aboutsummaryrefslogtreecommitdiff
path: root/tests/data_files
diff options
context:
space:
mode:
authorPaul Elliott <paul.elliott@arm.com>2020-11-24 17:30:18 +0000
committerPaul Elliott <paul.elliott@arm.com>2020-11-26 16:34:16 +0000
commitca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (patch)
tree59b004521f73a415b4ad5006c7538d3d9d9cfe9d /tests/data_files
parentbbc6032444c4daddd9c694cbd24bd7e44e8d8318 (diff)
downloadmbedtls-ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8.zip
mbedtls-ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8.tar.gz
mbedtls-ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8.tar.bz2
Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the signature in the description part of the cert against the actual signature whilst loading a certificate. This was found by a certificate (created by fuzzing) that openssl would not verify, but mbedtls would. Regression test added (one of the client certs modified accordingly) Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Diffstat (limited to 'tests/data_files')
-rw-r--r--tests/data_files/Makefile6
-rw-r--r--tests/data_files/cli-rsa-sha256-badalg.crt.derbin0 -> 835 bytes
2 files changed, 5 insertions, 1 deletions
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 40c22f5..4c0920f 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -206,7 +206,11 @@ cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
all_final += cli-rsa-sha256.crt.der
- cli-rsa.key.der: $(cli_crt_key_file_rsa)
+cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
+all_final += cli-rsa-sha256-badalg.crt.der
+
+cli-rsa.key.der: $(cli_crt_key_file_rsa)
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
all_final += cli-rsa.key.der
diff --git a/tests/data_files/cli-rsa-sha256-badalg.crt.der b/tests/data_files/cli-rsa-sha256-badalg.crt.der
new file mode 100644
index 0000000..c40ba2a
--- /dev/null
+++ b/tests/data_files/cli-rsa-sha256-badalg.crt.der
Binary files differ
generated by cgit v1.1 at 2024-07-12 00:20:56 +0000