Add tag check to cert algorithm check Add missing tag check for algorithm parameters when comparing the signature in the description part of the cert against the actual signature whilst loading a certificate. This was found by a certificate (created by fuzzing) that openssl would not verify, but mbedtls would. Regression test added (one of the client certs modified accordingly) Signed-off-by: Paul Elliott <paul.elliott@arm.com>

commit: ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 [log] [tgz]
author: Paul Elliott <paul.elliott@arm.com> Tue Nov 24 17:30:18 2020 +0000
committer: Paul Elliott <paul.elliott@arm.com> Thu Nov 26 16:34:16 2020 +0000
tree: 59b004521f73a415b4ad5006c7538d3d9d9cfe9d
parent: bbc6032444c4daddd9c694cbd24bd7e44e8d8318 [diff] [blame]
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 1b0316e..d368ef4 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data

@@ -2644,6 +2644,10 @@
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
 x509parse_crt_file:"data_files/server7_trailing_space.crt":0
 
+X509 File parse (Algorithm Params Tag mismatch)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH
+
 X509 Get time (UTC no issues)
 depends_on:MBEDTLS_X509_USE_C
 x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
commit	ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8	[log] [tgz]
author	Paul Elliott <paul.elliott@arm.com>	Tue Nov 24 17:30:18 2020 +0000
committer	Paul Elliott <paul.elliott@arm.com>	Thu Nov 26 16:34:16 2020 +0000
tree	59b004521f73a415b4ad5006c7538d3d9d9cfe9d
parent	bbc6032444c4daddd9c694cbd24bd7e44e8d8318 [diff] [blame]