Skip to main content
  • Home
  • login
  • Browse the archive

    swh mirror partner logo
swh logo
SoftwareHeritage
Software
Heritage
Mirror
Features
  • Search

  • Downloads

  • Save code now

  • Add forge now

  • Help

Revision 098f27f9ef8be2a418f76896ee3c824e8709fcf7 authored by Matt Caswell on 17 October 2023, 13:55:48 UTC, committed by Tomas Mraz on 19 October 2023, 09:54:44 UTC
Ignore ping deadline when calculating tick deadline if we can't send
If the CC TX allowance is zero then we cannot send a PING frame at the
moment, so do not take into account the ping deadline when calculating the
tick deadline in that case.

This avoids the hang found by the fuzzer mentioned in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765131727

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22410)
1 parent 56e3032
  • Files
  • Changes
  • 55eafe5
  • /
  • test
  • /
  • algorithmid_test.c
Raw File
Cook and download a directory from the Software Heritage Vault

You have requested the cooking of the directory with identifier None into a standard tar.gz archive.

Are you sure you want to continue ?

Download a directory from the Software Heritage Vault

You have requested the download of the directory with identifier None as a standard tar.gz archive.

Are you sure you want to continue ?

Cook and download a revision from the Software Heritage Vault

You have requested the cooking of the history heading to revision with identifier swh:1:rev:098f27f9ef8be2a418f76896ee3c824e8709fcf7 into a bare git archive.

Are you sure you want to continue ?

Download a revision from the Software Heritage Vault

You have requested the download of the history heading to revision with identifier swh:1:rev:098f27f9ef8be2a418f76896ee3c824e8709fcf7 as a bare git archive.

Are you sure you want to continue ?

Invalid Email !

The provided email is not well-formed.

Download link has expired

The requested archive is no longer available for download from the Software Heritage Vault.

Do you want to cook it again ?

Permalinks

To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.

  • revision
  • content
revision badge
swh:1:rev:098f27f9ef8be2a418f76896ee3c824e8709fcf7
content badge Iframe embedding
swh:1:cnt:0104425c1d4af35bcf0923f3e039b3bcbb4ab14c
algorithmid_test.c
/*
 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/asn1.h>
#include <openssl/pem.h>
#include "internal/sizes.h"
#include "crypto/evp.h"
#include "testutil.h"

/* Collected arguments */
static const char *eecert_filename = NULL;  /* For test_x509_file() */
static const char *cacert_filename = NULL;  /* For test_x509_file() */
static const char *pubkey_filename = NULL;  /* For test_spki_file() */

#define ALGORITHMID_NAME "algorithm-id"

static int test_spki_aid(X509_PUBKEY *pubkey, const char *filename)
{
    const ASN1_OBJECT *oid;
    X509_ALGOR *alg = NULL;
    EVP_PKEY *pkey = NULL;
    EVP_KEYMGMT *keymgmt = NULL;
    void *keydata = NULL;
    char name[OSSL_MAX_NAME_SIZE] = "";
    unsigned char *algid_legacy = NULL;
    int algid_legacy_len = 0;
    static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
    size_t algid_prov_len = 0;
    const OSSL_PARAM *gettable_params = NULL;
    OSSL_PARAM params[] = {
        OSSL_PARAM_octet_string(ALGORITHMID_NAME,
                                &algid_prov, sizeof(algid_prov)),
        OSSL_PARAM_END
    };
    int ret = 0;

    if (!TEST_true(X509_PUBKEY_get0_param(NULL, NULL, NULL, &alg, pubkey))
        || !TEST_ptr(pkey = X509_PUBKEY_get0(pubkey)))
        goto end;

    if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
        goto end;

    X509_ALGOR_get0(&oid, NULL, NULL, alg);
    if (!TEST_int_gt(OBJ_obj2txt(name, sizeof(name), oid, 0), 0))
        goto end;

    /*
     * We use an internal functions to ensure we have a provided key.
     * Note that |keydata| should not be freed, as it's cached in |pkey|.
     * The |keymgmt|, however, should, as its reference count is incremented
     * in this function.
     */
    if ((keydata = evp_pkey_export_to_provider(pkey, NULL,
                                               &keymgmt, NULL)) == NULL) {
        TEST_info("The public key found in '%s' doesn't have provider support."
                  "  Skipping...",
                  filename);
        ret = 1;
        goto end;
    }

    if (!TEST_true(EVP_KEYMGMT_is_a(keymgmt, name))) {
        TEST_info("The AlgorithmID key type (%s) for the public key found in"
                  " '%s' doesn't match the key type of the extracted public"
                  " key.",
                  name, filename);
        ret = 1;
        goto end;
    }

    if (!TEST_ptr(gettable_params = EVP_KEYMGMT_gettable_params(keymgmt))
        || !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
        TEST_info("The %s provider keymgmt appears to lack support for algorithm-id."
                  "  Skipping...",
                  name);
        ret = 1;
        goto end;
    }

    algid_prov[0] = '\0';
    if (!TEST_true(evp_keymgmt_get_params(keymgmt, keydata, params)))
        goto end;
    algid_prov_len = params[0].return_size;

    /* We now have all the algorithm IDs we need, let's compare them */
    if (TEST_mem_eq(algid_legacy, algid_legacy_len,
                    algid_prov, algid_prov_len))
        ret = 1;

 end:
    EVP_KEYMGMT_free(keymgmt);
    OPENSSL_free(algid_legacy);
    return ret;
}

static int test_x509_spki_aid(X509 *cert, const char *filename)
{
    X509_PUBKEY *pubkey = X509_get_X509_PUBKEY(cert);

    return test_spki_aid(pubkey, filename);
}

static int test_x509_sig_aid(X509 *eecert, const char *ee_filename,
                             X509 *cacert, const char *ca_filename)
{
    const ASN1_OBJECT *sig_oid = NULL;
    const X509_ALGOR *alg = NULL;
    int sig_nid = NID_undef, dig_nid = NID_undef, pkey_nid = NID_undef;
    EVP_MD_CTX *mdctx = NULL;
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
    unsigned char *algid_legacy = NULL;
    int algid_legacy_len = 0;
    static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
    size_t algid_prov_len = 0;
    const OSSL_PARAM *gettable_params = NULL;
    OSSL_PARAM params[] = {
        OSSL_PARAM_octet_string("algorithm-id",
                                &algid_prov, sizeof(algid_prov)),
        OSSL_PARAM_END
    };
    int ret = 0;

    X509_get0_signature(NULL, &alg, eecert);
    X509_ALGOR_get0(&sig_oid, NULL, NULL, alg);
    if (!TEST_int_eq(X509_ALGOR_cmp(alg, X509_get0_tbs_sigalg(eecert)), 0))
        goto end;
    if (!TEST_int_ne(sig_nid = OBJ_obj2nid(sig_oid), NID_undef)
        || !TEST_true(OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
        || !TEST_ptr(pkey = X509_get0_pubkey(cacert)))
        goto end;

    if (!TEST_true(EVP_PKEY_is_a(pkey, OBJ_nid2sn(pkey_nid)))) {
        TEST_info("The '%s' pubkey can't be used to verify the '%s' signature",
                  ca_filename, ee_filename);
        TEST_info("Signature algorithm is %s (pkey type %s, hash type %s)",
                  OBJ_nid2sn(sig_nid), OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
        TEST_info("Pkey key type is %s", EVP_PKEY_get0_type_name(pkey));
        goto end;
    }

    if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
        goto end;

    if (!TEST_ptr(mdctx = EVP_MD_CTX_new())
        || !TEST_true(EVP_DigestVerifyInit_ex(mdctx, &pctx,
                                              OBJ_nid2sn(dig_nid),
                                              NULL, NULL, pkey, NULL))) {
        TEST_info("Couldn't initialize a DigestVerify operation with "
                  "pkey type %s and hash type %s",
                  OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
        goto end;
    }

    if (!TEST_ptr(gettable_params = EVP_PKEY_CTX_gettable_params(pctx))
        || !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
        TEST_info("The %s provider keymgmt appears to lack support for algorithm-id"
                  "  Skipping...",
                  OBJ_nid2sn(pkey_nid));
        ret = 1;
        goto end;
    }

    algid_prov[0] = '\0';
    if (!TEST_true(EVP_PKEY_CTX_get_params(pctx, params)))
        goto end;
    algid_prov_len = params[0].return_size;

    /* We now have all the algorithm IDs we need, let's compare them */
    if (TEST_mem_eq(algid_legacy, algid_legacy_len,
                    algid_prov, algid_prov_len))
        ret = 1;

 end:
    EVP_MD_CTX_free(mdctx);
    /* pctx is free by EVP_MD_CTX_free() */
    OPENSSL_free(algid_legacy);
    return ret;
}

static int test_spki_file(void)
{
    X509_PUBKEY *pubkey = NULL;
    BIO *b = BIO_new_file(pubkey_filename, "r");
    int ret = 0;

    if (b == NULL) {
        TEST_error("Couldn't open '%s' for reading\n", pubkey_filename);
        TEST_openssl_errors();
        goto end;
    }

    if ((pubkey = PEM_read_bio_X509_PUBKEY(b, NULL, NULL, NULL)) == NULL) {
        TEST_error("'%s' doesn't appear to be a SubjectPublicKeyInfo in PEM format\n",
                   pubkey_filename);
        TEST_openssl_errors();
        goto end;
    }

    ret = test_spki_aid(pubkey, pubkey_filename);
 end:
    BIO_free(b);
    X509_PUBKEY_free(pubkey);
    return ret;
}

static int test_x509_files(void)
{
    X509 *eecert = NULL, *cacert = NULL;
    BIO *bee = NULL, *bca = NULL;
    int ret = 0;

    if ((bee = BIO_new_file(eecert_filename, "r")) == NULL) {
        TEST_error("Couldn't open '%s' for reading\n", eecert_filename);
        TEST_openssl_errors();
        goto end;
    }
    if ((bca = BIO_new_file(cacert_filename, "r")) == NULL) {
        TEST_error("Couldn't open '%s' for reading\n", cacert_filename);
        TEST_openssl_errors();
        goto end;
    }

    if ((eecert = PEM_read_bio_X509(bee, NULL, NULL, NULL)) == NULL) {
        TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
                   eecert_filename);
        TEST_openssl_errors();
        goto end;
    }
    if ((cacert = PEM_read_bio_X509(bca, NULL, NULL, NULL)) == NULL) {
        TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
                   cacert_filename);
        TEST_openssl_errors();
        goto end;
    }

    ret = test_x509_sig_aid(eecert, eecert_filename, cacert, cacert_filename)
        & test_x509_spki_aid(eecert, eecert_filename)
        & test_x509_spki_aid(cacert, cacert_filename);
 end:
    BIO_free(bee);
    BIO_free(bca);
    X509_free(eecert);
    X509_free(cacert);
    return ret;
}

typedef enum OPTION_choice {
    OPT_ERR = -1,
    OPT_EOF = 0,
    OPT_X509,
    OPT_SPKI,
    OPT_TEST_ENUM
} OPTION_CHOICE;

const OPTIONS *test_get_options(void)
{
    static const OPTIONS test_options[] = {
        OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file...\n"),
        { "x509", OPT_X509, '-', "Test X.509 certificates.  Requires two files" },
        { "spki", OPT_SPKI, '-', "Test public keys in SubjectPublicKeyInfo form.  Requires one file" },
        { OPT_HELP_STR, 1, '-',
          "file...\tFile(s) to run tests on.  All files must be PEM encoded.\n" },
        { NULL }
    };
    return test_options;
}

int setup_tests(void)
{
    OPTION_CHOICE o;
    int n, x509 = 0, spki = 0, testcount = 0;

    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_X509:
            x509 = 1;
            break;
        case OPT_SPKI:
            spki = 1;
            break;
        case OPT_TEST_CASES:
           break;
        default:
        case OPT_ERR:
            return 0;
        }
    }

    /* |testcount| adds all the given test types together */
    testcount = x509 + spki;

    if (testcount < 1)
        BIO_printf(bio_err, "No test type given\n");
    else if (testcount > 1)
        BIO_printf(bio_err, "Only one test type may be given\n");
    if (testcount != 1)
        return 0;

    n = test_get_argument_count();
    if (spki && n == 1) {
        pubkey_filename = test_get_argument(0);
    } else if (x509 && n == 2) {
        eecert_filename = test_get_argument(0);
        cacert_filename = test_get_argument(1);
    }

    if (spki && pubkey_filename == NULL) {
        BIO_printf(bio_err, "Missing -spki argument\n");
        return 0;
    } else if (x509 && (eecert_filename == NULL || cacert_filename == NULL)) {
        BIO_printf(bio_err, "Missing -x509 argument(s)\n");
        return 0;
    }

    if (x509)
        ADD_TEST(test_x509_files);
    if (spki)
        ADD_TEST(test_spki_file);
    return 1;
}
The diff you're trying to view is too large. Only the first 1000 changed files have been loaded.
Showing with 0 additions and 0 deletions (0 / 0 diffs computed)
swh spinner

Computing file changes ...

ENEA — Copyright (C), ENEA. License: GNU AGPLv3+.
Legal notes  ::  JavaScript license information ::  Web API

back to top