Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the signature in the description part of the cert against the actual signature whilst loading a certificate. This was found by a certificate (created by fuzzing) that openssl would not verify, but mbedtls would. Regression test added (one of the client certs modified accordingly) Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott
parent
bbc6032444
commit
ca17ebfbc0
5 changed files with 21 additions and 1 deletions
|
|
@ -1304,6 +1304,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
|
|||
|
||||
if( crt->sig_oid.len != sig_oid2.len ||
|
||||
memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
|
||||
sig_params1.tag != sig_params2.tag ||
|
||||
sig_params1.len != sig_params2.len ||
|
||||
( sig_params1.len != 0 &&
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue