OpenCoverage

ct_sct.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ct/ct_sct.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#ifdef OPENSSL_NO_CT-
11# error "CT disabled"-
12#endif-
13-
14#include <openssl/ct.h>-
15#include <openssl/err.h>-
16#include <openssl/evp.h>-
17#include <openssl/tls1.h>-
18#include <openssl/x509.h>-
19-
20#include "ct_locl.h"-
21-
22SCT *SCT_new(void)-
23{-
24 SCT *sct = OPENSSL_zalloc(sizeof(*sct));-
25-
26 if (sct == NULL) {
sct == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 14203 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-14203
27 CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);-
28 return NULL;
never executed: return ((void *)0) ;
0
29 }-
30-
31 sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;-
32 sct->version = SCT_VERSION_NOT_SET;-
33 return sct;
executed 14203 times by 1 test: return sct;
Executed by:
  • libcrypto.so.1.1
14203
34}-
35-
36void SCT_free(SCT *sct)-
37{-
38 if (sct == NULL)
sct == ((void *)0)Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14203 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
8-14203
39 return;
executed 8 times by 1 test: return;
Executed by:
  • libcrypto.so.1.1
8
40-
41 OPENSSL_free(sct->log_id);-
42 OPENSSL_free(sct->ext);-
43 OPENSSL_free(sct->sig);-
44 OPENSSL_free(sct->sct);-
45 OPENSSL_free(sct);-
46}
executed 14203 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
14203
47-
48void SCT_LIST_free(STACK_OF(SCT) *a)-
49{-
50 sk_SCT_pop_free(a, SCT_free);-
51}
executed 12972 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
12972
52-
53int SCT_set_version(SCT *sct, sct_version_t version)-
54{-
55 if (version != SCT_VERSION_V1) {
version != SCT_VERSION_V1Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
56 CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);-
57 return 0;
never executed: return 0;
0
58 }-
59 sct->version = version;-
60 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
61 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
1
62}-
63-
64int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)-
65{-
66 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
67-
68 switch (entry_type) {-
69 case CT_LOG_ENTRY_TYPE_X509:
executed 2721 times by 1 test: case CT_LOG_ENTRY_TYPE_X509:
Executed by:
  • libcrypto.so.1.1
2721
70 case CT_LOG_ENTRY_TYPE_PRECERT:
executed 656 times by 1 test: case CT_LOG_ENTRY_TYPE_PRECERT:
Executed by:
  • libcrypto.so.1.1
656
71 sct->entry_type = entry_type;-
72 return 1;
executed 3377 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
3377
73 case CT_LOG_ENTRY_TYPE_NOT_SET:
never executed: case CT_LOG_ENTRY_TYPE_NOT_SET:
0
74 break;
never executed: break;
0
75 }-
76 CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);-
77 return 0;
never executed: return 0;
0
78}-
79-
80int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)-
81{-
82 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
sct->version == SCT_VERSION_V1Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
log_id_len != 32Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
83 CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);-
84 return 0;
never executed: return 0;
0
85 }-
86-
87 OPENSSL_free(sct->log_id);-
88 sct->log_id = log_id;-
89 sct->log_id_len = log_id_len;-
90 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
91 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
1
92}-
93-
94int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)-
95{-
96 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
sct->version == SCT_VERSION_V1Description
TRUEnever evaluated
FALSEnever evaluated
log_id_len != 32Description
TRUEnever evaluated
FALSEnever evaluated
0
97 CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);-
98 return 0;
never executed: return 0;
0
99 }-
100-
101 OPENSSL_free(sct->log_id);-
102 sct->log_id = NULL;-
103 sct->log_id_len = 0;-
104 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
105-
106 if (log_id != NULL && log_id_len > 0) {
log_id != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
log_id_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
107 sct->log_id = OPENSSL_memdup(log_id, log_id_len);-
108 if (sct->log_id == NULL) {
sct->log_id == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
109 CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);-
110 return 0;
never executed: return 0;
0
111 }-
112 sct->log_id_len = log_id_len;-
113 }
never executed: end of block
0
114 return 1;
never executed: return 1;
0
115}-
116-
117-
118void SCT_set_timestamp(SCT *sct, uint64_t timestamp)-
119{-
120 sct->timestamp = timestamp;-
121 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
122}
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
123-
124int SCT_set_signature_nid(SCT *sct, int nid)-
125{-
126 switch (nid) {-
127 case NID_sha256WithRSAEncryption:
never executed: case 668:
0
128 sct->hash_alg = TLSEXT_hash_sha256;-
129 sct->sig_alg = TLSEXT_signature_rsa;-
130 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
131 return 1;
never executed: return 1;
0
132 case NID_ecdsa_with_SHA256:
never executed: case 794:
0
133 sct->hash_alg = TLSEXT_hash_sha256;-
134 sct->sig_alg = TLSEXT_signature_ecdsa;-
135 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
136 return 1;
never executed: return 1;
0
137 default:
never executed: default:
0
138 CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);-
139 return 0;
never executed: return 0;
0
140 }-
141}-
142-
143void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)-
144{-
145 OPENSSL_free(sct->ext);-
146 sct->ext = ext;-
147 sct->ext_len = ext_len;-
148 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
149}
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
150-
151int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)-
152{-
153 OPENSSL_free(sct->ext);-
154 sct->ext = NULL;-
155 sct->ext_len = 0;-
156 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
157-
158 if (ext != NULL && ext_len > 0) {
ext != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ext_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
159 sct->ext = OPENSSL_memdup(ext, ext_len);-
160 if (sct->ext == NULL) {
sct->ext == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
161 CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);-
162 return 0;
never executed: return 0;
0
163 }-
164 sct->ext_len = ext_len;-
165 }
never executed: end of block
0
166 return 1;
never executed: return 1;
0
167}-
168-
169void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)-
170{-
171 OPENSSL_free(sct->sig);-
172 sct->sig = sig;-
173 sct->sig_len = sig_len;-
174 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
175}
never executed: end of block
0
176-
177int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)-
178{-
179 OPENSSL_free(sct->sig);-
180 sct->sig = NULL;-
181 sct->sig_len = 0;-
182 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
183-
184 if (sig != NULL && sig_len > 0) {
sig != ((void *)0)Description
TRUEevaluated 2362 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
sig_len > 0Description
TRUEevaluated 761 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1601 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2362
185 sct->sig = OPENSSL_memdup(sig, sig_len);-
186 if (sct->sig == NULL) {
sct->sig == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 761 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-761
187 CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);-
188 return 0;
never executed: return 0;
0
189 }-
190 sct->sig_len = sig_len;-
191 }
executed 761 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
761
192 return 1;
executed 2362 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
2362
193}-
194-
195sct_version_t SCT_get_version(const SCT *sct)-
196{-
197 return sct->version;
never executed: return sct->version;
0
198}-
199-
200ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct)-
201{-
202 return sct->entry_type;
executed 9 times by 1 test: return sct->entry_type;
Executed by:
  • libcrypto.so.1.1
9
203}-
204-
205size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id)-
206{-
207 *log_id = sct->log_id;-
208 return sct->log_id_len;
never executed: return sct->log_id_len;
0
209}-
210-
211uint64_t SCT_get_timestamp(const SCT *sct)-
212{-
213 return sct->timestamp;
never executed: return sct->timestamp;
0
214}-
215-
216int SCT_get_signature_nid(const SCT *sct)-
217{-
218 if (sct->version == SCT_VERSION_V1) {
sct->version == SCT_VERSION_V1Description
TRUEevaluated 6573 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-6573
219 if (sct->hash_alg == TLSEXT_hash_sha256) {
sct->hash_alg == 4Description
TRUEevaluated 6505 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 68 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
68-6505
220 switch (sct->sig_alg) {-
221 case TLSEXT_signature_ecdsa:
executed 3152 times by 1 test: case 3:
Executed by:
  • libcrypto.so.1.1
3152
222 return NID_ecdsa_with_SHA256;
executed 3152 times by 1 test: return 794;
Executed by:
  • libcrypto.so.1.1
3152
223 case TLSEXT_signature_rsa:
executed 3324 times by 1 test: case 1:
Executed by:
  • libcrypto.so.1.1
3324
224 return NID_sha256WithRSAEncryption;
executed 3324 times by 1 test: return 668;
Executed by:
  • libcrypto.so.1.1
3324
225 default:
executed 29 times by 1 test: default:
Executed by:
  • libcrypto.so.1.1
29
226 return NID_undef;
executed 29 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
29
227 }-
228 }-
229 }
executed 68 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
68
230 return NID_undef;
executed 68 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
68
231}-
232-
233size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext)-
234{-
235 *ext = sct->ext;-
236 return sct->ext_len;
never executed: return sct->ext_len;
0
237}-
238-
239size_t SCT_get0_signature(const SCT *sct, unsigned char **sig)-
240{-
241 *sig = sct->sig;-
242 return sct->sig_len;
never executed: return sct->sig_len;
0
243}-
244-
245int SCT_is_complete(const SCT *sct)-
246{-
247 switch (sct->version) {-
248 case SCT_VERSION_NOT_SET:
never executed: case SCT_VERSION_NOT_SET:
0
249 return 0;
never executed: return 0;
0
250 case SCT_VERSION_V1:
executed 1154 times by 1 test: case SCT_VERSION_V1:
Executed by:
  • libcrypto.so.1.1
1154
251 return sct->log_id != NULL && SCT_signature_is_complete(sct);
executed 1154 times by 1 test: return sct->log_id != ((void *)0) && SCT_signature_is_complete(sct);
Executed by:
  • libcrypto.so.1.1
sct->log_id != ((void *)0)Description
TRUEevaluated 1154 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
SCT_signature_is_complete(sct)Description
TRUEevaluated 1134 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 20 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1154
252 default:
executed 8860 times by 1 test: default:
Executed by:
  • libcrypto.so.1.1
8860
253 return sct->sct != NULL; /* Just need cached encoding */
executed 8860 times by 1 test: return sct->sct != ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
8860
254 }-
255}-
256-
257int SCT_signature_is_complete(const SCT *sct)-
258{-
259 return SCT_get_signature_nid(sct) != NID_undef &&
executed 1703 times by 1 test: return SCT_get_signature_nid(sct) != 0 && sct->sig != ((void *)0) && sct->sig_len > 0;
Executed by:
  • libcrypto.so.1.1
SCT_get_signat..._nid(sct) != 0Description
TRUEevaluated 1703 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1703
260 sct->sig != NULL && sct->sig_len > 0;
executed 1703 times by 1 test: return SCT_get_signature_nid(sct) != 0 && sct->sig != ((void *)0) && sct->sig_len > 0;
Executed by:
  • libcrypto.so.1.1
sct->sig != ((void *)0)Description
TRUEevaluated 1683 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 20 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
sct->sig_len > 0Description
TRUEevaluated 1683 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1703
261}-
262-
263sct_source_t SCT_get_source(const SCT *sct)-
264{-
265 return sct->source;
executed 9 times by 1 test: return sct->source;
Executed by:
  • libcrypto.so.1.1
9
266}-
267-
268int SCT_set_source(SCT *sct, sct_source_t source)-
269{-
270 sct->source = source;-
271 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;-
272 switch (source) {-
273 case SCT_SOURCE_TLS_EXTENSION:
executed 2 times by 1 test: case SCT_SOURCE_TLS_EXTENSION:
Executed by:
  • libcrypto.so.1.1
2
274 case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
executed 2718 times by 1 test: case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
Executed by:
  • libcrypto.so.1.1
2718
275 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
executed 2720 times by 1 test: return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
Executed by:
  • libcrypto.so.1.1
2720
276 case SCT_SOURCE_X509V3_EXTENSION:
executed 656 times by 1 test: case SCT_SOURCE_X509V3_EXTENSION:
Executed by:
  • libcrypto.so.1.1
656
277 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
executed 656 times by 1 test: return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
Executed by:
  • libcrypto.so.1.1
656
278 case SCT_SOURCE_UNKNOWN:
never executed: case SCT_SOURCE_UNKNOWN:
0
279 break;
never executed: break;
0
280 }-
281 /* if we aren't sure, leave the log entry type alone */-
282 return 1;
never executed: return 1;
0
283}-
284-
285sct_validation_status_t SCT_get_validation_status(const SCT *sct)-
286{-
287 return sct->validation_status;
executed 9 times by 1 test: return sct->validation_status;
Executed by:
  • libcrypto.so.1.1
9
288}-
289-
290int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)-
291{-
292 int is_sct_valid = -1;-
293 SCT_CTX *sctx = NULL;-
294 X509_PUBKEY *pub = NULL, *log_pkey = NULL;-
295 const CTLOG *log;-
296-
297 /*-
298 * With an unrecognized SCT version we don't know what such an SCT means,-
299 * let alone validate one. So we return validation failure (0).-
300 */-
301 if (sct->version != SCT_VERSION_V1) {
sct->version != SCT_VERSION_V1Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
302 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;-
303 return 0;
never executed: return 0;
0
304 }-
305-
306 log = CTLOG_STORE_get0_log_by_id(ctx->log_store,-
307 sct->log_id, sct->log_id_len);-
308-
309 /* Similarly, an SCT from an unknown log also cannot be validated. */-
310 if (log == NULL) {
log == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
311 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;-
312 return 0;
never executed: return 0;
0
313 }-
314-
315 sctx = SCT_CTX_new();-
316 if (sctx == NULL)
sctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
317 goto err;
never executed: goto err;
0
318-
319 if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
X509_PUBKEY_se...key(log)) != 1Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
320 goto err;
never executed: goto err;
0
321 if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
SCT_CTX_set1_p...log_pkey) != 1Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
322 goto err;
never executed: goto err;
0
323-
324 if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
SCT_get_log_en...Y_TYPE_PRECERTDescription
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-9
325 EVP_PKEY *issuer_pkey;-
326-
327 if (ctx->issuer == NULL) {
ctx->issuer == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
328 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;-
329 goto end;
never executed: goto end;
0
330 }-
331-
332 issuer_pkey = X509_get0_pubkey(ctx->issuer);-
333-
334 if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
X509_PUBKEY_se...uer_pkey) != 1Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
335 goto err;
never executed: goto err;
0
336 if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
SCT_CTX_set1_i...ctx, pub) != 1Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
337 goto err;
never executed: goto err;
0
338 }
executed 9 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
9
339-
340 SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);-
341-
342 /*-
343 * XXX: Potential for optimization. This repeats some idempotent heavy-
344 * lifting on the certificate for each candidate SCT, and appears to not-
345 * use any information in the SCT itself, only the certificate is-
346 * processed. So it may make more sense to to do this just once, perhaps-
347 * associated with the shared (by all SCTs) policy eval ctx.-
348 *-
349 * XXX: Failure here is global (SCT independent) and represents either an-
350 * issue with the certificate (e.g. duplicate extensions) or an out of-
351 * memory condition. When the certificate is incompatible with CT, we just-
352 * mark the SCTs invalid, rather than report a failure to determine the-
353 * validation status. That way, callbacks that want to do "soft" SCT-
354 * processing will not abort handshakes with false positive internal-
355 * errors. Since the function does not distinguish between certificate-
356 * issues (peer's fault) and internal problems (out fault) the safe thing-
357 * to do is to report a validation failure and let the callback or-
358 * application decide what to do.-
359 */-
360 if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
SCT_CTX_set1_c...id *)0) ) != 1Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
361 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
never executed: sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
0
362 else-
363 sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
executed 9 times by 1 test: sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
Executed by:
  • libcrypto.so.1.1
SCT_CTX_verify(sctx, sct) == 1Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-9
364 SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
executed 9 times by 1 test: sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
Executed by:
  • libcrypto.so.1.1
9
365-
366end:
code before this statement executed 9 times by 1 test: end:
Executed by:
  • libcrypto.so.1.1
9
367 is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;-
368err:
code before this statement executed 9 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
9
369 X509_PUBKEY_free(pub);-
370 X509_PUBKEY_free(log_pkey);-
371 SCT_CTX_free(sctx);-
372-
373 return is_sct_valid;
executed 9 times by 1 test: return is_sct_valid;
Executed by:
  • libcrypto.so.1.1
9
374}-
375-
376int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)-
377{-
378 int are_scts_valid = 1;-
379 int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
scts != ((void *)0)Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-9
380 int i;-
381-
382 for (i = 0; i < sct_count; ++i) {
i < sct_countDescription
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
9
383 int is_sct_valid = -1;-
384 SCT *sct = sk_SCT_value(scts, i);-
385-
386 if (sct == NULL)
sct == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
387 continue;
never executed: continue;
0
388-
389 is_sct_valid = SCT_validate(sct, ctx);-
390 if (is_sct_valid < 0)
is_sct_valid < 0Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-9
391 return is_sct_valid;
never executed: return is_sct_valid;
0
392 are_scts_valid &= is_sct_valid;-
393 }
executed 9 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
9
394-
395 return are_scts_valid;
executed 9 times by 1 test: return are_scts_valid;
Executed by:
  • libcrypto.so.1.1
9
396}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2