From 8468a70b723695c17039f94e88ae10776d9c94a5 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 6 May 2024 12:24:51 -0500
Subject: [PATCH] add wolfSSL_i2d_X509_PUBKEY,
 wolfSSL_X509_VERIFY_PARAM_lookup, and wolfSSL_X509_STORE_get0_param, and make
 wolfSSL_X509_VERIFY_PARAM_inherit a public API; add macros to openssl compat
 layer: DTLS_client_method, DTLS_server_method, X509_VERIFY_PARAM_lookup,
 X509_VERIFY_PARAM_inherit, X509_STORE_get0_param; add "const char *name" slot
 to struct WOLFSSL_X509_VERIFY_PARAM to support
 wolfSSL_X509_VERIFY_PARAM_lookup.

---
 src/ssl.c             |  6 +++++-
 src/x509.c            | 42 +++++++++++++++++++++++++++++++++++++++++-
 wolfssl/openssl/ssl.h |  5 +++++
 wolfssl/ssl.h         | 13 +++++++++++--
 4 files changed, 62 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 35dbdd86a..3af68bce0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7338,6 +7338,11 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     return wolfSSL_i2d_PublicKey(key, der);
 }
 
+int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der)
+{
+    return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der);
+}
+
 #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */
 
 static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
@@ -10318,7 +10323,6 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
 const char *wolfSSL_get0_peername(WOLFSSL *ssl) {
     if (ssl == NULL) {
-        ssl->error = BAD_FUNC_ARG;
         return NULL;
     }
 
diff --git a/src/x509.c b/src/x509.c
index 40579fb31..fae957979 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -8769,6 +8769,46 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
     return ret;
 }
 
+/* note WOLFSSL_X509_VERIFY_PARAM does not record purpose, trust, depth, or
+ * auth_level.
+ */
+static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = {
+    {
+     "ssl_client",              /* name */
+     0,                         /* check_time */
+     0,                         /* inherit_flags */
+     0,                         /* flags */
+     "",                        /* hostname */
+     0,                         /* hostFlags */
+     ""                         /* ipasc */
+    },
+    {
+     "ssl_server",              /* name */
+     0,                         /* check_time */
+     0,                         /* inherit_flags */
+     0,                         /* flags */
+     "",                        /* hostname */
+     0,                         /* hostFlags */
+     ""                         /* ipasc */
+    }
+};
+
+const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name)
+{
+    const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0],
+        *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)];
+    while (param < param_end) {
+        if (! XSTRCMP(name, param->name))
+            return param;
+        ++param;
+    }
+    return NULL;
+}
+
+const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(const WOLFSSL_X509_STORE *store)
+{
+    return store->param;
+}
 
 /* inherits properties of param "to" to param "from"
 *
@@ -8779,7 +8819,7 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
 * WOLFSSL_VPARAM_LOCKED           don't copy any values
 * WOLFSSL_VPARAM_ONCE             the current inherit_flags is zerroed
 */
-static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
+int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
                                          const WOLFSSL_X509_VERIFY_PARAM *from)
 {
     int ret = WOLFSSL_FAILURE;
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 8d92ae1ee..711ba3479 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -254,6 +254,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_F_X509_CHECK_PRIVATE_KEY   128
 
 #ifdef WOLFSSL_DTLS
+    #define DTLS_client_method          wolfDTLS_client_method
+    #define DTLS_server_method          wolfDTLS_server_method
     #define DTLSv1_client_method        wolfDTLSv1_client_method
     #define DTLSv1_server_method        wolfDTLSv1_server_method
     #define DTLSv1_2_client_method      wolfDTLSv1_2_client_method
@@ -712,7 +714,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_VERIFY_PARAM_set1_ip_asc   wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
 #define X509_VERIFY_PARAM_set1_ip       wolfSSL_X509_VERIFY_PARAM_set1_ip
 #define X509_VERIFY_PARAM_set1          wolfSSL_X509_VERIFY_PARAM_set1
+#define X509_VERIFY_PARAM_lookup        wolfSSL_X509_VERIFY_PARAM_lookup
+#define X509_VERIFY_PARAM_inherit       wolfSSL_X509_VERIFY_PARAM_inherit
 #define X509_STORE_load_locations       wolfSSL_X509_STORE_load_locations
+#define X509_STORE_get0_param           wolfSSL_X509_STORE_get0_param
 
 #define X509_LOOKUP_add_dir             wolfSSL_X509_LOOKUP_add_dir
 #define X509_LOOKUP_load_file           wolfSSL_X509_LOOKUP_load_file
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 4499caf0d..5e24b073a 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -649,12 +649,13 @@ struct WOLFSSL_X509_STORE {
 #endif
 
 struct WOLFSSL_X509_VERIFY_PARAM {
+    const char    *name;
     time_t         check_time;
     unsigned int   inherit_flags;
     unsigned long  flags;
     char           hostName[WOLFSSL_HOST_NAME_MAX];
-    unsigned int  hostFlags;
-    char ipasc[WOLFSSL_MAX_IPSTR];
+    unsigned int   hostFlags;
+    char           ipasc[WOLFSSL_MAX_IPSTR];
 };
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
@@ -2084,6 +2085,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
         const unsigned char** in, long inSz);
 WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
+WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
+                                        unsigned char** der);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey,
         const unsigned char ** in, long inSz);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
@@ -2136,6 +2139,12 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip(
        WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen);
 WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
                                     const WOLFSSL_X509_VERIFY_PARAM* from);
+WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(
+                                                             const char *name);
+WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
+                                               const WOLFSSL_X509_STORE *store);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
+                                         const WOLFSSL_X509_VERIFY_PARAM *from);
 WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
                                               const char *file, int type);
 WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,