wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5167 from ejohnstown/cac-ext

Browse Source 
Add support for some FPKI certificate cases, UUID, FASC-N, PIV extension
This commit is contained in:
David Garske
2022-06-27 09:06:15 -07:00
committed by GitHub
parent 55414290df 49740c5543
commit b84b808b1b
10 changed files with 1015 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/fpki-cert.der Normal file
View File

Binary file not shown.

3
certs/include.am
View File

@@ -63,7 +63,8 @@ EXTRA_DIST += \
certs/csr.ext.der \ certs/csr.ext.der \
certs/entity-no-ca-bool-cert.pem \ certs/entity-no-ca-bool-cert.pem \
certs/entity-no-ca-bool-key.pem \ certs/entity-no-ca-bool-key.pem \
certs/x942dh2048.pem certs/x942dh2048.pem \
certs/fpki-cert.der
EXTRA_DIST += \ EXTRA_DIST += \
certs/ca-key.der \ certs/ca-key.der \

15
certs/renewcerts.sh
View File

@@ -27,6 +27,7 @@
# client-relative-uri.pem # client-relative-uri.pem
# client-crl-dist.pem # client-crl-dist.pem
# entity-no-ca-bool-cert.pem # entity-no-ca-bool-cert.pem
# fpki-cert.der
# updates the following crls: # updates the following crls:
# crl/cliCrl.pem # crl/cliCrl.pem
# crl/crl.pem # crl/crl.pem
@@ -344,6 +345,20 @@ run_renewcerts(){
echo "End of section" echo "End of section"
echo "---------------------------------------------------------------------" echo "---------------------------------------------------------------------"
########################################################### ###########################################################
########## update and sign fpki-cert.der ################
###########################################################
echo "Updating fpki-cert.der"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL\\nFPKI\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key server-key.pem -config ./wolfssl.cnf -nodes > fpki-req.pem
check_result $? "Step 1"
openssl x509 -req -in fpki-req.pem -extfile wolfssl.cnf -extensions fpki_ext -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out fpki-cert.der -outform DER
check_result $? "Step 2"
rm fpki-req.pem
echo "End of section"
echo "---------------------------------------------------------------------"
###########################################################
########## update and sign server-cert.pem ################ ########## update and sign server-cert.pem ################
########################################################### ###########################################################
echo "Updating server-cert.pem" echo "Updating server-cert.pem"

37
certs/renewcerts/wolfssl.cnf
View File

@@ -335,3 +335,40 @@ clock_precision_digits = 0 # (optional)
ordering = yes # timestamps? ordering = yes # timestamps?
tsa_name = yes # include? tsa_name = yes # include?
ess_cert_id_chain = no # include chain? ess_cert_id_chain = no # include chain?
[fpki_ext]
basicConstraints = CA:FALSE,pathlen:0
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, clientAuth, 1.3.6.1.4.1.311.20.2.2, 1.3.6.1.5.2.3.4, 1.3.6.1.5.5.7.3.21
subjectAltName = @FASC_UUID_altname
certificatePolicies = 2.16.840.1.101.3.2.1.3.13, 2.16.840.1.101.3.2.1.3.40, 2.16.840.1.101.3.2.1.3.41, 2.16.840.1.101.3.2.1.3.45
subjectDirectoryAttributes = ASN1:SEQUENCE:SubjDirAttr
policyConstraints = requireExplicitPolicy:0
2.16.840.1.101.3.6.10.1 = ASN1:SEQUENCE:PIVCertExt
# using example UUID from RFC4122
[FASC_UUID_altname]
otherName.1 = 1.3.6.1.4.1.311.20.2.3;UTF8:facts@wolfssl.com
otherName.2 = 2.16.840.1.101.3.6.6;FORMAT:HEX,OCT:D1:38:10:D8:28:AF:2C:10:84:35:15:A1:68:58:28:AF:02:10:86:A2:84:E7:39:C3:EB
URI = urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6
[SubjDirAttr]
attribute = SEQUENCE:SDA_attr
[SDA_attr]
type = OID:1.3.6.1.5.5.7.9.4
values = SET:SDA_coc
[SDA_coc]
value = PRINTABLESTRING:US
[PIVCertExt]
attribute = SEQUENCE:PCE_attr
[PCE_attr]
type = OID:2.16.840.1.101.3.6.9.1
value = BOOLEAN:true

3
configure.ac
View File

@@ -756,6 +756,9 @@ then
# Store issuer name components when parsing certificates. # Store issuer name components when parsing certificates.
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
# Certificate extensions and alt. names for FPKI use
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
fi fi

2
src/x509.c
View File

@@ -2201,7 +2201,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
WOLFSSL_MSG("Private Key Usage Period extension not supported"); WOLFSSL_MSG("Private Key Usage Period extension not supported");
break; break;
case SUBJECT_INFO_ACCESS: case SUBJ_INFO_ACC_OID:
WOLFSSL_MSG("Subject Info Access extension not supported"); WOLFSSL_MSG("Subject Info Access extension not supported");
break; break;

44
tests/api.c
View File

@@ -2261,6 +2261,44 @@ static void test_wolfSSL_CertManagerNameConstraint5(void)
#endif #endif
} }
static void test_wolfSSL_FPKI(void)
{
#if defined(WOLFSSL_FPKI) && !defined(NO_FILESYSTEM)
XFILE f;
const char* fpkiCert = "./certs/fpki-cert.der";
DecodedCert cert;
byte buf[4096];
byte* uuid;
byte* fascn;
word32 fascnSz;
word32 uuidSz;
int bytes;
printf(testingFmt, "test_wolfSSL_FPKI");
f = XFOPEN(fpkiCert, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
wc_InitDecodedCert(&cert, buf, bytes, NULL);
AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
AssertIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ;
fascn = (byte*)XMALLOC(fascnSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
AssertNotNull(fascn);
AssertIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0);
XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
AssertIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E);
uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
AssertNotNull(uuid);
AssertIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0);
XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDecodedCert(&cert);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CertManagerCRL(void) static void test_wolfSSL_CertManagerCRL(void)
{ {
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
@@ -8979,14 +9017,15 @@ static void test_wolfSSL_URI(void)
x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM); x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509); AssertNotNull(x509);
wolfSSL_FreeX509(x509); wolfSSL_FreeX509(x509);
x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) #if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) \
&& !defined(WOLFSSL_FPKI)
AssertNull(x509); AssertNull(x509);
#else #else
AssertNotNull(x509); AssertNotNull(x509);
wolfSSL_FreeX509(x509);
#endif #endif
printf(resultFmt, passed); printf(resultFmt, passed);
@@ -55524,6 +55563,7 @@ void ApiTest(void)
test_wolfSSL_CertManagerNameConstraint3(); test_wolfSSL_CertManagerNameConstraint3();
test_wolfSSL_CertManagerNameConstraint4(); test_wolfSSL_CertManagerNameConstraint4();
test_wolfSSL_CertManagerNameConstraint5(); test_wolfSSL_CertManagerNameConstraint5();
test_wolfSSL_FPKI();
test_wolfSSL_CertManagerCRL(); test_wolfSSL_CertManagerCRL();
test_wolfSSL_CTX_load_verify_locations_ex(); test_wolfSSL_CTX_load_verify_locations_ex();
test_wolfSSL_CTX_load_verify_buffer_ex(); test_wolfSSL_CTX_load_verify_buffer_ex();

971
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

85
wolfssl/wolfcrypt/asn.h
View File

@@ -975,6 +975,8 @@ enum Misc_ASN {
PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */ PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */
PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */
COUNTRY_CODE_LEN = 2, /* RFC 3739 */
}; };
#ifndef WC_MAX_NAME_ENTRIES #ifndef WC_MAX_NAME_ENTRIES
@@ -1010,6 +1012,9 @@ enum Oid_Types {
oidTlsExtType = 18, oidTlsExtType = 18,
oidCrlExtType = 19, oidCrlExtType = 19,
oidCsrAttrType = 20, oidCsrAttrType = 20,
#ifdef WOLFSSL_SUBJ_DIR_ATTR
oidSubjDirAttrType = 21,
#endif
oidIgnoreType oidIgnoreType
}; };
@@ -1129,7 +1134,7 @@ enum Extensions_Sum {
EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
NAME_CONS_OID = 144, /* 2.5.29.30 */ NAME_CONS_OID = 144, /* 2.5.29.30 */
PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */
SUBJECT_INFO_ACCESS = 79, /* 1.3.6.1.5.5.7.1.11 */ SUBJ_INFO_ACC_OID = 79, /* 1.3.6.1.5.5.7.1.11 */
POLICY_MAP_OID = 147, /* 2.5.29.33 */ POLICY_MAP_OID = 147, /* 2.5.29.33 */
POLICY_CONST_OID = 150, /* 2.5.29.36 */ POLICY_CONST_OID = 150, /* 2.5.29.36 */
ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */ ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */
@@ -1137,13 +1142,22 @@ enum Extensions_Sum {
NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */ NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */
OCSP_NOCHECK_OID = 121, /* 1.3.6.1.5.5.7.48.1.5 OCSP_NOCHECK_OID = 121, /* 1.3.6.1.5.5.7.48.1.5
id-pkix-ocsp-nocheck */ id-pkix-ocsp-nocheck */
SUBJ_DIR_ATTR_OID = 123, /* 2.5.29.9 */
AKEY_PACKAGE_OID = 1048 /* 2.16.840.1.101.2.1.2.78.5 AKEY_PACKAGE_OID = 1048, /* 2.16.840.1.101.2.1.2.78.5
RFC 5958 - Asymmetric Key Packages */ RFC 5958 - Asymmetric Key Packages */
FASCN_OID = 419, /* 2.16.840.1.101.3.6.6 Federal PKI Policy FASC-N */
UPN_OID = 265 /* 1.3.6.1.4.1.311.20.2.3 UPN */
}; };
enum CertificatePolicy_Sum { enum CertificatePolicy_Sum {
CP_ANY_OID = 146 /* id-ce 32 0 */ CP_ANY_OID = 146, /* id-ce 32 0 */
#ifdef WOLFSSL_FPKI
CP_FPKI_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */
CP_FPKI_PIV_AUTH_OID = 453, /* 2.16.840.1.101.3.2.1.3.40 */
CP_FPKI_PIV_AUTH_HW_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */
CP_FPKI_PIVI_AUTH_OID = 458 /* 2.16.840.1.101.3.2.1.3.45 */
#endif /* WOLFSSL_FPKI */
}; };
enum SepHardwareName_Sum { enum SepHardwareName_Sum {
@@ -1151,10 +1165,15 @@ enum SepHardwareName_Sum {
}; };
enum AuthInfo_Sum { enum AuthInfo_Sum {
AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1, id-ad-ocsp */
AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ AIA_CA_ISSUER_OID = 117, /* 1.3.6.1.5.5.7.48.2, id-ad-caIssuers */
#ifdef WOLFSSL_SUBJ_INFO_ACC
AIA_CA_REPO_OID = 120 /* 1.3.6.1.5.5.7.48.5, id-ad-caRepository */
#endif /* WOLFSSL_SUBJ_INFO_ACC */
}; };
#define ID_PKIX(num) (67+(num)) /* 1.3.6.1.5.5.7.num, id-pkix num */
#define ID_KP(num) (ID_PKIX(3)+(num)) /* 1.3.6.1.5.5.7.3.num, id-kp num */
enum ExtKeyUsage_Sum { /* From RFC 5280 */ enum ExtKeyUsage_Sum { /* From RFC 5280 */
EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
@@ -1162,9 +1181,27 @@ enum ExtKeyUsage_Sum { /* From RFC 5280 */
EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */ EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */
EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */ EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */
EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */ EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */
EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */ EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */
/* From RFC 6187: X.509v3 Certificates for Secure Shell Authenticaiton */
EKU_SSH_CLIENT_AUTH_OID = ID_KP(21), /* id-kp-secureShellClient */
EKU_SSH_MSCL_OID = 264,
/* 1.3.6.1.4.1.311.20.2.2, MS Smart Card Logon */
EKU_SSH_KP_CLIENT_AUTH_OID = 64
/* 1.3.6.1.5.2.3.4, id-pkinit-KPClientAuth*/
}; };
#ifdef WOLFSSL_SUBJ_DIR_ATTR
#define ID_PDA(num) (ID_PKIX(9)+(num)) /* 1.3.6.1.5.5.7.9.num, id-pda num */
enum SubjDirAttr_Sum { /* From RFC 3739, section 3.3.2 */
SDA_DOB_OID = ID_PDA(1), /* id-pda-dateOfBirth */
SDA_POB_OID = ID_PDA(2), /* id-pda-placeOfBirth */
SDA_GENDER_OID = ID_PDA(3), /* id-pda-gender */
SDA_COC_OID = ID_PDA(4), /* id-pda-countryOfCitizenship */
SDA_COR_OID = ID_PDA(5) /* id-pda-countryOfResidence */
};
#endif /* WOLFSSL_SUBJ_DIR_ATTR */
#ifdef HAVE_LIBZ #ifdef HAVE_LIBZ
enum CompressAlg_Sum { enum CompressAlg_Sum {
ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */ ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */
@@ -1223,6 +1260,11 @@ enum CsrAttrType {
#define EXTKEYUSE_CLIENT_AUTH 0x04 #define EXTKEYUSE_CLIENT_AUTH 0x04
#define EXTKEYUSE_SERVER_AUTH 0x02 #define EXTKEYUSE_SERVER_AUTH 0x02
#define EXTKEYUSE_ANY 0x01 #define EXTKEYUSE_ANY 0x01
#ifdef WOLFSSL_WOLFSSH
#define EXTKEYUSE_SSH_CLIENT_AUTH 0x01
#define EXTKEYUSE_SSH_MSCL 0x02
#define EXTKEYUSE_SSH_KP_CLIENT_AUTH 0x04
#endif /* WOLFSSL_WOLFSSH */
#define WC_NS_SSL_CLIENT 0x80 #define WC_NS_SSL_CLIENT 0x80
#define WC_NS_SSL_SERVER 0x40 #define WC_NS_SSL_SERVER 0x40
@@ -1252,8 +1294,15 @@ struct DNS_entry {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
char* ipString; /* human readable form of IP address */ char* ipString; /* human readable form of IP address */
#endif #endif
#ifdef WOLFSSL_FPKI
int oidSum; /* provide oid sum for verification */
#endif
}; };
#ifdef WOLFSSL_FPKI
/* RFC4122 i.e urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6 */
#define DEFAULT_UUID_SZ 45
#endif
typedef struct Base_entry Base_entry; typedef struct Base_entry Base_entry;
@@ -1535,6 +1584,9 @@ struct DecodedCert {
byte policyConstSkip; /* Policy Constraints skip certs value */ byte policyConstSkip; /* Policy Constraints skip certs value */
word16 extKeyUsage; /* Key usage bitfield */ word16 extKeyUsage; /* Key usage bitfield */
byte extExtKeyUsage; /* Extended Key usage bitfield */ byte extExtKeyUsage; /* Extended Key usage bitfield */
#ifdef WOLFSSL_WOLFSSH
byte extExtKeyUsageSsh; /* Extended Key Usage bitfield for SSH */
#endif /* WOLFSSL_WOLFSSH */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
const byte* extExtKeyUsageSrc; const byte* extExtKeyUsageSrc;
@@ -1553,6 +1605,21 @@ struct DecodedCert {
const byte* extSubjAltNameSrc; const byte* extSubjAltNameSrc;
word32 extSubjAltNameSz; word32 extSubjAltNameSz;
#endif #endif
#ifdef WOLFSSL_SUBJ_DIR_ATTR
char countryOfCitizenship[COUNTRY_CODE_LEN+1]; /* ISO 3166 Country Code */
#ifdef OPENSSL_ALL
const byte* extSubjDirAttrSrc;
word32 extSubjDirAttrSz;
#endif
#endif /* WOLFSSL_SUBJ_DIR_ATTR */
#ifdef WOLFSSL_SUBJ_INFO_ACC
const byte* extSubjInfoAccCaRepo;
word32 extSubjInfoAccCaRepoSz;
#ifdef OPENSSL_ALL
const byte* extSubjInfoAccSrc;
word32 extSubjInfoAccSz;
#endif
#endif /* WOLFSSL_SUBJ_INFO_ACC */
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
word32 pkCurveOID; /* Public Key's curve OID */ word32 pkCurveOID; /* Public Key's curve OID */
@@ -1732,6 +1799,12 @@ struct DecodedCert {
byte extSubjKeyIdCrit : 1; byte extSubjKeyIdCrit : 1;
byte extKeyUsageCrit : 1; byte extKeyUsageCrit : 1;
byte extExtKeyUsageCrit : 1; byte extExtKeyUsageCrit : 1;
#ifdef WOLFSSL_SUBJ_DIR_ATTR
byte extSubjDirAttrSet : 1;
#endif
#ifdef WOLFSSL_SUBJ_INFO_ACC
byte extSubjInfoAccSet : 1;
#endif
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
byte extCertPolicyCrit : 1; byte extCertPolicyCrit : 1;
#endif #endif

6
wolfssl/wolfcrypt/asn_public.h
View File

@@ -830,6 +830,12 @@ WOLFSSL_API int wc_ParseCert(
WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert, WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
byte* derKey, word32* derKeySz); byte* derKey, word32* derKeySz);
#ifdef WOLFSSL_FPKI
WOLFSSL_API int wc_GetUUIDFromCert(struct DecodedCert* cert,
byte* uuid, word32* uuidSz);
WOLFSSL_API int wc_GetFASCNFromCert(struct DecodedCert* cert,
byte* fascn, word32* fascnSz);
#endif /* WOLFSSL_FPKI */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif