lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields

Browse Source 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
This commit is contained in:
toth92g
2021-02-22 13:17:32 +01:00
committed by Przemek Stekiel
parent a41954d0cf
commit 27f9e7815c
5 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt Normal file
View File

@ -0,0 +1,2 @@
API changes
* x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields

2
programs/ssl/ssl_client2.c
View File

@ -41,7 +41,7 @@ int main(void)
/* Size of memory to be allocated for the heap, when using the library's memory /* Size of memory to be allocated for the heap, when using the library's memory
* management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
#define MEMORY_HEAP_SIZE 120000 #define MEMORY_HEAP_SIZE 180000
#define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE 20000
#define MAX_REQUEST_SIZE_STR "20000" #define MAX_REQUEST_SIZE_STR "20000"

2
programs/ssl/ssl_server2.c
View File

@ -73,7 +73,7 @@ int main(void)
/* Size of memory to be allocated for the heap, when using the library's memory /* Size of memory to be allocated for the heap, when using the library's memory
* management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
#define MEMORY_HEAP_SIZE 120000 #define MEMORY_HEAP_SIZE 180000
#define DFL_SERVER_ADDR NULL #define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT "4433" #define DFL_SERVER_PORT "4433"

9
tests/data_files/Makefile
View File

@ -389,6 +389,15 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
$(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
all_final += rsa_pkcs8_2048_public.der all_final += rsa_pkcs8_2048_public.der
authorityKeyId_subjectKeyId.crt:
$(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout authorityKeyId_subjectKeyId.crt -out authorityKeyId_subjectKeyId.crt -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req'
# The listed certificates are the copies of authorityKeyId_subjectKeyId.crt with error injections
# authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt The TAG marking the beginning of SubjectKeyId is set to 0x00
# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt The TAG marking the beginning of AuthorityKeyId field is set to 0x00
# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt The TAG marking that AuthorityKeyId is a sequence is set to 0x00
# authorityKeyId_subjectKeyId_wrong_IssuerN.crt There are 5 different TAGs based on the x509 doc under AuthorityKeyId(keyId, Dir, Seqence of Dir, serial)
# Each test inject error to one of these
################################################################ ################################################################
#### Generate various RSA keys #### Generate various RSA keys
################################################################ ################################################################

9
tests/data_files/authorityKeyId_subjectKeyId.conf Normal file
View File

@ -0,0 +1,9 @@
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
CN = MBEDTLS
[v3_req]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always