yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 15:21:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Also verify CRLs signed with RSASSA-PSS

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-05 17:53:52 +02:00
parent 46db4b070c
commit 53882023e7
3 changed files with 32 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/x509_crt.c
View file

@ -1492,8 +1492,8 @@ static int x509_crt_verifycrl( x509_crt *crt, x509_crt *ca,
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ); md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 || if( pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
pk_verify( &ca->pk, crl_list->sig_md, hash, md_info->size, crl_list->sig_md, hash, md_info->size,
crl_list->sig.p, crl_list->sig.len ) != 0 ) crl_list->sig.p, crl_list->sig.len ) != 0 )
{ {
flags |= BADCRL_NOT_TRUSTED; flags |= BADCRL_NOT_TRUSTED;

14
tests/data_files/crl-rsa-pss-sha1-badsign.pem Normal file
View file

@ -0,0 +1,14 @@
-----BEGIN X509 CRL-----
MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
y6li0JzWNHtkKUlCv2+SESZbD3NU8GQY
-----END X509 CRL-----

22
tests/suites/test_suite_x509parse.data
View file

@ -576,29 +576,37 @@ x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pe
X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224) X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"NULL"
X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256) X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384) X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"NULL"
X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512) X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"NULL"
X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1, not top) X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_NOT_TRUSTED:"NULL"
X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #62 (RSASSA-PSS, SHA1, bad signature) X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #63 (RSASSA-PSS, SHA1, no RSA CA) X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"