projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix race for X509 store found by thread sanitizer
[openssl.git] / test / ocspapitest.c
diff --git a/test/ocspapitest.c b/test/ocspapitest.c
index e76f724343346054487aaf5a4ed4ce9c3e301873..13026d6b4a42b5f10135a1b18c3ac2cc0e3a9bfb 100644 (file)
--- a/test/ocspapitest.c
+++ b/test/ocspapitest.c
@@ -1,7 +1,7 @@
 /*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
@@ -21,6 +21,7 @@
 static const char *certstr;
 static const char *privkeystr;
 
+#ifndef OPENSSL_NO_OCSP
 static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out)
 {
     BIO *certbio, *keybio;
@@ -46,23 +47,46 @@ static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out)
     return 0;
 }
 
+static int get_cert(X509 **cert_out)
+{
+    BIO *certbio;
+    X509 *cert = NULL;
+
+    if (!TEST_ptr(certbio = BIO_new_file(certstr, "r")))
+        return 0;
+    cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
+    BIO_free(certbio);
+    if (!TEST_ptr(cert))
+        goto end;
+    *cert_out = cert;
+    return 1;
+ end:
+    X509_free(cert);
+    return 0;
+}
+
 static OCSP_BASICRESP *make_dummy_resp(void)
 {
     const unsigned char namestr[] = "openssl.example.com";
     unsigned char keybytes[128] = {7};
     OCSP_BASICRESP *bs = OCSP_BASICRESP_new();
-    OCSP_CERTID *cid;
+    OCSP_BASICRESP *bs_out = NULL;
+    OCSP_CERTID *cid = NULL;
     ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));
     ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);
     X509_NAME *name = X509_NAME_new();
     ASN1_BIT_STRING *key = ASN1_BIT_STRING_new();
     ASN1_INTEGER *serial = ASN1_INTEGER_new();
 
-    if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,
-                                   namestr, -1, -1, 1)
-        || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)
-        || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)))
-        return NULL;
+    if (!TEST_ptr(name)
+        || !TEST_ptr(key)
+        || !TEST_ptr(serial)
+        || !TEST_true(X509_NAME_add_entry_by_NID(name, NID_commonName,
+                                                 MBSTRING_ASC,
+                                                 namestr, -1, -1, 1))
+        || !TEST_true(ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)))
+        || !TEST_true(ASN1_INTEGER_set_uint64(serial, (uint64_t)1)))
+        goto err;
     cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);
     if (!TEST_ptr(bs)
         || !TEST_ptr(thisupd)
@@ -71,23 +95,27 @@ static OCSP_BASICRESP *make_dummy_resp(void)
         || !TEST_true(OCSP_basic_add1_status(bs, cid,
                                              V_OCSP_CERTSTATUS_UNKNOWN,
                                              0, NULL, thisupd, nextupd)))
-        return NULL;
+        goto err;
+    bs_out = bs;
+    bs = NULL;
+ err:
     ASN1_TIME_free(thisupd);
     ASN1_TIME_free(nextupd);
     ASN1_BIT_STRING_free(key);
     ASN1_INTEGER_free(serial);
     OCSP_CERTID_free(cid);
+    OCSP_BASICRESP_free(bs);
     X509_NAME_free(name);
-    return bs;
+    return bs_out;
 }
 
-#ifndef OPENSSL_NO_OCSP
 static int test_resp_signer(void)
 {
-    OCSP_BASICRESP *bs;
+    OCSP_BASICRESP *bs = NULL;
     X509 *signer = NULL, *tmp;
     EVP_PKEY *key = NULL;
-    STACK_OF(X509) *extra_certs;
+    STACK_OF(X509) *extra_certs = NULL;
+    int ret = 0;
 
     /*
      * Test a response with no certs at all; get the signer from the
@@ -101,10 +129,10 @@ static int test_resp_signer(void)
         || !TEST_true(sk_X509_push(extra_certs, signer))
         || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
                                       NULL, OCSP_NOCERTS)))
-        return 0;
+        goto err;
     if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs))
         || !TEST_int_eq(X509_cmp(tmp, signer), 0))
-        return 0;
+        goto err;
     OCSP_BASICRESP_free(bs);
 
     /* Do it again but include the signer cert */
@@ -113,25 +141,96 @@ static int test_resp_signer(void)
     if (!TEST_ptr(bs)
         || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
                                       NULL, 0)))
-        return 0;
+        goto err;
     if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL))
         || !TEST_int_eq(X509_cmp(tmp, signer), 0))
-        return 0;
+        goto err;
+    ret = 1;
+ err:
     OCSP_BASICRESP_free(bs);
     sk_X509_free(extra_certs);
     X509_free(signer);
     EVP_PKEY_free(key);
-    return 1;
+    return ret;
 }
-#endif
+
+static int test_access_description(int testcase)
+{
+    ACCESS_DESCRIPTION *ad = ACCESS_DESCRIPTION_new();
+    int ret = 0;
+
+    if (!TEST_ptr(ad))
+        goto err;
+
+    switch (testcase) {
+    case 0:     /* no change */
+        break;
+    case 1:     /* check and release current location */
+        if (!TEST_ptr(ad->location))
+            goto err;
+        GENERAL_NAME_free(ad->location);
+        ad->location = NULL;
+        break;
+    case 2:     /* replace current location */
+        GENERAL_NAME_free(ad->location);
+        ad->location = GENERAL_NAME_new();
+        if (!TEST_ptr(ad->location))
+            goto err;
+        break;
+    }
+    ACCESS_DESCRIPTION_free(ad);
+    ret = 1;
+err:
+    return ret;
+}
+
+static int test_ocsp_url_svcloc_new(void)
+{
+    static const char *urls[] = {
+        "www.openssl.org",
+        "www.openssl.net",
+        NULL
+    };
+
+    X509 *issuer = NULL;
+    X509_EXTENSION *ext = NULL;
+    int ret = 0;
+
+    if (!TEST_true(get_cert(&issuer)))
+        goto err;
+
+    /*
+     * Test calling this ocsp method to catch any memory leak
+     */
+    ext = OCSP_url_svcloc_new(X509_get_issuer_name(issuer), urls);
+    if (!TEST_ptr(ext))
+        goto err;
+
+    X509_EXTENSION_free(ext);
+    ret = 1;
+err:
+    X509_free(issuer);
+    return ret;
+}
+
+#endif /* OPENSSL_NO_OCSP */
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
 
 int setup_tests(void)
 {
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+
     if (!TEST_ptr(certstr = test_get_argument(0))
         || !TEST_ptr(privkeystr = test_get_argument(1)))
         return 0;
 #ifndef OPENSSL_NO_OCSP
     ADD_TEST(test_resp_signer);
+    ADD_ALL_TESTS(test_access_description, 3);
+    ADD_TEST(test_ocsp_url_svcloc_new);
 #endif
     return 1;
 }
Unnamed repository; edit this file 'description' to name the repository.