diff options
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/cert-tests/invalid-sig | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index bcebf995cb..58134a4d09 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -33,14 +33,16 @@ if ! test -x "${CERTTOOL}"; then exit 77 fi +. ${srcdir}/../scripts/common.sh + #check whether a different PKCS #1 signature than the advertized in certificate is tolerated ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (1) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -48,9 +50,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig2.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (2) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -58,9 +60,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig3.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (3) failed" - exit ${rc} + exit 1 fi #check whether different parameters in tbsCertificate than the outer signature is tolerated @@ -68,9 +70,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (4) failed" - exit ${rc} + exit 1 fi #check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated @@ -78,19 +80,24 @@ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/invalid-sig5.p rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (5) failed" - exit ${rc} + exit 1 fi -#this was causing a double free; verify that we receive the expected error code -${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" -rc=$? - -# We're done. -if test "${rc}" != "1"; then - echo "Verification of invalid signature (6) failed" - exit ${rc} +if check_for_datefudge; then + #this was causing a double free; verify that we receive the expected error code + datefudge -s 2020-01-01 \ + ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" + rc=$? + + # We're done. + if test $rc != 1; then + echo "Verification of invalid signature (6) failed" + exit 1 + fi +else + echo "Verification of invalid signature (6) skipped" fi exit 0 |