diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-02-24 15:59:14 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-03-03 16:16:19 +1000 |
commit | 4e4ae84056133c863860e27ceedae8bd3fb0a402 (patch) | |
tree | b2d2d94cb5544de299abf32fbe9643e8f0e3a040 /test/sslapitest.c | |
parent | 81f9af3460dca0fe37d3a240cb385efbf0f0d362 (diff) | |
download | openssl-new-4e4ae84056133c863860e27ceedae8bd3fb0a402.tar.gz |
Fix NULL access in ssl_build_cert_chain() when ctx is NULL.
Fixes #14294
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14295)
Diffstat (limited to 'test/sslapitest.c')
-rw-r--r-- | test/sslapitest.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 3fa60538e9..06d8e80200 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -641,6 +641,61 @@ end: return testresult; } +static int test_ssl_build_cert_chain(void) +{ + int ret = 0; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + char *skey = test_mk_file_path(certsdir, "leaf.key"); + char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); + + if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + if (!TEST_ptr(ssl = SSL_new(ssl_ctx))) + goto end; + /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ + if (!TEST_int_eq(SSL_use_certificate_chain_file(ssl, leaf_chain), 1) + || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, skey, SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_check_private_key(ssl), 1)) + goto end; + if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT + | SSL_BUILD_CHAIN_FLAG_CHECK))) + goto end; + ret = 1; +end: + SSL_free(ssl); + SSL_CTX_free(ssl_ctx); + OPENSSL_free(leaf_chain); + OPENSSL_free(skey); + return ret; +} + +static int test_ssl_ctx_build_cert_chain(void) +{ + int ret = 0; + SSL_CTX *ctx = NULL; + char *skey = test_mk_file_path(certsdir, "leaf.key"); + char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ + if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(ctx), 1)) + goto end; + if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT + | SSL_BUILD_CHAIN_FLAG_CHECK))) + goto end; + ret = 1; +end: + SSL_CTX_free(ctx); + OPENSSL_free(leaf_chain); + OPENSSL_free(skey); + return ret; +} + #ifndef OPENSSL_NO_TLS1_2 static int full_client_hello_callback(SSL *s, int *al, void *arg) { @@ -8710,6 +8765,8 @@ int setup_tests(void) ADD_TEST(test_keylog_no_master_key); #endif ADD_TEST(test_client_cert_verify_cb); + ADD_TEST(test_ssl_build_cert_chain); + ADD_TEST(test_ssl_ctx_build_cert_chain); #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_client_hello_cb); ADD_TEST(test_no_ems); |