Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der
Signed-off-by: Nick Child <nick.child@ibm.com>
In the future, tests will be added which take in a char buffer
and buflen. Rather than duplicate code, have tests which
read from file and from buffer use the same helper function
Signed-off-by: Nick Child <nick.child@ibm.com>
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.
Signed-off-by: Nick Child <nick.child@ibm.com>
If HOSTCC is set, use that to generate files, otherwise use CC. This
should make cross-compilation with generated files slightly easier.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Move compilation to a separate helper function in c_build_helper.py to
allow more generic use.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The 'MBEDTLS_TEST_HOOKS' belongs to a test function and
not to a test case.
This reverts commit 1e8c210b9d1f370c9724edbd7d86089fb4b58c68.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Don't use external programs for string manipulation that the shell can do.
This makes the script a little faster (~10% when testing PSK).
For this commit, I only looked at code run in the innermost loop.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We can detect PSK based on $TYPE. This allows more flexibility in how cipher
suites are spelled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Netscape Certificate Management System Administrator's Guide: Extension-Specific Policy Modules, Chapter 18: Extension-Specific Policy Modules, Netscape Certificate Type Extension Policy:
> The extension has no default value.
A bitstring with no flags set is still technically valid, as it will mean that the certificate has no designated purpose at the time of creation.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This prevents a return type error in a later function that uses the
dictionaries here properly typed.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
