Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates
Signed-off-by: toth92g <toth92g@gmail.com>
diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
new file mode 100644
index 0000000..cf4c9e9
--- /dev/null
+++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
@@ -0,0 +1,2 @@
+API changes
+ * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 02ee7cf..e161407 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -41,7 +41,7 @@
/* Size of memory to be allocated for the heap, when using the library's memory
* management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
-#define MEMORY_HEAP_SIZE 120000
+#define MEMORY_HEAP_SIZE 180000
#define MAX_REQUEST_SIZE 20000
#define MAX_REQUEST_SIZE_STR "20000"
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 802beb2..c6dc615 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -71,7 +71,7 @@
/* Size of memory to be allocated for the heap, when using the library's memory
* management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
-#define MEMORY_HEAP_SIZE 120000
+#define MEMORY_HEAP_SIZE 180000
#define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT "4433"
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 388b0ce..4fb6ad3 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -318,6 +318,15 @@
$(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
all_final += rsa_pkcs8_2048_public.der
+authorityKeyId_subjectKeyId.crt:
+ $(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout authorityKeyId_subjectKeyId.crt -out authorityKeyId_subjectKeyId.crt -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req'
+# The listed certificates are the copies of authorityKeyId_subjectKeyId.crt with error injections
+# authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt The TAG marking the beginning of SubjectKeyId is set to 0x00
+# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt The TAG marking the beginning of AuthorityKeyId field is set to 0x00
+# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt The TAG marking that AuthorityKeyId is a sequence is set to 0x00
+# authorityKeyId_subjectKeyId_wrong_IssuerN.crt There are 5 different TAGs based on the x509 doc under AuthorityKeyId(keyId, Dir, Seqence of Dir, serial)
+# Each test inject error to one of these
+
################################################################
#### Generate various RSA keys
################################################################
diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf
new file mode 100644
index 0000000..d875c6f
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId.conf
@@ -0,0 +1,9 @@
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+CN = MBEDTLS
+[v3_req]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always