WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
wolfssl/certs
History
David Garske 9d2082f7e1
Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.

* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.

* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.

* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.

* Fix to use proper devId in `ProcessBufferTryDecode`.

* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.

* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with  `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.

* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
 		2021-10-07 11:12:06 +10:00
..
1024 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
3072 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
4096 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
crl Remove execute bit on update pem/der files. 2021-06-16 10:17:20 -07:00
ecc
ed448
ed25519 Add new scripts to include.am. 2021-06-11 08:19:23 -07:00
external update google cert that was set to expire in Dec 2021 2021-07-09 23:57:50 +07:00
intermediate
ocsp run renewcerts.sh script 2021-02-11 03:12:54 +07:00
p521 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
renewcerts Add DIST_POINT compatibility functions (#4351) 2021-09-30 08:27:39 +10:00
statickeys Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) 2021-09-01 09:28:24 +10:00
test fix for keyid with ktri cms 2021-06-22 21:33:12 +07:00
test-pathlen run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-cert-chain.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-cert.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-ecc-cert.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-ecc-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-ecc-key.der
ca-ecc-key.pem
ca-ecc384-cert.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-ecc384-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ca-ecc384-key.der
ca-ecc384-key.pem
ca-key.der
ca-key.pem
check_dates.sh
client-ca.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
client-cert-ext.der
client-cert-ext.pem
client-cert.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
client-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
client-crl-dist.der Add DIST_POINT compatibility functions (#4351) 2021-09-30 08:27:39 +10:00
client-crl-dist.pem Add DIST_POINT compatibility functions (#4351) 2021-09-30 08:27:39 +10:00
client-ecc-cert.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
client-ecc-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
client-ecc384-cert.der
client-ecc384-cert.pem
client-ecc384-key.der
client-ecc384-key.pem
client-key.der
client-key.pem
client-keyEnc.pem
client-keyPub.der
client-keyPub.pem Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 2021-10-07 11:12:06 +10:00
client-relative-uri.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
client-uri-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
csr.attr.der Use CSR with smaller key size 4096 -> 2048 2020-12-18 12:48:25 +01:00
csr.dsa.pem
csr.ext.der Add CSR test with Extension Request attribute 2020-12-17 14:27:46 +01:00
csr.signed.der
dh-pubkey-2048.der Add two public key files in certs folder and register them to gencertbuf.pl 2021-03-19 14:52:58 +09:00
dh2048.der
dh2048.pem
dh3072.der
dh3072.pem
dh4096.der
dh4096.pem
dsa-pubkey-2048.der Add two public key files in certs folder and register them to gencertbuf.pl 2021-03-19 14:52:58 +09:00
dsa2048.der
dsa3072.der
dsaparams.der Make changes to support port of NTP from OpenSSL to wolfSSL. 2021-08-02 13:33:18 -07:00
dsaparams.pem
ecc-client-key.der
ecc-client-key.pem
ecc-client-keyPub.der
ecc-client-keyPub.pem
ecc-key-comp.pem
ecc-key.der
ecc-key.pem
ecc-keyPkcs8.der
ecc-keyPkcs8.pem
ecc-keyPkcs8Enc.der
ecc-keyPkcs8Enc.pem
ecc-keyPub.der
ecc-keyPub.pem Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 2021-10-07 11:12:06 +10:00
ecc-privOnlyCert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
ecc-privOnlyKey.pem
ecc-privkey.pem
ecc-privkeyPkcs8.der
ecc-privkeyPkcs8.pem
ecc-rsa-server.p12 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
entity-no-ca-bool-cert.pem Fix basic constraints extension present and CA Boolean not asserted 2021-07-02 12:16:16 -06:00
entity-no-ca-bool-key.pem Fix basic constraints extension present and CA Boolean not asserted 2021-07-02 12:16:16 -06:00
gen_revoked.sh
include.am Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 2021-10-07 11:12:06 +10:00
renewcerts.sh Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 2021-10-07 11:12:06 +10:00
rsa-pub-2048.pem
rsa2048.der
rsa3072.der
server-cert-chain.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-cert.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-ecc-comp.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-ecc-comp.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-ecc-rsa.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-ecc-rsa.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-ecc-self.der
server-ecc-self.pem
server-ecc.der run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-ecc.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-ecc384-cert.der
server-ecc384-cert.pem
server-ecc384-key.der
server-ecc384-key.pem
server-key.der
server-key.pem
server-keyEnc.pem
server-keyPkcs8.der
server-keyPkcs8.pem
server-keyPkcs8Enc.der
server-keyPkcs8Enc.pem
server-keyPkcs8Enc2.pem
server-keyPkcs8Enc12.pem
server-keyPub.pem Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 2021-10-07 11:12:06 +10:00
server-revoked-cert.pem run renewcerts.sh script 2021-02-11 03:12:54 +07:00
server-revoked-key.pem
taoCert.txt
test-ber-exp02-05-2022.p7b
test-degenerate.p7b run renewcerts.sh script 2021-02-11 03:12:54 +07:00
test-servercert-rc2.p12 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
test-servercert.p12 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
wolfssl-website-ca.pem
x942dh2048.pem Add test for X9.42 parsing 2021-10-04 11:05:58 -05:00