WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
23,323 Commits
4 Branches
160 Tags
400 MiB
Commit Graph

344 Commits (a75c73cdef620056dcb52a9a19bfa18f7aaa1cbc)

Author SHA1 Message Date
JacobBarthelmeh 2a1165460e add parsing over optional PKCS8 attributes 2024-09-04 15:15:53 -06:00
Daniel Pouzzner 1c68da282c portability enhancement: use "#!/usr/bin/env <interpreter>" on all perl scripts and shell scripts that use bash extensions, and use "#!/bin/sh" on the rest. 2024-08-20 13:48:33 -05:00
David Garske 7c6eb7c4a1
Merge pull request #7751 from SparkiDev/ecc_koblitz_ssl 
ECC key load: fixes
 2024-07-22 16:40:59 -07:00
Colton Willey 7434092a3a Increase default max alt names from 128 to 1024 2024-07-18 11:11:38 -07:00
Sean Parkinson dc86dad26b ECC key load: fixes 
asn.c:
  Return the curve OID sum with alg_id for ECC keys.
ssl_load.c:
Don't permanently strip the PKCS#8 information as it contains the
curve OID.
 2024-07-15 15:46:05 +10:00
JacobBarthelmeh 6c0aae714f update over max ext test certs and add them to renew script 2024-07-07 23:38:29 -07:00
Colton Willey 1310c97a22 Add new certs to include.am 2024-05-30 12:45:46 -07:00
Colton Willey 284dea43fe Unify max name testing to use cert files for both cases. 2024-05-29 19:00:15 -07:00
Colton Willey e620b47e1a Add configuration file for generating cert with too many name constraints 2024-05-29 18:23:13 -07:00
Colton Willey b00ae2ac69 Initial implementation of max limits on number of alternative names and name constraints 2024-05-29 15:55:17 -07:00
Sean Parkinson 8e9810e87e ssl.c: Move functions out to separate files 
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
 2024-04-16 10:30:59 +10:00
Sean Parkinson d4b1995a2c ASN.1 testing: add tests of bad DER encodings 
Certificates with bad DER encoded ASN.1 added to testing.
Fix comment in asn.c.
 2024-03-22 08:51:17 +10:00
JacobBarthelmeh 065bfb0172 add new test file to make dist 2024-03-02 00:12:01 +07:00
JacobBarthelmeh 90b28b5cef add test case for verify of stream signed PKCS7 bundle 2024-03-01 23:43:46 +07:00
JacobBarthelmeh b38e20a721 add crl_rsapss.pem to make dist 2024-01-15 15:19:04 -07:00
JacobBarthelmeh cd07e32b13 update crl files and add in compat support for RSA-PSS 2024-01-08 16:38:11 -08:00
JacobBarthelmeh d58acef895 add RSA-PSS CRL test case 2024-01-05 14:47:53 -08:00
Chris Conlon d0aa80eb37 update example/test certs for end of year release 2023-12-13 16:41:59 -07:00
JacobBarthelmeh 14e8ffcc18 remove locality from self-sm2-cert.pem 2023-11-22 14:30:27 -07:00
JacobBarthelmeh e197d5f8a3 add self-sm2-cert.pem to certificate regen script 2023-11-22 14:14:07 -07:00
Juliusz Sosinowicz 3c5d3c0fa9 bwrap ocsp renew script 2023-10-23 15:53:42 +02:00
Juliusz Sosinowicz 7baf151c37 CRL verify the entire chain including loaded CA's 
- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting
 2023-10-03 11:45:43 +02:00
Anthony Hu b22c2971e3 Fixup spelling: Elliptic 
Fixes https://github.com/wolfSSL/wolfssl/issues/6767
 2023-09-26 16:18:02 -04:00
Juliusz Sosinowicz 57ce894393 CRL refactor 
- CheckCertCRLList: check all entries in case a single issuer has multiple CRL's loaded
- test_multiple_crls_same_issuer: testing two different certificates forcing the client to check both CRL's from the same issuer
- CRL_Entry
  - use a lock instead of a mutex to allow multiple threads to access the same list simultaneously
  - add a verifyMutex when doing verification so that we don't have to release the crlLock
- Add allocation and free functions for CRL_Entry
- DupCRL_Entry: simplify copying by copying all static fields in one memcpy
 2023-08-28 10:52:36 +02:00
TakayukiMatsuo 3a5739a8fa Add support for raw-public-key 2023-08-11 11:29:15 +09:00
Iyán Méndez Veiga 7c14ea67ae
Rename sphincs algs to follow upstream 
This also adds new keys for SPHINCS+. The reason is that SPHINCS+
was updated to 3.1 in liboqs (open-quantum-safe/liboqs/pull/1420),
and old keys are incompatible with the new implementation.

Keys were generated using the oqs-provider for OpenSSL 3

openssl genpkey \
    -provider default -provider oqsprovider \
    -algorithm sphincsshake128fsimple \
    -outform der \
    -out bench_sphincs_fast_level1_key.der

And certs_test.h was updated using xxd

xxd -i -c 10 -u bench_sphincs_fast_level1_key.der

This was repeated for the 6 variants of SPHINCS+ that wolfSSL supports.
 2023-07-10 18:31:07 +02:00
Sean Parkinson e2424e6744 SM2/SM3/SM4: Chinese cipher support 
Add support for:
 - SM2 elliptic curve and SM2 sign/verify
 - SM3 digest
 - SM4 cipher with modes ECB/CBC/CTR/GCM/CCM

Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
 2023-07-04 13:36:28 +10:00
Sean Parkinson a39a04fc88 PEM example: new example for convert between PEM and DER 
PEM example converts PEM to DER and DER to PEM.
Supports encrypting DER and writing out as PEM.

Added better support for 40-bit RC2-CBC PBE.
Added AES-128-CBC encryption support with PKCS#5v2.
Fixed handling of iterations to support writing 24-bit values.
Declared enum types for pass to PKCS#8 encryption APIs.

Add more DER and PEM files to certs directory.
Add testing of 'pem' with pem.test script.
 2023-07-03 17:20:35 +10:00
Andras Fekete 76cf3d61a0 Calling 'nc' makes the server unresponsive 2023-06-14 09:54:23 -04:00
Andras Fekete 20df12e5f7 This should add a check to make sure the server is up before connecting 2023-06-14 09:20:06 -04:00
Andras Fekete 0a2201700d Put the .rnd file in a local folder 2023-03-28 10:43:17 -04:00
Andras Fekete 1cf2d9ece3 Create files that the script depends on 2023-03-28 10:16:24 -04:00
Andras Fekete 610c45afb6 Don't need to store state anymore 2023-03-28 10:15:58 -04:00
Andras Fekete 1f6071df33 PR suggestions 2023-03-27 13:59:01 -04:00
Andras Fekete cadd2d9ab6 Remove expectation for an argument to be passed 
Added in a failing return value to flush out tests/scripts that may be calling this script multiple times with various arguments
 2023-03-27 13:30:12 -04:00
Kareem 5b08b016af Add client-absolute-urn.pem to renewcerts.sh 2023-03-16 16:14:08 -07:00
Kareem cc51b2d52e Add additional fix for absolute URN issue from PR #5964 and add test. 2023-03-16 14:56:44 -07:00
Anthony Hu b3e99348cd Purge the AES variant of Dilithium 2022-12-27 14:37:47 -05:00
Jacob Barthelmeh db03994899 add crl test file to dist 2022-12-21 15:05:30 -07:00
JacobBarthelmeh c6aaa1310e end of year certificate update 2022-12-16 13:32:37 -08:00
JacobBarthelmeh f1daa2d356 fix other name san parsing and add RID cert to test parsing 2022-12-05 15:51:33 -08:00
jordan 81ed2a60b4 Support ASN1/DER CRLs in LoadCertByIssuer. 
This fixes hash based dir lookup of ASN1/DER CRLs in OpenSSL
compatible API. The function wolfSSL_X509_load_crl_file is
called with entry->dir_type, rather than hardcoded filetype.

A new test crl was added, and existing crl 0fdb2da4.r0 was
reorganized to a new dir.

Also, completes the stub wolfSSL_X509_LOOKUP_add_dir. A new
test function test_X509_LOOKUP_add_dir was added to tests/api.c
 2022-11-11 15:13:00 -06:00
tim-weller-wolfssl 3bc3ec25b8 Add link of newly created x509 store's certificate manager to self by default 2022-11-09 17:17:30 -06:00
JacobBarthelmeh 29a5c04c2e add test case 2022-10-25 15:35:37 -07:00
Jacob Barthelmeh dc0b2553fc handle certificates with RSA-PSS signature that have RSAk public keys 2022-09-21 08:24:09 -06:00
Sean Parkinson 38418b31f1
Merge pull request #5197 from JacobBarthelmeh/OCSP 
RSA-PSS with OCSP and add simple OCSP response der verify test case
 2022-09-13 15:10:00 +10:00
JacobBarthelmeh 6c71777ca6 no verify on renewing ocsp response 2022-09-09 13:58:43 -07:00
JacobBarthelmeh f49d84e17a fix typo and pipe ocsp response creation to /dev/null 2022-09-08 09:02:31 -07:00
JacobBarthelmeh 9d6e157fc5 add asn template version 2022-09-07 16:15:19 -07:00
JacobBarthelmeh 28a82237d9 RSA-PSS signed OCSP responses 2022-09-07 13:12:43 -07:00