mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3295 from SparkiDev/tls13_p521

Browse Source 
TLS 1.3: Fix P-521 algorithm matching
This commit is contained in:
toddouska 2020-09-21 13:36:48 -07:00 committed by GitHub
commit 0f6d391ea1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 699 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
certs/include.am
View File

@ -106,6 +106,7 @@ include certs/crl/include.am
include certs/ecc/include.am
include certs/ed25519/include.am
include certs/ed448/include.am
include certs/p521/include.am
include certs/external/include.am
include certs/ocsp/include.am
include certs/statickeys/include.am

BIN
certs/p521/ca-p521-key.der Normal file
View File

Binary file not shown.

6
certs/p521/ca-p521-key.pem Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQALRgkLeTbbMNpm9sYZzPxYGiUFM2R
Sldl7zb6JIKI7Mfwy0hFbpZff+t2vkRAwxnAM2jEBgSOwiWxloMiDnvHsvwBhpHt
Q1044AwljbPbsdzetyGAz4feZPQhPi2veb320ABLgXn69xCqGc1A1x51NFMpA+1I
VCHlj5W1m0GNX91y0lo=
-----END PUBLIC KEY-----

BIN
certs/p521/ca-p521-priv.der Normal file
View File

Binary file not shown.

7
certs/p521/ca-p521-priv.pem Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIB29qI0BYpdJXJ61gEQtz5rWlWL8B+ZKslEzyZlA5Z2iAKjwKUxd6Q
js0MrD6yn1lne9FGISDUo+sjDDOiQvxx8F2gBwYFK4EEACOhgYkDgYYABAAtGCQt
5Ntsw2mb2xhnM/FgaJQUzZFKV2XvNvokgojsx/DLSEVull9/63a+REDDGcAzaMQG
BI7CJbGWgyIOe8ey/AGGke1DXTjgDCWNs9ux3N63IYDPh95k9CE+La95vfbQAEuB
efr3EKoZzUDXHnU0UykD7UhUIeWPlbWbQY1f3XLSWg==
-----END EC PRIVATE KEY-----

BIN
certs/p521/ca-p521.der Normal file
View File

Binary file not shown.

63
certs/p521/ca-p521.pem Normal file
View File

@ -0,0 +1,63 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Sep 14 23:57:18 2020 GMT
Not After : Jun 11 23:57:18 2023 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:00:2d:18:24:2d:e4:db:6c:c3:69:9b:db:18:67:
33:f1:60:68:94:14:cd:91:4a:57:65:ef:36:fa:24:
82:88:ec:c7:f0:cb:48:45:6e:96:5f:7f:eb:76:be:
44:40:c3:19:c0:33:68:c4:06:04:8e:c2:25:b1:96:
83:22:0e:7b:c7:b2:fc:01:86:91:ed:43:5d:38:e0:
0c:25:8d:b3:db:b1:dc:de:b7:21:80:cf:87:de:64:
f4:21:3e:2d:af:79:bd:f6:d0:00:4b:81:79:fa:f7:
10:aa:19:cd:40:d7:1e:75:34:53:29:03:ed:48:54:
21:e5:8f:95:b5:9b:41:8d:5f:dd:72:d2:5a
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Subject Key Identifier:
40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
X509v3 Authority Key Identifier:
keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA256
30:81:87:02:41:60:cd:fa:94:0d:23:c3:4e:3c:b1:6e:d9:b6:
5b:0e:97:1e:a4:df:0a:7c:05:2e:61:0c:d7:c0:e5:86:16:0c:
7b:01:a5:33:9a:e6:31:a0:62:91:da:dc:22:d1:ba:4f:75:43:
94:43:67:91:20:08:66:96:27:53:b2:61:0e:59:0a:50:02:42:
01:ec:87:8d:ca:6d:e0:bf:30:ba:ef:37:13:ad:f6:d1:c4:fc:
b5:e5:4b:96:c2:83:a0:d8:ed:04:73:85:8d:54:d7:e9:9a:67:
8a:cf:11:36:4a:f2:2f:85:5a:24:5e:3c:79:e1:a7:c4:ec:78:
82:7a:52:25:c4:55:57:95:0e:6f:c9:d5
-----BEGIN CERTIFICATE-----
MIIDBzCCAmmgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
U0xfUDUyMTESMBAGA1UECwwJUm9vdC1QNTIxMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjAwOTE0
MjM1NzE4WhcNMjMwNjExMjM1NzE4WjCBlTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfcDUy
MTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIGbMBAGByqGSM49AgEGBSuB
BAAjA4GGAAQALRgkLeTbbMNpm9sYZzPxYGiUFM2RSldl7zb6JIKI7Mfwy0hFbpZf
f+t2vkRAwxnAM2jEBgSOwiWxloMiDnvHsvwBhpHtQ1044AwljbPbsdzetyGAz4fe
ZPQhPi2veb320ABLgXn69xCqGc1A1x51NFMpA+1IVCHlj5W1m0GNX91y0lqjYzBh
MB0GA1UdDgQWBBRAiR0wXgxu1T3G1SWQ2rZCZ+3pgjAfBgNVHSMEGDAWgBRkp2iV
UzMYoiCSvGRVpqvKdmibyDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
hjAKBggqhkjOPQQDAgOBiwAwgYcCQWDN+pQNI8NOPLFu2bZbDpcepN8KfAUuYQzX
wOWGFgx7AaUzmuYxoGKR2twi0bpPdUOUQ2eRIAhmlidTsmEOWQpQAkIB7IeNym3g
vzC67zcTrfbRxPy15UuWwoOg2O0Ec4WNVNfpmmeKzxE2SvIvhVokXjx54afE7HiC
elIlxFVXlQ5vydU=
-----END CERTIFICATE-----

BIN
certs/p521/client-p521-key.der Normal file
View File

Binary file not shown.

6
certs/p521/client-p521-key.pem Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBYm7xAOzYmVibgGv+LPGy8MhI36zS
O3Epq/BmY9iOtcjC/JlE4kWxWnu5cwHaeeycJic0RSbViUtE/mlOchTji7wADwmi
A8Na3JWC9vn2nP+1a3WVS6QoXZ6QBNHAHtX9Q54eg8ARKysHbal6ENdn51E3JNi/
Aw2LtUBcT9YTc0K8kdk=
-----END PUBLIC KEY-----

BIN
certs/p521/client-p521-priv.der Normal file
View File

Binary file not shown.

7
certs/p521/client-p521-priv.pem Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBaJEzU+KQaBGPqqh2DPcqBxuSKqeCPfqDznDIwmCC/hiIaNpqg0Z4
5OnpzFF/7YECMu4mh8ztYz85J/DXF3ehpDagBwYFK4EEACOhgYkDgYYABAFibvEA
7NiZWJuAa/4s8bLwyEjfrNI7cSmr8GZj2I61yML8mUTiRbFae7lzAdp57JwmJzRF
JtWJS0T+aU5yFOOLvAAPCaIDw1rclYL2+fac/7VrdZVLpChdnpAE0cAe1f1Dnh6D
wBErKwdtqXoQ12fnUTck2L8DDYu1QFxP1hNzQryR2Q==
-----END EC PRIVATE KEY-----

BIN
certs/p521/client-p521.der Normal file
View File

Binary file not shown.

73
certs/p521/client-p521.pem Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:9d:c6:98:df:09:87:30:42:bd:e6:4f:86:05:af:dc:82:89:d7:0e
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Client-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Sep 14 23:57:18 2020 GMT
Not After : Jun 11 23:57:18 2023 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Client-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:01:62:6e:f1:00:ec:d8:99:58:9b:80:6b:fe:2c:
f1:b2:f0:c8:48:df:ac:d2:3b:71:29:ab:f0:66:63:
d8:8e:b5:c8:c2:fc:99:44:e2:45:b1:5a:7b:b9:73:
01:da:79:ec:9c:26:27:34:45:26:d5:89:4b:44:fe:
69:4e:72:14:e3:8b:bc:00:0f:09:a2:03:c3:5a:dc:
95:82:f6:f9:f6:9c:ff:b5:6b:75:95:4b:a4:28:5d:
9e:90:04:d1:c0:1e:d5:fd:43:9e:1e:83:c0:11:2b:
2b:07:6d:a9:7a:10:d7:67:e7:51:37:24:d8:bf:03:
0d:8b:b5:40:5c:4f:d6:13:73:42:bc:91:d9
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Subject Key Identifier:
20:E1:BF:57:E5:F3:C3:0C:72:84:6A:C6:DF:BC:22:D0:B7:25:E5:A4
X509v3 Authority Key Identifier:
keyid:20:E1:BF:57:E5:F3:C3:0C:72:84:6A:C6:DF:BC:22:D0:B7:25:E5:A4
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_p521/OU=Client-p521/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:24:9D:C6:98:DF:09:87:30:42:BD:E6:4F:86:05:AF:DC:82:89:D7:0E
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
DNS:example.com, IP Address:127.0.0.1
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: ecdsa-with-SHA256
30:81:87:02:42:01:e1:85:a5:0e:81:ff:b0:2a:d3:b8:73:8c:
1d:8e:1f:42:4c:de:cb:d1:63:69:ce:53:d0:2a:52:14:e4:7a:
2f:1e:c4:0b:1b:db:1e:36:97:72:ed:9b:2f:d4:93:79:06:ec:
41:6c:6c:18:28:99:56:b6:0b:58:c4:bc:47:db:64:a8:7e:02:
41:2b:d0:32:2e:03:81:32:f3:9a:65:58:a4:51:7e:9a:ad:c2:
99:bf:21:f1:a1:70:61:4b:ee:8e:df:3b:9c:79:e3:12:b4:3b:
9e:64:da:d0:ef:5b:50:7b:a1:b0:30:8f:af:66:71:9d:41:20:
cf:e8:9c:bd:f5:3b:c4:fe:00:43:35:24
-----BEGIN CERTIFICATE-----
MIIECTCCA2ugAwIBAgIUJJ3GmN8JhzBCveZPhgWv3IKJ1w4wCgYIKoZIzj0EAwIw
gZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
bWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjExFDASBgNVBAsMC0NsaWVudC1wNTIx
MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
d29sZnNzbC5jb20wHhcNMjAwOTE0MjM1NzE4WhcNMjMwNjExMjM1NzE4WjCBmTEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
FTATBgNVBAoMDHdvbGZTU0xfcDUyMTEUMBIGA1UECwwLQ2xpZW50LXA1MjExGDAW
BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
c3NsLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAWJu8QDs2JlYm4Br/izx
svDISN+s0jtxKavwZmPYjrXIwvyZROJFsVp7uXMB2nnsnCYnNEUm1YlLRP5pTnIU
44u8AA8JogPDWtyVgvb59pz/tWt1lUukKF2ekATRwB7V/UOeHoPAESsrB22pehDX
Z+dRNyTYvwMNi7VAXE/WE3NCvJHZo4IBSjCCAUYwHQYDVR0OBBYEFCDhv1fl88MM
coRqxt+8ItC3JeWkMIHZBgNVHSMEgdEwgc6AFCDhv1fl88MMcoRqxt+8ItC3JeWk
oYGfpIGcMIGZMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
BwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF9wNTIxMRQwEgYDVQQLDAtDbGll
bnQtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tghQkncaY3wmHMEK95k+GBa/cgonXDjAMBgNVHRME
BTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAKBggqhkjOPQQDAgOBiwAwgYcCQgHhhaUOgf+w
KtO4c4wdjh9CTN7L0WNpzlPQKlIU5HovHsQLG9seNpdy7Zsv1JN5BuxBbGwYKJlW
tgtYxLxH22SofgJBK9AyLgOBMvOaZVikUX6arcKZvyHxoXBhS+6O3zuceeMStDue
ZNrQ71tQe6GwMI+vZnGdQSDP6Jy99TvE/gBDNSQ=
-----END CERTIFICATE-----

105
certs/p521/gen-p521-certs.sh Executable file
View File

@ -0,0 +1,105 @@
#!/bin/bash
check_result(){
if [ $1 -ne 0 ]; then
echo "Failed at \"$2\", Abort"
exit 1
else
echo "Step Succeeded!"
fi
}
openssl pkey -in root-p521-priv.pem -noout >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "OpenSSL does not support P521"
echo "Skipping P521 certificate renewal"
exit 0
fi
############################################################
###### update the self-signed root-p521.pem ###############
############################################################
echo "Updating root-p521.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_P521\\nRoot-P521\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
openssl req -new -key root-p521-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-p521.csr
check_result $? "Generate request"
openssl x509 -req -in root-p521.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-p521-priv.pem -out root-p521.pem
check_result $? "Generate certificate"
rm root-p521.csr
openssl x509 -in root-p521.pem -outform DER > root-p521.der
check_result $? "Convert to DER"
openssl x509 -in root-p521.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem root-p521.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update ca-p521.pem signed by root ##################
############################################################
echo "Updating ca-p521.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_p521\\nCA-p521\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-p521-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-p521.csr
check_result $? "Generate request"
openssl x509 -req -in ca-p521.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-p521.pem -CAkey root-p521-priv.pem -set_serial 01 -out ca-p521.pem
check_result $? "Generate certificate"
rm ca-p521.csr
openssl x509 -in ca-p521.pem -outform DER > ca-p521.der
check_result $? "Convert to DER"
openssl x509 -in ca-p521.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem ca-p521.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update server-p521.pem signed by ca ################
############################################################
echo "Updating server-p521.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_p521\\nServer-p521\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-p521-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-p521.csr
check_result $? "Generate request"
openssl x509 -req -in server-p521.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-p521.pem -CAkey ca-p521-priv.pem -set_serial 01 -out server-p521-cert.pem
check_result $? "Generate certificate"
rm server-p521.csr
openssl x509 -in server-p521-cert.pem -outform DER > server-p521.der
check_result $? "Convert to DER"
openssl x509 -in server-p521-cert.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem server-p521-cert.pem
cat server-p521-cert.pem ca-p521.pem > server-p521.pem
check_result $? "Add CA into server cert"
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update the self-signed client-p521.pem #############
############################################################
echo "Updating client-p521.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_p521\\nClient-p521\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-p521-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-p521.csr
check_result $? "Generate request"
openssl x509 -req -in client-p521.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-p521-priv.pem -out client-p521.pem
check_result $? "Generate certificate"
rm client-p521.csr
openssl x509 -in client-p521.pem -outform DER > client-p521.der
check_result $? "Convert to DER"
openssl x509 -in client-p521.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem client-p521.pem
echo "End of section"
echo "---------------------------------------------------------------------"

16
certs/p521/gen-p521-keys.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/sh
for key in root ca server client
do
openssl ecparam -name secp521r1 -genkey -noout > ${key}-p521-priv.pem
openssl pkey -in ${key}-p521-priv.pem -outform DER -out ${key}-p521-priv.der
openssl pkey -in ${key}-p521-priv.pem -outform PEM -pubout -out ${key}-p521-key.pem
openssl pkey -in ${key}-p521-priv.pem -outform DER -pubout -out ${key}-p521-key.der
done

38
certs/p521/include.am Normal file
View File

@ -0,0 +1,38 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/p521/ca-p521.der \
certs/p521/ca-p521.pem \
certs/p521/ca-p521-key.der \
certs/p521/ca-p521-key.pem \
certs/p521/ca-p521-priv.der \
certs/p521/ca-p521-priv.pem \
certs/p521/client-p521.der \
certs/p521/client-p521.pem \
certs/p521/client-p521-key.der \
certs/p521/client-p521-key.pem \
certs/p521/client-p521-priv.der \
certs/p521/client-p521-priv.pem \
certs/p521/root-p521.der \
certs/p521/root-p521.pem \
certs/p521/root-p521-key.der \
certs/p521/root-p521-key.pem \
certs/p521/root-p521-priv.der \
certs/p521/root-p521-priv.pem \
certs/p521/server-p521.der \
certs/p521/server-p521.pem \
certs/p521/server-p521-cert.pem \
certs/p521/server-p521-key.der \
certs/p521/server-p521-key.pem \
certs/p521/server-p521-priv.der \
certs/p521/server-p521-priv.pem
if BUILD_FIPS_V2
else
noinst_DATA+= \
certs/p521/gen-p521-certs.sh \
certs/p521/gen-p521-keys.sh
endif

BIN
certs/p521/root-p521-key.der Normal file
View File

Binary file not shown.

6
certs/p521/root-p521-key.pem Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBQWDU5cw32/RMEsz2ejLM8hy3UxW9
X1Pvy3OpyBRsb33FfLS7jlbCQ0X7WBzGRT1/5U6AzETBBnp14WnJiqgBet8ARElz
nC9QP4OgHovRqvsIDJAFDQwXMVE+1oU7CRKC0aYIzchPalrIjI5dv9rMW5Wh6Fop
eCKyukmhhcZIinFTjYk=
-----END PUBLIC KEY-----

BIN
certs/p521/root-p521-priv.der Normal file
View File

Binary file not shown.

7
certs/p521/root-p521-priv.pem Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIB+0L/Wo+9bKC8iEmkLdgQkDyeJkbDp0bmhUqOevrpeBqs/Q/0dtg9
WFwp7ceTJkuLr/osgWrNpTxgVscecuiYRGSgBwYFK4EEACOhgYkDgYYABAFBYNTl
zDfb9EwSzPZ6MszyHLdTFb1fU+/Lc6nIFGxvfcV8tLuOVsJDRftYHMZFPX/lToDM
RMEGenXhacmKqAF63wBESXOcL1A/g6Aei9Gq+wgMkAUNDBcxUT7WhTsJEoLRpgjN
yE9qWsiMjl2/2sxblaHoWil4IrK6SaGFxkiKcVONiQ==
-----END EC PRIVATE KEY-----

BIN
certs/p521/root-p521.der Normal file
View File

Binary file not shown.

64
certs/p521/root-p521.pem Normal file
View File

@ -0,0 +1,64 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:0c:f9:b8:9a:a1:1d:4f:ec:23:8f:4b:f2:20:5d:7d:ac:43:4e:98
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Sep 14 23:57:18 2020 GMT
Not After : Jun 11 23:57:18 2023 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:01:41:60:d4:e5:cc:37:db:f4:4c:12:cc:f6:7a:
32:cc:f2:1c:b7:53:15:bd:5f:53:ef:cb:73:a9:c8:
14:6c:6f:7d:c5:7c:b4:bb:8e:56:c2:43:45:fb:58:
1c:c6:45:3d:7f:e5:4e:80:cc:44:c1:06:7a:75:e1:
69:c9:8a:a8:01:7a:df:00:44:49:73:9c:2f:50:3f:
83:a0:1e:8b:d1:aa:fb:08:0c:90:05:0d:0c:17:31:
51:3e:d6:85:3b:09:12:82:d1:a6:08:cd:c8:4f:6a:
5a:c8:8c:8e:5d:bf:da:cc:5b:95:a1:e8:5a:29:78:
22:b2:ba:49:a1:85:c6:48:8a:71:53:8d:89
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Subject Key Identifier:
64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
X509v3 Authority Key Identifier:
keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA256
30:81:87:02:41:55:16:68:aa:bc:e1:5e:b6:d3:4c:3e:aa:e6:
64:e6:ca:94:ec:7d:0f:a8:ea:70:00:33:26:95:27:bd:23:ae:
69:5b:29:60:28:1e:0d:fa:69:3d:21:36:f9:9d:80:74:b1:ae:
d0:2c:bd:12:13:ce:98:0c:69:39:ab:99:88:90:17:02:02:42:
01:f7:b2:95:d0:bf:64:4d:f9:2e:0e:98:40:00:1c:a7:0a:b3:
2e:09:f8:c2:27:56:3e:b4:2a:c0:fc:1a:3a:87:c6:6f:ac:20:
d4:df:90:f0:00:88:a0:a6:63:79:74:9c:91:c0:ce:7c:21:6b:
65:64:a8:fb:83:48:78:eb:78:e0:51:95
-----BEGIN CERTIFICATE-----
MIIDHDCCAn6gAwIBAgIUIwz5uJqhHU/sI49L8iBdfaxDTpgwCgYIKoZIzj0EAwIw
gZcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
bWFuMRUwEwYDVQQKDAx3b2xmU1NMX1A1MjExEjAQBgNVBAsMCVJvb3QtUDUyMTEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMB4XDTIwMDkxNDIzNTcxOFoXDTIzMDYxMTIzNTcxOFowgZcxCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUw
EwYDVQQKDAx3b2xmU1NMX1A1MjExEjAQBgNVBAsMCVJvb3QtUDUyMTEYMBYGA1UE
AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBQWDU5cw32/RMEsz2ejLM8hy3
UxW9X1Pvy3OpyBRsb33FfLS7jlbCQ0X7WBzGRT1/5U6AzETBBnp14WnJiqgBet8A
RElznC9QP4OgHovRqvsIDJAFDQwXMVE+1oU7CRKC0aYIzchPalrIjI5dv9rMW5Wh
6FopeCKyukmhhcZIinFTjYmjYzBhMB0GA1UdDgQWBBRkp2iVUzMYoiCSvGRVpqvK
dmibyDAfBgNVHSMEGDAWgBRkp2iVUzMYoiCSvGRVpqvKdmibyDAPBgNVHRMBAf8E
BTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBiwAwgYcCQVUWaKq8
4V6200w+quZk5sqU7H0PqOpwADMmlSe9I65pWylgKB4N+mk9ITb5nYB0sa7QLL0S
E86YDGk5q5mIkBcCAkIB97KV0L9kTfkuDphAABynCrMuCfjCJ1Y+tCrA/Bo6h8Zv
rCDU35DwAIigpmN5dJyRwM58IWtlZKj7g0h463jgUZU=
-----END CERTIFICATE-----

68
certs/p521/server-p521-cert.pem Normal file
View File

@ -0,0 +1,68 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Sep 14 23:57:18 2020 GMT
Not After : Jun 11 23:57:18 2023 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Server-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:00:de:70:69:f6:d1:9e:c4:fe:5f:82:52:98:ce:
52:c1:6a:4c:12:22:0f:76:88:22:11:a5:0d:a6:02:
47:91:ab:79:8d:f6:08:70:2d:20:14:15:df:1b:57:
58:b3:51:ab:20:a8:2b:bd:6a:3f:a9:ee:c2:6d:ae:
99:44:b4:a1:12:10:70:00:ca:1f:14:1d:b0:e7:0c:
41:18:52:37:04:a7:84:53:a1:02:46:93:1f:d5:60:
63:a6:2e:7d:8d:ea:3f:e0:5b:e5:c8:6e:1f:a7:d9:
a3:59:e5:96:27:22:f4:02:2b:af:5b:78:1f:13:a8:
22:8b:ec:ae:01:7d:c0:61:13:a4:35:0a:21
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Subject Key Identifier:
85:86:9F:AE:73:5F:94:77:27:3B:15:15:C6:79:07:A8:42:4B:1E:F3
X509v3 Authority Key Identifier:
keyid:40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: ecdsa-with-SHA256
30:81:88:02:42:01:95:31:ef:ac:8f:c7:79:c8:b1:27:21:70:
24:d1:78:d6:d4:da:d0:1d:44:52:6f:3f:0a:f1:33:ac:70:14:
cf:62:e6:23:a8:a5:30:04:e1:40:7b:05:c5:45:c9:be:b0:32:
d5:00:77:c7:6b:1d:37:7a:2c:83:02:9d:ef:5d:9e:9c:91:02:
42:01:f8:7c:5b:fc:b3:1a:26:2c:b4:41:c8:bf:0d:ae:74:5a:
0d:25:10:7d:9d:33:ec:5c:29:c0:7c:6a:96:f3:28:b6:06:de:
13:1f:b1:a1:76:38:ea:a1:db:81:21:b6:81:0c:8f:67:b7:3d:
7b:6b:e0:72:67:e3:d1:71:11:92:8b:d0:f1
-----BEGIN CERTIFICATE-----
MIIDMTCCApKgAwIBAgIBATAKBggqhkjOPQQDAjCBlTELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
U0xfcDUyMTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDkxNDIz
NTcxOFoXDTIzMDYxMTIzNTcxOFowgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjEx
FDASBgNVBAsMC1NlcnZlci1wNTIxMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZswEAYHKoZIzj0CAQYF
K4EEACMDgYYABADecGn20Z7E/l+CUpjOUsFqTBIiD3aIIhGlDaYCR5GreY32CHAt
IBQV3xtXWLNRqyCoK71qP6nuwm2umUS0oRIQcADKHxQdsOcMQRhSNwSnhFOhAkaT
H9VgY6YufY3qP+Bb5chuH6fZo1nllici9AIrr1t4HxOoIovsrgF9wGETpDUKIaOB
iTCBhjAdBgNVHQ4EFgQUhYafrnNflHcnOxUVxnkHqEJLHvMwHwYDVR0jBBgwFoAU
QIkdMF4MbtU9xtUlkNq2Qmft6YIwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC
A6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAoGCCqG
SM49BAMCA4GMADCBiAJCAZUx76yPx3nIsSchcCTReNbU2tAdRFJvPwrxM6xwFM9i
5iOopTAE4UB7BcVFyb6wMtUAd8drHTd6LIMCne9dnpyRAkIB+Hxb/LMaJiy0Qci/
Da50Wg0lEH2dM+xcKcB8apbzKLYG3hMfsaF2OOqh24EhtoEMj2e3PXtr4HJn49Fx
EZKL0PE=
-----END CERTIFICATE-----

BIN
certs/p521/server-p521-key.der Normal file
View File

Binary file not shown.

6
certs/p521/server-p521-key.pem Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA3nBp9tGexP5fglKYzlLBakwSIg92
iCIRpQ2mAkeRq3mN9ghwLSAUFd8bV1izUasgqCu9aj+p7sJtrplEtKESEHAAyh8U
HbDnDEEYUjcEp4RToQJGkx/VYGOmLn2N6j/gW+XIbh+n2aNZ5ZYnIvQCK69beB8T
qCKL7K4BfcBhE6Q1CiE=
-----END PUBLIC KEY-----

BIN
certs/p521/server-p521-priv.der Normal file
View File

Binary file not shown.

7
certs/p521/server-p521-priv.pem Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBA/UQ99abMXYOwp9KaXiqAj86ltsFQghlThjy9iBcnWkX1HwOvRd7
cQFcIMmwK3LwktTPTcFOo0hgfvdwPKVlVJSgBwYFK4EEACOhgYkDgYYABADecGn2
0Z7E/l+CUpjOUsFqTBIiD3aIIhGlDaYCR5GreY32CHAtIBQV3xtXWLNRqyCoK71q
P6nuwm2umUS0oRIQcADKHxQdsOcMQRhSNwSnhFOhAkaTH9VgY6YufY3qP+Bb5chu
H6fZo1nllici9AIrr1t4HxOoIovsrgF9wGETpDUKIQ==
-----END EC PRIVATE KEY-----

BIN
certs/p521/server-p521.der Normal file
View File

Binary file not shown.

131
certs/p521/server-p521.pem Normal file
View File

@ -0,0 +1,131 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Sep 14 23:57:18 2020 GMT
Not After : Jun 11 23:57:18 2023 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Server-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:00:de:70:69:f6:d1:9e:c4:fe:5f:82:52:98:ce:
52:c1:6a:4c:12:22:0f:76:88:22:11:a5:0d:a6:02:
47:91:ab:79:8d:f6:08:70:2d:20:14:15:df:1b:57:
58:b3:51:ab:20:a8:2b:bd:6a:3f:a9:ee:c2:6d:ae:
99:44:b4:a1:12:10:70:00:ca:1f:14:1d:b0:e7:0c:
41:18:52:37:04:a7:84:53:a1:02:46:93:1f:d5:60:
63:a6:2e:7d:8d:ea:3f:e0:5b:e5:c8:6e:1f:a7:d9:
a3:59:e5:96:27:22:f4:02:2b:af:5b:78:1f:13:a8:
22:8b:ec:ae:01:7d:c0:61:13:a4:35:0a:21
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Subject Key Identifier:
85:86:9F:AE:73:5F:94:77:27:3B:15:15:C6:79:07:A8:42:4B:1E:F3
X509v3 Authority Key Identifier:
keyid:40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: ecdsa-with-SHA256
30:81:88:02:42:01:95:31:ef:ac:8f:c7:79:c8:b1:27:21:70:
24:d1:78:d6:d4:da:d0:1d:44:52:6f:3f:0a:f1:33:ac:70:14:
cf:62:e6:23:a8:a5:30:04:e1:40:7b:05:c5:45:c9:be:b0:32:
d5:00:77:c7:6b:1d:37:7a:2c:83:02:9d:ef:5d:9e:9c:91:02:
42:01:f8:7c:5b:fc:b3:1a:26:2c:b4:41:c8:bf:0d:ae:74:5a:
0d:25:10:7d:9d:33:ec:5c:29:c0:7c:6a:96:f3:28:b6:06:de:
13:1f:b1:a1:76:38:ea:a1:db:81:21:b6:81:0c:8f:67:b7:3d:
7b:6b:e0:72:67:e3:d1:71:11:92:8b:d0:f1
-----BEGIN CERTIFICATE-----
MIIDMTCCApKgAwIBAgIBATAKBggqhkjOPQQDAjCBlTELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
U0xfcDUyMTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDkxNDIz
NTcxOFoXDTIzMDYxMTIzNTcxOFowgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjEx
FDASBgNVBAsMC1NlcnZlci1wNTIxMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZswEAYHKoZIzj0CAQYF
K4EEACMDgYYABADecGn20Z7E/l+CUpjOUsFqTBIiD3aIIhGlDaYCR5GreY32CHAt
IBQV3xtXWLNRqyCoK71qP6nuwm2umUS0oRIQcADKHxQdsOcMQRhSNwSnhFOhAkaT
H9VgY6YufY3qP+Bb5chuH6fZo1nllici9AIrr1t4HxOoIovsrgF9wGETpDUKIaOB
iTCBhjAdBgNVHQ4EFgQUhYafrnNflHcnOxUVxnkHqEJLHvMwHwYDVR0jBBgwFoAU
QIkdMF4MbtU9xtUlkNq2Qmft6YIwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC
A6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAoGCCqG
SM49BAMCA4GMADCBiAJCAZUx76yPx3nIsSchcCTReNbU2tAdRFJvPwrxM6xwFM9i
5iOopTAE4UB7BcVFyb6wMtUAd8drHTd6LIMCne9dnpyRAkIB+Hxb/LMaJiy0Qci/
Da50Wg0lEH2dM+xcKcB8apbzKLYG3hMfsaF2OOqh24EhtoEMj2e3PXtr4HJn49Fx
EZKL0PE=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Sep 14 23:57:18 2020 GMT
Not After : Jun 11 23:57:18 2023 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:00:2d:18:24:2d:e4:db:6c:c3:69:9b:db:18:67:
33:f1:60:68:94:14:cd:91:4a:57:65:ef:36:fa:24:
82:88:ec:c7:f0:cb:48:45:6e:96:5f:7f:eb:76:be:
44:40:c3:19:c0:33:68:c4:06:04:8e:c2:25:b1:96:
83:22:0e:7b:c7:b2:fc:01:86:91:ed:43:5d:38:e0:
0c:25:8d:b3:db:b1:dc:de:b7:21:80:cf:87:de:64:
f4:21:3e:2d:af:79:bd:f6:d0:00:4b:81:79:fa:f7:
10:aa:19:cd:40:d7:1e:75:34:53:29:03:ed:48:54:
21:e5:8f:95:b5:9b:41:8d:5f:dd:72:d2:5a
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Subject Key Identifier:
40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
X509v3 Authority Key Identifier:
keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA256
30:81:87:02:41:60:cd:fa:94:0d:23:c3:4e:3c:b1:6e:d9:b6:
5b:0e:97:1e:a4:df:0a:7c:05:2e:61:0c:d7:c0:e5:86:16:0c:
7b:01:a5:33:9a:e6:31:a0:62:91:da:dc:22:d1:ba:4f:75:43:
94:43:67:91:20:08:66:96:27:53:b2:61:0e:59:0a:50:02:42:
01:ec:87:8d:ca:6d:e0:bf:30:ba:ef:37:13:ad:f6:d1:c4:fc:
b5:e5:4b:96:c2:83:a0:d8:ed:04:73:85:8d:54:d7:e9:9a:67:
8a:cf:11:36:4a:f2:2f:85:5a:24:5e:3c:79:e1:a7:c4:ec:78:
82:7a:52:25:c4:55:57:95:0e:6f:c9:d5
-----BEGIN CERTIFICATE-----
MIIDBzCCAmmgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
U0xfUDUyMTESMBAGA1UECwwJUm9vdC1QNTIxMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjAwOTE0
MjM1NzE4WhcNMjMwNjExMjM1NzE4WjCBlTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfcDUy
MTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIGbMBAGByqGSM49AgEGBSuB
BAAjA4GGAAQALRgkLeTbbMNpm9sYZzPxYGiUFM2RSldl7zb6JIKI7Mfwy0hFbpZf
f+t2vkRAwxnAM2jEBgSOwiWxloMiDnvHsvwBhpHtQ1044AwljbPbsdzetyGAz4fe
ZPQhPi2veb320ABLgXn69xCqGc1A1x51NFMpA+1IVCHlj5W1m0GNX91y0lqjYzBh
MB0GA1UdDgQWBBRAiR0wXgxu1T3G1SWQ2rZCZ+3pgjAfBgNVHSMEGDAWgBRkp2iV
UzMYoiCSvGRVpqvKdmibyDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
hjAKBggqhkjOPQQDAgOBiwAwgYcCQWDN+pQNI8NOPLFu2bZbDpcepN8KfAUuYQzX
wOWGFgx7AaUzmuYxoGKR2twi0bpPdUOUQ2eRIAhmlidTsmEOWQpQAkIB7IeNym3g
vzC67zcTrfbRxPy15UuWwoOg2O0Ec4WNVNfpmmeKzxE2SvIvhVokXjx54afE7HiC
elIlxFVXlQ5vydU=
-----END CERTIFICATE-----

12
certs/renewcerts.sh
View File

@ -504,7 +504,7 @@ run_renewcerts(){
echo "---------------------------------------------------------------------"
############################################################
########## generate PKCS7 bundles ##########################
########## generate Ed448 certificates #####################
############################################################
echo "Renewing Ed448 certificates"
cd ed448
@ -513,6 +513,16 @@ run_renewcerts(){
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate P-521 certificates #####################
############################################################
echo "Renewing Ed448 certificates"
cd p521
./gen-p521-certs.sh
cd ..
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update the ecc-rsa-server.p12 file ##################
############################################################

4
src/internal.c
View File

@ -19471,7 +19471,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
if (IsAtLeastTLSv1_3(ssl->version) && sigAlgo == ssl->suites->sigAlgo &&
sigAlgo == ecc_dsa_sa_algo) {
int curveSz = ssl->buffers.keySz & (~0x3);
int digestSz = GetMacDigestSize(hashAlgo);
if (digestSz <= 0)
continue;
@ -19479,7 +19479,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
/* TLS 1.3 signature algorithms for ECDSA match hash length with
* key size.
*/
if (digestSz != ssl->buffers.keySz)
if (digestSz != curveSz)
continue;
ssl->suites->hashAlgo = hashAlgo;

3
tests/include.am
View File

@ -48,5 +48,6 @@ EXTRA_DIST += tests/test.conf \
tests/test-chains.conf \
tests/test-altchains.conf \
tests/test-trustpeer.conf \
tests/test-dhprime.conf
tests/test-dhprime.conf \
tests/test-p521.conf
DISTCLEANFILES+= tests/.libs/unit.test

12
tests/suites.c
View File

@ -879,6 +879,18 @@ int SuiteTest(int argc, char** argv)
goto exit;
}
#endif
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
defined(WOLFSSL_SHA512)
/* add P-521 certificate cipher suite tests */
strcpy(argv0[1], "tests/test-p521.conf");
printf("starting P-521 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");

61
tests/test-p521.conf Normal file
View File

@ -0,0 +1,61 @@
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/p521/server-p521.pem
-k ./certs/p521/server-p521-priv.pem
-d
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/p521/root-p521.pem
-C
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/p521/server-p521.pem
-k ./certs/p521/server-p521-priv.pem
-A ./certs/p521/client-p521.pem
-V
# Remove -V when CRL for P-521 certificates available.
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/p521/client-p521.pem
-k ./certs/p521/client-p521-priv.pem
-A ./certs/p521/root-p521.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/p521/server-p521.pem
-k ./certs/p521/server-p521-priv.pem
-d
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/p521/root-p521.pem
-C
# Enable when CRL for P-521 certificates available.
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/p521/server-p521.pem
-k ./certs/p521/server-p521-priv.pem
-A ./certs/p521/client-p521.pem
-V
# Remove -V when CRL for P-521 certificates available.
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/p521/client-p521.pem
-k ./certs/p521/client-p521-priv.pem
-A ./certs/p521/root-p521.pem
-C