Test for not having determnistic ECDSA was also being run when no ECDSA, and
this fails earlier. Fixed this and added a specific test for no ECDSA. Also
fixed (swapped) incorrect test descriptions.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Test for unsupported deterministic ECDSA was originally passing due to
incorrect code, fixing the code unfortunately broke the test.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Only 2 options were really possible anyway - complete in 1 op, or somewhere
between 2 and max ops. Anything else we cannot test due to implementation
specifics.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Make sure the number of ops is tested in the interruptible failure tests,
should they get through the interruptible loop part.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Ensure that num_ops is cleared when manual abort is called, but obviously not
when an operation just completes, and test this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:
grep TEST_ASSERT tests/suites/test_suite_md.function |
egrep -v '= NULL|== md_info|md_info =='
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.
Signed-off-by: Nick Child <nick.child@ibm.com>
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.
Note: mbedtls_md_info_from_string is still tested in md_info().
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
