commit 5b32038ff0c1e467cd9a238333ab9ee233c0f795
author Neil Armstrong <narmstrong@baylibre.com> Mon Feb 21 17:22:10 2022 +0100
committer Neil Armstrong <narmstrong@baylibre.com> Thu Mar 03 16:44:06 2022 +0100
tree 64e60b123d050b5ac7e44b554f38fc4ac48cc68e
parent e960690b89e22e3c73918257b96417189f7a2579

Alternative CSR checks in x509_csr_check when USE_PSA_CRYPTO

The X509write x509_csr_check reference file depends on
mbedtls_test_rnd_pseudo_rand being used to match the pre-generated data.
This calls x509_crt_verifycsr() like in x509_csr_check_opaque() when
MBEDTLS_USE_PSA_CRYPTO is defined.

Notably using PSA_ALG_DETERMINISTIC_ECDSA() in ecdsa_sign_wrap() makes
this test run without these changes.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

tests/suites/test_suite_x509write.function

diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 261794c..7503b5e 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -93,6 +93,8 @@
 
     memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
 
+    USE_PSA_INIT( );
+
     mbedtls_pk_init( &key );
     TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
                         mbedtls_test_rnd_std_rand, NULL ) == 0 );
@@ -117,6 +119,15 @@
         TEST_ASSERT( buf[buf_index] == 0 );
     }
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
+    (void)f;
+    (void)olen;
+    (void)check_buf;
+    (void)cert_req_check_file;
+    buf[pem_len] = '\0';
+    TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
+#else
     f = fopen( cert_req_check_file, "r" );
     TEST_ASSERT( f != NULL );
     olen = fread( check_buf, 1, sizeof( check_buf ), f );
@@ -124,6 +135,7 @@
 
     TEST_ASSERT( olen >= pem_len - 1 );
     TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+#endif
 
     der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
                                          mbedtls_test_rnd_pseudo_rand,
@@ -133,13 +145,22 @@
     if( der_len == 0 )
         goto exit;
 
-    ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    // When using PSA crypto, RNG isn't controllable, result length isn't
+    // deterministic over multiple runs, removing a single byte isn't enough to
+    // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
+    der_len /= 2;
+#else
+    der_len -= 1;
+#endif
+    ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len ),
                                      mbedtls_test_rnd_pseudo_rand, &rnd_info );
     TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
 exit:
     mbedtls_x509write_csr_free( &req );
     mbedtls_pk_free( &key );
+    USE_PSA_DONE( );
 }
 /* END_CASE */