test/ct_test.c

   1 /*
   2  * Tests the Certificate Transparency public API.
   3  *
   4  * Author:      Rob Percival (robpercival@google.com)
   5  *
   6  * ====================================================================
   7  * Copyright (c) 2016 The OpenSSL Project.    All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *        notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *        notice, this list of conditions and the following disclaimer in
  18  *        the documentation and/or other materials provided with the
  19  *        distribution.
  20  *
  21  * 3. All advertising materials mentioning features or use of this
  22  *        software must display the following acknowledgment:
  23  *        "This product includes software developed by the OpenSSL Project
  24  *        for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25  *
  26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27  *        endorse or promote products derived from this software without
  28  *        prior written permission. For written permission, please contact
  29  *        licensing@OpenSSL.org.
  30  *
  31  * 5. Products derived from this software may not be called "OpenSSL"
  32  *        nor may "OpenSSL" appear in their names without prior written
  33  *        permission of the OpenSSL Project.
  34  *
  35  * 6. Redistributions of any form whatsoever must retain the following
  36  *        acknowledgment:
  37  *        "This product includes software developed by the OpenSSL Project
  38  *        for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS'' AND ANY
  41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43  * PURPOSE ARE DISCLAIMED.    IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51  * OF THE POSSIBILITY OF SUCH DAMAGE.
  52  * ====================================================================
  53  */
  54
  55 #include <ctype.h>
  56 #include <stdio.h>
  57 #include <stdlib.h>
  58 #include <string.h>
  59
  60 #include <openssl/ct.h>
  61 #include <openssl/err.h>
  62 #include <openssl/pem.h>
  63 #include <openssl/x509.h>
  64 #include <openssl/x509v3.h>
  65 #include "testutil.h"
  66
  67 #ifndef OPENSSL_NO_CT
  68
  69 /* Used when declaring buffers to read text files into */
  70 #define CT_TEST_MAX_FILE_SIZE 8096
  71
  72 static char *certs_dir = NULL;
  73 static char *ct_dir = NULL;
  74
  75 typedef struct ct_test_fixture {
  76     const char *test_case_name;
  77     /* The CT log store to use during tests */
  78     CTLOG_STORE* ctlog_store;
  79     /* Set the following to test handling of SCTs in X509 certificates */
  80     const char *certs_dir;
  81     char *certificate_file;
  82     char *issuer_file;
  83     int expected_sct_count;
  84     /* Set the following to test handling of SCTs in TLS format */
  85     const unsigned char *tls_sct;
  86     size_t tls_sct_len;
  87     SCT *sct;
  88     /*
  89      * A file to load the expected SCT text from.
  90      * This text will be compared to the actual text output during the test.
  91      * A maximum of |CT_TEST_MAX_FILE_SIZE| bytes will be read of this file.
  92      */
  93     const char *sct_dir;
  94     const char *sct_text_file;
  95     /* Whether to test the validity of the SCT(s) */
  96     int test_validity;
  97
  98 } CT_TEST_FIXTURE;
  99
 100 static CT_TEST_FIXTURE set_up(const char *const test_case_name)
 101 {
 102     CT_TEST_FIXTURE fixture;
 103     int setup_ok = 1;
 104     CTLOG_STORE *ctlog_store;
 105
 106     memset(&fixture, 0, sizeof(fixture));
 107
 108     ctlog_store = CTLOG_STORE_new();
 109
 110     if (ctlog_store == NULL) {
 111         setup_ok = 0;
 112         fprintf(stderr, "Failed to create a new CT log store\n");
 113         goto end;
 114     }
 115
 116     if (CTLOG_STORE_load_default_file(ctlog_store) != 1) {
 117         setup_ok = 0;
 118         fprintf(stderr, "Failed to load CT log list\n");
 119         goto end;
 120     }
 121
 122     fixture.test_case_name = test_case_name;
 123     fixture.ctlog_store = ctlog_store;
 124
 125 end:
 126     if (!setup_ok) {
 127         exit(EXIT_FAILURE);
 128     }
 129     return fixture;
 130 }
 131
 132 static void tear_down(CT_TEST_FIXTURE fixture)
 133 {
 134     CTLOG_STORE_free(fixture.ctlog_store);
 135     SCT_free(fixture.sct);
 136     ERR_print_errors_fp(stderr);
 137 }
 138
 139 static char *mk_file_path(const char *dir, const char *file)
 140 {
 141     char *full_file = NULL;
 142     size_t full_file_l = 0;
 143     const char *sep = "";
 144 #ifndef OPENSSL_SYS_VMS
 145     sep = "/";
 146 #endif
 147
 148     full_file_l = strlen(dir) + strlen(sep) + strlen(file) + 1;
 149     full_file = OPENSSL_zalloc(full_file_l);
 150     if (full_file != NULL) {
 151         OPENSSL_strlcpy(full_file, dir, full_file_l);
 152         OPENSSL_strlcat(full_file, sep, full_file_l);
 153         OPENSSL_strlcat(full_file, file, full_file_l);
 154     }
 155
 156     return full_file;
 157 }
 158
 159 static X509 *load_pem_cert(const char *dir, const char *file)
 160 {
 161     X509 *cert = NULL;
 162     char *file_path = mk_file_path(dir, file);
 163
 164     if (file_path != NULL) {
 165         BIO *cert_io = BIO_new_file(file_path, "r");
 166         OPENSSL_free(file_path);
 167
 168         if (cert_io != NULL)
 169             cert = PEM_read_bio_X509(cert_io, NULL, NULL, NULL);
 170
 171         BIO_free(cert_io);
 172     }
 173     return cert;
 174 }
 175
 176 static int read_text_file(const char *dir, const char *file,
 177                           char *buffer, int buffer_length)
 178 {
 179     int result = -1;
 180     char *file_path = mk_file_path(dir, file);
 181
 182     if (file_path != NULL) {
 183         BIO *file_io = BIO_new_file(file_path, "r");
 184         OPENSSL_free(file_path);
 185
 186         if (file_io != NULL) {
 187             result = BIO_read(file_io, buffer, buffer_length);
 188             BIO_free(file_io);
 189         }
 190     }
 191
 192     return result;
 193 }
 194
 195 static int compare_sct_printout(SCT *sct,
 196     const char *expected_output)
 197 {
 198     BIO *text_buffer = NULL;
 199     char *actual_output = NULL;
 200     int result = 1;
 201
 202     text_buffer = BIO_new(BIO_s_mem());
 203     if (text_buffer == NULL) {
 204         fprintf(stderr, "Unable to allocate buffer\n");
 205         goto end;
 206     }
 207
 208     SCT_print(sct, text_buffer, 0, NULL);
 209
 210     /* Append null terminator because we're about to use the buffer contents
 211     * as a string. */
 212     if (BIO_write(text_buffer, "\0", 1) != 1) {
 213         fprintf(stderr, "Failed to append null terminator to SCT text\n");
 214         goto end;
 215     }
 216
 217     BIO_get_mem_data(text_buffer, &actual_output);
 218     result = strcmp(actual_output, expected_output);
 219
 220     if (result != 0) {
 221         fprintf(stderr,
 222             "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
 223             expected_output, actual_output);
 224     }
 225
 226 end:
 227     BIO_free(text_buffer);
 228     return result;
 229 }
 230
 231 static int compare_extension_printout(X509_EXTENSION *extension,
 232                                       const char *expected_output)
 233 {
 234     BIO *text_buffer = NULL;
 235     char *actual_output = NULL;
 236     int result = 1;
 237
 238     text_buffer = BIO_new(BIO_s_mem());
 239     if (text_buffer == NULL) {
 240         fprintf(stderr, "Unable to allocate buffer\n");
 241         goto end;
 242     }
 243
 244     if (!X509V3_EXT_print(text_buffer, extension, X509V3_EXT_DEFAULT, 0)) {
 245         fprintf(stderr, "Failed to print extension\n");
 246         goto end;
 247     }
 248
 249     /* Append null terminator because we're about to use the buffer contents
 250      * as a string. */
 251     if (BIO_write(text_buffer, "\0", 1) != 1) {
 252         fprintf(stderr, "Failed to append null terminator to extension text\n");
 253         goto end;
 254     }
 255
 256     BIO_get_mem_data(text_buffer, &actual_output);
 257     result = strcmp(actual_output, expected_output);
 258
 259     if (result != 0) {
 260         fprintf(stderr,
 261                 "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
 262                 expected_output, actual_output);
 263     }
 264
 265 end:
 266     BIO_free(text_buffer);
 267     return result;
 268 }
 269
 270 static int execute_cert_test(CT_TEST_FIXTURE fixture)
 271 {
 272     int success = 0;
 273     X509 *cert = NULL, *issuer = NULL;
 274     STACK_OF(SCT) *scts = NULL;
 275     SCT *sct = NULL;
 276     char expected_sct_text[CT_TEST_MAX_FILE_SIZE];
 277     int sct_text_len = 0;
 278     unsigned char *tls_sct = NULL;
 279     size_t tls_sct_len = 0;
 280     CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
 281
 282     if (fixture.sct_text_file != NULL) {
 283         sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file,
 284                                       expected_sct_text,
 285                                       CT_TEST_MAX_FILE_SIZE - 1);
 286
 287         if (sct_text_len < 0) {
 288             fprintf(stderr, "Test data file not found: %s\n",
 289                 fixture.sct_text_file);
 290             goto end;
 291         }
 292
 293         expected_sct_text[sct_text_len] = '\0';
 294     }
 295
 296     CT_POLICY_EVAL_CTX_set0_log_store(ct_policy_ctx, fixture.ctlog_store);
 297
 298     if (fixture.certificate_file != NULL) {
 299         int sct_extension_index;
 300         X509_EXTENSION *sct_extension = NULL;
 301         cert = load_pem_cert(fixture.certs_dir, fixture.certificate_file);
 302
 303         if (cert == NULL) {
 304             fprintf(stderr, "Unable to load certificate: %s\n",
 305                 fixture.certificate_file);
 306             goto end;
 307         }
 308
 309         CT_POLICY_EVAL_CTX_set0_cert(ct_policy_ctx, cert);
 310
 311         if (fixture.issuer_file != NULL) {
 312             issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file);
 313
 314             if (issuer == NULL) {
 315                 fprintf(stderr, "Unable to load issuer certificate: %s\n",
 316                         fixture.issuer_file);
 317                 goto end;
 318             }
 319
 320             CT_POLICY_EVAL_CTX_set0_issuer(ct_policy_ctx, issuer);
 321         }
 322
 323         sct_extension_index =
 324                 X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1);
 325         sct_extension = X509_get_ext(cert, sct_extension_index);
 326         if (fixture.expected_sct_count > 0) {
 327             if (sct_extension == NULL) {
 328                 fprintf(stderr, "SCT extension not found in: %s\n",
 329                     fixture.certificate_file);
 330                 goto end;
 331             }
 332
 333             if (fixture.sct_text_file
 334                 && compare_extension_printout(sct_extension,
 335                                               expected_sct_text)) {
 336                     goto end;
 337             }
 338
 339             if (fixture.test_validity) {
 340                 int are_scts_validated = 0;
 341                 int i;
 342
 343                 scts = X509V3_EXT_d2i(sct_extension);
 344                 for (i = 0; i < sk_SCT_num(scts); ++i) {
 345                     SCT *sct_i = sk_SCT_value(scts, i);
 346
 347                     if (!SCT_set_source(sct_i, SCT_SOURCE_X509V3_EXTENSION)) {
 348                         fprintf(stderr,
 349                                 "Error setting SCT source to X509v3 extension\n");
 350                         goto end;
 351                     }
 352                 }
 353
 354                 are_scts_validated = SCT_LIST_validate(scts, ct_policy_ctx);
 355                 if (are_scts_validated < 0) {
 356                     fprintf(stderr, "Error verifying SCTs\n");
 357                     goto end;
 358                 } else if (!are_scts_validated) {
 359                     int invalid_sct_count = 0;
 360                     int valid_sct_count = 0;
 361
 362                     for (i = 0; i < sk_SCT_num(scts); ++i) {
 363                         SCT *sct_i = sk_SCT_value(scts, i);
 364                         switch (SCT_get_validation_status(sct_i)) {
 365                         case SCT_VALIDATION_STATUS_VALID:
 366                             ++valid_sct_count;
 367                             break;
 368                         case SCT_VALIDATION_STATUS_INVALID:
 369                             ++invalid_sct_count;
 370                             break;
 371                         default:
 372                             /* Ignore other validation statuses. */
 373                             break;
 374                         }
 375                     }
 376
 377                     if (valid_sct_count != fixture.expected_sct_count) {
 378                         int unverified_sct_count = sk_SCT_num(scts) -
 379                                 invalid_sct_count - valid_sct_count;
 380
 381                         fprintf(stderr,
 382                                 "%d SCTs failed verification\n"
 383                                 "%d SCTs passed verification (%d expected)\n"
 384                                 "%d SCTs were unverified\n",
 385                                 invalid_sct_count,
 386                                 valid_sct_count,
 387                                 fixture.expected_sct_count,
 388                                 unverified_sct_count);
 389                     }
 390                     goto end;
 391                 }
 392             }
 393         } else if (sct_extension != NULL) {
 394             fprintf(stderr,
 395                     "Expected no SCTs, but found SCT extension in: %s\n",
 396                     fixture.certificate_file);
 397             goto end;
 398         }
 399     }
 400
 401     if (fixture.tls_sct != NULL) {
 402         const unsigned char *p = fixture.tls_sct;
 403         if (o2i_SCT(&sct, &p, fixture.tls_sct_len) == NULL) {
 404             fprintf(stderr, "Failed to decode SCT from TLS format\n");
 405             goto end;
 406         }
 407
 408         if (fixture.test_validity && cert != NULL) {
 409             int is_sct_validated = SCT_validate(sct, ct_policy_ctx);
 410             if (is_sct_validated < 0) {
 411                 fprintf(stderr, "Error validating SCT\n");
 412                 goto end;
 413             } else if (!is_sct_validated) {
 414                 fprintf(stderr, "SCT failed verification\n");
 415                 goto end;
 416             }
 417         }
 418
 419         if (fixture.sct_text_file
 420             && compare_sct_printout(sct, expected_sct_text)) {
 421                 goto end;
 422         }
 423
 424         tls_sct_len = i2o_SCT(sct, &tls_sct);
 425         if (tls_sct_len != fixture.tls_sct_len ||
 426             memcmp(fixture.tls_sct, tls_sct, tls_sct_len) != 0) {
 427             fprintf(stderr, "Failed to encode SCT into TLS format correctly\n");
 428             goto end;
 429         }
 430     }
 431     success = 1;
 432
 433 end:
 434     X509_free(cert);
 435     X509_free(issuer);
 436     SCT_LIST_free(scts);
 437     SCT_free(sct);
 438     CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
 439     OPENSSL_free(tls_sct);
 440     return success;
 441 }
 442
 443 #define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up)
 444 #define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down)
 445
 446 static int test_no_scts_in_certificate()
 447 {
 448     SETUP_CT_TEST_FIXTURE();
 449     fixture.certs_dir = certs_dir;
 450     fixture.certificate_file = "leaf.pem";
 451     fixture.issuer_file = "subinterCA.pem";
 452     fixture.expected_sct_count = 0;
 453     EXECUTE_CT_TEST();
 454 }
 455
 456 static int test_one_sct_in_certificate()
 457 {
 458     SETUP_CT_TEST_FIXTURE();
 459     fixture.certs_dir = certs_dir;
 460     fixture.certificate_file = "embeddedSCTs1.pem";
 461     fixture.issuer_file = "embeddedSCTs1_issuer.pem";
 462     fixture.expected_sct_count = 1;
 463     fixture.sct_dir = certs_dir;
 464     fixture.sct_text_file = "embeddedSCTs1.sct";
 465     EXECUTE_CT_TEST();
 466 }
 467
 468 static int test_multiple_scts_in_certificate()
 469 {
 470     SETUP_CT_TEST_FIXTURE();
 471     fixture.certs_dir = certs_dir;
 472     fixture.certificate_file = "embeddedSCTs3.pem";
 473     fixture.issuer_file = "embeddedSCTs3_issuer.pem";
 474     fixture.expected_sct_count = 3;
 475     fixture.sct_dir = certs_dir;
 476     fixture.sct_text_file = "embeddedSCTs3.sct";
 477     EXECUTE_CT_TEST();
 478 }
 479
 480 static int test_verify_one_sct()
 481 {
 482     SETUP_CT_TEST_FIXTURE();
 483     fixture.certs_dir = certs_dir;
 484     fixture.certificate_file = "embeddedSCTs1.pem";
 485     fixture.issuer_file = "embeddedSCTs1_issuer.pem";
 486     fixture.expected_sct_count = 1;
 487     fixture.test_validity = 1;
 488     EXECUTE_CT_TEST();
 489 }
 490
 491 static int test_verify_multiple_scts()
 492 {
 493     SETUP_CT_TEST_FIXTURE();
 494     fixture.certs_dir = certs_dir;
 495     fixture.certificate_file = "embeddedSCTs3.pem";
 496     fixture.issuer_file = "embeddedSCTs3_issuer.pem";
 497     fixture.expected_sct_count = 3;
 498     fixture.test_validity = 1;
 499     EXECUTE_CT_TEST();
 500 }
 501
 502 static int test_decode_tls_sct()
 503 {
 504     const unsigned char tls_sct[] = "\x00" /* version */
 505         /* log ID */
 506         "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
 507         "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64"
 508         "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */
 509         "\x00\x00" /* extensions length */
 510         "" /* extensions */
 511         "\x04\x03" /* hash and signature algorithms */
 512         "\x00\x47" /* signature length */
 513         /* signature */
 514         "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6"
 515         "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2"
 516         "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB"
 517         "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89"
 518         "\xED\xBF\x08";
 519
 520     SETUP_CT_TEST_FIXTURE();
 521     fixture.tls_sct = tls_sct;
 522     fixture.tls_sct_len = 118;
 523     fixture.sct_dir = ct_dir;
 524     fixture.sct_text_file = "tls1.sct";
 525     EXECUTE_CT_TEST();
 526 }
 527
 528 static int test_encode_tls_sct()
 529 {
 530     const unsigned char log_id[] = "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9"
 531             "\x61\x68\x32\x5D\xDC\x5C\x79\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E"
 532             "\x0B\xBD\x3F\x74\xD7\x64";
 533
 534     const unsigned char signature[] = "\x45\x02\x20\x48\x2F\x67\x51\xAF\x35"
 535             "\xDB\xA6\x54\x36\xBE\x1F\xD6\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95"
 536             "\x92\x45\x30\x28\x8F\xA3\xE5\xE2\x3E\x06\x02\x21\x00\xE4\xED\xC0"
 537             "\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB\x6A\x68\x06\x53\x98\x7D\xCF"
 538             "\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89\xED\xBF\x08";
 539
 540     SETUP_CT_TEST_FIXTURE();
 541
 542     SCT *sct = SCT_new();
 543     if (!SCT_set_version(sct, SCT_VERSION_V1)) {
 544         fprintf(stderr, "Failed to set SCT version\n");
 545         return 1;
 546     }
 547     if (!SCT_set1_log_id(sct, log_id, 32)) {
 548         fprintf(stderr, "Failed to set SCT log ID\n");
 549         return 1;
 550     }
 551     SCT_set_timestamp(sct, 1);
 552     if (!SCT_set_signature_nid(sct, NID_ecdsa_with_SHA256)) {
 553         fprintf(stderr, "Failed to set SCT signature NID\n");
 554         return 1;
 555     }
 556     if (!SCT_set1_signature(sct, signature, 71)) {
 557         fprintf(stderr, "Failed to set SCT signature\n");
 558         return 1;
 559     }
 560     fixture.sct = sct;
 561     fixture.sct_dir = ct_dir;
 562     fixture.sct_text_file = "tls1.sct";
 563     EXECUTE_CT_TEST();
 564 }
 565
 566 int main(int argc, char *argv[])
 567 {
 568     int result = 0;
 569     char *tmp_env = NULL;
 570
 571     tmp_env = getenv("OPENSSL_DEBUG_MEMORY");
 572     if (tmp_env != NULL && strcmp(tmp_env, "on") == 0)
 573         CRYPTO_set_mem_debug(1);
 574     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 575
 576     tmp_env = getenv("CT_DIR");
 577     ct_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "ct");
 578     tmp_env = getenv("CERTS_DIR");
 579     certs_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "certs");
 580
 581     ADD_TEST(test_no_scts_in_certificate);
 582     ADD_TEST(test_one_sct_in_certificate);
 583     ADD_TEST(test_multiple_scts_in_certificate);
 584     ADD_TEST(test_verify_one_sct);
 585     ADD_TEST(test_verify_multiple_scts);
 586     ADD_TEST(test_decode_tls_sct);
 587     ADD_TEST(test_encode_tls_sct);
 588
 589     result = run_tests(argv[0]);
 590     ERR_print_errors_fp(stderr);
 591
 592     OPENSSL_free(ct_dir);
 593     OPENSSL_free(certs_dir);
 594
 595 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
 596     if (CRYPTO_mem_leaks_fp(stderr) <= 0)
 597         result = 1;
 598 #endif
 599
 600     return result;
 601 }
 602
 603 #else /* OPENSSL_NO_CT */
 604
 605 int main(int argc, char* argv[])
 606 {
 607     return EXIT_SUCCESS;
 608 }
 609
 610 #endif /* OPENSSL_NO_CT */