OpenCoverage

tls_ocsp.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/tls/tls_ocsp.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3-
4-
5static struct tls_ocsp *-
6tls_ocsp_new(void)-
7{-
8 return
executed 8 times by 1 test: return (calloc(1, sizeof(struct tls_ocsp)));
Executed by:
  • tlstest
 (calloc(1, sizeof(struct tls_ocsp)));
executed 8 times by 1 test: return (calloc(1, sizeof(struct tls_ocsp)));
Executed by:
  • tlstest
8
9}-
10-
11void-
12tls_ocsp_free(struct tls_ocsp *ocsp)-
13{-
14 if (ocsp ==
ocsp == ((void *)0)Description
TRUEevaluated 78 times by 2 tests
Evaluated by:
  • tlstest
  • verifytest
FALSEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
8-78
15 ((void *)0)
ocsp == ((void *)0)Description
TRUEevaluated 78 times by 2 tests
Evaluated by:
  • tlstest
  • verifytest
FALSEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
8-78
16 )-
17 return;
executed 78 times by 2 tests: return;
Executed by:
  • tlstest
  • verifytest
78
18-
19 X509_free(ocsp->main_cert);-
20 free(ocsp->ocsp_result);-
21 free(ocsp->ocsp_url);-
22-
23 free(ocsp);-
24}
executed 8 times by 1 test: end of block
Executed by:
  • tlstest
8
25-
26static int-
27tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_time)-
28{-
29 struct tm tm;-
30-
31 if (gt ==
gt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
32 ((void *)0)
gt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
33 )-
34 return
never executed: return -1;
 -1;
never executed: return -1;
0
35-
36 if (ASN1_time_parse(gt->data, gt->length, &tm,
ASN1_time_pars...&tm, 24) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
37 24) == -1
ASN1_time_pars...&tm, 24) == -1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
38 return
never executed: return -1;
 -1;
never executed: return -1;
0
39 if ((*
(*gt_time = timegm(&tm)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
gt_time = timegm(&tm)) == -1
(*gt_time = timegm(&tm)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
40 return
never executed: return -1;
 -1;
never executed: return -1;
0
41 return
never executed: return 0;
 0;
never executed: return 0;
0
42}-
43-
44static int-
45tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,-
46 int crl_reason, ASN1_GENERALIZEDTIME *revtime,-
47 ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd)-
48{-
49 struct tls_ocsp_result *info = -
50 ((void *)0)-
51 ;-
52-
53 free(ctx->ocsp->ocsp_result);-
54 ctx->ocsp->ocsp_result = -
55 ((void *)0)-
56 ;-
57-
58 if ((
(info = calloc...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
info = calloc(1, sizeof (struct tls_ocsp_result))) ==
(info = calloc...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
59 ((void *)0)
(info = calloc...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
60 ) {-
61 tls_set_error(ctx, "calloc");-
62 return
never executed: return -1;
 -1;
never executed: return -1;
0
63 }-
64 info->response_status = response_status;-
65 info->cert_status = cert_status;-
66 info->crl_reason = crl_reason;-
67 if (info->response_status != 0
info->response_status != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
68 info->result_msg =-
69 OCSP_response_status_str(info->response_status);-
70 }
never executed: end of block
 else if (info->cert_status != 1
info->cert_status != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
71 info->result_msg = OCSP_cert_status_str(info->cert_status);-
72 }
never executed: end of block
 else {		0
73 info->result_msg = OCSP_crl_reason_str(info->crl_reason);-
74 }
never executed: end of block
0
75 info->revocation_time = info->this_update = info->next_update = -1;-
76 if (revtime !=
revtime != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
77 ((void *)0)
revtime != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
78 &&-
79 tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0
tls_ocsp_asn1_...ion_time) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
80 tls_set_error(ctx,-
81 "unable to parse revocation time in OCSP reply");-
82 goto
never executed: goto err;
 err;
never executed: goto err;
0
83 }-
84 if (thisupd !=
thisupd != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
85 ((void *)0)
thisupd != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
86 &&-
87 tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0
tls_ocsp_asn1_...s_update) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
88 tls_set_error(ctx,-
89 "unable to parse this update time in OCSP reply");-
90 goto
never executed: goto err;
 err;
never executed: goto err;
0
91 }-
92 if (nextupd !=
nextupd != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
93 ((void *)0)
nextupd != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
94 &&-
95 tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0
tls_ocsp_asn1_...t_update) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
96 tls_set_error(ctx,-
97 "unable to parse next update time in OCSP reply");-
98 goto
never executed: goto err;
 err;
never executed: goto err;
0
99 }-
100 ctx->ocsp->ocsp_result = info;-
101 return
never executed: return 0;
 0;
never executed: return 0;
0
102-
103 err:-
104 free(info);-
105 return
never executed: return -1;
 -1;
never executed: return -1;
0
106}-
107-
108static OCSP_CERTID *-
109tls_ocsp_get_certid(X509 *main_cert, struct stack_st_X509 *extra_certs,-
110 SSL_CTX *ssl_ctx)-
111{-
112 X509_NAME *issuer_name;-
113 X509 *issuer;-
114 X509_STORE_CTX storectx;-
115 X509_OBJECT tmpobj;-
116 OCSP_CERTID *cid = -
117 ((void *)0)-
118 ;-
119 X509_STORE *store;-
120-
121 if ((
(issuer_name =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
issuer_name = X509_get_issuer_name(main_cert)) ==
(issuer_name =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
122 ((void *)0)
(issuer_name =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
123 )-
124 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
125 ((void *)0)
never executed: return ((void *)0) ;
0
126 ;
never executed: return ((void *)0) ;
0
127-
128 if (extra_certs !=
extra_certs != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
129 ((void *)0)
extra_certs != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
130 ) {-
131 issuer = X509_find_by_subject(extra_certs, issuer_name);-
132 if (issuer !=
issuer != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
133 ((void *)0)
issuer != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
134 )-
135 return
never executed: return OCSP_cert_to_id( ((void *)0) , main_cert, issuer);
 OCSP_cert_to_id(
never executed: return OCSP_cert_to_id( ((void *)0) , main_cert, issuer);
0
136 ((void *)0)
never executed: return OCSP_cert_to_id( ((void *)0) , main_cert, issuer);
0
137 , main_cert, issuer);
never executed: return OCSP_cert_to_id( ((void *)0) , main_cert, issuer);
0
138 }
never executed: end of block
0
139-
140 if ((
(store = SSL_C...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
store = SSL_CTX_get_cert_store(ssl_ctx)) ==
(store = SSL_C...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
141 ((void *)0)
(store = SSL_C...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
142 )-
143 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
144 ((void *)0)
never executed: return ((void *)0) ;
0
145 ;
never executed: return ((void *)0) ;
0
146 if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1
X509_STORE_CTX...ra_certs) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
147 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
148 ((void *)0)
never executed: return ((void *)0) ;
0
149 ;
never executed: return ((void *)0) ;
0
150 if (X509_STORE_get_by_subject(&storectx, 1, issuer_name,
X509_STORE_get... &tmpobj) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
151 &tmpobj) == 1
X509_STORE_get... &tmpobj) == 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
152 cid = OCSP_cert_to_id(-
153 ((void *)0)-
154 , main_cert, tmpobj.data.x509);-
155 X509_OBJECT_free_contents(&tmpobj);-
156 }
never executed: end of block
0
157 X509_STORE_CTX_cleanup(&storectx);-
158 return
never executed: return cid;
 cid;
never executed: return cid;
0
159}-
160-
161struct tls_ocsp *-
162tls_ocsp_setup_from_peer(struct tls *ctx)-
163{-
164 struct tls_ocsp *ocsp = -
165 ((void *)0)-
166 ;-
167 struct stack_st_OPENSSL_STRING *ocsp_urls = -
168 ((void *)0)-
169 ;-
170-
171 if ((
(ocsp = tls_oc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
ocsp = tls_ocsp_new()) ==
(ocsp = tls_oc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
0-8
172 ((void *)0)
(ocsp = tls_oc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
0-8
173 )-
174 goto
never executed: goto err;
 err;
never executed: goto err;
0
175-
176-
177 ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);-
178 ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);-
179 if (ocsp->main_cert ==
ocsp->main_cert == ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
4
180 ((void *)0)
ocsp->main_cert == ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
4
181 ) {-
182 tls_set_errorx(ctx, "no peer certificate for OCSP");-
183 goto
executed 4 times by 1 test: goto err;
Executed by:
  • tlstest
 err;
executed 4 times by 1 test: goto err;
Executed by:
  • tlstest
4
184 }-
185-
186 ocsp_urls = X509_get1_ocsp(ocsp->main_cert);-
187 if (ocsp_urls ==
ocsp_urls == ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
0-4
188 ((void *)0)
ocsp_urls == ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
0-4
189 ) {-
190 tls_set_errorx(ctx, "no OCSP URLs in peer certificate");-
191 goto
executed 4 times by 1 test: goto err;
Executed by:
  • tlstest
 err;
executed 4 times by 1 test: goto err;
Executed by:
  • tlstest
4
192 }-
193-
194 ocsp->ocsp_url = -
195 (__extension__ (__builtin_constant_p (
__builtin_cons...NG*)0)), 0)) )Description
TRUEnever evaluated
FALSEnever evaluated
0
196 ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0))
__builtin_cons...NG*)0)), 0)) )Description
TRUEnever evaluated
FALSEnever evaluated
0
197 )
__builtin_cons...NG*)0)), 0)) )Description
TRUEnever evaluated
FALSEnever evaluated
 && ((
((size_t)(cons...), 0)) ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
size_t)(const void *)((
((size_t)(cons...), 0)) ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
198 ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0))
((size_t)(cons...), 0)) ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
199 ) + 1) - (size_t)(const void *)(
((size_t)(cons...), 0)) ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
200 ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0))
((size_t)(cons...), 0)) ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
201 ) == 1)
((size_t)(cons...), 0)) ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
 ? (((const
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
 char *) (
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
202 ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0))
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
203 ))[0] == '\0'
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
 ? (char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len = strlen (		0
204 ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0))-
205 ) + 1; char *__retval = (char *) malloc (__len); if (__retval != ((void *)0)
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
) __retval = (char *) memcpy (__retval,
never executed: __retval = (char *) memcpy (__retval, ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0)) , __len);
0
206 ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0))
never executed: __retval = (char *) memcpy (__retval, ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0)) , __len);
0
207 , __len);
never executed: __retval = (char *) memcpy (__retval, ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0)) , __len);
 __retval; })) : __strdup (		0
208 ((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ocsp_urls : (struct stack_st_OPENSSL_STRING*)0)), 0))-
209 )))-
210 ;-
211 if (ocsp->ocsp_url ==
ocsp->ocsp_url == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
212 ((void *)0)
ocsp->ocsp_url == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
213 ) {-
214 tls_set_errorx(ctx, "out of memory");-
215 goto
never executed: goto err;
 err;
never executed: goto err;
0
216 }-
217-
218 X509_email_free(ocsp_urls);-
219 return
never executed: return ocsp;
 ocsp;
never executed: return ocsp;
0
220-
221 err:-
222 tls_ocsp_free(ocsp);-
223 X509_email_free(ocsp_urls);-
224 return
executed 8 times by 1 test: return ((void *)0) ;
Executed by:
  • tlstest
executed 8 times by 1 test: return ((void *)0) ;
Executed by:
  • tlstest
8
225 ((void *)0)
executed 8 times by 1 test: return ((void *)0) ;
Executed by:
  • tlstest
8
226 ;
executed 8 times by 1 test: return ((void *)0) ;
Executed by:
  • tlstest
8
227}-
228-
229static int-
230tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)-
231{-
232 OCSP_BASICRESP *br = -
233 ((void *)0)-
234 ;-
235 ASN1_GENERALIZEDTIME *revtime = -
236 ((void *)0)-
237 , *thisupd = -
238 ((void *)0)-
239 , *nextupd = -
240 ((void *)0)-
241 ;-
242 OCSP_CERTID *cid = -
243 ((void *)0)-
244 ;-
245 struct stack_st_X509 *combined = -
246 ((void *)0)-
247 ;-
248 int response_status=0, cert_status=0, crl_reason=0;-
249 int ret = -1;-
250 unsigned long flags;-
251-
252 if ((
(br = OCSP_res...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
br = OCSP_response_get1_basic(resp)) ==
(br = OCSP_res...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
253 ((void *)0)
(br = OCSP_res...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
254 ) {-
255 tls_set_errorx(ctx, "cannot load ocsp reply");-
256 goto
never executed: goto err;
 err;
never executed: goto err;
0
257 }-
258-
259-
260-
261-
262-
263 flags = 0x200;-
264-
265-
266 if (OCSP_basic_verify(br, ctx->ocsp->extra_certs,
OCSP_basic_ver...), flags) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
267 SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1
OCSP_basic_ver...), flags) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
268 tls_set_error(ctx, "ocsp verify failed");-
269 goto
never executed: goto err;
 err;
never executed: goto err;
0
270 }-
271-
272-
273 response_status = OCSP_response_status(resp);-
274 if (response_status != 0
response_status != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
275 tls_set_errorx(ctx, "ocsp verify failed: response - %s",-
276 OCSP_response_status_str(response_status));-
277 goto
never executed: goto err;
 err;
never executed: goto err;
0
278 }-
279-
280 cid = tls_ocsp_get_certid(ctx->ocsp->main_cert,-
281 ctx->ocsp->extra_certs, ctx->ssl_ctx);-
282 if (cid ==
cid == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
283 ((void *)0)
cid == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
284 ) {-
285 tls_set_errorx(ctx, "ocsp verify failed: no issuer cert");-
286 goto
never executed: goto err;
 err;
never executed: goto err;
0
287 }-
288-
289 if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason,
OCSP_resp_find...&nextupd) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
290 &revtime, &thisupd, &nextupd) != 1
OCSP_resp_find...&nextupd) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
291 tls_set_errorx(ctx, "ocsp verify failed: no result for cert");-
292 goto
never executed: goto err;
 err;
never executed: goto err;
0
293 }-
294-
295 if (OCSP_check_validity(thisupd, nextupd, (60),
OCSP_check_val...4*60*60)) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
296 (14*24*60*60)) != 1
OCSP_check_val...4*60*60)) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
297 tls_set_errorx(ctx,-
298 "ocsp verify failed: ocsp response not current");-
299 goto
never executed: goto err;
 err;
never executed: goto err;
0
300 }-
301-
302 if (tls_ocsp_fill_info(ctx, response_status, cert_status,
tls_ocsp_fill_... nextupd) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
303 crl_reason, revtime, thisupd, nextupd) != 0
tls_ocsp_fill_... nextupd) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
304 goto
never executed: goto err;
 err;
never executed: goto err;
0
305-
306-
307 if (cert_status != 0
cert_status != 0Description
TRUEnever evaluated
FALSEnever evaluated
 && cert_status !=
cert_status != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
308 2
cert_status != 2Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
309 tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s",-
310 OCSP_crl_reason_str(crl_reason));-
311 goto
never executed: goto err;
 err;
never executed: goto err;
0
312 }-
313 ret = 0;-
314-
315 err:
code before this statement never executed: err:
0
316 sk_free(((_STACK*) (1 ? (combined) : (struct stack_st_X509*)0)));-
317 OCSP_CERTID_free(cid);-
318 OCSP_BASICRESP_free(br);-
319 return
never executed: return ret;
 ret;
never executed: return ret;
0
320}-
321-
322-
323-
324-
325-
326-
327static int-
328tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *response,-
329 size_t size)-
330{-
331 int ret;-
332 OCSP_RESPONSE *resp;-
333-
334 resp = d2i_OCSP_RESPONSE(-
335 ((void *)0)-
336 , &response, size);-
337 if (resp ==
resp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
338 ((void *)0)
resp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
339 ) {-
340 tls_ocsp_free(ctx->ocsp);-
341 ctx->ocsp = -
342 ((void *)0)-
343 ;-
344 tls_set_error(ctx, "unable to parse OCSP response");-
345 return
never executed: return -1;
 -1;
never executed: return -1;
0
346 }-
347 ret = tls_ocsp_verify_response(ctx, resp);-
348 OCSP_RESPONSE_free(resp);-
349 return
never executed: return ret;
 ret;
never executed: return ret;
0
350}-
351-
352-
353int-
354tls_ocsp_verify_cb(SSL *ssl, void *arg)-
355{-
356 const unsigned char *raw = -
357 ((void *)0)-
358 ;-
359 int size, res = -1;-
360 struct tls *ctx;-
361-
362 if ((
(ctx = (SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
ctx = (SSL_get_ex_data(ssl,0))) ==
(ctx = (SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
363 ((void *)0)
(ctx = (SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
364 )-
365 return
never executed: return -1;
 -1;
never executed: return -1;
0
366-
367 size = SSL_ctrl(ssl,70,0, (void *)&raw);-
368 if (size <= 0
size <= 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
) {		0-4
369 if (ctx->config->ocsp_require_stapling
ctx->config->o...quire_staplingDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
) {		0-4
370 tls_set_errorx(ctx, "no stapled OCSP response provided");-
371 return
never executed: return 0;
 0;
never executed: return 0;
0
372 }-
373 return
executed 4 times by 1 test: return 1;
Executed by:
  • tlstest
 1;
executed 4 times by 1 test: return 1;
Executed by:
  • tlstest
4
374 }-
375-
376 tls_ocsp_free(ctx->ocsp);-
377 if ((
(ctx->ocsp = t...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ctx->ocsp = tls_ocsp_setup_from_peer(ctx)) ==
(ctx->ocsp = t...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
378 ((void *)0)
(ctx->ocsp = t...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
379 )-
380 return
never executed: return 0;
 0;
never executed: return 0;
0
381-
382 if (ctx->config->verify_cert == 0
ctx->config->verify_cert == 0Description
TRUEnever evaluated
FALSEnever evaluated
 || ctx->config->verify_time == 0
ctx->config->verify_time == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
383 return
never executed: return 1;
 1;
never executed: return 1;
0
384-
385 res = tls_ocsp_process_response_internal(ctx, raw, size);-
386-
387 return
never executed: return (res == 0) ? 1 : 0;
 (
(res == 0)Description
TRUEnever evaluated
FALSEnever evaluated
res == 0)
(res == 0)Description
TRUEnever evaluated
FALSEnever evaluated
 ? 1 : 0;
never executed: return (res == 0) ? 1 : 0;
0
388}-
389-
390-
391-
392int-
393tls_ocsp_stapling_cb(SSL *ssl, void *arg)-
394{-
395 int ret = 2;-
396 unsigned char *ocsp_staple = -
397 ((void *)0)-
398 ;-
399 struct tls *ctx;-
400-
401 if ((
(ctx = (SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
ctx = (SSL_get_ex_data(ssl,0))) ==
(ctx = (SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
402 ((void *)0)
(ctx = (SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
403 )-
404 goto
never executed: goto err;
 err;
never executed: goto err;
0
405-
406 if (ctx->keypair ==
ctx->keypair == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
407 ((void *)0)
ctx->keypair == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
 		0-4
408 || ctx->keypair->ocsp_staple ==
ctx->keypair->...== ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
0-4
409 ((void *)0)
ctx->keypair->...== ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
 		0-4
410 ||-
411 ctx->keypair->ocsp_staple_len == 0
ctx->keypair->...taple_len == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
412 return
executed 4 times by 1 test: return 3;
Executed by:
  • tlstest
 3;
executed 4 times by 1 test: return 3;
Executed by:
  • tlstest
4
413-
414 if ((
(ocsp_staple =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ocsp_staple = malloc(ctx->keypair->ocsp_staple_len)) ==
(ocsp_staple =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
415 ((void *)0)
(ocsp_staple =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
416 )-
417 goto
never executed: goto err;
 err;
never executed: goto err;
0
418-
419 memcpy(ocsp_staple, ctx->keypair->ocsp_staple,-
420 ctx->keypair->ocsp_staple_len);-
421-
422 if (SSL_ctrl(ctx->ssl_conn,71,ctx->keypair->ocsp_staple_len, (void *)ocsp_staple)
SSL_ctrl(ctx->...p_staple) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
423 != 1
SSL_ctrl(ctx->...p_staple) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
424 goto
never executed: goto err;
 err;
never executed: goto err;
0
425-
426 ret = 0;-
427 err:
code before this statement never executed: err:
0
428 if (ret != 0
ret != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
429 free(ocsp_staple);
never executed: free(ocsp_staple);
0
430-
431 return
never executed: return ret;
 ret;
never executed: return ret;
0
432}-
433-
434-
435-
436-
437-
438-
439const char *-
440tls_peer_ocsp_url(struct tls *ctx)-
441{-
442 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
443 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
444 )-
445 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
446 ((void *)0)
never executed: return ((void *)0) ;
0
447 ;
never executed: return ((void *)0) ;
0
448 return
never executed: return ctx->ocsp->ocsp_url;
 ctx->ocsp->ocsp_url;
never executed: return ctx->ocsp->ocsp_url;
0
449}-
450-
451const char *-
452tls_peer_ocsp_result(struct tls *ctx)-
453{-
454 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
455 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
456 )-
457 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
458 ((void *)0)
never executed: return ((void *)0) ;
0
459 ;
never executed: return ((void *)0) ;
0
460 if (ctx->ocsp->ocsp_result ==
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
461 ((void *)0)
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
462 )-
463 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
464 ((void *)0)
never executed: return ((void *)0) ;
0
465 ;
never executed: return ((void *)0) ;
0
466 return
never executed: return ctx->ocsp->ocsp_result->result_msg;
 ctx->ocsp->ocsp_result->result_msg;
never executed: return ctx->ocsp->ocsp_result->result_msg;
0
467}-
468-
469int-
470tls_peer_ocsp_response_status(struct tls *ctx)-
471{-
472 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
473 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
474 )-
475 return
never executed: return -1;
 -1;
never executed: return -1;
0
476 if (ctx->ocsp->ocsp_result ==
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
477 ((void *)0)
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
478 )-
479 return
never executed: return -1;
 -1;
never executed: return -1;
0
480 return
never executed: return ctx->ocsp->ocsp_result->response_status;
 ctx->ocsp->ocsp_result->response_status;
never executed: return ctx->ocsp->ocsp_result->response_status;
0
481}-
482-
483int-
484tls_peer_ocsp_cert_status(struct tls *ctx)-
485{-
486 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
487 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
488 )-
489 return
never executed: return -1;
 -1;
never executed: return -1;
0
490 if (ctx->ocsp->ocsp_result ==
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
491 ((void *)0)
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
492 )-
493 return
never executed: return -1;
 -1;
never executed: return -1;
0
494 return
never executed: return ctx->ocsp->ocsp_result->cert_status;
 ctx->ocsp->ocsp_result->cert_status;
never executed: return ctx->ocsp->ocsp_result->cert_status;
0
495}-
496-
497int-
498tls_peer_ocsp_crl_reason(struct tls *ctx)-
499{-
500 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
501 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
502 )-
503 return
never executed: return -1;
 -1;
never executed: return -1;
0
504 if (ctx->ocsp->ocsp_result ==
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
505 ((void *)0)
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
506 )-
507 return
never executed: return -1;
 -1;
never executed: return -1;
0
508 return
never executed: return ctx->ocsp->ocsp_result->crl_reason;
 ctx->ocsp->ocsp_result->crl_reason;
never executed: return ctx->ocsp->ocsp_result->crl_reason;
0
509}-
510-
511time_t-
512tls_peer_ocsp_this_update(struct tls *ctx)-
513{-
514 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
515 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
516 )-
517 return
never executed: return -1;
 -1;
never executed: return -1;
0
518 if (ctx->ocsp->ocsp_result ==
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
519 ((void *)0)
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
520 )-
521 return
never executed: return -1;
 -1;
never executed: return -1;
0
522 return
never executed: return ctx->ocsp->ocsp_result->this_update;
 ctx->ocsp->ocsp_result->this_update;
never executed: return ctx->ocsp->ocsp_result->this_update;
0
523}-
524-
525time_t-
526tls_peer_ocsp_next_update(struct tls *ctx)-
527{-
528 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
529 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
530 )-
531 return
never executed: return -1;
 -1;
never executed: return -1;
0
532 if (ctx->ocsp->ocsp_result ==
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
533 ((void *)0)
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
534 )-
535 return
never executed: return -1;
 -1;
never executed: return -1;
0
536 return
never executed: return ctx->ocsp->ocsp_result->next_update;
 ctx->ocsp->ocsp_result->next_update;
never executed: return ctx->ocsp->ocsp_result->next_update;
0
537}-
538-
539time_t-
540tls_peer_ocsp_revocation_time(struct tls *ctx)-
541{-
542 if (ctx->ocsp ==
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
543 ((void *)0)
ctx->ocsp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
544 )-
545 return
never executed: return -1;
 -1;
never executed: return -1;
0
546 if (ctx->ocsp->ocsp_result ==
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
547 ((void *)0)
ctx->ocsp->ocs...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
548 )-
549 return
never executed: return -1;
 -1;
never executed: return -1;
0
550 return
never executed: return ctx->ocsp->ocsp_result->revocation_time;
 ctx->ocsp->ocsp_result->revocation_time;
never executed: return ctx->ocsp->ocsp_result->revocation_time;
0
551}-
552-
553int-
554tls_ocsp_process_response(struct tls *ctx, const unsigned char *response,-
555 size_t size)-
556{-
557 if ((
(ctx->state & (1 << 2)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
ctx->state & (1 << 2)) == 0
(ctx->state & (1 << 2)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
558 return
never executed: return -1;
 -1;
never executed: return -1;
0
559 return
never executed: return tls_ocsp_process_response_internal(ctx, response, size);
 tls_ocsp_process_response_internal(ctx, response, size);
never executed: return tls_ocsp_process_response_internal(ctx, response, size);
0
560}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2