The branch master has been updated via e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (commit) via 3d551b20df1acd01f80d3ae00d37177e0fdf344a (commit) from 4ffc1842fa7da63b42da0e9553ebee33e2e173aa (commit)
- Log ----------------------------------------------------------------- commit e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 Author: Matt Caswell <m...@openssl.org> Date: Tue May 1 09:32:30 2018 +0100 Add a CMS API test Previous tests only invoked CMS via the command line app. This test uses the CMS API directly to do and encrypt and decrypt operation. This test would have caught the memory leak fixed by the previous commit (when building with enable-crypto-mdebug). Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6142) commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a Author: Matt Caswell <m...@openssl.org> Date: Tue May 1 09:29:17 2018 +0100 Fix a mem leak in CMS The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6142) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_env.c | 1 + crypto/cms/cms_smime.c | 1 + test/build.info | 6 +- test/cmsapitest.c | 93 ++++++++++++++++++++++ .../{90-test_tls13ccs.t => 80-test_cmsapi.t} | 13 ++- 5 files changed, 106 insertions(+), 8 deletions(-) create mode 100644 test/cmsapitest.c copy test/recipes/{90-test_tls13ccs.t => 80-test_cmsapi.t} (52%) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 6ca3be7..7c2d420 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } + EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7e7b6e5..76883bf 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { + EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); diff --git a/test/build.info b/test/build.info index 1708e94..535c5aa 100644 --- a/test/build.info +++ b/test/build.info @@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ - sysdefaulttest + sysdefaulttest cmsapitest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -373,6 +373,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[servername_test]=../include DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a + SOURCE[cmsapitest]=cmsapitest.c + INCLUDE[cmsapitest]=../include + DEPEND[cmsapitest]=../libcrypto libtestutil.a + IF[{- !$disabled{psk} -}] PROGRAMS_NO_INST=dtls_mtu_test SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c diff --git a/test/cmsapitest.c b/test/cmsapitest.c new file mode 100644 index 0000000..a79ae8c --- /dev/null +++ b/test/cmsapitest.c @@ -0,0 +1,93 @@ +#include <string.h> + +#include <openssl/cms.h> +#include <openssl/bio.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#include "testutil.h" + +static X509 *cert = NULL; +static EVP_PKEY *privkey = NULL; + +static int test_encrypt_decrypt(void) +{ + int testresult = 0; + STACK_OF(X509) *certstack = sk_X509_new_null(); + const char *msg = "Hello world"; + BIO *msgbio = BIO_new_mem_buf(msg, strlen(msg)); + BIO *outmsgbio = BIO_new(BIO_s_mem()); + CMS_ContentInfo* content = NULL; + char buf[80]; + + if (!TEST_ptr(certstack) || !TEST_ptr(msgbio) || !TEST_ptr(outmsgbio)) + goto end; + + if (!TEST_int_gt(sk_X509_push(certstack, cert), 0)) + goto end; + + content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); + if (!TEST_ptr(content)) + goto end; + + if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, + CMS_TEXT))) + goto end; + + /* Check we got the message we first started with */ + if (!TEST_int_eq(BIO_gets(outmsgbio, buf, sizeof(buf)), strlen(msg)) + || !TEST_int_eq(strcmp(buf, msg), 0)) + goto end; + + testresult = 1; + end: + sk_X509_free(certstack); + BIO_free(msgbio); + BIO_free(outmsgbio); + CMS_ContentInfo_free(content); + + return testresult; +} + +int setup_tests(void) +{ + char *certin = NULL, *privkeyin = NULL; + BIO *certbio = NULL, *privkeybio = NULL; + + if (!TEST_ptr(certin = test_get_argument(0)) + || !TEST_ptr(privkeyin = test_get_argument(1))) + return 0; + + certbio = BIO_new_file(certin, "r"); + if (!TEST_ptr(certbio)) + return 0; + if (!TEST_true(PEM_read_bio_X509(certbio, &cert, NULL, NULL))) { + BIO_free(certbio); + return 0; + } + BIO_free(certbio); + + privkeybio = BIO_new_file(privkeyin, "r"); + if (!TEST_ptr(privkeybio)) { + X509_free(cert); + cert = NULL; + return 0; + } + if (!TEST_true(PEM_read_bio_PrivateKey(privkeybio, &privkey, NULL, NULL))) { + BIO_free(privkeybio); + X509_free(cert); + cert = NULL; + return 0; + } + BIO_free(privkeybio); + + ADD_TEST(test_encrypt_decrypt); + + return 1; +} + +void cleanup_tests(void) +{ + X509_free(cert); + EVP_PKEY_free(privkey); +} diff --git a/test/recipes/90-test_tls13ccs.t b/test/recipes/80-test_cmsapi.t similarity index 52% copy from test/recipes/90-test_tls13ccs.t copy to test/recipes/80-test_cmsapi.t index 2ec28ce..990f8a7 100644 --- a/test/recipes/90-test_tls13ccs.t +++ b/test/recipes/80-test_cmsapi.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,13 +10,12 @@ use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; -my $test_name = "test_tls13ccs"; -setup($test_name); +setup("test_cmsapi"); -plan skip_all => "$test_name is not supported in this build" - if disabled("tls1_3"); +plan skip_all => "CMS is disabled in this build" if disabled("cms"); plan tests => 1; -ok(run(test(["tls13ccstest", srctop_file("apps", "server.pem"), - srctop_file("apps", "server.pem")])), "tls13ccstest"); +ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), + srctop_file("test", "certs", "serverkey.pem")])), + "running cmsapitest"); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits