OpenCoverage

ts_rsp_verify.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/ts/ts_rsp_verify.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3-
4-
5static int TS_verify_cert(X509_STORE *store, struct stack_st_X509 *untrusted,-
6 X509 *signer, struct stack_st_X509 **chain);-
7static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, struct stack_st_X509 *chain);-
8static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si);-
9static int TS_find_cert(struct stack_st_ESS_CERT_ID *cert_ids, X509 *cert);-
10static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo);-
11static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,-
12 PKCS7 *token, TS_TST_INFO *tst_info);-
13static int TS_check_status_info(TS_RESP *response);-
14static char *TS_get_status_text(struct stack_st_ASN1_UTF8STRING *text);-
15static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info);-
16static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,-
17 X509_ALGOR **md_alg,-
18 unsigned char **imprint, unsigned *imprint_len);-
19static int TS_check_imprints(X509_ALGOR *algor_a,-
20 unsigned char *imprint_a, unsigned len_a,-
21 TS_TST_INFO *tst_info);-
22static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);-
23static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);-
24static int TS_find_name(struct stack_st_GENERAL_NAME *gen_names, GENERAL_NAME *name);-
25-
26-
27-
28-
29-
30-
31static const char *TS_status_text[] = {-
32 "granted",-
33 "grantedWithMods",-
34 "rejection",-
35 "waiting",-
36 "revocationWarning",-
37 "revocationNotification"-
38};-
39static struct {-
40 int code;-
41 const char *text;-
42} TS_failure_info[] = {-
43 { 0, "badAlg" },-
44 { 2, "badRequest" },-
45 { 5, "badDataFormat" },-
46 { 14, "timeNotAvailable" },-
47 { 15, "unacceptedPolicy" },-
48 { 16, "unacceptedExtension" },-
49 { 17, "addInfoNotAvailable" },-
50 { 25, "systemFailure" }-
51};-
52int-
53TS_RESP_verify_signature(PKCS7 *token, struct stack_st_X509 *certs,-
54 X509_STORE *store, X509 **signer_out)-
55{-
56 struct stack_st_PKCS7_SIGNER_INFO *sinfos = -
57 ((void *)0)-
58 ;-
59 PKCS7_SIGNER_INFO *si;-
60 struct stack_st_X509 *signers = -
61 ((void *)0)-
62 ;-
63 X509 *signer;-
64 struct stack_st_X509 *chain = -
65 ((void *)0)-
66 ;-
67 char buf[4096];-
68 int i, j = 0, ret = 0;-
69 BIO *p7bio = -
70 ((void *)0)-
71 ;-
72-
73-
74 if (!token
!tokenDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
75 ERR_put_error(47,(0xfff),(102),__FILE__,158);-
76 goto
never executed: goto err;
 err;
never executed: goto err;
0
77 }-
78-
79-
80 if (!(OBJ_obj2nid((token)->type) == 22)
!(OBJ_obj2nid(...->type) == 22)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
81 ERR_put_error(47,(0xfff),(114),__FILE__,164);-
82 goto
never executed: goto err;
 err;
never executed: goto err;
0
83 }-
84-
85-
86 sinfos = PKCS7_get_signer_info(token);-
87 if (!sinfos
!sinfosDescription
TRUEnever evaluated
FALSEnever evaluated
 || sk_num(((_STACK*) (1 ? (sinfos) : (struct stack_st_PKCS7_SIGNER_INFO*)0))) != 1
sk_num(((_STAC...NFO*)0))) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
88 ERR_put_error(47,(0xfff),(110),__FILE__,171);-
89 goto
never executed: goto err;
 err;
never executed: goto err;
0
90 }-
91 si = ((PKCS7_SIGNER_INFO *)sk_value(((_STACK*) (1 ? (sinfos) : (struct stack_st_PKCS7_SIGNER_INFO*)0)), (0)));-
92-
93-
94 if (PKCS7_ctrl(token,2,0,
PKCS7_ctrl(tok... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
95 ((void *)0)
PKCS7_ctrl(tok... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
96 )
PKCS7_ctrl(tok... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
97 ERR_put_error(47,(0xfff),(106),__FILE__,178);-
98 goto
never executed: goto err;
 err;
never executed: goto err;
0
99 }-
100-
101-
102-
103 signers = PKCS7_get0_signers(token, certs, 0);-
104 if (!signers
!signersDescription
TRUEnever evaluated
FALSEnever evaluated
 || sk_num(((_STACK*) (1 ? (signers) : (struct stack_st_X509*)0))) != 1
sk_num(((_STAC...509*)0))) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
105 goto
never executed: goto err;
 err;
never executed: goto err;
0
106 signer = ((X509 *)sk_value(((_STACK*) (1 ? (signers) : (struct stack_st_X509*)0)), (0)));-
107-
108-
109 if (!TS_verify_cert(store, certs, signer, &chain)
!TS_verify_cer...igner, &chain)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
110 goto
never executed: goto err;
 err;
never executed: goto err;
0
111-
112-
113-
114 if (!TS_check_signing_certs(si, chain)
!TS_check_sign...rts(si, chain)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
115 goto
never executed: goto err;
 err;
never executed: goto err;
0
116-
117-
118 p7bio = PKCS7_dataInit(token, -
119 ((void *)0)-
120 );-
121-
122-
123 while ((
(i = BIO_read(...eof(buf))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
i = BIO_read(p7bio, buf, sizeof(buf))) > 0
(i = BIO_read(...eof(buf))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
124 ;
never executed: ;
0
125-
126-
127 j = PKCS7_signatureVerify(p7bio, token, si, signer);-
128 if (j <= 0
j <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
129 ERR_put_error(47,(0xfff),(109),__FILE__,208);-
130 goto
never executed: goto err;
 err;
never executed: goto err;
0
131 }-
132-
133-
134 if (signer_out
signer_outDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
135 *signer_out = signer;-
136 CRYPTO_add_lock(&signer->references,1,3,__FILE__,215);-
137 }
never executed: end of block
0
138-
139 ret = 1;-
140-
141err:
code before this statement never executed: err:
0
142 BIO_free_all(p7bio);-
143 sk_pop_free(((_STACK*) (1 ? (chain) : (struct stack_st_X509*)0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 *))0))));-
144 sk_free(((_STACK*) (1 ? (signers) : (struct stack_st_X509*)0)));-
145-
146 return
never executed: return ret;
 ret;
never executed: return ret;
0
147}-
148-
149-
150-
151-
152-
153static int-
154TS_verify_cert(X509_STORE *store, struct stack_st_X509 *untrusted, X509 *signer,-
155 struct stack_st_X509 **chain)-
156{-
157 X509_STORE_CTX cert_ctx;-
158 int i;-
159 int ret = 0;-
160-
161-
162 *chain = -
163 ((void *)0)-
164 ;-
165 if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0
X509_STORE_CTX...ntrusted) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
166 ERR_put_error(47,(0xfff),(11),__FILE__,243);-
167 goto
never executed: goto err;
 err;
never executed: goto err;
0
168 }-
169 if (X509_STORE_CTX_set_purpose(&cert_ctx,
X509_STORE_CTX...t_ctx, 9) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
170 9) == 0
X509_STORE_CTX...t_ctx, 9) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
171 goto
never executed: goto err;
 err;
never executed: goto err;
0
172 i = X509_verify_cert(&cert_ctx);-
173 if (i <= 0
i <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
174 int j = X509_STORE_CTX_get_error(&cert_ctx);-
175-
176 ERR_put_error(47,(0xfff),(100),__FILE__,253);-
177 ERR_asprintf_error_data("Verify error:%s",-
178 X509_verify_cert_error_string(j));-
179 goto
never executed: goto err;
 err;
never executed: goto err;
0
180 } else {-
181-
182 *chain = X509_STORE_CTX_get1_chain(&cert_ctx);-
183 ret = 1;-
184 }
never executed: end of block
0
185-
186err:
code before this statement never executed: err:
0
187 X509_STORE_CTX_cleanup(&cert_ctx);-
188-
189 return
never executed: return ret;
 ret;
never executed: return ret;
0
190}-
191-
192static int-
193TS_check_signing_certs(PKCS7_SIGNER_INFO *si, struct stack_st_X509 *chain)-
194{-
195 ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si);-
196 struct stack_st_ESS_CERT_ID *cert_ids = -
197 ((void *)0)-
198 ;-
199 X509 *cert;-
200 int i = 0;-
201 int ret = 0;-
202-
203 if (!ss
!ssDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
204 goto
never executed: goto err;
 err;
never executed: goto err;
0
205 cert_ids = ss->cert_ids;-
206-
207 cert = ((X509 *)sk_value(((_STACK*) (1 ? (chain) : (struct stack_st_X509*)0)), (0)));-
208 if (TS_find_cert(cert_ids, cert) != 0
TS_find_cert(c...ds, cert) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
209 goto
never executed: goto err;
 err;
never executed: goto err;
0
210-
211-
212-
213 if (sk_num(((_STACK*) (1 ? (cert_ids) : (struct stack_st_ESS_CERT_ID*)0))) > 1
sk_num(((_STAC...T_ID*)0))) > 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
214-
215 for (i = 1; i < sk_num(((_STACK*) (1 ? (chain) : (struct stack_st_X509*)0)))
i < sk_num(((_..._st_X509*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
216 cert = ((X509 *)sk_value(((_STACK*) (1 ? (chain) : (struct stack_st_X509*)0)), (i)));-
217 if (TS_find_cert(cert_ids, cert) < 0
TS_find_cert(c...ids, cert) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
218 goto
never executed: goto err;
 err;
never executed: goto err;
0
219 }
never executed: end of block
0
220 }
never executed: end of block
0
221 ret = 1;-
222-
223err:
code before this statement never executed: err:
0
224 if (!ret
!retDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
225 ERR_put_error(47,(0xfff),(101),__FILE__,300);
never executed: ERR_put_error(47,(0xfff),(101),__FILE__,300);
0
226 ESS_SIGNING_CERT_free(ss);-
227 return
never executed: return ret;
 ret;
never executed: return ret;
0
228}-
229-
230static ESS_SIGNING_CERT *-
231ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)-
232{-
233 ASN1_TYPE *attr;-
234 const unsigned char *p;-
235-
236 attr = PKCS7_get_signed_attribute(si,-
237 223);-
238 if (!attr
!attrDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
239 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
240 ((void *)0)
never executed: return ((void *)0) ;
0
241 ;
never executed: return ((void *)0) ;
0
242 if (attr->type != 16
attr->type != 16Description
TRUEnever evaluated
FALSEnever evaluated
)		0
243 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
244 ((void *)0)
never executed: return ((void *)0) ;
0
245 ;
never executed: return ((void *)0) ;
0
246 p = attr->value.sequence->data;-
247 return
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
 d2i_ESS_SIGNING_CERT(
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
0
248 ((void *)0)
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
0
249 , &p, attr->value.sequence->length);
never executed: return d2i_ESS_SIGNING_CERT( ((void *)0) , &p, attr->value.sequence->length);
0
250}-
251-
252-
253static int-
254TS_find_cert(struct stack_st_ESS_CERT_ID *cert_ids, X509 *cert)-
255{-
256 int i;-
257-
258 if (!cert_ids
!cert_idsDescription
TRUEnever evaluated
FALSEnever evaluated
 || !cert
!certDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
259 return
never executed: return -1;
 -1;
never executed: return -1;
0
260-
261-
262 X509_check_purpose(cert, -1, 0);-
263-
264-
265 for (i = 0; i < sk_num(((_STACK*) (1 ? (cert_ids) : (struct stack_st_ESS_CERT_ID*)0)))
i < sk_num(((_..._CERT_ID*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
266 ESS_CERT_ID *cid = ((ESS_CERT_ID *)sk_value(((_STACK*) (1 ? (cert_ids) : (struct stack_st_ESS_CERT_ID*)0)), (i)));-
267-
268-
269 if (cid->hash->length == sizeof(cert->sha1_hash)
cid->hash->len...rt->sha1_hash)Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
270 !memcmp(cid->hash->data, cert->sha1_hash,
!memcmp(cid->h...t->sha1_hash))Description
TRUEnever evaluated
FALSEnever evaluated
0
271 sizeof(cert->sha1_hash))
!memcmp(cid->h...t->sha1_hash))Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
272-
273 ESS_ISSUER_SERIAL *is = cid->issuer_serial;-
274 if (!is
!isDescription
TRUEnever evaluated
FALSEnever evaluated
 || !TS_issuer_serial_cmp(is, cert->cert_info)
!TS_issuer_ser...rt->cert_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
275 return
never executed: return i;
 i;
never executed: return i;
0
276 }
never executed: end of block
0
277 }
never executed: end of block
0
278-
279 return
never executed: return -1;
 -1;
never executed: return -1;
0
280}-
281-
282static int-
283TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)-
284{-
285 GENERAL_NAME *issuer;-
286-
287 if (!is
!isDescription
TRUEnever evaluated
FALSEnever evaluated
 || !cinfo
!cinfoDescription
TRUEnever evaluated
FALSEnever evaluated
 || sk_num(((_STACK*) (1 ? (is->issuer) : (struct stack_st_GENERAL_NAME*)0))) != 1
sk_num(((_STAC...AME*)0))) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
288 return
never executed: return -1;
 -1;
never executed: return -1;
0
289-
290-
291 issuer = ((GENERAL_NAME *)sk_value(((_STACK*) (1 ? (is->issuer) : (struct stack_st_GENERAL_NAME*)0)), (0)));-
292 if (issuer->type != 4
issuer->type != 4Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
293 X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)
X509_NAME_cmp(...cinfo->issuer)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
294 return
never executed: return -1;
 -1;
never executed: return -1;
0
295-
296-
297 if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)
ASN1_INTEGER_c...>serialNumber)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
298 return
never executed: return -1;
 -1;
never executed: return -1;
0
299-
300 return
never executed: return 0;
 0;
never executed: return 0;
0
301}-
302-
303-
304-
305-
306-
307-
308-
309int-
310TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)-
311{-
312 PKCS7 *token = TS_RESP_get_token(response);-
313 TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);-
314 int ret = 0;-
315-
316-
317 if (!TS_check_status_info(response)
!TS_check_stat...info(response)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
318 goto
never executed: goto err;
 err;
never executed: goto err;
0
319-
320-
321 if (!int_TS_RESP_verify_token(ctx, token, tst_info)
!int_TS_RESP_v...ken, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
322 goto
never executed: goto err;
 err;
never executed: goto err;
0
323-
324 ret = 1;-
325-
326err:
code before this statement never executed: err:
0
327 return
never executed: return ret;
 ret;
never executed: return ret;
0
328}-
329-
330-
331-
332-
333-
334int-
335TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)-
336{-
337 TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);-
338 int ret = 0;-
339-
340 if (tst_info
tst_infoDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
341 ret = int_TS_RESP_verify_token(ctx, token, tst_info);-
342 TS_TST_INFO_free(tst_info);-
343 }
never executed: end of block
0
344 return
never executed: return ret;
 ret;
never executed: return ret;
0
345}-
346static int-
347int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token,-
348 TS_TST_INFO *tst_info)-
349{-
350 X509 *signer = -
351 ((void *)0)-
352 ;-
353 GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info);-
354 X509_ALGOR *md_alg = -
355 ((void *)0)-
356 ;-
357 unsigned char *imprint = -
358 ((void *)0)-
359 ;-
360 unsigned imprint_len = 0;-
361 int ret = 0;-
362-
363-
364 if ((
(ctx->flags & (1u << 0))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 0))
(ctx->flags & (1u << 0))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
365 !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)
!TS_RESP_verif...tore, &signer)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
366 goto
never executed: goto err;
 err;
never executed: goto err;
0
367-
368-
369 if ((
(ctx->flags & (1u << 1))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 1))
(ctx->flags & (1u << 1))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
370 TS_TST_INFO_get_version(tst_info) != 1
TS_TST_INFO_ge...tst_info) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
371 ERR_put_error(47,(0xfff),(113),__FILE__,447);-
372 goto
never executed: goto err;
 err;
never executed: goto err;
0
373 }-
374-
375-
376 if ((
(ctx->flags & (1u << 2))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 2))
(ctx->flags & (1u << 2))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
377 !TS_check_policy(ctx->policy, tst_info)
!TS_check_poli...icy, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
378 goto
never executed: goto err;
 err;
never executed: goto err;
0
379-
380-
381 if ((
(ctx->flags & (1u << 3))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 3))
(ctx->flags & (1u << 3))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
382 !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
!TS_check_impr...len, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
0
383 tst_info)
!TS_check_impr...len, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
384 goto
never executed: goto err;
 err;
never executed: goto err;
0
385-
386-
387 if ((
(ctx->flags & (1u << 4))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 4))
(ctx->flags & (1u << 4))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
388 (!TS_compute_imprint(ctx->data, tst_info,
!TS_compute_im... &imprint_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
389 &md_alg, &imprint, &imprint_len)
!TS_compute_im... &imprint_len)Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
390 !TS_check_imprints(md_alg, imprint, imprint_len, tst_info)
!TS_check_impr...len, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
))		0
391 goto
never executed: goto err;
 err;
never executed: goto err;
0
392-
393-
394 if ((
(ctx->flags & (1u << 5))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 5))
(ctx->flags & (1u << 5))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
395 !TS_check_nonces(ctx->nonce, tst_info)
!TS_check_nonc...nce, tst_info)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
396 goto
never executed: goto err;
 err;
never executed: goto err;
0
397-
398-
399 if ((
(ctx->flags & (1u << 6))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 6))
(ctx->flags & (1u << 6))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
400 tsa_name
tsa_nameDescription
TRUEnever evaluated
FALSEnever evaluated
 && !TS_check_signer_name(tsa_name, signer)
!TS_check_sign..._name, signer)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
401 ERR_put_error(47,(0xfff),(111),__FILE__,477);-
402 goto
never executed: goto err;
 err;
never executed: goto err;
0
403 }-
404-
405-
406 if ((
(ctx->flags & (1u << 7))Description
TRUEnever evaluated
FALSEnever evaluated
ctx->flags & (1u << 7))
(ctx->flags & (1u << 7))Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
407 !TS_check_signer_name(ctx->tsa_name, signer)
!TS_check_sign..._name, signer)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
408 ERR_put_error(47,(0xfff),(112),__FILE__,484);-
409 goto
never executed: goto err;
 err;
never executed: goto err;
0
410 }-
411-
412 ret = 1;-
413-
414err:
code before this statement never executed: err:
0
415 X509_free(signer);-
416 X509_ALGOR_free(md_alg);-
417 free(imprint);-
418 return
never executed: return ret;
 ret;
never executed: return ret;
0
419}-
420-
421static int-
422TS_check_status_info(TS_RESP *response)-
423{-
424 TS_STATUS_INFO *info = TS_RESP_get_status_info(response);-
425 long status = ASN1_INTEGER_get(info->status);-
426 const char *status_text = -
427 ((void *)0)-
428 ;-
429 char *embedded_status_text = -
430 ((void *)0)-
431 ;-
432 char failure_text[256] = "";-
433-
434-
435 if (status == 0
status == 0Description
TRUEnever evaluated
FALSEnever evaluated
 || status == 1
status == 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
436 return
never executed: return 1;
 1;
never executed: return 1;
0
437-
438-
439 if (0 <= status
0 <= statusDescription
TRUEnever evaluated
FALSEnever evaluated
 && status < (long)(sizeof(TS_status_text)/sizeof(*TS_status_text))
status < (long..._status_text))Description
TRUEnever evaluated
FALSEnever evaluated
)		0
440 status_text = TS_status_text[status];
never executed: status_text = TS_status_text[status];
0
441 else-
442 status_text = "unknown code";
never executed: status_text = "unknown code";
0
443-
444-
445 if (sk_num(((_STACK*) (1 ? (info->text) : (struct stack_st_ASN1_UTF8STRING*)0))) > 0
sk_num(((_STAC...RING*)0))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
446 !(embedded_status_text = TS_get_status_text(info->text))
!(embedded_sta...t(info->text))Description
TRUEnever evaluated
FALSEnever evaluated
)		0
447 return
never executed: return 0;
 0;
never executed: return 0;
0
448-
449-
450 if (info->failure_info
info->failure_infoDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
451 int i;-
452 int first = 1;-
453 for (i = 0; i < (int)(sizeof(TS_failure_info) / sizeof(*TS_failure_info))
i < (int)(size...failure_info))Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
454 if (ASN1_BIT_STRING_get_bit(info->failure_info,
ASN1_BIT_STRIN..._info[i].code)Description
TRUEnever evaluated
FALSEnever evaluated
0
455 TS_failure_info[i].code)
ASN1_BIT_STRIN..._info[i].code)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
456 if (!first
!firstDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
457 strlcat(failure_text, ",",
never executed: strlcat(failure_text, ",", 256);
0
458 256);
never executed: strlcat(failure_text, ",", 256);
0
459 else-
460 first = 0;
never executed: first = 0;
0
461 strlcat(failure_text, TS_failure_info[i].text,-
462 256);-
463 }
never executed: end of block
0
464 }
never executed: end of block
0
465 }
never executed: end of block
0
466 if (failure_text[0] == '\0'
failure_text[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
)		0
467 strlcpy(failure_text, "unspecified", 256);
never executed: strlcpy(failure_text, "unspecified", 256);
0
468-
469-
470 ERR_put_error(47,(0xfff),(107),__FILE__,542);-
471 ERR_asprintf_error_data-
472 ("status code: %s, status text: %s, failure codes: %s",-
473 status_text,-
474 embedded_status_text ? embedded_status_text : "unspecified",-
475 failure_text);-
476 free(embedded_status_text);-
477-
478 return
never executed: return 0;
 0;
never executed: return 0;
0
479}-
480-
481static char *-
482TS_get_status_text(struct stack_st_ASN1_UTF8STRING *text)-
483{-
484 int i;-
485 unsigned int length = 0;-
486 char *result = -
487 ((void *)0)-
488 ;-
489-
490-
491 for (i = 0; i < sk_num(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING*)0)))
i < sk_num(((_...F8STRING*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
492 ASN1_UTF8STRING *current = ((ASN1_UTF8STRING *)sk_value(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING*)0)), (i)));-
493 length += ASN1_STRING_length(current);-
494 length += 1;-
495 }
never executed: end of block
0
496-
497 if (!(result = malloc(length))
!(result = malloc(length))Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
498 ERR_put_error(47,(0xfff),((1|64)),__FILE__,568);-
499 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
500 ((void *)0)
never executed: return ((void *)0) ;
0
501 ;
never executed: return ((void *)0) ;
0
502 }-
503-
504 result[0] = '\0';-
505 for (i = 0; i < sk_num(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING*)0)))
i < sk_num(((_...F8STRING*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
; ++i) {		0
506 ASN1_UTF8STRING *current = ((ASN1_UTF8STRING *)sk_value(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING*)0)), (i)));-
507 if (i > 0
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
508 strlcat(result, "/", length);
never executed: strlcat(result, "/", length);
0
509 strlcat(result, (const char *)ASN1_STRING_data(current), length);-
510 }
never executed: end of block
0
511 return
never executed: return result;
 result;
never executed: return result;
0
512}-
513-
514static int-
515TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)-
516{-
517 ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);-
518-
519 if (OBJ_cmp(req_oid, resp_oid) != 0
OBJ_cmp(req_oi...resp_oid) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
520 ERR_put_error(47,(0xfff),(108),__FILE__,588);-
521 return
never executed: return 0;
 0;
never executed: return 0;
0
522 }-
523-
524 return
never executed: return 1;
 1;
never executed: return 1;
0
525}-
526-
527static int-
528TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg,-
529 unsigned char **imprint, unsigned *imprint_len)-
530{-
531 TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);-
532 X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);-
533 const EVP_MD *md;-
534 EVP_MD_CTX md_ctx;-
535 unsigned char buffer[4096];-
536 int length;-
537-
538 *md_alg = -
539 ((void *)0)-
540 ;-
541 *imprint = -
542 ((void *)0)-
543 ;-
544-
545-
546 if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))
!(*md_alg = X5...(md_alg_resp))Description
TRUEnever evaluated
FALSEnever evaluated
)		0
547 goto
never executed: goto err;
 err;
never executed: goto err;
0
548-
549-
550 if (!(md = EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid((*md_alg)->algorithm))))
!(md = EVP_get...>algorithm))))Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
551 ERR_put_error(47,(0xfff),(126),__FILE__,615);-
552 goto
never executed: goto err;
 err;
never executed: goto err;
0
553 }-
554-
555-
556 length = EVP_MD_size(md);-
557 if (length < 0
length < 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
558 goto
never executed: goto err;
 err;
never executed: goto err;
0
559 *imprint_len = length;-
560 if (!(*imprint = malloc(*imprint_len))
!(*imprint = m...*imprint_len))Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
561 ERR_put_error(47,(0xfff),((1|64)),__FILE__,625);-
562 goto
never executed: goto err;
 err;
never executed: goto err;
0
563 }-
564-
565 if (!EVP_DigestInit(&md_ctx, md)
!EVP_DigestInit(&md_ctx, md)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
566 goto
never executed: goto err;
 err;
never executed: goto err;
0
567 while ((
(length = BIO_...(buffer))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
length = BIO_read(data, buffer, sizeof(buffer))) > 0
(length = BIO_...(buffer))) > 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
568 if (!EVP_DigestUpdate(&md_ctx, buffer, length)
!EVP_DigestUpd...uffer, length)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
569 goto
never executed: goto err;
 err;
never executed: goto err;
0
570 }
never executed: end of block
0
571 if (!EVP_DigestFinal(&md_ctx, *imprint,
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
572 ((void *)0)
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
573 )
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
)		0
574 goto
never executed: goto err;
 err;
never executed: goto err;
0
575-
576 return
never executed: return 1;
 1;
never executed: return 1;
0
577-
578err:-
579 X509_ALGOR_free(*md_alg);-
580 free(*imprint);-
581 *imprint = -
582 ((void *)0)-
583 ;-
584 *imprint_len = 0;-
585 return
never executed: return 0;
 0;
never executed: return 0;
0
586}-
587-
588static int-
589TS_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a,-
590 TS_TST_INFO *tst_info)-
591{-
592 TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info);-
593 X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b);-
594 int ret = 0;-
595-
596-
597 if (algor_a
algor_aDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
598-
599 if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)
OBJ_cmp(algor_..._b->algorithm)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
600 goto
never executed: goto err;
 err;
never executed: goto err;
0
601-
602-
603 if ((algor_a->parameter
algor_a->parameterDescription
TRUEnever evaluated
FALSEnever evaluated
 &&		0
604 ASN1_TYPE_get(algor_a->parameter) != 5
ASN1_TYPE_get(...arameter) != 5Description
TRUEnever evaluated
FALSEnever evaluated
) ||		0
605 (algor_b->parameter
algor_b->parameterDescription
TRUEnever evaluated
FALSEnever evaluated
 &&		0
606 ASN1_TYPE_get(algor_b->parameter) != 5
ASN1_TYPE_get(...arameter) != 5Description
TRUEnever evaluated
FALSEnever evaluated
))		0
607 goto
never executed: goto err;
 err;
never executed: goto err;
0
608 }
never executed: end of block
0
609-
610-
611 ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg)
len_a == (unsi...b->hashed_msg)Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
612 memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0
memcmp(imprint...), len_a) == 0Description
TRUEnever evaluated
FALSEnever evaluated
;		0
613-
614err:
code before this statement never executed: err:
0
615 if (!ret
!retDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
616 ERR_put_error(47,(0xfff),(103),__FILE__,676);
never executed: ERR_put_error(47,(0xfff),(103),__FILE__,676);
0
617 return
never executed: return ret;
 ret;
never executed: return ret;
0
618}-
619-
620static int-
621TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)-
622{-
623 const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);-
624-
625-
626 if (!b
!bDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
627 ERR_put_error(47,(0xfff),(105),__FILE__,687);-
628 return
never executed: return 0;
 0;
never executed: return 0;
0
629 }-
630-
631-
632 if (ASN1_INTEGER_cmp(a, b) != 0
ASN1_INTEGER_cmp(a, b) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
633 ERR_put_error(47,(0xfff),(104),__FILE__,693);-
634 return
never executed: return 0;
 0;
never executed: return 0;
0
635 }-
636-
637 return
never executed: return 1;
 1;
never executed: return 1;
0
638}-
639-
640-
641-
642static int-
643TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)-
644{-
645 struct stack_st_GENERAL_NAME *gen_names = -
646 ((void *)0)-
647 ;-
648 int idx = -1;-
649 int found = 0;-
650-
651 if (signer ==
signer == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
652 ((void *)0)
signer == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
653 )-
654 return
never executed: return 0;
 0;
never executed: return 0;
0
655-
656-
657 if (tsa_name->type == 4
tsa_name->type == 4Description
TRUEnever evaluated
FALSEnever evaluated
 &&		0
658 X509_NAME_cmp((tsa_name->d.dirn),(signer->cert_info->subject)) == 0
X509_NAME_cmp(...subject)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
659 return
never executed: return 1;
 1;
never executed: return 1;
0
660-
661-
662 gen_names = X509_get_ext_d2i(signer, 85,-
663 -
664 ((void *)0)-
665 , &idx);-
666 while (gen_names !=
gen_names != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
667 ((void *)0)
gen_names != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
668 &&-
669 !(found = (TS_find_name(gen_names, tsa_name) >= 0))
!(found = (TS_...a_name) >= 0))Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
670-
671-
672 GENERAL_NAMES_free(gen_names);-
673 gen_names = X509_get_ext_d2i(signer, 85,-
674 -
675 ((void *)0)-
676 , &idx);-
677 }
never executed: end of block
0
678 if (gen_names
gen_namesDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
679 GENERAL_NAMES_free(gen_names);
never executed: GENERAL_NAMES_free(gen_names);
0
680-
681 return
never executed: return found;
 found;
never executed: return found;
0
682}-
683-
684-
685static int-
686TS_find_name(struct stack_st_GENERAL_NAME *gen_names, GENERAL_NAME *name)-
687{-
688 int i, found;-
689 for (i = 0, found = 0; !found
!foundDescription
TRUEnever evaluated
FALSEnever evaluated
 && i < sk_num(((_STACK*) (1 ? (gen_names) : (struct stack_st_GENERAL_NAME*)0)))
i < sk_num(((_...RAL_NAME*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
;		0
690 ++i) {-
691 GENERAL_NAME *current = ((GENERAL_NAME *)sk_value(((_STACK*) (1 ? (gen_names) : (struct stack_st_GENERAL_NAME*)0)), (i)));-
692 found = GENERAL_NAME_cmp(current, name) == 0;-
693 }
never executed: end of block
0
694 return
never executed: return found ? i - 1 : -1;
 found
foundDescription
TRUEnever evaluated
FALSEnever evaluated
 ? i - 1 : -1;
never executed: return found ? i - 1 : -1;
0
695}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2