diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-06 15:09:50 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-09 17:01:10 +0100 |
| commit | 51d21634c9329463a8d7def24550ef268bc9b88c (patch) | |
| tree | 49a8e2370b632040c8fbdbd03b9f8b51cef34677 /tests/suite/tls-fuzzer | |
| parent | 02354f173e66df3dad4ac9447e4965aecfad65e8 (diff) | |
| download | gnutls-51d21634c9329463a8d7def24550ef268bc9b88c.tar.gz | |
signatures: distinguish RSA-PSS signatures with RSA PKCS#1 1.5 certificates from "pure"
This change enhances signature algorithms to have a private key algorithm
parameter. That is, to allow signature algorithms operating with a private
key of type X while the public key is of type Y. That is useful for the
RSA-PSS signatures which are of two types; one which is seen from servers
having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while
both utilize RSA-PSS private keys.
This is a draft-ietf-tls-tls13-23 change.
Resolves #400
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/suite/tls-fuzzer')
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-cert.json | 5 | ||||
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert.json | 6 |
2 files changed, 7 insertions, 4 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json index 8da7a50a06..69b7812f72 100644 --- a/tests/suite/tls-fuzzer/gnutls-cert.json +++ b/tests/suite/tls-fuzzer/gnutls-cert.json @@ -30,10 +30,11 @@ "-e", "check sigalgs in cert request"] }, {"name" : "test-rsa-pss-sigs-on-certificate-verify.py", - "comment" : "tlsfuzzer doesn't like our set of algorithms", + "comment" : "tlsfuzzer doesn't yet support draft-22 RSA-PSS", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", - "-e", "check CertificateRequest sigalgs"] + "-e", "check CertificateRequest sigalgs"], + "exp_pass" : false }, {"name": "test-certificate-malformed.py", "comment" : "tlsfuzzer doesn't like the alerts we send", diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index db9ec67844..3c156d316d 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -134,9 +134,11 @@ "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]}, {"name" : "test-sessionID-resumption.py"}, {"name" : "test-sig-algs.py", - "comment" : "FIXME: these fail, but most likely due to tls-fuzzer issue", + "comment" : "tlsfuzzer doesn't yet support draft-22 RSA-PSS", "arguments" : ["-e", "RSA-PSS only - fails in verify if server selects PSS", - "-e", "with RSA-PSS - fails in verify if server selects PSS"]}, + "-e", "with RSA-PSS - fails in verify if server selects PSS"], + "exp_pass" : false + }, {"name" : "test-signature-algorithms.py", "comment" : "gnutls doesn't tolerate that much", "arguments" : ["-e", "tolerance max (32764) number of methods"] |