OpenCoverage

ts_rsp_verify.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ts/ts_rsp_verify.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3static int ts_verify_cert(X509_STORE *store, struct stack_st_X509 *untrusted,-
4 X509 *signer, struct stack_st_X509 **chain);-
5static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,-
6 struct stack_st_X509 *chain);-
7static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);-
8static int ts_find_cert(struct stack_st_ESS_CERT_ID *cert_ids, X509 *cert);-
9static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);-
10static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,-
11 PKCS7 *token, TS_TST_INFO *tst_info);-
12static int ts_check_status_info(TS_RESP *response);-
13static char *ts_get_status_text(struct stack_st_ASN1_UTF8STRING *text);-
14static int ts_check_policy(const ASN1_OBJECT *req_oid,-
15 const TS_TST_INFO *tst_info);-
16static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,-
17 X509_ALGOR **md_alg,-
18 unsigned char **imprint, unsigned *imprint_len);-
19static int ts_check_imprints(X509_ALGOR *algor_a,-
20 const unsigned char *imprint_a, unsigned len_a,-
21 TS_TST_INFO *tst_info);-
22static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);-
23static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);-
24static int ts_find_name(struct stack_st_GENERAL_NAME *gen_names,-
25 GENERAL_NAME *name);-
26static int ts_find_cert_v2(struct stack_st_ESS_CERT_ID_V2 *cert_ids, X509 *cert);-
27static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si);-
28static const char *ts_status_text[] = {-
29 "granted",-
30 "grantedWithMods",-
31 "rejection",-
32 "waiting",-
33 "revocationWarning",-
34 "revocationNotification"-
35};-
36-
37-
38-
39static struct {-
40 int code;-
41 const char *text;-
42} ts_failure_info[] = {-
43 {0, "badAlg"},-
44 {2, "badRequest"},-
45 {5, "badDataFormat"},-
46 {14, "timeNotAvailable"},-
47 {15, "unacceptedPolicy"},-
48 {16, "unacceptedExtension"},-
49 {17, "addInfoNotAvailable"},-
50 {25, "systemFailure"}-
51};-
52int TS_RESP_verify_signature(PKCS7 *token, struct stack_st_X509 *certs,-
53 X509_STORE *store, X509 **signer_out)-
54{-
55 struct stack_st_PKCS7_SIGNER_INFO *sinfos = -
56 ((void *)0)-
57 ;-
58 PKCS7_SIGNER_INFO *si;-
59 struct stack_st_X509 *signers = -
60 ((void *)0)-
61 ;-
62 X509 *signer;-
63 struct stack_st_X509 *chain = -
64 ((void *)0)-
65 ;-
66 char buf[4096];-
67 int i, j = 0, ret = 0;-
68 BIO *p7bio = -
69 ((void *)0)-
70 ;-
71-
72-
73 if (!token
!tokenDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
74 ERR_put_error(47,(106),(102),__FILE__,104);-
75 goto
never executed: goto err;
 err;
never executed: goto err;
0
76 }-
77 if (!(OBJ_obj2nid((token)->type) == 22)
!(OBJ_obj2nid(...->type) == 22)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
78 ERR_put_error(47,(106),(114),__FILE__,108);-
79 goto
never executed: goto err;
 err;
never executed: goto err;
0
80 }-
81 sinfos = PKCS7_get_signer_info(token);-
82 if (!sinfos
!sinfosDescription
TRUEnever evaluated
FALSEnever evaluated
 || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1
sk_PKCS7_SIGNE...m(sinfos) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
83 ERR_put_error(47,(106),(110),__FILE__,113);-
84 goto
never executed: goto err;
 err;
never executed: goto err;
0
85 }-
86 si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);-
87 if (PKCS7_ctrl(token,2,0,
PKCS7_ctrl(tok... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
88 ((void *)0)
PKCS7_ctrl(tok... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
89 )
PKCS7_ctrl(tok... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
90 ERR_put_error(47,(106),(106),__FILE__,118);-
91 goto
never executed: goto err;
 err;
never executed: goto err;
0
92 }-
93-
94-
95-
96-
97-
98 signers = PKCS7_get0_signers(token, certs, 0);-
99 if (!signers
!signersDescription
TRUEnever evaluated
FALSEnever evaluated
 || sk_X509_num(signers) != 1
sk_X509_num(signers) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
100 goto
never executed: goto err;
 err;
never executed: goto err;
0
101 signer = sk_X509_value(signers, 0);-
102-
103 if (!ts_verify_cert(store, certs, signer, &chain)
!ts_verify_cer...igner, &chain)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
104 goto
never executed: goto err;
 err;
never executed: goto err;
0
105 if (!ts_check_signing_certs(si, chain)
!ts_check_sign...rts(si, chain)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
106 goto
never executed: goto err;
 err;
never executed: goto err;
0
107 p7bio = PKCS7_dataInit(token, -
108 ((void *)0)-
109 );-
110-
111-
112 while ((
(i = BIO_read(...eof(buf))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
i = BIO_read(p7bio, buf, sizeof(buf))) > 0
(i = BIO_read(...eof(buf))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
113 continue;
never executed: continue;
0
114-
115 j = PKCS7_signatureVerify(p7bio, token, si, signer);-
116 if (j <= 0
j <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
117 ERR_put_error(47,(106),(109),__FILE__,143);-
118 goto
never executed: goto err;
 err;
never executed: goto err;
0
119 }-
120-
121 if (signer_out
signer_outDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
122 *signer_out = signer;-
123 X509_up_ref(signer);-
124 }
never executed: end of block
0
125 ret = 1;-
126-
127 err:
code before this statement never executed: err:
0
128 BIO_free_all(p7bio);-
129 sk_X509_pop_free(chain, X509_free);-
130 sk_X509_free(signers);-
131-
132 return
never executed: return ret;
 ret;
never executed: return ret;
0
133}-
134-
135-
136-
137-
138-
139static int ts_verify_cert(X509_STORE *store, struct stack_st_X509 *untrusted,-
140 X509 *signer, struct stack_st_X509 **chain)-
141{-
142 X509_STORE_CTX *cert_ctx = -
143 ((void *)0)-
144 ;-
145 int i;-
146 int ret = 0;-
147-
148 *chain = -
149 ((void *)0)-
150 ;-
151 cert_ctx = X509_STORE_CTX_new();-
152 if (cert_ctx ==
cert_ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
153 ((void *)0)
cert_ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
154 ) {-
155 ERR_put_error(47,(109),((1|64)),__FILE__,175);-
156 goto
never executed: goto err;
 err;
never executed: goto err;
0
157 }-
158 if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted)
!X509_STORE_CT...er, untrusted)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
159 goto
never executed: goto end;
 end;
never executed: goto end;
0
160 X509_STORE_CTX_set_purpose(cert_ctx, 9);-
161 i = X509_verify_cert(cert_ctx);-
162 if (i <= 0
i <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
163 int j = X509_STORE_CTX_get_error(cert_ctx);-
164 ERR_put_error(47,(109),(100),__FILE__,184);-
165 ERR_add_error_data(2, "Verify error:",-
166 X509_verify_cert_error_string(j));-
167 goto
never executed: goto err;
 err;
never executed: goto err;
0
168 }-
169 *chain = X509_STORE_CTX_get1_chain(cert_ctx);-
170 ret = 1;-
171 goto
never executed: goto end;
 end;
never executed: goto end;
0
172-
173err:-
174 ret = 0;-
175-
176end:
code before this statement never executed: end:
0
177 X509_STORE_CTX_free(cert_ctx);-
178 return
never executed: return ret;
 ret;
never executed: return ret;
0
179}-
180-
181static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,-
182 struct stack_st_X509 *chain)-
183{-
184 ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);-
185 struct stack_st_ESS_CERT_ID *cert_ids = -
186 ((void *)0)-
187 ;-
188 ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si);-
189 struct stack_st_ESS_CERT_ID_V2 *cert_ids_v2 = -
190 ((void *)0)-
191 ;-
192 X509 *cert;-
193 int i = 0;-
194 int ret = 0;-
195-
196 if (ss !=
ss != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
197 ((void *)0)
ss != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
198 ) {-
199 cert_ids = ss->cert_ids;-
200 cert = sk_X509_value(chain, 0);-
201 if (ts_find_cert(cert_ids, cert) != 0
ts_find_cert(c...ds, cert) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
202 goto
never executed: goto err;
 err;
never executed: goto err;
0
203-
204-
205-
206-
207-
208 if (sk_ESS_CERT_ID_num(cert_ids) > 1
sk_ESS_CERT_ID...(cert_ids) > 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
209 for (i = 1; i < sk_X509_num(chain)
i < sk_X509_num(chain)Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
210 cert = sk_X509_value(chain, i);-
211 if (ts_find_cert(cert_ids, cert) < 0
ts_find_cert(c...ids, cert) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
212 goto
never executed: goto err;
 err;
never executed: goto err;
0
213 }
never executed: end of block
0
214 }
never executed: end of block
0
215 }
never executed: end of block
 else if (ssv2 !=
ssv2 != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
216 ((void *)0)
ssv2 != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
217 ) {-
218 cert_ids_v2 = ssv2->cert_ids;-
219 cert = sk_X509_value(chain, 0);-
220 if (ts_find_cert_v2(cert_ids_v2, cert) != 0
ts_find_cert_v...v2, cert) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
221 goto
never executed: goto err;
 err;
never executed: goto err;
0
222-
223-
224-
225-
226-
227 if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1
sk_ESS_CERT_ID...rt_ids_v2) > 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
228 for (i = 1; i < sk_X509_num(chain)
i < sk_X509_num(chain)Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
229 cert = sk_X509_value(chain, i);-
230 if (ts_find_cert_v2(cert_ids_v2, cert) < 0
ts_find_cert_v..._v2, cert) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
231 goto
never executed: goto err;
 err;
never executed: goto err;
0
232 }
never executed: end of block
0
233 }
never executed: end of block
0
234 }
never executed: end of block
 else {		0
235 goto
never executed: goto err;
 err;
never executed: goto err;
0
236 }-
237-
238 ret = 1;-
239 err:
code before this statement never executed: err:
0
240 if (!ret
!retDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
241 ERR_put_error(47,(103),(101),__FILE__,254)
never executed: ERR_put_error(47,(103),(101),__FILE__,254) ;
0
242 ;
never executed: ERR_put_error(47,(103),(101),__FILE__,254) ;
0
243 ESS_SIGNING_CERT_free(ss);-
244 ESS_SIGNING_CERT_V2_free(ssv2);-
245 return
never executed: return ret;
 ret;
never executed: return ret;
0
246}-
247-
248static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)-
249{-
250 ASN1_TYPE *attr;-
251 const unsigned char *p;-
252 attr = PKCS7_get_signed_attribute(si, 223);-
253 if (!attr
!attrDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
254 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
255 ((void *)0)
never executed: return ((void *)0) ;
0
256 ;
never executed: return ((void *)0) ;
0
257 p = attr->value.sequence->data;-
258 return
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
 d2i_ESS_SIGNING_CERT(
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
0
259 ((void *)0)
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
0
260 , &p, attr->value.sequence->length);
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
0
261}-
262-
263static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)-
264{-
265 ASN1_TYPE *attr;-
266 const unsigned char *p;-
267-
268 attr = PKCS7_get_signed_attribute(si, 1086);-
269 if (attr ==
attr == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
270 ((void *)0)
attr == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
271 )-
272 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
273 ((void *)0)
never executed: return ((void *)0) ;
0
274 ;
never executed: return ((void *)0) ;
0
275 p = attr->value.sequence->data;-
276 return
never executed: return d2i_ESS_SIGNING_CERT_V2( ((void *)0) , &p, attr->value.sequence->length);
 d2i_ESS_SIGNING_CERT_V2(
never executed: return d2i_ESS_SIGNING_CERT_V2( ((void *)0) , &p, attr->value.sequence->length);
0
277 ((void *)0)
never executed: return d2i_ESS_SIGNING_CERT_V2( ((void *)0) , &p, attr->value.sequence->length);
0
278 , &p, attr->value.sequence->length);
never executed: return d2i_ESS_SIGNING_CERT_V2( ((void *)0) , &p, attr->value.sequence->length);
0
279}-
280-
281-
282static int ts_find_cert(struct stack_st_ESS_CERT_ID *cert_ids, X509 *cert)-
283{-
284 int i;-
285 unsigned char cert_sha1[20];-
286-
287 if (!cert_ids
!cert_idsDescription
TRUEnever evaluated
FALSEnever evaluated
 || !cert
!certDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
288 return
never executed: return -1;
 -1;
never executed: return -1;
0
289-
290 X509_digest(cert, EVP_sha1(), cert_sha1, -
291 ((void *)0)-
292 );-
293-
294-
295 X509_check_purpose(cert, -1, 0);-
296-
297-
298 for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids)
i < sk_ESS_CER..._num(cert_ids)Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
299 ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);-
300-
301 if (cid->hash->length == 20
cid->hash->length == 20Description
TRUEnever evaluated
FALSEnever evaluated
0
302 && memcmp(cid->hash->data, cert_sha1, 20) == 0
memcmp(cid->ha...sha1, 20) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
303 ESS_ISSUER_SERIAL *is = cid->issuer_serial;-
304 if (!is
!isDescription
TRUEnever evaluated
FALSEnever evaluated
 || !ts_issuer_serial_cmp(is, cert)
!ts_issuer_ser..._cmp(is, cert)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
305 return
never executed: return i;
 i;
never executed: return i;
0
306 }
never executed: end of block
0
307 }
never executed: end of block
0
308-
309 return
never executed: return -1;
 -1;
never executed: return -1;
0
310}-
311-
312-
313static int ts_find_cert_v2(struct stack_st_ESS_CERT_ID_V2 *cert_ids, X509 *cert)-
314{-
315 int i;-
316 unsigned char cert_digest[64];-
317 unsigned int len;-
318-
319-
320 for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids)
i < sk_ESS_CER..._num(cert_ids)Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
321 ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);-
322 const EVP_MD *md;-
323-
324 if (cid->hash_alg !=
cid->hash_alg != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
325 ((void *)0)
cid->hash_alg != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
326 )-
327 md = EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid(cid->hash_alg->algorithm)));
never executed: md = EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid(cid->hash_alg->algorithm)));
0
328 else-
329 md = EVP_sha256();
never executed: md = EVP_sha256();
0
330-
331 X509_digest(cert, md, cert_digest, &len);-
332 if (cid->hash->length != (int)len
cid->hash->length != (int)lenDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
333 return
never executed: return -1;
 -1;
never executed: return -1;
0
334-
335 if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0
memcmp(cid->ha...->length) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
336 ESS_ISSUER_SERIAL *is = cid->issuer_serial;-
337-
338 if (is
is == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 ==
is == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
339 ((void *)0)
is == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
340 || !ts_issuer_serial_cmp(is, cert)
!ts_issuer_ser..._cmp(is, cert)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
341 return
never executed: return i;
 i;
never executed: return i;
0
342 }
never executed: end of block
0
343 }
never executed: end of block
0
344-
345 return
never executed: return -1;
 -1;
never executed: return -1;
0
346}-
347-
348static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)-
349{-
350 GENERAL_NAME *issuer;-
351-
352 if (!is
!isDescription
TRUEnever evaluated
FALSEnever evaluated
 || !cert
!certDescription
TRUEnever evaluated
FALSEnever evaluated
 || sk_GENERAL_NAME_num(is->issuer) != 1
sk_GENERAL_NAM...->issuer) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
353 return
never executed: return -1;
 -1;
never executed: return -1;
0
354-
355 issuer = sk_GENERAL_NAME_value(is->issuer, 0);-
356 if (issuer->type != 4
issuer->type != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
357 || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert))
X509_NAME_cmp(...er_name(cert))Description
TRUEnever evaluated
FALSEnever evaluated
)		0
358 return
never executed: return -1;
 -1;
never executed: return -1;
0
359-
360 if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert))
ASN1_INTEGER_c...lNumber(cert))Description
TRUEnever evaluated
FALSEnever evaluated
)		0
361 return
never executed: return -1;
 -1;
never executed: return -1;
0
362-
363 return
never executed: return 0;
 0;
never executed: return 0;
0
364}-
365-
366-
367-
368-
369-
370-
371-
372int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)-
373{-
374 PKCS7 *token = response->token;-
375 TS_TST_INFO *tst_info = response->tst_info;-
376 int ret = 0;-
377-
378 if (!ts_check_status_info(response)
!ts_check_stat...info(response)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
379 goto
never executed: goto err;
 err;
never executed: goto err;
0
380 if (!int_ts_RESP_verify_token(ctx, token, tst_info)
!int_ts_RESP_v...ken, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
381 goto
never executed: goto err;
 err;
never executed: goto err;
0
382 ret = 1;-
383-
384 err:
code before this statement never executed: err:
0
385 return
never executed: return ret;
 ret;
never executed: return ret;
0
386}-
387-
388-
389-
390-
391-
392int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)-
393{-
394 TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);-
395 int ret = 0;-
396 if (tst_info
tst_infoDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
397 ret = int_ts_RESP_verify_token(ctx, token, tst_info);-
398 TS_TST_INFO_free(tst_info);-
399 }
never executed: end of block
0
400 return
never executed: return ret;
 ret;
never executed: return ret;
0
401}-
402static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,-
403 PKCS7 *token, TS_TST_INFO *tst_info)-
404{-
405 X509 *signer = -
406 ((void *)0)-
407 ;-
408 GENERAL_NAME *tsa_name = tst_info->tsa;-
409 X509_ALGOR *md_alg = -
410 ((void *)0)-
411 ;-
412 unsigned char *imprint = -
413 ((void *)0)-
414 ;-
415 unsigned imprint_len = 0;-
416 int ret = 0;-
417 int flags = ctx->flags;-
418-
419-
420 if (((
(flags & (1u << 6))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 6))
(flags & (1u << 6))Description
TRUEnever evaluated
FALSEnever evaluated
 && tsa_name !=
tsa_name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
421 ((void *)0)
tsa_name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
422 )-
423 || (
(flags & (1u << 7))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 7))
(flags & (1u << 7))Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
424 flags |= (1u << 0);-
425 }
never executed: end of block
0
426-
427 if ((
(flags & (1u << 0))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 0))
(flags & (1u << 0))Description
TRUEnever evaluated
FALSEnever evaluated
0
428 && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)
!TS_RESP_verif...tore, &signer)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
429 goto
never executed: goto err;
 err;
never executed: goto err;
0
430 if ((
(flags & (1u << 1))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 1))
(flags & (1u << 1))Description
TRUEnever evaluated
FALSEnever evaluated
0
431 && TS_TST_INFO_get_version(tst_info) != 1
TS_TST_INFO_ge...tst_info) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
432 ERR_put_error(47,(149),(113),__FILE__,433);-
433 goto
never executed: goto err;
 err;
never executed: goto err;
0
434 }-
435 if ((
(flags & (1u << 2))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 2))
(flags & (1u << 2))Description
TRUEnever evaluated
FALSEnever evaluated
0
436 && !ts_check_policy(ctx->policy, tst_info)
!ts_check_poli...icy, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
437 goto
never executed: goto err;
 err;
never executed: goto err;
0
438 if ((
(flags & (1u << 3))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 3))
(flags & (1u << 3))Description
TRUEnever evaluated
FALSEnever evaluated
0
439 && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
!ts_check_impr...len, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
0
440 tst_info)
!ts_check_impr...len, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
441 goto
never executed: goto err;
 err;
never executed: goto err;
0
442 if ((
(flags & (1u << 4))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 4))
(flags & (1u << 4))Description
TRUEnever evaluated
FALSEnever evaluated
0
443 && (!ts_compute_imprint(ctx->data, tst_info,
!ts_compute_im... &imprint_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
444 &md_alg, &imprint, &imprint_len)
!ts_compute_im... &imprint_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
445 || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)
!ts_check_impr...len, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
))		0
446 goto
never executed: goto err;
 err;
never executed: goto err;
0
447 if ((
(flags & (1u << 5))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 5))
(flags & (1u << 5))Description
TRUEnever evaluated
FALSEnever evaluated
0
448 && !ts_check_nonces(ctx->nonce, tst_info)
!ts_check_nonc...nce, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
449 goto
never executed: goto err;
 err;
never executed: goto err;
0
450 if ((
(flags & (1u << 6))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 6))
(flags & (1u << 6))Description
TRUEnever evaluated
FALSEnever evaluated
0
451 && tsa_name
tsa_nameDescription
TRUEnever evaluated
FALSEnever evaluated
 && !ts_check_signer_name(tsa_name, signer)
!ts_check_sign..._name, signer)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
452 ERR_put_error(47,(149),(111),__FILE__,453);-
453 goto
never executed: goto err;
 err;
never executed: goto err;
0
454 }-
455 if ((
(flags & (1u << 7))Description
TRUEnever evaluated
FALSEnever evaluated
flags & (1u << 7))
(flags & (1u << 7))Description
TRUEnever evaluated
FALSEnever evaluated
0
456 && !ts_check_signer_name(ctx->tsa_name, signer)
!ts_check_sign..._name, signer)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
457 ERR_put_error(47,(149),(112),__FILE__,458);-
458 goto
never executed: goto err;
 err;
never executed: goto err;
0
459 }-
460 ret = 1;-
461-
462 err:
code before this statement never executed: err:
0
463 X509_free(signer);-
464 X509_ALGOR_free(md_alg);-
465 CRYPTO_free(imprint, __FILE__, 466);-
466 return
never executed: return ret;
 ret;
never executed: return ret;
0
467}-
468-
469static int ts_check_status_info(TS_RESP *response)-
470{-
471 TS_STATUS_INFO *info = response->status_info;-
472 long status = ASN1_INTEGER_get(info->status);-
473 const char *status_text = -
474 ((void *)0)-
475 ;-
476 char *embedded_status_text = -
477 ((void *)0)-
478 ;-
479 char failure_text[256] = "";-
480-
481 if (status == 0
status == 0Description
TRUEnever evaluated
FALSEnever evaluated
 || status == 1
status == 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
482 return
never executed: return 1;
 1;
never executed: return 1;
0
483-
484-
485 if (0 <= status
0 <= statusDescription
TRUEnever evaluated
FALSEnever evaluated
 && status < (long) (sizeof(ts_status_text)/sizeof((ts_status_text)[0]))
status < (long...tus_text)[0]))Description
TRUEnever evaluated
FALSEnever evaluated
)		0
486 status_text = ts_status_text[status];
never executed: status_text = ts_status_text[status];
0
487 else-
488 status_text = "unknown code";
never executed: status_text = "unknown code";
0
489-
490 if (sk_ASN1_UTF8STRING_num(info->text) > 0
sk_ASN1_UTF8ST...nfo->text) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
491 && (
(embedded_stat...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
embedded_status_text = ts_get_status_text(info->text)) ==
(embedded_stat...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
492 ((void *)0)
(embedded_stat...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
493 )-
494 return
never executed: return 0;
 0;
never executed: return 0;
0
495-
496-
497 if (info->failure_info
info->failure_infoDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
498 int i;-
499 int first = 1;-
500 for (i = 0; i < (int)(sizeof(ts_failure_info)/sizeof((ts_failure_info)[0]))
i < (int)(size...ure_info)[0]))Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
501 if (ASN1_BIT_STRING_get_bit(info->failure_info,
ASN1_BIT_STRIN..._info[i].code)Description
TRUEnever evaluated
FALSEnever evaluated
0
502 ts_failure_info[i].code)
ASN1_BIT_STRIN..._info[i].code)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
503 if (!first
!firstDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
504 strcat(failure_text, ",");
never executed: strcat(failure_text, ",");
0
505 else-
506 first = 0;
never executed: first = 0;
0
507 strcat(failure_text, ts_failure_info[i].text);-
508 }
never executed: end of block
0
509 }
never executed: end of block
0
510 }
never executed: end of block
0
511 if (failure_text[0] == '\0'
failure_text[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
)		0
512 strcpy(failure_text, "unspecified");
never executed: strcpy(failure_text, "unspecified");
0
513-
514 ERR_put_error(47,(104),(107),__FILE__,509);-
515 ERR_add_error_data(6,-
516 "status code: ", status_text,-
517 ", status text: ", embedded_status_text ?-
518 embedded_status_text : "unspecified",-
519 ", failure codes: ", failure_text);-
520 CRYPTO_free(embedded_status_text, __FILE__, 515);-
521-
522 return
never executed: return 0;
 0;
never executed: return 0;
0
523}-
524-
525static char *ts_get_status_text(struct stack_st_ASN1_UTF8STRING *text)-
526{-
527 int i;-
528 int length = 0;-
529 char *result = -
530 ((void *)0)-
531 ;-
532 char *p;-
533-
534 for (i = 0; i < sk_ASN1_UTF8STRING_num(text)
i < sk_ASN1_UT...RING_num(text)Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
535 ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);-
536 if (ASN1_STRING_length(current) > (1024 * 1024) - length - 1
ASN1_STRING_le...) - length - 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
537 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
538 ((void *)0)
never executed: return ((void *)0) ;
0
539 ;
never executed: return ((void *)0) ;
0
540 length += ASN1_STRING_length(current);-
541 length += 1;-
542 }
never executed: end of block
0
543 if ((
(result = CRYP...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
result = CRYPTO_malloc(length, __FILE__, 534)) ==
(result = CRYP...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
544 ((void *)0)
(result = CRYP...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
545 ) {-
546 ERR_put_error(47,(105),((1|64)),__FILE__,535);-
547 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
548 ((void *)0)
never executed: return ((void *)0) ;
0
549 ;
never executed: return ((void *)0) ;
0
550 }-
551-
552 for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text)
i < sk_ASN1_UT...RING_num(text)Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
553 ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);-
554 length = ASN1_STRING_length(current);-
555 if (i > 0
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
556 *
never executed: *p++ = '/';
p++ = '/';
never executed: *p++ = '/';
0
557 -
558 __builtin_strncpy (-
559 p-
560 , -
561 (const char *)ASN1_STRING_get0_data(current)-
562 , -
563 length-
564 )-
565 ;-
566 p += length;-
567 }
never executed: end of block
0
568 *p = '\0';-
569-
570 return
never executed: return result;
 result;
never executed: return result;
0
571}-
572-
573static int ts_check_policy(const ASN1_OBJECT *req_oid,-
574 const TS_TST_INFO *tst_info)-
575{-
576 const ASN1_OBJECT *resp_oid = tst_info->policy_id;-
577-
578 if (OBJ_cmp(req_oid, resp_oid) != 0
OBJ_cmp(req_oi...resp_oid) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
579 ERR_put_error(47,(102),(108),__FILE__,558);-
580 return
never executed: return 0;
 0;
never executed: return 0;
0
581 }-
582-
583 return
never executed: return 1;
 1;
never executed: return 1;
0
584}-
585-
586static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,-
587 X509_ALGOR **md_alg,-
588 unsigned char **imprint, unsigned *imprint_len)-
589{-
590 TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;-
591 X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;-
592 const EVP_MD *md;-
593 EVP_MD_CTX *md_ctx = -
594 ((void *)0)-
595 ;-
596 unsigned char buffer[4096];-
597 int length;-
598-
599 *md_alg = -
600 ((void *)0)-
601 ;-
602 *imprint = -
603 ((void *)0)-
604 ;-
605-
606 if ((*
(*md_alg = X50...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
md_alg = X509_ALGOR_dup(md_alg_resp)) ==
(*md_alg = X50...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
607 ((void *)0)
(*md_alg = X50...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
608 )-
609 goto
never executed: goto err;
 err;
never executed: goto err;
0
610 if ((
(md = EVP_get_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
md = EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid((*md_alg)->algorithm)))) ==
(md = EVP_get_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
611 ((void *)0)
(md = EVP_get_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
612 ) {-
613 ERR_put_error(47,(145),(126),__FILE__,582);-
614 goto
never executed: goto err;
 err;
never executed: goto err;
0
615 }-
616 length = EVP_MD_size(md);-
617 if (length < 0
length < 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
618 goto
never executed: goto err;
 err;
never executed: goto err;
0
619 *imprint_len = length;-
620 if ((*
(*imprint = CR...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
imprint = CRYPTO_malloc(*imprint_len, __FILE__, 589)) ==
(*imprint = CR...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
621 ((void *)0)
(*imprint = CR...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
622 ) {-
623 ERR_put_error(47,(145),((1|64)),__FILE__,590);-
624 goto
never executed: goto err;
 err;
never executed: goto err;
0
625 }-
626-
627 md_ctx = EVP_MD_CTX_new();-
628 if (md_ctx ==
md_ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
629 ((void *)0)
md_ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
630 ) {-
631 ERR_put_error(47,(145),((1|64)),__FILE__,596);-
632 goto
never executed: goto err;
 err;
never executed: goto err;
0
633 }-
634 if (!EVP_DigestInit(md_ctx, md)
!EVP_DigestInit(md_ctx, md)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
635 goto
never executed: goto err;
 err;
never executed: goto err;
0
636 while ((
(length = BIO_...(buffer))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
length = BIO_read(data, buffer, sizeof(buffer))) > 0
(length = BIO_...(buffer))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
637 if (!EVP_DigestUpdate(md_ctx, buffer, length)
!EVP_DigestUpd...uffer, length)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
638 goto
never executed: goto err;
 err;
never executed: goto err;
0
639 }
never executed: end of block
0
640 if (!EVP_DigestFinal(md_ctx, *imprint,
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
641 ((void *)0)
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
642 )
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
)		0
643 goto
never executed: goto err;
 err;
never executed: goto err;
0
644 EVP_MD_CTX_free(md_ctx);-
645-
646 return
never executed: return 1;
 1;
never executed: return 1;
0
647 err:-
648 EVP_MD_CTX_free(md_ctx);-
649 X509_ALGOR_free(*md_alg);-
650 CRYPTO_free(*imprint, __FILE__, 613);-
651 *imprint_len = 0;-
652 *imprint = 0;-
653 return
never executed: return 0;
 0;
never executed: return 0;
0
654}-
655-
656static int ts_check_imprints(X509_ALGOR *algor_a,-
657 const unsigned char *imprint_a, unsigned len_a,-
658 TS_TST_INFO *tst_info)-
659{-
660 TS_MSG_IMPRINT *b = tst_info->msg_imprint;-
661 X509_ALGOR *algor_b = b->hash_algo;-
662 int ret = 0;-
663-
664 if (algor_a
algor_aDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
665 if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)
OBJ_cmp(algor_..._b->algorithm)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
666 goto
never executed: goto err;
 err;
never executed: goto err;
0
667-
668-
669 if ((algor_a->parameter
algor_a->parameterDescription
TRUEnever evaluated
FALSEnever evaluated
0
670 && ASN1_TYPE_get(algor_a->parameter) != 5
ASN1_TYPE_get(...arameter) != 5Description
TRUEnever evaluated
FALSEnever evaluated
)		0
671 || (algor_b->parameter
algor_b->parameterDescription
TRUEnever evaluated
FALSEnever evaluated
0
672 && ASN1_TYPE_get(algor_b->parameter) != 5
ASN1_TYPE_get(...arameter) != 5Description
TRUEnever evaluated
FALSEnever evaluated
))		0
673 goto
never executed: goto err;
 err;
never executed: goto err;
0
674 }
never executed: end of block
0
675-
676 ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg)
len_a == (unsi...b->hashed_msg)Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
677 memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0
memcmp(imprint...), len_a) == 0Description
TRUEnever evaluated
FALSEnever evaluated
;		0
678 err:
code before this statement never executed: err:
0
679 if (!ret
!retDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
680 ERR_put_error(47,(100),(103),__FILE__,643);
never executed: ERR_put_error(47,(100),(103),__FILE__,643);
0
681 return
never executed: return ret;
 ret;
never executed: return ret;
0
682}-
683-
684static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)-
685{-
686 const ASN1_INTEGER *b = tst_info->nonce;-
687-
688 if (!b
!bDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
689 ERR_put_error(47,(101),(105),__FILE__,652);-
690 return
never executed: return 0;
 0;
never executed: return 0;
0
691 }-
692-
693-
694 if (ASN1_INTEGER_cmp(a, b) != 0
ASN1_INTEGER_cmp(a, b) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
695 ERR_put_error(47,(101),(104),__FILE__,658);-
696 return
never executed: return 0;
 0;
never executed: return 0;
0
697 }-
698-
699 return
never executed: return 1;
 1;
never executed: return 1;
0
700}-
701-
702-
703-
704-
705-
706static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)-
707{-
708 struct stack_st_GENERAL_NAME *gen_names = -
709 ((void *)0)-
710 ;-
711 int idx = -1;-
712 int found = 0;-
713-
714 if (tsa_name->type == 4
tsa_name->type == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
715 && X509_NAME_cmp((tsa_name->d.dirn),(X509_get_subject_name(signer))) == 0
X509_NAME_cmp(...signer))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
716 return
never executed: return 1;
 1;
never executed: return 1;
0
717 gen_names = X509_get_ext_d2i(signer, 85, -
718 ((void *)0)-
719 , &idx);-
720 while (gen_names !=
gen_names != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
721 ((void *)0)
gen_names != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
722 ) {-
723 found = ts_find_name(gen_names, tsa_name) >= 0;-
724 if (found
foundDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
725 break;
never executed: break;
0
726-
727-
728-
729-
730 GENERAL_NAMES_free(gen_names);-
731 gen_names = X509_get_ext_d2i(signer, 85, -
732 ((void *)0)-
733 , &idx);-
734 }
never executed: end of block
0
735 GENERAL_NAMES_free(gen_names);-
736-
737 return
never executed: return found;
 found;
never executed: return found;
0
738}-
739-
740-
741static int ts_find_name(struct stack_st_GENERAL_NAME *gen_names, GENERAL_NAME *name)-
742{-
743 int i, found;-
744 for (i = 0, found = 0; !found
!foundDescription
TRUEnever evaluated
FALSEnever evaluated
 && i < sk_GENERAL_NAME_num(gen_names)
i < sk_GENERAL...num(gen_names)Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
745 GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);-
746 found = GENERAL_NAME_cmp(current, name) == 0;-
747 }
never executed: end of block
0
748 return
never executed: return found ? i - 1 : -1;
 found
foundDescription
TRUEnever evaluated
FALSEnever evaluated
 ? i - 1 : -1;
never executed: return found ? i - 1 : -1;
0
749}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2