Add test cases exercising successful verification of MD2/MD4/MD5 CRT
This commit is contained in:
parent
7b8abee4f5
commit
20a4ade3f5
2 changed files with 23 additions and 0 deletions
|
@ -539,6 +539,18 @@ X509 Certificate verification #13 (Valid Cert MD5 Digest, MD5 forbidden)
|
|||
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
|
||||
|
||||
X509 Certificate verification #12 (Valid Cert MD2 Digest, MD2 allowed)
|
||||
depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
|
||||
|
||||
X509 Certificate verification #12 (Valid Cert MD4 Digest, MD4 allowed)
|
||||
depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
|
||||
|
||||
X509 Certificate verification #13 (Valid Cert MD5 Digest, MD5 allowed)
|
||||
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
|
||||
|
||||
X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
|
|
@ -15,6 +15,15 @@ than the current threshold 19. To test larger values, please \
|
|||
adapt the script tests/data_files/dir-max/long.sh."
|
||||
#endif
|
||||
|
||||
/* Test-only profile allowing all digests, PK algorithms, and curves. */
|
||||
const mbedtls_x509_crt_profile profile_all =
|
||||
{
|
||||
0xFFFFFFFF, /* Any MD */
|
||||
0xFFFFFFFF, /* Any PK alg */
|
||||
0xFFFFFFFF, /* Any curve */
|
||||
1024,
|
||||
};
|
||||
|
||||
/* Profile for backward compatibility. Allows SHA-1, unlike the default
|
||||
profile. */
|
||||
const mbedtls_x509_crt_profile compat_profile =
|
||||
|
@ -531,6 +540,8 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
|||
profile = &mbedtls_x509_crt_profile_suiteb;
|
||||
else if( strcmp( profile_str, "compat" ) == 0 )
|
||||
profile = &compat_profile;
|
||||
else if( strcmp( profile_str, "all" ) == 0 )
|
||||
profile = &profile_all;
|
||||
else
|
||||
TEST_ASSERT( "Unknown algorithm profile" == 0 );
|
||||
|
||||
|
|
Loading…
Reference in a new issue