OpenCoverage

ssl_conf.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/ssl_conf.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <stdio.h> -

11 #include "ssl_locl.h" -

12 #include <openssl/conf.h> -

13 #include <openssl/objects.h> -

14 #include <openssl/dh.h> -

15 #include "internal/nelem.h" -

16 -

17 /* -

18 * structure holding name tables. This is used for permitted elements in lists -

19 * such as TLSv1. -

20 */ -

21 -

22 typedef struct { -

23 const char *name; -

24 int namelen; -

25 unsigned int name_flags; -

26 unsigned long option_value; -

27 } ssl_flag_tbl; -

28 -

29 /* Switch table: use for single command line switches like no_tls2 */ -

30 typedef struct { -

31 unsigned long option_value; -

32 unsigned int name_flags; -

33 } ssl_switch_tbl; -

34 -

35 /* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */ -

36 #define SSL_TFLAG_INV 0x1 -

37 /* Mask for type of flag referred to */ -

38 #define SSL_TFLAG_TYPE_MASK 0xf00 -

39 /* Flag is for options */ -

40 #define SSL_TFLAG_OPTION 0x000 -

41 /* Flag is for cert_flags */ -

42 #define SSL_TFLAG_CERT 0x100 -

43 /* Flag is for verify mode */ -

44 #define SSL_TFLAG_VFY 0x200 -

45 /* Option can only be used for clients */ -

46 #define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT -

47 /* Option can only be used for servers */ -

48 #define SSL_TFLAG_SERVER SSL_CONF_FLAG_SERVER -

49 #define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT|SSL_TFLAG_SERVER) -

50 -

51 #define SSL_FLAG_TBL(str, flag) \ -

52 {str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag} -

53 #define SSL_FLAG_TBL_SRV(str, flag) \ -

54 {str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag} -

55 #define SSL_FLAG_TBL_CLI(str, flag) \ -

56 {str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag} -

57 #define SSL_FLAG_TBL_INV(str, flag) \ -

58 {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_BOTH, flag} -

59 #define SSL_FLAG_TBL_SRV_INV(str, flag) \ -

60 {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_SERVER, flag} -

61 #define SSL_FLAG_TBL_CERT(str, flag) \ -

62 {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag} -

63 -

64 #define SSL_FLAG_VFY_CLI(str, flag) \ -

65 {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag} -

66 #define SSL_FLAG_VFY_SRV(str, flag) \ -

67 {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag} -

68 -

69 /* -

70 * Opaque structure containing SSL configuration context. -

71 */ -

72 -

73 struct ssl_conf_ctx_st { -

74 /* -

75 * Various flags indicating (among other things) which options we will -

76 * recognise. -

77 */ -

78 unsigned int flags; -

79 /* Prefix and length of commands */ -

80 char *prefix; -

81 size_t prefixlen; -

82 /* SSL_CTX or SSL structure to perform operations on */ -

83 SSL_CTX *ctx; -

84 SSL *ssl; -

85 /* Pointer to SSL or SSL_CTX options field or NULL if none */ -

86 uint32_t *poptions; -

87 /* Certificate filenames for each type */ -

88 char *cert_filename[SSL_PKEY_NUM]; -

89 /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */ -

90 uint32_t *pcert_flags; -

91 /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */ -

92 uint32_t *pvfy_flags; -

93 /* Pointer to SSL or SSL_CTX min_version field or NULL if none */ -

94 int *min_version; -

95 /* Pointer to SSL or SSL_CTX max_version field or NULL if none */ -

96 int *max_version; -

97 /* Current flag table being worked on */ -

98 const ssl_flag_tbl *tbl; -

99 /* Size of table */ -

100 size_t ntbl; -

101 /* Client CA names */ -

102 STACK_OF(X509_NAME) *canames; -

103 }; -

104 -

105 static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, -

106 unsigned long option_value, int onoff) -

107 { -

108 uint32_t *pflags; -

109

if (cctx->poptions == NULL)

cctx->poptions == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1800 times by 1 test Evaluated by: libssl.so.1.1

0-1800

110

return;

never executed: return;

111

if (name_flags & SSL_TFLAG_INV)

name_flags & 0x1	Description
TRUE	evaluated 238 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1562 times by 1 test Evaluated by: libssl.so.1.1

238-1562

112

onoff ^= 1;

executed 238 times by 1 test: onoff ^= 1;

Executed by:

libssl.so.1.1

238

113 switch (name_flags & SSL_TFLAG_TYPE_MASK) { -

114 -

115

case SSL_TFLAG_CERT:

never executed: case 0x100:

116 pflags = cctx->pcert_flags; -

117

break;

never executed: break;

118 -

119

case SSL_TFLAG_VFY:

executed 1262 times by 1 test: case 0x200:

Executed by:

libssl.so.1.1

1262

120 pflags = cctx->pvfy_flags; -

121

break;

executed 1262 times by 1 test: break;

Executed by:

libssl.so.1.1

1262

122 -

123

case SSL_TFLAG_OPTION:

executed 538 times by 1 test: case 0x000:

Executed by:

libssl.so.1.1

538

124 pflags = cctx->poptions; -

125

break;

executed 538 times by 1 test: break;

Executed by:

libssl.so.1.1

538

126 -

127

default:

never executed: default:

128

return;

never executed: return;

129 -

130 } -

131

if (onoff)

onoff	Description
TRUE	evaluated 1678 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 122 times by 1 test Evaluated by: libssl.so.1.1

122-1678

132

*pflags |= option_value;

executed 1678 times by 1 test: *pflags |= option_value;

Executed by:

libssl.so.1.1

1678

133 else -

134

*pflags &= ~option_value;

executed 122 times by 1 test: *pflags &= ~option_value;

Executed by:

libssl.so.1.1

122

135 } -

136 -

137 static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, -

138 const char *name, int namelen, int onoff) -

139 { -

140 /* If name not relevant for context skip */ -

141

if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH))

!(cctx->flags ...s & (0x4\|0x8))	Description
TRUE	evaluated 79 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1835 times by 1 test Evaluated by: libssl.so.1.1

79-1835

142

return 0;

executed 79 times by 1 test: return 0;

Executed by:

libssl.so.1.1

143

if (namelen == -1) {

namelen == -1	Description
TRUE	never evaluated
FALSE	evaluated 1835 times by 1 test Evaluated by: libssl.so.1.1

0-1835

144

if (strcmp(tbl->name, name))

never executed: __result = (((const unsigned char *) (const char *) ( tbl->name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

__extension__ ... name )))); })	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

145

return 0;

never executed: return 0;

146

} else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))

never executed: end of block

tbl->namelen != namelen	Description
TRUE	evaluated 271 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1564 times by 1 test Evaluated by: libssl.so.1.1

strncasecmp(tb...name, namelen)	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1525 times by 1 test Evaluated by: libssl.so.1.1

0-1564

147

return 0;

executed 310 times by 1 test: return 0;

Executed by:

libssl.so.1.1

310

148 ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); -

149

return 1;

executed 1525 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1525

150 } -

151 -

152 static int ssl_set_option_list(const char *elem, int len, void *usr) -

153 { -

154 SSL_CONF_CTX *cctx = usr; -

155 size_t i; -

156 const ssl_flag_tbl *tbl; -

157 int onoff = 1; -

158 /* -

159 * len == -1 indicates not being called in list context, just for single -

160 * command line switches, so don't allow +, -. -

161 */ -

162

if (elem == NULL)

elem == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1525 times by 1 test Evaluated by: libssl.so.1.1

0-1525

163

return 0;

never executed: return 0;

164

if (len != -1) {

len != -1	Description
TRUE	evaluated 1525 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1525

165

if (*elem == '+') {

*elem == '+'	Description
TRUE	never evaluated
FALSE	evaluated 1525 times by 1 test Evaluated by: libssl.so.1.1

0-1525

166 elem++; -

167 len--; -

168 onoff = 1; -

169

} else if (*elem == '-') {

never executed: end of block

*elem == '-'	Description
TRUE	evaluated 116 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1409 times by 1 test Evaluated by: libssl.so.1.1

0-1409

170 elem++; -

171 len--; -

172 onoff = 0; -

173

}

executed 116 times by 1 test: end of block

Executed by:

libssl.so.1.1

116

174

}

executed 1525 times by 1 test: end of block

Executed by:

libssl.so.1.1

1525

175

for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) {

i < cctx->ntbl	Description
TRUE	evaluated 1914 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1914

176

if (ssl_match_option(cctx, tbl, elem, len, onoff))

ssl_match_opti...m, len, onoff)	Description
TRUE	evaluated 1525 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 389 times by 1 test Evaluated by: libssl.so.1.1

389-1525

177

return 1;

executed 1525 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1525

178

}

executed 389 times by 1 test: end of block

Executed by:

libssl.so.1.1

389

179

return 0;

never executed: return 0;

180 } -

181 -

182 /* Set supported signature algorithms */ -

183 static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) -

184 { -

185 int rv; -

186

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

187

rv = SSL_set1_sigalgs_list(cctx->ssl, value);

never executed: rv = SSL_ctrl(cctx->ssl,98,0,(char *)(value));

188 /* NB: ctx == NULL performs syntax checking only */ -

189 else -

190

rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value);

executed 35 times by 1 test: rv = SSL_CTX_ctrl(cctx->ctx,98,0,(char *)(value));

Executed by:

libssl.so.1.1

191

return rv > 0;

executed 35 times by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

192 } -

193 -

194 /* Set supported client signature algorithms */ -

195 static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) -

196 { -

197 int rv; -

198

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

199

rv = SSL_set1_client_sigalgs_list(cctx->ssl, value);

never executed: rv = SSL_ctrl(cctx->ssl,102,0,(char *)(value));

200 /* NB: ctx == NULL performs syntax checking only */ -

201 else -

202

rv = SSL_CTX_set1_client_sigalgs_list(cctx->ctx, value);

executed 11 times by 1 test: rv = SSL_CTX_ctrl(cctx->ctx,102,0,(char *)(value));

Executed by:

libssl.so.1.1

203

return rv > 0;

executed 11 times by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

204 } -

205 -

206 static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value) -

207 { -

208 int rv; -

209

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 95 times by 1 test Evaluated by: libssl.so.1.1

0-95

210

rv = SSL_set1_groups_list(cctx->ssl, value);

never executed: rv = SSL_ctrl(cctx->ssl,92,0,(char *)(value));

211 /* NB: ctx == NULL performs syntax checking only */ -

212 else -

213

rv = SSL_CTX_set1_groups_list(cctx->ctx, value);

executed 95 times by 1 test: rv = SSL_CTX_ctrl(cctx->ctx,92,0,(char *)(value));

Executed by:

libssl.so.1.1

214

return rv > 0;

executed 95 times by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

215 } -

216 -

217 /* This is the old name for cmd_Groups - retained for backwards compatibility */ -

218 static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) -

219 { -

220

return cmd_Groups(cctx, value);

executed 89 times by 1 test: return cmd_Groups(cctx, value);

Executed by:

libssl.so.1.1

221 } -

222 -

223 #ifndef OPENSSL_NO_EC -

224 /* ECDH temporary parameters */ -

225 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) -

226 { -

227 int rv = 1; -

228 EC_KEY *ecdh; -

229 int nid; -

230 -

231 /* Ignore values supported by 1.0.2 for the automatic selection */ -

232

if ((cctx->flags & SSL_CONF_FLAG_FILE)

(cctx->flags & 0x2)	Description
TRUE	never evaluated
FALSE	never evaluated

233

&& (strcasecmp(value, "+automatic") == 0

strcasecmp(val...tomatic") == 0	Description
TRUE	never evaluated
FALSE	never evaluated

234

|| strcasecmp(value, "automatic") == 0))

strcasecmp(val...tomatic") == 0	Description
TRUE	never evaluated
FALSE	never evaluated

235

return 1;

never executed: return 1;

236

if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&

(cctx->flags & 0x1)	Description
TRUE	never evaluated
FALSE	never evaluated

237

strcmp(value, "auto") == 0)

never executed: __result = (((const unsigned char *) (const char *) ( value ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "auto" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

238

return 1;

never executed: return 1;

239 -

240 nid = EC_curve_nist2nid(value); -

241

if (nid == NID_undef)

nid == 0	Description
TRUE	never evaluated
FALSE	never evaluated

242

nid = OBJ_sn2nid(value);

never executed: nid = OBJ_sn2nid(value);

243

if (nid == 0)

nid == 0	Description
TRUE	never evaluated
FALSE	never evaluated

244

return 0;

never executed: return 0;

245 ecdh = EC_KEY_new_by_curve_name(nid); -

246

if (!ecdh)

!ecdh	Description
TRUE	never evaluated
FALSE	never evaluated

247

return 0;

never executed: return 0;

248

if (cctx->ctx)

cctx->ctx	Description
TRUE	never evaluated
FALSE	never evaluated

249

rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);

never executed: rv = SSL_CTX_ctrl(cctx->ctx,4,0,(char *)(ecdh));

250

else if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	never evaluated

251

rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);

never executed: rv = SSL_ctrl(cctx->ssl,4,0,(char *)(ecdh));

252 EC_KEY_free(ecdh); -

253 -

254

return rv > 0;

never executed: return rv > 0;

255 } -

256 #endif -

257 static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value) -

258 { -

259 int rv = 1; -

260 -

261

if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 2643 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-2643

262

rv = SSL_CTX_set_cipher_list(cctx->ctx, value);

executed 2643 times by 1 test: rv = SSL_CTX_set_cipher_list(cctx->ctx, value);

Executed by:

libssl.so.1.1

2643

263

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 2647 times by 1 test Evaluated by: libssl.so.1.1

0-2647

264

rv = SSL_set_cipher_list(cctx->ssl, value);

never executed: rv = SSL_set_cipher_list(cctx->ssl, value);

265

return rv > 0;

executed 2647 times by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

2647

266 } -

267 -

268 static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value) -

269 { -

270 int rv = 1; -

271 -

272

if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-186

273

rv = SSL_CTX_set_ciphersuites(cctx->ctx, value);

executed 186 times by 1 test: rv = SSL_CTX_set_ciphersuites(cctx->ctx, value);

Executed by:

libssl.so.1.1

186

274

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

0-186

275

rv = SSL_set_ciphersuites(cctx->ssl, value);

never executed: rv = SSL_set_ciphersuites(cctx->ssl, value);

276

return rv > 0;

executed 186 times by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

186

277 } -

278 -

279 static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) -

280 { -

281 static const ssl_flag_tbl ssl_protocol_list[] = { -

282 SSL_FLAG_TBL_INV("ALL", SSL_OP_NO_SSL_MASK), -

283 SSL_FLAG_TBL_INV("SSLv2", SSL_OP_NO_SSLv2), -

284 SSL_FLAG_TBL_INV("SSLv3", SSL_OP_NO_SSLv3), -

285 SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1), -

286 SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), -

287 SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2), -

288 SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3), -

289 SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1), -

290 SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2) -

291 }; -

292 cctx->tbl = ssl_protocol_list; -

293 cctx->ntbl = OSSL_NELEM(ssl_protocol_list); -

294

return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);

never executed: return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);

295 } -

296 -

297 /* -

298 * protocol_from_string - converts a protocol version string to a number -

299 * -

300 * Returns -1 on failure or the version on success -

301 */ -

302 static int protocol_from_string(const char *value) -

303 { -

304 struct protocol_versions { -

305 const char *name; -

306 int version; -

307 }; -

308 static const struct protocol_versions versions[] = { -

309 {"None", 0}, -

310 {"SSLv3", SSL3_VERSION}, -

311 {"TLSv1", TLS1_VERSION}, -

312 {"TLSv1.1", TLS1_1_VERSION}, -

313 {"TLSv1.2", TLS1_2_VERSION}, -

314 {"TLSv1.3", TLS1_3_VERSION}, -

315 {"DTLSv1", DTLS1_VERSION}, -

316 {"DTLSv1.2", DTLS1_2_VERSION} -

317 }; -

318 size_t i; -

319 size_t n = OSSL_NELEM(versions); -

320 -

321

for (i = 0; i < n; i++)

i < n	Description
TRUE	evaluated 15264 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-15264

322

if (strcmp(versions[i].name, value) == 0)

never executed: __result = (((const unsigned char *) (const char *) ( versions[i].name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( value ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 3280 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11984 times by 1 test Evaluated by: libssl.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-11984

323

return versions[i].version;

executed 3280 times by 1 test: return versions[i].version;

Executed by:

libssl.so.1.1

3280

324

return -1;

never executed: return -1;

325 } -

326 -

327 static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound) -

328 { -

329 int method_version; -

330 int new_version; -

331 -

332

if (cctx->ctx != NULL)

cctx->ctx != ((void *)0)	Description
TRUE	evaluated 3280 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3280

333

method_version = cctx->ctx->method->version;

executed 3280 times by 1 test: method_version = cctx->ctx->method->version;

Executed by:

libssl.so.1.1

3280

334

else if (cctx->ssl != NULL)

cctx->ssl != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

335

method_version = cctx->ssl->ctx->method->version;

never executed: method_version = cctx->ssl->ctx->method->version;

336 else -

337

return 0;

never executed: return 0;

338

if ((new_version = protocol_from_string(value)) < 0)

(new_version =...ng(value)) < 0	Description
TRUE	never evaluated
FALSE	evaluated 3280 times by 1 test Evaluated by: libssl.so.1.1

0-3280

339

return 0;

never executed: return 0;

340

return ssl_set_version_bound(method_version, new_version, bound);

executed 3280 times by 1 test: return ssl_set_version_bound(method_version, new_version, bound);

Executed by:

libssl.so.1.1

3280

341 } -

342 -

343 /* -

344 * cmd_MinProtocol - Set min protocol version -

345 * @cctx: config structure to save settings in -

346 * @value: The min protocol version in string form -

347 * -

348 * Returns 1 on success and 0 on failure. -

349 */ -

350 static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value) -

351 { -

352

return min_max_proto(cctx, value, cctx->min_version);

executed 1312 times by 1 test: return min_max_proto(cctx, value, cctx->min_version);

Executed by:

libssl.so.1.1

1312

353 } -

354 -

355 /* -

356 * cmd_MaxProtocol - Set max protocol version -

357 * @cctx: config structure to save settings in -

358 * @value: The max protocol version in string form -

359 * -

360 * Returns 1 on success and 0 on failure. -

361 */ -

362 static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value) -

363 { -

364

return min_max_proto(cctx, value, cctx->max_version);

executed 1968 times by 1 test: return min_max_proto(cctx, value, cctx->max_version);

Executed by:

libssl.so.1.1

1968

365 } -

366 -

367 static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) -

368 { -

369 static const ssl_flag_tbl ssl_option_list[] = { -

370 SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET), -

371 SSL_FLAG_TBL_INV("EmptyFragments", -

372 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS), -

373 SSL_FLAG_TBL("Bugs", SSL_OP_ALL), -

374 SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), -

375 SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), -

376 SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", -

377 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), -

378 SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), -

379 SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), -

380 SSL_FLAG_TBL("UnsafeLegacyRenegotiation", -

381 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), -

382 SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), -

383 SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), -

384 SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), -

385 SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), -

386 SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT), -

387 SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY) -

388 }; -

389

if (value == NULL)

value == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 261 times by 1 test Evaluated by: libssl.so.1.1

0-261

390

return -3;

never executed: return -3;

391 cctx->tbl = ssl_option_list; -

392 cctx->ntbl = OSSL_NELEM(ssl_option_list); -

393

return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);

executed 261 times by 1 test: return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);

Executed by:

libssl.so.1.1

261

394 } -

395 -

396 static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value) -

397 { -

398 static const ssl_flag_tbl ssl_vfy_list[] = { -

399 SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER), -

400 SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER), -

401 SSL_FLAG_VFY_SRV("Require", -

402 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), -

403 SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE), -

404 SSL_FLAG_VFY_SRV("RequestPostHandshake", -

405 SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE), -

406 SSL_FLAG_VFY_SRV("RequirePostHandshake", -

407 SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE | -

408 SSL_VERIFY_FAIL_IF_NO_PEER_CERT), -

409 }; -

410

if (value == NULL)

value == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1262 times by 1 test Evaluated by: libssl.so.1.1

0-1262

411

return -3;

never executed: return -3;

412 cctx->tbl = ssl_vfy_list; -

413 cctx->ntbl = OSSL_NELEM(ssl_vfy_list); -

414

return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);

executed 1262 times by 1 test: return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);

Executed by:

libssl.so.1.1

1262

415 } -

416 -

417 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) -

418 { -

419 int rv = 1; -

420 CERT *c = NULL; -

421

if (cctx->ctx) {

cctx->ctx	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 430 times by 1 test Evaluated by: libssl.so.1.1

430-2111

422 rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value); -

423 c = cctx->ctx->cert; -

424

}

executed 2111 times by 1 test: end of block

Executed by:

libssl.so.1.1

2111

425

if (cctx->ssl) {

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 2541 times by 1 test Evaluated by: libssl.so.1.1

0-2541

426 rv = SSL_use_certificate_chain_file(cctx->ssl, value); -

427 c = cctx->ssl->cert; -

428

}

never executed: end of block

429

if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {

rv > 0	Description
TRUE	evaluated 2541 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

c	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 430 times by 1 test Evaluated by: libssl.so.1.1

cctx->flags & 0x40	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2541

430 char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; -

431 OPENSSL_free(*pfilename); -

432 *pfilename = OPENSSL_strdup(value); -

433

if (!*pfilename)

!*pfilename	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

434

rv = 0;

never executed: rv = 0;

435

}

executed 2111 times by 1 test: end of block

Executed by:

libssl.so.1.1

2111

436 -

437

return rv > 0;

executed 2541 times by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

2541

438 } -

439 -

440 static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) -

441 { -

442 int rv = 1; -

443

if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))

!(cctx->flags & 0x20)	Description
TRUE	never evaluated
FALSE	evaluated 2539 times by 1 test Evaluated by: libssl.so.1.1

0-2539

444

return -2;

never executed: return -2;

445

if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 428 times by 1 test Evaluated by: libssl.so.1.1

428-2111

446

rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, SSL_FILETYPE_PEM);

executed 2111 times by 1 test: rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, 1);

Executed by:

libssl.so.1.1

2111

447

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 2539 times by 1 test Evaluated by: libssl.so.1.1

0-2539

448

rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM);

never executed: rv = SSL_use_PrivateKey_file(cctx->ssl, value, 1);

449

return rv > 0;

executed 2539 times by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

2539

450 } -

451 -

452 static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) -

453 { -

454 int rv = 1; -

455

if (cctx->ctx)

cctx->ctx	Description
TRUE	never evaluated
FALSE	never evaluated

456

rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);

never executed: rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);

457

return rv > 0;

never executed: return rv > 0;

458 } -

459 -

460 static int do_store(SSL_CONF_CTX *cctx, -

461 const char *CAfile, const char *CApath, int verify_store) -

462 { -

463 CERT *cert; -

464 X509_STORE **st; -

465

if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 1239 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1239

466

cert = cctx->ctx->cert;

executed 1239 times by 1 test: cert = cctx->ctx->cert;

Executed by:

libssl.so.1.1

1239

467

else if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	never evaluated

468

cert = cctx->ssl->cert;

never executed: cert = cctx->ssl->cert;

469 else -

470

return 1;

never executed: return 1;

471

st = verify_store ? &cert->verify_store : &cert->chain_store;

verify_store	Description
TRUE	evaluated 1239 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1239

472

if (*st == NULL) {

st == ((void )0)	Description
TRUE	evaluated 1239 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1239

473 *st = X509_STORE_new(); -

474

if (*st == NULL)

st == ((void )0)	Description
TRUE	never evaluated
FALSE	evaluated 1239 times by 1 test Evaluated by: libssl.so.1.1

0-1239

475

return 0;

never executed: return 0;

476

}

executed 1239 times by 1 test: end of block

Executed by:

libssl.so.1.1

1239

477

return X509_STORE_load_locations(*st, CAfile, CApath) > 0;

executed 1239 times by 1 test: return X509_STORE_load_locations(*st, CAfile, CApath) > 0;

Executed by:

libssl.so.1.1

1239

478 } -

479 -

480 static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value) -

481 { -

482

return do_store(cctx, NULL, value, 0);

never executed: return do_store(cctx, ((void *)0) , value, 0);

483 } -

484 -

485 static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value) -

486 { -

487

return do_store(cctx, value, NULL, 0);

never executed: return do_store(cctx, value, ((void *)0) , 0);

488 } -

489 -

490 static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value) -

491 { -

492

return do_store(cctx, NULL, value, 1);

never executed: return do_store(cctx, ((void *)0) , value, 1);

493 } -

494 -

495 static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value) -

496 { -

497

return do_store(cctx, value, NULL, 1);

executed 1239 times by 1 test: return do_store(cctx, value, ((void *)0) , 1);

Executed by:

libssl.so.1.1

1239

498 } -

499 -

500 static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value) -

501 { -

502

if (cctx->canames == NULL)

cctx->canames == ((void *)0)	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-15

503

cctx->canames = sk_X509_NAME_new_null();

executed 15 times by 1 test: cctx->canames = sk_X509_NAME_new_null();

Executed by:

libssl.so.1.1

504

if (cctx->canames == NULL)

cctx->canames == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

505

return 0;

never executed: return 0;

506

return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);

executed 15 times by 1 test: return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);

Executed by:

libssl.so.1.1

507 } -

508 -

509 static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) -

510 { -

511

return cmd_RequestCAFile(cctx, value);

executed 8 times by 1 test: return cmd_RequestCAFile(cctx, value);

Executed by:

libssl.so.1.1

512 } -

513 -

514 static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value) -

515 { -

516

if (cctx->canames == NULL)

cctx->canames == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

517

cctx->canames = sk_X509_NAME_new_null();

never executed: cctx->canames = sk_X509_NAME_new_null();

518

if (cctx->canames == NULL)

cctx->canames == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

519

return 0;

never executed: return 0;

520

return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);

never executed: return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);

521 } -

522 -

523 static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) -

524 { -

525

return cmd_RequestCAPath(cctx, value);

never executed: return cmd_RequestCAPath(cctx, value);

526 } -

527 -

528 #ifndef OPENSSL_NO_DH -

529 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) -

530 { -

531 int rv = 0; -

532 DH *dh = NULL; -

533 BIO *in = NULL; -

534

if (cctx->ctx || cctx->ssl) {

cctx->ctx	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

cctx->ssl	Description
TRUE	never evaluated
FALSE	never evaluated

0-1

535 in = BIO_new(BIO_s_file()); -

536

if (in == NULL)

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

537

goto end;

never executed: goto end;

538

if (BIO_read_filename(in, value) <= 0)

(int)BIO_ctrl(...)(value)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

539

goto end;

never executed: goto end;

540 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); -

541

if (dh == NULL)

dh == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

542

goto end;

never executed: goto end;

543

} else

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

544

return 1;

never executed: return 1;

545

if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

546

rv = SSL_CTX_set_tmp_dh(cctx->ctx, dh);

executed 1 time by 1 test: rv = SSL_CTX_ctrl(cctx->ctx,3,0,(char *)(dh));

Executed by:

libssl.so.1.1

547

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

548

rv = SSL_set_tmp_dh(cctx->ssl, dh);

never executed: rv = SSL_ctrl(cctx->ssl,3,0,(char *)(dh));

549

end:

code before this statement executed 1 time by 1 test: end:

Executed by:

libssl.so.1.1

550 DH_free(dh); -

551 BIO_free(in); -

552

return rv > 0;

executed 1 time by 1 test: return rv > 0;

Executed by:

libssl.so.1.1

553 } -

554 #endif -

555 -

556 static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) -

557 { -

558 int rv = 0; -

559 int block_size = atoi(value); -

560 -

561 /* -

562 * All we care about is a non-negative value, -

563 * the setters check the range -

564 */ -

565

if (block_size >= 0) {

block_size >= 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

566

if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

567

rv = SSL_CTX_set_block_padding(cctx->ctx, block_size);

executed 2 times by 1 test: rv = SSL_CTX_set_block_padding(cctx->ctx, block_size);

Executed by:

libssl.so.1.1

568

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

569

rv = SSL_set_block_padding(cctx->ssl, block_size);

never executed: rv = SSL_set_block_padding(cctx->ssl, block_size);

570

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

571

return rv;

executed 2 times by 1 test: return rv;

Executed by:

libssl.so.1.1

572 } -

573 -

574 -

575 static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) -

576 { -

577 int rv = 0; -

578 int num_tickets = atoi(value); -

579 -

580

if (num_tickets >= 0) {

num_tickets >= 0	Description
TRUE	never evaluated
FALSE	never evaluated

581

if (cctx->ctx)

cctx->ctx	Description
TRUE	never evaluated
FALSE	never evaluated

582

rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets);

never executed: rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets);

583

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	never evaluated

584

rv = SSL_set_num_tickets(cctx->ssl, num_tickets);

never executed: rv = SSL_set_num_tickets(cctx->ssl, num_tickets);

585

}

never executed: end of block

586

return rv;

never executed: return rv;

587 } -

588 -

589 typedef struct { -

590 int (*cmd) (SSL_CONF_CTX *cctx, const char *value); -

591 const char *str_file; -

592 const char *str_cmdline; -

593 unsigned short flags; -

594 unsigned short value_type; -

595 } ssl_conf_cmd_tbl; -

596 -

597 /* Table of supported parameters */ -

598 -

599 #define SSL_CONF_CMD(name, cmdopt, flags, type) \ -

600 {cmd_##name, #name, cmdopt, flags, type} -

601 -

602 #define SSL_CONF_CMD_STRING(name, cmdopt, flags) \ -

603 SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING) -

604 -

605 #define SSL_CONF_CMD_SWITCH(name, flags) \ -

606 {0, NULL, name, flags, SSL_CONF_TYPE_NONE} -

607 -

608 /* See apps/apps.h if you change this table. */ -

609 static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { -

610 SSL_CONF_CMD_SWITCH("no_ssl3", 0), -

611 SSL_CONF_CMD_SWITCH("no_tls1", 0), -

612 SSL_CONF_CMD_SWITCH("no_tls1_1", 0), -

613 SSL_CONF_CMD_SWITCH("no_tls1_2", 0), -

614 SSL_CONF_CMD_SWITCH("no_tls1_3", 0), -

615 SSL_CONF_CMD_SWITCH("bugs", 0), -

616 SSL_CONF_CMD_SWITCH("no_comp", 0), -

617 SSL_CONF_CMD_SWITCH("comp", 0), -

618 SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER), -

619 SSL_CONF_CMD_SWITCH("no_ticket", 0), -

620 SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER), -

621 SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0), -

622 SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER), -

623 SSL_CONF_CMD_SWITCH("no_renegotiation", 0), -

624 SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER), -

625 SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER), -

626 SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0), -

627 SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER), -

628 SSL_CONF_CMD_SWITCH("strict", 0), -

629 SSL_CONF_CMD_SWITCH("no_middlebox", 0), -

630 SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER), -

631 SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER), -

632 SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), -

633 SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), -

634 SSL_CONF_CMD_STRING(Curves, "curves", 0), -

635 SSL_CONF_CMD_STRING(Groups, "groups", 0), -

636 #ifndef OPENSSL_NO_EC -

637 SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER), -

638 #endif -

639 SSL_CONF_CMD_STRING(CipherString, "cipher", 0), -

640 SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0), -

641 SSL_CONF_CMD_STRING(Protocol, NULL, 0), -

642 SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0), -

643 SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0), -

644 SSL_CONF_CMD_STRING(Options, NULL, 0), -

645 SSL_CONF_CMD_STRING(VerifyMode, NULL, 0), -

646 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE, -

647 SSL_CONF_TYPE_FILE), -

648 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE, -

649 SSL_CONF_TYPE_FILE), -

650 SSL_CONF_CMD(ServerInfoFile, NULL, -

651 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, -

652 SSL_CONF_TYPE_FILE), -

653 SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE, -

654 SSL_CONF_TYPE_DIR), -

655 SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE, -

656 SSL_CONF_TYPE_FILE), -

657 SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE, -

658 SSL_CONF_TYPE_DIR), -

659 SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, -

660 SSL_CONF_TYPE_FILE), -

661 SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE, -

662 SSL_CONF_TYPE_FILE), -

663 SSL_CONF_CMD(ClientCAFile, NULL, -

664 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, -

665 SSL_CONF_TYPE_FILE), -

666 SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE, -

667 SSL_CONF_TYPE_DIR), -

668 SSL_CONF_CMD(ClientCAPath, NULL, -

669 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, -

670 SSL_CONF_TYPE_DIR), -

671 #ifndef OPENSSL_NO_DH -

672 SSL_CONF_CMD(DHParameters, "dhparam", -

673 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, -

674 SSL_CONF_TYPE_FILE), -

675 #endif -

676 SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0), -

677 SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER), -

678 }; -

679 -

680 /* Supported switches: must match order of switches in ssl_conf_cmds */ -

681 static const ssl_switch_tbl ssl_cmd_switches[] = { -

682 {SSL_OP_NO_SSLv3, 0}, /* no_ssl3 */ -

683 {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ -

684 {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ -

685 {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ -

686 {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */ -

687 {SSL_OP_ALL, 0}, /* bugs */ -

688 {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ -

689 {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */ -

690 {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */ -

691 {SSL_OP_NO_TICKET, 0}, /* no_ticket */ -

692 {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */ -

693 /* legacy_renegotiation */ -

694 {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0}, -

695 /* legacy_server_connect */ -

696 {SSL_OP_LEGACY_SERVER_CONNECT, 0}, -

697 /* no_renegotiation */ -

698 {SSL_OP_NO_RENEGOTIATION, 0}, -

699 /* no_resumption_on_reneg */ -

700 {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0}, -

701 /* no_legacy_server_connect */ -

702 {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV}, -

703 /* allow_no_dhe_kex */ -

704 {SSL_OP_ALLOW_NO_DHE_KEX, 0}, -

705 /* chacha reprioritization */ -

706 {SSL_OP_PRIORITIZE_CHACHA, 0}, -

707 {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */ -

708 /* no_middlebox */ -

709 {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV}, -

710 /* anti_replay */ -

711 {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV}, -

712 /* no_anti_replay */ -

713 {SSL_OP_NO_ANTI_REPLAY, 0}, -

714 }; -

715 -

716 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) -

717 { -

718

if (!pcmd || !*pcmd)

!pcmd	Description
TRUE	never evaluated
FALSE	evaluated 15637 times by 1 test Evaluated by: libssl.so.1.1

!*pcmd	Description
TRUE	never evaluated
FALSE	evaluated 15637 times by 1 test Evaluated by: libssl.so.1.1

0-15637

719

return 0;

never executed: return 0;

720 /* If a prefix is set, check and skip */ -

721

if (cctx->prefix) {

cctx->prefix	Description
TRUE	evaluated 3602 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12035 times by 1 test Evaluated by: libssl.so.1.1

3602-12035

722

if (strlen(*pcmd) <= cctx->prefixlen)

strlen(*pcmd) ...ctx->prefixlen	Description
TRUE	never evaluated
FALSE	evaluated 3602 times by 1 test Evaluated by: libssl.so.1.1

0-3602

723

return 0;

never executed: return 0;

724

if (cctx->flags & SSL_CONF_FLAG_CMDLINE &&

cctx->flags & 0x1	Description
TRUE	evaluated 3602 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3602

725

strncmp(*pcmd, cctx->prefix, cctx->prefixlen))

never executed: __result = (((const unsigned char *) (const char *) ( *pcmd ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( cctx->prefix ))[3] - __s2[3]);

never executed: end of block

(__extension__...>prefixlen )))	Description
TRUE	evaluated 1252 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2350 times by 1 test Evaluated by: libssl.so.1.1

__builtin_cons...x->prefixlen )	Description
TRUE	never evaluated
FALSE	evaluated 3602 times by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( *pcmd )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( *pcmd...->prefixlen ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...cctx->prefix )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( cctx-...->prefixlen ))	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-3602

726

return 0;

executed 1252 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1252

727

if (cctx->flags & SSL_CONF_FLAG_FILE &&

cctx->flags & 0x2	Description
TRUE	never evaluated
FALSE	evaluated 2350 times by 1 test Evaluated by: libssl.so.1.1

0-2350

728

strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))

strncasecmp(*p...tx->prefixlen)	Description
TRUE	never evaluated
FALSE	never evaluated

729

return 0;

never executed: return 0;

730 *pcmd += cctx->prefixlen; -

731

} else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {

executed 2350 times by 1 test: end of block

Executed by:

libssl.so.1.1

cctx->flags & 0x1	Description
TRUE	evaluated 1044 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10991 times by 1 test Evaluated by: libssl.so.1.1

1044-10991

732

if (**pcmd != '-' || !(*pcmd)[1])

**pcmd != '-'	Description
TRUE	never evaluated
FALSE	evaluated 1044 times by 1 test Evaluated by: libssl.so.1.1

!(*pcmd)[1]	Description
TRUE	never evaluated
FALSE	evaluated 1044 times by 1 test Evaluated by: libssl.so.1.1

0-1044

733

return 0;

never executed: return 0;

734 *pcmd += 1; -

735

}

executed 1044 times by 1 test: end of block

Executed by:

libssl.so.1.1

1044

736

return 1;

executed 14385 times by 1 test: return 1;

Executed by:

libssl.so.1.1

14385

737 } -

738 -

739 /* Determine if a command is allowed according to cctx flags */ -

740 static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t) -

741 { -

742 unsigned int tfl = t->flags; -

743 unsigned int cfl = cctx->flags; -

744

if ((tfl & SSL_CONF_FLAG_SERVER) && !(cfl & SSL_CONF_FLAG_SERVER))

(tfl & 0x8)	Description
TRUE	evaluated 128150 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 343570 times by 1 test Evaluated by: libssl.so.1.1

!(cfl & 0x8)	Description
TRUE	evaluated 54724 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 73426 times by 1 test Evaluated by: libssl.so.1.1

54724-343570

745

return 0;

executed 54724 times by 1 test: return 0;

Executed by:

libssl.so.1.1

54724

746

if ((tfl & SSL_CONF_FLAG_CLIENT) && !(cfl & SSL_CONF_FLAG_CLIENT))

(tfl & 0x4)	Description
TRUE	never evaluated
FALSE	evaluated 416996 times by 1 test Evaluated by: libssl.so.1.1

!(cfl & 0x4)	Description
TRUE	never evaluated
FALSE	never evaluated

0-416996

747

return 0;

never executed: return 0;

748

if ((tfl & SSL_CONF_FLAG_CERTIFICATE)

(tfl & 0x20)	Description
TRUE	evaluated 15235 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 401761 times by 1 test Evaluated by: libssl.so.1.1

15235-401761

749

&& !(cfl & SSL_CONF_FLAG_CERTIFICATE))

!(cfl & 0x20)	Description
TRUE	never evaluated
FALSE	evaluated 15235 times by 1 test Evaluated by: libssl.so.1.1

0-15235

750

return 0;

never executed: return 0;

751

return 1;

executed 416996 times by 1 test: return 1;

Executed by:

libssl.so.1.1

416996

752 } -

753 -

754 static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, -

755 const char *cmd) -

756 { -

757 const ssl_conf_cmd_tbl *t; -

758 size_t i; -

759

if (cmd == NULL)

cmd == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 14385 times by 1 test Evaluated by: libssl.so.1.1

0-14385

760

return NULL;

never executed: return ((void *)0) ;

761 -

762 /* Look for matching parameter name in table */ -

763

for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) {

i < (sizeof(ss...onf_cmds)[0]))	Description
TRUE	evaluated 471720 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-471720

764

if (ssl_conf_cmd_allowed(cctx, t)) {

ssl_conf_cmd_allowed(cctx, t)	Description
TRUE	evaluated 416996 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 54724 times by 1 test Evaluated by: libssl.so.1.1

54724-416996

765

if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {

cctx->flags & 0x1	Description
TRUE	evaluated 102171 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 314825 times by 1 test Evaluated by: libssl.so.1.1

102171-314825

766

if (t->str_cmdline && strcmp(t->str_cmdline, cmd) == 0)

never executed: __result = (((const unsigned char *) (const char *) ( t->str_cmdline ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( cmd ))[3] - __s2[3]);

never executed: end of block

t->str_cmdline	Description
TRUE	evaluated 94778 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7393 times by 1 test Evaluated by: libssl.so.1.1

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 3394 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 91384 times by 1 test Evaluated by: libssl.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-94778

767

return t;

executed 3394 times by 1 test: return t;

Executed by:

libssl.so.1.1

3394

768

}

executed 98777 times by 1 test: end of block

Executed by:

libssl.so.1.1

98777

769

if (cctx->flags & SSL_CONF_FLAG_FILE) {

cctx->flags & 0x2	Description
TRUE	evaluated 314825 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 98777 times by 1 test Evaluated by: libssl.so.1.1

98777-314825

770

if (t->str_file && strcasecmp(t->str_file, cmd) == 0)

t->str_file	Description
TRUE	evaluated 115215 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 199610 times by 1 test Evaluated by: libssl.so.1.1

strcasecmp(t->...ile, cmd) == 0	Description
TRUE	evaluated 10991 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 104224 times by 1 test Evaluated by: libssl.so.1.1

10991-199610

771

return t;

executed 10991 times by 1 test: return t;

Executed by:

libssl.so.1.1

10991

772

}

executed 303834 times by 1 test: end of block

Executed by:

libssl.so.1.1

303834

773

}

executed 402611 times by 1 test: end of block

Executed by:

libssl.so.1.1

402611

774

}

executed 457335 times by 1 test: end of block

Executed by:

libssl.so.1.1

457335

775

return NULL;

never executed: return ((void *)0) ;

776 } -

777 -

778 static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd) -

779 { -

780 /* Find index of command in table */ -

781 size_t idx = cmd - ssl_conf_cmds; -

782 const ssl_switch_tbl *scmd; -

783 /* Sanity check index */ -

784

if (idx >= OSSL_NELEM(ssl_cmd_switches))

idx >= (sizeof...switches)[0]))	Description
TRUE	never evaluated
FALSE	evaluated 275 times by 1 test Evaluated by: libssl.so.1.1

0-275

785

return 0;

never executed: return 0;

786 /* Obtain switches entry with same index */ -

787 scmd = ssl_cmd_switches + idx; -

788 ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1); -

789

return 1;

executed 275 times by 1 test: return 1;

Executed by:

libssl.so.1.1

275

790 } -

791 -

792 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) -

793 { -

794 const ssl_conf_cmd_tbl *runcmd; -

795

if (cmd == NULL) {

cmd == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 15637 times by 1 test Evaluated by: libssl.so.1.1

0-15637

796 SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME); -

797

return 0;

never executed: return 0;

798 } -

799 -

800

if (!ssl_conf_cmd_skip_prefix(cctx, &cmd))

!ssl_conf_cmd_...ix(cctx, &cmd)	Description
TRUE	evaluated 1252 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14385 times by 1 test Evaluated by: libssl.so.1.1

1252-14385

801

return -2;

executed 1252 times by 1 test: return -2;

Executed by:

libssl.so.1.1

1252

802 -

803 runcmd = ssl_conf_cmd_lookup(cctx, cmd); -

804 -

805

if (runcmd) {

runcmd	Description
TRUE	evaluated 14385 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-14385

806 int rv; -

807

if (runcmd->value_type == SSL_CONF_TYPE_NONE) {

runcmd->value_type == 0x4	Description
TRUE	evaluated 275 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14110 times by 1 test Evaluated by: libssl.so.1.1

275-14110

808

return ctrl_switch_option(cctx, runcmd);

executed 275 times by 1 test: return ctrl_switch_option(cctx, runcmd);

Executed by:

libssl.so.1.1

275

809 } -

810

if (value == NULL)

value == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 14110 times by 1 test Evaluated by: libssl.so.1.1

0-14110

811

return -3;

never executed: return -3;

812 rv = runcmd->cmd(cctx, value); -

813

if (rv > 0)

rv > 0	Description
TRUE	evaluated 14110 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-14110

814

return 2;

executed 14110 times by 1 test: return 2;

Executed by:

libssl.so.1.1

14110

815

if (rv == -2)

rv == -2	Description
TRUE	never evaluated
FALSE	never evaluated

816

return -2;

never executed: return -2;

817

if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {

cctx->flags & 0x10	Description
TRUE	never evaluated
FALSE	never evaluated

818 SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE); -

819 ERR_add_error_data(4, "cmd=", cmd, ", value=", value); -

820

}

never executed: end of block

821

return 0;

never executed: return 0;

822 } -

823 -

824

if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {

cctx->flags & 0x10	Description
TRUE	never evaluated
FALSE	never evaluated

825 SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME); -

826 ERR_add_error_data(2, "cmd=", cmd); -

827

}

never executed: end of block

828 -

829

return -2;

never executed: return -2;

830 } -

831 -

832 int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv) -

833 { -

834 int rv; -

835 const char *arg = NULL, *argn; -

836

if (pargc && *pargc == 0)

pargc	Description
TRUE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

*pargc == 0	Description
TRUE	never evaluated
FALSE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1

0-1488

837

return 0;

never executed: return 0;

838

if (!pargc || *pargc > 0)

!pargc	Description
TRUE	never evaluated
FALSE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1

*pargc > 0	Description
TRUE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1488

839

arg = **pargv;

executed 1488 times by 1 test: arg = **pargv;

Executed by:

libssl.so.1.1

1488

840

if (arg == NULL)

arg == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1

0-1488

841

return 0;

never executed: return 0;

842

if (!pargc || *pargc > 1)

!pargc	Description
TRUE	never evaluated
FALSE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1

*pargc > 1	Description
TRUE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1488

843

argn = (*pargv)[1];

executed 1488 times by 1 test: argn = (*pargv)[1];

Executed by:

libssl.so.1.1

1488

844 else -

845

argn = NULL;

never executed: argn = ((void *)0) ;

846 cctx->flags &= ~SSL_CONF_FLAG_FILE; -

847 cctx->flags |= SSL_CONF_FLAG_CMDLINE; -

848 rv = SSL_CONF_cmd(cctx, arg, argn); -

849

if (rv > 0) {

rv > 0	Description
TRUE	evaluated 862 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 626 times by 1 test Evaluated by: libssl.so.1.1

626-862

850 /* Success: update pargc, pargv */ -

851 (*pargv) += rv; -

852

if (pargc)

pargc	Description
TRUE	evaluated 862 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-862

853

(*pargc) -= rv;

executed 862 times by 1 test: (*pargc) -= rv;

Executed by:

libssl.so.1.1

862

854

return rv;

executed 862 times by 1 test: return rv;

Executed by:

libssl.so.1.1

862

855 } -

856 /* Unknown switch: indicate no arguments processed */ -

857

if (rv == -2)

rv == -2	Description
TRUE	evaluated 626 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-626

858

return 0;

executed 626 times by 1 test: return 0;

Executed by:

libssl.so.1.1

626

859 /* Some error occurred processing command, return fatal error */ -

860

if (rv == 0)

rv == 0	Description
TRUE	never evaluated
FALSE	never evaluated

861

return -1;

never executed: return -1;

862

return rv;

never executed: return rv;

863 } -

864 -

865 int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd) -

866 { -

867

if (ssl_conf_cmd_skip_prefix(cctx, &cmd)) {

ssl_conf_cmd_s...ix(cctx, &cmd)	Description
TRUE	never evaluated
FALSE	never evaluated

868 const ssl_conf_cmd_tbl *runcmd; -

869 runcmd = ssl_conf_cmd_lookup(cctx, cmd); -

870

if (runcmd)

runcmd	Description
TRUE	never evaluated
FALSE	never evaluated

871

return runcmd->value_type;

never executed: return runcmd->value_type;

872

}

never executed: end of block

873

return SSL_CONF_TYPE_UNKNOWN;

never executed: return 0x0;

874 } -

875 -

876 SSL_CONF_CTX *SSL_CONF_CTX_new(void) -

877 { -

878 SSL_CONF_CTX *ret = OPENSSL_zalloc(sizeof(*ret)); -

879 -

880

return ret;

executed 3182 times by 1 test: return ret;

Executed by:

libssl.so.1.1

3182

881 } -

882 -

883 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) -

884 { -

885 /* See if any certificates are missing private keys */ -

886 size_t i; -

887 CERT *c = NULL; -

888

if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 3184 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3184

889

c = cctx->ctx->cert;

executed 3184 times by 1 test: c = cctx->ctx->cert;

Executed by:

libssl.so.1.1

3184

890

else if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	never evaluated

891

c = cctx->ssl->cert;

never executed: c = cctx->ssl->cert;

892

if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {

c	Description
TRUE	evaluated 3184 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

cctx->flags & 0x40	Description
TRUE	evaluated 2810 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 374 times by 1 test Evaluated by: libssl.so.1.1

0-3184

893

for (i = 0; i < SSL_PKEY_NUM; i++) {

i < 9	Description
TRUE	evaluated 25290 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2810 times by 1 test Evaluated by: libssl.so.1.1

2810-25290

894 const char *p = cctx->cert_filename[i]; -

895 /* -

896 * If missing private key try to load one from certificate file -

897 */ -

898

if (p && !c->pkeys[i].privatekey) {

p	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23179 times by 1 test Evaluated by: libssl.so.1.1

!c->pkeys[i].privatekey	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2107 times by 1 test Evaluated by: libssl.so.1.1

4-23179

899

if (!cmd_PrivateKey(cctx, p))

!cmd_PrivateKey(cctx, p)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

900

return 0;

never executed: return 0;

901

}

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

902

}

executed 25290 times by 1 test: end of block

Executed by:

libssl.so.1.1

25290

903

}

executed 2810 times by 1 test: end of block

Executed by:

libssl.so.1.1

2810

904

if (cctx->canames) {

cctx->canames	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3169 times by 1 test Evaluated by: libssl.so.1.1

15-3169

905

if (cctx->ssl)

cctx->ssl	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

906

SSL_set0_CA_list(cctx->ssl, cctx->canames);

never executed: SSL_set0_CA_list(cctx->ssl, cctx->canames);

907

else if (cctx->ctx)

cctx->ctx	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-15

908

SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);

executed 15 times by 1 test: SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);

Executed by:

libssl.so.1.1

909 else -

910

sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);

never executed: sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);

911 cctx->canames = NULL; -

912

}

executed 15 times by 1 test: end of block

Executed by:

libssl.so.1.1

913

return 1;

executed 3184 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3184

914 } -

915 -

916 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) -

917 { -

918

if (cctx) {

cctx	Description
TRUE	evaluated 3182 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8016 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

3182-8016

919 size_t i; -

920

for (i = 0; i < SSL_PKEY_NUM; i++)

i < 9	Description
TRUE	evaluated 28638 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3182 times by 1 test Evaluated by: libssl.so.1.1

3182-28638

921

OPENSSL_free(cctx->cert_filename[i]);

executed 28638 times by 1 test: CRYPTO_free(cctx->cert_filename[i], __FILE__, 921);

Executed by:

libssl.so.1.1

28638

922 OPENSSL_free(cctx->prefix); -

923 sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); -

924 OPENSSL_free(cctx); -

925

}

executed 3182 times by 1 test: end of block

Executed by:

libssl.so.1.1

3182

926

}

executed 11198 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

11198

927 -

928 unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags) -

929 { -

930 cctx->flags |= flags; -

931

return cctx->flags;

executed 3182 times by 1 test: return cctx->flags;

Executed by:

libssl.so.1.1

3182

932 } -

933 -

934 unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags) -

935 { -

936 cctx->flags &= ~flags; -

937

return cctx->flags;

never executed: return cctx->flags;

938 } -

939 -

940 int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre) -

941 { -

942 char *tmp = NULL; -

943

if (pre) {

pre	Description
TRUE	evaluated 357 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-357

944 tmp = OPENSSL_strdup(pre); -

945

if (tmp == NULL)

tmp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 357 times by 1 test Evaluated by: libssl.so.1.1

0-357

946

return 0;

never executed: return 0;

947

}

executed 357 times by 1 test: end of block

Executed by:

libssl.so.1.1

357

948 OPENSSL_free(cctx->prefix); -

949 cctx->prefix = tmp; -

950

if (tmp)

tmp	Description
TRUE	evaluated 357 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-357

951

cctx->prefixlen = strlen(tmp);

executed 357 times by 1 test: cctx->prefixlen = strlen(tmp);

Executed by:

libssl.so.1.1

357

952 else -

953

cctx->prefixlen = 0;

never executed: cctx->prefixlen = 0;

954

return 1;

executed 357 times by 1 test: return 1;

Executed by:

libssl.so.1.1

357

955 } -

956 -

957 void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl) -

958 { -

959 cctx->ssl = ssl; -

960 cctx->ctx = NULL; -

961

if (ssl) {

ssl	Description
TRUE	never evaluated
FALSE	never evaluated

962 cctx->poptions = &ssl->options; -

963 cctx->min_version = &ssl->min_proto_version; -

964 cctx->max_version = &ssl->max_proto_version; -

965 cctx->pcert_flags = &ssl->cert->cert_flags; -

966 cctx->pvfy_flags = &ssl->verify_mode; -

967

} else {

never executed: end of block

968 cctx->poptions = NULL; -

969 cctx->min_version = NULL; -

970 cctx->max_version = NULL; -

971 cctx->pcert_flags = NULL; -

972 cctx->pvfy_flags = NULL; -

973

}

never executed: end of block

974 } -

975 -

976 void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx) -

977 { -

978 cctx->ctx = ctx; -

979 cctx->ssl = NULL; -

980

if (ctx) {

ctx	Description
TRUE	evaluated 3188 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3188

981 cctx->poptions = &ctx->options; -

982 cctx->min_version = &ctx->min_proto_version; -

983 cctx->max_version = &ctx->max_proto_version; -

984 cctx->pcert_flags = &ctx->cert->cert_flags; -

985 cctx->pvfy_flags = &ctx->verify_mode; -

986

} else {

executed 3188 times by 1 test: end of block

Executed by:

libssl.so.1.1

3188

987 cctx->poptions = NULL; -

988 cctx->min_version = NULL; -

989 cctx->max_version = NULL; -

990 cctx->pcert_flags = NULL; -

991 cctx->pvfy_flags = NULL; -

992

}

never executed: end of block

993 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2