1 /* 2 * Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <string.h> 11 12 #include <openssl/e_os2.h> 13 #include <openssl/x509.h> 14 #include <openssl/x509v3.h> 15 #include "internal/nelem.h" 16 #include "testutil.h" 17 18 static const char *const names[] = { 19 "a", "b", ".", "*", "@", 20 ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", 21 "-example.com", "example-.com", 22 "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com", 23 "*@example.com", "test@*.example.com", "example.com", "www.example.com", 24 "test.www.example.com", "*.example.com", "*.www.example.com", 25 "test.*.example.com", "www.*.com", 26 ".www.example.com", "*www.example.com", 27 "example.net", "xn--rger-koa.example.com", 28 "*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com", 29 "*.good--example.com", "www.good--example.com", 30 "*.xn--bar.com", "xn--foo.xn--bar.com", 31 "a.example.com", "b.example.com", 32 "postmaster@example.com", "Postmaster@example.com", 33 "postmaster@EXAMPLE.COM", 34 NULL 35 }; 36 37 static const char *const exceptions[] = { 38 "set CN: host: [*.example.com] matches [a.example.com]", 39 "set CN: host: [*.example.com] matches [b.example.com]", 40 "set CN: host: [*.example.com] matches [www.example.com]", 41 "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]", 42 "set CN: host: [*.www.example.com] matches [test.www.example.com]", 43 "set CN: host: [*.www.example.com] matches [.www.example.com]", 44 "set CN: host: [*www.example.com] matches [www.example.com]", 45 "set CN: host: [test.www.example.com] matches [.www.example.com]", 46 "set CN: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", 47 "set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", 48 "set CN: host: [*.good--example.com] matches [www.good--example.com]", 49 "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", 50 "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", 51 "set emailAddress: email: [postmaster@example.com] does not match [Postmaster@example.com]", 52 "set emailAddress: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]", 53 "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@example.com]", 54 "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]", 55 "set dnsName: host: [*.example.com] matches [www.example.com]", 56 "set dnsName: host: [*.example.com] matches [a.example.com]", 57 "set dnsName: host: [*.example.com] matches [b.example.com]", 58 "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]", 59 "set dnsName: host: [*.www.example.com] matches [test.www.example.com]", 60 "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", 61 "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", 62 "set dnsName: host: [*.www.example.com] matches [.www.example.com]", 63 "set dnsName: host: [*www.example.com] matches [www.example.com]", 64 "set dnsName: host: [test.www.example.com] matches [.www.example.com]", 65 "set dnsName: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", 66 "set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", 67 "set dnsName: host: [*.good--example.com] matches [www.good--example.com]", 68 "set rfc822Name: email: [postmaster@example.com] does not match [Postmaster@example.com]", 69 "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@example.com]", 70 "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]", 71 "set rfc822Name: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]", 72 NULL 73 }; 74 75 static int is_exception(const char *msg) 76 { 77 const char *const *p; 78 79 for (p = exceptions; *p; ++p) 80 if (strcmp(msg, *p) == 0) 81 return 1; 82 return 0; 83 } 84 85 static int set_cn(X509 *crt, ...) 86 { 87 int ret = 0; 88 X509_NAME *n = NULL; 89 va_list ap; 90 91 va_start(ap, crt); 92 n = X509_NAME_new(); 93 if (n == NULL) 94 goto out; 95 96 while (1) { 97 int nid; 98 const char *name; 99 100 nid = va_arg(ap, int); 101 if (nid == 0) 102 break; 103 name = va_arg(ap, const char *); 104 if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, 105 (unsigned char *)name, -1, -1, 1)) 106 goto out; 107 } 108 if (!X509_set_subject_name(crt, n)) 109 goto out; 110 ret = 1; 111 out: 112 X509_NAME_free(n); 113 va_end(ap); 114 return ret; 115 } 116 117 /*- 118 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 119 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, 120 int nid, int crit, ASN1_OCTET_STRING *data); 121 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 122 */ 123 124 static int set_altname(X509 *crt, ...) 125 { 126 int ret = 0; 127 GENERAL_NAMES *gens = NULL; 128 GENERAL_NAME *gen = NULL; 129 ASN1_IA5STRING *ia5 = NULL; 130 va_list ap; 131 va_start(ap, crt); 132 gens = sk_GENERAL_NAME_new_null(); 133 if (gens == NULL) 134 goto out; 135 while (1) { 136 int type; 137 const char *name; 138 type = va_arg(ap, int); 139 if (type == 0) 140 break; 141 name = va_arg(ap, const char *); 142 143 gen = GENERAL_NAME_new(); 144 if (gen == NULL) 145 goto out; 146 ia5 = ASN1_IA5STRING_new(); 147 if (ia5 == NULL) 148 goto out; 149 if (!ASN1_STRING_set(ia5, name, -1)) 150 goto out; 151 switch (type) { 152 case GEN_EMAIL: 153 case GEN_DNS: 154 GENERAL_NAME_set0_value(gen, type, ia5); 155 ia5 = NULL; 156 break; 157 default: 158 abort(); 159 } 160 if (!sk_GENERAL_NAME_push(gens, gen)) 161 goto out; 162 gen = NULL; 163 } 164 if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0)) 165 goto out; 166 ret = 1; 167 out: 168 ASN1_IA5STRING_free(ia5); 169 GENERAL_NAME_free(gen); 170 GENERAL_NAMES_free(gens); 171 va_end(ap); 172 return ret; 173 } 174 175 static int set_cn1(X509 *crt, const char *name) 176 { 177 return set_cn(crt, NID_commonName, name, 0); 178 } 179 180 static int set_cn_and_email(X509 *crt, const char *name) 181 { 182 return set_cn(crt, NID_commonName, name, 183 NID_pkcs9_emailAddress, "dummy@example.com", 0); 184 } 185 186 static int set_cn2(X509 *crt, const char *name) 187 { 188 return set_cn(crt, NID_commonName, "dummy value", 189 NID_commonName, name, 0); 190 } 191 192 static int set_cn3(X509 *crt, const char *name) 193 { 194 return set_cn(crt, NID_commonName, name, 195 NID_commonName, "dummy value", 0); 196 } 197 198 static int set_email1(X509 *crt, const char *name) 199 { 200 return set_cn(crt, NID_pkcs9_emailAddress, name, 0); 201 } 202 203 static int set_email2(X509 *crt, const char *name) 204 { 205 return set_cn(crt, NID_pkcs9_emailAddress, "dummy@example.com", 206 NID_pkcs9_emailAddress, name, 0); 207 } 208 209 static int set_email3(X509 *crt, const char *name) 210 { 211 return set_cn(crt, NID_pkcs9_emailAddress, name, 212 NID_pkcs9_emailAddress, "dummy@example.com", 0); 213 } 214 215 static int set_email_and_cn(X509 *crt, const char *name) 216 { 217 return set_cn(crt, NID_pkcs9_emailAddress, name, 218 NID_commonName, "www.example.org", 0); 219 } 220 221 static int set_altname_dns(X509 *crt, const char *name) 222 { 223 return set_altname(crt, GEN_DNS, name, 0); 224 } 225 226 static int set_altname_email(X509 *crt, const char *name) 227 { 228 return set_altname(crt, GEN_EMAIL, name, 0); 229 } 230 231 struct set_name_fn { 232 int (*fn) (X509 *, const char *); 233 const char *name; 234 int host; 235 int email; 236 }; 237 238 static const struct set_name_fn name_fns[] = { 239 {set_cn1, "set CN", 1, 0}, 240 {set_cn2, "set CN", 1, 0}, 241 {set_cn3, "set CN", 1, 0}, 242 {set_cn_and_email, "set CN", 1, 0}, 243 {set_email1, "set emailAddress", 0, 1}, 244 {set_email2, "set emailAddress", 0, 1}, 245 {set_email3, "set emailAddress", 0, 1}, 246 {set_email_and_cn, "set emailAddress", 0, 1}, 247 {set_altname_dns, "set dnsName", 1, 0}, 248 {set_altname_email, "set rfc822Name", 0, 1}, 249 }; 250 251 static X509 *make_cert(void) 252 { 253 X509 *crt = NULL; 254 255 if (!TEST_ptr(crt = X509_new())) 256 return NULL; 257 if (!TEST_true(X509_set_version(crt, X509_VERSION_3))) { 258 X509_free(crt); 259 return NULL; 260 } 261 return crt; 262 } 263 264 static int check_message(const struct set_name_fn *fn, const char *op, 265 const char *nameincert, int match, const char *name) 266 { 267 char msg[1024]; 268 269 if (match < 0) 270 return 1; 271 BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]", 272 fn->name, op, nameincert, 273 match ? "matches" : "does not match", name); 274 if (is_exception(msg)) 275 return 1; 276 TEST_error("%s", msg); 277 return 0; 278 } 279 280 static int run_cert(X509 *crt, const char *nameincert, 281 const struct set_name_fn *fn) 282 { 283 const char *const *pname = names; 284 int failed = 0; 285 286 for (; *pname != NULL; ++pname) { 287 int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0; 288 size_t namelen = strlen(*pname); 289 char *name = OPENSSL_malloc(namelen + 1); 290 int match, ret; 291 292 if (!TEST_ptr(name)) 293 return 0; 294 memcpy(name, *pname, namelen + 1); 295 296 match = -1; 297 if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL), 298 0)) { 299 failed = 1; 300 } else if (fn->host) { 301 if (ret == 1 && !samename) 302 match = 1; 303 if (ret == 0 && samename) 304 match = 0; 305 } else if (ret == 1) 306 match = 1; 307 if (!TEST_true(check_message(fn, "host", nameincert, match, *pname))) 308 failed = 1; 309 310 match = -1; 311 if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 312 X509_CHECK_FLAG_NO_WILDCARDS, 313 NULL), 0)) { 314 failed = 1; 315 } else if (fn->host) { 316 if (ret == 1 && !samename) 317 match = 1; 318 if (ret == 0 && samename) 319 match = 0; 320 } else if (ret == 1) 321 match = 1; 322 if (!TEST_true(check_message(fn, "host-no-wildcards", 323 nameincert, match, *pname))) 324 failed = 1; 325 326 match = -1; 327 ret = X509_check_email(crt, name, namelen, 0); 328 if (fn->email) { 329 if (ret && !samename) 330 match = 1; 331 if (!ret && samename && strchr(nameincert, '@') != NULL) 332 match = 0; 333 } else if (ret) 334 match = 1; 335 if (!TEST_true(check_message(fn, "email", nameincert, match, *pname))) 336 failed = 1; 337 OPENSSL_free(name); 338 } 339 340 return failed == 0; 341 } 342 343 static int call_run_cert(int i) 344 { 345 int failed = 0; 346 const struct set_name_fn *pfn = &name_fns[i]; 347 X509 *crt; 348 const char *const *pname; 349 350 TEST_info("%s", pfn->name); 351 for (pname = names; *pname != NULL; pname++) { 352 if (!TEST_ptr(crt = make_cert()) 353 || !TEST_true(pfn->fn(crt, *pname)) 354 || !run_cert(crt, *pname, pfn)) 355 failed = 1; 356 X509_free(crt); 357 } 358 return failed == 0; 359 } 360 361 static struct gennamedata { 362 const unsigned char der[22]; 363 size_t derlen; 364 } gennames[] = { 365 { 366 /* 367 * [0] { 368 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 369 * [0] { 370 * SEQUENCE {} 371 * } 372 * } 373 */ 374 { 375 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 376 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 377 }, 378 21 379 }, { 380 /* 381 * [0] { 382 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 383 * [0] { 384 * [APPLICATION 0] {} 385 * } 386 * } 387 */ 388 { 389 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 390 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 391 }, 392 21 393 }, { 394 /* 395 * [0] { 396 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 397 * [0] { 398 * UTF8String { "a" } 399 * } 400 * } 401 */ 402 { 403 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 404 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 405 }, 406 22 407 }, { 408 /* 409 * [0] { 410 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } 411 * [0] { 412 * UTF8String { "a" } 413 * } 414 * } 415 */ 416 { 417 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 418 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 419 }, 420 22 421 }, { 422 /* 423 * [0] { 424 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 425 * [0] { 426 * UTF8String { "b" } 427 * } 428 * } 429 */ 430 { 431 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 432 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 433 }, 434 22 435 }, { 436 /* 437 * [0] { 438 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 439 * [0] { 440 * BOOLEAN { TRUE } 441 * } 442 * } 443 */ 444 { 445 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 446 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff 447 }, 448 22 449 }, { 450 /* 451 * [0] { 452 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 453 * [0] { 454 * BOOLEAN { FALSE } 455 * } 456 * } 457 */ 458 { 459 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 460 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 461 }, 462 22 463 }, { 464 /* [1 PRIMITIVE] { "a" } */ 465 { 466 0x81, 0x01, 0x61 467 }, 468 3 469 }, { 470 /* [1 PRIMITIVE] { "b" } */ 471 { 472 0x81, 0x01, 0x62 473 }, 474 3 475 }, { 476 /* [2 PRIMITIVE] { "a" } */ 477 { 478 0x82, 0x01, 0x61 479 }, 480 3 481 }, { 482 /* [2 PRIMITIVE] { "b" } */ 483 { 484 0x82, 0x01, 0x62 485 }, 486 3 487 }, { 488 /* 489 * [4] { 490 * SEQUENCE { 491 * SET { 492 * SEQUENCE { 493 * # commonName 494 * OBJECT_IDENTIFIER { 2.5.4.3 } 495 * UTF8String { "a" } 496 * } 497 * } 498 * } 499 * } 500 */ 501 { 502 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 503 0x04, 0x03, 0x0c, 0x01, 0x61 504 }, 505 16 506 }, { 507 /* 508 * [4] { 509 * SEQUENCE { 510 * SET { 511 * SEQUENCE { 512 * # commonName 513 * OBJECT_IDENTIFIER { 2.5.4.3 } 514 * UTF8String { "b" } 515 * } 516 * } 517 * } 518 * } 519 */ 520 { 521 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 522 0x04, 0x03, 0x0c, 0x01, 0x62 523 }, 524 16 525 }, { 526 /* 527 * [5] { 528 * [1] { 529 * UTF8String { "a" } 530 * } 531 * } 532 */ 533 { 534 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 535 }, 536 7 537 }, { 538 /* 539 * [5] { 540 * [1] { 541 * UTF8String { "b" } 542 * } 543 * } 544 */ 545 { 546 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 547 }, 548 7 549 }, { 550 /* 551 * [5] { 552 * [0] { 553 * UTF8String {} 554 * } 555 * [1] { 556 * UTF8String { "a" } 557 * } 558 * } 559 */ 560 { 561 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 562 }, 563 11 564 }, { 565 /* 566 * [5] { 567 * [0] { 568 * UTF8String { "a" } 569 * } 570 * [1] { 571 * UTF8String { "a" } 572 * } 573 * } 574 */ 575 { 576 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 577 0x61 578 }, 579 12 580 }, { 581 /* 582 * [5] { 583 * [0] { 584 * UTF8String { "b" } 585 * } 586 * [1] { 587 * UTF8String { "a" } 588 * } 589 * } 590 */ 591 { 592 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 593 0x61 594 }, 595 12 596 }, { 597 /* [6 PRIMITIVE] { "a" } */ 598 { 599 0x86, 0x01, 0x61 600 }, 601 3 602 }, { 603 /* [6 PRIMITIVE] { "b" } */ 604 { 605 0x86, 0x01, 0x62 606 }, 607 3 608 }, { 609 /* [7 PRIMITIVE] { `11111111` } */ 610 { 611 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 612 }, 613 6 614 }, { 615 /* [7 PRIMITIVE] { `22222222`} */ 616 { 617 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 618 }, 619 6 620 }, { 621 /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ 622 { 623 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 624 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 625 }, 626 18 627 }, { 628 /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ 629 { 630 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 631 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 632 }, 633 18 634 }, { 635 /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ 636 { 637 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 638 0xb7, 0x09, 0x02, 0x01 639 }, 640 15 641 }, { 642 /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ 643 { 644 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 645 0xb7, 0x09, 0x02, 0x02 646 }, 647 15 648 }, { 649 /* 650 * Regression test for CVE-2023-0286. 651 */ 652 { 653 0xa3, 0x00 654 }, 655 2 656 } 657 }; 658 659 static int test_GENERAL_NAME_cmp(void) 660 { 661 size_t i, j; 662 GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) 663 * OSSL_NELEM(gennames)); 664 GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) 665 * OSSL_NELEM(gennames)); 666 int testresult = 0; 667 668 if (!TEST_ptr(namesa) || !TEST_ptr(namesb)) 669 goto end; 670 671 for (i = 0; i < OSSL_NELEM(gennames); i++) { 672 const unsigned char *derp = gennames[i].der; 673 674 /* 675 * We create two versions of each GENERAL_NAME so that we ensure when 676 * we compare them they are always different pointers. 677 */ 678 namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); 679 derp = gennames[i].der; 680 namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); 681 if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i])) 682 goto end; 683 } 684 685 /* Every name should be equal to itself and not equal to any others. */ 686 for (i = 0; i < OSSL_NELEM(gennames); i++) { 687 for (j = 0; j < OSSL_NELEM(gennames); j++) { 688 if (i == j) { 689 if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) 690 goto end; 691 } else { 692 if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) 693 goto end; 694 } 695 } 696 } 697 testresult = 1; 698 699 end: 700 for (i = 0; i < OSSL_NELEM(gennames); i++) { 701 if (namesa != NULL) 702 GENERAL_NAME_free(namesa[i]); 703 if (namesb != NULL) 704 GENERAL_NAME_free(namesb[i]); 705 } 706 OPENSSL_free(namesa); 707 OPENSSL_free(namesb); 708 709 return testresult; 710 } 711 712 int setup_tests(void) 713 { 714 ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns)); 715 ADD_TEST(test_GENERAL_NAME_cmp); 716 return 1; 717 } 718