Revision 098f27f9ef8be2a418f76896ee3c824e8709fcf7 authored by Matt Caswell on 17 October 2023, 13:55:48 UTC, committed by Tomas Mraz on 19 October 2023, 09:54:44 UTC
If the CC TX allowance is zero then we cannot send a PING frame at the moment, so do not take into account the ping deadline when calculating the tick deadline in that case. This avoids the hang found by the fuzzer mentioned in https://github.com/openssl/openssl/pull/22368#issuecomment-1765131727 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22410)
1 parent 56e3032
pkcs12_api_test.c
/*
* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "internal/nelem.h"
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include "testutil.h"
#include "helpers/pkcs12.h"
static OSSL_LIB_CTX *testctx = NULL;
static OSSL_PROVIDER *nullprov = NULL;
static int test_null_args(void)
{
return TEST_false(PKCS12_parse(NULL, NULL, NULL, NULL, NULL));
}
static PKCS12 *PKCS12_load(const char *fpath)
{
BIO *bio = NULL;
PKCS12 *p12 = NULL;
bio = BIO_new_file(fpath, "rb");
if (!TEST_ptr(bio))
goto err;
p12 = PKCS12_init_ex(NID_pkcs7_data, testctx, "provider=default");
if (!TEST_ptr(p12))
goto err;
if (!TEST_true(p12 == d2i_PKCS12_bio(bio, &p12)))
goto err;
BIO_free(bio);
return p12;
err:
BIO_free(bio);
PKCS12_free(p12);
return NULL;
}
static const char *in_file = NULL;
static const char *in_pass = "";
static int has_key = 0;
static int has_cert = 0;
static int has_ca = 0;
static int changepass(PKCS12 *p12, EVP_PKEY *key, X509 *cert, STACK_OF(X509) *ca)
{
int ret = 0;
PKCS12 *p12new = NULL;
EVP_PKEY *key2 = NULL;
X509 *cert2 = NULL;
STACK_OF(X509) *ca2 = NULL;
BIO *bio = NULL;
if (!TEST_true(PKCS12_newpass(p12, in_pass, "NEWPASS")))
goto err;
if (!TEST_ptr(bio = BIO_new(BIO_s_mem())))
goto err;
if (!TEST_true(i2d_PKCS12_bio(bio, p12)))
goto err;
if (!TEST_ptr(p12new = PKCS12_init_ex(NID_pkcs7_data, testctx, "provider=default")))
goto err;
if (!TEST_ptr(d2i_PKCS12_bio(bio, &p12new)))
goto err;
if (!TEST_true(PKCS12_parse(p12new, "NEWPASS", &key2, &cert2, &ca2)))
goto err;
if (has_key) {
if (!TEST_ptr(key2) || !TEST_int_eq(EVP_PKEY_eq(key, key2), 1))
goto err;
}
if (has_cert) {
if (!TEST_ptr(cert2) || !TEST_int_eq(X509_cmp(cert, cert2), 0))
goto err;
}
ret = 1;
err:
BIO_free(bio);
PKCS12_free(p12new);
EVP_PKEY_free(key2);
X509_free(cert2);
OSSL_STACK_OF_X509_free(ca2);
return ret;
}
static int pkcs12_parse_test(void)
{
int ret = 0;
PKCS12 *p12 = NULL;
EVP_PKEY *key = NULL;
X509 *cert = NULL;
STACK_OF(X509) *ca = NULL;
if (in_file != NULL) {
p12 = PKCS12_load(in_file);
if (!TEST_ptr(p12))
goto err;
if (!TEST_true(PKCS12_parse(p12, in_pass, &key, &cert, &ca)))
goto err;
if ((has_key && !TEST_ptr(key)) || (!has_key && !TEST_ptr_null(key)))
goto err;
if ((has_cert && !TEST_ptr(cert)) || (!has_cert && !TEST_ptr_null(cert)))
goto err;
if ((has_ca && !TEST_ptr(ca)) || (!has_ca && !TEST_ptr_null(ca)))
goto err;
if (has_key && !changepass(p12, key, cert, ca))
goto err;
}
ret = 1;
err:
PKCS12_free(p12);
EVP_PKEY_free(key);
X509_free(cert);
OSSL_STACK_OF_X509_free(ca);
return TEST_true(ret);
}
static int pkcs12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg)
{
int cb_ret = *((int*)cbarg);
return cb_ret;
}
static PKCS12 *pkcs12_create_ex2_setup(EVP_PKEY **key, X509 **cert, STACK_OF(X509) **ca)
{
PKCS12 *p12 = NULL;
p12 = PKCS12_load("out6.p12");
if (!TEST_ptr(p12))
goto err;
if (!TEST_true(PKCS12_parse(p12, "", key, cert, ca)))
goto err;
return p12;
err:
PKCS12_free(p12);
return NULL;
}
static int pkcs12_create_ex2_test(int test)
{
int ret = 0, cb_ret = 0;
PKCS12 *ptr = NULL, *p12 = NULL;
EVP_PKEY *key = NULL;
X509 *cert = NULL;
STACK_OF(X509) *ca = NULL;
p12 = pkcs12_create_ex2_setup(&key, &cert, &ca);
if (!TEST_ptr(p12))
goto err;
if (test == 0) {
/* Confirm PKCS12_create_ex2 returns NULL */
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
NULL, NULL, NID_undef, NID_undef,
0, 0, 0,
testctx, NULL,
NULL, NULL);
if (TEST_ptr(ptr))
goto err;
/* Can't proceed without a valid cert at least */
if (!TEST_ptr(cert))
goto err;
/* Specified call back called - return success */
cb_ret = 1;
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
cert, NULL, NID_undef, NID_undef,
0, 0, 0,
testctx, NULL,
pkcs12_create_cb, (void*)&cb_ret);
/* PKCS12 successfully created */
if (!TEST_ptr(ptr))
goto err;
} else if (test == 1) {
/* Specified call back called - return error*/
cb_ret = -1;
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
cert, NULL, NID_undef, NID_undef,
0, 0, 0,
testctx, NULL,
pkcs12_create_cb, (void*)&cb_ret);
/* PKCS12 not created */
if (TEST_ptr(ptr))
goto err;
} else if (test == 2) {
/* Specified call back called - return failure */
cb_ret = 0;
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
cert, NULL, NID_undef, NID_undef,
0, 0, 0,
testctx, NULL,
pkcs12_create_cb, (void*)&cb_ret);
/* PKCS12 successfully created */
if (!TEST_ptr(ptr))
goto err;
}
ret = 1;
err:
PKCS12_free(p12);
PKCS12_free(ptr);
EVP_PKEY_free(key);
X509_free(cert);
OSSL_STACK_OF_X509_free(ca);
return TEST_true(ret);
}
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_IN_FILE,
OPT_IN_PASS,
OPT_IN_HAS_KEY,
OPT_IN_HAS_CERT,
OPT_IN_HAS_CA,
OPT_LEGACY,
OPT_TEST_ENUM
} OPTION_CHOICE;
const OPTIONS *test_get_options(void)
{
static const OPTIONS options[] = {
OPT_TEST_OPTIONS_DEFAULT_USAGE,
{ "in", OPT_IN_FILE, '<', "PKCS12 input file" },
{ "pass", OPT_IN_PASS, 's', "PKCS12 input file password" },
{ "has-key", OPT_IN_HAS_KEY, 'n', "Whether the input file does contain an user key" },
{ "has-cert", OPT_IN_HAS_CERT, 'n', "Whether the input file does contain an user certificate" },
{ "has-ca", OPT_IN_HAS_CA, 'n', "Whether the input file does contain other certificate" },
{ "legacy", OPT_LEGACY, '-', "Test the legacy APIs" },
{ NULL }
};
return options;
}
int setup_tests(void)
{
OPTION_CHOICE o;
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_IN_FILE:
in_file = opt_arg();
break;
case OPT_IN_PASS:
in_pass = opt_arg();
break;
case OPT_LEGACY:
break;
case OPT_IN_HAS_KEY:
has_key = opt_int_arg();
break;
case OPT_IN_HAS_CERT:
has_cert = opt_int_arg();
break;
case OPT_IN_HAS_CA:
has_ca = opt_int_arg();
break;
case OPT_TEST_CASES:
break;
default:
return 0;
}
}
if (!test_get_libctx(&testctx, &nullprov, NULL, NULL, NULL)) {
OSSL_LIB_CTX_free(testctx);
testctx = NULL;
return 0;
}
ADD_TEST(test_null_args);
ADD_TEST(pkcs12_parse_test);
ADD_ALL_TESTS(pkcs12_create_ex2_test, 3);
return 1;
}
void cleanup_tests(void)
{
OSSL_LIB_CTX_free(testctx);
OSSL_PROVIDER_unload(nullprov);
}
Computing file changes ...
