Merge pull request #9795 from LinuxJedi/static-fixes2

Static analysis fixes
This commit is contained in:
David Garske
2026-02-18 12:07:26 -08:00
committed by GitHub
21 changed files with 420 additions and 125 deletions
+63
View File
@@ -0,0 +1,63 @@
name: wolfSM Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
fail-fast: false
matrix:
config: [
# Core SM TLS cipher suites
'--enable-sm2 --enable-sm3 --enable-sm4-gcm --enable-sm4-ccm --enable-sha3',
# All SM4 modes
'--enable-sm2 --enable-sm3 --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr --enable-sm4-gcm --enable-sm4-ccm --enable-sha3',
# SM + all features integration test
'--enable-all --enable-sm2 --enable-sm3 --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr --enable-sm4-gcm --enable-sm4-ccm',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- uses: actions/checkout@v4
name: Checkout wolfsm
with:
repository: wolfssl/wolfsm
path: wolfsm
- name: Install wolfsm
working-directory: wolfsm
run: ./install.sh $GITHUB_WORKSPACE
- name: Test wolfSSL with wolfSM
run: |
./autogen.sh
./configure ${{ matrix.config }}
make
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done
+10
View File
@@ -768,6 +768,16 @@ run_renewcerts(){
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate SM2 certificates #######################
############################################################
echo "Renewing SM2 certificates"
cd sm2
./gen-sm2-certs.sh
cd ..
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## update Raw Public Key certificates ##############
############################################################
Binary file not shown.
+13 -13
View File
@@ -3,11 +3,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: SM2-with-SM3
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Validity
Not Before: Feb 15 06:23:07 2023 GMT
Not After : Nov 11 06:23:07 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Not Before: Feb 18 17:56:57 2026 GMT
Not After : Nov 14 17:56:57 2028 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Subject Public Key Info:
Public Key Algorithm: sm2
Public-Key: (256 bit)
@@ -29,16 +29,16 @@ Certificate:
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: SM2-with-SM3
Signature Value:
30:45:02:20:47:4e:00:03:ab:34:a1:af:59:39:8f:60:36:bf:
89:88:42:41:27:c1:dd:57:c9:79:cb:1f:56:5c:16:b5:28:bd:
02:21:00:8b:2e:25:eb:21:9b:a9:2b:a6:6a:5b:db:a7:c7:2b:
11:df:73:15:ad:e4:c5:c3:c2:f3:b4:b4:67:af:d7:51:1c
30:46:02:21:00:b2:b9:5b:02:ad:78:f8:52:ba:67:cf:cb:25:
9b:ba:d9:56:f5:a7:ff:af:25:26:d5:f6:f3:f3:a6:f5:9a:2f:
9b:02:21:00:bc:96:f3:39:13:76:dc:02:35:39:0e:dc:0a:69:
bf:02:18:b6:01:be:ff:05:d7:2e:f2:7b:67:eb:16:e9:8e:c5
-----BEGIN CERTIFICATE-----
MIICljCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO
MIIClzCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT
U0xfU00yMREwDwYDVQQLDAhSb290LVNNMjEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDIxNTA2
MjMwN1oXDTI1MTExMTA2MjMwN1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDIxODE3
NTY1N1oXDTI4MTExNDE3NTY1N1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQKDAt3b2xmU1NMX3NtMjEP
MA0GA1UECwwGQ0Etc20yMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xm
@@ -46,6 +46,6 @@ U1NMMFowFAYIKoEcz1UBgi0GCCqBHM9VAYItA0IABCGS98sk32RNuqtme4N1qSnn
/2RjttVCgCC94uICEjuOtACVCYDLVu1Lyo1X5q4F03YnY3E5ibdp5kiArtGpSBKj
YzBhMB0GA1UdDgQWBBRHCkh+uwKoWiZXKxmpe2GLf12ZbjAfBgNVHSMEGDAWgBQ0
HXlEFXmhsWOZ4+1lfGSJgP+47DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBhjAKBggqgRzPVQGDdQNIADBFAiBHTgADqzShr1k5j2A2v4mIQkEnwd1XyXnL
H1ZcFrUovQIhAIsuJeshm6krpmpb26fHKxHfcxWt5MXDwvO0tGev11Ec
AwIBhjAKBggqgRzPVQGDdQNJADBGAiEAsrlbAq14+FK6Z8/LJZu62Vb1p/+vJSbV
9vPzpvWaL5sCIQC8lvM5E3bcAjU5DtwKab8CGLYBvv8F1y7ye2frFumOxQ==
-----END CERTIFICATE-----
Binary file not shown.
+17 -17
View File
@@ -2,13 +2,13 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:a0:4a:0b:36:eb:7d:e1:3f:74:29:a9:29:b4:05:6c:17:f7:a6:d4
63:dd:75:63:8a:b0:51:4f:9c:4e:ff:6d:55:4e:cd:ee:8f:26:d3:80
Signature Algorithm: SM2-with-SM3
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Client-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Client-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Validity
Not Before: Feb 15 06:23:07 2023 GMT
Not After : Nov 11 06:23:07 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Client-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Not Before: Feb 18 17:56:57 2026 GMT
Not After : Nov 14 17:56:57 2028 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Client-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Subject Public Key Info:
Public Key Algorithm: sm2
Public-Key: (256 bit)
@@ -25,7 +25,7 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:E4:21:B2:C5:E5:D4:9E:82:CA:F8:67:F2:28:99:F6:85:E8:F1:55:EF
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_sm2/OU=Client-sm2/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
serial:60:A0:4A:0B:36:EB:7D:E1:3F:74:29:A9:29:B4:05:6C:17:F7:A6:D4
serial:63:DD:75:63:8A:B0:51:4F:9C:4E:FF:6D:55:4E:CD:EE:8F:26:D3:80
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
@@ -34,17 +34,17 @@ Certificate:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: SM2-with-SM3
Signature Value:
30:46:02:21:00:8f:b2:b5:95:8f:79:f6:5e:75:e5:c5:e9:9a:
12:d2:0f:78:9f:c0:1d:8d:1c:be:6b:0c:f1:f5:57:60:db:91:
4f:02:21:00:87:5e:7d:e4:d6:3a:bb:7b:98:27:85:de:7a:f0:
21:e2:66:a1:9f:26:e0:dd:86:23:b4:c8:c0:46:5a:f2:49:8d
30:46:02:21:00:dd:98:90:68:35:95:61:2f:11:90:a5:e9:30:
8b:9a:aa:33:cc:73:8a:76:96:8b:97:8c:4c:c3:10:fc:14:56:
9b:02:21:00:f8:de:db:67:54:59:ca:98:27:3d:3f:f6:6f:30:
0c:65:e1:fb:a0:9f:11:ab:ea:76:30:31:c4:66:11:d7:b9:f2
-----BEGIN CERTIFICATE-----
MIIDyTCCA26gAwIBAgIUYKBKCzbrfeE/dCmpKbQFbBf3ptQwCgYIKoEcz1UBg3Uw
MIIDyTCCA26gAwIBAgIUY911Y4qwUU+cTv9tVU7N7o8m04AwCgYIKoEcz1UBg3Uw
gbAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
bWFuMRQwEgYDVQQKDAt3b2xmU1NMX3NtMjETMBEGA1UECwwKQ2xpZW50LXNtMjEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yMzAyMTUwNjIz
MDdaFw0yNTExMTEwNjIzMDdaMIGwMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u
bGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNjAyMTgxNzU2
NTdaFw0yODExMTQxNzU2NTdaMIGwMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u
dGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLd29sZlNTTF9zbTIxEzAR
BgNVBAsMCkNsaWVudC1zbTIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dv
@@ -55,9 +55,9 @@ BIHoMIHlgBTkIbLF5dSegsr4Z/IomfaF6PFV76GBtqSBszCBsDELMAkGA1UEBhMC
VVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoM
C3dvbGZTU0xfc20yMRMwEQYDVQQLDApDbGllbnQtc20yMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMghRgoEoLNut94T90KakptAVsF/em1DAMBgNV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMghRj3XVjirBRT5xO/21VTs3ujybTgDAMBgNV
HRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqgRzPVQGDdQNJADBGAiEAj7K1lY95
9l515cXpmhLSD3ifwB2NHL5rDPH1V2DbkU8CIQCHXn3k1jq7e5gnhd568CHiZqGf
JuDdhiO0yMBGWvJJjQ==
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqgRzPVQGDdQNJADBGAiEA3ZiQaDWV
YS8RkKXpMIuaqjPMc4p2louXjEzDEPwUVpsCIQD43ttnVFnKmCc9P/ZvMAxl4fug
nxGr6nYwMcRmEde58g==
-----END CERTIFICATE-----
+179
View File
@@ -0,0 +1,179 @@
#!/usr/bin/env python3
"""Fix SM2 certificate SubjectPublicKeyInfo algorithm OID.
OpenSSL 3.x encodes SM2 keys using the generic id-ecPublicKey OID
(1.2.840.10045.2.1) instead of the SM2-specific OID (1.2.156.10197.1.301).
This script patches the SPKI algorithm OID back to SM2 and re-signs the
certificate.
Usage: fix_sm2_spki.py <cert.pem> <signing-key.pem> <output.pem>
"""
import base64
import subprocess
import sys
import os
import tempfile
EC_PUBKEY_OID = bytes([0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01])
SM2_ALGO_OID = bytes([0x06, 0x08, 0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x82, 0x2d])
SM2_WITH_SM3 = bytes([0x30, 0x0a, 0x06, 0x08,
0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x83, 0x75])
def read_der_length(data, offset):
b = data[offset]
if b < 0x80:
return b, 1
num_bytes = b & 0x7f
length = 0
for i in range(num_bytes):
length = (length << 8) | data[offset + 1 + i]
return length, 1 + num_bytes
def encode_der_length(length):
if length < 0x80:
return bytes([length])
elif length < 0x100:
return bytes([0x81, length])
elif length < 0x10000:
return bytes([0x82, length >> 8, length & 0xff])
else:
raise ValueError("Length too large: %d" % length)
def find_enclosing_sequences(data, target_pos):
"""Find length-field offsets of all SEQUENCEs enclosing target_pos."""
results = []
def scan(offset, end):
while offset < end:
tag = data[offset]
offset += 1
length, len_bytes = read_der_length(data, offset)
len_offset = offset
offset += len_bytes
content_start = offset
content_end = offset + length
if tag == 0x30 and content_start <= target_pos < content_end:
results.append((len_offset, length, len_bytes))
scan(content_start, content_end)
return
offset = content_end
scan(0, len(data))
return results
def patch_tbs_spki_oid(tbs_der):
"""Replace id-ecPublicKey with SM2 OID in TBS SubjectPublicKeyInfo."""
oid_pos = tbs_der.find(EC_PUBKEY_OID)
if oid_pos == -1:
return None # Already has SM2 OID or no EC key
enclosing = find_enclosing_sequences(tbs_der, oid_pos)
size_diff = len(SM2_ALGO_OID) - len(EC_PUBKEY_OID)
result = bytearray(
tbs_der[:oid_pos] + SM2_ALGO_OID + tbs_der[oid_pos + len(EC_PUBKEY_OID):]
)
for len_offset, old_length, old_len_bytes in enclosing:
new_length = old_length + size_diff
new_len_encoded = encode_der_length(new_length)
if len(new_len_encoded) == old_len_bytes:
result[len_offset:len_offset + old_len_bytes] = new_len_encoded
else:
result[len_offset:len_offset + old_len_bytes] = new_len_encoded
size_diff += len(new_len_encoded) - old_len_bytes
return bytes(result)
def pem_to_der(pem_text):
b64 = ''.join(
line for line in pem_text.split('\n')
if not line.startswith('-----') and line.strip()
)
return base64.b64decode(b64)
def der_to_pem(der_data, label="CERTIFICATE"):
b64 = base64.b64encode(der_data).decode()
lines = [b64[i:i+64] for i in range(0, len(b64), 64)]
return ('-----BEGIN %s-----\n' % label +
'\n'.join(lines) +
'\n-----END %s-----\n' % label)
def extract_tbs(cert_der):
assert cert_der[0] == 0x30
outer_len, outer_len_bytes = read_der_length(cert_der, 1)
tbs_offset = 1 + outer_len_bytes
tbs_len, tbs_len_bytes = read_der_length(cert_der, tbs_offset + 1)
tbs_total = 1 + tbs_len_bytes + tbs_len
return cert_der[tbs_offset:tbs_offset + tbs_total]
def sign_tbs(tbs_der, key_pem_path):
"""Sign TBS with SM2-with-SM3 using openssl dgst."""
with tempfile.NamedTemporaryFile(suffix='.der', delete=False) as tbs_f:
tbs_f.write(tbs_der)
tbs_path = tbs_f.name
sig_path = tbs_path + '.sig'
try:
result = subprocess.run(
['openssl', 'dgst', '-sm3', '-sign', key_pem_path,
'-out', sig_path, tbs_path],
capture_output=True, text=True
)
if result.returncode != 0:
raise RuntimeError("openssl dgst failed: " + result.stderr)
with open(sig_path, 'rb') as f:
return f.read()
finally:
os.unlink(tbs_path)
if os.path.exists(sig_path):
os.unlink(sig_path)
def build_cert(tbs_der, sig_der):
bit_string = bytes([0x03, len(sig_der) + 1, 0x00]) + sig_der
cert_body = tbs_der + SM2_WITH_SM3 + bit_string
return bytes([0x30]) + encode_der_length(len(cert_body)) + cert_body
def fix_sm2_cert(cert_pem_path, key_pem_path, output_pem_path):
with open(cert_pem_path, 'r') as f:
cert_pem = f.read()
cert_der = pem_to_der(cert_pem)
tbs = extract_tbs(cert_der)
new_tbs = patch_tbs_spki_oid(tbs)
if new_tbs is None:
print(" Already has SM2 OID, no patching needed")
if cert_pem_path != output_pem_path:
with open(output_pem_path, 'w') as f:
f.write(cert_pem)
return
sig = sign_tbs(new_tbs, key_pem_path)
new_cert_der = build_cert(new_tbs, sig)
with open(output_pem_path, 'w') as f:
f.write(der_to_pem(new_cert_der))
print(" Patched SPKI algorithm OID to SM2")
if __name__ == '__main__':
if len(sys.argv) != 4:
print("Usage: %s <cert.pem> <signing-key.pem> <output.pem>" % sys.argv[0])
sys.exit(1)
fix_sm2_cert(sys.argv[1], sys.argv[2], sys.argv[3])
+16
View File
@@ -1,5 +1,7 @@
#!/usr/bin/env bash
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
check_result(){
if [ $1 -ne 0 ]; then
echo "Failed at \"$2\", Abort"
@@ -9,6 +11,15 @@ check_result(){
fi
}
# OpenSSL 3.x encodes SM2 keys using the generic id-ecPublicKey OID instead of
# the SM2-specific OID. fix_sm2_spki.py patches the SubjectPublicKeyInfo
# algorithm OID back to SM2 and re-signs the certificate.
fix_sm2_oid(){
# $1 = cert PEM, $2 = signing key PEM
python3 "${SCRIPT_DIR}/fix_sm2_spki.py" "$1" "$2" "$1"
check_result $? "Fix SM2 SPKI OID in $1"
}
openssl pkey -in root-sm2-priv.pem -noout >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "OpenSSL does not support SM2"
@@ -29,6 +40,7 @@ check_result $? "Generate request"
openssl x509 -req -in root-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-sm2-priv.pem -out root-sm2.pem
check_result $? "Generate certificate"
rm root-sm2.csr
fix_sm2_oid root-sm2.pem root-sm2-priv.pem
openssl x509 -in root-sm2.pem -outform DER > root-sm2.der
check_result $? "Convert to DER"
@@ -50,6 +62,7 @@ check_result $? "Generate request"
openssl x509 -req -in ca-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-sm2.pem -CAkey root-sm2-priv.pem -set_serial 01 -out ca-sm2.pem
check_result $? "Generate certificate"
rm ca-sm2.csr
fix_sm2_oid ca-sm2.pem root-sm2-priv.pem
openssl x509 -in ca-sm2.pem -outform DER > ca-sm2.der
check_result $? "Convert to DER"
@@ -71,6 +84,7 @@ check_result $? "Generate request"
openssl x509 -req -in self-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey self-sm2-priv.pem -out self-sm2-cert.pem
check_result $? "Generate certificate"
rm self-sm2.csr
fix_sm2_oid self-sm2-cert.pem self-sm2-priv.pem
openssl x509 -in self-sm2-cert.pem -text > tmp.pem
check_result $? "Add text"
@@ -90,6 +104,7 @@ check_result $? "Generate request"
openssl x509 -req -in server-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-sm2.pem -CAkey ca-sm2-priv.pem -set_serial 01 -out server-sm2-cert.pem
check_result $? "Generate certificate"
rm server-sm2.csr
fix_sm2_oid server-sm2-cert.pem ca-sm2-priv.pem
openssl x509 -in server-sm2-cert.pem -outform DER > server-sm2-cert.der
check_result $? "Convert to DER"
@@ -113,6 +128,7 @@ check_result $? "Generate request"
openssl x509 -req -in client-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-sm2-priv.pem -out client-sm2.pem
check_result $? "Generate certificate"
rm client-sm2.csr
fix_sm2_oid client-sm2.pem client-sm2-priv.pem
openssl x509 -in client-sm2.pem -outform DER > client-sm2.der
check_result $? "Convert to DER"
Binary file not shown.
+13 -13
View File
@@ -2,13 +2,13 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:9c:dd:a4:b2:67:26:57:29:fb:e9:13:54:e0:34:08:03:2b:70:a9
61:2a:93:12:b3:6e:ff:d6:9a:a7:98:c4:49:4d:c6:2c:3e:ea:5a:f9
Signature Algorithm: SM2-with-SM3
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Validity
Not Before: Feb 15 06:23:07 2023 GMT
Not After : Nov 11 06:23:07 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Not Before: Feb 18 17:56:57 2026 GMT
Not After : Nov 14 17:56:57 2028 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: sm2
Public-Key: (256 bit)
@@ -30,16 +30,16 @@ Certificate:
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: SM2-with-SM3
Signature Value:
30:44:02:20:03:27:29:f0:ef:78:26:a1:1a:6a:1e:88:81:e7:
83:72:5f:3e:e6:08:e8:14:68:bf:4b:0f:68:52:92:aa:8f:a1:
02:20:0b:fe:1b:14:ba:51:82:65:06:bb:22:d8:1a:a7:9f:54:
62:eb:8d:b2:d5:13:b3:b8:a2:f3:14:44:b2:a0:21:d0
30:46:02:21:00:fe:8d:2f:b9:c9:55:db:2c:d4:89:ff:a1:92:
03:ce:4a:09:00:7f:c4:b3:b6:55:ae:a1:f6:7b:3e:ed:c4:dd:
7c:02:21:00:d0:be:9b:4a:a9:cf:52:c1:cd:0d:bc:86:29:9e:
c4:e2:f1:fa:86:f3:73:01:e2:3b:c5:cc:99:0a:bb:c3:a8:ee
-----BEGIN CERTIFICATE-----
MIICkTCCAjigAwIBAgIUdJzdpLJnJlcp++kTVOA0CAMrcKkwCgYIKoEcz1UBg3Uw
MIICkzCCAjigAwIBAgIUYSqTErNu/9aap5jESU3GLD7qWvkwCgYIKoEcz1UBg3Uw
gZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
bWFuMRQwEgYDVQQKDAt3b2xmU1NMX1NNMjERMA8GA1UECwwIUm9vdC1TTTIxGDAW
BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
c3NsLmNvbTAeFw0yMzAyMTUwNjIzMDdaFw0yNTExMTEwNjIzMDdaMIGVMQswCQYD
c3NsLmNvbTAeFw0yNjAyMTgxNzU2NTdaFw0yODExMTQxNzU2NTdaMIGVMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECgwLd29sZlNTTF9TTTIxETAPBgNVBAsMCFJvb3QtU00yMRgwFgYDVQQDDA93
d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
@@ -47,6 +47,6 @@ WjAUBggqgRzPVQGCLQYIKoEcz1UBgi0DQgAEu5x1jPcX+Eir9/bbDZqNn8LRR5eV
C07mV+zF+FdUcTk8eeFAP7ZR6XzH2i3v0uh5gXuro19rKmyXGl6O2dDMBKNjMGEw
HQYDVR0OBBYEFDQdeUQVeaGxY5nj7WV8ZImA/7jsMB8GA1UdIwQYMBaAFDQdeUQV
eaGxY5nj7WV8ZImA/7jsMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG
MAoGCCqBHM9VAYN1A0cAMEQCIAMnKfDveCahGmoeiIHng3JfPuYI6BRov0sPaFKS
qo+hAiAL/hsUulGCZQa7Itgap59UYuuNstUTs7ii8xREsqAh0A==
MAoGCCqBHM9VAYN1A0kAMEYCIQD+jS+5yVXbLNSJ/6GSA85KCQB/xLO2Va6h9ns+
7cTdfAIhANC+m0qpz1LBzQ28himexOLx+obzcwHiO8XMmQq7w6ju
-----END CERTIFICATE-----
+19 -19
View File
@@ -2,15 +2,15 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:7b:3a:5d:cf:22:a9:6d:6d:78:2b:10:01:51:b6:4c:d4:82:a2:a1
26:2d:4b:fe:64:7d:97:44:c8:85:22:01:96:b3:a5:db:1c:64:12:1b
Signature Algorithm: SM2-with-SM3
Issuer: C = AU, ST = QLD, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL
Issuer: C=AU, ST=QLD, O=wolfSSL, OU=Testing, CN=wolfssl-dev-sm2, emailAddress=info@wolfssl.com, UID=wolfSSL
Validity
Not Before: Nov 22 21:28:37 2023 GMT
Not After : Aug 18 21:28:37 2026 GMT
Subject: C = AU, ST = QLD, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL
Not Before: Feb 18 17:56:57 2026 GMT
Not After : Nov 14 17:56:57 2028 GMT
Subject: C=AU, ST=QLD, O=wolfSSL, OU=Testing, CN=wolfssl-dev-sm2, emailAddress=info@wolfssl.com, UID=wolfSSL
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public Key Algorithm: sm2
Public-Key: (256 bit)
pub:
04:d8:c4:a1:f1:0b:8b:8d:c4:7d:dc:d4:65:b9:a5:
@@ -30,23 +30,23 @@ Certificate:
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: SM2-with-SM3
Signature Value:
30:44:02:20:0f:c3:2c:36:e3:9f:1c:e9:68:1c:3b:43:18:5b:
c9:8f:e4:fa:dd:33:c1:b8:1c:d3:d4:61:33:f8:37:9d:5a:f4:
02:20:3a:b9:a8:43:80:cf:38:25:e9:64:d8:26:47:9d:50:04:
0c:8a:e8:a2:42:e8:63:dd:53:94:7d:38:6d:52:70:fd
30:45:02:21:00:cb:1a:f6:3d:c5:63:4f:fb:23:c9:22:e5:c6:
53:12:e0:90:81:42:ef:61:98:0b:c9:93:ff:27:59:e6:81:57:
25:02:20:45:7a:6e:db:0f:15:c7:90:f0:ad:fe:a6:85:42:d3:
dc:ed:7b:56:e6:12:6e:73:12:55:69:32:c5:16:22:f0:cd
-----BEGIN CERTIFICATE-----
MIICjDCCAjOgAwIBAgIUBns6Xc8iqW1teCsQAVG2TNSCoqEwCgYIKoEcz1UBg3Uw
MIICjjCCAjSgAwIBAgIUJi1L/mR9l0TIhSIBlrOl2xxkEhswCgYIKoEcz1UBg3Uw
gZMxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxEDAOBgNVBAoMB3dvbGZTU0wx
EDAOBgNVBAsMB1Rlc3RpbmcxGDAWBgNVBAMMD3dvbGZzc2wtZGV2LXNtMjEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dv
bGZTU0wwHhcNMjMxMTIyMjEyODM3WhcNMjYwODE4MjEyODM3WjCBkzELMAkGA1UE
bGZTU0wwHhcNMjYwMjE4MTc1NjU3WhcNMjgxMTE0MTc1NjU3WjCBkzELMAkGA1UE
BhMCQVUxDDAKBgNVBAgMA1FMRDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwH
VGVzdGluZzEYMBYGA1UEAwwPd29sZnNzbC1kZXYtc20yMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDBZMBMG
ByqGSM49AgEGCCqBHM9VAYItA0IABNjEofELi43EfdzUZbmlVU77rDOrm0OUTEhA
GzPZG8wxwYJWP7DAa5VAUf2IAgGxsJRsBuun2o7ucLblu7Qe57SjYzBhMB0GA1Ud
DgQWBBRul+iYtlu2rocE2xRWZhb0uC2M8jAfBgNVHSMEGDAWgBRul+iYtlu2rocE
2xRWZhb0uC2M8jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggq
gRzPVQGDdQNHADBEAiAPwyw2458c6WgcO0MYW8mP5PrdM8G4HNPUYTP4N51a9AIg
OrmoQ4DPOCXpZNgmR51QBAyK6KJC6GPdU5R9OG1ScP0=
FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDBaMBQG
CCqBHM9VAYItBggqgRzPVQGCLQNCAATYxKHxC4uNxH3c1GW5pVVO+6wzq5tDlExI
QBsz2RvMMcGCVj+wwGuVQFH9iAIBsbCUbAbrp9qO7nC25bu0Hue0o2MwYTAdBgNV
HQ4EFgQUbpfomLZbtq6HBNsUVmYW9LgtjPIwHwYDVR0jBBgwFoAUbpfomLZbtq6H
BNsUVmYW9LgtjPIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYI
KoEcz1UBg3UDSAAwRQIhAMsa9j3FY0/7I8ki5cZTEuCQgULvYZgLyZP/J1nmgVcl
AiBFem7bDxXHkPCt/qaFQtPc7XtW5hJucxJVaTLFFiLwzQ==
-----END CERTIFICATE-----
Binary file not shown.
+13 -13
View File
@@ -3,11 +3,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: SM2-with-SM3
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Validity
Not Before: Feb 15 06:23:07 2023 GMT
Not After : Nov 11 06:23:07 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Server-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Not Before: Feb 18 17:56:57 2026 GMT
Not After : Nov 14 17:56:57 2028 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Server-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Subject Public Key Info:
Public Key Algorithm: sm2
Public-Key: (256 bit)
@@ -33,16 +33,16 @@ Certificate:
SSL Server
Signature Algorithm: SM2-with-SM3
Signature Value:
30:45:02:20:1b:ca:94:28:7f:f6:b2:0d:31:43:50:e1:d5:34:
17:dd:af:3a:de:81:06:67:9a:b3:06:22:7e:64:ec:fd:0e:b9:
02:21:00:a1:48:a8:32:d1:05:09:6b:1c:eb:89:12:66:d8:38:
a1:c4:5c:89:09:0f:fd:e9:c0:3b:1d:fb:cd:b5:4c:31:68
30:46:02:21:00:96:50:5f:3e:3f:bf:1e:50:6c:9a:5d:4e:8e:
ef:27:a1:4d:fa:b9:75:a6:58:0e:f6:db:60:32:20:e4:31:1d:
36:02:21:00:e7:cb:5c:9f:85:7d:4c:b5:54:74:e4:45:c4:f0:
01:53:51:33:07:dd:28:c6:c7:47:ff:d6:dc:b0:e1:36:cc:3b
-----BEGIN CERTIFICATE-----
MIIC2DCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO
MIIC2TCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT
U0xfc20yMQ8wDQYDVQQLDAZDQS1zbTIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixk
AQEMB3dvbGZTU0wwHhcNMjMwMjE1MDYyMzA3WhcNMjUxMTExMDYyMzA3WjCBsDEL
AQEMB3dvbGZTU0wwHhcNMjYwMjE4MTc1NjU3WhcNMjgxMTE0MTc1NjU3WjCBsDEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
FDASBgNVBAoMC3dvbGZTU0xfc20yMRMwEQYDVQQLDApTZXJ2ZXItc20yMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
@@ -51,7 +51,7 @@ HM9VAYItA0IABJRwK0bkXg9B+48tNApBQBle+9QdEaz69ZM3xvqHCPcWHyzOMECd
T6YqCqHWlTPDpgOY5o0FNLCXDN6kx89Tj9GjgYkwgYYwHQYDVR0OBBYEFGeuYP9+
Gw+Vrh+CWfJsVi2T7xcyMB8GA1UdIwQYMBaAFEcKSH67AqhaJlcrGal7YYt/XZlu
MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNIADBFAiAbypQof/ay
DTFDUOHVNBfdrzregQZnmrMGIn5k7P0OuQIhAKFIqDLRBQlrHOuJEmbYOKHEXIkJ
D/3pwDsd+821TDFo
BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNJADBGAiEAllBfPj+/
HlBsml1Oju8noU36uXWmWA7222AyIOQxHTYCIQDny1yfhX1MtVR05EXE8AFTUTMH
3SjGx0f/1tyw4TbMOw==
-----END CERTIFICATE-----
+26 -26
View File
@@ -3,11 +3,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: SM2-with-SM3
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Validity
Not Before: Feb 15 06:23:07 2023 GMT
Not After : Nov 11 06:23:07 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Server-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Not Before: Feb 18 17:56:57 2026 GMT
Not After : Nov 14 17:56:57 2028 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Server-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Subject Public Key Info:
Public Key Algorithm: sm2
Public-Key: (256 bit)
@@ -33,16 +33,16 @@ Certificate:
SSL Server
Signature Algorithm: SM2-with-SM3
Signature Value:
30:45:02:20:1b:ca:94:28:7f:f6:b2:0d:31:43:50:e1:d5:34:
17:dd:af:3a:de:81:06:67:9a:b3:06:22:7e:64:ec:fd:0e:b9:
02:21:00:a1:48:a8:32:d1:05:09:6b:1c:eb:89:12:66:d8:38:
a1:c4:5c:89:09:0f:fd:e9:c0:3b:1d:fb:cd:b5:4c:31:68
30:46:02:21:00:96:50:5f:3e:3f:bf:1e:50:6c:9a:5d:4e:8e:
ef:27:a1:4d:fa:b9:75:a6:58:0e:f6:db:60:32:20:e4:31:1d:
36:02:21:00:e7:cb:5c:9f:85:7d:4c:b5:54:74:e4:45:c4:f0:
01:53:51:33:07:dd:28:c6:c7:47:ff:d6:dc:b0:e1:36:cc:3b
-----BEGIN CERTIFICATE-----
MIIC2DCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO
MIIC2TCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT
U0xfc20yMQ8wDQYDVQQLDAZDQS1zbTIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixk
AQEMB3dvbGZTU0wwHhcNMjMwMjE1MDYyMzA3WhcNMjUxMTExMDYyMzA3WjCBsDEL
AQEMB3dvbGZTU0wwHhcNMjYwMjE4MTc1NjU3WhcNMjgxMTE0MTc1NjU3WjCBsDEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
FDASBgNVBAoMC3dvbGZTU0xfc20yMRMwEQYDVQQLDApTZXJ2ZXItc20yMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
@@ -51,20 +51,20 @@ HM9VAYItA0IABJRwK0bkXg9B+48tNApBQBle+9QdEaz69ZM3xvqHCPcWHyzOMECd
T6YqCqHWlTPDpgOY5o0FNLCXDN6kx89Tj9GjgYkwgYYwHQYDVR0OBBYEFGeuYP9+
Gw+Vrh+CWfJsVi2T7xcyMB8GA1UdIwQYMBaAFEcKSH67AqhaJlcrGal7YYt/XZlu
MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNIADBFAiAbypQof/ay
DTFDUOHVNBfdrzregQZnmrMGIn5k7P0OuQIhAKFIqDLRBQlrHOuJEmbYOKHEXIkJ
D/3pwDsd+821TDFo
BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNJADBGAiEAllBfPj+/
HlBsml1Oju8noU36uXWmWA7222AyIOQxHTYCIQDny1yfhX1MtVR05EXE8AFTUTMH
3SjGx0f/1tyw4TbMOw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: SM2-with-SM3
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Validity
Not Before: Feb 15 06:23:07 2023 GMT
Not After : Nov 11 06:23:07 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Not Before: Feb 18 17:56:57 2026 GMT
Not After : Nov 14 17:56:57 2028 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL
Subject Public Key Info:
Public Key Algorithm: sm2
Public-Key: (256 bit)
@@ -86,16 +86,16 @@ Certificate:
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: SM2-with-SM3
Signature Value:
30:45:02:20:47:4e:00:03:ab:34:a1:af:59:39:8f:60:36:bf:
89:88:42:41:27:c1:dd:57:c9:79:cb:1f:56:5c:16:b5:28:bd:
02:21:00:8b:2e:25:eb:21:9b:a9:2b:a6:6a:5b:db:a7:c7:2b:
11:df:73:15:ad:e4:c5:c3:c2:f3:b4:b4:67:af:d7:51:1c
30:46:02:21:00:b2:b9:5b:02:ad:78:f8:52:ba:67:cf:cb:25:
9b:ba:d9:56:f5:a7:ff:af:25:26:d5:f6:f3:f3:a6:f5:9a:2f:
9b:02:21:00:bc:96:f3:39:13:76:dc:02:35:39:0e:dc:0a:69:
bf:02:18:b6:01:be:ff:05:d7:2e:f2:7b:67:eb:16:e9:8e:c5
-----BEGIN CERTIFICATE-----
MIICljCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO
MIIClzCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT
U0xfU00yMREwDwYDVQQLDAhSb290LVNNMjEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDIxNTA2
MjMwN1oXDTI1MTExMTA2MjMwN1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDIxODE3
NTY1N1oXDTI4MTExNDE3NTY1N1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQKDAt3b2xmU1NMX3NtMjEP
MA0GA1UECwwGQ0Etc20yMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xm
@@ -103,6 +103,6 @@ U1NMMFowFAYIKoEcz1UBgi0GCCqBHM9VAYItA0IABCGS98sk32RNuqtme4N1qSnn
/2RjttVCgCC94uICEjuOtACVCYDLVu1Lyo1X5q4F03YnY3E5ibdp5kiArtGpSBKj
YzBhMB0GA1UdDgQWBBRHCkh+uwKoWiZXKxmpe2GLf12ZbjAfBgNVHSMEGDAWgBQ0
HXlEFXmhsWOZ4+1lfGSJgP+47DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBhjAKBggqgRzPVQGDdQNIADBFAiBHTgADqzShr1k5j2A2v4mIQkEnwd1XyXnL
H1ZcFrUovQIhAIsuJeshm6krpmpb26fHKxHfcxWt5MXDwvO0tGev11Ec
AwIBhjAKBggqgRzPVQGDdQNJADBGAiEAsrlbAq14+FK6Z8/LJZu62Vb1p/+vJSbV
9vPzpvWaL5sCIQC8lvM5E3bcAjU5DtwKab8CGLYBvv8F1y7ye2frFumOxQ==
-----END CERTIFICATE-----
+9 -5
View File
@@ -20332,8 +20332,10 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
out + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size
);
if (ret != 0)
if (ret != 0) {
XFREE(outBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
break;
}
XMEMCPY(out,
ssl->encrypt.nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ);
XMEMCPY(out + AESGCM_EXP_IV_SZ,outBuf,sz - AESGCM_EXP_IV_SZ);
@@ -20805,8 +20807,10 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
(byte *)input + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size
);
if (ret != 0)
if (ret != 0) {
XFREE(outBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
break;
}
XMEMCPY(plain + AESGCM_EXP_IV_SZ,
outBuf,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size);
@@ -20832,7 +20836,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
case wolfssl_sm4_cbc:
#ifdef WOLFSSL_ASYNC_CRYPT
/* initialize event */
ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.aes->asyncDev,
ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.sm4->asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
if (ret != 0)
break;
@@ -20840,7 +20844,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
ret = wc_Sm4CbcDecrypt(ssl->decrypt.sm4, plain, input, sz);
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.sm4->asyncDev);
}
#endif
break;
@@ -40111,7 +40115,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
}
if (ret == 0) {
ret = wc_Sm4GcmDecrypt(sm4, in, out, inLen, iv, GCM_NONCE_MID_SZ,
tag, SM$_BLOCK_SIZE, aad, aadSz);
tag, SM4_BLOCK_SIZE, aad, aadSz);
}
wc_Sm4Free(sm4);
}
+2 -1
View File
@@ -950,7 +950,8 @@ static int OcspRespIdMatches(OcspResponse* resp, const byte* NameHash,
SIGNER_DIGEST_SIZE) == 0;
}
else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) {
return XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
return XMEMCMP(keyHash, resp->responderId.keyHash,
OCSP_RESPONDER_ID_KEY_SZ) == 0;
}
return 0;
+3 -2
View File
@@ -184,13 +184,14 @@ static word32 add_rec_header(byte* output, word32 length, byte type)
static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
{
word32 len = qr->end - qr->start;
word32 len;
word32 offset = 0;
word32 rlen;
if (len <= 0) {
if (qr->end <= qr->start) {
return 0;
}
len = qr->end - qr->start;
/* We check if the buf is at least RECORD_HEADER_SZ */
if (sz < RECORD_HEADER_SZ) {
+14 -5
View File
@@ -48,6 +48,10 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
if (ctx == NULL || publicName == NULL)
return BAD_FUNC_ARG;
/* ECH spec limits public_name to 255 bytes (1-byte length prefix) */
if (XSTRLEN(publicName) > 255)
return BAD_FUNC_ARG;
WC_ALLOC_VAR_EX(rng, WC_RNG, 1, ctx->heap, DYNAMIC_TYPE_RNG,
return MEMORY_E);
ret = wc_InitRng(rng);
@@ -313,10 +317,16 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
{
int i;
word16 totalLen = 0;
word16 publicNameLen;
if (config == NULL || (output == NULL && outputLen == NULL))
return BAD_FUNC_ARG;
/* ECH spec limits public_name to 255 bytes (1-byte length prefix) */
if (config->publicName == NULL || XSTRLEN(config->publicName) > 255)
return BAD_FUNC_ARG;
publicNameLen = (word16)XSTRLEN(config->publicName);
/* 2 for version */
totalLen += 2;
/* 2 for length */
@@ -355,7 +365,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
totalLen += 2;
/* public name */
totalLen += XSTRLEN(config->publicName);
totalLen += publicNameLen;
/* trailing zeros */
totalLen += 2;
@@ -435,13 +445,12 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
output++;
/* publicName len */
*output = XSTRLEN(config->publicName);
*output = (byte)publicNameLen;
output++;
/* publicName */
XMEMCPY(output, config->publicName,
XSTRLEN(config->publicName));
output += XSTRLEN(config->publicName);
XMEMCPY(output, config->publicName, publicNameLen);
output += publicNameLen;
/* terminating zeros */
c16toa(0, output);
+2 -2
View File
@@ -3116,7 +3116,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
case wolfssl_sm4_gcm:
nonceSz = SM4_GCM_NONCE_SZ;
ret = wc_Sm4GcmDecrypt(ssl->decrypt.sm4, output, input,
dataSz, ssl->decrypt.nonce, nonceSz, output + dataSz,
dataSz, ssl->decrypt.nonce, nonceSz, input + dataSz,
macSz, aad, aadSz);
break;
#endif
@@ -3125,7 +3125,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
case wolfssl_sm4_ccm:
nonceSz = SM4_CCM_NONCE_SZ;
ret = wc_Sm4CcmDecrypt(ssl->decrypt.sm4, output, input,
dataSz, ssl->decrypt.nonce, nonceSz, output + dataSz,
dataSz, ssl->decrypt.nonce, nonceSz, input + dataSz,
macSz, aad, aadSz);
break;
#endif
+2 -2
View File
@@ -384,8 +384,8 @@ int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
}
/* If retry and write flags are set, return WANT_WRITE */
if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_WRITE) &&
(ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
if ((ssl->biowr->flags & WOLFSSL_BIO_FLAG_WRITE) &&
(ssl->biowr->flags & WOLFSSL_BIO_FLAG_RETRY)) {
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
+19 -7
View File
@@ -18967,8 +18967,9 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
if (sigOID == CTC_SM3wSM2) {
/* OpenSSL creates signature without CERT_SIG_ID. */
ret = wc_ecc_sm2_create_digest(CERT_SIG_ID,
CERT_SIG_ID_SZ, buf, bufSz, WC_HASH_TYPE_SM3,
0, buf, bufSz, WC_HASH_TYPE_SM3,
sigCtx->digest, WC_SM3_DIGEST_SIZE,
sigCtx->key.ecc);
if (ret == 0) {
@@ -39572,8 +39573,9 @@ static int OcspRespIdMatch(OcspResponse *resp, const byte *NameHash,
return XMEMCMP(NameHash, resp->responderId.nameHash,
SIGNER_DIGEST_SIZE) == 0;
/* OCSP_RESPONDER_ID_KEY */
return ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) &&
XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
return (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) &&
XMEMCMP(keyHash, resp->responderId.keyHash,
OCSP_RESPONDER_ID_KEY_SZ) == 0;
}
#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
@@ -39612,8 +39614,15 @@ static Signer *OcspFindSigner(OcspResponse *resp, WOLFSSL_CERT_MANAGER *cm)
if (s)
return s;
}
else if ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) {
s = GetCAByKeyHash(cm, resp->responderId.keyHash);
else if (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) {
/* Responder key hash is OCSP_RESPONDER_ID_KEY_SZ bytes (SHA-1 per
* RFC 6960) but lookup functions compare KEYID_SIZE bytes. Zero-pad
* to avoid buffer over-read when KEYID_SIZE > OCSP_RESPONDER_ID_KEY_SZ
* (e.g. when SM2/SM3 is enabled). */
byte keyHash[KEYID_SIZE];
XMEMSET(keyHash, 0, KEYID_SIZE);
XMEMCPY(keyHash, resp->responderId.keyHash, OCSP_RESPONDER_ID_KEY_SZ);
s = GetCAByKeyHash(cm, keyHash);
if (s)
return s;
}
@@ -39626,8 +39635,11 @@ static Signer *OcspFindSigner(OcspResponse *resp, WOLFSSL_CERT_MANAGER *cm)
if (s)
return s;
}
else {
s = findSignerByKeyHash(resp->pendingCAs, resp->responderId.keyHash);
else if (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) {
byte keyHash[KEYID_SIZE];
XMEMSET(keyHash, 0, KEYID_SIZE);
XMEMCPY(keyHash, resp->responderId.keyHash, OCSP_RESPONDER_ID_KEY_SZ);
s = findSignerByKeyHash(resp->pendingCAs, keyHash);
if (s)
return s;
}