TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ef86ab238fcbc186f324640bc264fd6f5f2123d1^! / . / tests / suites / test_suite_x509parse.function
commitef86ab238fcbc186f324640bc264fd6f5f2123d1[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Fri May 05 18:59:02 2017 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Jun 06 18:44:13 2017 +0200
treeacb396621949f25aa88fe86e6462a4393afe6e7b
parent750c353c5c828d27d077022f2c856fb13e6a5258 [diff] [blame]
Allow SHA-1 in X.509 and TLS tests

SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.

diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 5eec72a..a9f7cee 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function

@@ -7,6 +7,8 @@
 #include "mbedtls/oid.h"
 #include "mbedtls/base64.h"
 
+/* Profile for backward compatibility. Allows SHA-1, unlike the default
+   profile. */
 const mbedtls_x509_crt_profile compat_profile =
 {
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
@@ -221,6 +223,7 @@
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
 void x509_verify( char *crt_file, char *ca_file, char *crl_file,
                   char *cn_name_str, int result, int flags_result,
+                  char *profile_str,
                   char *verify_callback )
 {
     mbedtls_x509_crt   crt;
@@ -230,6 +233,7 @@
     int         res;
     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
     char *      cn_name = NULL;
+    const mbedtls_x509_crt_profile *profile;
 
     mbedtls_x509_crt_init( &crt );
     mbedtls_x509_crt_init( &ca );
@@ -238,6 +242,13 @@
     if( strcmp( cn_name_str, "NULL" ) != 0 )
         cn_name = cn_name_str;
 
+    if( strcmp( profile_str, "default" ) == 0 )
+        profile = &mbedtls_x509_crt_profile_default;
+    else if( strcmp( profile_str, "compat" ) == 0 )
+        profile = &compat_profile;
+    else
+        TEST_ASSERT( "Unknown algorithm profile" == 0 );
+
     if( strcmp( verify_callback, "NULL" ) == 0 )
         f_vrfy = NULL;
     else if( strcmp( verify_callback, "verify_none" ) == 0 )
@@ -251,7 +262,7 @@
     TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
     TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
 
-    res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, &compat_profile, cn_name, &flags, f_vrfy, NULL );
+    res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
 
     TEST_ASSERT( res == ( result ) );
     TEST_ASSERT( flags == (uint32_t)( flags_result ) );
@@ -280,8 +291,10 @@
     TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
     TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
 
-    ret = mbedtls_x509_crt_verify( &crt, &ca, NULL, NULL, &flags,
-                                   verify_print, &vrfy_ctx );
+    ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
+                                                &compat_profile,
+                                                NULL, &flags,
+                                                verify_print, &vrfy_ctx );
 
     TEST_ASSERT( ret == exp_ret );
     TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );