WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
11,856 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

213 Commits (15be5476e983ba8d75b89ea0dff882d33cc184d9)

Author SHA1 Message Date
David Garske 1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
kaleb-himes aa704420fd Fix typo in include.am 2020-07-07 16:39:39 -06:00
kaleb-himes 42f3a6d7a4 Put both potential roots for login.live.com into collection for stapling test 2020-07-07 16:02:48 -06:00
David Garske efa169e595 Fix for invalid files in include.am. Improvement to new alt-chain tests to catch case this PR fixes. 2020-06-18 08:33:59 -07:00
David Garske 5a5bc34aa5 Added second intermediate CA to testing certs. This creates a chain that looks like: `ROOT (www.wolfssl.com) -> INT (wolfSSL Intermediate CA) -> INT2 (wolfSSL Intermediate2 CA) -> PEER (wolfSSL Client Chain / wolfSSL Server Chain).` 2020-06-18 08:33:59 -07:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
Sean Parkinson ba401c9bde Fix testing using 4096 bits keys and parameters 
RSA PKCS #1.5 padding for signing is not reliant on a random.
 2020-04-14 12:03:51 +10:00
Sean Parkinson 62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
David Garske da882f3912 Added wolfCrypt RSA 4096-bit test support using `USE_CERT_BUFFERS_4096` build option (`./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"`). 2020-02-23 18:40:13 -08:00
David Garske ba49427cc4 Cleanup include.am whitespace. 2020-01-30 08:44:52 -08:00
David Garske 3f1c3392e5 Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. 2020-01-29 06:37:06 -08:00
Chris Conlon 1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072 
wolfCrypt Test 3072-bit Support
 2020-01-23 07:55:19 -08:00
David Garske 06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker 
Fixing some typos. Thanks to Fossies for the report
 2020-01-22 13:52:56 -08:00
David Garske 84a878bda2 Fix for include .am issue. 2020-01-22 09:11:00 -08:00
David Garske 2a5c623c97 Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER. 2020-01-22 08:15:34 -08:00
David Garske 4d9dbc9ec3 Adds 3072-bit RSA tests using `USE_CERT_BUFFERS_3072`. 2020-01-21 22:16:54 -08:00
JacobBarthelmeh 6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513 
Add Qt 5.12 and 5.13 support
 2020-01-10 17:34:23 -07:00
kaleb-himes 9b8d4e91c2 Fixing some typos. Thanks to Fossies for the report 2020-01-10 11:45:51 -07:00
Carie Pointer 28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support 
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
 2019-12-06 14:27:01 -07:00
toddouska 7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096 
SP now has support for RSA/DH 4096-bit operations
 2019-11-18 15:38:47 -08:00
Sean Parkinson 411b130369 Add new 4096-bit cert and key to distribution 2019-11-14 09:13:24 +10:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
David Garske 2bae1d27a1 wolfSSL Compatibility support for OpenVPN 
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
 2019-11-11 14:58:23 -08:00
David Garske 0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing 
Initial pass on test cycle
 2019-10-17 16:02:17 -07:00
Jacob Barthelmeh acd0a55d47 add new certs to extra dist 2019-10-15 14:23:01 -06:00
Jacob Barthelmeh b27504b222 update external test certificate 2019-10-15 10:11:38 -06:00
kaleb-himes 306b280ccd Add test cases and implement peer suggestions 
Fix failing jenkins test cases

Add detection for file size with static memory

Account for cert without pathLen constraint set including test cases

Resolve OCSP case and test where cert->pathLen expected to be NULL
 2019-10-11 15:03:38 -06:00
kaleb-himes 9c5fd165d0 addressing non RFC compliance in handling of pathLen constraint 2019-10-10 16:45:29 -06:00
David Garske 644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with `--disable-oldnames`. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Jacob Barthelmeh 13957e7762 update server-ecc-self.pem before/after dates 2019-07-23 09:27:39 -06:00
David Garske 2ad80df1c7 Fix for `./certs/gen-testcerts.sh` sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ". 2019-04-05 09:01:44 -07:00
David Garske 51251bc421 Fix for ssl23.h include for openssl compat with cyassl. 2019-04-01 11:10:29 -07:00
David Garske c7b5f772aa Add missing cert to include.am for make dist, which is required for `./gencertbuf.pl`. 2019-04-01 10:09:34 -07:00
Jacob Barthelmeh 8666b7de9a add test-ber-exp02-05-2022.p7b file for test 2019-02-06 11:11:27 -07:00
Jacob Barthelmeh ec28376e7f add PKCS7 BER verify test and fix for streaming 2019-02-06 11:05:15 -07:00
David Garske 59a3b4a110 New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: 
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
 2018-12-21 09:54:55 -08:00
Sean Parkinson 95bd340de5 Add support for more OpenSSL APIs 
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
 2018-11-20 07:54:24 +10:00
Jacob Barthelmeh cc3ccbaf0c add test for degenerate case and allow degenerate case by default 2018-10-30 17:04:33 -06:00
David Garske 3be7eacea9 Added client/server certs and keys for P-384-bit signed by P-384 CA. Fix for broken certs/ecc/genecc.sh script. Added simple P-384 cipher suite test. 2018-10-25 09:21:27 -07:00
David Garske 8b529d3d57 Add test for ECC private key with PKCS 8 encoding (no crypt) and `-----BEGIN EC PRIVATE KEY-----` header. 2018-10-17 10:01:29 -07:00
kaleb-himes dc942bf9cb Remove unnecessary duplicate revocation 2018-09-20 16:54:35 -06:00
kaleb-himes ea06a3e8cb Resolve some persistent error report when conf not passed to req 2018-09-20 16:50:02 -06:00
David Garske 427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR 
Cert update refactor
 2018-09-20 14:24:06 -07:00
kaleb-himes 54e04dd312 posix compliance enhancements for portability 2018-09-20 10:30:11 -06:00
kaleb-himes 17ebb0ea49 Update certs to address nightly failure with disable sha enable crl 2018-09-19 15:22:08 -06:00
kaleb-himes f3fd67c54b White space updates and revert cnf changes in lieu of PR #1734 2018-09-19 14:54:19 -06:00
kaleb-himes 4f6ee556dc Refactor the cert renewal scripts with error handling 
Portability updates
 2018-09-19 14:47:21 -06:00