[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Sun May 30 22:49:51 UTC 2021
The branch master has been updated
via f505161e62d558b3f8442b264ccbf8112ebd58ef (commit)
from 43dbe3b72de0ba4ebd20e9e6a2c526ef747326ab (commit)
- Log -----------------------------------------------------------------
commit f505161e62d558b3f8442b264ccbf8112ebd58ef
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Fri May 28 11:42:41 2021 +1000
Fix PKCS7_verify to not have an error stack if it succeeds.
Revert a change in behavior to BIO_write(). If a NULL BIO
is passed, no error is raised and the return value is 0. There are
many places where the return code from the write was not checked,
resulting in an error stack with no error status being returned.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15493)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bio_lib.c | 11 +++--
doc/man3/BIO_read.pod | 26 ++++++------
test/build.info | 6 ++-
test/pkcs7_test.c | 103 +++++++++++++++++++++++++++++++++++++++++++++
test/recipes/80-test_cms.t | 4 +-
5 files changed, 132 insertions(+), 18 deletions(-)
create mode 100644 test/pkcs7_test.c
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 91db2290c4..80b81db5c4 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -334,10 +334,13 @@ static int bio_write_intern(BIO *b, const void *data, size_t dlen,
{
int ret;
- if (b == NULL) {
- ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
- return -1;
- }
+ /*
+ * b == NULL is not an error but just means that zero bytes are written.
+ * Do not raise an error here.
+ */
+ if (b == NULL)
+ return 0;
+
if (b->method == NULL || b->method->bwrite == NULL) {
ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
return -2;
diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod
index 6a02a86b6c..d9201ef3b7 100644
--- a/doc/man3/BIO_read.pod
+++ b/doc/man3/BIO_read.pod
@@ -21,19 +21,19 @@ BIO_gets, BIO_get_line, BIO_puts
=head1 DESCRIPTION
-BIO_read_ex() attempts to read B<dlen> bytes from BIO B<b> and places the data
-in B<data>. If any bytes were successfully read then the number of bytes read is
-stored in B<*readbytes>.
+BIO_read_ex() attempts to read I<dlen> bytes from BIO I<b> and places the data
+in I<data>. If any bytes were successfully read then the number of bytes read is
+stored in I<*readbytes>.
-BIO_write_ex() attempts to write B<dlen> bytes from B<data> to BIO B<b>. If
-successful then the number of bytes written is stored in B<*written>.
+BIO_write_ex() attempts to write I<dlen> bytes from I<data> to BIO I<b>. If
+successful then the number of bytes written is stored in I<*written>.
-BIO_read() attempts to read B<len> bytes from BIO B<b> and places
-the data in B<buf>.
+BIO_read() attempts to read I<len> bytes from BIO I<b> and places
+the data in I<buf>.
BIO_gets() performs the BIOs "gets" operation and places the data
-in B<buf>. Usually this operation will attempt to read a line of data
-from the BIO of maximum length B<size-1>. There are exceptions to this,
+in I<buf>. Usually this operation will attempt to read a line of data
+from the BIO of maximum length I<size-1>. There are exceptions to this,
however; for example, BIO_gets() on a digest BIO will calculate and
return the digest and other BIOs may not support BIO_gets() at all.
The returned string is always NUL-terminated and the '\n' is preserved
@@ -42,22 +42,24 @@ On binary input there may be NUL characters within the string;
in this case the return value (if nonnegative) may give an incorrect length.
BIO_get_line() attempts to read from BIO <b> a line of data up to the next '\n'
-or the maximum length B<size-1> is reached and places the data in B<buf>.
+or the maximum length I<size-1> is reached and places the data in I<buf>.
The returned string is always NUL-terminated and the '\n' is preserved
if present in the input data.
On binary input there may be NUL characters within the string;
in this case the return value (if nonnegative) gives the actual length read.
For implementing this, unfortunately the data needs to be read byte-by-byte.
-BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
+BIO_write() attempts to write I<len> bytes from I<buf> to BIO I<b>.
-BIO_puts() attempts to write a NUL-terminated string B<buf> to BIO B<b>.
+BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>.
=head1 RETURN VALUES
BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or
written, and 0 otherwise.
+BIO_write() and BIO_write_ex() return 0 if the BIO I<b> is NULL.
+
BIO_gets() returns -2 if the "gets" operation is not implemented by the BIO
or -1 on other errors.
Otherwise it typically returns the amount of data read,
diff --git a/test/build.info b/test/build.info
index f91f7a49f5..b2e8e8507a 100644
--- a/test/build.info
+++ b/test/build.info
@@ -56,7 +56,7 @@ IF[{- !$disabled{tests} -}]
sysdefaulttest errtest ssl_ctx_test gosttest \
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
- bio_readbuffer_test user_property_test
+ bio_readbuffer_test user_property_test pkcs7_test
IF[{- !$disabled{'deprecated-3.0'} -}]
PROGRAMS{noinst}=enginetest
@@ -255,6 +255,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[pkcs12_format_test]=../include ../apps/include
DEPEND[pkcs12_format_test]=../libcrypto libtestutil.a
+ SOURCE[pkcs7_test]=pkcs7_test.c
+ INCLUDE[pkcs7_test]=../include ../apps/include
+ DEPEND[pkcs7_test]=../libcrypto libtestutil.a
+
SOURCE[stack_test]=stack_test.c
INCLUDE[stack_test]=../include ../apps/include
DEPEND[stack_test]=../libcrypto libtestutil.a
diff --git a/test/pkcs7_test.c b/test/pkcs7_test.c
new file mode 100644
index 0000000000..c30bf0eabc
--- /dev/null
+++ b/test/pkcs7_test.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include "internal/nelem.h"
+#include "testutil.h"
+
+#ifndef OPENSSL_NO_EC
+static const unsigned char cert_der[] = {
+ 0x30, 0x82, 0x01, 0x51, 0x30, 0x81, 0xf7, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x02, 0x03, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
+ 0x3d, 0x04, 0x03, 0x02, 0x30, 0x27, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f,
+ 0x67, 0x72, 0x61, 0x70, 0x68, 0x79, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17,
+ 0x0d, 0x31, 0x37, 0x30, 0x31, 0x30, 0x31, 0x31, 0x32, 0x30, 0x31, 0x30,
+ 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x38, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38,
+ 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x27, 0x31, 0x0b, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x18, 0x30, 0x16,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x63, 0x72, 0x79, 0x70, 0x74,
+ 0x6f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x79, 0x20, 0x43, 0x41, 0x30, 0x59,
+ 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
+ 0x04, 0x18, 0xff, 0xcf, 0xbb, 0xf9, 0x39, 0xb8, 0xf5, 0xdd, 0xc3, 0xee,
+ 0xc0, 0x40, 0x8b, 0x06, 0x75, 0x06, 0xab, 0x4f, 0xcd, 0xd8, 0x2c, 0x52,
+ 0x24, 0x4e, 0x1f, 0xe0, 0x10, 0x46, 0x67, 0xb5, 0x5f, 0x15, 0xb9, 0x62,
+ 0xbd, 0x3b, 0xcf, 0x0c, 0x6f, 0xbe, 0x1a, 0xf7, 0xb4, 0xa1, 0x0f, 0xb4,
+ 0xb9, 0xcb, 0x6e, 0x86, 0xb3, 0x50, 0xf9, 0x6c, 0x51, 0xbf, 0xc1, 0x82,
+ 0xd7, 0xbe, 0xc5, 0xf9, 0x05, 0xa3, 0x13, 0x30, 0x11, 0x30, 0x0f, 0x06,
+ 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
+ 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xd1, 0x12,
+ 0xef, 0x8d, 0x97, 0x5a, 0x6e, 0xb8, 0xb6, 0x41, 0xa7, 0xcf, 0xc0, 0xe7,
+ 0xa4, 0x6e, 0xae, 0xda, 0x51, 0xe4, 0x64, 0x54, 0x2b, 0xde, 0x86, 0x95,
+ 0xbc, 0xf7, 0x1e, 0x9a, 0xf9, 0x5b, 0x02, 0x21, 0x00, 0xd1, 0x61, 0x86,
+ 0xce, 0x66, 0x31, 0xe4, 0x2f, 0x54, 0xbd, 0xf5, 0xc8, 0x2b, 0xb3, 0x44,
+ 0xce, 0x24, 0xf8, 0xa5, 0x0b, 0x72, 0x11, 0x21, 0x34, 0xb9, 0x15, 0x4a,
+ 0x5f, 0x0e, 0x27, 0x32, 0xa9
+};
+
+static int pkcs7_verify_test(void)
+{
+ int ret = 0;
+ size_t i;
+ BIO *msg_bio = NULL, *x509_bio = NULL, *bio = NULL;
+ X509 *cert = NULL;
+ X509_STORE *store = NULL;
+ PKCS7 *p7 = NULL;
+ const char *sig[] = {
+ "MIME-Version: 1.0\nContent-Type: multipart/signed; protocol=\"application/x-pkcs7-signature\"; micalg=\"sha-256\"; boundary=\"----9B5319FF2E4428B17CD26B69294E7F31\"\n\n",
+ "This is an S/MIME signed message\n\n------9B5319FF2E4428B17CD26B69294E7F31\n",
+ "Content-Type: text/plain\r\n\r\nhello world\n------9B5319FF2E4428B17CD26B69294E7F31\n",
+ "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n",
+ "Content-Transfer-Encoding: base64\nContent-Disposition: attachment; filename=\"smime.p7s\"\n\n",
+ "MIIDEgYJKoZIhvcNAQcCoIIDAzCCAv8CAQExDzANBglghkgBZQMEAgEFADALBgkq\nhkiG9w0BBwGgggFVMIIBUTCB96ADAgECAgIDCTAKBggqhkjOPQQDAjAnMQswCQYD\nVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5IENBMB4XDTE3MDEwMTEyMDEw\nMFoXDTM4MTIzMTA4MzAwMFowJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0\nb2dyYXBoeSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBj/z7v5Obj13cPu\nwECLBnUGq0/N2CxSJE4f4BBGZ7VfFblivTvPDG++Gve0oQ+0uctuhrNQ+WxRv8GC\n",
+ "177F+QWjEzARMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANES\n742XWm64tkGnz8DnpG6u2lHkZFQr3oaVvPcemvlbAiEA0WGGzmYx5C9UvfXIK7NE\nziT4pQtyESE0uRVKXw4nMqkxggGBMIIBfQIBATAtMCcxCzAJBgNVBAYTAlVTMRgw\nFgYDVQQDDA9jcnlwdG9ncmFwaHkgQ0ECAgMJMA0GCWCGSAFlAwQCAQUAoIHkMBgG\nCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDUyMDE4\nNTA0OVowLwYJKoZIhvcNAQkEMSIEIOdwMRgQrqcnmMYvag+BVvErcc6bwUXI94Ds\n",
+ "QkiyIU9pMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQB\nFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG\nSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEcw\nRQIhANYMJku1fW9T1MIEcAyREArz9kXCY4tWck5Pt0xzrYhaAiBDSP6e43zj4YtI\nuvQW+Lzv+dNF8EPuhgoPNe17RuUSLw==\n\n------9B5319FF2E4428B17CD26B69294E7F31--\n\n"
+ };
+ const char *signed_data = "Content-Type: text/plain\r\n\r\nhello world";
+
+ if (!TEST_ptr(bio = BIO_new(BIO_s_mem())))
+ goto end;
+ for (i = 0; i < OSSL_NELEM(sig); ++i)
+ BIO_puts(bio, sig[i]);
+
+ ret = TEST_ptr(msg_bio = BIO_new_mem_buf(signed_data, strlen(signed_data)))
+ && TEST_ptr(x509_bio = BIO_new_mem_buf(cert_der, sizeof(cert_der)))
+ && TEST_ptr(cert = d2i_X509_bio(x509_bio, NULL))
+ && TEST_int_eq(ERR_peek_error(), 0)
+ && TEST_ptr(store = X509_STORE_new())
+ && TEST_true(X509_STORE_add_cert(store, cert))
+ && TEST_ptr(p7 = SMIME_read_PKCS7(bio, NULL))
+ && TEST_int_eq(ERR_peek_error(), 0)
+ && TEST_true(PKCS7_verify(p7, NULL, store, msg_bio, NULL, PKCS7_TEXT))
+ && TEST_int_eq(ERR_peek_error(), 0);
+end:
+ X509_STORE_free(store);
+ X509_free(cert);
+ PKCS7_free(p7);
+ BIO_free(msg_bio);
+ BIO_free(x509_bio);
+ BIO_free(bio);
+ return ret;
+}
+#endif /* OPENSSL_NO_EC */
+
+int setup_tests(void)
+{
+#ifndef OPENSSL_NO_EC
+ ADD_TEST(pkcs7_verify_test);
+#endif /* OPENSSL_NO_EC */
+ return 1;
+}
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 193c738a5d..1264726047 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -50,7 +50,9 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
$no_rc2 = 1 if disabled("legacy");
-plan tests => 11;
+plan tests => 12;
+
+ok(run(test(["pkcs7_test"])), "test pkcs7");
unless ($no_fips) {
@config = ( "-config", srctop_file("test", "fips-and-base.cnf") );
More information about the openssl-commits
mailing list