OpenCoverage

v3_utl.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/x509v3/v3_utl.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: v3_utl.c,v 1.31 2018/05/19 10:50:08 tb Exp $ */-
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL-
3 * project.-
4 */-
5/* ====================================================================-
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.-
7 *-
8 * Redistribution and use in source and binary forms, with or without-
9 * modification, are permitted provided that the following conditions-
10 * are met:-
11 *-
12 * 1. Redistributions of source code must retain the above copyright-
13 * notice, this list of conditions and the following disclaimer.-
14 *-
15 * 2. Redistributions in binary form must reproduce the above copyright-
16 * notice, this list of conditions and the following disclaimer in-
17 * the documentation and/or other materials provided with the-
18 * distribution.-
19 *-
20 * 3. All advertising materials mentioning features or use of this-
21 * software must display the following acknowledgment:-
22 * "This product includes software developed by the OpenSSL Project-
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
24 *-
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
26 * endorse or promote products derived from this software without-
27 * prior written permission. For written permission, please contact-
28 * licensing@OpenSSL.org.-
29 *-
30 * 5. Products derived from this software may not be called "OpenSSL"-
31 * nor may "OpenSSL" appear in their names without prior written-
32 * permission of the OpenSSL Project.-
33 *-
34 * 6. Redistributions of any form whatsoever must retain the following-
35 * acknowledgment:-
36 * "This product includes software developed by the OpenSSL Project-
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
38 *-
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
50 * OF THE POSSIBILITY OF SUCH DAMAGE.-
51 * ====================================================================-
52 *-
53 * This product includes cryptographic software written by Eric Young-
54 * (eay@cryptsoft.com). This product includes software written by Tim-
55 * Hudson (tjh@cryptsoft.com).-
56 *-
57 */-
58/* X509 v3 extension utilities */-
59-
60#include <ctype.h>-
61#include <stdio.h>-
62#include <string.h>-
63-
64#include <openssl/bn.h>-
65#include <openssl/conf.h>-
66#include <openssl/err.h>-
67#include <openssl/x509v3.h>-
68-
69static char *strip_spaces(char *name);-
70static int sk_strcmp(const char * const *a, const char * const *b);-
71static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,-
72 GENERAL_NAMES *gens);-
73static void str_free(OPENSSL_STRING str);-
74static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);-
75-
76static int ipv4_from_asc(unsigned char *v4, const char *in);-
77static int ipv6_from_asc(unsigned char *v6, const char *in);-
78static int ipv6_cb(const char *elem, int len, void *usr);-
79static int ipv6_hex(unsigned char *out, const char *in, int inlen);-
80-
81/* Add a CONF_VALUE name value pair to stack */-
82-
83int-
84X509V3_add_value(const char *name, const char *value,-
85 STACK_OF(CONF_VALUE) **extlist)-
86{-
87 CONF_VALUE *vtmp = NULL;-
88 char *tname = NULL, *tvalue = NULL;-
89-
90 if (name && !(tname = strdup(name)))
never executed: __retval = (char *) memcpy (__retval, name , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
nameDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
FALSEnever evaluated
!(tname = (__e...p ( name ))) )Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
__builtin_constant_p ( name )Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
((size_t)(cons...( name ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-4
91 goto err;
never executed: goto err;
0
92 if (value && !(tvalue = strdup(value)))
never executed: __retval = (char *) memcpy (__retval, value , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
valueDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
!(tvalue = (__... ( value ))) )Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
__builtin_constant_p ( value )Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
((size_t)(cons... value ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-3
93 goto err;
never executed: goto err;
0
94 if (!(vtmp = malloc(sizeof(CONF_VALUE))))
!(vtmp = mallo...(CONF_VALUE)))Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
0-4
95 goto err;
never executed: goto err;
0
96 if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
!*extlistDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
!(*extlist = (...k_new_null()))Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
0-2
97 goto err;
never executed: goto err;
0
98 vtmp->section = NULL;-
99 vtmp->name = tname;-
100 vtmp->value = tvalue;-
101 if (!sk_CONF_VALUE_push(*extlist, vtmp))
!sk_push(((_ST...NF_VALUE*)0)))Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
0-4
102 goto err;
never executed: goto err;
0
103 return 1;
executed 4 times by 1 test: return 1;
Executed by:
  • libcrypto.so.44.0.1
4
104-
105err:-
106 X509V3error(ERR_R_MALLOC_FAILURE);-
107 free(vtmp);-
108 free(tname);-
109 free(tvalue);-
110 return 0;
never executed: return 0;
0
111}-
112-
113int-
114X509V3_add_value_uchar(const char *name, const unsigned char *value,-
115 STACK_OF(CONF_VALUE) **extlist)-
116{-
117 return X509V3_add_value(name, (const char *)value, extlist);
never executed: return X509V3_add_value(name, (const char *)value, extlist);
0
118}-
119-
120/* Free function for STACK_OF(CONF_VALUE) */-
121-
122void-
123X509V3_conf_free(CONF_VALUE *conf)-
124{-
125 if (!conf)
!confDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • freenull
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
1-4
126 return;
executed 1 time by 1 test: return;
Executed by:
  • freenull
1
127 free(conf->name);-
128 free(conf->value);-
129 free(conf->section);-
130 free(conf);-
131}
executed 4 times by 1 test: end of block
Executed by:
  • libcrypto.so.44.0.1
4
132-
133int-
134X509V3_add_value_bool(const char *name, int asn1_bool,-
135 STACK_OF(CONF_VALUE) **extlist)-
136{-
137 if (asn1_bool)
asn1_boolDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
0-1
138 return X509V3_add_value(name, "TRUE", extlist);
never executed: return X509V3_add_value(name, "TRUE", extlist);
0
139 return X509V3_add_value(name, "FALSE", extlist);
executed 1 time by 1 test: return X509V3_add_value(name, "FALSE", extlist);
Executed by:
  • libcrypto.so.44.0.1
1
140}-
141-
142int-
143X509V3_add_value_bool_nf(const char *name, int asn1_bool,-
144 STACK_OF(CONF_VALUE) **extlist)-
145{-
146 if (asn1_bool)
asn1_boolDescription
TRUEnever evaluated
FALSEnever evaluated
0
147 return X509V3_add_value(name, "TRUE", extlist);
never executed: return X509V3_add_value(name, "TRUE", extlist);
0
148 return 1;
never executed: return 1;
0
149}-
150-
151-
152char *-
153i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)-
154{-
155 BIGNUM *bntmp = NULL;-
156 char *strtmp = NULL;-
157-
158 if (!a)
!aDescription
TRUEnever evaluated
FALSEnever evaluated
0
159 return NULL;
never executed: return ((void *)0) ;
0
160 if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
!(bntmp = ASN1...((void *)0) ))Description
TRUEnever evaluated
FALSEnever evaluated
0
161 !(strtmp = BN_bn2dec(bntmp)))
!(strtmp = BN_bn2dec(bntmp))Description
TRUEnever evaluated
FALSEnever evaluated
0
162 X509V3error(ERR_R_MALLOC_FAILURE);
never executed: ERR_put_error(34,(0xfff),((1|64)),__FILE__,162);
0
163 BN_free(bntmp);-
164 return strtmp;
never executed: return strtmp;
0
165}-
166-
167char *-
168i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)-
169{-
170 BIGNUM *bntmp = NULL;-
171 char *strtmp = NULL;-
172-
173 if (!a)
!aDescription
TRUEnever evaluated
FALSEnever evaluated
0
174 return NULL;
never executed: return ((void *)0) ;
0
175 if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
!(bntmp = ASN1...((void *)0) ))Description
TRUEnever evaluated
FALSEnever evaluated
0
176 !(strtmp = BN_bn2dec(bntmp)))
!(strtmp = BN_bn2dec(bntmp))Description
TRUEnever evaluated
FALSEnever evaluated
0
177 X509V3error(ERR_R_MALLOC_FAILURE);
never executed: ERR_put_error(34,(0xfff),((1|64)),__FILE__,177);
0
178 BN_free(bntmp);-
179 return strtmp;
never executed: return strtmp;
0
180}-
181-
182ASN1_INTEGER *-
183s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)-
184{-
185 BIGNUM *bn = NULL;-
186 ASN1_INTEGER *aint;-
187 int isneg, ishex;-
188 int ret;-
189-
190 if (!value) {
!valueDescription
TRUEnever evaluated
FALSEnever evaluated
0
191 X509V3error(X509V3_R_INVALID_NULL_VALUE);-
192 return 0;
never executed: return 0;
0
193 }-
194 bn = BN_new();-
195 if (value[0] == '-') {
value[0] == '-'Description
TRUEnever evaluated
FALSEnever evaluated
0
196 value++;-
197 isneg = 1;-
198 } else
never executed: end of block
0
199 isneg = 0;
never executed: isneg = 0;
0
200-
201 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
value[0] == '0'Description
TRUEnever evaluated
FALSEnever evaluated
(value[1] == 'x')Description
TRUEnever evaluated
FALSEnever evaluated
(value[1] == 'X')Description
TRUEnever evaluated
FALSEnever evaluated
0
202 value += 2;-
203 ishex = 1;-
204 } else
never executed: end of block
0
205 ishex = 0;
never executed: ishex = 0;
0
206-
207 if (ishex)
ishexDescription
TRUEnever evaluated
FALSEnever evaluated
0
208 ret = BN_hex2bn(&bn, value);
never executed: ret = BN_hex2bn(&bn, value);
0
209 else-
210 ret = BN_dec2bn(&bn, value);
never executed: ret = BN_dec2bn(&bn, value);
0
211-
212 if (!ret || value[ret]) {
!retDescription
TRUEnever evaluated
FALSEnever evaluated
value[ret]Description
TRUEnever evaluated
FALSEnever evaluated
0
213 BN_free(bn);-
214 X509V3error(X509V3_R_BN_DEC2BN_ERROR);-
215 return 0;
never executed: return 0;
0
216 }-
217-
218 if (isneg && BN_is_zero(bn))
isnegDescription
TRUEnever evaluated
FALSEnever evaluated
((bn)->top == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
219 isneg = 0;
never executed: isneg = 0;
0
220-
221 aint = BN_to_ASN1_INTEGER(bn, NULL);-
222 BN_free(bn);-
223 if (!aint) {
!aintDescription
TRUEnever evaluated
FALSEnever evaluated
0
224 X509V3error(X509V3_R_BN_TO_ASN1_INTEGER_ERROR);-
225 return 0;
never executed: return 0;
0
226 }-
227 if (isneg)
isnegDescription
TRUEnever evaluated
FALSEnever evaluated
0
228 aint->type |= V_ASN1_NEG;
never executed: aint->type |= 0x100;
0
229 return aint;
never executed: return aint;
0
230}-
231-
232int-
233X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,-
234 STACK_OF(CONF_VALUE) **extlist)-
235{-
236 char *strtmp;-
237 int ret;-
238-
239 if (!aint)
!aintDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
FALSEnever evaluated
0-1
240 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libcrypto.so.44.0.1
1
241 if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
!(strtmp = i2s... *)0) , aint))Description
TRUEnever evaluated
FALSEnever evaluated
0
242 return 0;
never executed: return 0;
0
243 ret = X509V3_add_value(name, strtmp, extlist);-
244 free(strtmp);-
245 return ret;
never executed: return ret;
0
246}-
247-
248int-
249X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)-
250{-
251 char *btmp;-
252-
253 if (!(btmp = value->value))
!(btmp = value->value)Description
TRUEnever evaluated
FALSEnever evaluated
0
254 goto err;
never executed: goto err;
0
255 if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") ||
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "TRUE" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "true" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! __extension_...TRUE" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
! __extension_...true" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
256 !strcmp(btmp, "Y") || !strcmp(btmp, "y") ||
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "Y" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "y" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! __extension_..., "Y" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
! __extension_..., "y" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
257 !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "YES" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "yes" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! __extension_..."YES" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
! __extension_..."yes" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
258 *asn1_bool = 0xff;-
259 return 1;
never executed: return 1;
0
260 } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") ||
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "FALSE" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "false" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! __extension_...ALSE" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
! __extension_...alse" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
261 !strcmp(btmp, "N") || !strcmp(btmp, "n") ||
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "N" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "n" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! __extension_..., "N" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
! __extension_..., "n" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
262 !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "NO" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( btmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "no" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
! __extension_... "NO" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
! __extension_... "no" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
263 *asn1_bool = 0;-
264 return 1;
never executed: return 1;
0
265 }-
266-
267err:
code before this statement never executed: err:
0
268 X509V3error(X509V3_R_INVALID_BOOLEAN_STRING);-
269 X509V3_conf_err(value);-
270 return 0;
never executed: return 0;
0
271}-
272-
273int-
274X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)-
275{-
276 ASN1_INTEGER *itmp;-
277-
278 if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
!(itmp = s2i_A...value->value))Description
TRUEnever evaluated
FALSEnever evaluated
0
279 X509V3_conf_err(value);-
280 return 0;
never executed: return 0;
0
281 }-
282 *aint = itmp;-
283 return 1;
never executed: return 1;
0
284}-
285-
286#define HDR_NAME 1-
287#define HDR_VALUE 2-
288-
289/*#define DEBUG*/-
290-
291STACK_OF(CONF_VALUE) *-
292X509V3_parse_list(const char *line)-
293{-
294 char *p, *q, c;-
295 char *ntmp, *vtmp;-
296 STACK_OF(CONF_VALUE) *values = NULL;-
297 char *linebuf;-
298 int state;-
299-
300 /* We are going to modify the line so copy it first */-
301 if ((linebuf = strdup(line)) == NULL) {
never executed: __retval = (char *) memcpy (__retval, line , __len);
(linebuf = (__...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( line )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...( line ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
302 X509V3error(ERR_R_MALLOC_FAILURE);-
303 goto err;
never executed: goto err;
0
304 }-
305 state = HDR_NAME;-
306 ntmp = NULL;-
307-
308 /* Go through all characters */-
309 for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') &&
(c = *p)Description
TRUEnever evaluated
FALSEnever evaluated
(c != '\r')Description
TRUEnever evaluated
FALSEnever evaluated
0
310 (c != '\n'); p++) {
(c != '\n')Description
TRUEnever evaluated
FALSEnever evaluated
0
311-
312 switch (state) {-
313 case HDR_NAME:
never executed: case 1:
0
314 if (c == ':') {
c == ':'Description
TRUEnever evaluated
FALSEnever evaluated
0
315 state = HDR_VALUE;-
316 *p = 0;-
317 ntmp = strip_spaces(q);-
318 if (!ntmp) {
!ntmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
319 X509V3error(X509V3_R_INVALID_NULL_NAME);-
320 goto err;
never executed: goto err;
0
321 }-
322 q = p + 1;-
323 } else if (c == ',') {
never executed: end of block
c == ','Description
TRUEnever evaluated
FALSEnever evaluated
0
324 *p = 0;-
325 ntmp = strip_spaces(q);-
326 q = p + 1;-
327 if (!ntmp) {
!ntmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
328 X509V3error(X509V3_R_INVALID_NULL_NAME);-
329 goto err;
never executed: goto err;
0
330 }-
331 X509V3_add_value(ntmp, NULL, &values);-
332 }
never executed: end of block
0
333 break;
never executed: break;
0
334-
335 case HDR_VALUE:
never executed: case 2:
0
336 if (c == ',') {
c == ','Description
TRUEnever evaluated
FALSEnever evaluated
0
337 state = HDR_NAME;-
338 *p = 0;-
339 vtmp = strip_spaces(q);-
340 if (!vtmp) {
!vtmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
341 X509V3error(X509V3_R_INVALID_NULL_VALUE);-
342 goto err;
never executed: goto err;
0
343 }-
344 X509V3_add_value(ntmp, vtmp, &values);-
345 ntmp = NULL;-
346 q = p + 1;-
347 }
never executed: end of block
0
348-
349 }
never executed: end of block
0
350 }
never executed: end of block
0
351-
352 if (state == HDR_VALUE) {
state == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
353 vtmp = strip_spaces(q);-
354 if (!vtmp) {
!vtmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
355 X509V3error(X509V3_R_INVALID_NULL_VALUE);-
356 goto err;
never executed: goto err;
0
357 }-
358 X509V3_add_value(ntmp, vtmp, &values);-
359 } else {
never executed: end of block
0
360 ntmp = strip_spaces(q);-
361 if (!ntmp) {
!ntmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
362 X509V3error(X509V3_R_INVALID_NULL_NAME);-
363 goto err;
never executed: goto err;
0
364 }-
365 X509V3_add_value(ntmp, NULL, &values);-
366 }
never executed: end of block
0
367 free(linebuf);-
368 return values;
never executed: return values;
0
369-
370err:-
371 free(linebuf);-
372 sk_CONF_VALUE_pop_free(values, X509V3_conf_free);-
373 return NULL;
never executed: return ((void *)0) ;
0
374-
375}-
376-
377/* Delete leading and trailing spaces from a string */-
378static char *-
379strip_spaces(char *name)-
380{-
381 char *p, *q;-
382-
383 /* Skip over leading spaces */-
384 p = name;-
385 while (*p && isspace((unsigned char)*p))
*pDescription
TRUEnever evaluated
FALSEnever evaluated
((*__ctype_b_l...int) _ISspace)Description
TRUEnever evaluated
FALSEnever evaluated
0
386 p++;
never executed: p++;
0
387 if (!*p)
!*pDescription
TRUEnever evaluated
FALSEnever evaluated
0
388 return NULL;
never executed: return ((void *)0) ;
0
389 q = p + strlen(p) - 1;-
390 while ((q != p) && isspace((unsigned char)*q))
(q != p)Description
TRUEnever evaluated
FALSEnever evaluated
((*__ctype_b_l...int) _ISspace)Description
TRUEnever evaluated
FALSEnever evaluated
0
391 q--;
never executed: q--;
0
392 if (p != q)
p != qDescription
TRUEnever evaluated
FALSEnever evaluated
0
393 q[1] = 0;
never executed: q[1] = 0;
0
394 if (!*p)
!*pDescription
TRUEnever evaluated
FALSEnever evaluated
0
395 return NULL;
never executed: return ((void *)0) ;
0
396 return p;
never executed: return p;
0
397}-
398-
399/* hex string utilities */-
400-
401/* Given a buffer of length 'len' return a malloc'ed string with its-
402 * hex representation-
403 */-
404char *-
405hex_to_string(const unsigned char *buffer, long len)-
406{-
407 char *tmp, *q;-
408 const unsigned char *p;-
409 int i;-
410 static const char hexdig[] = "0123456789ABCDEF";-
411-
412 if (!buffer || !len)
!bufferDescription
TRUEnever evaluated
FALSEnever evaluated
!lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
413 return NULL;
never executed: return ((void *)0) ;
0
414 if (!(tmp = malloc(len * 3 + 1))) {
!(tmp = malloc(len * 3 + 1))Description
TRUEnever evaluated
FALSEnever evaluated
0
415 X509V3error(ERR_R_MALLOC_FAILURE);-
416 return NULL;
never executed: return ((void *)0) ;
0
417 }-
418 q = tmp;-
419 for (i = 0, p = buffer; i < len; i++, p++) {
i < lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
420 *q++ = hexdig[(*p >> 4) & 0xf];-
421 *q++ = hexdig[*p & 0xf];-
422 *q++ = ':';-
423 }
never executed: end of block
0
424 q[-1] = 0;-
425 return tmp;
never executed: return tmp;
0
426}-
427-
428/* Give a string of hex digits convert to-
429 * a buffer-
430 */-
431-
432unsigned char *-
433string_to_hex(const char *str, long *len)-
434{-
435 unsigned char *hexbuf, *q;-
436 unsigned char ch, cl, *p;-
437 if (!str) {
!strDescription
TRUEnever evaluated
FALSEnever evaluated
0
438 X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);-
439 return NULL;
never executed: return ((void *)0) ;
0
440 }-
441 if (!(hexbuf = malloc(strlen(str) >> 1)))
!(hexbuf = mal...en(str) >> 1))Description
TRUEnever evaluated
FALSEnever evaluated
0
442 goto err;
never executed: goto err;
0
443 for (p = (unsigned char *)str, q = hexbuf; *p; ) {
*pDescription
TRUEnever evaluated
FALSEnever evaluated
0
444 ch = *p++;-
445 if (ch == ':')
ch == ':'Description
TRUEnever evaluated
FALSEnever evaluated
0
446 continue;
never executed: continue;
0
447 cl = *p++;-
448 if (!cl) {
!clDescription
TRUEnever evaluated
FALSEnever evaluated
0
449 X509V3error(X509V3_R_ODD_NUMBER_OF_DIGITS);-
450 free(hexbuf);-
451 return NULL;
never executed: return ((void *)0) ;
0
452 }-
453 ch = tolower(ch);
never executed: end of block
never executed: __res = tolower ( ch );
never executed: __res = (*__ctype_tolower_loc ())[(int) ( ch )];
sizeof ( ch ) > 1Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ch )Description
TRUEnever evaluated
FALSEnever evaluated
__c < -128Description
TRUEnever evaluated
FALSEnever evaluated
__c > 255Description
TRUEnever evaluated
FALSEnever evaluated
0
454 cl = tolower(cl);
never executed: end of block
never executed: __res = tolower ( cl );
never executed: __res = (*__ctype_tolower_loc ())[(int) ( cl )];
sizeof ( cl ) > 1Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( cl )Description
TRUEnever evaluated
FALSEnever evaluated
__c < -128Description
TRUEnever evaluated
FALSEnever evaluated
__c > 255Description
TRUEnever evaluated
FALSEnever evaluated
0
455-
456 if ((ch >= '0') && (ch <= '9'))
(ch >= '0')Description
TRUEnever evaluated
FALSEnever evaluated
(ch <= '9')Description
TRUEnever evaluated
FALSEnever evaluated
0
457 ch -= '0';
never executed: ch -= '0';
0
458 else if ((ch >= 'a') && (ch <= 'f'))
(ch >= 'a')Description
TRUEnever evaluated
FALSEnever evaluated
(ch <= 'f')Description
TRUEnever evaluated
FALSEnever evaluated
0
459 ch -= 'a' - 10;
never executed: ch -= 'a' - 10;
0
460 else-
461 goto badhex;
never executed: goto badhex;
0
462-
463 if ((cl >= '0') && (cl <= '9'))
(cl >= '0')Description
TRUEnever evaluated
FALSEnever evaluated
(cl <= '9')Description
TRUEnever evaluated
FALSEnever evaluated
0
464 cl -= '0';
never executed: cl -= '0';
0
465 else if ((cl >= 'a') && (cl <= 'f'))
(cl >= 'a')Description
TRUEnever evaluated
FALSEnever evaluated
(cl <= 'f')Description
TRUEnever evaluated
FALSEnever evaluated
0
466 cl -= 'a' - 10;
never executed: cl -= 'a' - 10;
0
467 else-
468 goto badhex;
never executed: goto badhex;
0
469-
470 *q++ = (ch << 4) | cl;-
471 }
never executed: end of block
0
472-
473 if (len)
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
474 *len = q - hexbuf;
never executed: *len = q - hexbuf;
0
475-
476 return hexbuf;
never executed: return hexbuf;
0
477-
478err:-
479 free(hexbuf);-
480 X509V3error(ERR_R_MALLOC_FAILURE);-
481 return NULL;
never executed: return ((void *)0) ;
0
482-
483badhex:-
484 free(hexbuf);-
485 X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT);-
486 return NULL;
never executed: return ((void *)0) ;
0
487}-
488-
489/* V2I name comparison function: returns zero if 'name' matches-
490 * cmp or cmp.*-
491 */-
492-
493int-
494name_cmp(const char *name, const char *cmp)-
495{-
496 int len, ret;-
497 char c;-
498-
499 len = strlen(cmp);-
500 if ((ret = strncmp(name, cmp, len)))
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( cmp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(ret = (__exte...mp , len ))) )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( len )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( name )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( name ...ze_t) ( len ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( cmp )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( cmp )...ze_t) ( len ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
501 return ret;
never executed: return ret;
0
502 c = name[len];-
503 if (!c || (c=='.'))
!cDescription
TRUEnever evaluated
FALSEnever evaluated
(c=='.')Description
TRUEnever evaluated
FALSEnever evaluated
0
504 return 0;
never executed: return 0;
0
505 return 1;
never executed: return 1;
0
506}-
507-
508static int-
509sk_strcmp(const char * const *a, const char * const *b)-
510{-
511 return strcmp(*a, *b);
never executed: return __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p ( *a ) && __builtin_constant_p ( *b ) && (__s1_len = __builtin_strlen ( *a ), __s2_len = __builtin_strlen ( *b ), (!((size_t)(const void *)(( *a ) + 1) - (size_t)(const void *)( *a )...ult == 0) { __result = (((const unsigned char *) (const char *) ( *b ))[2] - __s2[2]); if (__s2_len > 2 && __result == 0) __result = (((const unsigned char *) (const char *) ( *b ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp ( *a , *b )))); }) ;
never executed: __result = (((const unsigned char *) (const char *) ( *a ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( *b ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
512}-
513-
514STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)-
515{-
516 GENERAL_NAMES *gens;-
517 STACK_OF(OPENSSL_STRING) *ret;-
518-
519 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);-
520 ret = get_email(X509_get_subject_name(x), gens);-
521 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);-
522 return ret;
never executed: return ret;
0
523}-
524-
525STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)-
526{-
527 AUTHORITY_INFO_ACCESS *info;-
528 STACK_OF(OPENSSL_STRING) *ret = NULL;-
529 int i;-
530-
531 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);-
532 if (!info)
!infoDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEnever evaluated
0-4
533 return NULL;
executed 4 times by 1 test: return ((void *)0) ;
Executed by:
  • tlstest
4
534 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
i < sk_num(((_...CRIPTION*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
535 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);-
536 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
OBJ_obj2nid(ad->method) == 178Description
TRUEnever evaluated
FALSEnever evaluated
0
537 if (ad->location->type == GEN_URI) {
ad->location->type == 6Description
TRUEnever evaluated
FALSEnever evaluated
0
538 if (!append_ia5(&ret,
!append_ia5(&r...rceIdentifier)Description
TRUEnever evaluated
FALSEnever evaluated
0
539 ad->location->d.uniformResourceIdentifier))
!append_ia5(&r...rceIdentifier)Description
TRUEnever evaluated
FALSEnever evaluated
0
540 break;
never executed: break;
0
541 }
never executed: end of block
0
542 }
never executed: end of block
0
543 }
never executed: end of block
0
544 AUTHORITY_INFO_ACCESS_free(info);-
545 return ret;
never executed: return ret;
0
546}-
547-
548STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)-
549{-
550 GENERAL_NAMES *gens;-
551 STACK_OF(X509_EXTENSION) *exts;-
552 STACK_OF(OPENSSL_STRING) *ret;-
553-
554 exts = X509_REQ_get_extensions(x);-
555 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);-
556 ret = get_email(X509_REQ_get_subject_name(x), gens);-
557 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);-
558 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);-
559 return ret;
never executed: return ret;
0
560}-
561-
562-
563static-
564STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)-
565{-
566 STACK_OF(OPENSSL_STRING) *ret = NULL;-
567 X509_NAME_ENTRY *ne;-
568 ASN1_IA5STRING *email;-
569 GENERAL_NAME *gen;-
570 int i;-
571-
572 /* Now add any email address(es) to STACK */-
573 i = -1;-
574-
575 /* First supplied X509_NAME */-
576 while ((i = X509_NAME_get_index_by_NID(name,
(i = X509_NAME..., 48, i)) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
577 NID_pkcs9_emailAddress, i)) >= 0) {
(i = X509_NAME..., 48, i)) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
578 ne = X509_NAME_get_entry(name, i);-
579 email = X509_NAME_ENTRY_get_data(ne);-
580 if (!append_ia5(&ret, email))
!append_ia5(&ret, email)Description
TRUEnever evaluated
FALSEnever evaluated
0
581 return NULL;
never executed: return ((void *)0) ;
0
582 }
never executed: end of block
0
583 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
i < sk_num(((_...RAL_NAME*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
584 gen = sk_GENERAL_NAME_value(gens, i);-
585 if (gen->type != GEN_EMAIL)
gen->type != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
586 continue;
never executed: continue;
0
587 if (!append_ia5(&ret, gen->d.ia5))
!append_ia5(&ret, gen->d.ia5)Description
TRUEnever evaluated
FALSEnever evaluated
0
588 return NULL;
never executed: return ((void *)0) ;
0
589 }
never executed: end of block
0
590 return ret;
never executed: return ret;
0
591}-
592-
593static void-
594str_free(OPENSSL_STRING str)-
595{-
596 free(str);-
597}
never executed: end of block
0
598-
599static int-
600append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)-
601{-
602 char *emtmp;-
603-
604 /* First some sanity checks */-
605 if (email->type != V_ASN1_IA5STRING)
email->type != 22Description
TRUEnever evaluated
FALSEnever evaluated
0
606 return 1;
never executed: return 1;
0
607 if (!email->data || !email->length)
!email->dataDescription
TRUEnever evaluated
FALSEnever evaluated
!email->lengthDescription
TRUEnever evaluated
FALSEnever evaluated
0
608 return 1;
never executed: return 1;
0
609 if (!*sk)
!*skDescription
TRUEnever evaluated
FALSEnever evaluated
0
610 *sk = sk_OPENSSL_STRING_new(sk_strcmp);
never executed: *sk = ((struct stack_st_OPENSSL_STRING *)sk_new(((int (*)(const void *, const void *)) ((1 ? sk_strcmp : (int (*)(const char * const *, const char * const *))0)))));
0
611 if (!*sk)
!*skDescription
TRUEnever evaluated
FALSEnever evaluated
0
612 return 0;
never executed: return 0;
0
613 /* Don't add duplicates */-
614 if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
sk_find(((_STA...ar*)0))) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
615 return 1;
never executed: return 1;
0
616 emtmp = strdup((char *)email->data);
never executed: __retval = (char *) memcpy (__retval, (char *)email->data , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...)email->data )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...->data ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
617 if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
!emtmpDescription
TRUEnever evaluated
FALSEnever evaluated
!sk_push(((_ST... : (char*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
618 X509_email_free(*sk);-
619 *sk = NULL;-
620 return 0;
never executed: return 0;
0
621 }-
622 return 1;
never executed: return 1;
0
623}-
624-
625void-
626X509_email_free(STACK_OF(OPENSSL_STRING) *sk)-
627{-
628 sk_OPENSSL_STRING_pop_free(sk, str_free);-
629}
executed 9 times by 2 tests: end of block
Executed by:
  • freenull
  • tlstest
9
630-
631typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,-
632 const unsigned char *subject, size_t subject_len, unsigned int flags);-
633-
634/* Skip pattern prefix to match "wildcard" subject */-
635static void skip_prefix(const unsigned char **p, size_t *plen,-
636 const unsigned char *subject, size_t subject_len, unsigned int flags)-
637{-
638 const unsigned char *pattern = *p;-
639 size_t pattern_len = *plen;-
640-
641 /*-
642 * If subject starts with a leading '.' followed by more octets, and-
643 * pattern is longer, compare just an equal-length suffix with the-
644 * full subject (starting at the '.'), provided the prefix contains-
645 * no NULs.-
646 */-
647 if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
(flags & 0x8000) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
648 return;
never executed: return;
0
649-
650 while (pattern_len > subject_len && *pattern) {
pattern_len > subject_lenDescription
TRUEnever evaluated
FALSEnever evaluated
*patternDescription
TRUEnever evaluated
FALSEnever evaluated
0
651 if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
(flags & 0x10)Description
TRUEnever evaluated
FALSEnever evaluated
0
652 *pattern == '.')
*pattern == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
653 break;
never executed: break;
0
654 ++pattern;-
655 --pattern_len;-
656 }
never executed: end of block
0
657-
658 /* Skip if entire prefix acceptable */-
659 if (pattern_len == subject_len) {
pattern_len == subject_lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
660 *p = pattern;-
661 *plen = pattern_len;-
662 }
never executed: end of block
0
663}
never executed: end of block
0
664-
665/*-
666 * Open/BoringSSL uses memcmp for "equal_case" while their-
667 * "equal_nocase" function is a hand-rolled strncasecmp that does not-
668 * allow \0 in the pattern. Since an embedded \0 is likely a sign of-
669 * problems, we simply don't allow it in either case, and then we use-
670 * standard libc funcitons.-
671 */-
672-
673/* Compare using strncasecmp */-
674static int equal_nocase(const unsigned char *pattern, size_t pattern_len,-
675 const unsigned char *subject, size_t subject_len,-
676 unsigned int flags)-
677{-
678 if (memchr(pattern, '\0', pattern_len) != NULL)
memchr(pattern...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
679 return 0;
never executed: return 0;
0
680 if (memchr(subject, '\0', subject_len) != NULL)
memchr(subject...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
681 return 0;
never executed: return 0;
0
682 skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);-
683 if (pattern_len != subject_len)
pattern_len != subject_lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
684 return 0;
never executed: return 0;
0
685 return (strncasecmp(pattern, subject, pattern_len) == 0);
never executed: return (strncasecmp(pattern, subject, pattern_len) == 0);
0
686}-
687-
688/* Compare using strncmp. */-
689static int equal_case(const unsigned char *pattern, size_t pattern_len,-
690 const unsigned char *subject, size_t subject_len,-
691 unsigned int flags)-
692{-
693 if (memchr(pattern, 0, pattern_len) != NULL)
memchr(pattern...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
694 return 0;
never executed: return 0;
0
695 if (memchr(subject, 0, subject_len) != NULL)
memchr(subject...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
696 return 0;
never executed: return 0;
0
697 skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);-
698 if (pattern_len != subject_len)
pattern_len != subject_lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
699 return 0;
never executed: return 0;
0
700 return (strncmp(pattern, subject, pattern_len) == 0);
never executed: return ( (__extension__ (__builtin_constant_p ( pattern_len ) && ((__builtin_constant_p ( pattern ) && strlen ( pattern ) < ((size_t) ( pattern_len ))) || (__builtin_constant_p ( subject ) && strlen ( subject ) < ((size_t) ( pattern_len )))) ? __extension... ))[2] - __s2[2]); if (__s2_len > 2 && __result == 0) __result = (((const unsigned char *) (const char *) ( subject ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp ( pattern , subject )))); }) : strncmp ( pattern , subject , pattern_len ))) == 0);
never executed: __result = (((const unsigned char *) (const char *) ( pattern ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( subject ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__builtin_cons... pattern_len )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( pattern )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( patte...pattern_len ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons..._p ( subject )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( subje...pattern_len ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
701}-
702-
703/*-
704 * RFC 5280, section 7.5, requires that only the domain is compared in a-
705 * case-insensitive manner.-
706 */-
707static int equal_email(const unsigned char *a, size_t a_len,-
708 const unsigned char *b, size_t b_len,-
709 unsigned int unused_flags)-
710{-
711 size_t pos = a_len;-
712 if (a_len != b_len)
a_len != b_lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
713 return 0;
never executed: return 0;
0
714 /*-
715 * We search backwards for the '@' character, so that we do not have to-
716 * deal with quoted local-parts. The domain part is compared in a-
717 * case-insensitive manner.-
718 */-
719 while (pos > 0) {
pos > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
720 pos--;-
721 if (a[pos] == '@' || b[pos] == '@') {
a[pos] == '@'Description
TRUEnever evaluated
FALSEnever evaluated
b[pos] == '@'Description
TRUEnever evaluated
FALSEnever evaluated
0
722 if (!equal_nocase(a + pos, a_len - pos, b + pos, a_len - pos, 0))
!equal_nocase(..._len - pos, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
723 return 0;
never executed: return 0;
0
724 break;
never executed: break;
0
725 }-
726 }
never executed: end of block
0
727 if (pos == 0)
pos == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
728 pos = a_len;
never executed: pos = a_len;
0
729 return equal_case(a, pos, b, pos, 0);
never executed: return equal_case(a, pos, b, pos, 0);
0
730}-
731-
732/*-
733 * Compare the prefix and suffix with the subject, and check that the-
734 * characters in-between are valid.-
735 */-
736static int wildcard_match(const unsigned char *prefix, size_t prefix_len,-
737 const unsigned char *suffix, size_t suffix_len,-
738 const unsigned char *subject, size_t subject_len, unsigned int flags)-
739{-
740 const unsigned char *wildcard_start;-
741 const unsigned char *wildcard_end;-
742 const unsigned char *p;-
743 int allow_multi = 0;-
744 int allow_idna = 0;-
745-
746 if (subject_len < prefix_len + suffix_len)
subject_len < ...n + suffix_lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
747 return 0;
never executed: return 0;
0
748 if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
!equal_nocase(...ix_len, flags)Description
TRUEnever evaluated
FALSEnever evaluated
0
749 return 0;
never executed: return 0;
0
750 wildcard_start = subject + prefix_len;-
751 wildcard_end = subject + (subject_len - suffix_len);-
752 if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
!equal_nocase(...ix_len, flags)Description
TRUEnever evaluated
FALSEnever evaluated
0
753 return 0;
never executed: return 0;
0
754 /*-
755 * If the wildcard makes up the entire first label, it must match at-
756 * least one character.-
757 */-
758 if (prefix_len == 0 && *suffix == '.') {
prefix_len == 0Description
TRUEnever evaluated
FALSEnever evaluated
*suffix == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
759 if (wildcard_start == wildcard_end)
wildcard_start == wildcard_endDescription
TRUEnever evaluated
FALSEnever evaluated
0
760 return 0;
never executed: return 0;
0
761 allow_idna = 1;-
762 if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
flags & 0x8Description
TRUEnever evaluated
FALSEnever evaluated
0
763 allow_multi = 1;
never executed: allow_multi = 1;
0
764 }
never executed: end of block
0
765 /* IDNA labels cannot match partial wildcards */-
766 if (!allow_idna &&
!allow_idnaDescription
TRUEnever evaluated
FALSEnever evaluated
0
767 subject_len >= 4
subject_len >= 4Description
TRUEnever evaluated
FALSEnever evaluated
0
768 && strncasecmp((char *)subject, "xn--", 4) == 0)
strncasecmp((c...xn--", 4) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
769 return 0;
never executed: return 0;
0
770 /* The wildcard may match a literal '*' */-
771 if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
wildcard_end =...card_start + 1Description
TRUEnever evaluated
FALSEnever evaluated
*wildcard_start == '*'Description
TRUEnever evaluated
FALSEnever evaluated
0
772 return 1;
never executed: return 1;
0
773 /*-
774 * Check that the part matched by the wildcard contains only-
775 * permitted characters and only matches a single label unless-
776 * allow_multi is set.-
777 */-
778 for (p = wildcard_start; p != wildcard_end; ++p)
p != wildcard_endDescription
TRUEnever evaluated
FALSEnever evaluated
0
779 if (!(('0' <= *p && *p <= '9') || ('A' <= *p && *p <= 'Z') ||
'0' <= *pDescription
TRUEnever evaluated
FALSEnever evaluated
*p <= '9'Description
TRUEnever evaluated
FALSEnever evaluated
'A' <= *pDescription
TRUEnever evaluated
FALSEnever evaluated
*p <= 'Z'Description
TRUEnever evaluated
FALSEnever evaluated
0
780 ('a' <= *p && *p <= 'z') || *p == '-' ||
'a' <= *pDescription
TRUEnever evaluated
FALSEnever evaluated
*p <= 'z'Description
TRUEnever evaluated
FALSEnever evaluated
*p == '-'Description
TRUEnever evaluated
FALSEnever evaluated
0
781 (allow_multi && *p == '.')))
allow_multiDescription
TRUEnever evaluated
FALSEnever evaluated
*p == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
782 return 0;
never executed: return 0;
0
783 return 1;
never executed: return 1;
0
784}-
785-
786#define LABEL_START (1 << 0)-
787#define LABEL_END (1 << 1)-
788#define LABEL_HYPHEN (1 << 2)-
789#define LABEL_IDNA (1 << 3)-
790-
791static const unsigned char *valid_star(const unsigned char *p, size_t len,-
792 unsigned int flags)-
793{-
794 const unsigned char *star = 0;-
795 size_t i;-
796 int state = LABEL_START;-
797 int dots = 0;-
798 for (i = 0; i < len; ++i) {
i < lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
799 /*-
800 * Locate first and only legal wildcard, either at the start-
801 * or end of a non-IDNA first and not final label.-
802 */-
803 if (p[i] == '*') {
p[i] == '*'Description
TRUEnever evaluated
FALSEnever evaluated
0
804 int atstart = (state & LABEL_START);-
805 int atend = (i == len - 1 || p[i + 1] == '.');
i == len - 1Description
TRUEnever evaluated
FALSEnever evaluated
p[i + 1] == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
806 /*-
807 * At most one wildcard per pattern.-
808 * No wildcards in IDNA labels.-
809 * No wildcards after the first label.-
810 */-
811 if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
star != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(state & (1 << 3)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
dotsDescription
TRUEnever evaluated
FALSEnever evaluated
0
812 return NULL;
never executed: return ((void *)0) ;
0
813 /* Only full-label '*.example.com' wildcards? */-
814 if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
(flags & 0x4)Description
TRUEnever evaluated
FALSEnever evaluated
0
815 && (!atstart || !atend))
!atstartDescription
TRUEnever evaluated
FALSEnever evaluated
!atendDescription
TRUEnever evaluated
FALSEnever evaluated
0
816 return NULL;
never executed: return ((void *)0) ;
0
817 /* No 'foo*bar' wildcards */-
818 if (!atstart && !atend)
!atstartDescription
TRUEnever evaluated
FALSEnever evaluated
!atendDescription
TRUEnever evaluated
FALSEnever evaluated
0
819 return NULL;
never executed: return ((void *)0) ;
0
820 star = &p[i];-
821 state &= ~LABEL_START;-
822 } else if ((state & LABEL_START) != 0) {
never executed: end of block
(state & (1 << 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
823 /*-
824 * At the start of a label, skip any "xn--" and-
825 * remain in the LABEL_START state, but set the-
826 * IDNA label state-
827 */-
828 if ((state & LABEL_IDNA) == 0 && len - i >= 4
(state & (1 << 3)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
len - i >= 4Description
TRUEnever evaluated
FALSEnever evaluated
0
829 && strncasecmp((char *)&p[i], "xn--", 4) == 0) {
strncasecmp((c...xn--", 4) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
830 i += 3;-
831 state |= LABEL_IDNA;-
832 continue;
never executed: continue;
0
833 }-
834 /* Labels must start with a letter or digit */-
835 state &= ~LABEL_START;-
836 if (('a' <= p[i] && p[i] <= 'z')
'a' <= p[i]Description
TRUEnever evaluated
FALSEnever evaluated
p[i] <= 'z'Description
TRUEnever evaluated
FALSEnever evaluated
0
837 || ('A' <= p[i] && p[i] <= 'Z')
'A' <= p[i]Description
TRUEnever evaluated
FALSEnever evaluated
p[i] <= 'Z'Description
TRUEnever evaluated
FALSEnever evaluated
0
838 || ('0' <= p[i] && p[i] <= '9'))
'0' <= p[i]Description
TRUEnever evaluated
FALSEnever evaluated
p[i] <= '9'Description
TRUEnever evaluated
FALSEnever evaluated
0
839 continue;
never executed: continue;
0
840 return NULL;
never executed: return ((void *)0) ;
0
841 } else if (('a' <= p[i] && p[i] <= 'z')
'a' <= p[i]Description
TRUEnever evaluated
FALSEnever evaluated
p[i] <= 'z'Description
TRUEnever evaluated
FALSEnever evaluated
0
842 || ('A' <= p[i] && p[i] <= 'Z')
'A' <= p[i]Description
TRUEnever evaluated
FALSEnever evaluated
p[i] <= 'Z'Description
TRUEnever evaluated
FALSEnever evaluated
0
843 || ('0' <= p[i] && p[i] <= '9')) {
'0' <= p[i]Description
TRUEnever evaluated
FALSEnever evaluated
p[i] <= '9'Description
TRUEnever evaluated
FALSEnever evaluated
0
844 state &= LABEL_IDNA;-
845 continue;
never executed: continue;
0
846 } else if (p[i] == '.') {
p[i] == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
847 if (state & (LABEL_HYPHEN | LABEL_START))
state & ((1 << 2) | (1 << 0))Description
TRUEnever evaluated
FALSEnever evaluated
0
848 return NULL;
never executed: return ((void *)0) ;
0
849 state = LABEL_START;-
850 ++dots;-
851 } else if (p[i] == '-') {
never executed: end of block
p[i] == '-'Description
TRUEnever evaluated
FALSEnever evaluated
0
852 /* no domain/subdomain starts with '-' */-
853 if ((state & LABEL_START) != 0)
(state & (1 << 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
854 return NULL;
never executed: return ((void *)0) ;
0
855 state |= LABEL_HYPHEN;-
856 } else
never executed: end of block
0
857 return NULL;
never executed: return ((void *)0) ;
0
858 }-
859-
860 /*-
861 * The final label must not end in a hyphen or ".", and-
862 * there must be at least two dots after the star.-
863 */-
864 if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
(state & ((1 <...1 << 2))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
dots < 2Description
TRUEnever evaluated
FALSEnever evaluated
0
865 return NULL;
never executed: return ((void *)0) ;
0
866 return star;
never executed: return star;
0
867}-
868-
869/* Compare using wildcards. */-
870static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,-
871 const unsigned char *subject, size_t subject_len, unsigned int flags)-
872{-
873 const unsigned char *star = NULL;-
874-
875 /*-
876 * Subject names starting with '.' can only match a wildcard pattern-
877 * via a subject sub-domain pattern suffix match.-
878 */-
879 if (!(subject_len > 1 && subject[0] == '.'))
subject_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
subject[0] == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
880 star = valid_star(pattern, pattern_len, flags);
never executed: star = valid_star(pattern, pattern_len, flags);
0
881 if (star == NULL)
star == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
882 return equal_nocase(pattern, pattern_len,
never executed: return equal_nocase(pattern, pattern_len, subject, subject_len, flags);
0
883 subject, subject_len, flags);
never executed: return equal_nocase(pattern, pattern_len, subject, subject_len, flags);
0
884 return wildcard_match(pattern, star - pattern,
never executed: return wildcard_match(pattern, star - pattern, star + 1, (pattern + pattern_len) - star - 1, subject, subject_len, flags);
0
885 star + 1, (pattern + pattern_len) - star - 1,
never executed: return wildcard_match(pattern, star - pattern, star + 1, (pattern + pattern_len) - star - 1, subject, subject_len, flags);
0
886 subject, subject_len, flags);
never executed: return wildcard_match(pattern, star - pattern, star + 1, (pattern + pattern_len) - star - 1, subject, subject_len, flags);
0
887}-
888-
889/*-
890 * Compare an ASN1_STRING to a supplied string. If they match return 1. If-
891 * cmp_type > 0 only compare if string matches the type, otherwise convert it-
892 * to UTF8.-
893 */-
894-
895static int-
896do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,-
897 unsigned int flags, const char *b, size_t blen, char **peername)-
898{-
899 int rv = 0;-
900-
901 if (!a->data || !a->length)
!a->dataDescription
TRUEnever evaluated
FALSEnever evaluated
!a->lengthDescription
TRUEnever evaluated
FALSEnever evaluated
0
902 return 0;
never executed: return 0;
0
903 if (cmp_type > 0) {
cmp_type > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
904 if (cmp_type != a->type)
cmp_type != a->typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
905 return 0;
never executed: return 0;
0
906 if (cmp_type == V_ASN1_IA5STRING)
cmp_type == 22Description
TRUEnever evaluated
FALSEnever evaluated
0
907 rv = equal(a->data, a->length, (unsigned char *)b,
never executed: rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
0
908 blen, flags);
never executed: rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
0
909 else if (a->length == (int)blen && !memcmp(a->data, b, blen))
a->length == (int)blenDescription
TRUEnever evaluated
FALSEnever evaluated
!memcmp(a->data, b, blen)Description
TRUEnever evaluated
FALSEnever evaluated
0
910 rv = 1;
never executed: rv = 1;
0
911 if (rv > 0 && peername &&
rv > 0Description
TRUEnever evaluated
FALSEnever evaluated
peernameDescription
TRUEnever evaluated
FALSEnever evaluated
0
912 (*peername = strndup((char *)a->data, a->length)) == NULL)
never executed: __len = __n + 1;
never executed: end of block
__n < __lenDescription
TRUEnever evaluated
FALSEnever evaluated
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
(*peername = (...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...ar *)a->data )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...->data ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
913 rv = -1;
never executed: rv = -1;
0
914 } else {
never executed: end of block
0
915 int astrlen;-
916 unsigned char *astr;-
917 astrlen = ASN1_STRING_to_UTF8(&astr, a);-
918 if (astrlen < 0)
astrlen < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
919 return -1;
never executed: return -1;
0
920 rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);-
921 if (rv > 0 && peername &&
rv > 0Description
TRUEnever evaluated
FALSEnever evaluated
peernameDescription
TRUEnever evaluated
FALSEnever evaluated
0
922 (*peername = strndup((char *)astr, astrlen)) == NULL)
never executed: __len = __n + 1;
never executed: end of block
__n < __lenDescription
TRUEnever evaluated
FALSEnever evaluated
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
(*peername = (...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...(char *)astr )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons...*)astr ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
923 rv = -1;
never executed: rv = -1;
0
924 free(astr);-
925 }
never executed: end of block
0
926 return rv;
never executed: return rv;
0
927}-
928-
929static int do_x509_check(X509 *x, const char *chk, size_t chklen,-
930 unsigned int flags, int check_type, char **peername)-
931{-
932 GENERAL_NAMES *gens = NULL;-
933 X509_NAME *name = NULL;-
934 size_t i;-
935 int j;-
936 int cnid = NID_undef;-
937 int alt_type;-
938 int san_present = 0;-
939 int rv = 0;-
940 equal_fn equal;-
941-
942 /* See below, this flag is internal-only */-
943 flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS;-
944 if (check_type == GEN_EMAIL) {
check_type == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
945 cnid = NID_pkcs9_emailAddress;-
946 alt_type = V_ASN1_IA5STRING;-
947 equal = equal_email;-
948 } else if (check_type == GEN_DNS) {
never executed: end of block
check_type == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
949 cnid = NID_commonName;-
950 /* Implicit client-side DNS sub-domain pattern */-
951 if (chklen > 1 && chk[0] == '.')
chklen > 1Description
TRUEnever evaluated
FALSEnever evaluated
chk[0] == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
952 flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS;
never executed: flags |= 0x8000;
0
953 alt_type = V_ASN1_IA5STRING;-
954 if (flags & X509_CHECK_FLAG_NO_WILDCARDS)
flags & 0x2Description
TRUEnever evaluated
FALSEnever evaluated
0
955 equal = equal_nocase;
never executed: equal = equal_nocase;
0
956 else-
957 equal = equal_wildcard;
never executed: equal = equal_wildcard;
0
958 } else {-
959 alt_type = V_ASN1_OCTET_STRING;-
960 equal = equal_case;-
961 }
never executed: end of block
0
962-
963 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);-
964 if (gens != NULL) {
gens != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
965 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
i < sk_num(((_...RAL_NAME*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
966 GENERAL_NAME *gen;-
967 ASN1_STRING *cstr;-
968 gen = sk_GENERAL_NAME_value(gens, i);-
969 if (gen->type != check_type)
gen->type != check_typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
970 continue;
never executed: continue;
0
971 san_present = 1;-
972 if (check_type == GEN_EMAIL)
check_type == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
973 cstr = gen->d.rfc822Name;
never executed: cstr = gen->d.rfc822Name;
0
974 else if (check_type == GEN_DNS)
check_type == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
975 cstr = gen->d.dNSName;
never executed: cstr = gen->d.dNSName;
0
976 else-
977 cstr = gen->d.iPAddress;
never executed: cstr = gen->d.iPAddress;
0
978 /* Positive on success, negative on error! */-
979 if ((rv = do_check_string(cstr, alt_type, equal, flags,
(rv = do_check...eername)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
980 chk, chklen, peername)) != 0)
(rv = do_check...eername)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
981 break;
never executed: break;
0
982 }
never executed: end of block
0
983 GENERAL_NAMES_free(gens);-
984 if (rv != 0)
rv != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
985 return rv;
never executed: return rv;
0
986 if (cnid == NID_undef ||
cnid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
987 (san_present &&
san_presentDescription
TRUEnever evaluated
FALSEnever evaluated
0
988 !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
!(flags & 0x1)Description
TRUEnever evaluated
FALSEnever evaluated
0
989 return 0;
never executed: return 0;
0
990 }
never executed: end of block
0
991-
992 /* We're done if CN-ID is not pertinent */-
993 if (cnid == NID_undef)
cnid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
994 return 0;
never executed: return 0;
0
995-
996 j = -1;-
997 name = X509_get_subject_name(x);-
998 while ((j = X509_NAME_get_index_by_NID(name, cnid, j)) >= 0) {
(j = X509_NAME...cnid, j)) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
999 X509_NAME_ENTRY *ne;-
1000 ASN1_STRING *str;-
1001 if ((ne = X509_NAME_get_entry(name, j)) == NULL)
(ne = X509_NAM...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1002 return -1;
never executed: return -1;
0
1003 if ((str = X509_NAME_ENTRY_get_data(ne)) == NULL)
(str = X509_NA...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1004 return -1;
never executed: return -1;
0
1005 /* Positive on success, negative on error! */-
1006 if ((rv = do_check_string(str, -1, equal, flags,
(rv = do_check...eername)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1007 chk, chklen, peername)) != 0)
(rv = do_check...eername)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1008 return rv;
never executed: return rv;
0
1009 }
never executed: end of block
0
1010 return 0;
never executed: return 0;
0
1011}-
1012-
1013int X509_check_host(X509 *x, const char *chk, size_t chklen,-
1014 unsigned int flags, char **peername)-
1015{-
1016 if (chk == NULL)
chk == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1017 return -2;
never executed: return -2;
0
1018 if (chklen == 0)
chklen == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1019 chklen = strlen(chk);
never executed: chklen = strlen(chk);
0
1020 else if (memchr(chk, '\0', chklen))
memchr(chk, '\0', chklen)Description
TRUEnever evaluated
FALSEnever evaluated
0
1021 return -2;
never executed: return -2;
0
1022 return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
never executed: return do_x509_check(x, chk, chklen, flags, 2, peername);
0
1023}-
1024-
1025int X509_check_email(X509 *x, const char *chk, size_t chklen,-
1026 unsigned int flags)-
1027{-
1028 if (chk == NULL)
chk == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1029 return -2;
never executed: return -2;
0
1030 if (chklen == 0)
chklen == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1031 chklen = strlen(chk);
never executed: chklen = strlen(chk);
0
1032 else if (memchr(chk, '\0', chklen))
memchr(chk, '\0', chklen)Description
TRUEnever evaluated
FALSEnever evaluated
0
1033 return -2;
never executed: return -2;
0
1034 return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
never executed: return do_x509_check(x, chk, chklen, flags, 1, ((void *)0) );
0
1035}-
1036-
1037int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,-
1038 unsigned int flags)-
1039{-
1040 if (chk == NULL)
chk == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1041 return -2;
never executed: return -2;
0
1042 return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
never executed: return do_x509_check(x, (char *)chk, chklen, flags, 7, ((void *)0) );
0
1043}-
1044-
1045int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)-
1046{-
1047 unsigned char ipout[16];-
1048 size_t iplen;-
1049-
1050 if (ipasc == NULL)
ipasc == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1051 return -2;
never executed: return -2;
0
1052 iplen = (size_t)a2i_ipadd(ipout, ipasc);-
1053 if (iplen == 0)
iplen == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1054 return -2;
never executed: return -2;
0
1055 return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
never executed: return do_x509_check(x, (char *)ipout, iplen, flags, 7, ((void *)0) );
0
1056}-
1057-
1058/* Convert IP addresses both IPv4 and IPv6 into an-
1059 * OCTET STRING compatible with RFC3280.-
1060 */-
1061-
1062ASN1_OCTET_STRING *-
1063a2i_IPADDRESS(const char *ipasc)-
1064{-
1065 unsigned char ipout[16];-
1066 ASN1_OCTET_STRING *ret;-
1067 int iplen;-
1068-
1069 /* If string contains a ':' assume IPv6 */-
1070-
1071 iplen = a2i_ipadd(ipout, ipasc);-
1072-
1073 if (!iplen)
!iplenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1074 return NULL;
never executed: return ((void *)0) ;
0
1075-
1076 ret = ASN1_OCTET_STRING_new();-
1077 if (!ret)
!retDescription
TRUEnever evaluated
FALSEnever evaluated
0
1078 return NULL;
never executed: return ((void *)0) ;
0
1079 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
!ASN1_OCTET_ST... ipout, iplen)Description
TRUEnever evaluated
FALSEnever evaluated
0
1080 ASN1_OCTET_STRING_free(ret);-
1081 return NULL;
never executed: return ((void *)0) ;
0
1082 }-
1083 return ret;
never executed: return ret;
0
1084}-
1085-
1086ASN1_OCTET_STRING *-
1087a2i_IPADDRESS_NC(const char *ipasc)-
1088{-
1089 ASN1_OCTET_STRING *ret = NULL;-
1090 unsigned char ipout[32];-
1091 char *iptmp = NULL, *p;-
1092 int iplen1, iplen2;-
1093-
1094 p = strchr(ipasc, '/');
__builtin_constant_p ( '/' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_con...nt_p ( ipasc )Description
TRUEnever evaluated
FALSEnever evaluated
( '/' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1095 if (!p)
!pDescription
TRUEnever evaluated
FALSEnever evaluated
0
1096 return NULL;
never executed: return ((void *)0) ;
0
1097 iptmp = strdup(ipasc);
never executed: __retval = (char *) memcpy (__retval, ipasc , __len);
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ipasc )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons... ipasc ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
1098 if (!iptmp)
!iptmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
1099 return NULL;
never executed: return ((void *)0) ;
0
1100 p = iptmp + (p - ipasc);-
1101 *p++ = 0;-
1102-
1103 iplen1 = a2i_ipadd(ipout, iptmp);-
1104-
1105 if (!iplen1)
!iplen1Description
TRUEnever evaluated
FALSEnever evaluated
0
1106 goto err;
never executed: goto err;
0
1107-
1108 iplen2 = a2i_ipadd(ipout + iplen1, p);-
1109-
1110 free(iptmp);-
1111 iptmp = NULL;-
1112-
1113 if (!iplen2 || (iplen1 != iplen2))
!iplen2Description
TRUEnever evaluated
FALSEnever evaluated
(iplen1 != iplen2)Description
TRUEnever evaluated
FALSEnever evaluated
0
1114 goto err;
never executed: goto err;
0
1115-
1116 ret = ASN1_OCTET_STRING_new();-
1117 if (!ret)
!retDescription
TRUEnever evaluated
FALSEnever evaluated
0
1118 goto err;
never executed: goto err;
0
1119 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
!ASN1_OCTET_ST...len1 + iplen2)Description
TRUEnever evaluated
FALSEnever evaluated
0
1120 goto err;
never executed: goto err;
0
1121-
1122 return ret;
never executed: return ret;
0
1123-
1124err:-
1125 free(iptmp);-
1126 if (ret)
retDescription
TRUEnever evaluated
FALSEnever evaluated
0
1127 ASN1_OCTET_STRING_free(ret);
never executed: ASN1_OCTET_STRING_free(ret);
0
1128 return NULL;
never executed: return ((void *)0) ;
0
1129}-
1130-
1131-
1132int-
1133a2i_ipadd(unsigned char *ipout, const char *ipasc)-
1134{-
1135 /* If string contains a ':' assume IPv6 */-
1136-
1137 if (strchr(ipasc, ':')) {
(__extension__...pasc , ':' )))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ':' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_con...nt_p ( ipasc )Description
TRUEnever evaluated
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1138 if (!ipv6_from_asc(ipout, ipasc))
!ipv6_from_asc(ipout, ipasc)Description
TRUEnever evaluated
FALSEnever evaluated
0
1139 return 0;
never executed: return 0;
0
1140 return 16;
never executed: return 16;
0
1141 } else {-
1142 if (!ipv4_from_asc(ipout, ipasc))
!ipv4_from_asc(ipout, ipasc)Description
TRUEnever evaluated
FALSEnever evaluated
0
1143 return 0;
never executed: return 0;
0
1144 return 4;
never executed: return 4;
0
1145 }-
1146}-
1147-
1148static int-
1149ipv4_from_asc(unsigned char *v4, const char *in)-
1150{-
1151 int a0, a1, a2, a3;-
1152 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
sscanf(in, "%d...&a2, &a3) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1153 return 0;
never executed: return 0;
0
1154 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) ||
(a0 < 0)Description
TRUEnever evaluated
FALSEnever evaluated
(a0 > 255)Description
TRUEnever evaluated
FALSEnever evaluated
(a1 < 0)Description
TRUEnever evaluated
FALSEnever evaluated
(a1 > 255)Description
TRUEnever evaluated
FALSEnever evaluated
0
1155 (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
(a2 < 0)Description
TRUEnever evaluated
FALSEnever evaluated
(a2 > 255)Description
TRUEnever evaluated
FALSEnever evaluated
(a3 < 0)Description
TRUEnever evaluated
FALSEnever evaluated
(a3 > 255)Description
TRUEnever evaluated
FALSEnever evaluated
0
1156 return 0;
never executed: return 0;
0
1157 v4[0] = a0;-
1158 v4[1] = a1;-
1159 v4[2] = a2;-
1160 v4[3] = a3;-
1161 return 1;
never executed: return 1;
0
1162}-
1163-
1164typedef struct {-
1165 /* Temporary store for IPV6 output */-
1166 unsigned char tmp[16];-
1167 /* Total number of bytes in tmp */-
1168 int total;-
1169 /* The position of a zero (corresponding to '::') */-
1170 int zero_pos;-
1171 /* Number of zeroes */-
1172 int zero_cnt;-
1173} IPV6_STAT;-
1174-
1175-
1176static int-
1177ipv6_from_asc(unsigned char *v6, const char *in)-
1178{-
1179 IPV6_STAT v6stat;-
1180-
1181 v6stat.total = 0;-
1182 v6stat.zero_pos = -1;-
1183 v6stat.zero_cnt = 0;-
1184-
1185 /* Treat the IPv6 representation as a list of values-
1186 * separated by ':'. The presence of a '::' will parse-
1187 * as one, two or three zero length elements.-
1188 */-
1189 if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
!CONF_parse_li...6_cb, &v6stat)Description
TRUEnever evaluated
FALSEnever evaluated
0
1190 return 0;
never executed: return 0;
0
1191-
1192 /* Now for some sanity checks */-
1193-
1194 if (v6stat.zero_pos == -1) {
v6stat.zero_pos == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1195 /* If no '::' must have exactly 16 bytes */-
1196 if (v6stat.total != 16)
v6stat.total != 16Description
TRUEnever evaluated
FALSEnever evaluated
0
1197 return 0;
never executed: return 0;
0
1198 } else {
never executed: end of block
0
1199 /* If '::' must have less than 16 bytes */-
1200 if (v6stat.total == 16)
v6stat.total == 16Description
TRUEnever evaluated
FALSEnever evaluated
0
1201 return 0;
never executed: return 0;
0
1202 /* More than three zeroes is an error */-
1203 if (v6stat.zero_cnt > 3)
v6stat.zero_cnt > 3Description
TRUEnever evaluated
FALSEnever evaluated
0
1204 return 0;
never executed: return 0;
0
1205 /* Can only have three zeroes if nothing else present */-
1206 else if (v6stat.zero_cnt == 3) {
v6stat.zero_cnt == 3Description
TRUEnever evaluated
FALSEnever evaluated
0
1207 if (v6stat.total > 0)
v6stat.total > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1208 return 0;
never executed: return 0;
0
1209 }
never executed: end of block
0
1210 /* Can only have two zeroes if at start or end */-
1211 else if (v6stat.zero_cnt == 2) {
v6stat.zero_cnt == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1212 if ((v6stat.zero_pos != 0) &&
(v6stat.zero_pos != 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1213 (v6stat.zero_pos != v6stat.total))
(v6stat.zero_p... v6stat.total)Description
TRUEnever evaluated
FALSEnever evaluated
0
1214 return 0;
never executed: return 0;
0
1215 } else
never executed: end of block
0
1216 /* Can only have one zero if *not* start or end */-
1217 {-
1218 if ((v6stat.zero_pos == 0) ||
(v6stat.zero_pos == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1219 (v6stat.zero_pos == v6stat.total))
(v6stat.zero_p... v6stat.total)Description
TRUEnever evaluated
FALSEnever evaluated
0
1220 return 0;
never executed: return 0;
0
1221 }
never executed: end of block
0
1222 }-
1223-
1224 /* Format result */-
1225-
1226 if (v6stat.zero_pos >= 0) {
v6stat.zero_pos >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1227 /* Copy initial part */-
1228 memcpy(v6, v6stat.tmp, v6stat.zero_pos);-
1229 /* Zero middle */-
1230 memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);-
1231 /* Copy final part */-
1232 if (v6stat.total != v6stat.zero_pos)
v6stat.total !...6stat.zero_posDescription
TRUEnever evaluated
FALSEnever evaluated
0
1233 memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
never executed: memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, v6stat.tmp + v6stat.zero_pos, v6stat.total - v6stat.zero_pos);
0
1234 v6stat.tmp + v6stat.zero_pos,
never executed: memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, v6stat.tmp + v6stat.zero_pos, v6stat.total - v6stat.zero_pos);
0
1235 v6stat.total - v6stat.zero_pos);
never executed: memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, v6stat.tmp + v6stat.zero_pos, v6stat.total - v6stat.zero_pos);
0
1236 } else
never executed: end of block
0
1237 memcpy(v6, v6stat.tmp, 16);
never executed: memcpy(v6, v6stat.tmp, 16);
0
1238-
1239 return 1;
never executed: return 1;
0
1240}-
1241-
1242static int-
1243ipv6_cb(const char *elem, int len, void *usr)-
1244{-
1245 IPV6_STAT *s = usr;-
1246-
1247 /* Error if 16 bytes written */-
1248 if (s->total == 16)
s->total == 16Description
TRUEnever evaluated
FALSEnever evaluated
0
1249 return 0;
never executed: return 0;
0
1250 if (len == 0) {
len == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1251 /* Zero length element, corresponds to '::' */-
1252 if (s->zero_pos == -1)
s->zero_pos == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1253 s->zero_pos = s->total;
never executed: s->zero_pos = s->total;
0
1254 /* If we've already got a :: its an error */-
1255 else if (s->zero_pos != s->total)
s->zero_pos != s->totalDescription
TRUEnever evaluated
FALSEnever evaluated
0
1256 return 0;
never executed: return 0;
0
1257 s->zero_cnt++;-
1258 } else {
never executed: end of block
0
1259 /* If more than 4 characters could be final a.b.c.d form */-
1260 if (len > 4) {
len > 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1261 /* Need at least 4 bytes left */-
1262 if (s->total > 12)
s->total > 12Description
TRUEnever evaluated
FALSEnever evaluated
0
1263 return 0;
never executed: return 0;
0
1264 /* Must be end of string */-
1265 if (elem[len])
elem[len]Description
TRUEnever evaluated
FALSEnever evaluated
0
1266 return 0;
never executed: return 0;
0
1267 if (!ipv4_from_asc(s->tmp + s->total, elem))
!ipv4_from_asc...->total, elem)Description
TRUEnever evaluated
FALSEnever evaluated
0
1268 return 0;
never executed: return 0;
0
1269 s->total += 4;-
1270 } else {
never executed: end of block
0
1271 if (!ipv6_hex(s->tmp + s->total, elem, len))
!ipv6_hex(s->t...al, elem, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
1272 return 0;
never executed: return 0;
0
1273 s->total += 2;-
1274 }
never executed: end of block
0
1275 }-
1276 return 1;
never executed: return 1;
0
1277}-
1278-
1279/* Convert a string of up to 4 hex digits into the corresponding-
1280 * IPv6 form.-
1281 */-
1282-
1283static int-
1284ipv6_hex(unsigned char *out, const char *in, int inlen)-
1285{-
1286 unsigned char c;-
1287 unsigned int num = 0;-
1288-
1289 if (inlen > 4)
inlen > 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1290 return 0;
never executed: return 0;
0
1291 while (inlen--) {
inlen--Description
TRUEnever evaluated
FALSEnever evaluated
0
1292 c = *in++;-
1293 num <<= 4;-
1294 if ((c >= '0') && (c <= '9'))
(c >= '0')Description
TRUEnever evaluated
FALSEnever evaluated
(c <= '9')Description
TRUEnever evaluated
FALSEnever evaluated
0
1295 num |= c - '0';
never executed: num |= c - '0';
0
1296 else if ((c >= 'A') && (c <= 'F'))
(c >= 'A')Description
TRUEnever evaluated
FALSEnever evaluated
(c <= 'F')Description
TRUEnever evaluated
FALSEnever evaluated
0
1297 num |= c - 'A' + 10;
never executed: num |= c - 'A' + 10;
0
1298 else if ((c >= 'a') && (c <= 'f'))
(c >= 'a')Description
TRUEnever evaluated
FALSEnever evaluated
(c <= 'f')Description
TRUEnever evaluated
FALSEnever evaluated
0
1299 num |= c - 'a' + 10;
never executed: num |= c - 'a' + 10;
0
1300 else-
1301 return 0;
never executed: return 0;
0
1302 }-
1303 out[0] = num >> 8;-
1304 out[1] = num & 0xff;-
1305 return 1;
never executed: return 1;
0
1306}-
1307-
1308int-
1309X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,-
1310 unsigned long chtype)-
1311{-
1312 CONF_VALUE *v;-
1313 int i, mval;-
1314 char *p, *type;-
1315-
1316 if (!nm)
!nmDescription
TRUEnever evaluated
FALSEnever evaluated
0
1317 return 0;
never executed: return 0;
0
1318-
1319 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
i < sk_num(((_...NF_VALUE*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
1320 v = sk_CONF_VALUE_value(dn_sk, i);-
1321 type = v->name;-
1322 /* Skip past any leading X. X: X, etc to allow for-
1323 * multiple instances-
1324 */-
1325 for (p = type; *p; p++)
*pDescription
TRUEnever evaluated
FALSEnever evaluated
0
1326 if ((*p == ':') || (*p == ',') || (*p == '.')) {
(*p == ':')Description
TRUEnever evaluated
FALSEnever evaluated
(*p == ',')Description
TRUEnever evaluated
FALSEnever evaluated
(*p == '.')Description
TRUEnever evaluated
FALSEnever evaluated
0
1327 p++;-
1328 if (*p)
*pDescription
TRUEnever evaluated
FALSEnever evaluated
0
1329 type = p;
never executed: type = p;
0
1330 break;
never executed: break;
0
1331 }-
1332 if (*type == '+') {
*type == '+'Description
TRUEnever evaluated
FALSEnever evaluated
0
1333 mval = -1;-
1334 type++;-
1335 } else
never executed: end of block
0
1336 mval = 0;
never executed: mval = 0;
0
1337 if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
!X509_NAME_add... -1, -1, mval)Description
TRUEnever evaluated
FALSEnever evaluated
0
1338 (unsigned char *) v->value, -1, -1, mval))
!X509_NAME_add... -1, -1, mval)Description
TRUEnever evaluated
FALSEnever evaluated
0
1339 return 0;
never executed: return 0;
0
1340 }
never executed: end of block
0
1341 return 1;
never executed: return 1;
0
1342}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2