OpenCoverage

tls_server.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/tls/tls_server.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: tls_server.c,v 1.44 2018/03/19 16:34:47 jsing Exp $ */-
2/*-
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>-
4 *-
5 * Permission to use, copy, modify, and distribute this software for any-
6 * purpose with or without fee is hereby granted, provided that the above-
7 * copyright notice and this permission notice appear in all copies.-
8 *-
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES-
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF-
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR-
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES-
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN-
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF-
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.-
16 */-
17-
18#include <sys/socket.h>-
19-
20#include <arpa/inet.h>-
21-
22#include <openssl/ec.h>-
23#include <openssl/err.h>-
24#include <openssl/ssl.h>-
25-
26#include <tls.h>-
27#include "tls_internal.h"-
28-
29struct tls *-
30tls_server(void)-
31{-
32 struct tls *ctx;-
33-
34 if (tls_init() == -1)
tls_init() == -1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
35 return (NULL);
never executed: return ( ((void *)0) );
0
36-
37 if ((ctx = tls_new()) == NULL)
(ctx = tls_new...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
38 return (NULL);
never executed: return ( ((void *)0) );
0
39-
40 ctx->flags |= TLS_SERVER;-
41-
42 return (ctx);
executed 2 times by 1 test: return (ctx);
Executed by:
  • tlstest
2
43}-
44-
45struct tls *-
46tls_server_conn(struct tls *ctx)-
47{-
48 struct tls *conn_ctx;-
49-
50 if ((conn_ctx = tls_new()) == NULL)
(conn_ctx = tl...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
51 return (NULL);
never executed: return ( ((void *)0) );
0
52-
53 conn_ctx->flags |= TLS_SERVER_CONN;-
54-
55 ctx->config->refcount++;-
56-
57 conn_ctx->config = ctx->config;-
58 conn_ctx->keypair = ctx->config->keypair;-
59-
60 return (conn_ctx);
executed 4 times by 1 test: return (conn_ctx);
Executed by:
  • tlstest
4
61}-
62-
63static int-
64tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,-
65 const unsigned char *in, unsigned int inlen, void *arg)-
66{-
67 struct tls *ctx = arg;-
68-
69 if (SSL_select_next_proto((unsigned char**)out, outlen,
SSL_select_nex...n, inlen) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
70 ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
SSL_select_nex...n, inlen) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
71 OPENSSL_NPN_NEGOTIATED)
SSL_select_nex...n, inlen) == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
72 return (SSL_TLSEXT_ERR_OK);
never executed: return (0);
0
73-
74 return (SSL_TLSEXT_ERR_NOACK);
never executed: return (3);
0
75}-
76-
77static int-
78tls_servername_cb(SSL *ssl, int *al, void *arg)-
79{-
80 struct tls *ctx = (struct tls *)arg;-
81 struct tls_sni_ctx *sni_ctx;-
82 union tls_addr addrbuf;-
83 struct tls *conn_ctx;-
84 const char *name;-
85 int match;-
86-
87 if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
(conn_ctx = (S...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
88 goto err;
never executed: goto err;
0
89-
90 if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) ==
(name = SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
91 NULL) {
(name = SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
92 /*-
93 * The servername callback gets called even when there is no-
94 * TLS servername extension provided by the client. Sigh!-
95 */-
96 return (SSL_TLSEXT_ERR_NOACK);
never executed: return (3);
0
97 }-
98-
99 /*-
100 * Per RFC 6066 section 3: ensure that name is not an IP literal.-
101 *-
102 * While we should treat this as an error, a number of clients-
103 * (Python, Ruby and Safari) are not RFC compliant. To avoid handshake-
104 * failures, pretend that we did not receive the extension.-
105 */-
106 if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
inet_pton( 2 ,...&addrbuf) == 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
107 inet_pton(AF_INET6, name, &addrbuf) == 1)
inet_pton( 10 ...&addrbuf) == 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
108 return (SSL_TLSEXT_ERR_NOACK);
never executed: return (3);
0
109-
110 free((char *)conn_ctx->servername);-
111 if ((conn_ctx->servername = strdup(name)) == NULL)
never executed: __retval = (char *) memcpy (__retval, name , __len);
(conn_ctx->ser...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( name )Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
((size_t)(cons...( name ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-4
112 goto err;
never executed: goto err;
0
113-
114 /* Find appropriate SSL context for requested servername. */-
115 for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
sni_ctx != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
116 if (tls_check_name(ctx, sni_ctx->ssl_cert, name,
tls_check_name... &match) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
117 &match) == -1)
tls_check_name... &match) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
118 goto err;
never executed: goto err;
0
119 if (match) {
matchDescription
TRUEnever evaluated
FALSEnever evaluated
0
120 conn_ctx->keypair = sni_ctx->keypair;-
121 SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);-
122 return (SSL_TLSEXT_ERR_OK);
never executed: return (0);
0
123 }-
124 }
never executed: end of block
0
125-
126 /* No match, use the existing context/certificate. */-
127 return (SSL_TLSEXT_ERR_OK);
executed 4 times by 1 test: return (0);
Executed by:
  • tlstest
4
128-
129 err:-
130 /*-
131 * There is no way to tell libssl that an internal failure occurred.-
132 * The only option we have is to return a fatal alert.-
133 */-
134 *al = TLS1_AD_INTERNAL_ERROR;-
135 return (SSL_TLSEXT_ERR_ALERT_FATAL);
never executed: return (2);
0
136}-
137-
138static struct tls_ticket_key *-
139tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)-
140{-
141 struct tls_ticket_key *key = NULL;-
142 time_t now;-
143 int i;-
144-
145 now = time(NULL);-
146 if (config->ticket_autorekey == 1) {
config->ticket_autorekey == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
147 if (now - 3 * (config->session_lifetime / 4) >
now - 3 * (con...t_keys[0].timeDescription
TRUEnever evaluated
FALSEnever evaluated
0
148 config->ticket_keys[0].time) {
now - 3 * (con...t_keys[0].timeDescription
TRUEnever evaluated
FALSEnever evaluated
0
149 if (tls_config_ticket_autorekey(config) == -1)
tls_config_tic...(config) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
150 return (NULL);
never executed: return ( ((void *)0) );
0
151 }
never executed: end of block
0
152 }
never executed: end of block
0
153 for (i = 0; i < TLS_NUM_TICKETS; i++) {
i < 4Description
TRUEnever evaluated
FALSEnever evaluated
0
154 struct tls_ticket_key *tk = &config->ticket_keys[i];-
155 if (now - config->session_lifetime > tk->time)
now - config->...ime > tk->timeDescription
TRUEnever evaluated
FALSEnever evaluated
0
156 continue;
never executed: continue;
0
157 if (keyname == NULL || timingsafe_memcmp(keyname,
keyname == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
timingsafe_mem...ey_name)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
158 tk->key_name, sizeof(tk->key_name)) == 0) {
timingsafe_mem...ey_name)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
159 key = tk;-
160 break;
never executed: break;
0
161 }-
162 }
never executed: end of block
0
163 return (key);
never executed: return (key);
0
164}-
165-
166static int-
167tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,-
168 EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode)-
169{-
170 struct tls_ticket_key *key;-
171 struct tls *tls_ctx;-
172-
173 if ((tls_ctx = SSL_get_app_data(ssl)) == NULL)
(tls_ctx = (SS...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
174 return (-1);
never executed: return (-1);
0
175-
176 if (mode == 1) {
mode == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
177 /* create new session */-
178 key = tls_server_ticket_key(tls_ctx->config, NULL);-
179 if (key == NULL) {
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
180 tls_set_errorx(tls_ctx, "no valid ticket key found");-
181 return (-1);
never executed: return (-1);
0
182 }-
183-
184 memcpy(keyname, key->key_name, sizeof(key->key_name));-
185 arc4random_buf(iv, EVP_MAX_IV_LENGTH);-
186 EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,-
187 key->aes_key, iv);-
188 HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),-
189 EVP_sha256(), NULL);-
190 return (0);
never executed: return (0);
0
191 } else {-
192 /* get key by name */-
193 key = tls_server_ticket_key(tls_ctx->config, keyname);-
194 if (key == NULL)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
195 return (0);
never executed: return (0);
0
196-
197 EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,-
198 key->aes_key, iv);-
199 HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),-
200 EVP_sha256(), NULL);-
201-
202 /* time to renew the ticket? is it the primary key? */-
203 if (key != &tls_ctx->config->ticket_keys[0])
key != &tls_ct...ticket_keys[0]Description
TRUEnever evaluated
FALSEnever evaluated
0
204 return (2);
never executed: return (2);
0
205 return (1);
never executed: return (1);
0
206 }-
207}-
208-
209static int-
210tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,-
211 struct tls_keypair *keypair)-
212{-
213 SSL_CTX_free(*ssl_ctx);-
214-
215 if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
(*ssl_ctx = SS...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
216 tls_set_errorx(ctx, "ssl context failure");-
217 goto err;
never executed: goto err;
0
218 }-
219-
220 SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);-
221-
222 if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
SSL_CTX_callba...rname_cb) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
223 tls_servername_cb) != 1) {
SSL_CTX_callba...rname_cb) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
224 tls_set_error(ctx, "failed to set servername callback");-
225 goto err;
never executed: goto err;
0
226 }-
227 if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
SSL_CTX_ctrl(*...id *)ctx) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
228 tls_set_error(ctx, "failed to set servername callback arg");-
229 goto err;
never executed: goto err;
0
230 }-
231-
232 if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
tls_configure_...*ssl_ctx) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
233 goto err;
never executed: goto err;
0
234 if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
tls_configure_...ypair, 1) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
235 goto err;
never executed: goto err;
0
236 if (ctx->config->verify_client != 0) {
ctx->config->v...fy_client != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
237 int verify = SSL_VERIFY_PEER;-
238 if (ctx->config->verify_client == 1)
ctx->config->v...fy_client == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
239 verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
never executed: verify |= 0x02;
0
240 if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
tls_configure_... verify) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
241 goto err;
never executed: goto err;
0
242 }
never executed: end of block
0
243-
244 if (ctx->config->alpn != NULL)
ctx->config->a...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
245 SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
never executed: SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb, ctx);
0
246 ctx);
never executed: SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb, ctx);
0
247-
248 if (ctx->config->dheparams == -1)
ctx->config->dheparams == -1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
249 SSL_CTX_set_dh_auto(*ssl_ctx, 1);
never executed: SSL_CTX_ctrl(*ssl_ctx,118,1, ((void *)0) );
0
250 else if (ctx->config->dheparams == 1024)
ctx->config->dheparams == 1024Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
251 SSL_CTX_set_dh_auto(*ssl_ctx, 2);
never executed: SSL_CTX_ctrl(*ssl_ctx,118,2, ((void *)0) );
0
252-
253 if (ctx->config->ecdhecurves != NULL) {
ctx->config->e...!= ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
0-4
254 SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);-
255 if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves,
SSL_CTX_set1_g...rves_len) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
256 ctx->config->ecdhecurves_len) != 1) {
SSL_CTX_set1_g...rves_len) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
257 tls_set_errorx(ctx, "failed to set ecdhe curves");-
258 goto err;
never executed: goto err;
0
259 }-
260 }
executed 4 times by 1 test: end of block
Executed by:
  • tlstest
4
261-
262 if (ctx->config->ciphers_server == 1)
ctx->config->c...rs_server == 1Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
0-4
263 SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
executed 4 times by 1 test: SSL_CTX_ctrl((*ssl_ctx),32,(0x00400000L), ((void *)0) );
Executed by:
  • tlstest
4
264-
265 if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) {
SSL_CTX_callba...pling_cb) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
266 tls_set_errorx(ctx, "failed to add OCSP stapling callback");-
267 goto err;
never executed: goto err;
0
268 }-
269-
270 if (ctx->config->session_lifetime > 0) {
ctx->config->s...n_lifetime > 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
271 /* set the session lifetime and enable tickets */-
272 SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime);-
273 SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);-
274 if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
!SSL_CTX_callb...ver_ticket_cb)Description
TRUEnever evaluated
FALSEnever evaluated
0
275 tls_server_ticket_cb)) {-
276 tls_set_error(ctx,-
277 "failed to set the TLS ticket callback");-
278 goto err;
never executed: goto err;
0
279 }-
280 }
never executed: end of block
0
281-
282 if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
SSL_CTX_set_se...sion_id)) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
283 sizeof(ctx->config->session_id)) != 1) {
SSL_CTX_set_se...sion_id)) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
284 tls_set_error(ctx, "failed to set session id context");-
285 goto err;
never executed: goto err;
0
286 }-
287-
288 return (0);
executed 4 times by 1 test: return (0);
Executed by:
  • tlstest
4
289-
290 err:-
291 SSL_CTX_free(*ssl_ctx);-
292 *ssl_ctx = NULL;-
293-
294 return (-1);
never executed: return (-1);
0
295}-
296-
297static int-
298tls_configure_server_sni(struct tls *ctx)-
299{-
300 struct tls_sni_ctx **sni_ctx;-
301 struct tls_keypair *kp;-
302-
303 if (ctx->config->keypair->next == NULL)
ctx->config->k...== ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
0-4
304 return (0);
executed 4 times by 1 test: return (0);
Executed by:
  • tlstest
4
305-
306 /* Set up additional SSL contexts for SNI. */-
307 sni_ctx = &ctx->sni_ctx;-
308 for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
kp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
309 if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
(*sni_ctx = tl...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
310 tls_set_errorx(ctx, "out of memory");-
311 goto err;
never executed: goto err;
0
312 }-
313 (*sni_ctx)->keypair = kp;-
314 if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
tls_configure_...ctx, kp) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
315 goto err;
never executed: goto err;
0
316 if (tls_keypair_load_cert(kp, &ctx->error,
tls_keypair_lo...sl_cert) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
317 &(*sni_ctx)->ssl_cert) == -1)
tls_keypair_lo...sl_cert) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
318 goto err;
never executed: goto err;
0
319 sni_ctx = &(*sni_ctx)->next;-
320 }
never executed: end of block
0
321-
322 return (0);
never executed: return (0);
0
323-
324 err:-
325 return (-1);
never executed: return (-1);
0
326}-
327-
328int-
329tls_configure_server(struct tls *ctx)-
330{-
331 if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
tls_configure_...keypair) == -1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
332 ctx->config->keypair) == -1)
tls_configure_...keypair) == -1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
333 goto err;
never executed: goto err;
0
334 if (tls_configure_server_sni(ctx) == -1)
tls_configure_...sni(ctx) == -1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
335 goto err;
never executed: goto err;
0
336-
337 return (0);
executed 4 times by 1 test: return (0);
Executed by:
  • tlstest
4
338-
339 err:-
340 return (-1);
never executed: return (-1);
0
341}-
342-
343static struct tls *-
344tls_accept_common(struct tls *ctx)-
345{-
346 struct tls *conn_ctx = NULL;-
347-
348 if ((ctx->flags & TLS_SERVER) == 0) {
(ctx->flags & (1 << 1)) == 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
349 tls_set_errorx(ctx, "not a server context");-
350 goto err;
never executed: goto err;
0
351 }-
352-
353 if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
(conn_ctx = tl...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
354 tls_set_errorx(ctx, "connection context failure");-
355 goto err;
never executed: goto err;
0
356 }-
357-
358 if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
(conn_ctx->ssl...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
359 tls_set_errorx(ctx, "ssl failure");-
360 goto err;
never executed: goto err;
0
361 }-
362-
363 if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
(SSL_set_ex_da...onn_ctx)) != 1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
364 tls_set_errorx(ctx, "ssl application data failure");-
365 goto err;
never executed: goto err;
0
366 }-
367-
368 return conn_ctx;
executed 4 times by 1 test: return conn_ctx;
Executed by:
  • tlstest
4
369-
370 err:-
371 tls_free(conn_ctx);-
372-
373 return (NULL);
never executed: return ( ((void *)0) );
0
374}-
375-
376int-
377tls_accept_socket(struct tls *ctx, struct tls **cctx, int s)-
378{-
379 return (tls_accept_fds(ctx, cctx, s, s));
executed 1 time by 1 test: return (tls_accept_fds(ctx, cctx, s, s));
Executed by:
  • tlstest
1
380}-
381-
382int-
383tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)-
384{-
385 struct tls *conn_ctx;-
386-
387 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
(conn_ctx = tl...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
388 goto err;
never executed: goto err;
0
389-
390 if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
SSL_set_rfd(co... fd_read) != 1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
391 SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
SSL_set_wfd(co...fd_write) != 1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
392 tls_set_errorx(ctx, "ssl file descriptor failure");-
393 goto err;
never executed: goto err;
0
394 }-
395-
396 *cctx = conn_ctx;-
397-
398 return (0);
executed 2 times by 1 test: return (0);
Executed by:
  • tlstest
2
399 err:-
400 tls_free(conn_ctx);-
401 *cctx = NULL;-
402-
403 return (-1);
never executed: return (-1);
0
404}-
405-
406int-
407tls_accept_cbs(struct tls *ctx, struct tls **cctx,-
408 tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)-
409{-
410 struct tls *conn_ctx;-
411-
412 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
(conn_ctx = tl...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
413 goto err;
never executed: goto err;
0
414-
415 if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0)
tls_set_cbs(co..., cb_arg) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
416 goto err;
never executed: goto err;
0
417-
418 *cctx = conn_ctx;-
419-
420 return (0);
executed 2 times by 1 test: return (0);
Executed by:
  • tlstest
2
421 err:-
422 tls_free(conn_ctx);-
423 *cctx = NULL;-
424-
425 return (-1);
never executed: return (-1);
0
426}-
427-
428int-
429tls_handshake_server(struct tls *ctx)-
430{-
431 int ssl_ret;-
432 int rv = -1;-
433-
434 if ((ctx->flags & TLS_SERVER_CONN) == 0) {
(ctx->flags & (1 << 2)) == 0Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • tlstest
0-12
435 tls_set_errorx(ctx, "not a server connection context");-
436 goto err;
never executed: goto err;
0
437 }-
438-
439 ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;-
440-
441 ERR_clear_error();-
442 if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
(ssl_ret = SSL...sl_conn)) != 1Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
4-8
443 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");-
444 goto err;
executed 8 times by 1 test: goto err;
Executed by:
  • tlstest
8
445 }-
446-
447 ctx->state |= TLS_HANDSHAKE_COMPLETE;-
448 rv = 0;-
449-
450 err:
code before this statement executed 4 times by 1 test: err:
Executed by:
  • tlstest
4
451 return (rv);
executed 12 times by 1 test: return (rv);
Executed by:
  • tlstest
12
452}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2