summaryrefslogtreecommitdiffstats
path: root/test/ocspapitest.c
diff options
context:
space:
mode:
authorBenjamin Kaduk <bkaduk@akamai.com>2017-12-07 21:14:47 +0100
committerBen Kaduk <kaduk@mit.edu>2017-12-08 16:16:36 +0100
commitb6306d8049b04dca7fa738a86c892c43ba6a5fc4 (patch)
tree75843dafe32fdf333b2a70ea7f63f0c6e0d7bdeb /test/ocspapitest.c
parentIn apps_startup(), call OPENSSL_init_ssl() rather than OPENSSL_init_crypto() (diff)
downloadopenssl-b6306d8049b04dca7fa738a86c892c43ba6a5fc4.tar.xz
openssl-b6306d8049b04dca7fa738a86c892c43ba6a5fc4.zip
Fix coverity-reported errors in ocspapitest
Avoid memory leaks in error paths, and correctly apply parentheses to function calls in a long if-chain. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4873)
Diffstat (limited to 'test/ocspapitest.c')
-rw-r--r--test/ocspapitest.c34
1 files changed, 21 insertions, 13 deletions
diff --git a/test/ocspapitest.c b/test/ocspapitest.c
index e76f724343..aa477a8f49 100644
--- a/test/ocspapitest.c
+++ b/test/ocspapitest.c
@@ -51,7 +51,8 @@ static OCSP_BASICRESP *make_dummy_resp(void)
const unsigned char namestr[] = "openssl.example.com";
unsigned char keybytes[128] = {7};
OCSP_BASICRESP *bs = OCSP_BASICRESP_new();
- OCSP_CERTID *cid;
+ OCSP_BASICRESP *bs_out = NULL;
+ OCSP_CERTID *cid = NULL;
ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));
ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);
X509_NAME *name = X509_NAME_new();
@@ -60,9 +61,9 @@ static OCSP_BASICRESP *make_dummy_resp(void)
if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,
namestr, -1, -1, 1)
- || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)
- || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)))
- return NULL;
+ || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))
+ || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1))
+ goto err;
cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);
if (!TEST_ptr(bs)
|| !TEST_ptr(thisupd)
@@ -71,23 +72,28 @@ static OCSP_BASICRESP *make_dummy_resp(void)
|| !TEST_true(OCSP_basic_add1_status(bs, cid,
V_OCSP_CERTSTATUS_UNKNOWN,
0, NULL, thisupd, nextupd)))
- return NULL;
+ goto err;
+ bs_out = bs;
+ bs = NULL;
+ err:
ASN1_TIME_free(thisupd);
ASN1_TIME_free(nextupd);
ASN1_BIT_STRING_free(key);
ASN1_INTEGER_free(serial);
OCSP_CERTID_free(cid);
+ OCSP_BASICRESP_free(bs);
X509_NAME_free(name);
- return bs;
+ return bs_out;
}
#ifndef OPENSSL_NO_OCSP
static int test_resp_signer(void)
{
- OCSP_BASICRESP *bs;
+ OCSP_BASICRESP *bs = NULL;
X509 *signer = NULL, *tmp;
EVP_PKEY *key = NULL;
- STACK_OF(X509) *extra_certs;
+ STACK_OF(X509) *extra_certs = NULL;
+ int ret = 0;
/*
* Test a response with no certs at all; get the signer from the
@@ -101,10 +107,10 @@ static int test_resp_signer(void)
|| !TEST_true(sk_X509_push(extra_certs, signer))
|| !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
NULL, OCSP_NOCERTS)))
- return 0;
+ goto err;
if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs))
|| !TEST_int_eq(X509_cmp(tmp, signer), 0))
- return 0;
+ goto err;
OCSP_BASICRESP_free(bs);
/* Do it again but include the signer cert */
@@ -113,15 +119,17 @@ static int test_resp_signer(void)
if (!TEST_ptr(bs)
|| !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
NULL, 0)))
- return 0;
+ goto err;
if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL))
|| !TEST_int_eq(X509_cmp(tmp, signer), 0))
- return 0;
+ goto err;
+ ret = 1;
+ err:
OCSP_BASICRESP_free(bs);
sk_X509_free(extra_certs);
X509_free(signer);
EVP_PKEY_free(key);
- return 1;
+ return ret;
}
#endif