Merge pull request #773 from paul-elliott-arm/discrepancy_cert

Add missing tag check to signature check on certificate load
2025-07-29 11:41:15 +03:00 · 2020-12-03 12:19:39 +01:00
parent 489c058b52 ca17ebfbc0
commit a282984c3d
5 changed files with 21 additions and 1 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -1304,6 +1304,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,

    if( crt->sig_oid.len != sig_oid2.len ||
        memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
+        sig_params1.tag != sig_params2.tag ||
        sig_params1.len != sig_params2.len ||
        ( sig_params1.len != 0 &&
          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )