OpenCoverage

ocsp_lib.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/ocsp/ocsp_lib.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ocsp_lib.c,v 1.23 2018/08/24 20:03:21 tb Exp $ */-
2/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL-
3 * project. */-
4-
5/* History:-
6 This file was transfered to Richard Levitte from CertCo by Kathy-
7 Weinhold in mid-spring 2000 to be included in OpenSSL or released-
8 as a patch kit. */-
9-
10/* ====================================================================-
11 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.-
12 *-
13 * Redistribution and use in source and binary forms, with or without-
14 * modification, are permitted provided that the following conditions-
15 * are met:-
16 *-
17 * 1. Redistributions of source code must retain the above copyright-
18 * notice, this list of conditions and the following disclaimer.-
19 *-
20 * 2. Redistributions in binary form must reproduce the above copyright-
21 * notice, this list of conditions and the following disclaimer in-
22 * the documentation and/or other materials provided with the-
23 * distribution.-
24 *-
25 * 3. All advertising materials mentioning features or use of this-
26 * software must display the following acknowledgment:-
27 * "This product includes software developed by the OpenSSL Project-
28 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"-
29 *-
30 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
31 * endorse or promote products derived from this software without-
32 * prior written permission. For written permission, please contact-
33 * openssl-core@openssl.org.-
34 *-
35 * 5. Products derived from this software may not be called "OpenSSL"-
36 * nor may "OpenSSL" appear in their names without prior written-
37 * permission of the OpenSSL Project.-
38 *-
39 * 6. Redistributions of any form whatsoever must retain the following-
40 * acknowledgment:-
41 * "This product includes software developed by the OpenSSL Project-
42 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"-
43 *-
44 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
45 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
47 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
48 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
49 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
50 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
51 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
53 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
54 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
55 * OF THE POSSIBILITY OF SUCH DAMAGE.-
56 * ====================================================================-
57 *-
58 * This product includes cryptographic software written by Eric Young-
59 * (eay@cryptsoft.com). This product includes software written by Tim-
60 * Hudson (tjh@cryptsoft.com).-
61 *-
62 */-
63-
64#include <stdio.h>-
65#include <string.h>-
66-
67#include <openssl/opensslconf.h>-
68-
69#include <openssl/asn1t.h>-
70#include <openssl/err.h>-
71#include <openssl/objects.h>-
72#include <openssl/ocsp.h>-
73#include <openssl/pem.h>-
74#include <openssl/x509.h>-
75#include <openssl/x509v3.h>-
76-
77/* Convert a certificate and its issuer to an OCSP_CERTID */-
78-
79OCSP_CERTID *-
80OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer)-
81{-
82 X509_NAME *iname;-
83 const ASN1_INTEGER *serial;-
84 ASN1_BIT_STRING *ikey;-
85-
86#ifndef OPENSSL_NO_SHA1-
87 if (!dgst)
!dgstDescription
TRUEnever evaluated
FALSEnever evaluated
0
88 dgst = EVP_sha1();
never executed: dgst = EVP_sha1();
0
89#endif-
90 if (subject) {
subjectDescription
TRUEnever evaluated
FALSEnever evaluated
0
91 iname = X509_get_issuer_name(subject);-
92 serial = X509_get0_serialNumber(subject);-
93 } else {
never executed: end of block
0
94 iname = X509_get_subject_name(issuer);-
95 serial = NULL;-
96 }
never executed: end of block
0
97 ikey = X509_get0_pubkey_bitstr(issuer);-
98 return OCSP_cert_id_new(dgst, iname, ikey, serial);
never executed: return OCSP_cert_id_new(dgst, iname, ikey, serial);
0
99}-
100-
101OCSP_CERTID *-
102OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,-
103 const ASN1_BIT_STRING *issuerKey, const ASN1_INTEGER *serialNumber)-
104{-
105 int nid;-
106 unsigned int i;-
107 X509_ALGOR *alg;-
108 OCSP_CERTID *cid = NULL;-
109 unsigned char md[EVP_MAX_MD_SIZE];-
110-
111 if (!(cid = OCSP_CERTID_new()))
!(cid = OCSP_CERTID_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
112 goto err;
never executed: goto err;
0
113-
114 alg = cid->hashAlgorithm;-
115 if (alg->algorithm != NULL)
alg->algorithm != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
116 ASN1_OBJECT_free(alg->algorithm);
never executed: ASN1_OBJECT_free(alg->algorithm);
0
117 if ((nid = EVP_MD_type(dgst)) == NID_undef) {
(nid = EVP_MD_type(dgst)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
118 OCSPerror(OCSP_R_UNKNOWN_NID);-
119 goto err;
never executed: goto err;
0
120 }-
121 if (!(alg->algorithm = OBJ_nid2obj(nid)))
!(alg->algorit..._nid2obj(nid))Description
TRUEnever evaluated
FALSEnever evaluated
0
122 goto err;
never executed: goto err;
0
123 if ((alg->parameter = ASN1_TYPE_new()) == NULL)
(alg->paramete...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
124 goto err;
never executed: goto err;
0
125 alg->parameter->type = V_ASN1_NULL;-
126-
127 if (!X509_NAME_digest(issuerName, dgst, md, &i))
!X509_NAME_dig... dgst, md, &i)Description
TRUEnever evaluated
FALSEnever evaluated
0
128 goto digerr;
never executed: goto digerr;
0
129 if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
!(ASN1_OCTET_S...eHash, md, i))Description
TRUEnever evaluated
FALSEnever evaluated
0
130 goto err;
never executed: goto err;
0
131-
132 /* Calculate the issuerKey hash, excluding tag and length */-
133 if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
!EVP_Digest(is... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
134 goto err;
never executed: goto err;
0
135-
136 if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
!(ASN1_OCTET_S...yHash, md, i))Description
TRUEnever evaluated
FALSEnever evaluated
0
137 goto err;
never executed: goto err;
0
138-
139 if (serialNumber) {
serialNumberDescription
TRUEnever evaluated
FALSEnever evaluated
0
140 ASN1_INTEGER_free(cid->serialNumber);-
141 if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
!(cid->serialN...serialNumber))Description
TRUEnever evaluated
FALSEnever evaluated
0
142 goto err;
never executed: goto err;
0
143 }
never executed: end of block
0
144 return cid;
never executed: return cid;
0
145-
146digerr:-
147 OCSPerror(OCSP_R_DIGEST_ERR);-
148err:
code before this statement never executed: err:
0
149 if (cid)
cidDescription
TRUEnever evaluated
FALSEnever evaluated
0
150 OCSP_CERTID_free(cid);
never executed: OCSP_CERTID_free(cid);
0
151 return NULL;
never executed: return ((void *)0) ;
0
152}-
153-
154int-
155OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)-
156{-
157 int ret;-
158-
159 ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);-
160 if (ret)
retDescription
TRUEnever evaluated
FALSEnever evaluated
0
161 return ret;
never executed: return ret;
0
162 ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);-
163 if (ret)
retDescription
TRUEnever evaluated
FALSEnever evaluated
0
164 return ret;
never executed: return ret;
0
165 return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
never executed: return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
0
166}-
167-
168int-
169OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)-
170{-
171 int ret;-
172-
173 ret = OCSP_id_issuer_cmp(a, b);-
174 if (ret)
retDescription
TRUEnever evaluated
FALSEnever evaluated
0
175 return ret;
never executed: return ret;
0
176 return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
never executed: return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
0
177}-
178-
179/* Parse a URL and split it up into host, port and path components and whether-
180 * it is SSL.-
181 */-
182int-
183OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,-
184 int *pssl)-
185{-
186 char *host, *path, *port, *tmp;-
187-
188 *phost = *pport = *ppath = NULL;-
189 *pssl = 0;-
190-
191 if (strncmp(url, "https://", 8) == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( url ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "https://" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__..." , 8 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( 8 )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( url )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( url )...size_t) ( 8 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...( "https://" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "http...size_t) ( 8 ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
192 *pssl = 1;-
193 host = strdup(url + 8);
never executed: __retval = (char *) memcpy (__retval, url + 8 , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( url + 8 )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...rl + 8 ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
194 } else if (strncmp(url, "http://", 7) == 0)
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( url ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "http://" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__..." , 7 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( 7 )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( url )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( url )...size_t) ( 7 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons... ( "http://" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "http...size_t) ( 7 ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
195 host = strdup(url + 7);
never executed: host = (__extension__ (__builtin_constant_p ( url + 7 ) && ((size_t)(const void *)(( url + 7 ) + 1) - (size_t)(const void *)( url + 7 ) == 1) ? (((const char *) ( url + 7 ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( url + 7 ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, url + 7 , __len); __retval; })) : __strdup ( url + 7 ))) ;
never executed: __retval = (char *) memcpy (__retval, url + 7 , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( url + 7 )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...rl + 7 ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
196 else {-
197 OCSPerror(OCSP_R_ERROR_PARSING_URL);-
198 return 0;
never executed: return 0;
0
199 }-
200 if (host == NULL) {
host == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
201 OCSPerror(ERR_R_MALLOC_FAILURE);-
202 return 0;
never executed: return 0;
0
203 }-
204-
205 if ((tmp = strchr(host, '/')) != NULL) {
(tmp = (__exte...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( '/' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( host )Description
TRUEnever evaluated
FALSEnever evaluated
( '/' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
206 path = strdup(tmp);
never executed: __retval = (char *) memcpy (__retval, tmp , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( tmp )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...)( tmp ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
207 *tmp = '\0';-
208 } else
never executed: end of block
0
209 path = strdup("/");
never executed: path = (__extension__ (__builtin_constant_p ( "/" ) && ((size_t)(const void *)(( "/" ) + 1) - (size_t)(const void *)( "/" ) == 1) ? (((const char *) ( "/" ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( "/" ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, "/" , __len); __retval; })) : __strdup ( "/" ))) ;
never executed: __retval = (char *) memcpy (__retval, "/" , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( "/" )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...)( "/" ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
210-
211 if ((tmp = strchr(host, ':')) != NULL ) {
(tmp = (__exte...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ':' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( host )Description
TRUEnever evaluated
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
212 port = strdup(tmp + 1);
never executed: __retval = (char *) memcpy (__retval, tmp + 1 , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( tmp + 1 )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...mp + 1 ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
213 *tmp = '\0';-
214 } else {
never executed: end of block
0
215 if (*pssl)
*psslDescription
TRUEnever evaluated
FALSEnever evaluated
0
216 port = strdup("443");
never executed: port = (__extension__ (__builtin_constant_p ( "443" ) && ((size_t)(const void *)(( "443" ) + 1) - (size_t)(const void *)( "443" ) == 1) ? (((const char *) ( "443" ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( "443" ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, "443" , __len); __retval; })) : __strdup ( "443" ))) ;
never executed: __retval = (char *) memcpy (__retval, "443" , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( "443" )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons... "443" ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
217 else-
218 port = strdup("80");
never executed: port = (__extension__ (__builtin_constant_p ( "80" ) && ((size_t)(const void *)(( "80" ) + 1) - (size_t)(const void *)( "80" ) == 1) ? (((const char *) ( "80" ))[0] == '\0' ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen ( "80" ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)) __retval = (char *) memcpy (__retval, "80" , __len); __retval; })) : __strdup ( "80" ))) ;
never executed: __retval = (char *) memcpy (__retval, "80" , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( "80" )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( "80" ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
219 }-
220-
221 if (path == NULL || port == NULL) {
path == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
port == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
222 free(host);-
223 free(path);-
224 free(port);-
225 OCSPerror(ERR_R_MALLOC_FAILURE);-
226 return 0;
never executed: return 0;
0
227 }-
228-
229 *phost = host;-
230 *ppath = path;-
231 *pport = port;-
232 return 1;
never executed: return 1;
0
233}-
234-
235OCSP_CERTID *-
236OCSP_CERTID_dup(OCSP_CERTID *x)-
237{-
238 return ASN1_item_dup(&OCSP_CERTID_it, x);
never executed: return ASN1_item_dup(&OCSP_CERTID_it, x);
0
239}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2