Fix NULL access in ssl_build_cert_chain() when ctx is NULL.

Fixes #14294 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14295)
author: Shane Lontis <shane.lontis@oracle.com> 2021-02-24 15:59:14 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-03-03 16:16:19 +1000
commit: 4e4ae84056133c863860e27ceedae8bd3fb0a402 (patch)
tree: b2d2d94cb5544de299abf32fbe9643e8f0e3a040 /test/sslapitest.c
parent: 81f9af3460dca0fe37d3a240cb385efbf0f0d362 (diff)
download: openssl-new-4e4ae84056133c863860e27ceedae8bd3fb0a402.tar.gz
1 files changed, 57 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 3fa60538e9..06d8e80200 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -641,6 +641,61 @@ end:
     return testresult;
 }
 
+static int test_ssl_build_cert_chain(void)
+{
+    int ret = 0;
+    SSL_CTX *ssl_ctx = NULL;
+    SSL *ssl = NULL;
+    char *skey = test_mk_file_path(certsdir, "leaf.key");
+    char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem");
+
+    if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
+        goto end;
+    if (!TEST_ptr(ssl = SSL_new(ssl_ctx)))
+        goto end;
+    /* leaf_chain contains leaf + subinterCA + interCA + rootCA */
+    if (!TEST_int_eq(SSL_use_certificate_chain_file(ssl, leaf_chain), 1)
+        || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, skey, SSL_FILETYPE_PEM), 1)
+        || !TEST_int_eq(SSL_check_private_key(ssl), 1))
+        goto end;
+    if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT
+                                             | SSL_BUILD_CHAIN_FLAG_CHECK)))
+        goto end;
+    ret = 1;
+end:
+    SSL_free(ssl);
+    SSL_CTX_free(ssl_ctx);
+    OPENSSL_free(leaf_chain);
+    OPENSSL_free(skey);
+    return ret;
+}
+
+static int test_ssl_ctx_build_cert_chain(void)
+{
+    int ret = 0;
+    SSL_CTX *ctx = NULL;
+    char *skey = test_mk_file_path(certsdir, "leaf.key");
+    char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem");
+
+    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
+        goto end;
+    /* leaf_chain contains leaf + subinterCA + interCA + rootCA */
+    if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1)
+        || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey,
+                                                    SSL_FILETYPE_PEM), 1)
+        || !TEST_int_eq(SSL_CTX_check_private_key(ctx), 1))
+        goto end;
+    if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT
+                                                | SSL_BUILD_CHAIN_FLAG_CHECK)))
+        goto end;
+    ret = 1;
+end:
+    SSL_CTX_free(ctx);
+    OPENSSL_free(leaf_chain);
+    OPENSSL_free(skey);
+    return ret;
+}
+
 #ifndef OPENSSL_NO_TLS1_2
 static int full_client_hello_callback(SSL *s, int *al, void *arg)
 {
@@ -8710,6 +8765,8 @@ int setup_tests(void)
     ADD_TEST(test_keylog_no_master_key);
 #endif
     ADD_TEST(test_client_cert_verify_cb);
+    ADD_TEST(test_ssl_build_cert_chain);
+    ADD_TEST(test_ssl_ctx_build_cert_chain);
 #ifndef OPENSSL_NO_TLS1_2
     ADD_TEST(test_client_hello_cb);
     ADD_TEST(test_no_ems);
author	Shane Lontis <shane.lontis@oracle.com>	2021-02-24 15:59:14 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-03-03 16:16:19 +1000
commit	4e4ae84056133c863860e27ceedae8bd3fb0a402 (patch)
tree	b2d2d94cb5544de299abf32fbe9643e8f0e3a040 /test/sslapitest.c
parent	81f9af3460dca0fe37d3a240cb385efbf0f0d362 (diff)
download	openssl-new-4e4ae84056133c863860e27ceedae8bd3fb0a402.tar.gz