[openssl] master update
beldmit at gmail.com
beldmit at gmail.com
Thu Oct 8 15:19:05 UTC 2020
The branch master has been updated
via 13c5ec569ea9286ff18e019fb2d53be64829c62c (commit)
via 947fb813458cd93fdc31f6248f5806d9f4fddff3 (commit)
from 55c61473b52aff9fd5217aec543b3d25beea0531 (commit)
- Log -----------------------------------------------------------------
commit 13c5ec569ea9286ff18e019fb2d53be64829c62c
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Wed Oct 7 13:23:01 2020 +0300
Fix zero-length content verification in S/MIME format
Fixes #13082
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13087)
commit 947fb813458cd93fdc31f6248f5806d9f4fddff3
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Wed Oct 7 13:05:28 2020 +0300
Tests for processing zero-length content in SMIME format
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13087)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_smime.c | 2 +-
crypto/pkcs7/pk7_smime.c | 2 +-
test/recipes/80-test_cms.t | 17 +++++++++++++++++
.../smcont_zero.txt | 0
4 files changed, 19 insertions(+), 2 deletions(-)
copy fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709 => test/smcont_zero.txt (100%)
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index f9a851950f..c8bec75cdd 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -401,7 +401,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
long len;
len = BIO_get_mem_data(dcont, &ptr);
- tmpin = BIO_new_mem_buf(ptr, len);
+ tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len);
if (tmpin == NULL) {
CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
goto err2;
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 5cbc18c63e..e9ae4f3394 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -311,7 +311,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
char *ptr;
long len;
len = BIO_get_mem_data(indata, &ptr);
- tmpin = BIO_new_mem_buf(ptr, len);
+ tmpin = (len == 0) ? indata : BIO_new_mem_buf(ptr, len);
if (tmpin == NULL) {
PKCS7err(0, ERR_R_MALLOC_FAILURE);
goto err;
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 0d086344e7..2cc778624b 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -45,6 +45,7 @@ my $provname = 'default';
my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
my $smdir = srctop_dir("test", "smime-certs");
my $smcont = srctop_file("test", "smcont.txt");
+my $smcont_zero = srctop_file("test", "smcont_zero.txt");
my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
= disabled qw/des dh dsa ec ec2m rc2 zlib/;
@@ -169,6 +170,15 @@ my @smime_pkcs7_tests = (
\&final_compare
],
+ [ "signed zero-length content S/MIME format, RSA key SHA1",
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1",
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&zero_compare
+ ],
+
[ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
"-signer", catfile($smdir, "smrsa1.pem"),
@@ -679,6 +689,13 @@ sub final_compare {
return compare_text($smcont, "$opts{output}.txt") == 0;
}
+sub zero_compare {
+ my %opts = @_;
+
+ diag "Checking for zero-length file";
+ return (-e "$opts{output}.txt" && -z "$opts{output}.txt");
+}
+
subtest "CMS => PKCS#7 compatibility tests\n" => sub {
plan tests => scalar @smime_pkcs7_tests;
diff --git a/fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709 b/test/smcont_zero.txt
similarity index 100%
copy from fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709
copy to test/smcont_zero.txt
More information about the openssl-commits
mailing list