ssl.c: Move functions out to separate files

Moved E[CD][25519||448] APIs to pk.c Move public key PEM APIs to pk.c. Move wolfSSL loading and using of private keys and certificates to ssl_load.c Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c. Move session and session cache APIs to ssl_sess.c. Other minor fixes.
2024-03-05 11:02:45 +10:00 · 2024-03-05 11:02:45 +10:00 · 8e9810e87e
parent 9b92aea245
commit 8e9810e87e
29 changed files with 17234 additions and 13797 deletions
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@ -384,7 +384,10 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@ -384,7 +384,10 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@ -384,7 +384,10 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@ -384,7 +384,10 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@ -384,7 +384,10 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
--- a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
@ -75,7 +75,10 @@ set(COMPONENT_SRCEXCLUDE
    "./src/ssl_bn.c"      # included by ssl.c
    "./src/ssl_certman.c" # included by ssl.c
    "./src/ssl_crypto.c"  # included by ssl.c
    "./src/ssl_load.c"    # included by ssl.c
    "./src/ssl_misc.c"    # included by ssl.c
    "./src/ssl_p7p12.c"   # included by ssl.c
    "./src/ssl_sess.c"    # included by ssl.c
    "./src/x509.c"
    "./src/x509_str.c"
    "./wolfcrypt/src/evp.c"
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
@ -41,7 +41,10 @@ list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_asn1.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_bn.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_certman.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_crypto.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_load.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_misc.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_p7p12.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_sess.c )
 aux_source_directory( ${CRYPTO_SRC_DIR} CRYPTO_SOURCES )
 list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/evp.c )
 list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/misc.c )
--- a/certs/dh-priv-2048.der
+++ b/certs/dh-priv-2048.der
--- a/certs/dh-priv-2048.pem
+++ b/certs/dh-priv-2048.pem
@ -0,0 +1,14 @@
 -----BEGIN PRIVATE KEY-----
 MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBALChCAacCBO6WQY8vDDV9QDB
 T0Sn1u9KxiUnHOjSllMKXJHdosKUhL99skSfm9LBisW+clyn55Hm1J9zB4VbZkjH
 cPq07gLJPZpK2j3BRj4ZadEXRgejTZ8rlhc5bTCNKvOU03XPoHXm8pIfGnAFqgSD
 VzD72naTOFDoJ/1j7jzlt8gJrm9QNY6EzkoA6RJ+WjHXM/whE3bMFjDbDPzFYqc1
 uO+3sKzANvbZyUZI+UCQACsbqmzjGsMLA54bwkbkSE4ic2/DX9Sa1jAHSNaMkKvU
 9vHjSNNYS6a5zSm/aB8IS2OGL1xr1rYGZfem3ABna7vDqUGD+8f6yOIefq8AP5MC
 AQIEggEEAoIBAGgTxi13nL+WV5P+7N5Pog7yPpAD+2VCLWQh7akd6hZQ2DMlHsUe
 ptoAexAcst8vQOI1/Q1CX9ItJmUmLzUFNJSeYBp9kxNmNtSmgu2JUmQDF1GBsUlK
 ERt4h2PuXGAaRH39V13QP7KfYnb+7k5vo6z90XaDubLq1OQIaTpM4TbLVZBKoCmx
 ozuZjUQdC97adAKHQKBmpyI2AbfWM+Af43vV5uyfq4k4X+Y7k5habXFPRXcNKklk
 n6OA/isuvSN6S4i2fVmAG0hguT0utQJq6oScMZmav8izdbfOdOavXILLjRf/2Qv+
 +IMa9qlwxfqcj4oZahATC2Vd9242JWUdOpQ=
 -----END PRIVATE KEY-----
--- a/certs/dh-pub-2048.der
+++ b/certs/dh-pub-2048.der
--- a/certs/dh-pub-2048.pem
+++ b/certs/dh-pub-2048.pem
@ -0,0 +1,14 @@
 -----BEGIN PUBLIC KEY-----
 MIICJTCCARcGCSqGSIb3DQEDATCCAQgCggEBALChCAacCBO6WQY8vDDV9QDBT0Sn
 1u9KxiUnHOjSllMKXJHdosKUhL99skSfm9LBisW+clyn55Hm1J9zB4VbZkjHcPq0
 7gLJPZpK2j3BRj4ZadEXRgejTZ8rlhc5bTCNKvOU03XPoHXm8pIfGnAFqgSDVzD7
 2naTOFDoJ/1j7jzlt8gJrm9QNY6EzkoA6RJ+WjHXM/whE3bMFjDbDPzFYqc1uO+3
 sKzANvbZyUZI+UCQACsbqmzjGsMLA54bwkbkSE4ic2/DX9Sa1jAHSNaMkKvU9vHj
 SNNYS6a5zSm/aB8IS2OGL1xr1rYGZfem3ABna7vDqUGD+8f6yOIefq8AP5MCAQID
 ggEGAAKCAQEAgZ77PUjCE1nV8MPEk9zpTR6k1wYrpQKy3fjMK+kbuHUEw5AaMTK9
 Gi3vpfwpg5ZaZTgTkPgakEcMwEagNDXEjzYOwxK5Ui6FVQ3VaDydVkhZppxpULu4
 H1H2WwWUFTZTZlpCmhVsDWZwzy1RoxEfBnhC78hpLYKLzyASWC1EnCC9oP/U4aI/
 D6i0bK1pXxPGFrML5jRkVpQReCkLI/aOgeTNUAcJC+USxIPSXpdPYl81zsWRgawP
 bd2saVqE9DqJVSpoRY9yh1JoFqAagANNQL1x3sohEmMZq3EBbzReyawVW6Cbe5mb
 LMtSN/UWqN/NwbYNcVj/GxFuoutVnS5jmw==
 -----END PUBLIC KEY-----
--- a/certs/dsa2048.pem
+++ b/certs/dsa2048.pem
@ -0,0 +1,20 @@
 -----BEGIN DSA PRIVATE KEY-----
 MIIDPwIBAAKCAQEAzI7JoNWaJxzaUt/HwOYGpD6KZknQWTNRacScXmSFx/Gr1dli
 rP2h4BtX/5bvDJ/IRIfrXJHQRkIJUGojy4lvVelqEamoMqszDVG1eVG0q6IlEY3l
 JL7Y8Z1OEm+sRFSAqbSBaE5EDrg5876DCHSixnrXan0KiFeDSNzPXm/uaAz3/wME
 kKr3B5j4Z1qDI2ZHYMNDbgORrChmy/DTBcgJl7WuAV6AO51P3j6U/suCsLH8kYsd
 iu7GBh83kUjS+GxdYBODp4Gsyo3QagQK6j4iThPxDbtga828XIejZytCoZ/NOVi+
 VbGThM6yEE7kw5+yU2EBKaqWyyBgQh26dUtjwQIVAOelOdRqN16VBjkHdwrroAPr
 eIKbAoIBAQCa1ExxL+z6MrKAfmFKa18YdkPDabpBx6cdeQHsrzSHZ08pgKg7h/bo
 oejNGxyGOPbRDEYuyODJMCbVLH/BCL/MWoKO1NRJqqL65sGd8NmWsP8MWzOOBt2d
 KKnpgEE72HqUIY9W8aK0K4kcdP9+kdwfkROYr8cG0kyQor3aFrplsC1ohzxuJY2Q
 x7wNqUMDyb7PhW/bB3uM+LHCSRBpY1Y3xTDS+3Ga6IIHLj6VUPNzzzRb1asCFfLM
 11LFKNhBGVVvuF/xmbPH2bNx9C3fIlk1hts5yhtNNZAZazHjyMYJv3ztAbSy9W7a
 Y0E85jpyLWVI9gfNkoSLHacxa9bw+9n0AoIBAGZLu7fJSJUNWqYtoX/fH2dt7VJL
 FmwXxq74asRX7S+z8CpVq7rK6hfoNXzlMQ1KlfxDb5c8XGesvmd/6U6qSLOSoXZ1
 6gQ0f4czLSS2KZfjBHeTiRPbG5O4LJAaCTsm2VnzKglY3KwltKlFO6I6bGGEv2jU
 6pvFKUhgFRA1LEQdtZrurMFo6Ee3QTQ5mvilIOkkxCxYP0xBMDoUbo3qrbqbQ9OY
 L4PYFGfo+NVPrOA7v6dUFl5JZCZUpGtpfLqKg9kuZQqiJ++ZmQjXtZ+gAe9+F7+D
 ay7dwDk4I2i0dmvlyvd87sBS4t2tWTpCBkWwx8F3BbIMMkBGqtp5dwRx33oCFQCY
 7rlRNz51ExMGj5TT5ukAy2Jtmg==
 -----END DSA PRIVATE KEY-----
--- a/certs/include.am
+++ b/certs/include.am
@ -73,7 +73,12 @@ EXTRA_DIST += \
             certs/x942dh2048.der \
             certs/x942dh2048.pem \
             certs/fpki-cert.der \
-             certs/rid-cert.der
+             certs/rid-cert.der \
             certs/dh-priv-2048.der \
             certs/dh-priv-2048.pem \
             certs/dh-pub-2048.der \
             certs/dh-pub-2048.pem \
             certs/dsa2048.pem
 EXTRA_DIST += \
             certs/ca-key.der \
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -2166,6 +2166,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
    (void)usePqc;
    (void)pqcAlg;
    (void)opensslPsk;
    (void)fileFormat;
    StackTrap();
    /* Reinitialize the global myVerifyAction. */
--- a/src/include.am
+++ b/src/include.am
@ -21,7 +21,10 @@ EXTRA_DIST += src/ssl_asn1.c
 EXTRA_DIST += src/ssl_bn.c
 EXTRA_DIST += src/ssl_certman.c
 EXTRA_DIST += src/ssl_crypto.c
 EXTRA_DIST += src/ssl_load.c
 EXTRA_DIST += src/ssl_misc.c
 EXTRA_DIST += src/ssl_p7p12.c
 EXTRA_DIST += src/ssl_sess.c
 EXTRA_DIST += src/x509.c
 EXTRA_DIST += src/x509_str.c
--- a/src/pk.c
+++ b/src/pk.c
--- a/src/ssl.c
+++ b/src/ssl.c
--- a/src/ssl_bn.c
+++ b/src/ssl_bn.c
@ -25,7 +25,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/internal.h>
+#include <wolfssl/internal.h>
 #ifndef WC_NO_RNG
    #include <wolfssl/wolfcrypt/random.h>
 #endif
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
--- a/src/ssl_misc.c
+++ b/src/ssl_misc.c
@ -24,6 +24,8 @@
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #if !defined(WOLFSSL_SSL_MISC_INCLUDED)
    #ifndef WOLFSSL_IGNORE_FILE_WARN
@ -54,7 +56,7 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data)
    char* p;
    /* Allocate buffer to hold a chunk of data. */
-    mem = (char*)XMALLOC(READ_BIO_FILE_CHUNK, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    mem = (char*)XMALLOC(READ_BIO_FILE_CHUNK, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (mem == NULL) {
        WOLFSSL_ERROR_MSG("Memory allocation error");
        ret = MEMORY_E;
@ -86,8 +88,8 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data)
            }
            else {
                /* No space left for more data to be read - add a chunk. */
-                p = (char*)XREALLOC(mem, ret + READ_BIO_FILE_CHUNK, bio->heap,
+                p = (char*)XREALLOC(mem, ret + READ_BIO_FILE_CHUNK, NULL,
-                    DYNAMIC_TYPE_OPENSSL);
+                    DYNAMIC_TYPE_TMP_BUFFER);
                if (p == NULL) {
                    sz = MEMORY_E;
                    break;
@ -103,7 +105,7 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data)
        }
        if ((sz < 0) || (ret == 0)) {
            /* Dispose of memory on error or no data read. */
-            XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
+            XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
            mem = NULL;
            /* Return error. */
            ret = sz;
@ -129,14 +131,14 @@ static int wolfssl_read_bio_len(WOLFSSL_BIO* bio, int sz, char** data)
    char* mem;
    /* Allocate buffer to hold data. */
-    mem = (char*)XMALLOC((size_t)sz, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    mem = (char*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (mem == NULL) {
        WOLFSSL_ERROR_MSG("Memory allocation error");
        ret = MEMORY_E;
    }
    else if ((ret = wolfSSL_BIO_read(bio, mem, sz)) != sz) {
        /* Pending data not read. */
-        XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
+        XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
        mem = NULL;
        ret = MEMORY_E;
    }
@ -299,5 +301,204 @@ static int wolfssl_read_file(XFILE fp, char** data, int* dataSz)
 }
 #endif /* (OPENSSL_EXTRA || PERSIST_CERT_CACHE) && !WOLFCRYPT_ONLY &&
        * !NO_FILESYSTEM */
 #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS)
 #ifdef WOLFSSL_SMALL_STACK
 /* Buffer and size with no stack buffer. */
 typedef struct {
    /* Dynamically allocated buffer. */
    byte* buffer;
    /* Size of buffer in bytes. */
    word32 sz;
 } StaticBuffer;
 /* Initialize static buffer.
 *
 * @param [in, out] sb  Static buffer.
 */
 static void static_buffer_init(StaticBuffer* sb)
 {
    sb->buffer = NULL;
    sb->sz = 0;
 }
 /* Set the size of the buffer.
 *
 * Can only set size once.
 *
 * @param [in] sb    Static buffer.
 * @param [in] len   Length required.
 * @param [in] heap  Dynamic memory allocation hint.
 * @param [in] type  Type of dynamic memory.
 * @return  0 on success.
 * @return  MEMORY_E when dynamic memory allocation fails.
 */
 static int static_buffer_set_size(StaticBuffer* sb, word32 len, void* heap,
    int type)
 {
    int ret = 0;
    (void)heap;
    (void)type;
    sb->buffer = (byte*)XMALLOC(len, heap, type);
    if (sb->buffer == NULL) {
        ret = MEMORY_E;
    }
    else {
        sb->sz = len;
    }
    return ret;
 }
 /* Dispose of dynamically allocated buffer.
 *
 * @param [in] sb    Static buffer.
 * @param [in] heap  Dynamic memory allocation hint.
 * @param [in] type  Type of dynamic memory.
 */
 static void static_buffer_free(StaticBuffer* sb, void* heap, int type)
 {
    (void)heap;
    (void)type;
    XFREE(sb->buffer, heap, type);
 }
 #else
 /* Buffer and size with stack buffer set and option to dynamically allocate. */
 typedef struct {
    /* Stack or heap buffer. */
    byte* buffer;
    /* Size of buffer in bytes. */
    word32 sz;
    /* Indicates whether the buffer was dynamically allocated. */
    int dyn;
 } StaticBuffer;
 /* Initialize static buffer.
 *
 * @param [in, out] sb           Static buffer.
 * @param [in]      stackBuffer  Buffer allocated on the stack.
 * @param [in]      len          Length of stack buffer.
 */
 static void static_buffer_init(StaticBuffer* sb, byte* stackBuffer, word32 len)
 {
    sb->buffer = stackBuffer;
    sb->sz = len;
    sb->dyn = 0;
 }
 /* Set the size of the buffer.
 *
 * Pre: Buffer on the stack set with its size.
 * Can only set size once.
 *
 * @param [in] sb    Static buffer.
 * @param [in] len   Length required.
 * @param [in] heap  Dynamic memory allocation hint.
 * @param [in] type  Type of dynamic memory.
 * @return  0 on success.
 * @return  MEMORY_E when dynamic memory allocation fails.
 */
 static int static_buffer_set_size(StaticBuffer* sb, word32 len, void* heap,
    int type)
 {
    int ret = 0;
    (void)heap;
    (void)type;
    if (len > sb->sz) {
        byte* buff = (byte*)XMALLOC(len, heap, type);
        if (buff == NULL) {
            ret = MEMORY_E;
        }
        else {
            sb->buffer = buff;
            sb->sz = len;
            sb->dyn = 1;
        }
    }
    return ret;
 }
 /* Dispose of dynamically allocated buffer.
 *
 * @param [in] sb    Static buffer.
 * @param [in] heap  Dynamic memory allocation hint.
 * @param [in] type  Type of dynamic memory.
 */
 static void static_buffer_free(StaticBuffer* sb, void* heap, int type)
 {
    (void)heap;
    (void)type;
    if (sb->dyn) {
        XFREE(sb->buffer, heap, type);
    }
 }
 #endif /* WOLFSSL_SMALL_STACK */
 #ifndef NO_FILESYSTEM
 /* Read all the data from a file into content.
 *
 * @param [in]      fname    File pointer to read with.
 * @param [in, out] content  Read data in an allocated buffer.
 * @param [in]      heap     Dynamic memory allocation hint.
 * @param [in]      type     Type of dynamic memory.
 * @param [out]     size     Amount of data read in bytes.
 * @return  0 on success.
 * @return  WOLFSSL_BAD_FILE when reading fails.
 * @return  MEMORY_E when memory allocation fails.
 */
 static int wolfssl_read_file_static(const char* fname, StaticBuffer* content,
    void* heap, int type, long* size)
 {
    int ret = 0;
    XFILE file = XBADFILE;
    long sz = 0;
    /* Check filename is usable. */
    if (fname == NULL) {
        ret = WOLFSSL_BAD_FILE;
    }
    /* Open file for reading. */
    if ((ret == 0) && ((file = XFOPEN(fname, "rb")) == XBADFILE)) {
        ret = WOLFSSL_BAD_FILE;
    }
    if (ret == 0) {
        /* Get length of file. */
        ret = wolfssl_file_len(file, &sz);
    }
    if (ret == 0) {
        /* Set the buffer to be big enough to hold all data. */
        ret = static_buffer_set_size(content, (word32)sz, heap, type);
    }
    /* Read data from file. */
    if ((ret == 0) && ((size_t)XFREAD(content->buffer, 1, sz, file) !=
            (size_t)sz)) {
        ret = WOLFSSL_BAD_FILE;
    }
    /* Close file if opened. */
    if (file != XBADFILE) {
        XFCLOSE(file);
    }
    /* Return size read. */
    *size = sz;
    return ret;
 }
 #endif /* !NO_FILESYSTEM */
 #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
 #endif /* !WOLFSSL_SSL_MISC_INCLUDED */
--- a/src/ssl_p7p12.c
+++ b/src/ssl_p7p12.c
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
--- a/src/x509.c
+++ b/src/x509.c
@ -11262,6 +11262,27 @@ cleanup:
        return loadX509orX509REQFromPemBio(bp, x, cb, u, CERT_TYPE);
    }
    /*
     * bp : bio to read X509 from
     * x  : x509 to write to
     * cb : password call back for reading PEM
     * u  : password
     * _AUX is for working with a trusted X509 certificate
     */
    WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp,
                               WOLFSSL_X509 **x, wc_pem_password_cb *cb,
                               void *u)
    {
        WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
        /* AUX info is; trusted/rejected uses, friendly name, private key id,
         * and potentially a stack of "other" info. wolfSSL does not store
         * friendly name or private key id yet in WOLFSSL_X509 for human
         * readability and does not support extra trusted/rejected uses for
         * root CA. */
        return wolfSSL_PEM_read_bio_X509(bp, x, cb, u);
    }
 #ifdef WOLFSSL_CERT_REQ
    WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
                                                wc_pem_password_cb *cb, void *u)
--- a/tests/api.c
+++ b/tests/api.c
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -24214,14 +24214,25 @@ int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
    return ret;
 }
 int AllocCopyDer(DerBuffer** pDer, const unsigned char* buff, word32 length,
    int type, void* heap)
 {
    int ret = AllocDer(pDer, length, type, heap);
    if (ret == 0) {
        XMEMCPY((*pDer)->buffer, buff, length);
    }
    return ret;
 }
 void FreeDer(DerBuffer** pDer)
 {
-    if (pDer && *pDer)
+    if (pDer && *pDer) {
    {
        DerBuffer* der = (DerBuffer*)*pDer;
        /* ForceZero private keys */
-        if (der->type == PRIVATEKEY_TYPE && der->buffer != NULL) {
+        if (((der->type == PRIVATEKEY_TYPE) ||
             (der->type == ALT_PRIVATEKEY_TYPE)) && der->buffer != NULL) {
            ForceZero(der->buffer, der->length);
        }
        der->buffer = NULL;
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -3577,7 +3577,7 @@ struct WOLFSSL_CTX {
    int         certChainCnt;
 #endif
    DerBuffer*  privateKey;
-    byte        privateKeyType:6;
+    byte        privateKeyType;
    byte        privateKeyId:1;
    byte        privateKeyLabel:1;
    int         privateKeySz;
@ -4553,7 +4553,7 @@ typedef struct Buffers {
 #ifndef NO_CERTS
    DerBuffer*      certificate;           /* WOLFSSL_CTX owns, unless we own */
    DerBuffer*      key;                   /* WOLFSSL_CTX owns, unless we own */
-    byte            keyType:6;             /* Type of key */
+    byte            keyType;               /* Type of key */
    byte            keyId:1;               /* Key data is an id not data */
    byte            keyLabel:1;            /* Key data is a label not data */
    int             keySz;                 /* Size of RSA key */
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -793,9 +793,9 @@ enum SNICbReturn {
 * functions should use this macro to fill this gap. Users who want them
 * to return the same return value as OpenSSL can define
 * WOLFSSL_ERR_CODE_OPENSSL.
- * Give item1 a variable that contains the potentially negative
+ * Give rc a variable that contains the potentially negative
 * wolfSSL-defined return value or the return value itself, and
- * give item2 the openSSL-defined return value.
+ * give fail_rc the openSSL-defined return value.
 * Note that this macro replaces only negative return values with the
 * specified value.
 * Since wolfSSL 4.7.0, the following functions use this macro:
@ -804,11 +804,15 @@ enum SNICbReturn {
 * - wolfSSL_EVP_PKEY_cmp
 */
 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
-    #define WS_RETURN_CODE(item1,item2) \
+    #define WS_RETURN_CODE(rc, fail_rc) \
-      (((item1) < 0) ? (int)(item2) : (int)(item1))
+      (((rc) < 0) ? (int)(fail_rc) : (int)(rc))
 #else
-    #define WS_RETURN_CODE(item1,item2)  (item1)
+    #define WS_RETURN_CODE(rc, fail_rc)  (rc)
 #endif
 #define WS_RC(rc) \
    (((rc) == 1) ? 1 : 0)
 #define WC_TO_WS_RC(ret) \
    (((ret) == 0) ? 1 : (ret))
 /* Maximum master key length (SECRET_LEN) */
 #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
@ -4553,7 +4557,7 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA
 WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
-WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x);
+WOLFSSL_API int wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x);
 WOLFSSL_API int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509);
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@ -2365,7 +2365,10 @@ WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info,
 WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
                          DerBuffer** pDer, void* heap, EncryptedInfo* info,
                          int* eccKey);
-WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
+WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type,
    void* heap);
 WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff,
    word32 length, int type, void* heap);
 WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
 #if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@ -139,6 +139,10 @@
    #define WC_ECC_FIPS_GEN_MIN (WC_ECC_FIPS_SIG_MIN/8)
 #endif
 #ifdef WOLFSSL_SM2
    #define WOLFSSL_SM2_KEY_BITS   256
 #endif
 /* calculate max ECC bytes */
 #if ((MAX_ECC_BITS * 2) % 8) == 0
    #define MAX_ECC_BYTES     (MAX_ECC_BITS / 8)