From 3f1c3392e59e23e8e223255308c2f9286d1338b9 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 29 Jan 2020 06:37:06 -0800 Subject: [PATCH] Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. --- certs/3072/client-keyPub.der | Bin 0 -> 422 bytes certs/3072/include.am | 3 +- certs/client-cert-3072.pem | 107 ----------------------------------- certs/client-key-3072.pem | 40 ------------- certs/include.am | 2 - certs/renewcerts.sh | 19 +------ gencertbuf.pl | 1 + tests/test.conf | 6 +- wolfcrypt/test/test.c | 36 +++++++++--- wolfssl/certs_test.h | 49 ++++++++++++++++ 10 files changed, 84 insertions(+), 179 deletions(-) create mode 100644 certs/3072/client-keyPub.der delete mode 100644 certs/client-cert-3072.pem delete mode 100644 certs/client-key-3072.pem diff --git a/certs/3072/client-keyPub.der b/certs/3072/client-keyPub.der new file mode 100644 index 0000000000000000000000000000000000000000..f574d0c8dc073089fb9c7f2a3e78a3c0700cdcfa GIT binary patch literal 422 zcmXqLVq9dv%f_kI=F#?@mywZ?m4Ug5v7f=9iLr~RiLsGkjb%Vaf5i`h*%{L=Kb#Ym z5#^Zlc(db%&<61h9b&T|OfQLdsw{T8Kl$^jx$kuISM5=s&~hO5_#4kxF=?^|bAn@b zE!-S&(yniIk!>Cm6T_U;u%^XITR7si-rt{f;kjX?S~Ryza^nB1nMRUqb^H!CRdOf( zMC7Eb6R=&O{J&4?R94fYpNuIw(-%l}E-1OYjaBed5}SwC_q1~dTOVFhe|1V|>BQ-F zf2OcS1|E1Wysf=D{?dUk{Ww{s!-6{Zzcb$2+ZtkO6o2%@&#L*I-x*VLAr{PRn$Yr_|#^WkR~Ms#`d?_Md}wt8oOZ@A>9 zsJbPu&TOAnWo>cx-h;$HC)xTZN1a=%^;p-=GS;z~QJ(){ec5r1TVe0_-%&Gl*thn$ z#o8roYfilge0|_Y29wV0g(7=?B(_}-yI%Zd_3kXi%N!}H!N;fSII itE_&SF}sGxwO=YuJ<_xI-N|dkHPaj?GchwVFaiL(+s8Ek literal 0 HcmV?d00001 diff --git a/certs/3072/include.am b/certs/3072/include.am index 20c982376..e701837ed 100644 --- a/certs/3072/include.am +++ b/certs/3072/include.am @@ -6,4 +6,5 @@ EXTRA_DIST += \ certs/3072/client-cert.der \ certs/3072/client-cert.pem \ certs/3072/client-key.der \ - certs/3072/client-key.pem + certs/3072/client-key.pem \ + certs/3072/client-keyPub.der diff --git a/certs/client-cert-3072.pem b/certs/client-cert-3072.pem deleted file mode 100644 index f855437cc..000000000 --- a/certs/client-cert-3072.pem +++ /dev/null @@ -1,107 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 13102646209338242161 (0xb5d5f34e7d397471) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Apr 13 15:23:09 2018 GMT - Not After : Jan 7 15:23:09 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:af:48:ed:92:25:bb:e3:2a:ea:05:68:44:8d:c0: - 94:7f:06:d0:12:3e:ff:56:5d:7d:c9:75:a9:43:6a: - 0b:73:6b:ff:20:a2:d8:a7:fa:b5:28:04:72:7e:e8: - 16:a6:a9:03:61:e7:ec:85:67:38:6f:15:8c:81:91: - ca:92:d5:5f:41:11:71:e8:81:76:20:b6:a1:60:35: - 84:33:9d:e6:a5:5d:75:c8:8f:df:03:9d:7e:c3:7c: - 89:08:be:95:8f:39:9c:37:06:8f:53:6b:0c:e2:63: - dd:da:49:35:e4:52:8b:c1:69:00:12:c5:e2:74:b9: - be:10:a3:23:96:af:fa:34:54:e3:31:db:ac:ec:58: - 2e:98:9e:11:1e:df:9f:a1:cc:44:1d:3e:b0:b4:37: - 79:8c:c3:f9:19:9c:ff:08:79:ba:4b:0b:1c:7b:a7: - d6:d2:50:b6:d6:ba:af:95:50:97:10:9e:f9:6e:49: - d1:9d:68:f5:95:2b:09:27:a3:68:76:2c:c1:a8:aa: - ca:98:cb:c9:37:77:0c:fc:7c:3a:5d:81:56:5e:65: - ee:f0:e0:1f:1c:b6:c6:f7:dd:19:18:6b:a5:5b:a8: - 71:7f:de:35:c9:19:26:b1:90:d6:6d:d0:b4:82:cd: - 5f:1a:0c:66:b5:de:94:d3:bd:09:ff:fb:96:f0:b5: - 32:fe:0e:c1:06:09:79:07:0e:cc:d9:f6:f4:d6:f6: - 7b:a3:bb:82:37:b3:54:02:66:4f:b9:8a:20:f4:53: - 35:23:ad:c8:40:c1:e0:50:98:51:20:52:ae:ef:a3: - 1a:1c:2b:18:8c:c3:88:2e:91:a4:c1:dd:7b:20:b7: - 9b:6a:6a:57:0a:59:f6:cd:b7:ea:42:d5:45:21:67: - 37:0f:57:b0:bf:f5:bd:01:30:2c:ad:08:3f:77:10: - 2c:b4:57:29:c0:8a:b3:b6:41:ea:c7:b3:96:19:9a: - 4c:31:f6:bc:ce:1e:48:dd:ce:88:a5:86:b1:d0:dd: - a3:d4:7d:f8:d7:dc:d2:27:d0:45 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - CC:81:03:F3:0A:30:C9:1E:66:9D:CE:D4:9C:2A:2A:A7:EB:53:93:5B - X509v3 Authority Key Identifier: - keyid:CC:81:03:F3:0A:30:C9:1E:66:9D:CE:D4:9C:2A:2A:A7:EB:53:93:5B - DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B5:D5:F3:4E:7D:39:74:71 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - a6:ac:1e:20:0c:ea:46:15:52:0e:14:39:36:f5:2a:44:39:e7: - c5:6b:42:1c:00:7a:ca:58:b5:d0:17:44:70:ea:5c:45:4d:99: - e9:2c:8d:89:1b:53:f9:5a:00:86:ed:b1:45:c4:71:c5:13:b2: - ce:79:b5:27:b1:92:f0:fd:c6:e2:7e:71:e9:a1:0d:92:b5:a9: - 91:70:21:a0:32:60:05:98:0b:30:6e:26:81:4b:6a:90:e2:1b: - e0:7d:c4:e9:ae:84:cb:38:e7:00:1a:c8:9a:98:5e:80:d4:c2: - 10:ad:4e:e8:9b:f9:e8:24:95:42:05:34:11:a8:2e:19:14:75: - f9:ed:f9:e7:ae:20:fd:a3:8b:5e:87:dd:b9:fa:46:eb:26:67: - 61:40:7a:32:4f:55:d5:90:21:b7:dc:05:06:d8:a3:06:2e:44: - ac:28:8a:79:6a:bc:2a:ef:47:44:b6:7c:98:a7:6a:99:6e:0e: - 55:23:a4:db:ff:95:f3:03:04:87:53:56:6d:95:c2:0e:61:90: - 4a:ca:54:76:a9:41:2f:3f:22:8e:33:a3:b2:e3:b5:04:c0:bd: - f0:05:03:f1:6a:fa:39:b1:49:55:d4:bc:71:fb:22:79:4f:e5: - 68:fe:c7:e1:df:29:3b:26:82:a3:eb:a6:ba:0a:9e:c3:ef:53: - a1:75:16:ce:2c:0b:8b:5d:a0:26:43:00:15:0f:12:72:ed:de: - 62:91:5c:83:c8:a2:b9:9d:be:f4:1f:5a:44:be:d2:86:0f:7c: - 11:16:1d:34:67:ef:03:2b:ff:81:83:cc:5d:a7:47:65:a5:cf: - 56:9f:e5:57:33:a0:3f:03:e9:48:46:e9:4c:6c:d2:b4:10:f0: - 0c:1f:ea:32:d1:6b:cb:97:27:ca:3b:24:52:21:c5:e3:ca:c3: - c1:83:d7:91:03:61:20:af:e2:2c:94:fb:a2:39:16:6a:2f:78: - f3:d7:ad:a7:a6:e1:7e:c0:98:2c:56:a1:84:14:b8:37:60:d3: - e8:ef:1c:3e:69:2b ------BEGIN CERTIFICATE----- -MIIFyjCCBDKgAwIBAgIJALXV8059OXRxMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG -A1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFtbWluZy0zMDcyMRgw -FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG -A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT -BgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3MjEY -MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr0jtkiW7 -4yrqBWhEjcCUfwbQEj7/Vl19yXWpQ2oLc2v/IKLYp/q1KARyfugWpqkDYefshWc4 -bxWMgZHKktVfQRFx6IF2ILahYDWEM53mpV11yI/fA51+w3yJCL6VjzmcNwaPU2sM -4mPd2kk15FKLwWkAEsXidLm+EKMjlq/6NFTjMdus7FgumJ4RHt+focxEHT6wtDd5 -jMP5GZz/CHm6Swsce6fW0lC21rqvlVCXEJ75bknRnWj1lSsJJ6NodizBqKrKmMvJ -N3cM/Hw6XYFWXmXu8OAfHLbG990ZGGulW6hxf941yRkmsZDWbdC0gs1fGgxmtd6U -070J//uW8LUy/g7BBgl5Bw7M2fb01vZ7o7uCN7NUAmZPuYog9FM1I63IQMHgUJhR -IFKu76MaHCsYjMOILpGkwd17ILebampXCln2zbfqQtVFIWc3D1ewv/W9ATAsrQg/ -dxAstFcpwIqztkHqx7OWGZpMMfa8zh5I3c6IpYax0N2j1H3419zSJ9BFAgMBAAGj -ggEHMIIBAzAdBgNVHQ4EFgQUzIED8wowyR5mnc7UnCoqp+tTk1swgdMGA1UdIwSB -yzCByIAUzIED8wowyR5mnc7UnCoqp+tTk1uhgaSkgaEwgZ4xCzAJBgNVBAYTAlVT -MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3 -b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1taW5nLTMwNzIxGDAWBgNVBAMM -D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJALXV8059OXRxMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAKas -HiAM6kYVUg4UOTb1KkQ558VrQhwAespYtdAXRHDqXEVNmeksjYkbU/laAIbtsUXE -ccUTss55tSexkvD9xuJ+cemhDZK1qZFwIaAyYAWYCzBuJoFLapDiG+B9xOmuhMs4 -5wAayJqYXoDUwhCtTuib+egklUIFNBGoLhkUdfnt+eeuIP2ji16H3bn6RusmZ2FA -ejJPVdWQIbfcBQbYowYuRKwoinlqvCrvR0S2fJinapluDlUjpNv/lfMDBIdTVm2V -wg5hkErKVHapQS8/Io4zo7LjtQTAvfAFA/Fq+jmxSVXUvHH7InlP5Wj+x+HfKTsm -gqPrproKnsPvU6F1Fs4sC4tdoCZDABUPEnLt3mKRXIPIormdvvQfWkS+0oYPfBEW -HTRn7wMr/4GDzF2nR2Wlz1af5VczoD8D6UhG6Uxs0rQQ8Awf6jLRa8uXJ8o7JFIh -xePKw8GD15EDYSCv4iyU+6I5FmovePPXraem4X7AmCxWoYQUuDdg0+jvHD5pKw== ------END CERTIFICATE----- diff --git a/certs/client-key-3072.pem b/certs/client-key-3072.pem deleted file mode 100644 index 1d0d05b8a..000000000 --- a/certs/client-key-3072.pem +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCvSO2SJbvjKuoF -aESNwJR/BtASPv9WXX3JdalDagtza/8gotin+rUoBHJ+6BamqQNh5+yFZzhvFYyB -kcqS1V9BEXHogXYgtqFgNYQznealXXXIj98DnX7DfIkIvpWPOZw3Bo9TawziY93a -STXkUovBaQASxeJ0ub4QoyOWr/o0VOMx26zsWC6YnhEe35+hzEQdPrC0N3mMw/kZ -nP8IebpLCxx7p9bSULbWuq+VUJcQnvluSdGdaPWVKwkno2h2LMGoqsqYy8k3dwz8 -fDpdgVZeZe7w4B8ctsb33RkYa6VbqHF/3jXJGSaxkNZt0LSCzV8aDGa13pTTvQn/ -+5bwtTL+DsEGCXkHDszZ9vTW9nuju4I3s1QCZk+5iiD0UzUjrchAweBQmFEgUq7v -oxocKxiMw4gukaTB3Xsgt5tqalcKWfbNt+pC1UUhZzcPV7C/9b0BMCytCD93ECy0 -VynAirO2QerHs5YZmkwx9rzOHkjdzoilhrHQ3aPUffjX3NIn0EUCAwEAAQKCAYBz -146qd6WkjEf9KtujkxKQoMACTwAQ49itu8UReJP4w/boarckzNvMhqPkmx3dJvXF -TrFRuNXjFCq3ttJaGAnLxuuw7V5UYF5mZvfn5QL5ZrrgwbRxfzS3nSYzUUEmVryW -4Q734lexhq6oBJpJOwSB3hLeVUlEOz0RYb+zZrnEvBUqbjPqPp0M3+oQrVmiZIzf -hv7hG4iJLzsBYnBp+YjU75LzZgjjFdTANMC1vX0Yzvepm7+ceDFVVAvI1oXDE/AQ -ABIzyDGk4qmypwLJ7jqAQcZVpIltJRVYBqq7UE7ZlsJ3Z08Vy0XkTyYliogWlPYW -c612Jcabp8z6P1KTcWGo2EfKmj8kRqs9Z3y1AFr3Zsd3KwscjgoKl/C8JnKlPYQo -tsnRhJneqXz61fa11kgRo7KWrS3gzEc9R5FpeYR8zU80ycXNC3LT/r9kIbpEHe6u -ju5S7sINTMd6GMz5uXOzoSiojZeHLgYatvMpoEMpSTJrYZEd8iHg+lbQr8rafgEC -gcEA46EqlOF9sTa3JP25P51+Dpd4LAwR81b2LKLNEYYH8uRnlkM126DqA6/WFy7O -xwIV3xr2irYZXEF/pZDGegxxcNTVmtHTjtXuxKiXBGzxyIgDsAHa8ZNLmA37W1cn -t2TaPqeh89eh8FZDHjKsRN6OWBreNk9iSouZOEkK/7KwDObgYI1vdOMKgKvjdIri -XTSmltfmRmfbcp6z56ViboSLkh29mRzijokLGo9xM69uTzDKMh8UFoyzUfv6gTfw -rRUtAoHBAMUhofp9yqStYepPL/hvNuPsr/CMwFxzYHZT6LeVE3fdH3w5pjK6XeAp -AGe+2YcKqtpso6alnfnnTH4XhGnGO0wCTxQDGkWX0Xs8bt2eiHyG0Rn6Ry6/r1hr -DrAEYbXDuFm0MCC11glJhWvCaWvKhNzsWc7WtQB6+QVgk1ek8Ich4DnC9TtbG4SK -agAsDBrtbJbOgWa9BA1vLIkriuAfzOYTLQevAViIzmvfIKpM7BcyPmBfaMWM/gPO -jIGKJNjGeQKBwGVWQpa1LDfQnAgjzGy9uHjWhfFWDke+1ylX8ON0P+WqOVNz6G42 -XPf3N+BqPjPqgcIpRsjJ+NBReHpE0ZdUIsyQc+fQsdZM91clltWpipozszCQIuCZ -KnYvA0/OpSfIBkEOb9MWlElinc670GV4jvY6P+L9xExbiYK9QeBDtIyJ3CofzRbE -XNCbtU8U5WGJJwDQbPu7EL8eWAkwX3nEGD6cbuPTMCk0aXURltvjpcArgFh/7Xl8 -efhtrUAJn2PuoQKBwAvHcrJRCebFJXCmwqsJmjIMVob9IhFkI4NuiB1QHxWudM8r -cq7dS/a0/H02fjD/hi3/B9hRVRs1ovB130eivLBSAv+jH9LAu5etiMJdUrJ+K8ht -mAtHEOcrnnkOCfiedUmG5slNlDiB2CMUPtBeDYpV5Rfi5HXe4zpbBvLZvDWW5JsO -9zBQxVgqHSNdfmutfCuWs0y8Rp224uZfX7D8tXWZ97rZzi7IHe18K6uBZSoNqoR/ -rvb+8b6wfNzQsFrzoQKBwF69oVncsP7Nv8awy6D/MppuhwCi24vFTa7h4BfCQxS5 -vlWYdjsQZNyRH2mpEWiHMQuTXXFX2c5JYJx4cKe0MkqtTESfC4APkjShTCxxGrA3 -TfyWsZ0dO6XdWKIJuRBD9dcrOTt/PYYBdJveFEja4ts6taOH78whvX7bVA5SmpSY -l2i77spfstkfUGgtEJipZbUs0ZSHSRVbSpgxOIFwIhRe+wSfN8t8e+g8PvhX1kM9 -YHkIqaBL1AXGLFCRYm4FIA== ------END PRIVATE KEY----- diff --git a/certs/include.am b/certs/include.am index 4e6f6df09..d64d5ff86 100644 --- a/certs/include.am +++ b/certs/include.am @@ -50,8 +50,6 @@ EXTRA_DIST += \ certs/ecc-privOnlyKey.pem \ certs/ecc-privOnlyCert.pem \ certs/dh3072.pem \ - certs/client-cert-3072.pem \ - certs/client-key-3072.pem \ certs/client-cert-ext.pem EXTRA_DIST += \ diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index 5bea56062..ffd82b80b 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -127,25 +127,7 @@ run_renewcerts(){ mv tmp.pem client-cert.pem echo "End of section" echo "---------------------------------------------------------------------" - ############################################################ - #### update the self-signed (3072-bit) client-cert.pem ##### - ############################################################ - echo "Updating 3072-bit client-cert.pem" - echo "" - #pipe the following arguments to openssl req... - echo -e "US\\nMontana\\nBozeman\\nwolfSSL_3072\\nProgramming-3072\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -newkey rsa:3072 -keyout client-key-3072.pem -config ./wolfssl.cnf -nodes -out client-cert-3072.csr - check_result $? "Step 1" - - openssl x509 -req -in client-cert-3072.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key-3072.pem -out client-cert-3072.pem - check_result $? "Step 2" - rm client-cert-3072.csr - - openssl x509 -in client-cert-3072.pem -text > tmp.pem - check_result $? "Step 3" - mv tmp.pem client-cert-3072.pem - echo "End of section" - echo "---------------------------------------------------------------------" ############################################################ #### update the self-signed (1024-bit) client-cert.pem ##### ############################################################ @@ -183,6 +165,7 @@ run_renewcerts(){ mv ./3072/tmp.pem ./3072/client-cert.pem openssl rsa -in ./3072/client-key.pem -outform der -out ./3072/client-key.der + openssl rsa -inform pem -in ./3072/client-key.pem -outform der -out ./3072/client-keyPub.der -pubout openssl x509 -in ./3072/client-cert.pem -outform der -out ./3072/client-cert.der echo "End of section" diff --git a/gencertbuf.pl b/gencertbuf.pl index 65880c318..3e8462021 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -82,6 +82,7 @@ my @fileList_3072 = ( [ "./certs/dsa3072.der", "dsa_key_der_3072" ], [ "./certs/rsa3072.der", "rsa_key_der_3072" ], [ "./certs/3072/client-key.der", "client_key_der_3072" ], + [ "./certs/3072/client-keyPub.der", "client_keypub_der_3072" ], [ "./certs/3072/client-cert.der", "client_cert_der_3072" ], ); diff --git a/tests/test.conf b/tests/test.conf index 2e43aa8ee..2e67d461f 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1961,13 +1961,13 @@ # server TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem --A certs/client-cert-3072.pem +-A certs/3072/client-cert.pem # client TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem --c certs/client-cert-3072.pem --k certs/client-key-3072.pem +-c certs/3072/client-cert.pem +-k certs/3072/client-key.pem # server good certificate common name -v 3 diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 8f87f907b..b58596590 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10986,8 +10986,8 @@ int rsa_no_pad_test(void) word32 idx = 0; word32 outSz = RSA_TEST_BYTES; word32 plainSz = RSA_TEST_BYTES; -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) \ - && !defined(NO_FILESYSTEM) +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(NO_FILESYSTEM) XFILE file; #endif DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); @@ -11021,6 +11021,8 @@ int rsa_no_pad_test(void) XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); #elif !defined(NO_FILESYSTEM) file = XFOPEN(clientKey, "rb"); if (!file) { @@ -12487,6 +12489,9 @@ int rsa_test(void) #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); bytes = sizeof_client_keypub_der_2048; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072); + bytes = sizeof_client_keypub_der_3072; #else file = XFOPEN(clientKeyPub, "rb"); if (!file) { @@ -15765,7 +15770,7 @@ int openssl_pkey1_test(void) { int ret = 0; #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ - !defined(NO_SHA) && !defined(USE_CERT_BUFFERS_1024) + !defined(NO_SHA) EVP_PKEY_CTX* dec = NULL; EVP_PKEY_CTX* enc = NULL; EVP_PKEY* pubKey = NULL; @@ -15776,16 +15781,31 @@ int openssl_pkey1_test(void) const unsigned char* clikey; unsigned char tmp[FOURK_BUF]; long cliKeySz; - unsigned char cipher[256]; - unsigned char plain[256]; + unsigned char cipher[RSA_TEST_BYTES]; + unsigned char plain[RSA_TEST_BYTES]; size_t outlen = sizeof(cipher); + int expKeyLen = 2048; -#if defined(USE_CERT_BUFFERS_2048) +#if defined(USE_CERT_BUFFERS_1024) + XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); + cliKeySz = (long)sizeof_client_key_der_1024; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024, + sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1); + expKeyLen = 1024; +#elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); cliKeySz = (long)sizeof_client_key_der_2048; x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048, sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072); + cliKeySz = (long)sizeof_client_key_der_3072; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072, + sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1); + expKeyLen = 3072; #else XFILE f; @@ -15829,12 +15849,12 @@ int openssl_pkey1_test(void) } /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */ - if (EVP_PKEY_bits(prvKey) != 2048) { + if (EVP_PKEY_bits(prvKey) != expKeyLen) { ret = -7705; goto openssl_pkey1_test_done; } - if (EVP_PKEY_size(prvKey) != 256) { + if (EVP_PKEY_size(prvKey) != expKeyLen/8) { ret = -7706; goto openssl_pkey1_test_done; } diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index c46ea066e..18f1e6bc5 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -2491,6 +2491,55 @@ static const unsigned char client_key_der_3072[] = }; static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072); +/* ./certs/3072/client-keyPub.der, 3072-bit */ +static const unsigned char client_keypub_der_3072[] = +{ + 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, 0x01, 0x8A, 0x02, 0x82, + 0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8, + 0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A, + 0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0, + 0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73, + 0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, + 0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA, + 0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3, + 0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02, + 0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F, + 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B, + 0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06, + 0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C, + 0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA, + 0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A, + 0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06, + 0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27, + 0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06, + 0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2, + 0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF, + 0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5, + 0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79, + 0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, + 0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78, + 0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9, + 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD, + 0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB, + 0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, + 0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61, + 0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, + 0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1, + 0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26, + 0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC, + 0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B, + 0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73, + 0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7, + 0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA, + 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, + 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, + 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01, + 0x00, 0x01 +}; +static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072); + /* ./certs/3072/client-cert.der, 3072-bit */ static const unsigned char client_cert_der_3072[] = {