diff --git a/include/polarssl/check_config.h b/include/polarssl/check_config.h index 4f3e48c52..328b881ea 100644 --- a/include/polarssl/check_config.h +++ b/include/polarssl/check_config.h @@ -197,9 +197,9 @@ #error "POLARSSL_RSA_C defined, but not all prerequisites" #endif -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) && \ +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) && \ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_PKCS1_V21) ) -#error "POLARSSL_RSASSA_PSS_CERTIFICATES defined, but not all prerequisites" +#error "POLARSSL_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" #endif #if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \ diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 1d1533810..0dca560e2 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -220,16 +220,6 @@ //#define POLARSSL_SHA256_ALT //#define POLARSSL_SHA512_ALT -/** - * \def POLARSSL_RSASSA_PSS_CERTIFICATES - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define POLARSSL_RSASSA_PSS_CERTIFICATES - /** * \def POLARSSL_AES_ROM_TABLES * @@ -1025,6 +1015,16 @@ */ #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE +/** + * \def POLARSSL_X509_RSASSA_PSS_SUPPORT + * + * Enable parsing and verification of X.509 certificates, CRLs and CSRS + * signed with RSASSA-PSS (aka PKCS#1 v2.1). + * + * Comment this macro to disallow using RSASSA-PSS in certificates. + */ +#define POLARSSL_X509_RSASSA_PSS_SUPPORT + /** * \def POLARSSL_ZLIB_SUPPORT * diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index bd34617c5..583cb8320 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -278,7 +278,7 @@ int x509_get_alg_null( unsigned char **p, const unsigned char *end, x509_buf *alg ); int x509_get_alg( unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params ); -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) int x509_get_rsassa_pss_params( const x509_buf *params, md_type_t *md_alg, md_type_t *mgf_md, int *salt_len ); diff --git a/library/x509.c b/library/x509.c index 57dfd64fd..7b5ec5f61 100644 --- a/library/x509.c +++ b/library/x509.c @@ -137,7 +137,7 @@ int x509_get_alg( unsigned char **p, const unsigned char *end, return( 0 ); } -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) /* * HashAlgorithm ::= AlgorithmIdentifier * @@ -338,7 +338,7 @@ int x509_get_rsassa_pss_params( const x509_buf *params, return( 0 ); } -#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */ +#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */ /* * AttributeTypeAndValue ::= SEQUENCE { @@ -570,7 +570,7 @@ int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret ); -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) if( *pk_alg == POLARSSL_PK_RSASSA_PSS ) { pk_rsassa_pss_options *pss_opts; @@ -854,7 +854,7 @@ int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid, ret = snprintf( p, n, "%s", desc ); SAFE_SNPRINTF(); -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) if( pk_alg == POLARSSL_PK_RSASSA_PSS ) { const pk_rsassa_pss_options *pss_opts; @@ -875,7 +875,7 @@ int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid, ((void) pk_alg); ((void) md_alg); ((void) sig_opts); -#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */ +#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */ return( (int) size - n ); } diff --git a/library/x509_crl.c b/library/x509_crl.c index 2191b47c8..8035ee40e 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -716,7 +716,7 @@ void x509_crl_free( x509_crl *crl ) do { -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) polarssl_free( crl_cur->sig_opts ); #endif diff --git a/library/x509_crt.c b/library/x509_crt.c index 315d98bf8..fa09596f0 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1921,7 +1921,7 @@ void x509_crt_free( x509_crt *crt ) { pk_free( &cert_cur->pk ); -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) polarssl_free( cert_cur->sig_opts ); #endif diff --git a/library/x509_csr.c b/library/x509_csr.c index 1c70a3373..529e7e423 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -420,7 +420,7 @@ void x509_csr_free( x509_csr *csr ) pk_free( &csr->pk ); -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) +#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) polarssl_free( csr->sig_opts ); #endif diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3df098267..0dbbdacfb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -43,23 +43,23 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information RSA-PSS, SHA1 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 Certificate information RSA-PSS, SHA224 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 Certificate information RSA-PSS, SHA256 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 Certificate information RSA-PSS, SHA384 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 Certificate information RSA-PSS, SHA512 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA1 Digest @@ -151,23 +151,23 @@ depends_on:POLARSSL_PEM_PARSE_C x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest @@ -239,23 +239,23 @@ depends_on:POLARSSL_PEM_PARSE_C x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n" X509 CSR Information RSA-PSS with SHA1 -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA224 -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA256 -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA384 -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA512 -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n" X509 Get Distinguished Name #1 @@ -571,47 +571,47 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_X509 x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"NULL" X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"NULL" X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"NULL" X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"NULL" X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_NOT_TRUSTED:"NULL" X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults) -depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"NULL" X509 Parse Selftest diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b7a109512..5c4c29e59 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -373,7 +373,7 @@ void x509_check_extended_key_usage( char *crt_file, char *usage_hex, int ret ) } /* END_CASE */ -/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES */ +/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT */ void x509_parse_rsassa_pss_params( char *hex_params, int params_tag, int ref_msg_md, int ref_mgf_md, int ref_salt_len, int ref_ret )