wolfSSL Compatibility support for OpenVPN

* Adds compatibility API's for: * `sk_ASN1_OBJECT_free` * `sk_ASN1_OBJECT_num` * `sk_ASN1_OBJECT_value` * `sk_X509_OBJECT_num` * `sk_X509_OBJECT_value` * `sk_X509_OBJECT_delete` * `sk_X509_NAME_find` * `sk_X509_INFO_free` * `BIO_get_len` * `BIO_set_ssl` * `BIO_should_retry` (stub) * `X509_OBJECT_free` * `X509_NAME_get_index_by_OBJ` * `X509_INFO_free` * `X509_STORE_get0_objects` * `X509_check_purpose` (stub) * `PEM_read_bio_X509_CRL` * `PEM_X509_INFO_read_bio` * `ASN1_BIT_STRING_new` * `ASN1_BIT_STRING_free` * `ASN1_BIT_STRING_get_bit` * `ASN1_BIT_STRING_set_bit` * `DES_check_key_parity` * `EC_GROUP_order_bits` * `EC_get_builtin_curves` * `EVP_CIPHER_CTX_cipher` * `EVP_PKEY_get0_EC_KEY` * `EVP_PKEY_get0_RSA` * `EVP_PKEY_get0_DSA` (stub) * `HMAC_CTX_new` * `HMAC_CTX_free` * `HMAC_CTX_reset` * `HMAC_size` * `OBJ_txt2obj` * `RSA_meth_new` * `RSA_meth_free` * `RSA_meth_set_pub_enc` * `RSA_meth_set_pub_dec` * `RSA_meth_set_priv_enc` * `RSA_meth_set_priv_dec` * `RSA_meth_set_init` * `RSA_meth_set_finish` * `RSA_meth_set0_app_data` * `RSA_get_method_data` * `RSA_set_method` * `RSA_get0_key` * `RSA_set0_key` * `RSA_flags` * `RSA_set_flags` * `RSA_bits` * `SSL_CTX_set_ciphersuites` * `SSL_CTX_set_security_level` (stub) * `SSL_export_keying_material` (stub) * `DSA_bits` (stub) * Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505. * Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`. * Cleanup of "sk" compatibility.
2019-10-15 11:17:51 -07:00
parent 8246e02756
commit 2bae1d27a1
29 changed files with 2376 additions and 1070 deletions
--- a/tests/api.c
+++ b/tests/api.c
@@ -1837,7 +1837,7 @@ static void test_wolfSSL_ECDSA_SIG(void)
 /* Test function for wolfSSL_EVP_get_cipherbynid.
 */

-# if defined(OPENSSL_EXTRA)
+#ifdef OPENSSL_EXTRA
 static void test_wolfSSL_EVP_get_cipherbynid(void)
 {
 #ifndef NO_AES
@@ -1914,7 +1914,7 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
    #else
        AssertNull(c);
    #endif
-#endif
+#endif /* !NO_AES */

 #ifndef NO_DES3
    AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
@@ -1925,7 +1925,7 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
 #ifdef WOLFSSL_DES_ECB
    AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
 #endif
-#endif /*NO_DES3*/
+#endif /* !NO_DES3 */

 #ifdef HAVE_IDEA
    AssertNotNull(strcmp("EVP_IDEA_CBC", wolfSSL_EVP_get_cipherbynid(34)));
@@ -1935,7 +1935,27 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
  AssertNull(wolfSSL_EVP_get_cipherbynid(1));

 }
-#endif
+
+static void test_wolfSSL_EVP_CIPHER_CTX()
+{
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+    const EVP_CIPHER *init = EVP_aes_128_cbc();
+    const EVP_CIPHER *test = NULL;
+    byte key[AES_128_KEY_SIZE] = {0};
+    byte iv[AES_IV_SIZE] = {0};
+
+    AssertNotNull(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
+    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
+    test = EVP_CIPHER_CTX_cipher(ctx);
+    AssertTrue(init == test);
+    AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
+
+    EVP_CIPHER_CTX_free(ctx);
+#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
+}
+#endif /* OPENSSL_EXTRA */

 /*----------------------------------------------------------------------------*
 | IO
@@ -4337,7 +4357,7 @@ static void test_wolfSSL_PKCS12(void)
    WOLFSSL_X509     *cert;
    WOLFSSL_X509     *x509;
    WOLFSSL_X509     *tmp;
-    WOLF_STACK_OF(WOLFSSL_X509) *ca;
+    STACK_OF(WOLFSSL_X509) *ca;

    printf(testingFmt, "wolfSSL_PKCS12()");

@@ -4568,6 +4588,61 @@ static void test_wolfSSL_PKCS12(void)
    #define TEST_PKCS8_ENC
 #endif

+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
+    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
+{
+    (void)passwd;
+    (void)sz;
+    (void)rw;
+    (void)userdata;
+    Fail(("Password callback should not be called by default"),
+            ("Password callback was called without attempting "
+             "to first decipher private key without password."));
+    return 0;
+}
+#endif
+
+static void test_wolfSSL_no_password_cb(void)
+{
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
+    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+    WOLFSSL_CTX* ctx;
+    byte buffer[FOURK_BUF];
+    const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
+    const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
+    XFILE f;
+    int bytes;
+
+    printf(testingFmt, "test_wolfSSL_no_password_cb()");
+
+#ifndef NO_WOLFSSL_CLIENT
+    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
+#else
+    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
+#endif
+    wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
+
+    AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
+    bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
+    XFCLOSE(f);
+    AssertIntLE(bytes, sizeof(buffer));
+    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
+                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+    AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
+    bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
+    XFCLOSE(f);
+    AssertIntLE(bytes, sizeof(buffer));
+    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
+                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+
+    wolfSSL_CTX_free(ctx);
+
+    printf(resultFmt, passed);
+#endif
+}
+
 #ifdef TEST_PKCS8_ENC
 /* for PKCS8 test case */
 static WC_INLINE int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
@@ -18447,11 +18522,46 @@ static void test_wolfSSL_X509_NAME(void)
    AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
    XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);

+
+    AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
+    AssertIntEQ(X509_NAME_cmp(a, b), 0);
+    X509_NAME_free((X509_NAME*)b);
+
    X509_free(x509);

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
 }
+
+static void test_wolfSSL_X509_INFO(void)
+{
+#if defined(OPENSSL_ALL)
+    STACK_OF(X509_INFO) *info_stack;
+    X509_INFO *info;
+    BIO *cert;
+    int i;
+
+    printf(testingFmt, "wolfSSL_X509_INFO");
+
+    AssertNotNull(cert = BIO_new_file(cliCertFileExt, "r"));
+    AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
+    for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
+        AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
+        AssertNotNull(info->x509);
+        AssertNull(info->crl);
+    }
+    sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
+    BIO_free(cert);
+
+    AssertNotNull(cert = BIO_new_file(cliCertFileExt, "r"));
+    AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
+    sk_X509_INFO_free(info_stack);
+    BIO_free(cert);
+
+    printf(resultFmt, passed);
+#endif
+}
+
 static void test_wolfSSL_X509_subject_name_hash(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
@@ -18501,6 +18611,7 @@ static void test_wolfSSL_DES(void)

    /* set odd parity for success case */
    DES_set_odd_parity(&myDes);
+    AssertIntEQ(DES_check_key_parity(&myDes), 1);
    printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]);
    AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
    for (i = 0; i < sizeof(DES_key_schedule); i++) {
@@ -18685,7 +18796,8 @@ static void test_wolfSSL_certs(void)
    X509*  x509;
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
-    WOLF_STACK_OF(ASN1_OBJECT)* sk;
+    STACK_OF(ASN1_OBJECT)* sk;
+    ASN1_BIT_STRING* bit_str;
    int crit;

    printf(testingFmt, "wolfSSL_certs()");
@@ -18712,7 +18824,7 @@ static void test_wolfSSL_certs(void)
    #endif /* HAVE_PK_CALLBACKS */

    /* create and use x509 */
-    x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
+    x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);
    AssertIntEQ(SSL_use_certificate(ssl, x509), WOLFSSL_SUCCESS);

@@ -18746,101 +18858,101 @@ static void test_wolfSSL_certs(void)
    #endif /* !NO_SHA && !NO_SHA256*/

    /* test and checkout X509 extensions */
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_basic_constraints,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_basic_constraints,
            &crit, NULL);
    AssertNotNull(sk);
    AssertIntEQ(crit, 0);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_key_usage,
-            &crit, NULL);
-    /* AssertNotNull(sk); NID not yet supported */
-    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    bit_str = (ASN1_BIT_STRING*)X509_get_ext_d2i(x509, NID_key_usage, &crit, NULL);
+    AssertNotNull(bit_str);
+    AssertIntEQ(crit, 1);
+    AssertIntEQ(bit_str->type, NID_key_usage);
+    ASN1_BIT_STRING_free(bit_str);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
            &crit, NULL);
    /* AssertNotNull(sk); no extension set */
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
            NID_authority_key_identifier, &crit, NULL);
    AssertNotNull(sk);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
            NID_private_key_usage_period, &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name,
            &crit, NULL);
    /* AssertNotNull(sk); no alt names set */
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_GENERAL_NAME_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_issuer_alt_name,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_issuer_alt_name,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_info_access, &crit,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_info_access, &crit,
            NULL);
    /* AssertNotNull(sk); no auth info set */
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_sinfo_access,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_sinfo_access,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_name_constraints,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_name_constraints,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
            NID_certificate_policies, &crit, NULL);
    #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
        AssertNull(sk);
    #else
        /* AssertNotNull(sk); no cert policy set */
    #endif
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_mappings,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_mappings,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_constraints,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_constraints,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_inhibit_any_policy,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_inhibit_any_policy,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_tlsfeature, &crit,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_tlsfeature, &crit,
            NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk_ASN1_OBJECT_free(sk);

    /* test invalid cases */
    crit = 0;
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL);
    AssertNull(sk);
    AssertIntEQ(crit, -1);
-    sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
            NULL, NULL);
    AssertNull(sk);

@@ -20196,7 +20308,7 @@ static void test_wolfSSL_X509_STORE_CTX(void)
    /* test X509_STORE_CTX_get/set_ex_data */
    {
        int i = 0, tmpData = 5;
-        int* tmpDataRet;
+        void* tmpDataRet;
        AssertNotNull(ctx = X509_STORE_CTX_new());
    #if defined(HAVE_EX_DATA) || defined(FORTRESS)
        for (i = 0; i < MAX_EX_DATA; i++) {
@@ -20204,7 +20316,7 @@ static void test_wolfSSL_X509_STORE_CTX(void)
                        WOLFSSL_SUCCESS);
            tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
            AssertNotNull(tmpDataRet);
-            AssertIntEQ(tmpData, *tmpDataRet);
+            AssertIntEQ(tmpData, *(int*)tmpDataRet);
        }
    #else
        AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
@@ -20387,18 +20499,27 @@ static void test_wolfSSL_X509_STORE_CTX_get0_store(void)

 static void test_wolfSSL_CTX_set_client_CA_list(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX* ctx;
-    WOLF_STACK_OF(WOLFSSL_X509_NAME)* names = NULL;
-    WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_list = NULL;
+    X509_NAME* name = NULL;
+    STACK_OF(X509_NAME)* names = NULL;
+    STACK_OF(X509_NAME)* ca_list = NULL;
+    int i, names_len;

    printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    names = wolfSSL_load_client_CA_file(cliCertFile);
+    names = SSL_load_client_CA_file(cliCertFile);
    AssertNotNull(names);
-    wolfSSL_CTX_set_client_CA_list(ctx,names);
-    AssertNotNull(ca_list = wolfSSL_SSL_CTX_get_client_CA_list(ctx));
+    SSL_CTX_set_client_CA_list(ctx,names);
+    AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
+
+    AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
+    for (i=0; i<names_len; i++) {
+        AssertNotNull(name = sk_X509_NAME_value(names, i));
+        AssertIntEQ(sk_X509_NAME_find(names, name), i);
+    }
+
    wolfSSL_CTX_free(ctx);
    printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA  && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
@@ -20411,25 +20532,25 @@ static void test_wolfSSL_CTX_add_client_CA(void)
    WOLFSSL_CTX* ctx;
    WOLFSSL_X509* x509;
    WOLFSSL_X509* x509_a;
-    WOLF_STACK_OF(WOLFSSLX509_NAME)* ca_list;
+    STACK_OF(X509_NAME)* ca_list;
    int ret = 0;

    printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
-    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    /* Add client cert */
-    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
+    AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
                                                      SSL_FILETYPE_PEM));
-    ret = wolfSSL_CTX_add_client_CA(ctx, x509);
-    AssertIntEQ(ret ,SSL_SUCCESS);
-    AssertNotNull(ca_list = wolfSSL_SSL_CTX_get_client_CA_list(ctx));
+    ret = SSL_CTX_add_client_CA(ctx, x509);
+    AssertIntEQ(ret, SSL_SUCCESS);
+    AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
    /* Add another client cert */
-    AssertNotNull(x509_a = wolfSSL_X509_load_certificate_file(cliCertFile,
+    AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
                                                        SSL_FILETYPE_PEM));
-    AssertIntEQ(wolfSSL_CTX_add_client_CA(ctx, x509_a),SSL_SUCCESS);
+    AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);

-    wolfSSL_X509_free(x509);
-    wolfSSL_X509_free(x509_a);
-    wolfSSL_CTX_free(ctx);
+    X509_free(x509);
+    X509_free(x509_a);
+    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA  && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
@@ -21493,6 +21614,26 @@ static void test_wolfSSL_ASN1_STRING(void)
    #endif
 }

+static void test_wolfSSL_ASN1_BIT_STRING(void)
+{
+#ifdef OPENSSL_ALL
+    ASN1_BIT_STRING* str;
+
+    printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()");
+    AssertNotNull(str = ASN1_BIT_STRING_new());
+
+    AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
+    AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
+    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
+
+    ASN1_BIT_STRING_free(str);
+    printf(resultFmt, passed);
+#endif
+}
+

 static void test_wolfSSL_DES_ecb_encrypt(void)
 {
@@ -22331,7 +22472,7 @@ static void test_wolfSSL_ERR_print_errors(void)
 static void test_wolfSSL_HMAC(void)
 {
    #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
-    HMAC_CTX hmac;
+    HMAC_CTX* hmac;
    ENGINE* e = NULL;
    const unsigned char key[] = "simple test key";
    unsigned char hash[WC_MAX_DIGEST_SIZE];
@@ -22340,17 +22481,20 @@ static void test_wolfSSL_HMAC(void)

    printf(testingFmt, "wolfSSL_HMAC()");

-    HMAC_CTX_init(&hmac);
-    AssertIntEQ(HMAC_Init_ex(&hmac, (void*)key, (int)sizeof(key),
+    AssertNotNull(hmac = HMAC_CTX_new());
+    HMAC_CTX_init(hmac);
+    AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key),
                EVP_sha256(), e), SSL_SUCCESS);

    /* re-using test key as data to hash */
-    AssertIntEQ(HMAC_Update(&hmac, key, (int)sizeof(key)), SSL_SUCCESS);
-    AssertIntEQ(HMAC_Update(&hmac, NULL, 0), SSL_SUCCESS);
-    AssertIntEQ(HMAC_Final(&hmac, hash, &len), SSL_SUCCESS);
+    AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
+    AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
+    AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
    AssertIntEQ(len, (int)WC_SHA256_DIGEST_SIZE);
+    AssertIntEQ(HMAC_size(hmac), WC_SHA256_DIGEST_SIZE);

-    HMAC_cleanup(&hmac);
+    HMAC_cleanup(hmac);
+    HMAC_CTX_free(hmac);
 #endif

 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
@@ -22385,7 +22529,8 @@ static void test_wolfSSL_OBJ(void)
 * mode
 */
 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
-    !defined(HAVE_FIPS) && !defined(NO_SHA)
+    !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
+    defined(WOLFSSL_CERT_GEN)
    ASN1_OBJECT *obj = NULL;
    char buf[50];

@@ -22407,6 +22552,11 @@ static void test_wolfSSL_OBJ(void)
        "./certs/ca-ecc384-cert.der",
        #endif
        NULL};
+    ASN1_OBJECT *field_name_obj = NULL;
+    int lastpos = -1;
+    int tmp = -1;
+    ASN1_STRING *asn1 = NULL;
+    unsigned char *buf_dyn = NULL;

    PKCS12 *p12;
    int boolRet;
@@ -22442,6 +22592,26 @@ static void test_wolfSSL_OBJ(void)
        XFCLOSE(fp);
        AssertNotNull(x509Name = X509_get_issuer_name(x509));
        AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
+
+        /* Get the Common Name by using OBJ_txt2obj */
+        AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
+        do
+        {
+            lastpos = tmp;
+            tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
+        } while (tmp > -1);
+        AssertIntNE(lastpos, -1);
+        ASN1_OBJECT_free(field_name_obj);
+        AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
+        AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
+        AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
+        /*
+         * All Common Names should be www.wolfssl.com
+         * This makes testing easier as we can test for the expected value.
+         */
+        AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
+        OPENSSL_free(buf_dyn);
+
        AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
        for (j = 0; j < numNames; j++)
        {
@@ -22620,8 +22790,8 @@ static void test_wolfSSL_OBJ_txt2obj(void)

 static void test_wolfSSL_X509_NAME_ENTRY(void)
 {
-    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) \
-    && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
    X509*      x509;
    BIO*       bio;
    X509_NAME* nm;
@@ -22658,10 +22828,11 @@ static void test_wolfSSL_X509_NAME_ENTRY(void)
                0x0c, cn, (int)sizeof(cn)));
    AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);

+#ifdef WOLFSSL_CERT_EXT
    AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
                                           (byte*)"support@wolfssl.com", 19, -1,
                                           1), WOLFSSL_SUCCESS);
-
+#endif
    X509_NAME_ENTRY_free(entry);

    /* Test add entry by NID */
@@ -22672,7 +22843,7 @@ static void test_wolfSSL_X509_NAME_ENTRY(void)
    X509_free(x509); /* free's nm */

    printf(resultFmt, passed);
-    #endif
+#endif
 }


@@ -23382,15 +23553,16 @@ static void test_wolfSSL_sk_GENERAL_NAME(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_RSA)
    X509* x509;
+    GENERAL_NAME* gn;
    unsigned char buf[4096];
    const unsigned char* bufPt;
-    int bytes;
+    int bytes, i;
    XFILE f;
    STACK_OF(GENERAL_NAME)* sk;

    printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");

-    f = XFOPEN(cliCertDerFile, "rb");
+    f = XFOPEN(cliCertDerFileExt, "rb");
    AssertTrue((f != XBADFILE));
    AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
    XFCLOSE(f);
@@ -23398,38 +23570,25 @@ static void test_wolfSSL_sk_GENERAL_NAME(void)
    bufPt = buf;
    AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));

-    /* current cert has no alt names */
-    AssertNull(sk = (WOLF_STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+    AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
                NID_subject_alt_name, NULL, NULL));

-    AssertIntEQ(sk_GENERAL_NAME_num(sk), -1);
-#if 0
+    AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
    for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
-        GENERAL_NAME* gn = sk_GENERAL_NAME_value(sk, i);
-        if (gn == NULL) {
-            printf("massive failure\n");
-            return -1;
-        }
+        AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));

-        if (gn->type == GEN_DNS) {
+        switch (gn->type) {
+        case GEN_DNS:
            printf("found type GEN_DNS\n");
-            printf("length = %d\n", gn->d.ia5->length);
-            printf("data = %s\n", (char*)gn->d.ia5->data);
-        }
-
-        if (gn->type == GEN_EMAIL) {
+            break;
+        case GEN_EMAIL:
            printf("found type GEN_EMAIL\n");
-            printf("length = %d\n", gn->d.ia5->length);
-            printf("data = %s\n", (char*)gn->d.ia5->data);
-        }
-
-        if (gn->type == GEN_URI) {
+            break;
+        case GEN_URI:
            printf("found type GEN_URI\n");
-            printf("length = %d\n", gn->d.ia5->length);
-            printf("data = %s\n", (char*)gn->d.ia5->data);
+            break;
        }
    }
-#endif
    X509_free(x509);
    sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);

@@ -23463,13 +23622,28 @@ static void test_wolfSSL_MD4(void)

 static void test_wolfSSL_RSA(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
+    defined(WOLFSSL_KEY_GEN)
    RSA* rsa;
+    const BIGNUM *n;
+    const BIGNUM *e;
+    const BIGNUM *d;

    printf(testingFmt, "wolfSSL_RSA()");

    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
    AssertIntEQ(RSA_size(rsa), 256);
+    RSA_get0_key(rsa, &n, &e, &d);
+    AssertPtrEq(rsa->n, n);
+    AssertPtrEq(rsa->e, e);
+    AssertPtrEq(rsa->d, d);
+    AssertNotNull(n = BN_new());
+    AssertNotNull(e = BN_new());
+    AssertNotNull(d = BN_new());
+    AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
+    AssertPtrEq(rsa->n, n);
+    AssertPtrEq(rsa->e, e);
+    AssertPtrEq(rsa->d, d);
    RSA_free(rsa);

 #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
@@ -23608,6 +23782,45 @@ static void test_wolfSSL_RSA_get0_key(void)

        RSA_free(rsa);
    }
+    printf(resultFmt, passed);
+#endif
+}
+
+static void test_wolfSSL_RSA_meth(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+    RSA *rsa;
+    RSA_METHOD *rsa_meth;
+
+    printf(testingFmt, "test_wolfSSL_RSA_meth");
+
+#ifdef WOLFSSL_KEY_GEN
+    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+    RSA_free(rsa);
+#else
+    AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+#endif
+
+    AssertNotNull(rsa_meth =
+            RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));
+
+    AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
+    AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
+
+    AssertNotNull(rsa = RSA_new());
+    AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
+    AssertPtrEq(RSA_get_method(rsa), rsa_meth);
+    AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
+    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
+    AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
+
+    /* rsa_meth is freed here */
+    RSA_free(rsa);

    printf(resultFmt, passed);
 #endif
@@ -25061,35 +25274,76 @@ static void test_wolfSSL_X509_EXTENSION_get_critical(void)
 static void test_wolfSSL_X509V3_EXT_print(void)
 {
 #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
-    FILE* f;
-    WOLFSSL_X509* x509;
-    X509_EXTENSION * ext = NULL;
-    int loc;
-    BIO *bio = NULL;
+    printf(testingFmt, "wolfSSL_X509V3_EXT_print");

-    AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
-    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
-    fclose(f);
+    {
+        FILE* f;
+        WOLFSSL_X509* x509;
+        X509_EXTENSION * ext = NULL;
+        int loc;
+        BIO *bio = NULL;

-    AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
+        AssertNotNull(f = fopen(svrCertFile, "rb"));
+        AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
+        fclose(f);

-    loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
-    AssertIntGT(loc, -1);
-    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
-    AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+        AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));

-    loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
-    AssertIntGT(loc, -1);
-    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
-    AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
+        AssertIntGT(loc, -1);
+        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);

-    loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
-    AssertIntGT(loc, -1);
-    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
-    AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
+        AssertIntGT(loc, -1);
+        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);

-    wolfSSL_BIO_free(bio);
-    wolfSSL_X509_free(x509);
+        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
+        AssertIntGT(loc, -1);
+        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
+
+        wolfSSL_BIO_free(bio);
+        wolfSSL_X509_free(x509);
+    }
+
+    {
+        X509 *x509;
+        BIO *bio;
+        X509_EXTENSION *ext;
+        unsigned int i;
+        unsigned int idx;
+        /* Some NIDs to test with */
+        int nids[] = {
+                /* NID_key_usage, currently X509_get_ext returns this as a bit
+                 * string, which messes up X509V3_EXT_print */
+                /* NID_ext_key_usage, */
+                NID_subject_alt_name,
+        };
+        int* n;
+
+        printf(testingFmt, "wolfSSL_X509V3_EXT_print");
+        AssertNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+
+        AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
+            WOLFSSL_FILETYPE_PEM));
+
+        printf("\nPrinting extension values:\n");
+
+        for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
+            /* X509_get_ext_by_NID should return 3 for now. If that changes then
+             * update the index */
+            AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
+            AssertNotNull(ext = X509_get_ext(x509, idx));
+            AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
+            printf("\n");
+        }
+
+        BIO_free(bio);
+        X509_free(x509);
+    }
+    printf(resultFmt, passed);
 #endif
 }

@@ -25253,6 +25507,31 @@ static void test_wolfSSL_OCSP_get0_info()
 #endif /* OPENSSL_EXTRA & HAVE_OCSP */
 }

+static void test_wolfSSL_EC_get_builtin_curves(void)
+{
+#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
+    EC_builtin_curve* curves = NULL;
+    size_t crv_len = 0;
+    size_t i = 0;
+
+    printf(testingFmt, "wolfSSL_EC_get_builtin_curves");
+
+    AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
+    AssertNotNull(curves = (EC_builtin_curve*)
+            XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER));
+    AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
+
+    for (i = 0; i < crv_len; i++)
+    {
+        AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
+    }
+
+    XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    printf(resultFmt, passed);
+#endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
+}
+
 static void test_no_op_functions(void)
 {
    #if defined(OPENSSL_EXTRA)
@@ -25881,9 +26160,11 @@ static void test_EVP_PKEY_rsa(void)
    AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
    AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
+    AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
    wolfSSL_EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
+
 #endif
 }

@@ -27069,6 +27350,7 @@ static void test_wolfSSL_X509_CRL(void)
        "./certs/crl/eccSrvCRL.pem",
        ""
    };
+    BIO *bio;

 #ifdef HAVE_TEST_d2i_X509_CRL_fp
    char der[][100] = {
@@ -27098,6 +27380,14 @@ static void test_wolfSSL_X509_CRL(void)
        XFCLOSE(fp);
    }

+    for (i = 0; pem[i][0] != '\0'; i++)
+    {
+        AssertNotNull(bio = BIO_new_file(pem[i], "r"));
+        AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
+        X509_CRL_free(crl);
+        BIO_free(bio);
+    }
+
 #ifdef HAVE_TEST_d2i_X509_CRL_fp
    for(i = 0; der[i][0] != '\0'; i++){
        fp = XFOPEN(der[i], "rb");
@@ -27661,6 +27951,23 @@ static void test_wolfSSL_RSA_print()
    printf(resultFmt, passed);
 #endif
 }
+
+static void test_wolfSSL_BIO_get_len()
+{
+#if defined(OPENSSL_EXTRA)
+    BIO *bio;
+    const char txt[] = "Some example text to push to the BIO.";
+    printf(testingFmt, "wolfSSL_BIO_get_len");
+
+    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+    AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
+    AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
+
+    BIO_free(bio);
+    printf(resultFmt, passed);
+#endif
+}
+
 static void test_wolfSSL_ASN1_STRING_print(void){
 #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
    ASN1_STRING* asnStr = NULL;
@@ -28310,6 +28617,7 @@ void ApiTest(void)
    /* X509 tests */
    test_wolfSSL_X509_NAME_get_entry();
    test_wolfSSL_PKCS12();
+    test_wolfSSL_no_password_cb();
    test_wolfSSL_PKCS8();
    test_wolfSSL_PKCS5();
    test_wolfSSL_URI();
@@ -28331,6 +28639,7 @@ void ApiTest(void)

    /* compatibility tests */
    test_wolfSSL_X509_NAME();
+    test_wolfSSL_X509_INFO();
    test_wolfSSL_X509_subject_name_hash();
    test_wolfSSL_DES();
    test_wolfSSL_certs();
@@ -28374,6 +28683,7 @@ void ApiTest(void)
    test_wolfSSL_PEM_read_bio();
    test_wolfSSL_BIO();
    test_wolfSSL_ASN1_STRING();
+    test_wolfSSL_ASN1_BIT_STRING();
    test_wolfSSL_X509();
    test_wolfSSL_X509_VERIFY_PARAM();
    test_wolfSSL_X509_sign();
@@ -28419,6 +28729,7 @@ void ApiTest(void)
    test_wolfSSL_RSA();
    test_wolfSSL_RSA_DER();
    test_wolfSSL_RSA_get0_key();
+    test_wolfSSL_RSA_meth();
    test_wolfSSL_verify_depth();
    test_wolfSSL_HMAC_CTX();
    test_wolfSSL_msg_callback();
@@ -28456,6 +28767,7 @@ void ApiTest(void)
    test_wolfSSL_X509_CA_num();
    test_wolfSSL_X509_get_version();
    test_wolfSSL_X509_print();
+    test_wolfSSL_BIO_get_len();
    test_wolfSSL_RSA_verify();
    test_wolfSSL_X509V3_EXT_get();
    test_wolfSSL_X509V3_EXT_d2i();
@@ -28472,6 +28784,8 @@ void ApiTest(void)
    test_wolfSSL_ASN1_STRING_print();
    test_openssl_generate_key_and_cert();

+    test_wolfSSL_EC_get_builtin_curves();
+
    /* test the no op functions for compatibility */
    test_no_op_functions();

@@ -28653,6 +28967,7 @@ void ApiTest(void)
 #ifdef OPENSSL_EXTRA
    /*wolfSSL_EVP_get_cipherbynid test*/
    test_wolfSSL_EVP_get_cipherbynid();
+    test_wolfSSL_EVP_CIPHER_CTX();
    test_wolfSSL_EC();
    test_wolfSSL_ECDSA_SIG();
 #endif
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -89,6 +89,19 @@
 #define AssertStrGE(x, y) AssertStr(x, y, >=,  <)
 #define AssertStrLE(x, y) AssertStr(x, y, <=,  >)

+#define AssertPtr(x, y, op, er) do {                                           \
+    void* _x = (void*)x;                                                       \
+    void* _y = (void*)y;                                                       \
+    Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));    \
+} while(0)
+
+#define AssertPtrEq(x, y) AssertPtr(x, y, ==, !=)
+#define AssertPtrNE(x, y) AssertInt(x, y, !=, ==)
+#define AssertPtrGT(x, y) AssertInt(x, y,  >, <=)
+#define AssertPtrLT(x, y) AssertInt(x, y,  <, >=)
+#define AssertPtrGE(x, y) AssertInt(x, y, >=,  <)
+#define AssertPtrLE(x, y) AssertInt(x, y, <=,  >)
+

 void ApiTest(void);
 int  SuiteTest(int argc, char** argv);