diff options
author | Paul Elliott <paul.elliott@arm.com> | 2020-11-24 17:30:18 +0000 |
---|---|---|
committer | Paul Elliott <paul.elliott@arm.com> | 2020-11-26 16:34:16 +0000 |
commit | ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (patch) | |
tree | 59b004521f73a415b4ad5006c7538d3d9d9cfe9d /tests/data_files | |
parent | bbc6032444c4daddd9c694cbd24bd7e44e8d8318 (diff) | |
download | mbedtls-ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8.zip mbedtls-ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8.tar.gz mbedtls-ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8.tar.bz2 |
Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.
Regression test added (one of the client certs modified accordingly)
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Diffstat (limited to 'tests/data_files')
-rw-r--r-- | tests/data_files/Makefile | 6 | ||||
-rw-r--r-- | tests/data_files/cli-rsa-sha256-badalg.crt.der | bin | 0 -> 835 bytes |
2 files changed, 5 insertions, 1 deletions
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 40c22f5..4c0920f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -206,7 +206,11 @@ cli-rsa-sha256.crt.der: cli-rsa-sha256.crt $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER all_final += cli-rsa-sha256.crt.der - cli-rsa.key.der: $(cli_crt_key_file_rsa) +cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ +all_final += cli-rsa-sha256-badalg.crt.der + +cli-rsa.key.der: $(cli_crt_key_file_rsa) $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += cli-rsa.key.der diff --git a/tests/data_files/cli-rsa-sha256-badalg.crt.der b/tests/data_files/cli-rsa-sha256-badalg.crt.der Binary files differnew file mode 100644 index 0000000..c40ba2a --- /dev/null +++ b/tests/data_files/cli-rsa-sha256-badalg.crt.der |