Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | #include <openssl/ocsp.h> | - |
60 | #include <openssl/err.h> | - |
61 | #include <string.h> | - |
62 | | - |
63 | static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, | - |
64 | STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); | - |
65 | static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); | - |
66 | static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, | - |
67 | unsigned long flags); | - |
68 | static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); | - |
69 | static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, | - |
70 | STACK_OF(OCSP_SINGLERESP) *sresp); | - |
71 | static int ocsp_check_delegated(X509 *x, int flags); | - |
72 | static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, | - |
73 | X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, | - |
74 | unsigned long flags); | - |
75 | | - |
76 | | - |
77 | int | - |
78 | OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | - |
79 | unsigned long flags) | - |
80 | { | - |
81 | X509 *signer, *x; | - |
82 | STACK_OF(X509) *chain = NULL; | - |
83 | STACK_OF(X509) *untrusted = NULL; | - |
84 | X509_STORE_CTX ctx; | - |
85 | int i, ret = 0; | - |
86 | | - |
87 | ret = ocsp_find_signer(&signer, bs, certs, st, flags); | - |
88 | if (!ret) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
89 | OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); | - |
90 | goto end; never executed: goto end; | 0 |
91 | } | - |
92 | if ((ret == 2) && (flags & OCSP_TRUSTOTHER))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
93 | flags |= OCSP_NOVERIFY; never executed: flags |= 0x10; | 0 |
94 | if (!(flags & OCSP_NOSIGS)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
95 | EVP_PKEY *skey; | - |
96 | | - |
97 | skey = X509_get_pubkey(signer); | - |
98 | if (skey) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
99 | ret = OCSP_BASICRESP_verify(bs, skey, 0); | - |
100 | EVP_PKEY_free(skey); | - |
101 | } never executed: end of block | 0 |
102 | if (!skey || ret <= 0) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
103 | OCSPerror(OCSP_R_SIGNATURE_FAILURE); | - |
104 | goto end; never executed: goto end; | 0 |
105 | } | - |
106 | } never executed: end of block | 0 |
107 | if (!(flags & OCSP_NOVERIFY)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
108 | int init_res; | - |
109 | | - |
110 | if (flags & OCSP_NOCHAIN) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
111 | untrusted = NULL; | - |
112 | } else if (bs->certs && certs) { never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
113 | untrusted = sk_X509_dup(bs->certs); | - |
114 | for (i = 0; i < sk_X509_num(certs); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
115 | if (!sk_X509_push(untrusted,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
116 | sk_X509_value(certs, i))) { | - |
117 | OCSPerror(ERR_R_MALLOC_FAILURE); | - |
118 | goto end; never executed: goto end; | 0 |
119 | } | - |
120 | } never executed: end of block | 0 |
121 | } else never executed: end of block | 0 |
122 | untrusted = bs->certs; never executed: untrusted = bs->certs; | 0 |
123 | init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); | - |
124 | if (!init_res) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
125 | ret = -1; | - |
126 | OCSPerror(ERR_R_X509_LIB); | - |
127 | goto end; never executed: goto end; | 0 |
128 | } | - |
129 | | - |
130 | if (X509_STORE_CTX_set_purpose(&ctx,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
131 | X509_PURPOSE_OCSP_HELPER) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
132 | X509_STORE_CTX_cleanup(&ctx); | - |
133 | ret = -1; | - |
134 | goto end; never executed: goto end; | 0 |
135 | } | - |
136 | ret = X509_verify_cert(&ctx); | - |
137 | chain = X509_STORE_CTX_get1_chain(&ctx); | - |
138 | X509_STORE_CTX_cleanup(&ctx); | - |
139 | if (ret <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
140 | i = X509_STORE_CTX_get_error(&ctx); | - |
141 | OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR); | - |
142 | ERR_asprintf_error_data("Verify error:%s", | - |
143 | X509_verify_cert_error_string(i)); | - |
144 | goto end; never executed: goto end; | 0 |
145 | } | - |
146 | if (flags & OCSP_NOCHECKS) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
147 | ret = 1; | - |
148 | goto end; never executed: goto end; | 0 |
149 | } | - |
150 | | - |
151 | | - |
152 | | - |
153 | ret = ocsp_check_issuer(bs, chain, flags); | - |
154 | | - |
155 | | - |
156 | if (ret != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
157 | goto end; never executed: goto end; | 0 |
158 | | - |
159 | | - |
160 | | - |
161 | | - |
162 | if (flags & OCSP_NOEXPLICIT)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
163 | goto end; never executed: goto end; | 0 |
164 | | - |
165 | x = sk_X509_value(chain, sk_X509_num(chain) - 1); | - |
166 | if (X509_check_trust(x, NID_OCSP_sign, 0) !=TRUE | never evaluated | FALSE | never evaluated |
| 0 |
167 | X509_TRUST_TRUSTED) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
168 | OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED); | - |
169 | goto end; never executed: goto end; | 0 |
170 | } | - |
171 | ret = 1; | - |
172 | } never executed: end of block | 0 |
173 | | - |
174 | end: code before this statement never executed: end: | 0 |
175 | if (chain)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
176 | sk_X509_pop_free(chain, X509_free); never executed: sk_pop_free(((_STACK*) (1 ? (chain) : (struct stack_st_X509*)0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 *))0)))); | 0 |
177 | if (bs->certs && certs)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
178 | sk_X509_free(untrusted); never executed: sk_free(((_STACK*) (1 ? (untrusted) : (struct stack_st_X509*)0))); | 0 |
179 | return ret; never executed: return ret; | 0 |
180 | } | - |
181 | | - |
182 | static int | - |
183 | ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, | - |
184 | X509_STORE *st, unsigned long flags) | - |
185 | { | - |
186 | X509 *signer; | - |
187 | OCSP_RESPID *rid = bs->tbsResponseData->responderId; | - |
188 | | - |
189 | if ((signer = ocsp_find_signer_sk(certs, rid))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
190 | *psigner = signer; | - |
191 | return 2; never executed: return 2; | 0 |
192 | } | - |
193 | if (!(flags & OCSP_NOINTERN) &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
194 | (signer = ocsp_find_signer_sk(bs->certs, rid))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
195 | *psigner = signer; | - |
196 | return 1; never executed: return 1; | 0 |
197 | } | - |
198 | | - |
199 | | - |
200 | *psigner = NULL; | - |
201 | return 0; never executed: return 0; | 0 |
202 | } | - |
203 | | - |
204 | static X509 * | - |
205 | ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) | - |
206 | { | - |
207 | int i; | - |
208 | unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; | - |
209 | X509 *x; | - |
210 | | - |
211 | | - |
212 | if (id->type == V_OCSP_RESPID_NAME)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
213 | return X509_find_by_subject(certs, id->value.byName); never executed: return X509_find_by_subject(certs, id->value.byName); | 0 |
214 | | - |
215 | | - |
216 | | - |
217 | | - |
218 | if (id->value.byKey->length != SHA_DIGEST_LENGTH)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
219 | return NULL; never executed: return ((void *)0) ; | 0 |
220 | keyhash = id->value.byKey->data; | - |
221 | | - |
222 | for (i = 0; i < sk_X509_num(certs); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
223 | x = sk_X509_value(certs, i); | - |
224 | X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); | - |
225 | if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
226 | return x; never executed: return x; | 0 |
227 | } never executed: end of block | 0 |
228 | return NULL; never executed: return ((void *)0) ; | 0 |
229 | } | - |
230 | | - |
231 | static int | - |
232 | ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, | - |
233 | unsigned long flags) | - |
234 | { | - |
235 | STACK_OF(OCSP_SINGLERESP) *sresp; | - |
236 | X509 *signer, *sca; | - |
237 | OCSP_CERTID *caid = NULL; | - |
238 | int i; | - |
239 | | - |
240 | sresp = bs->tbsResponseData->responses; | - |
241 | | - |
242 | if (sk_X509_num(chain) <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
243 | OCSPerror(OCSP_R_NO_CERTIFICATES_IN_CHAIN); | - |
244 | return -1; never executed: return -1; | 0 |
245 | } | - |
246 | | - |
247 | | - |
248 | i = ocsp_check_ids(sresp, &caid); | - |
249 | | - |
250 | | - |
251 | if (i <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
252 | return i; never executed: return i; | 0 |
253 | | - |
254 | signer = sk_X509_value(chain, 0); | - |
255 | | - |
256 | if (sk_X509_num(chain) > 1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
257 | sca = sk_X509_value(chain, 1); | - |
258 | i = ocsp_match_issuerid(sca, caid, sresp); | - |
259 | if (i < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
260 | return i; never executed: return i; | 0 |
261 | if (i) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
262 | | - |
263 | if (ocsp_check_delegated(signer, flags))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
264 | return 1; never executed: return 1; | 0 |
265 | return 0; never executed: return 0; | 0 |
266 | } | - |
267 | } never executed: end of block | 0 |
268 | | - |
269 | | - |
270 | return ocsp_match_issuerid(signer, caid, sresp); never executed: return ocsp_match_issuerid(signer, caid, sresp); | 0 |
271 | } | - |
272 | | - |
273 | | - |
274 | | - |
275 | | - |
276 | | - |
277 | static int | - |
278 | ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) | - |
279 | { | - |
280 | OCSP_CERTID *tmpid, *cid; | - |
281 | int i, idcount; | - |
282 | | - |
283 | idcount = sk_OCSP_SINGLERESP_num(sresp); | - |
284 | if (idcount <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
285 | OCSPerror(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); | - |
286 | return -1; never executed: return -1; | 0 |
287 | } | - |
288 | | - |
289 | cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; | - |
290 | | - |
291 | *ret = NULL; | - |
292 | | - |
293 | for (i = 1; i < idcount; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
294 | tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; | - |
295 | | - |
296 | if (OCSP_id_issuer_cmp(cid, tmpid)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
297 | return 0; never executed: return 0; | 0 |
298 | } | - |
299 | } never executed: end of block | 0 |
300 | | - |
301 | | - |
302 | *ret = cid; | - |
303 | return 1; never executed: return 1; | 0 |
304 | } | - |
305 | | - |
306 | static int | - |
307 | ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, | - |
308 | STACK_OF(OCSP_SINGLERESP) *sresp) | - |
309 | { | - |
310 | | - |
311 | if (cid) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
312 | const EVP_MD *dgst; | - |
313 | X509_NAME *iname; | - |
314 | int mdlen; | - |
315 | unsigned char md[EVP_MAX_MD_SIZE]; | - |
316 | | - |
317 | if (!(dgst =TRUE | never evaluated | FALSE | never evaluated |
| 0 |
318 | EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
319 | OCSPerror(OCSP_R_UNKNOWN_MESSAGE_DIGEST); | - |
320 | return -1; never executed: return -1; | 0 |
321 | } | - |
322 | | - |
323 | mdlen = EVP_MD_size(dgst); | - |
324 | if (mdlen < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
325 | return -1; never executed: return -1; | 0 |
326 | if (cid->issuerNameHash->length != mdlen ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
327 | cid->issuerKeyHash->length != mdlen)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
328 | return 0; never executed: return 0; | 0 |
329 | iname = X509_get_subject_name(cert); | - |
330 | if (!X509_NAME_digest(iname, dgst, md, NULL))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
331 | return -1; never executed: return -1; | 0 |
332 | if (memcmp(md, cid->issuerNameHash->data, mdlen))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
333 | return 0; never executed: return 0; | 0 |
334 | X509_pubkey_digest(cert, dgst, md, NULL); | - |
335 | if (memcmp(md, cid->issuerKeyHash->data, mdlen))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
336 | return 0; never executed: return 0; | 0 |
337 | | - |
338 | return 1; never executed: return 1; | 0 |
339 | } else { | - |
340 | | - |
341 | int i, ret; | - |
342 | OCSP_CERTID *tmpid; | - |
343 | | - |
344 | for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
345 | tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; | - |
346 | ret = ocsp_match_issuerid(cert, tmpid, NULL); | - |
347 | if (ret <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
348 | return ret; never executed: return ret; | 0 |
349 | } never executed: end of block | 0 |
350 | return 1; never executed: return 1; | 0 |
351 | } | - |
352 | } | - |
353 | | - |
354 | static int | - |
355 | ocsp_check_delegated(X509 *x, int flags) | - |
356 | { | - |
357 | X509_check_purpose(x, -1, 0); | - |
358 | if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
359 | return 1; never executed: return 1; | 0 |
360 | OCSPerror(OCSP_R_MISSING_OCSPSIGNING_USAGE); | - |
361 | return 0; never executed: return 0; | 0 |
362 | } | - |
363 | | - |
364 | | - |
365 | | - |
366 | | - |
367 | | - |
368 | int | - |
369 | OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, | - |
370 | unsigned long flags) | - |
371 | { | - |
372 | X509 *signer; | - |
373 | X509_NAME *nm; | - |
374 | GENERAL_NAME *gen; | - |
375 | int ret; | - |
376 | X509_STORE_CTX ctx; | - |
377 | | - |
378 | if (!req->optionalSignature) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
379 | OCSPerror(OCSP_R_REQUEST_NOT_SIGNED); | - |
380 | return 0; never executed: return 0; | 0 |
381 | } | - |
382 | gen = req->tbsRequest->requestorName; | - |
383 | if (!gen || gen->type != GEN_DIRNAME) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
384 | OCSPerror(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); | - |
385 | return 0; never executed: return 0; | 0 |
386 | } | - |
387 | nm = gen->d.directoryName; | - |
388 | ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); | - |
389 | if (ret <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
390 | OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); | - |
391 | return 0; never executed: return 0; | 0 |
392 | } | - |
393 | if ((ret == 2) && (flags & OCSP_TRUSTOTHER))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
394 | flags |= OCSP_NOVERIFY; never executed: flags |= 0x10; | 0 |
395 | if (!(flags & OCSP_NOSIGS)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
396 | EVP_PKEY *skey; | - |
397 | | - |
398 | skey = X509_get_pubkey(signer); | - |
399 | ret = OCSP_REQUEST_verify(req, skey); | - |
400 | EVP_PKEY_free(skey); | - |
401 | if (ret <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
402 | OCSPerror(OCSP_R_SIGNATURE_FAILURE); | - |
403 | return 0; never executed: return 0; | 0 |
404 | } | - |
405 | } never executed: end of block | 0 |
406 | if (!(flags & OCSP_NOVERIFY)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
407 | int init_res; | - |
408 | | - |
409 | if (flags & OCSP_NOCHAIN)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
410 | init_res = X509_STORE_CTX_init(&ctx, store, signer, never executed: init_res = X509_STORE_CTX_init(&ctx, store, signer, ((void *)0) ); | 0 |
411 | NULL); never executed: init_res = X509_STORE_CTX_init(&ctx, store, signer, ((void *)0) ); | 0 |
412 | else | - |
413 | init_res = X509_STORE_CTX_init(&ctx, store, signer, never executed: init_res = X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs); | 0 |
414 | req->optionalSignature->certs); never executed: init_res = X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs); | 0 |
415 | if (!init_res) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
416 | OCSPerror(ERR_R_X509_LIB); | - |
417 | return 0; never executed: return 0; | 0 |
418 | } | - |
419 | | - |
420 | if (X509_STORE_CTX_set_purpose(&ctx,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
421 | X509_PURPOSE_OCSP_HELPER) == 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
422 | X509_STORE_CTX_set_trust(&ctx,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
423 | X509_TRUST_OCSP_REQUEST) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
424 | X509_STORE_CTX_cleanup(&ctx); | - |
425 | return 0; never executed: return 0; | 0 |
426 | } | - |
427 | ret = X509_verify_cert(&ctx); | - |
428 | X509_STORE_CTX_cleanup(&ctx); | - |
429 | if (ret <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
430 | ret = X509_STORE_CTX_get_error(&ctx); | - |
431 | OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR); | - |
432 | ERR_asprintf_error_data("Verify error:%s", | - |
433 | X509_verify_cert_error_string(ret)); | - |
434 | return 0; never executed: return 0; | 0 |
435 | } | - |
436 | } never executed: end of block | 0 |
437 | return 1; never executed: return 1; | 0 |
438 | } | - |
439 | | - |
440 | static int | - |
441 | ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, | - |
442 | STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags) | - |
443 | { | - |
444 | X509 *signer; | - |
445 | | - |
446 | if (!(flags & OCSP_NOINTERN)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
447 | signer = X509_find_by_subject(req->optionalSignature->certs, nm); | - |
448 | if (signer) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
449 | *psigner = signer; | - |
450 | return 1; never executed: return 1; | 0 |
451 | } | - |
452 | } never executed: end of block | 0 |
453 | | - |
454 | signer = X509_find_by_subject(certs, nm); | - |
455 | if (signer) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
456 | *psigner = signer; | - |
457 | return 2; never executed: return 2; | 0 |
458 | } | - |
459 | return 0; never executed: return 0; | 0 |
460 | } | - |
| | |