From 7df8f2e2bbb169bc90ef957570ad03f67d11456e Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 15 Oct 2020 21:19:20 +0200
Subject: [PATCH] Internal unit tests

---
 src/bio.c                   |  12 +-
 src/ssl.c                   | 124 +++++++++-------
 tests/NCONF_test.cnf        |  19 +++
 tests/TXT_DB.txt            |  33 +++++
 tests/api.c                 | 287 ++++++++++++++++++++++++++++++++++--
 wolfssl/wolfcrypt/types.h   |   2 +-
 wolfssl/wolfcrypt/wc_port.h |   3 +
 7 files changed, 411 insertions(+), 69 deletions(-)
 create mode 100644 tests/NCONF_test.cnf
 create mode 100644 tests/TXT_DB.txt

diff --git a/src/bio.c b/src/bio.c
index 89a3e9d29..c5e335acb 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -229,7 +229,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
 
     #ifndef NO_FILESYSTEM
         if (bio && bio->type == WOLFSSL_BIO_FILE) {
-            ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr);
+            if (bio->ptr)
+                ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr);
+            else
+                ret = XREAD(bio->num, buf, len);
         }
     #endif
 
@@ -580,8 +583,11 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
         }
 
     #ifndef NO_FILESYSTEM
-        if (bio->type == WOLFSSL_BIO_FILE) {
-            ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr);
+        if (bio && bio->type == WOLFSSL_BIO_FILE) {
+            if (bio->ptr)
+                ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr);
+            else
+                ret = XWRITE(bio->num, data, len);
         }
     #endif
 
diff --git a/src/ssl.c b/src/ssl.c
index e309c292a..7728bb19b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15739,13 +15739,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         WOLFSSL_ENTER("wolfSSL_BIO_set_fd");
 
         if (b != NULL) {
-            if (b->type == WOLFSSL_BIO_FILE) {
-                b->ptr = XFDOPEN(fd, "rw");
-                if (!b->ptr) {
-                    WOLFSSL_MSG("Error opening file descriptor");
-                    return WOLFSSL_FAILURE;
-                }
-            }
             b->num = fd;
             b->shutdown = (byte)closeF;
         }
@@ -15891,6 +15884,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 if (bio->ptr) {
                     XFCLOSE((XFILE)bio->ptr);
                 }
+                else {
+                    XCLOSE(bio->num);
+                }
             }
         #endif
 
@@ -19733,7 +19729,7 @@ int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
     char *str;
     WOLFSSL_ENTER("wolfSSL_NCONF_get_number");
 
-    if (!conf || !group || !name || !result) {
+    if (!conf || !name || !result) {
         WOLFSSL_MSG("Bad parameter");
         return WOLFSSL_FAILURE;
     }
@@ -19803,7 +19799,8 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
                 char prevValue;
 
                 if (*startIdx == '{') {
-                    /* First read the section. Ex: ${ENV::COUNT} */
+                    /* First read the section.
+                     * format: ${section_name::var_name} */
                     s = ++startIdx;
                     while (*strIdx && *strIdx != ':') strIdx++;
                     if (!strIdx || s == strIdx || strIdx[1] != ':') {
@@ -19812,10 +19809,10 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
                         goto expand_cleanup;
                     }
                     *strIdx = '\0';
-                    *strIdx += 2;
+                    strIdx += 2;
                     startIdx = strIdx;
                 }
-                while (*strIdx && (XISALPHA(*strIdx) || *strIdx == '_'))
+                while (*strIdx && (XISALNUM(*strIdx) || *strIdx == '_'))
                     strIdx++;
                 endIdx = strIdx;
                 if (startIdx == endIdx) {
@@ -19987,7 +19984,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
             value = idx;
             /* Find end of value */
             idx = maxIdx-1;
-            while (*idx == ' ' || *idx == '\t')
+            while (idx >= value && (*idx == ' ' || *idx == '\t'))
                 idx--;
             valueLen = idx - value + 1;
 
@@ -20041,6 +20038,7 @@ void wolfSSL_NCONF_free(WOLFSSL_CONF *conf)
     WOLFSSL_ENTER("wolfSSL_NCONF_free");
     if (conf) {
         wolfSSL_sk_CONF_VALUE_free(conf->data);
+        XFREE(conf, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 }
 
@@ -21628,7 +21626,7 @@ error:
     return ret;
 }
 
-long wolfSSL_TXT_DB_write(WOLFSSL_BIO  *out, WOLFSSL_TXT_DB *db)
+long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
 {
     const WOLF_STACK_OF(WOLFSSL_STRING)* data;
     long totalLen = 0;
@@ -21743,10 +21741,9 @@ int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field,
 WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, int idx,
         WOLFSSL_STRING *value)
 {
-    WOLF_STACK_OF(WOLFSSL_STRING)* data;
     WOLFSSL_ENTER("wolfSSL_TXT_DB_get_by_index");
 
-    if (!db || idx < 0 || idx >= db->num_fields) {
+    if (!db || !db->data || idx < 0 || idx >= db->num_fields) {
         WOLFSSL_MSG("Bad parameter");
         return NULL;
     }
@@ -21756,17 +21753,22 @@ WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, int idx,
         return NULL;
     }
 
-    /* Set the hash and comp functions */
-    data = db->data;
-    while (data) {
-        if (data->comp != db->comp[idx] || data->hash_fn != db->hash_fn[idx]) {
-            data->comp = db->comp[idx];
-            data->hash_fn = db->hash_fn[idx];
-            data->hash = 0;
+    /* If first data struct has correct hash and cmp function then
+     * assume others do too */
+    if (db->data->hash_fn != db->hash_fn[idx] ||
+            db->data->comp != db->comp[idx]) {
+        /* Set the hash and comp functions */
+        WOLF_STACK_OF(WOLFSSL_STRING)* data = db->data;
+        while (data) {
+            if (data->comp != db->comp[idx] ||
+                    data->hash_fn != db->hash_fn[idx]) {
+                data->comp = db->comp[idx];
+                data->hash_fn = db->hash_fn[idx];
+                data->hash = 0;
+            }
+            data= data->next;
         }
-        data= data->next;
     }
-
     return (WOLFSSL_STRING*) wolfSSL_lh_retrieve(db->data, value);
 }
 #endif
@@ -23357,9 +23359,11 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
     int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
             const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig)
     {
+        (void)sig;
+
         WOLFSSL_ENTER("wolfSSL_X509_signature_print");
 
-        if (!bp || !sigalg || !sig) {
+        if (!bp || !sigalg) {
             WOLFSSL_MSG("Bad parameter");
             return WOLFSSL_FAILURE;
         }
@@ -27704,7 +27708,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
  * @param class Class of parsed ASN1 object
  * @param inLen Length of *in buffer
  * @return int  Depends on which bits are set in the returned int:
- *              0x80 an error occured during parsing
+ *              0x80 an error occurred during parsing
  *              0x20 parsed object is constructed
  *              0x01 the parsed object length is infinite
  */
@@ -50854,8 +50858,10 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
 
 int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
 {
-    byte* output;
+    byte* output = NULL;
     int len;
+    WC_RNG rng;
+    int ret = WOLFSSL_FAILURE;
     WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
 
     if (!bio || !p7) {
@@ -50863,31 +50869,45 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
         return WOLFSSL_FAILURE;
     }
 
+    if (!p7->rng) {
+        if (wc_InitRng(&rng) != 0) {
+            WOLFSSL_MSG("wc_InitRng error");
+            return WOLFSSL_FAILURE;
+        }
+        p7->rng = &rng;
+    }
+
     if ((len = wc_PKCS7_EncodeSignedData(p7, NULL, 0)) < 0) {
         WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
-        return WOLFSSL_FAILURE;
+        goto cleanup;
     }
 
     output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (!output) {
         WOLFSSL_MSG("malloc error");
-        return WOLFSSL_FAILURE;
+        goto cleanup;
     }
 
     if ((len = wc_PKCS7_EncodeSignedData(p7, output, len)) < 0) {
         WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
-        XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        return WOLFSSL_FAILURE;
+        goto cleanup;
     }
 
     if (wolfSSL_BIO_write(bio, output, len) <= 0) {
         WOLFSSL_MSG("wolfSSL_BIO_write error");
-        XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        return WOLFSSL_FAILURE;
+        goto cleanup;
     }
 
-    XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    return WOLFSSL_SUCCESS;
+    ret = WOLFSSL_SUCCESS;
+cleanup:
+    if (p7->rng == &rng) {
+        wc_FreeRng(&rng);
+        p7->rng = NULL;
+    }
+    if (output) {
+        XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    return ret;
 }
 
 int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
@@ -50934,14 +50954,19 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
     return WOLFSSL_SUCCESS;
 }
 
+/**
+ * This API was added as a helper function for libest. It
+ * encodes a stack of certificates to pkcs7 format.
+ * @param pkcs7 PKCS7 parameter object
+ * @param certs WOLFSSL_STACK_OF(WOLFSSL_X509)*
+ * @param out   Output bio
+ * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
+ */
 int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
                                WOLFSSL_BIO* out)
 {
     int ret;
     WOLFSSL_PKCS7* p7;
-    WC_RNG rng;
-    byte cleanRng = 0;
-
     WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs");
 
     if (!pkcs7 || !certs || !out) {
@@ -51000,26 +51025,18 @@ int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
         return WOLFSSL_FAILURE;
     }
 
-    if (!pkcs7->rng) {
-        if (wc_InitRng(&rng) != 0) {
-            WOLFSSL_MSG("wc_InitRng error");
-            return WOLFSSL_FAILURE;
-        }
-        pkcs7->rng = &rng;
-        cleanRng = 1;
-    }
-
     ret = wolfSSL_i2d_PKCS7_bio(out, pkcs7);
 
-    if (cleanRng) {
-        wc_FreeRng(&rng);
-        pkcs7->rng = NULL;
-    }
-
     return ret;
 }
 #endif /* !NO_BIO */
 
+/**
+ * This API was added as a helper functio for libest. It
+ * extracts a stack of certificates from the pkcs7 object.
+ * @param pkcs7 PKCS7 parameter object
+ * @return WOLFSSL_STACK_OF(WOLFSSL_X509)*
+ */
 WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
 {
     int i;
@@ -51037,7 +51054,8 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
         return p7->certs;
 
     for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
-        WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i], p7->pkcs7.certSz[i]);
+        WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i],
+                                              p7->pkcs7.certSz[i]);
         if (!ret)
             ret = wolfSSL_sk_X509_new();
         if (x509) {
diff --git a/tests/NCONF_test.cnf b/tests/NCONF_test.cnf
new file mode 100644
index 000000000..3852ec529
--- /dev/null
+++ b/tests/NCONF_test.cnf
@@ -0,0 +1,19 @@
+#
+# This file is a sample configuration file that
+# can be loaded with wolfSSL_NCONF_load
+#
+
+dir = ./test-dir
+port = 1234
+
+[ section1 ]
+file1 = ./test-dir/file1 	# test comment
+file1_copy = $dir/file1
+s1_dir = ./section1			# more comments
+
+[section2]
+
+fileName2 = file2 
+file_list = ${section1::file1}:$dir/file2:${section1::s1_dir}:$fileName2
+
+port = 4321
diff --git a/tests/TXT_DB.txt b/tests/TXT_DB.txt
new file mode 100644
index 000000000..897332994
--- /dev/null
+++ b/tests/TXT_DB.txt
@@ -0,0 +1,33 @@
+# This file was generated by libest unit tests.
+
+V	211015165802Z		12F8	unknown	/CN=TestCase9
+V	211015165748Z		12F6	unknown	/CN=rsa doe
+V	211015165732Z		12F4	unknown	/CN=rsa doe
+V	211015165716Z		12F2	unknown	/CN=rsa doe
+V	320926161828Z		12F0	unknown	/CN=rsa doe
+V	211014161800Z		12EE	unknown	/CN=us4880_test2
+V	320926161718Z		12EC	unknown	/CN=TEST16-CN
+V	320926161653Z		12EA	unknown	/CN=TC4752-13
+V	320926161607Z		12E8	unknown	/CN=TC4752-8
+V	320926161541Z		12E6	unknown	/CN=US4752-TC2
+V	320926161515Z		12E4	unknown	/CN=TCUS3612-3
+V	211014161456Z		12E2	unknown	/CN=TC2174-4
+V	211014161456Z		12E0	unknown	/CN=TC2174-4
+V	211014161455Z		12DE	unknown	/CN=TC2174-4
+V	320926161440Z		12DC	unknown	/CN=TC1883-7
+V	320926161440Z		12DA	unknown	/CN=TC1883-6
+V	320926161434Z		12D8	unknown	/CN=rsa doe
+V	320926161421Z		12D6	unknown	/CN=TC1005-93
+V	320926161410Z		12D4	unknown	/CN=TC1005-10
+V	320926161359Z		12D2	unknown	/CN=TC1005-8
+V	320926161349Z		12D0	unknown	/CN=TC1005-6
+V	320926161343Z		12CE	unknown	/CN=TC1005-3
+V	320926161343Z		12CC	unknown	/CN=TC1005-1
+V	320926161338Z		12CA	unknown	/CN=TestCase9
+V	320926161332Z		12C8	unknown	/CN=US903-test7 CN
+V	320926161321Z		12C6	unknown	/CN=dsa doe
+V	320926161321Z		12C4	unknown	/CN=rsa doe
+V	320926161304Z		12C2	unknown	/CN=dsa doe
+V	320926161304Z		12C0	unknown	/CN=rsa doe
+V	320926161208Z		12BE	unknown	/serialNumber=PID:Widget SN:2/CN=req by client in demo step 2
+V	320926161116Z		12BC	unknown	/serialNumber=PID:Widget SN:2/CN=req by client in demo step 2
diff --git a/tests/api.c b/tests/api.c
index 513a1a1ad..0076322b2 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -307,6 +307,10 @@
     #include <wolfssl/openssl/crypto.h>
     #include <wolfssl/openssl/hmac.h>
     #include <wolfssl/openssl/objects.h>
+#ifdef OPENSSL_ALL
+    #include <wolfssl/openssl/txt_db.h>
+    #include <wolfssl/openssl/lhash.h>
+#endif
 #ifndef NO_AES
     #include <wolfssl/openssl/aes.h>
 #endif
@@ -26280,6 +26284,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
         const char* fname = "./certs/server-key.pem";
         size_t sz;
         byte* buf;
+        EVP_PKEY* pkey2;
 
         file = XFOPEN(fname, "rb");
         AssertTrue((file != XBADFILE));
@@ -26299,6 +26304,11 @@ static void test_wolfSSL_PEM_PrivateKey(void)
         XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
         BIO_free(bio);
         bio = NULL;
+        AssertNotNull(pkey2 = EVP_PKEY_new());
+        pkey2->type = EVP_PKEY_RSA;
+        /* Test parameter copy */
+        AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
+        EVP_PKEY_free(pkey2);
         EVP_PKEY_free(pkey);
         pkey  = NULL;
     }
@@ -26311,6 +26321,8 @@ static void test_wolfSSL_PEM_PrivateKey(void)
         const char* fname = "./certs/ecc-key.pem";
         size_t sz;
         byte* buf;
+        EVP_PKEY* pkey2;
+        int nid = 0;
 
         file = XFOPEN(fname, "rb");
         AssertTrue((file != XBADFILE));
@@ -26328,6 +26340,14 @@ static void test_wolfSSL_PEM_PrivateKey(void)
         XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
         BIO_free(bio);
         bio = NULL;
+        AssertNotNull(pkey2 = EVP_PKEY_new());
+        pkey2->type = EVP_PKEY_EC;
+        /* Test parameter copy */
+        AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
+        /* Test default digest */
+        AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
+        AssertIntEQ(nid, NID_sha256);
+        EVP_PKEY_free(pkey2);
         EVP_PKEY_free(pkey);
         pkey  = NULL;
     }
@@ -26790,6 +26810,7 @@ static void test_wolfSSL_tmp_dh(void)
     int  bytes;
     DSA* dsa;
     DH*  dh;
+    DH*  dh2;
     BIO*     bio;
     SSL*     ssl;
     SSL_CTX* ctx;
@@ -26818,6 +26839,7 @@ static void test_wolfSSL_tmp_dh(void)
 
     dh = wolfSSL_DSA_dup_DH(dsa);
     AssertNotNull(dh);
+    AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
 
     AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
     #ifndef NO_WOLFSSL_SERVER
@@ -26829,6 +26851,7 @@ static void test_wolfSSL_tmp_dh(void)
     BIO_free(bio);
     DSA_free(dsa);
     DH_free(dh);
+    DH_free(dh2);
     SSL_free(ssl);
     SSL_CTX_free(ctx);
 
@@ -27635,6 +27658,61 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
 #endif
 }
 
+static void test_wolfSSL_PKCS7_certs(void)
+{
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    STACK_OF(X509)* sk = NULL;
+    STACK_OF(X509_INFO)* info_sk = NULL;
+    PKCS7 *p7 = NULL;
+    BIO* bio;
+    const byte* p = NULL;
+    int buflen = 0;
+    int i;
+
+    printf(testingFmt, "wolfSSL_PKCS7_certs()");
+
+    /* Test twice. Once with d2i and once without to test
+     * that everything is free'd correctly. */
+    for (i = 0; i < 2; i++) {
+        AssertNotNull(p7 = PKCS7_new());
+        p7->version = 1;
+        p7->hashOID = SHAh;
+        AssertNotNull(bio = BIO_new(BIO_s_file()));
+        AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
+        AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
+        AssertIntEQ(sk_X509_INFO_num(info_sk), 2);
+        AssertNotNull(sk = sk_X509_new_null());
+        while (sk_X509_INFO_num(info_sk)) {
+            X509_INFO* info;
+            AssertNotNull(info = sk_X509_INFO_shift(info_sk));
+            AssertIntEQ(sk_X509_push(sk, info->x509), 1);
+            info->x509 = NULL;
+            X509_INFO_free(info);
+        }
+        sk_X509_INFO_free(info_sk);
+        BIO_free(bio);
+        bio = BIO_new(BIO_s_mem());
+        AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
+        AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
+
+        if (i == 0) {
+            PKCS7_free(p7);
+            /* Reset certs to force p7 to regenerate them */
+            ((WOLFSSL_PKCS7*)p7)->certs = NULL;
+            AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
+            /* p7 free's the certs */
+            AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
+        }
+
+        BIO_free(bio);
+        PKCS7_free(p7);
+    }
+
+    printf(resultFmt, passed);
+#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+         !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
+}
 
 static void test_wolfSSL_X509_STORE_CTX(void)
 {
@@ -28033,6 +28111,7 @@ static void test_wolfSSL_CTX_set_srp_username(void)
 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
     && !defined(NO_SHA256) && !defined(WC_NO_RNG)
     WOLFSSL_CTX* ctx;
+    WOLFSSL* ssl;
     const char *username = "TESTUSER";
     const char *password = "TESTPASSWORD";
     int r;
@@ -28051,6 +28130,12 @@ static void test_wolfSSL_CTX_set_srp_username(void)
     AssertIntEQ(r,SSL_SUCCESS);
     r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
     AssertIntEQ(r,SSL_SUCCESS);
+
+    AssertNotNull(ssl = SSL_new(ctx));
+    AssertNotNull(SSL_get_srp_username(ssl));
+    AssertStrEQ(SSL_get_srp_username(ssl), username);
+
+    wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
 
     printf(resultFmt, passed);
@@ -29285,9 +29370,7 @@ static void test_wolfSSL_X509_cmp_time(void)
     XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
     AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
 
-    asn_time.type = ASN_UTC_TIME;
-    asn_time.length = ASN_UTC_TIME_SIZE;
-    XMEMCPY(&asn_time.data, "000222211515Z", 13);
+    AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
     AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
 
     printf(resultFmt, passed);
@@ -29443,6 +29526,7 @@ static void test_wolfSSL_X509_sign(void)
     DecodedCert dCert;
     EVP_PKEY *pub;
     EVP_PKEY *priv;
+    EVP_MD_CTX *mctx;
 #if defined(USE_CERT_BUFFERS_1024)
     const unsigned char* rsaPriv = client_key_der_1024;
     const unsigned char* rsaPub = client_keypub_der_1024;
@@ -29510,6 +29594,11 @@ static void test_wolfSSL_X509_sign(void)
     /* test valid sign case */
     ret = X509_sign(x509, priv, EVP_sha256());
 
+    /* test valid X509_sign_ctx case */
+    AssertNotNull(mctx = EVP_MD_CTX_new());
+    AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
+    AssertIntGT(X509_sign_ctx(x509, mctx), 0);
+
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
     AssertIntEQ(X509_get_ext_count(x509), 1);
 #endif
@@ -29577,6 +29666,12 @@ static void test_wolfSSL_X509_sign(void)
     AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
     AssertIntEQ(X509_sign(x509, priv, NULL), 0);
 
+    AssertIntEQ(X509_sign_ctx(NULL, mctx), 0);
+    EVP_MD_CTX_free(mctx);
+    AssertNotNull(mctx = EVP_MD_CTX_new());
+    AssertIntEQ(X509_sign_ctx(x509, mctx), 0);
+    AssertIntEQ(X509_sign_ctx(x509, NULL), 0);
+
     /* test invalid version number */
 #if defined(OPENSSL_ALL)
     AssertIntNE(X509_set_version(x509, 6L), 0);
@@ -29586,7 +29681,8 @@ static void test_wolfSSL_X509_sign(void)
     AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
 #endif
 
-
+    EVP_MD_CTX_free(mctx);
+    X509_NAME_free(name);
     EVP_PKEY_free(priv);
     EVP_PKEY_free(pub);
     X509_free(x509);
@@ -33207,6 +33303,36 @@ static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
     wolfSSL_X509_free(x509);
     XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 }
+
+static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
+{
+    ASN1_STRING* asn1str_test;
+    ASN1_STRING* asn1str_answer;
+    /* Each character is encoded using 4 bytes */
+    char input[] = {
+            0, 0, 0, 'T',
+            0, 0, 0, 'e',
+            0, 0, 0, 's',
+            0, 0, 0, 't',
+    };
+    char output[] = "Test";
+
+    printf(testingFmt, "test_wolfSSL_ASN1_UNIVERSALSTRING_to_string()");
+
+    AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
+    AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
+    AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
+
+    AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
+    AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
+
+    AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
+
+    ASN1_STRING_free(asn1str_test);
+    ASN1_STRING_free(asn1str_answer);
+
+    printf(resultFmt, "passed");
+}
 #endif /* !defined(NO_ASN) */
 
 static void test_wolfSSL_sk_CIPHER_description(void)
@@ -34811,6 +34937,92 @@ static void test_wolfSSL_OBJ_sn(void)
 
     printf(resultFmt, passed);
 }
+
+
+static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
+{
+    return lh_strhash(s[3]);
+}
+
+static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
+{
+    return XSTRCMP(a[3], b[3]);
+}
+
+static void test_wolfSSL_TXT_DB(void)
+{
+#if !defined(NO_FILESYSTEM)
+    BIO *bio;
+    TXT_DB *db = NULL;
+    const int columns = 6;
+    const char *fields[6] = {
+        "V",
+        "320926161116Z",
+        "",
+        "12BD",
+        "unknown",
+        "/CN=rsa doe",
+    };
+
+    printf(testingFmt, "wolfSSL_TXT_DB");
+
+    /* Test read */
+    AssertNotNull(bio = BIO_new(BIO_s_file()));
+    AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
+    AssertNotNull(db = TXT_DB_read(bio, columns));
+    AssertIntEQ(TXT_DB_insert(db, (WOLFSSL_STRING*)fields), 1);
+    BIO_free(bio);
+
+    /* Test write */
+    AssertNotNull(bio = BIO_new(BIO_s_mem()));
+    AssertIntEQ(TXT_DB_write(bio, db), 1484);
+    BIO_free(bio);
+
+    /* Test index */
+    AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
+            (wolf_sk_compare_cb)TXT_DB_cmp), 1);
+    AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
+    fields[3] = "12DA";
+    AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
+    fields[3] = "FFFF";
+    AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
+    fields[3] = "";
+    AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
+
+    TXT_DB_free(db);
+
+    printf(resultFmt, passed);
+#endif
+}
+
+static void test_wolfSSL_NCONF(void)
+{
+#if !defined(NO_FILESYSTEM)
+    const char* confFile = "./tests/NCONF_test.cnf";
+    CONF* conf = NULL;
+    long eline = 0;
+    long num = 0;
+
+    printf(testingFmt, "wolfSSL_NCONF");
+
+    AssertNotNull(conf = NCONF_new(NULL));
+
+    AssertIntEQ(NCONF_load(conf, confFile, &eline), 1);
+    AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
+    AssertIntEQ(num, 1234);
+    AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
+    AssertIntEQ(num, 4321);
+    AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
+    AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
+            "./test-dir/file1");
+    AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"),
+            "./test-dir/file1:./test-dir/file2:./section1:file2");
+
+    NCONF_free(conf);
+
+    printf(resultFmt, passed);
+#endif
+}
 #endif /* OPENSSL_ALL */
 
 
@@ -36535,6 +36747,11 @@ static void test_wolfssl_PKCS7(void)
     word32 len = sizeof(data);
     const byte*  p = data;
     byte   content[] = "Test data to encode.";
+#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
+    BIO*   bio;
+    byte   key[sizeof_client_key_der_2048];
+    word32 keySz = (word32)sizeof(key);
+#endif
 
     AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
                                              (word32)sizeof(content),
@@ -36560,6 +36777,18 @@ static void test_wolfssl_PKCS7(void)
     AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
                                               PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
 
+#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
+    /* test i2d */
+    XMEMCPY(key, client_key_der_2048, keySz);
+    pkcs7->privateKey = key;
+    pkcs7->privateKeySz = (word32)sizeof(key);
+    pkcs7->encryptOID = RSAk;
+    pkcs7->hashOID = SHAh;
+    AssertNotNull(bio = BIO_new(BIO_s_mem()));
+    AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
+    BIO_free(bio);
+#endif
+
     PKCS7_free(NULL);
     PKCS7_free(pkcs7);
 
@@ -38748,6 +38977,8 @@ static void test_wolfSSL_X509_print()
    !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
     X509 *x509;
     BIO *bio;
+    const X509_ALGOR *cert_sig_alg;
+    int stdout_fd = fileno(stdout);
 
     printf(testingFmt, "wolfSSL_X509_print");
     x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
@@ -38764,13 +38995,19 @@ static void test_wolfSSL_X509_print()
 #endif
     BIO_free(bio);
 
+    AssertNotNull(bio = BIO_new_fd(stdout_fd, BIO_NOCLOSE));
+
+    /* Print signature */
+    AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
+    AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
+
     /* print to stdout */
-    AssertNotNull(bio = BIO_new(BIO_s_file()));
-    wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
     AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
-    BIO_free(bio);
+    /* print again */
+    AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS);
 
     X509_free(x509);
+    BIO_free(bio);
     printf(resultFmt, passed);
 #endif
 }
@@ -38782,11 +39019,11 @@ static void test_wolfSSL_RSA_print()
    !defined(HAVE_FAST_RSA) && !defined(NO_BIO)
     BIO *bio;
     WOLFSSL_RSA* rsa = NULL;
+    int stdout_fd = fileno(stdout);
     printf(testingFmt, "wolfSSL_RSA_print");
 
     AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
-    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()));
-    wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
+    AssertNotNull(bio = wolfSSL_BIO_new_fd(stdout_fd, BIO_NOCLOSE));
     AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);
 
     BIO_free(bio);
@@ -38877,6 +39114,7 @@ static void test_wolfSSL_ASN1_get_object(void)
     int len = sizeof_cliecc_cert_der_256;
     long asnLen = 0;
     int tag = 0, class = 0;
+    ASN1_OBJECT *a;
 
     printf(testingFmt, "wolfSSL_ASN1_get_object()");
 
@@ -38887,20 +39125,41 @@ static void test_wolfSSL_ASN1_get_object(void)
     AssertIntEQ(tag, 0x10);
     AssertIntEQ(class, 0);
 
-    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, asnLen) & 0x80, 0);
+    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
     AssertIntEQ(asnLen, 772);
     AssertIntEQ(tag, 0x10);
     AssertIntEQ(class, 0);
 
-    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, asnLen) & 0x80, 0);
+    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
     AssertIntEQ(asnLen, 3);
     AssertIntEQ(tag, 0);
     AssertIntEQ(class, 0x80);
 
-    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, asnLen) & 0x80, 0);
+    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
     AssertIntEQ(asnLen, 1);
     AssertIntEQ(tag, 0x2);
     AssertIntEQ(class, 0);
+    derBuf += asnLen;
+
+    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
+    AssertIntEQ(asnLen, 20);
+    AssertIntEQ(tag, 0x2);
+    AssertIntEQ(class, 0);
+    derBuf += asnLen;
+
+    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
+    AssertIntEQ(asnLen, 10);
+    AssertIntEQ(tag, 0x10);
+    AssertIntEQ(class, 0);
+
+    /* Read an ASN OBJECT */
+    AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
+    ASN1_OBJECT_free(a);
 
     printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA */
@@ -39625,6 +39884,7 @@ void ApiTest(void)
 #endif
     test_wolfSSL_set_options();
     test_wolfSSL_sk_SSL_CIPHER();
+    test_wolfSSL_PKCS7_certs();
     test_wolfSSL_X509_STORE_CTX();
     test_wolfSSL_X509_STORE_CTX_get0_current_issuer();
     test_wolfSSL_msgCb();
@@ -39748,6 +40008,7 @@ void ApiTest(void)
     test_wolfSSL_d2i_DHparams();
     test_wolfSSL_i2d_DHparams();
     test_wolfSSL_ASN1_STRING_to_UTF8();
+    test_wolfSSL_ASN1_UNIVERSALSTRING_to_string();
     test_wolfSSL_EC_KEY_dup();
     test_wolfSSL_EVP_PKEY_set1_get1_DSA();
     test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
@@ -39786,6 +40047,8 @@ void ApiTest(void)
     test_IncCtr();
     test_wolfSSL_OBJ_ln();
     test_wolfSSL_OBJ_sn();
+    test_wolfSSL_TXT_DB();
+    test_wolfSSL_NCONF();
 
 #endif /* OPENSSL_ALL */
 
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 1db84de6d..8f0c4e91c 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -652,8 +652,8 @@ decouple library dependencies with standard string, memory and so on.
 	    #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
             defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
             #define XTOUPPER(c)     toupper((c))
-            #define XISALPHA(c)     isalpha((c))
         #endif
+        #define XISALNUM(c)     isalnum((c))
         /* needed by wolfSSL_check_domain_name() */
         #define XTOLOWER(c)      tolower((c))
     #endif
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index b00cb9ff0..52bdbb56c 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -615,6 +615,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
         #include <dirent.h>
         #include <unistd.h>
         #include <sys/stat.h>
+        #define XWRITE      write
+        #define XREAD       read
+        #define XCLOSE      close
     #endif
 #endif