From ec92f76decbda6d79489bd2da357a688aa1f708f Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 12 Sep 2025 16:08:05 -0700 Subject: [PATCH] Fix tests when building with PEM support disabled by using DER certs/keys. --- examples/client/client.c | 4 + examples/echoserver/echoserver.c | 19 +- examples/server/server.c | 15 +- src/ssl_load.c | 30 +++ tests/api.c | 385 +++++++++++++++++++------------ tests/api/test_tls13.c | 60 ++--- tests/unit.c | 3 +- tests/unit.h | 6 + tests/utils.c | 4 +- wolfcrypt/src/asn.c | 4 +- wolfssl/test.h | 72 ++++++ 11 files changed, 414 insertions(+), 188 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index a2ccd0923..b47b3ecd7 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2221,7 +2221,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_RPK int useRPK = 0; #endif /* HAVE_RPK */ +#ifdef WOLFSSL_PEM_TO_DER int fileFormat = WOLFSSL_FILETYPE_PEM; +#else + int fileFormat = WOLFSSL_FILETYPE_ASN1; +#endif #if defined(WOLFSSL_SYS_CRYPTO_POLICY) const char * policy = NULL; #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 34f84e876..dc8fcae24 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -105,6 +105,11 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; char buffer[WOLFSSL_MAX_ERROR_SZ]; +#ifdef WOLFSSL_PEM_TO_DER + int filetype = WOLFSSL_FILETYPE_PEM; +#else + int filetype = WOLFSSL_FILETYPE_ASN1; +#endif #ifdef HAVE_TEST_SESSION_TICKET MyTicketCtx myTicketCtx; #endif @@ -180,12 +185,12 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) if (doPSK == 0) { #if defined(HAVE_ECC) && !defined(WOLFSSL_SNIFFER) /* ecc */ - if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, filetype) != WOLFSSL_SUCCESS) err_sys("can't load server cert file, " "Please run from wolfSSL home dir"); - if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, filetype) != WOLFSSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); @@ -196,7 +201,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) err_sys("can't load server cert file, " "Please run from wolfSSL home dir"); - if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, filetype) != WOLFSSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); @@ -208,19 +213,19 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) "Please run from wolfSSL home dir"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) + filetype) != WOLFSSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); #elif defined(NO_CERTS) /* do nothing, just don't load cert files */ #else /* normal */ - if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, filetype) != WOLFSSL_SUCCESS) err_sys("can't load server cert file, " "Please run from wolfSSL home dir"); - if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, filetype) != WOLFSSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); @@ -309,7 +314,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) if (ssl == NULL) err_sys("SSL_new failed"); wolfSSL_set_fd(ssl, clientfd); #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN) - wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); + wolfSSL_SetTmpDH_file(ssl, dhParamFile, filetype); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif diff --git a/examples/server/server.c b/examples/server/server.c index 934074274..06e0aeb6a 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2771,7 +2771,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) wolfSSL_CTX_set_TicketEncCtx(ctx, &myTicketCtx); #endif -#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL) +#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL) && \ + defined(WOLFSSL_PEM_TO_DER) /* used for testing only to set a static/fixed ephemeral key for use with the sniffer */ #if defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \ @@ -2804,7 +2805,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) err_sys_ex(runWithErrors, "error loading static X25519 key"); } #endif -#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL */ +#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL && WOLFSSL_PEM_TO_DER */ if (cipherList && !useDefCipherList) { if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) @@ -2849,8 +2850,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server cert buffer"); #elif !defined(TEST_LOAD_BUFFER) + #if defined(WOLFSSL_PEM_TO_DER) if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) != WOLFSSL_SUCCESS) + #else + if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + #endif err_sys_ex(catastrophic, "can't load server cert file, check file " "and run from wolfSSL home dir"); #else @@ -2892,8 +2898,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server private key buffer"); #elif !defined(TEST_LOAD_BUFFER) + #if defined(WOLFSSL_PEM_TO_DER) if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) + #else + if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_ASN1) + != WOLFSSL_SUCCESS) + #endif err_sys_ex(catastrophic, "can't load server private key file, " "check file and run from wolfSSL home dir"); #ifdef WOLFSSL_DUAL_ALG_CERTS diff --git a/src/ssl_load.c b/src/ssl_load.c index 7f7b8a180..fac44a2e2 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -3018,9 +3018,15 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, } if (file != NULL) { +#ifdef WOLFSSL_PEM_TO_DER /* Load the PEM formatted CA file */ ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL, verify); +#else + /* Load the DER formatted CA file */ + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, 0, + NULL, verify); +#endif #ifndef NO_WOLFSSL_DIR if (ret == 1) { /* Include success in overall count. */ @@ -3029,7 +3035,11 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, #endif #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) /* Load CA as a trusted peer certificate. */ +#ifdef WOLFSSL_PEM_TO_DER ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM); +#else + ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_ASN1); +#endif if (ret != 1) { WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error"); } @@ -3592,8 +3602,13 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) /* process up to MAX_CHAIN_DEPTH plus subject cert */ WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file"); +#ifdef WOLFSSL_PEM_TO_DER ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL, GET_VERIFY_SETTING_CTX(ctx)); +#else + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1, NULL, + GET_VERIFY_SETTING_CTX(ctx)); +#endif /* Return 1 on success or 0 on failure. */ return WS_RC(ret); @@ -3895,8 +3910,13 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) ret = BAD_FUNC_ARG; } else { +#ifdef WOLFSSL_PEM_TO_DER ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL, GET_VERIFY_SETTING_SSL(ssl)); +#else + ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, + 1, NULL, GET_VERIFY_SETTING_SSL(ssl)); +#endif /* Return 1 on success or 0 on failure. */ ret = WS_RC(ret); } @@ -4483,8 +4503,13 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, long sz) { +#ifdef WOLFSSL_PEM_TO_DER return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz, WOLFSSL_FILETYPE_PEM); +#else + return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz, + WOLFSSL_FILETYPE_ASN1); +#endif } /* Load a user certificate in a buffer into SSL. @@ -4823,8 +4848,13 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, const unsigned char* in, long sz) { +#ifdef WOLFSSL_PEM_TO_DER return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz, WOLFSSL_FILETYPE_PEM); +#else + return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz, + WOLFSSL_FILETYPE_ASN1); +#endif } #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ diff --git a/tests/api.c b/tests/api.c index 1ae524f78..1969744b5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1746,9 +1746,9 @@ static int test_for_double_Free(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectNotNull(ssl = wolfSSL_new(ctx)); /* First test freeing SSL, then CTX */ @@ -1763,9 +1763,9 @@ static int test_for_double_Free(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectNotNull(ssl = wolfSSL_new(ctx)); /* Next test freeing CTX then SSL */ @@ -1781,9 +1781,9 @@ static int test_for_double_Free(void) #endif /* Test setting ciphers at ctx level */ ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers)); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) @@ -1812,9 +1812,9 @@ static int test_for_double_Free(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectNotNull(ssl = wolfSSL_new(ctx)); /* test setting ciphers at SSL level */ ExpectTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers)); @@ -2021,9 +2021,9 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void) #endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectNotNull(ssl = wolfSSL_new(ctx)); @@ -2084,21 +2084,21 @@ static int test_wolfSSL_CTX_use_certificate_file(void) /* invalid context */ ExpectFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* invalid cert file */ ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* invalid cert type */ ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999)); #ifdef NO_RSA /* rsa needed */ ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #else /* success */ ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #endif wolfSSL_CTX_free(ctx); @@ -2212,26 +2212,31 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void) /* invalid context */ ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* invalid key file */ ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* invalid key type */ ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999)); /* invalid key format */ +#ifdef WOLFSSL_PEM_TO_DER ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, "./certs/dh-priv-2048.pem", WOLFSSL_FILETYPE_PEM)); +#else + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, "./certs/dh-priv-2048.der", + WOLFSSL_FILETYPE_ASN1)); +#endif /* success */ #ifdef NO_RSA /* rsa needed */ ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #else /* success */ ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #endif wolfSSL_CTX_free(ctx); @@ -2488,7 +2493,8 @@ static int test_wolfSSL_CTX_load_verify_locations(void) int* p; #endif #endif -#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ + defined(WOLFSSL_PEM_TO_DER) const char* load_certs_path = "./certs/external"; const char* load_no_certs_path = "./examples"; const char* load_expired_path = "./certs/test/expired"; @@ -2650,7 +2656,8 @@ static int test_wolfSSL_CTX_load_verify_locations(void) #endif #endif -#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ + defined(WOLFSSL_PEM_TO_DER) /* Test loading CA certificates using a path */ #ifdef NO_RSA /* failure here okay since certs in external directory are RSA */ @@ -2699,7 +2706,8 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(NO_TLS) && (!defined(NO_RSA) || defined(HAVE_ECC)) + !defined(NO_TLS) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ + defined(WOLFSSL_PEM_TO_DER) WOLFSSL_CTX* ctx; byte dirValid = 0; int ret = 0; @@ -2794,7 +2802,7 @@ static int test_cm_load_ca_file(const char* ca_cert_file) ret = load_file(ca_cert_file, &cert_buf, &cert_sz); if (ret == 0) { /* normal test */ - ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM); + ret = test_cm_load_ca_buffer(cert_buf, cert_sz, CERT_FILETYPE); if (ret == WOLFSSL_SUCCESS) { /* test including null terminator in length */ @@ -2806,7 +2814,7 @@ static int test_cm_load_ca_file(const char* ca_cert_file) cert_buf = tmp; cert_buf[cert_sz] = '\0'; ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, - WOLFSSL_FILETYPE_PEM); + CERT_FILETYPE); } } @@ -2864,7 +2872,7 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) if (ret == 0) { /* normal test */ ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz, - WOLFSSL_FILETYPE_PEM, flags); + CERT_FILETYPE, flags); if (ret == WOLFSSL_SUCCESS) { /* test including null terminator in length */ @@ -2876,7 +2884,7 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) cert_buf = tmp; cert_buf[cert_sz] = '\0'; ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1, - WOLFSSL_FILETYPE_PEM, flags); + CERT_FILETYPE, flags); } } @@ -2943,9 +2951,13 @@ static int test_wolfSSL_CertManagerAPI(void) #if !defined(NO_FILESYSTEM) { + #ifdef WOLFSSL_PEM_TO_DER const char* ca_cert = "./certs/ca-cert.pem"; #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) const char* ca_cert_der = "./certs/ca-cert.der"; + #endif + #else + const char* ca_cert = "./certs/ca-cert.der"; #endif const char* ca_path = "./certs"; @@ -2958,10 +2970,12 @@ static int test_wolfSSL_CertManagerAPI(void) WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)); - ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file", - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); +#ifdef WOLFSSL_PEM_TO_DER ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der, WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file", + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); #endif ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL), @@ -3079,8 +3093,13 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void) { EXPECT_DECLS; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if defined(WOLFSSL_PEM_TO_DER) const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif int ret; ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1); @@ -3111,8 +3130,13 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void) { EXPECT_DECLS; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if defined(WOLFSSL_PEM_TO_DER) const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif int ret; ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE), @@ -3149,10 +3173,17 @@ static int test_wolfSSL_CertManagerLoadCABufferType(void) EXPECT_DECLS; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_RSA) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) +#if defined(WOLFSSL_PEM_TO_DER) const char* ca_cert = "./certs/ca-cert.pem"; const char* int1_cert = "./certs/intermediate/ca-int-cert.pem"; const char* int2_cert = "./certs/intermediate/ca-int2-cert.pem"; const char* client_cert = "./certs/intermediate/client-int-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* int1_cert = "./certs/intermediate/ca-int-cert.der"; + const char* int2_cert = "./certs/intermediate/ca-int2-cert.der"; + const char* client_cert = "./certs/intermediate/client-int-cert.der"; +#endif byte* ca_cert_buf = NULL; byte* int1_cert_buf = NULL; byte* int2_cert_buf = NULL; @@ -3170,32 +3201,32 @@ static int test_wolfSSL_CertManagerLoadCABufferType(void) ExpectIntEQ(load_file(client_cert, &client_cert_buf, &client_cert_sz), 0); ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, - (sword32)ca_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 0), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, - (sword32)ca_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 5), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, - (sword32)ca_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_CA), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, - (sword32)int1_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)int1_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, - (sword32)int2_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)int2_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, - (sword32)client_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)client_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), WOLFSSL_SUCCESS); @@ -3205,64 +3236,64 @@ static int test_wolfSSL_CertManagerLoadCABufferType(void) /* Intermediate certs have been unloaded, but CA cert is still loaded. Expect first level intermediate to verify, rest to fail. */ ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, - (sword32)int1_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)int1_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_TEMP_CA), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, - (sword32)int2_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)int2_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_CHAIN_CA), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, - (sword32)client_cert_sz, WOLFSSL_FILETYPE_PEM, 0, + (sword32)client_cert_sz, CERT_FILETYPE, 0, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_CHAIN_CA), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_TEMP_CA), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_CA), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); if (cm) wolfSSL_CertManagerFree(cm); @@ -3356,8 +3387,13 @@ static int test_wolfSSL_CertManagerSetVerify(void) (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) WOLFSSL_CERT_MANAGER* cm = NULL; int tmp = myVerifyAction; +#ifdef WOLFSSL_PEM_TO_DER const char* ca_cert = "./certs/ca-cert.pem"; const char* expiredCert = "./certs/test/expired/expired-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* expiredCert = "./certs/test/expired/expired-cert.der"; +#endif wolfSSL_CertManagerSetVerify(NULL, NULL); wolfSSL_CertManagerSetVerify(NULL, myVerify); @@ -3376,7 +3412,7 @@ static int test_wolfSSL_CertManagerSetVerify(void) myVerifyAction = VERIFY_OVERRIDE_ERROR; ExpectIntEQ(wolfSSL_CertManagerVerify(cm, expiredCert, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + CERT_FILETYPE), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALWAYS_VERIFY_CB { @@ -5090,13 +5126,21 @@ static int test_wolfSSL_CertRsaPss(void) (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2))) XFILE f = XBADFILE; const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der"; +#ifdef WOLFSSL_PEM_TO_DER const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem"; +#else + const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.der"; +#endif #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \ RSA_MAX_SIZE >= 3072 const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der"; #endif #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072 +#ifdef WOLFSSL_PEM_TO_DER const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem"; +#else + const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.der"; +#endif #endif DecodedCert cert; byte buf[4096]; @@ -5244,8 +5288,13 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) WOLFSSL_CTX* ctx = NULL; +#ifdef WOLFSSL_PEM_TO_DER const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); @@ -5454,7 +5503,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; #ifndef NO_FILESYSTEM - const char* cert = "./certs/server-cert.pem"; + const char* cert = svrCertFile; unsigned char* buf = NULL; size_t len = 0; @@ -5472,19 +5521,23 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_PEM_TO_DER ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_PEM_TO_DER ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf, - (sword32)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + (sword32)len, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (sword32)len), WOLFSSL_SUCCESS); @@ -5501,12 +5554,14 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_PEM_TO_DER ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048, sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -5526,7 +5581,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) const char* server_chain_der = "./certs/server-cert-chain.der"; - const char* client_single_pem = "./certs/client-cert.pem"; + const char* client_single_pem = cliCertFile; WOLFSSL_CTX* ctx = NULL; (void)server_chain_der; @@ -5542,7 +5597,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, - client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_single_pem, CERT_FILETYPE), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif @@ -5555,7 +5610,7 @@ static int test_wolfSSL_use_certificate_chain_file(void) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) const char* server_chain_der = "./certs/server-cert-chain.der"; - const char* client_single_pem = "./certs/client-cert.pem"; + const char* client_single_pem = cliCertFile; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; @@ -5577,13 +5632,15 @@ static int test_wolfSSL_use_certificate_chain_file(void) WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_PEM_TO_DER ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, - client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + client_single_pem, CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, client_single_pem), WOLFSSL_SUCCESS); @@ -5601,7 +5658,11 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx = NULL; #if defined(WOLFSSL_WPAS) && !defined(NO_DSA) +#if defined(WOLFSSL_PEM_TO_DER) const char* dsaParamFile = "./certs/dsaparams.pem"; +#else + const char* dsaParamFile = "./certs/dsaparams.der"; +#endif #endif (void)ctx; @@ -5614,21 +5675,21 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) /* invalid context */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, - dhParamFile, WOLFSSL_FILETYPE_PEM)); + dhParamFile, CERT_FILETYPE)); /* invalid dhParamFile file */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, - NULL, WOLFSSL_FILETYPE_PEM)); + NULL, CERT_FILETYPE)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, - bogusFile, WOLFSSL_FILETYPE_PEM)); + bogusFile, CERT_FILETYPE)); /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #if defined(WOLFSSL_WPAS) && !defined(NO_DSA) ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #endif wolfSSL_CTX_free(ctx); @@ -6019,9 +6080,9 @@ static int test_server_wolfSSL_new(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* invalid context */ ExpectNull(ssl = wolfSSL_new(NULL)); @@ -6084,53 +6145,60 @@ static int test_wolfSSL_SetTmpDH_file(void) WOLFSSL_CTX *ctx = NULL; WOLFSSL *ssl = NULL; +#ifdef WOLFSSL_PEM_TO_DER const char* dhX942ParamFile = "./certs/x942dh2048.pem"; #if defined(WOLFSSL_WPAS) && !defined(NO_DSA) const char* dsaParamFile = "./certs/dsaparams.pem"; +#endif +#else + const char* dhX942ParamFile = "./certs/x942dh2048.der"; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + const char* dsaParamFile = "./certs/dsaparams.der"; +#endif #endif ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #ifndef NO_RSA ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #elif defined(HAVE_ECC) ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #elif defined(HAVE_ED25519) ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #elif defined(HAVE_ED448) ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #endif ExpectNotNull(ssl = wolfSSL_new(ctx)); /* invalid ssl */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL, - dhParamFile, WOLFSSL_FILETYPE_PEM)); + dhParamFile, CERT_FILETYPE)); /* invalid dhParamFile file */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, - NULL, WOLFSSL_FILETYPE_PEM)); + NULL, CERT_FILETYPE)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, - bogusFile, WOLFSSL_FILETYPE_PEM)); + bogusFile, CERT_FILETYPE)); /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #if defined(WOLFSSL_WPAS) && !defined(NO_DSA) ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #endif wolfSSL_free(ssl); @@ -7476,14 +7544,14 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->c_ctx, clientCertFile), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, clientKeyFile, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + CERT_FILETYPE), WOLFSSL_SUCCESS); } #ifdef HAVE_CRL if (ctx->c_cb.crlPemFile != NULL) { ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx->c_ctx, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx->c_ctx, ctx->c_cb.crlPemFile, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + CERT_FILETYPE), WOLFSSL_SUCCESS); } #endif if (ctx->c_ciphers != NULL) { @@ -7559,7 +7627,7 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) #endif { ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, serverKeyFile, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + CERT_FILETYPE), WOLFSSL_SUCCESS); } if (ctx->s_ciphers != NULL) { ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx->s_ctx, ctx->s_ciphers), @@ -7585,7 +7653,7 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl, clientCertFile), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, clientKeyFile, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + CERT_FILETYPE), WOLFSSL_SUCCESS); } if (ctx->c_cb.ssl_ready != NULL) { ExpectIntEQ(ctx->c_cb.ssl_ready(ctx->c_ssl), TEST_SUCCESS); @@ -7606,10 +7674,10 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl, serverCertFile), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, serverKeyFile, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + CERT_FILETYPE), WOLFSSL_SUCCESS); } #if !defined(NO_FILESYSTEM) && !defined(NO_DH) - wolfSSL_SetTmpDH_file(ctx->s_ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); + wolfSSL_SetTmpDH_file(ctx->s_ssl, dhParamFile, CERT_FILETYPE); #elif !defined(NO_DH) /* will repick suites with DHE, higher priority than PSK */ SetDH(ctx->s_ssl); @@ -8073,10 +8141,10 @@ THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) certFile = cbf->certPemFile; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, certFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_certificate_file(ctx, certFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ @@ -8087,10 +8155,10 @@ THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) keyFile = cbf->keyPemFile; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ @@ -8101,7 +8169,7 @@ THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) if (cbf != NULL && cbf->crlPemFile != NULL) { if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) goto done; - if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, CERT_FILETYPE) != WOLFSSL_SUCCESS) goto done; } @@ -8133,10 +8201,10 @@ THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_certificate_file(ssl, certFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_certificate_file(ssl, certFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ @@ -8144,10 +8212,10 @@ THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, keyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_PrivateKey_file(ssl, keyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ @@ -8160,7 +8228,7 @@ THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) } #if !defined(NO_FILESYSTEM) && !defined(NO_DH) - wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); + wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif @@ -8337,7 +8405,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) goto done; } if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ /* Release the wait for TCP ready. */ @@ -8345,7 +8413,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) goto done; } if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ /* Release the wait for TCP ready. */ @@ -8364,7 +8432,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) goto done; } if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ /* Release the wait for TCP ready. */ @@ -8372,7 +8440,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) goto done; } if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ /* Release the wait for TCP ready. */ @@ -8381,7 +8449,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) } #if !defined(NO_FILESYSTEM) && !defined(NO_DH) - wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); + wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif @@ -8524,10 +8592,10 @@ int test_client_nofail(void* args, cbType cb) } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ @@ -8535,10 +8603,10 @@ int test_client_nofail(void* args, cbType cb) } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client key file, " @@ -8557,7 +8625,7 @@ int test_client_nofail(void* args, cbType cb) if (cbf != NULL && cbf->crlPemFile != NULL) { if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) goto done; - if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, CERT_FILETYPE) != WOLFSSL_SUCCESS) goto done; } @@ -8574,10 +8642,10 @@ int test_client_nofail(void* args, cbType cb) } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_certificate_file(ssl, cliCertFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ @@ -8585,10 +8653,10 @@ int test_client_nofail(void* args, cbType cb) } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ @@ -9090,19 +9158,19 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) } if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } #ifdef HAVE_CRL if (callbacks->crlPemFile != NULL) { if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } } @@ -9140,19 +9208,19 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) wolfSSL_SetDevId(ssl, callbacks->devId); if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } } #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) - wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); + wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif @@ -9294,12 +9362,12 @@ static void run_wolfssl_client(void* args) if (!callbacks->loadToSSL) { if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } } @@ -9307,7 +9375,7 @@ static void run_wolfssl_client(void* args) #ifdef HAVE_CRL if (callbacks->crlPemFile != NULL) { if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } } @@ -9333,12 +9401,12 @@ static void run_wolfssl_client(void* args) wolfSSL_SetDevId(ssl, callbacks->devId); if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + CERT_FILETYPE) != WOLFSSL_SUCCESS) { goto cleanup; } } @@ -12847,9 +12915,9 @@ static int test_tls_ext_duplicate(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* Read from 'msg'. */ wolfSSL_SetIORecv(ctx, BufferInfoRecv); @@ -12929,9 +12997,9 @@ static int test_tls_bad_legacy_version(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* Read from 'msg'. */ wolfSSL_SetIORecv(ctx, BufferInfoRecv); @@ -13531,10 +13599,14 @@ static int test_wolfSSL_PKCS8(void) byte buff[FOURK_BUF]; byte der[FOURK_BUF]; #ifndef NO_RSA +#ifdef WOLFSSL_PEM_TO_DER const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem"; +#endif const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der"; #endif +#ifdef WOLFSSL_PEM_TO_DER const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; +#endif #ifdef HAVE_ECC const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; #endif @@ -13580,6 +13652,7 @@ static int test_wolfSSL_PKCS8(void) flag = 1; /* used by password callback as return code */ #if !defined(NO_RSA) && !defined(NO_SHA) + #if defined(WOLFSSL_PEM_TO_DER) /* test loading PEM PKCS8 encrypted file */ ExpectTrue((f = XFOPEN(serverKeyPkcs8EncPemFile, "rb")) != XBADFILE); ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); @@ -13602,6 +13675,7 @@ static int test_wolfSSL_PKCS8(void) /* test that error value is returned with a bad password */ ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); + #endif /* test loading PEM PKCS8 encrypted file */ ExpectTrue((f = XFOPEN(serverKeyPkcs8EncDerFile, "rb")) != XBADFILE); @@ -13621,6 +13695,7 @@ static int test_wolfSSL_PKCS8(void) #endif /* !NO_RSA && !NO_SHA */ #if defined(HAVE_ECC) && !defined(NO_SHA) + #if defined(WOLFSSL_PEM_TO_DER) /* test loading PEM PKCS8 encrypted ECC Key file */ ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb")) != XBADFILE); ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); @@ -13644,6 +13719,7 @@ static int test_wolfSSL_PKCS8(void) /* test that error value is returned with a bad password */ ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); + #endif /* test loading DER PKCS8 encrypted ECC Key file */ ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb")) != XBADFILE); @@ -13678,6 +13754,7 @@ static int test_wolfSSL_PKCS8(void) ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_PEM_TO_DER /* test loading PEM PKCS8 private key file (not encrypted) */ ExpectTrue((f = XFOPEN(serverKeyPkcs8PemFile, "rb")) != XBADFILE); ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); @@ -13687,8 +13764,10 @@ static int test_wolfSSL_PKCS8(void) } ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + #endif #endif /* !NO_RSA */ +#ifdef WOLFSSL_PEM_TO_DER /* Test PKCS8 PEM ECC key no crypt */ ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); @@ -13696,12 +13775,13 @@ static int test_wolfSSL_PKCS8(void) XFCLOSE(f); f = XBADFILE; } +#endif #ifdef HAVE_ECC +#ifdef WOLFSSL_PEM_TO_DER /* Test PKCS8 PEM ECC key no crypt */ ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM) /* decrypt PKCS8 PEM to key in DER format */ ExpectIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), 0); @@ -13723,9 +13803,11 @@ static int test_wolfSSL_PKCS8(void) ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #else +#ifdef WOLFSSL_PEM_TO_DER /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */ ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif #endif /* HAVE_ECC */ wolfSSL_CTX_free(ctx); @@ -22628,9 +22710,9 @@ static int test_wolfSSL_set_options(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1); @@ -22656,9 +22738,9 @@ static int test_wolfSSL_set_options(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); #ifdef OPENSSL_EXTRA ExpectTrue(wolfSSL_CTX_set_msg_callback(ctx, msg_cb) == WOLFSSL_SUCCESS); #endif @@ -27753,9 +27835,9 @@ static int test_wolfSSL_SESSION(void) #endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ENCRYPTED_KEYS @@ -37567,7 +37649,11 @@ static int test_RsaSigFailure_cm(void) { EXPECT_DECLS; #ifndef NO_RSA +#ifdef WOLFSSL_PEM_TO_DER const char* ca_cert = "./certs/ca-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; +#endif const char* server_cert = "./certs/server-cert.der"; byte* cert_buf = NULL; size_t cert_sz = 0; @@ -37603,7 +37689,11 @@ static int test_EccSigFailure_cm(void) EXPECT_DECLS; #ifdef HAVE_ECC /* self-signed ECC cert, so use server cert as CA */ +#ifdef WOLFSSL_PEM_TO_DER const char* ca_cert = "./certs/ca-ecc-cert.pem"; +#else + const char* ca_cert = "./certs/ca-ecc-cert.der"; +#endif const char* server_cert = "./certs/server-ecc.der"; byte* cert_buf = NULL; size_t cert_sz = 0; @@ -41876,6 +41966,7 @@ static int test_wolfSSL_dtls_stateless(void) #ifdef HAVE_CERT_CHAIN_VALIDATION #ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION +#ifdef WOLFSSL_PEM_TO_DER static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; @@ -41893,7 +41984,7 @@ static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; - if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM)) + if ((ret = wolfSSL_CertManagerVerify(cm, certA, CERT_FILETYPE)) != WOLFSSL_SUCCESS) { fprintf(stderr, "could not verify the cert: %s\n", certA); fprintf(stderr, "Error: (%d): %s\n", ret, @@ -42113,6 +42204,7 @@ static int test_various_pathlen_chains(void) return EXPECT_RESULT(); } #endif +#endif #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */ #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) @@ -48461,13 +48553,13 @@ static int test_certreq_sighash_algos(void) wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_c, - "./certs/ca-ecc-cert.pem", NULL), WOLFSSL_SUCCESS); + caEccCertFile, NULL), WOLFSSL_SUCCESS); wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_PEER, NULL); - ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_s, "./certs/ecc-key.pem", - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, "./certs/server-ecc.pem", - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_s, eccKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, eccCertFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_connect(ssl_c), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), @@ -49924,9 +50016,13 @@ static int test_tls_cert_store_unchanged(void) Fail(("Should not enter here"), ("Entered here")); } - +#ifdef WOLFSSL_PEM_TO_DER client_cbf.certPemFile = "certs/intermediate/client-chain.pem"; server_cbf.certPemFile = "certs/intermediate/server-chain.pem"; +#else + client_cbf.certPemFile = "certs/intermediate/client-chain.der"; + server_cbf.certPemFile = "certs/intermediate/server-chain.der"; +#endif server_cbf.caPemFile = caCertFile; @@ -50881,7 +50977,8 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_CRL_duplicate_extensions), TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), TEST_DECL(test_wolfSSL_CheckOCSPResponse), -#if defined(HAVE_CERT_CHAIN_VALIDATION) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) +#if defined(HAVE_CERT_CHAIN_VALIDATION) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \ + defined(WOLFSSL_PEM_TO_DER) TEST_DECL(test_various_pathlen_chains), #endif TEST_DECL(test_wc_RsaPSS_DigitalSignVerify), diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c index 3121608e2..0ee312bc5 100644 --- a/tests/api/test_tls13.c +++ b/tests/api/test_tls13.c @@ -203,7 +203,7 @@ int test_tls13_apis(void) #if !defined(NO_FILESYSTEM) wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, - WOLFSSL_FILETYPE_PEM); + CERT_FILETYPE); #elif defined(USE_CERT_BUFFERS_2048) wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx, server_cert_der_2048, sizeof_server_cert_der_2048, @@ -231,7 +231,7 @@ int test_tls13_apis(void) /* ignore load failures, since we just need the server to have a cert set */ #if !defined(NO_FILESYSTEM) wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); - wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); + wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, CERT_FILETYPE); #elif defined(USE_CERT_BUFFERS_2048) wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, server_cert_der_2048, sizeof_server_cert_der_2048, @@ -946,9 +946,9 @@ int test_tls13_cipher_suites(void) /* Set up wolfSSL context. */ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, - WOLFSSL_FILETYPE_PEM)); + CERT_FILETYPE)); /* Read from 'msg'. */ wolfSSL_SetIORecv(ctx, CsRecv); /* No where to send to - dummy sender. */ @@ -1264,10 +1264,10 @@ int test_tls13_rpk_handshake(void) test_rpk_memio_setup( &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM) + cliCertFile, CERT_FILETYPE, + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE) , 0); @@ -1322,10 +1322,10 @@ int test_tls13_rpk_handshake(void) test_rpk_memio_setup( &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + cliCertFile, CERT_FILETYPE, + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* set client certificate type in client end */ @@ -1382,8 +1382,8 @@ int test_tls13_rpk_handshake(void) wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* set client certificate type in client end */ @@ -1450,8 +1450,8 @@ int test_tls13_rpk_handshake(void) wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* set client certificate type in client end */ @@ -1518,10 +1518,10 @@ int test_tls13_rpk_handshake(void) test_rpk_memio_setup( &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + cliCertFile, CERT_FILETYPE, + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* set client certificate type in client end @@ -1600,9 +1600,9 @@ int test_tls13_rpk_handshake(void) &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* have client tell to use RPK cert */ @@ -1674,8 +1674,8 @@ int test_tls13_rpk_handshake(void) wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, /* server sends RPK cert */ - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* have client tell to use RPK cert */ @@ -1755,10 +1755,10 @@ int test_tls13_rpk_handshake(void) test_rpk_memio_setup( &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, + cliCertFile, CERT_FILETYPE, svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* have client tell to use RPK cert intentionally */ @@ -1841,8 +1841,8 @@ int test_tls13_rpk_handshake(void) wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) , 0); /* set client certificate type in client end */ diff --git a/tests/unit.c b/tests/unit.c index 17a5b5c3f..5ccb92ebf 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -310,7 +310,8 @@ int unit_test(int argc, char** argv) #if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ !defined(NO_TLS) && \ - !defined(SINGLE_THREADED) + !defined(SINGLE_THREADED) && \ + defined(WOLFSSL_PEM_TO_DER) if ((ret = SuiteTest(argc, argv)) != 0) { fprintf(stderr, "suite test failed with %d\n", ret); goto exit; diff --git a/tests/unit.h b/tests/unit.h index 3ac95c000..a741b1f55 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -352,6 +352,12 @@ #endif #ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES +#ifdef WOLFSSL_PEM_TO_DER + #define CERT_FILETYPE WOLFSSL_FILETYPE_PEM +#else + #define CERT_FILETYPE WOLFSSL_FILETYPE_ASN1 +#endif + typedef int (*ctx_cb)(WOLFSSL_CTX* ctx); typedef int (*ssl_cb)(WOLFSSL* ssl); typedef int (*test_cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); diff --git a/tests/utils.c b/tests/utils.c index fb37eada9..20eb4cbaa 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -260,7 +260,7 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx, #ifndef NO_CERTS if (serverKey == NULL) { ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, - WOLFSSL_FILETYPE_PEM); + CERT_FILETYPE); } else { ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey, @@ -280,7 +280,7 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx, if (serverCert == NULL) { ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile, - WOLFSSL_FILETYPE_PEM); + CERT_FILETYPE); } else { ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s, diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1b65c59a2..44118ada4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -26635,11 +26635,11 @@ static wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; static wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----"; static wcchar END_PKCS7 = "-----END PKCS7-----"; #endif -#if defined(HAVE_ECC) || !defined(NO_DSA) +#if defined(HAVE_ECC) || !defined(NO_DSA) && defined(WOLFSSL_PEM_TO_DER) static wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; static wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; #endif -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_PEM_TO_DER) static wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN"; static wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----"; static wcchar END_PRIV_KEY_PREFIX = "-----END"; diff --git a/wolfssl/test.h b/wolfssl/test.h index c0cc3edff..90caff302 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -495,6 +495,7 @@ err_sys_with_errno(const char* msg) /* all certs relative to wolfSSL home directory now */ #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) +#ifdef WOLFSSL_PEM_TO_DER #define caCertFile "certs/ca-cert.pem" #define eccCertFile "certs/server-ecc.pem" #define eccKeyFile "certs/ecc-key.pem" @@ -528,6 +529,41 @@ err_sys_with_errno(const char* msg) #define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem" #define caEd448CertFile "certs/ed448/ca-ed448.pem" #define noIssuerCertFile "certs/empty-issuer-cert.pem" +#else +#define caCertFile "certs/ca-cert.der" +#define eccCertFile "certs/server-ecc.der" +#define eccKeyFile "certs/ecc-key.der" +#define eccKeyPubFile "certs/ecc-keyPub.der" +#define eccRsaCertFile "certs/server-ecc-rsa.der" +#define svrCertFile "certs/server-cert.der" +#define svrKeyFile "certs/server-key.der" +#define svrKeyPubFile "certs/server-keyPub.der" +#define cliCertFile "certs/client-cert.der" +#define cliCertDerFile "certs/client-cert.der" +#define cliCertFileExt "certs/client-cert-ext.der" +#define cliCertDerFileExt "certs/client-cert-ext.der" +#define cliKeyFile "certs/client-key.der" +#define cliKeyPubFile "certs/client-keyPub.der" +#define dhParamFile "certs/dh2048.der" +#define cliEccKeyFile "certs/ecc-client-key.der" +#define cliEccKeyPubFile "certs/ecc-client-keyPub.der" +#define cliEccCertFile "certs/client-ecc-cert.der" +#define caEccCertFile "certs/ca-ecc-cert.der" +#define crlPemDir "certs/crl" +#define edCertFile "certs/ed25519/server-ed25519-cert.der" +#define edKeyFile "certs/ed25519/server-ed25519-priv.der" +#define edKeyPubFile "certs/ed25519/server-ed25519-key.der" +#define cliEdCertFile "certs/ed25519/client-ed25519.der" +#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.der" +#define cliEdKeyPubFile "certs/ed25519/client-ed25519-key.der" +#define caEdCertFile "certs/ed25519/ca-ed25519.der" +#define ed448CertFile "certs/ed448/server-ed448-cert.der" +#define ed448KeyFile "certs/ed448/server-ed448-priv.der" +#define cliEd448CertFile "certs/ed448/client-ed448.der" +#define cliEd448KeyFile "certs/ed448/client-ed448-priv.der" +#define caEd448CertFile "certs/ed448/ca-ed448.der" +#define noIssuerCertFile "certs/empty-issuer-cert.der" +#endif #define caCertFolder "certs/" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ @@ -559,6 +595,7 @@ err_sys_with_errno(const char* msg) #define wnrConfig "wnr-example.conf" #endif #else +#ifdef WOLFSSL_PEM_TO_DER #define caCertFile "./certs/ca-cert.pem" #define eccCertFile "./certs/server-ecc.pem" #define eccKeyFile "./certs/ecc-key.pem" @@ -592,6 +629,41 @@ err_sys_with_errno(const char* msg) #define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem" #define caEd448CertFile "./certs/ed448/ca-ed448.pem" #define noIssuerCertFile "./certs/empty-issuer-cert.pem" +#else +#define caCertFile "./certs/ca-cert.der" +#define eccCertFile "./certs/server-ecc.der" +#define eccKeyFile "./certs/ecc-key.der" +#define eccKeyPubFile "./certs/ecc-keyPub.der" +#define eccRsaCertFile "./certs/server-ecc-rsa.der" +#define svrCertFile "./certs/server-cert.der" +#define svrKeyFile "./certs/server-key.der" +#define svrKeyPubFile "./certs/server-keyPub.der" +#define cliCertFile "./certs/client-cert.der" +#define cliCertDerFile "./certs/client-cert.der" +#define cliCertFileExt "./certs/client-cert-ext.der" +#define cliCertDerFileExt "./certs/client-cert-ext.der" +#define cliKeyFile "./certs/client-key.der" +#define cliKeyPubFile "./certs/client-keyPub.der" +#define dhParamFile "./certs/dh2048.der" +#define cliEccKeyFile "./certs/ecc-client-key.der" +#define cliEccKeyPubFile "./certs/ecc-client-keyPub.der" +#define cliEccCertFile "./certs/client-ecc-cert.der" +#define caEccCertFile "./certs/ca-ecc-cert.der" +#define crlPemDir "./certs/crl" +#define edCertFile "./certs/ed25519/server-ed25519-cert.der" +#define edKeyFile "./certs/ed25519/server-ed25519-priv.der" +#define edKeyPubFile "./certs/ed25519/server-ed25519-key.der" +#define cliEdCertFile "./certs/ed25519/client-ed25519.der" +#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.der" +#define cliEdKeyPubFile "./certs/ed25519/client-ed25519-key.der" +#define caEdCertFile "./certs/ed25519/ca-ed25519.der" +#define ed448CertFile "./certs/ed448/server-ed448-cert.der" +#define ed448KeyFile "./certs/ed448/server-ed448-priv.der" +#define cliEd448CertFile "./certs/ed448/client-ed448.der" +#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.der" +#define caEd448CertFile "./certs/ed448/ca-ed448.der" +#define noIssuerCertFile "./certs/empty-issuer-cert.der" +#endif #define caCertFolder "./certs/" #ifdef HAVE_WNR /* Whitewood netRandom default config file */