TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1e2e2ea36df143b324d06dd340f7d7c067d327e4^! / .
commit1e2e2ea36df143b324d06dd340f7d7c067d327e4[log] [tgz]
authorBen Taylor <ben.taylor@linaro.org>Tue Jul 29 13:19:27 2025 +0100
committerBen Taylor <ben.taylor@linaro.org>Wed Jul 30 07:55:14 2025 +0100
tree699f1d00f88beb54fa753845ef003fee38cc3c11
parent44703e4cc206fae78b92d95742a3ab3e43e1c576 [diff]
Added back crypto treatment of certs as the keyfile is now passed in and the previous rng issue should no longer be relevent

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>

diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 03746b4..edcc14d 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function

@@ -130,6 +130,9 @@
     mbedtls_x509write_csr req;
     unsigned char buf[4096];
     int ret;
+    unsigned char check_buf[4000];
+    FILE *f;
+    size_t olen = 0;
     size_t pem_len = 0, buf_index;
     int der_len = -1;
     const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
@@ -209,10 +212,14 @@
         TEST_ASSERT(buf[buf_index] == 0);
     }
 
-    // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
-    (void) cert_req_check_file;
-    buf[pem_len] = '\0';
-    TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
+    f = fopen(cert_req_check_file, "r"); //open the file
+    TEST_ASSERT(f != NULL); //check the file has been opened.
+    olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file
+    fclose(f); // close the file
+
+    TEST_ASSERT(olen >= pem_len - 1); 
+    TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); 
+
 
     der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
     TEST_ASSERT(der_len >= 0);
@@ -221,10 +228,7 @@
         goto exit;
     }
 
-    // When using PSA crypto, RNG isn't controllable, result length isn't
-    // deterministic over multiple runs, removing a single byte isn't enough to
-    // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
-    der_len /= 2;
+    der_len -= 1;
     ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
     TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);