Work around even more Estonian ID card misissuances.
Not content with signing negative RSA moduli, still other Estonian IDs have too
many leading zeros. Work around those too.
This workaround will be removed in six months.
BUG=534766
Change-Id: Ica23b1b1499f9dbe39e94cf7b540900860e8e135
Reviewed-on: https://boringssl-review.googlesource.com/5980
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc
index 7bcdb39..47093a7 100644
--- a/crypto/bn/bn_test.cc
+++ b/crypto/bn/bn_test.cc
@@ -1774,15 +1774,16 @@
{"\x03\x01\x00", 3},
// Empty contents.
{"\x02\x00", 2},
- // Unnecessary leading zeros.
- {"\x02\x02\x00\x01", 4},
};
-// kASN1NegativeTests are encodings of negative numbers and how
-// |BN_cbs2unsigned_buggy| should interpret them.
-static const ASN1Test kASN1NegativeTests[] = {
+// kASN1BuggyTests are incorrect encodings and how |BN_cbs2unsigned_buggy|
+// should interpret them.
+static const ASN1Test kASN1BuggyTests[] = {
+ // Negative numbers.
{"128", "\x02\x01\x80", 3},
{"255", "\x02\x01\xff", 3},
+ // Unnecessary leading zeros.
+ {"1", "\x02\x02\x00\x01", 4},
};
static bool test_asn1() {
@@ -1861,8 +1862,8 @@
ERR_clear_error();
}
- for (const ASN1Test &test : kASN1NegativeTests) {
- // Negative numbers are rejected by |BN_cbs2unsigned|.
+ for (const ASN1Test &test : kASN1BuggyTests) {
+ // These broken encodings are rejected by |BN_cbs2unsigned|.
ScopedBIGNUM bn(BN_new());
if (!bn) {
return false;
