Correct leaks in OpenSSL interface

Remove increment of reference count on first certificate added to a new SSL context - the call to SSL_CTX_use_certificate does this internally. When adding extra certificates to the context via calls to SSL_CTX_add_extra_certificate, the explicit increment of the reference count is still required to prevent destruction of the certificates when the SSL context is freed. In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a shared_ptr which calls EVP_PKEY_free. Add a new Unit test which creates an SSL context and inserts a multi-element certificate chain and a private key. JIRA: SWIFT-423 Bug: Release-notes: Manual: Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2 Test-information: Leak testing performed via ASAN-compiled MLink unit tests - now no leaks/errors reported associated with TLS Contexts and Certificates. Swiften unit test runs as expected.
author: Tim Costen <tim.costen@isode.com> 2019-10-04 09:03:59 (GMT)
committer: Tim Costen <tim.costen@isode.com> 2019-10-04 12:25:33 (GMT)
commit: 2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd (patch)
tree: c18d0317b1f750bad3d413ed5bc6ec40a2e0bfbb /Swiften/QA/TLSTest/CertificateTest.cpp
parent: df07a5e1e654c5fe4b513b8b0e41a392e9955cdf (diff)
download: swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.zip
swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.tar.bz2
1 files changed, 26 insertions, 0 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp
index 21f749c..624d953 100644
--- a/Swiften/QA/TLSTest/CertificateTest.cpp
+++ b/Swiften/QA/TLSTest/CertificateTest.cpp
@@ -15,6 +15,9 @@
 
 #include <Swiften/Base/ByteArray.h>
 #include <Swiften/TLS/CertificateFactory.h>
+#include <Swiften/TLS/TLSContext.h>
+#include <Swiften/TLS/PlatformTLSFactories.h>
+#include <Swiften/TLS/TLSContextFactory.h>
 
 #include <SwifTools/Application/PlatformApplicationPathProvider.h>
 
@@ -31,6 +34,7 @@ class CertificateTest : public CppUnit::TestFixture {
         CPPUNIT_TEST(testGetDNSNames);
         CPPUNIT_TEST(testGetXMPPAddresses);
         CPPUNIT_TEST(testCreateCertificateChain);
+        CPPUNIT_TEST(testCreateTlsContext);
         CPPUNIT_TEST_SUITE_END();
 
     public:
@@ -38,7 +42,11 @@ class CertificateTest : public CppUnit::TestFixture {
             pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest");
             readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt"));
             readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem"));
+            readByteArrayFromFile(keyData, (pathProvider->getExecutableDir() / "privateKey.pem"));
             certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY());
+
+            PlatformTLSFactories* tlsFactories_ = new PlatformTLSFactories();
+            tlsContextFactory_ = tlsFactories_->getTLSContextFactory();
         }
 
         void testConstructFromDER() {
@@ -106,11 +114,29 @@ class CertificateTest : public CppUnit::TestFixture {
             CPPUNIT_ASSERT_EQUAL(std::string("New Messaging CA"), chain[1]->getCommonNames()[0]);
         }
 
+        void testCreateTlsContext() {
+            // Create 2-certificate chain as in previous test
+            std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData);
+            CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size()));
+
+            // Load private key from string
+            PrivateKey::ref key = certificateFactory->createPrivateKey(Swift::createSafeByteArray(keyData));
+            CPPUNIT_ASSERT(key);
+
+            const TLSOptions options;
+            auto context = tlsContextFactory_->createTLSContext(options, TLSContext::Mode::Server);
+            CPPUNIT_ASSERT(context);
+
+            context->setCertificateChain(chain);
+            context->setPrivateKey(key);
+        }
     private:
         std::unique_ptr<PlatformApplicationPathProvider> pathProvider;
         ByteArray certificateData;
         ByteArray chainData;
+        ByteArray keyData;
         std::unique_ptr<CertificateFactory> certificateFactory;
+        TLSContextFactory* tlsContextFactory_;
 };
 
 #ifdef HAVE_OPENSSL
author	Tim Costen <tim.costen@isode.com>	2019-10-04 09:03:59 (GMT)
committer	Tim Costen <tim.costen@isode.com>	2019-10-04 12:25:33 (GMT)
commit	2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd (patch)
tree	c18d0317b1f750bad3d413ed5bc6ec40a2e0bfbb /Swiften/QA/TLSTest/CertificateTest.cpp
parent	df07a5e1e654c5fe4b513b8b0e41a392e9955cdf (diff)
download	swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.zip swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.tar.bz2