diff --git a/examples/client/client.c b/examples/client/client.c index 07b2f6411..b9f692363 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1036,6 +1036,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif int useX25519 = 0; int exitWithRet = 0; + int loadCertKeyIntoSSLObj = 0; #ifdef HAVE_WNR const char* wnrConfigFile = wnrConfig; @@ -1094,6 +1095,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) (void)helloRetry; (void)onlyKeyShare; (void)useSupCurve; + (void)loadCertKeyIntoSSLObj; StackTrap(); @@ -1201,6 +1203,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) else if (myoptarg[0] == 'e') { version = EITHER_DOWNGRADE_VERSION; + loadCertKeyIntoSSLObj = 1; break; } #endif @@ -1236,6 +1239,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("Test use supported curve\n"); useSupCurve = 1; } + else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) { + printf("Load cert/key into wolfSSL object\n"); + loadCertKeyIntoSSLObj = 1; + } else { Usage(); XEXIT_T(MY_EX_USAGE); @@ -1586,6 +1593,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (doDTLS) { if (version == 3) version = -2; + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + else if (version == EITHER_DOWNGRADE_VERSION) + version = -3; + #endif else version = -1; } @@ -1652,6 +1663,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) method = wolfDTLSv1_2_client_method_ex; break; #endif + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + case -3: + method = wolfDTLSv1_2_method_ex; + break; + #endif #endif default: @@ -1826,8 +1842,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #ifndef NO_CERTS - if (useClientCert){ - #ifndef NO_FILESYSTEM + if (useClientCert && !loadCertKeyIntoSSLObj){ + #ifndef TEST_LOAD_BUFFER if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -1837,14 +1853,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN); #endif + } #ifdef HAVE_PK_CALLBACKS pkCbInfo.ourKey = ourKey; - #ifdef TEST_PK_PRIVKEY - if (!pkCallbacks) - #endif #endif - #ifndef NO_FILESYSTEM + if (!loadCertKeyIntoSSLObj + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif + ) { + #ifndef TEST_LOAD_BUFFER if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -1857,7 +1876,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } if (!usePsk && !useAnon && (!useVerifyCb || myVerifyFail)) { - #if !defined(NO_FILESYSTEM) + #ifndef TEST_LOAD_BUFFER if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -1866,9 +1885,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else load_buffer(ctx, verifyCert, WOLFSSL_CA); #endif /* !NO_FILESYSTEM */ + #ifdef HAVE_ECC /* load ecc verify too, echoserver uses it by default w/ ecc */ - #ifndef NO_FILESYSTEM + #ifndef TEST_LOAD_BUFFER if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -1876,7 +1896,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #else load_buffer(ctx, eccCertFile, WOLFSSL_CA); - #endif /* !NO_FILESYSTEM */ + #endif /* !TEST_LOAD_BUFFER */ #endif /* HAVE_ECC */ #if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM) if (trustCert) { @@ -2039,19 +2059,52 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("unable to get SSL object"); } - #ifdef OPENSSL_EXTRA - wolfSSL_KeepArrays(ssl); + +#ifndef NO_CERTS + if (useClientCert && loadCertKeyIntoSSLObj){ + #ifndef TEST_LOAD_BUFFER + if (wolfSSL_use_certificate_chain_file(ssl, ourCert) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client cert file, check file and run from" + " wolfSSL home dir"); + } + #else + load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN); #endif + } + + if (loadCertKeyIntoSSLObj + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif + ) { + #ifndef TEST_LOAD_BUFFER + if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client private key file, check file and run " + "from wolfSSL home dir"); + } + #else + load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY); + #endif + } +#endif /* !NO_CERTS */ + +#ifdef OPENSSL_EXTRA + wolfSSL_KeepArrays(ssl); +#endif #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) - fprintf(stderr, "After creating SSL\n"); - if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) - err_sys("ctx not using static memory"); - if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ + fprintf(stderr, "After creating SSL\n"); + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) + err_sys("ctx not using static memory"); + if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ err_sys("error printing out memory stats"); #endif - #ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_TLS13 if (!helloRetry) { if (onlyKeyShare == 0 || onlyKeyShare == 2) { #ifdef HAVE_CURVE25519 @@ -2083,7 +2136,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) else { wolfSSL_NoKeyShares(ssl); } - #endif +#endif if (doMcast) { #ifdef WOLFSSL_MULTICAST diff --git a/examples/server/server.c b/examples/server/server.c index f1a666a5d..47d2bf17b 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -572,6 +572,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif int useX25519 = 0; int exitWithRet = 0; + int loadCertKeyIntoSSLObj = 0; ((func_args*)args)->return_code = -1; /* error state */ @@ -605,6 +606,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) (void)postHandAuth; (void)mcastID; (void)useX25519; + (void)loadCertKeyIntoSSLObj; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); @@ -701,6 +703,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) else if (myoptarg[0] == 'e') { version = EITHER_DOWNGRADE_VERSION; + loadCertKeyIntoSSLObj = 1; break; } #endif @@ -728,6 +731,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) printf("Verify should fail\n"); myVerifyFail = 1; } + else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) { + printf("Load cert/key into wolfSSL object\n"); + loadCertKeyIntoSSLObj = 1; + } else { Usage(); XEXIT_T(MY_EX_USAGE); @@ -950,6 +957,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (doDTLS) { if (version == 3) version = -2; + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + else if (version == EITHER_DOWNGRADE_VERSION) + version = -3; + #endif else version = -1; } @@ -1016,6 +1027,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) method = wolfDTLSv1_2_server_method_ex; break; #endif + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + case -3: + method = wolfDTLSv1_2_method_ex; + break; + #endif #endif default: @@ -1090,8 +1106,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif #if !defined(NO_CERTS) - if ((!usePsk || usePskPlus) && !useAnon) { - #if !defined(NO_FILESYSTEM) + if ((!usePsk || usePskPlus) && !useAnon && !loadCertKeyIntoSSLObj) { + #ifndef TEST_LOAD_BUFFER if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "can't load server cert file, check file and run from" @@ -1128,14 +1144,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } #endif #if !defined(NO_CERTS) -#ifdef HAVE_PK_CALLBACKS - pkCbInfo.ourKey = ourKey; - #ifdef TEST_PK_PRIVKEY - if (!pkCallbacks) + #ifdef HAVE_PK_CALLBACKS + pkCbInfo.ourKey = ourKey; #endif -#endif - if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) { - #if !defined(NO_FILESYSTEM) + if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon && !loadCertKeyIntoSSLObj + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */ + ) { + #ifndef TEST_LOAD_BUFFER if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "can't load server private key file, check file and run " @@ -1294,6 +1311,37 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) wolfSSL_KeepArrays(ssl); #endif + /* Support for loading private key and cert using WOLFSSL object */ +#if !defined(NO_CERTS) + if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) { + #ifndef TEST_LOAD_BUFFER + if (SSL_use_certificate_chain_file(ssl, ourCert) + != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "can't load server cert file, check file and run from" + " wolfSSL home dir"); + #else + /* loads cert chain file using buffer API */ + load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN); + #endif + } + + if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */ + ) { + #ifndef TEST_LOAD_BUFFER + if (SSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "can't load server private key file, check file and run " + "from wolfSSL home dir"); + #else + /* loads private key file using buffer API */ + load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY); + #endif + } +#endif /* !NO_CERTS */ + #ifdef WOLFSSL_SEND_HRR_COOKIE if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0) != WOLFSSL_SUCCESS) { err_sys("unable to set use of cookie with HRR msg"); diff --git a/src/ssl.c b/src/ssl.c index ff578dd73..2f065ed40 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18485,13 +18485,13 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, if (ctx != NULL) { ctx->store = store; #ifndef WOLFSSL_X509_STORE_CERTS - ctx->current_cert = x509; + ctx->current_cert = x509; #else if(x509 != NULL){ ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,x509->derCert->length); if(ctx->current_cert == NULL) return WOLFSSL_FATAL_ERROR; - } else + } else ctx->current_cert = NULL; #endif @@ -29595,7 +29595,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) int pemSz; long i = 0, l; void *newx509; - + WOLFSSL_ENTER("wolfSSL_PEM_read_X509"); if (fp == XBADFILE) { @@ -29641,13 +29641,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) derSz = der->length; if((newx509 = (void *)wolfSSL_d2i_X509_CRL( (WOLFSSL_X509_CRL **)x, (const unsigned char *)der->buffer, derSz)) == NULL) - goto err_exit; + goto err_exit; FreeDer(&der); break; } #endif - default: + default: goto err_exit; } if (x != NULL) { @@ -29679,7 +29679,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE); } #endif - + #endif /* @@ -29807,13 +29807,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) * returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL * on fail */ - + WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int id) { return wolfSSL_OBJ_nid2obj_ex(id, NULL); } - WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int id, + WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int id, WOLFSSL_ASN1_OBJECT* arg_obj) { word32 oidSz = 0; @@ -30978,7 +30978,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) switch (loc) { - case 0: + case 0: name->cnEntry.value->length = name->fullName.cnLen; name->cnEntry.value->data = &name->fullName.fullName[name->fullName.cnIdx]; break; @@ -31083,7 +31083,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) name->cnEntry.nid = ASN_COMMON_NAME; name->cnEntry.set = 1; } - + return &name->cnEntry; } @@ -32626,12 +32626,13 @@ unsigned long wolfSSL_ERR_peek_last_error(void) #endif } +#endif /* OPENSSL_EXTRA */ + WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_SSL_CTX"); return ssl->ctx; } -#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_ALL) || \ (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ @@ -34411,7 +34412,7 @@ long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509){ version = x509->version; if (version != 0) return (long)version - 1L; - + return 0L; } #endif /* OPENSSL_EXTRA */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c4695f207..e925dffea 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -569,6 +569,7 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); +WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_is_server(WOLFSSL*); WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*); WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); @@ -578,7 +579,7 @@ WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority); WOLFSSL_API int wolfSSL_get_ciphers(char*, int); WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); -WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, +WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, const unsigned char); WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); @@ -1041,9 +1042,9 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); -WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, const unsigned char**, long); WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp); @@ -1906,7 +1907,7 @@ enum KDF_MacAlgorithm { struct ecc_key; -typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key, +typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key, unsigned int keySz, int ecc_curve, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen); WOLFSSL_API void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx); @@ -1978,7 +1979,7 @@ WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl); #ifdef HAVE_CURVE25519 struct curve25519_key; -typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key, +typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key, unsigned int keySz, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen); WOLFSSL_API void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx); @@ -2776,8 +2777,6 @@ WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); -WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); - WOLFSSL_API int wolfSSL_version(WOLFSSL*); WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); @@ -2952,7 +2951,7 @@ WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert); -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY*/ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, diff --git a/wolfssl/test.h b/wolfssl/test.h index ff4c1ec58..d9127ca06 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -403,11 +403,11 @@ static const word16 wolfSSLPort = 11111; #endif -static WC_INLINE +static WC_INLINE #ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST THREAD_RETURN #else -WC_NORETURN void +WC_NORETURN void #endif err_sys(const char* msg) { @@ -1421,6 +1421,48 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) free(buff); } + static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type) + { + int format = WOLFSSL_FILETYPE_PEM; + byte* buff = NULL; + size_t sz = 0; + + if (load_file(fname, &buff, &sz) != 0) { + err_sys("can't open file for buffer load " + "Please run from wolfSSL home directory if not"); + } + + /* determine format */ + if (strstr(fname, ".der")) + format = WOLFSSL_FILETYPE_ASN1; + + if (type == WOLFSSL_CA) { + /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */ + WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl); + if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format) + != WOLFSSL_SUCCESS) + err_sys("can't load buffer ca file"); + } + else if (type == WOLFSSL_CERT) { + if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz, + format) != WOLFSSL_SUCCESS) + err_sys("can't load buffer cert file"); + } + else if (type == WOLFSSL_KEY) { + if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz, + format) != WOLFSSL_SUCCESS) + err_sys("can't load buffer key file"); + } + else if (type == WOLFSSL_CERT_CHAIN) { + if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff, + (long)sz, format) != WOLFSSL_SUCCESS) + err_sys("can't load cert chain buffer"); + } + + if (buff) + free(buff); + } + #ifdef TEST_PK_PRIVKEY static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen) { @@ -1473,7 +1515,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) * store->store: WOLFSSL_X509_STORE with CA cert chain * store->store->cm: WOLFSSL_CERT_MANAGER * store->ex_data: The WOLFSSL object pointer - * store->discardSessionCerts: When set to non-zero value session certs + * store->discardSessionCerts: When set to non-zero value session certs will be discarded (only with SESSION_CERTS) */ @@ -2040,7 +2082,7 @@ typedef struct PkCbInfo { #ifdef HAVE_ECC -static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz, +static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz, int ecc_curve, void* ctx) { int ret; @@ -2285,7 +2327,7 @@ static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz #endif /* HAVE_ED25519 */ #ifdef HAVE_CURVE25519 -static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key, +static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key, unsigned int keySz, void* ctx) { int ret;