXPECT_RESULT(); From 46f6269d0a814d4c1b213be34bdad6df5ff6bf7c Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Fri, 22 May 2026 19:15:34 +0300 Subject: [PATCH 5/6] Refactor - Implement PR fix for better behavior --- src/ssl.c | 2 +- wolfcrypt/src/evp_pk.c | 22 +++++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1cdcbf709c8..e6dd8040c40 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10877,7 +10877,7 @@ const char* wolfSSL_OpenSSL_version(int type) case OPENSSL_ENGINES_DIR: return "ENGINESDIR: N/A"; default: - return "wolfSSL " LIBWOLFSSL_VERSION_STRING; + return "not available"; } } #else diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index 6246bacafb6..eda294d7fc2 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -2434,6 +2434,7 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int derSz = 0; byte* der = NULL; + byte* derPtr = NULL; WOLFSSL_ENTER("wolfSSL_i2d_PUBKEY_bio"); @@ -2441,14 +2442,25 @@ int wolfSSL_i2d_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) return WOLFSSL_FAILURE; } - /* Let wolfSSL_i2d_PUBKEY allocate the buffer (pass NULL to trigger - * internal allocation). We free it ourselves after writing to the BIO. */ - derSz = wolfSSL_i2d_PUBKEY(key, &der); - if (derSz <= 0 || der == NULL) { - WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); + derSz = wolfSSL_i2d_PUBKEY(key, NULL); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PUBKEY size query failed"); + return WOLFSSL_FAILURE; + } + + der = (byte*)XMALLOC((size_t)derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("XMALLOC failed"); return WOLFSSL_FAILURE; } + derPtr = der; + derSz = wolfSSL_i2d_PUBKEY(key, &derPtr); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PUBKEY failed"); + goto cleanup; + } + if (wolfSSL_BIO_write(bio, der, derSz) != derSz) { goto cleanup; } From 50098b16c026879c643e36f2fceae68659f55574 Mon Sep 17 00:00:00 2001 From: Roy Carter Date: Sun, 7 Jun 2026 09:21:54 +0300 Subject: [PATCH 6/6] Fix - change test string default case --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index c2c99374989..9a11bca3067 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27716,7 +27716,7 @@ static int test_wolfSSL_OpenSSL_version(void) /* Test unknown type falls back to version string */ ExpectNotNull(ver = OpenSSL_version(99)); - ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING); + ExpectStrEQ(ver, "not available"); #else ExpectNotNull(ver = OpenSSL_version()); ExpectStrEQ(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING);