From: Nikos Mavrogiannopoulos Date: Wed, 11 Mar 2015 08:30:37 +0000 (+0100) Subject: Added check for GNUTLS-SA-2015-1 X-Git-Tag: gnutls_3_4_0~210 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=58d7dde8a8a6fce1a8aa9aeb29f2247212fe5acd;p=thirdparty%2Fgnutls.git Added check for GNUTLS-SA-2015-1 --- diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index c4fe11039e..c81818d91a 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -27,7 +27,8 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \ template-overflow.tmpl template-overflow2.pem template-overflow2.tmpl \ template-date.tmpl template-date.pem template-dn-err.tmpl \ template-nc.tmpl template-nc.pem xmpp-othername.pem \ - suppressions.valgrind csr-invalid.der invalid-sig2.pem invalid-sig3.pem + suppressions.valgrind csr-invalid.der invalid-sig2.pem invalid-sig3.pem \ + invalid-sig.pem dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane crq certtool invalid-sig diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index bf2e0540b9..5c21abfc50 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -29,6 +29,16 @@ if ! test -z "${VALGRIND}";then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi +#check whether a different PKCS #1 signature than the advertized in certificate is tolerated +$VALGRIND $CERTTOOL -e --infile $srcdir/invalid-sig.pem +rc=$? + +# We're done. +if test "$rc" = "0"; then + echo "Verification of invalid signature (1) failed" + exit $rc +fi + #check whether a different tbsCertificate than the outer signature algorithm is tolerated $VALGRIND $CERTTOOL -e --infile $srcdir/invalid-sig2.pem rc=$? diff --git a/tests/cert-tests/invalid-sig.pem b/tests/cert-tests/invalid-sig.pem new file mode 100644 index 0000000000..bfc59413de --- /dev/null +++ b/tests/cert-tests/invalid-sig.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAYegAwIBAgIIVOekqzUa8EgwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTE4MzVaGA85OTk5MTIzMTIz +NTk1OVowIzEhMB8GA1UEAwwYRGlmZmVyZW50IHNpZyBpbiBQS0NTICMxMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u +69yFXFg2Z/AepUU+IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14E +Na/ZcF2MrhSM8WZ1NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8W +F1JnlSlKuQIDAQABo2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAw +HQYDVR0OBBYEFK9VbbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oA +WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQADwDKSAp8T4qJ8VtDC +c/eSP0UX0vO5mKrjUr6Vi45Ojf/0+WoFivK7fXtuK6R9vNVUo4u8kI50S1O58tRF +3/W03bydy2ptE8vKC1pRGR1fB0AuUYa+mLa96ueQ4Q8sbOHwcG59St1N/qQLhzty +vLlmCsrKwHi/tM1kysstvMOK4f9K47vPtSv8sh26+4bzwJ3jMMOLh1mB7dSbrdbd +YVjq7ltBbM2C7XdNPMKrDZ0bKll6AhkVkM6zSF7DHp4DnVFeVmTE4CkXMFYqp4EC +HHM/OLS6EqBGfVSSfezgr5kLPijdVYx8ZG53Sdkjcim+1p3GMlUMPC5DFd1kLZc1 +yCgpH9a/Vn7eu4hydDoxVGawMRm2iM3JaB7+Hsbr07Td5ni2/nXtCFRGgurTbITm +1k19 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE-----