diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt new file mode 100644 index 0000000000..cf4c9e9531 --- /dev/null +++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt @@ -0,0 +1,2 @@ +API changes + * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 8b0a825020..c547fc3e21 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -41,7 +41,7 @@ int main(void) /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 +#define MEMORY_HEAP_SIZE 180000 #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 90a13eba37..1fc04df9ec 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -71,7 +71,7 @@ int main(void) /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 +#define MEMORY_HEAP_SIZE 180000 #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 388b0ce413..4fb6ad39ef 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -318,6 +318,15 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der +authorityKeyId_subjectKeyId.crt: + $(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout authorityKeyId_subjectKeyId.crt -out authorityKeyId_subjectKeyId.crt -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' +# The listed certificates are the copies of authorityKeyId_subjectKeyId.crt with error injections +# authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt The TAG marking the beginning of SubjectKeyId is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt The TAG marking the beginning of AuthorityKeyId field is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt The TAG marking that AuthorityKeyId is a sequence is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_IssuerN.crt There are 5 different TAGs based on the x509 doc under AuthorityKeyId(keyId, Dir, Seqence of Dir, serial) +# Each test inject error to one of these + ################################################################ #### Generate various RSA keys ################################################################ diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf new file mode 100644 index 0000000000..d875c6ffe0 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId.conf @@ -0,0 +1,9 @@ +[req] +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no +[req_distinguished_name] +CN = MBEDTLS +[v3_req] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always