1 files changed, 55 insertions, 25 deletions

diff --git a/crypto/openssl/test/pkcs12_api_test.c b/crypto/openssl/test/pkcs12_api_test.c
index 5afef5a16ad3..147d65bd665a 100644
--- a/crypto/openssl/test/pkcs12_api_test.c
+++ b/crypto/openssl/test/pkcs12_api_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -136,7 +136,7 @@ err:
 
 static int pkcs12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg)
 {
-    int cb_ret = *((int*)cbarg);
+    int cb_ret = *((int *)cbarg);
     return cb_ret;
 }
 
@@ -171,10 +171,10 @@ static int pkcs12_create_ex2_test(int test)
     if (test == 0) {
         /* Confirm PKCS12_create_ex2 returns NULL */
         ptr = PKCS12_create_ex2(NULL, NULL, NULL,
-                                NULL, NULL, NID_undef, NID_undef,
-                                0, 0, 0,
-                                testctx, NULL,
-                                NULL, NULL);
+            NULL, NULL, NID_undef, NID_undef,
+            0, 0, 0,
+            testctx, NULL,
+            NULL, NULL);
         if (TEST_ptr(ptr))
             goto err;
 
@@ -185,10 +185,10 @@ static int pkcs12_create_ex2_test(int test)
         /* Specified call back called - return success */
         cb_ret = 1;
         ptr = PKCS12_create_ex2(NULL, NULL, NULL,
-                                cert, NULL, NID_undef, NID_undef,
-                                0, 0, 0,
-                                testctx, NULL,
-                                pkcs12_create_cb, (void*)&cb_ret);
+            cert, NULL, NID_undef, NID_undef,
+            0, 0, 0,
+            testctx, NULL,
+            pkcs12_create_cb, (void *)&cb_ret);
         /* PKCS12 successfully created */
         if (!TEST_ptr(ptr))
             goto err;
@@ -196,21 +196,21 @@ static int pkcs12_create_ex2_test(int test)
         /* Specified call back called - return error*/
         cb_ret = -1;
         ptr = PKCS12_create_ex2(NULL, NULL, NULL,
-                                cert, NULL, NID_undef, NID_undef,
-                                0, 0, 0,
-                                testctx, NULL,
-                                pkcs12_create_cb, (void*)&cb_ret);
+            cert, NULL, NID_undef, NID_undef,
+            0, 0, 0,
+            testctx, NULL,
+            pkcs12_create_cb, (void *)&cb_ret);
         /* PKCS12 not created */
-       if (TEST_ptr(ptr))
+        if (TEST_ptr(ptr))
             goto err;
     } else if (test == 2) {
         /* Specified call back called - return failure */
         cb_ret = 0;
         ptr = PKCS12_create_ex2(NULL, NULL, NULL,
-                                cert, NULL, NID_undef, NID_undef,
-                                0, 0, 0,
-                                testctx, NULL,
-                                pkcs12_create_cb, (void*)&cb_ret);
+            cert, NULL, NID_undef, NID_undef,
+            0, 0, 0,
+            testctx, NULL,
+            pkcs12_create_cb, (void *)&cb_ret);
         /* PKCS12 successfully created */
         if (!TEST_ptr(ptr))
             goto err;
@@ -242,17 +242,46 @@ const OPTIONS *test_get_options(void)
 {
     static const OPTIONS options[] = {
         OPT_TEST_OPTIONS_DEFAULT_USAGE,
-        { "in",   OPT_IN_FILE,   '<', "PKCS12 input file" },
-        { "pass",   OPT_IN_PASS,   's', "PKCS12 input file password" },
-        { "has-key",   OPT_IN_HAS_KEY,  'n', "Whether the input file does contain an user key" },
-        { "has-cert",   OPT_IN_HAS_CERT, 'n', "Whether the input file does contain an user certificate" },
-        { "has-ca",   OPT_IN_HAS_CA,   'n', "Whether the input file does contain other certificate" },
-        { "legacy",  OPT_LEGACY,  '-', "Test the legacy APIs" },
+        { "in", OPT_IN_FILE, '<', "PKCS12 input file" },
+        { "pass", OPT_IN_PASS, 's', "PKCS12 input file password" },
+        { "has-key", OPT_IN_HAS_KEY, 'n', "Whether the input file does contain an user key" },
+        { "has-cert", OPT_IN_HAS_CERT, 'n', "Whether the input file does contain an user certificate" },
+        { "has-ca", OPT_IN_HAS_CA, 'n', "Whether the input file does contain other certificate" },
+        { "legacy", OPT_LEGACY, '-', "Test the legacy APIs" },
         { NULL }
     };
     return options;
 }
 
+static int test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen(void)
+{
+    int ret = 0;
+    unsigned char salt[8] = { 0 };
+    EVP_PKEY *key = NULL;
+    X509 *cert = NULL;
+    STACK_OF(X509) *ca = NULL;
+    PKCS12 *p12 = NULL;
+
+    if (!TEST_ptr(p12 = PKCS12_load(in_file)))
+        return 0;
+    if (!TEST_true(PKCS12_parse(p12, in_pass, &key, &cert, &ca)))
+        goto err;
+    PKCS12_free(p12);
+
+    if (!TEST_ptr(p12 = PKCS12_create_ex2("pass", NULL, key, cert, ca,
+                      NID_undef, NID_undef, 0, -1, 0,
+                      testctx, NULL, NULL, NULL)))
+        goto err;
+    ret = TEST_false(PKCS12_set_pbmac1_pbkdf2(p12, "pass", -1,
+        salt, -1, 0, NULL, NULL));
+err:
+    PKCS12_free(p12);
+    EVP_PKEY_free(key);
+    X509_free(cert);
+    OSSL_STACK_OF_X509_free(ca);
+    return ret;
+}
+
 int setup_tests(void)
 {
     OPTION_CHOICE o;
@@ -292,6 +321,7 @@ int setup_tests(void)
     ADD_TEST(test_null_args);
     ADD_TEST(pkcs12_parse_test);
     ADD_ALL_TESTS(pkcs12_create_ex2_test, 3);
+    ADD_TEST(test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen);
     return 1;
 }