OpenCoverage

ocsp_srv.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ocsp/ocsp_srv.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include <stdio.h>-
11#include "internal/cryptlib.h"-
12#include <openssl/objects.h>-
13#include <openssl/x509.h>-
14#include <openssl/pem.h>-
15#include <openssl/x509v3.h>-
16#include <openssl/ocsp.h>-
17#include "ocsp_lcl.h"-
18-
19/*-
20 * Utility functions related to sending OCSP responses and extracting-
21 * relevant information from the request.-
22 */-
23-
24int OCSP_request_onereq_count(OCSP_REQUEST *req)-
25{-
26 return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
never executed: return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
0
27}-
28-
29OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)-
30{-
31 return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
never executed: return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
0
32}-
33-
34OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)-
35{-
36 return one->reqCert;
never executed: return one->reqCert;
0
37}-
38-
39int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,-
40 ASN1_OCTET_STRING **pikeyHash,-
41 ASN1_INTEGER **pserial, OCSP_CERTID *cid)-
42{-
43 if (!cid)
!cidDescription
TRUEnever evaluated
FALSEnever evaluated
0
44 return 0;
never executed: return 0;
0
45 if (pmd)
pmdDescription
TRUEnever evaluated
FALSEnever evaluated
0
46 *pmd = cid->hashAlgorithm.algorithm;
never executed: *pmd = cid->hashAlgorithm.algorithm;
0
47 if (piNameHash)
piNameHashDescription
TRUEnever evaluated
FALSEnever evaluated
0
48 *piNameHash = &cid->issuerNameHash;
never executed: *piNameHash = &cid->issuerNameHash;
0
49 if (pikeyHash)
pikeyHashDescription
TRUEnever evaluated
FALSEnever evaluated
0
50 *pikeyHash = &cid->issuerKeyHash;
never executed: *pikeyHash = &cid->issuerKeyHash;
0
51 if (pserial)
pserialDescription
TRUEnever evaluated
FALSEnever evaluated
0
52 *pserial = &cid->serialNumber;
never executed: *pserial = &cid->serialNumber;
0
53 return 1;
never executed: return 1;
0
54}-
55-
56int OCSP_request_is_signed(OCSP_REQUEST *req)-
57{-
58 if (req->optionalSignature)
req->optionalSignatureDescription
TRUEnever evaluated
FALSEnever evaluated
0
59 return 1;
never executed: return 1;
0
60 return 0;
never executed: return 0;
0
61}-
62-
63/* Create an OCSP response and encode an optional basic response */-
64OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)-
65{-
66 OCSP_RESPONSE *rsp = NULL;-
67-
68 if ((rsp = OCSP_RESPONSE_new()) == NULL)
(rsp = OCSP_RE...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
69 goto err;
never executed: goto err;
0
70 if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
!(ASN1_ENUMERA...atus, status))Description
TRUEnever evaluated
FALSEnever evaluated
0
71 goto err;
never executed: goto err;
0
72 if (!bs)
!bsDescription
TRUEnever evaluated
FALSEnever evaluated
0
73 return rsp;
never executed: return rsp;
0
74 if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL)
(rsp->response...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
75 goto err;
never executed: goto err;
0
76 rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);-
77 if (!ASN1_item_pack
!ASN1_item_pac...tes->response)Description
TRUEnever evaluated
FALSEnever evaluated
0
78 (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
!ASN1_item_pac...tes->response)Description
TRUEnever evaluated
FALSEnever evaluated
0
79 goto err;
never executed: goto err;
0
80 return rsp;
never executed: return rsp;
0
81 err:-
82 OCSP_RESPONSE_free(rsp);-
83 return NULL;
never executed: return ((void *)0) ;
0
84}-
85-
86OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,-
87 OCSP_CERTID *cid,-
88 int status, int reason,-
89 ASN1_TIME *revtime,-
90 ASN1_TIME *thisupd,-
91 ASN1_TIME *nextupd)-
92{-
93 OCSP_SINGLERESP *single = NULL;-
94 OCSP_CERTSTATUS *cs;-
95 OCSP_REVOKEDINFO *ri;-
96-
97 if (rsp->tbsResponseData.responses == NULL
rsp->tbsRespon...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
98 && (rsp->tbsResponseData.responses
(rsp->tbsRespo...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
99 = sk_OCSP_SINGLERESP_new_null()) == NULL)
(rsp->tbsRespo...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
100 goto err;
never executed: goto err;
0
101-
102 if ((single = OCSP_SINGLERESP_new()) == NULL)
(single = OCSP...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
103 goto err;
never executed: goto err;
0
104-
105 if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
!ASN1_TIME_to_...e->thisUpdate)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
106 goto err;
never executed: goto err;
0
107 if (nextupd &&
nextupdDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-2
108 !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
!ASN1_TIME_to_...e->nextUpdate)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
109 goto err;
never executed: goto err;
0
110-
111 OCSP_CERTID_free(single->certId);-
112-
113 if ((single->certId = OCSP_CERTID_dup(cid)) == NULL)
(single->certI...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
114 goto err;
never executed: goto err;
0
115-
116 cs = single->certStatus;-
117 switch (cs->type = status) {-
118 case V_OCSP_CERTSTATUS_REVOKED:
never executed: case 1:
0
119 if (!revtime) {
!revtimeDescription
TRUEnever evaluated
FALSEnever evaluated
0
120 OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);-
121 goto err;
never executed: goto err;
0
122 }-
123 if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL)
(cs->value.rev...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
124 goto err;
never executed: goto err;
0
125 if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
!ASN1_TIME_to_...evocationTime)Description
TRUEnever evaluated
FALSEnever evaluated
0
126 goto err;
never executed: goto err;
0
127 if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
reason != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
128 if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL)
(ri->revocatio...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
129 goto err;
never executed: goto err;
0
130 if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason)))
!(ASN1_ENUMERA...ason, reason))Description
TRUEnever evaluated
FALSEnever evaluated
0
131 goto err;
never executed: goto err;
0
132 }
never executed: end of block
0
133 break;
never executed: break;
0
134-
135 case V_OCSP_CERTSTATUS_GOOD:
never executed: case 0:
0
136 if ((cs->value.good = ASN1_NULL_new()) == NULL)
(cs->value.goo...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
137 goto err;
never executed: goto err;
0
138 break;
never executed: break;
0
139-
140 case V_OCSP_CERTSTATUS_UNKNOWN:
executed 2 times by 1 test: case 2:
Executed by:
  • libcrypto.so.1.1
2
141 if ((cs->value.unknown = ASN1_NULL_new()) == NULL)
(cs->value.unk...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
142 goto err;
never executed: goto err;
0
143 break;
executed 2 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
2
144-
145 default:
never executed: default:
0
146 goto err;
never executed: goto err;
0
147-
148 }-
149 if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
!(sk_OCSP_SING...nses, single))Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
150 goto err;
never executed: goto err;
0
151 return single;
executed 2 times by 1 test: return single;
Executed by:
  • libcrypto.so.1.1
2
152 err:-
153 OCSP_SINGLERESP_free(single);-
154 return NULL;
never executed: return ((void *)0) ;
0
155}-
156-
157/* Add a certificate to an OCSP request */-
158-
159int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)-
160{-
161 if (resp->certs == NULL
resp->certs == ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
162 && (resp->certs = sk_X509_new_null()) == NULL)
(resp->certs =...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
163 return 0;
never executed: return 0;
0
164-
165 if (!sk_X509_push(resp->certs, cert))
!sk_X509_push(...->certs, cert)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
166 return 0;
never executed: return 0;
0
167 X509_up_ref(cert);-
168 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
1
169}-
170-
171/*-
172 * Sign an OCSP response using the parameters contained in the digest context,-
173 * set the responderID to the subject name in the signer's certificate, and-
174 * include one or more optional certificates in the response.-
175 */-
176-
177int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,-
178 X509 *signer, EVP_MD_CTX *ctx,-
179 STACK_OF(X509) *certs, unsigned long flags)-
180{-
181 int i;-
182 OCSP_RESPID *rid;-
183 EVP_PKEY *pkey;-
184-
185 if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
EVP_MD_CTX_pke...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
186 OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY);-
187 goto err;
never executed: goto err;
0
188 }-
189-
190 pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));-
191 if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
pkey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!X509_check_pr...(signer, pkey)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
192 OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,-
193 OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);-
194 goto err;
never executed: goto err;
0
195 }-
196-
197 if (!(flags & OCSP_NOCERTS)) {
!(flags & 0x1)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
1
198 if (!OCSP_basic_add1_cert(brsp, signer))
!OCSP_basic_ad...(brsp, signer)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
199 goto err;
never executed: goto err;
0
200 for (i = 0; i < sk_X509_num(certs); i++) {
i < sk_X509_num(certs)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
201 X509 *tmpcert = sk_X509_value(certs, i);-
202 if (!OCSP_basic_add1_cert(brsp, tmpcert))
!OCSP_basic_ad...brsp, tmpcert)Description
TRUEnever evaluated
FALSEnever evaluated
0
203 goto err;
never executed: goto err;
0
204 }
never executed: end of block
0
205 }
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
206-
207 rid = &brsp->tbsResponseData.responderId;-
208 if (flags & OCSP_RESPID_KEY) {
flags & 0x400Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
209 if (!OCSP_RESPID_set_by_key(rid, signer))
!OCSP_RESPID_s...y(rid, signer)Description
TRUEnever evaluated
FALSEnever evaluated
0
210 goto err;
never executed: goto err;
0
211 } else if (!OCSP_RESPID_set_by_name(rid, signer)) {
never executed: end of block
!OCSP_RESPID_s...e(rid, signer)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
212 goto err;
never executed: goto err;
0
213 }-
214-
215 if (!(flags & OCSP_NOTIME) &&
!(flags & 0x800)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-2
216 !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
!X509_gmtime_a...producedAt, 0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
217 goto err;
never executed: goto err;
0
218-
219 /*-
220 * Right now, I think that not doing double hashing is the right thing.-
221 * -- Richard Levitte-
222 */-
223-
224 if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0))
!ASN1_item_sig...ponseData,ctx)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
225 goto err;
never executed: goto err;
0
226-
227 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
2
228 err:-
229 return 0;
never executed: return 0;
0
230}-
231-
232int OCSP_basic_sign(OCSP_BASICRESP *brsp,-
233 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,-
234 STACK_OF(X509) *certs, unsigned long flags)-
235{-
236 EVP_MD_CTX *ctx = EVP_MD_CTX_new();-
237 EVP_PKEY_CTX *pkctx = NULL;-
238 int i;-
239-
240 if (ctx == NULL)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
241 return 0;
never executed: return 0;
0
242-
243 if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) {
!EVP_DigestSig...id *)0) , key)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
244 EVP_MD_CTX_free(ctx);-
245 return 0;
never executed: return 0;
0
246 }-
247 i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags);-
248 EVP_MD_CTX_free(ctx);-
249 return i;
executed 2 times by 1 test: return i;
Executed by:
  • libcrypto.so.1.1
2
250}-
251-
252int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert)-
253{-
254 if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert)))
!X509_NAME_set...ct_name(cert))Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
255 return 0;
never executed: return 0;
0
256-
257 respid->type = V_OCSP_RESPID_NAME;-
258-
259 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
2
260}-
261-
262int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert)-
263{-
264 ASN1_OCTET_STRING *byKey = NULL;-
265 unsigned char md[SHA_DIGEST_LENGTH];-
266-
267 /* RFC2560 requires SHA1 */-
268 if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
!X509_pubkey_d... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
269 return 0;
never executed: return 0;
0
270-
271 byKey = ASN1_OCTET_STRING_new();-
272 if (byKey == NULL)
byKey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
273 return 0;
never executed: return 0;
0
274-
275 if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) {
!(ASN1_OCTET_S...yKey, md, 20))Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
276 ASN1_OCTET_STRING_free(byKey);-
277 return 0;
never executed: return 0;
0
278 }-
279-
280 respid->type = V_OCSP_RESPID_KEY;-
281 respid->value.byKey = byKey;-
282-
283 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
1
284}-
285-
286int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert)-
287{-
288 if (respid->type == V_OCSP_RESPID_KEY) {
respid->type == 1Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
289 unsigned char md[SHA_DIGEST_LENGTH];-
290-
291 if (respid->value.byKey == NULL)
respid->value....== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
292 return 0;
never executed: return 0;
0
293-
294 /* RFC2560 requires SHA1 */-
295 if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
!X509_pubkey_d... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
296 return 0;
never executed: return 0;
0
297-
298 return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH)
executed 1 time by 1 test: return (ASN1_STRING_length(respid->value.byKey) == 20) && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, 20) == 0);
Executed by:
  • libcrypto.so.1.1
(ASN1_STRING_l....byKey) == 20)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
299 && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md,
executed 1 time by 1 test: return (ASN1_STRING_length(respid->value.byKey) == 20) && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, 20) == 0);
Executed by:
  • libcrypto.so.1.1
(memcmp(ASN1_S... md, 20) == 0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
300 SHA_DIGEST_LENGTH) == 0);
executed 1 time by 1 test: return (ASN1_STRING_length(respid->value.byKey) == 20) && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, 20) == 0);
Executed by:
  • libcrypto.so.1.1
(memcmp(ASN1_S... md, 20) == 0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
301 } else if (respid->type == V_OCSP_RESPID_NAME) {
respid->type == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
302 if (respid->value.byName == NULL)
respid->value....== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
303 return 0;
never executed: return 0;
0
304-
305 return X509_NAME_cmp(respid->value.byName,
never executed: return X509_NAME_cmp(respid->value.byName, X509_get_subject_name(cert)) == 0;
0
306 X509_get_subject_name(cert)) == 0;
never executed: return X509_NAME_cmp(respid->value.byName, X509_get_subject_name(cert)) == 0;
0
307 }-
308-
309 return 0;
never executed: return 0;
0
310}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2