OpenCoverage

ct_sct_ctx.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ct/ct_sct_ctx.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #ifdef OPENSSL_NO_CT -

11 # error "CT is disabled" -

12 #endif -

13 -

14 #include <stddef.h> -

15 #include <string.h> -

16 -

17 #include <openssl/err.h> -

18 #include <openssl/obj_mac.h> -

19 #include <openssl/x509.h> -

20 -

21 #include "ct_locl.h" -

22 -

23 SCT_CTX *SCT_CTX_new(void) -

24 { -

25 SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx)); -

26 -

if (sctx == NULL)

sctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);

never executed: ERR_put_error(50,(126),((1|64)),__FILE__,28);

29 -

return sctx;

executed 9 times by 1 test: return sctx;

Executed by:

libcrypto.so.1.1

31 } -

32 -

33 void SCT_CTX_free(SCT_CTX *sctx) -

34 { -

if (sctx == NULL)

sctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

return;

never executed: return;

37 EVP_PKEY_free(sctx->pkey); -

38 OPENSSL_free(sctx->pkeyhash); -

39 OPENSSL_free(sctx->ihash); -

40 OPENSSL_free(sctx->certder); -

41 OPENSSL_free(sctx->preder); -

42 OPENSSL_free(sctx); -

}

executed 9 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

44 -

45 /* -

46 * Finds the index of the first extension with the given NID in cert. -

47 * If there is more than one extension with that NID, *is_duplicated is set to -

48 * 1, otherwise 0 (unless it is NULL). -

49 */ -

50 static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) -

51 { -

52 int ret = X509_get_ext_by_NID(cert, nid, -1); -

53 -

if (is_duplicated != NULL)

is_duplicated != ((void *)0)	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-18

*is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;

executed 18 times by 1 test: *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;

Executed by:

libcrypto.so.1.1

ret >= 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

X509_get_ext_b...nid, ret) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-18

56 -

return ret;

executed 18 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

58 } -

59 -

60 /* -

61 * Modifies a certificate by deleting extensions and copying the issuer and -

62 * AKID from the presigner certificate, if necessary. -

63 * Returns 1 on success, 0 otherwise. -

64 */ -

65 __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) -

66 { -

67 int preidx, certidx; -

68 int pre_akid_ext_is_dup, cert_akid_ext_is_dup; -

69 -

if (presigner == NULL)

presigner == ((void *)0)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-9

return 1;

executed 9 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

72 -

73 preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, -

74 &pre_akid_ext_is_dup); -

75 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, -

76 &cert_akid_ext_is_dup); -

77 -

78 /* An error occurred whilst searching for the extension */ -

if (preidx < -1 || certidx < -1)

preidx < -1	Description
TRUE	never evaluated
FALSE	never evaluated

certidx < -1	Description
TRUE	never evaluated
FALSE	never evaluated

return 0;

never executed: return 0;

81 /* Invalid certificate if they contain duplicate extensions */ -

if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)

pre_akid_ext_is_dup	Description
TRUE	never evaluated
FALSE	never evaluated

cert_akid_ext_is_dup	Description
TRUE	never evaluated
FALSE	never evaluated

return 0;

never executed: return 0;

84 /* AKID must be present in both certificate or absent in both */ -

if (preidx >= 0 && certidx == -1)

preidx >= 0	Description
TRUE	never evaluated
FALSE	never evaluated

certidx == -1	Description
TRUE	never evaluated
FALSE	never evaluated

return 0;

never executed: return 0;

if (preidx == -1 && certidx >= 0)

preidx == -1	Description
TRUE	never evaluated
FALSE	never evaluated

certidx >= 0	Description
TRUE	never evaluated
FALSE	never evaluated

return 0;

never executed: return 0;

89 /* Copy issuer name */ -

if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))

!X509_set_issu...me(presigner))	Description
TRUE	never evaluated
FALSE	never evaluated

return 0;

never executed: return 0;

if (preidx != -1) {

preidx != -1	Description
TRUE	never evaluated
FALSE	never evaluated

93 /* Retrieve and copy AKID encoding */ -

94 X509_EXTENSION *preext = X509_get_ext(presigner, preidx); -

95 X509_EXTENSION *certext = X509_get_ext(cert, certidx); -

96 ASN1_OCTET_STRING *preextdata; -

97 -

98 /* Should never happen */ -

if (preext == NULL || certext == NULL)

preext == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

certext == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

100

return 0;

never executed: return 0;

101 preextdata = X509_EXTENSION_get_data(preext); -

102

if (preextdata == NULL ||

preextdata == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

103

!X509_EXTENSION_set_data(certext, preextdata))

!X509_EXTENSIO...t, preextdata)	Description
TRUE	never evaluated
FALSE	never evaluated

104

return 0;

never executed: return 0;

105

}

never executed: end of block

106

return 1;

never executed: return 1;

107 } -

108 -

109 int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) -

110 { -

111 unsigned char *certder = NULL, *preder = NULL; -

112 X509 *pretmp = NULL; -

113 int certderlen = 0, prederlen = 0; -

114 int idx = -1; -

115 int poison_ext_is_dup, sct_ext_is_dup; -

116 int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); -

117 -

118 /* Duplicate poison extensions are present - error */ -

119

if (poison_ext_is_dup)

poison_ext_is_dup	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

120

goto err;

never executed: goto err;

121 -

122 /* If *cert doesn't have a poison extension, it isn't a precert */ -

123

if (poison_idx == -1) {

poison_idx == -1	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-9

124 /* cert isn't a precert, so we shouldn't have a presigner */ -

125

if (presigner != NULL)

presigner != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

126

goto err;

never executed: goto err;

127 -

128 certderlen = i2d_X509(cert, &certder); -

129

if (certderlen < 0)

certderlen < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

130

goto err;

never executed: goto err;

131

}

executed 9 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

132 -

133 /* See if cert has a precert SCTs extension */ -

134 idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); -

135 /* Duplicate SCT extensions are present - error */ -

136

if (sct_ext_is_dup)

sct_ext_is_dup	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

137

goto err;

never executed: goto err;

138 -

139

if (idx >= 0 && poison_idx >= 0) {

idx >= 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

poison_idx >= 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

140 /* -

141 * cert can't both contain SCTs (i.e. have an SCT extension) and be a -

142 * precert (i.e. have a poison extension). -

143 */ -

144

goto err;

never executed: goto err;

145 } -

146 -

147

if (idx == -1) {

idx == -1	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

148 idx = poison_idx; -

149

}

never executed: end of block

150 -

151 /* -

152 * If either a poison or SCT extension is present, remove it before encoding -

153 * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see -

154 * RFC5280) from cert, which is what the CT log signed when it produced the -

155 * SCT. -

156 */ -

157

if (idx >= 0) {

idx >= 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-9

158 X509_EXTENSION *ext; -

159 -

160 /* Take a copy of certificate so we don't modify passed version */ -

161 pretmp = X509_dup(cert); -

162

if (pretmp == NULL)

pretmp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

163

goto err;

never executed: goto err;

164 -

165 ext = X509_delete_ext(pretmp, idx); -

166 X509_EXTENSION_free(ext); -

167 -

168

if (!ct_x509_cert_fixup(pretmp, presigner))

!ct_x509_cert_...mp, presigner)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

169

goto err;

never executed: goto err;

170 -

171 prederlen = i2d_re_X509_tbs(pretmp, &preder); -

172

if (prederlen <= 0)

prederlen <= 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

173

goto err;

never executed: goto err;

174

}

executed 9 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

175 -

176 X509_free(pretmp); -

177 -

178 OPENSSL_free(sctx->certder); -

179 sctx->certder = certder; -

180 sctx->certderlen = certderlen; -

181 -

182 OPENSSL_free(sctx->preder); -

183 sctx->preder = preder; -

184 sctx->prederlen = prederlen; -

185 -

186

return 1;

executed 9 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

187 err: -

188 OPENSSL_free(certder); -

189 OPENSSL_free(preder); -

190 X509_free(pretmp); -

191

return 0;

never executed: return 0;

192 } -

193 -

194 __owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, -

195 size_t *hash_len) -

196 { -

197 int ret = 0; -

198 unsigned char *md = NULL, *der = NULL; -

199 int der_len; -

200 unsigned int md_len; -

201 -

202 /* Reuse buffer if possible */ -

203

if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {

hash != ((void )0)	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 1 test Evaluated by: libcrypto.so.1.1

*hash_len >= 32	Description
TRUE	never evaluated
FALSE	never evaluated

0-18

204 md = *hash; -

205

} else {

never executed: end of block

206 md = OPENSSL_malloc(SHA256_DIGEST_LENGTH); -

207

if (md == NULL)

md == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 1 test Evaluated by: libcrypto.so.1.1

0-18

208

goto err;

never executed: goto err;

209

}

executed 18 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

210 -

211 /* Calculate key hash */ -

212 der_len = i2d_X509_PUBKEY(pkey, &der); -

213

if (der_len <= 0)

der_len <= 0	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 1 test Evaluated by: libcrypto.so.1.1

0-18

214

goto err;

never executed: goto err;

215 -

216

if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))

!EVP_Digest(de... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 1 test Evaluated by: libcrypto.so.1.1

0-18

217

goto err;

never executed: goto err;

218 -

219

if (md != *hash) {

md != *hash	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-18

220 OPENSSL_free(*hash); -

221 *hash = md; -

222 *hash_len = SHA256_DIGEST_LENGTH; -

223

}

executed 18 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

224 -

225 md = NULL; -

226 ret = 1; -

227

err:

code before this statement executed 18 times by 1 test: err:

Executed by:

libcrypto.so.1.1

228 OPENSSL_free(md); -

229 OPENSSL_free(der); -

230

return ret;

executed 18 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

231 } -

232 -

233 int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) -

234 { -

235

return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));

never executed: return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));

236 } -

237 -

238 int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) -

239 { -

240

return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);

executed 9 times by 1 test: return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);

Executed by:

libcrypto.so.1.1

241 } -

242 -

243 int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) -

244 { -

245 EVP_PKEY *pkey = X509_PUBKEY_get(pubkey); -

246 -

247

if (pkey == NULL)

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

248

return 0;

never executed: return 0;

249 -

250

if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {

!ct_public_key...->pkeyhashlen)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1

0-9

251 EVP_PKEY_free(pkey); -

252

return 0;

never executed: return 0;

253 } -

254 -

255 EVP_PKEY_free(sctx->pkey); -

256 sctx->pkey = pkey; -

257

return 1;

executed 9 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

258 } -

259 -

260 void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms) -

261 { -

262 sctx->epoch_time_in_ms = time_in_ms; -

263

}

executed 9 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2