Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-24 00:06:32 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow SHA-1 in X.509 and TLS tests

Browse source 
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
This commit is contained in:
Gilles Peskine 2017-05-05 18:59:02 +02:00 committed by Manuel Pégourié-Gonnard
parent 750c353c5c
commit ef86ab238f
4 changed files with 130 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tests/suites/test_suite_x509parse.function
View file

@ -7,6 +7,8 @@
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"
/* Profile for backward compatibility. Allows SHA-1, unlike the default
profile. */
const mbedtls_x509_crt_profile compat_profile =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
@ -221,6 +223,7 @@ void x509_verify_info( int flags, char *prefix, char *result_str )
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result,
char *profile_str,
char *verify_callback )
{
mbedtls_x509_crt crt;
@ -230,6 +233,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
int res;
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
char * cn_name = NULL;
const mbedtls_x509_crt_profile *profile;
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
@ -238,6 +242,13 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
if( strcmp( cn_name_str, "NULL" ) != 0 )
cn_name = cn_name_str;
if( strcmp( profile_str, "default" ) == 0 )
profile = &mbedtls_x509_crt_profile_default;
else if( strcmp( profile_str, "compat" ) == 0 )
profile = &compat_profile;
else
TEST_ASSERT( "Unknown algorithm profile" == 0 );
if( strcmp( verify_callback, "NULL" ) == 0 )
f_vrfy = NULL;
else if( strcmp( verify_callback, "verify_none" ) == 0 )
@ -251,7 +262,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, &compat_profile, cn_name, &flags, f_vrfy, NULL );
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
@ -280,8 +291,10 @@ void x509_verify_callback( char *crt_file, char *ca_file,
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
ret = mbedtls_x509_crt_verify( &crt, &ca, NULL, NULL, &flags,
verify_print, &vrfy_ctx );
ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
&compat_profile,
NULL, &flags,
verify_print, &vrfy_ctx );
TEST_ASSERT( ret == exp_ret );
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );