Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the signature in the description part of the cert against the actual signature whilst loading a certificate. This was found by a certificate (created by fuzzing) that openssl would not verify, but mbedtls would. Regression test added (one of the client certs modified accordingly) Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott
parent
bbc6032444
commit
ca17ebfbc0
5 changed files with 21 additions and 1 deletions
|
|
@ -206,7 +206,11 @@ cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
|
|||
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||
all_final += cli-rsa-sha256.crt.der
|
||||
|
||||
cli-rsa.key.der: $(cli_crt_key_file_rsa)
|
||||
cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
|
||||
hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
|
||||
all_final += cli-rsa-sha256-badalg.crt.der
|
||||
|
||||
cli-rsa.key.der: $(cli_crt_key_file_rsa)
|
||||
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||
all_final += cli-rsa.key.der
|
||||
|
||||
|
|
|
|||
BIN
tests/data_files/cli-rsa-sha256-badalg.crt.der
Normal file
BIN
tests/data_files/cli-rsa-sha256-badalg.crt.der
Normal file
Binary file not shown.
|
|
@ -2644,6 +2644,10 @@ X509 File parse (trailing spaces, OK)
|
|||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||
x509parse_crt_file:"data_files/server7_trailing_space.crt":0
|
||||
|
||||
X509 File parse (Algorithm Params Tag mismatch)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||
x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH
|
||||
|
||||
X509 Get time (UTC no issues)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue