mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19,653 Commits 5 Branches 162 Tags
Commit Graph

314 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
fe1f815761 wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage 2020-08-06 13:45:36 +02:00
David Garske
1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
kaleb-himes
aa704420fd Fix typo in include.am 2020-07-07 16:39:39 -06:00
kaleb-himes
42f3a6d7a4 Put both potential roots for login.live.com into collection for stapling test 2020-07-07 16:02:48 -06:00
David Garske
efa169e595 Fix for invalid files in include.am. Improvement to new alt-chain tests to catch case this PR fixes. 2020-06-18 08:33:59 -07:00
David Garske
5a5bc34aa5 Added second intermediate CA to testing certs. This creates a chain that looks like: ROOT (www.wolfssl.com) -> INT (wolfSSL Intermediate CA) -> INT2 (wolfSSL Intermediate2 CA) -> PEER (wolfSSL Client Chain / wolfSSL Server Chain). 2020-06-18 08:33:59 -07:00
Juliusz Sosinowicz
9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
Sean Parkinson
ba401c9bde Fix testing using 4096 bits keys and parameters 
RSA PKCS #1.5 padding for signing is not reliant on a random.
 2020-04-14 12:03:51 +10:00
Sean Parkinson
62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
Sean Parkinson
2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
David Garske
da882f3912 Added wolfCrypt RSA 4096-bit test support using USE_CERT_BUFFERS_4096 build option (./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"). 2020-02-23 18:40:13 -08:00
David Garske
ba49427cc4 Cleanup include.am whitespace. 2020-01-30 08:44:52 -08:00
David Garske
3f1c3392e5 Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. 2020-01-29 06:37:06 -08:00
Chris Conlon
1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072 
wolfCrypt Test 3072-bit Support
 2020-01-23 07:55:19 -08:00
David Garske
06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker 
Fixing some typos. Thanks to Fossies for the report
 2020-01-22 13:52:56 -08:00
David Garske
84a878bda2 Fix for include .am issue. 2020-01-22 09:11:00 -08:00
David Garske
2a5c623c97 Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER. 2020-01-22 08:15:34 -08:00
David Garske
4d9dbc9ec3 Adds 3072-bit RSA tests using USE_CERT_BUFFERS_3072. 2020-01-21 22:16:54 -08:00
JacobBarthelmeh
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513 
Add Qt 5.12 and 5.13 support
 2020-01-10 17:34:23 -07:00
kaleb-himes
9b8d4e91c2 Fixing some typos. Thanks to Fossies for the report 2020-01-10 11:45:51 -07:00
Carie Pointer
28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Eric Blankenhorn
b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Carie Pointer
ee13dfd878 Add Qt 5.12 and 5.13 support 
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
 2019-12-06 14:27:01 -07:00
toddouska
7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096 
SP now has support for RSA/DH 4096-bit operations
 2019-11-18 15:38:47 -08:00
Sean Parkinson
411b130369 Add new 4096-bit cert and key to distribution 2019-11-14 09:13:24 +10:00
Sean Parkinson
5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
David Garske
2bae1d27a1 wolfSSL Compatibility support for OpenVPN 
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
 2019-11-11 14:58:23 -08:00
David Garske
0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing 
Initial pass on test cycle
 2019-10-17 16:02:17 -07:00
Jacob Barthelmeh
acd0a55d47 add new certs to extra dist 2019-10-15 14:23:01 -06:00
Jacob Barthelmeh
b27504b222 update external test certificate 2019-10-15 10:11:38 -06:00
kaleb-himes
306b280ccd Add test cases and implement peer suggestions 
Fix failing jenkins test cases

Add detection for file size with static memory

Account for cert without pathLen constraint set including test cases

Resolve OCSP case and test where cert->pathLen expected to be NULL
 2019-10-11 15:03:38 -06:00
kaleb-himes
9c5fd165d0 addressing non RFC compliance in handling of pathLen constraint 2019-10-10 16:45:29 -06:00
David Garske
644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with --disable-oldnames. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Jacob Barthelmeh
13957e7762 update server-ecc-self.pem before/after dates 2019-07-23 09:27:39 -06:00
David Garske
2ad80df1c7 Fix for ./certs/gen-testcerts.sh sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ". 2019-04-05 09:01:44 -07:00
David Garske
51251bc421 Fix for ssl23.h include for openssl compat with cyassl. 2019-04-01 11:10:29 -07:00
David Garske
c7b5f772aa Add missing cert to include.am for make dist, which is required for ./gencertbuf.pl. 2019-04-01 10:09:34 -07:00
Jacob Barthelmeh
8666b7de9a add test-ber-exp02-05-2022.p7b file for test 2019-02-06 11:11:27 -07:00
Jacob Barthelmeh
ec28376e7f add PKCS7 BER verify test and fix for streaming 2019-02-06 11:05:15 -07:00
David Garske
59a3b4a110 New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: 
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
 2018-12-21 09:54:55 -08:00
Sean Parkinson
95bd340de5 Add support for more OpenSSL APIs 
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
 2018-11-20 07:54:24 +10:00
Jacob Barthelmeh
cc3ccbaf0c add test for degenerate case and allow degenerate case by default 2018-10-30 17:04:33 -06:00
David Garske
3be7eacea9 Added client/server certs and keys for P-384-bit signed by P-384 CA. Fix for broken certs/ecc/genecc.sh script. Added simple P-384 cipher suite test. 2018-10-25 09:21:27 -07:00
David Garske
8b529d3d57 Add test for ECC private key with PKCS 8 encoding (no crypt) and -----BEGIN EC PRIVATE KEY----- header. 2018-10-17 10:01:29 -07:00
kaleb-himes
dc942bf9cb Remove unnecessary duplicate revocation 2018-09-20 16:54:35 -06:00
kaleb-himes
ea06a3e8cb Resolve some persistent error report when conf not passed to req 2018-09-20 16:50:02 -06:00
David Garske
427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR 
Cert update refactor
 2018-09-20 14:24:06 -07:00
kaleb-himes
54e04dd312 posix compliance enhancements for portability 2018-09-20 10:30:11 -06:00
kaleb-himes
17ebb0ea49 Update certs to address nightly failure with disable sha enable crl 2018-09-19 15:22:08 -06:00
kaleb-himes
f3fd67c54b White space updates and revert cnf changes in lieu of PR #1734 2018-09-19 14:54:19 -06:00