diff options
| author | Daiki Ueno <ueno@gnu.org> | 2020-06-09 10:44:57 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2020-06-12 08:01:27 +0200 |
| commit | b99af2fc9d2aab9f7ffc155e25279d9bfe6e9c8c (patch) | |
| tree | 8c19dd18cabd5e7638f09a3297a5dfdf76d24ddb | |
| parent | c06de1e19b5446bae5cb8e982746a547dd4061b4 (diff) | |
| download | gnutls-tmp-skip-datefudge.tar.gz | |
tests/cert-test/invalid-sig: use datefudge to test expired certstmp-skip-datefudge
Suggested by Andreas Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1021
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rwxr-xr-x | tests/cert-tests/invalid-sig | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index bcebf995cb..58134a4d09 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -33,14 +33,16 @@ if ! test -x "${CERTTOOL}"; then exit 77 fi +. ${srcdir}/../scripts/common.sh + #check whether a different PKCS #1 signature than the advertized in certificate is tolerated ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (1) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -48,9 +50,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig2.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (2) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -58,9 +60,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig3.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (3) failed" - exit ${rc} + exit 1 fi #check whether different parameters in tbsCertificate than the outer signature is tolerated @@ -68,9 +70,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (4) failed" - exit ${rc} + exit 1 fi #check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated @@ -78,19 +80,24 @@ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/invalid-sig5.p rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (5) failed" - exit ${rc} + exit 1 fi -#this was causing a double free; verify that we receive the expected error code -${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" -rc=$? - -# We're done. -if test "${rc}" != "1"; then - echo "Verification of invalid signature (6) failed" - exit ${rc} +if check_for_datefudge; then + #this was causing a double free; verify that we receive the expected error code + datefudge -s 2020-01-01 \ + ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" + rc=$? + + # We're done. + if test $rc != 1; then + echo "Verification of invalid signature (6) failed" + exit 1 + fi +else + echo "Verification of invalid signature (6) skipped" fi exit 0 |