firefox-main/security/nss/gtests/der_gtest/p7_import_unittest.cc

Source code

Revision control

Copy as Markdown

Other Tools

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nss.h"
#include "secpkcs7.h"
#include "gtest/gtest.h"
#include "nss_scoped_ptrs.h"
namespace nss_test {
// This is an invalid PKCS7 message. Among other things, it contains some
// unknown hash OIDs. This should fail to parse, but it should be safe to try.
static const uint8_t p7_with_unknown_hashes[] = {
0x30, 0x4d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
0x02, 0xa0, 0x40, 0x30, 0x3e, 0x02, 0x01, 0x20, 0x31, 0x27, 0x30, 0x0b,
0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05, 0x30,
0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05,
0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x04, 0x30, 0x10, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x07, 0x01, 0xa0, 0x03, 0x04, 0x01, 0x00};
// This is an invalid PKCS7 message. It contains multiple hash OIDs (that's not
// what makes it invalid). When it fails to parse, the associated digest data
// structures should be freed correctly.
static const uint8_t p7_with_multiple_hashes[] = {
0x30, 0x4d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
0x02, 0xa0, 0x40, 0x30, 0x3e, 0x02, 0x01, 0x20, 0x31, 0x27, 0x30, 0x0b,
0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30,
0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x04, 0x30, 0x10, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x07, 0x01, 0xa0, 0x03, 0x04, 0x01, 0x00};
class P7ImportTest : public ::testing::Test {};
TEST_F(P7ImportTest, FailSafeWithUnknownHashes) {
ScopedSEC_PKCS7DecoderContext dcx(SEC_PKCS7DecoderStart(
nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
ASSERT_TRUE(dcx);
SECStatus rv = SEC_PKCS7DecoderUpdate(
dcx.get(), reinterpret_cast<const char*>(p7_with_unknown_hashes),
sizeof(p7_with_unknown_hashes));
ASSERT_EQ(SECFailure, rv);
}
TEST_F(P7ImportTest, NoLeakWithMultipleHashes) {
ScopedSEC_PKCS7DecoderContext dcx(SEC_PKCS7DecoderStart(
nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
ASSERT_TRUE(dcx);
SECStatus rv = SEC_PKCS7DecoderUpdate(
dcx.get(), reinterpret_cast<const char*>(p7_with_multiple_hashes),
sizeof(p7_with_multiple_hashes));
ASSERT_EQ(SECFailure, rv);
}
} // namespace nss_test