OpenCoverage

tls_config.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/tls/tls_config.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: tls_config.c,v 1.52 2018/04/07 16:35:34 jsing Exp $ */-
2/*-
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>-
4 *-
5 * Permission to use, copy, modify, and distribute this software for any-
6 * purpose with or without fee is hereby granted, provided that the above-
7 * copyright notice and this permission notice appear in all copies.-
8 *-
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES-
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF-
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR-
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES-
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN-
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF-
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.-
16 */-
17-
18#ifdef _MSC_VER-
19#define NO_REDEF_POSIX_FUNCTIONS-
20#endif-
21-
22#include <sys/stat.h>-
23-
24#include <ctype.h>-
25#include <errno.h>-
26#include <fcntl.h>-
27#include <stdlib.h>-
28#include <unistd.h>-
29-
30#include <tls.h>-
31-
32#include "tls_internal.h"-
33-
34int-
35tls_config_load_file(struct tls_error *error, const char *filetype,-
36 const char *filename, char **buf, size_t *len)-
37{-
38 struct stat st;-
39 int fd = -1;-
40 ssize_t n;-
41-
42 free(*buf);-
43 *buf = NULL;-
44 *len = 0;-
45-
46 if ((fd = open(filename, O_RDONLY)) == -1) {
(fd = open(fil...e, 00 )) == -1Description
TRUEnever evaluated
FALSEevaluated 11 times by 2 tests
Evaluated by:
  • keypairtest
  • tlstest
0-11
47 tls_error_set(error, "failed to open %s file '%s'",-
48 filetype, filename);-
49 goto err;
never executed: goto err;
0
50 }-
51 if (fstat(fd, &st) != 0) {
fstat(fd, &st) != 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 2 tests
Evaluated by:
  • keypairtest
  • tlstest
0-11
52 tls_error_set(error, "failed to stat %s file '%s'",-
53 filetype, filename);-
54 goto err;
never executed: goto err;
0
55 }-
56 if (st.st_size < 0)
st.st_size < 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 2 tests
Evaluated by:
  • keypairtest
  • tlstest
0-11
57 goto err;
never executed: goto err;
0
58 *len = (size_t)st.st_size;-
59 if ((*buf = malloc(*len)) == NULL) {
(*buf = malloc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 2 tests
Evaluated by:
  • keypairtest
  • tlstest
0-11
60 tls_error_set(error, "failed to allocate buffer for "-
61 "%s file", filetype);-
62 goto err;
never executed: goto err;
0
63 }-
64 n = read(fd, *buf, *len);-
65 if (n < 0 || (size_t)n != *len) {
n < 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 2 tests
Evaluated by:
  • keypairtest
  • tlstest
(size_t)n != *lenDescription
TRUEnever evaluated
FALSEevaluated 11 times by 2 tests
Evaluated by:
  • keypairtest
  • tlstest
0-11
66 tls_error_set(error, "failed to read %s file '%s'",-
67 filetype, filename);-
68 goto err;
never executed: goto err;
0
69 }-
70 close(fd);-
71 return 0;
executed 11 times by 2 tests: return 0;
Executed by:
  • keypairtest
  • tlstest
11
72-
73 err:-
74 if (fd != -1)
fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
75 close(fd);
never executed: close(fd);
0
76 freezero(*buf, *len);-
77 *buf = NULL;-
78 *len = 0;-
79-
80 return -1;
never executed: return -1;
0
81}-
82-
83struct tls_config *-
84tls_config_new_internal(void)-
85{-
86 struct tls_config *config;-
87 unsigned char sid[TLS_MAX_SESSION_ID_LENGTH];-
88-
89 if ((config = calloc(1, sizeof(*config))) == NULL)
(config = call...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
90 return (NULL);
never executed: return ( ((void *)0) );
0
91-
92 if ((config->keypair = tls_keypair_new()) == NULL)
(config->keypa...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
93 goto err;
never executed: goto err;
0
94-
95 config->refcount = 1;-
96 config->session_fd = -1;-
97-
98 /*-
99 * Default configuration.-
100 */-
101 if (tls_config_set_dheparams(config, "none") != 0)
tls_config_set..., "none") != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
102 goto err;
never executed: goto err;
0
103 if (tls_config_set_ecdhecurves(config, "default") != 0)
tls_config_set...default") != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
104 goto err;
never executed: goto err;
0
105 if (tls_config_set_ciphers(config, "secure") != 0)
tls_config_set..."secure") != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
106 goto err;
never executed: goto err;
0
107-
108 if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
tls_config_set...(1 << 3)) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
109 goto err;
never executed: goto err;
0
110 if (tls_config_set_verify_depth(config, 6) != 0)
tls_config_set...onfig, 6) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
111 goto err;
never executed: goto err;
0
112-
113 /*-
114 * Set session ID context to a random value. For the simple case-
115 * of a single process server this is good enough. For multiprocess-
116 * servers the session ID needs to be set by the caller.-
117 */-
118 arc4random_buf(sid, sizeof(sid));-
119 if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)
tls_config_set...eof(sid)) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
120 goto err;
never executed: goto err;
0
121 config->ticket_keyrev = arc4random();-
122 config->ticket_autorekey = 1;-
123-
124 tls_config_prefer_ciphers_server(config);-
125-
126 tls_config_verify(config);-
127-
128 return (config);
executed 7 times by 3 tests: return (config);
Executed by:
  • configtest
  • tlstest
  • verifytest
7
129-
130 err:-
131 tls_config_free(config);-
132 return (NULL);
never executed: return ( ((void *)0) );
0
133}-
134-
135struct tls_config *-
136tls_config_new(void)-
137{-
138 if (tls_init() == -1)
tls_init() == -1Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
0-4
139 return (NULL);
never executed: return ( ((void *)0) );
0
140-
141 return tls_config_new_internal();
executed 4 times by 1 test: return tls_config_new_internal();
Executed by:
  • tlstest
4
142}-
143-
144void-
145tls_config_free(struct tls_config *config)-
146{-
147 struct tls_keypair *kp, *nkp;-
148-
149 if (config == NULL)
config == ((void *)0)Description
TRUEevaluated 78 times by 2 tests
Evaluated by:
  • tlstest
  • verifytest
FALSEevaluated 48 times by 2 tests
Evaluated by:
  • tlstest
  • verifytest
48-78
150 return;
executed 78 times by 2 tests: return;
Executed by:
  • tlstest
  • verifytest
78
151-
152 if (--config->refcount > 0)
--config->refcount > 0Description
TRUEevaluated 44 times by 2 tests
Evaluated by:
  • tlstest
  • verifytest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
4-44
153 return;
executed 44 times by 2 tests: return;
Executed by:
  • tlstest
  • verifytest
44
154-
155 for (kp = config->keypair; kp != NULL; kp = nkp) {
kp != ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
4
156 nkp = kp->next;-
157 tls_keypair_free(kp);-
158 }
executed 4 times by 1 test: end of block
Executed by:
  • tlstest
4
159-
160 free(config->error.msg);-
161-
162 free(config->alpn);-
163 free((char *)config->ca_mem);-
164 free((char *)config->ca_path);-
165 free((char *)config->ciphers);-
166 free((char *)config->crl_mem);-
167 free(config->ecdhecurves);-
168-
169 free(config);-
170}
executed 4 times by 1 test: end of block
Executed by:
  • tlstest
4
171-
172static void-
173tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)-
174{-
175 struct tls_keypair *kp;-
176-
177 kp = config->keypair;-
178 while (kp->next != NULL)
kp->next != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
179 kp = kp->next;
never executed: kp = kp->next;
0
180-
181 kp->next = keypair;-
182}
never executed: end of block
0
183-
184const char *-
185tls_config_error(struct tls_config *config)-
186{-
187 return config->error.msg;
never executed: return config->error.msg;
0
188}-
189-
190void-
191tls_config_clear_keys(struct tls_config *config)-
192{-
193 struct tls_keypair *kp;-
194-
195 for (kp = config->keypair; kp != NULL; kp = kp->next)
kp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
196 tls_keypair_clear_key(kp);
never executed: tls_keypair_clear_key(kp);
0
197}
never executed: end of block
0
198-
199int-
200tls_config_parse_protocols(uint32_t *protocols, const char *protostr)-
201{-
202 uint32_t proto, protos = 0;-
203 char *s, *p, *q;-
204 int negate;-
205-
206 if (protostr == NULL) {
protostr == ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • configtest
FALSEevaluated 18 times by 1 test
Evaluated by:
  • configtest
1-18
207 *protocols = TLS_PROTOCOLS_DEFAULT;-
208 return (0);
executed 1 time by 1 test: return (0);
Executed by:
  • configtest
1
209 }-
210-
211 if ((s = strdup(protostr)) == NULL)
never executed: __retval = (char *) memcpy (__retval, protostr , __len);
(s = (__extens...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 18 times by 1 test
Evaluated by:
  • configtest
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...p ( protostr )Description
TRUEnever evaluated
FALSEevaluated 18 times by 1 test
Evaluated by:
  • configtest
((size_t)(cons...otostr ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-18
212 return (-1);
never executed: return (-1);
0
213-
214 q = s;-
215 while ((p = strsep(&q, ",:")) != NULL) {
(p = __extensi...!= ((void *)0)Description
TRUEevaluated 33 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 14 times by 1 test
Evaluated by:
  • configtest
14-33
216 while (*p == ' ' || *p == '\t')
*p == ' 'Description
TRUEnever evaluated
FALSEevaluated 33 times by 1 test
Evaluated by:
  • configtest
*p == '\t'Description
TRUEnever evaluated
FALSEevaluated 33 times by 1 test
Evaluated by:
  • configtest
0-33
217 p++;
never executed: p++;
0
218-
219 negate = 0;-
220 if (*p == '!') {
*p == '!'Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 25 times by 1 test
Evaluated by:
  • configtest
8-25
221 negate = 1;-
222 p++;-
223 }
executed 8 times by 1 test: end of block
Executed by:
  • configtest
8
224-
225 if (negate && protos == 0)
negateDescription
TRUEevaluated 8 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 25 times by 1 test
Evaluated by:
  • configtest
protos == 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 5 times by 1 test
Evaluated by:
  • configtest
3-25
226 protos = TLS_PROTOCOLS_ALL;
executed 3 times by 1 test: protos = ((1 << 1)|(1 << 2)|(1 << 3));
Executed by:
  • configtest
3
227-
228 proto = 0;-
229 if (strcasecmp(p, "all") == 0 ||
strcasecmp(p, "all") == 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 30 times by 1 test
Evaluated by:
  • configtest
3-30
230 strcasecmp(p, "legacy") == 0)
strcasecmp(p, "legacy") == 0Description
TRUEnever evaluated
FALSEevaluated 30 times by 1 test
Evaluated by:
  • configtest
0-30
231 proto = TLS_PROTOCOLS_ALL;
executed 3 times by 1 test: proto = ((1 << 1)|(1 << 2)|(1 << 3));
Executed by:
  • configtest
3
232 else if (strcasecmp(p, "default") == 0 ||
strcasecmp(p, "default") == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • configtest
FALSEevaluated 29 times by 1 test
Evaluated by:
  • configtest
1-29
233 strcasecmp(p, "secure") == 0)
strcasecmp(p, "secure") == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • configtest
FALSEevaluated 28 times by 1 test
Evaluated by:
  • configtest
1-28
234 proto = TLS_PROTOCOLS_DEFAULT;
executed 2 times by 1 test: proto = (1 << 3);
Executed by:
  • configtest
2
235 if (strcasecmp(p, "tlsv1") == 0)
strcasecmp(p, "tlsv1") == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • configtest
FALSEevaluated 32 times by 1 test
Evaluated by:
  • configtest
1-32
236 proto = TLS_PROTOCOL_TLSv1;
executed 1 time by 1 test: proto = ((1 << 1)|(1 << 2)|(1 << 3));
Executed by:
  • configtest
1
237 else if (strcasecmp(p, "tlsv1.0") == 0)
strcasecmp(p, "tlsv1.0") == 0Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 25 times by 1 test
Evaluated by:
  • configtest
7-25
238 proto = TLS_PROTOCOL_TLSv1_0;
executed 7 times by 1 test: proto = (1 << 1);
Executed by:
  • configtest
7
239 else if (strcasecmp(p, "tlsv1.1") == 0)
strcasecmp(p, "tlsv1.1") == 0Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 16 times by 1 test
Evaluated by:
  • configtest
9-16
240 proto = TLS_PROTOCOL_TLSv1_1;
executed 9 times by 1 test: proto = (1 << 2);
Executed by:
  • configtest
9
241 else if (strcasecmp(p, "tlsv1.2") == 0)
strcasecmp(p, "tlsv1.2") == 0Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 9 times by 1 test
Evaluated by:
  • configtest
7-9
242 proto = TLS_PROTOCOL_TLSv1_2;
executed 7 times by 1 test: proto = (1 << 3);
Executed by:
  • configtest
7
243-
244 if (proto == 0) {
proto == 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 29 times by 1 test
Evaluated by:
  • configtest
4-29
245 free(s);-
246 return (-1);
executed 4 times by 1 test: return (-1);
Executed by:
  • configtest
4
247 }-
248-
249 if (negate)
negateDescription
TRUEevaluated 7 times by 1 test
Evaluated by:
  • configtest
FALSEevaluated 22 times by 1 test
Evaluated by:
  • configtest
7-22
250 protos &= ~proto;
executed 7 times by 1 test: protos &= ~proto;
Executed by:
  • configtest
7
251 else-
252 protos |= proto;
executed 22 times by 1 test: protos |= proto;
Executed by:
  • configtest
22
253 }-
254-
255 *protocols = protos;-
256-
257 free(s);-
258-
259 return (0);
executed 14 times by 1 test: return (0);
Executed by:
  • configtest
14
260}-
261-
262static int-
263tls_config_parse_alpn(struct tls_config *config, const char *alpn,-
264 char **alpn_data, size_t *alpn_len)-
265{-
266 size_t buf_len, i, len;-
267 char *buf = NULL;-
268 char *s = NULL;-
269 char *p, *q;-
270-
271 free(*alpn_data);-
272 *alpn_data = NULL;-
273 *alpn_len = 0;-
274-
275 if ((buf_len = strlen(alpn) + 1) > 65535) {
(buf_len = str...) + 1) > 65535Description
TRUEnever evaluated
FALSEnever evaluated
0
276 tls_config_set_errorx(config, "alpn too large");-
277 goto err;
never executed: goto err;
0
278 }-
279-
280 if ((buf = malloc(buf_len)) == NULL) {
(buf = malloc(...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
281 tls_config_set_errorx(config, "out of memory");-
282 goto err;
never executed: goto err;
0
283 }-
284-
285 if ((s = strdup(alpn)) == NULL) {
never executed: __retval = (char *) memcpy (__retval, alpn , __len);
(s = (__extens...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( alpn )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( alpn ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
286 tls_config_set_errorx(config, "out of memory");-
287 goto err;
never executed: goto err;
0
288 }-
289-
290 i = 0;-
291 q = s;-
292 while ((p = strsep(&q, ",")) != NULL) {
(p = __extensi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
293 if ((len = strlen(p)) == 0) {
(len = strlen(p)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
294 tls_config_set_errorx(config,-
295 "alpn protocol with zero length");-
296 goto err;
never executed: goto err;
0
297 }-
298 if (len > 255) {
len > 255Description
TRUEnever evaluated
FALSEnever evaluated
0
299 tls_config_set_errorx(config,-
300 "alpn protocol too long");-
301 goto err;
never executed: goto err;
0
302 }-
303 buf[i++] = len & 0xff;-
304 memcpy(&buf[i], p, len);-
305 i += len;-
306 }
never executed: end of block
0
307-
308 free(s);-
309-
310 *alpn_data = buf;-
311 *alpn_len = buf_len;-
312-
313 return (0);
never executed: return (0);
0
314-
315 err:-
316 free(buf);-
317 free(s);-
318-
319 return (-1);
never executed: return (-1);
0
320}-
321-
322int-
323tls_config_set_alpn(struct tls_config *config, const char *alpn)-
324{-
325 return tls_config_parse_alpn(config, alpn, &config->alpn,
never executed: return tls_config_parse_alpn(config, alpn, &config->alpn, &config->alpn_len);
0
326 &config->alpn_len);
never executed: return tls_config_parse_alpn(config, alpn, &config->alpn, &config->alpn_len);
0
327}-
328-
329static int-
330tls_config_add_keypair_file_internal(struct tls_config *config,-
331 const char *cert_file, const char *key_file, const char *ocsp_file)-
332{-
333 struct tls_keypair *keypair;-
334-
335 if ((keypair = tls_keypair_new()) == NULL)
(keypair = tls...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
336 return (-1);
never executed: return (-1);
0
337 if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
tls_keypair_se...ert_file) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
338 goto err;
never executed: goto err;
0
339 if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
tls_keypair_se...key_file) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
340 goto err;
never executed: goto err;
0
341 if (ocsp_file != NULL &&
ocsp_file != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
342 tls_keypair_set_ocsp_staple_file(keypair, &config->error,
tls_keypair_se...csp_file) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
343 ocsp_file) != 0)
tls_keypair_se...csp_file) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
344 goto err;
never executed: goto err;
0
345-
346 tls_config_keypair_add(config, keypair);-
347-
348 return (0);
never executed: return (0);
0
349-
350 err:-
351 tls_keypair_free(keypair);-
352 return (-1);
never executed: return (-1);
0
353}-
354-
355static int-
356tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,-
357 size_t cert_len, const uint8_t *key, size_t key_len,-
358 const uint8_t *staple, size_t staple_len)-
359{-
360 struct tls_keypair *keypair;-
361-
362 if ((keypair = tls_keypair_new()) == NULL)
(keypair = tls...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
363 return (-1);
never executed: return (-1);
0
364 if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)
tls_keypair_se...cert_len) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
365 goto err;
never executed: goto err;
0
366 if (tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)
tls_keypair_se... key_len) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
367 goto err;
never executed: goto err;
0
368 if (staple != NULL &&
staple != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
369 tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple,
tls_keypair_se...aple_len) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
370 staple_len) != 0)
tls_keypair_se...aple_len) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
371 goto err;
never executed: goto err;
0
372-
373 tls_config_keypair_add(config, keypair);-
374-
375 return (0);
never executed: return (0);
0
376-
377 err:-
378 tls_keypair_free(keypair);-
379 return (-1);
never executed: return (-1);
0
380}-
381-
382int-
383tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,-
384 size_t cert_len, const uint8_t *key, size_t key_len)-
385{-
386 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
never executed: return tls_config_add_keypair_mem_internal(config, cert, cert_len, key, key_len, ((void *)0) , 0);
0
387 key_len, NULL, 0);
never executed: return tls_config_add_keypair_mem_internal(config, cert, cert_len, key, key_len, ((void *)0) , 0);
0
388}-
389-
390int-
391tls_config_add_keypair_file(struct tls_config *config,-
392 const char *cert_file, const char *key_file)-
393{-
394 return tls_config_add_keypair_file_internal(config, cert_file,
never executed: return tls_config_add_keypair_file_internal(config, cert_file, key_file, ((void *)0) );
0
395 key_file, NULL);
never executed: return tls_config_add_keypair_file_internal(config, cert_file, key_file, ((void *)0) );
0
396}-
397-
398int-
399tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,-
400 size_t cert_len, const uint8_t *key, size_t key_len, const uint8_t *staple,-
401 size_t staple_len)-
402{-
403 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
never executed: return tls_config_add_keypair_mem_internal(config, cert, cert_len, key, key_len, staple, staple_len);
0
404 key_len, staple, staple_len);
never executed: return tls_config_add_keypair_mem_internal(config, cert, cert_len, key, key_len, staple, staple_len);
0
405}-
406-
407int-
408tls_config_add_keypair_ocsp_file(struct tls_config *config,-
409 const char *cert_file, const char *key_file, const char *ocsp_file)-
410{-
411 return tls_config_add_keypair_file_internal(config, cert_file,
never executed: return tls_config_add_keypair_file_internal(config, cert_file, key_file, ocsp_file);
0
412 key_file, ocsp_file);
never executed: return tls_config_add_keypair_file_internal(config, cert_file, key_file, ocsp_file);
0
413}-
414-
415int-
416tls_config_set_ca_file(struct tls_config *config, const char *ca_file)-
417{-
418 return tls_config_load_file(&config->error, "CA", ca_file,
executed 2 times by 1 test: return tls_config_load_file(&config->error, "CA", ca_file, &config->ca_mem, &config->ca_len);
Executed by:
  • tlstest
2
419 &config->ca_mem, &config->ca_len);
executed 2 times by 1 test: return tls_config_load_file(&config->error, "CA", ca_file, &config->ca_mem, &config->ca_len);
Executed by:
  • tlstest
2
420}-
421-
422int-
423tls_config_set_ca_path(struct tls_config *config, const char *ca_path)-
424{-
425 return tls_set_string(&config->ca_path, ca_path);
never executed: return tls_set_string(&config->ca_path, ca_path);
0
426}-
427-
428int-
429tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)-
430{-
431 return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
never executed: return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
0
432}-
433-
434int-
435tls_config_set_cert_file(struct tls_config *config, const char *cert_file)-
436{-
437 return tls_keypair_set_cert_file(config->keypair, &config->error,
executed 2 times by 1 test: return tls_keypair_set_cert_file(config->keypair, &config->error, cert_file);
Executed by:
  • tlstest
2
438 cert_file);
executed 2 times by 1 test: return tls_keypair_set_cert_file(config->keypair, &config->error, cert_file);
Executed by:
  • tlstest
2
439}-
440-
441int-
442tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,-
443 size_t len)-
444{-
445 return tls_keypair_set_cert_mem(config->keypair, &config->error,
never executed: return tls_keypair_set_cert_mem(config->keypair, &config->error, cert, len);
0
446 cert, len);
never executed: return tls_keypair_set_cert_mem(config->keypair, &config->error, cert, len);
0
447}-
448-
449int-
450tls_config_set_ciphers(struct tls_config *config, const char *ciphers)-
451{-
452 SSL_CTX *ssl_ctx = NULL;-
453-
454 if (ciphers == NULL ||
ciphers == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
455 strcasecmp(ciphers, "default") == 0 ||
strcasecmp(cip...default") == 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
456 strcasecmp(ciphers, "secure") == 0)
strcasecmp(cip..."secure") == 0Description
TRUEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
FALSEnever evaluated
0-7
457 ciphers = TLS_CIPHERS_DEFAULT;
executed 7 times by 3 tests: ciphers = "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE";
Executed by:
  • configtest
  • tlstest
  • verifytest
7
458 else if (strcasecmp(ciphers, "compat") == 0)
strcasecmp(cip..."compat") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
459 ciphers = TLS_CIPHERS_COMPAT;
never executed: ciphers = "HIGH:!aNULL";
0
460 else if (strcasecmp(ciphers, "legacy") == 0)
strcasecmp(cip..."legacy") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
461 ciphers = TLS_CIPHERS_LEGACY;
never executed: ciphers = "HIGH:MEDIUM:!aNULL";
0
462 else if (strcasecmp(ciphers, "all") == 0 ||
strcasecmp(cip...s, "all") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
463 strcasecmp(ciphers, "insecure") == 0)
strcasecmp(cip...nsecure") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
464 ciphers = TLS_CIPHERS_ALL;
never executed: ciphers = "ALL:!aNULL:!eNULL";
0
465-
466 if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
(ssl_ctx = SSL...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
467 tls_config_set_errorx(config, "out of memory");-
468 goto err;
never executed: goto err;
0
469 }-
470 if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) {
SSL_CTX_set_ci... ciphers) != 1Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
471 tls_config_set_errorx(config, "no ciphers for '%s'", ciphers);-
472 goto err;
never executed: goto err;
0
473 }-
474-
475 SSL_CTX_free(ssl_ctx);-
476 return tls_set_string(&config->ciphers, ciphers);
executed 7 times by 3 tests: return tls_set_string(&config->ciphers, ciphers);
Executed by:
  • configtest
  • tlstest
  • verifytest
7
477-
478 err:-
479 SSL_CTX_free(ssl_ctx);-
480 return -1;
never executed: return -1;
0
481}-
482-
483int-
484tls_config_set_crl_file(struct tls_config *config, const char *crl_file)-
485{-
486 return tls_config_load_file(&config->error, "CRL", crl_file,
never executed: return tls_config_load_file(&config->error, "CRL", crl_file, &config->crl_mem, &config->crl_len);
0
487 &config->crl_mem, &config->crl_len);
never executed: return tls_config_load_file(&config->error, "CRL", crl_file, &config->crl_mem, &config->crl_len);
0
488}-
489-
490int-
491tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,-
492 size_t len)-
493{-
494 return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
never executed: return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
0
495}-
496-
497int-
498tls_config_set_dheparams(struct tls_config *config, const char *params)-
499{-
500 int keylen;-
501-
502 if (params == NULL || strcasecmp(params, "none") == 0)
params == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
strcasecmp(par..., "none") == 0Description
TRUEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
FALSEnever evaluated
0-7
503 keylen = 0;
executed 7 times by 3 tests: keylen = 0;
Executed by:
  • configtest
  • tlstest
  • verifytest
7
504 else if (strcasecmp(params, "auto") == 0)
strcasecmp(par..., "auto") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
505 keylen = -1;
never executed: keylen = -1;
0
506 else if (strcasecmp(params, "legacy") == 0)
strcasecmp(par..."legacy") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
507 keylen = 1024;
never executed: keylen = 1024;
0
508 else {-
509 tls_config_set_errorx(config, "invalid dhe param '%s'", params);-
510 return (-1);
never executed: return (-1);
0
511 }-
512-
513 config->dheparams = keylen;-
514-
515 return (0);
executed 7 times by 3 tests: return (0);
Executed by:
  • configtest
  • tlstest
  • verifytest
7
516}-
517-
518int-
519tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)-
520{-
521 if (curve == NULL ||
curve == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
522 strcasecmp(curve, "none") == 0 ||
strcasecmp(curve, "none") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
523 strcasecmp(curve, "auto") == 0) {
strcasecmp(curve, "auto") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
524 curve = TLS_ECDHE_CURVES;-
525 } else if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) {
never executed: end of block
(__extension__...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ',' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_con...nt_p ( curve )Description
TRUEnever evaluated
FALSEnever evaluated
( ',' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ':' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_con...nt_p ( curve )Description
TRUEnever evaluated
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
526 tls_config_set_errorx(config, "invalid ecdhe curve '%s'",-
527 curve);-
528 return (-1);
never executed: return (-1);
0
529 }-
530-
531 return tls_config_set_ecdhecurves(config, curve);
never executed: return tls_config_set_ecdhecurves(config, curve);
0
532}-
533-
534int-
535tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)-
536{-
537 int *curves_list = NULL, *curves_new;-
538 size_t curves_num = 0;-
539 char *cs = NULL;-
540 char *p, *q;-
541 int rv = -1;-
542 int nid;-
543-
544 free(config->ecdhecurves);-
545 config->ecdhecurves = NULL;-
546 config->ecdhecurves_len = 0;-
547-
548 if (curves == NULL || strcasecmp(curves, "default") == 0)
curves == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
strcasecmp(cur...default") == 0Description
TRUEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
FALSEnever evaluated
0-7
549 curves = TLS_ECDHE_CURVES;
executed 7 times by 3 tests: curves = "X25519,P-256,P-384";
Executed by:
  • configtest
  • tlstest
  • verifytest
7
550-
551 if ((cs = strdup(curves)) == NULL) {
never executed: __retval = (char *) memcpy (__retval, curves , __len);
(cs = (__exten...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...t_p ( curves )Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
((size_t)(cons...curves ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-7
552 tls_config_set_errorx(config, "out of memory");-
553 goto err;
never executed: goto err;
0
554 }-
555-
556 q = cs;-
557 while ((p = strsep(&q, ",:")) != NULL) {
(p = __extensi...!= ((void *)0)Description
TRUEevaluated 21 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
7-21
558 while (*p == ' ' || *p == '\t')
*p == ' 'Description
TRUEnever evaluated
FALSEevaluated 21 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
*p == '\t'Description
TRUEnever evaluated
FALSEevaluated 21 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-21
559 p++;
never executed: p++;
0
560-
561 nid = OBJ_sn2nid(p);-
562 if (nid == NID_undef)
nid == 0Description
TRUEevaluated 14 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
7-14
563 nid = OBJ_ln2nid(p);
executed 14 times by 3 tests: nid = OBJ_ln2nid(p);
Executed by:
  • configtest
  • tlstest
  • verifytest
14
564 if (nid == NID_undef)
nid == 0Description
TRUEevaluated 14 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
7-14
565 nid = EC_curve_nist2nid(p);
executed 14 times by 3 tests: nid = EC_curve_nist2nid(p);
Executed by:
  • configtest
  • tlstest
  • verifytest
14
566 if (nid == NID_undef) {
nid == 0Description
TRUEnever evaluated
FALSEevaluated 21 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-21
567 tls_config_set_errorx(config,-
568 "invalid ecdhe curve '%s'", p);-
569 goto err;
never executed: goto err;
0
570 }-
571-
572 if ((curves_new = reallocarray(curves_list, curves_num + 1,
(curves_new = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 21 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-21
573 sizeof(int))) == NULL) {
(curves_new = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 21 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-21
574 tls_config_set_errorx(config, "out of memory");-
575 goto err;
never executed: goto err;
0
576 }-
577 curves_list = curves_new;-
578 curves_list[curves_num] = nid;-
579 curves_num++;-
580 }
executed 21 times by 3 tests: end of block
Executed by:
  • configtest
  • tlstest
  • verifytest
21
581-
582 config->ecdhecurves = curves_list;-
583 config->ecdhecurves_len = curves_num;-
584 curves_list = NULL;-
585-
586 rv = 0;-
587-
588 err:
code before this statement executed 7 times by 3 tests: err:
Executed by:
  • configtest
  • tlstest
  • verifytest
7
589 free(cs);-
590 free(curves_list);-
591-
592 return (rv);
executed 7 times by 3 tests: return (rv);
Executed by:
  • configtest
  • tlstest
  • verifytest
7
593}-
594-
595int-
596tls_config_set_key_file(struct tls_config *config, const char *key_file)-
597{-
598 return tls_keypair_set_key_file(config->keypair, &config->error,
executed 4 times by 1 test: return tls_keypair_set_key_file(config->keypair, &config->error, key_file);
Executed by:
  • tlstest
4
599 key_file);
executed 4 times by 1 test: return tls_keypair_set_key_file(config->keypair, &config->error, key_file);
Executed by:
  • tlstest
4
600}-
601-
602int-
603tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,-
604 size_t len)-
605{-
606 return tls_keypair_set_key_mem(config->keypair, &config->error,
never executed: return tls_keypair_set_key_mem(config->keypair, &config->error, key, len);
0
607 key, len);
never executed: return tls_keypair_set_key_mem(config->keypair, &config->error, key, len);
0
608}-
609-
610static int-
611tls_config_set_keypair_file_internal(struct tls_config *config,-
612 const char *cert_file, const char *key_file, const char *ocsp_file)-
613{-
614 if (tls_config_set_cert_file(config, cert_file) != 0)
tls_config_set...ert_file) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
615 return (-1);
never executed: return (-1);
0
616 if (tls_config_set_key_file(config, key_file) != 0)
tls_config_set...key_file) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
617 return (-1);
never executed: return (-1);
0
618 if (tls_config_set_key_file(config, key_file) != 0)
tls_config_set...key_file) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
619 return (-1);
never executed: return (-1);
0
620 if (ocsp_file != NULL &&
ocsp_file != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlstest
0-2
621 tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
tls_config_set...csp_file) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
622 return (-1);
never executed: return (-1);
0
623-
624 return (0);
executed 2 times by 1 test: return (0);
Executed by:
  • tlstest
2
625}-
626-
627static int-
628tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,-
629 size_t cert_len, const uint8_t *key, size_t key_len,-
630 const uint8_t *staple, size_t staple_len)-
631{-
632 if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
tls_config_set...cert_len) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
633 return (-1);
never executed: return (-1);
0
634 if (tls_config_set_key_mem(config, key, key_len) != 0)
tls_config_set... key_len) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
635 return (-1);
never executed: return (-1);
0
636 if ((staple != NULL) &&
(staple != ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
637 (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
(tls_config_se...ple_len) != 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
638 return (-1);
never executed: return (-1);
0
639-
640 return (0);
never executed: return (0);
0
641}-
642-
643int-
644tls_config_set_keypair_file(struct tls_config *config,-
645 const char *cert_file, const char *key_file)-
646{-
647 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
executed 2 times by 1 test: return tls_config_set_keypair_file_internal(config, cert_file, key_file, ((void *)0) );
Executed by:
  • tlstest
2
648 NULL);
executed 2 times by 1 test: return tls_config_set_keypair_file_internal(config, cert_file, key_file, ((void *)0) );
Executed by:
  • tlstest
2
649}-
650-
651int-
652tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,-
653 size_t cert_len, const uint8_t *key, size_t key_len)-
654{-
655 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
never executed: return tls_config_set_keypair_mem_internal(config, cert, cert_len, key, key_len, ((void *)0) , 0);
0
656 key, key_len, NULL, 0);
never executed: return tls_config_set_keypair_mem_internal(config, cert, cert_len, key, key_len, ((void *)0) , 0);
0
657}-
658-
659int-
660tls_config_set_keypair_ocsp_file(struct tls_config *config,-
661 const char *cert_file, const char *key_file, const char *ocsp_file)-
662{-
663 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
never executed: return tls_config_set_keypair_file_internal(config, cert_file, key_file, ocsp_file);
0
664 ocsp_file);
never executed: return tls_config_set_keypair_file_internal(config, cert_file, key_file, ocsp_file);
0
665}-
666-
667int-
668tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,-
669 size_t cert_len, const uint8_t *key, size_t key_len,-
670 const uint8_t *staple, size_t staple_len)-
671{-
672 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
never executed: return tls_config_set_keypair_mem_internal(config, cert, cert_len, key, key_len, staple, staple_len);
0
673 key, key_len, staple, staple_len);
never executed: return tls_config_set_keypair_mem_internal(config, cert, cert_len, key, key_len, staple, staple_len);
0
674}-
675-
676-
677int-
678tls_config_set_protocols(struct tls_config *config, uint32_t protocols)-
679{-
680 config->protocols = protocols;-
681-
682 return (0);
executed 7 times by 3 tests: return (0);
Executed by:
  • configtest
  • tlstest
  • verifytest
7
683}-
684-
685int-
686tls_config_set_session_fd(struct tls_config *config, int session_fd)-
687{-
688 struct stat sb;-
689 mode_t mugo;-
690-
691 if (session_fd == -1) {
session_fd == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
692 config->session_fd = session_fd;-
693 return (0);
never executed: return (0);
0
694 }-
695-
696 if (fstat(session_fd, &sb) == -1) {
fstat(session_fd, &sb) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
697 tls_config_set_error(config, "failed to stat session file");-
698 return (-1);
never executed: return (-1);
0
699 }-
700 if (!S_ISREG(sb.st_mode)) {
! (((( sb.st_m... == (0100000))Description
TRUEnever evaluated
FALSEnever evaluated
0
701 tls_config_set_errorx(config,-
702 "session file is not a regular file");-
703 return (-1);
never executed: return (-1);
0
704 }-
705-
706 if (sb.st_uid != getuid()) {
sb.st_uid != getuid()Description
TRUEnever evaluated
FALSEnever evaluated
0
707 tls_config_set_errorx(config, "session file has incorrect "-
708 "owner (uid %i != %i)", sb.st_uid, getuid());-
709 return (-1);
never executed: return (-1);
0
710 }-
711 mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);-
712 if (mugo != (S_IRUSR|S_IWUSR)) {
mugo != ( 0400 | 0200 )Description
TRUEnever evaluated
FALSEnever evaluated
0
713 tls_config_set_errorx(config, "session file has incorrect "-
714 "permissions (%o != 600)", mugo);-
715 return (-1);
never executed: return (-1);
0
716 }-
717-
718 config->session_fd = session_fd;-
719-
720 return (0);
never executed: return (0);
0
721}-
722-
723int-
724tls_config_set_verify_depth(struct tls_config *config, int verify_depth)-
725{-
726 config->verify_depth = verify_depth;-
727-
728 return (0);
executed 7 times by 3 tests: return (0);
Executed by:
  • configtest
  • tlstest
  • verifytest
7
729}-
730-
731void-
732tls_config_prefer_ciphers_client(struct tls_config *config)-
733{-
734 config->ciphers_server = 0;-
735}
never executed: end of block
0
736-
737void-
738tls_config_prefer_ciphers_server(struct tls_config *config)-
739{-
740 config->ciphers_server = 1;-
741}
executed 7 times by 3 tests: end of block
Executed by:
  • configtest
  • tlstest
  • verifytest
7
742-
743void-
744tls_config_insecure_noverifycert(struct tls_config *config)-
745{-
746 config->verify_cert = 0;-
747}
never executed: end of block
0
748-
749void-
750tls_config_insecure_noverifyname(struct tls_config *config)-
751{-
752 config->verify_name = 0;-
753}
executed 2 times by 1 test: end of block
Executed by:
  • tlstest
2
754-
755void-
756tls_config_insecure_noverifytime(struct tls_config *config)-
757{-
758 config->verify_time = 0;-
759}
never executed: end of block
0
760-
761void-
762tls_config_verify(struct tls_config *config)-
763{-
764 config->verify_cert = 1;-
765 config->verify_name = 1;-
766 config->verify_time = 1;-
767}
executed 7 times by 3 tests: end of block
Executed by:
  • configtest
  • tlstest
  • verifytest
7
768-
769void-
770tls_config_ocsp_require_stapling(struct tls_config *config)-
771{-
772 config->ocsp_require_stapling = 1;-
773}
never executed: end of block
0
774-
775void-
776tls_config_verify_client(struct tls_config *config)-
777{-
778 config->verify_client = 1;-
779}
never executed: end of block
0
780-
781void-
782tls_config_verify_client_optional(struct tls_config *config)-
783{-
784 config->verify_client = 2;-
785}
never executed: end of block
0
786-
787void-
788tls_config_skip_private_key_check(struct tls_config *config)-
789{-
790 config->skip_private_key_check = 1;-
791}
never executed: end of block
0
792-
793int-
794tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)-
795{-
796 return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error,
never executed: return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error, staple_file);
0
797 staple_file);
never executed: return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error, staple_file);
0
798}-
799-
800int-
801tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,-
802 size_t len)-
803{-
804 return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error,
never executed: return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error, staple, len);
0
805 staple, len);
never executed: return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error, staple, len);
0
806}-
807-
808int-
809tls_config_set_session_id(struct tls_config *config,-
810 const unsigned char *session_id, size_t len)-
811{-
812 if (len > TLS_MAX_SESSION_ID_LENGTH) {
len > 32Description
TRUEnever evaluated
FALSEevaluated 7 times by 3 tests
Evaluated by:
  • configtest
  • tlstest
  • verifytest
0-7
813 tls_config_set_errorx(config, "session ID too large");-
814 return (-1);
never executed: return (-1);
0
815 }-
816 memset(config->session_id, 0, sizeof(config->session_id));-
817 memcpy(config->session_id, session_id, len);-
818 return (0);
executed 7 times by 3 tests: return (0);
Executed by:
  • configtest
  • tlstest
  • verifytest
7
819}-
820-
821int-
822tls_config_set_session_lifetime(struct tls_config *config, int lifetime)-
823{-
824 if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
lifetime > (24 * 60 * 60)Description
TRUEnever evaluated
FALSEnever evaluated
0
825 tls_config_set_errorx(config, "session lifetime too large");-
826 return (-1);
never executed: return (-1);
0
827 }-
828 if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
lifetime != 0Description
TRUEnever evaluated
FALSEnever evaluated
lifetime < (4)Description
TRUEnever evaluated
FALSEnever evaluated
0
829 tls_config_set_errorx(config, "session lifetime too small");-
830 return (-1);
never executed: return (-1);
0
831 }-
832-
833 config->session_lifetime = lifetime;-
834 return (0);
never executed: return (0);
0
835}-
836-
837int-
838tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,-
839 unsigned char *key, size_t keylen)-
840{-
841 struct tls_ticket_key newkey;-
842 int i;-
843-
844 if (TLS_TICKET_KEY_SIZE != keylen ||
48 != keylenDescription
TRUEnever evaluated
FALSEnever evaluated
0
845 sizeof(newkey.aes_key) + sizeof(newkey.hmac_key) > keylen) {
sizeof(newkey...._key) > keylenDescription
TRUEnever evaluated
FALSEnever evaluated
0
846 tls_config_set_errorx(config,-
847 "wrong amount of ticket key data");-
848 return (-1);
never executed: return (-1);
0
849 }-
850-
851 keyrev = htonl(keyrev);-
852 memset(&newkey, 0, sizeof(newkey));-
853 memcpy(newkey.key_name, &keyrev, sizeof(keyrev));-
854 memcpy(newkey.aes_key, key, sizeof(newkey.aes_key));-
855 memcpy(newkey.hmac_key, key + sizeof(newkey.aes_key),-
856 sizeof(newkey.hmac_key));-
857 newkey.time = time(NULL);-
858-
859 for (i = 0; i < TLS_NUM_TICKETS; i++) {
i < 4Description
TRUEnever evaluated
FALSEnever evaluated
0
860 struct tls_ticket_key *tk = &config->ticket_keys[i];-
861 if (memcmp(newkey.key_name, tk->key_name,
memcmp(newkey....ey_name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
862 sizeof(tk->key_name)) != 0)
memcmp(newkey....ey_name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
863 continue;
never executed: continue;
0
864-
865 /* allow re-entry of most recent key */-
866 if (i == 0 && memcmp(newkey.aes_key, tk->aes_key,
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
memcmp(newkey....aes_key)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
867 sizeof(tk->aes_key)) == 0 && memcmp(newkey.hmac_key,
memcmp(newkey....aes_key)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
memcmp(newkey....mac_key)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
868 tk->hmac_key, sizeof(tk->hmac_key)) == 0)
memcmp(newkey....mac_key)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
869 return (0);
never executed: return (0);
0
870 tls_config_set_errorx(config, "ticket key already present");-
871 return (-1);
never executed: return (-1);
0
872 }-
873-
874 memmove(&config->ticket_keys[1], &config->ticket_keys[0],-
875 sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));-
876 config->ticket_keys[0] = newkey;-
877-
878 config->ticket_autorekey = 0;-
879-
880 return (0);
never executed: return (0);
0
881}-
882-
883int-
884tls_config_ticket_autorekey(struct tls_config *config)-
885{-
886 unsigned char key[TLS_TICKET_KEY_SIZE];-
887 int rv;-
888-
889 arc4random_buf(key, sizeof(key));-
890 rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,-
891 sizeof(key));-
892 config->ticket_autorekey = 1;-
893 return (rv);
never executed: return (rv);
0
894}-
Source codeSwitch to Preprocessed file

Generated by Squish Coco 4.2.2