Hi johnot,

your ported code looks almost correct. The only thing you are missing is the AAD. Even though your AAD is 0-length, it still needs to be applied. To do this, you need to add this step after the Init but before the first Update.

EVP_EncryptUpdate(encryptContext.get(), nullptr, &written_sz, nullptr, 0);

This will apply the 0-length AAD and you should achieve the correct output.


Hi Swapnil,

certificate parsing is available with WOLFCRYPT_ONLY. Please see this example for how to do this if you already have your certificate in DER format: https://github.com/wolfSSL/wolfssl-exam … y-decode.c. I have tested that this example works when wolfSSL is compiled with

./configure --enable-cryptonly --enable-ecc --enable-ecccustcurves CFLAGS="-DWOLFSSL_TEST_CERT -DWOLFSSL_DER_TO_PEM -DHAVE_ECC_KOBLITZ"

To get the DER format from a PEM buffer please use this API: https://www.wolfssl.com/doxygen/group__CertsKeys.html

int wc_CertPemToDer(const unsigned char* pem, int pemSz,
                        unsigned char* buff, int buffSz, int type)

To get the date from the certificate:

    DecodedCert cert;
    struct tm   timearg;
    const byte* date;
    byte        dateFormat;
    int         dateLength;

    InitDecodedCert(&cert, tmp, (word32)bytes, NULL);

    ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
    if (ret != 0) /* handle error */;

    ret = wc_GetDateInfo(cert.afterDate, cert.afterDateLen, &date,
                         &dateFormat, &dateLength);
    if (ret != 0) /* handle error */;

    ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg);
    if (ret != 0) /* handle error */;

After this you will have a time object populated with the expiry date of the certificate.