25457312714

Committed 06 May 2026 07:43PM UTC coverage: 89.331% (-2.3%) from 91.667%

Build # 25457312714

Build Type

push

github

Committed by

randombit

Commit Message

In TLS 1.3 verification of client certs, check the correct extension for OCSP

This was checking if the client asked us (the server) for OCSP, instead of
checking if we asked the client for OCSP when we sent the CertificateRequest.

Coverage Stats

107574 of 120422 relevant lines covered (89.33%)

11482758.98 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.08

/src/lib/asn1/pss_params.cpp

/*
* (C) 2017 Daniel Neus
*     2023 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/pss_params.h>

#include <botan/assert.h>
#include <botan/ber_dec.h>
#include <botan/der_enc.h>
#include <botan/internal/fmt.h>
#include <botan/internal/scan_name.h>

namespace Botan {

//static
PSS_Params PSS_Params::from_padding_name(std::string_view padding_name) {
   const SCAN_Name scanner(padding_name);

   if((scanner.algo_name() != "PSS" && scanner.algo_name() != "PSS_Raw") || scanner.arg_count() != 3) {
      throw Invalid_Argument(fmt("PSS_Params::from_padding_name unexpected param '{}'", padding_name));
   }

   const std::string hash_fn = scanner.arg(0);
   BOTAN_ARG_CHECK(scanner.arg(1) == "MGF1", "PSS requires MGF1");
   const size_t salt_len = scanner.arg_as_integer(2);
   return PSS_Params(hash_fn, salt_len);
}

PSS_Params::PSS_Params(std::string_view hash_fn, size_t salt_len) :
      m_hash(hash_fn, AlgorithmIdentifier::USE_NULL_PARAM),
      m_mgf("MGF1", m_hash.BER_encode()),
      m_mgf_hash(m_hash),
      m_salt_len(salt_len),
      m_trailer_field(1) {}

PSS_Params::PSS_Params(std::span<const uint8_t> der) : m_salt_len(0), m_trailer_field(1) {
   BER_Decoder decoder(der, BER_Decoder::Limits::DER());
   this->decode_from(decoder);
   decoder.verify_end();
}

std::vector<uint8_t> PSS_Params::serialize() const {
   std::vector<uint8_t> output;
   DER_Encoder(output).encode(*this);
   return output;
}

void PSS_Params::encode_into(DER_Encoder& to) const {
   to.start_sequence()
      .start_context_specific(0)
      .encode(m_hash)
      .end_cons()
      .start_context_specific(1)
      .encode(m_mgf)
      .end_cons()
      .start_context_specific(2)
      .encode(m_salt_len)
      .end_cons()
      .end_cons();
}

void PSS_Params::decode_from(BER_Decoder& from) {
   const AlgorithmIdentifier default_hash("SHA-1", AlgorithmIdentifier::USE_NULL_PARAM);
   const AlgorithmIdentifier default_mgf("MGF1", default_hash.BER_encode());
   const size_t default_salt_len = 20;
   const size_t default_trailer = 1;

   from.start_sequence()
      .decode_optional(m_hash, ASN1_Type(0), ASN1_Class::ExplicitContextSpecific, default_hash)
      .decode_optional(m_mgf, ASN1_Type(1), ASN1_Class::ExplicitContextSpecific, default_mgf)
      .decode_optional(m_salt_len, ASN1_Type(2), ASN1_Class::ExplicitContextSpecific, default_salt_len)
      .decode_optional(m_trailer_field, ASN1_Type(3), ASN1_Class::ExplicitContextSpecific, default_trailer)
      .end_cons();

   BER_Decoder(m_mgf.parameters(), from.limits()).decode(m_mgf_hash);
}

}  // namespace Botan

1	/*
2	* (C) 2017 Daniel Neus
3	* 2023 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/pss_params.h>
9
10	#include <botan/assert.h>
11	#include <botan/ber_dec.h>
12	#include <botan/der_enc.h>
13	#include <botan/internal/fmt.h>
14	#include <botan/internal/scan_name.h>
15
16	namespace Botan {
17
18	//static
19	PSS_Params PSS_Params::from_padding_name(std::string_view padding_name) {	4✔
20	const SCAN_Name scanner(padding_name);	4✔
21
22	if((scanner.algo_name() != "PSS" && scanner.algo_name() != "PSS_Raw") \|\| scanner.arg_count() != 3) {	4✔
23	throw Invalid_Argument(fmt("PSS_Params::from_padding_name unexpected param '{}'", padding_name));	×
24	}
25
26	const std::string hash_fn = scanner.arg(0);	4✔
27	BOTAN_ARG_CHECK(scanner.arg(1) == "MGF1", "PSS requires MGF1");	4✔
28	const size_t salt_len = scanner.arg_as_integer(2);	4✔
29	return PSS_Params(hash_fn, salt_len);	8✔
30	}	4✔
31
32	PSS_Params::PSS_Params(std::string_view hash_fn, size_t salt_len) :	4,144✔
33	m_hash(hash_fn, AlgorithmIdentifier::USE_NULL_PARAM),	4,144✔
34	m_mgf("MGF1", m_hash.BER_encode()),	4,144✔
35	m_mgf_hash(m_hash),	4,144✔
36	m_salt_len(salt_len),	4,144✔
37	m_trailer_field(1) {}	8,288✔
38
39	PSS_Params::PSS_Params(std::span<const uint8_t> der) : m_salt_len(0), m_trailer_field(1) {	386✔
40	BER_Decoder decoder(der, BER_Decoder::Limits::DER());	386✔
41	this->decode_from(decoder);	386✔
42	decoder.verify_end();	386✔
43	}	386✔
44
45	std::vector<uint8_t> PSS_Params::serialize() const {	4,144✔
46	std::vector<uint8_t> output;	4,144✔
47	DER_Encoder(output).encode(*this);	4,144✔
48	return output;	4,144✔
49	}	×
50
51	void PSS_Params::encode_into(DER_Encoder& to) const {	4,144✔
52	to.start_sequence()	4,144✔
53	.start_context_specific(0)	4,144✔
54	.encode(m_hash)	4,144✔
55	.end_cons()	4,144✔
56	.start_context_specific(1)	4,144✔
57	.encode(m_mgf)	4,144✔
58	.end_cons()	4,144✔
59	.start_context_specific(2)	4,144✔
60	.encode(m_salt_len)	4,144✔
61	.end_cons()	4,144✔
62	.end_cons();	4,144✔
63	}	4,144✔
64
65	void PSS_Params::decode_from(BER_Decoder& from) {	386✔
66	const AlgorithmIdentifier default_hash("SHA-1", AlgorithmIdentifier::USE_NULL_PARAM);	386✔
67	const AlgorithmIdentifier default_mgf("MGF1", default_hash.BER_encode());	386✔
68	const size_t default_salt_len = 20;	386✔
69	const size_t default_trailer = 1;	386✔
70
71	from.start_sequence()	772✔
72	.decode_optional(m_hash, ASN1_Type(0), ASN1_Class::ExplicitContextSpecific, default_hash)	386✔
73	.decode_optional(m_mgf, ASN1_Type(1), ASN1_Class::ExplicitContextSpecific, default_mgf)	386✔
74	.decode_optional(m_salt_len, ASN1_Type(2), ASN1_Class::ExplicitContextSpecific, default_salt_len)	386✔
75	.decode_optional(m_trailer_field, ASN1_Type(3), ASN1_Class::ExplicitContextSpecific, default_trailer)	386✔
76	.end_cons();	386✔
77
78	BER_Decoder(m_mgf.parameters(), from.limits()).decode(m_mgf_hash);	386✔
79	}	386✔
80
81	} // namespace Botan

randombit / botan / 25457312714

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous