[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue May 8 07:47:50 UTC 2018
The branch master has been updated
via e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (commit)
via 3d551b20df1acd01f80d3ae00d37177e0fdf344a (commit)
from 4ffc1842fa7da63b42da0e9553ebee33e2e173aa (commit)
- Log -----------------------------------------------------------------
commit e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 1 09:32:30 2018 +0100
Add a CMS API test
Previous tests only invoked CMS via the command line app. This test uses
the CMS API directly to do and encrypt and decrypt operation. This test
would have caught the memory leak fixed by the previous commit (when
building with enable-crypto-mdebug).
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6142)
commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 1 09:29:17 2018 +0100
Fix a mem leak in CMS
The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore
memory management passes to OpenSSL. If the same function is called again
then we should ensure that any previous value that was set is freed first
before we set it again.
Fixes #5052
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6142)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_env.c | 1 +
crypto/cms/cms_smime.c | 1 +
test/build.info | 6 +-
test/cmsapitest.c | 93 ++++++++++++++++++++++
.../{90-test_tls13ccs.t => 80-test_cmsapi.t} | 13 ++-
5 files changed, 106 insertions(+), 8 deletions(-)
create mode 100644 test/cmsapitest.c
copy test/recipes/{90-test_tls13ccs.t => 80-test_cmsapi.t} (52%)
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 6ca3be7..7c2d420 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
return 0;
}
+ EVP_PKEY_free(ri->d.ktri->pkey);
ri->d.ktri->pkey = pkey;
return 1;
}
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 7e7b6e5..76883bf 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
* all.
*/
else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+ EVP_PKEY_up_ref(pk);
CMS_RecipientInfo_set0_pkey(ri, pk);
r = CMS_RecipientInfo_decrypt(cms, ri);
CMS_RecipientInfo_set0_pkey(ri, NULL);
diff --git a/test/build.info b/test/build.info
index 1708e94..535c5aa 100644
--- a/test/build.info
+++ b/test/build.info
@@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
recordlentest drbgtest drbg_cavs_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
- sysdefaulttest
+ sysdefaulttest cmsapitest
SOURCE[versions]=versions.c
INCLUDE[versions]=../include
@@ -373,6 +373,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[servername_test]=../include
DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a
+ SOURCE[cmsapitest]=cmsapitest.c
+ INCLUDE[cmsapitest]=../include
+ DEPEND[cmsapitest]=../libcrypto libtestutil.a
+
IF[{- !$disabled{psk} -}]
PROGRAMS_NO_INST=dtls_mtu_test
SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
diff --git a/test/cmsapitest.c b/test/cmsapitest.c
new file mode 100644
index 0000000..a79ae8c
--- /dev/null
+++ b/test/cmsapitest.c
@@ -0,0 +1,93 @@
+#include <string.h>
+
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#include "testutil.h"
+
+static X509 *cert = NULL;
+static EVP_PKEY *privkey = NULL;
+
+static int test_encrypt_decrypt(void)
+{
+ int testresult = 0;
+ STACK_OF(X509) *certstack = sk_X509_new_null();
+ const char *msg = "Hello world";
+ BIO *msgbio = BIO_new_mem_buf(msg, strlen(msg));
+ BIO *outmsgbio = BIO_new(BIO_s_mem());
+ CMS_ContentInfo* content = NULL;
+ char buf[80];
+
+ if (!TEST_ptr(certstack) || !TEST_ptr(msgbio) || !TEST_ptr(outmsgbio))
+ goto end;
+
+ if (!TEST_int_gt(sk_X509_push(certstack, cert), 0))
+ goto end;
+
+ content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT);
+ if (!TEST_ptr(content))
+ goto end;
+
+ if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio,
+ CMS_TEXT)))
+ goto end;
+
+ /* Check we got the message we first started with */
+ if (!TEST_int_eq(BIO_gets(outmsgbio, buf, sizeof(buf)), strlen(msg))
+ || !TEST_int_eq(strcmp(buf, msg), 0))
+ goto end;
+
+ testresult = 1;
+ end:
+ sk_X509_free(certstack);
+ BIO_free(msgbio);
+ BIO_free(outmsgbio);
+ CMS_ContentInfo_free(content);
+
+ return testresult;
+}
+
+int setup_tests(void)
+{
+ char *certin = NULL, *privkeyin = NULL;
+ BIO *certbio = NULL, *privkeybio = NULL;
+
+ if (!TEST_ptr(certin = test_get_argument(0))
+ || !TEST_ptr(privkeyin = test_get_argument(1)))
+ return 0;
+
+ certbio = BIO_new_file(certin, "r");
+ if (!TEST_ptr(certbio))
+ return 0;
+ if (!TEST_true(PEM_read_bio_X509(certbio, &cert, NULL, NULL))) {
+ BIO_free(certbio);
+ return 0;
+ }
+ BIO_free(certbio);
+
+ privkeybio = BIO_new_file(privkeyin, "r");
+ if (!TEST_ptr(privkeybio)) {
+ X509_free(cert);
+ cert = NULL;
+ return 0;
+ }
+ if (!TEST_true(PEM_read_bio_PrivateKey(privkeybio, &privkey, NULL, NULL))) {
+ BIO_free(privkeybio);
+ X509_free(cert);
+ cert = NULL;
+ return 0;
+ }
+ BIO_free(privkeybio);
+
+ ADD_TEST(test_encrypt_decrypt);
+
+ return 1;
+}
+
+void cleanup_tests(void)
+{
+ X509_free(cert);
+ EVP_PKEY_free(privkey);
+}
diff --git a/test/recipes/90-test_tls13ccs.t b/test/recipes/80-test_cmsapi.t
similarity index 52%
copy from test/recipes/90-test_tls13ccs.t
copy to test/recipes/80-test_cmsapi.t
index 2ec28ce..990f8a7 100644
--- a/test/recipes/90-test_tls13ccs.t
+++ b/test/recipes/80-test_cmsapi.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -10,13 +10,12 @@
use OpenSSL::Test::Utils;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
-my $test_name = "test_tls13ccs";
-setup($test_name);
+setup("test_cmsapi");
-plan skip_all => "$test_name is not supported in this build"
- if disabled("tls1_3");
+plan skip_all => "CMS is disabled in this build" if disabled("cms");
plan tests => 1;
-ok(run(test(["tls13ccstest", srctop_file("apps", "server.pem"),
- srctop_file("apps", "server.pem")])), "tls13ccstest");
+ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
+ srctop_file("test", "certs", "serverkey.pem")])),
+ "running cmsapitest");
More information about the openssl-commits
mailing list