WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
12,994 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

225 Commits (42d4f35a982ee5b88f0739045d99819532345ee7)

Author SHA1 Message Date
Jacob Barthelmeh 04e22b0747 add restriction to excluded DIR name constraint 2020-12-11 10:00:11 +07:00
Jacob Barthelmeh f00263889b add test case 2020-12-11 08:20:48 +07:00
David Garske 10f459f891 Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: `ECDHE-ECDSA-AES128-GCM-SHA256`, `ECDH-ECDSA-AES128-GCM-SHA256` and `TLS13-AES128-GCM-SHA256`. 2020-11-10 09:47:36 -08:00
Chris Conlon 79dea1c85c add test-servercert-rc2.p12 to include.am 2020-10-19 08:01:19 -06:00
Chris Conlon 062df01737 add PKCS12 RC2 test case, example p12 bundle 2020-10-16 12:02:20 -06:00
John Safranek c2bb359eb4
Automake Fixes 
1. A couple cert scripts don't need to be included in the makefile or the distribution.
 2020-10-14 17:23:58 -07:00
toddouska 0f6d391ea1
Merge pull request #3295 from SparkiDev/tls13_p521 
TLS 1.3: Fix P-521 algorithm matching
 2020-09-21 13:36:48 -07:00
Sean Parkinson 409daa665d Script to find exipred CRLs and certificates 
Check for expiration in 3 months.
First argument is the offset. e.g. "+1 year"
 2020-09-18 11:26:27 +10:00
Sean Parkinson d63ff07edc TLS 1.3: Fix P-521 algorithm matching 
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
 2020-09-18 10:51:55 +10:00
John Safranek 3bd27f7912
fix a bad path in renewcerts 2020-08-12 15:17:21 -07:00
John Safranek 95337e666c
Release Update 
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
 2020-08-12 14:43:47 -07:00
Juliusz Sosinowicz fe1f815761 wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage 2020-08-06 13:45:36 +02:00
David Garske 1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
kaleb-himes aa704420fd Fix typo in include.am 2020-07-07 16:39:39 -06:00
kaleb-himes 42f3a6d7a4 Put both potential roots for login.live.com into collection for stapling test 2020-07-07 16:02:48 -06:00
David Garske efa169e595 Fix for invalid files in include.am. Improvement to new alt-chain tests to catch case this PR fixes. 2020-06-18 08:33:59 -07:00
David Garske 5a5bc34aa5 Added second intermediate CA to testing certs. This creates a chain that looks like: `ROOT (www.wolfssl.com) -> INT (wolfSSL Intermediate CA) -> INT2 (wolfSSL Intermediate2 CA) -> PEER (wolfSSL Client Chain / wolfSSL Server Chain).` 2020-06-18 08:33:59 -07:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
Sean Parkinson ba401c9bde Fix testing using 4096 bits keys and parameters 
RSA PKCS #1.5 padding for signing is not reliant on a random.
 2020-04-14 12:03:51 +10:00
Sean Parkinson 62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
David Garske da882f3912 Added wolfCrypt RSA 4096-bit test support using `USE_CERT_BUFFERS_4096` build option (`./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"`). 2020-02-23 18:40:13 -08:00
David Garske ba49427cc4 Cleanup include.am whitespace. 2020-01-30 08:44:52 -08:00
David Garske 3f1c3392e5 Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. 2020-01-29 06:37:06 -08:00
Chris Conlon 1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072 
wolfCrypt Test 3072-bit Support
 2020-01-23 07:55:19 -08:00
David Garske 06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker 
Fixing some typos. Thanks to Fossies for the report
 2020-01-22 13:52:56 -08:00
David Garske 84a878bda2 Fix for include .am issue. 2020-01-22 09:11:00 -08:00
David Garske 2a5c623c97 Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER. 2020-01-22 08:15:34 -08:00
David Garske 4d9dbc9ec3 Adds 3072-bit RSA tests using `USE_CERT_BUFFERS_3072`. 2020-01-21 22:16:54 -08:00
JacobBarthelmeh 6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513 
Add Qt 5.12 and 5.13 support
 2020-01-10 17:34:23 -07:00
kaleb-himes 9b8d4e91c2 Fixing some typos. Thanks to Fossies for the report 2020-01-10 11:45:51 -07:00
Carie Pointer 28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support 
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
 2019-12-06 14:27:01 -07:00
toddouska 7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096 
SP now has support for RSA/DH 4096-bit operations
 2019-11-18 15:38:47 -08:00
Sean Parkinson 411b130369 Add new 4096-bit cert and key to distribution 2019-11-14 09:13:24 +10:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
David Garske 2bae1d27a1 wolfSSL Compatibility support for OpenVPN 
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
 2019-11-11 14:58:23 -08:00
David Garske 0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing 
Initial pass on test cycle
 2019-10-17 16:02:17 -07:00
Jacob Barthelmeh acd0a55d47 add new certs to extra dist 2019-10-15 14:23:01 -06:00
Jacob Barthelmeh b27504b222 update external test certificate 2019-10-15 10:11:38 -06:00
kaleb-himes 306b280ccd Add test cases and implement peer suggestions 
Fix failing jenkins test cases

Add detection for file size with static memory

Account for cert without pathLen constraint set including test cases

Resolve OCSP case and test where cert->pathLen expected to be NULL
 2019-10-11 15:03:38 -06:00
kaleb-himes 9c5fd165d0 addressing non RFC compliance in handling of pathLen constraint 2019-10-10 16:45:29 -06:00
David Garske 644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with `--disable-oldnames`. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Jacob Barthelmeh 13957e7762 update server-ecc-self.pem before/after dates 2019-07-23 09:27:39 -06:00
David Garske 2ad80df1c7 Fix for `./certs/gen-testcerts.sh` sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ". 2019-04-05 09:01:44 -07:00
David Garske 51251bc421 Fix for ssl23.h include for openssl compat with cyassl. 2019-04-01 11:10:29 -07:00
David Garske c7b5f772aa Add missing cert to include.am for make dist, which is required for `./gencertbuf.pl`. 2019-04-01 10:09:34 -07:00
Jacob Barthelmeh 8666b7de9a add test-ber-exp02-05-2022.p7b file for test 2019-02-06 11:11:27 -07:00
Jacob Barthelmeh ec28376e7f add PKCS7 BER verify test and fix for streaming 2019-02-06 11:05:15 -07:00