TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7344e1bd05a9ef0f7deb3100fe312d4f4bf05594^! / . / tests
commit7344e1bd05a9ef0f7deb3100fe312d4f4bf05594[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Fri May 12 13:16:40 2017 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Jun 06 19:09:02 2017 +0200
treef6d070a9979359004cf0af695672d7ad58850335
parentdb56acae43d028705e37172277c17001fab97b1d [diff]
SHA-1 deprecation: allow it in key exchange

By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f498732..8170413 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -2684,12 +2684,19 @@
 # Test for ClientHello without extensions
 
 requires_gnutls
-run_test    "ClientHello without extensions" \
+run_test    "ClientHello without extensions, SHA-1 allowed" \
             "$P_SRV debug_level=3" \
             "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
             0 \
             -s "dumping 'client hello extensions' (0 bytes)"
 
+requires_gnutls
+run_test    "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
+            "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
+            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+            0 \
+            -s "dumping 'client hello extensions' (0 bytes)"
+
 # Tests for mbedtls_ssl_get_bytes_avail()
 
 run_test    "mbedtls_ssl_get_bytes_avail: no extra data" \

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 3609f40..aacf4f9 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data

@@ -432,7 +432,7 @@
 x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
 x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"default":"NULL"
 
 X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)