Fix a seg fault when cert not loaded prior to key check

2025-07-30 02:37:28 +02:00 · 2020-05-22 15:03:11 -06:00
parent d27c023dd9
commit 53d2a17b43
2 changed files with 6 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -6798,7 +6798,7 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)

    WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");

-    if (ctx == NULL) {
+    if (ctx == NULL || ctx->certificate == NULL) {
        return WOLFSSL_FAILURE;
    }

--- a/tests/api.c
+++ b/tests/api.c
@ -20637,8 +20637,12 @@ static void test_wolfSSL_private_keys(void)
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif
-    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    /* Have to load a cert before you can check the private key against that
+     * certificates public key! */
+    AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
+    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
+    AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
    AssertNotNull(ssl = SSL_new(ctx));

    AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);