ba401c9bde
Fix testing using 4096 bits keys and parameters
...
RSA PKCS #1.5 padding for signing is not reliant on a random.
2020-04-14 12:03:51 +10:00
62a593e72e
Recognise Netscape Certificate Type extension
...
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
2020-03-19 12:43:03 +10:00
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
da882f3912
Added wolfCrypt RSA 4096-bit test support using USE_CERT_BUFFERS_4096 build option (./configure CFLAGS="-DUSE_CERT_BUFFERS_4096").
2020-02-23 18:40:13 -08:00
ba49427cc4
Cleanup include.am whitespace.
2020-01-30 08:44:52 -08:00
3f1c3392e5
Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key.
2020-01-29 06:37:06 -08:00
1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072
...
wolfCrypt Test 3072-bit Support
2020-01-23 07:55:19 -08:00
06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker
...
Fixing some typos. Thanks to Fossies for the report
2020-01-22 13:52:56 -08:00
84a878bda2
Fix for include .am issue.
2020-01-22 09:11:00 -08:00
2a5c623c97
Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER.
2020-01-22 08:15:34 -08:00
4d9dbc9ec3
Adds 3072-bit RSA tests using USE_CERT_BUFFERS_3072.
2020-01-21 22:16:54 -08:00
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513
...
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
9b8d4e91c2
Fixing some typos. Thanks to Fossies for the report
2020-01-10 11:45:51 -07:00
28cf563c76
Fixes from PR review: styling and formatting, remove duplicate code
2020-01-07 17:01:53 -07:00
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
ee13dfd878
Add Qt 5.12 and 5.13 support
...
Co-Authored-By: aaronjense <aaron@wolfssl.com >
Co-Authored-By: MJSPollard <mpollard@wolfssl.com >
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com >
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com >
2019-12-06 14:27:01 -07:00
7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096
...
SP now has support for RSA/DH 4096-bit operations
2019-11-18 15:38:47 -08:00
411b130369
Add new 4096-bit cert and key to distribution
2019-11-14 09:13:24 +10:00
5221c082f1
SP now has support for RSA/DH 4096-bit operations
2019-11-12 12:04:06 +10:00
2bae1d27a1
wolfSSL Compatibility support for OpenVPN
...
* Adds compatibility API's for:
* `sk_ASN1_OBJECT_free`
* `sk_ASN1_OBJECT_num`
* `sk_ASN1_OBJECT_value`
* `sk_X509_OBJECT_num`
* `sk_X509_OBJECT_value`
* `sk_X509_OBJECT_delete`
* `sk_X509_NAME_find`
* `sk_X509_INFO_free`
* `BIO_get_len`
* `BIO_set_ssl`
* `BIO_should_retry` (stub)
* `X509_OBJECT_free`
* `X509_NAME_get_index_by_OBJ`
* `X509_INFO_free`
* `X509_STORE_get0_objects`
* `X509_check_purpose` (stub)
* `PEM_read_bio_X509_CRL`
* `PEM_X509_INFO_read_bio`
* `ASN1_BIT_STRING_new`
* `ASN1_BIT_STRING_free`
* `ASN1_BIT_STRING_get_bit`
* `ASN1_BIT_STRING_set_bit`
* `DES_check_key_parity`
* `EC_GROUP_order_bits`
* `EC_get_builtin_curves`
* `EVP_CIPHER_CTX_cipher`
* `EVP_PKEY_get0_EC_KEY`
* `EVP_PKEY_get0_RSA`
* `EVP_PKEY_get0_DSA` (stub)
* `HMAC_CTX_new`
* `HMAC_CTX_free`
* `HMAC_CTX_reset`
* `HMAC_size`
* `OBJ_txt2obj`
* `RSA_meth_new`
* `RSA_meth_free`
* `RSA_meth_set_pub_enc`
* `RSA_meth_set_pub_dec`
* `RSA_meth_set_priv_enc`
* `RSA_meth_set_priv_dec`
* `RSA_meth_set_init`
* `RSA_meth_set_finish`
* `RSA_meth_set0_app_data`
* `RSA_get_method_data`
* `RSA_set_method`
* `RSA_get0_key`
* `RSA_set0_key`
* `RSA_flags`
* `RSA_set_flags`
* `RSA_bits`
* `SSL_CTX_set_ciphersuites`
* `SSL_CTX_set_security_level` (stub)
* `SSL_export_keying_material` (stub)
* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505 .
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
2019-11-11 14:58:23 -08:00
0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing
...
Initial pass on test cycle
2019-10-17 16:02:17 -07:00
acd0a55d47
add new certs to extra dist
2019-10-15 14:23:01 -06:00
b27504b222
update external test certificate
2019-10-15 10:11:38 -06:00
306b280ccd
Add test cases and implement peer suggestions
...
Fix failing jenkins test cases
Add detection for file size with static memory
Account for cert without pathLen constraint set including test cases
Resolve OCSP case and test where cert->pathLen expected to be NULL
2019-10-11 15:03:38 -06:00
9c5fd165d0
addressing non RFC compliance in handling of pathLen constraint
2019-10-10 16:45:29 -06:00
644e7a8f45
Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with --disable-oldnames. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests.
2019-08-19 16:27:46 -07:00
13957e7762
update server-ecc-self.pem before/after dates
2019-07-23 09:27:39 -06:00
2ad80df1c7
Fix for ./certs/gen-testcerts.sh sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ".
2019-04-05 09:01:44 -07:00
51251bc421
Fix for ssl23.h include for openssl compat with cyassl.
2019-04-01 11:10:29 -07:00
c7b5f772aa
Add missing cert to include.am for make dist, which is required for ./gencertbuf.pl.
2019-04-01 10:09:34 -07:00
8666b7de9a
add test-ber-exp02-05-2022.p7b file for test
2019-02-06 11:11:27 -07:00
ec28376e7f
add PKCS7 BER verify test and fix for streaming
2019-02-06 11:05:15 -07:00
59a3b4a110
New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup:
...
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
2018-12-21 09:54:55 -08:00
95bd340de5
Add support for more OpenSSL APIs
...
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
2018-11-20 07:54:24 +10:00
cc3ccbaf0c
add test for degenerate case and allow degenerate case by default
2018-10-30 17:04:33 -06:00
3be7eacea9
Added client/server certs and keys for P-384-bit signed by P-384 CA. Fix for broken certs/ecc/genecc.sh script. Added simple P-384 cipher suite test.
2018-10-25 09:21:27 -07:00
8b529d3d57
Add test for ECC private key with PKCS 8 encoding (no crypt) and -----BEGIN EC PRIVATE KEY----- header.
2018-10-17 10:01:29 -07:00
dc942bf9cb
Remove unnecessary duplicate revocation
2018-09-20 16:54:35 -06:00
ea06a3e8cb
Resolve some persistent error report when conf not passed to req
2018-09-20 16:50:02 -06:00
427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR
...
Cert update refactor
2018-09-20 14:24:06 -07:00
54e04dd312
posix compliance enhancements for portability
2018-09-20 10:30:11 -06:00
17ebb0ea49
Update certs to address nightly failure with disable sha enable crl
2018-09-19 15:22:08 -06:00
f3fd67c54b
White space updates and revert cnf changes in lieu of PR #1734
2018-09-19 14:54:19 -06:00
4f6ee556dc
Refactor the cert renewal scripts with error handling
...
Portability updates
2018-09-19 14:47:21 -06:00
b1b7093a1d
Revert addition of OIDs to cnf
2018-09-19 08:01:40 -05:00
f48e2067ae
Added new API wolfSSL_CTX_load_verify_chain_buffer_format for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID.
2018-09-10 08:15:17 -07:00
575382e5a9
Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs.
2018-09-07 15:30:30 -07:00
ae3d8d3779
* Fixed wolfSSL_CTX_load_verify_locations to continue loading if there is an error (ZD 4265).
...
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
1ab17ac827
More changes to minimize dynamic memory usage.
...
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
Sean Parkinson
David Garske
Chris Conlon
JacobBarthelmeh
kaleb-himes
Carie Pointer
Eric Blankenhorn
toddouska