OpenCoverage

v3_purp.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/x509v3/v3_purp.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <stdio.h> -

11 #include "internal/cryptlib.h" -

12 #include "internal/numbers.h" -

13 #include <openssl/x509v3.h> -

14 #include <openssl/x509_vfy.h> -

15 #include "internal/x509_int.h" -

16 #include "internal/tsan_assist.h" -

17 -

18 static void x509v3_cache_extensions(X509 *x); -

19 -

20 static int check_ssl_ca(const X509 *x); -

21 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, -

22 int ca); -

23 static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, -

24 int ca); -

25 static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, -

26 int ca); -

27 static int purpose_smime(const X509 *x, int ca); -

28 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, -

29 int ca); -

30 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, -

31 int ca); -

32 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, -

33 int ca); -

34 static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, -

35 int ca); -

36 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); -

37 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); -

38 -

39 static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b); -

40 static void xptable_free(X509_PURPOSE *p); -

41 -

42 static X509_PURPOSE xstandard[] = { -

43 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, -

44 check_purpose_ssl_client, "SSL client", "sslclient", NULL}, -

45 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, -

46 check_purpose_ssl_server, "SSL server", "sslserver", NULL}, -

47 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, -

48 check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, -

49 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, -

50 "S/MIME signing", "smimesign", NULL}, -

51 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, -

52 check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, -

53 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, -

54 "CRL signing", "crlsign", NULL}, -

55 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", -

56 NULL}, -

57 {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, -

58 "OCSP helper", "ocsphelper", NULL}, -

59 {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, -

60 check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", -

61 NULL}, -

62 }; -

63 -

64 #define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) -

65 -

66 static STACK_OF(X509_PURPOSE) *xptable = NULL; -

67 -

68 static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) -

69 { -

return (*a)->purpose - (*b)->purpose;

never executed: return (*a)->purpose - (*b)->purpose;

71 } -

72 -

73 /* -

74 * As much as I'd like to make X509_check_purpose use a "const" X509* I -

75 * really can't because it does recalculate hashes and do other non-const -

76 * things. -

77 */ -

78 int X509_check_purpose(X509 *x, int id, int ca) -

79 { -

80 int idx; -

81 const X509_PURPOSE *pt; -

82 -

83 x509v3_cache_extensions(x); -

84 -

85 /* Return if side-effect only call */ -

if (id == -1)

id == -1	Description
TRUE	evaluated 38737 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 2605 times by 1 test Evaluated by: libcrypto.so.1.1

2605-38737

return 1;

executed 38737 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

38737

88 idx = X509_PURPOSE_get_by_id(id); -

if (idx == -1)

idx == -1	Description
TRUE	never evaluated
FALSE	evaluated 2605 times by 1 test Evaluated by: libcrypto.so.1.1

0-2605

return -1;

never executed: return -1;

91 pt = X509_PURPOSE_get0(idx); -

return pt->check_purpose(pt, x, ca);

executed 2605 times by 1 test: return pt->check_purpose(pt, x, ca);

Executed by:

libcrypto.so.1.1

2605

93 } -

94 -

95 int X509_PURPOSE_set(int *p, int purpose) -

96 { -

if (X509_PURPOSE_get_by_id(purpose) == -1) {

X509_PURPOSE_g...purpose) == -1	Description
TRUE	never evaluated
FALSE	evaluated 134 times by 1 test Evaluated by: libcrypto.so.1.1

0-134

98 X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); -

return 0;

never executed: return 0;

100 } -

101 *p = purpose; -

102

return 1;

executed 134 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

134

103 } -

104 -

105 int X509_PURPOSE_get_count(void) -

106 { -

107

if (!xptable)

!xptable	Description
TRUE	evaluated 256 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-256

108

return X509_PURPOSE_COUNT;

executed 256 times by 1 test: return (sizeof(xstandard)/sizeof((xstandard)[0]));

Executed by:

libcrypto.so.1.1

256

109

return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;

never executed: return sk_X509_PURPOSE_num(xptable) + (sizeof(xstandard)/sizeof((xstandard)[0]));

110 } -

111 -

112 X509_PURPOSE *X509_PURPOSE_get0(int idx) -

113 { -

114

if (idx < 0)

idx < 0	Description
TRUE	evaluated 4898 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3153 times by 1 test Evaluated by: libcrypto.so.1.1

3153-4898

115

return NULL;

executed 4898 times by 1 test: return ((void *)0) ;

Executed by:

libcrypto.so.1.1

4898

116

if (idx < (int)X509_PURPOSE_COUNT)

idx < (int)(si...standard)[0]))	Description
TRUE	evaluated 3153 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-3153

117

return xstandard + idx;

executed 3153 times by 1 test: return xstandard + idx;

Executed by:

libcrypto.so.1.1

3153

118

return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);

never executed: return sk_X509_PURPOSE_value(xptable, idx - (sizeof(xstandard)/sizeof((xstandard)[0])));

119 } -

120 -

121 int X509_PURPOSE_get_by_sname(const char *sname) -

122 { -

123 int i; -

124 X509_PURPOSE *xptmp; -

125

for (i = 0; i < X509_PURPOSE_get_count(); i++) {

i < X509_PURPOSE_get_count()	Description
TRUE	evaluated 256 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-256

126 xptmp = X509_PURPOSE_get0(i); -

127

if (strcmp(xptmp->sname, sname) == 0)

never executed: __result = (((const unsigned char *) (const char *) ( xptmp->sname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( sname ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 134 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 122 times by 1 test Evaluated by: libcrypto.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-134

128

return i;

executed 134 times by 1 test: return i;

Executed by:

libcrypto.so.1.1

134

129

}

executed 122 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

122

130

return -1;

never executed: return -1;

131 } -

132 -

133 int X509_PURPOSE_get_by_id(int purpose) -

134 { -

135 X509_PURPOSE tmp; -

136 int idx; -

137 -

138

if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))

(purpose >= 1)	Description
TRUE	evaluated 2897 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 4898 times by 1 test Evaluated by: libcrypto.so.1.1

(purpose <= 9)	Description
TRUE	evaluated 2897 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-4898

139

return purpose - X509_PURPOSE_MIN;

executed 2897 times by 1 test: return purpose - 1;

Executed by:

libcrypto.so.1.1

2897

140

if (xptable == NULL)

xptable == ((void *)0)	Description
TRUE	evaluated 4898 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-4898

141

return -1;

executed 4898 times by 1 test: return -1;

Executed by:

libcrypto.so.1.1

4898

142 tmp.purpose = purpose; -

143 idx = sk_X509_PURPOSE_find(xptable, &tmp); -

144

if (idx < 0)

idx < 0	Description
TRUE	never evaluated
FALSE	never evaluated

145

return -1;

never executed: return -1;

146

return idx + X509_PURPOSE_COUNT;

never executed: return idx + (sizeof(xstandard)/sizeof((xstandard)[0]));

147 } -

148 -

149 int X509_PURPOSE_add(int id, int trust, int flags, -

150 int (*ck) (const X509_PURPOSE *, const X509 *, int), -

151 const char *name, const char *sname, void *arg) -

152 { -

153 int idx; -

154 X509_PURPOSE *ptmp; -

155 /* -

156 * This is set according to what we change: application can't set it -

157 */ -

158 flags &= ~X509_PURPOSE_DYNAMIC; -

159 /* This will always be set for application modified trust entries */ -

160 flags |= X509_PURPOSE_DYNAMIC_NAME; -

161 /* Get existing entry if any */ -

162 idx = X509_PURPOSE_get_by_id(id); -

163 /* Need a new entry */ -

164

if (idx == -1) {

idx == -1	Description
TRUE	never evaluated
FALSE	never evaluated

165

if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) {

(ptmp = CRYPTO...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

166 X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -

167

return 0;

never executed: return 0;

168 } -

169 ptmp->flags = X509_PURPOSE_DYNAMIC; -

170

} else

never executed: end of block

171

ptmp = X509_PURPOSE_get0(idx);

never executed: ptmp = X509_PURPOSE_get0(idx);

172 -

173 /* OPENSSL_free existing name if dynamic */ -

174

if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {

ptmp->flags & 0x2	Description
TRUE	never evaluated
FALSE	never evaluated

175 OPENSSL_free(ptmp->name); -

176 OPENSSL_free(ptmp->sname); -

177

}

never executed: end of block

178 /* dup supplied name */ -

179 ptmp->name = OPENSSL_strdup(name); -

180 ptmp->sname = OPENSSL_strdup(sname); -

181

if (!ptmp->name || !ptmp->sname) {

!ptmp->name	Description
TRUE	never evaluated
FALSE	never evaluated

!ptmp->sname	Description
TRUE	never evaluated
FALSE	never evaluated

182 X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -

183

goto err;

never executed: goto err;

184 } -

185 /* Keep the dynamic flag of existing entry */ -

186 ptmp->flags &= X509_PURPOSE_DYNAMIC; -

187 /* Set all other flags */ -

188 ptmp->flags |= flags; -

189 -

190 ptmp->purpose = id; -

191 ptmp->trust = trust; -

192 ptmp->check_purpose = ck; -

193 ptmp->usr_data = arg; -

194 -

195 /* If its a new entry manage the dynamic table */ -

196

if (idx == -1) {

idx == -1	Description
TRUE	never evaluated
FALSE	never evaluated

197

if (xptable == NULL

xptable == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

198

&& (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {

(xptable = sk_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

199 X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -

200

goto err;

never executed: goto err;

201 } -

202

if (!sk_X509_PURPOSE_push(xptable, ptmp)) {

!sk_X509_PURPO...xptable, ptmp)	Description
TRUE	never evaluated
FALSE	never evaluated

203 X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -

204

goto err;

never executed: goto err;

205 } -

206

}

never executed: end of block

207

return 1;

never executed: return 1;

208 err: -

209

if (idx == -1) {

idx == -1	Description
TRUE	never evaluated
FALSE	never evaluated

210 OPENSSL_free(ptmp->name); -

211 OPENSSL_free(ptmp->sname); -

212 OPENSSL_free(ptmp); -

213

}

never executed: end of block

214

return 0;

never executed: return 0;

215 } -

216 -

217 static void xptable_free(X509_PURPOSE *p) -

218 { -

219

if (!p)

!p	Description
TRUE	never evaluated
FALSE	never evaluated

220

return;

never executed: return;

221

if (p->flags & X509_PURPOSE_DYNAMIC) {

p->flags & 0x1	Description
TRUE	never evaluated
FALSE	never evaluated

222

if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {

p->flags & 0x2	Description
TRUE	never evaluated
FALSE	never evaluated

223 OPENSSL_free(p->name); -

224 OPENSSL_free(p->sname); -

225

}

never executed: end of block

226 OPENSSL_free(p); -

227

}

never executed: end of block

228

}

never executed: end of block

229 -

230 void X509_PURPOSE_cleanup(void) -

231 { -

232 sk_X509_PURPOSE_pop_free(xptable, xptable_free); -

233 xptable = NULL; -

234

}

never executed: end of block

235 -

236 int X509_PURPOSE_get_id(const X509_PURPOSE *xp) -

237 { -

238

return xp->purpose;

executed 134 times by 1 test: return xp->purpose;

Executed by:

libcrypto.so.1.1

134

239 } -

240 -

241 char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) -

242 { -

243

return xp->name;

never executed: return xp->name;

244 } -

245 -

246 char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) -

247 { -

248

return xp->sname;

never executed: return xp->sname;

249 } -

250 -

251 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) -

252 { -

253

return xp->trust;

executed 133 times by 1 test: return xp->trust;

Executed by:

libcrypto.so.1.1

133

254 } -

255 -

256 static int nid_cmp(const int *a, const int *b) -

257 { -

258

return *a - *b;

executed 15812 times by 1 test: return *a - *b;

Executed by:

libcrypto.so.1.1

15812

259 } -

260 -

261 DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid); -

262

IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);

executed 15812 times by 1 test: return nid_cmp(a,b);

Executed by:

libcrypto.so.1.1

executed 6328 times by 1 test: return (int *)OBJ_bsearch_(key, base, num, sizeof(int), nid_cmp_BSEARCH_CMP_FN);

Executed by:

libcrypto.so.1.1

6328-15812

263 -

264 int X509_supported_extension(X509_EXTENSION *ex) -

265 { -

266 /* -

267 * This table is a list of the NIDs of supported extensions: that is -

268 * those which are used by the verify process. If an extension is -

269 * critical and doesn't appear in this list then the verify process will -

270 * normally reject the certificate. The list must be kept in numerical -

271 * order because it will be searched using bsearch. -

272 */ -

273 -

274 static const int supported_nids[] = { -

275 NID_netscape_cert_type, /* 71 */ -

276 NID_key_usage, /* 83 */ -

277 NID_subject_alt_name, /* 85 */ -

278 NID_basic_constraints, /* 87 */ -

279 NID_certificate_policies, /* 89 */ -

280 NID_crl_distribution_points, /* 103 */ -

281 NID_ext_key_usage, /* 126 */ -

282 #ifndef OPENSSL_NO_RFC3779 -

283 NID_sbgp_ipAddrBlock, /* 290 */ -

284 NID_sbgp_autonomousSysNum, /* 291 */ -

285 #endif -

286 NID_policy_constraints, /* 401 */ -

287 NID_proxyCertInfo, /* 663 */ -

288 NID_name_constraints, /* 666 */ -

289 NID_policy_mappings, /* 747 */ -

290 NID_inhibit_any_policy /* 748 */ -

291 }; -

292 -

293 int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); -

294 -

295

if (ex_nid == NID_undef)

ex_nid == 0	Description
TRUE	evaluated 94 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 6328 times by 1 test Evaluated by: libcrypto.so.1.1

94-6328

296

return 0;

executed 94 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

297 -

298

if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids)))

OBJ_bsearch_ni...ed_nids)[0])))	Description
TRUE	evaluated 6307 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libcrypto.so.1.1

21-6307

299

return 1;

executed 6307 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

6307

300

return 0;

executed 21 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

301 } -

302 -

303 static void setup_dp(X509 *x, DIST_POINT *dp) -

304 { -

305 X509_NAME *iname = NULL; -

306 int i; -

307

if (dp->reasons) {

dp->reasons	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 38 times by 1 test Evaluated by: libcrypto.so.1.1

1-38

308

if (dp->reasons->length > 0)

dp->reasons->length > 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-1

309

dp->dp_reasons = dp->reasons->data[0];

executed 1 time by 1 test: dp->dp_reasons = dp->reasons->data[0];

Executed by:

libcrypto.so.1.1

310

if (dp->reasons->length > 1)

dp->reasons->length > 1	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-1

311

dp->dp_reasons |= (dp->reasons->data[1] << 8);

executed 1 time by 1 test: dp->dp_reasons |= (dp->reasons->data[1] << 8);

Executed by:

libcrypto.so.1.1

312 dp->dp_reasons &= CRLDP_ALL_REASONS; -

313

} else

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

314

dp->dp_reasons = CRLDP_ALL_REASONS;

executed 38 times by 1 test: dp->dp_reasons = 0x807f;

Executed by:

libcrypto.so.1.1

315

if (!dp->distpoint || (dp->distpoint->type != 1))

!dp->distpoint	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 38 times by 1 test Evaluated by: libcrypto.so.1.1

(dp->distpoint->type != 1)	Description
TRUE	evaluated 38 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-38

316

return;

executed 39 times by 1 test: return;

Executed by:

libcrypto.so.1.1

317

for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {

i < sk_GENERAL...dp->CRLissuer)	Description
TRUE	never evaluated
FALSE	never evaluated

318 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); -

319

if (gen->type == GEN_DIRNAME) {

gen->type == 4	Description
TRUE	never evaluated
FALSE	never evaluated

320 iname = gen->d.directoryName; -

321

break;

never executed: break;

322 } -

323

}

never executed: end of block

324

if (!iname)

!iname	Description
TRUE	never evaluated
FALSE	never evaluated

325

iname = X509_get_issuer_name(x);

never executed: iname = X509_get_issuer_name(x);

326 -

327 DIST_POINT_set_dpname(dp->distpoint, iname); -

328 -

329

}

never executed: end of block

330 -

331 static void setup_crldp(X509 *x) -

332 { -

333 int i; -

334 x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); -

335

for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)

i < sk_DIST_PO..._num(x->crldp)	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 12501 times by 1 test Evaluated by: libcrypto.so.1.1

39-12501

336

setup_dp(x, sk_DIST_POINT_value(x->crldp, i));

executed 39 times by 1 test: setup_dp(x, sk_DIST_POINT_value(x->crldp, i));

Executed by:

libcrypto.so.1.1

337

}

executed 12501 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

12501

338 -

339 #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) -

340 #define ku_reject(x, usage) \ -

341 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -

342 #define xku_reject(x, usage) \ -

343 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) -

344 #define ns_reject(x, usage) \ -

345 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) -

346 -

347 static void x509v3_cache_extensions(X509 *x) -

348 { -

349 BASIC_CONSTRAINTS *bs; -

350 PROXY_CERT_INFO_EXTENSION *pci; -

351 ASN1_BIT_STRING *usage; -

352 ASN1_BIT_STRING *ns; -

353 EXTENDED_KEY_USAGE *extusage; -

354 X509_EXTENSION *ex; -

355 int i; -

356 -

357 #ifdef tsan_ld_acq -

358 /* fast lock-free check, see end of the function for details. */ -

359

if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached))

__extension__ ...c_load_tmp; })	Description
TRUE	evaluated 34901 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 12501 times by 1 test Evaluated by: libcrypto.so.1.1

12501-34901

360

return;

executed 34901 times by 1 test: return;

Executed by:

libcrypto.so.1.1

34901

361 #endif -

362 -

363 CRYPTO_THREAD_write_lock(x->lock); -

364

if (x->ex_flags & EXFLAG_SET) {

x->ex_flags & 0x100	Description
TRUE	never evaluated
FALSE	evaluated 12501 times by 1 test Evaluated by: libcrypto.so.1.1

0-12501

365 CRYPTO_THREAD_unlock(x->lock); -

366

return;

never executed: return;

367 } -

368 -

369 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -

370 /* V1 should mean no extensions ... */ -

371

if (!X509_get_version(x))

!X509_get_version(x)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 12492 times by 1 test Evaluated by: libcrypto.so.1.1

9-12492

372

x->ex_flags |= EXFLAG_V1;

executed 9 times by 1 test: x->ex_flags |= 0x40;

Executed by:

libcrypto.so.1.1

373 /* Handle basic constraints */ -

374

if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {

(bs = X509_get...((void *)0) ))	Description
TRUE	evaluated 11988 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 513 times by 1 test Evaluated by: libcrypto.so.1.1

513-11988

375

if (bs->ca)

bs->ca	Description
TRUE	evaluated 1726 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 10262 times by 1 test Evaluated by: libcrypto.so.1.1

1726-10262

376

x->ex_flags |= EXFLAG_CA;

executed 1726 times by 1 test: x->ex_flags |= 0x10;

Executed by:

libcrypto.so.1.1

1726

377

if (bs->pathlen) {

bs->pathlen	Description
TRUE	evaluated 113 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 11875 times by 1 test Evaluated by: libcrypto.so.1.1

113-11875

378

if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)

(bs->pathlen->...= (2 \| 0x100))	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 110 times by 1 test Evaluated by: libcrypto.so.1.1

3-110

379

|| !bs->ca) {

!bs->ca	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 62 times by 1 test Evaluated by: libcrypto.so.1.1

48-62

380 x->ex_flags |= EXFLAG_INVALID; -

381 x->ex_pathlen = 0; -

382

} else

executed 51 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

383

x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);

executed 62 times by 1 test: x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);

Executed by:

libcrypto.so.1.1

384 } else -

385

x->ex_pathlen = -1;

executed 11875 times by 1 test: x->ex_pathlen = -1;

Executed by:

libcrypto.so.1.1

11875

386 BASIC_CONSTRAINTS_free(bs); -

387 x->ex_flags |= EXFLAG_BCONS; -

388

}

executed 11988 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

11988

389 /* Handle proxy certificates */ -

390

if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {

(pci = X509_ge...((void *)0) ))	Description
TRUE	evaluated 34 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 12467 times by 1 test Evaluated by: libcrypto.so.1.1

34-12467

391

if (x->ex_flags & EXFLAG_CA

x->ex_flags & 0x10	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 33 times by 1 test Evaluated by: libcrypto.so.1.1

1-33

392

|| X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0

X509_get_ext_b..., 85, -1) >= 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libcrypto.so.1.1

9-24

393

|| X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {

X509_get_ext_b..., 86, -1) >= 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 20 times by 1 test Evaluated by: libcrypto.so.1.1

4-20

394 x->ex_flags |= EXFLAG_INVALID; -

395

}

executed 14 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

396

if (pci->pcPathLengthConstraint) {

pci->pcPathLengthConstraint	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libcrypto.so.1.1

13-21

397 x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint); -

398

} else

executed 13 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

399

x->ex_pcpathlen = -1;

executed 21 times by 1 test: x->ex_pcpathlen = -1;

Executed by:

libcrypto.so.1.1

400 PROXY_CERT_INFO_EXTENSION_free(pci); -

401 x->ex_flags |= EXFLAG_PROXY; -

402

}

executed 34 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

403 /* Handle key usage */ -

404

if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {

(usage = X509_...((void *)0) ))	Description
TRUE	evaluated 8144 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 4357 times by 1 test Evaluated by: libcrypto.so.1.1

4357-8144

405

if (usage->length > 0) {

usage->length > 0	Description
TRUE	evaluated 8141 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1

3-8141

406 x->ex_kusage = usage->data[0]; -

407

if (usage->length > 1)

usage->length > 1	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 8138 times by 1 test Evaluated by: libcrypto.so.1.1

3-8138

408

x->ex_kusage |= usage->data[1] << 8;

executed 3 times by 1 test: x->ex_kusage |= usage->data[1] << 8;

Executed by:

libcrypto.so.1.1

409

} else

executed 8141 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

8141

410

x->ex_kusage = 0;

executed 3 times by 1 test: x->ex_kusage = 0;

Executed by:

libcrypto.so.1.1

411 x->ex_flags |= EXFLAG_KUSAGE; -

412 ASN1_BIT_STRING_free(usage); -

413

}

executed 8144 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

8144

414 x->ex_xkusage = 0; -

415

if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {

(extusage = X5...((void *)0) ))	Description
TRUE	evaluated 8004 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 4497 times by 1 test Evaluated by: libcrypto.so.1.1

4497-8004

416 x->ex_flags |= EXFLAG_XKUSAGE; -

417

for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {

i < sk_ASN1_OB..._num(extusage)	Description
TRUE	evaluated 8096 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 8004 times by 1 test Evaluated by: libcrypto.so.1.1

8004-8096

418 switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { -

419

case NID_server_auth:

executed 7820 times by 1 test: case 129:

Executed by:

libcrypto.so.1.1

7820

420 x->ex_xkusage |= XKU_SSL_SERVER; -

421

break;

executed 7820 times by 1 test: break;

Executed by:

libcrypto.so.1.1

7820

422 -

423

case NID_client_auth:

executed 141 times by 1 test: case 130:

Executed by:

libcrypto.so.1.1

141

424 x->ex_xkusage |= XKU_SSL_CLIENT; -

425

break;

executed 141 times by 1 test: break;

Executed by:

libcrypto.so.1.1

141

426 -

427

case NID_email_protect:

executed 13 times by 1 test: case 132:

Executed by:

libcrypto.so.1.1

428 x->ex_xkusage |= XKU_SMIME; -

429

break;

executed 13 times by 1 test: break;

Executed by:

libcrypto.so.1.1

430 -

431

case NID_code_sign:

executed 1 time by 1 test: case 131:

Executed by:

libcrypto.so.1.1

432 x->ex_xkusage |= XKU_CODE_SIGN; -

433

break;

executed 1 time by 1 test: break;

Executed by:

libcrypto.so.1.1

434 -

435

case NID_ms_sgc:

executed 4 times by 1 test: case 137:

Executed by:

libcrypto.so.1.1

436

case NID_ns_sgc:

never executed: case 139:

437 x->ex_xkusage |= XKU_SGC; -

438

break;

executed 4 times by 1 test: break;

Executed by:

libcrypto.so.1.1

439 -

440

case NID_OCSP_sign:

executed 21 times by 1 test: case 180:

Executed by:

libcrypto.so.1.1

441 x->ex_xkusage |= XKU_OCSP_SIGN; -

442

break;

executed 21 times by 1 test: break;

Executed by:

libcrypto.so.1.1

443 -

444

case NID_time_stamp:

executed 10 times by 1 test: case 133:

Executed by:

libcrypto.so.1.1

445 x->ex_xkusage |= XKU_TIMESTAMP; -

446

break;

executed 10 times by 1 test: break;

Executed by:

libcrypto.so.1.1

447 -

448

case NID_dvcs:

executed 10 times by 1 test: case 297:

Executed by:

libcrypto.so.1.1

449 x->ex_xkusage |= XKU_DVCS; -

450

break;

executed 10 times by 1 test: break;

Executed by:

libcrypto.so.1.1

451 -

452

case NID_anyExtendedKeyUsage:

never executed: case 910:

453 x->ex_xkusage |= XKU_ANYEKU; -

454

break;

never executed: break;

455 } -

456

}

executed 8096 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

8096

457 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); -

458

}

executed 8004 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

8004

459 -

460

if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {

(ns = X509_get...((void *)0) ))	Description
TRUE	never evaluated
FALSE	evaluated 12501 times by 1 test Evaluated by: libcrypto.so.1.1

0-12501

461

if (ns->length > 0)

ns->length > 0	Description
TRUE	never evaluated
FALSE	never evaluated

462

x->ex_nscert = ns->data[0];

never executed: x->ex_nscert = ns->data[0];

463 else -

464

x->ex_nscert = 0;

never executed: x->ex_nscert = 0;

465 x->ex_flags |= EXFLAG_NSCERT; -

466 ASN1_BIT_STRING_free(ns); -

467

}

never executed: end of block

468 x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); -

469 x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); -

470 /* Does subject name match issuer ? */ -

471

if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {

!X509_NAME_cmp...ssuer_name(x))	Description
TRUE	evaluated 6831 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 5670 times by 1 test Evaluated by: libcrypto.so.1.1

5670-6831

472 x->ex_flags |= EXFLAG_SI; -

473 /* If SKID matches AKID also indicate self signed */ -

474

if (X509_check_akid(x, x->akid) == X509_V_OK &&

X509_check_aki... x->akid) == 0	Description
TRUE	evaluated 6815 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libcrypto.so.1.1

16-6815

475

!ku_reject(x, KU_KEY_CERT_SIGN))

((x)->ex_flags & 0x2)	Description
TRUE	evaluated 5697 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1118 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_kusage & (0x0004))	Description
TRUE	evaluated 5585 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 112 times by 1 test Evaluated by: libcrypto.so.1.1

112-5697

476

x->ex_flags |= EXFLAG_SS;

executed 1230 times by 1 test: x->ex_flags |= 0x2000;

Executed by:

libcrypto.so.1.1

1230

477

}

executed 6831 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

6831

478 x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); -

479 x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); -

480

if (!x->nc && (i != -1))

!x->nc	Description
TRUE	evaluated 12470 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 31 times by 1 test Evaluated by: libcrypto.so.1.1

(i != -1)	Description
TRUE	evaluated 110 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 12360 times by 1 test Evaluated by: libcrypto.so.1.1

31-12470

481

x->ex_flags |= EXFLAG_INVALID;

executed 110 times by 1 test: x->ex_flags |= 0x80;

Executed by:

libcrypto.so.1.1

110

482 setup_crldp(x); -

483 -

484 #ifndef OPENSSL_NO_RFC3779 -

485 x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); -

486 x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, -

487 NULL, NULL); -

488 #endif -

489

for (i = 0; i < X509_get_ext_count(x); i++) {

i < X509_get_ext_count(x)	Description
TRUE	evaluated 51071 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 12386 times by 1 test Evaluated by: libcrypto.so.1.1

12386-51071

490 ex = X509_get_ext(x, i); -

491

if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))

OBJ_obj2nid(X5...ct(ex)) == 857	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 51058 times by 1 test Evaluated by: libcrypto.so.1.1

13-51058

492

== NID_freshest_crl)

OBJ_obj2nid(X5...ct(ex)) == 857	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 51058 times by 1 test Evaluated by: libcrypto.so.1.1

13-51058

493

x->ex_flags |= EXFLAG_FRESHEST;

executed 13 times by 1 test: x->ex_flags |= 0x1000;

Executed by:

libcrypto.so.1.1

494

if (!X509_EXTENSION_get_critical(ex))

!X509_EXTENSIO...t_critical(ex)	Description
TRUE	evaluated 44649 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 6422 times by 1 test Evaluated by: libcrypto.so.1.1

6422-44649

495

continue;

executed 44649 times by 1 test: continue;

Executed by:

libcrypto.so.1.1

44649

496

if (!X509_supported_extension(ex)) {

!X509_supported_extension(ex)	Description
TRUE	evaluated 115 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 6307 times by 1 test Evaluated by: libcrypto.so.1.1

115-6307

497 x->ex_flags |= EXFLAG_CRITICAL; -

498

break;

executed 115 times by 1 test: break;

Executed by:

libcrypto.so.1.1

115

499 } -

500

}

executed 6307 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

6307

501 x509_init_sig_info(x); -

502 x->ex_flags |= EXFLAG_SET; -

503 #ifdef tsan_st_rel -

504 tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1); -

505 /* -

506 * Above store triggers fast lock-free check in the beginning of the -

507 * function. But one has to ensure that the structure is "stable", i.e. -

508 * all stores are visible on all processors. Hence the release fence. -

509 */ -

510 #endif -

511 CRYPTO_THREAD_unlock(x->lock); -

512

}

executed 12501 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

12501

513 -

514 /*- -

515 * CA checks common to all purposes -

516 * return codes: -

517 * 0 not a CA -

518 * 1 is a CA -

519 * 2 basicConstraints absent so "maybe" a CA -

520 * 3 basicConstraints absent but self signed V1. -

521 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. -

522 */ -

523 -

524 static int check_ca(const X509 *x) -

525 { -

526 /* keyUsage if present should allow cert signing */ -

527

if (ku_reject(x, KU_KEY_CERT_SIGN))

((x)->ex_flags & 0x2)	Description
TRUE	evaluated 482 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3461 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_kusage & (0x0004))	Description
TRUE	evaluated 238 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 244 times by 1 test Evaluated by: libcrypto.so.1.1

238-3461

528

return 0;

executed 238 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

238

529

if (x->ex_flags & EXFLAG_BCONS) {

x->ex_flags & 0x1	Description
TRUE	evaluated 3701 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1

4-3701

530

if (x->ex_flags & EXFLAG_CA)

x->ex_flags & 0x10	Description
TRUE	evaluated 2591 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1110 times by 1 test Evaluated by: libcrypto.so.1.1

1110-2591

531

return 1;

executed 2591 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

2591

532 /* If basicConstraints says not a CA then say so */ -

533 else -

534

return 0;

executed 1110 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

1110

535 } else { -

536 /* we support V1 roots for... uh, I don't really know why. */ -

537

if ((x->ex_flags & V1_ROOT) == V1_ROOT)

(x->ex_flags &... (0x40\|0x2000)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1

0-4

538

return 3;

never executed: return 3;

539 /* -

540 * If key usage present it must have certSign so tolerate it -

541 */ -

542

else if (x->ex_flags & EXFLAG_KUSAGE)

x->ex_flags & 0x2	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-4

543

return 4;

executed 4 times by 1 test: return 4;

Executed by:

libcrypto.so.1.1

544 /* Older certificates could have Netscape-specific CA types */ -

545

else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)

x->ex_flags & 0x8	Description
TRUE	never evaluated
FALSE	never evaluated

x->ex_nscert &...x04\|0x02\|0x01)	Description
TRUE	never evaluated
FALSE	never evaluated

546

return 5;

never executed: return 5;

547 /* can this still be regarded a CA certificate? I doubt it */ -

548

return 0;

never executed: return 0;

549 } -

550 } -

551 -

552 void X509_set_proxy_flag(X509 *x) -

553 { -

554 x->ex_flags |= EXFLAG_PROXY; -

555

}

never executed: end of block

556 -

557 void X509_set_proxy_pathlen(X509 *x, long l) -

558 { -

559 x->ex_pcpathlen = l; -

560

}

never executed: end of block

561 -

562 int X509_check_ca(X509 *x) -

563 { -

564 x509v3_cache_extensions(x); -

565 -

566

return check_ca(x);

executed 2668 times by 1 test: return check_ca(x);

Executed by:

libcrypto.so.1.1

2668

567 } -

568 -

569 /* Check SSL CA: common checks for SSL client and server */ -

570 static int check_ssl_ca(const X509 *x) -

571 { -

572 int ca_ret; -

573 ca_ret = check_ca(x); -

574

if (!ca_ret)

!ca_ret	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1170 times by 1 test Evaluated by: libcrypto.so.1.1

3-1170

575

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

576 /* check nsCertType if present */ -

577

if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)

ca_ret != 5	Description
TRUE	evaluated 1170 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

x->ex_nscert & 0x04	Description
TRUE	never evaluated
FALSE	never evaluated

0-1170

578

return ca_ret;

executed 1170 times by 1 test: return ca_ret;

Executed by:

libcrypto.so.1.1

1170

579 else -

580

return 0;

never executed: return 0;

581 } -

582 -

583 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, -

584 int ca) -

585 { -

586

if (xku_reject(x, XKU_SSL_CLIENT))

((x)->ex_flags & 0x4)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 84 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_xkusage & (0x2))	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 35 times by 1 test Evaluated by: libcrypto.so.1.1

1-84

587

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libcrypto.so.1.1

588

if (ca)

ca	Description
TRUE	evaluated 70 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 49 times by 1 test Evaluated by: libcrypto.so.1.1

49-70

589

return check_ssl_ca(x);

executed 70 times by 1 test: return check_ssl_ca(x);

Executed by:

libcrypto.so.1.1

590 /* We need to do digital signatures or key agreement */ -

591

if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))

((x)->ex_flags & 0x2)	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 44 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_kusa...080 \| 0x0008))	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libcrypto.so.1.1

0-44

592

return 0;

never executed: return 0;

593 /* nsCertType if present should allow SSL client use */ -

594

if (ns_reject(x, NS_SSL_CLIENT))

((x)->ex_flags & 0x8)	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_nscert & (0x80))	Description
TRUE	never evaluated
FALSE	never evaluated

0-49

595

return 0;

never executed: return 0;

596

return 1;

executed 49 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

597 } -

598 -

599 /* -

600 * Key usage needed for TLS/SSL server: digital signature, encipherment or -

601 * key agreement. The ssl code can check this more thoroughly for individual -

602 * key types. -

603 */ -

604 #define KU_TLS \ -

605 KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT -

606 -

607 static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, -

608 int ca) -

609 { -

610

if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))

((x)->ex_flags & 0x4)	Description
TRUE	evaluated 1041 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1232 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_xkus... (0x1 \| 0x10))	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1036 times by 1 test Evaluated by: libcrypto.so.1.1

5-1232

611

return 0;

executed 5 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

612

if (ca)

ca	Description
TRUE	evaluated 1103 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1165 times by 1 test Evaluated by: libcrypto.so.1.1

1103-1165

613

return check_ssl_ca(x);

executed 1103 times by 1 test: return check_ssl_ca(x);

Executed by:

libcrypto.so.1.1

1103

614 -

615

if (ns_reject(x, NS_SSL_SERVER))

((x)->ex_flags & 0x8)	Description
TRUE	never evaluated
FALSE	evaluated 1165 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_nscert & (0x40))	Description
TRUE	never evaluated
FALSE	never evaluated

0-1165

616

return 0;

never executed: return 0;

617

if (ku_reject(x, KU_TLS))

((x)->ex_flags & 0x2)	Description
TRUE	evaluated 127 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1038 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_kusa...x0020\|0x0008))	Description
TRUE	never evaluated
FALSE	evaluated 127 times by 1 test Evaluated by: libcrypto.so.1.1

0-1038

618

return 0;

never executed: return 0;

619 -

620

return 1;

executed 1165 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

1165

621 -

622 } -

623 -

624 static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, -

625 int ca) -

626 { -

627 int ret; -

628 ret = check_purpose_ssl_server(xp, x, ca); -

629

if (!ret || ca)

!ret	Description
TRUE	never evaluated
FALSE	never evaluated

ca	Description
TRUE	never evaluated
FALSE	never evaluated

630

return ret;

never executed: return ret;

631 /* We need to encipher or Netscape complains */ -

632

if (ku_reject(x, KU_KEY_ENCIPHERMENT))

((x)->ex_flags & 0x2)	Description
TRUE	never evaluated
FALSE	never evaluated

!((x)->ex_kusage & (0x0020))	Description
TRUE	never evaluated
FALSE	never evaluated

633

return 0;

never executed: return 0;

634

return ret;

never executed: return ret;

635 } -

636 -

637 /* common S/MIME checks */ -

638 static int purpose_smime(const X509 *x, int ca) -

639 { -

640

if (xku_reject(x, XKU_SMIME))

((x)->ex_flags & 0x4)	Description
TRUE	never evaluated
FALSE	evaluated 176 times by 1 test Evaluated by: libcrypto.so.1.1

!((x)->ex_xkusage & (0x4))	Description
TRUE	never evaluated
FALSE	never evaluated

0-176

641

return 0;

never executed: return 0;

642

if (ca) {

ca	Description
TRUE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1

643 int ca_ret; -

644 ca_ret = check_ca(x); -

645

if (!ca_ret)

!ca_ret	Description
TRUE	never evaluated
FALSE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1

0-88

646

return 0;

never executed: return 0;

647 /* check nsCertType if present */ -

648

if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)

ca_ret != 5	Description
TRUE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

x->ex_nscert & 0x02	Description
TRUE	never evaluated
FALSE	never evaluated

0-88

649

return ca_ret;

executed 88 times by 1 test: return ca_ret;

Executed by:

libcrypto.so.1.1

650 else -

651

return 0;

never executed: return 0;

652 } -

653

if (x->ex_flags & EXFLAG_NSCERT) {

x->ex_flags & 0x8	Description
TRUE	never evaluated
FALSE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1

0-88

654

if (x->ex_nscert & NS_SMIME)

x->ex_nscert & 0x20	Description
TRUE	never evaluated
FALSE	never evaluated

655

return 1;

never executed: return 1;

656 /* Workaround for some buggy certificates */ -

657

if (x->ex_nscert & NS_SSL_CLIENT)

x->ex_nscert & 0x80	Description
TRUE	never evaluated
FALSE	never evaluated

658

return 2;

never executed: return 2;

659

return 0;

never executed: return 0;

660 } -

661

return 1;

executed 88 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

662 } -

663 -

664 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, -

665 int ca) -

666 { -

667 int ret; -

668 ret = purpose_smime(x, ca); -

669

if (!ret || ca)

!ret	Description
TRUE	never evaluated
FALSE	evaluated 176 times by 1 test Evaluated by: libcrypto.so.1.1

ca	Description
TRUE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1

0-176

670

return ret;

executed 88 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

671

if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))

((x)->ex_flags & 0x2)	Description
TRUE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

!((x)->ex_kusa...080 \| 0x0040))	Description
TRUE	never evaluated
FALSE	evaluated 88 times by 1 test Evaluated by: libcrypto.so.1.1

0-88

672

return 0;

never executed: return 0;

673

return ret;

executed 88 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

674 } -

675 -

676 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, -

677 int ca) -

678 { -

679 int ret; -

680 ret = purpose_smime(x, ca); -

681

if (!ret || ca)

!ret	Description
TRUE	never evaluated
FALSE	never evaluated

ca	Description
TRUE	never evaluated
FALSE	never evaluated

682

return ret;

never executed: return ret;

683

if (ku_reject(x, KU_KEY_ENCIPHERMENT))

((x)->ex_flags & 0x2)	Description
TRUE	never evaluated
FALSE	never evaluated

!((x)->ex_kusage & (0x0020))	Description
TRUE	never evaluated
FALSE	never evaluated

684

return 0;

never executed: return 0;

685

return ret;

never executed: return ret;

686 } -

687 -

688 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, -

689 int ca) -

690 { -

691

if (ca) {

ca	Description
TRUE	never evaluated
FALSE	never evaluated

692 int ca_ret; -

693

if ((ca_ret = check_ca(x)) != 2)

(ca_ret = check_ca(x)) != 2	Description
TRUE	never evaluated
FALSE	never evaluated

694

return ca_ret;

never executed: return ca_ret;

695 else -

696

return 0;

never executed: return 0;

697 } -

698

if (ku_reject(x, KU_CRL_SIGN))

((x)->ex_flags & 0x2)	Description
TRUE	never evaluated
FALSE	never evaluated

!((x)->ex_kusage & (0x0002))	Description
TRUE	never evaluated
FALSE	never evaluated

699

return 0;

never executed: return 0;

700

return 1;

never executed: return 1;

701 } -

702 -

703 /* -

704 * OCSP helper: this is *not* a full OCSP check. It just checks that each CA -

705 * is valid. Additional checks must be made on the chain. -

706 */ -

707 -

708 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) -

709 { -

710 /* -

711 * Must be a valid CA. Should we really support the "I don't know" value -

712 * (2)? -

713 */ -

714

if (ca)

ca	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libcrypto.so.1.1

14-22

715

return check_ca(x);

executed 14 times by 1 test: return check_ca(x);

Executed by:

libcrypto.so.1.1

716 /* leaf certificate is checked in OCSP_verify() */ -

717

return 1;

executed 22 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

718 } -

719 -

720 static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, -

721 int ca) -

722 { -

723 int i_ext; -

724 -

725 /* If ca is true we must return if this is a valid CA certificate. */ -

726

if (ca)

ca	Description
TRUE	never evaluated
FALSE	never evaluated

727

return check_ca(x);

never executed: return check_ca(x);

728 -

729 /* -

730 * Check the optional key usage field: -

731 * if Key Usage is present, it must be one of digitalSignature -

732 * and/or nonRepudiation (other values are not consistent and shall -

733 * be rejected). -

734 */ -

735

if ((x->ex_flags & EXFLAG_KUSAGE)

(x->ex_flags & 0x2)	Description
TRUE	never evaluated
FALSE	never evaluated

736

&& ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||

(x->ex_kusage ...040 \| 0x0080))	Description
TRUE	never evaluated
FALSE	never evaluated

737

!(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))

!(x->ex_kusage...040 \| 0x0080))	Description
TRUE	never evaluated
FALSE	never evaluated

738

return 0;

never executed: return 0;

739 -

740 /* Only time stamp key usage is permitted and it's required. */ -

741

if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)

!(x->ex_flags & 0x4)	Description
TRUE	never evaluated
FALSE	never evaluated

x->ex_xkusage != 0x40	Description
TRUE	never evaluated
FALSE	never evaluated

742

return 0;

never executed: return 0;

743 -

744 /* Extended Key Usage MUST be critical */ -

745 i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1); -

746

if (i_ext >= 0) {

i_ext >= 0	Description
TRUE	never evaluated
FALSE	never evaluated

747 X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); -

748

if (!X509_EXTENSION_get_critical(ext))

!X509_EXTENSIO..._critical(ext)	Description
TRUE	never evaluated
FALSE	never evaluated

749

return 0;

never executed: return 0;

750

}

never executed: end of block

751 -

752

return 1;

never executed: return 1;

753 } -

754 -

755 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) -

756 { -

757

return 1;

never executed: return 1;

758 } -

759 -

760 /*- -

761 * Various checks to see if one certificate issued the second. -

762 * This can be used to prune a set of possible issuer certificates -

763 * which have been looked up using some simple method such as by -

764 * subject name. -

765 * These are: -

766 * 1. Check issuer_name(subject) == subject_name(issuer) -

767 * 2. If akid(subject) exists check it matches issuer -

768 * 3. If key_usage(issuer) exists check it supports certificate signing -

769 * returns 0 for OK, positive for reason for mismatch, reasons match -

770 * codes for X509_verify_cert() -

771 */ -

772 -

773 int X509_check_issued(X509 *issuer, X509 *subject) -

774 { -

775

if (X509_NAME_cmp(X509_get_subject_name(issuer),

X509_NAME_cmp(...name(subject))	Description
TRUE	evaluated 715 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1696 times by 1 test Evaluated by: libcrypto.so.1.1

715-1696

776

X509_get_issuer_name(subject)))

X509_NAME_cmp(...name(subject))	Description
TRUE	evaluated 715 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1696 times by 1 test Evaluated by: libcrypto.so.1.1

715-1696

777

return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;

executed 715 times by 1 test: return 29;

Executed by:

libcrypto.so.1.1

715

778 -

779 x509v3_cache_extensions(issuer); -

780 x509v3_cache_extensions(subject); -

781 -

782

if (subject->akid) {

subject->akid	Description
TRUE	evaluated 1432 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 264 times by 1 test Evaluated by: libcrypto.so.1.1

264-1432

783 int ret = X509_check_akid(issuer, subject->akid); -

784

if (ret != X509_V_OK)

ret != 0	Description
TRUE	evaluated 23 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1409 times by 1 test Evaluated by: libcrypto.so.1.1

23-1409

785

return ret;

executed 23 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

786

}

executed 1409 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

1409

787 -

788

if (subject->ex_flags & EXFLAG_PROXY) {

subject->ex_flags & 0x400	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1647 times by 1 test Evaluated by: libcrypto.so.1.1

26-1647

789

if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))

((issuer)->ex_flags & 0x2)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libcrypto.so.1.1

!((issuer)->ex...ge & (0x0080))	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1

1-22

790

return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;

executed 1 time by 1 test: return 39;

Executed by:

libcrypto.so.1.1

791

} else if (ku_reject(issuer, KU_KEY_CERT_SIGN))

executed 25 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

((issuer)->ex_flags & 0x2)	Description
TRUE	evaluated 232 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1415 times by 1 test Evaluated by: libcrypto.so.1.1

!((issuer)->ex...ge & (0x0004))	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 211 times by 1 test Evaluated by: libcrypto.so.1.1

21-1415

792

return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;

executed 21 times by 1 test: return 32;

Executed by:

libcrypto.so.1.1

793

return X509_V_OK;

executed 1651 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

1651

794 } -

795 -

796 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) -

797 { -

798 -

799

if (!akid)

!akid	Description
TRUE	evaluated 5695 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 2574 times by 1 test Evaluated by: libcrypto.so.1.1

2574-5695

800

return X509_V_OK;

executed 5695 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

5695

801 -

802 /* Check key ids (if present) */ -

803

if (akid->keyid && issuer->skid &&

akid->keyid	Description
TRUE	evaluated 2555 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 19 times by 1 test Evaluated by: libcrypto.so.1.1

issuer->skid	Description
TRUE	evaluated 2548 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libcrypto.so.1.1

7-2555

804

ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))

ASN1_OCTET_STR... issuer->skid)	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 2526 times by 1 test Evaluated by: libcrypto.so.1.1

22-2526

805

return X509_V_ERR_AKID_SKID_MISMATCH;

executed 22 times by 1 test: return 30;

Executed by:

libcrypto.so.1.1

806 /* Check serial number */ -

807

if (akid->serial &&

akid->serial	Description
TRUE	evaluated 85 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 2467 times by 1 test Evaluated by: libcrypto.so.1.1

85-2467

808

ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))

ASN1_INTEGER_c... akid->serial)	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 71 times by 1 test Evaluated by: libcrypto.so.1.1

14-71

809

return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;

executed 14 times by 1 test: return 31;

Executed by:

libcrypto.so.1.1

810 /* Check issuer name */ -

811

if (akid->issuer) {

akid->issuer	Description
TRUE	evaluated 74 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 2464 times by 1 test Evaluated by: libcrypto.so.1.1

74-2464

812 /* -

813 * Ugh, for some peculiar reason AKID includes SEQUENCE OF -

814 * GeneralName. So look for a DirName. There may be more than one but -

815 * we only take any notice of the first. -

816 */ -

817 GENERAL_NAMES *gens; -

818 GENERAL_NAME *gen; -

819 X509_NAME *nm = NULL; -

820 int i; -

821 gens = akid->issuer; -

822

for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {

i < sk_GENERAL_NAME_num(gens)	Description
TRUE	evaluated 89 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libcrypto.so.1.1

6-89

823 gen = sk_GENERAL_NAME_value(gens, i); -

824

if (gen->type == GEN_DIRNAME) {

gen->type == 4	Description
TRUE	evaluated 68 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libcrypto.so.1.1

21-68

825 nm = gen->d.dirn; -

826

break;

executed 68 times by 1 test: break;

Executed by:

libcrypto.so.1.1

827 } -

828

}

executed 21 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

829

if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))

nm	Description
TRUE	evaluated 68 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libcrypto.so.1.1

X509_NAME_cmp(..._name(issuer))	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 65 times by 1 test Evaluated by: libcrypto.so.1.1

3-68

830

return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;

executed 3 times by 1 test: return 31;

Executed by:

libcrypto.so.1.1

831

}

executed 71 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

832

return X509_V_OK;

executed 2535 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

2535

833 } -

834 -

835 uint32_t X509_get_extension_flags(X509 *x) -

836 { -

837 /* Call for side-effect of computing hash and caching extensions */ -

838 X509_check_purpose(x, -1, -1); -

839

return x->ex_flags;

executed 10377 times by 1 test: return x->ex_flags;

Executed by:

libcrypto.so.1.1

10377

840 } -

841 -

842 uint32_t X509_get_key_usage(X509 *x) -

843 { -

844 /* Call for side-effect of computing hash and caching extensions */ -

845 X509_check_purpose(x, -1, -1); -

846

if (x->ex_flags & EXFLAG_KUSAGE)

x->ex_flags & 0x2	Description
TRUE	evaluated 524 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libcrypto.so.1.1

32-524

847

return x->ex_kusage;

executed 524 times by 1 test: return x->ex_kusage;

Executed by:

libcrypto.so.1.1

524

848

return UINT32_MAX;

executed 32 times by 1 test: return (4294967295U) ;

Executed by:

libcrypto.so.1.1

849 } -

850 -

851 uint32_t X509_get_extended_key_usage(X509 *x) -

852 { -

853 /* Call for side-effect of computing hash and caching extensions */ -

854 X509_check_purpose(x, -1, -1); -

855

if (x->ex_flags & EXFLAG_XKUSAGE)

x->ex_flags & 0x4	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-6

856

return x->ex_xkusage;

executed 6 times by 1 test: return x->ex_xkusage;

Executed by:

libcrypto.so.1.1

857

return UINT32_MAX;

never executed: return (4294967295U) ;

858 } -

859 -

860 const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) -

861 { -

862 /* Call for side-effect of computing hash and caching extensions */ -

863 X509_check_purpose(x, -1, -1); -

864

return x->skid;

executed 21 times by 1 test: return x->skid;

Executed by:

libcrypto.so.1.1

865 } -

866 -

867 const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x) -

868 { -

869 /* Call for side-effect of computing hash and caching extensions */ -

870 X509_check_purpose(x, -1, -1); -

871

return (x->akid != NULL ? x->akid->keyid : NULL);

never executed: return (x->akid != ((void *)0) ? x->akid->keyid : ((void *)0) );

x->akid != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

872 } -

873 -

874 long X509_get_pathlen(X509 *x) -

875 { -

876 /* Called for side effect of caching extensions */ -

877

if (X509_check_purpose(x, -1, -1) != 1

X509_check_pur..., -1, -1) != 1	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1

0-1

878

|| (x->ex_flags & EXFLAG_BCONS) == 0)

(x->ex_flags & 0x1) == 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1

0-1

879

return -1;

never executed: return -1;

880

return x->ex_pathlen;

executed 1 time by 1 test: return x->ex_pathlen;

Executed by:

libcrypto.so.1.1

881 } -

882 -

883 long X509_get_proxy_pathlen(X509 *x) -

884 { -

885 /* Called for side effect of caching extensions */ -

886

if (X509_check_purpose(x, -1, -1) != 1

X509_check_pur..., -1, -1) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

887

|| (x->ex_flags & EXFLAG_PROXY) == 0)

(x->ex_flags & 0x400) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

888

return -1;

never executed: return -1;

889

return x->ex_pcpathlen;

never executed: return x->ex_pcpathlen;

890 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2