test/ct_test.c

   1 /*
   2  * Tests the Certificate Transparency public API.
   3  *
   4  * Author:      Rob Percival (robpercival@google.com)
   5  *
   6  * ====================================================================
   7  * Copyright (c) 2016 The OpenSSL Project.    All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *        notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *        notice, this list of conditions and the following disclaimer in
  18  *        the documentation and/or other materials provided with the
  19  *        distribution.
  20  *
  21  * 3. All advertising materials mentioning features or use of this
  22  *        software must display the following acknowledgment:
  23  *        "This product includes software developed by the OpenSSL Project
  24  *        for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25  *
  26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27  *        endorse or promote products derived from this software without
  28  *        prior written permission. For written permission, please contact
  29  *        licensing@OpenSSL.org.
  30  *
  31  * 5. Products derived from this software may not be called "OpenSSL"
  32  *        nor may "OpenSSL" appear in their names without prior written
  33  *        permission of the OpenSSL Project.
  34  *
  35  * 6. Redistributions of any form whatsoever must retain the following
  36  *        acknowledgment:
  37  *        "This product includes software developed by the OpenSSL Project
  38  *        for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS'' AND ANY
  41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43  * PURPOSE ARE DISCLAIMED.    IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51  * OF THE POSSIBILITY OF SUCH DAMAGE.
  52  * ====================================================================
  53  */
  54
  55 #include <ctype.h>
  56 #include <stdio.h>
  57 #include <stdlib.h>
  58 #include <string.h>
  59
  60 #include <openssl/ct.h>
  61 #include <openssl/err.h>
  62 #include <openssl/pem.h>
  63 #include <openssl/x509.h>
  64 #include <openssl/x509v3.h>
  65 #include "testutil.h"
  66
  67 #ifndef OPENSSL_NO_CT
  68
  69 /* Used when declaring buffers to read text files into */
  70 #define CT_TEST_MAX_FILE_SIZE 8096
  71
  72 static char *certs_dir = NULL;
  73 static char *ct_dir = NULL;
  74
  75 typedef struct ct_test_fixture {
  76     const char *test_case_name;
  77     /* The CT log store to use during tests */
  78     CTLOG_STORE* ctlog_store;
  79     /* Set the following to test handling of SCTs in X509 certificates */
  80     const char *certs_dir;
  81     char *certificate_file;
  82     char *issuer_file;
  83     int expected_sct_count;
  84     /* Set the following to test handling of SCTs in TLS format */
  85     const unsigned char *tls_sct;
  86     size_t tls_sct_len;
  87     SCT *sct;
  88     /*
  89      * A file to load the expected SCT text from.
  90      * This text will be compared to the actual text output during the test.
  91      * A maximum of |CT_TEST_MAX_FILE_SIZE| bytes will be read of this file.
  92      */
  93     const char *sct_dir;
  94     const char *sct_text_file;
  95     /* Whether to test the validity of the SCT(s) */
  96     int test_validity;
  97
  98 } CT_TEST_FIXTURE;
  99
 100 static CT_TEST_FIXTURE set_up(const char *const test_case_name)
 101 {
 102     CT_TEST_FIXTURE fixture;
 103     int setup_ok = 1;
 104     CTLOG_STORE *ctlog_store = CTLOG_STORE_new();
 105
 106     if (ctlog_store == NULL) {
 107         setup_ok = 0;
 108         fprintf(stderr, "Failed to create a new CT log store\n");
 109         goto end;
 110     }
 111
 112     if (CTLOG_STORE_load_default_file(ctlog_store) != 1) {
 113         setup_ok = 0;
 114         fprintf(stderr, "Failed to load CT log list\n");
 115         goto end;
 116     }
 117
 118     memset(&fixture, 0, sizeof(fixture));
 119     fixture.test_case_name = test_case_name;
 120     fixture.ctlog_store = ctlog_store;
 121
 122 end:
 123     if (!setup_ok) {
 124         exit(EXIT_FAILURE);
 125     }
 126     return fixture;
 127 }
 128
 129 static void tear_down(CT_TEST_FIXTURE fixture)
 130 {
 131     CTLOG_STORE_free(fixture.ctlog_store);
 132     SCT_free(fixture.sct);
 133     ERR_print_errors_fp(stderr);
 134 }
 135
 136 static char *mk_file_path(const char *dir, const char *file)
 137 {
 138     char *full_file = NULL;
 139     size_t full_file_l = 0;
 140     const char *sep = "";
 141 #ifndef OPENSSL_SYS_VMS
 142     sep = "/";
 143 #endif
 144
 145     full_file_l = strlen(dir) + strlen(sep) + strlen(file) + 1;
 146     full_file = OPENSSL_zalloc(full_file_l);
 147     if (full_file != NULL) {
 148         OPENSSL_strlcpy(full_file, dir, full_file_l);
 149         OPENSSL_strlcat(full_file, sep, full_file_l);
 150         OPENSSL_strlcat(full_file, file, full_file_l);
 151     }
 152
 153     return full_file;
 154 }
 155
 156 static X509 *load_pem_cert(const char *dir, const char *file)
 157 {
 158     X509 *cert = NULL;
 159     char *file_path = mk_file_path(dir, file);
 160
 161     if (file_path != NULL) {
 162         BIO *cert_io = BIO_new_file(file_path, "r");
 163         OPENSSL_free(file_path);
 164
 165         if (cert_io != NULL)
 166             cert = PEM_read_bio_X509(cert_io, NULL, NULL, NULL);
 167
 168         BIO_free(cert_io);
 169     }
 170     return cert;
 171 }
 172
 173 static int read_text_file(const char *dir, const char *file,
 174                           char *buffer, int buffer_length)
 175 {
 176     int result = -1;
 177     char *file_path = mk_file_path(dir, file);
 178
 179     if (file_path != NULL) {
 180         BIO *file_io = BIO_new_file(file_path, "r");
 181         OPENSSL_free(file_path);
 182
 183         if (file_io != NULL) {
 184             result = BIO_read(file_io, buffer, buffer_length);
 185             BIO_free(file_io);
 186         }
 187     }
 188
 189     return result;
 190 }
 191
 192 static int compare_sct_printout(SCT *sct,
 193     const char *expected_output)
 194 {
 195     BIO *text_buffer = NULL;
 196     char *actual_output = NULL;
 197     int result = 1;
 198
 199     text_buffer = BIO_new(BIO_s_mem());
 200     if (text_buffer == NULL) {
 201         fprintf(stderr, "Unable to allocate buffer\n");
 202         goto end;
 203     }
 204
 205     SCT_print(sct, text_buffer, 0, NULL);
 206
 207     /* Append null terminator because we're about to use the buffer contents
 208     * as a string. */
 209     if (BIO_write(text_buffer, "\0", 1) != 1) {
 210         fprintf(stderr, "Failed to append null terminator to SCT text\n");
 211         goto end;
 212     }
 213
 214     BIO_get_mem_data(text_buffer, &actual_output);
 215     result = strcmp(actual_output, expected_output);
 216
 217     if (result != 0) {
 218         fprintf(stderr,
 219             "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
 220             expected_output, actual_output);
 221     }
 222
 223 end:
 224     BIO_free(text_buffer);
 225     return result;
 226 }
 227
 228 static int compare_extension_printout(X509_EXTENSION *extension,
 229                                       const char *expected_output)
 230 {
 231     BIO *text_buffer = NULL;
 232     char *actual_output = NULL;
 233     int result = 1;
 234
 235     text_buffer = BIO_new(BIO_s_mem());
 236     if (text_buffer == NULL) {
 237         fprintf(stderr, "Unable to allocate buffer\n");
 238         goto end;
 239     }
 240
 241     if (!X509V3_EXT_print(text_buffer, extension, X509V3_EXT_DEFAULT, 0)) {
 242         fprintf(stderr, "Failed to print extension\n");
 243         goto end;
 244     }
 245
 246     /* Append null terminator because we're about to use the buffer contents
 247      * as a string. */
 248     if (BIO_write(text_buffer, "\0", 1) != 1) {
 249         fprintf(stderr, "Failed to append null terminator to extension text\n");
 250         goto end;
 251     }
 252
 253     BIO_get_mem_data(text_buffer, &actual_output);
 254     result = strcmp(actual_output, expected_output);
 255
 256     if (result != 0) {
 257         fprintf(stderr,
 258                 "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
 259                 expected_output, actual_output);
 260     }
 261
 262 end:
 263     BIO_free(text_buffer);
 264     return result;
 265 }
 266
 267 static int execute_cert_test(CT_TEST_FIXTURE fixture)
 268 {
 269     int test_failed = 0;
 270     X509 *cert = NULL, *issuer = NULL;
 271     STACK_OF(SCT) *scts = NULL;
 272     SCT *sct = NULL;
 273     char expected_sct_text[CT_TEST_MAX_FILE_SIZE];
 274     int sct_text_len = 0;
 275     unsigned char *tls_sct = NULL;
 276     size_t tls_sct_len = 0;
 277     CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
 278
 279     if (fixture.sct_text_file != NULL) {
 280         sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file,
 281                                       expected_sct_text,
 282                                       CT_TEST_MAX_FILE_SIZE - 1);
 283
 284         if (sct_text_len < 0) {
 285             test_failed = 1;
 286             fprintf(stderr, "Test data file not found: %s\n",
 287                 fixture.sct_text_file);
 288             goto end;
 289         }
 290
 291         expected_sct_text[sct_text_len] = '\0';
 292     }
 293
 294     CT_POLICY_EVAL_CTX_set0_log_store(ct_policy_ctx, fixture.ctlog_store);
 295
 296     if (fixture.certificate_file != NULL) {
 297         int sct_extension_index;
 298         X509_EXTENSION *sct_extension = NULL;
 299         cert = load_pem_cert(fixture.certs_dir, fixture.certificate_file);
 300
 301         if (cert == NULL) {
 302             test_failed = 1;
 303             fprintf(stderr, "Unable to load certificate: %s\n",
 304                 fixture.certificate_file);
 305             goto end;
 306         }
 307
 308         CT_POLICY_EVAL_CTX_set0_cert(ct_policy_ctx, cert);
 309
 310         if (fixture.issuer_file != NULL) {
 311             issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file);
 312
 313             if (issuer == NULL) {
 314                 test_failed = 1;
 315                 fprintf(stderr, "Unable to load issuer certificate: %s\n",
 316                         fixture.issuer_file);
 317                 goto end;
 318             }
 319
 320             CT_POLICY_EVAL_CTX_set0_issuer(ct_policy_ctx, issuer);
 321         }
 322
 323         sct_extension_index =
 324                 X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1);
 325         sct_extension = X509_get_ext(cert, sct_extension_index);
 326         if (fixture.expected_sct_count > 0) {
 327             if (sct_extension == NULL) {
 328                 test_failed = 1;
 329                 fprintf(stderr, "SCT extension not found in: %s\n",
 330                     fixture.certificate_file);
 331                 goto end;
 332             }
 333
 334             if (fixture.sct_text_file) {
 335                 test_failed = compare_extension_printout(sct_extension,
 336                                                     expected_sct_text);
 337                 if (test_failed != 0)
 338                     goto end;
 339             }
 340
 341             if (fixture.test_validity) {
 342                 int are_scts_validated = 0;
 343                 int i;
 344
 345                 scts = X509V3_EXT_d2i(sct_extension);
 346                 for (i = 0; i < sk_SCT_num(scts); ++i) {
 347                     SCT *sct_i = sk_SCT_value(scts, i);
 348
 349                     if (!SCT_set_source(sct_i, SCT_SOURCE_X509V3_EXTENSION)) {
 350                         fprintf(stderr,
 351                                 "Error setting SCT source to X509v3 extension\n");
 352                         test_failed = 1;
 353                         goto end;
 354                     }
 355                 }
 356
 357                 are_scts_validated = SCT_LIST_validate(scts, ct_policy_ctx);
 358                 if (are_scts_validated < 0) {
 359                     fprintf(stderr, "Error verifying SCTs\n");
 360                     test_failed = 1;
 361                 } else if (!are_scts_validated) {
 362                     int invalid_sct_count = 0;
 363                     int valid_sct_count = 0;
 364
 365                     for (i = 0; i < sk_SCT_num(scts); ++i) {
 366                         SCT *sct_i = sk_SCT_value(scts, i);
 367                         switch (SCT_get_validation_status(sct_i)) {
 368                         case SCT_VALIDATION_STATUS_VALID:
 369                             ++valid_sct_count;
 370                             break;
 371                         case SCT_VALIDATION_STATUS_INVALID:
 372                             ++invalid_sct_count;
 373                             break;
 374                         default:
 375                             /* Ignore other validation statuses. */
 376                             break;
 377                         }
 378                     }
 379
 380                     if (valid_sct_count != fixture.expected_sct_count) {
 381                         int unverified_sct_count = sk_SCT_num(scts) -
 382                                 invalid_sct_count - valid_sct_count;
 383
 384                         fprintf(stderr,
 385                                 "%d SCTs failed verification\n"
 386                                 "%d SCTs passed verification (%d expected)\n"
 387                                 "%d SCTs were unverified\n",
 388                                 invalid_sct_count,
 389                                 valid_sct_count,
 390                                 fixture.expected_sct_count,
 391                                 unverified_sct_count);
 392                     }
 393                     test_failed = 1;
 394                 }
 395
 396                 if (test_failed != 0)
 397                     goto end;
 398             }
 399         } else if (sct_extension != NULL) {
 400             test_failed = 1;
 401             fprintf(stderr,
 402                     "Expected no SCTs, but found SCT extension in: %s\n",
 403                     fixture.certificate_file);
 404             goto end;
 405         }
 406     }
 407
 408     if (fixture.tls_sct != NULL) {
 409         const unsigned char *p = fixture.tls_sct;
 410         if (o2i_SCT(&sct, &p, fixture.tls_sct_len) == NULL) {
 411             test_failed = 1;
 412             fprintf(stderr, "Failed to decode SCT from TLS format\n");
 413             goto end;
 414         }
 415
 416         if (fixture.sct_text_file) {
 417             test_failed = compare_sct_printout(sct, expected_sct_text);
 418             if (test_failed != 0)
 419                 goto end;
 420         }
 421
 422         tls_sct_len = i2o_SCT(sct, &tls_sct);
 423         if (tls_sct_len != fixture.tls_sct_len ||
 424             memcmp(fixture.tls_sct, tls_sct, tls_sct_len) != 0) {
 425             test_failed = 1;
 426             fprintf(stderr, "Failed to encode SCT into TLS format correctly\n");
 427             goto end;
 428         }
 429
 430         if (fixture.test_validity && cert != NULL) {
 431             int is_sct_validated = SCT_validate(sct, ct_policy_ctx);
 432             if (is_sct_validated < 0) {
 433                 test_failed = 1;
 434                 fprintf(stderr, "Error validating SCT\n");
 435                 goto end;
 436             } else if (!is_sct_validated) {
 437                 test_failed = 1;
 438                 fprintf(stderr, "SCT failed verification\n");
 439                 goto end;
 440             }
 441         }
 442     }
 443
 444 end:
 445     X509_free(cert);
 446     X509_free(issuer);
 447     SCT_LIST_free(scts);
 448     SCT_free(sct);
 449     CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
 450     OPENSSL_free(tls_sct);
 451     return test_failed;
 452 }
 453
 454 #define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up)
 455 #define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down)
 456
 457 static int test_no_scts_in_certificate()
 458 {
 459     SETUP_CT_TEST_FIXTURE();
 460     fixture.certs_dir = certs_dir;
 461     fixture.certificate_file = "leaf.pem";
 462     fixture.issuer_file = "subinterCA.pem";
 463     fixture.expected_sct_count = 0;
 464     EXECUTE_CT_TEST();
 465 }
 466
 467 static int test_one_sct_in_certificate()
 468 {
 469     SETUP_CT_TEST_FIXTURE();
 470     fixture.certs_dir = certs_dir;
 471     fixture.certificate_file = "embeddedSCTs1.pem";
 472     fixture.issuer_file = "embeddedSCTs1_issuer.pem";
 473     fixture.expected_sct_count = 1;
 474     fixture.sct_dir = certs_dir;
 475     fixture.sct_text_file = "embeddedSCTs1.sct";
 476     EXECUTE_CT_TEST();
 477 }
 478
 479 static int test_multiple_scts_in_certificate()
 480 {
 481     SETUP_CT_TEST_FIXTURE();
 482     fixture.certs_dir = certs_dir;
 483     fixture.certificate_file = "embeddedSCTs3.pem";
 484     fixture.issuer_file = "embeddedSCTs3_issuer.pem";
 485     fixture.expected_sct_count = 3;
 486     fixture.sct_dir = certs_dir;
 487     fixture.sct_text_file = "embeddedSCTs3.sct";
 488     EXECUTE_CT_TEST();
 489 }
 490
 491 static int test_verify_one_sct()
 492 {
 493     SETUP_CT_TEST_FIXTURE();
 494     fixture.certs_dir = certs_dir;
 495     fixture.certificate_file = "embeddedSCTs1.pem";
 496     fixture.issuer_file = "embeddedSCTs1_issuer.pem";
 497     fixture.expected_sct_count = 1;
 498     fixture.test_validity = 1;
 499     EXECUTE_CT_TEST();
 500 }
 501
 502 static int test_verify_multiple_scts()
 503 {
 504     SETUP_CT_TEST_FIXTURE();
 505     fixture.certs_dir = certs_dir;
 506     fixture.certificate_file = "embeddedSCTs3.pem";
 507     fixture.issuer_file = "embeddedSCTs3_issuer.pem";
 508     fixture.expected_sct_count = 3;
 509     fixture.test_validity = 1;
 510     EXECUTE_CT_TEST();
 511 }
 512
 513 static int test_decode_tls_sct()
 514 {
 515     const unsigned char tls_sct[] = "\x00" /* version */
 516         /* log ID */
 517         "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
 518         "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64"
 519         "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */
 520         "\x00\x00" /* extensions length */
 521         "" /* extensions */
 522         "\x04\x03" /* hash and signature algorithms */
 523         "\x00\x47" /* signature length */
 524         /* signature */
 525         "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6"
 526         "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2"
 527         "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB"
 528         "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89"
 529         "\xED\xBF\x08";
 530
 531     SETUP_CT_TEST_FIXTURE();
 532     fixture.tls_sct = tls_sct;
 533     fixture.tls_sct_len = 118;
 534     fixture.sct_dir = ct_dir;
 535     fixture.sct_text_file = "tls1.sct";
 536     EXECUTE_CT_TEST();
 537 }
 538
 539 static int test_encode_tls_sct()
 540 {
 541     const unsigned char log_id[] = "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9"
 542             "\x61\x68\x32\x5D\xDC\x5C\x79\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E"
 543             "\x0B\xBD\x3F\x74\xD7\x64";
 544
 545     const unsigned char signature[] = "\x45\x02\x20\x48\x2F\x67\x51\xAF\x35"
 546             "\xDB\xA6\x54\x36\xBE\x1F\xD6\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95"
 547             "\x92\x45\x30\x28\x8F\xA3\xE5\xE2\x3E\x06\x02\x21\x00\xE4\xED\xC0"
 548             "\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB\x6A\x68\x06\x53\x98\x7D\xCF"
 549             "\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89\xED\xBF\x08";
 550
 551     SETUP_CT_TEST_FIXTURE();
 552
 553     SCT *sct = SCT_new();
 554     if (!SCT_set_version(sct, SCT_VERSION_V1)) {
 555         fprintf(stderr, "Failed to set SCT version\n");
 556         return 1;
 557     }
 558     if (!SCT_set1_log_id(sct, log_id, 32)) {
 559         fprintf(stderr, "Failed to set SCT log ID\n");
 560         return 1;
 561     }
 562     SCT_set_timestamp(sct, 1);
 563     if (!SCT_set_signature_nid(sct, NID_ecdsa_with_SHA256)) {
 564         fprintf(stderr, "Failed to set SCT signature NID\n");
 565         return 1;
 566     }
 567     if (!SCT_set1_signature(sct, signature, 71)) {
 568         fprintf(stderr, "Failed to set SCT signature\n");
 569         return 1;
 570     }
 571     fixture.sct = sct;
 572     fixture.sct_dir = ct_dir;
 573     fixture.sct_text_file = "tls1.sct";
 574     EXECUTE_CT_TEST();
 575 }
 576
 577 int main(int argc, char *argv[])
 578 {
 579     int result = 0;
 580     char *tmp_env = NULL;
 581
 582     tmp_env = getenv("CT_DIR");
 583     ct_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "ct");
 584     tmp_env = getenv("CERTS_DIR");
 585     certs_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "certs");
 586
 587     ADD_TEST(test_no_scts_in_certificate);
 588     ADD_TEST(test_one_sct_in_certificate);
 589     ADD_TEST(test_multiple_scts_in_certificate);
 590     ADD_TEST(test_verify_one_sct);
 591     ADD_TEST(test_verify_multiple_scts);
 592     ADD_TEST(test_decode_tls_sct);
 593     ADD_TEST(test_encode_tls_sct);
 594
 595     result = run_tests(argv[0]);
 596     ERR_print_errors_fp(stderr);
 597
 598     OPENSSL_free(ct_dir);
 599     OPENSSL_free(certs_dir);
 600
 601     return result;
 602 }
 603
 604 #else /* OPENSSL_NO_CT */
 605
 606 int main(int argc, char* argv[])
 607 {
 608     return EXIT_SUCCESS;
 609 }
 610
 611 #endif /* OPENSSL_NO_CT */