Merge commit '1381d5ebd2ab1f292848d5b19b80cf71ac332508' into internal-merge-8.0-2024-02-13-1022

vseanreesermsft · vseanreesermsft · commit 8a1649e1a968 · 2024-02-13T10:23:05.000-08:00
diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs
@@ -591,6 +591,12 @@ public static void UseAfterDispose()
             }
         }
 
+        [Fact]
+        public static void EmptyPkcs7ThrowsException()
+        {
+            Assert.ThrowsAny<CryptographicException>(() => new X509Certificate2(TestData.EmptyPkcs7));
+        }
+
         [Fact]
         public static void ExportPublicKeyAsPkcs12()
         {
diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/TestData.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/TestData.cs
@@ -4273,5 +4273,7 @@ internal static DSAParameters GetDSA1024Params()
             "C0CC2B115B9D33BD6E528E35670E5A6A8D9CF52199F8D693315C60D9ADAD54EF7FDCED36" +
             "0C8C79E84D42AB5CB6355A70951B1ABF1F2B3FB8BEB7E3A8D6BA2293C0DB8C86B0BB060F" +
             "0D6DB9939E88B998662A27F092634BBF21F58EEAAA").HexToByteArray();
+
+        internal static readonly byte[] EmptyPkcs7 = "300B06092A864886F70D010702".HexToByteArray();
     }
 }
diff --git a/src/native/libs/System.Security.Cryptography.Native/apibridge.c b/src/native/libs/System.Security.Cryptography.Native/apibridge.c
@@ -112,7 +112,7 @@ int32_t local_X509_get_version(const X509* x509)
 
 X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)
 {
-    if (x509)
+    if (x509 && x509->cert_info)
     {
         return x509->cert_info->key;
     }
@@ -123,13 +123,28 @@ X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)
 int32_t local_X509_PUBKEY_get0_param(
     ASN1_OBJECT** palgOid, const uint8_t** pkeyBytes, int* pkeyBytesLen, X509_ALGOR** palg, X509_PUBKEY* pubkey)
 {
+    if (!pubkey)
+    {
+        return 0;
+    }
+
     if (palgOid)
     {
+        if (!pubkey->algor)
+        {
+            return 0;
+        }
+
         *palgOid = pubkey->algor->algorithm;
     }
 
     if (pkeyBytes)
     {
+        if (!pubkey->public_key)
+        {
+            return 0;
+        }
+
         *pkeyBytes = pubkey->public_key->data;
         *pkeyBytesLen = pubkey->public_key->length;
     }
diff --git a/src/native/libs/System.Security.Cryptography.Native/openssl.c b/src/native/libs/System.Security.Cryptography.Native/openssl.c
@@ -669,6 +669,11 @@ BIO* CryptoNative_GetX509NameInfo(X509* x509, int32_t nameType, int32_t forIssue
                                     0 == strncmp(localOid, szOidUpn, sizeof(szOidUpn)))
                                 {
                                     // OTHERNAME->ASN1_TYPE->union.field
+                                    if (!value->value)
+                                    {
+                                        return NULL;
+                                    }
+
                                     str = value->value->value.asn1_string;
                                 }
                             }
diff --git a/src/native/libs/System.Security.Cryptography.Native/pal_pkcs7.c b/src/native/libs/System.Security.Cryptography.Native/pal_pkcs7.c
@@ -53,9 +53,19 @@ int32_t CryptoNative_GetPkcs7Certificates(PKCS7* p7, X509Stack** certs)
     switch (OBJ_obj2nid(p7->type))
     {
         case NID_pkcs7_signed:
+            if (!p7->d.sign)
+            {
+                return 0;
+            }
+
             *certs = p7->d.sign->cert;
             return 1;
         case NID_pkcs7_signedAndEnveloped:
+            if (!p7->d.signed_and_enveloped)
+            {
+                return 0;
+            }
+
             *certs = p7->d.signed_and_enveloped->cert;
             return 1;
     }

Original file line number	Diff line number	Diff line change
`@@ -591,6 +591,12 @@ public static void UseAfterDispose()`
`591`	`591`	`}`
`592`	`592`	`}`
`593`	`593`
	`594`	`+ [Fact]`
	`595`	`+ public static void EmptyPkcs7ThrowsException()`
	`596`	`+ {`
	`597`	`+ Assert.ThrowsAny<CryptographicException>(() => new X509Certificate2(TestData.EmptyPkcs7));`
	`598`	`+ }`
	`599`	`+`
`594`	`600`	`[Fact]`
`595`	`601`	`public static void ExportPublicKeyAsPkcs12()`
`596`	`602`	`{`
Original file line number	Diff line number	Diff line change
`@@ -4273,5 +4273,7 @@ internal static DSAParameters GetDSA1024Params()`
`4273`	`4273`	`"C0CC2B115B9D33BD6E528E35670E5A6A8D9CF52199F8D693315C60D9ADAD54EF7FDCED36" +`
`4274`	`4274`	`"0C8C79E84D42AB5CB6355A70951B1ABF1F2B3FB8BEB7E3A8D6BA2293C0DB8C86B0BB060F" +`
`4275`	`4275`	`"0D6DB9939E88B998662A27F092634BBF21F58EEAAA").HexToByteArray();`
	`4276`	`+`
	`4277`	`+ internal static readonly byte[] EmptyPkcs7 = "300B06092A864886F70D010702".HexToByteArray();`
`4276`	`4278`	`}`
`4277`	`4279`	`}`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ int32_t local_X509_get_version(const X509* x509)`
`112`	`112`
`113`	`113`	`X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)`
`114`	`114`	`{`
`115`		`- if (x509)`
	`115`	`+ if (x509 && x509->cert_info)`
`116`	`116`	`{`
`117`	`117`	`return x509->cert_info->key;`
`118`	`118`	`}`
`@@ -123,13 +123,28 @@ X509_PUBKEY* local_X509_get_X509_PUBKEY(const X509* x509)`
`123`	`123`	`int32_t local_X509_PUBKEY_get0_param(`
`124`	`124`	`ASN1_OBJECT palgOid, const uint8_t pkeyBytes, int* pkeyBytesLen, X509_ALGOR** palg, X509_PUBKEY* pubkey)`
`125`	`125`	`{`
	`126`	`+ if (!pubkey)`
	`127`	`+ {`
	`128`	`+ return 0;`
	`129`	`+ }`
	`130`	`+`
`126`	`131`	`if (palgOid)`
`127`	`132`	`{`
	`133`	`+ if (!pubkey->algor)`
	`134`	`+ {`
	`135`	`+ return 0;`
	`136`	`+ }`
	`137`	`+`
`128`	`138`	`*palgOid = pubkey->algor->algorithm;`
`129`	`139`	`}`
`130`	`140`
`131`	`141`	`if (pkeyBytes)`
`132`	`142`	`{`
	`143`	`+ if (!pubkey->public_key)`
	`144`	`+ {`
	`145`	`+ return 0;`
	`146`	`+ }`
	`147`	`+`
`133`	`148`	`*pkeyBytes = pubkey->public_key->data;`
`134`	`149`	`*pkeyBytesLen = pubkey->public_key->length;`
`135`	`150`	`}`
Original file line number	Diff line number	Diff line change
`@@ -669,6 +669,11 @@ BIO* CryptoNative_GetX509NameInfo(X509* x509, int32_t nameType, int32_t forIssue`
`669`	`669`	`0 == strncmp(localOid, szOidUpn, sizeof(szOidUpn)))`
`670`	`670`	`{`
`671`	`671`	`// OTHERNAME->ASN1_TYPE->union.field`
	`672`	`+ if (!value->value)`
	`673`	`+ {`
	`674`	`+ return NULL;`
	`675`	`+ }`
	`676`	`+`
`672`	`677`	`str = value->value->value.asn1_string;`
`673`	`678`	`}`
`674`	`679`	`}`