test/ct_test.c

   1 /*
   2  * Tests the Certificate Transparency public API.
   3  *
   4  * Author:      Rob Percival (robpercival@google.com)
   5  *
   6  * ====================================================================
   7  * Copyright (c) 2016 The OpenSSL Project.    All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *        notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *        notice, this list of conditions and the following disclaimer in
  18  *        the documentation and/or other materials provided with the
  19  *        distribution.
  20  *
  21  * 3. All advertising materials mentioning features or use of this
  22  *        software must display the following acknowledgment:
  23  *        "This product includes software developed by the OpenSSL Project
  24  *        for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25  *
  26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27  *        endorse or promote products derived from this software without
  28  *        prior written permission. For written permission, please contact
  29  *        licensing@OpenSSL.org.
  30  *
  31  * 5. Products derived from this software may not be called "OpenSSL"
  32  *        nor may "OpenSSL" appear in their names without prior written
  33  *        permission of the OpenSSL Project.
  34  *
  35  * 6. Redistributions of any form whatsoever must retain the following
  36  *        acknowledgment:
  37  *        "This product includes software developed by the OpenSSL Project
  38  *        for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS'' AND ANY
  41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43  * PURPOSE ARE DISCLAIMED.    IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51  * OF THE POSSIBILITY OF SUCH DAMAGE.
  52  * ====================================================================
  53  */
  54
  55 #include <ctype.h>
  56 #include <stdio.h>
  57 #include <stdlib.h>
  58 #include <string.h>
  59
  60 #include <openssl/ct.h>
  61 #include <openssl/err.h>
  62 #include <openssl/pem.h>
  63 #include <openssl/x509.h>
  64 #include <openssl/x509v3.h>
  65 #include "testutil.h"
  66
  67 #ifndef OPENSSL_NO_CT
  68
  69 /* Used when declaring buffers to read text files into */
  70 #define CT_TEST_MAX_FILE_SIZE 8096
  71
  72 char *certs_dir = NULL;
  73 char *ct_dir = NULL;
  74
  75 typedef struct ct_test_fixture {
  76     const char *test_case_name;
  77     /* The CT log store to use during tests */
  78     CTLOG_STORE* ctlog_store;
  79     /* Set the following to test handling of SCTs in X509 certificates */
  80     const char *certs_dir;
  81     char *certificate_file;
  82     char *issuer_file;
  83     int expected_sct_count;
  84     /* Set the following to test handling of SCTs in TLS format */
  85     const uint8_t *tls_sct;
  86     size_t tls_sct_len;
  87     SCT *sct;
  88     /*
  89      * A file to load the expected SCT text from.
  90      * This text will be compared to the actual text output during the test.
  91      * A maximum of |CT_TEST_MAX_FILE_SIZE| bytes will be read of this file.
  92      */
  93     const char *sct_dir;
  94     const char *sct_text_file;
  95     /* Whether to test the validity of the SCT(s) */
  96     int test_validity;
  97
  98 } CT_TEST_FIXTURE;
  99
 100 static CT_TEST_FIXTURE set_up(const char *const test_case_name)
 101 {
 102     CT_TEST_FIXTURE fixture;
 103     int setup_ok = 1;
 104     CTLOG_STORE *ctlog_store = CTLOG_STORE_new();
 105
 106     if (ctlog_store == NULL) {
 107         setup_ok = 0;
 108         fprintf(stderr, "Failed to create a new CT log store\n");
 109         goto end;
 110     }
 111
 112     if (CTLOG_STORE_load_default_file(ctlog_store) != 1) {
 113         setup_ok = 0;
 114         fprintf(stderr, "Failed to load CT log list\n");
 115         goto end;
 116     }
 117
 118     memset(&fixture, 0, sizeof(fixture));
 119     fixture.test_case_name = test_case_name;
 120     fixture.ctlog_store = ctlog_store;
 121
 122 end:
 123     if (!setup_ok) {
 124         exit(EXIT_FAILURE);
 125     }
 126     return fixture;
 127 }
 128
 129 static void tear_down(CT_TEST_FIXTURE fixture)
 130 {
 131     CTLOG_STORE_free(fixture.ctlog_store);
 132     SCT_free(fixture.sct);
 133     ERR_print_errors_fp(stderr);
 134 }
 135
 136 static char *mk_file_path(const char *dir, const char *file)
 137 {
 138     char *full_file = NULL;
 139     size_t full_file_l = 0;
 140     const char *sep = "";
 141 #ifndef OPENSSL_SYS_VMS
 142     sep = "/";
 143 #endif
 144
 145     full_file_l = strlen(dir) + strlen(sep) + strlen(file) + 1;
 146     full_file = OPENSSL_zalloc(full_file_l);
 147     if (full_file != NULL) {
 148         OPENSSL_strlcpy(full_file, dir, full_file_l);
 149         OPENSSL_strlcat(full_file, sep, full_file_l);
 150         OPENSSL_strlcat(full_file, file, full_file_l);
 151     }
 152
 153     return full_file;
 154 }
 155
 156 static X509 *load_pem_cert(const char *dir, const char *file)
 157 {
 158     X509 *cert = NULL;
 159     char *file_path = mk_file_path(dir, file);
 160
 161     if (file_path != NULL) {
 162         BIO *cert_io = BIO_new_file(file_path, "r");
 163         OPENSSL_free(file_path);
 164
 165         if (cert_io != NULL)
 166             cert = PEM_read_bio_X509(cert_io, NULL, NULL, NULL);
 167
 168         BIO_free(cert_io);
 169     }
 170     return cert;
 171 }
 172
 173 static int read_text_file(const char *dir, const char *file,
 174                           char *buffer, int buffer_length)
 175 {
 176     int result = -1;
 177     char *file_path = mk_file_path(dir, file);
 178
 179     if (file_path != NULL) {
 180         BIO *file_io = BIO_new_file(file_path, "r");
 181         OPENSSL_free(file_path);
 182
 183         if (file_io != NULL) {
 184             result = BIO_read(file_io, buffer, buffer_length);
 185             BIO_free(file_io);
 186         }
 187     }
 188
 189     return result;
 190 }
 191
 192 static int compare_sct_printout(SCT *sct,
 193     const char *expected_output)
 194 {
 195     BIO *text_buffer = NULL;
 196     char *actual_output = NULL;
 197     int result = 1;
 198
 199     text_buffer = BIO_new(BIO_s_mem());
 200     if (text_buffer == NULL) {
 201         fprintf(stderr, "Unable to allocate buffer\n");
 202         goto end;
 203     }
 204
 205     SCT_print(sct, text_buffer, 0);
 206
 207     /* Append null terminator because we're about to use the buffer contents
 208     * as a string. */
 209     if (BIO_write(text_buffer, "\0", 1) != 1) {
 210         fprintf(stderr, "Failed to append null terminator to SCT text\n");
 211         goto end;
 212     }
 213
 214     BIO_get_mem_data(text_buffer, &actual_output);
 215     result = strcmp(actual_output, expected_output);
 216
 217     if (result != 0) {
 218         fprintf(stderr,
 219             "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
 220             expected_output, actual_output);
 221     }
 222
 223 end:
 224     BIO_free(text_buffer);
 225     return result;
 226 }
 227
 228 static int compare_extension_printout(X509_EXTENSION *extension,
 229                                       const char *expected_output)
 230 {
 231     BIO *text_buffer = NULL;
 232     char *actual_output = NULL;
 233     int result = 1;
 234
 235     text_buffer = BIO_new(BIO_s_mem());
 236     if (text_buffer == NULL) {
 237         fprintf(stderr, "Unable to allocate buffer\n");
 238         goto end;
 239     }
 240
 241     if (!X509V3_EXT_print(text_buffer, extension, X509V3_EXT_DEFAULT, 0)) {
 242         fprintf(stderr, "Failed to print extension\n");
 243         goto end;
 244     }
 245
 246     /* Append null terminator because we're about to use the buffer contents
 247      * as a string. */
 248     if (BIO_write(text_buffer, "\0", 1) != 1) {
 249         fprintf(stderr, "Failed to append null terminator to extension text\n");
 250         goto end;
 251     }
 252
 253     BIO_get_mem_data(text_buffer, &actual_output);
 254     result = strcmp(actual_output, expected_output);
 255
 256     if (result != 0) {
 257         fprintf(stderr,
 258                 "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
 259                 expected_output, actual_output);
 260     }
 261
 262 end:
 263     BIO_free(text_buffer);
 264     return result;
 265 }
 266
 267 static int execute_cert_test(CT_TEST_FIXTURE fixture)
 268 {
 269     int test_failed = 0;
 270     X509 *cert = NULL, *issuer = NULL;
 271     STACK_OF(SCT) *scts = NULL;
 272     SCT *sct = NULL;
 273     char expected_sct_text[CT_TEST_MAX_FILE_SIZE];
 274     int sct_text_len = 0;
 275     unsigned char *tls_sct = NULL;
 276     size_t tls_sct_len = 0;
 277     CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
 278
 279     if (fixture.sct_text_file != NULL) {
 280         sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file,
 281                                       expected_sct_text,
 282                                       CT_TEST_MAX_FILE_SIZE - 1);
 283
 284         if (sct_text_len < 0) {
 285             test_failed = 1;
 286             fprintf(stderr, "Test data file not found: %s\n",
 287                 fixture.sct_text_file);
 288             goto end;
 289         }
 290
 291         expected_sct_text[sct_text_len] = '\0';
 292     }
 293
 294     CT_POLICY_EVAL_CTX_set0_log_store(ct_policy_ctx, fixture.ctlog_store);
 295
 296     if (fixture.certificate_file != NULL) {
 297         int sct_extension_index;
 298         X509_EXTENSION *sct_extension = NULL;
 299         cert = load_pem_cert(fixture.certs_dir, fixture.certificate_file);
 300
 301         if (cert == NULL) {
 302             test_failed = 1;
 303             fprintf(stderr, "Unable to load certificate: %s\n",
 304                 fixture.certificate_file);
 305             goto end;
 306         }
 307
 308         CT_POLICY_EVAL_CTX_set0_cert(ct_policy_ctx, cert);
 309
 310         if (fixture.issuer_file != NULL) {
 311             issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file);
 312
 313             if (issuer == NULL) {
 314                 test_failed = 1;
 315                 fprintf(stderr, "Unable to load issuer certificate: %s\n",
 316                         fixture.issuer_file);
 317                 goto end;
 318             }
 319
 320             CT_POLICY_EVAL_CTX_set0_issuer(ct_policy_ctx, issuer);
 321         }
 322
 323         sct_extension_index =
 324                 X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1);
 325         sct_extension = X509_get_ext(cert, sct_extension_index);
 326         if (fixture.expected_sct_count > 0) {
 327             if (sct_extension == NULL) {
 328                 test_failed = 1;
 329                 fprintf(stderr, "SCT extension not found in: %s\n",
 330                     fixture.certificate_file);
 331                 goto end;
 332             }
 333
 334             if (fixture.sct_text_file) {
 335                 test_failed = compare_extension_printout(sct_extension,
 336                                                     expected_sct_text);
 337                 if (test_failed != 0)
 338                     goto end;
 339             }
 340
 341             if (fixture.test_validity) {
 342                 int are_scts_validated = 0;
 343                 scts = X509V3_EXT_d2i(sct_extension);
 344                 if (SCT_LIST_set_source(scts, SCT_SOURCE_X509V3_EXTENSION) !=
 345                     sk_SCT_num(scts)) {
 346                     fprintf(stderr,
 347                             "Error setting SCT source to X509v3 extension\n");
 348                     test_failed = 1;
 349                 }
 350
 351                 are_scts_validated = SCT_LIST_validate(scts, ct_policy_ctx);
 352                 if (are_scts_validated < 0) {
 353                     fprintf(stderr, "Error verifying SCTs\n");
 354                     test_failed = 1;
 355                 } else if (!are_scts_validated) {
 356                     int invalid_sct_count = 0;
 357                     int valid_sct_count = 0;
 358                     int i;
 359
 360                     for (i = 0; i < sk_SCT_num(scts); ++i) {
 361                         SCT *sct_i = sk_SCT_value(scts, i);
 362                         switch (SCT_get_validation_status(sct_i)) {
 363                         case SCT_VALIDATION_STATUS_VALID:
 364                             ++valid_sct_count;
 365                             break;
 366                         case SCT_VALIDATION_STATUS_INVALID:
 367                             ++invalid_sct_count;
 368                             break;
 369                         default:
 370                             /* Ignore other validation statuses. */
 371                             break;
 372                         }
 373                     }
 374
 375                     if (valid_sct_count != fixture.expected_sct_count) {
 376                         int unverified_sct_count = sk_SCT_num(scts) -
 377                                 invalid_sct_count - valid_sct_count;
 378
 379                         fprintf(stderr,
 380                                 "%d SCTs failed verification\n"
 381                                 "%d SCTs passed verification (%d expected)\n"
 382                                 "%d SCTs were unverified\n",
 383                                 invalid_sct_count,
 384                                 valid_sct_count,
 385                                 fixture.expected_sct_count,
 386                                 unverified_sct_count);
 387                     }
 388                     test_failed = 1;
 389                 }
 390
 391                 if (test_failed != 0)
 392                     goto end;
 393             }
 394         } else if (sct_extension != NULL) {
 395             test_failed = 1;
 396             fprintf(stderr,
 397                     "Expected no SCTs, but found SCT extension in: %s\n",
 398                     fixture.certificate_file);
 399             goto end;
 400         }
 401     }
 402
 403     if (fixture.tls_sct != NULL) {
 404         const unsigned char *p = fixture.tls_sct;
 405         if (o2i_SCT(&sct, &p, fixture.tls_sct_len) == NULL) {
 406             test_failed = 1;
 407             fprintf(stderr, "Failed to decode SCT from TLS format\n");
 408             goto end;
 409         }
 410
 411         if (fixture.sct_text_file) {
 412             test_failed = compare_sct_printout(sct, expected_sct_text);
 413             if (test_failed != 0)
 414                 goto end;
 415         }
 416
 417         tls_sct_len = i2o_SCT(sct, &tls_sct);
 418         if (tls_sct_len != fixture.tls_sct_len ||
 419             memcmp(fixture.tls_sct, tls_sct, tls_sct_len) != 0) {
 420             test_failed = 1;
 421             fprintf(stderr, "Failed to encode SCT into TLS format correctly\n");
 422             goto end;
 423         }
 424
 425         if (fixture.test_validity && cert != NULL) {
 426             int is_sct_validated = SCT_validate(sct, ct_policy_ctx);
 427             if (is_sct_validated < 0) {
 428                 test_failed = 1;
 429                 fprintf(stderr, "Error validating SCT\n");
 430                 goto end;
 431             } else if (!is_sct_validated) {
 432                 test_failed = 1;
 433                 fprintf(stderr, "SCT failed verification\n");
 434                 goto end;
 435             }
 436         }
 437     }
 438
 439 end:
 440     X509_free(cert);
 441     X509_free(issuer);
 442     SCT_LIST_free(scts);
 443     SCT_free(sct);
 444     CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
 445     OPENSSL_free(tls_sct);
 446     return test_failed;
 447 }
 448
 449 #define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up)
 450 #define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down)
 451
 452 static int test_no_scts_in_certificate()
 453 {
 454     SETUP_CT_TEST_FIXTURE();
 455     fixture.certs_dir = certs_dir;
 456     fixture.certificate_file = "leaf.pem";
 457     fixture.issuer_file = "subinterCA.pem";
 458     fixture.expected_sct_count = 0;
 459     EXECUTE_CT_TEST();
 460 }
 461
 462 static int test_one_sct_in_certificate()
 463 {
 464     SETUP_CT_TEST_FIXTURE();
 465     fixture.certs_dir = certs_dir;
 466     fixture.certificate_file = "embeddedSCTs1.pem";
 467     fixture.issuer_file = "embeddedSCTs1_issuer.pem";
 468     fixture.expected_sct_count = 1;
 469     fixture.sct_dir = certs_dir;
 470     fixture.sct_text_file = "embeddedSCTs1.sct";
 471     EXECUTE_CT_TEST();
 472 }
 473
 474 static int test_multiple_scts_in_certificate()
 475 {
 476     SETUP_CT_TEST_FIXTURE();
 477     fixture.certs_dir = certs_dir;
 478     fixture.certificate_file = "embeddedSCTs3.pem";
 479     fixture.issuer_file = "embeddedSCTs3_issuer.pem";
 480     fixture.expected_sct_count = 3;
 481     fixture.sct_dir = certs_dir;
 482     fixture.sct_text_file = "embeddedSCTs3.sct";
 483     EXECUTE_CT_TEST();
 484 }
 485
 486 static int test_verify_one_sct()
 487 {
 488     SETUP_CT_TEST_FIXTURE();
 489     fixture.certs_dir = certs_dir;
 490     fixture.certificate_file = "embeddedSCTs1.pem";
 491     fixture.issuer_file = "embeddedSCTs1_issuer.pem";
 492     fixture.expected_sct_count = 1;
 493     fixture.test_validity = 1;
 494     EXECUTE_CT_TEST();
 495 }
 496
 497 static int test_verify_multiple_scts()
 498 {
 499     SETUP_CT_TEST_FIXTURE();
 500     fixture.certs_dir = certs_dir;
 501     fixture.certificate_file = "embeddedSCTs3.pem";
 502     fixture.issuer_file = "embeddedSCTs3_issuer.pem";
 503     fixture.expected_sct_count = 3;
 504     fixture.test_validity = 1;
 505     EXECUTE_CT_TEST();
 506 }
 507
 508 static int test_decode_tls_sct()
 509 {
 510     SETUP_CT_TEST_FIXTURE();
 511     fixture.tls_sct = (unsigned char *)
 512         "\x00" /* version */
 513         /* log ID */
 514         "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
 515         "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64"
 516         "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */
 517         "\x00\x00" /* extensions length */
 518         "" /* extensions */
 519         "\x04\x03" /* hash and signature algorithms */
 520         "\x00\x47" /* signature length */
 521         "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6"
 522         "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2"
 523         "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB"
 524         "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89"
 525         "\xED\xBF\x08"; /* signature */
 526     fixture.tls_sct_len = 118;
 527     fixture.sct_dir = ct_dir;
 528     fixture.sct_text_file = "tls1.sct";
 529     EXECUTE_CT_TEST();
 530 }
 531
 532 static int test_encode_tls_sct()
 533 {
 534     SETUP_CT_TEST_FIXTURE();
 535
 536     SCT *sct = SCT_new();
 537     if (!SCT_set_version(sct, SCT_VERSION_V1)) {
 538         fprintf(stderr, "Failed to set SCT version\n");
 539         return 1;
 540     }
 541     if (!SCT_set1_log_id(sct, (unsigned char *)
 542         "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
 543         "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64", 32)) {
 544         fprintf(stderr, "Failed to set SCT log ID\n");
 545         return 1;
 546     }
 547     SCT_set_timestamp(sct, 1);
 548     if (!SCT_set_signature_nid(sct, NID_ecdsa_with_SHA256)) {
 549         fprintf(stderr, "Failed to set SCT signature NID\n");
 550         return 1;
 551     }
 552     if (!SCT_set1_signature(sct, (unsigned char *)
 553         "\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE"
 554         "\x1F\xD6\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3"
 555         "\xE5\xE2\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5"
 556         "\xE8\xAB\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51"
 557         "\x9D\x89\xED\xBF\x08", 71)) {
 558         fprintf(stderr, "Failed to set SCT signature\n");
 559         return 1;
 560     }
 561     fixture.sct = sct;
 562     fixture.sct_dir = ct_dir;
 563     fixture.sct_text_file = "tls1.sct";
 564     EXECUTE_CT_TEST();
 565 }
 566
 567 int main(int argc, char *argv[])
 568 {
 569     int result = 0;
 570     char *tmp_env = NULL;
 571
 572     tmp_env = getenv("CT_DIR");
 573     ct_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "ct");
 574     tmp_env = getenv("CERTS_DIR");
 575     certs_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "certs");
 576
 577     ADD_TEST(test_no_scts_in_certificate);
 578     ADD_TEST(test_one_sct_in_certificate);
 579     ADD_TEST(test_multiple_scts_in_certificate);
 580     ADD_TEST(test_verify_one_sct);
 581     ADD_TEST(test_verify_multiple_scts);
 582     ADD_TEST(test_decode_tls_sct);
 583     ADD_TEST(test_encode_tls_sct);
 584
 585     result = run_tests(argv[0]);
 586     ERR_print_errors_fp(stderr);
 587
 588     OPENSSL_free(ct_dir);
 589     OPENSSL_free(certs_dir);
 590
 591     return result;
 592 }
 593
 594 #else /* OPENSSL_NO_CT */
 595
 596 int main(int argc, char* argv[])
 597 {
 598     return EXIT_SUCCESS;
 599 }
 600
 601 #endif /* OPENSSL_NO_CT */