diff --git a/README b/README index 4e60f72d6..482bbec31 100644 --- a/README +++ b/README @@ -35,12 +35,46 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** - ********* wolfSSL (Formerly CyaSSL) Release X.X.X (TBD) +********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) -Release X.X.X of wolfSSL has bug fixes and new features including: +Release 3.9.8 of wolfSSL has bug fixes and new features including: -- X.509 bug fixes for reading in malformed certificates, reported by - researchers at Columbia University +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html diff --git a/README.md b/README.md index e6775d463..0ebba568a 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,51 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` + +# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +##Release 3.9.8 of wolfSSL has bug fixes and new features including: + +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + # wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) ##Release 3.9.6 of wolfSSL has bug fixes and new features including: diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem index 3deb3628c..36b03380f 100644 --- a/certs/1024/ca-cert.pem +++ b/certs/1024/ca-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 10323419125573214618 (0x8f4426ffb743e19a) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: + b5:4e:78:83:dd:ef:e7:8f + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,25 +29,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:B5:4E:78:83:DD:EF:E7:8F X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0e:46:ac:d8:29:1d:12:12:06:0c:d3:3f:7d:58:2e:0d:11:5e: - 5d:0d:dd:17:c0:0f:aa:01:4d:a4:c4:84:81:6e:64:ae:d1:5d: - 58:cd:19:6a:74:a4:46:2f:c8:43:79:39:c0:91:4b:7c:71:ea: - 4e:63:44:66:15:41:15:de:50:82:e3:e9:d1:55:55:cc:5a:38: - 1e:3a:59:b3:0e:ee:0e:54:4d:93:e7:e0:8e:27:a5:6e:08:b8: - 6a:39:da:2d:47:62:c4:5b:89:c0:48:48:2a:d5:f0:55:74:fd: - a6:b1:68:3c:70:a4:52:24:81:ec:4c:57:e0:e8:18:73:9d:0a: - 4d:d8 + Signature Algorithm: sha256WithRSAEncryption + 5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be: + fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36: + 07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80: + c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24: + 5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4: + 82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f: + e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51: + 4c:1d -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAI9EJv+3Q+GaMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MDkyMzE5MjMzOFoXDTE4MDYxOTE5MjMzOFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -58,8 +59,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADgYEADkas2CkdEhIGDNM/fVguDRFeXQ3dF8APqgFNpMSEgW5krtFdWM0Z -anSkRi/IQ3k5wJFLfHHqTmNEZhVBFd5QguPp0VVVzFo4HjpZsw7uDlRNk+fgjiel -bgi4ajnaLUdixFuJwEhIKtXwVXT9prFoPHCkUiSB7ExX4OgYc50KTdg= +b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp +RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp +arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0= -----END CERTIFICATE----- diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der index c2bd6df8f..c7677b265 100644 Binary files a/certs/1024/client-cert.der and b/certs/1024/client-cert.der differ diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem index 2f13e8e25..ffa017747 100644 --- a/certs/1024/client-cert.pem +++ b/certs/1024/client-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 16417767964199037690 (0xe3d7a0fa76df2afa) + Serial Number: + f3:63:b8:35:1d:0a:d8:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,25 +29,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:E3:D7:A0:FA:76:DF:2A:FA + serial:F3:63:B8:35:1D:0A:D8:D9 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 1d:b7:d5:7c:e1:b1:d8:c0:67:5d:b5:d3:88:e7:50:29:71:63: - 8f:cc:26:1f:33:09:55:43:9b:ab:c6:1b:bc:c7:01:95:1a:fa: - 65:e0:fd:9c:eb:6f:0a:0f:14:ec:b5:2f:dc:1c:30:dd:52:97: - d4:1c:09:00:33:38:5f:cb:a8:16:8f:11:b7:b8:d0:66:e1:54: - 28:f3:3f:bf:6a:6f:76:48:2a:5e:56:a7:ce:1c:f0:04:dd:17: - bd:06:78:21:6d:d6:b1:9b:75:31:92:c1:fe:d4:8d:d4:67:2f: - 03:1b:27:8d:ab:ff:30:3b:c3:7f:23:e4:ab:5b:91:e1:1b:66: - e6:ed + 31:5e:c5:8c:6f:b7:c5:47:1b:51:5f:99:91:a1:23:45:3c:36: + 59:20:fe:90:46:95:79:e8:b8:d9:db:44:7f:63:42:71:59:d5: + 59:a5:3c:d3:43:83:a0:7d:1e:56:36:02:92:e2:0a:19:f6:97: + f2:82:12:a6:b2:bf:3b:b6:b0:07:fc:7a:5b:78:22:a0:31:f4: + 3d:eb:0a:c5:e4:e5:b4:c7:bb:4f:a9:b8:37:19:bf:c7:64:9d: + 74:9e:78:df:09:f5:d6:dd:c2:fb:ce:94:d5:bf:97:b0:76:b5: + e9:10:65:6c:48:85:c4:1b:ff:5b:64:c7:11:30:06:e4:40:f5: + 90:2b -----BEGIN CERTIFICATE----- -MIIDxTCCAy6gAwIBAgIJAOPXoPp23yr6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIDxTCCAy6gAwIBAgIJAPNjuDUdCtjZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG +ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -58,9 +59,9 @@ D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd -BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDj16D6dt8q+jAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAB231XzhsdjAZ12104jnUClxY4/MJh8z -CVVDm6vGG7zHAZUa+mXg/ZzrbwoPFOy1L9wcMN1Sl9QcCQAzOF/LqBaPEbe40Gbh -VCjzP79qb3ZIKl5Wp84c8ATdF70GeCFt1rGbdTGSwf7UjdRnLwMbJ42r/zA7w38j -5KtbkeEbZubt +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDzY7g1HQrY2TAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADFexYxvt8VHG1FfmZGhI0U8Nlkg/pBG +lXnouNnbRH9jQnFZ1VmlPNNDg6B9HlY2ApLiChn2l/KCEqayvzu2sAf8elt4IqAx +9D3rCsXk5bTHu0+puDcZv8dknXSeeN8J9dbdwvvOlNW/l7B2tekQZWxIhcQb/1tk +xxEwBuRA9ZAr -----END CERTIFICATE----- diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem index f278d2c0f..92f631e1e 100644 --- a/certs/1024/server-cert.pem +++ b/certs/1024/server-cert.pem @@ -2,11 +2,11 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,25 +28,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:B5:4E:78:83:DD:EF:E7:8F X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0a:04:c7:9a:c4:f6:46:db:e4:85:d4:22:02:12:3e:53:27:25: - 24:8a:9b:2f:93:7f:de:70:94:c5:6c:4c:26:25:25:7a:d7:0f: - 33:b9:9c:d2:5a:94:7f:8d:30:75:ad:82:c9:bf:4b:6c:91:58: - 7c:45:1a:89:df:8e:ca:31:9f:ab:38:b3:ae:c2:8f:14:87:e6: - 1c:ab:12:4e:df:82:36:c9:41:46:c4:05:95:88:62:09:72:57: - 66:31:80:b8:9c:55:a8:fb:74:01:32:e7:5a:40:df:9b:e4:98: - d7:5b:ea:69:5c:14:1b:9b:8b:08:2d:d9:58:28:be:c9:01:e0: - e1:a9 + Signature Algorithm: sha256WithRSAEncryption + 2c:aa:a2:46:f7:79:c7:7f:ce:ef:4d:e6:04:aa:7c:5c:77:72: + 55:66:41:97:7f:c5:6e:98:a0:c4:10:c6:d6:9c:70:0a:ee:ba: + ea:98:47:78:6f:33:8f:44:7a:d5:74:8a:7e:ab:49:1d:d7:95: + 12:11:8e:a0:54:5d:7d:0b:da:c2:c3:01:1a:e7:20:5e:5a:f7: + 16:81:89:b7:cd:e7:dc:46:e6:5e:f9:1a:c2:40:a5:59:f1:f5: + fa:55:db:15:ea:3c:c6:39:fd:e6:7b:5b:01:5f:a7:c9:36:a0: + 1e:73:11:b5:d3:b8:3f:8d:88:32:6a:e7:cd:b7:1d:31:4e:49: + e8:b9 -----BEGIN CERTIFICATE----- -MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x -NTA5MjMxOTIzMzhaFw0xODA2MTkxOTIzMzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G +NjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN @@ -58,20 +58,21 @@ VR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UE BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV BAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMM D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACgTH -msT2RtvkhdQiAhI+UyclJIqbL5N/3nCUxWxMJiUletcPM7mc0lqUf40wda2Cyb9L -bJFYfEUaid+OyjGfqzizrsKPFIfmHKsSTt+CNslBRsQFlYhiCXJXZjGAuJxVqPt0 -ATLnWkDfm+SY11vqaVwUG5uLCC3ZWCi+yQHg4ak= +bYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEALKqi +Rvd5x3/O703mBKp8XHdyVWZBl3/FbpigxBDG1pxwCu666phHeG8zj0R61XSKfqtJ +HdeVEhGOoFRdfQvawsMBGucgXlr3FoGJt83n3EbmXvkawkClWfH1+lXbFeo8xjn9 +5ntbAV+nyTagHnMRtdO4P42IMmrnzbcdMU5J6Lk= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 10323419125573214618 (0x8f4426ffb743e19a) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: + b5:4e:78:83:dd:ef:e7:8f + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -93,25 +94,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:B5:4E:78:83:DD:EF:E7:8F X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0e:46:ac:d8:29:1d:12:12:06:0c:d3:3f:7d:58:2e:0d:11:5e: - 5d:0d:dd:17:c0:0f:aa:01:4d:a4:c4:84:81:6e:64:ae:d1:5d: - 58:cd:19:6a:74:a4:46:2f:c8:43:79:39:c0:91:4b:7c:71:ea: - 4e:63:44:66:15:41:15:de:50:82:e3:e9:d1:55:55:cc:5a:38: - 1e:3a:59:b3:0e:ee:0e:54:4d:93:e7:e0:8e:27:a5:6e:08:b8: - 6a:39:da:2d:47:62:c4:5b:89:c0:48:48:2a:d5:f0:55:74:fd: - a6:b1:68:3c:70:a4:52:24:81:ec:4c:57:e0:e8:18:73:9d:0a: - 4d:d8 + Signature Algorithm: sha256WithRSAEncryption + 5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be: + fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36: + 07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80: + c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24: + 5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4: + 82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f: + e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51: + 4c:1d -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAI9EJv+3Q+GaMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MDkyMzE5MjMzOFoXDTE4MDYxOTE5MjMzOFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -123,8 +124,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADgYEADkas2CkdEhIGDNM/fVguDRFeXQ3dF8APqgFNpMSEgW5krtFdWM0Z -anSkRi/IQ3k5wJFLfHHqTmNEZhVBFd5QguPp0VVVzFo4HjpZsw7uDlRNk+fgjiel -bgi4ajnaLUdixFuJwEhIKtXwVXT9prFoPHCkUiSB7ExX4OgYc50KTdg= +b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp +RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp +arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0= -----END CERTIFICATE----- diff --git a/certs/ca-cert.der b/certs/ca-cert.der index d0eab7a3c..6a823ef93 100644 Binary files a/certs/ca-cert.der and b/certs/ca-cert.der differ diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem index 6eacbebd0..8b34ea43d 100644 --- a/certs/ca-cert.pem +++ b/certs/ca-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Serial Number: + b7:b6:90:33:66:1b:6b:23 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +38,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -76,11 +77,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW -C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD -KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ -buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q -fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD -iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- diff --git a/certs/client-cert.der b/certs/client-cert.der index 9a7e0bf9b..4c19dd8e7 100644 Binary files a/certs/client-cert.der and b/certs/client-cert.der differ diff --git a/certs/client-cert.pem b/certs/client-cert.pem index 569cdddac..9262ad609 100644 --- a/certs/client-cert.pem +++ b/certs/client-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 12260966172072242701 (0xaa27b3c5a9726e0d) + Serial Number: + b9:bc:90:ed:ad:aa:0a:8c Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +38,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AA:27:B3:C5:A9:72:6E:0D + serial:B9:BC:90:ED:AD:AA:0A:8C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 51:96:a7:1c:26:5d:1c:90:c6:32:9f:96:15:f2:1d:e7:93:9c: - ac:75:56:95:fd:20:70:ab:45:6a:09:b0:f3:f2:03:a8:db:dc: - 2f:bc:1f:87:7a:a3:d4:8f:d5:49:97:7e:3c:54:ac:b1:e3:f0: - 39:0d:fe:09:9a:23:f6:32:a6:41:59:bd:60:e8:bd:de:00:36: - 6f:3e:e9:41:6f:a9:63:c7:aa:d5:7b:f3:e4:39:48:9e:f6:60: - c6:c6:86:d5:72:86:23:cd:f5:6a:63:53:a4:f8:fc:51:6a:cd: - 60:74:8e:a3:86:61:01:34:78:f7:29:97:b3:a7:34:b6:0a:de: - b5:71:7a:09:a6:3e:d6:82:58:89:67:9c:c5:68:62:ba:06:d6: - 39:bb:cb:3a:c0:e0:63:1f:c7:0c:9c:12:86:ec:f7:39:6a:61: - 93:d0:33:14:c6:55:3b:b6:cf:80:5b:8c:43:ef:43:44:0b:3c: - 93:39:a3:4e:15:d1:0b:5f:84:98:1d:cd:9f:a9:47:eb:3b:56: - 30:b6:76:92:c1:48:5f:bc:95:b0:50:1a:55:c8:4e:62:47:87: - 54:64:0c:9b:91:fa:43:b3:29:48:be:e6:12:eb:e3:44:c6:52: - e4:40:c6:83:95:1b:a7:65:27:69:73:2f:c8:a0:4d:7f:be:ea: - 9b:67:b2:7b + 33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97: + 90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7: + c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9: + 46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3: + 76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56: + a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8: + c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3: + 44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2: + 6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b: + 95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6: + 66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f: + ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b: + 99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7: + 93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4: + 7c:d6:35:9e -----BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgIJAKons8Wpcm4NMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG +ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -77,11 +78,11 @@ xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW -EGluZm9Ad29sZnNzbC5jb22CCQCqJ7PFqXJuDTAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQBRlqccJl0ckMYyn5YV8h3nk5ysdVaV/SBwq0VqCbDz8gOo -29wvvB+HeqPUj9VJl348VKyx4/A5Df4JmiP2MqZBWb1g6L3eADZvPulBb6ljx6rV -e/PkOUie9mDGxobVcoYjzfVqY1Ok+PxRas1gdI6jhmEBNHj3KZezpzS2Ct61cXoJ -pj7WgliJZ5zFaGK6BtY5u8s6wOBjH8cMnBKG7Pc5amGT0DMUxlU7ts+AW4xD70NE -CzyTOaNOFdELX4SYHc2fqUfrO1YwtnaSwUhfvJWwUBpVyE5iR4dUZAybkfpDsylI -vuYS6+NExlLkQMaDlRunZSdpcy/IoE1/vuqbZ7J7 +EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl +UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx +uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7 +R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr +cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu +q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe -----END CERTIFICATE----- diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der index fa9a24839..346a6e4b0 100644 Binary files a/certs/client-ecc-cert.der and b/certs/client-ecc-cert.der differ diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem index 20905154c..459871429 100644 --- a/certs/client-ecc-cert.pem +++ b/certs/client-ecc-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 16108595702940209934 (0xdf8d3a71e022930e) + Serial Number: + e7:72:a6:9e:13:1d:17:5c Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -18,27 +19,28 @@ Certificate: 06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22: 5f:c7:5d:7f:b4 ASN1 OID: prime256v1 + NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 X509v3 Authority Key Identifier: keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:DF:8D:3A:71:E0:22:93:0E + serial:E7:72:A6:9E:13:1D:17:5C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:74:7b:ae:7e:9c:c8:69:95:8a:0b:ad:7f:c9:37: - 3d:3c:7f:b7:ef:f3:da:9b:ea:d0:a7:76:0a:a4:77:12:f7:a8: - 02:20:71:95:87:89:b7:a8:8b:bb:fa:9f:84:dc:2b:71:dc:4a: - c5:5a:65:b2:fc:33:c4:ce:36:4f:ab:c6:38:36:6c:88 + 30:45:02:20:43:9a:b6:7e:87:8e:8c:d7:16:f1:0d:d2:50:11: + a4:ac:b6:ac:07:ef:e9:60:e1:90:a2:5f:c9:76:e6:54:1a:81: + 02:21:00:d6:8b:7c:ba:53:12:05:06:fa:8f:c5:c7:58:c3:9a: + 9f:a1:84:8c:b4:88:83:4d:6a:b4:b7:85:7a:b3:3c:f3:df -----BEGIN CERTIFICATE----- -MIIDCDCCAq+gAwIBAgIJAN+NOnHgIpMOMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG +MIIDCTCCAq+gAwIBAgIJAOdypp4THRdcMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1MDUwNzE4 -MjEwMVoXDTE4MDEzMTE4MjEwMVowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDgxMTIw +MDczOFoXDTE5MDUwODIwMDczOFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV @@ -48,7 +50,7 @@ RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ -AN+NOnHgIpMOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgdHuufpzI -aZWKC61/yTc9PH+37/Pam+rQp3YKpHcS96gCIHGVh4m3qIu7+p+E3Ctx3ErFWmWy -/DPEzjZPq8Y4NmyI +AOdypp4THRdcMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ5q2foeO +jNcW8Q3SUBGkrLasB+/pYOGQol/JduZUGoECIQDWi3y6UxIFBvqPxcdYw5qfoYSM +tIiDTWq0t4V6szzz3w== -----END CERTIFICATE----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index da4e61795..99f639640 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,38 +2,38 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 3 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - a2:15:f0:cf:70:85:49:b9:5b:c1:af:2b:22:14:9d:ee:11:8d: - 93:2d:58:17:d8:f6:b6:1a:1a:25:a2:27:c9:6b:4f:b3:31:c7: - 2c:52:c4:53:59:19:ef:cf:91:ee:b5:19:28:37:49:9e:b6:e0: - 41:62:4c:9f:f1:34:bf:88:aa:ae:24:38:8d:29:0a:64:08:a8: - 68:f4:b5:28:73:d6:94:b9:0a:3f:7c:c1:22:72:be:14:ba:c9: - 1b:9d:26:af:78:c2:cf:5f:ff:1e:cc:25:c0:63:f1:9b:97:85: - 5c:c0:4d:14:ed:f9:ad:cb:02:7d:05:c7:5c:c1:7c:89:72:35: - 49:70:a8:b1:ae:91:96:77:9a:c6:cb:38:27:88:3f:f4:c8:ba: - c9:08:7f:dd:a6:41:82:62:65:a0:f2:0c:36:5a:d9:15:57:5e: - 66:c3:a2:ff:5e:4d:7c:bc:4b:7c:30:84:44:e3:06:34:a8:42: - 3b:d9:6a:04:4a:0b:e5:59:66:63:b9:7a:80:48:68:31:1c:aa: - 98:bc:09:0e:a7:83:5f:a7:00:f1:fb:78:bc:08:86:73:ef:53: - 25:b8:1b:5e:7c:77:a8:12:7b:52:7f:1e:63:bc:db:60:99:46: - ab:e1:2e:48:d1:28:40:68:1e:9e:a0:2f:14:04:66:b3:b1:b1: - 3b:d0:46:64 + 14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83: + 32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c: + 32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c: + ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6: + 02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f: + 1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70: + 0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c: + 58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84: + 36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c: + 61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28: + 74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf: + b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2: + e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f: + b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5: + 1c:eb:7b:08 -----BEGIN X509 CRL----- MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1 -MDcxODIxMDFaFw0xODAxMzExODIxMDFaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAohXwz3CFSblbwa8rIhSd7hGNky1YF9j2thoaJaInyWtPszHH -LFLEU1kZ78+R7rUZKDdJnrbgQWJMn/E0v4iqriQ4jSkKZAioaPS1KHPWlLkKP3zB -InK+FLrJG50mr3jCz1//HswlwGPxm5eFXMBNFO35rcsCfQXHXMF8iXI1SXCosa6R -lneaxss4J4g/9Mi6yQh/3aZBgmJloPIMNlrZFVdeZsOi/15NfLxLfDCEROMGNKhC -O9lqBEoL5VlmY7l6gEhoMRyqmLwJDqeDX6cA8ft4vAiGc+9TJbgbXnx3qBJ7Un8e -Y7zbYJlGq+EuSNEoQGgenqAvFARms7GxO9BGZA== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4 +MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG +9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws +MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR +9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5 +RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco +dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md +KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA== -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index 20610ef60..f9e8562b5 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 23 22:05:10 2015 GMT - Next Update: Apr 18 22:05:10 2018 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 1 Revoked Certificates: Serial Number: 02 - Revocation Date: Jul 23 22:05:10 2015 GMT + Revocation Date: Aug 11 20:07:38 2016 GMT Signature Algorithm: sha256WithRSAEncryption - 68:55:84:c7:53:54:06:ea:3e:f2:d0:3d:e6:30:84:d5:12:82: - 55:5b:4c:74:60:49:5d:4f:73:cd:cc:5f:42:bf:0d:93:93:a6: - 81:60:9d:0c:7f:c6:75:f0:77:77:1f:81:cf:02:4a:7f:2e:e3: - 1b:c4:b0:eb:0f:25:53:3d:78:7b:3e:8f:16:5e:37:c6:fd:f5: - 93:bb:9a:d7:f1:78:eb:78:9f:5d:44:85:e0:5e:14:8b:b5:2b: - c5:af:23:43:82:27:0b:db:de:12:4a:1a:23:a7:f3:d9:3a:3f: - 6f:23:e2:53:a0:ef:1e:b5:f2:da:c8:00:d2:f0:57:78:af:5d: - e3:8e:c4:06:27:7d:3d:ee:04:06:96:7a:9b:34:d9:e9:bc:a3: - 2d:6c:01:36:c4:5d:bf:c5:7f:74:f3:bb:55:75:ff:a1:a9:66: - cc:b2:e0:a0:f6:0b:05:e1:ac:69:42:3f:df:b4:dd:8f:37:5c: - f5:09:4f:a7:c3:d6:ae:a2:c6:63:f3:ed:03:df:3c:ee:58:c1: - 45:e8:85:7b:99:aa:fc:7d:ae:69:94:b9:50:0a:76:7d:b9:fd: - 74:55:b8:b1:37:75:7d:f7:e6:1a:91:cd:68:b6:49:37:cb:c8: - e1:69:57:1b:c6:ef:ec:0a:fa:d3:72:92:95:ec:f1:c1:c3:53: - 7d:fb:d0:66 + 35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58: + 51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d: + 0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28: + 2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32: + f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82: + f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8: + 79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c: + 2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd: + e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd: + 85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91: + f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50: + 4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3: + d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92: + 6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd: + 9d:63:e5:dc -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMzIyMDUxMFoX -DTE4MDQxODIyMDUxMFowFDASAgECFw0xNTA3MjMyMjA1MTBaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAaFWEx1NUBuo+8tA95jCE1RKCVVtMdGBJ -XU9zzcxfQr8Nk5OmgWCdDH/GdfB3dx+BzwJKfy7jG8Sw6w8lUz14ez6PFl43xv31 -k7ua1/F463ifXUSF4F4Ui7Urxa8jQ4InC9veEkoaI6fz2To/byPiU6DvHrXy2sgA -0vBXeK9d447EBid9Pe4EBpZ6mzTZ6byjLWwBNsRdv8V/dPO7VXX/oalmzLLgoPYL -BeGsaUI/37Tdjzdc9QlPp8PWrqLGY/PtA9887ljBReiFe5mq/H2uaZS5UAp2fbn9 -dFW4sTd1fffmGpHNaLZJN8vI4WlXG8bv7Ar603KSlezxwcNTffvQZg== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX +DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T +WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y +9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn +r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc +Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT +0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 6bef57e6b..7cbbce547 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,43 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 22 16:17:45 2015 GMT - Next Update: Apr 17 16:17:45 2018 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: - 7 + 2 Revoked Certificates: Serial Number: 01 - Revocation Date: Jul 22 16:17:45 2015 GMT + Revocation Date: Aug 11 20:07:38 2016 GMT Serial Number: 02 - Revocation Date: Jul 22 16:17:45 2015 GMT + Revocation Date: Aug 11 20:07:38 2016 GMT Signature Algorithm: sha256WithRSAEncryption - 7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce: - b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13: - 51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e: - 07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63: - 66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a: - 10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa: - dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf: - 13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69: - d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a: - 96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5: - ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99: - d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6: - 3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd: - 82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4: - 93:42:37:af + 91:67:3d:34:8f:85:87:cd:11:0f:e2:af:cd:77:3f:d8:f2:15: + cb:c3:0d:49:02:87:13:f5:82:9e:a9:6f:ed:6a:aa:28:b7:6c: + 61:7b:ac:90:d0:e5:a1:3d:80:2c:31:6f:4e:0b:e9:9a:44:db: + 6b:24:71:34:9f:d1:51:53:8a:bd:bd:1c:20:e0:96:73:7b:29: + 1c:e3:56:97:46:a2:5e:db:ae:fe:1f:4a:c1:5c:5b:30:74:a4: + 70:dc:7e:70:7f:42:9f:48:d3:99:16:ff:34:f9:a7:db:ad:3d: + bc:a6:9d:ee:6a:ed:e7:e0:2f:ef:24:ab:4c:9b:44:d8:fc:1c: + 48:9f:f4:3c:14:f3:6c:a2:0f:a7:93:00:32:29:96:7e:98:5d: + c9:85:fa:94:4c:e2:03:7e:fb:bf:f0:0e:93:52:3b:8a:e1:43: + fe:3f:f2:57:02:21:e8:ff:43:da:3e:f0:3d:1a:eb:96:7a:0a: + d8:27:56:e2:30:2a:3c:a3:93:ff:1e:3f:98:6b:4e:ea:78:90: + 8b:d7:24:0a:98:b8:c1:e8:f5:02:d2:18:07:17:c3:6c:b5:db: + a7:61:c5:5d:8e:36:80:f5:aa:c1:a7:5b:66:4a:dd:17:62:da: + 80:70:83:4d:69:fa:c4:f4:2d:27:90:8d:7f:28:34:19:e0:a3: + 8a:6b:73:55 -----BEGIN X509 CRL----- MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa -Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3 -MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR -iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo -HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi -Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr -Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb -LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu -/PtSJbYNcOzEk0I3rw== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3Mzha +Fw0xOTA1MDgyMDA3MzhaMCgwEgIBARcNMTYwODExMjAwNzM4WjASAgECFw0xNjA4 +MTEyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAkWc9 +NI+Fh80RD+KvzXc/2PIVy8MNSQKHE/WCnqlv7WqqKLdsYXuskNDloT2ALDFvTgvp +mkTbayRxNJ/RUVOKvb0cIOCWc3spHONWl0aiXtuu/h9KwVxbMHSkcNx+cH9Cn0jT +mRb/NPmn2609vKad7mrt5+Av7ySrTJtE2PwcSJ/0PBTzbKIPp5MAMimWfphdyYX6 +lEziA377v/AOk1I7iuFD/j/yVwIh6P9D2j7wPRrrlnoK2CdW4jAqPKOT/x4/mGtO +6niQi9ckCpi4wej1AtIYBxfDbLXbp2HFXY42gPWqwadbZkrdF2LagHCDTWn6xPQt +J5CNfyg0GeCjimtzVQ== -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 2e00a3729..01c6404d0 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 4 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:62:9b:53:ee:21:52:bc:61:e8:ec:7b:f8:28:35: - 43:98:b8:57:9c:c7:73:cc:a0:45:e8:b9:96:2e:1c:c6:62:ff: - 02:20:2b:64:b8:3a:30:2c:15:7f:cf:57:99:60:9d:51:82:82: - ef:b6:13:cc:86:93:a2:19:41:12:a0:ec:7e:1e:07:09 + 30:45:02:20:05:17:4f:0c:42:51:f6:f5:a3:2e:52:3e:e3:f4: + ed:99:ca:4d:16:75:f7:80:9d:7a:cf:64:5e:ec:cd:9d:f0:86: + 02:21:00:e0:38:31:16:e2:ab:e4:d5:4b:cd:67:2f:e1:f0:e5: + ac:f2:8a:4b:03:9b:f1:69:60:2c:bf:dc:02:11:e8:71:f7 -----BEGIN X509 CRL----- -MIIBJTCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM +MIIBJjCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgy -MTAxWqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDRwAwRAIgYptT7iFSvGHo -7Hv4KDVDmLhXnMdzzKBF6LmWLhzGYv8CICtkuDowLBV/z1eZYJ1RgoLvthPMhpOi -GUESoOx+HgcJ +DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwODExMjAwNzM4WhcNMTkwNTA4MjAw +NzM4WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgBRdPDEJR9vWj +LlI+4/TtmcpNFnX3gJ16z2Re7M2d8IYCIQDgODEW4qvk1UvNZy/h8OWs8opLA5vx +aWAsv9wCEehx9w== -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index 0746599f3..2293f2c51 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 5 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:0d:fe:b7:79:fb:66:6c:cb:36:0a:1a:f3:6d:73: - ea:68:ab:fc:46:7e:49:bd:15:2a:9f:a1:17:50:56:82:cf:1f: - 02:21:00:ff:13:85:80:29:a4:60:54:10:93:fb:20:13:b8:9c: - 25:48:53:5e:4b:33:ef:5c:aa:9e:98:74:e0:c8:c3:ef:df + 30:46:02:21:00:dd:0a:1e:ff:5b:19:4e:40:a1:a8:65:b3:48: + fb:2b:a0:e5:6b:c4:27:31:2b:0b:1e:8c:c2:12:f5:74:74:c2: + 5b:02:21:00:f9:67:2e:5c:26:7b:14:a1:16:db:d4:7d:b1:a9: + 75:c7:5f:db:6f:c9:57:12:9b:44:99:40:71:70:7d:f9:b6:c8 -----BEGIN X509 CRL----- -MIIBKDCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBKTCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI -hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1MDcxODIxMDFaFw0xODAxMzEx -ODIxMDFaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNIADBFAiAN/rd5+2Zs -yzYKGvNtc+poq/xGfkm9FSqfoRdQVoLPHwIhAP8ThYAppGBUEJP7IBO4nCVIU15L -M+9cqp6YdODIw+/f +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgy +MDA3MzhaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA3Qoe/1sZ +TkChqGWzSPsroOVrxCcxKwsejMIS9XR0wlsCIQD5Zy5cJnsUoRbb1H2xqXXHX9tv +yVcSm0SZQHFwffm2yA== -----END X509 CRL----- diff --git a/certs/ecc-client-key.der b/certs/ecc-client-key.der new file mode 100644 index 000000000..063739078 Binary files /dev/null and b/certs/ecc-client-key.der differ diff --git a/certs/ecc-client-keyPub.der b/certs/ecc-client-keyPub.der new file mode 100644 index 000000000..5dace05a9 Binary files /dev/null and b/certs/ecc-client-keyPub.der differ diff --git a/certs/ecc-client-keyPub.pem b/certs/ecc-client-keyPub.pem new file mode 100644 index 000000000..5c673f755 --- /dev/null +++ b/certs/ecc-client-keyPub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSO +GYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA== +-----END PUBLIC KEY----- diff --git a/certs/ntru-cert.pem b/certs/ntru-cert.pem index 4e8aa3e6b..0a6de9f15 100644 --- a/certs/ntru-cert.pem +++ b/certs/ntru-cert.pem @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIEzzCCA7egAwIBAgIIAazu2er3DUMwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV +MIIEzzCCA7egAwIBAgIIAVNfm0lhPEQwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD VQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3 LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCIY -DzIwMTUwMjA0MDYzMzI5WhgPMjAxNjA2MTkwNzMzMjlaMIGKMQswCQYDVQQGEwJV +DzIwMTYwODEwMjEwNzUxWhgPMjAxOTA1MDgyMTA3NTFaMIGKMQswCQYDVQQGEwJV UzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBvcnRsYW5kMQ4wDAYDVQQKDAV5YVNT TDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDXd3dy55YXNzbC5jb20x HTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEB -AQYLKwYBBAHBFgEBAi4DggItAASCAiifDYOsBu8WQqIuom5HpD+jF7bvqvyO7LN4 -p7dOUfyBBX2zFc7fbhVoLcLw62Ye0i54UXMI/rglgOxEisVXPo0//Cs2rl3zwjho -fnEvEMpDU4mvqYTV8+N7FYoaUSEhMWTS0GMCJdK9aTvAz8l7F8gKP6MtgIv7Ght/ -r6JclP7fh12KMy9hiM/Tv3wqr+KhR8xFRfpL+paEIroidfpExFWbFB+xxA6KxGk4 -OEs/nus4rQl4w+6z5uf1cYfxKVRMFWLScEDQ3TdPcHz0+7fl/L7LYyCbK9z9LYVZ -5qZR1V27Iwx4H3d2w2D/3GGZpML/Uv8eBBHtODBbJC54U+bVh1ned28N1Y8I/bm8 -xRRCppfCJ3o+WxlsqHtyjIo/hi75SgUHknnbZ4hEuye1XhBBhUVhN2zybADMi1bv -S1RL/HAWsOO8qzBx5vkbVlDShsF+EccNUaNQyM98VE3FrUBbk4JxnyHBK5pA7aQ5 -7LOm83WkX2uR+ucR5en2TZIGVL+cJiTly+W7W8J83KEf5HJIUqnxFlgsre/0pMfe -7RqGer5Q4itWE+XWaPsDCUZnHy8a/CGdWlmdiGuw/0UvDqKQ4NRerbMgpo2Fl182 -fIQxfohhnm7iM0dAroIglkNBLM89A30d+73ZnUKgg4mRaqC5C29Me6LqpXjEUCiT -/s3g24IooqTj+8i8osRY5Zp4MQTmb3NrWVAWoOTtbFxDkhkwgqALupC8opUSIwAw -DQYJKoZIhvcNAQEFBQADggEBAHPi6MLfKV3ILr4wVgktXWNrPVgbqzUfoHhZhuhU -OgoT1KjiGQTpMrszGXyNKWTV+TpL2RmsBsXwI+lCl9nQMk5nkHAELShwXmgBpR+r -2dQTUy6C5xze8ZqPhsIjUjHyaagX8QY42SlSGOCChOEYshqO+QouPL2XOf2Hp4nJ -fgx4Mo2APTxGJ8TLYBCu4QzglCkKl7g1JRKBVA8Q4bkb1NWOnTgRQfIVv3N9DMn0 -ELw4uHkS2bXlzzbKRpwIMms0MIdWrVKFycQIp9Z2/7RsrIidZdGgsDeJLpItMZB8 -UM5Fz1UyZTy54Keoto4nBsU9ZJxzsTihT+Oq+/n1WaMEn+I= +AQYLKwYBBAHBFgEBAi4DggItAASCAijLUTkEtmdP3XEQ1fYC88/8P8FWqx1kiHFU +GjaK22nUi1i1bsqu+k61/sUzbATXavpA2ay2MUbO9f5YpYYPOLdSCaWrNd9nzlxa +lzqj67x/h7qSKubotJd4U0Bk084Hjqbkxt1MK8SkUz7nFHVbvBmh29WNAyuzf6jt +03Hrc+/tUHLKAEvrygkymsFl9ArSGi141AusGIX0vkN5T+4JfSkFACi3Ux43eCFA +1M7qGUbOl7ylUF76Y6ME7e/uEDa/kIBGu/r52u1yxbxLCJOZPjtJYFaXGgDN4Xal +QWoeTP/7GICdZEttivaxI5Z0IAxt+DlQcLMm3xlppnzVD0FqRR9SQbJ1pvGt2eQO +7D7Y9mJsJU+DCpp4fB42q0JqM/j8w3WwbzN5AOyA9XMiUCHM1c/k5L2GpX6Rs+VS +bhr0uiTo8/ux3ca5l/aHlmlBLcBPNDrasrCCKrs7Tok6ek2R3o3umCmKIGSgcLEv +Ifyg/c/6jc3tipSQkYbtIiitBXoiGk/eEd9fxkhp/+qtOKWUnNsaJUC09KOsA7TB +bK4hJGzzR5TL/45FjDJCspKmOnASaO51hGaoWAyMZPFsCwfkEg9/84bfmw8YmD6k +qBwtkYDrqRHJZB1enmQ61TogoIcxO1F7EPGOCih+Av5xcgWmjD/4Y8lvBCBkHKDh +Adp0B3QFk481vAdk2A5lbeuizXajvWGhvWY2Wzc/Ge3YjcYvo5C34Sx/Ujd5r8Aw +DQYJKoZIhvcNAQEFBQADggEBAFPgoyA+vFwaEeuJ5AxuOEwWyqfLqjBbW3MrMXd3 +LqUd+7VmXW7MGgMtyvXDrVi+PCCAdXijKpHgiHdUNz59JmYliAH75tI+EdsQsO3T +zxNZiM/++K5w2o2NFiz4LOm95IxAsXnviYNMBOrzdn4RaAYQ1NYiho6h85SBlfYY +m8kYktgQ4iok9oCkSeKzFDOZbl5ax+iHvSqpcWQmJxU9D2HzToO5kCN2zAHfxowt +PT9SDnIYxzivTbG39HSdG/+p/paVIb7Kj1VOmQjz7e7hYztmqIV2BPg34MNOxKv0 +JBIqYQH/F1p9N03IQREMXbh9XNlv35PX5pFj14k8NuhiEhs= -----END CERTIFICATE----- diff --git a/certs/ntru-key.raw b/certs/ntru-key.raw index 740bd340e..46b41aebe 100644 Binary files a/certs/ntru-key.raw and b/certs/ntru-key.raw differ diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index da7fbe49a..566debeee 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -14,8 +14,6 @@ # server-ecc.pem # 1024/client-cert.der # 1024/client-cert.pem -# -# Needs to be added: # server-ecc-comp.pem # updates the following crls: # crl/cliCrl.pem @@ -206,12 +204,16 @@ function run_renewcerts(){ ########## make .der files from .pem files ################# ############################################################ openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der - echo "Generating new ca-cert.der, client-cert.der, server-cert.der..." + echo "Creating der formatted certs..." echo "" openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der openssl x509 -inform PEM -in client-ecc-cert.pem -outform DER -out client-ecc-cert.der + openssl x509 -inform PEM -in server-ecc-rsa.pem -outform DER -out server-ecc-rsa.der + openssl x509 -inform PEM -in server-ecc.pem -outform DER -out server-ecc.der + openssl x509 -inform PEM -in server-ecc-comp.pem -outform DER -out server-ecc-comp.der + echo "Changing directory to wolfssl root..." echo "" cd ../ @@ -257,6 +259,7 @@ function restore_config(){ function move_ntru(){ cp ntru-cert.pem certs/ntru-cert.pem cp ntru-key.raw certs/ntru-key.raw + cp ntru-cert.der certs/ntru-cert.der } ############################################################################### diff --git a/certs/server-cert.der b/certs/server-cert.der index 0c936a241..e678c3d6e 100644 Binary files a/certs/server-cert.der and b/certs/server-cert.der differ diff --git a/certs/server-cert.pem b/certs/server-cert.pem index 95df724e7..5504c822f 100644 --- a/certs/server-cert.pem +++ b/certs/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 67:c0:2c:a9:43:47:e7:11:14:77:ae:cc:d8:e0:6b:23:82:91: - 63:e8:a8:0d:21:c5:c8:47:97:2f:d5:f3:86:fb:6c:ce:25:f9: - 7c:78:c8:3a:22:68:f2:16:1e:d2:d2:3f:24:04:87:f2:b7:c1: - 62:63:ba:c5:fa:ae:d2:20:81:1a:d2:0c:ae:26:6b:1b:2b:10: - d3:e1:9a:4e:64:6c:97:db:36:a8:8f:f8:05:63:bf:ba:0d:88: - 0b:87:46:c9:e4:64:e3:d7:bd:b8:2d:d5:c1:c3:c4:db:55:68: - dc:a3:7a:40:b9:a9:f6:04:4a:22:cf:98:76:1c:e4:a3:ff:79: - 19:96:57:63:07:6f:f6:32:77:16:50:9b:e3:34:18:d4:eb:be: - fd:b6:6f:e3:c7:f6:85:bf:ac:32:ad:98:57:be:13:92:44:10: - a5:f3:ae:e2:66:da:44:a9:94:71:3f:d0:2f:20:59:87:e4:5a: - 40:ee:d2:e4:0c:ce:25:94:dc:0f:fe:38:e0:41:52:34:5c:bb: - c3:db:c1:5f:76:c3:5d:0e:32:69:2b:9d:01:ed:50:1b:4f:77: - a9:a9:d8:71:30:cb:2e:2c:70:00:ab:78:4b:d7:15:d9:17:f8: - 64:b2:f7:3a:da:e1:0b:8b:0a:e1:4e:b1:03:46:14:ca:94:e3: - 44:77:d7:59 + 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: + 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: + a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: + 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: + 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: + 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: + 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: + 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: + 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: + a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: + 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: + 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: + 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: + 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: + e6:e4:0c:37 -----BEGIN CERTIFICATE----- MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3 -MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -76,23 +76,24 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAZ8AsqUNH5xEUd67M2OBrI4KRY+ioDSHFyEeXL9Xz -hvtsziX5fHjIOiJo8hYe0tI/JASH8rfBYmO6xfqu0iCBGtIMriZrGysQ0+GaTmRs -l9s2qI/4BWO/ug2IC4dGyeRk49e9uC3VwcPE21Vo3KN6QLmp9gRKIs+Ydhzko/95 -GZZXYwdv9jJ3FlCb4zQY1Ou+/bZv48f2hb+sMq2YV74TkkQQpfOu4mbaRKmUcT/Q -LyBZh+RaQO7S5AzOJZTcD/444EFSNFy7w9vBX3bDXQ4yaSudAe1QG093qanYcTDL -LixwAKt4S9cV2Rf4ZLL3OtrhC4sK4U6xA0YUypTjRHfXWQ== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk +q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s +9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl +NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 +qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig +lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Serial Number: + b7:b6:90:33:66:1b:6b:23 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,32 +124,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -162,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW -C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD -KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ -buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q -fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD -iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- diff --git a/certs/server-ecc-comp.der b/certs/server-ecc-comp.der new file mode 100644 index 000000000..4de0dac00 Binary files /dev/null and b/certs/server-ecc-comp.der differ diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem index 50b74f85b..cdff9f74d 100644 --- a/certs/server-ecc-comp.pem +++ b/certs/server-ecc-comp.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 17764616133298603308 (0xf6889840946fc52c) + Serial Number: + c3:cd:c5:e4:24:18:70:ca Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -16,27 +17,28 @@ Certificate: 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: 16:e8:61 ASN1 OID: prime256v1 + NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: 8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18 X509v3 Authority Key Identifier: keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18 DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:F6:88:98:40:94:6F:C5:2C + serial:C3:CD:C5:E4:24:18:70:CA X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:9c:f8:3e:f6:5e:cd:da:b1:08:fe:e2:bd:78: - 14:b5:33:b3:29:69:d0:a0:de:19:05:ec:c3:46:29:01:8c:4c: - 56:02:21:00:e2:e7:ea:37:c1:08:f6:15:73:0c:92:4f:25:63: - f6:53:96:31:4c:9f:1d:1a:1f:c0:a0:a3:48:bd:71:ce:13:11 + 30:45:02:21:00:ca:10:ec:8f:f1:eb:92:19:76:d7:16:54:f2: + 21:1c:38:0e:6e:22:3d:95:a4:bd:c8:8c:d2:d8:28:d3:9c:21: + 6d:02:20:71:39:0b:0d:ec:68:8c:64:b6:2c:68:da:03:b1:d8: + e7:d4:f7:cb:a6:73:7e:08:00:c6:b8:04:9d:17:3e:66:7f -----BEGIN CERTIFICATE----- -MIIDJTCCAsqgAwIBAgIJAPaImECUb8UsMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG +MIIDJDCCAsqgAwIBAgIJAMPNxeQkGHDKMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE CgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAxGDAW BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm -c3NsLmNvbTAeFw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGgMQswCQYD +c3NsLmNvbTAeFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGgMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYG A1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAx GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 @@ -46,7 +48,7 @@ bvRZrFZOquJYploYMIHVBgNVHSMEgc0wgcqAFIw4Omu4JLffbvRZrFZOquJYploY oYGmpIGjMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE BwwHQm96ZW1hbjEYMBYGA1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9T ZXJ2ZXIgRUNDLWNvbXAxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG -SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAPaImECUb8UsMAwGA1UdEwQFMAMB -Af8wCgYIKoZIzj0EAwIDSQAwRgIhAJz4PvZezdqxCP7ivXgUtTOzKWnQoN4ZBezD -RikBjExWAiEA4ufqN8EI9hVzDJJPJWP2U5YxTJ8dGh/AoKNIvXHOExE= +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAMPNxeQkGHDKMAwGA1UdEwQFMAMB +Af8wCgYIKoZIzj0EAwIDSAAwRQIhAMoQ7I/x65IZdtcWVPIhHDgObiI9laS9yIzS +2CjTnCFtAiBxOQsN7GiMZLYsaNoDsdjn1PfLpnN+CADGuASdFz5mfw== -----END CERTIFICATE----- diff --git a/certs/server-ecc-rsa.der b/certs/server-ecc-rsa.der new file mode 100644 index 000000000..1c6f8f5f1 Binary files /dev/null and b/certs/server-ecc-rsa.der differ diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem index 4c90d1dd4..41f13fded 100644 --- a/certs/server-ecc-rsa.pem +++ b/certs/server-ecc-rsa.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -18,38 +18,39 @@ Certificate: 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: 0b:80:34:89:d8 ASN1 OID: prime256v1 + NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - ac:2b:a9:d9:15:3b:9a:42:fb:86:2b:c1:f2:18:7c:a6:ca:27: - 0b:48:81:64:20:3b:d3:4f:ee:95:d4:c5:fd:5f:c7:d6:ab:a1: - 41:85:cc:e1:16:e1:fd:ce:8a:af:95:27:f2:f0:7a:3d:59:5d: - 3a:5d:03:99:cb:4c:5c:19:35:9c:b2:6e:7e:2b:10:e2:7f:ef: - 14:35:79:ca:67:eb:51:a9:e9:bb:5f:52:af:9d:79:80:b5:31: - 5c:f0:20:ca:c7:e9:9b:29:82:c4:a4:74:0a:2a:76:ea:ad:59: - a2:f9:a2:cf:53:40:11:ac:1a:de:fc:ab:28:96:9f:cf:ff:b9: - 74:31:95:c4:6d:d2:76:c1:93:97:75:a6:9f:69:a3:7d:92:75: - b8:27:a2:bd:4d:4b:54:11:b4:8a:43:f2:fc:10:a5:82:fb:51: - 45:57:86:00:85:71:91:21:37:5c:9f:f3:68:06:ae:9e:86:46: - 8d:4b:e3:d0:42:a4:cf:c1:5d:95:bc:1a:92:f8:44:1e:a0:1b: - c8:98:41:af:8e:94:41:60:69:b1:7c:8e:70:ce:88:42:44:3a: - 2d:3f:de:6e:3a:aa:d1:64:be:03:68:60:b6:ac:e5:44:c1:bb: - f1:c9:40:90:c2:c9:8f:ec:32:9d:e0:b4:4b:1a:e7:da:99:94: - fe:e2:b6:2a + ab:b7:78:c8:18:6e:6a:27:5d:bb:16:a1:d3:ae:b5:fd:46:50: + cf:dc:82:f9:4a:19:ec:bf:44:cd:f5:1f:15:2c:5a:e9:65:27: + b2:e1:88:62:0f:bc:a1:3c:95:fb:62:8a:71:e0:c6:22:ce:2e: + 00:ca:4e:7a:03:2a:12:90:98:7b:53:9f:46:a0:ff:6b:04:dc: + 2a:8d:bb:93:e7:b9:0b:d0:61:0f:62:97:18:99:bb:e7:1c:e3: + a2:ab:70:8f:32:47:7f:1e:3b:cb:62:55:41:a4:af:1f:01:2c: + 9b:b2:cc:06:8d:28:04:57:5b:f6:32:b8:e8:18:b6:6b:a1:b9: + aa:3f:49:ea:c1:02:c7:92:d9:c7:23:ea:a2:f7:70:a9:da:9e: + 5e:82:ef:30:07:c7:89:da:c9:e0:cf:ed:e9:4c:34:d4:72:0e: + 16:49:82:c5:a9:b4:a7:05:07:cc:5d:eb:b4:ef:9a:09:73:a2: + d4:b6:c5:be:34:c0:c9:09:29:a5:d5:f1:e4:82:49:70:bf:75: + 79:15:cd:c1:c8:a3:4d:9b:b4:e2:94:5e:27:61:ea:34:69:88: + 47:bd:61:e9:0d:f3:95:8f:ff:53:e7:5c:11:e3:f4:d0:70:ad: + 9a:73:5d:29:30:fc:23:2e:c0:62:d4:d3:a8:ce:b2:e9:d3:b9: + 3f:10:0a:f2 -----BEGIN CERTIFICATE----- MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3 -MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO @@ -59,11 +60,11 @@ BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG -9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDZgDrD0vTaNzAMBgNVHRMEBTADAQH/ -MA0GCSqGSIb3DQEBCwUAA4IBAQCsK6nZFTuaQvuGK8HyGHymyicLSIFkIDvTT+6V -1MX9X8fWq6FBhczhFuH9zoqvlSfy8Ho9WV06XQOZy0xcGTWcsm5+KxDif+8UNXnK -Z+tRqem7X1KvnXmAtTFc8CDKx+mbKYLEpHQKKnbqrVmi+aLPU0ARrBre/Ksolp/P -/7l0MZXEbdJ2wZOXdaafaaN9knW4J6K9TUtUEbSKQ/L8EKWC+1FFV4YAhXGRITdc -n/NoBq6ehkaNS+PQQqTPwV2VvBqS+EQeoBvImEGvjpRBYGmxfI5wzohCRDotP95u -OqrRZL4DaGC2rOVEwbvxyUCQwsmP7DKd4LRLGufamZT+4rYq +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQC3tpAzZhtrIzAMBgNVHRMEBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCrt3jIGG5qJ127FqHTrrX9RlDP3IL5Shnsv0TN +9R8VLFrpZSey4YhiD7yhPJX7Yopx4MYizi4Ayk56AyoSkJh7U59GoP9rBNwqjbuT +57kL0GEPYpcYmbvnHOOiq3CPMkd/HjvLYlVBpK8fASybsswGjSgEV1v2MrjoGLZr +obmqP0nqwQLHktnHI+qi93Cp2p5egu8wB8eJ2sngz+3pTDTUcg4WSYLFqbSnBQfM +Xeu075oJc6LUtsW+NMDJCSml1fHkgklwv3V5Fc3ByKNNm7TilF4nYeo0aYhHvWHp +DfOVj/9T51wR4/TQcK2ac10pMPwjLsBi1NOozrLp07k/EAry -----END CERTIFICATE----- diff --git a/certs/server-ecc.der b/certs/server-ecc.der new file mode 100644 index 000000000..c28dec1cb Binary files /dev/null and b/certs/server-ecc.der differ diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem index 1957e0eab..9c92c53ef 100644 --- a/certs/server-ecc.pem +++ b/certs/server-ecc.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 12841786837162396166 (0xb2373116f65a0a06) + Serial Number: + ef:46:c7:a4:9b:bb:60:d3 Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -18,27 +19,28 @@ Certificate: 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: 0b:80:34:89:d8 ASN1 OID: prime256v1 + NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 X509v3 Authority Key Identifier: keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B2:37:31:16:F6:5A:0A:06 + serial:EF:46:C7:A4:9B:BB:60:D3 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:35:25:33:ea:7c:3b:e2:2e:ed:e4:2e:9a:91:f1: - c3:86:ff:a7:27:35:a9:f6:29:d6:f8:d5:9a:0b:35:f1:21:c7: - 02:21:00:bc:79:f7:fd:66:d4:d3:46:61:e4:19:e5:f7:74:03: - 83:27:f8:26:c0:86:15:a9:e2:10:e3:ad:6b:b9:1c:1d:eb + 30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e: + bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e: + 50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4: + b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20 -----BEGIN CERTIFICATE----- -MIIDDzCCArWgAwIBAgIJALI3MRb2WgoGMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG +MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3 -MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD @@ -48,7 +50,7 @@ SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns -LmNvbYIJALI3MRb2WgoGMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIg -NSUz6nw74i7t5C6akfHDhv+nJzWp9inW+NWaCzXxIccCIQC8eff9ZtTTRmHkGeX3 -dAODJ/gmwIYVqeIQ461ruRwd6w== +LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh +APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj +JdSwySV9ynpdusSy9n0Ex71iySA= -----END CERTIFICATE----- diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index 65028f3b0..7908e8791 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 23 22:04:57 2015 GMT - Not After : Apr 18 22:04:57 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 34:66:48:5b:30:5c:6e:fa:76:c9:6a:ce:07:79:d9:99:fa:7a: - 9d:80:2d:fc:51:78:71:c4:31:2c:40:28:c8:63:26:6f:d2:39: - 63:97:3f:00:d3:d0:69:10:3f:a9:00:07:7b:59:44:85:29:03: - 31:0a:d8:ed:88:e5:1e:fa:e0:8c:9b:e0:7e:6e:d6:fb:7c:cc: - cf:bd:43:0a:df:15:bd:8f:2a:6f:b2:51:19:b8:2a:64:0e:25: - 68:75:af:43:5a:bf:40:2b:69:9c:27:81:0c:5d:78:a1:55:a4: - 21:a0:87:9e:a2:aa:60:ac:da:2f:30:f5:d5:c9:c1:22:6b:c1: - 06:c2:42:c7:56:35:13:cd:af:5f:c9:89:bf:e9:30:b3:92:bc: - 21:6d:b8:23:85:46:44:3f:52:72:a4:7b:95:41:1a:b1:03:92: - aa:0c:5c:2e:16:95:c5:60:7a:6c:6b:f8:ae:9b:b7:08:c9:1f: - 0d:85:91:e0:7f:bc:0d:0d:c7:69:2d:5f:99:b7:88:06:be:c5: - d3:84:1a:46:b6:cb:53:04:27:e9:71:36:72:41:f6:63:9b:cb: - 25:6f:16:8b:0e:ef:42:db:b5:27:45:cf:a7:3e:3e:ae:78:7c: - d8:6b:a8:f6:52:e4:a7:93:b7:8c:94:d2:4a:93:04:20:67:aa: - c3:ea:24:f9 + 79:13:f5:c1:05:42:12:3a:61:f2:f1:ac:05:6e:15:05:9b:ab: + 58:74:b2:3f:00:38:82:77:f7:9a:57:32:e2:af:66:3d:81:25: + 09:40:5a:d9:bc:d7:34:18:20:cd:89:b8:7e:c6:94:22:9a:28: + fe:0e:55:73:1d:77:7c:c3:e6:c6:4b:f3:40:0c:8b:cc:93:c1: + 11:d1:0f:0e:50:0c:c2:b2:38:73:35:d1:db:d0:55:0d:6d:d7: + 33:15:13:e8:a0:77:f3:f1:4d:c2:24:4a:f6:45:4c:67:dd:fd: + 7e:46:b9:85:67:06:5a:4e:c1:4f:1f:94:f7:e6:b0:1a:b1:42: + 80:97:d2:7d:ed:8e:02:b2:2f:7e:c4:1b:60:d9:84:6e:dd:78: + ef:41:82:81:05:6f:d7:b1:36:59:74:e6:ba:9c:5a:48:a7:58: + d9:71:bd:16:53:32:21:55:89:75:7d:a0:48:12:a9:3d:77:73: + 51:a7:c3:e3:c9:df:e1:df:37:29:de:49:47:cf:7f:3c:30:86: + d2:26:f9:45:dc:71:c1:b8:5b:9e:ef:05:64:5a:63:7c:c4:60: + e2:67:f7:cd:e3:be:0b:d2:78:7f:66:c4:f5:c0:1c:6c:f1:e1: + 56:c3:01:07:c3:7d:50:73:1f:48:2c:89:88:fb:ec:b2:0b:aa: + bb:0a:1f:f4 -----BEGIN CERTIFICATE----- MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIz -MjIwNDU3WhcNMTgwNDE4MjIwNDU3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2 b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G @@ -76,24 +76,25 @@ gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJANmAOsPS9No3 -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADRmSFswXG76dslqzgd5 -2Zn6ep2ALfxReHHEMSxAKMhjJm/SOWOXPwDT0GkQP6kAB3tZRIUpAzEK2O2I5R76 -4Iyb4H5u1vt8zM+9QwrfFb2PKm+yURm4KmQOJWh1r0Nav0AraZwngQxdeKFVpCGg -h56iqmCs2i8w9dXJwSJrwQbCQsdWNRPNr1/Jib/pMLOSvCFtuCOFRkQ/UnKke5VB -GrEDkqoMXC4WlcVgemxr+K6btwjJHw2FkeB/vA0Nx2ktX5m3iAa+xdOEGka2y1ME -J+lxNnJB9mObyyVvFosO70LbtSdFz6c+Pq54fNhrqPZS5KeTt4yU0kqTBCBnqsPq -JPk= +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sj +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHkT9cEFQhI6YfLxrAVu +FQWbq1h0sj8AOIJ395pXMuKvZj2BJQlAWtm81zQYIM2JuH7GlCKaKP4OVXMdd3zD +5sZL80AMi8yTwRHRDw5QDMKyOHM10dvQVQ1t1zMVE+igd/PxTcIkSvZFTGfd/X5G +uYVnBlpOwU8flPfmsBqxQoCX0n3tjgKyL37EG2DZhG7deO9BgoEFb9exNll05rqc +WkinWNlxvRZTMiFViXV9oEgSqT13c1Gnw+PJ3+HfNyneSUfPfzwwhtIm+UXcccG4 +W57vBWRaY3zEYOJn983jvgvSeH9mxPXAHGzx4VbDAQfDfVBzH0gsiYj77LILqrsK +H/Q= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Serial Number: + b7:b6:90:33:66:1b:6b:23 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -124,32 +125,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -163,11 +164,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW -C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD -KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ -buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q -fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD -iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- diff --git a/configure.ac b/configure.ac index 753457d48..ed283b5ef 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.9.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.9.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=6:0:3 +WOLFSSL_LIBRARY_VERSION=7:0:4 # | | | # +------+ | +---+ # | | | @@ -192,6 +192,18 @@ AC_ARG_ENABLE([maxstrength], [ENABLED_MAXSTRENGTH=no]) +# Harden, enable Timing Resistance and Blinding by default +AC_ARG_ENABLE([harden], + [AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])], + [ENABLED_HARDEN=$enableval], + [ENABLED_HARDEN=yes]) + +if test "$ENABLED_HARDEN" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING" +fi + + # IPv6 Test Apps AC_ARG_ENABLE([ipv6], [ --enable-ipv6 Enable testing of IPV6 (default: disabled)], diff --git a/examples/client/client.c b/examples/client/client.c index be3a31d3a..0469be812 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -553,7 +553,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int disableCRL = 0; int externalTest = 0; int ret; +#ifndef WOLFSSL_CALLBACKS int err = 0; +#endif int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiaed scr */ int trackMemory = 0; @@ -1363,7 +1365,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else timeout.tv_sec = 2; timeout.tv_usec = 0; - NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */ + NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); @@ -1529,7 +1531,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else timeout.tv_sec = 2; timeout.tv_usec = 0; - NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */ + NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(sslResume); diff --git a/examples/server/server.c b/examples/server/server.c index 0fdbdd2e6..b5dc3de2d 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -632,6 +632,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("unable to get method"); #ifdef WOLFSSL_STATIC_MEMORY + #ifdef DEBUG_WOLFSSL + /* print off helper buffer sizes for use with static memory + * printing to stderr incase of debug mode turned on */ + fprintf(stderr, "static memory management size = %d\n", + wolfSSL_MemoryPaddingSz()); + fprintf(stderr, "calculated optimum general buffer size = %d\n", + wolfSSL_StaticBufferSz(memory, sizeof(memory), 0)); + fprintf(stderr, "calculated optimum IO buffer size = %d\n", + wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED)); + #endif /* DEBUG_WOLFSSL */ + if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1) != SSL_SUCCESS) err_sys("unable to load static memory and create ctx"); diff --git a/gencertbuf.pl b/gencertbuf.pl index 450ff764a..09c6114c2 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -15,6 +15,20 @@ use warnings; # output C header file to write cert/key buffers to my $outputFile = "./wolfssl/certs_test.h"; +# ecc keys and certs to be converted +# Used with HAVE_ECC && USE_CERT_BUFFERS_256 + +my @fileList_ecc = ( + [ "./certs/ecc-client-key.der", "ecc_clikey_der_256" ], + [ "./certs/ecc-client-keyPub.der", "ecc_clikeypub_der_256" ], + [ "./certs/client-ecc-cert.der", "cliecc_cert_der_256" ], + [ "./certs/ecc-key.der", "ecc_key_der_256" ], + [ "./certs/ecc-keyPub.der", "ecc_key_pub_der_256" ], + [ "./certs/server-ecc-comp.der", "serv_ecc_comp_der_256" ], + [ "./certs/server-ecc-rsa.der", "serv_ecc_rsa_der_256" ], + [ "./certs/server-ecc.der", "serv_ecc_der_256" ] + ); + # 1024-bit certs/keys to be converted # Used with USE_CERT_BUFFERS_1024 define. @@ -25,6 +39,7 @@ my @fileList_1024 = ( [ "./certs/1024/dh1024.der", "dh_key_der_1024" ], [ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ], [ "./certs/1024/rsa1024.der", "rsa_key_der_1024" ], + [ "./certs/1024/ca-key.der", "ca_key_der_1024"], [ "./certs/1024/ca-cert.der", "ca_cert_der_1024" ], [ "./certs/1024/server-key.der", "server_key_der_1024" ], [ "./certs/1024/server-cert.der", "server_cert_der_1024" ] @@ -47,6 +62,7 @@ my @fileList_2048 = ( # ---------------------------------------------------------------------------- +my $num_ecc = @fileList_ecc; my $num_1024 = @fileList_1024; my $num_2048 = @fileList_2048; @@ -57,6 +73,7 @@ print OUT_FILE "/* certs_test.h */\n\n"; print OUT_FILE "#ifndef WOLFSSL_CERTS_TEST_H\n"; print OUT_FILE "#define WOLFSSL_CERTS_TEST_H\n\n"; + # convert and print 1024-bit cert/keys print OUT_FILE "#ifdef USE_CERT_BUFFERS_1024\n\n"; for (my $i = 0; $i < $num_1024; $i++) { @@ -88,7 +105,26 @@ for (my $i = 0; $i < $num_2048; $i++) { print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n"; } + print OUT_FILE "#endif /* USE_CERT_BUFFERS_2048 */\n\n"; + +# convert and print 256-bit cert/keys +print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n"; +for (my $i = 0; $i < $num_ecc; $i++) { + + my $fname = $fileList_ecc[$i][0]; + my $sname = $fileList_ecc[$i][1]; + + print OUT_FILE "/* $fname, ECC */\n"; + print OUT_FILE "static const unsigned char $sname\[] =\n"; + print OUT_FILE "{\n"; + file_to_hex($fname); + print OUT_FILE "};\n"; + print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n"; +} +print OUT_FILE "#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */\n\n"; + + print OUT_FILE "/* dh1024 p */ static const unsigned char dh_p[] = { diff --git a/mcapi/crypto.c b/mcapi/crypto.c index b73ff2772..c8a99f579 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -536,7 +536,22 @@ int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX* rsa) return BAD_FUNC_ARG; return RsaEncryptSize((RsaKey*)rsa->holder); -} +} + + +int CRYPT_RSA_SetRng(CRYPT_RSA_CTX* rsa, CRYPT_RNG_CTX* rng) +{ + if (rsa == NULL) + return BAD_FUNC_ARG; + +#ifdef WC_RSA_BLINDING + return wc_RsaSetRNG((RsaKey*)rsa->holder, (WC_RNG*)rng); +#else + (void)rng; + + return 0; +#endif +} /* ECC init */ diff --git a/mcapi/crypto.h b/mcapi/crypto.h index 36232a452..8fe323631 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -220,7 +220,8 @@ int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX*, unsigned char*, unsigned int, const unsigned char*, unsigned int); /* helpers */ -int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*); +int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*); +int CRYPT_RSA_SetRng(CRYPT_RSA_CTX*, CRYPT_RNG_CTX*); diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index a34834d17..0a6d77e74 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -1296,6 +1296,12 @@ static int check_rsa(void) return -1; } + ret = CRYPT_RSA_SetRng(&mcRsa, &mcRng); + if (ret != 0) { + printf("mcapi rsa set rng failed\n"); + return -1; + } + ret = CRYPT_RSA_PublicEncrypt(&mcRsa, out1, sizeof(out1), ourData, RSA_TEST_SIZE, &mcRng); if (ret < 0) { diff --git a/rpm/spec.in b/rpm/spec.in index 868586299..488f09cf4 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so.3 -%{_libdir}/libwolfssl.so.3.3.0 +%{_libdir}/libwolfssl.so.3.4.0 %files devel %defattr(-,root,root,-) diff --git a/scripts/resume.test b/scripts/resume.test index 40a8613ae..337c30a76 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -4,6 +4,7 @@ # need a unique resume port since may run the same time as testsuite # use server port zero hack to get one +resume_string="reused" resume_port=0 no_pid=-1 server_pid=$no_pid @@ -65,7 +66,7 @@ fi # get created port 0 ephemeral port resume_port=`cat $ready_file` -./examples/client/client -r -p $resume_port +capture_out=$(./examples/client/client -r -p $resume_port 2>&1) client_result=$? if [ $client_result != 0 ] @@ -85,6 +86,15 @@ then exit 1 fi +case "$capture_out" in +*$resume_string*) + echo "resumed session" ;; +*) + echo "did NOT resume session as expected" + exit 1 + ;; +esac + echo -e "\nSuccess!\n" exit 0 diff --git a/src/internal.c b/src/internal.c index 63a5aa074..0fba76ab6 100755 --- a/src/internal.c +++ b/src/internal.c @@ -1704,7 +1704,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(NO_OLD_TLS) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif @@ -1723,7 +1723,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(NO_OLD_TLS) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif @@ -2176,13 +2176,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, } #endif -#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; - } -#endif - #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 if (tls1_2 && haveDH && haveRSA) { suites->suites[idx++] = 0; @@ -2214,6 +2207,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, } #endif +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; + } +#endif + #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 if (tls1_2 && haveRSA) { suites->suites[idx++] = 0; @@ -6489,6 +6489,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifndef IGNORE_KEY_EXTENSIONS if (dCert->extKeyUsageSet) { if ((ssl->specs.kea == rsa_kea) && + (ssl->options.side == WOLFSSL_CLIENT_END) && (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { ret = KEYUSE_ENCIPHER_E; } @@ -12314,50 +12315,60 @@ int GetCipherNamesSize(void) } /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ +const char* GetCipherNameInternal(const char* cipherName, int cipherSuite) +{ + const char* result = NULL; + const char* first; + int i; + + if (cipherName == NULL) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + first = (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA" + : (XSTRSTR(cipherName, "EC")) ? "EC" + : (XSTRSTR(cipherName, "CCM")) ? "CCM" + : NULL; /* normal */ + + for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) { + if (cipher_name_idx[i] == cipherSuite) { + const char* nameFound = cipher_names[i]; + + /* extra sanity check on returned cipher name */ + if (nameFound == NULL) { + continue; + } + + /* if first is null then not any */ + if (first == NULL) { + if ( !XSTRSTR(nameFound, "CHACHA") && + !XSTRSTR(nameFound, "EC") && + !XSTRSTR(nameFound, "CCM")) { + result = nameFound; + break; + } + } + else if (XSTRSTR(nameFound, first)) { + result = nameFound; + break; + } + } + } + + return result; +} + const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) { - const char* fullName; - const char* first; - WOLFSSL_CIPHER* cipher; - word32 i; - if (ssl == NULL) { WOLFSSL_MSG("Bad argument"); return NULL; } - cipher = wolfSSL_get_current_cipher(ssl); - fullName = wolfSSL_CIPHER_get_name(cipher); - if (fullName) { - first = (XSTRSTR(fullName, "CHACHA")) ? "CHACHA" - : (XSTRSTR(fullName, "EC")) ? "EC" - : (XSTRSTR(fullName, "CCM")) ? "CCM" - : NULL; /* normal */ - - for (i = 0; i < sizeof(cipher_name_idx); i++) { - if (cipher_name_idx[i] == ssl->options.cipherSuite) { - const char* nameFound = cipher_names[i]; - - /* extra sanity check on returned cipher name */ - if (nameFound == NULL) { - continue; - } - - /* if first is null then not any */ - if (first == NULL) { - if (!XSTRSTR(nameFound, "CHACHA") && - !XSTRSTR(nameFound, "EC") && !XSTRSTR(nameFound, "CCM")) { - return cipher_names[i]; - } - } - else if (XSTRSTR(nameFound, first)) { - return cipher_names[i]; - } - } - } - } - - return NULL; /* error or not found */ + return GetCipherNameInternal( + wolfSSL_CIPHER_get_name(&ssl->cipher), + ssl->options.cipherSuite); } @@ -12477,10 +12488,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifdef WOLFSSL_CALLBACKS /* Initialisze HandShakeInfo */ - void InitHandShakeInfo(HandShakeInfo* info) + void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl) { int i; + info->ssl = ssl; info->cipherName[0] = 0; for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) info->packetNames[i][0] = 0; @@ -12489,22 +12501,22 @@ static void PickHashSigAlgo(WOLFSSL* ssl, } /* Set Final HandShakeInfo parameters */ - void FinishHandShakeInfo(HandShakeInfo* info, const WOLFSSL* ssl) + void FinishHandShakeInfo(HandShakeInfo* info) { int i; int sz = sizeof(cipher_name_idx)/sizeof(int); for (i = 0; i < sz; i++) - if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { - if (ssl->options.cipherSuite0 == ECC_BYTE) + if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { + if (info->ssl->options.cipherSuite0 == ECC_BYTE) continue; /* ECC suites at end */ XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ); break; } /* error max and min are negative numbers */ - if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR) - info->negotiationError = ssl->error; + if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR) + info->negotiationError = info->ssl->error; } @@ -15926,6 +15938,8 @@ int DoSessionTicket(WOLFSSL* ssl, (void)ssl; (void)sigSz; + (void)length; + (void)idx; #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_async_pop(ssl, WOLF_EVENT_TYPE_ASYNC_ACCEPT); diff --git a/src/ssl.c b/src/ssl.c index fab0feed3..11c313c45 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -643,16 +643,8 @@ int wolfSSL_GetObjectSize(void) int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap) { - /* default size of chunks of memory to seperate into - * having session certs enabled makes a 21k SSL struct */ -#ifndef SESSION_CERTS - word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] = - { 64, 128, 256, 512, 1024, 2432, 3456, 4544, 16128 }; -#else - word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] = - { 64, 128, 256, 512, 1024, 2432, 3456, 4544, 21056 }; -#endif - word32 wc_defaultDist[WOLFMEM_DEF_BUCKETS] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 }; + word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS }; + word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST }; if (heap == NULL) { return BAD_FUNC_ARG; @@ -660,11 +652,8 @@ int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap) XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP)); - /* default pool sizes and distribution, else leave a 0's for now */ - #if WOLFMEM_DEF_BUCKETS == WOLFMEM_MAX_BUCKETS - XMEMCPY(heap->sizeList, wc_defaultMemSz, sizeof(wc_defaultMemSz)); - XMEMCPY(heap->distList, wc_defaultDist, sizeof(wc_defaultMemSz)); - #endif + XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz)); + XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist)); if (InitMutex(&(heap->memory_mutex)) != 0) { WOLFSSL_MSG("Error creating heap memory mutex"); @@ -7646,7 +7635,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret, } -int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) +static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) { WOLFSSL_SESSION* copyInto = &ssl->session; void* tmpBuff = NULL; @@ -7744,16 +7733,18 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) return SSL_FAILURE; if (LowResTimer() < (session->bornOn + session->timeout)) { - GetDeepCopySession(ssl, session); - ssl->options.resuming = 1; + int ret = GetDeepCopySession(ssl, session); + if (ret == SSL_SUCCESS) { + ssl->options.resuming = 1; #ifdef SESSION_CERTS - ssl->version = session->version; - ssl->options.cipherSuite0 = session->cipherSuite0; - ssl->options.cipherSuite = session->cipherSuite; + ssl->version = session->version; + ssl->options.cipherSuite0 = session->cipherSuite0; + ssl->options.cipherSuite = session->cipherSuite; #endif + } - return SSL_SUCCESS; + return ret; } return SSL_FAILURE; /* session timed out */ } @@ -8301,7 +8292,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (hsCb) { ssl->hsInfoOn = 1; - InitHandShakeInfo(&ssl->handShakeInfo); + InitHandShakeInfo(&ssl->handShakeInfo, ssl); } if (toCb) { ssl->toInfoOn = 1; @@ -8389,7 +8380,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->toInfoOn = 0; } if (hsCb) { - FinishHandShakeInfo(&ssl->handShakeInfo, ssl); + FinishHandShakeInfo(&ssl->handShakeInfo); (hsCb)(&ssl->handShakeInfo); ssl->hsInfoOn = 0; } @@ -11356,9 +11347,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) XFILE file; WOLFSSL_X509* x509 = NULL; - DerBuffer* der = NULL; - - WOLFSSL_ENTER("wolfSSL_X509_load_certificate"); /* Check the inputs */ if ((fname == NULL) || @@ -11396,6 +11384,26 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) XFCLOSE(file); + x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format); + + if (dynamic) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + + return x509; +} + +#endif /* NO_FILESYSTEM */ + + +WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( + const unsigned char* buf, int sz, int format) +{ + int ret; + WOLFSSL_X509* x509 = NULL; + DerBuffer* der = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex"); + if (format == SSL_FILETYPE_PEM) { int ecc = 0; #ifdef WOLFSSL_SMALL_STACK @@ -11408,9 +11416,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) { - if (dynamic) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - return NULL; } #endif @@ -11419,7 +11424,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) info->ctx = NULL; info->consumed = 0; - if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { + if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { FreeDer(&der); } @@ -11430,13 +11435,10 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) else { ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL); if (ret == 0) { - XMEMCPY(der->buffer, fileBuffer, sz); + XMEMCPY(der->buffer, buf, sz); } } - if (dynamic) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - /* At this point we want `der` to have the certificate in DER format */ /* ready to be decoded. */ if (der != NULL && der->buffer != NULL) { @@ -11477,8 +11479,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) return x509; } -#endif /* NO_FILESYSTEM */ - #endif /* KEEP_PEER_CERT || SESSION_CERTS */ /* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function @@ -17880,12 +17880,18 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } +#ifdef HAVE_ECC const char * wolf_OBJ_nid2sn(int n) { - (void)n; + int i; WOLFSSL_ENTER("wolf_OBJ_nid2sn"); - WOLFSSL_STUB("wolf_OBJ_nid2sn"); - return 0; + /* find based on NID and return name */ + for (i = 0; i < ecc_sets[i].size; i++) { + if (n == ecc_sets[i].id) { + return ecc_sets[i].name; + } + } + return NULL; } int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { @@ -17897,12 +17903,18 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } int wolf_OBJ_sn2nid(const char *sn) { - (void)sn; + int i; WOLFSSL_ENTER("wolf_OBJ_osn2nid"); - WOLFSSL_STUB("wolf_OBJ_osn2nid"); - return 0; + /* find based on name and return NID */ + for (i = 0; i < ecc_sets[i].size; i++) { + if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { + return ecc_sets[i].id; + } + } + return -1; } +#endif /* HAVE_ECC */ WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { diff --git a/support/wolfssl.pc b/support/wolfssl.pc index bf71aab4c..0e9d02592 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.9.7 +Version: 3.9.8 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 300bc7dd7..cc2a856dc 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1117,7 +1117,45 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) return 0; } -#endif +#endif /* HAVE_OID_ENCODING */ + +#ifdef HAVE_OID_DECODING +int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz) +{ + int x = 0, y = 0; + word32 t = 0; + + /* check args */ + if (in == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + /* decode bytes */ + while (inSz--) { + t = (t << 7) | (in[x] & 0x7F); + if (!(in[x] & 0x80)) { + if (y >= (int)*outSz) { + return BUFFER_E; + } + if (y == 0) { + out[0] = (t / 40); + out[1] = (t % 40); + y = 2; + } + else { + out[y++] = t; + } + t = 0; /* reset tmp */ + } + x++; + } + + /* return length */ + *outSz = y; + + return 0; +} +#endif /* HAVE_OID_DECODING */ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx) @@ -1164,10 +1202,36 @@ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, if (oidType != oidIgnoreType) { checkOid = OidFromId(*oid, oidType, &checkOidSz); - if (checkOid == NULL || - (checkOid != NULL && (checkOidSz != actualOidSz || - XMEMCMP(actualOid, checkOid, checkOidSz) != 0))) + #if 0 + /* support for dumping OID information */ + printf("OID (Type %d, Sz %d, Sum %d): ", oidType, actualOidSz, *oid); + for (i=0; isource, &cert->srcIdx, &len, cert->maxIdx) < 0) return ASN_PARSE_E; @@ -2274,31 +2331,9 @@ static int GetCertHeader(DecodedCert* cert) if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0) return ASN_PARSE_E; -#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) - mpi = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (mpi == NULL) - return MEMORY_E; -#endif - - if (GetInt(mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) { -#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) - XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + if (GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, + &cert->serialSz, cert->maxIdx) < 0) return ASN_PARSE_E; - } - - len = mp_unsigned_bin_size(mpi); - if (len < (int)sizeof(serialTmp)) { - if ( (ret = mp_to_unsigned_bin(mpi, serialTmp)) == MP_OKAY) { - XMEMCPY(cert->serial, serialTmp, len); - cert->serialSz = len; - } - } - mp_clear(mpi); - -#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) - XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif return ret; } @@ -3509,11 +3544,11 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef WOLFSSL_SMALL_STACK byte* digest; #else - byte digest[MAX_DIGEST_SIZE]; + byte digest[WC_MAX_DIGEST_SIZE]; #endif #ifdef WOLFSSL_SMALL_STACK - digest = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return 0; /* not confirmed */ #endif @@ -4761,10 +4796,8 @@ static int DecodeCertExtensions(DecodedCert* cert) oid = 0; if ((ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz)) < 0) { - if (ret != ASN_UNKNOWN_OID_E) { - WOLFSSL_MSG("\tfail: OBJECT ID"); - return ret; - } + WOLFSSL_MSG("\tfail: OBJECT ID"); + return ret; } /* check for critical flag */ @@ -5245,6 +5278,63 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output) return result; } +WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, + byte* serial, int* serialSz, word32 maxIdx) +{ + int result = 0; + byte b; + + WOLFSSL_ENTER("GetSerialNumber"); + + if (serial == NULL || input == NULL || serialSz == NULL) { + return BAD_FUNC_ARG; + } + + /* First byte is ASN type */ + if ((*inOutIdx+1) > maxIdx) { + WOLFSSL_MSG("Bad idx first"); + return BUFFER_E; + } + b = input[*inOutIdx]; + *inOutIdx += 1; + + if (b != ASN_INTEGER) { + WOLFSSL_MSG("Expecting Integer"); + return ASN_PARSE_E; + } + + if (GetLength(input, inOutIdx, serialSz, maxIdx) < 0) { + return ASN_PARSE_E; + } + + /* serial size check */ + if (*serialSz < 0 || *serialSz > EXTERNAL_SERIAL_SIZE) { + WOLFSSL_MSG("Serial size bad"); + return ASN_PARSE_E; + } + + /* serial size check against max index */ + if ((*inOutIdx + *serialSz) > maxIdx) { + WOLFSSL_MSG("Bad idx serial"); + return BUFFER_E; + } + + /* only check padding and return serial if length is greater than 1 */ + if (*serialSz > 0) { + /* skip padding */ + if (input[*inOutIdx] == 0x00) { + *serialSz -= 1; + *inOutIdx += 1; + } + + /* return serial */ + XMEMCPY(serial, &input[*inOutIdx], *serialSz); + *inOutIdx += *serialSz; + } + + return result; +} + const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; @@ -5351,6 +5441,16 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, XSTRNCPY(footer, END_CERT_REQ, footerLen); XSTRNCAT(footer, "\n", 1); } +#endif +#ifdef HAVE_CRL + else if (type == CRL_TYPE) + { + XSTRNCPY(header, BEGIN_X509_CRL, headerLen); + XSTRNCAT(header, "\n", 1); + + XSTRNCPY(footer, END_X509_CRL, footerLen); + XSTRNCAT(footer, "\n", 1); + } #endif else { #ifdef WOLFSSL_SMALL_STACK @@ -6700,7 +6800,7 @@ static int SetAltNames(byte *out, word32 outSz, byte *input, word32 length) /* encode CertName into output, return total bytes written */ -static int SetName(byte* output, word32 outputSz, CertName* name) +int SetName(byte* output, word32 outputSz, CertName* name) { int totalBytes = 0, i, idx; #ifdef WOLFSSL_SMALL_STACK @@ -7165,7 +7265,11 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, int sigAlgoType) { int encSigSz, digestSz, typeH = 0, ret = 0; - byte digest[MAX_DIGEST_SIZE]; /* max size */ +#ifdef WOLFSSL_SMALL_STACK + byte* digest; +#else + byte digest[WC_MAX_DIGEST_SIZE]; /* max size */ +#endif #ifdef WOLFSSL_SMALL_STACK byte* encSig; #else @@ -7186,6 +7290,12 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, (void)eccKey; (void)rng; +#ifdef WOLFSSL_SMALL_STACK + digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (digest == NULL) + return 0; /* not confirmed */ +#endif + switch (sigAlgoType) { #ifndef NO_MD5 case CTC_MD5wRSA: @@ -7227,14 +7337,20 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, ret = ALGO_ID_E; } - if (ret != 0) + if (ret != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; + } #ifdef WOLFSSL_SMALL_STACK encSig = (byte*)XMALLOC(MAX_DER_DIGEST_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (encSig == NULL) + if (encSig == NULL) { + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; + } #endif ret = ALGO_ID_E; @@ -7258,6 +7374,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, #endif #ifdef WOLFSSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -8860,28 +8977,9 @@ static int DecodeSingleResponse(byte* source, resp->issuerKeyHash = source + idx; idx += length; - /* Read the serial number, it is handled as a string, not as a - * proper number. Just XMEMCPY the data over, rather than load it - * as an mp_int. */ - if (source[idx++] != ASN_INTEGER) + /* Get serial number */ + if (GetSerialNumber(source, &idx, cs->serial, &cs->serialSz, size) < 0) return ASN_PARSE_E; - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - if (length <= EXTERNAL_SERIAL_SIZE) - { - if (source[idx] == 0) - { - idx++; - length--; - } - XMEMCPY(cs->serial, source + idx, length); - cs->serialSz = length; - } - else - { - return ASN_GETINT_E; - } - idx += length; /* CertStatus */ switch (source[idx++]) @@ -9160,7 +9258,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, } } else { - Signer* ca = GetCA(cm, resp->issuerHash); + Signer* ca = GetCA(cm, resp->issuerKeyHash); if (!ca || !ConfirmSignature(resp->response, resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, @@ -9593,39 +9691,24 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl, end = *idx + len; - /* get serial number */ - b = buff[*idx]; - *idx += 1; - - if (b != ASN_INTEGER) { - WOLFSSL_MSG("Expecting Integer"); - return ASN_PARSE_E; - } - - if (GetLength(buff, idx, &len, maxIdx) < 0) - return ASN_PARSE_E; - - if (len > EXTERNAL_SERIAL_SIZE) { - WOLFSSL_MSG("Serial Size too big"); - return ASN_PARSE_E; - } - rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap, - DYNAMIC_TYPE_CRL); + DYNAMIC_TYPE_CRL); if (rc == NULL) { WOLFSSL_MSG("Alloc Revoked Cert failed"); return MEMORY_E; } - XMEMCPY(rc->serialNumber, &buff[*idx], len); - rc->serialSz = len; + if (GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz, + maxIdx) < 0) { + XFREE(rc, dcrl->heap, DYNAMIC_TYPE_CRL); + return ASN_PARSE_E; + } /* add to list */ rc->next = dcrl->certs; dcrl->certs = rc; dcrl->totalCerts++; - *idx += len; /* get date */ b = buff[*idx]; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 15fd09327..3f7e88c2a 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1675,13 +1675,18 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, /* init variables */ tG = NULL; XMEMSET(M, 0, sizeof(M)); - err = mp_init(&mu); /* init montgomery reduction */ - if (err == MP_OKAY) - err = mp_montgomery_setup(modulus, &mp); - if (err == MP_OKAY) - err = mp_montgomery_calc_normalization(&mu, modulus); + if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { + return err; + } + if ((err = mp_init(&mu)) != MP_OKAY) { + return err; + } + if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { + mp_clear(&mu); + return err; + } /* alloc ram for window temps */ for (i = 0; i < 8; i++) { @@ -1903,21 +1908,28 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, /* init variables */ tG = NULL; XMEMSET(M, 0, sizeof(M)); - err = mp_init(&mu); /* init montgomery reduction */ - if (err == MP_OKAY) - err = mp_montgomery_setup(modulus, &mp); - if (err == MP_OKAY) - err = mp_montgomery_calc_normalization(&mu, modulus); + if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { + return err; + } + if ((err = mp_init(&mu)) != MP_OKAY) { + return err; + } + if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { + mp_clear(&mu); + return err; + } /* alloc ram for window temps */ for (i = 0; i < 3; i++) { M[i] = wc_ecc_new_point_h(heap); if (M[i] == NULL) { for (j = 0; j < i; j++) { - wc_ecc_del_point(M[j]); + wc_ecc_del_point_h(M[j], heap); } + mp_clear(&mu); + return MEMORY_E; } } @@ -2237,7 +2249,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, } if ((err = mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL)) != MP_OKAY) { - wc_ecc_del_point(result); + wc_ecc_del_point_h(result, private_key->heap); return err; } diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 53b341fd1..1f7efe1ee 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -263,6 +263,62 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag, } +/* returns the size of management memory needed for each bucket. + * This is memory that is used to keep track of and align memory buckets. */ +int wolfSSL_MemoryPaddingSz(void) +{ + word32 memSz = (word32)sizeof(wc_Memory); + word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); + return memSz + padSz; +} + + +/* Used to calculate memory size for optimum use with buckets. + returns the suggested size rounded down to the nearest bucket. */ +int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag) +{ + word32 bucketSz[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_BUCKETS}; + word32 distList[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_DIST}; + + word32 ava = sz; + byte* pt = buffer; + word32 memSz = (word32)sizeof(wc_Memory); + word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); + + WOLFSSL_ENTER("wolfSSL_static_size"); + + if (buffer == NULL) { + return BAD_FUNC_ARG; + } + + /* align pt */ + while ((wolfssl_word)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) { + pt++; + ava--; + } + + /* creating only IO buffers from memory passed in, max TLS is 16k */ + if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { + ava = sz % (memSz + padSz + WOLFMEM_IO_SZ); + } + else { + int i, k; + while ((ava >= (bucketSz[0] + padSz + memSz)) && (ava > 0)) { + /* start at largest and move to smaller buckets */ + for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) { + for (k = distList[i]; k > 0; k--) { + if ((bucketSz[i] + padSz + memSz) <= ava) { + ava -= bucketSz[i] + padSz + memSz; + } + } + } + } + } + + return sz - ava; /* round down */ +} + + int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) { WOLFSSL_MSG("Freeing fixed IO buffer"); diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 3b7360665..99dc2abeb 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -46,8 +46,9 @@ /* Check for if compiling misc.c when not needed. */ #if !defined(WOLFSSL_MISC_INCLUDED) && !defined(NO_INLINE) - #error misc.c does not need to be compiled when not defined NO_INLINE -#endif + #warning misc.c does not need to be compiled when using inline (NO_INLINE not defined) + +#else #ifdef INTEL_INTRINSICS @@ -203,4 +204,7 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length) #undef STATIC + +#endif /* !WOLFSSL_MISC_INCLUDED && !NO_INLINE */ + #endif /* WOLF_CRYPT_MISC_C */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 554fba998..e34e17c85 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -253,6 +253,8 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz, counter = 0; idx = 0; + (void)heap; + /* check error return of wc_HashGetDigestSize */ if (hLen < 0) { return hLen; @@ -1184,7 +1186,7 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); return plainLen; } - if (plainLen > (int)outLen) + if (plainLen > (int)outLen || pad == NULL) plainLen = BAD_FUNC_ARG; else XMEMCPY(out, pad, plainLen); @@ -1303,7 +1305,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, return plainLen; } - if (plainLen > (int)outLen) + if (plainLen > (int)outLen || pad == NULL) plainLen = BAD_FUNC_ARG; else XMEMCPY(out, pad, plainLen); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9d69a952d..9feda3ad6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -121,11 +121,7 @@ #endif -#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \ - || !defined(NO_DH) - /* include test cert and key buffers for use with NO_FILESYSTEM */ - #include -#endif +#include #if defined(WOLFSSL_MDK_ARM) #include @@ -225,6 +221,9 @@ int pbkdf2_test(void); #ifdef HAVE_ECC_ENCRYPT int ecc_encrypt_test(void); #endif + #ifdef USE_CERT_BUFFERS_256 + int ecc_test_buffers(void); + #endif #endif #ifdef HAVE_CURVE25519 int curve25519_test(void); @@ -248,6 +247,9 @@ int certext_test(void); #ifdef HAVE_IDEA int idea_test(void); #endif +#ifdef WOLFSSL_STATIC_MEMORY +int memory_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -532,6 +534,13 @@ int wolfcrypt_test(void* args) else printf( "RANDOM test passed!\n"); +#ifdef WOLFSSL_STATIC_MEMORY + if ( (ret = memory_test()) != 0) + return err_sys("MEMORY test failed!\n", ret); + else + printf( "MEMORY test passed!\n"); +#endif + #ifndef NO_RSA if ( (ret = rsa_test()) != 0) return err_sys("RSA test failed!\n", ret); @@ -592,6 +601,12 @@ int wolfcrypt_test(void* args) else printf( "ECC Enc test passed!\n"); #endif + #ifdef USE_CERT_BUFFERS_256 + if ( (ret = ecc_test_buffers()) != 0) + return err_sys("ECC buffer test failed!\n", ret); + else + printf( "ECC buffer test passed!\n"); + #endif #endif #ifdef HAVE_CURVE25519 @@ -3857,6 +3872,102 @@ int random_test(void) #endif /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */ +#ifdef WOLFSSL_STATIC_MEMORY +int memory_test(void) +{ + int ret = 0; + unsigned int i; + word32 size[] = { WOLFMEM_BUCKETS }; + word32 dist[] = { WOLFMEM_DIST }; + byte buffer[30000]; /* make large enough to involve many bucket sizes */ + + /* check macro settings */ + if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + return -97; + } + + if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + return -98; + } + + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { + /* each element in array should be divisable by alignment size */ + return -99; + } + } + + for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { + if (size[i - 1] >= size[i]) { + return -100; /* sizes should be in increasing order */ + } + } + + /* check that padding size returned is possible */ + if (wolfSSL_MemoryPaddingSz() <= WOLFSSL_STATIC_ALIGN) { + return -101; /* no room for wc_Memory struct */ + } + + if (wolfSSL_MemoryPaddingSz() < 0) { + return -102; + } + + if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { + return -103; /* not aligned! */ + } + + /* check function to return optimum buffer size (rounded down) */ + if ((ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL)) + % WOLFSSL_STATIC_ALIGN != 0) { + return -104; /* not aligned! */ + } + + if (ret < 0) { + return -105; + } + + if ((unsigned int)ret > sizeof(buffer)) { + return -106; /* did not round down as expected */ + } + + if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { + return -107; /* retrun value changed when using suggested value */ + } + + ret = wolfSSL_MemoryPaddingSz(); + if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != + (ret + (int)size[0])) { + return -108; /* did not round down to nearest bucket value */ + } + + ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); + if (ret < 0) { + return -109; + } + + if ((ret % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { + return -110; /* not even chunks of memory for IO size */ + } + + if ((ret % WOLFSSL_STATIC_ALIGN) != 0) { + return -111; /* memory not aligned */ + } + + /* check for passing bad or unknown argments to functions */ + if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { + return -112; + } + + if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { + return -113; /* should round to 0 since struct + bucket will not fit */ + } + + (void)dist; /* avoid static analysis warning of variable not used */ + return 0; +} +#endif /* WOLFSSL_STATIC_MEMORY */ + + #ifdef HAVE_NTRU byte GetEntropy(ENTROPY_CMD cmd, byte* out); @@ -5280,6 +5391,7 @@ int rsa_test(void) strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE); strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); + myCert.daysValid = 1000; #ifdef WOLFSSL_CERT_EXT @@ -6737,6 +6849,8 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, int ret; ecc_key userA, userB, pubKey; + (void)testVerifyCount; + wc_ecc_init(&userA); wc_ecc_init(&userB); wc_ecc_init(&pubKey); @@ -7148,6 +7262,92 @@ int ecc_encrypt_test(void) } #endif /* HAVE_ECC_ENCRYPT */ + +#ifdef USE_CERT_BUFFERS_256 +int ecc_test_buffers() { + size_t bytes; + ecc_key cliKey; + ecc_key servKey; +#ifdef WOLFSSL_CERT_EXT + ecc_key keypub; +#endif + WC_RNG rng; + word32 idx = 0; + int ret; + /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ + byte in[] = "Everyone gets Friday off. ecc p"; + word32 inLen = (word32)XSTRLEN((char*)in); + byte out[256]; + byte plain[256]; + int verify = 0; + word32 x; + + bytes = sizeof_ecc_clikey_der_256; + /* place client key into ecc_key struct cliKey */ + ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, + (word32)bytes); + if (ret != 0) + return -41; + + idx = 0; + bytes = sizeof_ecc_key_der_256; + + /* place server key into ecc_key struct servKey */ + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey, + (word32)bytes); + if (ret != 0) + return -41; + + ret = wc_InitRng(&rng); + if (ret != 0) + return -42; + +#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) + { + word32 y; + /* test encrypt and decrypt if they're available */ + x = sizeof(out); + ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL); + if (ret < 0) + return -43; + + y = sizeof(plain); + ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL); + if (ret < 0) + return -44; + + if (XMEMCMP(plain, in, inLen)) + return -45; + } +#endif + + + x = sizeof(out); + ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey); + if (ret < 0) + return -46; + + XMEMSET(plain, 0, sizeof(plain)); + + ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, &cliKey); + if (ret < 0) + return -47; + + if (XMEMCMP(plain, in, ret)) + return -48; + + idx = 0; + + bytes = sizeof_ecc_clikeypub_der_256; + + ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey, + (word32) bytes); + if (ret != 0) + return -52; + + return 0; +} +#endif /* USE_CERT_BUFFERS_256 */ #endif /* HAVE_ECC */ diff --git a/wolfcrypt/user-crypto/include/user_rsa.h b/wolfcrypt/user-crypto/include/user_rsa.h index fbf9430fe..72d2c610e 100644 --- a/wolfcrypt/user-crypto/include/user_rsa.h +++ b/wolfcrypt/user-crypto/include/user_rsa.h @@ -105,6 +105,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, #endif WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); +WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 748c420c4..974789ce7 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -2670,5 +2670,19 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) #endif /* WOLFSSL_KEY_GEN */ +#ifdef WC_RSA_BLINDING + +int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) +{ + if (key == NULL) + return USER_CRYPTO_ERROR; + + (void)rng; + + return 0; +} + +#endif /* WC_RSA_BLINDING */ + #endif /* NO_RSA */ diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h index 23681db76..9f3be0582 100644 --- a/wolfssl/callbacks.h +++ b/wolfssl/callbacks.h @@ -40,8 +40,10 @@ enum { /* CALLBACK CONTSTANTS */ fit here */ }; +struct WOLFSSL; typedef struct handShakeInfo_st { + struct WOLFSSL* ssl; char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated cipher */ char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1]; /* SSL packet names */ diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 6a3fb4799..2d52511d7 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -99,8 +99,8 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); static const unsigned char client_cert_der_1024[] = { 0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE3, 0xD7, 0xA0, 0xFA, - 0x76, 0xDF, 0x2A, 0xFA, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF3, 0x63, 0xB8, 0x35, + 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -118,10 +118,10 @@ static const unsigned char client_cert_der_1024[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, - 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, - 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, - 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -178,23 +178,23 @@ static const unsigned char client_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xE3, 0xD7, 0xA0, 0xFA, 0x76, 0xDF, 0x2A, 0xFA, 0x30, 0x0C, + 0xF3, 0x63, 0xB8, 0x35, 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x1D, 0xB7, 0xD5, 0x7C, 0xE1, 0xB1, 0xD8, 0xC0, 0x67, - 0x5D, 0xB5, 0xD3, 0x88, 0xE7, 0x50, 0x29, 0x71, 0x63, 0x8F, - 0xCC, 0x26, 0x1F, 0x33, 0x09, 0x55, 0x43, 0x9B, 0xAB, 0xC6, - 0x1B, 0xBC, 0xC7, 0x01, 0x95, 0x1A, 0xFA, 0x65, 0xE0, 0xFD, - 0x9C, 0xEB, 0x6F, 0x0A, 0x0F, 0x14, 0xEC, 0xB5, 0x2F, 0xDC, - 0x1C, 0x30, 0xDD, 0x52, 0x97, 0xD4, 0x1C, 0x09, 0x00, 0x33, - 0x38, 0x5F, 0xCB, 0xA8, 0x16, 0x8F, 0x11, 0xB7, 0xB8, 0xD0, - 0x66, 0xE1, 0x54, 0x28, 0xF3, 0x3F, 0xBF, 0x6A, 0x6F, 0x76, - 0x48, 0x2A, 0x5E, 0x56, 0xA7, 0xCE, 0x1C, 0xF0, 0x04, 0xDD, - 0x17, 0xBD, 0x06, 0x78, 0x21, 0x6D, 0xD6, 0xB1, 0x9B, 0x75, - 0x31, 0x92, 0xC1, 0xFE, 0xD4, 0x8D, 0xD4, 0x67, 0x2F, 0x03, - 0x1B, 0x27, 0x8D, 0xAB, 0xFF, 0x30, 0x3B, 0xC3, 0x7F, 0x23, - 0xE4, 0xAB, 0x5B, 0x91, 0xE1, 0x1B, 0x66, 0xE6, 0xED + 0x00, 0x31, 0x5E, 0xC5, 0x8C, 0x6F, 0xB7, 0xC5, 0x47, 0x1B, + 0x51, 0x5F, 0x99, 0x91, 0xA1, 0x23, 0x45, 0x3C, 0x36, 0x59, + 0x20, 0xFE, 0x90, 0x46, 0x95, 0x79, 0xE8, 0xB8, 0xD9, 0xDB, + 0x44, 0x7F, 0x63, 0x42, 0x71, 0x59, 0xD5, 0x59, 0xA5, 0x3C, + 0xD3, 0x43, 0x83, 0xA0, 0x7D, 0x1E, 0x56, 0x36, 0x02, 0x92, + 0xE2, 0x0A, 0x19, 0xF6, 0x97, 0xF2, 0x82, 0x12, 0xA6, 0xB2, + 0xBF, 0x3B, 0xB6, 0xB0, 0x07, 0xFC, 0x7A, 0x5B, 0x78, 0x22, + 0xA0, 0x31, 0xF4, 0x3D, 0xEB, 0x0A, 0xC5, 0xE4, 0xE5, 0xB4, + 0xC7, 0xBB, 0x4F, 0xA9, 0xB8, 0x37, 0x19, 0xBF, 0xC7, 0x64, + 0x9D, 0x74, 0x9E, 0x78, 0xDF, 0x09, 0xF5, 0xD6, 0xDD, 0xC2, + 0xFB, 0xCE, 0x94, 0xD5, 0xBF, 0x97, 0xB0, 0x76, 0xB5, 0xE9, + 0x10, 0x65, 0x6C, 0x48, 0x85, 0xC4, 0x1B, 0xFF, 0x5B, 0x64, + 0xC7, 0x11, 0x30, 0x06, 0xE4, 0x40, 0xF5, 0x90, 0x2B }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -336,6 +336,74 @@ static const unsigned char rsa_key_der_1024[] = }; static const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024); +/* ./certs/1024/ca-key.der, 1024-bit */ +static const unsigned char ca_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5E, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, 0xC3, + 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, 0x59, + 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, 0x17, + 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, 0x62, + 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, 0x0B, + 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, 0x2E, + 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, 0x80, + 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, 0xDB, + 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, 0x27, + 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, 0x01, + 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, 0x92, + 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, 0x88, + 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x52, 0x35, 0x3D, + 0x01, 0x29, 0xA4, 0x95, 0x29, 0x71, 0x9B, 0x64, 0x6A, 0x2C, + 0xC3, 0xD2, 0xB5, 0xBE, 0x6E, 0x13, 0x9C, 0x8F, 0xB6, 0x26, + 0xD8, 0x76, 0x6B, 0xBD, 0x61, 0xBC, 0x63, 0x2D, 0xD5, 0x4D, + 0xBB, 0xCC, 0xC6, 0x3B, 0x89, 0xC8, 0xCE, 0x7B, 0x9B, 0x97, + 0xE7, 0x51, 0x67, 0x61, 0xDA, 0xA9, 0x83, 0x7B, 0xC8, 0x44, + 0xF5, 0x70, 0x5E, 0x3E, 0xD0, 0x7E, 0x51, 0xB9, 0x6E, 0x13, + 0x57, 0x08, 0x5C, 0xE1, 0x67, 0x4F, 0x61, 0x5E, 0xA5, 0x09, + 0xEC, 0x11, 0xDD, 0xE4, 0xB8, 0xB4, 0xF4, 0xE0, 0x63, 0x34, + 0x4C, 0xDA, 0x32, 0x20, 0x1F, 0x85, 0x41, 0x5D, 0xBC, 0xDB, + 0x24, 0xC5, 0xAF, 0xBE, 0x02, 0x5F, 0x22, 0xF1, 0x7C, 0xCC, + 0x05, 0x56, 0xA6, 0xA6, 0x37, 0x9A, 0xEB, 0xFF, 0x52, 0x2D, + 0xBF, 0x30, 0x4B, 0x9A, 0x1D, 0xEE, 0xAB, 0x9C, 0x2C, 0xE2, + 0xC1, 0xB8, 0x9D, 0xC9, 0x31, 0x02, 0x41, 0x00, 0xE9, 0x89, + 0x16, 0xCD, 0xAC, 0x2E, 0xF2, 0x4D, 0x66, 0x17, 0xBD, 0x78, + 0x12, 0x12, 0x8D, 0x8E, 0x84, 0x24, 0xDE, 0x2D, 0x50, 0x41, + 0x85, 0x8C, 0x34, 0x09, 0xFA, 0xFB, 0x6D, 0x87, 0x51, 0x4C, + 0x13, 0x28, 0xF0, 0x60, 0x11, 0x86, 0x3D, 0xC2, 0xA4, 0xCF, + 0x5E, 0xC5, 0x6F, 0x5B, 0x11, 0x32, 0x0A, 0xB5, 0x28, 0xD0, + 0x82, 0x47, 0x44, 0x26, 0x92, 0xE2, 0x78, 0x59, 0xB4, 0x08, + 0xB3, 0xFD, 0x02, 0x41, 0x00, 0xE1, 0x75, 0xB4, 0x6A, 0xB5, + 0x8C, 0x11, 0xFB, 0xCC, 0x42, 0x02, 0xC5, 0xDA, 0x48, 0xCE, + 0x29, 0x43, 0x14, 0x01, 0x9A, 0x2C, 0xB3, 0xA4, 0xCB, 0x73, + 0xEB, 0xA1, 0x35, 0x57, 0xAD, 0xB5, 0x16, 0x17, 0x80, 0x03, + 0x5F, 0x32, 0x37, 0xBE, 0xA2, 0x6F, 0xF9, 0x31, 0x84, 0xBF, + 0x00, 0x6E, 0x8D, 0x03, 0x0E, 0x30, 0x1C, 0xD0, 0x2F, 0x37, + 0xF0, 0x7E, 0xC2, 0x64, 0xBF, 0xEE, 0x4B, 0xE8, 0xFD, 0x02, + 0x41, 0x00, 0xE1, 0x99, 0x8B, 0x2B, 0xD8, 0x9F, 0xE9, 0x76, + 0x97, 0x9F, 0x6B, 0x6B, 0x28, 0x9A, 0x3F, 0xA1, 0x63, 0x4A, + 0x72, 0x4E, 0xF7, 0xEE, 0xB3, 0xE2, 0x43, 0x0B, 0x39, 0x27, + 0xD6, 0x21, 0x18, 0x8A, 0x13, 0x20, 0x43, 0x45, 0xAA, 0xE8, + 0x31, 0x95, 0x6C, 0xBC, 0xDE, 0xE2, 0x7F, 0xB6, 0x4B, 0xA0, + 0x39, 0xF3, 0xD3, 0x9F, 0xC9, 0x9A, 0xAA, 0xDD, 0x50, 0x9B, + 0xF2, 0x83, 0x45, 0x85, 0xFA, 0xC9, 0x02, 0x41, 0x00, 0xAF, + 0xB0, 0xC7, 0x7C, 0xF8, 0x28, 0x44, 0xC3, 0x50, 0xF2, 0x87, + 0xB2, 0xA2, 0x5D, 0x65, 0xBA, 0x25, 0xB9, 0x6B, 0x5E, 0x37, + 0x43, 0x6E, 0x41, 0xD4, 0xFD, 0x63, 0x4C, 0x6C, 0x1C, 0xC3, + 0x26, 0x89, 0xFD, 0x89, 0xA3, 0x1F, 0x40, 0xED, 0x5F, 0x2B, + 0x9E, 0xA6, 0x85, 0xE9, 0x49, 0x6E, 0xDC, 0x97, 0xEA, 0xF0, + 0x77, 0x23, 0x8C, 0x08, 0x2D, 0x72, 0xBA, 0x0D, 0x44, 0xBB, + 0x6F, 0x90, 0x09, 0x02, 0x41, 0x00, 0x91, 0xE4, 0x2E, 0xCA, + 0x8C, 0x0A, 0x69, 0x2F, 0x62, 0xE2, 0x62, 0x3B, 0xA5, 0x8D, + 0x5A, 0x2C, 0x56, 0x3E, 0x7F, 0x67, 0x42, 0x92, 0x12, 0x92, + 0x5F, 0xF3, 0x97, 0xDD, 0xE1, 0xA9, 0x7F, 0xAD, 0x2E, 0x2D, + 0xF4, 0x4A, 0x57, 0xB3, 0x7A, 0x10, 0xBD, 0xD7, 0xE4, 0xEC, + 0x6A, 0x08, 0x21, 0xE9, 0xF2, 0x46, 0x49, 0xD2, 0x69, 0x47, + 0x8A, 0x20, 0x4B, 0xF2, 0xB1, 0x52, 0x83, 0xAB, 0x6F, 0x10 + +}; +static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); + /* ./certs/1024/ca-cert.der, 1024-bit */ static const unsigned char ca_cert_der_1024[] = { @@ -776,8 +844,8 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); static const unsigned char client_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0x27, 0xB3, 0xC5, - 0xA9, 0x72, 0x6E, 0x0D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, + 0xAD, 0xAA, 0x0A, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -795,10 +863,10 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, - 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, - 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, - 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -868,36 +936,36 @@ static const unsigned char client_cert_der_2048[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xAA, 0x27, 0xB3, 0xC5, 0xA9, 0x72, 0x6E, 0x0D, + 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, 0xAD, 0xAA, 0x0A, 0x8C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x51, 0x96, 0xA7, 0x1C, 0x26, 0x5D, - 0x1C, 0x90, 0xC6, 0x32, 0x9F, 0x96, 0x15, 0xF2, 0x1D, 0xE7, - 0x93, 0x9C, 0xAC, 0x75, 0x56, 0x95, 0xFD, 0x20, 0x70, 0xAB, - 0x45, 0x6A, 0x09, 0xB0, 0xF3, 0xF2, 0x03, 0xA8, 0xDB, 0xDC, - 0x2F, 0xBC, 0x1F, 0x87, 0x7A, 0xA3, 0xD4, 0x8F, 0xD5, 0x49, - 0x97, 0x7E, 0x3C, 0x54, 0xAC, 0xB1, 0xE3, 0xF0, 0x39, 0x0D, - 0xFE, 0x09, 0x9A, 0x23, 0xF6, 0x32, 0xA6, 0x41, 0x59, 0xBD, - 0x60, 0xE8, 0xBD, 0xDE, 0x00, 0x36, 0x6F, 0x3E, 0xE9, 0x41, - 0x6F, 0xA9, 0x63, 0xC7, 0xAA, 0xD5, 0x7B, 0xF3, 0xE4, 0x39, - 0x48, 0x9E, 0xF6, 0x60, 0xC6, 0xC6, 0x86, 0xD5, 0x72, 0x86, - 0x23, 0xCD, 0xF5, 0x6A, 0x63, 0x53, 0xA4, 0xF8, 0xFC, 0x51, - 0x6A, 0xCD, 0x60, 0x74, 0x8E, 0xA3, 0x86, 0x61, 0x01, 0x34, - 0x78, 0xF7, 0x29, 0x97, 0xB3, 0xA7, 0x34, 0xB6, 0x0A, 0xDE, - 0xB5, 0x71, 0x7A, 0x09, 0xA6, 0x3E, 0xD6, 0x82, 0x58, 0x89, - 0x67, 0x9C, 0xC5, 0x68, 0x62, 0xBA, 0x06, 0xD6, 0x39, 0xBB, - 0xCB, 0x3A, 0xC0, 0xE0, 0x63, 0x1F, 0xC7, 0x0C, 0x9C, 0x12, - 0x86, 0xEC, 0xF7, 0x39, 0x6A, 0x61, 0x93, 0xD0, 0x33, 0x14, - 0xC6, 0x55, 0x3B, 0xB6, 0xCF, 0x80, 0x5B, 0x8C, 0x43, 0xEF, - 0x43, 0x44, 0x0B, 0x3C, 0x93, 0x39, 0xA3, 0x4E, 0x15, 0xD1, - 0x0B, 0x5F, 0x84, 0x98, 0x1D, 0xCD, 0x9F, 0xA9, 0x47, 0xEB, - 0x3B, 0x56, 0x30, 0xB6, 0x76, 0x92, 0xC1, 0x48, 0x5F, 0xBC, - 0x95, 0xB0, 0x50, 0x1A, 0x55, 0xC8, 0x4E, 0x62, 0x47, 0x87, - 0x54, 0x64, 0x0C, 0x9B, 0x91, 0xFA, 0x43, 0xB3, 0x29, 0x48, - 0xBE, 0xE6, 0x12, 0xEB, 0xE3, 0x44, 0xC6, 0x52, 0xE4, 0x40, - 0xC6, 0x83, 0x95, 0x1B, 0xA7, 0x65, 0x27, 0x69, 0x73, 0x2F, - 0xC8, 0xA0, 0x4D, 0x7F, 0xBE, 0xEA, 0x9B, 0x67, 0xB2, 0x7B + 0x82, 0x01, 0x01, 0x00, 0x33, 0x85, 0x08, 0xB4, 0x58, 0x0E, + 0xA2, 0x00, 0x03, 0x74, 0xDE, 0x77, 0xFB, 0xD1, 0x2B, 0x76, + 0x9C, 0x97, 0x90, 0x20, 0x21, 0xA2, 0xE8, 0x2E, 0x22, 0x50, + 0x26, 0x04, 0x76, 0xBA, 0x5B, 0x47, 0x79, 0xE5, 0x52, 0xF7, + 0xC4, 0x0D, 0x79, 0xFF, 0x62, 0x3F, 0x05, 0x7C, 0xC3, 0x08, + 0x6C, 0xE0, 0xB7, 0x81, 0xD0, 0xCE, 0xC6, 0xC9, 0x46, 0xB9, + 0x8E, 0x4B, 0x5F, 0x56, 0x79, 0x4B, 0x13, 0xB6, 0xD1, 0x6B, + 0x66, 0x4B, 0xCE, 0x00, 0x0D, 0xE3, 0x76, 0x5E, 0xFB, 0xCB, + 0xB5, 0x5D, 0x12, 0x31, 0x05, 0xF1, 0xBB, 0x39, 0xF6, 0x86, + 0x90, 0xCA, 0x92, 0x56, 0xA4, 0xA0, 0x75, 0x21, 0xB6, 0x1D, + 0x4C, 0x96, 0xC3, 0x45, 0xEB, 0x5A, 0x91, 0x94, 0x32, 0xD3, + 0x59, 0xB8, 0xC9, 0x73, 0x1F, 0x03, 0xA9, 0x81, 0x63, 0xE0, + 0x43, 0xC0, 0x1E, 0xC8, 0x65, 0xBE, 0x3B, 0xA7, 0x53, 0xC3, + 0x44, 0xFF, 0xB3, 0xFB, 0x47, 0x84, 0xA8, 0xB6, 0x9D, 0x00, + 0xD5, 0x6B, 0xAE, 0x87, 0xF8, 0xBB, 0x35, 0xB2, 0x6C, 0x66, + 0x0B, 0x11, 0xEE, 0x6F, 0xFE, 0x12, 0xED, 0x59, 0x79, 0xF1, + 0x3E, 0xF2, 0xD3, 0x61, 0x27, 0x8B, 0x95, 0x7E, 0x99, 0x75, + 0x8D, 0xA4, 0x9F, 0x34, 0x85, 0xF1, 0x25, 0x4D, 0x48, 0x1E, + 0x9B, 0x6B, 0x70, 0xF6, 0x66, 0xCC, 0x56, 0xB1, 0xA3, 0x02, + 0x52, 0x8A, 0x7C, 0xAA, 0xAF, 0x07, 0xDA, 0x97, 0xC6, 0x0C, + 0xA5, 0x8F, 0xED, 0xCB, 0xF5, 0xD8, 0x04, 0x5D, 0x97, 0x0A, + 0x5D, 0x5A, 0x2B, 0x49, 0xF5, 0xBD, 0x93, 0xE5, 0x23, 0x9B, + 0x99, 0xB5, 0x0C, 0xFF, 0x0C, 0x7E, 0x38, 0x82, 0xB2, 0x6E, + 0xAB, 0x8A, 0xC9, 0xA7, 0x45, 0xAB, 0xD6, 0xD7, 0x93, 0x35, + 0x70, 0x07, 0x7E, 0xC8, 0x3D, 0xA5, 0xFE, 0x33, 0x8F, 0xD9, + 0x85, 0xC0, 0xC7, 0x5A, 0x02, 0xE4, 0x7C, 0xD6, 0x35, 0x9E }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1155,8 +1223,8 @@ static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048); static const unsigned char ca_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xD9, 0x80, 0x3A, 0xC3, - 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB7, 0xB6, 0x90, 0x33, + 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -1173,10 +1241,10 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, - 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, - 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, - 0x31, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -1244,36 +1312,36 @@ static const unsigned char ca_cert_der_2048[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xD9, 0x80, 0x3A, 0xC3, 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0C, + 0xB7, 0xB6, 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x7A, 0xAF, 0x44, 0x3B, 0xAA, 0x6F, 0x53, 0x42, - 0xB2, 0x33, 0xAA, 0x43, 0x5F, 0x56, 0x30, 0xD3, 0xB9, 0x96, - 0x0B, 0x9A, 0x55, 0x5A, 0x39, 0x2A, 0x0B, 0x4E, 0xE4, 0x2E, - 0xF1, 0x95, 0x66, 0xC9, 0x86, 0x36, 0x82, 0x8D, 0x63, 0x7C, - 0x4D, 0xA2, 0xEE, 0x48, 0xBA, 0x03, 0xC7, 0x90, 0xD7, 0xA7, - 0xC6, 0x74, 0x60, 0x48, 0x5F, 0x31, 0xA2, 0xF9, 0x5E, 0x3E, - 0xC3, 0x82, 0xE1, 0xE5, 0x2F, 0x41, 0x81, 0x83, 0x29, 0x25, - 0x79, 0xD1, 0x53, 0x00, 0x69, 0x3C, 0xED, 0x0A, 0x30, 0x3B, - 0x41, 0x1D, 0x92, 0xA1, 0x2C, 0xA8, 0x9D, 0x2C, 0xE3, 0x23, - 0x87, 0x79, 0xE0, 0x55, 0x6E, 0x91, 0xA8, 0x50, 0xDA, 0x46, - 0x2F, 0xC2, 0x20, 0x50, 0x3E, 0x2B, 0x47, 0x97, 0x14, 0xB0, - 0x7D, 0x04, 0xBA, 0x45, 0x51, 0xD0, 0x6E, 0xE1, 0x5A, 0xA2, - 0x4B, 0x84, 0x9C, 0x4D, 0xCD, 0x85, 0x04, 0xF9, 0x28, 0x31, - 0x82, 0x93, 0xBC, 0xC7, 0x59, 0x49, 0x91, 0x03, 0xE8, 0xDF, - 0x6A, 0xE4, 0x56, 0xAD, 0x6A, 0xCB, 0x1F, 0x0D, 0x37, 0xE4, - 0x5E, 0xBD, 0xE7, 0x9F, 0xD5, 0xEC, 0x9D, 0x3C, 0x18, 0x25, - 0x9B, 0xF1, 0x2F, 0x50, 0x7D, 0xEB, 0x31, 0xCB, 0xF1, 0x63, - 0x22, 0x9D, 0x57, 0xFC, 0xF3, 0x84, 0x20, 0x1A, 0xC6, 0x07, - 0x87, 0x92, 0x26, 0x9E, 0x15, 0x18, 0x59, 0x33, 0x06, 0xDC, - 0xFB, 0xB0, 0xB6, 0x76, 0x5D, 0xF1, 0xC1, 0x2F, 0xC8, 0x2F, - 0x62, 0x9C, 0xC0, 0xD6, 0xDE, 0xEB, 0x65, 0x77, 0xF3, 0x5C, - 0xA6, 0xC3, 0x88, 0x27, 0x96, 0x75, 0xB4, 0xF4, 0x54, 0xCD, - 0xFF, 0x2D, 0x21, 0x2E, 0x96, 0xF0, 0x07, 0x73, 0x4B, 0xE9, - 0x93, 0x92, 0x90, 0xDE, 0x62, 0xD9, 0xA3, 0x3B, 0xAC, 0x6E, - 0x24, 0x5F, 0x27, 0x4A, 0xB3, 0x94, 0x70, 0xFF, 0x30, 0x17, - 0xE7, 0x7E, 0x32, 0x8F, 0x65, 0xB7, 0x75, 0x58 + 0x01, 0x00, 0x0E, 0x93, 0x48, 0x44, 0x4A, 0x72, 0x96, 0x60, + 0x71, 0x25, 0x82, 0xA9, 0x2C, 0xCA, 0x60, 0x5B, 0xF2, 0x88, + 0x3E, 0xCF, 0x11, 0x74, 0x5A, 0x11, 0x4A, 0xDC, 0xD9, 0xD8, + 0xF6, 0x58, 0x2C, 0x05, 0xD3, 0x56, 0xD9, 0xE9, 0x8F, 0x37, + 0xEF, 0x8E, 0x3E, 0x3B, 0xFF, 0x22, 0x36, 0x00, 0xCA, 0xD8, + 0xE2, 0x96, 0x3F, 0xA7, 0xD1, 0xED, 0x1F, 0xDE, 0x7A, 0xB0, + 0xD7, 0x8F, 0x36, 0xBD, 0x41, 0x55, 0x1E, 0xD4, 0xB9, 0x86, + 0x3B, 0x87, 0x25, 0x69, 0x35, 0x60, 0x48, 0xD6, 0xE4, 0x5A, + 0x94, 0xCE, 0xA2, 0xFA, 0x70, 0x38, 0x36, 0xC4, 0x85, 0xB4, + 0x4B, 0x23, 0xFE, 0x71, 0x9E, 0x2F, 0xDB, 0x06, 0xC7, 0xB5, + 0x9C, 0x21, 0xF0, 0x3E, 0x7C, 0xEB, 0x91, 0xF8, 0x5C, 0x09, + 0xFD, 0x84, 0x43, 0xA4, 0xB3, 0x4E, 0x04, 0x0C, 0x22, 0x31, + 0x71, 0x6A, 0x48, 0xC8, 0xAB, 0xBB, 0xE8, 0xCE, 0xFA, 0x67, + 0x15, 0x1A, 0x3A, 0x82, 0x98, 0x43, 0x33, 0xB5, 0x0E, 0x1F, + 0x1E, 0x89, 0xF8, 0x37, 0xDE, 0x1B, 0xE6, 0xB5, 0xA0, 0xF4, + 0xA2, 0x8B, 0xB7, 0x1C, 0x90, 0xBA, 0x98, 0x6D, 0x94, 0x21, + 0x08, 0x80, 0x5D, 0xF3, 0xBF, 0x66, 0xAD, 0xC9, 0x72, 0x28, + 0x7A, 0x6A, 0x48, 0xEE, 0xCF, 0x63, 0x69, 0x31, 0x8C, 0xC5, + 0x8E, 0x66, 0xDA, 0x4B, 0x78, 0x65, 0xE8, 0x03, 0x3A, 0x4B, + 0xF8, 0xCC, 0x42, 0x54, 0xD3, 0x52, 0x5C, 0x2D, 0x04, 0xAE, + 0x26, 0x87, 0xE1, 0x7E, 0x40, 0xCB, 0x45, 0x41, 0x16, 0x4B, + 0x6E, 0xA3, 0x2E, 0x4A, 0x76, 0xBD, 0x29, 0x7F, 0x1C, 0x53, + 0x37, 0x06, 0xAD, 0xE9, 0x5B, 0x6A, 0xD6, 0xB7, 0x4E, 0x94, + 0xA2, 0x7C, 0xE8, 0xAC, 0x4E, 0xA6, 0x50, 0x3E, 0x2B, 0x32, + 0x9E, 0x68, 0x42, 0x1B, 0xE4, 0x59, 0x67, 0x61, 0xEA, 0xC7, + 0x9A, 0x51, 0x9C, 0x1C, 0x55, 0xA3, 0x77, 0x76 }; static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1424,10 +1492,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, - 0x30, 0x37, 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, - 0x0D, 0x31, 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, - 0x31, 0x30, 0x31, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, + 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, + 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, + 0x37, 0x33, 0x37, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -1494,42 +1562,479 @@ static const unsigned char server_cert_der_2048[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xD9, 0x80, - 0x3A, 0xC3, 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0C, 0x06, 0x03, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, + 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x67, 0xC0, 0x2C, 0xA9, 0x43, 0x47, 0xE7, 0x11, 0x14, 0x77, - 0xAE, 0xCC, 0xD8, 0xE0, 0x6B, 0x23, 0x82, 0x91, 0x63, 0xE8, - 0xA8, 0x0D, 0x21, 0xC5, 0xC8, 0x47, 0x97, 0x2F, 0xD5, 0xF3, - 0x86, 0xFB, 0x6C, 0xCE, 0x25, 0xF9, 0x7C, 0x78, 0xC8, 0x3A, - 0x22, 0x68, 0xF2, 0x16, 0x1E, 0xD2, 0xD2, 0x3F, 0x24, 0x04, - 0x87, 0xF2, 0xB7, 0xC1, 0x62, 0x63, 0xBA, 0xC5, 0xFA, 0xAE, - 0xD2, 0x20, 0x81, 0x1A, 0xD2, 0x0C, 0xAE, 0x26, 0x6B, 0x1B, - 0x2B, 0x10, 0xD3, 0xE1, 0x9A, 0x4E, 0x64, 0x6C, 0x97, 0xDB, - 0x36, 0xA8, 0x8F, 0xF8, 0x05, 0x63, 0xBF, 0xBA, 0x0D, 0x88, - 0x0B, 0x87, 0x46, 0xC9, 0xE4, 0x64, 0xE3, 0xD7, 0xBD, 0xB8, - 0x2D, 0xD5, 0xC1, 0xC3, 0xC4, 0xDB, 0x55, 0x68, 0xDC, 0xA3, - 0x7A, 0x40, 0xB9, 0xA9, 0xF6, 0x04, 0x4A, 0x22, 0xCF, 0x98, - 0x76, 0x1C, 0xE4, 0xA3, 0xFF, 0x79, 0x19, 0x96, 0x57, 0x63, - 0x07, 0x6F, 0xF6, 0x32, 0x77, 0x16, 0x50, 0x9B, 0xE3, 0x34, - 0x18, 0xD4, 0xEB, 0xBE, 0xFD, 0xB6, 0x6F, 0xE3, 0xC7, 0xF6, - 0x85, 0xBF, 0xAC, 0x32, 0xAD, 0x98, 0x57, 0xBE, 0x13, 0x92, - 0x44, 0x10, 0xA5, 0xF3, 0xAE, 0xE2, 0x66, 0xDA, 0x44, 0xA9, - 0x94, 0x71, 0x3F, 0xD0, 0x2F, 0x20, 0x59, 0x87, 0xE4, 0x5A, - 0x40, 0xEE, 0xD2, 0xE4, 0x0C, 0xCE, 0x25, 0x94, 0xDC, 0x0F, - 0xFE, 0x38, 0xE0, 0x41, 0x52, 0x34, 0x5C, 0xBB, 0xC3, 0xDB, - 0xC1, 0x5F, 0x76, 0xC3, 0x5D, 0x0E, 0x32, 0x69, 0x2B, 0x9D, - 0x01, 0xED, 0x50, 0x1B, 0x4F, 0x77, 0xA9, 0xA9, 0xD8, 0x71, - 0x30, 0xCB, 0x2E, 0x2C, 0x70, 0x00, 0xAB, 0x78, 0x4B, 0xD7, - 0x15, 0xD9, 0x17, 0xF8, 0x64, 0xB2, 0xF7, 0x3A, 0xDA, 0xE1, - 0x0B, 0x8B, 0x0A, 0xE1, 0x4E, 0xB1, 0x03, 0x46, 0x14, 0xCA, - 0x94, 0xE3, 0x44, 0x77, 0xD7, 0x59 + 0x51, 0xFE, 0x2A, 0xDF, 0x07, 0x7E, 0x43, 0xCA, 0x66, 0x8D, + 0x15, 0xC4, 0x2B, 0xDB, 0x57, 0xB2, 0x06, 0x6D, 0x0D, 0x90, + 0x66, 0xFF, 0xA5, 0x24, 0x9C, 0x14, 0xEF, 0x81, 0xF2, 0xA4, + 0xAB, 0x99, 0xA9, 0x6A, 0x49, 0x20, 0xA5, 0xD2, 0x71, 0xE7, + 0x1C, 0x3C, 0x99, 0x07, 0xC7, 0x47, 0xFC, 0xE8, 0x96, 0xB4, + 0xF5, 0x42, 0x30, 0xCE, 0x39, 0x01, 0x4B, 0xD1, 0xC2, 0xE8, + 0xBC, 0x95, 0x84, 0x87, 0xCE, 0x55, 0x5D, 0x97, 0x9F, 0xCF, + 0x78, 0xF3, 0x56, 0x9B, 0xA5, 0x08, 0x6D, 0xAC, 0xF6, 0xA5, + 0x5C, 0xC4, 0xEF, 0x3E, 0x2A, 0x39, 0xA6, 0x48, 0x26, 0x29, + 0x7B, 0x2D, 0xE0, 0xCD, 0xA6, 0x8C, 0x57, 0x48, 0x0B, 0xBB, + 0x31, 0x32, 0xC2, 0xBF, 0xD9, 0x43, 0x4C, 0x47, 0x25, 0x18, + 0x81, 0xA8, 0xC9, 0x33, 0x82, 0x41, 0x9B, 0xBA, 0x61, 0x86, + 0xD7, 0x84, 0x93, 0x17, 0x24, 0x25, 0x36, 0xCA, 0x4D, 0x63, + 0x6B, 0x4F, 0x95, 0x79, 0xD8, 0x60, 0xE0, 0x1E, 0xF5, 0xAC, + 0xC1, 0x8A, 0xA1, 0xB1, 0x7E, 0x85, 0x8E, 0x87, 0x20, 0x2F, + 0x08, 0x31, 0xAD, 0x5E, 0xC6, 0x4A, 0xC8, 0x61, 0xF4, 0x9E, + 0x07, 0x1E, 0xA2, 0x22, 0xED, 0x73, 0x7C, 0x85, 0xEE, 0xFA, + 0x62, 0xDC, 0x50, 0x36, 0xAA, 0xFD, 0xC7, 0x9D, 0xAA, 0x18, + 0x04, 0xFB, 0xEA, 0xCC, 0x2C, 0x68, 0x9B, 0xB3, 0xA9, 0xC2, + 0x96, 0xD8, 0xC1, 0xCC, 0x5A, 0x7E, 0xF7, 0x0D, 0x9E, 0x08, + 0xE0, 0x9D, 0x29, 0x8B, 0x84, 0x46, 0x8F, 0xD3, 0x91, 0x6A, + 0xB5, 0xB8, 0x7A, 0x5C, 0xCC, 0x4F, 0x55, 0x01, 0xB8, 0x9A, + 0x48, 0xA0, 0x94, 0x43, 0xCA, 0x25, 0x47, 0x52, 0x0A, 0xF7, + 0xF4, 0xBE, 0xB0, 0xD1, 0x71, 0x6D, 0xA5, 0x52, 0x4A, 0x65, + 0x50, 0xB2, 0xAD, 0x4E, 0x1D, 0xE0, 0x6C, 0x01, 0xD8, 0xFB, + 0x43, 0x80, 0xE6, 0xE4, 0x0C, 0x37 }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); #endif /* USE_CERT_BUFFERS_2048 */ +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + +/* ./certs/ecc-client-key.der, ECC */ +static const unsigned char ecc_clikey_der_256[] = +{ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xF8, 0xCF, 0x92, + 0x6B, 0xBD, 0x1E, 0x28, 0xF1, 0xA8, 0xAB, 0xA1, 0x23, 0x4F, + 0x32, 0x74, 0x18, 0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92, + 0xF8, 0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7, 0xA0, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, + 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, + 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, + 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, + 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, + 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, + 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, + 0xB4 +}; +static const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256); + +/* ./certs/ecc-client-keyPub.der, ECC */ +static const unsigned char ecc_clikeypub_der_256[] = +{ + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, + 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, + 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, + 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, + 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, + 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, + 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, + 0xB4 +}; +static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); + +/* ./certs/client-ecc-cert.der, ECC */ +static const unsigned char cliecc_cert_der_256[] = +{ + 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, + 0x13, 0x1D, 0x17, 0x5C, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, + 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x38, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, + 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, + 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, + 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, + 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, + 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, + 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, + 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, + 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, + 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, + 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, + 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x81, 0xF5, + 0x30, 0x81, 0xF2, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, + 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, + 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xC2, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xBA, 0x30, 0x81, 0xB7, 0x80, 0x14, + 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, + 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, + 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, + 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x82, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, 0x13, 0x1D, 0x17, + 0x5C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, + 0x30, 0x45, 0x02, 0x20, 0x43, 0x9A, 0xB6, 0x7E, 0x87, 0x8E, + 0x8C, 0xD7, 0x16, 0xF1, 0x0D, 0xD2, 0x50, 0x11, 0xA4, 0xAC, + 0xB6, 0xAC, 0x07, 0xEF, 0xE9, 0x60, 0xE1, 0x90, 0xA2, 0x5F, + 0xC9, 0x76, 0xE6, 0x54, 0x1A, 0x81, 0x02, 0x21, 0x00, 0xD6, + 0x8B, 0x7C, 0xBA, 0x53, 0x12, 0x05, 0x06, 0xFA, 0x8F, 0xC5, + 0xC7, 0x58, 0xC3, 0x9A, 0x9F, 0xA1, 0x84, 0x8C, 0xB4, 0x88, + 0x83, 0x4D, 0x6A, 0xB4, 0xB7, 0x85, 0x7A, 0xB3, 0x3C, 0xF3, + 0xDF +}; +static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); + +/* ./certs/ecc-key.der, ECC */ +static const unsigned char ecc_key_der_256[] = +{ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xB6, 0x69, + 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38, 0x5B, 0x72, 0xE8, + 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, + 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8 +}; +static const int sizeof_ecc_key_der_256 = sizeof(ecc_key_der_256); + +/* ./certs/ecc-keyPub.der, ECC */ +static const unsigned char ecc_key_pub_der_256[] = +{ + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8 +}; +static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256); + +/* ./certs/server-ecc-comp.der, ECC */ +static const unsigned char serv_ecc_comp_der_256[] = +{ + 0x30, 0x82, 0x03, 0x24, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xC3, 0xCD, 0xC5, 0xE4, + 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, + 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, + 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, + 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, + 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, + 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, + 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74, + 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, 0x43, + 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, + 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, + 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, + 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, + 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x09, 0x30, 0x82, 0x01, + 0x05, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, + 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, + 0x5A, 0x18, 0x30, 0x81, 0xD5, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xCD, 0x30, 0x81, 0xCA, 0x80, 0x14, 0x8C, 0x38, + 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, 0xAC, + 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, 0x81, + 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, + 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, + 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0xC3, 0xCD, 0xC5, 0xE4, 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, + 0x21, 0x00, 0xCA, 0x10, 0xEC, 0x8F, 0xF1, 0xEB, 0x92, 0x19, + 0x76, 0xD7, 0x16, 0x54, 0xF2, 0x21, 0x1C, 0x38, 0x0E, 0x6E, + 0x22, 0x3D, 0x95, 0xA4, 0xBD, 0xC8, 0x8C, 0xD2, 0xD8, 0x28, + 0xD3, 0x9C, 0x21, 0x6D, 0x02, 0x20, 0x71, 0x39, 0x0B, 0x0D, + 0xEC, 0x68, 0x8C, 0x64, 0xB6, 0x2C, 0x68, 0xDA, 0x03, 0xB1, + 0xD8, 0xE7, 0xD4, 0xF7, 0xCB, 0xA6, 0x73, 0x7E, 0x08, 0x00, + 0xC6, 0xB8, 0x04, 0x9D, 0x17, 0x3E, 0x66, 0x7F +}; +static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); + +/* ./certs/server-ecc-rsa.der, ECC */ +static const unsigned char serv_ecc_rsa_der_256[] = +{ + 0x30, 0x82, 0x03, 0xE0, 0x30, 0x82, 0x02, 0xC8, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, + 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, + 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, + 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, + 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, + 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x1A, 0x30, 0x18, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x45, 0x6C, 0x6C, + 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x52, 0x53, + 0x41, 0x73, 0x69, 0x67, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x45, 0x43, 0x43, 0x2D, 0x52, + 0x53, 0x41, 0x73, 0x69, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, + 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, + 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, + 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, + 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, + 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, + 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, + 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x81, 0xFC, 0x30, 0x81, + 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, + 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, + 0x89, 0x30, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, + 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, + 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, + 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, + 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, + 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, + 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0xAB, 0xB7, 0x78, 0xC8, 0x18, 0x6E, 0x6A, 0x27, 0x5D, 0xBB, + 0x16, 0xA1, 0xD3, 0xAE, 0xB5, 0xFD, 0x46, 0x50, 0xCF, 0xDC, + 0x82, 0xF9, 0x4A, 0x19, 0xEC, 0xBF, 0x44, 0xCD, 0xF5, 0x1F, + 0x15, 0x2C, 0x5A, 0xE9, 0x65, 0x27, 0xB2, 0xE1, 0x88, 0x62, + 0x0F, 0xBC, 0xA1, 0x3C, 0x95, 0xFB, 0x62, 0x8A, 0x71, 0xE0, + 0xC6, 0x22, 0xCE, 0x2E, 0x00, 0xCA, 0x4E, 0x7A, 0x03, 0x2A, + 0x12, 0x90, 0x98, 0x7B, 0x53, 0x9F, 0x46, 0xA0, 0xFF, 0x6B, + 0x04, 0xDC, 0x2A, 0x8D, 0xBB, 0x93, 0xE7, 0xB9, 0x0B, 0xD0, + 0x61, 0x0F, 0x62, 0x97, 0x18, 0x99, 0xBB, 0xE7, 0x1C, 0xE3, + 0xA2, 0xAB, 0x70, 0x8F, 0x32, 0x47, 0x7F, 0x1E, 0x3B, 0xCB, + 0x62, 0x55, 0x41, 0xA4, 0xAF, 0x1F, 0x01, 0x2C, 0x9B, 0xB2, + 0xCC, 0x06, 0x8D, 0x28, 0x04, 0x57, 0x5B, 0xF6, 0x32, 0xB8, + 0xE8, 0x18, 0xB6, 0x6B, 0xA1, 0xB9, 0xAA, 0x3F, 0x49, 0xEA, + 0xC1, 0x02, 0xC7, 0x92, 0xD9, 0xC7, 0x23, 0xEA, 0xA2, 0xF7, + 0x70, 0xA9, 0xDA, 0x9E, 0x5E, 0x82, 0xEF, 0x30, 0x07, 0xC7, + 0x89, 0xDA, 0xC9, 0xE0, 0xCF, 0xED, 0xE9, 0x4C, 0x34, 0xD4, + 0x72, 0x0E, 0x16, 0x49, 0x82, 0xC5, 0xA9, 0xB4, 0xA7, 0x05, + 0x07, 0xCC, 0x5D, 0xEB, 0xB4, 0xEF, 0x9A, 0x09, 0x73, 0xA2, + 0xD4, 0xB6, 0xC5, 0xBE, 0x34, 0xC0, 0xC9, 0x09, 0x29, 0xA5, + 0xD5, 0xF1, 0xE4, 0x82, 0x49, 0x70, 0xBF, 0x75, 0x79, 0x15, + 0xCD, 0xC1, 0xC8, 0xA3, 0x4D, 0x9B, 0xB4, 0xE2, 0x94, 0x5E, + 0x27, 0x61, 0xEA, 0x34, 0x69, 0x88, 0x47, 0xBD, 0x61, 0xE9, + 0x0D, 0xF3, 0x95, 0x8F, 0xFF, 0x53, 0xE7, 0x5C, 0x11, 0xE3, + 0xF4, 0xD0, 0x70, 0xAD, 0x9A, 0x73, 0x5D, 0x29, 0x30, 0xFC, + 0x23, 0x2E, 0xC0, 0x62, 0xD4, 0xD3, 0xA8, 0xCE, 0xB2, 0xE9, + 0xD3, 0xB9, 0x3F, 0x10, 0x0A, 0xF2 +}; +static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); + +/* ./certs/server-ecc.der, ECC */ +static const unsigned char serv_ecc_der_256[] = +{ + 0x30, 0x82, 0x03, 0x10, 0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4, + 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, + 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, + 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, + 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, + 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, + 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, + 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, + 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, + 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, + 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, + 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, + 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06, + 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, + 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, + 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, + 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBC, 0x30, + 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, + 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, + 0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92, + 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, + 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, + 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, + 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xEF, + 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0C, 0x06, + 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, + 0x00, 0xF1, 0xD0, 0xA6, 0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A, + 0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D, 0x6B, 0x33, 0xE9, 0xF2, + 0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87, 0x31, 0xB3, + 0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE, + 0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4, + 0xB0, 0xC9, 0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2, + 0xF6, 0x7D, 0x04, 0xC7, 0xBD, 0x62, 0xC9, 0x20 +}; +static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256); + +#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ + /* dh1024 p */ static const unsigned char dh_p[] = { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ad568279c..ac6f062f8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2894,9 +2894,9 @@ typedef struct EncryptedInfo { #ifdef WOLFSSL_CALLBACKS WOLFSSL_LOCAL - void InitHandShakeInfo(HandShakeInfo*); + void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); WOLFSSL_LOCAL - void FinishHandShakeInfo(HandShakeInfo*, const WOLFSSL*); + void FinishHandShakeInfo(HandShakeInfo*); WOLFSSL_LOCAL void AddPacketName(const char*, HandShakeInfo*); @@ -3103,6 +3103,7 @@ WOLFSSL_LOCAL void c32to24(word32 in, word24 out); WOLFSSL_LOCAL const char* const* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); +WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 704817d5c..1b84c4c80 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -340,7 +340,6 @@ WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); -WOLFSSL_API int GetDeepCopySession(WOLFSSL*, WOLFSSL_SESSION*); WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); @@ -936,7 +935,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); WOLFSSL_API void wolfSSL_FreeX509(WOLFSSL_X509*); /* get index cert in PEM */ WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, - unsigned char* buffer, int inLen, int* outLen); + unsigned char* buf, int inLen, int* outLen); WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); @@ -959,6 +958,8 @@ WOLFSSL_API WOLFSSL_X509* WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); #endif +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( + const unsigned char* buf, int sz, int format); #ifdef WOLFSSL_SEP WOLFSSL_API unsigned char* diff --git a/wolfssl/version.h b/wolfssl/version.h index 7fcd75f25..c044ee57a 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.9.7" -#define LIBWOLFSSL_VERSION_HEX 0x03009007 +#define LIBWOLFSSL_VERSION_STRING "3.9.8" +#define LIBWOLFSSL_VERSION_HEX 0x03009008 #ifdef __cplusplus } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 297dd69d8..f609e0ab1 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -639,6 +639,9 @@ WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); /* ASN.1 helper functions */ +#ifdef WOLFSSL_CERT_GEN +WOLFSSL_TEST_API int SetName(byte* output, word32 outputSz, CertName* name); +#endif WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, @@ -653,6 +656,10 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); #endif +#ifdef HAVE_OID_DECODING + WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, + word16* out, word32* outSz); +#endif WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, @@ -666,6 +673,8 @@ WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); +WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, + byte* serial, int* serialSz, word32 maxIdx); WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 274787939..cd44741b4 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -71,10 +71,26 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function, #ifdef WOLFSSL_STATIC_MEMORY #define WOLFSSL_STATIC_TIMEOUT 1 - #define WOLFSSL_STATIC_ALIGN 16 - #define WOLFMEM_MAX_BUCKETS 9 + #ifndef WOLFSSL_STATIC_ALIGN + #define WOLFSSL_STATIC_ALIGN 16 + #endif + #ifndef WOLFMEM_MAX_BUCKETS + #define WOLFMEM_MAX_BUCKETS 9 + #endif #define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */ #define WOLFMEM_IO_SZ 16992 /* 16 byte aligned */ + #ifndef WOLFMEM_BUCKETS + /* default size of chunks of memory to seperate into + * having session certs enabled makes a 21k SSL struct */ + #ifndef SESSION_CERTS + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,16128 + #else + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,21056 + #endif + #endif + #ifndef WOLFMEM_DIST + #define WOLFMEM_DIST 8,4,4,12,4,5,2,1,1 + #endif /* flags for loading static memory (one hot bit) */ #define WOLFMEM_GENERAL 0x01 @@ -147,6 +163,9 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function, WOLFSSL_MEM_STATS* stats); WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); + + WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag); + WOLFSSL_API int wolfSSL_MemoryPaddingSz(void); #endif /* WOLFSSL_STATIC_MEMORY */ #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c2130f6a2..ad95b6137 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -155,6 +155,8 @@ /* make sure old RNG name is used with CTaoCrypt FIPS */ #ifdef HAVE_FIPS #define WC_RNG RNG + /* blinding adds API not available yet in FIPS mode */ + #undef WC_RSA_BLINDING #endif diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index ef4732c11..e44e7dbf3 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -214,13 +214,13 @@ #define SIZEOF_FP_DIGIT 8 typedef unsigned long fp_word __attribute__ ((mode(TI))); #else - #if defined(_MSC_VER) || defined(__BORLANDC__) - typedef unsigned __int64 ulong64; - #else - typedef unsigned long long ulong64; - #endif #ifndef NO_64BIT + #if defined(_MSC_VER) || defined(__BORLANDC__) + typedef unsigned __int64 ulong64; + #else + typedef unsigned long long ulong64; + #endif typedef unsigned int fp_digit; #define SIZEOF_FP_DIGIT 4 typedef ulong64 fp_word;