diff options
Diffstat (limited to 'tests/cert-tests')
| -rw-r--r-- | tests/cert-tests/Makefile.am | 4 | ||||
| -rw-r--r-- | tests/cert-tests/data/invalid-sig4.pem | 23 | ||||
| -rw-r--r-- | tests/cert-tests/data/invalid-sig5.pem | 22 | ||||
| -rwxr-xr-x | tests/cert-tests/invalid-sig | 20 |
4 files changed, 67 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 0e5692df6d..f3beadec0d 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -35,8 +35,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem templates/template-generalized.tmpl data/privkey1.pem data/privkey2.pem data/privkey3.pem \ data/name-constraints-ip.pem data/cert-invalid-utf8.der data/very-long-dn.pem \ data/provable3072.pem data/provable2048.pem data/provable-dsa2048.pem \ - data/provable-dsa2048-fips.pem templates/template-crq.tmpl \ - templates/template-unique.tmpl data/template-unique.pem \ + data/provable-dsa2048-fips.pem templates/template-crq.tmpl data/invalid-sig5.pem \ + templates/template-unique.tmpl data/template-unique.pem data/invalid-sig4.pem \ templates/template-othername.tmpl data/template-othername.pem \ templates/template-othername-xmpp.tmpl data/template-othername-xmpp.pem \ templates/template-krb5name.tmpl data/crl-demo1.pem data/crl-demo2.pem data/crl-demo3.pem \ diff --git a/tests/cert-tests/data/invalid-sig4.pem b/tests/cert-tests/data/invalid-sig4.pem new file mode 100644 index 0000000000..f039e3c18f --- /dev/null +++ b/tests/cert-tests/data/invalid-sig4.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1jCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG +EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0 +l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e +6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb +ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8 +N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5 +HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd +gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC +St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w +EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js +Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw +JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTAOBgkqhkiG9w0B +AQUEAUEDggEBAKu8vApdGJTjwbHDqExV1r60mPHuPBzNz/MkJFyWAydY/Dauoi+P +8f7aKwLDM73I3UgiK2APpQMQ/Xf40O2WZ0/96kcgcFTcqQxVfuGWJYrZtdpXSr6N +jklDY6VsTieHJetbbf6ifzgo4DarrTmlpWLEt1xYLKpdAWCmYmejwMdiI/TnbEbu +tdOAaiIT0i0/dE/qr4xftDic267Or4QepvY0UVl50+N13LzX83PfkuzSIFlvnPuV ++JJ2GAp8Dyymyt6KYnvY885faL2PPsF0uxVyOhaDqQvmTZmc2FfsqAFRx29XNF6r +SixC9k8ciXjeJk71b5NMFWsnVk0AVGx6t7c= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/invalid-sig5.pem b/tests/cert-tests/data/invalid-sig5.pem new file mode 100644 index 0000000000..f7a148cf42 --- /dev/null +++ b/tests/cert-tests/data/invalid-sig5.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDmjCCAlKgAwIBAgIMWXnRYyHbNWzuFxmzMD0GCSqGSIb3DQEBCjAwoA0wCwYJ +YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL +BgNVBAMTBENBLTAwIBcNMTcwNzI3MTE0MTIzWhgPOTk5OTEyMzEyMzU5NTlaMA8x +DTALBgNVBAMTBENBLTEwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB +oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEKAoIBAQDB +uQ2UwKWT1BfN6H2B3svKL34aPW/+MTfN8McvExZsZYuQyRxeG8SV4uJ+GAtJ/Ml/ +eaUqiKG0pNCna846FUtAax/0quuVSaZ2xOVA3lMKj2frtRLJ3W6ZaglCHkZUHhII +JEtE1s0F8aaaZ6X4/57OAi6uyFNuBSBsp3giQS6SrtFMbhq7OuSSt2T14XlVGvAI +TiO7t21+Eukq2jDGOerUax4Yxki4l8589uXu5IQzZalj42hr9YKbNb75RAICNnY8 +jxCezc0o8KNoDF0IAK7UERz6uUQElUh/bdm0k3UV+uVA6t0disZ4gdenPuLsGSVD +9fcbh/zFlv2V3A9HLJB3AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P +AQH/BAUDAwcEADAdBgNVHQ4EFgQU6h4fxmpkIoNy/qx6u4Z13H7WN+QwHwYDVR0j +BBgwFoAUZ97LfvATPRiWxwNOO+sxC5ig8VkwPQYJKoZIhvcNAQEKMDCgDTALBglg +hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEBAFGH +zxWW8R95wmmuDecuKf31LEKPubtaeqMRqt2Vk2mGCQOxcerl6MMGyl3w46hEkAjU +jAPwmNnB9xyEyqR5w2TYrpzsrnUcZn+6HzSiPTEJ0jhY2S8N2V+Bch1QgMwlgeaD +bZrY6qAG6PeqoQ8XhZ8+1sI/IpQKJHmmBN+qYbLFxEPjE4QnBahPbKfbpMY0MMX0 +uuI2nSBKcYmkYiWBYdydpP24VfeoUP0V6bXc5rrDdCNGp+AxUID51GT0AoMf2FGK +LeOLJtPqH7raz44pa1qezHq4gPeXC0Ende9j7IimpsdB6eDVle8UZipfeASq9XVL +F430KTcS7x42r71NZUU= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index eaa75c7543..84e97272d6 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -59,4 +59,24 @@ if test "${rc}" = "0"; then exit ${rc} fi +#check whether different parameters in tbsCertificate than the outer signature is tolerated +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem" +rc=$? + +# We're done. +if test "${rc}" = "0"; then + echo "Verification of invalid signature (4) failed" + exit ${rc} +fi + +#check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig5.pem" +rc=$? + +# We're done. +if test "${rc}" = "0"; then + echo "Verification of invalid signature (4) failed" + exit ${rc} +fi + exit 0 |