mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,219 Commits 5 Branches 162 Tags
Commit Graph

207 Commits

Author SHA1 Message Date
Sean Parkinson
ba401c9bde Fix testing using 4096 bits keys and parameters 
RSA PKCS #1.5 padding for signing is not reliant on a random.
 2020-04-14 12:03:51 +10:00
Sean Parkinson
62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
Sean Parkinson
2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
David Garske
da882f3912 Added wolfCrypt RSA 4096-bit test support using USE_CERT_BUFFERS_4096 build option (./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"). 2020-02-23 18:40:13 -08:00
David Garske
ba49427cc4 Cleanup include.am whitespace. 2020-01-30 08:44:52 -08:00
David Garske
3f1c3392e5 Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. 2020-01-29 06:37:06 -08:00
Chris Conlon
1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072 
wolfCrypt Test 3072-bit Support
 2020-01-23 07:55:19 -08:00
David Garske
06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker 
Fixing some typos. Thanks to Fossies for the report
 2020-01-22 13:52:56 -08:00
David Garske
84a878bda2 Fix for include .am issue. 2020-01-22 09:11:00 -08:00
David Garske
2a5c623c97 Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER. 2020-01-22 08:15:34 -08:00
David Garske
4d9dbc9ec3 Adds 3072-bit RSA tests using USE_CERT_BUFFERS_3072. 2020-01-21 22:16:54 -08:00
JacobBarthelmeh
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513 
Add Qt 5.12 and 5.13 support
 2020-01-10 17:34:23 -07:00
kaleb-himes
9b8d4e91c2 Fixing some typos. Thanks to Fossies for the report 2020-01-10 11:45:51 -07:00
Carie Pointer
28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Eric Blankenhorn
b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Carie Pointer
ee13dfd878 Add Qt 5.12 and 5.13 support 
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
 2019-12-06 14:27:01 -07:00
toddouska
7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096 
SP now has support for RSA/DH 4096-bit operations
 2019-11-18 15:38:47 -08:00
Sean Parkinson
411b130369 Add new 4096-bit cert and key to distribution 2019-11-14 09:13:24 +10:00
Sean Parkinson
5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
David Garske
2bae1d27a1 wolfSSL Compatibility support for OpenVPN 
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
 2019-11-11 14:58:23 -08:00
David Garske
0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing 
Initial pass on test cycle
 2019-10-17 16:02:17 -07:00
Jacob Barthelmeh
acd0a55d47 add new certs to extra dist 2019-10-15 14:23:01 -06:00
Jacob Barthelmeh
b27504b222 update external test certificate 2019-10-15 10:11:38 -06:00
kaleb-himes
306b280ccd Add test cases and implement peer suggestions 
Fix failing jenkins test cases

Add detection for file size with static memory

Account for cert without pathLen constraint set including test cases

Resolve OCSP case and test where cert->pathLen expected to be NULL
 2019-10-11 15:03:38 -06:00
kaleb-himes
9c5fd165d0 addressing non RFC compliance in handling of pathLen constraint 2019-10-10 16:45:29 -06:00
David Garske
644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with --disable-oldnames. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Jacob Barthelmeh
13957e7762 update server-ecc-self.pem before/after dates 2019-07-23 09:27:39 -06:00
David Garske
2ad80df1c7 Fix for ./certs/gen-testcerts.sh sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ". 2019-04-05 09:01:44 -07:00
David Garske
51251bc421 Fix for ssl23.h include for openssl compat with cyassl. 2019-04-01 11:10:29 -07:00
David Garske
c7b5f772aa Add missing cert to include.am for make dist, which is required for ./gencertbuf.pl. 2019-04-01 10:09:34 -07:00
Jacob Barthelmeh
8666b7de9a add test-ber-exp02-05-2022.p7b file for test 2019-02-06 11:11:27 -07:00
Jacob Barthelmeh
ec28376e7f add PKCS7 BER verify test and fix for streaming 2019-02-06 11:05:15 -07:00
David Garske
59a3b4a110 New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: 
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
 2018-12-21 09:54:55 -08:00
Sean Parkinson
95bd340de5 Add support for more OpenSSL APIs 
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
 2018-11-20 07:54:24 +10:00
Jacob Barthelmeh
cc3ccbaf0c add test for degenerate case and allow degenerate case by default 2018-10-30 17:04:33 -06:00
David Garske
3be7eacea9 Added client/server certs and keys for P-384-bit signed by P-384 CA. Fix for broken certs/ecc/genecc.sh script. Added simple P-384 cipher suite test. 2018-10-25 09:21:27 -07:00
David Garske
8b529d3d57 Add test for ECC private key with PKCS 8 encoding (no crypt) and -----BEGIN EC PRIVATE KEY----- header. 2018-10-17 10:01:29 -07:00
kaleb-himes
dc942bf9cb Remove unnecessary duplicate revocation 2018-09-20 16:54:35 -06:00
kaleb-himes
ea06a3e8cb Resolve some persistent error report when conf not passed to req 2018-09-20 16:50:02 -06:00
David Garske
427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR 
Cert update refactor
 2018-09-20 14:24:06 -07:00
kaleb-himes
54e04dd312 posix compliance enhancements for portability 2018-09-20 10:30:11 -06:00
kaleb-himes
17ebb0ea49 Update certs to address nightly failure with disable sha enable crl 2018-09-19 15:22:08 -06:00
kaleb-himes
f3fd67c54b White space updates and revert cnf changes in lieu of PR #1734 2018-09-19 14:54:19 -06:00
kaleb-himes
4f6ee556dc Refactor the cert renewal scripts with error handling 
Portability updates
 2018-09-19 14:47:21 -06:00
Eric Blankenhorn
b1b7093a1d Revert addition of OIDs to cnf 2018-09-19 08:01:40 -05:00
David Garske
f48e2067ae Added new API wolfSSL_CTX_load_verify_chain_buffer_format for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID. 2018-09-10 08:15:17 -07:00
David Garske
575382e5a9 Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs. 2018-09-07 15:30:30 -07:00
David Garske
ae3d8d3779 * Fixed wolfSSL_CTX_load_verify_locations to continue loading if there is an error (ZD 4265). 
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
 2018-09-06 12:51:22 -07:00
Sean Parkinson
1ab17ac827 More changes to minimize dynamic memory usage. 
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
 2018-08-21 14:41:01 +10:00
Eric Blankenhorn
bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734) 
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
 2018-08-12 12:53:29 -07:00