Added more APIs for HaProxy integration.

src/ocsp.c

@@ -1068,6 +1068,29 @@ int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data)
     return id->rawCertIdSize;
 }
 
+WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
+                                             const unsigned char** derIn,
+                                             int length)
+{
+    if ((derIn == NULL) || (length == 0))
+        return (NULL);
+
+    if (*cidOut != NULL) {
+        XMEMCPY ((*cidOut)->rawCertId, *derIn, length);
+        (*cidOut)->rawCertIdSize = length;
+    }
+    else {
+        *cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*cidOut == NULL) {
+            return (NULL);
+        }
+        XMEMCPY ((*cidOut)->rawCertId, *derIn, length);
+        (*cidOut)->rawCertIdSize = length;
+    }
+
+    return (*cidOut);
+}
+
 const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
 {
     return single;

src/x509.c

@@ -8052,23 +8052,23 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
 #endif /* HAVE_CRL && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
 
 #ifdef OPENSSL_EXTRA
-#ifndef NO_WOLFSSL_STUB
 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
 {
-    (void)crl;
-    WOLFSSL_STUB("X509_CRL_get_lastUpdate");
-    return 0;
+    if (crl->crlList->lastDate[0] != 0) {
+        return (WOLFSSL_ASN1_TIME*)crl->crlList->lastDate;
+    }
+    else
+        return NULL;
 }
-#endif
-#ifndef NO_WOLFSSL_STUB
+
 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
 {
-    (void)crl;
-    WOLFSSL_STUB("X509_CRL_get_nextUpdate");
-    return 0;
+    if (crl->crlList->nextDate[0] != 0) {
+        return (WOLFSSL_ASN1_TIME*)crl->crlList->nextDate;
+    }
+    else
+        return NULL;
 }
-#endif
-
 
 #ifndef NO_WOLFSSL_STUB
 int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)

tests/api.c

@@ -48121,6 +48121,54 @@ static int test_wolfSSL_i2d_OCSP_CERTID(void)
     return 0;
 }
 
+static int test_wolfSSL_d2i_OCSP_CERTID(void)
+{
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
+    WOLFSSL_OCSP_CERTID* certId;
+    const unsigned char* rawCertIdPtr;
+
+    const unsigned char rawCertId[] = {
+        0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+        0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
+        0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
+        0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
+        0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
+        0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
+        0xcf, 0xbc, 0x91
+    };
+
+    rawCertIdPtr = &rawCertId[0];
+
+    printf(testingFmt, "wolfSSL_d2i_OCSP_CERTID()");
+
+    /* If the cert ID is NULL the function should allocate it and copy the
+     * data to it. */
+    certId = NULL;
+    certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId));
+
+    AssertNotNull(certId);
+    AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
+
+    XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    /* If the cert ID is not NULL the fucntion will just copy the data to it. */
+    certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
+                                           DYNAMIC_TYPE_TMP_BUFFER);
+    XMEMSET(certId, 0, sizeof(*certId));
+
+    certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId));
+
+    AssertNotNull(certId);
+    AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
+
+    XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    printf(resultFmt, passed);
+#endif
+
+    return 0;
+}
+
 static int test_wolfSSL_OCSP_id_cmp(void)
 {
 #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
@@ -59577,6 +59625,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_i2d_PrivateKey),
     TEST_DECL(test_wolfSSL_OCSP_id_get0_info),
     TEST_DECL(test_wolfSSL_i2d_OCSP_CERTID),
+    TEST_DECL(test_wolfSSL_d2i_OCSP_CERTID),
     TEST_DECL(test_wolfSSL_OCSP_id_cmp),
     TEST_DECL(test_wolfSSL_OCSP_SINGLERESP_get0_id),
     TEST_DECL(test_wolfSSL_OCSP_single_get0_status),

wolfssl/ocsp.h

@@ -112,6 +112,10 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
 
 WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id,
                                         unsigned char** data);
+WOLFSSL_API
+WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
+                                             const unsigned char** derIn,
+                                             int length);
 WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
     const WOLFSSL_OCSP_SINGLERESP *single);
 WOLFSSL_API int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b);

wolfssl/openssl/ocsp.h

@@ -78,6 +78,7 @@
 #define i2d_OCSP_REQUEST_bio      wolfSSL_i2d_OCSP_REQUEST_bio
 
 #define i2d_OCSP_CERTID           wolfSSL_i2d_OCSP_CERTID
+#define d2i_OCSP_CERTID           wolfSSL_d2i_OCSP_CERTID
 #define OCSP_SINGLERESP_get0_id   wolfSSL_OCSP_SINGLERESP_get0_id
 #define OCSP_id_cmp               wolfSSL_OCSP_id_cmp
 #define OCSP_single_get0_status   wolfSSL_OCSP_single_get0_status

wolfssl/ssl.h

@@ -2898,7 +2898,7 @@ WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name(
 WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev,
                                                        byte* in, int* inOutSz);
 WOLFSSL_API int wolfSSL_X509_REVOKED_get_revocationDate(RevokedCert* rev,
-                                                       byte* in, int* inOutSz);
+                                                        byte* in, int* inOutSz);
 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
 #endif