Added check for GNUTLS-SA-2015-1

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Wed, 11 Mar 2015 08:30:37 +0000 (09:30 +0100)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Wed, 11 Mar 2015 08:30:37 +0000 (09:30 +0100)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 11 Mar 2015 08:30:37 +0000 (09:30 +0100)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 11 Mar 2015 08:30:37 +0000 (09:30 +0100)
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am

index c4fe11039ec465be735f8f52df19489b24a779b4..c81818d91a67e2d13842b0863039b88f9cdf1c55 100644 (file)
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -27,7 +27,8 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
         template-overflow.tmpl template-overflow2.pem template-overflow2.tmpl \
         template-date.tmpl template-date.pem template-dn-err.tmpl \
         template-nc.tmpl template-nc.pem xmpp-othername.pem \
-       suppressions.valgrind csr-invalid.der invalid-sig2.pem invalid-sig3.pem
+       suppressions.valgrind csr-invalid.der invalid-sig2.pem invalid-sig3.pem \
+       invalid-sig.pem
  
  dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane crq certtool invalid-sig
  
diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig

index bf2e0540b962ef40c2f2f1dfb71933618b6a48b2..5c21abfc50bd5046df44eb6e56faf4efa562298b 100755 (executable)
--- a/tests/cert-tests/invalid-sig
+++ b/tests/cert-tests/invalid-sig
@@ -29,6 +29,16 @@ if ! test -z "${VALGRIND}";then
  VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
  fi
  
+#check whether a different PKCS #1 signature than the advertized in certificate is tolerated
+$VALGRIND $CERTTOOL -e --infile $srcdir/invalid-sig.pem
+rc=$?
+
+# We're done.
+if test "$rc" = "0"; then
+  echo "Verification of invalid signature (1) failed"
+  exit $rc
+fi
+
  #check whether a different tbsCertificate than the outer signature algorithm is tolerated
  $VALGRIND $CERTTOOL -e --infile $srcdir/invalid-sig2.pem
  rc=$?
diff --git a/tests/cert-tests/invalid-sig.pem b/tests/cert-tests/invalid-sig.pem

new file mode 100644 (file)

index 0000000..bfc5941
--- /dev/null
+++ b/tests/cert-tests/invalid-sig.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAYegAwIBAgIIVOekqzUa8EgwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTE4MzVaGA85OTk5MTIzMTIz
+NTk1OVowIzEhMB8GA1UEAwwYRGlmZmVyZW50IHNpZyBpbiBQS0NTICMxMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u
+69yFXFg2Z/AepUU+IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14E
+Na/ZcF2MrhSM8WZ1NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8W
+F1JnlSlKuQIDAQABo2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAw
+HQYDVR0OBBYEFK9VbbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oA
+WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQADwDKSAp8T4qJ8VtDC
+c/eSP0UX0vO5mKrjUr6Vi45Ojf/0+WoFivK7fXtuK6R9vNVUo4u8kI50S1O58tRF
+3/W03bydy2ptE8vKC1pRGR1fB0AuUYa+mLa96ueQ4Q8sbOHwcG59St1N/qQLhzty
+vLlmCsrKwHi/tM1kysstvMOK4f9K47vPtSv8sh26+4bzwJ3jMMOLh1mB7dSbrdbd
+YVjq7ltBbM2C7XdNPMKrDZ0bKll6AhkVkM6zSF7DHp4DnVFeVmTE4CkXMFYqp4EC
+HHM/OLS6EqBGfVSSfezgr5kLPijdVYx8ZG53Sdkjcim+1p3GMlUMPC5DFd1kLZc1
+yCgpH9a/Vn7eu4hydDoxVGawMRm2iM3JaB7+Hsbr07Td5ni2/nXtCFRGgurTbITm
+1k19
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV
+BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL
+dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb
+HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08
+WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3
+F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3
+a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe
+oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/
+MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P
+MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH
+VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc
+4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s
+V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK
+VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u
+f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv
+ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+-----END CERTIFICATE-----
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Wed, 11 Mar 2015 08:30:37 +0000 (09:30 +0100)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Wed, 11 Mar 2015 08:30:37 +0000 (09:30 +0100)
tests/cert-tests/Makefile.am		patch \| blob \| blame \| history
tests/cert-tests/invalid-sig		patch \| blob \| blame \| history
tests/cert-tests/invalid-sig.pem	[new file with mode: 0644]	patch \| blob