OpenCoverage

ocsp_srv.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/ocsp/ocsp_srv.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */-
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL-
3 * project 2001.-
4 */-
5/* ====================================================================-
6 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.-
7 *-
8 * Redistribution and use in source and binary forms, with or without-
9 * modification, are permitted provided that the following conditions-
10 * are met:-
11 *-
12 * 1. Redistributions of source code must retain the above copyright-
13 * notice, this list of conditions and the following disclaimer.-
14 *-
15 * 2. Redistributions in binary form must reproduce the above copyright-
16 * notice, this list of conditions and the following disclaimer in-
17 * the documentation and/or other materials provided with the-
18 * distribution.-
19 *-
20 * 3. All advertising materials mentioning features or use of this-
21 * software must display the following acknowledgment:-
22 * "This product includes software developed by the OpenSSL Project-
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"-
24 *-
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
26 * endorse or promote products derived from this software without-
27 * prior written permission. For written permission, please contact-
28 * openssl-core@openssl.org.-
29 *-
30 * 5. Products derived from this software may not be called "OpenSSL"-
31 * nor may "OpenSSL" appear in their names without prior written-
32 * permission of the OpenSSL Project.-
33 *-
34 * 6. Redistributions of any form whatsoever must retain the following-
35 * acknowledgment:-
36 * "This product includes software developed by the OpenSSL Project-
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"-
38 *-
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
50 * OF THE POSSIBILITY OF SUCH DAMAGE.-
51 * ====================================================================-
52 *-
53 * This product includes cryptographic software written by Eric Young-
54 * (eay@cryptsoft.com). This product includes software written by Tim-
55 * Hudson (tjh@cryptsoft.com).-
56 *-
57 */-
58-
59#include <stdio.h>-
60-
61#include <openssl/err.h>-
62#include <openssl/objects.h>-
63#include <openssl/ocsp.h>-
64#include <openssl/pem.h>-
65#include <openssl/x509.h>-
66#include <openssl/x509v3.h>-
67-
68/* Utility functions related to sending OCSP responses and extracting-
69 * relevant information from the request.-
70 */-
71-
72int-
73OCSP_request_onereq_count(OCSP_REQUEST *req)-
74{-
75 return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
never executed: return sk_num(((_STACK*) (1 ? (req->tbsRequest->requestList) : (struct stack_st_OCSP_ONEREQ*)0)));
0
76}-
77-
78OCSP_ONEREQ *-
79OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)-
80{-
81 return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
never executed: return ((OCSP_ONEREQ *)sk_value(((_STACK*) (1 ? (req->tbsRequest->requestList) : (struct stack_st_OCSP_ONEREQ*)0)), (i)));
0
82}-
83-
84OCSP_CERTID *-
85OCSP_onereq_get0_id(OCSP_ONEREQ *one)-
86{-
87 return one->reqCert;
never executed: return one->reqCert;
0
88}-
89-
90int-
91OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,-
92 ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial, OCSP_CERTID *cid)-
93{-
94 if (!cid)
!cidDescription
TRUEnever evaluated
FALSEnever evaluated
0
95 return 0;
never executed: return 0;
0
96 if (pmd)
pmdDescription
TRUEnever evaluated
FALSEnever evaluated
0
97 *pmd = cid->hashAlgorithm->algorithm;
never executed: *pmd = cid->hashAlgorithm->algorithm;
0
98 if (piNameHash)
piNameHashDescription
TRUEnever evaluated
FALSEnever evaluated
0
99 *piNameHash = cid->issuerNameHash;
never executed: *piNameHash = cid->issuerNameHash;
0
100 if (pikeyHash)
pikeyHashDescription
TRUEnever evaluated
FALSEnever evaluated
0
101 *pikeyHash = cid->issuerKeyHash;
never executed: *pikeyHash = cid->issuerKeyHash;
0
102 if (pserial)
pserialDescription
TRUEnever evaluated
FALSEnever evaluated
0
103 *pserial = cid->serialNumber;
never executed: *pserial = cid->serialNumber;
0
104 return 1;
never executed: return 1;
0
105}-
106-
107int-
108OCSP_request_is_signed(OCSP_REQUEST *req)-
109{-
110 if (req->optionalSignature)
req->optionalSignatureDescription
TRUEnever evaluated
FALSEnever evaluated
0
111 return 1;
never executed: return 1;
0
112 return 0;
never executed: return 0;
0
113}-
114-
115/* Create an OCSP response and encode an optional basic response */-
116OCSP_RESPONSE *-
117OCSP_response_create(int status, OCSP_BASICRESP *bs)-
118{-
119 OCSP_RESPONSE *rsp = NULL;-
120-
121 if (!(rsp = OCSP_RESPONSE_new()))
!(rsp = OCSP_RESPONSE_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
122 goto err;
never executed: goto err;
0
123 if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
!(ASN1_ENUMERA...atus, status))Description
TRUEnever evaluated
FALSEnever evaluated
0
124 goto err;
never executed: goto err;
0
125 if (!bs)
!bsDescription
TRUEnever evaluated
FALSEnever evaluated
0
126 return rsp;
never executed: return rsp;
0
127 if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
!(rsp->respons...SPBYTES_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
128 goto err;
never executed: goto err;
0
129 rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);-
130 if (!ASN1_item_pack(bs, &OCSP_BASICRESP_it,
!ASN1_item_pac...tes->response)Description
TRUEnever evaluated
FALSEnever evaluated
0
131 &rsp->responseBytes->response))
!ASN1_item_pac...tes->response)Description
TRUEnever evaluated
FALSEnever evaluated
0
132 goto err;
never executed: goto err;
0
133 return rsp;
never executed: return rsp;
0
134-
135err:-
136 if (rsp)
rspDescription
TRUEnever evaluated
FALSEnever evaluated
0
137 OCSP_RESPONSE_free(rsp);
never executed: OCSP_RESPONSE_free(rsp);
0
138 return NULL;
never executed: return ((void *)0) ;
0
139}-
140-
141OCSP_SINGLERESP *-
142OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,-
143 int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd)-
144{-
145 OCSP_SINGLERESP *single = NULL;-
146 OCSP_CERTSTATUS *cs;-
147 OCSP_REVOKEDINFO *ri;-
148-
149 if (!rsp->tbsResponseData->responses &&
!rsp->tbsRespo...ata->responsesDescription
TRUEnever evaluated
FALSEnever evaluated
0
150 !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
!(rsp->tbsResp...k_new_null()))Description
TRUEnever evaluated
FALSEnever evaluated
0
151 goto err;
never executed: goto err;
0
152-
153 if (!(single = OCSP_SINGLERESP_new()))
!(single = OCS...GLERESP_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
154 goto err;
never executed: goto err;
0
155-
156 if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
!ASN1_TIME_to_...e->thisUpdate)Description
TRUEnever evaluated
FALSEnever evaluated
0
157 goto err;
never executed: goto err;
0
158 if (nextupd &&
nextupdDescription
TRUEnever evaluated
FALSEnever evaluated
0
159 !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
!ASN1_TIME_to_...e->nextUpdate)Description
TRUEnever evaluated
FALSEnever evaluated
0
160 goto err;
never executed: goto err;
0
161-
162 OCSP_CERTID_free(single->certId);-
163-
164 if (!(single->certId = OCSP_CERTID_dup(cid)))
!(single->cert...RTID_dup(cid))Description
TRUEnever evaluated
FALSEnever evaluated
0
165 goto err;
never executed: goto err;
0
166-
167 cs = single->certStatus;-
168 switch (cs->type = status) {-
169 case V_OCSP_CERTSTATUS_REVOKED:
never executed: case 1:
0
170 if (!revtime) {
!revtimeDescription
TRUEnever evaluated
FALSEnever evaluated
0
171 OCSPerror(OCSP_R_NO_REVOKED_TIME);-
172 goto err;
never executed: goto err;
0
173 }-
174 if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
!(cs->value.re...KEDINFO_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
175 goto err;
never executed: goto err;
0
176 if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
!ASN1_TIME_to_...evocationTime)Description
TRUEnever evaluated
FALSEnever evaluated
0
177 goto err;
never executed: goto err;
0
178 if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
reason != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
179 if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
!(ri->revocati...MERATED_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
180 goto err;
never executed: goto err;
0
181 if (!(ASN1_ENUMERATED_set(ri->revocationReason,
!(ASN1_ENUMERA...ason, reason))Description
TRUEnever evaluated
FALSEnever evaluated
0
182 reason)))
!(ASN1_ENUMERA...ason, reason))Description
TRUEnever evaluated
FALSEnever evaluated
0
183 goto err;
never executed: goto err;
0
184 }
never executed: end of block
0
185 break;
never executed: break;
0
186-
187 case V_OCSP_CERTSTATUS_GOOD:
never executed: case 0:
0
188 cs->value.good = ASN1_NULL_new();-
189 break;
never executed: break;
0
190-
191 case V_OCSP_CERTSTATUS_UNKNOWN:
never executed: case 2:
0
192 cs->value.unknown = ASN1_NULL_new();-
193 break;
never executed: break;
0
194-
195 default:
never executed: default:
0
196 goto err;
never executed: goto err;
0
197 }-
198 if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
!(sk_push(((_S...GLERESP*)0))))Description
TRUEnever evaluated
FALSEnever evaluated
0
199 goto err;
never executed: goto err;
0
200 return single;
never executed: return single;
0
201-
202err:-
203 OCSP_SINGLERESP_free(single);-
204 return NULL;
never executed: return ((void *)0) ;
0
205}-
206-
207/* Add a certificate to an OCSP request */-
208int-
209OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)-
210{-
211 if (!resp->certs && !(resp->certs = sk_X509_new_null()))
!resp->certsDescription
TRUEnever evaluated
FALSEnever evaluated
!(resp->certs ...k_new_null()))Description
TRUEnever evaluated
FALSEnever evaluated
0
212 return 0;
never executed: return 0;
0
213-
214 if (!sk_X509_push(resp->certs, cert))
!sk_push(((_ST... : (X509*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
215 return 0;
never executed: return 0;
0
216 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);-
217 return 1;
never executed: return 1;
0
218}-
219-
220int-
221OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,-
222 const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags)-
223{-
224 int i;-
225 OCSP_RESPID *rid;-
226-
227 if (!X509_check_private_key(signer, key)) {
!X509_check_pr...y(signer, key)Description
TRUEnever evaluated
FALSEnever evaluated
0
228 OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);-
229 goto err;
never executed: goto err;
0
230 }-
231-
232 if (!(flags & OCSP_NOCERTS)) {
!(flags & 0x1)Description
TRUEnever evaluated
FALSEnever evaluated
0
233 if (!OCSP_basic_add1_cert(brsp, signer))
!OCSP_basic_ad...(brsp, signer)Description
TRUEnever evaluated
FALSEnever evaluated
0
234 goto err;
never executed: goto err;
0
235 for (i = 0; i < sk_X509_num(certs); i++) {
i < sk_num(((_..._st_X509*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
236 X509 *tmpcert = sk_X509_value(certs, i);-
237 if (!OCSP_basic_add1_cert(brsp, tmpcert))
!OCSP_basic_ad...brsp, tmpcert)Description
TRUEnever evaluated
FALSEnever evaluated
0
238 goto err;
never executed: goto err;
0
239 }
never executed: end of block
0
240 }
never executed: end of block
0
241-
242 rid = brsp->tbsResponseData->responderId;-
243 if (flags & OCSP_RESPID_KEY) {
flags & 0x400Description
TRUEnever evaluated
FALSEnever evaluated
0
244 unsigned char md[SHA_DIGEST_LENGTH];-
245-
246 X509_pubkey_digest(signer, EVP_sha1(), md, NULL);-
247 if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
!(rid->value.b..._STRING_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
248 goto err;
never executed: goto err;
0
249 if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md,
!(ASN1_OCTET_S...yKey, md, 20))Description
TRUEnever evaluated
FALSEnever evaluated
0
250 SHA_DIGEST_LENGTH)))
!(ASN1_OCTET_S...yKey, md, 20))Description
TRUEnever evaluated
FALSEnever evaluated
0
251 goto err;
never executed: goto err;
0
252 rid->type = V_OCSP_RESPID_KEY;-
253 } else {
never executed: end of block
0
254 if (!X509_NAME_set(&rid->value.byName,
!X509_NAME_set..._name(signer))Description
TRUEnever evaluated
FALSEnever evaluated
0
255 X509_get_subject_name(signer)))
!X509_NAME_set..._name(signer))Description
TRUEnever evaluated
FALSEnever evaluated
0
256 goto err;
never executed: goto err;
0
257 rid->type = V_OCSP_RESPID_NAME;-
258 }
never executed: end of block
0
259-
260 if (!(flags & OCSP_NOTIME) &&
!(flags & 0x800)Description
TRUEnever evaluated
FALSEnever evaluated
0
261 !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL)))
!ASN1_GENERALI...((void *)0) ))Description
TRUEnever evaluated
FALSEnever evaluated
0
262 goto err;
never executed: goto err;
0
263-
264 /* Right now, I think that not doing double hashing is the right-
265 thing. -- Richard Levitte */-
266-
267 if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
!ASN1_item_sig...Data,key,dgst)Description
TRUEnever evaluated
FALSEnever evaluated
0
268 goto err;
never executed: goto err;
0
269-
270 return 1;
never executed: return 1;
0
271-
272err:-
273 return 0;
never executed: return 0;
0
274}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2