Add tag check to cert algorithm check Add missing tag check for algorithm parameters when comparing the signature in the description part of the cert against the actual signature whilst loading a certificate. This was found by a certificate (created by fuzzing) that openssl would not verify, but mbedtls would. Regression test added (one of the client certs modified accordingly) Signed-off-by: Paul Elliott <paul.elliott@arm.com>

commit: ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 [log] [tgz]
author: Paul Elliott <paul.elliott@arm.com> Tue Nov 24 17:30:18 2020 +0000
committer: Paul Elliott <paul.elliott@arm.com> Thu Nov 26 16:34:16 2020 +0000
tree: 59b004521f73a415b4ad5006c7538d3d9d9cfe9d
parent: bbc6032444c4daddd9c694cbd24bd7e44e8d8318 [diff] [blame]
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 40c22f5..4c0920f 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile

@@ -206,7 +206,11 @@
 	$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
 all_final += cli-rsa-sha256.crt.der
 
- cli-rsa.key.der: $(cli_crt_key_file_rsa)
+cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
+	hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
+all_final += cli-rsa-sha256-badalg.crt.der
+
+cli-rsa.key.der: $(cli_crt_key_file_rsa)
 	$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
 all_final += cli-rsa.key.der
commit	ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8	[log] [tgz]
author	Paul Elliott <paul.elliott@arm.com>	Tue Nov 24 17:30:18 2020 +0000
committer	Paul Elliott <paul.elliott@arm.com>	Thu Nov 26 16:34:16 2020 +0000
tree	59b004521f73a415b4ad5006c7538d3d9d9cfe9d
parent	bbc6032444c4daddd9c694cbd24bd7e44e8d8318 [diff] [blame]