From dd329ac97b6eb2197900543cf31609eea0c09e4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Fri, 15 Jul 2016 17:12:04 -0300 Subject: [PATCH 01/34] fixes ocsp signer lookup in the cert manager. --- wolfcrypt/src/asn.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3cdab5c95..2f9abd58c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9207,7 +9207,10 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, } } else { - Signer* ca = GetCA(cm, resp->issuerHash); + Signer* ca = GetCA(cm, resp->issuerKeyHash); + + if (!ca) + ca = GetCA(cm, resp->issuerHash); if (!ca || !ConfirmSignature(resp->response, resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, From d3f7ddc4862453fa21df23d40fd78c33d69f72b1 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 15 Jul 2016 14:32:24 -0600 Subject: [PATCH 02/34] leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS is defined --- src/internal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index 50de7115f..2efab0250 100755 --- a/src/internal.c +++ b/src/internal.c @@ -1704,7 +1704,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(NO_OLD_TLS) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif @@ -1723,7 +1723,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, suites->hashSigAlgo[idx++] = sha256_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(NO_OLD_TLS) suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = rsa_sa_algo; #endif From e866b55bb73f97c65fc42a659efe62481284a980 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 18 Jul 2016 22:02:41 -0300 Subject: [PATCH 03/34] removes fallback. --- wolfcrypt/src/asn.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2f9abd58c..a79d13be7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9209,9 +9209,6 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, else { Signer* ca = GetCA(cm, resp->issuerKeyHash); - if (!ca) - ca = GetCA(cm, resp->issuerHash); - if (!ca || !ConfirmSignature(resp->response, resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, resp->sig, resp->sigSz, resp->sigOID, NULL)) { From e8f7d78fc412d303208c9ecc5eb455638904d2ab Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 21 Jul 2016 12:11:15 -0600 Subject: [PATCH 04/34] add helper functions for choosing static buffer size --- examples/server/server.c | 12 +++++ src/ssl.c | 19 ++----- wolfcrypt/src/memory.c | 56 ++++++++++++++++++++ wolfcrypt/test/test.c | 105 +++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/memory.h | 23 +++++++- 5 files changed, 198 insertions(+), 17 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 0fdbdd2e6..b5dc3de2d 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -632,6 +632,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("unable to get method"); #ifdef WOLFSSL_STATIC_MEMORY + #ifdef DEBUG_WOLFSSL + /* print off helper buffer sizes for use with static memory + * printing to stderr incase of debug mode turned on */ + fprintf(stderr, "static memory management size = %d\n", + wolfSSL_MemoryPaddingSz()); + fprintf(stderr, "calculated optimum general buffer size = %d\n", + wolfSSL_StaticBufferSz(memory, sizeof(memory), 0)); + fprintf(stderr, "calculated optimum IO buffer size = %d\n", + wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED)); + #endif /* DEBUG_WOLFSSL */ + if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1) != SSL_SUCCESS) err_sys("unable to load static memory and create ctx"); diff --git a/src/ssl.c b/src/ssl.c index fab0feed3..a44bcb8ec 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -643,16 +643,8 @@ int wolfSSL_GetObjectSize(void) int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap) { - /* default size of chunks of memory to seperate into - * having session certs enabled makes a 21k SSL struct */ -#ifndef SESSION_CERTS - word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] = - { 64, 128, 256, 512, 1024, 2432, 3456, 4544, 16128 }; -#else - word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] = - { 64, 128, 256, 512, 1024, 2432, 3456, 4544, 21056 }; -#endif - word32 wc_defaultDist[WOLFMEM_DEF_BUCKETS] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 }; + word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS }; + word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST }; if (heap == NULL) { return BAD_FUNC_ARG; @@ -660,11 +652,8 @@ int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap) XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP)); - /* default pool sizes and distribution, else leave a 0's for now */ - #if WOLFMEM_DEF_BUCKETS == WOLFMEM_MAX_BUCKETS - XMEMCPY(heap->sizeList, wc_defaultMemSz, sizeof(wc_defaultMemSz)); - XMEMCPY(heap->distList, wc_defaultDist, sizeof(wc_defaultMemSz)); - #endif + XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz)); + XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist)); if (InitMutex(&(heap->memory_mutex)) != 0) { WOLFSSL_MSG("Error creating heap memory mutex"); diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 53b341fd1..1f7efe1ee 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -263,6 +263,62 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag, } +/* returns the size of management memory needed for each bucket. + * This is memory that is used to keep track of and align memory buckets. */ +int wolfSSL_MemoryPaddingSz(void) +{ + word32 memSz = (word32)sizeof(wc_Memory); + word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); + return memSz + padSz; +} + + +/* Used to calculate memory size for optimum use with buckets. + returns the suggested size rounded down to the nearest bucket. */ +int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag) +{ + word32 bucketSz[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_BUCKETS}; + word32 distList[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_DIST}; + + word32 ava = sz; + byte* pt = buffer; + word32 memSz = (word32)sizeof(wc_Memory); + word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); + + WOLFSSL_ENTER("wolfSSL_static_size"); + + if (buffer == NULL) { + return BAD_FUNC_ARG; + } + + /* align pt */ + while ((wolfssl_word)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) { + pt++; + ava--; + } + + /* creating only IO buffers from memory passed in, max TLS is 16k */ + if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { + ava = sz % (memSz + padSz + WOLFMEM_IO_SZ); + } + else { + int i, k; + while ((ava >= (bucketSz[0] + padSz + memSz)) && (ava > 0)) { + /* start at largest and move to smaller buckets */ + for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) { + for (k = distList[i]; k > 0; k--) { + if ((bucketSz[i] + padSz + memSz) <= ava) { + ava -= bucketSz[i] + padSz + memSz; + } + } + } + } + } + + return sz - ava; /* round down */ +} + + int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) { WOLFSSL_MSG("Freeing fixed IO buffer"); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9d69a952d..05321dbaa 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -248,6 +248,9 @@ int certext_test(void); #ifdef HAVE_IDEA int idea_test(void); #endif +#ifdef WOLFSSL_STATIC_MEMORY +int memory_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -532,6 +535,13 @@ int wolfcrypt_test(void* args) else printf( "RANDOM test passed!\n"); +#ifdef WOLFSSL_STATIC_MEMORY + if ( (ret = memory_test()) != 0) + return err_sys("MEMORY test failed!\n", ret); + else + printf( "MEMORY test passed!\n"); +#endif + #ifndef NO_RSA if ( (ret = rsa_test()) != 0) return err_sys("RSA test failed!\n", ret); @@ -3857,6 +3867,101 @@ int random_test(void) #endif /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */ +#ifdef WOLFSSL_STATIC_MEMORY +int memory_test(void) +{ + int ret = 0; + unsigned int i; + word32 size[] = { WOLFMEM_BUCKETS }; + word32 dist[] = { WOLFMEM_DIST }; + byte buffer[30000]; /* make large enough to involve many bucket sizes */ + + /* check macro settings */ + if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + return -97; + } + + if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + return -98; + } + + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { + /* each element in array should be divisable by alignment size */ + return -99; + } + } + + for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { + if (size[i - 1] >= size[i]) { + return -100; /* sizes should be in increasing order */ + } + } + + /* check that padding size returned is possible */ + if (wolfSSL_MemoryPaddingSz() <= WOLFSSL_STATIC_ALIGN) { + return -101; /* no room for wc_Memory struct */ + } + + if (wolfSSL_MemoryPaddingSz() < 0) { + return -102; + } + + if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { + return -103; /* not aligned! */ + } + + /* check function to return optimum buffer size (rounded down) */ + if ((ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL)) + % WOLFSSL_STATIC_ALIGN != 0) { + return -104; /* not aligned! */ + } + + if (ret < 0) { + return -105; + } + + if ((unsigned int)ret > sizeof(buffer)) { + return -106; /* did not round down as expected */ + } + + if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { + return -107; /* retrun value changed when using suggested value */ + } + + ret = wolfSSL_MemoryPaddingSz(); + if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != + (ret + (int)size[0])) { + return -108; /* did not round down to nearest bucket value */ + } + + ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); + if (ret < 0) { + return -109; + } + + if ((ret % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { + return -110; /* not even chunks of memory for IO size */ + } + + if ((ret % WOLFSSL_STATIC_ALIGN) != 0) { + return -111; /* memory not aligned */ + } + + /* check for passing bad or unknown argments to functions */ + if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { + return -112; + } + + if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { + return -113; /* should round to 0 since struct + bucket will not fit */ + } + + return 0; +} +#endif /* WOLFSSL_STATIC_MEMORY */ + + #ifdef HAVE_NTRU byte GetEntropy(ENTROPY_CMD cmd, byte* out); diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 274787939..cd44741b4 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -71,10 +71,26 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function, #ifdef WOLFSSL_STATIC_MEMORY #define WOLFSSL_STATIC_TIMEOUT 1 - #define WOLFSSL_STATIC_ALIGN 16 - #define WOLFMEM_MAX_BUCKETS 9 + #ifndef WOLFSSL_STATIC_ALIGN + #define WOLFSSL_STATIC_ALIGN 16 + #endif + #ifndef WOLFMEM_MAX_BUCKETS + #define WOLFMEM_MAX_BUCKETS 9 + #endif #define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */ #define WOLFMEM_IO_SZ 16992 /* 16 byte aligned */ + #ifndef WOLFMEM_BUCKETS + /* default size of chunks of memory to seperate into + * having session certs enabled makes a 21k SSL struct */ + #ifndef SESSION_CERTS + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,16128 + #else + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,21056 + #endif + #endif + #ifndef WOLFMEM_DIST + #define WOLFMEM_DIST 8,4,4,12,4,5,2,1,1 + #endif /* flags for loading static memory (one hot bit) */ #define WOLFMEM_GENERAL 0x01 @@ -147,6 +163,9 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function, WOLFSSL_MEM_STATS* stats); WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); + + WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag); + WOLFSSL_API int wolfSSL_MemoryPaddingSz(void); #endif /* WOLFSSL_STATIC_MEMORY */ #ifdef __cplusplus From 4121667586f4c7c4849ddefabae6a4d236839673 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Mon, 25 Jul 2016 13:05:52 -0600 Subject: [PATCH 05/34] update certs pre-release: NTRU certs expired in mid june --- certs/1024/ca-cert.pem | 41 +++--- certs/1024/client-cert.der | Bin 969 -> 969 bytes certs/1024/client-cert.pem | 39 +++--- certs/1024/server-cert.pem | 79 ++++++------ certs/ca-cert.der | Bin 1198 -> 1198 bytes certs/ca-cert.pem | 57 ++++---- certs/client-cert.der | Bin 1230 -> 1230 bytes certs/client-cert.pem | 57 ++++---- certs/client-ecc-cert.der | Bin 780 -> 781 bytes certs/client-ecc-cert.pem | 30 +++-- certs/crl/cliCrl.pem | 50 +++---- certs/crl/crl.pem | 52 ++++---- certs/crl/crl.revoked | 58 ++++----- certs/crl/eccCliCRL.pem | 22 ++-- certs/crl/eccSrvCRL.pem | 22 ++-- certs/ntru-cert.pem | 40 +++--- certs/ntru-key.raw | Bin 607 -> 607 bytes certs/server-cert.der | Bin 1186 -> 1186 bytes certs/server-cert.pem | 111 ++++++++-------- certs/server-ecc-comp.pem | 28 ++-- certs/server-ecc-rsa.pem | 55 ++++---- certs/server-ecc.pem | 30 +++-- certs/server-revoked-cert.pem | 113 ++++++++-------- wolfssl/certs_test.h | 236 +++++++++++++++++----------------- 24 files changed, 567 insertions(+), 553 deletions(-) diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem index 3deb3628c..479ded3a7 100644 --- a/certs/1024/ca-cert.pem +++ b/certs/1024/ca-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 10323419125573214618 (0x8f4426ffb743e19a) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: + ce:e3:ff:31:10:46:d2:76 + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Jul 25 18:56:34 2016 GMT + Not After : Apr 21 18:56:34 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,25 +29,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:CE:E3:FF:31:10:46:D2:76 X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0e:46:ac:d8:29:1d:12:12:06:0c:d3:3f:7d:58:2e:0d:11:5e: - 5d:0d:dd:17:c0:0f:aa:01:4d:a4:c4:84:81:6e:64:ae:d1:5d: - 58:cd:19:6a:74:a4:46:2f:c8:43:79:39:c0:91:4b:7c:71:ea: - 4e:63:44:66:15:41:15:de:50:82:e3:e9:d1:55:55:cc:5a:38: - 1e:3a:59:b3:0e:ee:0e:54:4d:93:e7:e0:8e:27:a5:6e:08:b8: - 6a:39:da:2d:47:62:c4:5b:89:c0:48:48:2a:d5:f0:55:74:fd: - a6:b1:68:3c:70:a4:52:24:81:ec:4c:57:e0:e8:18:73:9d:0a: - 4d:d8 + Signature Algorithm: sha256WithRSAEncryption + 95:09:cc:95:d1:ff:84:5b:1e:b4:96:51:58:40:7a:68:c7:7d: + 5e:5c:27:f7:15:65:50:ce:02:29:13:6c:5e:2d:68:c7:f2:bd: + eb:6d:ae:fe:5e:8f:05:32:e4:26:f0:f7:f9:64:92:e5:cf:f5: + 60:65:71:fa:47:74:dd:2b:c1:c7:e0:e3:a5:6e:97:c6:d8:c0: + 90:ff:9d:94:65:85:73:b2:c7:35:ec:d3:44:b5:8f:53:fb:c9: + 21:ee:93:5f:1c:d6:0d:d9:b4:c3:0d:74:87:ae:c7:b1:42:be: + 69:67:db:1c:79:09:c0:69:ac:4a:7d:ea:24:aa:48:99:3e:32: + 76:cb -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAI9EJv+3Q+GaMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJAM7j/zEQRtJ2MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MDkyMzE5MjMzOFoXDTE4MDYxOTE5MjMzOFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE2MDcyNTE4NTYzNFoXDTE5MDQyMTE4NTYzNFowgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -58,8 +59,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADgYEADkas2CkdEhIGDNM/fVguDRFeXQ3dF8APqgFNpMSEgW5krtFdWM0Z -anSkRi/IQ3k5wJFLfHHqTmNEZhVBFd5QguPp0VVVzFo4HjpZsw7uDlRNk+fgjiel -bgi4ajnaLUdixFuJwEhIKtXwVXT9prFoPHCkUiSB7ExX4OgYc50KTdg= +b0B3b2xmc3NsLmNvbYIJAM7j/zEQRtJ2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAlQnMldH/hFsetJZRWEB6aMd9Xlwn9xVlUM4CKRNsXi1ox/K9622u +/l6PBTLkJvD3+WSS5c/1YGVx+kd03SvBx+DjpW6XxtjAkP+dlGWFc7LHNezTRLWP +U/vJIe6TXxzWDdm0ww10h67HsUK+aWfbHHkJwGmsSn3qJKpImT4ydss= -----END CERTIFICATE----- diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der index c2bd6df8fe58e67cfaf20cb20bce0bd93a31726b..64114e4e88e25e2c912a3c34d5d1e2ab8137f436 100644 GIT binary patch delta 212 zcmX@fev)0npo#gYK@+py0%j&gCMHgXjf#@BVpX|MCrWIUHZw3cGBva?H8VDe66ZCv zG%ztTgmNd>FfH8N$vB;n1EyiJ2D4(l#9I9VZfnMituN#Eed~0Y%VswBVR&sZlfa&+ zzA2&=rdMX@{aklHeR|Hf&gXg0e=nMTym0YN=8Q`Vqobm~f38sev!*bgd)mEch4Ux; z)%rQZ@_&2QC2_6wPcCiMneh8e*#Xv6&gqL^7*v(U?~IK*dUWloG&8lE>6LQQGp~JJ Jb^RSiMTmJw6 delta 212 zcmX@fev)0npo#gYK@+py0%j&gCMHgX$JZD9D!Z@sYof$fX;TAJ19L+QBSQnjC~;mx z3j;%ALnwE04b#HSos82NIba$lYcMO;%Wl6~^Kj#h1L?6_FLyi-&@4>uKcgmZ%o*xD zd-XBtJ;xcRO8rWG@ORGZd@g>GH(T}Z$QaxWntnxwlfl>`{`3m5e!=ZKE~GsS(fDk? zKP$h?Ln|(9`8k;nEO*8CvQ;SNUfVdk)NsmHw;zH29UR^pA>Ti>46%W+!%>h`af9+T^X z=16-V5bypiw~JFbY|WF4_nseF>Cqr}X}+`F7l+>#zwDEO))mLu^6gXfUlu3pBl7oW zq|-zVbA`t-Ssa00aV&4TXH56KV0&`CvC<{Y=D#~m&zv^(n8gW8d5bx{&OOHQ`}4*A lXUKJL{JCk}+?2H;cYi(DP&51P-)TJsJ#o*kGBEx60sw*(of-fD delta 335 zcmZ3-xsFr9powLbK@;<&1N_?zYpPaW3}(o*dCO&B?I=5G zq0WlAI**mxD<6dBOos{Q@#aqP=1HWx!~w0SKS{s zGAC_&QT`^_)5`qMc40k}gj~hQTTEVjf4?1As%Ek*YyOd1jfa1K3u)}w##kSo_Q$RD zlJb^kA>8luX0LcqpyB&`=~vs^elupMJTjPha>0IWhVTpb=l%*mKl#ryGoGap3sbda z_odcXF38qQycqPJzfH01lJKE>#o~b+sdlnI4WiA;1oLe!^Dt-IeUI6wwnBO-qtz^l z+*bmc>GP^pv>r6v$u~{-rjyDPc88%wP*_oU>Y}%y=PKVGst&yRqkEO}g2&A9;zG;1 nm6kONI&SknR(PqwH}T!lTy`}n**RaT*;AHXp0B%z>CiaLcwa+ zEY1y|KQXVkeMf(fe0$a6EB#kJr`Oqptl9YZgC*}j&RNRejFve@?oD{H_a1{;zTHd5 z{FTYaS6!|C{KV2@-nWEf$J(wIwJD$dnw1>9chyJc45Y2s*Cl>hD?|U^nooQ1w082-jM*si- diff --git a/certs/client-cert.pem b/certs/client-cert.pem index 569cdddac..885a4e631 100644 --- a/certs/client-cert.pem +++ b/certs/client-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 12260966172072242701 (0xaa27b3c5a9726e0d) + Serial Number: + d2:fe:4a:9e:aa:a9:46:31 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Jul 25 18:56:34 2016 GMT + Not After : Apr 21 18:56:34 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +38,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AA:27:B3:C5:A9:72:6E:0D + serial:D2:FE:4A:9E:AA:A9:46:31 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 51:96:a7:1c:26:5d:1c:90:c6:32:9f:96:15:f2:1d:e7:93:9c: - ac:75:56:95:fd:20:70:ab:45:6a:09:b0:f3:f2:03:a8:db:dc: - 2f:bc:1f:87:7a:a3:d4:8f:d5:49:97:7e:3c:54:ac:b1:e3:f0: - 39:0d:fe:09:9a:23:f6:32:a6:41:59:bd:60:e8:bd:de:00:36: - 6f:3e:e9:41:6f:a9:63:c7:aa:d5:7b:f3:e4:39:48:9e:f6:60: - c6:c6:86:d5:72:86:23:cd:f5:6a:63:53:a4:f8:fc:51:6a:cd: - 60:74:8e:a3:86:61:01:34:78:f7:29:97:b3:a7:34:b6:0a:de: - b5:71:7a:09:a6:3e:d6:82:58:89:67:9c:c5:68:62:ba:06:d6: - 39:bb:cb:3a:c0:e0:63:1f:c7:0c:9c:12:86:ec:f7:39:6a:61: - 93:d0:33:14:c6:55:3b:b6:cf:80:5b:8c:43:ef:43:44:0b:3c: - 93:39:a3:4e:15:d1:0b:5f:84:98:1d:cd:9f:a9:47:eb:3b:56: - 30:b6:76:92:c1:48:5f:bc:95:b0:50:1a:55:c8:4e:62:47:87: - 54:64:0c:9b:91:fa:43:b3:29:48:be:e6:12:eb:e3:44:c6:52: - e4:40:c6:83:95:1b:a7:65:27:69:73:2f:c8:a0:4d:7f:be:ea: - 9b:67:b2:7b + 87:f1:ab:95:97:e3:c7:71:5d:a9:3d:63:80:be:e2:c0:77:dc: + 02:43:70:c5:f2:45:2d:f8:d8:69:92:b6:e8:77:ec:53:49:3a: + 37:fc:b7:13:2e:34:60:6d:21:59:da:02:4a:0e:fd:f6:c0:a5: + 26:34:a6:6a:9f:c4:7d:28:e1:fd:fb:12:28:b8:b6:01:7f:57: + 66:fc:46:85:d2:23:b4:e6:54:0b:ee:2e:9b:a8:e0:70:28:4d: + e7:a5:f5:3d:db:4e:98:98:24:e2:30:99:c9:a0:bf:2b:00:57: + d0:df:9d:fa:57:cf:93:fc:e6:36:0c:a5:58:a1:65:2b:1d:be: + 65:79:a0:6b:29:61:d1:52:ef:0f:86:21:76:d2:13:c2:de:73: + 17:51:08:65:3e:1d:f9:30:5b:36:76:11:6f:3c:d3:0c:03:6b: + 3e:f7:5c:b1:26:a8:1b:a5:01:3a:9a:18:6d:ea:10:29:67:9e: + 7b:24:2a:e0:80:dc:6f:35:60:f6:2c:65:02:56:dc:00:84:11: + 13:21:23:95:a2:ed:55:ce:79:ed:c2:7b:51:d5:f8:8b:aa:43: + a0:e3:03:5f:17:12:a6:8b:22:a6:83:11:41:b6:4f:c6:71:d2: + 80:4d:61:ee:a5:6d:07:26:1a:1d:9c:f4:7b:07:64:a6:d3:9f: + 2d:a2:c2:ce -----BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgIJAKons8Wpcm4NMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIEyjCCA7KgAwIBAgIJANL+Sp6qqUYxMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG +ZnNzbC5jb20wHhcNMTYwNzI1MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -77,11 +78,11 @@ xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW -EGluZm9Ad29sZnNzbC5jb22CCQCqJ7PFqXJuDTAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQBRlqccJl0ckMYyn5YV8h3nk5ysdVaV/SBwq0VqCbDz8gOo -29wvvB+HeqPUj9VJl348VKyx4/A5Df4JmiP2MqZBWb1g6L3eADZvPulBb6ljx6rV -e/PkOUie9mDGxobVcoYjzfVqY1Ok+PxRas1gdI6jhmEBNHj3KZezpzS2Ct61cXoJ -pj7WgliJZ5zFaGK6BtY5u8s6wOBjH8cMnBKG7Pc5amGT0DMUxlU7ts+AW4xD70NE -CzyTOaNOFdELX4SYHc2fqUfrO1YwtnaSwUhfvJWwUBpVyE5iR4dUZAybkfpDsylI -vuYS6+NExlLkQMaDlRunZSdpcy/IoE1/vuqbZ7J7 +EGluZm9Ad29sZnNzbC5jb22CCQDS/kqeqqlGMTAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQCH8auVl+PHcV2pPWOAvuLAd9wCQ3DF8kUt+Nhpkrbod+xT +STo3/LcTLjRgbSFZ2gJKDv32wKUmNKZqn8R9KOH9+xIouLYBf1dm/EaF0iO05lQL +7i6bqOBwKE3npfU9206YmCTiMJnJoL8rAFfQ3536V8+T/OY2DKVYoWUrHb5leaBr +KWHRUu8PhiF20hPC3nMXUQhlPh35MFs2dhFvPNMMA2s+91yxJqgbpQE6mhht6hAp +Z557JCrggNxvNWD2LGUCVtwAhBETISOVou1VznntwntR1fiLqkOg4wNfFxKmiyKm +gxFBtk/GcdKATWHupW0HJhodnPR7B2Sm058tosLO -----END CERTIFICATE----- diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der index fa9a2483963e2c798bf6ac0a46e6168afb87b66e..c0a0066bcd611b99fc5f6bd3a5aff5a9d2e508b6 100644 GIT binary patch delta 156 zcmeBS>t&NLXkz9xXkuEwfSHMriHVb8=Qg=VX1Tfv6D1Z(n;DoJnHpM{ni-o!iSrs- z8kiUvLb;Rqm?msaVYFrBfN7Y#l1bXrgTcU+Nx^tZLTwyY&1ZA00HJS AU;qFB delta 155 zcmeBW>tT~HXkz9tXkuEwfSHMriHVcpey>&G1EtA)6D1Z(n;MuJm>XIc85$TyiSrs- z7#JEGLb;Rqm?msaVYFrBfN7Y#l1bXbox#9`Nui{AUEQ1$nNz#C*Vdmjx3#I?{{Hi= z*{?1vFXLKLF7$l`lS1Lt_Rj4qx_AGY-*QL0@Q&BfsMJk=jE|f%^Iv_;!Yro)0Lh>` AG5`Po diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem index 20905154c..cc1e8288e 100644 --- a/certs/client-ecc-cert.pem +++ b/certs/client-ecc-cert.pem @@ -1,12 +1,13 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 16108595702940209934 (0xdf8d3a71e022930e) + Serial Number: + b9:b6:1e:e2:36:6d:2d:60 Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Jul 25 18:56:34 2016 GMT + Not After : Apr 21 18:56:34 2019 GMT Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -18,27 +19,28 @@ Certificate: 06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22: 5f:c7:5d:7f:b4 ASN1 OID: prime256v1 + NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 X509v3 Authority Key Identifier: keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:DF:8D:3A:71:E0:22:93:0E + serial:B9:B6:1E:E2:36:6D:2D:60 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:74:7b:ae:7e:9c:c8:69:95:8a:0b:ad:7f:c9:37: - 3d:3c:7f:b7:ef:f3:da:9b:ea:d0:a7:76:0a:a4:77:12:f7:a8: - 02:20:71:95:87:89:b7:a8:8b:bb:fa:9f:84:dc:2b:71:dc:4a: - c5:5a:65:b2:fc:33:c4:ce:36:4f:ab:c6:38:36:6c:88 + 30:45:02:20:33:94:59:9a:cc:b1:19:90:4e:e5:ba:7c:03:a5: + 4e:05:e1:17:5d:19:50:aa:42:79:4f:6c:59:d2:55:95:88:81: + 02:21:00:aa:90:82:a5:a2:59:e6:a1:d0:93:05:1d:5a:55:3c: + 40:aa:9f:00:5a:7e:46:02:74:bc:95:bc:94:85:10:27:e6 -----BEGIN CERTIFICATE----- -MIIDCDCCAq+gAwIBAgIJAN+NOnHgIpMOMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG +MIIDCTCCAq+gAwIBAgIJALm2HuI2bS1gMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1MDUwNzE4 -MjEwMVoXDTE4MDEzMTE4MjEwMVowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDcyNTE4 +NTYzNFoXDTE5MDQyMTE4NTYzNFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV @@ -48,7 +50,7 @@ RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ -AN+NOnHgIpMOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgdHuufpzI -aZWKC61/yTc9PH+37/Pam+rQp3YKpHcS96gCIHGVh4m3qIu7+p+E3Ctx3ErFWmWy -/DPEzjZPq8Y4NmyI +ALm2HuI2bS1gMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgM5RZmsyx +GZBO5bp8A6VOBeEXXRlQqkJ5T2xZ0lWViIECIQCqkIKlolnmodCTBR1aVTxAqp8A +Wn5GAnS8lbyUhRAn5g== -----END CERTIFICATE----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index da4e61795..505a51c05 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,38 +2,38 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Jul 25 18:56:35 2016 GMT + Next Update: Apr 21 18:56:35 2019 GMT CRL extensions: X509v3 CRL Number: 3 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - a2:15:f0:cf:70:85:49:b9:5b:c1:af:2b:22:14:9d:ee:11:8d: - 93:2d:58:17:d8:f6:b6:1a:1a:25:a2:27:c9:6b:4f:b3:31:c7: - 2c:52:c4:53:59:19:ef:cf:91:ee:b5:19:28:37:49:9e:b6:e0: - 41:62:4c:9f:f1:34:bf:88:aa:ae:24:38:8d:29:0a:64:08:a8: - 68:f4:b5:28:73:d6:94:b9:0a:3f:7c:c1:22:72:be:14:ba:c9: - 1b:9d:26:af:78:c2:cf:5f:ff:1e:cc:25:c0:63:f1:9b:97:85: - 5c:c0:4d:14:ed:f9:ad:cb:02:7d:05:c7:5c:c1:7c:89:72:35: - 49:70:a8:b1:ae:91:96:77:9a:c6:cb:38:27:88:3f:f4:c8:ba: - c9:08:7f:dd:a6:41:82:62:65:a0:f2:0c:36:5a:d9:15:57:5e: - 66:c3:a2:ff:5e:4d:7c:bc:4b:7c:30:84:44:e3:06:34:a8:42: - 3b:d9:6a:04:4a:0b:e5:59:66:63:b9:7a:80:48:68:31:1c:aa: - 98:bc:09:0e:a7:83:5f:a7:00:f1:fb:78:bc:08:86:73:ef:53: - 25:b8:1b:5e:7c:77:a8:12:7b:52:7f:1e:63:bc:db:60:99:46: - ab:e1:2e:48:d1:28:40:68:1e:9e:a0:2f:14:04:66:b3:b1:b1: - 3b:d0:46:64 + 32:20:a7:c7:0e:06:b4:f2:c4:9d:1e:25:56:f9:3f:78:70:8e: + e7:ca:b6:14:aa:03:9a:ae:5b:26:56:73:c3:93:bd:57:f6:3f: + ac:15:50:6d:1f:55:4a:5f:d6:4d:96:9f:e7:cd:1e:c2:79:9a: + 2c:44:35:70:3d:0d:0a:fe:7c:ed:dd:20:72:c7:0f:df:5d:11: + 6b:fd:fc:81:66:ef:6f:df:dd:f9:fe:6c:ec:cf:64:ba:c4:83: + 42:d3:8c:a4:be:06:4d:c0:2c:0e:d4:8f:dd:c3:7d:82:b0:de: + c7:11:9c:99:4e:f5:64:3a:03:1c:c9:ea:fa:da:df:28:42:0f: + 6e:86:f2:fc:ea:63:a7:f4:6a:29:8f:8f:11:ce:7f:44:38:f5: + b6:b4:16:75:e7:37:81:a1:81:c5:13:7d:fe:b3:81:72:db:53: + 00:c5:07:10:fb:8f:28:5d:43:3e:5f:d2:b7:f1:61:08:8b:f1: + 1f:87:06:b8:c9:5e:da:68:e0:2b:90:50:1f:41:86:1d:1b:9b: + 87:57:d3:4a:fa:d2:7f:80:45:81:6d:fe:68:c6:4f:b4:96:78: + a7:fe:80:b0:5d:5c:a2:56:c3:1d:b8:27:19:8a:e5:99:c4:81: + 94:09:6f:9f:80:3d:5f:1f:cc:68:89:fe:62:e9:cb:67:3c:aa: + 01:46:2c:52 -----BEGIN X509 CRL----- MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1 -MDcxODIxMDFaFw0xODAxMzExODIxMDFaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAohXwz3CFSblbwa8rIhSd7hGNky1YF9j2thoaJaInyWtPszHH -LFLEU1kZ78+R7rUZKDdJnrbgQWJMn/E0v4iqriQ4jSkKZAioaPS1KHPWlLkKP3zB -InK+FLrJG50mr3jCz1//HswlwGPxm5eFXMBNFO35rcsCfQXHXMF8iXI1SXCosa6R -lneaxss4J4g/9Mi6yQh/3aZBgmJloPIMNlrZFVdeZsOi/15NfLxLfDCEROMGNKhC -O9lqBEoL5VlmY7l6gEhoMRyqmLwJDqeDX6cA8ft4vAiGc+9TJbgbXnx3qBJ7Un8e -Y7zbYJlGq+EuSNEoQGgenqAvFARms7GxO9BGZA== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3 +MjUxODU2MzVaFw0xOTA0MjExODU2MzVaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG +9w0BAQsFAAOCAQEAMiCnxw4GtPLEnR4lVvk/eHCO58q2FKoDmq5bJlZzw5O9V/Y/ +rBVQbR9VSl/WTZaf580ewnmaLEQ1cD0NCv587d0gcscP310Ra/38gWbvb9/d+f5s +7M9kusSDQtOMpL4GTcAsDtSP3cN9grDexxGcmU71ZDoDHMnq+trfKEIPboby/Opj +p/RqKY+PEc5/RDj1trQWdec3gaGBxRN9/rOBcttTAMUHEPuPKF1DPl/St/FhCIvx +H4cGuMle2mjgK5BQH0GGHRubh1fTSvrSf4BFgW3+aMZPtJZ4p/6AsF1colbDHbgn +GYrlmcSBlAlvn4A9Xx/MaIn+YunLZzyqAUYsUg== -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index 20610ef60..72c3353fb 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 23 22:05:10 2015 GMT - Next Update: Apr 18 22:05:10 2018 GMT + Last Update: Jul 25 18:56:35 2016 GMT + Next Update: Apr 21 18:56:35 2019 GMT CRL extensions: X509v3 CRL Number: 1 Revoked Certificates: Serial Number: 02 - Revocation Date: Jul 23 22:05:10 2015 GMT + Revocation Date: Jul 25 18:56:35 2016 GMT Signature Algorithm: sha256WithRSAEncryption - 68:55:84:c7:53:54:06:ea:3e:f2:d0:3d:e6:30:84:d5:12:82: - 55:5b:4c:74:60:49:5d:4f:73:cd:cc:5f:42:bf:0d:93:93:a6: - 81:60:9d:0c:7f:c6:75:f0:77:77:1f:81:cf:02:4a:7f:2e:e3: - 1b:c4:b0:eb:0f:25:53:3d:78:7b:3e:8f:16:5e:37:c6:fd:f5: - 93:bb:9a:d7:f1:78:eb:78:9f:5d:44:85:e0:5e:14:8b:b5:2b: - c5:af:23:43:82:27:0b:db:de:12:4a:1a:23:a7:f3:d9:3a:3f: - 6f:23:e2:53:a0:ef:1e:b5:f2:da:c8:00:d2:f0:57:78:af:5d: - e3:8e:c4:06:27:7d:3d:ee:04:06:96:7a:9b:34:d9:e9:bc:a3: - 2d:6c:01:36:c4:5d:bf:c5:7f:74:f3:bb:55:75:ff:a1:a9:66: - cc:b2:e0:a0:f6:0b:05:e1:ac:69:42:3f:df:b4:dd:8f:37:5c: - f5:09:4f:a7:c3:d6:ae:a2:c6:63:f3:ed:03:df:3c:ee:58:c1: - 45:e8:85:7b:99:aa:fc:7d:ae:69:94:b9:50:0a:76:7d:b9:fd: - 74:55:b8:b1:37:75:7d:f7:e6:1a:91:cd:68:b6:49:37:cb:c8: - e1:69:57:1b:c6:ef:ec:0a:fa:d3:72:92:95:ec:f1:c1:c3:53: - 7d:fb:d0:66 + 46:b9:33:dc:07:be:e4:45:64:3f:3c:80:c8:20:9e:f5:3f:24: + f2:a7:79:a9:3f:66:8b:e6:44:f6:ca:a5:e5:51:e5:11:66:bb: + 0c:1d:b1:df:ad:98:d8:b1:c4:b6:0f:c5:09:1c:7f:f7:c3:c0: + c8:7f:8b:8e:a1:e1:fc:0c:a8:17:ce:d1:0e:98:f2:de:8a:b2: + 93:6e:a1:1d:bd:66:4e:29:d6:01:fb:6a:50:ff:f1:a5:bd:e1: + 85:2e:a1:86:94:dd:0e:c5:d6:6e:5b:68:bb:18:ca:58:b4:b8: + 53:d2:79:fe:d2:38:0c:08:f0:5b:08:c1:50:a5:0a:20:14:11: + cd:37:79:4c:c0:b1:77:85:fd:3e:c6:77:da:92:9f:22:2f:f6: + f1:7e:81:09:d0:ff:57:17:28:3d:4c:7f:eb:f0:b9:e4:eb:6c: + 25:a5:ce:58:ef:53:9a:92:57:30:2b:c4:fe:8e:26:0b:ce:f5: + e8:ce:83:fd:0a:3b:f1:63:10:fb:50:59:c3:5b:ba:28:b9:79: + 38:9f:50:f9:a6:3b:c5:4b:6d:49:24:e1:e7:99:81:d2:9b:29: + df:84:3e:41:0b:f4:1a:db:7a:8a:98:7e:11:02:12:2b:28:af: + 4b:e9:bc:98:21:3a:19:ba:50:36:4d:6e:0b:b1:1d:57:11:cf: + 3c:29:ba:08 -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMzIyMDUxMFoX -DTE4MDQxODIyMDUxMFowFDASAgECFw0xNTA3MjMyMjA1MTBaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAaFWEx1NUBuo+8tA95jCE1RKCVVtMdGBJ -XU9zzcxfQr8Nk5OmgWCdDH/GdfB3dx+BzwJKfy7jG8Sw6w8lUz14ez6PFl43xv31 -k7ua1/F463ifXUSF4F4Ui7Urxa8jQ4InC9veEkoaI6fz2To/byPiU6DvHrXy2sgA -0vBXeK9d447EBid9Pe4EBpZ6mzTZ6byjLWwBNsRdv8V/dPO7VXX/oalmzLLgoPYL -BeGsaUI/37Tdjzdc9QlPp8PWrqLGY/PtA9887ljBReiFe5mq/H2uaZS5UAp2fbn9 -dFW4sTd1fffmGpHNaLZJN8vI4WlXG8bv7Ar603KSlezxwcNTffvQZg== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDcyNTE4NTYzNVoX +DTE5MDQyMTE4NTYzNVowFDASAgECFw0xNjA3MjUxODU2MzVaoA4wDDAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQsFAAOCAQEARrkz3Ae+5EVkPzyAyCCe9T8k8qd5qT9m +i+ZE9sql5VHlEWa7DB2x362Y2LHEtg/FCRx/98PAyH+LjqHh/AyoF87RDpjy3oqy +k26hHb1mTinWAftqUP/xpb3hhS6hhpTdDsXWbltouxjKWLS4U9J5/tI4DAjwWwjB +UKUKIBQRzTd5TMCxd4X9PsZ32pKfIi/28X6BCdD/VxcoPUx/6/C55OtsJaXOWO9T +mpJXMCvE/o4mC8716M6D/Qo78WMQ+1BZw1u6KLl5OJ9Q+aY7xUttSSTh55mB0psp +34Q+QQv0Gtt6iph+EQISKyivS+m8mCE6GbpQNk1uC7EdVxHPPCm6CA== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 6bef57e6b..f408b7aac 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,43 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 22 16:17:45 2015 GMT - Next Update: Apr 17 16:17:45 2018 GMT + Last Update: Jul 25 18:56:35 2016 GMT + Next Update: Apr 21 18:56:35 2019 GMT CRL extensions: X509v3 CRL Number: - 7 + 2 Revoked Certificates: Serial Number: 01 - Revocation Date: Jul 22 16:17:45 2015 GMT + Revocation Date: Jul 25 18:56:35 2016 GMT Serial Number: 02 - Revocation Date: Jul 22 16:17:45 2015 GMT + Revocation Date: Jul 25 18:56:35 2016 GMT Signature Algorithm: sha256WithRSAEncryption - 7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce: - b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13: - 51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e: - 07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63: - 66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a: - 10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa: - dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf: - 13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69: - d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a: - 96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5: - ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99: - d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6: - 3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd: - 82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4: - 93:42:37:af + 6a:e9:52:bd:52:9c:0d:a2:e4:75:e7:e0:bb:b1:1d:83:c6:62: + 77:85:a3:2a:c9:17:dc:50:b7:55:cf:aa:63:67:8d:01:67:3b: + 54:0a:3b:44:61:41:be:aa:f7:cb:a8:06:99:6a:6d:82:5b:a5: + 40:6c:d1:3e:26:c7:a6:c1:24:15:19:11:45:8f:12:f5:84:e5: + 5f:ed:de:03:b8:d7:8a:61:3a:20:4f:87:2e:ca:34:d6:f5:cc: + 34:af:3f:df:66:55:e0:2d:e0:47:d8:9e:b7:2a:91:96:f2:01: + 74:0c:ef:b7:ca:3a:00:b6:1a:8c:5f:bc:57:d4:62:0c:30:31: + 40:d9:e9:a5:ea:75:48:a5:93:40:ba:5d:26:e4:cb:6e:01:16: + ba:ce:4b:96:64:b1:90:a0:bd:1b:56:0e:54:f2:8d:f5:99:37: + 5b:ce:1e:17:da:9f:b3:00:9d:b9:23:ae:3d:4e:2d:50:b7:ef: + ce:98:54:db:49:5e:27:f4:50:da:b2:cf:5c:d0:b8:77:06:a3: + 15:8f:6b:c3:e8:e9:19:3c:4c:d3:51:f9:a1:77:31:62:e6:94: + 25:41:75:6c:eb:05:a4:be:e8:97:1e:b0:c3:27:80:5d:49:17: + 02:87:ee:54:8d:83:63:57:5d:38:b2:78:9f:60:36:77:74:59: + db:89:15:cf -----BEGIN X509 CRL----- MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa -Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3 -MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR -iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo -HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi -Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr -Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb -LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu -/PtSJbYNcOzEk0I3rw== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3MjUxODU2MzVa +Fw0xOTA0MjExODU2MzVaMCgwEgIBARcNMTYwNzI1MTg1NjM1WjASAgECFw0xNjA3 +MjUxODU2MzVaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAaulS +vVKcDaLkdefgu7Edg8Zid4WjKskX3FC3Vc+qY2eNAWc7VAo7RGFBvqr3y6gGmWpt +glulQGzRPibHpsEkFRkRRY8S9YTlX+3eA7jXimE6IE+HLso01vXMNK8/32ZV4C3g +R9ietyqRlvIBdAzvt8o6ALYajF+8V9RiDDAxQNnppep1SKWTQLpdJuTLbgEWus5L +lmSxkKC9G1YOVPKN9Zk3W84eF9qfswCduSOuPU4tULfvzphU20leJ/RQ2rLPXNC4 +dwajFY9rw+jpGTxM01H5oXcxYuaUJUF1bOsFpL7olx6wwyeAXUkXAofuVI2DY1dd +OLJ4n2A2d3RZ24kVzw== -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 2e00a3729..1e0f31a14 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Jul 25 18:56:35 2016 GMT + Next Update: Apr 21 18:56:35 2019 GMT CRL extensions: X509v3 CRL Number: 4 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:62:9b:53:ee:21:52:bc:61:e8:ec:7b:f8:28:35: - 43:98:b8:57:9c:c7:73:cc:a0:45:e8:b9:96:2e:1c:c6:62:ff: - 02:20:2b:64:b8:3a:30:2c:15:7f:cf:57:99:60:9d:51:82:82: - ef:b6:13:cc:86:93:a2:19:41:12:a0:ec:7e:1e:07:09 + 30:45:02:20:63:27:98:5a:26:c9:de:b5:05:68:ea:63:2a:5f: + df:7f:92:37:17:ff:ad:8c:46:c7:e6:35:da:29:e6:e5:81:c7: + 02:21:00:ff:d7:35:dd:52:e0:9e:6c:41:9f:8d:6c:b9:a9:6f: + 45:d6:1a:65:59:72:a3:d1:70:57:6e:9e:e7:1b:fe:9f:ee -----BEGIN X509 CRL----- -MIIBJTCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM +MIIBJjCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgy -MTAxWqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDRwAwRAIgYptT7iFSvGHo -7Hv4KDVDmLhXnMdzzKBF6LmWLhzGYv8CICtkuDowLBV/z1eZYJ1RgoLvthPMhpOi -GUESoOx+HgcJ +DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwNzI1MTg1NjM1WhcNMTkwNDIxMTg1 +NjM1WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgYyeYWibJ3rUF +aOpjKl/ff5I3F/+tjEbH5jXaKeblgccCIQD/1zXdUuCebEGfjWy5qW9F1hplWXKj +0XBXbp7nG/6f7g== -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index 0746599f3..eff223aaf 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Jul 25 18:56:35 2016 GMT + Next Update: Apr 21 18:56:35 2019 GMT CRL extensions: X509v3 CRL Number: 5 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:0d:fe:b7:79:fb:66:6c:cb:36:0a:1a:f3:6d:73: - ea:68:ab:fc:46:7e:49:bd:15:2a:9f:a1:17:50:56:82:cf:1f: - 02:21:00:ff:13:85:80:29:a4:60:54:10:93:fb:20:13:b8:9c: - 25:48:53:5e:4b:33:ef:5c:aa:9e:98:74:e0:c8:c3:ef:df + 30:46:02:21:00:f9:33:9e:07:1a:74:76:74:a3:fb:d8:8a:88: + 4c:a2:15:4f:03:7e:63:6c:4f:03:1f:87:71:77:7a:8c:1d:a0: + 29:02:21:00:93:20:0c:67:58:33:10:f6:f5:a8:69:a2:0f:8c: + 7a:24:af:62:95:26:a7:0d:bc:47:81:1c:e6:6a:04:20:ff:6e -----BEGIN X509 CRL----- -MIIBKDCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBKTCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI -hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1MDcxODIxMDFaFw0xODAxMzEx -ODIxMDFaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNIADBFAiAN/rd5+2Zs -yzYKGvNtc+poq/xGfkm9FSqfoRdQVoLPHwIhAP8ThYAppGBUEJP7IBO4nCVIU15L -M+9cqp6YdODIw+/f +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3MjUxODU2MzVaFw0xOTA0MjEx +ODU2MzVaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA+TOeBxp0 +dnSj+9iKiEyiFU8DfmNsTwMfh3F3eowdoCkCIQCTIAxnWDMQ9vWoaaIPjHokr2KV +JqcNvEeBHOZqBCD/bg== -----END X509 CRL----- diff --git a/certs/ntru-cert.pem b/certs/ntru-cert.pem index 4e8aa3e6b..85ff5dbfa 100644 --- a/certs/ntru-cert.pem +++ b/certs/ntru-cert.pem @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIEzzCCA7egAwIBAgIIAazu2er3DUMwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV +MIIEzzCCA7egAwIBAgIIAU2eYQxWefkwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD VQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3 LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCIY -DzIwMTUwMjA0MDYzMzI5WhgPMjAxNjA2MTkwNzMzMjlaMIGKMQswCQYDVQQGEwJV +DzIwMTYwNzI0MTk1NjUxWhgPMjAxNzEyMDcxODU2NTFaMIGKMQswCQYDVQQGEwJV UzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBvcnRsYW5kMQ4wDAYDVQQKDAV5YVNT TDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDXd3dy55YXNzbC5jb20x HTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEB -AQYLKwYBBAHBFgEBAi4DggItAASCAiifDYOsBu8WQqIuom5HpD+jF7bvqvyO7LN4 -p7dOUfyBBX2zFc7fbhVoLcLw62Ye0i54UXMI/rglgOxEisVXPo0//Cs2rl3zwjho -fnEvEMpDU4mvqYTV8+N7FYoaUSEhMWTS0GMCJdK9aTvAz8l7F8gKP6MtgIv7Ght/ -r6JclP7fh12KMy9hiM/Tv3wqr+KhR8xFRfpL+paEIroidfpExFWbFB+xxA6KxGk4 -OEs/nus4rQl4w+6z5uf1cYfxKVRMFWLScEDQ3TdPcHz0+7fl/L7LYyCbK9z9LYVZ -5qZR1V27Iwx4H3d2w2D/3GGZpML/Uv8eBBHtODBbJC54U+bVh1ned28N1Y8I/bm8 -xRRCppfCJ3o+WxlsqHtyjIo/hi75SgUHknnbZ4hEuye1XhBBhUVhN2zybADMi1bv -S1RL/HAWsOO8qzBx5vkbVlDShsF+EccNUaNQyM98VE3FrUBbk4JxnyHBK5pA7aQ5 -7LOm83WkX2uR+ucR5en2TZIGVL+cJiTly+W7W8J83KEf5HJIUqnxFlgsre/0pMfe -7RqGer5Q4itWE+XWaPsDCUZnHy8a/CGdWlmdiGuw/0UvDqKQ4NRerbMgpo2Fl182 -fIQxfohhnm7iM0dAroIglkNBLM89A30d+73ZnUKgg4mRaqC5C29Me6LqpXjEUCiT -/s3g24IooqTj+8i8osRY5Zp4MQTmb3NrWVAWoOTtbFxDkhkwgqALupC8opUSIwAw -DQYJKoZIhvcNAQEFBQADggEBAHPi6MLfKV3ILr4wVgktXWNrPVgbqzUfoHhZhuhU -OgoT1KjiGQTpMrszGXyNKWTV+TpL2RmsBsXwI+lCl9nQMk5nkHAELShwXmgBpR+r -2dQTUy6C5xze8ZqPhsIjUjHyaagX8QY42SlSGOCChOEYshqO+QouPL2XOf2Hp4nJ -fgx4Mo2APTxGJ8TLYBCu4QzglCkKl7g1JRKBVA8Q4bkb1NWOnTgRQfIVv3N9DMn0 -ELw4uHkS2bXlzzbKRpwIMms0MIdWrVKFycQIp9Z2/7RsrIidZdGgsDeJLpItMZB8 -UM5Fz1UyZTy54Keoto4nBsU9ZJxzsTihT+Oq+/n1WaMEn+I= +AQYLKwYBBAHBFgEBAi4DggItAASCAigvOBBlcFH8dlJJwHU2oejeShSVHrxJouVs +bEw3GMypYjKwYuQI2dgeVjITToINjGJYc4FfEAWLo9M7LEy6meXs6tmbABb6AU5S +p1IG0DH/nn+8pdxDB5dvXFiEXKFHix+D1jAeaoWGxwQayz79ksFJiiQzmZJ/RL49 +sWCVRDrimMP++3faRWKVQRsriJtyV92ymMQtdIhrnUNmHRhWCtFTvlNY59TPxV6a +qde+NOh1tbzq7gTRhmhbOTweYXTDjaUdftfLG2c7p6G5RpbQNPkdeFTlompuiwew +KQ7ODblFWis0FivF6vol+TvidZMcxc3NheGWsu6/RpuEZ/sZssGVLdUR+7LOvf9f +NJIJ10+6A4sb9eaDStQ93GTwoFKwvBTRhaYDzXhL/6YzKFJiXUC6Q3UH4dm74Cvy +s6WlzCcBpaFUCVIz5Gsrgrdq9x3hFs1NryYn/Fa/uerGffbseceC2UWdQa0ta2JA +shrTHxK2ObPTDV0wPDVzCTG5XCSRSo0aGS98JIL1uSNfUhk9jfwA7c+F9N16Kle0 +cpcKK2xnWH97cpp/CRwGbi4LHQhwfoXmLoEWAVeOdj6PF+Rla4/UtlrdZ1ugha6Z +63TAwrLp2/NfOv+1aB0U5TzGiBB20T3vD+bXI6SXGPHtAJooP/oCLwKqajCFYJ+o +dlUNXpGsoJ6inz+U1uZoh1u6q3KZV8IpXSwBVYyzrBivIRt9+qJgUfwuO+FNqYAw +DQYJKoZIhvcNAQEFBQADggEBAI62PKLge07dXYlSyruxweQe8jscqn5IQoBW4LtR +fd45BS649nTL7XB2d3ldCdRE24mR74cqo/WXaQoyjyYME0r/uvwqiYPFJtydZk/X +mKfz8209b6qtvITL0/mLFDn092fXUVOMRvZ73mqhLOV5995j4e4bsn24dwWfn5Zd +sXrbjVfiVYONT2xeXWZkldlQP9tUeRSoWDjJM4OOR0lVrBVPGj6YkskTbbrNnUNV +vaxnuTJOwDpt+xHtu6IqP9SnFOVt24cIWGp/bFma1KxbxtMCoEF63rawMea51c5V +wI1eg+rlazRjWTHvWLSWLY7DLGh0+IJoRaMcJxaFqun2hAQ= -----END CERTIFICATE----- diff --git a/certs/ntru-key.raw b/certs/ntru-key.raw index 740bd340eb074e5921b2acba8427cb2132bd4e6d..562c4e4e696711eb63958318fc6316e9eaeb7ca6 100644 GIT binary patch literal 607 zcmZQ#W?&M~w-87z2>eqP&WE^%gMlF^2wCmc6#$b}gR z`!(_QBt;ZA#tX1^FTQN8Jef&Snt%#poBbJc#Xr;s1H{dzRjDW}luP6VVd0 z(7ju}`I>=TR%_dF7OB&Ae{2nFIjP=dpY6tksV-KJW*q+ayZn}G(o{!j?T*<+ z;deL9IHFt9kv-QrO;#d|>tgV};E3l}&L54NwetEtlNY61_q=+?a? zQrWuer=`=amoMDuHtmARPuYr)r;D=ky4g2q@}1+|=^CYNBBp)x)i2eb){jaj%N#v> zw)Nq(P4D)*&2CBmExGC7RNbqBzc-!R`#;`f66baQUCiCmU!OI5U9r8B@?k;HhCLz| zTbD7Pt?>T8%vd8RDb`_^b1D17o4X%qf7-ls=^1s#r3*tigN&bKYd3Ar`Y!uW?5yv4 zHT6GX`**%NR{QNuSiZ7Y?8VxFSN~a^JU&x0~^y~PQ#rsDighWr6l!h zRGPl-RE`glwC(-F@b-M`m%CM3;aiHPb7|+KN7Ppr&8p{=VawCwmgOj@Ykj8ID8?Ax zS7z5Q{virkA%r$6Nj1njtIl)aF=+K-opx_x#VUD=(QY z@$oIgEDif#O!`c#vJ6@i=C3FV<&B%TX2HBg^X;cxdzR52y=!&R% VS6xBVXSA1S|6IQCRB%@xbH`vv}KWUbvSdhULnXol{g z53keYF6mVS7IXaDq1y1qrR!+8U9bHgZL@W;pAT7N)D`LroN^BCT)(pA>gUJRqFqvf zii(CQmo6kTsb1QfX?@`Q$!hTvT=t7~8@hi>N!PDm6f@=D{r1={WBtUA^OyJ6Xsv&= z(EW_7>o4zL(^`~vDV6?mITAWsM1JEDzOEyg78c(2^Ilu5<*YdTZu7I}UklqmYKHiT zCS59UxNz6pzo6#J@9j_j>^q&TFkAc1U)|QoXUhVw#_m?;sgN%(JDl+UPU6fZhyDls zmtzrpYhe(rqE`|8>}q@Dz4CnCtNk2*ckVeV;)iu#P=Ti>DneMRn-XY$93dA-%-m}`E@Yzr4uz*W#2kQin^9C*s zIB~uv#P{f0hv>;oh4U2;YR__byTtO%=4GEtm&9jJ{PkS$>C11vlh{J`&rwr(div?^ z=tDJk7Ro;<@(5b_Q7l4d?fWlFj^BGL)mF7H;E{Hi@Y8Dbat75o@iY_uNoNM%6F8hOQp&moCP- VOwzJ2JQgCkxlmwL)UiUb0{|K`Dv1C9 diff --git a/certs/server-cert.der b/certs/server-cert.der index 0c936a241e174dc782f39758850bd3e80c0e7e1e..8f6c8a8b9053bff0804ef173914cda0ea8b5f068 100644 GIT binary patch delta 318 zcmZ3)xrlSZZaFgpb0bqj3sW;=lPGasLrVh_BSR?HpmDFU;L%2B_Ja)d?JMCl#L znZL5@!_BpK3umx!TC27{etY2)lS0(4V=m_V!X~-Z20a&=|8VEt>k&sA_eqPMyd3U! z;*MXT?uI+ejc2D^%{RE??#UyzxBJ@Z=@zbgZ!K=J-|{)T+M)hc-;^uYvbtV$in_mK zp8DH{_3|U#YkO^GXHVMjq+RPd$EwgZIV1 z=ygGA?fjE>Jw72>6PqGh`z|%_e3;5opD6aX-eF((qvL<^+yAPP|Dmy{NaU)b=8XeR Y%kN!cD7|#|Ht&WeV|}gr3z*t#0WaQ`Q~&?~ delta 318 zcmZ3)xrlSZZaGr}Qv-8D3nN1V!zgiHLkj~#V?!v{pmDEba4`=zMSQ+qDs+W=|*@|7!Z6dIh?( Date: Mon, 25 Jul 2016 13:24:36 -0700 Subject: [PATCH 06/34] add --enable-harden swtich for timing resistance and blinding, on by default --- configure.ac | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/configure.ac b/configure.ac index 753457d48..bf5a27fbe 100644 --- a/configure.ac +++ b/configure.ac @@ -192,6 +192,18 @@ AC_ARG_ENABLE([maxstrength], [ENABLED_MAXSTRENGTH=no]) +# Harden, enable Timing Resistance and Blinding by default +AC_ARG_ENABLE([harden], + [AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])], + [ENABLED_HARDEN=$enableval], + [ENABLED_HARDEN=yes]) + +if test "$ENABLED_HARDEN" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING" +fi + + # IPv6 Test Apps AC_ARG_ENABLE([ipv6], [ --enable-ipv6 Enable testing of IPV6 (default: disabled)], From 16336e37ec5c65440bd14f1c6bea36ec536785b6 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 25 Jul 2016 13:47:53 -0700 Subject: [PATCH 07/34] fix blinding with fips --- wolfssl/wolfcrypt/settings.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c2130f6a2..ad95b6137 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -155,6 +155,8 @@ /* make sure old RNG name is used with CTaoCrypt FIPS */ #ifdef HAVE_FIPS #define WC_RNG RNG + /* blinding adds API not available yet in FIPS mode */ + #undef WC_RSA_BLINDING #endif From cd5486a4e6c5247091753fbcf2413c20a1c5503a Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 25 Jul 2016 15:33:28 -0700 Subject: [PATCH 08/34] fix user_rsa with blinding API addition --- wolfcrypt/user-crypto/include/user_rsa.h | 1 + wolfcrypt/user-crypto/src/rsa.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/wolfcrypt/user-crypto/include/user_rsa.h b/wolfcrypt/user-crypto/include/user_rsa.h index fbf9430fe..72d2c610e 100644 --- a/wolfcrypt/user-crypto/include/user_rsa.h +++ b/wolfcrypt/user-crypto/include/user_rsa.h @@ -105,6 +105,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, #endif WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); +WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 748c420c4..e39ee6e68 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -2670,5 +2670,19 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) #endif /* WOLFSSL_KEY_GEN */ +#ifdef WC_RSA_BLINDING + +int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) +{ + if (key == NULL) + return BAD_FUNC_ARG; + + (void)rng; + + return 0; +} + +#endif /* WC_RSA_BLINDING */ + #endif /* NO_RSA */ From 51042e166f1bde27dcb662baaa85f205b6ac2b4c Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 25 Jul 2016 15:57:38 -0700 Subject: [PATCH 09/34] fix mcapi with blinding API addition --- mcapi/crypto.c | 11 ++++++++++- mcapi/crypto.h | 3 ++- mcapi/mcapi_test.c | 6 ++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/mcapi/crypto.c b/mcapi/crypto.c index b73ff2772..d15bfad26 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -536,7 +536,16 @@ int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX* rsa) return BAD_FUNC_ARG; return RsaEncryptSize((RsaKey*)rsa->holder); -} +} + + +int CRYPT_RSA_SetRng(CRYPT_RSA_CTX* rsa, CRYPT_RNG_CTX* rng) +{ + if (rsa == NULL) + return BAD_FUNC_ARG; + + return wc_RsaSetRNG((RsaKey*)rsa->holder, (WC_RNG*)rng); +} /* ECC init */ diff --git a/mcapi/crypto.h b/mcapi/crypto.h index 36232a452..8fe323631 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -220,7 +220,8 @@ int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX*, unsigned char*, unsigned int, const unsigned char*, unsigned int); /* helpers */ -int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*); +int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*); +int CRYPT_RSA_SetRng(CRYPT_RSA_CTX*, CRYPT_RNG_CTX*); diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index a34834d17..0a6d77e74 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -1296,6 +1296,12 @@ static int check_rsa(void) return -1; } + ret = CRYPT_RSA_SetRng(&mcRsa, &mcRng); + if (ret != 0) { + printf("mcapi rsa set rng failed\n"); + return -1; + } + ret = CRYPT_RSA_PublicEncrypt(&mcRsa, out1, sizeof(out1), ourData, RSA_TEST_SIZE, &mcRng); if (ret < 0) { From a274386693b2250b86e3e1f95c10c4ece2a58cb0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 25 Jul 2016 19:19:46 -0700 Subject: [PATCH 10/34] fix user rsa no error codes? --- wolfcrypt/user-crypto/src/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index e39ee6e68..974789ce7 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -2675,7 +2675,7 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) { if (key == NULL) - return BAD_FUNC_ARG; + return USER_CRYPTO_ERROR; (void)rng; From fc6a5c0702c40ca8c89b4d756dfe01d7d814a87f Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 26 Jul 2016 09:06:46 -0700 Subject: [PATCH 11/34] fix mcapi w/o harden --- mcapi/crypto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mcapi/crypto.c b/mcapi/crypto.c index d15bfad26..c8a99f579 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -544,7 +544,13 @@ int CRYPT_RSA_SetRng(CRYPT_RSA_CTX* rsa, CRYPT_RNG_CTX* rng) if (rsa == NULL) return BAD_FUNC_ARG; +#ifdef WC_RSA_BLINDING return wc_RsaSetRNG((RsaKey*)rsa->holder, (WC_RNG*)rng); +#else + (void)rng; + + return 0; +#endif } From c80f1805f06362668963ee4281d151804e2a1a43 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 26 Jul 2016 10:35:40 -0700 Subject: [PATCH 12/34] Fix for failing OID check with "ocspstapling2" enabled. Found OID type in "ToTraditional" that should be keyType, not sigType. Added optional OID decode function and optional OID info dump in "GetObjectId" (both off by default). --- wolfcrypt/src/asn.c | 69 +++++++++++++++++++++++++++++++++++++++-- wolfssl/wolfcrypt/asn.h | 4 +++ 2 files changed, 71 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 300bc7dd7..a54040cd7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1117,7 +1117,45 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) return 0; } -#endif +#endif /* HAVE_OID_ENCODING */ + +#ifdef HAVE_OID_DECODING +int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz) +{ + int x = 0, y = 0; + word32 t = 0; + + /* check args */ + if (in == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + /* decode bytes */ + while (inSz--) { + t = (t << 7) | (in[x] & 0x7F); + if (!(in[x] & 0x80)) { + if (y >= (int)*outSz) { + return BUFFER_E; + } + if (y == 0) { + out[0] = (t / 40); + out[1] = (t % 40); + y = 2; + } + else { + out[y++] = t; + } + t = 0; /* reset tmp */ + } + x++; + } + + /* return length */ + *outSz = y; + + return 0; +} +#endif /* HAVE_OID_DECODING */ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx) @@ -1164,6 +1202,33 @@ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, if (oidType != oidIgnoreType) { checkOid = OidFromId(*oid, oidType, &checkOidSz); + #if 0 + /* support for dumping OID information */ + printf("OID (Type %d, Sz %d, Sum %d): ", oidType, actualOidSz, *oid); + for (i=0; i Date: Tue, 26 Jul 2016 13:32:54 -0700 Subject: [PATCH 13/34] only check server's cert key encipher on client for RSA key exchange --- src/internal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/internal.c b/src/internal.c index 8ec82794b..c908b5b21 100755 --- a/src/internal.c +++ b/src/internal.c @@ -6489,6 +6489,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifndef IGNORE_KEY_EXTENSIONS if (dCert->extKeyUsageSet) { if ((ssl->specs.kea == rsa_kea) && + (ssl->options.side == WOLFSSL_CLIENT_END) && (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { ret = KEYUSE_ENCIPHER_E; } From 37b84abe0b1fe5ed3379f2025eeb3b2e3b14c91c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 27 Jul 2016 09:36:16 -0600 Subject: [PATCH 14/34] change priority of cipher suite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA --- src/internal.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/internal.c b/src/internal.c index c908b5b21..fe591c849 100755 --- a/src/internal.c +++ b/src/internal.c @@ -2176,13 +2176,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, } #endif -#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; - } -#endif - #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 if (tls1_2 && haveDH && haveRSA) { suites->suites[idx++] = 0; @@ -2214,6 +2207,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, } #endif +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; + } +#endif + #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 if (tls1_2 && haveRSA) { suites->suites[idx++] = 0; From b0e72dd6923bf5cde29cceaaea276a0019514219 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 27 Jul 2016 10:39:42 -0700 Subject: [PATCH 15/34] Fix for "OID Check Failed". This restores behavior to what it was prior to commit "7a1acc7". If an OID is not known internally skip the verify and return success and the OID sum. --- wolfcrypt/src/asn.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e4fd585ee..b151f16a9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1229,10 +1229,9 @@ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, #endif /* HAVE_OID_DECODING */ #endif - if (checkOid == NULL || - (checkOid != NULL && (checkOidSz != actualOidSz || - XMEMCMP(actualOid, checkOid, checkOidSz) != 0))) - { + if (checkOid != NULL && + (checkOidSz != actualOidSz || + XMEMCMP(actualOid, checkOid, checkOidSz) != 0)) { WOLFSSL_MSG("OID Check Failed"); return ASN_UNKNOWN_OID_E; } @@ -4826,10 +4825,8 @@ static int DecodeCertExtensions(DecodedCert* cert) oid = 0; if ((ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz)) < 0) { - if (ret != ASN_UNKNOWN_OID_E) { - WOLFSSL_MSG("\tfail: OBJECT ID"); - return ret; - } + WOLFSSL_MSG("\tfail: OBJECT ID"); + return ret; } /* check for critical flag */ From 7cf0b8fe851841d1cb2a2c0ef2e1ce8e4f21ad1b Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 27 Jul 2016 11:20:08 -0700 Subject: [PATCH 16/34] fix scan-build warning on ecc memory alloc failure --- wolfcrypt/src/ecc.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 15fd09327..4344d0580 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1675,13 +1675,18 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, /* init variables */ tG = NULL; XMEMSET(M, 0, sizeof(M)); - err = mp_init(&mu); /* init montgomery reduction */ - if (err == MP_OKAY) - err = mp_montgomery_setup(modulus, &mp); - if (err == MP_OKAY) - err = mp_montgomery_calc_normalization(&mu, modulus); + if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { + return err; + } + if ((err = mp_init(&mu)) != MP_OKAY) { + return err; + } + if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { + mp_clear(&mu); + return err; + } /* alloc ram for window temps */ for (i = 0; i < 8; i++) { @@ -1903,21 +1908,28 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, /* init variables */ tG = NULL; XMEMSET(M, 0, sizeof(M)); - err = mp_init(&mu); /* init montgomery reduction */ - if (err == MP_OKAY) - err = mp_montgomery_setup(modulus, &mp); - if (err == MP_OKAY) - err = mp_montgomery_calc_normalization(&mu, modulus); + if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { + return err; + } + if ((err = mp_init(&mu)) != MP_OKAY) { + return err; + } + if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { + mp_clear(&mu); + return err; + } /* alloc ram for window temps */ for (i = 0; i < 3; i++) { M[i] = wc_ecc_new_point_h(heap); if (M[i] == NULL) { for (j = 0; j < i; j++) { - wc_ecc_del_point(M[j]); + wc_ecc_del_point_h(M[j], heap); } + mp_clear(&mu); + return MEMORY_E; } } From a94f34c8e24e8e13d4f25c5c954c62f7da775ac2 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 27 Jul 2016 14:24:34 -0700 Subject: [PATCH 17/34] fix remaining non fpecc ecc_del_point w/o heap --- wolfcrypt/src/ecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 15fd09327..145797fe2 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2237,7 +2237,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, } if ((err = mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL)) != MP_OKAY) { - wc_ecc_del_point(result); + wc_ecc_del_point_h(result, private_key->heap); return err; } From 32c0b6d97aca383aba013a46d2bac8de16849832 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 28 Jul 2016 15:46:45 -0600 Subject: [PATCH 18/34] prepare for release 3.9.8 --- README | 42 ++++++++++++++++++++++++++++++++++++++---- README.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 4 ++-- rpm/spec.in | 2 +- support/wolfssl.pc | 2 +- wolfssl/version.h | 4 ++-- 6 files changed, 89 insertions(+), 10 deletions(-) diff --git a/README b/README index 4e60f72d6..482bbec31 100644 --- a/README +++ b/README @@ -35,12 +35,46 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** - ********* wolfSSL (Formerly CyaSSL) Release X.X.X (TBD) +********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) -Release X.X.X of wolfSSL has bug fixes and new features including: +Release 3.9.8 of wolfSSL has bug fixes and new features including: -- X.509 bug fixes for reading in malformed certificates, reported by - researchers at Columbia University +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html diff --git a/README.md b/README.md index e6775d463..0ebba568a 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,51 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` + +# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +##Release 3.9.8 of wolfSSL has bug fixes and new features including: + +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + # wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) ##Release 3.9.6 of wolfSSL has bug fixes and new features including: diff --git a/configure.ac b/configure.ac index bf5a27fbe..ed283b5ef 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.9.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.9.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=6:0:3 +WOLFSSL_LIBRARY_VERSION=7:0:4 # | | | # +------+ | +---+ # | | | diff --git a/rpm/spec.in b/rpm/spec.in index 868586299..488f09cf4 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so.3 -%{_libdir}/libwolfssl.so.3.3.0 +%{_libdir}/libwolfssl.so.3.4.0 %files devel %defattr(-,root,root,-) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index bf71aab4c..0e9d02592 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.9.7 +Version: 3.9.8 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index 7fcd75f25..c044ee57a 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.9.7" -#define LIBWOLFSSL_VERSION_HEX 0x03009007 +#define LIBWOLFSSL_VERSION_STRING "3.9.8" +#define LIBWOLFSSL_VERSION_HEX 0x03009008 #ifdef __cplusplus } From 9ddfe93c434470f578a69674b1e0e16ccdee960f Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 2 Aug 2016 16:47:21 -0700 Subject: [PATCH 19/34] Fixed issue with CRL check and zero pad (the GetRevoked function was not trimming pad). Added new ASN "GetSerialNumber" function and implemented it in three places in asn.c. --- wolfcrypt/src/asn.c | 126 +++++++++++++++++----------------------- wolfssl/wolfcrypt/asn.h | 2 + 2 files changed, 55 insertions(+), 73 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b151f16a9..4a75f5e6f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2318,13 +2318,6 @@ void FreeDecodedCert(DecodedCert* cert) static int GetCertHeader(DecodedCert* cert) { int ret = 0, len; - byte serialTmp[EXTERNAL_SERIAL_SIZE]; -#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) - mp_int* mpi = NULL; -#else - mp_int stack_mpi; - mp_int* mpi = &stack_mpi; -#endif if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) return ASN_PARSE_E; @@ -2338,31 +2331,9 @@ static int GetCertHeader(DecodedCert* cert) if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0) return ASN_PARSE_E; -#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) - mpi = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (mpi == NULL) - return MEMORY_E; -#endif - - if (GetInt(mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) { -#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) - XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + if (GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, + &cert->serialSz, cert->maxIdx) < 0) return ASN_PARSE_E; - } - - len = mp_unsigned_bin_size(mpi); - if (len < (int)sizeof(serialTmp)) { - if ( (ret = mp_to_unsigned_bin(mpi, serialTmp)) == MP_OKAY) { - XMEMCPY(cert->serial, serialTmp, len); - cert->serialSz = len; - } - } - mp_clear(mpi); - -#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) - XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif return ret; } @@ -5307,6 +5278,49 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output) return result; } +WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, + byte* serial, int* serialSz, word32 maxIdx) +{ + int result = 0; + byte b; + + WOLFSSL_ENTER("GetSerialNumber"); + + if (serial == NULL || input == NULL || serialSz == NULL) { + return BAD_FUNC_ARG; + } + + /* First byte is ASN type */ + b = input[*inOutIdx]; + *inOutIdx += 1; + + if (b != ASN_INTEGER) { + WOLFSSL_MSG("Expecting Integer"); + return ASN_PARSE_E; + } + + if (GetLength(input, inOutIdx, serialSz, maxIdx) < 0) { + return ASN_PARSE_E; + } + + if (*serialSz > EXTERNAL_SERIAL_SIZE) { + WOLFSSL_MSG("Serial Size too big"); + return ASN_PARSE_E; + } + + /* skip padding */ + if (input[*inOutIdx] == 0x00) { + *serialSz -= 1; + *inOutIdx += 1; + } + + /* return serial */ + XMEMCPY(serial, &input[*inOutIdx], *serialSz); + *inOutIdx += *serialSz; + + return result; +} + const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; @@ -8922,28 +8936,9 @@ static int DecodeSingleResponse(byte* source, resp->issuerKeyHash = source + idx; idx += length; - /* Read the serial number, it is handled as a string, not as a - * proper number. Just XMEMCPY the data over, rather than load it - * as an mp_int. */ - if (source[idx++] != ASN_INTEGER) + /* Get serial number */ + if (GetSerialNumber(source, &idx, cs->serial, &cs->serialSz, size) < 0) return ASN_PARSE_E; - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - if (length <= EXTERNAL_SERIAL_SIZE) - { - if (source[idx] == 0) - { - idx++; - length--; - } - XMEMCPY(cs->serial, source + idx, length); - cs->serialSz = length; - } - else - { - return ASN_GETINT_E; - } - idx += length; /* CertStatus */ switch (source[idx++]) @@ -9655,39 +9650,24 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl, end = *idx + len; - /* get serial number */ - b = buff[*idx]; - *idx += 1; - - if (b != ASN_INTEGER) { - WOLFSSL_MSG("Expecting Integer"); - return ASN_PARSE_E; - } - - if (GetLength(buff, idx, &len, maxIdx) < 0) - return ASN_PARSE_E; - - if (len > EXTERNAL_SERIAL_SIZE) { - WOLFSSL_MSG("Serial Size too big"); - return ASN_PARSE_E; - } - rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap, - DYNAMIC_TYPE_CRL); + DYNAMIC_TYPE_CRL); if (rc == NULL) { WOLFSSL_MSG("Alloc Revoked Cert failed"); return MEMORY_E; } - XMEMCPY(rc->serialNumber, &buff[*idx], len); - rc->serialSz = len; + if (GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz, + maxIdx) < 0) { + XFREE(rc, dcrl->heap, DYNAMIC_TYPE_CRL); + return ASN_PARSE_E; + } /* add to list */ rc->next = dcrl->certs; dcrl->certs = rc; dcrl->totalCerts++; - *idx += len; /* get date */ b = buff[*idx]; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 293adfd4d..366a652d2 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -670,6 +670,8 @@ WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); +WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, + byte* serial, int* serialSz, word32 maxIdx); WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); From ed4cd2438f32a04fc592126f53e389163ed8a5fc Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 3 Aug 2016 10:53:54 +0900 Subject: [PATCH 20/34] CRL_Type to wc_DerToPem --- IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h | 1 + wolfcrypt/src/asn.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h index 3f4ddf4f6..fd57f0d8b 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h @@ -11,3 +11,4 @@ #define USE_FAST_MATH #define TFM_TIMING_RESISTANT + diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b151f16a9..9a78929af 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5413,6 +5413,16 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, XSTRNCPY(footer, END_CERT_REQ, footerLen); XSTRNCAT(footer, "\n", 1); } +#endif +#ifdef HAVE_CRL + else if (type == CRL_TYPE) + { + XSTRNCPY(header, BEGIN_X509_CRL, headerLen); + XSTRNCAT(header, "\n", 1); + + XSTRNCPY(footer, END_X509_CRL, footerLen); + XSTRNCAT(footer, "\n", 1); + } #endif else { #ifdef WOLFSSL_SMALL_STACK From e01dcb671d96a1847b3075853da07a3c594bdf8a Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 3 Aug 2016 11:12:10 +0900 Subject: [PATCH 21/34] eliminate tail nl --- IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h | 1 - 1 file changed, 1 deletion(-) diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h index fd57f0d8b..3f4ddf4f6 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h @@ -11,4 +11,3 @@ #define USE_FAST_MATH #define TFM_TIMING_RESISTANT - From 2c1309ffc717cec27967f4b39c8963aba2a86e71 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 3 Aug 2016 16:53:53 -0700 Subject: [PATCH 22/34] Fixes for warnings when cross-compiling with GCC ARM. --- src/internal.c | 6 ++++-- wolfcrypt/src/rsa.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index fe591c849..6af1597ee 100755 --- a/src/internal.c +++ b/src/internal.c @@ -12320,7 +12320,7 @@ const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) const char* fullName; const char* first; WOLFSSL_CIPHER* cipher; - word32 i; + int i; if (ssl == NULL) { WOLFSSL_MSG("Bad argument"); @@ -12335,7 +12335,7 @@ const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) : (XSTRSTR(fullName, "CCM")) ? "CCM" : NULL; /* normal */ - for (i = 0; i < sizeof(cipher_name_idx); i++) { + for (i = 0; i < (int)sizeof(cipher_name_idx); i++) { if (cipher_name_idx[i] == ssl->options.cipherSuite) { const char* nameFound = cipher_names[i]; @@ -15927,6 +15927,8 @@ int DoSessionTicket(WOLFSSL* ssl, (void)ssl; (void)sigSz; + (void)length; + (void)idx; #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_async_pop(ssl, WOLF_EVENT_TYPE_ASYNC_ACCEPT); diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 554fba998..616bcaf37 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -253,6 +253,8 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz, counter = 0; idx = 0; + (void)heap; + /* check error return of wc_HashGetDigestSize */ if (hLen < 0) { return hLen; From 96da2df7ec5f59eede0566667935fc36a271b83c Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 3 Aug 2016 17:04:44 -0700 Subject: [PATCH 23/34] Additional max index and serial number size checks in "GetSerialNumber". --- wolfcrypt/src/asn.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4a75f5e6f..025bb1c7b 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5291,6 +5291,10 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, } /* First byte is ASN type */ + if ((*inOutIdx+1) > maxIdx) { + WOLFSSL_MSG("Bad idx first"); + return BUFFER_E; + } b = input[*inOutIdx]; *inOutIdx += 1; @@ -5303,11 +5307,17 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, return ASN_PARSE_E; } - if (*serialSz > EXTERNAL_SERIAL_SIZE) { - WOLFSSL_MSG("Serial Size too big"); + if (*serialSz < 0 || *serialSz > EXTERNAL_SERIAL_SIZE) { + WOLFSSL_MSG("Serial size bad"); return ASN_PARSE_E; } + /* serial size check */ + if ((*inOutIdx + *serialSz) > maxIdx) { + WOLFSSL_MSG("Bad idx serial"); + return BUFFER_E; + } + /* skip padding */ if (input[*inOutIdx] == 0x00) { *serialSz -= 1; From a17bc2a42e66e9e6e15bd34bbf08ffd43a40a14c Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Aug 2016 12:19:30 -0700 Subject: [PATCH 24/34] Fix build issue with ASN enabled and no HMAC (missing MAX_DIGEST_SIZE). Switch to using WC_MAX_DIGEST_SIZE from hash.h, which is always available. Added small stack option for digest in MakeSignature. Fixed build error with unused "testVerifyCount" if "NO_ECC_SIGN" or "NO_ECC_VERIFY". --- wolfcrypt/src/asn.c | 27 ++++++++++++++++++++++----- wolfcrypt/test/test.c | 2 ++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b151f16a9..dfbde3f8c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3573,11 +3573,11 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef WOLFSSL_SMALL_STACK byte* digest; #else - byte digest[MAX_DIGEST_SIZE]; + byte digest[WC_MAX_DIGEST_SIZE]; #endif #ifdef WOLFSSL_SMALL_STACK - digest = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return 0; /* not confirmed */ #endif @@ -7227,7 +7227,11 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, int sigAlgoType) { int encSigSz, digestSz, typeH = 0, ret = 0; - byte digest[MAX_DIGEST_SIZE]; /* max size */ +#ifdef WOLFSSL_SMALL_STACK + byte* digest; +#else + byte digest[WC_MAX_DIGEST_SIZE]; /* max size */ +#endif #ifdef WOLFSSL_SMALL_STACK byte* encSig; #else @@ -7248,6 +7252,12 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, (void)eccKey; (void)rng; +#ifdef WOLFSSL_SMALL_STACK + digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (digest == NULL) + return 0; /* not confirmed */ +#endif + switch (sigAlgoType) { #ifndef NO_MD5 case CTC_MD5wRSA: @@ -7289,14 +7299,20 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, ret = ALGO_ID_E; } - if (ret != 0) + if (ret != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; + } #ifdef WOLFSSL_SMALL_STACK encSig = (byte*)XMALLOC(MAX_DER_DIGEST_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (encSig == NULL) + if (encSig == NULL) { + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; + } #endif ret = ALGO_ID_E; @@ -7320,6 +7336,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, #endif #ifdef WOLFSSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 05321dbaa..5d2bff6c9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6842,6 +6842,8 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, int ret; ecc_key userA, userB, pubKey; + (void)testVerifyCount; + wc_ecc_init(&userA); wc_ecc_init(&userB); wc_ecc_init(&pubKey); From 6b1ff8e9d71945b9549836f61f385d4cd992063a Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Aug 2016 12:53:26 -0700 Subject: [PATCH 25/34] Only try and return serial number or check padding if the serial number size is greater than 1. --- wolfcrypt/src/asn.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 025bb1c7b..3c5c1376d 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5307,26 +5307,30 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, return ASN_PARSE_E; } + /* serial size check */ if (*serialSz < 0 || *serialSz > EXTERNAL_SERIAL_SIZE) { WOLFSSL_MSG("Serial size bad"); return ASN_PARSE_E; } - /* serial size check */ + /* serial size check against max index */ if ((*inOutIdx + *serialSz) > maxIdx) { WOLFSSL_MSG("Bad idx serial"); return BUFFER_E; } - /* skip padding */ - if (input[*inOutIdx] == 0x00) { - *serialSz -= 1; - *inOutIdx += 1; - } + /* only check padding and return serial if length is greater than 1 */ + if (*serialSz > 0) { + /* skip padding */ + if (input[*inOutIdx] == 0x00) { + *serialSz -= 1; + *inOutIdx += 1; + } - /* return serial */ - XMEMCPY(serial, &input[*inOutIdx], *serialSz); - *inOutIdx += *serialSz; + /* return serial */ + XMEMCPY(serial, &input[*inOutIdx], *serialSz); + *inOutIdx += *serialSz; + } return result; } From 32b0303beb69b9bd32f3a9fb32eb1f23ede8fc1b Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Aug 2016 14:06:58 -0700 Subject: [PATCH 26/34] Fix build with "WOLFSSL_CALLBACKS" defined. --- examples/client/client.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index be3a31d3a..0469be812 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -553,7 +553,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int disableCRL = 0; int externalTest = 0; int ret; +#ifndef WOLFSSL_CALLBACKS int err = 0; +#endif int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiaed scr */ int trackMemory = 0; @@ -1363,7 +1365,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else timeout.tv_sec = 2; timeout.tv_usec = 0; - NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */ + NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); @@ -1529,7 +1531,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else timeout.tv_sec = 2; timeout.tv_usec = 0; - NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */ + NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(sslResume); From d8c63b8e6687f54cd3b1cd0a85726506a1a40166 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Aug 2016 14:15:47 -0700 Subject: [PATCH 27/34] Various improvements to support openssl compatibility. * Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it). * Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist). * Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same). * Added "WOLFSSL*" to HandShakeInfo. * Allowed "SetName" to be exposed. * Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code). --- src/internal.c | 95 +++++++++++++++++++++++------------------ src/ssl.c | 63 +++++++++++++++++---------- wolfcrypt/src/asn.c | 2 +- wolfssl/callbacks.h | 2 + wolfssl/internal.h | 5 ++- wolfssl/ssl.h | 4 +- wolfssl/wolfcrypt/asn.h | 3 ++ 7 files changed, 106 insertions(+), 68 deletions(-) diff --git a/src/internal.c b/src/internal.c index 6af1597ee..0fba76ab6 100755 --- a/src/internal.c +++ b/src/internal.c @@ -12315,50 +12315,60 @@ int GetCipherNamesSize(void) } /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ -const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) +const char* GetCipherNameInternal(const char* cipherName, int cipherSuite) { - const char* fullName; - const char* first; - WOLFSSL_CIPHER* cipher; + const char* result = NULL; + const char* first; int i; + if (cipherName == NULL) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + first = (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA" + : (XSTRSTR(cipherName, "EC")) ? "EC" + : (XSTRSTR(cipherName, "CCM")) ? "CCM" + : NULL; /* normal */ + + for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) { + if (cipher_name_idx[i] == cipherSuite) { + const char* nameFound = cipher_names[i]; + + /* extra sanity check on returned cipher name */ + if (nameFound == NULL) { + continue; + } + + /* if first is null then not any */ + if (first == NULL) { + if ( !XSTRSTR(nameFound, "CHACHA") && + !XSTRSTR(nameFound, "EC") && + !XSTRSTR(nameFound, "CCM")) { + result = nameFound; + break; + } + } + else if (XSTRSTR(nameFound, first)) { + result = nameFound; + break; + } + } + } + + return result; +} + +const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) +{ if (ssl == NULL) { WOLFSSL_MSG("Bad argument"); return NULL; } - cipher = wolfSSL_get_current_cipher(ssl); - fullName = wolfSSL_CIPHER_get_name(cipher); - if (fullName) { - first = (XSTRSTR(fullName, "CHACHA")) ? "CHACHA" - : (XSTRSTR(fullName, "EC")) ? "EC" - : (XSTRSTR(fullName, "CCM")) ? "CCM" - : NULL; /* normal */ - - for (i = 0; i < (int)sizeof(cipher_name_idx); i++) { - if (cipher_name_idx[i] == ssl->options.cipherSuite) { - const char* nameFound = cipher_names[i]; - - /* extra sanity check on returned cipher name */ - if (nameFound == NULL) { - continue; - } - - /* if first is null then not any */ - if (first == NULL) { - if (!XSTRSTR(nameFound, "CHACHA") && - !XSTRSTR(nameFound, "EC") && !XSTRSTR(nameFound, "CCM")) { - return cipher_names[i]; - } - } - else if (XSTRSTR(nameFound, first)) { - return cipher_names[i]; - } - } - } - } - - return NULL; /* error or not found */ + return GetCipherNameInternal( + wolfSSL_CIPHER_get_name(&ssl->cipher), + ssl->options.cipherSuite); } @@ -12478,10 +12488,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifdef WOLFSSL_CALLBACKS /* Initialisze HandShakeInfo */ - void InitHandShakeInfo(HandShakeInfo* info) + void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl) { int i; + info->ssl = ssl; info->cipherName[0] = 0; for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) info->packetNames[i][0] = 0; @@ -12490,22 +12501,22 @@ static void PickHashSigAlgo(WOLFSSL* ssl, } /* Set Final HandShakeInfo parameters */ - void FinishHandShakeInfo(HandShakeInfo* info, const WOLFSSL* ssl) + void FinishHandShakeInfo(HandShakeInfo* info) { int i; int sz = sizeof(cipher_name_idx)/sizeof(int); for (i = 0; i < sz; i++) - if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { - if (ssl->options.cipherSuite0 == ECC_BYTE) + if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { + if (info->ssl->options.cipherSuite0 == ECC_BYTE) continue; /* ECC suites at end */ XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ); break; } /* error max and min are negative numbers */ - if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR) - info->negotiationError = ssl->error; + if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR) + info->negotiationError = info->ssl->error; } diff --git a/src/ssl.c b/src/ssl.c index a44bcb8ec..2b7dd0756 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8290,7 +8290,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (hsCb) { ssl->hsInfoOn = 1; - InitHandShakeInfo(&ssl->handShakeInfo); + InitHandShakeInfo(&ssl->handShakeInfo, ssl); } if (toCb) { ssl->toInfoOn = 1; @@ -8378,7 +8378,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->toInfoOn = 0; } if (hsCb) { - FinishHandShakeInfo(&ssl->handShakeInfo, ssl); + FinishHandShakeInfo(&ssl->handShakeInfo); (hsCb)(&ssl->handShakeInfo); ssl->hsInfoOn = 0; } @@ -11345,9 +11345,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) XFILE file; WOLFSSL_X509* x509 = NULL; - DerBuffer* der = NULL; - - WOLFSSL_ENTER("wolfSSL_X509_load_certificate"); /* Check the inputs */ if ((fname == NULL) || @@ -11385,6 +11382,26 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) XFCLOSE(file); + x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format); + + if (dynamic) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + + return x509; +} + +#endif /* NO_FILESYSTEM */ + + +WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( + const unsigned char* buf, int sz, int format) +{ + int ret; + WOLFSSL_X509* x509 = NULL; + DerBuffer* der = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex"); + if (format == SSL_FILETYPE_PEM) { int ecc = 0; #ifdef WOLFSSL_SMALL_STACK @@ -11397,9 +11414,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) { - if (dynamic) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - return NULL; } #endif @@ -11408,7 +11422,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) info->ctx = NULL; info->consumed = 0; - if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { + if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { FreeDer(&der); } @@ -11419,13 +11433,10 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) else { ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL); if (ret == 0) { - XMEMCPY(der->buffer, fileBuffer, sz); + XMEMCPY(der->buffer, buf, sz); } } - if (dynamic) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - /* At this point we want `der` to have the certificate in DER format */ /* ready to be decoded. */ if (der != NULL && der->buffer != NULL) { @@ -11466,8 +11477,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) return x509; } -#endif /* NO_FILESYSTEM */ - #endif /* KEEP_PEER_CERT || SESSION_CERTS */ /* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function @@ -17870,11 +17879,16 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } const char * wolf_OBJ_nid2sn(int n) { - (void)n; + int i; WOLFSSL_ENTER("wolf_OBJ_nid2sn"); - WOLFSSL_STUB("wolf_OBJ_nid2sn"); - - return 0; + + /* find based on NID and return name */ + for (i = 0; i < ecc_sets[i].size; i++) { + if (n == ecc_sets[i].id) { + return ecc_sets[i].name; + } + } + return NULL; } int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { @@ -17886,11 +17900,16 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } int wolf_OBJ_sn2nid(const char *sn) { - (void)sn; + int i; WOLFSSL_ENTER("wolf_OBJ_osn2nid"); - WOLFSSL_STUB("wolf_OBJ_osn2nid"); - return 0; + /* find based on name and return NID */ + for (i = 0; i < ecc_sets[i].size; i++) { + if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { + return ecc_sets[i].id; + } + } + return -1; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b151f16a9..98d6375ef 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -6762,7 +6762,7 @@ static int SetAltNames(byte *out, word32 outSz, byte *input, word32 length) /* encode CertName into output, return total bytes written */ -static int SetName(byte* output, word32 outputSz, CertName* name) +int SetName(byte* output, word32 outputSz, CertName* name) { int totalBytes = 0, i, idx; #ifdef WOLFSSL_SMALL_STACK diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h index 23681db76..9f3be0582 100644 --- a/wolfssl/callbacks.h +++ b/wolfssl/callbacks.h @@ -40,8 +40,10 @@ enum { /* CALLBACK CONTSTANTS */ fit here */ }; +struct WOLFSSL; typedef struct handShakeInfo_st { + struct WOLFSSL* ssl; char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated cipher */ char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1]; /* SSL packet names */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ad568279c..ac6f062f8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2894,9 +2894,9 @@ typedef struct EncryptedInfo { #ifdef WOLFSSL_CALLBACKS WOLFSSL_LOCAL - void InitHandShakeInfo(HandShakeInfo*); + void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); WOLFSSL_LOCAL - void FinishHandShakeInfo(HandShakeInfo*, const WOLFSSL*); + void FinishHandShakeInfo(HandShakeInfo*); WOLFSSL_LOCAL void AddPacketName(const char*, HandShakeInfo*); @@ -3103,6 +3103,7 @@ WOLFSSL_LOCAL void c32to24(word32 in, word24 out); WOLFSSL_LOCAL const char* const* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); +WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 704817d5c..8e5c5a157 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -936,7 +936,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); WOLFSSL_API void wolfSSL_FreeX509(WOLFSSL_X509*); /* get index cert in PEM */ WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, - unsigned char* buffer, int inLen, int* outLen); + unsigned char* buf, int inLen, int* outLen); WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); @@ -959,6 +959,8 @@ WOLFSSL_API WOLFSSL_X509* WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); #endif +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( + const unsigned char* buf, int sz, int format); #ifdef WOLFSSL_SEP WOLFSSL_API unsigned char* diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 293adfd4d..5886976b6 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -639,6 +639,9 @@ WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); /* ASN.1 helper functions */ +#ifdef WOLFSSL_CERT_GEN +WOLFSSL_TEST_API int SetName(byte* output, word32 outputSz, CertName* name); +#endif WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, From b0e4acaac1e77980456d3c40a16d528238c94f89 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 8 Aug 2016 10:29:58 -0700 Subject: [PATCH 28/34] Fix for openssl compatibility without ECC. Disable "wolf_OBJ_nid2sn", "wolf_OBJ_sn2nid" and "wolf_OBJ_obj2nid" when "OPENSSL_EXTRA" defined and "HAVE_ECC" is not defined. --- src/ssl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2b7dd0756..aa8a9ca6a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17878,10 +17878,11 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } +#ifdef HAVE_ECC const char * wolf_OBJ_nid2sn(int n) { int i; WOLFSSL_ENTER("wolf_OBJ_nid2sn"); - + /* find based on NID and return name */ for (i = 0; i < ecc_sets[i].size; i++) { if (n == ecc_sets[i].id) { @@ -17904,13 +17905,14 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) WOLFSSL_ENTER("wolf_OBJ_osn2nid"); /* find based on name and return NID */ - for (i = 0; i < ecc_sets[i].size; i++) { - if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { - return ecc_sets[i].id; - } - } + for (i = 0; i < ecc_sets[i].size; i++) { + if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { + return ecc_sets[i].id; + } + } return -1; } +#endif /* HAVE_ECC */ WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { From 317a7f2662ad0f03a9e0faf8b91a48ca0726dde8 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 8 Aug 2016 13:13:59 -0700 Subject: [PATCH 29/34] Change misc.c error to warning and exclude the misc.c code from being compiled. Most people include all .c files and by default inlining is allowed, which in turn causes an #error in misc.c and it must be excluded. Since we know its already been properly included there is no reason to throw error here. Instead, show warning and exclude code in .c file. --- wolfcrypt/src/misc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 3b7360665..99dc2abeb 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -46,8 +46,9 @@ /* Check for if compiling misc.c when not needed. */ #if !defined(WOLFSSL_MISC_INCLUDED) && !defined(NO_INLINE) - #error misc.c does not need to be compiled when not defined NO_INLINE -#endif + #warning misc.c does not need to be compiled when using inline (NO_INLINE not defined) + +#else #ifdef INTEL_INTRINSICS @@ -203,4 +204,7 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length) #undef STATIC + +#endif /* !WOLFSSL_MISC_INCLUDED && !NO_INLINE */ + #endif /* WOLF_CRYPT_MISC_C */ From b502d9dcf7e66e222776ea1b9332ab57346cb8a8 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 10 Aug 2016 14:23:27 -0600 Subject: [PATCH 30/34] help static analysis tools --- wolfcrypt/src/rsa.c | 4 ++-- wolfcrypt/test/test.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 616bcaf37..e34e17c85 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1186,7 +1186,7 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); return plainLen; } - if (plainLen > (int)outLen) + if (plainLen > (int)outLen || pad == NULL) plainLen = BAD_FUNC_ARG; else XMEMCPY(out, pad, plainLen); @@ -1305,7 +1305,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, return plainLen; } - if (plainLen > (int)outLen) + if (plainLen > (int)outLen || pad == NULL) plainLen = BAD_FUNC_ARG; else XMEMCPY(out, pad, plainLen); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5d2bff6c9..9296f6c55 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3957,6 +3957,7 @@ int memory_test(void) return -113; /* should round to 0 since struct + bucket will not fit */ } + (void)dist; /* avoid static analysis warning of variable not used */ return 0; } #endif /* WOLFSSL_STATIC_MEMORY */ From 03295ec6d78ac5d49a87699531039cc36503070e Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 11 Aug 2016 17:02:03 -0600 Subject: [PATCH 31/34] update certs, extend ntru to 1000 days, add der formatted ecc, new ecc buffer test changes from first review move to 256 bit defines --- certs/1024/ca-cert.pem | 36 +- certs/1024/client-cert.der | Bin 969 -> 969 bytes certs/1024/client-cert.pem | 38 +- certs/1024/server-cert.pem | 68 ++-- certs/ca-cert.der | Bin 1198 -> 1198 bytes certs/ca-cert.pem | 56 +-- certs/client-cert.der | Bin 1230 -> 1230 bytes certs/client-cert.pem | 56 +-- certs/client-ecc-cert.der | Bin 781 -> 781 bytes certs/client-ecc-cert.pem | 28 +- certs/crl/cliCrl.pem | 50 +-- certs/crl/crl.pem | 52 +-- certs/crl/crl.revoked | 56 +-- certs/crl/eccCliCRL.pem | 20 +- certs/crl/eccSrvCRL.pem | 20 +- certs/ecc-client-key.der | Bin 0 -> 121 bytes certs/ecc-client-keyPub.der | Bin 0 -> 91 bytes certs/ecc-client-keyPub.pem | 4 + certs/ntru-cert.pem | 40 +- certs/ntru-key.raw | Bin 607 -> 607 bytes certs/renewcerts.sh | 9 +- certs/server-cert.der | Bin 1186 -> 1186 bytes certs/server-cert.pem | 110 ++--- certs/server-ecc-comp.der | Bin 0 -> 808 bytes certs/server-ecc-comp.pem | 26 +- certs/server-ecc-rsa.der | Bin 0 -> 996 bytes certs/server-ecc-rsa.pem | 54 +-- certs/server-ecc.der | Bin 0 -> 788 bytes certs/server-ecc.pem | 28 +- certs/server-revoked-cert.pem | 112 ++--- gencertbuf.pl | 36 ++ wolfcrypt/test/test.c | 99 ++++- wolfssl/certs_test.h | 741 ++++++++++++++++++++++++++++------ 33 files changed, 1192 insertions(+), 547 deletions(-) create mode 100644 certs/ecc-client-key.der create mode 100644 certs/ecc-client-keyPub.der create mode 100644 certs/ecc-client-keyPub.pem create mode 100644 certs/server-ecc-comp.der create mode 100644 certs/server-ecc-rsa.der create mode 100644 certs/server-ecc.der diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem index 479ded3a7..36b03380f 100644 --- a/certs/1024/ca-cert.pem +++ b/certs/1024/ca-cert.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - ce:e3:ff:31:10:46:d2:76 + b5:4e:78:83:dd:ef:e7:8f Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -29,25 +29,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:CE:E3:FF:31:10:46:D2:76 + serial:B5:4E:78:83:DD:EF:E7:8F X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 95:09:cc:95:d1:ff:84:5b:1e:b4:96:51:58:40:7a:68:c7:7d: - 5e:5c:27:f7:15:65:50:ce:02:29:13:6c:5e:2d:68:c7:f2:bd: - eb:6d:ae:fe:5e:8f:05:32:e4:26:f0:f7:f9:64:92:e5:cf:f5: - 60:65:71:fa:47:74:dd:2b:c1:c7:e0:e3:a5:6e:97:c6:d8:c0: - 90:ff:9d:94:65:85:73:b2:c7:35:ec:d3:44:b5:8f:53:fb:c9: - 21:ee:93:5f:1c:d6:0d:d9:b4:c3:0d:74:87:ae:c7:b1:42:be: - 69:67:db:1c:79:09:c0:69:ac:4a:7d:ea:24:aa:48:99:3e:32: - 76:cb + 5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be: + fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36: + 07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80: + c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24: + 5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4: + 82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f: + e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51: + 4c:1d -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAM7j/zEQRtJ2MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE2MDcyNTE4NTYzNFoXDTE5MDQyMTE4NTYzNFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -59,8 +59,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAM7j/zEQRtJ2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQELBQADgYEAlQnMldH/hFsetJZRWEB6aMd9Xlwn9xVlUM4CKRNsXi1ox/K9622u -/l6PBTLkJvD3+WSS5c/1YGVx+kd03SvBx+DjpW6XxtjAkP+dlGWFc7LHNezTRLWP -U/vJIe6TXxzWDdm0ww10h67HsUK+aWfbHHkJwGmsSn3qJKpImT4ydss= +b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp +RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp +arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0= -----END CERTIFICATE----- diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der index 64114e4e88e25e2c912a3c34d5d1e2ab8137f436..c7677b265164d1c1287ec7094d8114b98d8efa30 100644 GIT binary patch delta 210 zcmX@fev)0npo#gYK@+py0%j&gCMHgX&&fMXWw~zLoG7tf(!$Wt$iTqd*gQ&{*U-|y z)W8DDom|7TaC0Z)bVd%C^2r*^iuHzZM|<+OA9a@wjGsAip|Y!uS){_h32sv>U+lPf z+oe9)sW9?tnTaVExX=0Z+TBCH&rP|yfBJ^9tuF;qb39s)NdJ#cIWB0x_Qc`q H1V(KDWd~Zc delta 210 zcmX@fev)0npo#gYK@+py0%j&gCMHgXjf#@BVpX|MCrWIWG&eFev@kU@Hi;7FHMBG^ zF*1a5C)Y47+}z1Hosk2ke6j|!V!gy#{Q_=l#*3{lO{vi(eR2mB#OkjXQdD?W#00wVUaca?&%eeO-0^ H9b+N@6ir*1 diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem index 5b4558230..ffa017747 100644 --- a/certs/1024/client-cert.pem +++ b/certs/1024/client-cert.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - b1:21:19:7d:16:7a:6d:e5 + f3:63:b8:35:1d:0a:d8:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -29,25 +29,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B1:21:19:7D:16:7A:6D:E5 + serial:F3:63:B8:35:1D:0A:D8:D9 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 18:ad:2f:70:0b:3b:01:d1:85:e9:5f:be:f6:89:44:9d:06:36: - 9d:e1:57:7d:73:02:10:bc:5a:8e:94:15:78:35:d4:98:2e:f9: - ae:df:67:97:6c:f6:89:e7:6e:e7:fb:a2:97:c7:71:a3:d9:03: - 68:d2:a1:5b:5a:5b:f7:f3:78:23:fc:ac:71:6f:0b:96:de:e6: - 71:9f:90:fd:2a:f9:98:39:ff:87:6a:d2:17:2a:af:e4:d2:b5: - 2c:90:fb:cc:76:c0:05:65:09:97:a3:e8:30:7a:75:5f:b9:5d: - 5e:c5:c5:ad:aa:66:36:26:d9:67:79:1e:1b:99:d6:f5:aa:d7: - ee:61 + 31:5e:c5:8c:6f:b7:c5:47:1b:51:5f:99:91:a1:23:45:3c:36: + 59:20:fe:90:46:95:79:e8:b8:d9:db:44:7f:63:42:71:59:d5: + 59:a5:3c:d3:43:83:a0:7d:1e:56:36:02:92:e2:0a:19:f6:97: + f2:82:12:a6:b2:bf:3b:b6:b0:07:fc:7a:5b:78:22:a0:31:f4: + 3d:eb:0a:c5:e4:e5:b4:c7:bb:4f:a9:b8:37:19:bf:c7:64:9d: + 74:9e:78:df:09:f5:d6:dd:c2:fb:ce:94:d5:bf:97:b0:76:b5: + e9:10:65:6c:48:85:c4:1b:ff:5b:64:c7:11:30:06:e4:40:f5: + 90:2b -----BEGIN CERTIFICATE----- -MIIDxTCCAy6gAwIBAgIJALEhGX0Wem3lMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIDxTCCAy6gAwIBAgIJAPNjuDUdCtjZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTYwNzI1MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBnjELMAkG +ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -59,9 +59,9 @@ D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd -BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCxIRl9Fnpt5TAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBABitL3ALOwHRhelfvvaJRJ0GNp3hV31z -AhC8Wo6UFXg11Jgu+a7fZ5ds9onnbuf7opfHcaPZA2jSoVtaW/fzeCP8rHFvC5be -5nGfkP0q+Zg5/4dq0hcqr+TStSyQ+8x2wAVlCZej6DB6dV+5XV7Fxa2qZjYm2Wd5 -HhuZ1vWq1+5h +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDzY7g1HQrY2TAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADFexYxvt8VHG1FfmZGhI0U8Nlkg/pBG +lXnouNnbRH9jQnFZ1VmlPNNDg6B9HlY2ApLiChn2l/KCEqayvzu2sAf8elt4IqAx +9D3rCsXk5bTHu0+puDcZv8dknXSeeN8J9dbdwvvOlNW/l7B2tekQZWxIhcQb/1tk +xxEwBuRA9ZAr -----END CERTIFICATE----- diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem index e817f565c..92f631e1e 100644 --- a/certs/1024/server-cert.pem +++ b/certs/1024/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,25 +28,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:CE:E3:FF:31:10:46:D2:76 + serial:B5:4E:78:83:DD:EF:E7:8F X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 01:b4:45:a2:b5:7f:2e:76:60:89:2e:a4:9b:c3:06:38:90:68: - 7a:6e:98:a8:ad:40:30:32:78:cf:4f:0c:e0:72:51:9a:21:b9: - 92:26:36:94:e2:c9:dd:9a:61:0d:a5:b8:cf:06:91:46:82:d2: - 7a:57:de:59:48:71:68:79:cc:d8:99:43:2a:af:30:b0:88:76: - ad:1a:40:4e:f8:ab:07:f0:64:c8:77:b0:e3:4e:ad:3e:3f:e0: - 71:a0:a2:96:08:8f:6f:a4:e0:6e:49:7d:e7:35:41:e9:da:1f: - c7:f5:97:01:81:3d:64:68:ad:f5:d3:fa:1a:e5:ba:15:d3:ce: - d0:8f + 2c:aa:a2:46:f7:79:c7:7f:ce:ef:4d:e6:04:aa:7c:5c:77:72: + 55:66:41:97:7f:c5:6e:98:a0:c4:10:c6:d6:9c:70:0a:ee:ba: + ea:98:47:78:6f:33:8f:44:7a:d5:74:8a:7e:ab:49:1d:d7:95: + 12:11:8e:a0:54:5d:7d:0b:da:c2:c3:01:1a:e7:20:5e:5a:f7: + 16:81:89:b7:cd:e7:dc:46:e6:5e:f9:1a:c2:40:a5:59:f1:f5: + fa:55:db:15:ea:3c:c6:39:fd:e6:7b:5b:01:5f:a7:c9:36:a0: + 1e:73:11:b5:d3:b8:3f:8d:88:32:6a:e7:cd:b7:1d:31:4e:49: + e8:b9 -----BEGIN CERTIFICATE----- MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x -NjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGVMQswCQYDVQQGEwJVUzEQMA4G +NjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN @@ -58,21 +58,21 @@ VR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UE BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV BAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMM D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJAM7j/zEQRtJ2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAAbRF -orV/LnZgiS6km8MGOJBoem6YqK1AMDJ4z08M4HJRmiG5kiY2lOLJ3ZphDaW4zwaR -RoLSelfeWUhxaHnM2JlDKq8wsIh2rRpATvirB/BkyHew406tPj/gcaCilgiPb6Tg -bkl95zVB6dofx/WXAYE9ZGit9dP6GuW6FdPO0I8= +bYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEALKqi +Rvd5x3/O703mBKp8XHdyVWZBl3/FbpigxBDG1pxwCu666phHeG8zj0R61XSKfqtJ +HdeVEhGOoFRdfQvawsMBGucgXlr3FoGJt83n3EbmXvkawkClWfH1+lXbFeo8xjn9 +5ntbAV+nyTagHnMRtdO4P42IMmrnzbcdMU5J6Lk= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - ce:e3:ff:31:10:46:d2:76 + b5:4e:78:83:dd:ef:e7:8f Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -94,25 +94,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:CE:E3:FF:31:10:46:D2:76 + serial:B5:4E:78:83:DD:EF:E7:8F X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 95:09:cc:95:d1:ff:84:5b:1e:b4:96:51:58:40:7a:68:c7:7d: - 5e:5c:27:f7:15:65:50:ce:02:29:13:6c:5e:2d:68:c7:f2:bd: - eb:6d:ae:fe:5e:8f:05:32:e4:26:f0:f7:f9:64:92:e5:cf:f5: - 60:65:71:fa:47:74:dd:2b:c1:c7:e0:e3:a5:6e:97:c6:d8:c0: - 90:ff:9d:94:65:85:73:b2:c7:35:ec:d3:44:b5:8f:53:fb:c9: - 21:ee:93:5f:1c:d6:0d:d9:b4:c3:0d:74:87:ae:c7:b1:42:be: - 69:67:db:1c:79:09:c0:69:ac:4a:7d:ea:24:aa:48:99:3e:32: - 76:cb + 5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be: + fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36: + 07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80: + c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24: + 5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4: + 82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f: + e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51: + 4c:1d -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAM7j/zEQRtJ2MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE2MDcyNTE4NTYzNFoXDTE5MDQyMTE4NTYzNFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -124,8 +124,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAM7j/zEQRtJ2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQELBQADgYEAlQnMldH/hFsetJZRWEB6aMd9Xlwn9xVlUM4CKRNsXi1ox/K9622u -/l6PBTLkJvD3+WSS5c/1YGVx+kd03SvBx+DjpW6XxtjAkP+dlGWFc7LHNezTRLWP -U/vJIe6TXxzWDdm0ww10h67HsUK+aWfbHHkJwGmsSn3qJKpImT4ydss= +b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp +RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp +arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0= -----END CERTIFICATE----- diff --git a/certs/ca-cert.der b/certs/ca-cert.der index 5474bce63b90dfb3e36640829c2ab4b0cea3c691..6a823ef9337192d6055caa0ba8692b2f0d213867 100644 GIT binary patch delta 333 zcmZ3-xsFr9powLbK@;<&1@h%^Tk$bXYHk z-F(?^{=U!7`oEGH!>JpOrr9sQ_*VX2)rRZ+W_uk&<*w{(vu;<-G)?fh_9SY`xkbMU zEXvf7pL&$V#33)#j%dpzL!kt z_~NIZvqWee-;BRJ?`Me@C>yC*PiI`IuxZlU%)K*8_TAnv_usAZD}ioTPXC!<^y=WJ z`=3}?livL>w~dy*vUx1S< zdmj+*{w=qQQ#owSlZ*GBA6eHuadr2}^m4Ilaz3#_{{}#r|i= jb#MH+Y2DnEwIO$ZJ=jn)`|jUqJq0~+&#y8t{rUm`^+%kv diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem index b4036d7bb..8b34ea43d 100644 --- a/certs/ca-cert.pem +++ b/certs/ca-cert.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - ab:7b:54:2b:4a:61:e6:c9 + b7:b6:90:33:66:1b:6b:23 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,32 +38,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AB:7B:54:2B:4A:61:E6:C9 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 43:34:44:86:00:1e:c3:0b:46:6f:4c:e6:84:47:b0:30:bd:e8: - 7e:5e:20:f4:d1:60:e1:56:a3:5d:41:d6:f7:74:94:88:f4:4e: - 2f:6c:a4:12:ae:0e:98:fd:0c:ef:9a:17:70:23:32:24:3b:97: - 01:a9:20:b2:92:ed:69:bd:98:74:be:db:b0:9d:fe:da:77:d4: - 51:46:d4:cb:fc:98:32:ea:c1:f2:df:f2:04:05:62:ee:f8:37: - 3d:5b:1b:d4:ab:a0:9a:13:e9:19:c0:01:41:7e:e3:cb:97:ba: - b9:0b:6a:61:d8:9b:b5:ed:cb:2e:6c:42:a7:ea:db:fa:e9:48: - 93:52:9c:1b:4b:c0:17:8b:fb:1e:ba:09:23:56:ac:e4:d1:de: - e7:c4:a9:48:80:1e:d2:9f:43:3e:f4:40:fb:38:fa:3f:62:52: - ae:73:5e:3d:0e:be:21:4f:a6:5e:1d:4c:14:fd:f9:59:42:91: - 28:37:20:e3:5c:6a:08:51:4a:5e:04:ec:8b:98:97:4d:d0:3d: - c9:af:33:22:d2:29:83:fd:b8:cb:99:96:95:c6:38:c8:39:1f: - 38:9c:8d:43:8c:33:5f:bf:6f:16:ff:68:1e:8b:b1:f9:b2:ae: - 9d:64:ad:54:dd:fa:e0:b0:7c:9b:dd:fd:96:8c:70:8c:5e:e7: - d5:00:fa:f4 + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAKt7VCtKYebJMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -77,11 +77,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQzREhgAewwtGb0zmhEewML3o -fl4g9NFg4VajXUHW93SUiPROL2ykEq4OmP0M75oXcCMyJDuXAakgspLtab2YdL7b -sJ3+2nfUUUbUy/yYMurB8t/yBAVi7vg3PVsb1KugmhPpGcABQX7jy5e6uQtqYdib -te3LLmxCp+rb+ulIk1KcG0vAF4v7HroJI1as5NHe58SpSIAe0p9DPvRA+zj6P2JS -rnNePQ6+IU+mXh1MFP35WUKRKDcg41xqCFFKXgTsi5iXTdA9ya8zItIpg/24y5mW -lcY4yDkfOJyNQ4wzX79vFv9oHoux+bKunWStVN364LB8m939loxwjF7n1QD69A== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- diff --git a/certs/client-cert.der b/certs/client-cert.der index 801c0bb20f6129c573e2396e552b1a629eced180..4c19dd8e7c0bf972b48171dc20ab107be18a1afe 100644 GIT binary patch delta 338 zcmX@dd5%-Upo!&_K@;<)1!h$nK)poC$C{vsyA-s*b>3Fh=IA}Uit5f+GTU5Pf$=?^g>T5K#iqr zSG0TO)1dE1cq{)W*|XLh=E!-lz45}iV<+8q_IbyLReB3=yO^EkeU5?maar8&(_3SO z3|T+!w*1yM;nbwCB@0Rwx5@fUJM8*8YT^{5%aJ=y7RxiQY)pROd_e9*>OSk`!G~Sy z|8M^7-m+rbT!yRJ>)LpB6c$W6RJ^l3tOYC&6*eGq!uX`syRh~U_E6;zPI*X=F md8@llE_Yph?fPWX0`|HSwoCsR_up(ia6F3XNzFAT(|G`6a-1&! delta 338 zcmX@dd5%-Upo!&_K@;<)1`+VtF+uMFKW~e+en0a!+er<;E3-{;#3O_&j&oeWgr4b8LwPp9E z)>kgb)=az@^q#*>vFwuYp?k&RfgGuJvOf)?&B_GxZ7%aLXWM;`*{HTcdMTsTEQ#D# z0-EXbs#UZeG~CHIP57ph$`p2op+!(wQF-d3x1r}M-yW(Cy!xYimGgqf%<t&NLXkz9xXkuEwfSHMriHVcpdC{_Y!m{Eq6D1Z)S{ND{85o!wTSSTT8d@5d z8dyNNllhn?Y))acW#oV delta 148 zcmeBW>t&NLXkz9xXkuEwfSHMriHVb8=Qg=VX1Tfv6D1Z)nj4uKT9}#{n?#B88d@5d z7#Tvjllhn?Y))acW#oVLTwyY&1ZA0R4zF8~^|S diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem index cc1e8288e..459871429 100644 --- a/certs/client-ecc-cert.pem +++ b/certs/client-ecc-cert.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - b9:b6:1e:e2:36:6d:2d:60 + e7:72:a6:9e:13:1d:17:5c Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -26,21 +26,21 @@ Certificate: X509v3 Authority Key Identifier: keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B9:B6:1E:E2:36:6D:2D:60 + serial:E7:72:A6:9E:13:1D:17:5C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:33:94:59:9a:cc:b1:19:90:4e:e5:ba:7c:03:a5: - 4e:05:e1:17:5d:19:50:aa:42:79:4f:6c:59:d2:55:95:88:81: - 02:21:00:aa:90:82:a5:a2:59:e6:a1:d0:93:05:1d:5a:55:3c: - 40:aa:9f:00:5a:7e:46:02:74:bc:95:bc:94:85:10:27:e6 + 30:45:02:20:43:9a:b6:7e:87:8e:8c:d7:16:f1:0d:d2:50:11: + a4:ac:b6:ac:07:ef:e9:60:e1:90:a2:5f:c9:76:e6:54:1a:81: + 02:21:00:d6:8b:7c:ba:53:12:05:06:fa:8f:c5:c7:58:c3:9a: + 9f:a1:84:8c:b4:88:83:4d:6a:b4:b7:85:7a:b3:3c:f3:df -----BEGIN CERTIFICATE----- -MIIDCTCCAq+gAwIBAgIJALm2HuI2bS1gMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG +MIIDCTCCAq+gAwIBAgIJAOdypp4THRdcMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDcyNTE4 -NTYzNFoXDTE5MDQyMTE4NTYzNFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDgxMTIw +MDczOFoXDTE5MDUwODIwMDczOFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV @@ -50,7 +50,7 @@ RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ -ALm2HuI2bS1gMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgM5RZmsyx -GZBO5bp8A6VOBeEXXRlQqkJ5T2xZ0lWViIECIQCqkIKlolnmodCTBR1aVTxAqp8A -Wn5GAnS8lbyUhRAn5g== +AOdypp4THRdcMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ5q2foeO +jNcW8Q3SUBGkrLasB+/pYOGQol/JduZUGoECIQDWi3y6UxIFBvqPxcdYw5qfoYSM +tIiDTWq0t4V6szzz3w== -----END CERTIFICATE----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index 505a51c05..99f639640 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,38 +2,38 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 25 18:56:35 2016 GMT - Next Update: Apr 21 18:56:35 2019 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 3 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - 32:20:a7:c7:0e:06:b4:f2:c4:9d:1e:25:56:f9:3f:78:70:8e: - e7:ca:b6:14:aa:03:9a:ae:5b:26:56:73:c3:93:bd:57:f6:3f: - ac:15:50:6d:1f:55:4a:5f:d6:4d:96:9f:e7:cd:1e:c2:79:9a: - 2c:44:35:70:3d:0d:0a:fe:7c:ed:dd:20:72:c7:0f:df:5d:11: - 6b:fd:fc:81:66:ef:6f:df:dd:f9:fe:6c:ec:cf:64:ba:c4:83: - 42:d3:8c:a4:be:06:4d:c0:2c:0e:d4:8f:dd:c3:7d:82:b0:de: - c7:11:9c:99:4e:f5:64:3a:03:1c:c9:ea:fa:da:df:28:42:0f: - 6e:86:f2:fc:ea:63:a7:f4:6a:29:8f:8f:11:ce:7f:44:38:f5: - b6:b4:16:75:e7:37:81:a1:81:c5:13:7d:fe:b3:81:72:db:53: - 00:c5:07:10:fb:8f:28:5d:43:3e:5f:d2:b7:f1:61:08:8b:f1: - 1f:87:06:b8:c9:5e:da:68:e0:2b:90:50:1f:41:86:1d:1b:9b: - 87:57:d3:4a:fa:d2:7f:80:45:81:6d:fe:68:c6:4f:b4:96:78: - a7:fe:80:b0:5d:5c:a2:56:c3:1d:b8:27:19:8a:e5:99:c4:81: - 94:09:6f:9f:80:3d:5f:1f:cc:68:89:fe:62:e9:cb:67:3c:aa: - 01:46:2c:52 + 14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83: + 32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c: + 32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c: + ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6: + 02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f: + 1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70: + 0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c: + 58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84: + 36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c: + 61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28: + 74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf: + b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2: + e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f: + b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5: + 1c:eb:7b:08 -----BEGIN X509 CRL----- MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3 -MjUxODU2MzVaFw0xOTA0MjExODU2MzVaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAMiCnxw4GtPLEnR4lVvk/eHCO58q2FKoDmq5bJlZzw5O9V/Y/ -rBVQbR9VSl/WTZaf580ewnmaLEQ1cD0NCv587d0gcscP310Ra/38gWbvb9/d+f5s -7M9kusSDQtOMpL4GTcAsDtSP3cN9grDexxGcmU71ZDoDHMnq+trfKEIPboby/Opj -p/RqKY+PEc5/RDj1trQWdec3gaGBxRN9/rOBcttTAMUHEPuPKF1DPl/St/FhCIvx -H4cGuMle2mjgK5BQH0GGHRubh1fTSvrSf4BFgW3+aMZPtJZ4p/6AsF1colbDHbgn -GYrlmcSBlAlvn4A9Xx/MaIn+YunLZzyqAUYsUg== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4 +MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG +9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws +MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR +9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5 +RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco +dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md +KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA== -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index 72c3353fb..f9e8562b5 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 25 18:56:35 2016 GMT - Next Update: Apr 21 18:56:35 2019 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 1 Revoked Certificates: Serial Number: 02 - Revocation Date: Jul 25 18:56:35 2016 GMT + Revocation Date: Aug 11 20:07:38 2016 GMT Signature Algorithm: sha256WithRSAEncryption - 46:b9:33:dc:07:be:e4:45:64:3f:3c:80:c8:20:9e:f5:3f:24: - f2:a7:79:a9:3f:66:8b:e6:44:f6:ca:a5:e5:51:e5:11:66:bb: - 0c:1d:b1:df:ad:98:d8:b1:c4:b6:0f:c5:09:1c:7f:f7:c3:c0: - c8:7f:8b:8e:a1:e1:fc:0c:a8:17:ce:d1:0e:98:f2:de:8a:b2: - 93:6e:a1:1d:bd:66:4e:29:d6:01:fb:6a:50:ff:f1:a5:bd:e1: - 85:2e:a1:86:94:dd:0e:c5:d6:6e:5b:68:bb:18:ca:58:b4:b8: - 53:d2:79:fe:d2:38:0c:08:f0:5b:08:c1:50:a5:0a:20:14:11: - cd:37:79:4c:c0:b1:77:85:fd:3e:c6:77:da:92:9f:22:2f:f6: - f1:7e:81:09:d0:ff:57:17:28:3d:4c:7f:eb:f0:b9:e4:eb:6c: - 25:a5:ce:58:ef:53:9a:92:57:30:2b:c4:fe:8e:26:0b:ce:f5: - e8:ce:83:fd:0a:3b:f1:63:10:fb:50:59:c3:5b:ba:28:b9:79: - 38:9f:50:f9:a6:3b:c5:4b:6d:49:24:e1:e7:99:81:d2:9b:29: - df:84:3e:41:0b:f4:1a:db:7a:8a:98:7e:11:02:12:2b:28:af: - 4b:e9:bc:98:21:3a:19:ba:50:36:4d:6e:0b:b1:1d:57:11:cf: - 3c:29:ba:08 + 35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58: + 51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d: + 0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28: + 2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32: + f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82: + f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8: + 79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c: + 2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd: + e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd: + 85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91: + f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50: + 4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3: + d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92: + 6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd: + 9d:63:e5:dc -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDcyNTE4NTYzNVoX -DTE5MDQyMTE4NTYzNVowFDASAgECFw0xNjA3MjUxODU2MzVaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEARrkz3Ae+5EVkPzyAyCCe9T8k8qd5qT9m -i+ZE9sql5VHlEWa7DB2x362Y2LHEtg/FCRx/98PAyH+LjqHh/AyoF87RDpjy3oqy -k26hHb1mTinWAftqUP/xpb3hhS6hhpTdDsXWbltouxjKWLS4U9J5/tI4DAjwWwjB -UKUKIBQRzTd5TMCxd4X9PsZ32pKfIi/28X6BCdD/VxcoPUx/6/C55OtsJaXOWO9T -mpJXMCvE/o4mC8716M6D/Qo78WMQ+1BZw1u6KLl5OJ9Q+aY7xUttSSTh55mB0psp -34Q+QQv0Gtt6iph+EQISKyivS+m8mCE6GbpQNk1uC7EdVxHPPCm6CA== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX +DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T +WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y +9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn +r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc +Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT +0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index f408b7aac..7cbbce547 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,43 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 25 18:56:35 2016 GMT - Next Update: Apr 21 18:56:35 2019 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 2 Revoked Certificates: Serial Number: 01 - Revocation Date: Jul 25 18:56:35 2016 GMT + Revocation Date: Aug 11 20:07:38 2016 GMT Serial Number: 02 - Revocation Date: Jul 25 18:56:35 2016 GMT + Revocation Date: Aug 11 20:07:38 2016 GMT Signature Algorithm: sha256WithRSAEncryption - 6a:e9:52:bd:52:9c:0d:a2:e4:75:e7:e0:bb:b1:1d:83:c6:62: - 77:85:a3:2a:c9:17:dc:50:b7:55:cf:aa:63:67:8d:01:67:3b: - 54:0a:3b:44:61:41:be:aa:f7:cb:a8:06:99:6a:6d:82:5b:a5: - 40:6c:d1:3e:26:c7:a6:c1:24:15:19:11:45:8f:12:f5:84:e5: - 5f:ed:de:03:b8:d7:8a:61:3a:20:4f:87:2e:ca:34:d6:f5:cc: - 34:af:3f:df:66:55:e0:2d:e0:47:d8:9e:b7:2a:91:96:f2:01: - 74:0c:ef:b7:ca:3a:00:b6:1a:8c:5f:bc:57:d4:62:0c:30:31: - 40:d9:e9:a5:ea:75:48:a5:93:40:ba:5d:26:e4:cb:6e:01:16: - ba:ce:4b:96:64:b1:90:a0:bd:1b:56:0e:54:f2:8d:f5:99:37: - 5b:ce:1e:17:da:9f:b3:00:9d:b9:23:ae:3d:4e:2d:50:b7:ef: - ce:98:54:db:49:5e:27:f4:50:da:b2:cf:5c:d0:b8:77:06:a3: - 15:8f:6b:c3:e8:e9:19:3c:4c:d3:51:f9:a1:77:31:62:e6:94: - 25:41:75:6c:eb:05:a4:be:e8:97:1e:b0:c3:27:80:5d:49:17: - 02:87:ee:54:8d:83:63:57:5d:38:b2:78:9f:60:36:77:74:59: - db:89:15:cf + 91:67:3d:34:8f:85:87:cd:11:0f:e2:af:cd:77:3f:d8:f2:15: + cb:c3:0d:49:02:87:13:f5:82:9e:a9:6f:ed:6a:aa:28:b7:6c: + 61:7b:ac:90:d0:e5:a1:3d:80:2c:31:6f:4e:0b:e9:9a:44:db: + 6b:24:71:34:9f:d1:51:53:8a:bd:bd:1c:20:e0:96:73:7b:29: + 1c:e3:56:97:46:a2:5e:db:ae:fe:1f:4a:c1:5c:5b:30:74:a4: + 70:dc:7e:70:7f:42:9f:48:d3:99:16:ff:34:f9:a7:db:ad:3d: + bc:a6:9d:ee:6a:ed:e7:e0:2f:ef:24:ab:4c:9b:44:d8:fc:1c: + 48:9f:f4:3c:14:f3:6c:a2:0f:a7:93:00:32:29:96:7e:98:5d: + c9:85:fa:94:4c:e2:03:7e:fb:bf:f0:0e:93:52:3b:8a:e1:43: + fe:3f:f2:57:02:21:e8:ff:43:da:3e:f0:3d:1a:eb:96:7a:0a: + d8:27:56:e2:30:2a:3c:a3:93:ff:1e:3f:98:6b:4e:ea:78:90: + 8b:d7:24:0a:98:b8:c1:e8:f5:02:d2:18:07:17:c3:6c:b5:db: + a7:61:c5:5d:8e:36:80:f5:aa:c1:a7:5b:66:4a:dd:17:62:da: + 80:70:83:4d:69:fa:c4:f4:2d:27:90:8d:7f:28:34:19:e0:a3: + 8a:6b:73:55 -----BEGIN X509 CRL----- MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3MjUxODU2MzVa -Fw0xOTA0MjExODU2MzVaMCgwEgIBARcNMTYwNzI1MTg1NjM1WjASAgECFw0xNjA3 -MjUxODU2MzVaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAaulS -vVKcDaLkdefgu7Edg8Zid4WjKskX3FC3Vc+qY2eNAWc7VAo7RGFBvqr3y6gGmWpt -glulQGzRPibHpsEkFRkRRY8S9YTlX+3eA7jXimE6IE+HLso01vXMNK8/32ZV4C3g -R9ietyqRlvIBdAzvt8o6ALYajF+8V9RiDDAxQNnppep1SKWTQLpdJuTLbgEWus5L -lmSxkKC9G1YOVPKN9Zk3W84eF9qfswCduSOuPU4tULfvzphU20leJ/RQ2rLPXNC4 -dwajFY9rw+jpGTxM01H5oXcxYuaUJUF1bOsFpL7olx6wwyeAXUkXAofuVI2DY1dd -OLJ4n2A2d3RZ24kVzw== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3Mzha +Fw0xOTA1MDgyMDA3MzhaMCgwEgIBARcNMTYwODExMjAwNzM4WjASAgECFw0xNjA4 +MTEyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAkWc9 +NI+Fh80RD+KvzXc/2PIVy8MNSQKHE/WCnqlv7WqqKLdsYXuskNDloT2ALDFvTgvp +mkTbayRxNJ/RUVOKvb0cIOCWc3spHONWl0aiXtuu/h9KwVxbMHSkcNx+cH9Cn0jT +mRb/NPmn2609vKad7mrt5+Av7ySrTJtE2PwcSJ/0PBTzbKIPp5MAMimWfphdyYX6 +lEziA377v/AOk1I7iuFD/j/yVwIh6P9D2j7wPRrrlnoK2CdW4jAqPKOT/x4/mGtO +6niQi9ckCpi4wej1AtIYBxfDbLXbp2HFXY42gPWqwadbZkrdF2LagHCDTWn6xPQt +J5CNfyg0GeCjimtzVQ== -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 1e0f31a14..01c6404d0 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 25 18:56:35 2016 GMT - Next Update: Apr 21 18:56:35 2019 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 4 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:63:27:98:5a:26:c9:de:b5:05:68:ea:63:2a:5f: - df:7f:92:37:17:ff:ad:8c:46:c7:e6:35:da:29:e6:e5:81:c7: - 02:21:00:ff:d7:35:dd:52:e0:9e:6c:41:9f:8d:6c:b9:a9:6f: - 45:d6:1a:65:59:72:a3:d1:70:57:6e:9e:e7:1b:fe:9f:ee + 30:45:02:20:05:17:4f:0c:42:51:f6:f5:a3:2e:52:3e:e3:f4: + ed:99:ca:4d:16:75:f7:80:9d:7a:cf:64:5e:ec:cd:9d:f0:86: + 02:21:00:e0:38:31:16:e2:ab:e4:d5:4b:cd:67:2f:e1:f0:e5: + ac:f2:8a:4b:03:9b:f1:69:60:2c:bf:dc:02:11:e8:71:f7 -----BEGIN X509 CRL----- MIIBJjCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwNzI1MTg1NjM1WhcNMTkwNDIxMTg1 -NjM1WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgYyeYWibJ3rUF -aOpjKl/ff5I3F/+tjEbH5jXaKeblgccCIQD/1zXdUuCebEGfjWy5qW9F1hplWXKj -0XBXbp7nG/6f7g== +DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwODExMjAwNzM4WhcNMTkwNTA4MjAw +NzM4WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgBRdPDEJR9vWj +LlI+4/TtmcpNFnX3gJ16z2Re7M2d8IYCIQDgODEW4qvk1UvNZy/h8OWs8opLA5vx +aWAsv9wCEehx9w== -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index eff223aaf..2293f2c51 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 25 18:56:35 2016 GMT - Next Update: Apr 21 18:56:35 2019 GMT + Last Update: Aug 11 20:07:38 2016 GMT + Next Update: May 8 20:07:38 2019 GMT CRL extensions: X509v3 CRL Number: 5 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:f9:33:9e:07:1a:74:76:74:a3:fb:d8:8a:88: - 4c:a2:15:4f:03:7e:63:6c:4f:03:1f:87:71:77:7a:8c:1d:a0: - 29:02:21:00:93:20:0c:67:58:33:10:f6:f5:a8:69:a2:0f:8c: - 7a:24:af:62:95:26:a7:0d:bc:47:81:1c:e6:6a:04:20:ff:6e + 30:46:02:21:00:dd:0a:1e:ff:5b:19:4e:40:a1:a8:65:b3:48: + fb:2b:a0:e5:6b:c4:27:31:2b:0b:1e:8c:c2:12:f5:74:74:c2: + 5b:02:21:00:f9:67:2e:5c:26:7b:14:a1:16:db:d4:7d:b1:a9: + 75:c7:5f:db:6f:c9:57:12:9b:44:99:40:71:70:7d:f9:b6:c8 -----BEGIN X509 CRL----- MIIBKTCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI -hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3MjUxODU2MzVaFw0xOTA0MjEx -ODU2MzVaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA+TOeBxp0 -dnSj+9iKiEyiFU8DfmNsTwMfh3F3eowdoCkCIQCTIAxnWDMQ9vWoaaIPjHokr2KV -JqcNvEeBHOZqBCD/bg== +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgy +MDA3MzhaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA3Qoe/1sZ +TkChqGWzSPsroOVrxCcxKwsejMIS9XR0wlsCIQD5Zy5cJnsUoRbb1H2xqXXHX9tv +yVcSm0SZQHFwffm2yA== -----END X509 CRL----- diff --git a/certs/ecc-client-key.der b/certs/ecc-client-key.der new file mode 100644 index 0000000000000000000000000000000000000000..063739078888e7b0e0a84ad4c92ddc0929db6997 GIT binary patch literal 121 zcmXpgXJTYzQTTCwQubasjgKodw(|y;6b*3I)z{SR))#h=| zmYI=#p$oGU154=sFZ?b6vuw}J-u~gJ@7IFrD{oZ#BpcpD`7BalPSTlu>-{2AA?KDd ev14IV+0HPo-21Im%IW*wm7C0z;*ZDHZvg;M4K?!s literal 0 HcmV?d00001 diff --git a/certs/ecc-client-keyPub.der b/certs/ecc-client-keyPub.der new file mode 100644 index 0000000000000000000000000000000000000000..5dace05a978955678ae57a1929d5223a75face06 GIT binary patch literal 91 zcmXqrG!SNE*J|@PXUoLM#sOw9GqN)~F|dU0|HAJQFw6Gb?Cl?p`hG2_zVb$;PqN`n ul+Pj+<|Lijx85%@6>@GV6FU|*mF*1U%Dvx8rJTO+UAf6jDgJnD{T2Yiq9rQ; literal 0 HcmV?d00001 diff --git a/certs/ecc-client-keyPub.pem b/certs/ecc-client-keyPub.pem new file mode 100644 index 000000000..5c673f755 --- /dev/null +++ b/certs/ecc-client-keyPub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSO +GYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA== +-----END PUBLIC KEY----- diff --git a/certs/ntru-cert.pem b/certs/ntru-cert.pem index 85ff5dbfa..0a6de9f15 100644 --- a/certs/ntru-cert.pem +++ b/certs/ntru-cert.pem @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIEzzCCA7egAwIBAgIIAU2eYQxWefkwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV +MIIEzzCCA7egAwIBAgIIAVNfm0lhPEQwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD VQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3 LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCIY -DzIwMTYwNzI0MTk1NjUxWhgPMjAxNzEyMDcxODU2NTFaMIGKMQswCQYDVQQGEwJV +DzIwMTYwODEwMjEwNzUxWhgPMjAxOTA1MDgyMTA3NTFaMIGKMQswCQYDVQQGEwJV UzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBvcnRsYW5kMQ4wDAYDVQQKDAV5YVNT TDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDXd3dy55YXNzbC5jb20x HTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEB -AQYLKwYBBAHBFgEBAi4DggItAASCAigvOBBlcFH8dlJJwHU2oejeShSVHrxJouVs -bEw3GMypYjKwYuQI2dgeVjITToINjGJYc4FfEAWLo9M7LEy6meXs6tmbABb6AU5S -p1IG0DH/nn+8pdxDB5dvXFiEXKFHix+D1jAeaoWGxwQayz79ksFJiiQzmZJ/RL49 -sWCVRDrimMP++3faRWKVQRsriJtyV92ymMQtdIhrnUNmHRhWCtFTvlNY59TPxV6a -qde+NOh1tbzq7gTRhmhbOTweYXTDjaUdftfLG2c7p6G5RpbQNPkdeFTlompuiwew -KQ7ODblFWis0FivF6vol+TvidZMcxc3NheGWsu6/RpuEZ/sZssGVLdUR+7LOvf9f -NJIJ10+6A4sb9eaDStQ93GTwoFKwvBTRhaYDzXhL/6YzKFJiXUC6Q3UH4dm74Cvy -s6WlzCcBpaFUCVIz5Gsrgrdq9x3hFs1NryYn/Fa/uerGffbseceC2UWdQa0ta2JA -shrTHxK2ObPTDV0wPDVzCTG5XCSRSo0aGS98JIL1uSNfUhk9jfwA7c+F9N16Kle0 -cpcKK2xnWH97cpp/CRwGbi4LHQhwfoXmLoEWAVeOdj6PF+Rla4/UtlrdZ1ugha6Z -63TAwrLp2/NfOv+1aB0U5TzGiBB20T3vD+bXI6SXGPHtAJooP/oCLwKqajCFYJ+o -dlUNXpGsoJ6inz+U1uZoh1u6q3KZV8IpXSwBVYyzrBivIRt9+qJgUfwuO+FNqYAw -DQYJKoZIhvcNAQEFBQADggEBAI62PKLge07dXYlSyruxweQe8jscqn5IQoBW4LtR -fd45BS649nTL7XB2d3ldCdRE24mR74cqo/WXaQoyjyYME0r/uvwqiYPFJtydZk/X -mKfz8209b6qtvITL0/mLFDn092fXUVOMRvZ73mqhLOV5995j4e4bsn24dwWfn5Zd -sXrbjVfiVYONT2xeXWZkldlQP9tUeRSoWDjJM4OOR0lVrBVPGj6YkskTbbrNnUNV -vaxnuTJOwDpt+xHtu6IqP9SnFOVt24cIWGp/bFma1KxbxtMCoEF63rawMea51c5V -wI1eg+rlazRjWTHvWLSWLY7DLGh0+IJoRaMcJxaFqun2hAQ= +AQYLKwYBBAHBFgEBAi4DggItAASCAijLUTkEtmdP3XEQ1fYC88/8P8FWqx1kiHFU +GjaK22nUi1i1bsqu+k61/sUzbATXavpA2ay2MUbO9f5YpYYPOLdSCaWrNd9nzlxa +lzqj67x/h7qSKubotJd4U0Bk084Hjqbkxt1MK8SkUz7nFHVbvBmh29WNAyuzf6jt +03Hrc+/tUHLKAEvrygkymsFl9ArSGi141AusGIX0vkN5T+4JfSkFACi3Ux43eCFA +1M7qGUbOl7ylUF76Y6ME7e/uEDa/kIBGu/r52u1yxbxLCJOZPjtJYFaXGgDN4Xal +QWoeTP/7GICdZEttivaxI5Z0IAxt+DlQcLMm3xlppnzVD0FqRR9SQbJ1pvGt2eQO +7D7Y9mJsJU+DCpp4fB42q0JqM/j8w3WwbzN5AOyA9XMiUCHM1c/k5L2GpX6Rs+VS +bhr0uiTo8/ux3ca5l/aHlmlBLcBPNDrasrCCKrs7Tok6ek2R3o3umCmKIGSgcLEv +Ifyg/c/6jc3tipSQkYbtIiitBXoiGk/eEd9fxkhp/+qtOKWUnNsaJUC09KOsA7TB +bK4hJGzzR5TL/45FjDJCspKmOnASaO51hGaoWAyMZPFsCwfkEg9/84bfmw8YmD6k +qBwtkYDrqRHJZB1enmQ61TogoIcxO1F7EPGOCih+Av5xcgWmjD/4Y8lvBCBkHKDh +Adp0B3QFk481vAdk2A5lbeuizXajvWGhvWY2Wzc/Ge3YjcYvo5C34Sx/Ujd5r8Aw +DQYJKoZIhvcNAQEFBQADggEBAFPgoyA+vFwaEeuJ5AxuOEwWyqfLqjBbW3MrMXd3 +LqUd+7VmXW7MGgMtyvXDrVi+PCCAdXijKpHgiHdUNz59JmYliAH75tI+EdsQsO3T +zxNZiM/++K5w2o2NFiz4LOm95IxAsXnviYNMBOrzdn4RaAYQ1NYiho6h85SBlfYY +m8kYktgQ4iok9oCkSeKzFDOZbl5ax+iHvSqpcWQmJxU9D2HzToO5kCN2zAHfxowt +PT9SDnIYxzivTbG39HSdG/+p/paVIb7Kj1VOmQjz7e7hYztmqIV2BPg34MNOxKv0 +JBIqYQH/F1p9N03IQREMXbh9XNlv35PX5pFj14k8NuhiEhs= -----END CERTIFICATE----- diff --git a/certs/ntru-key.raw b/certs/ntru-key.raw index 562c4e4e696711eb63958318fc6316e9eaeb7ca6..46b41aebeb3130b10e86df0aa8e7315569991748 100644 GIT binary patch literal 607 zcmZQ#W?&LH9can2E#3cap}^H|OrOvHu|F8LS~jJlFht6%>vraq?ue~pk`DyC!Kpd$DDDMX*E4 z<#X(P%bpy&>!W>SNwD2>k<#crk_&HN?Pb>9T)*P&<-*s+@81R#onr8QeTvg)*1^;- zT$iMDE3R;_k!bz0&$-h79cQg3D}%=NU^(*&MTaZrUP-#0o4#jhK-{n7#Vl{%zY{Rq zKcT^G_phI~-WDC*9UV&Z$9CBV|U|QQjV&BGuNz&8acDoPFco3{v0md zkZ)Yc@TTEwu~LBInXBiYJlWf}v~J?&r$KpAUv{ay`22h0-D5kae`}wX>8N|a-^A+H zrVUM6yRH2?t*U${-s^ogL$gaEWkJD4eZ@Zu{+|EUd-iSDlnE2t-YRLVWvx<@^1ml| zKmM3U=Koh~EtXE1b6ZN)Vau1rYnZnj%vqy?5hQ)J`jrC43HQdrP#XdPHB@Uf3e zqmJocVG--H9{V53C-YepQe+l9WV}_vUcx%L-*gXq$_>8M+}DfFmMz|!xNvWpS+u#m zr7Qo-{kdsYs`^q%BG+K9eIh WD!J!5C&YQ2l-hP9DmOuU;sgMU6)P$L literal 607 zcmZQ#W?&M~w-87z2>eqP&WE^%gMlF^2wCmc6#$b}gR z`!(_QBt;ZA#tX1^FTQN8Jef&Snt%#poBbJc#Xr;s1H{dzRjDW}luP6VVd0 z(7ju}`I>=TR%_dF7OB&Ae{2nFIjP=dpY6tksV-KJW*q+ayZn}G(o{!j?T*<+ z;deL9IHFt9kv-QrO;#d|>tgV};E3l}&L54NwetEtlNY61_q=+?a? zQrWuer=`=amoMDuHtmARPuYr)r;D=ky4g2q@}1+|=^CYNBBp)x)i2eb){jaj%N#v> zw)Nq(P4D)*&2CBmExGC7RNbqBzc-!R`#;`f66baQUCiCmU!OI5U9r8B@?k;HhCLz| zTbD7Pt?>T8%vd8RDb`_^b1D17o4X%qf7-ls=^1s#r3*tigN&bKYd3Ar`Y!uW?5yv4 zHT6GX`**%NR{QNuSiZ7Y?8VxFSN~a^JU&x0~^y~PQ#rsDighWr6l!h zRGPl-RE`glwC(-F@b-M`m%CM3;aiHPb7|+KN7Ppr&8p{=VawCwmgOj@Ykj8ID8?Ax zS7z5Q{virkA%r$6Nj1njtIl)aF=+K-opx_x#VUD=(QY z@$oIgEDif#O!`c#vJ6@i=C3FV<&B%TX2HBg^X;cxdzR52y=!&R% VS6xBVXSA1S|6IZH Wz^1i+vJY|?Z~S&{c=m*e#~c9mWs}+f delta 316 zcmZ3)xrlSZUKw*EQ$q_=Gh>q|ab8190}~@dDA%BI!sLfcMw_`AbD20+SBGeOB|bYj zxq(@!zE=6|^y$-Vc@`UgZJv1W$gbs*enJ=9m$!$ zvg^amwRa0=uy9(dwm*J*;S-ZW)UIPL=KI1Xxzz?e7n=WY=iciPM;rG^i=Mn3?snpi zU!m@XJIsw|r(Df9xa020Beu8u+Ue;Qu6u7SZnEFBi(CzZDwar+VJDx^s`<|X3S_6yP^^=ZS1EWc6G-6C)&3mzC}S diff --git a/certs/server-cert.pem b/certs/server-cert.pem index 8b2c1469d..5504c822f 100644 --- a/certs/server-cert.pem +++ b/certs/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AB:7B:54:2B:4A:61:E6:C9 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7d:23:ed:97:97:96:3d:0c:a3:33:f5:83:91:c1:c4:ba:a7:19: - 4e:12:d0:e7:25:da:f8:d0:53:a5:ab:85:96:23:5a:fa:32:6c: - 13:14:ac:5a:2e:c4:6c:9f:a9:8a:f0:d9:ad:dd:71:98:04:09: - 3b:25:87:e3:ed:d0:f2:02:20:5a:ba:c6:44:37:be:56:92:46: - 7d:52:e7:12:9f:e1:b9:bd:d7:58:c5:81:be:1b:15:c9:d3:57: - 46:c8:dc:4e:71:2d:b0:dc:03:81:cd:94:d5:6f:30:dc:47:49: - 0c:16:bd:8b:d6:cb:97:38:45:bd:da:a3:82:3f:b4:f3:6b:7b: - 40:ea:8e:94:d4:d6:6a:8a:e8:89:15:47:e9:03:95:fb:3c:05: - d3:e2:2d:d6:bd:3c:9b:6b:92:b0:f8:c1:97:cd:4a:a4:98:98: - 85:16:d4:24:5f:1b:33:4e:27:56:d5:98:df:e4:2b:da:88:6a: - bb:95:c7:c4:08:0d:e8:fe:5b:ae:52:26:87:0f:93:ba:e3:c8: - 19:7c:5d:64:15:7d:ee:65:6e:cf:56:24:a5:4c:5a:07:ed:4b: - 56:f4:0f:5b:5f:fa:0f:3f:fa:7a:1f:f8:28:a2:72:14:d5:21: - 29:d8:c0:42:a7:de:d2:00:75:d2:dd:db:0d:b0:82:33:2f:2a: - df:a0:87:7d + 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: + 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: + a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: + 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: + 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: + 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: + 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: + 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: + 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: + a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: + 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: + 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: + 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: + 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: + e6:e4:0c:37 -----BEGIN CERTIFICATE----- MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1 -MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -76,24 +76,24 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAfSPtl5eWPQyjM/WDkcHEuqcZThLQ5yXa+NBTpauF -liNa+jJsExSsWi7EbJ+pivDZrd1xmAQJOyWH4+3Q8gIgWrrGRDe+VpJGfVLnEp/h -ub3XWMWBvhsVydNXRsjcTnEtsNwDgc2U1W8w3EdJDBa9i9bLlzhFvdqjgj+082t7 -QOqOlNTWaoroiRVH6QOV+zwF0+It1r08m2uSsPjBl81KpJiYhRbUJF8bM04nVtWY -3+Qr2ohqu5XHxAgN6P5brlImhw+TuuPIGXxdZBV97mVuz1YkpUxaB+1LVvQPW1/6 -Dz/6eh/4KKJyFNUhKdjAQqfe0gB10t3bDbCCMy8q36CHfQ== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk +q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s +9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl +NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 +qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig +lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - ab:7b:54:2b:4a:61:e6:c9 + b7:b6:90:33:66:1b:6b:23 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -124,32 +124,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AB:7B:54:2B:4A:61:E6:C9 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 43:34:44:86:00:1e:c3:0b:46:6f:4c:e6:84:47:b0:30:bd:e8: - 7e:5e:20:f4:d1:60:e1:56:a3:5d:41:d6:f7:74:94:88:f4:4e: - 2f:6c:a4:12:ae:0e:98:fd:0c:ef:9a:17:70:23:32:24:3b:97: - 01:a9:20:b2:92:ed:69:bd:98:74:be:db:b0:9d:fe:da:77:d4: - 51:46:d4:cb:fc:98:32:ea:c1:f2:df:f2:04:05:62:ee:f8:37: - 3d:5b:1b:d4:ab:a0:9a:13:e9:19:c0:01:41:7e:e3:cb:97:ba: - b9:0b:6a:61:d8:9b:b5:ed:cb:2e:6c:42:a7:ea:db:fa:e9:48: - 93:52:9c:1b:4b:c0:17:8b:fb:1e:ba:09:23:56:ac:e4:d1:de: - e7:c4:a9:48:80:1e:d2:9f:43:3e:f4:40:fb:38:fa:3f:62:52: - ae:73:5e:3d:0e:be:21:4f:a6:5e:1d:4c:14:fd:f9:59:42:91: - 28:37:20:e3:5c:6a:08:51:4a:5e:04:ec:8b:98:97:4d:d0:3d: - c9:af:33:22:d2:29:83:fd:b8:cb:99:96:95:c6:38:c8:39:1f: - 38:9c:8d:43:8c:33:5f:bf:6f:16:ff:68:1e:8b:b1:f9:b2:ae: - 9d:64:ad:54:dd:fa:e0:b0:7c:9b:dd:fd:96:8c:70:8c:5e:e7: - d5:00:fa:f4 + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAKt7VCtKYebJMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -163,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQzREhgAewwtGb0zmhEewML3o -fl4g9NFg4VajXUHW93SUiPROL2ykEq4OmP0M75oXcCMyJDuXAakgspLtab2YdL7b -sJ3+2nfUUUbUy/yYMurB8t/yBAVi7vg3PVsb1KugmhPpGcABQX7jy5e6uQtqYdib -te3LLmxCp+rb+ulIk1KcG0vAF4v7HroJI1as5NHe58SpSIAe0p9DPvRA+zj6P2JS -rnNePQ6+IU+mXh1MFP35WUKRKDcg41xqCFFKXgTsi5iXTdA9ya8zItIpg/24y5mW -lcY4yDkfOJyNQ4wzX79vFv9oHoux+bKunWStVN364LB8m939loxwjF7n1QD69A== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- diff --git a/certs/server-ecc-comp.der b/certs/server-ecc-comp.der new file mode 100644 index 0000000000000000000000000000000000000000..4de0dac00e398c3e1f1a3c166d9e52fa12a80147 GIT binary patch literal 808 zcmXqLVpcI|Vmh^enTe5!iId^**`rTXBnnO$aItY{wRxPgWnpGAXk1{(ZNSOK9LmBb z%oG}IC}6+`;&AY=`{w7BB<3Z;MA&)Qo${+va})CnB@DzsYPfj#U2}3W3raGR6?7Gn z^K%PeGTc1;!Kp=MsYME|&d$2XGR!>u<>lpi<@q^j#l<;#$@#g4@&>YOoLX%jZQpqr zIT^(SGV{{%9gq|l$cghBni*Ia8X6fGm>XL}iSrs-8kibbK)FM~3zi1LZ0z7LXJUi~ zJ~Jabvl0W-ZsRpR>H%KIyq2;Ywz)Uo>~@jvxhb!-f1Os~wA2xMk+`^tk<*}wk<~z! zjX6}7k420{q{qT4dxy&Q`*~j?*M#}4dK9rNO2VM=Do9?LrSYsm{y(cj^ut4GJP)nx788YgdFazobO>5Hoi8)q$PoIXesKocj!_H7f4)1Xkh!4e+*&1lC9iEY^ncdoMce07lN_@tZ1 zm0vCTUa<1kyttZ=HN_{_RU2lPg7hVxCP$S8iF(%6=yH^_KUuIExou*>-fF z$$^ucnoF;KeA47uu)nlY^z6YCi+yKrc{C+XJ@J)EW{3OU#FxCEr}qC3ejX$E_{)WY dwX=$2H4XkK>m5kCa(TtMO)oF+v=`v|1OOl2PD}s* literal 0 HcmV?d00001 diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem index c44b3044d..41f13fded 100644 --- a/certs/server-ecc-rsa.pem +++ b/certs/server-ecc-rsa.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -25,32 +25,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AB:7B:54:2B:4A:61:E6:C9 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - a1:c6:eb:c0:c2:57:70:88:fd:fe:f7:e5:9e:bd:22:db:2f:49: - 3c:d8:9b:d4:db:1f:e1:0c:90:dc:2a:69:5e:1d:bf:c9:26:13: - 17:40:9f:bc:8e:7e:66:60:2d:dd:ba:15:49:eb:7d:f8:6f:5c: - 76:5f:04:ab:6e:b6:11:5c:35:bd:79:60:e4:fb:ed:66:3c:d5: - ca:5e:f1:9e:cb:d9:6c:7d:58:3b:88:4d:00:56:35:91:02:6d: - ed:6f:c0:e5:2f:74:83:8e:d4:af:35:0b:db:9e:e2:99:17:f2: - 09:39:39:3a:f0:ea:d8:c8:7d:16:6b:fa:dc:12:b4:ce:c9:82: - d8:25:cf:8e:6e:a9:2e:ef:47:ca:fa:df:8e:f9:b7:2b:81:59: - c3:30:23:a7:45:7d:17:f4:21:d2:eb:a1:d8:0d:d3:97:75:8c: - fe:1c:4a:44:49:7a:96:82:ee:7c:6f:0f:40:d8:91:b5:89:e3: - 33:d8:60:2a:7f:3e:09:42:aa:b9:d5:f7:4a:f9:86:e3:d4:10: - ea:c0:37:06:31:2a:49:ca:de:5c:5b:c7:36:20:4e:6f:3a:cc: - 9d:24:bb:f1:6e:c3:68:78:c7:0b:30:c4:8d:b5:43:b0:85:02: - ae:ac:33:ec:55:b8:f0:cc:8e:68:1f:99:24:fb:bd:fc:4c:40: - 07:a2:7e:f6 + ab:b7:78:c8:18:6e:6a:27:5d:bb:16:a1:d3:ae:b5:fd:46:50: + cf:dc:82:f9:4a:19:ec:bf:44:cd:f5:1f:15:2c:5a:e9:65:27: + b2:e1:88:62:0f:bc:a1:3c:95:fb:62:8a:71:e0:c6:22:ce:2e: + 00:ca:4e:7a:03:2a:12:90:98:7b:53:9f:46:a0:ff:6b:04:dc: + 2a:8d:bb:93:e7:b9:0b:d0:61:0f:62:97:18:99:bb:e7:1c:e3: + a2:ab:70:8f:32:47:7f:1e:3b:cb:62:55:41:a4:af:1f:01:2c: + 9b:b2:cc:06:8d:28:04:57:5b:f6:32:b8:e8:18:b6:6b:a1:b9: + aa:3f:49:ea:c1:02:c7:92:d9:c7:23:ea:a2:f7:70:a9:da:9e: + 5e:82:ef:30:07:c7:89:da:c9:e0:cf:ed:e9:4c:34:d4:72:0e: + 16:49:82:c5:a9:b4:a7:05:07:cc:5d:eb:b4:ef:9a:09:73:a2: + d4:b6:c5:be:34:c0:c9:09:29:a5:d5:f1:e4:82:49:70:bf:75: + 79:15:cd:c1:c8:a3:4d:9b:b4:e2:94:5e:27:61:ea:34:69:88: + 47:bd:61:e9:0d:f3:95:8f:ff:53:e7:5c:11:e3:f4:d0:70:ad: + 9a:73:5d:29:30:fc:23:2e:c0:62:d4:d3:a8:ce:b2:e9:d3:b9: + 3f:10:0a:f2 -----BEGIN CERTIFICATE----- MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1 -MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO @@ -60,11 +60,11 @@ BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG -9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCre1QrSmHmyTAMBgNVHRMEBTADAQH/ -MA0GCSqGSIb3DQEBCwUAA4IBAQChxuvAwldwiP3+9+WevSLbL0k82JvU2x/hDJDc -KmleHb/JJhMXQJ+8jn5mYC3duhVJ6334b1x2XwSrbrYRXDW9eWDk++1mPNXKXvGe -y9lsfVg7iE0AVjWRAm3tb8DlL3SDjtSvNQvbnuKZF/IJOTk68OrYyH0Wa/rcErTO -yYLYJc+Obqku70fK+t+O+bcrgVnDMCOnRX0X9CHS66HYDdOXdYz+HEpESXqWgu58 -bw9A2JG1ieMz2GAqfz4JQqq51fdK+Ybj1BDqwDcGMSpJyt5cW8c2IE5vOsydJLvx -bsNoeMcLMMSNtUOwhQKurDPsVbjwzI5oH5kk+738TEAHon72 +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQC3tpAzZhtrIzAMBgNVHRMEBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQCrt3jIGG5qJ127FqHTrrX9RlDP3IL5Shnsv0TN +9R8VLFrpZSey4YhiD7yhPJX7Yopx4MYizi4Ayk56AyoSkJh7U59GoP9rBNwqjbuT +57kL0GEPYpcYmbvnHOOiq3CPMkd/HjvLYlVBpK8fASybsswGjSgEV1v2MrjoGLZr +obmqP0nqwQLHktnHI+qi93Cp2p5egu8wB8eJ2sngz+3pTDTUcg4WSYLFqbSnBQfM +Xeu075oJc6LUtsW+NMDJCSml1fHkgklwv3V5Fc3ByKNNm7TilF4nYeo0aYhHvWHp +DfOVj/9T51wR4/TQcK2ac10pMPwjLsBi1NOozrLp07k/EAry -----END CERTIFICATE----- diff --git a/certs/server-ecc.der b/certs/server-ecc.der new file mode 100644 index 0000000000000000000000000000000000000000..c28dec1cbca3dea8ed724da189061822ac5bc87d GIT binary patch literal 788 zcmXqLViquHV%oZZnTe5!iId^I+wmo{cPCsn;9}#@YV$Z}%fifL(AaOtZNSOK9LmBb z%oG}IC~P1I;&AYAg(ntgWag!pwF?WMW=Z(dU-whhS7|60QhsyG?h_Q&o#;UzvQ)l*bcA2QQmnxI; z`%Rq&28~BR^2#iYdkh+PHegk=uyN{=#z})O?3$30B@f6K!Yr%?%#4ixkrOGiCxd|- zlOn^%3(M@9ja4pIvBt~s?XAr=e)*~G^Jm+Y@3YzsH*c>CU{YlGkZ||hqT69_Zhm?4 aSoO+=ld83+s$zE?+4QZJ<@nyDlL`QHw&#ri literal 0 HcmV?d00001 diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem index 37b191341..9c92c53ef 100644 --- a/certs/server-ecc.pem +++ b/certs/server-ecc.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 9a:1a:8c:0a:a5:f3:ff:40 + ef:46:c7:a4:9b:bb:60:d3 Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:35 2016 GMT - Not After : Apr 21 18:56:35 2019 GMT + Not Before: Aug 11 20:07:38 2016 GMT + Not After : May 8 20:07:38 2019 GMT Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -26,21 +26,21 @@ Certificate: X509v3 Authority Key Identifier: keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9A:1A:8C:0A:A5:F3:FF:40 + serial:EF:46:C7:A4:9B:BB:60:D3 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:09:a3:39:1f:91:7c:61:02:c7:f9:f6:d9:01:9e: - 2d:48:62:af:53:0b:21:d1:d1:1b:e4:f7:05:e2:c8:ed:2a:16: - 02:20:5f:b0:0b:96:d1:eb:0c:f2:d4:51:74:21:ca:dc:ac:b3: - 27:bf:9f:1f:99:fc:1a:22:f2:31:3e:5a:a5:d1:78:24 + 30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e: + bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e: + 50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4: + b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20 -----BEGIN CERTIFICATE----- -MIIDDjCCArWgAwIBAgIJAJoajAql8/9AMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG +MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1 -MTg1NjM1WhcNMTkwNDIxMTg1NjM1WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD @@ -50,7 +50,7 @@ SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns -LmNvbYIJAJoajAql8/9AMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIg -CaM5H5F8YQLH+fbZAZ4tSGKvUwsh0dEb5PcF4sjtKhYCIF+wC5bR6wzy1FF0Icrc -rLMnv58fmfwaIvIxPlql0Xgk +LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh +APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj +JdSwySV9ynpdusSy9n0Ex71iySA= -----END CERTIFICATE----- diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index cd0f872a6..7908e8791 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AB:7B:54:2B:4A:61:E6:C9 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 3b:7b:7d:00:75:1d:2a:a9:50:73:a3:f2:f1:d7:28:5d:4b:04: - f5:34:15:89:a7:37:df:7b:ec:0f:6a:ac:97:80:88:1d:fa:bc: - f5:4c:f7:bc:32:16:43:17:77:7c:a5:e1:09:a9:57:e3:54:9c: - 70:3c:27:f8:d7:35:48:12:95:01:ec:f4:eb:4d:b8:4e:d6:9a: - 74:9e:f9:bf:1c:0a:0b:3a:e8:b2:57:c6:ac:3d:ba:27:90:27: - 16:f5:24:e1:53:16:4e:32:dd:03:9b:6d:9f:af:f5:c8:91:ec: - e6:af:f1:48:29:3f:d9:0d:f5:07:86:72:80:49:0a:cc:87:cf: - 91:7d:04:de:d7:ef:bc:de:73:4f:66:f1:63:c2:2c:63:a3:2f: - 70:88:e8:18:c8:17:9b:ea:da:17:f6:00:c4:40:c5:ea:d4:61: - 7f:48:07:5f:b3:6c:e6:4c:76:e5:17:ca:b8:82:87:ec:6f:81: - 90:76:90:d8:86:3f:28:e8:b8:1f:0d:83:53:33:57:10:d2:2f: - 78:d4:2b:30:01:d8:8f:09:7a:a3:92:ee:15:68:67:82:ce:3e: - 8a:a6:f2:59:03:68:85:47:bf:26:39:65:d0:c1:e9:93:89:5a: - b3:aa:f9:cf:93:96:fb:82:f6:29:29:19:63:4e:bb:84:56:b6: - 57:28:e7:d0 + 79:13:f5:c1:05:42:12:3a:61:f2:f1:ac:05:6e:15:05:9b:ab: + 58:74:b2:3f:00:38:82:77:f7:9a:57:32:e2:af:66:3d:81:25: + 09:40:5a:d9:bc:d7:34:18:20:cd:89:b8:7e:c6:94:22:9a:28: + fe:0e:55:73:1d:77:7c:c3:e6:c6:4b:f3:40:0c:8b:cc:93:c1: + 11:d1:0f:0e:50:0c:c2:b2:38:73:35:d1:db:d0:55:0d:6d:d7: + 33:15:13:e8:a0:77:f3:f1:4d:c2:24:4a:f6:45:4c:67:dd:fd: + 7e:46:b9:85:67:06:5a:4e:c1:4f:1f:94:f7:e6:b0:1a:b1:42: + 80:97:d2:7d:ed:8e:02:b2:2f:7e:c4:1b:60:d9:84:6e:dd:78: + ef:41:82:81:05:6f:d7:b1:36:59:74:e6:ba:9c:5a:48:a7:58: + d9:71:bd:16:53:32:21:55:89:75:7d:a0:48:12:a9:3d:77:73: + 51:a7:c3:e3:c9:df:e1:df:37:29:de:49:47:cf:7f:3c:30:86: + d2:26:f9:45:dc:71:c1:b8:5b:9e:ef:05:64:5a:63:7c:c4:60: + e2:67:f7:cd:e3:be:0b:d2:78:7f:66:c4:f5:c0:1c:6c:f1:e1: + 56:c3:01:07:c3:7d:50:73:1f:48:2c:89:88:fb:ec:b2:0b:aa: + bb:0a:1f:f4 -----BEGIN CERTIFICATE----- MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1 -MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2 b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G @@ -76,25 +76,25 @@ gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAKt7VCtKYebJ -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADt7fQB1HSqpUHOj8vHX -KF1LBPU0FYmnN9977A9qrJeAiB36vPVM97wyFkMXd3yl4QmpV+NUnHA8J/jXNUgS -lQHs9OtNuE7WmnSe+b8cCgs66LJXxqw9uieQJxb1JOFTFk4y3QObbZ+v9ciR7Oav -8UgpP9kN9QeGcoBJCsyHz5F9BN7X77zec09m8WPCLGOjL3CI6BjIF5vq2hf2AMRA -xerUYX9IB1+zbOZMduUXyriCh+xvgZB2kNiGPyjouB8Ng1MzVxDSL3jUKzAB2I8J -eqOS7hVoZ4LOPoqm8lkDaIVHvyY5ZdDB6ZOJWrOq+c+TlvuC9ikpGWNOu4RWtlco -59A= +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sj +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHkT9cEFQhI6YfLxrAVu +FQWbq1h0sj8AOIJ395pXMuKvZj2BJQlAWtm81zQYIM2JuH7GlCKaKP4OVXMdd3zD +5sZL80AMi8yTwRHRDw5QDMKyOHM10dvQVQ1t1zMVE+igd/PxTcIkSvZFTGfd/X5G +uYVnBlpOwU8flPfmsBqxQoCX0n3tjgKyL37EG2DZhG7deO9BgoEFb9exNll05rqc +WkinWNlxvRZTMiFViXV9oEgSqT13c1Gnw+PJ3+HfNyneSUfPfzwwhtIm+UXcccG4 +W57vBWRaY3zEYOJn983jvgvSeH9mxPXAHGzx4VbDAQfDfVBzH0gsiYj77LILqrsK +H/Q= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - ab:7b:54:2b:4a:61:e6:c9 + b7:b6:90:33:66:1b:6b:23 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 25 18:56:34 2016 GMT - Not After : Apr 21 18:56:34 2019 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -125,32 +125,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AB:7B:54:2B:4A:61:E6:C9 + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 43:34:44:86:00:1e:c3:0b:46:6f:4c:e6:84:47:b0:30:bd:e8: - 7e:5e:20:f4:d1:60:e1:56:a3:5d:41:d6:f7:74:94:88:f4:4e: - 2f:6c:a4:12:ae:0e:98:fd:0c:ef:9a:17:70:23:32:24:3b:97: - 01:a9:20:b2:92:ed:69:bd:98:74:be:db:b0:9d:fe:da:77:d4: - 51:46:d4:cb:fc:98:32:ea:c1:f2:df:f2:04:05:62:ee:f8:37: - 3d:5b:1b:d4:ab:a0:9a:13:e9:19:c0:01:41:7e:e3:cb:97:ba: - b9:0b:6a:61:d8:9b:b5:ed:cb:2e:6c:42:a7:ea:db:fa:e9:48: - 93:52:9c:1b:4b:c0:17:8b:fb:1e:ba:09:23:56:ac:e4:d1:de: - e7:c4:a9:48:80:1e:d2:9f:43:3e:f4:40:fb:38:fa:3f:62:52: - ae:73:5e:3d:0e:be:21:4f:a6:5e:1d:4c:14:fd:f9:59:42:91: - 28:37:20:e3:5c:6a:08:51:4a:5e:04:ec:8b:98:97:4d:d0:3d: - c9:af:33:22:d2:29:83:fd:b8:cb:99:96:95:c6:38:c8:39:1f: - 38:9c:8d:43:8c:33:5f:bf:6f:16:ff:68:1e:8b:b1:f9:b2:ae: - 9d:64:ad:54:dd:fa:e0:b0:7c:9b:dd:fd:96:8c:70:8c:5e:e7: - d5:00:fa:f4 + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAKt7VCtKYebJMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -164,11 +164,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQzREhgAewwtGb0zmhEewML3o -fl4g9NFg4VajXUHW93SUiPROL2ykEq4OmP0M75oXcCMyJDuXAakgspLtab2YdL7b -sJ3+2nfUUUbUy/yYMurB8t/yBAVi7vg3PVsb1KugmhPpGcABQX7jy5e6uQtqYdib -te3LLmxCp+rb+ulIk1KcG0vAF4v7HroJI1as5NHe58SpSIAe0p9DPvRA+zj6P2JS -rnNePQ6+IU+mXh1MFP35WUKRKDcg41xqCFFKXgTsi5iXTdA9ya8zItIpg/24y5mW -lcY4yDkfOJyNQ4wzX79vFv9oHoux+bKunWStVN364LB8m939loxwjF7n1QD69A== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- diff --git a/gencertbuf.pl b/gencertbuf.pl index 450ff764a..09c6114c2 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -15,6 +15,20 @@ use warnings; # output C header file to write cert/key buffers to my $outputFile = "./wolfssl/certs_test.h"; +# ecc keys and certs to be converted +# Used with HAVE_ECC && USE_CERT_BUFFERS_256 + +my @fileList_ecc = ( + [ "./certs/ecc-client-key.der", "ecc_clikey_der_256" ], + [ "./certs/ecc-client-keyPub.der", "ecc_clikeypub_der_256" ], + [ "./certs/client-ecc-cert.der", "cliecc_cert_der_256" ], + [ "./certs/ecc-key.der", "ecc_key_der_256" ], + [ "./certs/ecc-keyPub.der", "ecc_key_pub_der_256" ], + [ "./certs/server-ecc-comp.der", "serv_ecc_comp_der_256" ], + [ "./certs/server-ecc-rsa.der", "serv_ecc_rsa_der_256" ], + [ "./certs/server-ecc.der", "serv_ecc_der_256" ] + ); + # 1024-bit certs/keys to be converted # Used with USE_CERT_BUFFERS_1024 define. @@ -25,6 +39,7 @@ my @fileList_1024 = ( [ "./certs/1024/dh1024.der", "dh_key_der_1024" ], [ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ], [ "./certs/1024/rsa1024.der", "rsa_key_der_1024" ], + [ "./certs/1024/ca-key.der", "ca_key_der_1024"], [ "./certs/1024/ca-cert.der", "ca_cert_der_1024" ], [ "./certs/1024/server-key.der", "server_key_der_1024" ], [ "./certs/1024/server-cert.der", "server_cert_der_1024" ] @@ -47,6 +62,7 @@ my @fileList_2048 = ( # ---------------------------------------------------------------------------- +my $num_ecc = @fileList_ecc; my $num_1024 = @fileList_1024; my $num_2048 = @fileList_2048; @@ -57,6 +73,7 @@ print OUT_FILE "/* certs_test.h */\n\n"; print OUT_FILE "#ifndef WOLFSSL_CERTS_TEST_H\n"; print OUT_FILE "#define WOLFSSL_CERTS_TEST_H\n\n"; + # convert and print 1024-bit cert/keys print OUT_FILE "#ifdef USE_CERT_BUFFERS_1024\n\n"; for (my $i = 0; $i < $num_1024; $i++) { @@ -88,7 +105,26 @@ for (my $i = 0; $i < $num_2048; $i++) { print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n"; } + print OUT_FILE "#endif /* USE_CERT_BUFFERS_2048 */\n\n"; + +# convert and print 256-bit cert/keys +print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n"; +for (my $i = 0; $i < $num_ecc; $i++) { + + my $fname = $fileList_ecc[$i][0]; + my $sname = $fileList_ecc[$i][1]; + + print OUT_FILE "/* $fname, ECC */\n"; + print OUT_FILE "static const unsigned char $sname\[] =\n"; + print OUT_FILE "{\n"; + file_to_hex($fname); + print OUT_FILE "};\n"; + print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n"; +} +print OUT_FILE "#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */\n\n"; + + print OUT_FILE "/* dh1024 p */ static const unsigned char dh_p[] = { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5d2bff6c9..91a14bf27 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -122,7 +122,8 @@ #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \ - || !defined(NO_DH) + || !defined(NO_DH) \ + || defined(USE_CERT_BUFFERS_256) /* include test cert and key buffers for use with NO_FILESYSTEM */ #include #endif @@ -225,6 +226,9 @@ int pbkdf2_test(void); #ifdef HAVE_ECC_ENCRYPT int ecc_encrypt_test(void); #endif + #ifdef USE_CERT_BUFFERS_256 + int ecc_test_buffers(void); + #endif #endif #ifdef HAVE_CURVE25519 int curve25519_test(void); @@ -602,6 +606,12 @@ int wolfcrypt_test(void* args) else printf( "ECC Enc test passed!\n"); #endif + #ifdef USE_CERT_BUFFERS_256 + if ( (ret = ecc_test_buffers()) != 0) + return err_sys("ECC buffer test failed!\n", ret); + else + printf( "ECC buffer test passed!\n"); + #endif #endif #ifdef HAVE_CURVE25519 @@ -5385,6 +5395,7 @@ int rsa_test(void) strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE); strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); + myCert.daysValid = 1000; #ifdef WOLFSSL_CERT_EXT @@ -7255,6 +7266,92 @@ int ecc_encrypt_test(void) } #endif /* HAVE_ECC_ENCRYPT */ + +#ifdef USE_CERT_BUFFERS_256 +int ecc_test_buffers() { + size_t bytes; + ecc_key cliKey; + ecc_key servKey; +#ifdef WOLFSSL_CERT_EXT + ecc_key keypub; +#endif + WC_RNG rng; + word32 idx = 0; + int ret; + /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ + byte in[] = "Everyone gets Friday off. ecc p"; + word32 inLen = (word32)XSTRLEN((char*)in); + byte out[256]; + byte plain[256]; + int verify = 0; + word32 x; + + bytes = sizeof_ecc_clikey_der_256; + /* place client key into ecc_key struct cliKey */ + ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, + (word32)bytes); + if (ret != 0) + return -41; + + idx = 0; + bytes = sizeof_ecc_key_der_256; + + /* place server key into ecc_key struct servKey */ + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey, + (word32)bytes); + if (ret != 0) + return -41; + + ret = wc_InitRng(&rng); + if (ret != 0) + return -42; + +#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) + { + word32 y; + /* test encrypt and decrypt if they're available */ + x = sizeof(out); + ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL); + if (ret < 0) + return -43; + + y = sizeof(plain); + ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL); + if (ret < 0) + return -44; + + if (XMEMCMP(plain, in, inLen)) + return -45; + } +#endif + + + x = sizeof(out); + ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey); + if (ret < 0) + return -46; + + XMEMSET(plain, 0, sizeof(plain)); + + ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, &cliKey); + if (ret < 0) + return -47; + + if (XMEMCMP(plain, in, ret)) + return -48; + + idx = 0; + + bytes = sizeof_ecc_clikeypub_der_256; + + ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey, + (word32) bytes); + if (ret != 0) + return -52; + + return 0; +} +#endif /* USE_CERT_BUFFERS_256 */ #endif /* HAVE_ECC */ diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 1231651aa..2d52511d7 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -99,8 +99,8 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); static const unsigned char client_cert_der_1024[] = { 0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB1, 0x21, 0x19, 0x7D, - 0x16, 0x7A, 0x6D, 0xE5, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF3, 0x63, 0xB8, 0x35, + 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -118,10 +118,10 @@ static const unsigned char client_cert_der_1024[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x37, 0x32, 0x35, - 0x31, 0x38, 0x35, 0x36, 0x33, 0x34, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x34, 0x32, 0x31, 0x31, 0x38, 0x35, 0x36, 0x33, - 0x34, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -178,23 +178,23 @@ static const unsigned char client_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xB1, 0x21, 0x19, 0x7D, 0x16, 0x7A, 0x6D, 0xE5, 0x30, 0x0C, + 0xF3, 0x63, 0xB8, 0x35, 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x18, 0xAD, 0x2F, 0x70, 0x0B, 0x3B, 0x01, 0xD1, 0x85, - 0xE9, 0x5F, 0xBE, 0xF6, 0x89, 0x44, 0x9D, 0x06, 0x36, 0x9D, - 0xE1, 0x57, 0x7D, 0x73, 0x02, 0x10, 0xBC, 0x5A, 0x8E, 0x94, - 0x15, 0x78, 0x35, 0xD4, 0x98, 0x2E, 0xF9, 0xAE, 0xDF, 0x67, - 0x97, 0x6C, 0xF6, 0x89, 0xE7, 0x6E, 0xE7, 0xFB, 0xA2, 0x97, - 0xC7, 0x71, 0xA3, 0xD9, 0x03, 0x68, 0xD2, 0xA1, 0x5B, 0x5A, - 0x5B, 0xF7, 0xF3, 0x78, 0x23, 0xFC, 0xAC, 0x71, 0x6F, 0x0B, - 0x96, 0xDE, 0xE6, 0x71, 0x9F, 0x90, 0xFD, 0x2A, 0xF9, 0x98, - 0x39, 0xFF, 0x87, 0x6A, 0xD2, 0x17, 0x2A, 0xAF, 0xE4, 0xD2, - 0xB5, 0x2C, 0x90, 0xFB, 0xCC, 0x76, 0xC0, 0x05, 0x65, 0x09, - 0x97, 0xA3, 0xE8, 0x30, 0x7A, 0x75, 0x5F, 0xB9, 0x5D, 0x5E, - 0xC5, 0xC5, 0xAD, 0xAA, 0x66, 0x36, 0x26, 0xD9, 0x67, 0x79, - 0x1E, 0x1B, 0x99, 0xD6, 0xF5, 0xAA, 0xD7, 0xEE, 0x61 + 0x00, 0x31, 0x5E, 0xC5, 0x8C, 0x6F, 0xB7, 0xC5, 0x47, 0x1B, + 0x51, 0x5F, 0x99, 0x91, 0xA1, 0x23, 0x45, 0x3C, 0x36, 0x59, + 0x20, 0xFE, 0x90, 0x46, 0x95, 0x79, 0xE8, 0xB8, 0xD9, 0xDB, + 0x44, 0x7F, 0x63, 0x42, 0x71, 0x59, 0xD5, 0x59, 0xA5, 0x3C, + 0xD3, 0x43, 0x83, 0xA0, 0x7D, 0x1E, 0x56, 0x36, 0x02, 0x92, + 0xE2, 0x0A, 0x19, 0xF6, 0x97, 0xF2, 0x82, 0x12, 0xA6, 0xB2, + 0xBF, 0x3B, 0xB6, 0xB0, 0x07, 0xFC, 0x7A, 0x5B, 0x78, 0x22, + 0xA0, 0x31, 0xF4, 0x3D, 0xEB, 0x0A, 0xC5, 0xE4, 0xE5, 0xB4, + 0xC7, 0xBB, 0x4F, 0xA9, 0xB8, 0x37, 0x19, 0xBF, 0xC7, 0x64, + 0x9D, 0x74, 0x9E, 0x78, 0xDF, 0x09, 0xF5, 0xD6, 0xDD, 0xC2, + 0xFB, 0xCE, 0x94, 0xD5, 0xBF, 0x97, 0xB0, 0x76, 0xB5, 0xE9, + 0x10, 0x65, 0x6C, 0x48, 0x85, 0xC4, 0x1B, 0xFF, 0x5B, 0x64, + 0xC7, 0x11, 0x30, 0x06, 0xE4, 0x40, 0xF5, 0x90, 0x2B }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -336,6 +336,74 @@ static const unsigned char rsa_key_der_1024[] = }; static const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024); +/* ./certs/1024/ca-key.der, 1024-bit */ +static const unsigned char ca_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5E, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, 0xC3, + 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, 0x59, + 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, 0x17, + 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, 0x62, + 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, 0x0B, + 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, 0x2E, + 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, 0x80, + 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, 0xDB, + 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, 0x27, + 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, 0x01, + 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, 0x92, + 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, 0x88, + 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x52, 0x35, 0x3D, + 0x01, 0x29, 0xA4, 0x95, 0x29, 0x71, 0x9B, 0x64, 0x6A, 0x2C, + 0xC3, 0xD2, 0xB5, 0xBE, 0x6E, 0x13, 0x9C, 0x8F, 0xB6, 0x26, + 0xD8, 0x76, 0x6B, 0xBD, 0x61, 0xBC, 0x63, 0x2D, 0xD5, 0x4D, + 0xBB, 0xCC, 0xC6, 0x3B, 0x89, 0xC8, 0xCE, 0x7B, 0x9B, 0x97, + 0xE7, 0x51, 0x67, 0x61, 0xDA, 0xA9, 0x83, 0x7B, 0xC8, 0x44, + 0xF5, 0x70, 0x5E, 0x3E, 0xD0, 0x7E, 0x51, 0xB9, 0x6E, 0x13, + 0x57, 0x08, 0x5C, 0xE1, 0x67, 0x4F, 0x61, 0x5E, 0xA5, 0x09, + 0xEC, 0x11, 0xDD, 0xE4, 0xB8, 0xB4, 0xF4, 0xE0, 0x63, 0x34, + 0x4C, 0xDA, 0x32, 0x20, 0x1F, 0x85, 0x41, 0x5D, 0xBC, 0xDB, + 0x24, 0xC5, 0xAF, 0xBE, 0x02, 0x5F, 0x22, 0xF1, 0x7C, 0xCC, + 0x05, 0x56, 0xA6, 0xA6, 0x37, 0x9A, 0xEB, 0xFF, 0x52, 0x2D, + 0xBF, 0x30, 0x4B, 0x9A, 0x1D, 0xEE, 0xAB, 0x9C, 0x2C, 0xE2, + 0xC1, 0xB8, 0x9D, 0xC9, 0x31, 0x02, 0x41, 0x00, 0xE9, 0x89, + 0x16, 0xCD, 0xAC, 0x2E, 0xF2, 0x4D, 0x66, 0x17, 0xBD, 0x78, + 0x12, 0x12, 0x8D, 0x8E, 0x84, 0x24, 0xDE, 0x2D, 0x50, 0x41, + 0x85, 0x8C, 0x34, 0x09, 0xFA, 0xFB, 0x6D, 0x87, 0x51, 0x4C, + 0x13, 0x28, 0xF0, 0x60, 0x11, 0x86, 0x3D, 0xC2, 0xA4, 0xCF, + 0x5E, 0xC5, 0x6F, 0x5B, 0x11, 0x32, 0x0A, 0xB5, 0x28, 0xD0, + 0x82, 0x47, 0x44, 0x26, 0x92, 0xE2, 0x78, 0x59, 0xB4, 0x08, + 0xB3, 0xFD, 0x02, 0x41, 0x00, 0xE1, 0x75, 0xB4, 0x6A, 0xB5, + 0x8C, 0x11, 0xFB, 0xCC, 0x42, 0x02, 0xC5, 0xDA, 0x48, 0xCE, + 0x29, 0x43, 0x14, 0x01, 0x9A, 0x2C, 0xB3, 0xA4, 0xCB, 0x73, + 0xEB, 0xA1, 0x35, 0x57, 0xAD, 0xB5, 0x16, 0x17, 0x80, 0x03, + 0x5F, 0x32, 0x37, 0xBE, 0xA2, 0x6F, 0xF9, 0x31, 0x84, 0xBF, + 0x00, 0x6E, 0x8D, 0x03, 0x0E, 0x30, 0x1C, 0xD0, 0x2F, 0x37, + 0xF0, 0x7E, 0xC2, 0x64, 0xBF, 0xEE, 0x4B, 0xE8, 0xFD, 0x02, + 0x41, 0x00, 0xE1, 0x99, 0x8B, 0x2B, 0xD8, 0x9F, 0xE9, 0x76, + 0x97, 0x9F, 0x6B, 0x6B, 0x28, 0x9A, 0x3F, 0xA1, 0x63, 0x4A, + 0x72, 0x4E, 0xF7, 0xEE, 0xB3, 0xE2, 0x43, 0x0B, 0x39, 0x27, + 0xD6, 0x21, 0x18, 0x8A, 0x13, 0x20, 0x43, 0x45, 0xAA, 0xE8, + 0x31, 0x95, 0x6C, 0xBC, 0xDE, 0xE2, 0x7F, 0xB6, 0x4B, 0xA0, + 0x39, 0xF3, 0xD3, 0x9F, 0xC9, 0x9A, 0xAA, 0xDD, 0x50, 0x9B, + 0xF2, 0x83, 0x45, 0x85, 0xFA, 0xC9, 0x02, 0x41, 0x00, 0xAF, + 0xB0, 0xC7, 0x7C, 0xF8, 0x28, 0x44, 0xC3, 0x50, 0xF2, 0x87, + 0xB2, 0xA2, 0x5D, 0x65, 0xBA, 0x25, 0xB9, 0x6B, 0x5E, 0x37, + 0x43, 0x6E, 0x41, 0xD4, 0xFD, 0x63, 0x4C, 0x6C, 0x1C, 0xC3, + 0x26, 0x89, 0xFD, 0x89, 0xA3, 0x1F, 0x40, 0xED, 0x5F, 0x2B, + 0x9E, 0xA6, 0x85, 0xE9, 0x49, 0x6E, 0xDC, 0x97, 0xEA, 0xF0, + 0x77, 0x23, 0x8C, 0x08, 0x2D, 0x72, 0xBA, 0x0D, 0x44, 0xBB, + 0x6F, 0x90, 0x09, 0x02, 0x41, 0x00, 0x91, 0xE4, 0x2E, 0xCA, + 0x8C, 0x0A, 0x69, 0x2F, 0x62, 0xE2, 0x62, 0x3B, 0xA5, 0x8D, + 0x5A, 0x2C, 0x56, 0x3E, 0x7F, 0x67, 0x42, 0x92, 0x12, 0x92, + 0x5F, 0xF3, 0x97, 0xDD, 0xE1, 0xA9, 0x7F, 0xAD, 0x2E, 0x2D, + 0xF4, 0x4A, 0x57, 0xB3, 0x7A, 0x10, 0xBD, 0xD7, 0xE4, 0xEC, + 0x6A, 0x08, 0x21, 0xE9, 0xF2, 0x46, 0x49, 0xD2, 0x69, 0x47, + 0x8A, 0x20, 0x4B, 0xF2, 0xB1, 0x52, 0x83, 0xAB, 0x6F, 0x10 + +}; +static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); + /* ./certs/1024/ca-cert.der, 1024-bit */ static const unsigned char ca_cert_der_1024[] = { @@ -776,8 +844,8 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); static const unsigned char client_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xD2, 0xFE, 0x4A, 0x9E, - 0xAA, 0xA9, 0x46, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, + 0xAD, 0xAA, 0x0A, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -795,10 +863,10 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x37, 0x32, 0x35, - 0x31, 0x38, 0x35, 0x36, 0x33, 0x34, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x34, 0x32, 0x31, 0x31, 0x38, 0x35, 0x36, 0x33, - 0x34, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -868,36 +936,36 @@ static const unsigned char client_cert_der_2048[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xD2, 0xFE, 0x4A, 0x9E, 0xAA, 0xA9, 0x46, 0x31, + 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, 0xAD, 0xAA, 0x0A, 0x8C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x87, 0xF1, 0xAB, 0x95, 0x97, 0xE3, - 0xC7, 0x71, 0x5D, 0xA9, 0x3D, 0x63, 0x80, 0xBE, 0xE2, 0xC0, - 0x77, 0xDC, 0x02, 0x43, 0x70, 0xC5, 0xF2, 0x45, 0x2D, 0xF8, - 0xD8, 0x69, 0x92, 0xB6, 0xE8, 0x77, 0xEC, 0x53, 0x49, 0x3A, - 0x37, 0xFC, 0xB7, 0x13, 0x2E, 0x34, 0x60, 0x6D, 0x21, 0x59, - 0xDA, 0x02, 0x4A, 0x0E, 0xFD, 0xF6, 0xC0, 0xA5, 0x26, 0x34, - 0xA6, 0x6A, 0x9F, 0xC4, 0x7D, 0x28, 0xE1, 0xFD, 0xFB, 0x12, - 0x28, 0xB8, 0xB6, 0x01, 0x7F, 0x57, 0x66, 0xFC, 0x46, 0x85, - 0xD2, 0x23, 0xB4, 0xE6, 0x54, 0x0B, 0xEE, 0x2E, 0x9B, 0xA8, - 0xE0, 0x70, 0x28, 0x4D, 0xE7, 0xA5, 0xF5, 0x3D, 0xDB, 0x4E, - 0x98, 0x98, 0x24, 0xE2, 0x30, 0x99, 0xC9, 0xA0, 0xBF, 0x2B, - 0x00, 0x57, 0xD0, 0xDF, 0x9D, 0xFA, 0x57, 0xCF, 0x93, 0xFC, - 0xE6, 0x36, 0x0C, 0xA5, 0x58, 0xA1, 0x65, 0x2B, 0x1D, 0xBE, - 0x65, 0x79, 0xA0, 0x6B, 0x29, 0x61, 0xD1, 0x52, 0xEF, 0x0F, - 0x86, 0x21, 0x76, 0xD2, 0x13, 0xC2, 0xDE, 0x73, 0x17, 0x51, - 0x08, 0x65, 0x3E, 0x1D, 0xF9, 0x30, 0x5B, 0x36, 0x76, 0x11, - 0x6F, 0x3C, 0xD3, 0x0C, 0x03, 0x6B, 0x3E, 0xF7, 0x5C, 0xB1, - 0x26, 0xA8, 0x1B, 0xA5, 0x01, 0x3A, 0x9A, 0x18, 0x6D, 0xEA, - 0x10, 0x29, 0x67, 0x9E, 0x7B, 0x24, 0x2A, 0xE0, 0x80, 0xDC, - 0x6F, 0x35, 0x60, 0xF6, 0x2C, 0x65, 0x02, 0x56, 0xDC, 0x00, - 0x84, 0x11, 0x13, 0x21, 0x23, 0x95, 0xA2, 0xED, 0x55, 0xCE, - 0x79, 0xED, 0xC2, 0x7B, 0x51, 0xD5, 0xF8, 0x8B, 0xAA, 0x43, - 0xA0, 0xE3, 0x03, 0x5F, 0x17, 0x12, 0xA6, 0x8B, 0x22, 0xA6, - 0x83, 0x11, 0x41, 0xB6, 0x4F, 0xC6, 0x71, 0xD2, 0x80, 0x4D, - 0x61, 0xEE, 0xA5, 0x6D, 0x07, 0x26, 0x1A, 0x1D, 0x9C, 0xF4, - 0x7B, 0x07, 0x64, 0xA6, 0xD3, 0x9F, 0x2D, 0xA2, 0xC2, 0xCE + 0x82, 0x01, 0x01, 0x00, 0x33, 0x85, 0x08, 0xB4, 0x58, 0x0E, + 0xA2, 0x00, 0x03, 0x74, 0xDE, 0x77, 0xFB, 0xD1, 0x2B, 0x76, + 0x9C, 0x97, 0x90, 0x20, 0x21, 0xA2, 0xE8, 0x2E, 0x22, 0x50, + 0x26, 0x04, 0x76, 0xBA, 0x5B, 0x47, 0x79, 0xE5, 0x52, 0xF7, + 0xC4, 0x0D, 0x79, 0xFF, 0x62, 0x3F, 0x05, 0x7C, 0xC3, 0x08, + 0x6C, 0xE0, 0xB7, 0x81, 0xD0, 0xCE, 0xC6, 0xC9, 0x46, 0xB9, + 0x8E, 0x4B, 0x5F, 0x56, 0x79, 0x4B, 0x13, 0xB6, 0xD1, 0x6B, + 0x66, 0x4B, 0xCE, 0x00, 0x0D, 0xE3, 0x76, 0x5E, 0xFB, 0xCB, + 0xB5, 0x5D, 0x12, 0x31, 0x05, 0xF1, 0xBB, 0x39, 0xF6, 0x86, + 0x90, 0xCA, 0x92, 0x56, 0xA4, 0xA0, 0x75, 0x21, 0xB6, 0x1D, + 0x4C, 0x96, 0xC3, 0x45, 0xEB, 0x5A, 0x91, 0x94, 0x32, 0xD3, + 0x59, 0xB8, 0xC9, 0x73, 0x1F, 0x03, 0xA9, 0x81, 0x63, 0xE0, + 0x43, 0xC0, 0x1E, 0xC8, 0x65, 0xBE, 0x3B, 0xA7, 0x53, 0xC3, + 0x44, 0xFF, 0xB3, 0xFB, 0x47, 0x84, 0xA8, 0xB6, 0x9D, 0x00, + 0xD5, 0x6B, 0xAE, 0x87, 0xF8, 0xBB, 0x35, 0xB2, 0x6C, 0x66, + 0x0B, 0x11, 0xEE, 0x6F, 0xFE, 0x12, 0xED, 0x59, 0x79, 0xF1, + 0x3E, 0xF2, 0xD3, 0x61, 0x27, 0x8B, 0x95, 0x7E, 0x99, 0x75, + 0x8D, 0xA4, 0x9F, 0x34, 0x85, 0xF1, 0x25, 0x4D, 0x48, 0x1E, + 0x9B, 0x6B, 0x70, 0xF6, 0x66, 0xCC, 0x56, 0xB1, 0xA3, 0x02, + 0x52, 0x8A, 0x7C, 0xAA, 0xAF, 0x07, 0xDA, 0x97, 0xC6, 0x0C, + 0xA5, 0x8F, 0xED, 0xCB, 0xF5, 0xD8, 0x04, 0x5D, 0x97, 0x0A, + 0x5D, 0x5A, 0x2B, 0x49, 0xF5, 0xBD, 0x93, 0xE5, 0x23, 0x9B, + 0x99, 0xB5, 0x0C, 0xFF, 0x0C, 0x7E, 0x38, 0x82, 0xB2, 0x6E, + 0xAB, 0x8A, 0xC9, 0xA7, 0x45, 0xAB, 0xD6, 0xD7, 0x93, 0x35, + 0x70, 0x07, 0x7E, 0xC8, 0x3D, 0xA5, 0xFE, 0x33, 0x8F, 0xD9, + 0x85, 0xC0, 0xC7, 0x5A, 0x02, 0xE4, 0x7C, 0xD6, 0x35, 0x9E }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1155,8 +1223,8 @@ static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048); static const unsigned char ca_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAB, 0x7B, 0x54, 0x2B, - 0x4A, 0x61, 0xE6, 0xC9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB7, 0xB6, 0x90, 0x33, + 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -1173,10 +1241,10 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x37, 0x32, 0x35, - 0x31, 0x38, 0x35, 0x36, 0x33, 0x34, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x34, 0x32, 0x31, 0x31, 0x38, 0x35, 0x36, 0x33, - 0x34, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -1244,36 +1312,36 @@ static const unsigned char ca_cert_der_2048[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xAB, 0x7B, 0x54, 0x2B, 0x4A, 0x61, 0xE6, 0xC9, 0x30, 0x0C, + 0xB7, 0xB6, 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x43, 0x34, 0x44, 0x86, 0x00, 0x1E, 0xC3, 0x0B, - 0x46, 0x6F, 0x4C, 0xE6, 0x84, 0x47, 0xB0, 0x30, 0xBD, 0xE8, - 0x7E, 0x5E, 0x20, 0xF4, 0xD1, 0x60, 0xE1, 0x56, 0xA3, 0x5D, - 0x41, 0xD6, 0xF7, 0x74, 0x94, 0x88, 0xF4, 0x4E, 0x2F, 0x6C, - 0xA4, 0x12, 0xAE, 0x0E, 0x98, 0xFD, 0x0C, 0xEF, 0x9A, 0x17, - 0x70, 0x23, 0x32, 0x24, 0x3B, 0x97, 0x01, 0xA9, 0x20, 0xB2, - 0x92, 0xED, 0x69, 0xBD, 0x98, 0x74, 0xBE, 0xDB, 0xB0, 0x9D, - 0xFE, 0xDA, 0x77, 0xD4, 0x51, 0x46, 0xD4, 0xCB, 0xFC, 0x98, - 0x32, 0xEA, 0xC1, 0xF2, 0xDF, 0xF2, 0x04, 0x05, 0x62, 0xEE, - 0xF8, 0x37, 0x3D, 0x5B, 0x1B, 0xD4, 0xAB, 0xA0, 0x9A, 0x13, - 0xE9, 0x19, 0xC0, 0x01, 0x41, 0x7E, 0xE3, 0xCB, 0x97, 0xBA, - 0xB9, 0x0B, 0x6A, 0x61, 0xD8, 0x9B, 0xB5, 0xED, 0xCB, 0x2E, - 0x6C, 0x42, 0xA7, 0xEA, 0xDB, 0xFA, 0xE9, 0x48, 0x93, 0x52, - 0x9C, 0x1B, 0x4B, 0xC0, 0x17, 0x8B, 0xFB, 0x1E, 0xBA, 0x09, - 0x23, 0x56, 0xAC, 0xE4, 0xD1, 0xDE, 0xE7, 0xC4, 0xA9, 0x48, - 0x80, 0x1E, 0xD2, 0x9F, 0x43, 0x3E, 0xF4, 0x40, 0xFB, 0x38, - 0xFA, 0x3F, 0x62, 0x52, 0xAE, 0x73, 0x5E, 0x3D, 0x0E, 0xBE, - 0x21, 0x4F, 0xA6, 0x5E, 0x1D, 0x4C, 0x14, 0xFD, 0xF9, 0x59, - 0x42, 0x91, 0x28, 0x37, 0x20, 0xE3, 0x5C, 0x6A, 0x08, 0x51, - 0x4A, 0x5E, 0x04, 0xEC, 0x8B, 0x98, 0x97, 0x4D, 0xD0, 0x3D, - 0xC9, 0xAF, 0x33, 0x22, 0xD2, 0x29, 0x83, 0xFD, 0xB8, 0xCB, - 0x99, 0x96, 0x95, 0xC6, 0x38, 0xC8, 0x39, 0x1F, 0x38, 0x9C, - 0x8D, 0x43, 0x8C, 0x33, 0x5F, 0xBF, 0x6F, 0x16, 0xFF, 0x68, - 0x1E, 0x8B, 0xB1, 0xF9, 0xB2, 0xAE, 0x9D, 0x64, 0xAD, 0x54, - 0xDD, 0xFA, 0xE0, 0xB0, 0x7C, 0x9B, 0xDD, 0xFD, 0x96, 0x8C, - 0x70, 0x8C, 0x5E, 0xE7, 0xD5, 0x00, 0xFA, 0xF4 + 0x01, 0x00, 0x0E, 0x93, 0x48, 0x44, 0x4A, 0x72, 0x96, 0x60, + 0x71, 0x25, 0x82, 0xA9, 0x2C, 0xCA, 0x60, 0x5B, 0xF2, 0x88, + 0x3E, 0xCF, 0x11, 0x74, 0x5A, 0x11, 0x4A, 0xDC, 0xD9, 0xD8, + 0xF6, 0x58, 0x2C, 0x05, 0xD3, 0x56, 0xD9, 0xE9, 0x8F, 0x37, + 0xEF, 0x8E, 0x3E, 0x3B, 0xFF, 0x22, 0x36, 0x00, 0xCA, 0xD8, + 0xE2, 0x96, 0x3F, 0xA7, 0xD1, 0xED, 0x1F, 0xDE, 0x7A, 0xB0, + 0xD7, 0x8F, 0x36, 0xBD, 0x41, 0x55, 0x1E, 0xD4, 0xB9, 0x86, + 0x3B, 0x87, 0x25, 0x69, 0x35, 0x60, 0x48, 0xD6, 0xE4, 0x5A, + 0x94, 0xCE, 0xA2, 0xFA, 0x70, 0x38, 0x36, 0xC4, 0x85, 0xB4, + 0x4B, 0x23, 0xFE, 0x71, 0x9E, 0x2F, 0xDB, 0x06, 0xC7, 0xB5, + 0x9C, 0x21, 0xF0, 0x3E, 0x7C, 0xEB, 0x91, 0xF8, 0x5C, 0x09, + 0xFD, 0x84, 0x43, 0xA4, 0xB3, 0x4E, 0x04, 0x0C, 0x22, 0x31, + 0x71, 0x6A, 0x48, 0xC8, 0xAB, 0xBB, 0xE8, 0xCE, 0xFA, 0x67, + 0x15, 0x1A, 0x3A, 0x82, 0x98, 0x43, 0x33, 0xB5, 0x0E, 0x1F, + 0x1E, 0x89, 0xF8, 0x37, 0xDE, 0x1B, 0xE6, 0xB5, 0xA0, 0xF4, + 0xA2, 0x8B, 0xB7, 0x1C, 0x90, 0xBA, 0x98, 0x6D, 0x94, 0x21, + 0x08, 0x80, 0x5D, 0xF3, 0xBF, 0x66, 0xAD, 0xC9, 0x72, 0x28, + 0x7A, 0x6A, 0x48, 0xEE, 0xCF, 0x63, 0x69, 0x31, 0x8C, 0xC5, + 0x8E, 0x66, 0xDA, 0x4B, 0x78, 0x65, 0xE8, 0x03, 0x3A, 0x4B, + 0xF8, 0xCC, 0x42, 0x54, 0xD3, 0x52, 0x5C, 0x2D, 0x04, 0xAE, + 0x26, 0x87, 0xE1, 0x7E, 0x40, 0xCB, 0x45, 0x41, 0x16, 0x4B, + 0x6E, 0xA3, 0x2E, 0x4A, 0x76, 0xBD, 0x29, 0x7F, 0x1C, 0x53, + 0x37, 0x06, 0xAD, 0xE9, 0x5B, 0x6A, 0xD6, 0xB7, 0x4E, 0x94, + 0xA2, 0x7C, 0xE8, 0xAC, 0x4E, 0xA6, 0x50, 0x3E, 0x2B, 0x32, + 0x9E, 0x68, 0x42, 0x1B, 0xE4, 0x59, 0x67, 0x61, 0xEA, 0xC7, + 0x9A, 0x51, 0x9C, 0x1C, 0x55, 0xA3, 0x77, 0x76 }; static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1424,10 +1492,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x37, - 0x32, 0x35, 0x31, 0x38, 0x35, 0x36, 0x33, 0x34, 0x5A, 0x17, - 0x0D, 0x31, 0x39, 0x30, 0x34, 0x32, 0x31, 0x31, 0x38, 0x35, - 0x36, 0x33, 0x34, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, + 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, + 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, + 0x37, 0x33, 0x37, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -1494,42 +1562,479 @@ static const unsigned char server_cert_der_2048[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xAB, 0x7B, - 0x54, 0x2B, 0x4A, 0x61, 0xE6, 0xC9, 0x30, 0x0C, 0x06, 0x03, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, + 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x7D, 0x23, 0xED, 0x97, 0x97, 0x96, 0x3D, 0x0C, 0xA3, 0x33, - 0xF5, 0x83, 0x91, 0xC1, 0xC4, 0xBA, 0xA7, 0x19, 0x4E, 0x12, - 0xD0, 0xE7, 0x25, 0xDA, 0xF8, 0xD0, 0x53, 0xA5, 0xAB, 0x85, - 0x96, 0x23, 0x5A, 0xFA, 0x32, 0x6C, 0x13, 0x14, 0xAC, 0x5A, - 0x2E, 0xC4, 0x6C, 0x9F, 0xA9, 0x8A, 0xF0, 0xD9, 0xAD, 0xDD, - 0x71, 0x98, 0x04, 0x09, 0x3B, 0x25, 0x87, 0xE3, 0xED, 0xD0, - 0xF2, 0x02, 0x20, 0x5A, 0xBA, 0xC6, 0x44, 0x37, 0xBE, 0x56, - 0x92, 0x46, 0x7D, 0x52, 0xE7, 0x12, 0x9F, 0xE1, 0xB9, 0xBD, - 0xD7, 0x58, 0xC5, 0x81, 0xBE, 0x1B, 0x15, 0xC9, 0xD3, 0x57, - 0x46, 0xC8, 0xDC, 0x4E, 0x71, 0x2D, 0xB0, 0xDC, 0x03, 0x81, - 0xCD, 0x94, 0xD5, 0x6F, 0x30, 0xDC, 0x47, 0x49, 0x0C, 0x16, - 0xBD, 0x8B, 0xD6, 0xCB, 0x97, 0x38, 0x45, 0xBD, 0xDA, 0xA3, - 0x82, 0x3F, 0xB4, 0xF3, 0x6B, 0x7B, 0x40, 0xEA, 0x8E, 0x94, - 0xD4, 0xD6, 0x6A, 0x8A, 0xE8, 0x89, 0x15, 0x47, 0xE9, 0x03, - 0x95, 0xFB, 0x3C, 0x05, 0xD3, 0xE2, 0x2D, 0xD6, 0xBD, 0x3C, - 0x9B, 0x6B, 0x92, 0xB0, 0xF8, 0xC1, 0x97, 0xCD, 0x4A, 0xA4, - 0x98, 0x98, 0x85, 0x16, 0xD4, 0x24, 0x5F, 0x1B, 0x33, 0x4E, - 0x27, 0x56, 0xD5, 0x98, 0xDF, 0xE4, 0x2B, 0xDA, 0x88, 0x6A, - 0xBB, 0x95, 0xC7, 0xC4, 0x08, 0x0D, 0xE8, 0xFE, 0x5B, 0xAE, - 0x52, 0x26, 0x87, 0x0F, 0x93, 0xBA, 0xE3, 0xC8, 0x19, 0x7C, - 0x5D, 0x64, 0x15, 0x7D, 0xEE, 0x65, 0x6E, 0xCF, 0x56, 0x24, - 0xA5, 0x4C, 0x5A, 0x07, 0xED, 0x4B, 0x56, 0xF4, 0x0F, 0x5B, - 0x5F, 0xFA, 0x0F, 0x3F, 0xFA, 0x7A, 0x1F, 0xF8, 0x28, 0xA2, - 0x72, 0x14, 0xD5, 0x21, 0x29, 0xD8, 0xC0, 0x42, 0xA7, 0xDE, - 0xD2, 0x00, 0x75, 0xD2, 0xDD, 0xDB, 0x0D, 0xB0, 0x82, 0x33, - 0x2F, 0x2A, 0xDF, 0xA0, 0x87, 0x7D + 0x51, 0xFE, 0x2A, 0xDF, 0x07, 0x7E, 0x43, 0xCA, 0x66, 0x8D, + 0x15, 0xC4, 0x2B, 0xDB, 0x57, 0xB2, 0x06, 0x6D, 0x0D, 0x90, + 0x66, 0xFF, 0xA5, 0x24, 0x9C, 0x14, 0xEF, 0x81, 0xF2, 0xA4, + 0xAB, 0x99, 0xA9, 0x6A, 0x49, 0x20, 0xA5, 0xD2, 0x71, 0xE7, + 0x1C, 0x3C, 0x99, 0x07, 0xC7, 0x47, 0xFC, 0xE8, 0x96, 0xB4, + 0xF5, 0x42, 0x30, 0xCE, 0x39, 0x01, 0x4B, 0xD1, 0xC2, 0xE8, + 0xBC, 0x95, 0x84, 0x87, 0xCE, 0x55, 0x5D, 0x97, 0x9F, 0xCF, + 0x78, 0xF3, 0x56, 0x9B, 0xA5, 0x08, 0x6D, 0xAC, 0xF6, 0xA5, + 0x5C, 0xC4, 0xEF, 0x3E, 0x2A, 0x39, 0xA6, 0x48, 0x26, 0x29, + 0x7B, 0x2D, 0xE0, 0xCD, 0xA6, 0x8C, 0x57, 0x48, 0x0B, 0xBB, + 0x31, 0x32, 0xC2, 0xBF, 0xD9, 0x43, 0x4C, 0x47, 0x25, 0x18, + 0x81, 0xA8, 0xC9, 0x33, 0x82, 0x41, 0x9B, 0xBA, 0x61, 0x86, + 0xD7, 0x84, 0x93, 0x17, 0x24, 0x25, 0x36, 0xCA, 0x4D, 0x63, + 0x6B, 0x4F, 0x95, 0x79, 0xD8, 0x60, 0xE0, 0x1E, 0xF5, 0xAC, + 0xC1, 0x8A, 0xA1, 0xB1, 0x7E, 0x85, 0x8E, 0x87, 0x20, 0x2F, + 0x08, 0x31, 0xAD, 0x5E, 0xC6, 0x4A, 0xC8, 0x61, 0xF4, 0x9E, + 0x07, 0x1E, 0xA2, 0x22, 0xED, 0x73, 0x7C, 0x85, 0xEE, 0xFA, + 0x62, 0xDC, 0x50, 0x36, 0xAA, 0xFD, 0xC7, 0x9D, 0xAA, 0x18, + 0x04, 0xFB, 0xEA, 0xCC, 0x2C, 0x68, 0x9B, 0xB3, 0xA9, 0xC2, + 0x96, 0xD8, 0xC1, 0xCC, 0x5A, 0x7E, 0xF7, 0x0D, 0x9E, 0x08, + 0xE0, 0x9D, 0x29, 0x8B, 0x84, 0x46, 0x8F, 0xD3, 0x91, 0x6A, + 0xB5, 0xB8, 0x7A, 0x5C, 0xCC, 0x4F, 0x55, 0x01, 0xB8, 0x9A, + 0x48, 0xA0, 0x94, 0x43, 0xCA, 0x25, 0x47, 0x52, 0x0A, 0xF7, + 0xF4, 0xBE, 0xB0, 0xD1, 0x71, 0x6D, 0xA5, 0x52, 0x4A, 0x65, + 0x50, 0xB2, 0xAD, 0x4E, 0x1D, 0xE0, 0x6C, 0x01, 0xD8, 0xFB, + 0x43, 0x80, 0xE6, 0xE4, 0x0C, 0x37 }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); #endif /* USE_CERT_BUFFERS_2048 */ +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + +/* ./certs/ecc-client-key.der, ECC */ +static const unsigned char ecc_clikey_der_256[] = +{ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xF8, 0xCF, 0x92, + 0x6B, 0xBD, 0x1E, 0x28, 0xF1, 0xA8, 0xAB, 0xA1, 0x23, 0x4F, + 0x32, 0x74, 0x18, 0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92, + 0xF8, 0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7, 0xA0, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, + 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, + 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, + 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, + 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, + 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, + 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, + 0xB4 +}; +static const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256); + +/* ./certs/ecc-client-keyPub.der, ECC */ +static const unsigned char ecc_clikeypub_der_256[] = +{ + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, + 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, + 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, + 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, + 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, + 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, + 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, + 0xB4 +}; +static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); + +/* ./certs/client-ecc-cert.der, ECC */ +static const unsigned char cliecc_cert_der_256[] = +{ + 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, + 0x13, 0x1D, 0x17, 0x5C, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, + 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, + 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, + 0x38, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, + 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, + 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, + 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, + 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, + 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, + 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, + 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, + 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, + 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, + 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, + 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x81, 0xF5, + 0x30, 0x81, 0xF2, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, + 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, + 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xC2, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xBA, 0x30, 0x81, 0xB7, 0x80, 0x14, + 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, + 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, + 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, + 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x82, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, 0x13, 0x1D, 0x17, + 0x5C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, + 0x30, 0x45, 0x02, 0x20, 0x43, 0x9A, 0xB6, 0x7E, 0x87, 0x8E, + 0x8C, 0xD7, 0x16, 0xF1, 0x0D, 0xD2, 0x50, 0x11, 0xA4, 0xAC, + 0xB6, 0xAC, 0x07, 0xEF, 0xE9, 0x60, 0xE1, 0x90, 0xA2, 0x5F, + 0xC9, 0x76, 0xE6, 0x54, 0x1A, 0x81, 0x02, 0x21, 0x00, 0xD6, + 0x8B, 0x7C, 0xBA, 0x53, 0x12, 0x05, 0x06, 0xFA, 0x8F, 0xC5, + 0xC7, 0x58, 0xC3, 0x9A, 0x9F, 0xA1, 0x84, 0x8C, 0xB4, 0x88, + 0x83, 0x4D, 0x6A, 0xB4, 0xB7, 0x85, 0x7A, 0xB3, 0x3C, 0xF3, + 0xDF +}; +static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); + +/* ./certs/ecc-key.der, ECC */ +static const unsigned char ecc_key_der_256[] = +{ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xB6, 0x69, + 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38, 0x5B, 0x72, 0xE8, + 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, + 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8 +}; +static const int sizeof_ecc_key_der_256 = sizeof(ecc_key_der_256); + +/* ./certs/ecc-keyPub.der, ECC */ +static const unsigned char ecc_key_pub_der_256[] = +{ + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8 +}; +static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256); + +/* ./certs/server-ecc-comp.der, ECC */ +static const unsigned char serv_ecc_comp_der_256[] = +{ + 0x30, 0x82, 0x03, 0x24, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xC3, 0xCD, 0xC5, 0xE4, + 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, + 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, + 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, + 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, + 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, + 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, + 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74, + 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, 0x43, + 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, + 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, + 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, + 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, + 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x09, 0x30, 0x82, 0x01, + 0x05, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, + 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, + 0x5A, 0x18, 0x30, 0x81, 0xD5, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xCD, 0x30, 0x81, 0xCA, 0x80, 0x14, 0x8C, 0x38, + 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, 0xAC, + 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, 0x81, + 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, + 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, + 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0xC3, 0xCD, 0xC5, 0xE4, 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, + 0x21, 0x00, 0xCA, 0x10, 0xEC, 0x8F, 0xF1, 0xEB, 0x92, 0x19, + 0x76, 0xD7, 0x16, 0x54, 0xF2, 0x21, 0x1C, 0x38, 0x0E, 0x6E, + 0x22, 0x3D, 0x95, 0xA4, 0xBD, 0xC8, 0x8C, 0xD2, 0xD8, 0x28, + 0xD3, 0x9C, 0x21, 0x6D, 0x02, 0x20, 0x71, 0x39, 0x0B, 0x0D, + 0xEC, 0x68, 0x8C, 0x64, 0xB6, 0x2C, 0x68, 0xDA, 0x03, 0xB1, + 0xD8, 0xE7, 0xD4, 0xF7, 0xCB, 0xA6, 0x73, 0x7E, 0x08, 0x00, + 0xC6, 0xB8, 0x04, 0x9D, 0x17, 0x3E, 0x66, 0x7F +}; +static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); + +/* ./certs/server-ecc-rsa.der, ECC */ +static const unsigned char serv_ecc_rsa_der_256[] = +{ + 0x30, 0x82, 0x03, 0xE0, 0x30, 0x82, 0x02, 0xC8, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, + 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, + 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, + 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, + 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, + 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x1A, 0x30, 0x18, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x45, 0x6C, 0x6C, + 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x52, 0x53, + 0x41, 0x73, 0x69, 0x67, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x45, 0x43, 0x43, 0x2D, 0x52, + 0x53, 0x41, 0x73, 0x69, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, + 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, + 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, + 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, + 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, + 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, + 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, + 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x81, 0xFC, 0x30, 0x81, + 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, + 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, + 0x89, 0x30, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, + 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, + 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, + 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, + 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, + 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, + 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0xAB, 0xB7, 0x78, 0xC8, 0x18, 0x6E, 0x6A, 0x27, 0x5D, 0xBB, + 0x16, 0xA1, 0xD3, 0xAE, 0xB5, 0xFD, 0x46, 0x50, 0xCF, 0xDC, + 0x82, 0xF9, 0x4A, 0x19, 0xEC, 0xBF, 0x44, 0xCD, 0xF5, 0x1F, + 0x15, 0x2C, 0x5A, 0xE9, 0x65, 0x27, 0xB2, 0xE1, 0x88, 0x62, + 0x0F, 0xBC, 0xA1, 0x3C, 0x95, 0xFB, 0x62, 0x8A, 0x71, 0xE0, + 0xC6, 0x22, 0xCE, 0x2E, 0x00, 0xCA, 0x4E, 0x7A, 0x03, 0x2A, + 0x12, 0x90, 0x98, 0x7B, 0x53, 0x9F, 0x46, 0xA0, 0xFF, 0x6B, + 0x04, 0xDC, 0x2A, 0x8D, 0xBB, 0x93, 0xE7, 0xB9, 0x0B, 0xD0, + 0x61, 0x0F, 0x62, 0x97, 0x18, 0x99, 0xBB, 0xE7, 0x1C, 0xE3, + 0xA2, 0xAB, 0x70, 0x8F, 0x32, 0x47, 0x7F, 0x1E, 0x3B, 0xCB, + 0x62, 0x55, 0x41, 0xA4, 0xAF, 0x1F, 0x01, 0x2C, 0x9B, 0xB2, + 0xCC, 0x06, 0x8D, 0x28, 0x04, 0x57, 0x5B, 0xF6, 0x32, 0xB8, + 0xE8, 0x18, 0xB6, 0x6B, 0xA1, 0xB9, 0xAA, 0x3F, 0x49, 0xEA, + 0xC1, 0x02, 0xC7, 0x92, 0xD9, 0xC7, 0x23, 0xEA, 0xA2, 0xF7, + 0x70, 0xA9, 0xDA, 0x9E, 0x5E, 0x82, 0xEF, 0x30, 0x07, 0xC7, + 0x89, 0xDA, 0xC9, 0xE0, 0xCF, 0xED, 0xE9, 0x4C, 0x34, 0xD4, + 0x72, 0x0E, 0x16, 0x49, 0x82, 0xC5, 0xA9, 0xB4, 0xA7, 0x05, + 0x07, 0xCC, 0x5D, 0xEB, 0xB4, 0xEF, 0x9A, 0x09, 0x73, 0xA2, + 0xD4, 0xB6, 0xC5, 0xBE, 0x34, 0xC0, 0xC9, 0x09, 0x29, 0xA5, + 0xD5, 0xF1, 0xE4, 0x82, 0x49, 0x70, 0xBF, 0x75, 0x79, 0x15, + 0xCD, 0xC1, 0xC8, 0xA3, 0x4D, 0x9B, 0xB4, 0xE2, 0x94, 0x5E, + 0x27, 0x61, 0xEA, 0x34, 0x69, 0x88, 0x47, 0xBD, 0x61, 0xE9, + 0x0D, 0xF3, 0x95, 0x8F, 0xFF, 0x53, 0xE7, 0x5C, 0x11, 0xE3, + 0xF4, 0xD0, 0x70, 0xAD, 0x9A, 0x73, 0x5D, 0x29, 0x30, 0xFC, + 0x23, 0x2E, 0xC0, 0x62, 0xD4, 0xD3, 0xA8, 0xCE, 0xB2, 0xE9, + 0xD3, 0xB9, 0x3F, 0x10, 0x0A, 0xF2 +}; +static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); + +/* ./certs/server-ecc.der, ECC */ +static const unsigned char serv_ecc_der_256[] = +{ + 0x30, 0x82, 0x03, 0x10, 0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4, + 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, + 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, + 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, + 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, + 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, + 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, + 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, + 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, + 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, + 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, + 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, + 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06, + 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, + 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, + 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, + 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBC, 0x30, + 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, + 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, + 0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92, + 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, + 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, + 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, + 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xEF, + 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0C, 0x06, + 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, + 0x00, 0xF1, 0xD0, 0xA6, 0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A, + 0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D, 0x6B, 0x33, 0xE9, 0xF2, + 0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87, 0x31, 0xB3, + 0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE, + 0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4, + 0xB0, 0xC9, 0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2, + 0xF6, 0x7D, 0x04, 0xC7, 0xBD, 0x62, 0xC9, 0x20 +}; +static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256); + +#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ + /* dh1024 p */ static const unsigned char dh_p[] = { From da18e463ed6270c0b139bc9c051817444607abdf Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 12 Aug 2016 17:00:22 -0600 Subject: [PATCH 32/34] remove constraints on inclusion of certs_test.h --- wolfcrypt/test/test.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 91a14bf27..c5f718c41 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -121,12 +121,7 @@ #endif -#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \ - || !defined(NO_DH) \ - || defined(USE_CERT_BUFFERS_256) - /* include test cert and key buffers for use with NO_FILESYSTEM */ - #include -#endif +#include #if defined(WOLFSSL_MDK_ARM) #include From d74fa8299a9fac3bb215f076ddc70d60d71017c7 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 15 Aug 2016 09:32:36 -0700 Subject: [PATCH 33/34] add resume session string script check, make GetDeepCopySession static local and check reutrn code --- scripts/resume.test | 12 +++++++++++- src/ssl.c | 16 +++++++++------- wolfssl/ssl.h | 1 - 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/scripts/resume.test b/scripts/resume.test index 40a8613ae..337c30a76 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -4,6 +4,7 @@ # need a unique resume port since may run the same time as testsuite # use server port zero hack to get one +resume_string="reused" resume_port=0 no_pid=-1 server_pid=$no_pid @@ -65,7 +66,7 @@ fi # get created port 0 ephemeral port resume_port=`cat $ready_file` -./examples/client/client -r -p $resume_port +capture_out=$(./examples/client/client -r -p $resume_port 2>&1) client_result=$? if [ $client_result != 0 ] @@ -85,6 +86,15 @@ then exit 1 fi +case "$capture_out" in +*$resume_string*) + echo "resumed session" ;; +*) + echo "did NOT resume session as expected" + exit 1 + ;; +esac + echo -e "\nSuccess!\n" exit 0 diff --git a/src/ssl.c b/src/ssl.c index aa8a9ca6a..11c313c45 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7635,7 +7635,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret, } -int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) +static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) { WOLFSSL_SESSION* copyInto = &ssl->session; void* tmpBuff = NULL; @@ -7733,16 +7733,18 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) return SSL_FAILURE; if (LowResTimer() < (session->bornOn + session->timeout)) { - GetDeepCopySession(ssl, session); - ssl->options.resuming = 1; + int ret = GetDeepCopySession(ssl, session); + if (ret == SSL_SUCCESS) { + ssl->options.resuming = 1; #ifdef SESSION_CERTS - ssl->version = session->version; - ssl->options.cipherSuite0 = session->cipherSuite0; - ssl->options.cipherSuite = session->cipherSuite; + ssl->version = session->version; + ssl->options.cipherSuite0 = session->cipherSuite0; + ssl->options.cipherSuite = session->cipherSuite; #endif + } - return SSL_SUCCESS; + return ret; } return SSL_FAILURE; /* session timed out */ } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 8e5c5a157..1b84c4c80 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -340,7 +340,6 @@ WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); -WOLFSSL_API int GetDeepCopySession(WOLFSSL*, WOLFSSL_SESSION*); WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); From 527c375884090c596334aa80c5d49a76e47e12d3 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 15 Aug 2016 11:02:06 -0700 Subject: [PATCH 34/34] don't setup 64bit typedef with fastmath if not needed --- wolfssl/wolfcrypt/tfm.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index ef4732c11..e44e7dbf3 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -214,13 +214,13 @@ #define SIZEOF_FP_DIGIT 8 typedef unsigned long fp_word __attribute__ ((mode(TI))); #else - #if defined(_MSC_VER) || defined(__BORLANDC__) - typedef unsigned __int64 ulong64; - #else - typedef unsigned long long ulong64; - #endif #ifndef NO_64BIT + #if defined(_MSC_VER) || defined(__BORLANDC__) + typedef unsigned __int64 ulong64; + #else + typedef unsigned long long ulong64; + #endif typedef unsigned int fp_digit; #define SIZEOF_FP_DIGIT 4 typedef ulong64 fp_word;