WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
17,947 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

52 Commits (565d1b33e5c9a52a0c2752f5ea80f6ca29b08cd1)

Author SHA1 Message Date
Sean Parkinson fb531dacc2 Certs with RSA-PSS sig 
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
 2022-08-11 09:43:01 +10:00
JacobBarthelmeh 36db5ef929 add test case for UUID and FASC-N 2022-05-23 09:17:42 -07:00
JacobBarthelmeh c0f8fd5f5d update certificate dates and fix autorenew 2021-12-20 16:04:05 -08:00
David Garske 9d2082f7e1
Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.

* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.

* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.

* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.

* Fix to use proper devId in `ProcessBufferTryDecode`.

* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.

* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with  `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.

* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
 2021-10-07 11:12:06 +10:00
Chris Conlon 95b9fae605
Add DIST_POINT compatibility functions (#4351) 
* add DIST_POINT compatibility functions

* switch X509_LU_* from enum to define, prevent compiler type warnings

* refactoring, adding in comments, and formating

* refactoring and a memory leak fix

* cast return value for g++ warning

* refactor wolfSSL_sk_DIST_POINT_pop_free and remove NULL assign after free

* fix get next DIST_POINT node for free function

Co-authored-by: Jacob Barthelmeh <jacob@wolfssl.com>
 2021-09-30 08:27:39 +10:00
Anthony Hu 33cb823148
Remove legacy NTRU and OQS (#4418) 
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
 2021-09-24 08:37:53 +10:00
Sean Parkinson d486b89c61 ASN1 Template: stricter and simpler DER/BER parsing/construction 
Reduce debug output noise
 2021-08-19 11:32:41 +10:00
kaleb-himes 93a8f36530 Fix basic constraints extension present and CA Boolean not asserted 2021-07-02 12:16:16 -06:00
Jacob Barthelmeh 3cd43cf692 fix for keyid with ktri cms 2021-06-22 21:33:12 +07:00
Jacob Barthelmeh d8fc01aabf add cert generation to renewcerts script 2021-06-16 14:31:33 +07:00
Jacob Barthelmeh 41e5e547c4 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
Jacob Barthelmeh e2b411805d add ca-cert-chain.der to renewcerts.sh, update ed25519 certs and gen script 2021-01-12 00:40:15 +07:00
Chris Conlon 062df01737 add PKCS12 RC2 test case, example p12 bundle 2020-10-16 12:02:20 -06:00
Sean Parkinson d63ff07edc TLS 1.3: Fix P-521 algorithm matching 
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
 2020-09-18 10:51:55 +10:00
John Safranek 3bd27f7912
fix a bad path in renewcerts 2020-08-12 15:17:21 -07:00
John Safranek 95337e666c
Release Update 
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
 2020-08-12 14:43:47 -07:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
David Garske da882f3912 Added wolfCrypt RSA 4096-bit test support using `USE_CERT_BUFFERS_4096` build option (`./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"`). 2020-02-23 18:40:13 -08:00
David Garske 3f1c3392e5 Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. 2020-01-29 06:37:06 -08:00
David Garske 2a5c623c97 Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER. 2020-01-22 08:15:34 -08:00
David Garske 4d9dbc9ec3 Adds 3072-bit RSA tests using `USE_CERT_BUFFERS_3072`. 2020-01-21 22:16:54 -08:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
Jacob Barthelmeh cc3ccbaf0c add test for degenerate case and allow degenerate case by default 2018-10-30 17:04:33 -06:00
kaleb-himes 54e04dd312 posix compliance enhancements for portability 2018-09-20 10:30:11 -06:00
kaleb-himes 4f6ee556dc Refactor the cert renewal scripts with error handling 
Portability updates
 2018-09-19 14:47:21 -06:00
Jacob Barthelmeh 63a0e872c5 add test for fail case when parsing relative URI path 2018-05-14 14:27:02 -06:00
Jacob Barthelmeh bb979980ca add test case for parsing URI from certificate 2018-05-08 16:24:41 -06:00
Jacob Barthelmeh 607bd96317 add ocsp cert renew and test-pathlen to script 2018-03-14 16:35:16 -06:00
Jacob Barthelmeh e41f5de556 default generate ed25519 cert with renew and add ecc crls to script 2018-03-09 14:09:34 -07:00
Jacob Barthelmeh d9738563af add ed25519 certificate generation to renewcerts.sh 2018-03-09 10:43:36 -07:00
Jacob Barthelmeh f6b5427f2b bad sig certificate renew script 2018-03-09 09:50:52 -07:00
Jacob Barthelmeh 849e1eb10d updating renewcerts script 2018-03-09 00:35:14 -07:00
Jacob Barthelmeh 62b8c0c3fd add test case for order of certificates with PKCS12 parse 2018-02-07 16:52:39 -07:00
Sean Parkinson 90f8f67982 Single Precision maths for RSA (and DH) 
Single Precision ECC implementation
 2017-10-17 08:36:39 +10:00
Jacob Barthelmeh 4c8fdf99c5 add digsigku to renewcerts script and update the not after date 2017-05-02 18:08:10 -06:00
Jacob Barthelmeh faf2bacd56 error out with duplicate policy OID in a certificate policies extension 2017-03-16 15:48:15 -06:00
John Safranek e3bb4c29e2 Fix openssl.test with the lean-TLS option 
1. Make new CA cert for test that is both client-cert.pem andr
   client-ecc-cert.pem.
2. Use the new client-ca.pem cert in the test script.
3. Update renewcerts script to generate client-ca.pem.
 2016-09-15 11:39:30 -07:00
kaleb-himes 03295ec6d7 update certs, extend ntru to 1000 days, add der formatted ecc, new ecc buffer test 
changes from first review

move to 256 bit defines
 2016-08-12 13:00:52 -06:00
Moisés Guimarães 858da86c05 restore original certs, without OCSP Authority Information Access; 2016-01-04 17:15:29 -03:00
Moisés Guimarães ec9d23a9c3 Merge branch 'csr' 2015-12-28 19:38:04 -03:00
Chris Conlon aa3780f6b0 add example 1024-bit server/CA certs and keys for testing 2015-09-23 13:37:34 -06:00
kaleb-himes 1a0a9de9c6 changes post review 
crl-revoked dash compliant. revoked-cert has unique fields

new print statements
 2015-07-23 17:05:25 -06:00
kaleb-himes d2de4719eb added way to gen revoked without running renewcerts 2015-07-22 09:31:23 -06:00
Nickolas Lapp 27202912e8 Adjusted gencrls and renewcerts to add a revoked server cert 2015-07-21 17:17:41 -06:00
kaleb-himes 173b1147b5 updated certs 2015-05-07 12:21:50 -06:00
kaleb-himes fc24885f17 updated subject matter for server-ecc.pem 2015-05-06 11:57:32 -06:00
kaleb-himes b7ba495924 all certs in renewcerts.sh -> 1000 days 2015-02-04 23:29:56 -07:00
kaleb-himes 55d30ca277 new client-ecc-cert.pem/renewcerts updates/certs relavent name changes 2015-02-02 09:10:07 -07:00
kaleb-himes bd1ff08aa9 certs name changes 2014-12-29 11:53:25 -07:00
toddouska e99c7c2870 don't copy ntru-cert.der into certs/ 2014-07-31 16:45:30 -07:00