OpenCoverage

ocsp_vfy.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ocsp/ocsp_vfy.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,-
4 struct stack_st_X509 *certs, unsigned long flags);-
5static X509 *ocsp_find_signer_sk(struct stack_st_X509 *certs, OCSP_RESPID *id);-
6static int ocsp_check_issuer(OCSP_BASICRESP *bs, struct stack_st_X509 *chain);-
7static int ocsp_check_ids(struct stack_st_OCSP_SINGLERESP *sresp,-
8 OCSP_CERTID **ret);-
9static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,-
10 struct stack_st_OCSP_SINGLERESP *sresp);-
11static int ocsp_check_delegated(X509 *x);-
12static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,-
13 X509_NAME *nm, struct stack_st_X509 *certs,-
14 unsigned long flags);-
15-
16-
17-
18int OCSP_basic_verify(OCSP_BASICRESP *bs, struct stack_st_X509 *certs,-
19 X509_STORE *st, unsigned long flags)-
20{-
21 X509 *signer, *x;-
22 struct stack_st_X509 *chain = -
23 ((void *)0)-
24 ;-
25 struct stack_st_X509 *untrusted = -
26 ((void *)0)-
27 ;-
28 X509_STORE_CTX *ctx = -
29 ((void *)0)-
30 ;-
31 int i, ret = ocsp_find_signer(&signer, bs, certs, flags);-
32-
33 if (!ret
!retDescription
TRUEevaluated 11 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 44 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		11-44
34 ERR_put_error(39,(105),(118),__FILE__,41)-
35 ;-
36 goto
executed 11 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
 end;
executed 11 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
11
37 }-
38 ctx = X509_STORE_CTX_new();-
39 if (ctx ==
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 44 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-44
40 ((void *)0)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 44 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-44
41 ) {-
42 ERR_put_error(39,(105),((1|64)),__FILE__,46);-
43 goto
never executed: goto f_err;
 f_err;
never executed: goto f_err;
0
44 }-
45 if ((
(ret == 2)Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
ret == 2)
(ret == 2)Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 && (
(flags & 0x200)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
flags & 0x200)
(flags & 0x200)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-25
46 flags |= 0x10;
never executed: flags |= 0x10;
0
47 if (!(flags & 0x4)
!(flags & 0x4)Description
TRUEevaluated 44 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-44
48 EVP_PKEY *skey;-
49 skey = X509_get0_pubkey(signer);-
50 if (skey ==
skey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 44 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-44
51 ((void *)0)
skey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 44 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-44
52 ) {-
53 ERR_put_error(39,(105),(130),__FILE__,55);-
54 goto
never executed: goto err;
 err;
never executed: goto err;
0
55 }-
56 ret = ASN1_item_verify((&(OCSP_RESPDATA_it)), &(bs)->signatureAlgorithm,(bs)->signature,&(bs)->tbsResponseData,skey);-
57 if (ret <= 0
ret <= 0Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		19-25
58 ERR_put_error(39,(105),(117),__FILE__,60);-
59 goto
executed 19 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
 end;
executed 19 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
19
60 }-
61 }
executed 25 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
25
62 if (!(flags & 0x10)
!(flags & 0x10)Description
TRUEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-25
63 int init_res;-
64 if (flags & 0x8
flags & 0x8Description
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-25
65 untrusted = -
66 ((void *)0)-
67 ;-
68 }
never executed: end of block
 else if (bs->certs
bs->certsDescription
TRUEevaluated 15 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 && certs
certsDescription
TRUEevaluated 15 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-15
69 untrusted = sk_X509_dup(bs->certs);-
70 for (i = 0; i < sk_X509_num(certs)
i < sk_X509_num(certs)Description
TRUEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 15 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		15-17
71 if (!sk_X509_push(untrusted, sk_X509_value(certs, i))
!sk_X509_push(...lue(certs, i))Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-17
72 ERR_put_error(39,(105),((1|64)),__FILE__,72);-
73 goto
never executed: goto f_err;
 f_err;
never executed: goto f_err;
0
74 }-
75 }
executed 17 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
17
76 }
executed 15 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
 else if (certs !=
certs != ((void *)0)Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-15
77 ((void *)0)
certs != ((void *)0)Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-10
78 ) {-
79 untrusted = certs;-
80 }
executed 10 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
 else {		10
81 untrusted = bs->certs;-
82 }
never executed: end of block
0
83 init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);-
84 if (!init_res
!init_resDescription
TRUEnever evaluated
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-25
85 ERR_put_error(39,(105),(11),__FILE__,83);-
86 goto
never executed: goto f_err;
 f_err;
never executed: goto f_err;
0
87 }-
88-
89 X509_STORE_CTX_set_purpose(ctx, 8);-
90 ret = X509_verify_cert(ctx);-
91 chain = X509_STORE_CTX_get1_chain(ctx);-
92 if (ret <= 0
ret <= 0Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 16 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		9-16
93 i = X509_STORE_CTX_get_error(ctx);-
94 ERR_put_error(39,(105),(101),__FILE__,93)-
95 ;-
96 ERR_add_error_data(2, "Verify error:",-
97 X509_verify_cert_error_string(i));-
98 goto
executed 9 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
 end;
executed 9 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
9
99 }-
100 if (flags & 0x100
flags & 0x100Description
TRUEnever evaluated
FALSEevaluated 16 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-16
101 ret = 1;-
102 goto
never executed: goto end;
 end;
never executed: goto end;
0
103 }-
104-
105-
106-
107-
108 ret = ocsp_check_issuer(bs, chain);-
109-
110-
111 if (ret != 0
ret != 0Description
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		3-13
112 goto
executed 13 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
 end;
executed 13 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
13
113-
114-
115-
116-
117-
118 if (flags & 0x20
flags & 0x20Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-3
119 goto
never executed: goto end;
 end;
never executed: goto end;
0
120-
121 x = sk_X509_value(chain, sk_X509_num(chain) - 1);-
122 if (X509_check_trust(x, 180, 0) != 1
X509_check_tru..., 180, 0) != 1Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-3
123 ERR_put_error(39,(105),(112),__FILE__,121);-
124 goto
executed 3 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
 err;
executed 3 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
3
125 }-
126 ret = 1;-
127 }
never executed: end of block
0
128 end:
code before this statement never executed: end:
0
129 X509_STORE_CTX_free(ctx);-
130 sk_X509_pop_free(chain, X509_free);-
131 if (bs->certs
bs->certsDescription
TRUEevaluated 30 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 && certs
certsDescription
TRUEevaluated 30 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
)		0-30
132 sk_X509_free(untrusted);
executed 30 times by 1 test: sk_X509_free(untrusted);
Executed by:
  • libcrypto.so.1.1
30
133 return
executed 55 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
 ret;
executed 55 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
55
134-
135 err:-
136 ret = 0;-
137 goto
executed 3 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
 end;
executed 3 times by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
3
138 f_err:-
139 ret = -1;-
140 goto
never executed: goto end;
 end;
never executed: goto end;
0
141}-
142-
143int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,-
144 struct stack_st_X509 *extra_certs)-
145{-
146 int ret;-
147-
148 ret = ocsp_find_signer(signer, bs, extra_certs, 0);-
149 return
executed 2 times by 1 test: return (ret > 0) ? 1 : 0;
Executed by:
  • libcrypto.so.1.1
 (
(ret > 0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
ret > 0)
(ret > 0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
 ? 1 : 0;
executed 2 times by 1 test: return (ret > 0) ? 1 : 0;
Executed by:
  • libcrypto.so.1.1
0-2
150}-
151-
152static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,-
153 struct stack_st_X509 *certs, unsigned long flags)-
154{-
155 X509 *signer;-
156 OCSP_RESPID *rid = &bs->tbsResponseData.responderId;-
157 if ((
(signer = ocsp...k(certs, rid))Description
TRUEevaluated 20 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 37 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
signer = ocsp_find_signer_sk(certs, rid))
(signer = ocsp...k(certs, rid))Description
TRUEevaluated 20 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 37 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		20-37
158 *psigner = signer;-
159 return
executed 20 times by 1 test: return 2;
Executed by:
  • libcrypto.so.1.1
 2;
executed 20 times by 1 test: return 2;
Executed by:
  • libcrypto.so.1.1
20
160 }-
161 if (!(flags & 0x2)
!(flags & 0x2)Description
TRUEevaluated 37 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
 &&		0-37
162 (
(signer = ocsp...->certs, rid))Description
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
signer = ocsp_find_signer_sk(bs->certs, rid))
(signer = ocsp...->certs, rid))Description
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		11-26
163 *psigner = signer;-
164 return
executed 26 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
 1;
executed 26 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
26
165 }-
166-
167-
168 *psigner = -
169 ((void *)0)-
170 ;-
171 return
executed 11 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
 0;
executed 11 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
11
172}-
173-
174static X509 *ocsp_find_signer_sk(struct stack_st_X509 *certs, OCSP_RESPID *id)-
175{-
176 int i;-
177 unsigned char tmphash[20], *keyhash;-
178 X509 *x;-
179-
180-
181 if (id->type == 0
id->type == 0Description
TRUEevaluated 23 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 71 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		23-71
182 return
executed 23 times by 1 test: return X509_find_by_subject(certs, id->value.byName);
Executed by:
  • libcrypto.so.1.1
 X509_find_by_subject(certs, id->value.byName);
executed 23 times by 1 test: return X509_find_by_subject(certs, id->value.byName);
Executed by:
  • libcrypto.so.1.1
23
183-
184-
185-
186-
187 if (id->value.byKey->length != 20
id->value.byKey->length != 20Description
TRUEnever evaluated
FALSEevaluated 71 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-71
188 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
189 ((void *)0)
never executed: return ((void *)0) ;
0
190 ;
never executed: return ((void *)0) ;
0
191 keyhash = id->value.byKey->data;-
192-
193 for (i = 0; i < sk_X509_num(certs)
i < sk_X509_num(certs)Description
TRUEevaluated 65 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 36 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		36-65
194 x = sk_X509_value(certs, i);-
195 X509_pubkey_digest(x, EVP_sha1(), tmphash, -
196 ((void *)0)-
197 );-
198 if (!memcmp(keyhash, tmphash, 20)
!memcmp(keyhash, tmphash, 20)Description
TRUEevaluated 35 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 30 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		30-35
199 return
executed 35 times by 1 test: return x;
Executed by:
  • libcrypto.so.1.1
 x;
executed 35 times by 1 test: return x;
Executed by:
  • libcrypto.so.1.1
35
200 }
executed 30 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
30
201 return
executed 36 times by 1 test: return ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
executed 36 times by 1 test: return ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
36
202 ((void *)0)
executed 36 times by 1 test: return ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
36
203 ;
executed 36 times by 1 test: return ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
36
204}-
205-
206static int ocsp_check_issuer(OCSP_BASICRESP *bs, struct stack_st_X509 *chain)-
207{-
208 struct stack_st_OCSP_SINGLERESP *sresp;-
209 X509 *signer, *sca;-
210 OCSP_CERTID *caid = -
211 ((void *)0)-
212 ;-
213 int i;-
214 sresp = bs->tbsResponseData.responses;-
215-
216 if (sk_X509_num(chain) <= 0
sk_X509_num(chain) <= 0Description
TRUEnever evaluated
FALSEevaluated 16 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-16
217 ERR_put_error(39,(108),(105),__FILE__,205);-
218 return
never executed: return -1;
 -1;
never executed: return -1;
0
219 }-
220-
221-
222 i = ocsp_check_ids(sresp, &caid);-
223-
224-
225 if (i <= 0
i <= 0Description
TRUEnever evaluated
FALSEevaluated 16 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-16
226 return
never executed: return i;
 i;
never executed: return i;
0
227-
228 signer = sk_X509_value(chain, 0);-
229-
230 if (sk_X509_num(chain) > 1
sk_X509_num(chain) > 1Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		7-9
231 sca = sk_X509_value(chain, 1);-
232 i = ocsp_match_issuerid(sca, caid, sresp);-
233 if (i < 0
i < 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-7
234 return
never executed: return i;
 i;
never executed: return i;
0
235 if (i
iDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		1-6
236-
237 if (ocsp_check_delegated(signer)
ocsp_check_delegated(signer)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
)		0-6
238 return
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
 1;
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
6
239 return
never executed: return 0;
 0;
never executed: return 0;
0
240 }-
241 }
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
242-
243-
244 return
executed 10 times by 1 test: return ocsp_match_issuerid(signer, caid, sresp);
Executed by:
  • libcrypto.so.1.1
 ocsp_match_issuerid(signer, caid, sresp);
executed 10 times by 1 test: return ocsp_match_issuerid(signer, caid, sresp);
Executed by:
  • libcrypto.so.1.1
10
245}-
246static int ocsp_check_ids(struct stack_st_OCSP_SINGLERESP *sresp, OCSP_CERTID **ret)-
247{-
248 OCSP_CERTID *tmpid, *cid;-
249 int i, idcount;-
250-
251 idcount = sk_OCSP_SINGLERESP_num(sresp);-
252 if (idcount <= 0
idcount <= 0Description
TRUEnever evaluated
FALSEevaluated 16 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-16
253 ERR_put_error(39,(107),(111),__FILE__,250)-
254 ;-
255 return
never executed: return -1;
 -1;
never executed: return -1;
0
256 }-
257-
258 cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;-
259-
260 *ret = -
261 ((void *)0)-
262 ;-
263-
264 for (i = 1; i < idcount
i < idcountDescription
TRUEnever evaluated
FALSEevaluated 16 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		0-16
265 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;-
266-
267 if (OCSP_id_issuer_cmp(cid, tmpid)
OCSP_id_issuer_cmp(cid, tmpid)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
268-
269 if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
OBJ_cmp(tmpid-...thm.algorithm)Description
TRUEnever evaluated
FALSEnever evaluated
0
270 cid->hashAlgorithm.algorithm)
OBJ_cmp(tmpid-...thm.algorithm)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
271 return
never executed: return 2;
 2;
never executed: return 2;
0
272-
273 return
never executed: return 0;
 0;
never executed: return 0;
0
274 }-
275 }
never executed: end of block
0
276-
277-
278 *ret = cid;-
279 return
executed 16 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
 1;
executed 16 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
16
280}-
281-
282static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,-
283 struct stack_st_OCSP_SINGLERESP *sresp)-
284{-
285-
286 if (cid
cidDescription
TRUEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-17
287 const EVP_MD *dgst;-
288 X509_NAME *iname;-
289 int mdlen;-
290 unsigned char md[64];-
291 if ((
(dgst = EVP_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
dgst = EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid(cid->hashAlgorithm.algorithm))))
(dgst = EVP_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-17
292 ==
(dgst = EVP_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-17
293 ((void *)0)
(dgst = EVP_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-17
294 ) {-
295 ERR_put_error(39,(109),(119),__FILE__,288)-
296 ;-
297 return
never executed: return -1;
 -1;
never executed: return -1;
0
298 }-
299-
300 mdlen = EVP_MD_size(dgst);-
301 if (mdlen < 0
mdlen < 0Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-17
302 return
never executed: return -1;
 -1;
never executed: return -1;
0
303 if ((
(cid->issuerNa...ngth != mdlen)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
cid->issuerNameHash.length != mdlen)
(cid->issuerNa...ngth != mdlen)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 ||		0-17
304 (
(cid->issuerKe...ngth != mdlen)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
cid->issuerKeyHash.length != mdlen)
(cid->issuerKe...ngth != mdlen)Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-17
305 return
never executed: return 0;
 0;
never executed: return 0;
0
306 iname = X509_get_subject_name(cert);-
307 if (!X509_NAME_digest(iname, dgst, md,
!X509_NAME_dig... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-17
308 ((void *)0)
!X509_NAME_dig... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-17
309 )
!X509_NAME_dig... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-17
310 return
never executed: return -1;
 -1;
never executed: return -1;
0
311 if (memcmp(md, cid->issuerNameHash.data, mdlen)
memcmp(md, cid...h.data, mdlen)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		4-13
312 return
executed 4 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
 0;
executed 4 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
4
313 X509_pubkey_digest(cert, dgst, md, -
314 ((void *)0)-
315 );-
316 if (memcmp(md, cid->issuerKeyHash.data, mdlen)
memcmp(md, cid...h.data, mdlen)Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-13
317 return
never executed: return 0;
 0;
never executed: return 0;
0
318-
319 return
executed 13 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
 1;
executed 13 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
13
320-
321 } else {-
322-
323 int i, ret;-
324 OCSP_CERTID *tmpid;-
325 for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp)
i < sk_OCSP_SI...ESP_num(sresp)Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
326 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;-
327 ret = ocsp_match_issuerid(cert, tmpid, -
328 ((void *)0)-
329 );-
330 if (ret <= 0
ret <= 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
331 return
never executed: return ret;
 ret;
never executed: return ret;
0
332 }
never executed: end of block
0
333 return
never executed: return 1;
 1;
never executed: return 1;
0
334 }-
335-
336}-
337-
338static int ocsp_check_delegated(X509 *x)-
339{-
340 if ((
(X509_get_exte...lags(x) & 0x4)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
X509_get_extension_flags(x) & 0x4)
(X509_get_exte...lags(x) & 0x4)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-6
341 && (
(X509_get_exte...age(x) & 0x20)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
X509_get_extended_key_usage(x) & 0x20)
(X509_get_exte...age(x) & 0x20)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
)		0-6
342 return
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
 1;
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
6
343 ERR_put_error(39,(106),(103),__FILE__,329);-
344 return
never executed: return 0;
 0;
never executed: return 0;
0
345}-
346-
347-
348-
349-
350-
351-
352-
353int OCSP_request_verify(OCSP_REQUEST *req, struct stack_st_X509 *certs,-
354 X509_STORE *store, unsigned long flags)-
355{-
356 X509 *signer;-
357 X509_NAME *nm;-
358 GENERAL_NAME *gen;-
359 int ret = 0;-
360 X509_STORE_CTX *ctx = X509_STORE_CTX_new();-
361-
362 if (ctx ==
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
363 ((void *)0)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
364 ) {-
365 ERR_put_error(39,(116),((1|64)),__FILE__,349);-
366 goto
never executed: goto err;
 err;
never executed: goto err;
0
367 }-
368-
369 if (!req->optionalSignature
!req->optionalSignatureDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
370 ERR_put_error(39,(116),(128),__FILE__,354);-
371 goto
never executed: goto err;
 err;
never executed: goto err;
0
372 }-
373 gen = req->tbsRequest.requestorName;-
374 if (!gen
!genDescription
TRUEnever evaluated
FALSEnever evaluated
 || gen->type != 4
gen->type != 4Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
375 ERR_put_error(39,(116),(129),__FILE__,360)-
376 ;-
377 goto
never executed: goto err;
 err;
never executed: goto err;
0
378 }-
379 nm = gen->d.directoryName;-
380 ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);-
381 if (ret <= 0
ret <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
382 ERR_put_error(39,(116),(118),__FILE__,367)-
383 ;-
384 goto
never executed: goto err;
 err;
never executed: goto err;
0
385 }-
386 if ((
(ret == 2)Description
TRUEnever evaluated
FALSEnever evaluated
ret == 2)
(ret == 2)Description
TRUEnever evaluated
FALSEnever evaluated
 && (
(flags & 0x200)Description
TRUEnever evaluated
FALSEnever evaluated
flags & 0x200)
(flags & 0x200)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
387 flags |= 0x10;
never executed: flags |= 0x10;
0
388 if (!(flags & 0x4)
!(flags & 0x4)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
389 EVP_PKEY *skey;-
390 skey = X509_get0_pubkey(signer);-
391 ret = ASN1_item_verify((&(OCSP_REQINFO_it)), &(req)->optionalSignature->signatureAlgorithm, (req)->optionalSignature->signature,&(req)->tbsRequest,skey);-
392 if (ret <= 0
ret <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
393 ERR_put_error(39,(116),(117),__FILE__,377);-
394 goto
never executed: goto err;
 err;
never executed: goto err;
0
395 }-
396 }
never executed: end of block
0
397 if (!(flags & 0x10)
!(flags & 0x10)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
398 int init_res;-
399 if (flags & 0x8
flags & 0x8Description
TRUEnever evaluated
FALSEnever evaluated
)		0
400 init_res = X509_STORE_CTX_init(ctx, store, signer,
never executed: init_res = X509_STORE_CTX_init(ctx, store, signer, ((void *)0) );
0
401 ((void *)0)
never executed: init_res = X509_STORE_CTX_init(ctx, store, signer, ((void *)0) );
0
402 );
never executed: init_res = X509_STORE_CTX_init(ctx, store, signer, ((void *)0) );
0
403 else-
404 init_res = X509_STORE_CTX_init(ctx, store, signer,
never executed: init_res = X509_STORE_CTX_init(ctx, store, signer, req->optionalSignature->certs);
0
405 req->optionalSignature->certs);
never executed: init_res = X509_STORE_CTX_init(ctx, store, signer, req->optionalSignature->certs);
0
406 if (!init_res
!init_resDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
407 ERR_put_error(39,(116),(11),__FILE__,389);-
408 goto
never executed: goto err;
 err;
never executed: goto err;
0
409 }-
410-
411 X509_STORE_CTX_set_purpose(ctx, 8);-
412 X509_STORE_CTX_set_trust(ctx, 7);-
413 ret = X509_verify_cert(ctx);-
414 if (ret <= 0
ret <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
415 ret = X509_STORE_CTX_get_error(ctx);-
416 ERR_put_error(39,(116),(101),__FILE__,399)-
417 ;-
418 ERR_add_error_data(2, "Verify error:",-
419 X509_verify_cert_error_string(ret));-
420 goto
never executed: goto err;
 err;
never executed: goto err;
0
421 }-
422 }
never executed: end of block
0
423 ret = 1;-
424 goto
never executed: goto end;
 end;
never executed: goto end;
0
425-
426err:-
427 ret = 0;-
428end:
code before this statement never executed: end:
0
429 X509_STORE_CTX_free(ctx);-
430 return
never executed: return ret;
 ret;
never executed: return ret;
0
431-
432}-
433-
434static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,-
435 X509_NAME *nm, struct stack_st_X509 *certs,-
436 unsigned long flags)-
437{-
438 X509 *signer;-
439 if (!(flags & 0x2)
!(flags & 0x2)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
440 signer = X509_find_by_subject(req->optionalSignature->certs, nm);-
441 if (signer
signerDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
442 *psigner = signer;-
443 return
never executed: return 1;
 1;
never executed: return 1;
0
444 }-
445 }
never executed: end of block
0
446-
447 signer = X509_find_by_subject(certs, nm);-
448 if (signer
signerDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
449 *psigner = signer;-
450 return
never executed: return 2;
 2;
never executed: return 2;
0
451 }-
452 return
never executed: return 0;
 0;
never executed: return 0;
0
453}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2