OpenCoverage

x_x509.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/x509/x_x509.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include <stdio.h>-
11#include "internal/cryptlib.h"-
12#include <openssl/evp.h>-
13#include <openssl/asn1t.h>-
14#include <openssl/x509.h>-
15#include <openssl/x509v3.h>-
16#include "internal/x509_int.h"-
17-
18ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {-
19 ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),-
20 ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),-
21 ASN1_EMBED(X509_CINF, signature, X509_ALGOR),-
22 ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),-
23 ASN1_EMBED(X509_CINF, validity, X509_VAL),-
24 ASN1_SIMPLE(X509_CINF, subject, X509_NAME),-
25 ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),-
26 ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),-
27 ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),-
28 ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)-
29} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)-
30-
31IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
never executed: end of block
never executed: return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (&(X509_CINF_it)));
executed 9 times by 1 test: return ASN1_item_i2d((ASN1_VALUE *)a, out, (&(X509_CINF_it)));
Executed by:
  • libcrypto.so.1.1
never executed: return (X509_CINF *)ASN1_item_new((&(X509_CINF_it)));
0-9
32/* X509 top level structure needs a bit of customisation */-
33-
34extern void policy_cache_free(X509_POLICY_CACHE *cache);-
35-
36static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,-
37 void *exarg)-
38{-
39 X509 *ret = (X509 *)*pval;-
40-
41 switch (operation) {-
42-
43 case ASN1_OP_NEW_POST:
executed 39780 times by 1 test: case 1:
Executed by:
  • libcrypto.so.1.1
39780
44 ret->ex_flags = 0;-
45 ret->ex_pathlen = -1;-
46 ret->ex_pcpathlen = -1;-
47 ret->skid = NULL;-
48 ret->akid = NULL;-
49#ifndef OPENSSL_NO_RFC3779-
50 ret->rfc3779_addr = NULL;-
51 ret->rfc3779_asid = NULL;-
52#endif-
53 ret->aux = NULL;-
54 ret->crldp = NULL;-
55 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
!CRYPTO_new_ex...&ret->ex_data)Description
TRUEnever evaluated
FALSEevaluated 39780 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-39780
56 return 0;
never executed: return 0;
0
57 break;
executed 39780 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
39780
58-
59 case ASN1_OP_FREE_POST:
executed 39780 times by 1 test: case 3:
Executed by:
  • libcrypto.so.1.1
39780
60 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);-
61 X509_CERT_AUX_free(ret->aux);-
62 ASN1_OCTET_STRING_free(ret->skid);-
63 AUTHORITY_KEYID_free(ret->akid);-
64 CRL_DIST_POINTS_free(ret->crldp);-
65 policy_cache_free(ret->policy_cache);-
66 GENERAL_NAMES_free(ret->altname);-
67 NAME_CONSTRAINTS_free(ret->nc);-
68#ifndef OPENSSL_NO_RFC3779-
69 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);-
70 ASIdentifiers_free(ret->rfc3779_asid);-
71#endif-
72 break;
executed 39780 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
39780
73-
74 }-
75-
76 return 1;
executed 284875 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
284875
77-
78}-
79-
80ASN1_SEQUENCE_ref(X509, x509_cb) = {-
81 ASN1_EMBED(X509, cert_info, X509_CINF),-
82 ASN1_EMBED(X509, sig_alg, X509_ALGOR),-
83 ASN1_EMBED(X509, signature, ASN1_BIT_STRING)-
84} ASN1_SEQUENCE_END_ref(X509, X509)-
85-
86IMPLEMENT_ASN1_FUNCTIONS(X509)
executed 237382 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
executed 16420 times by 1 test: return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (&(X509_it)));
Executed by:
  • libcrypto.so.1.1
executed 6462 times by 1 test: return ASN1_item_i2d((ASN1_VALUE *)a, out, (&(X509_it)));
Executed by:
  • libcrypto.so.1.1
executed 519 times by 1 test: return (X509 *)ASN1_item_new((&(X509_it)));
Executed by:
  • libcrypto.so.1.1
519-237382
87-
88IMPLEMENT_ASN1_DUP_FUNCTION(X509)
executed 9 times by 1 test: return ASN1_item_dup((&(X509_it)), x);
Executed by:
  • libcrypto.so.1.1
9
89-
90int X509_set_ex_data(X509 *r, int idx, void *arg)-
91{-
92 return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
never executed: return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
0
93}-
94-
95void *X509_get_ex_data(X509 *r, int idx)-
96{-
97 return CRYPTO_get_ex_data(&r->ex_data, idx);
never executed: return CRYPTO_get_ex_data(&r->ex_data, idx);
0
98}-
99-
100/*-
101 * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with-
102 * extra info tagged on the end. Since these functions set how a certificate-
103 * is trusted they should only be used when the certificate comes from a-
104 * reliable source such as local storage.-
105 */-
106-
107X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)-
108{-
109 const unsigned char *q;-
110 X509 *ret;-
111 int freeret = 0;-
112-
113 /* Save start position */-
114 q = *pp;-
115-
116 if (a == NULL || *a == NULL)
a == ((void *)0)Description
TRUEevaluated 2747 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 57 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
*a == ((void *)0)Description
TRUEevaluated 57 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-2747
117 freeret = 1;
executed 2804 times by 1 test: freeret = 1;
Executed by:
  • libcrypto.so.1.1
2804
118 ret = d2i_X509(a, &q, length);-
119 /* If certificate unreadable then forget it */-
120 if (ret == NULL)
ret == ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2803 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-2803
121 return NULL;
executed 1 time by 1 test: return ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
1
122 /* update length */-
123 length -= q - *pp;-
124 if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
length > 0Description
TRUEevaluated 59 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2744 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!d2i_X509_CERT...x, &q, length)Description
TRUEnever evaluated
FALSEevaluated 59 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2744
125 goto err;
never executed: goto err;
0
126 *pp = q;-
127 return ret;
executed 2803 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
2803
128 err:-
129 if (freeret) {
freeretDescription
TRUEnever evaluated
FALSEnever evaluated
0
130 X509_free(ret);-
131 if (a)
aDescription
TRUEnever evaluated
FALSEnever evaluated
0
132 *a = NULL;
never executed: *a = ((void *)0) ;
0
133 }
never executed: end of block
0
134 return NULL;
never executed: return ((void *)0) ;
0
135}-
136-
137/*-
138 * Serialize trusted certificate to *pp or just return the required buffer-
139 * length if pp == NULL. We ultimately want to avoid modifying *pp in the-
140 * error path, but that depends on similar hygiene in lower-level functions.-
141 * Here we avoid compounding the problem.-
142 */-
143static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)-
144{-
145 int length, tmplen;-
146 unsigned char *start = pp != NULL ? *pp : NULL;
pp != ((void *)0)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
6
147-
148 /*-
149 * This might perturb *pp on error, but fixing that belongs in i2d_X509()-
150 * not here. It should be that if a == NULL length is zero, but we check-
151 * both just in case.-
152 */-
153 length = i2d_X509(a, pp);-
154 if (length <= 0 || a == NULL)
length <= 0Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
a == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12
155 return length;
never executed: return length;
0
156-
157 tmplen = i2d_X509_CERT_AUX(a->aux, pp);-
158 if (tmplen < 0) {
tmplen < 0Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12
159 if (start != NULL)
start != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
160 *pp = start;
never executed: *pp = start;
0
161 return tmplen;
never executed: return tmplen;
0
162 }-
163 length += tmplen;-
164-
165 return length;
executed 12 times by 1 test: return length;
Executed by:
  • libcrypto.so.1.1
12
166}-
167-
168/*-
169 * Serialize trusted certificate to *pp, or just return the required buffer-
170 * length if pp == NULL.-
171 *-
172 * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since-
173 * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do-
174 * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the-
175 * allocated buffer.-
176 */-
177int i2d_X509_AUX(X509 *a, unsigned char **pp)-
178{-
179 int length;-
180 unsigned char *tmp;-
181-
182 /* Buffer provided by caller */-
183 if (pp == NULL || *pp != NULL)
pp == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
*pp != ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2-6
184 return i2d_x509_aux_internal(a, pp);
executed 4 times by 1 test: return i2d_x509_aux_internal(a, pp);
Executed by:
  • libcrypto.so.1.1
4
185-
186 /* Obtain the combined length */-
187 if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
(length = i2d_...d *)0) )) <= 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4
188 return length;
never executed: return length;
0
189-
190 /* Allocate requisite combined storage */-
191 *pp = tmp = OPENSSL_malloc(length);-
192 if (tmp == NULL) {
tmp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4
193 X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE);-
194 return -1;
never executed: return -1;
0
195 }-
196-
197 /* Encode, but keep *pp at the originally malloced pointer */-
198 length = i2d_x509_aux_internal(a, &tmp);-
199 if (length <= 0) {
length <= 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4
200 OPENSSL_free(*pp);-
201 *pp = NULL;-
202 }
never executed: end of block
0
203 return length;
executed 4 times by 1 test: return length;
Executed by:
  • libcrypto.so.1.1
4
204}-
205-
206int i2d_re_X509_tbs(X509 *x, unsigned char **pp)-
207{-
208 x->cert_info.enc.modified = 1;-
209 return i2d_X509_CINF(&x->cert_info, pp);
executed 9 times by 1 test: return i2d_X509_CINF(&x->cert_info, pp);
Executed by:
  • libcrypto.so.1.1
9
210}-
211-
212void X509_get0_signature(const ASN1_BIT_STRING **psig,-
213 const X509_ALGOR **palg, const X509 *x)-
214{-
215 if (psig)
psigDescription
TRUEevaluated 1344 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1344
216 *psig = &x->signature;
executed 1344 times by 1 test: *psig = &x->signature;
Executed by:
  • libcrypto.so.1.1
1344
217 if (palg)
palgDescription
TRUEevaluated 1344 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1344
218 *palg = &x->sig_alg;
executed 1344 times by 1 test: *palg = &x->sig_alg;
Executed by:
  • libcrypto.so.1.1
1344
219}
executed 1344 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1344
220-
221int X509_get_signature_nid(const X509 *x)-
222{-
223 return OBJ_obj2nid(x->sig_alg.algorithm);
executed 2 times by 1 test: return OBJ_obj2nid(x->sig_alg.algorithm);
Executed by:
  • libcrypto.so.1.1
2
224}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2