tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

p7_import_unittest.cc (2742B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include "nss.h"
      8 #include "secpkcs7.h"
      9 
     10 #include "gtest/gtest.h"
     11 #include "nss_scoped_ptrs.h"
     12 
     13 namespace nss_test {
     14 
     15 // This is an invalid PKCS7 message. Among other things, it contains some
     16 // unknown hash OIDs. This should fail to parse, but it should be safe to try.
     17 static const uint8_t p7_with_unknown_hashes[] = {
     18    0x30, 0x4d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
     19    0x02, 0xa0, 0x40, 0x30, 0x3e, 0x02, 0x01, 0x20, 0x31, 0x27, 0x30, 0x0b,
     20    0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05, 0x30,
     21    0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05,
     22    0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
     23    0x04, 0x30, 0x10, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
     24    0x07, 0x01, 0xa0, 0x03, 0x04, 0x01, 0x00};
     25 
     26 // This is an invalid PKCS7 message. It contains multiple hash OIDs (that's not
     27 // what makes it invalid). When it fails to parse, the associated digest data
     28 // structures should be freed correctly.
     29 static const uint8_t p7_with_multiple_hashes[] = {
     30    0x30, 0x4d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
     31    0x02, 0xa0, 0x40, 0x30, 0x3e, 0x02, 0x01, 0x20, 0x31, 0x27, 0x30, 0x0b,
     32    0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30,
     33    0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
     34    0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
     35    0x04, 0x30, 0x10, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
     36    0x07, 0x01, 0xa0, 0x03, 0x04, 0x01, 0x00};
     37 
     38 class P7ImportTest : public ::testing::Test {};
     39 
     40 TEST_F(P7ImportTest, FailSafeWithUnknownHashes) {
     41  ScopedSEC_PKCS7DecoderContext dcx(SEC_PKCS7DecoderStart(
     42      nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
     43  ASSERT_TRUE(dcx);
     44  SECStatus rv = SEC_PKCS7DecoderUpdate(
     45      dcx.get(), reinterpret_cast<const char*>(p7_with_unknown_hashes),
     46      sizeof(p7_with_unknown_hashes));
     47  ASSERT_EQ(SECFailure, rv);
     48 }
     49 
     50 TEST_F(P7ImportTest, NoLeakWithMultipleHashes) {
     51  ScopedSEC_PKCS7DecoderContext dcx(SEC_PKCS7DecoderStart(
     52      nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
     53  ASSERT_TRUE(dcx);
     54  SECStatus rv = SEC_PKCS7DecoderUpdate(
     55      dcx.get(), reinterpret_cast<const char*>(p7_with_multiple_hashes),
     56      sizeof(p7_with_multiple_hashes));
     57  ASSERT_EQ(SECFailure, rv);
     58 }
     59 
     60 }  // namespace nss_test