OpenCoverage

sshkey.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/sshkey.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: sshkey.c,v 1.70 2018/09/14 04:17:44 djm Exp $ */-
2/*-
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.-
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.-
5 * Copyright (c) 2010,2011 Damien Miller. All rights reserved.-
6 *-
7 * Redistribution and use in source and binary forms, with or without-
8 * modification, are permitted provided that the following conditions-
9 * are met:-
10 * 1. Redistributions of source code must retain the above copyright-
11 * notice, this list of conditions and the following disclaimer.-
12 * 2. Redistributions in binary form must reproduce the above copyright-
13 * notice, this list of conditions and the following disclaimer in the-
14 * documentation and/or other materials provided with the distribution.-
15 *-
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
26 */-
27-
28#include "includes.h"-
29-
30#include <sys/types.h>-
31#include <netinet/in.h>-
32-
33#ifdef WITH_OPENSSL-
34#include <openssl/evp.h>-
35#include <openssl/err.h>-
36#include <openssl/pem.h>-
37#endif-
38-
39#include "crypto_api.h"-
40-
41#include <errno.h>-
42#include <limits.h>-
43#include <stdio.h>-
44#include <string.h>-
45#include <resolv.h>-
46#ifdef HAVE_UTIL_H-
47#include <util.h>-
48#endif /* HAVE_UTIL_H */-
49-
50#include "ssh2.h"-
51#include "ssherr.h"-
52#include "misc.h"-
53#include "sshbuf.h"-
54#include "cipher.h"-
55#include "digest.h"-
56#define SSHKEY_INTERNAL-
57#include "sshkey.h"-
58#include "sshkey-xmss.h"-
59#include "match.h"-
60-
61#include "xmss_fast.h"-
62-
63#include "openbsd-compat/openssl-compat.h"-
64-
65/* openssh private key file format */-
66#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"-
67#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n"-
68#define MARK_BEGIN_LEN (sizeof(MARK_BEGIN) - 1)-
69#define MARK_END_LEN (sizeof(MARK_END) - 1)-
70#define KDFNAME "bcrypt"-
71#define AUTH_MAGIC "openssh-key-v1"-
72#define SALT_LEN 16-
73#define DEFAULT_CIPHERNAME "aes256-ctr"-
74#define DEFAULT_ROUNDS 16-
75-
76/* Version identification string for SSH v1 identity files. */-
77#define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n"-
78-
79int sshkey_private_serialize_opt(const struct sshkey *key,-
80 struct sshbuf *buf, enum sshkey_serialize_rep);-
81static int sshkey_from_blob_internal(struct sshbuf *buf,-
82 struct sshkey **keyp, int allow_cert);-
83static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep);-
84-
85/* Supported key types */-
86struct keytype {-
87 const char *name;-
88 const char *shortname;-
89 const char *sigalg;-
90 int type;-
91 int nid;-
92 int cert;-
93 int sigonly;-
94};-
95static const struct keytype keytypes[] = {-
96 { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 },-
97 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL,-
98 KEY_ED25519_CERT, 0, 1, 0 },-
99#ifdef WITH_XMSS-
100 { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 },-
101 { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL,-
102 KEY_XMSS_CERT, 0, 1, 0 },-
103#endif /* WITH_XMSS */-
104#ifdef WITH_OPENSSL-
105 { "ssh-rsa", "RSA", NULL, KEY_RSA, 0, 0, 0 },-
106 { "rsa-sha2-256", "RSA", NULL, KEY_RSA, 0, 0, 1 },-
107 { "rsa-sha2-512", "RSA", NULL, KEY_RSA, 0, 0, 1 },-
108 { "ssh-dss", "DSA", NULL, KEY_DSA, 0, 0, 0 },-
109# ifdef OPENSSL_HAS_ECC-
110 { "ecdsa-sha2-nistp256", "ECDSA", NULL,-
111 KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 },-
112 { "ecdsa-sha2-nistp384", "ECDSA", NULL,-
113 KEY_ECDSA, NID_secp384r1, 0, 0 },-
114# ifdef OPENSSL_HAS_NISTP521-
115 { "ecdsa-sha2-nistp521", "ECDSA", NULL,-
116 KEY_ECDSA, NID_secp521r1, 0, 0 },-
117# endif /* OPENSSL_HAS_NISTP521 */-
118# endif /* OPENSSL_HAS_ECC */-
119 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL,-
120 KEY_RSA_CERT, 0, 1, 0 },-
121 { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT",-
122 "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 },-
123 { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT",-
124 "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 },-
125 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL,-
126 KEY_DSA_CERT, 0, 1, 0 },-
127 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL,-
128 KEY_RSA_CERT, 0, 1, 0 },-
129 { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT",-
130 "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 },-
131 { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT",-
132 "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 },-
133 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL,-
134 KEY_DSA_CERT, 0, 1, 0 },-
135# ifdef OPENSSL_HAS_ECC-
136 { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", NULL,-
137 KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 },-
138 { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL,-
139 KEY_ECDSA_CERT, NID_secp384r1, 1, 0 },-
140# ifdef OPENSSL_HAS_NISTP521-
141 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL,-
142 KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },-
143# endif /* OPENSSL_HAS_NISTP521 */-
144# endif /* OPENSSL_HAS_ECC */-
145#endif /* WITH_OPENSSL */-
146 { NULL, NULL, NULL, -1, -1, 0, 0 }-
147};-
148-
149const char *-
150sshkey_type(const struct sshkey *k)-
151{-
152 const struct keytype *kt;-
153-
154 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEevaluated 3340 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-3340
155 if (kt->type == k->type)
kt->type == k->typeDescription
TRUEevaluated 803 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
FALSEevaluated 2537 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
803-2537
156 return kt->shortname;
executed 803 times by 3 tests: return kt->shortname;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
803
157 }
executed 2537 times by 3 tests: end of block
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
2537
158 return "unknown";
never executed: return "unknown";
0
159}-
160-
161static const char *-
162sshkey_ssh_name_from_type_nid(int type, int nid)-
163{-
164 const struct keytype *kt;-
165-
166 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEevaluated 77243 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-77243
167 if (kt->type == type && (kt->nid == 0 || kt->nid == nid))
kt->type == typeDescription
TRUEevaluated 11195 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEevaluated 66048 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
kt->nid == 0Description
TRUEevaluated 229 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEevaluated 10966 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
kt->nid == nidDescription
TRUEevaluated 10920 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
FALSEevaluated 46 times by 1 test
Evaluated by:
  • test_sshkey
46-66048
168 return kt->name;
executed 11149 times by 4 tests: return kt->name;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
11149
169 }
executed 66094 times by 4 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
66094
170 return "ssh-unknown";
never executed: return "ssh-unknown";
0
171}-
172-
173int-
174sshkey_type_is_cert(int type)-
175{-
176 const struct keytype *kt;-
177-
178 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEevaluated 5211875 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 180136 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
180136-5211875
179 if (kt->type == type)
kt->type == typeDescription
TRUEevaluated 332251 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 4879624 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
332251-4879624
180 return kt->cert;
executed 332251 times by 5 tests: return kt->cert;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
332251
181 }
executed 4879624 times by 5 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
4879624
182 return 0;
executed 180136 times by 5 tests: return 0;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
180136
183}-
184-
185const char *-
186sshkey_ssh_name(const struct sshkey *k)-
187{-
188 return sshkey_ssh_name_from_type_nid(k->type, k->ecdsa_nid);
executed 59 times by 4 tests: return sshkey_ssh_name_from_type_nid(k->type, k->ecdsa_nid);
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
59
189}-
190-
191const char *-
192sshkey_ssh_name_plain(const struct sshkey *k)-
193{-
194 return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type),
executed 10859 times by 2 tests: return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), k->ecdsa_nid);
Executed by:
  • test_kex
  • test_sshkey
10859
195 k->ecdsa_nid);
executed 10859 times by 2 tests: return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), k->ecdsa_nid);
Executed by:
  • test_kex
  • test_sshkey
10859
196}-
197-
198int-
199sshkey_type_from_name(const char *name)-
200{-
201 const struct keytype *kt;-
202-
203 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEevaluated 351705 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 3141 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
3141-351705
204 /* Only allow shortname matches for plain key types */-
205 if ((kt->name != NULL && strcmp(name, kt->name) == 0) ||
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( kt->name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
kt->name != ((void *)0)Description
TRUEevaluated 351705 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEevaluated 53927 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 297778 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-351705
206 (!kt->cert && strcasecmp(kt->shortname, name) == 0))
!kt->certDescription
TRUEevaluated 183174 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 114604 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
strcasecmp(kt-...me, name) == 0Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 183167 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
7-183174
207 return kt->type;
executed 53934 times by 5 tests: return kt->type;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
53934
208 }
executed 297771 times by 5 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
297771
209 return KEY_UNSPEC;
executed 3141 times by 2 tests: return KEY_UNSPEC;
Executed by:
  • test_hostkeys
  • test_sshkey
3141
210}-
211-
212int-
213sshkey_ecdsa_nid_from_name(const char *name)-
214{-
215 const struct keytype *kt;-
216-
217 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEevaluated 99711 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 241 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_kex
241-99711
218 if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT)
kt->type != KEY_ECDSADescription
TRUEevaluated 83684 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 16027 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
kt->type != KEY_ECDSA_CERTDescription
TRUEevaluated 79010 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 4674 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
4674-83684
219 continue;
executed 79010 times by 4 tests: continue;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
79010
220 if (kt->name != NULL && strcmp(name, kt->name) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( kt->name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
kt->name != ((void *)0)Description
TRUEevaluated 20701 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEevaluated 7338 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 13363 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-20701
221 return kt->nid;
executed 7338 times by 4 tests: return kt->nid;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
7338
222 }
executed 13363 times by 4 tests: end of block
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
13363
223 return -1;
executed 241 times by 2 tests: return -1;
Executed by:
  • ssh-keygen
  • test_kex
241
224}-
225-
226char *-
227sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)-
228{-
229 char *tmp, *ret = NULL;-
230 size_t nlen, rlen = 0;-
231 const struct keytype *kt;-
232-
233 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEevaluated 80 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
4-80
234 if (kt->name == NULL)
kt->name == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 80 times by 1 test
Evaluated by:
  • sshd
0-80
235 continue;
never executed: continue;
0
236 if (!include_sigonly && kt->sigonly)
!include_sigonlyDescription
TRUEnever evaluated
FALSEevaluated 80 times by 1 test
Evaluated by:
  • sshd
kt->sigonlyDescription
TRUEnever evaluated
FALSEnever evaluated
0-80
237 continue;
never executed: continue;
0
238 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
certs_onlyDescription
TRUEnever evaluated
FALSEevaluated 80 times by 1 test
Evaluated by:
  • sshd
!kt->certDescription
TRUEnever evaluated
FALSEnever evaluated
plain_onlyDescription
TRUEevaluated 40 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 40 times by 1 test
Evaluated by:
  • sshd
kt->certDescription
TRUEevaluated 24 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 16 times by 1 test
Evaluated by:
  • sshd
0-80
239 continue;
executed 24 times by 1 test: continue;
Executed by:
  • sshd
24
240 if (ret != NULL)
ret != ((void *)0)Description
TRUEevaluated 52 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
4-52
241 ret[rlen++] = sep;
executed 52 times by 1 test: ret[rlen++] = sep;
Executed by:
  • sshd
52
242 nlen = strlen(kt->name);-
243 if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) {
(tmp = realloc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 56 times by 1 test
Evaluated by:
  • sshd
0-56
244 free(ret);-
245 return NULL;
never executed: return ((void *)0) ;
0
246 }-
247 ret = tmp;-
248 memcpy(ret + rlen, kt->name, nlen + 1);-
249 rlen += nlen;-
250 }
executed 56 times by 1 test: end of block
Executed by:
  • sshd
56
251 return ret;
executed 4 times by 1 test: return ret;
Executed by:
  • sshd
4
252}-
253-
254int-
255sshkey_names_valid2(const char *names, int allow_wildcard)-
256{-
257 char *s, *cp, *p;-
258 const struct keytype *kt;-
259 int type;-
260-
261 if (names == NULL || strcmp(names, "") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( names ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
names == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
262 return 0;
never executed: return 0;
0
263 if ((s = cp = strdup(names)) == NULL)
never executed: __retval = (char *) memcpy (__retval, names , __len);
(s = cp = (__e...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( names )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons... names ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
264 return 0;
never executed: return 0;
0
265 for ((p = strsep(&cp, ",")); p && *p != '\0';
pDescription
TRUEnever evaluated
FALSEnever evaluated
*p != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
266 (p = strsep(&cp, ","))) {-
267 type = sshkey_type_from_name(p);-
268 if (type == KEY_UNSPEC) {
type == KEY_UNSPECDescription
TRUEnever evaluated
FALSEnever evaluated
0
269 if (allow_wildcard) {
allow_wildcardDescription
TRUEnever evaluated
FALSEnever evaluated
0
270 /*-
271 * Try matching key types against the string.-
272 * If any has a positive or negative match then-
273 * the component is accepted.-
274 */-
275 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
276 if (match_pattern_list(kt->name,
match_pattern_...me, p, 0) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
277 p, 0) != 0)
match_pattern_...me, p, 0) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
278 break;
never executed: break;
0
279 }
never executed: end of block
0
280 if (kt->type != -1)
kt->type != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
281 continue;
never executed: continue;
0
282 }
never executed: end of block
0
283 free(s);-
284 return 0;
never executed: return 0;
0
285 }-
286 }
never executed: end of block
0
287 free(s);-
288 return 1;
never executed: return 1;
0
289}-
290-
291u_int-
292sshkey_size(const struct sshkey *k)-
293{-
294#ifdef WITH_OPENSSL-
295 const BIGNUM *rsa_n, *dsa_p;-
296#endif /* WITH_OPENSSL */-
297-
298 switch (k->type) {-
299#ifdef WITH_OPENSSL-
300 case KEY_RSA:
executed 29 times by 2 tests: case KEY_RSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
29
301 case KEY_RSA_CERT:
never executed: case KEY_RSA_CERT:
0
302 if (k->rsa == NULL)
k->rsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 29 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
0-29
303 return 0;
never executed: return 0;
0
304 RSA_get0_key(k->rsa, &rsa_n, NULL, NULL);-
305 return BN_num_bits(rsa_n);
executed 29 times by 2 tests: return BN_num_bits(rsa_n);
Executed by:
  • ssh-keygen
  • test_hostkeys
29
306 case KEY_DSA:
executed 25 times by 2 tests: case KEY_DSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
25
307 case KEY_DSA_CERT:
never executed: case KEY_DSA_CERT:
0
308 if (k->dsa == NULL)
k->dsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 25 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
0-25
309 return 0;
never executed: return 0;
0
310 DSA_get0_pqg(k->dsa, &dsa_p, NULL, NULL);-
311 return BN_num_bits(dsa_p);
executed 25 times by 2 tests: return BN_num_bits(dsa_p);
Executed by:
  • ssh-keygen
  • test_hostkeys
25
312 case KEY_ECDSA:
executed 25 times by 2 tests: case KEY_ECDSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
25
313 case KEY_ECDSA_CERT:
never executed: case KEY_ECDSA_CERT:
0
314 return sshkey_curve_nid_to_bits(k->ecdsa_nid);
executed 25 times by 2 tests: return sshkey_curve_nid_to_bits(k->ecdsa_nid);
Executed by:
  • ssh-keygen
  • test_hostkeys
25
315#endif /* WITH_OPENSSL */-
316 case KEY_ED25519:
executed 26 times by 2 tests: case KEY_ED25519:
Executed by:
  • ssh-keygen
  • test_hostkeys
26
317 case KEY_ED25519_CERT:
never executed: case KEY_ED25519_CERT:
0
318 case KEY_XMSS:
never executed: case KEY_XMSS:
0
319 case KEY_XMSS_CERT:
never executed: case KEY_XMSS_CERT:
0
320 return 256; /* XXX */
executed 26 times by 2 tests: return 256;
Executed by:
  • ssh-keygen
  • test_hostkeys
26
321 }-
322 return 0;
never executed: return 0;
0
323}-
324-
325static int-
326sshkey_type_is_valid_ca(int type)-
327{-
328 switch (type) {-
329 case KEY_RSA:
executed 2 times by 1 test: case KEY_RSA:
Executed by:
  • test_sshkey
2
330 case KEY_DSA:
never executed: case KEY_DSA:
0
331 case KEY_ECDSA:
executed 1554 times by 1 test: case KEY_ECDSA:
Executed by:
  • test_sshkey
1554
332 case KEY_ED25519:
executed 10207 times by 1 test: case KEY_ED25519:
Executed by:
  • test_sshkey
10207
333 case KEY_XMSS:
never executed: case KEY_XMSS:
0
334 return 1;
executed 11763 times by 1 test: return 1;
Executed by:
  • test_sshkey
11763
335 default:
never executed: default:
0
336 return 0;
never executed: return 0;
0
337 }-
338}-
339-
340int-
341sshkey_is_cert(const struct sshkey *k)-
342{-
343 if (k == NULL)
k == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 499303 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
0-499303
344 return 0;
never executed: return 0;
0
345 return sshkey_type_is_cert(k->type);
executed 499303 times by 5 tests: return sshkey_type_is_cert(k->type);
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
499303
346}-
347-
348/* Return the cert-less equivalent to a certified key type */-
349int-
350sshkey_type_plain(int type)-
351{-
352 switch (type) {-
353 case KEY_RSA_CERT:
executed 14 times by 1 test: case KEY_RSA_CERT:
Executed by:
  • test_sshkey
14
354 return KEY_RSA;
executed 14 times by 1 test: return KEY_RSA;
Executed by:
  • test_sshkey
14
355 case KEY_DSA_CERT:
executed 6 times by 1 test: case KEY_DSA_CERT:
Executed by:
  • test_sshkey
6
356 return KEY_DSA;
executed 6 times by 1 test: return KEY_DSA;
Executed by:
  • test_sshkey
6
357 case KEY_ECDSA_CERT:
executed 6 times by 1 test: case KEY_ECDSA_CERT:
Executed by:
  • test_sshkey
6
358 return KEY_ECDSA;
executed 6 times by 1 test: return KEY_ECDSA;
Executed by:
  • test_sshkey
6
359 case KEY_ED25519_CERT:
executed 6 times by 1 test: case KEY_ED25519_CERT:
Executed by:
  • test_sshkey
6
360 return KEY_ED25519;
executed 6 times by 1 test: return KEY_ED25519;
Executed by:
  • test_sshkey
6
361 case KEY_XMSS_CERT:
never executed: case KEY_XMSS_CERT:
0
362 return KEY_XMSS;
never executed: return KEY_XMSS;
0
363 default:
executed 116347 times by 5 tests: default:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
116347
364 return type;
executed 116347 times by 5 tests: return type;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
116347
365 }-
366}-
367-
368#ifdef WITH_OPENSSL-
369/* XXX: these are really begging for a table-driven approach */-
370int-
371sshkey_curve_name_to_nid(const char *name)-
372{-
373 if (strcmp(name, "nistp256") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "nistp256" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEevaluated 6860 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 261 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-6860
374 return NID_X9_62_prime256v1;
executed 6860 times by 4 tests: return 415 ;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
6860
375 else if (strcmp(name, "nistp384") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "nistp384" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEevaluated 20 times by 1 test
Evaluated by:
  • test_hostkeys
FALSEevaluated 241 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-241
376 return NID_secp384r1;
executed 20 times by 1 test: return 715 ;
Executed by:
  • test_hostkeys
20
377# ifdef OPENSSL_HAS_NISTP521-
378 else if (strcmp(name, "nistp521") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "nistp521" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEevaluated 22 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
FALSEevaluated 219 times by 1 test
Evaluated by:
  • test_sshkey
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-219
379 return NID_secp521r1;
executed 22 times by 2 tests: return 716 ;
Executed by:
  • test_hostkeys
  • test_sshkey
22
380# endif /* OPENSSL_HAS_NISTP521 */-
381 else-
382 return -1;
executed 219 times by 1 test: return -1;
Executed by:
  • test_sshkey
219
383}-
384-
385u_int-
386sshkey_curve_nid_to_bits(int nid)-
387{-
388 switch (nid) {-
389 case NID_X9_62_prime256v1:
executed 12723 times by 4 tests: case 415 :
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
12723
390 return 256;
executed 12723 times by 4 tests: return 256;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
12723
391 case NID_secp384r1:
executed 2 times by 1 test: case 715 :
Executed by:
  • test_hostkeys
2
392 return 384;
executed 2 times by 1 test: return 384;
Executed by:
  • test_hostkeys
2
393# ifdef OPENSSL_HAS_NISTP521-
394 case NID_secp521r1:
executed 26 times by 2 tests: case 716 :
Executed by:
  • test_hostkeys
  • test_sshkey
26
395 return 521;
executed 26 times by 2 tests: return 521;
Executed by:
  • test_hostkeys
  • test_sshkey
26
396# endif /* OPENSSL_HAS_NISTP521 */-
397 default:
executed 1 time by 1 test: default:
Executed by:
  • ssh-keygen
1
398 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • ssh-keygen
1
399 }-
400}-
401-
402int-
403sshkey_ecdsa_bits_to_nid(int bits)-
404{-
405 switch (bits) {-
406 case 256:
executed 12 times by 3 tests: case 256:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
407 return NID_X9_62_prime256v1;
executed 12 times by 3 tests: return 415 ;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
408 case 384:
never executed: case 384:
0
409 return NID_secp384r1;
never executed: return 715 ;
0
410# ifdef OPENSSL_HAS_NISTP521-
411 case 521:
never executed: case 521:
0
412 return NID_secp521r1;
never executed: return 716 ;
0
413# endif /* OPENSSL_HAS_NISTP521 */-
414 default:
executed 1 time by 1 test: default:
Executed by:
  • test_sshkey
1
415 return -1;
executed 1 time by 1 test: return -1;
Executed by:
  • test_sshkey
1
416 }-
417}-
418-
419const char *-
420sshkey_curve_nid_to_name(int nid)-
421{-
422 switch (nid) {-
423 case NID_X9_62_prime256v1:
executed 5989 times by 3 tests: case 415 :
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
5989
424 return "nistp256";
executed 5989 times by 3 tests: return "nistp256";
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
5989
425 case NID_secp384r1:
never executed: case 715 :
0
426 return "nistp384";
never executed: return "nistp384";
0
427# ifdef OPENSSL_HAS_NISTP521-
428 case NID_secp521r1:
never executed: case 716 :
0
429 return "nistp521";
never executed: return "nistp521";
0
430# endif /* OPENSSL_HAS_NISTP521 */-
431 default:
never executed: default:
0
432 return NULL;
never executed: return ((void *)0) ;
0
433 }-
434}-
435-
436int-
437sshkey_ec_nid_to_hash_alg(int nid)-
438{-
439 int kbits = sshkey_curve_nid_to_bits(nid);-
440-
441 if (kbits <= 0)
kbits <= 0Description
TRUEnever evaluated
FALSEevaluated 12726 times by 2 tests
Evaluated by:
  • test_kex
  • test_sshkey
0-12726
442 return -1;
never executed: return -1;
0
443-
444 /* RFC5656 section 6.2.1 */-
445 if (kbits <= 256)
kbits <= 256Description
TRUEevaluated 12703 times by 2 tests
Evaluated by:
  • test_kex
  • test_sshkey
FALSEevaluated 23 times by 1 test
Evaluated by:
  • test_sshkey
23-12703
446 return SSH_DIGEST_SHA256;
executed 12703 times by 2 tests: return 2;
Executed by:
  • test_kex
  • test_sshkey
12703
447 else if (kbits <= 384)
kbits <= 384Description
TRUEnever evaluated
FALSEevaluated 23 times by 1 test
Evaluated by:
  • test_sshkey
0-23
448 return SSH_DIGEST_SHA384;
never executed: return 3;
0
449 else-
450 return SSH_DIGEST_SHA512;
executed 23 times by 1 test: return 4;
Executed by:
  • test_sshkey
23
451}-
452#endif /* WITH_OPENSSL */-
453-
454static void-
455cert_free(struct sshkey_cert *cert)-
456{-
457 u_int i;-
458-
459 if (cert == NULL)
cert == ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 17199 times by 1 test
Evaluated by:
  • test_sshkey
11-17199
460 return;
executed 11 times by 1 test: return;
Executed by:
  • test_sshkey
11
461 sshbuf_free(cert->certblob);-
462 sshbuf_free(cert->critical);-
463 sshbuf_free(cert->extensions);-
464 free(cert->key_id);-
465 for (i = 0; i < cert->nprincipals; i++)
i < cert->nprincipalsDescription
TRUEevaluated 26614 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 17199 times by 1 test
Evaluated by:
  • test_sshkey
17199-26614
466 free(cert->principals[i]);
executed 26614 times by 1 test: free(cert->principals[i]);
Executed by:
  • test_sshkey
26614
467 free(cert->principals);-
468 sshkey_free(cert->signature_key);-
469 free(cert->signature_type);-
470 freezero(cert, sizeof(*cert));-
471}
executed 17199 times by 1 test: end of block
Executed by:
  • test_sshkey
17199
472-
473static struct sshkey_cert *-
474cert_new(void)-
475{-
476 struct sshkey_cert *cert;-
477-
478 if ((cert = calloc(1, sizeof(*cert))) == NULL)
(cert = calloc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17199 times by 1 test
Evaluated by:
  • test_sshkey
0-17199
479 return NULL;
never executed: return ((void *)0) ;
0
480 if ((cert->certblob = sshbuf_new()) == NULL ||
(cert->certblo...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17199 times by 1 test
Evaluated by:
  • test_sshkey
0-17199
481 (cert->critical = sshbuf_new()) == NULL ||
(cert->critica...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17199 times by 1 test
Evaluated by:
  • test_sshkey
0-17199
482 (cert->extensions = sshbuf_new()) == NULL) {
(cert->extensi...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17199 times by 1 test
Evaluated by:
  • test_sshkey
0-17199
483 cert_free(cert);-
484 return NULL;
never executed: return ((void *)0) ;
0
485 }-
486 cert->key_id = NULL;-
487 cert->principals = NULL;-
488 cert->signature_key = NULL;-
489 cert->signature_type = NULL;-
490 return cert;
executed 17199 times by 1 test: return cert;
Executed by:
  • test_sshkey
17199
491}-
492-
493struct sshkey *-
494sshkey_new(int type)-
495{-
496 struct sshkey *k;-
497#ifdef WITH_OPENSSL-
498 RSA *rsa;-
499 DSA *dsa;-
500#endif /* WITH_OPENSSL */-
501-
502 if ((k = calloc(1, sizeof(*k))) == NULL)
(k = calloc(1,...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 232433 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
0-232433
503 return NULL;
never executed: return ((void *)0) ;
0
504 k->type = type;-
505 k->ecdsa = NULL;-
506 k->ecdsa_nid = -1;-
507 k->dsa = NULL;-
508 k->rsa = NULL;-
509 k->cert = NULL;-
510 k->ed25519_sk = NULL;-
511 k->ed25519_pk = NULL;-
512 k->xmss_sk = NULL;-
513 k->xmss_pk = NULL;-
514 switch (k->type) {-
515#ifdef WITH_OPENSSL-
516 case KEY_RSA:
executed 1635 times by 5 tests: case KEY_RSA:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
1635
517 case KEY_RSA_CERT:
executed 3845 times by 1 test: case KEY_RSA_CERT:
Executed by:
  • test_sshkey
3845
518 if ((rsa = RSA_new()) == NULL) {
(rsa = RSA_new...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5480 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
0-5480
519 free(k);-
520 return NULL;
never executed: return ((void *)0) ;
0
521 }-
522 k->rsa = rsa;-
523 break;
executed 5480 times by 5 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
5480
524 case KEY_DSA:
executed 4480 times by 4 tests: case KEY_DSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
4480
525 case KEY_DSA_CERT:
executed 6682 times by 1 test: case KEY_DSA_CERT:
Executed by:
  • test_sshkey
6682
526 if ((dsa = DSA_new()) == NULL) {
(dsa = DSA_new...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11162 times by 4 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
0-11162
527 free(k);-
528 return NULL;
never executed: return ((void *)0) ;
0
529 }-
530 k->dsa = dsa;-
531 break;
executed 11162 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
11162
532 case KEY_ECDSA:
executed 3334 times by 4 tests: case KEY_ECDSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
3334
533 case KEY_ECDSA_CERT:
executed 3951 times by 1 test: case KEY_ECDSA_CERT:
Executed by:
  • test_sshkey
3951
534 /* Cannot do anything until we know the group */-
535 break;
executed 7285 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
7285
536#endif /* WITH_OPENSSL */-
537 case KEY_ED25519:
executed 26159 times by 5 tests: case KEY_ED25519:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
26159
538 case KEY_ED25519_CERT:
executed 2720 times by 1 test: case KEY_ED25519_CERT:
Executed by:
  • test_sshkey
2720
539 case KEY_XMSS:
never executed: case KEY_XMSS:
0
540 case KEY_XMSS_CERT:
never executed: case KEY_XMSS_CERT:
0
541 /* no need to prealloc */-
542 break;
executed 28879 times by 5 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
28879
543 case KEY_UNSPEC:
executed 179626 times by 5 tests: case KEY_UNSPEC:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
179626
544 break;
executed 179626 times by 5 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
179626
545 default:
executed 1 time by 1 test: default:
Executed by:
  • test_sshkey
1
546 free(k);-
547 return NULL;
executed 1 time by 1 test: return ((void *)0) ;
Executed by:
  • test_sshkey
1
548 }-
549-
550 if (sshkey_is_cert(k)) {
sshkey_is_cert(k)Description
TRUEevaluated 17198 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 215234 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
17198-215234
551 if ((k->cert = cert_new()) == NULL) {
(k->cert = cer...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 17198 times by 1 test
Evaluated by:
  • test_sshkey
0-17198
552 sshkey_free(k);-
553 return NULL;
never executed: return ((void *)0) ;
0
554 }-
555 }
executed 17198 times by 1 test: end of block
Executed by:
  • test_sshkey
17198
556-
557 return k;
executed 232432 times by 5 tests: return k;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
232432
558}-
559-
560void-
561sshkey_free(struct sshkey *k)-
562{-
563 if (k == NULL)
k == ((void *)0)Description
TRUEevaluated 541378 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 232424 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
232424-541378
564 return;
executed 541378 times by 5 tests: return;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
541378
565 switch (k->type) {-
566#ifdef WITH_OPENSSL-
567 case KEY_RSA:
executed 101337 times by 5 tests: case KEY_RSA:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
101337
568 case KEY_RSA_CERT:
executed 3850 times by 1 test: case KEY_RSA_CERT:
Executed by:
  • test_sshkey
3850
569 RSA_free(k->rsa);-
570 k->rsa = NULL;-
571 break;
executed 105187 times by 5 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
105187
572 case KEY_DSA:
executed 78057 times by 4 tests: case KEY_DSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
78057
573 case KEY_DSA_CERT:
executed 6684 times by 1 test: case KEY_DSA_CERT:
Executed by:
  • test_sshkey
6684
574 DSA_free(k->dsa);-
575 k->dsa = NULL;-
576 break;
executed 84741 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
84741
577# ifdef OPENSSL_HAS_ECC-
578 case KEY_ECDSA:
executed 9452 times by 4 tests: case KEY_ECDSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
9452
579 case KEY_ECDSA_CERT:
executed 3953 times by 1 test: case KEY_ECDSA_CERT:
Executed by:
  • test_sshkey
3953
580 EC_KEY_free(k->ecdsa);-
581 k->ecdsa = NULL;-
582 break;
executed 13405 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_kex
  • test_sshkey
13405
583# endif /* OPENSSL_HAS_ECC */-
584#endif /* WITH_OPENSSL */-
585 case KEY_ED25519:
executed 26338 times by 5 tests: case KEY_ED25519:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
26338
586 case KEY_ED25519_CERT:
executed 2723 times by 1 test: case KEY_ED25519_CERT:
Executed by:
  • test_sshkey
2723
587 freezero(k->ed25519_pk, ED25519_PK_SZ);-
588 k->ed25519_pk = NULL;-
589 freezero(k->ed25519_sk, ED25519_SK_SZ);-
590 k->ed25519_sk = NULL;-
591 break;
executed 29061 times by 5 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
29061
592#ifdef WITH_XMSS-
593 case KEY_XMSS:-
594 case KEY_XMSS_CERT:-
595 freezero(k->xmss_pk, sshkey_xmss_pklen(k));-
596 k->xmss_pk = NULL;-
597 freezero(k->xmss_sk, sshkey_xmss_sklen(k));-
598 k->xmss_sk = NULL;-
599 sshkey_xmss_free_state(k);-
600 free(k->xmss_name);-
601 k->xmss_name = NULL;-
602 free(k->xmss_filename);-
603 k->xmss_filename = NULL;-
604 break;-
605#endif /* WITH_XMSS */-
606 case KEY_UNSPEC:
executed 30 times by 4 tests: case KEY_UNSPEC:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
30
607 break;
executed 30 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
30
608 default:
never executed: default:
0
609 break;
never executed: break;
0
610 }-
611 if (sshkey_is_cert(k))
sshkey_is_cert(k)Description
TRUEevaluated 17210 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 215214 times by 5 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
17210-215214
612 cert_free(k->cert);
executed 17210 times by 1 test: cert_free(k->cert);
Executed by:
  • test_sshkey
17210
613 freezero(k, sizeof(*k));-
614}
executed 232424 times by 5 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_kex
  • test_sshkey
232424
615-
616static int-
617cert_compare(struct sshkey_cert *a, struct sshkey_cert *b)-
618{-
619 if (a == NULL && b == NULL)
a == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
b == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
620 return 1;
never executed: return 1;
0
621 if (a == NULL || b == NULL)
a == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
b == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
622 return 0;
never executed: return 0;
0
623 if (sshbuf_len(a->certblob) != sshbuf_len(b->certblob))
sshbuf_len(a->...n(b->certblob)Description
TRUEnever evaluated
FALSEnever evaluated
0
624 return 0;
never executed: return 0;
0
625 if (timingsafe_bcmp(sshbuf_ptr(a->certblob), sshbuf_ptr(b->certblob),
timingsafe_bcm...ertblob)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
626 sshbuf_len(a->certblob)) != 0)
timingsafe_bcm...ertblob)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
627 return 0;
never executed: return 0;
0
628 return 1;
never executed: return 1;
0
629}-
630-
631/*-
632 * Compare public portions of key only, allowing comparisons between-
633 * certificates and plain keys too.-
634 */-
635int-
636sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)-
637{-
638#if defined(WITH_OPENSSL)-
639 const BIGNUM *rsa_e_a, *rsa_n_a;-
640 const BIGNUM *rsa_e_b, *rsa_n_b;-
641 const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;-
642 const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b;-
643# if defined(OPENSSL_HAS_ECC)-
644 BN_CTX *bnctx;-
645# endif /* OPENSSL_HAS_ECC */-
646#endif /* WITH_OPENSSL */-
647-
648 if (a == NULL || b == NULL ||
a == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 268 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
b == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 268 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-268
649 sshkey_type_plain(a->type) != sshkey_type_plain(b->type))
sshkey_type_pl...plain(b->type)Description
TRUEnever evaluated
FALSEevaluated 268 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-268
650 return 0;
never executed: return 0;
0
651-
652 switch (a->type) {-
653#ifdef WITH_OPENSSL-
654 case KEY_RSA_CERT:
never executed: case KEY_RSA_CERT:
0
655 case KEY_RSA:
executed 67 times by 3 tests: case KEY_RSA:
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
67
656 if (a->rsa == NULL || b->rsa == NULL)
a->rsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
b->rsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-67
657 return 0;
never executed: return 0;
0
658 RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL);-
659 RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL);-
660 return BN_cmp(rsa_e_a, rsa_e_b) == 0 &&
executed 67 times by 3 tests: return BN_cmp(rsa_e_a, rsa_e_b) == 0 && BN_cmp(rsa_n_a, rsa_n_b) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
BN_cmp(rsa_e_a, rsa_e_b) == 0Description
TRUEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-67
661 BN_cmp(rsa_n_a, rsa_n_b) == 0;
executed 67 times by 3 tests: return BN_cmp(rsa_e_a, rsa_e_b) == 0 && BN_cmp(rsa_n_a, rsa_n_b) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
BN_cmp(rsa_n_a, rsa_n_b) == 0Description
TRUEevaluated 66 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
1-67
662 case KEY_DSA_CERT:
never executed: case KEY_DSA_CERT:
0
663 case KEY_DSA:
executed 68 times by 3 tests: case KEY_DSA:
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
68
664 if (a->dsa == NULL || b->dsa == NULL)
a->dsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
b->dsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-68
665 return 0;
never executed: return 0;
0
666 DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a);-
667 DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b);-
668 DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL);-
669 DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL);-
670 return BN_cmp(dsa_p_a, dsa_p_b) == 0 &&
executed 68 times by 3 tests: return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
BN_cmp(dsa_p_a, dsa_p_b) == 0Description
TRUEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
1-68
671 BN_cmp(dsa_q_a, dsa_q_b) == 0 &&
executed 68 times by 3 tests: return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
BN_cmp(dsa_q_a, dsa_q_b) == 0Description
TRUEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-68
672 BN_cmp(dsa_g_a, dsa_g_b) == 0 &&
executed 68 times by 3 tests: return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
BN_cmp(dsa_g_a, dsa_g_b) == 0Description
TRUEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-68
673 BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
executed 68 times by 3 tests: return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
BN_cmp(dsa_pub...ub_key_b) == 0Description
TRUEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-68
674# ifdef OPENSSL_HAS_ECC-
675 case KEY_ECDSA_CERT:
never executed: case KEY_ECDSA_CERT:
0
676 case KEY_ECDSA:
executed 68 times by 3 tests: case KEY_ECDSA:
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
68
677 if (a->ecdsa == NULL || b->ecdsa == NULL ||
a->ecdsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
b->ecdsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-68
678 EC_KEY_get0_public_key(a->ecdsa) == NULL ||
EC_KEY_get0_pu...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-68
679 EC_KEY_get0_public_key(b->ecdsa) == NULL)
EC_KEY_get0_pu...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-68
680 return 0;
never executed: return 0;
0
681 if ((bnctx = BN_CTX_new()) == NULL)
(bnctx = BN_CT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-68
682 return 0;
never executed: return 0;
0
683 if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa),
EC_GROUP_cmp(E...), bnctx) != 0Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-68
684 EC_KEY_get0_group(b->ecdsa), bnctx) != 0 ||
EC_GROUP_cmp(E...), bnctx) != 0Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
0-68
685 EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa),
EC_POINT_cmp(E...), bnctx) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
1-67
686 EC_KEY_get0_public_key(a->ecdsa),
EC_POINT_cmp(E...), bnctx) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
1-67
687 EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) {
EC_POINT_cmp(E...), bnctx) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 67 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
1-67
688 BN_CTX_free(bnctx);-
689 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • test_sshkey
1
690 }-
691 BN_CTX_free(bnctx);-
692 return 1;
executed 67 times by 3 tests: return 1;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
67
693# endif /* OPENSSL_HAS_ECC */-
694#endif /* WITH_OPENSSL */-
695 case KEY_ED25519:
executed 65 times by 3 tests: case KEY_ED25519:
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
65
696 case KEY_ED25519_CERT:
never executed: case KEY_ED25519_CERT:
0
697 return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
executed 65 times by 3 tests: return a->ed25519_pk != ((void *)0) && b->ed25519_pk != ((void *)0) && memcmp(a->ed25519_pk, b->ed25519_pk, 32U) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
a->ed25519_pk != ((void *)0)Description
TRUEevaluated 65 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
b->ed25519_pk != ((void *)0)Description
TRUEevaluated 65 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-65
698 memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
executed 65 times by 3 tests: return a->ed25519_pk != ((void *)0) && b->ed25519_pk != ((void *)0) && memcmp(a->ed25519_pk, b->ed25519_pk, 32U) == 0;
Executed by:
  • test_hostkeys
  • test_kex
  • test_sshkey
memcmp(a->ed25..._pk, 32U) == 0Description
TRUEevaluated 64 times by 3 tests
Evaluated by:
  • test_hostkeys
  • test_kex
  • test_sshkey
FALSEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
1-65
699#ifdef WITH_XMSS-
700 case KEY_XMSS:-
701 case KEY_XMSS_CERT:-
702 return a->xmss_pk != NULL && b->xmss_pk != NULL &&-
703 sshkey_xmss_pklen(a) == sshkey_xmss_pklen(b) &&-
704 memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) == 0;-
705#endif /* WITH_XMSS */-
706 default:
never executed: default:
0
707 return 0;
never executed: return 0;
0
708 }-
709 /* NOTREACHED */-
710}-
711-
712int-
713sshkey_equal(const struct sshkey *a, const struct sshkey *b)-
714{-
715 if (a == NULL || b == NULL || a->type != b->type)
a == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 111 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
b == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 111 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
a->type != b->typeDescription
TRUEevaluated 9 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 102 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
0-111
716 return 0;
executed 9 times by 1 test: return 0;
Executed by:
  • test_sshkey
9
717 if (sshkey_is_cert(a)) {
sshkey_is_cert(a)Description
TRUEnever evaluated
FALSEevaluated 102 times by 2 tests
Evaluated by:
  • test_hostkeys
  • test_sshkey
0-102
718 if (!cert_compare(a->cert, b->cert))
!cert_compare(...cert, b->cert)Description
TRUEnever evaluated
FALSEnever evaluated
0
719 return 0;
never executed: return 0;
0
720 }
never executed: end of block
0
721 return sshkey_equal_public(a, b);
executed 102 times by 2 tests: return sshkey_equal_public(a, b);
Executed by:
  • test_hostkeys
  • test_sshkey
102
722}-
723-
724static int-
725to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,-
726 enum sshkey_serialize_rep opts)-
727{-
728 int type, ret = SSH_ERR_INTERNAL_ERROR;-
729 const char *typename;-
730#ifdef WITH_OPENSSL-
731 const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;-
732#endif /* WITH_OPENSSL */-
733-
734 if (key == NULL)
key == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 231 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-231
735 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
736-
737 if (sshkey_is_cert(key)) {
sshkey_is_cert(key)Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 221 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
10-221
738 if (key->cert == NULL)
key->cert == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 10 times by 1 test
Evaluated by:
  • test_sshkey
0-10
739 return SSH_ERR_EXPECTED_CERT;
never executed: return -16;
0
740 if (sshbuf_len(key->cert->certblob) == 0)
sshbuf_len(key...certblob) == 0Description
TRUEnever evaluated
FALSEevaluated 10 times by 1 test
Evaluated by:
  • test_sshkey
0-10
741 return SSH_ERR_KEY_LACKS_CERTBLOB;
never executed: return -17;
0
742 }
executed 10 times by 1 test: end of block
Executed by:
  • test_sshkey
10
743 type = force_plain ? sshkey_type_plain(key->type) : key->type;
force_plainDescription
TRUEevaluated 41 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
FALSEevaluated 190 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
41-190
744 typename = sshkey_ssh_name_from_type_nid(type, key->ecdsa_nid);-
745-
746 switch (type) {-
747#ifdef WITH_OPENSSL-
748 case KEY_DSA_CERT:
executed 1 time by 1 test: case KEY_DSA_CERT:
Executed by:
  • test_sshkey
1
749 case KEY_ECDSA_CERT:
executed 1 time by 1 test: case KEY_ECDSA_CERT:
Executed by:
  • test_sshkey
1
750 case KEY_RSA_CERT:
executed 2 times by 1 test: case KEY_RSA_CERT:
Executed by:
  • test_sshkey
2
751#endif /* WITH_OPENSSL */-
752 case KEY_ED25519_CERT:
executed 2 times by 1 test: case KEY_ED25519_CERT:
Executed by:
  • test_sshkey
2
753#ifdef WITH_XMSS-
754 case KEY_XMSS_CERT:-
755#endif /* WITH_XMSS */-
756 /* Use the existing blob */-
757 /* XXX modified flag? */-
758 if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
(ret = sshbuf_...ertblob)) != 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • test_sshkey
0-6
759 return ret;
never executed: return ret;
0
760 break;
executed 6 times by 1 test: break;
Executed by:
  • test_sshkey
6
761#ifdef WITH_OPENSSL-
762 case KEY_DSA:
executed 52 times by 3 tests: case KEY_DSA:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
52
763 if (key->dsa == NULL)
key->dsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
764 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
765 DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g);-
766 DSA_get0_key(key->dsa, &dsa_pub_key, NULL);-
767 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
(ret = sshbuf_...ypename)) != 0Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
768 (ret = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
(ret = sshbuf_..., dsa_p)) != 0Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
769 (ret = sshbuf_put_bignum2(b, dsa_q)) != 0 ||
(ret = sshbuf_..., dsa_q)) != 0Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
770 (ret = sshbuf_put_bignum2(b, dsa_g)) != 0 ||
(ret = sshbuf_..., dsa_g)) != 0Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
771 (ret = sshbuf_put_bignum2(b, dsa_pub_key)) != 0)
(ret = sshbuf_...pub_key)) != 0Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
772 return ret;
never executed: return ret;
0
773 break;
executed 52 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
52
774# ifdef OPENSSL_HAS_ECC-
775 case KEY_ECDSA:
executed 50 times by 3 tests: case KEY_ECDSA:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
50
776 if (key->ecdsa == NULL)
key->ecdsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 50 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-50
777 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
778 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
(ret = sshbuf_...ypename)) != 0Description
TRUEnever evaluated
FALSEevaluated 50 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-50
779 (ret = sshbuf_put_cstring(b,
(ret = sshbuf_...sa_nid))) != 0Description
TRUEnever evaluated
FALSEevaluated 50 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-50
780 sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 ||
(ret = sshbuf_...sa_nid))) != 0Description
TRUEnever evaluated
FALSEevaluated 50 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-50
781 (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0)
(ret = sshbuf_...->ecdsa)) != 0Description
TRUEnever evaluated
FALSEevaluated 50 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-50
782 return ret;
never executed: return ret;
0
783 break;
executed 50 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
50
784# endif-
785 case KEY_RSA:
executed 64 times by 4 tests: case KEY_RSA:
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
64
786 if (key->rsa == NULL)
key->rsa == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-64
787 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
788 RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL);-
789 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
(ret = sshbuf_...ypename)) != 0Description
TRUEnever evaluated
FALSEevaluated 64 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-64
790 (ret = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
(ret = sshbuf_..., rsa_e)) != 0Description
TRUEnever evaluated
FALSEevaluated 64 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-64
791 (ret = sshbuf_put_bignum2(b, rsa_n)) != 0)
(ret = sshbuf_..., rsa_n)) != 0Description
TRUEnever evaluated
FALSEevaluated 64 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-64
792 return ret;
never executed: return ret;
0
793 break;
executed 64 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
64
794#endif /* WITH_OPENSSL */-
795 case KEY_ED25519:
executed 59 times by 4 tests: case KEY_ED25519:
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
59
796 if (key->ed25519_pk == NULL)
key->ed25519_pk == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 59 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-59
797 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
798 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
(ret = sshbuf_...ypename)) != 0Description
TRUEnever evaluated
FALSEevaluated 59 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-59
799 (ret = sshbuf_put_string(b,
(ret = sshbuf_...pk, 32U)) != 0Description
TRUEnever evaluated
FALSEevaluated 59 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-59
800 key->ed25519_pk, ED25519_PK_SZ)) != 0)
(ret = sshbuf_...pk, 32U)) != 0Description
TRUEnever evaluated
FALSEevaluated 59 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-59
801 return ret;
never executed: return ret;
0
802 break;
executed 59 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
59
803#ifdef WITH_XMSS-
804 case KEY_XMSS:-
805 if (key->xmss_name == NULL || key->xmss_pk == NULL ||-
806 sshkey_xmss_pklen(key) == 0)-
807 return SSH_ERR_INVALID_ARGUMENT;-
808 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||-
809 (ret = sshbuf_put_cstring(b, key->xmss_name)) != 0 ||-
810 (ret = sshbuf_put_string(b,-
811 key->xmss_pk, sshkey_xmss_pklen(key))) != 0 ||-
812 (ret = sshkey_xmss_serialize_pk_info(key, b, opts)) != 0)-
813 return ret;-
814 break;-
815#endif /* WITH_XMSS */-
816 default:
never executed: default:
0
817 return SSH_ERR_KEY_TYPE_UNKNOWN;
never executed: return -14;
0
818 }-
819 return 0;
executed 231 times by 4 tests: return 0;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
231
820}-
821-
822int-
823sshkey_putb(const struct sshkey *key, struct sshbuf *b)-
824{-
825 return to_blob_buf(key, b, 0, SSHKEY_SERIALIZE_DEFAULT);
executed 21 times by 2 tests: return to_blob_buf(key, b, 0, SSHKEY_SERIALIZE_DEFAULT);
Executed by:
  • ssh-keygen
  • test_sshkey
21
826}-
827-
828int-
829sshkey_puts_opts(const struct sshkey *key, struct sshbuf *b,-
830 enum sshkey_serialize_rep opts)-
831{-
832 struct sshbuf *tmp;-
833 int r;-
834-
835 if ((tmp = sshbuf_new()) == NULL)
(tmp = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
836 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
837 r = to_blob_buf(key, tmp, 0, opts);-
838 if (r == 0)
r == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
839 r = sshbuf_put_stringb(b, tmp);
never executed: r = sshbuf_put_stringb(b, tmp);
0
840 sshbuf_free(tmp);-
841 return r;
never executed: return r;
0
842}-
843-
844int-
845sshkey_puts(const struct sshkey *key, struct sshbuf *b)-
846{-
847 return sshkey_puts_opts(key, b, SSHKEY_SERIALIZE_DEFAULT);
never executed: return sshkey_puts_opts(key, b, SSHKEY_SERIALIZE_DEFAULT);
0
848}-
849-
850int-
851sshkey_putb_plain(const struct sshkey *key, struct sshbuf *b)-
852{-
853 return to_blob_buf(key, b, 1, SSHKEY_SERIALIZE_DEFAULT);
executed 1 time by 1 test: return to_blob_buf(key, b, 1, SSHKEY_SERIALIZE_DEFAULT);
Executed by:
  • test_sshkey
1
854}-
855-
856static int-
857to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain,-
858 enum sshkey_serialize_rep opts)-
859{-
860 int ret = SSH_ERR_INTERNAL_ERROR;-
861 size_t len;-
862 struct sshbuf *b = NULL;-
863-
864 if (lenp != NULL)
lenp != ((void *)0)Description
TRUEevaluated 209 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-209
865 *lenp = 0;
executed 209 times by 4 tests: *lenp = 0;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
209
866 if (blobp != NULL)
blobp != ((void *)0)Description
TRUEevaluated 209 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-209
867 *blobp = NULL;
executed 209 times by 4 tests: *blobp = ((void *)0) ;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
209
868 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 209 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-209
869 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
870 if ((ret = to_blob_buf(key, b, force_plain, opts)) != 0)
(ret = to_blob...n, opts)) != 0Description
TRUEnever evaluated
FALSEevaluated 209 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-209
871 goto out;
never executed: goto out;
0
872 len = sshbuf_len(b);-
873 if (lenp != NULL)
lenp != ((void *)0)Description
TRUEevaluated 209 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-209
874 *lenp = len;
executed 209 times by 4 tests: *lenp = len;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
209
875 if (blobp != NULL) {
blobp != ((void *)0)Description
TRUEevaluated 209 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-209
876 if ((*blobp = malloc(len)) == NULL) {
(*blobp = mall...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 209 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-209
877 ret = SSH_ERR_ALLOC_FAIL;-
878 goto out;
never executed: goto out;
0
879 }-
880 memcpy(*blobp, sshbuf_ptr(b), len);-
881 }
executed 209 times by 4 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
209
882 ret = 0;-
883 out:
code before this statement executed 209 times by 4 tests: out:
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
209
884 sshbuf_free(b);-
885 return ret;
executed 209 times by 4 tests: return ret;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
209
886}-
887-
888int-
889sshkey_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp)-
890{-
891 return to_blob(key, blobp, lenp, 0, SSHKEY_SERIALIZE_DEFAULT);
executed 169 times by 3 tests: return to_blob(key, blobp, lenp, 0, SSHKEY_SERIALIZE_DEFAULT);
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
169
892}-
893-
894int-
895sshkey_plain_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp)-
896{-
897 return to_blob(key, blobp, lenp, 1, SSHKEY_SERIALIZE_DEFAULT);
never executed: return to_blob(key, blobp, lenp, 1, SSHKEY_SERIALIZE_DEFAULT);
0
898}-
899-
900int-
901sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg,-
902 u_char **retp, size_t *lenp)-
903{-
904 u_char *blob = NULL, *ret = NULL;-
905 size_t blob_len = 0;-
906 int r = SSH_ERR_INTERNAL_ERROR;-
907-
908 if (retp != NULL)
retp != ((void *)0)Description
TRUEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
FALSEnever evaluated
0-40
909 *retp = NULL;
executed 40 times by 3 tests: *retp = ((void *)0) ;
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
910 if (lenp != NULL)
lenp != ((void *)0)Description
TRUEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
FALSEnever evaluated
0-40
911 *lenp = 0;
executed 40 times by 3 tests: *lenp = 0;
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
912 if (ssh_digest_bytes(dgst_alg) == 0) {
ssh_digest_byt...dgst_alg) == 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-40
913 r = SSH_ERR_INVALID_ARGUMENT;-
914 goto out;
never executed: goto out;
0
915 }-
916 if ((r = to_blob(k, &blob, &blob_len, 1, SSHKEY_SERIALIZE_DEFAULT))
(r = to_blob(k...DEFAULT)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-40
917 != 0)
(r = to_blob(k...DEFAULT)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-40
918 goto out;
never executed: goto out;
0
919 if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) {
(ret = calloc(...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-40
920 r = SSH_ERR_ALLOC_FAIL;-
921 goto out;
never executed: goto out;
0
922 }-
923 if ((r = ssh_digest_memory(dgst_alg, blob, blob_len,
(r = ssh_diges...ret, 64)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-40
924 ret, SSH_DIGEST_MAX_LENGTH)) != 0)
(r = ssh_diges...ret, 64)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-40
925 goto out;
never executed: goto out;
0
926 /* success */-
927 if (retp != NULL) {
retp != ((void *)0)Description
TRUEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
FALSEnever evaluated
0-40
928 *retp = ret;-
929 ret = NULL;-
930 }
executed 40 times by 3 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
931 if (lenp != NULL)
lenp != ((void *)0)Description
TRUEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
FALSEnever evaluated
0-40
932 *lenp = ssh_digest_bytes(dgst_alg);
executed 40 times by 3 tests: *lenp = ssh_digest_bytes(dgst_alg);
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
933 r = 0;-
934 out:
code before this statement executed 40 times by 3 tests: out:
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
935 free(ret);-
936 if (blob != NULL) {
blob != ((void *)0)Description
TRUEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
FALSEnever evaluated
0-40
937 explicit_bzero(blob, blob_len);-
938 free(blob);-
939 }
executed 40 times by 3 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
940 return r;
executed 40 times by 3 tests: return r;
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
941}-
942-
943static char *-
944fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len)-
945{-
946 char *ret;-
947 size_t plen = strlen(alg) + 1;-
948 size_t rlen = ((dgst_raw_len + 2) / 3) * 4 + plen + 1;-
949 int r;-
950-
951 if (dgst_raw_len > 65536 || (ret = calloc(1, rlen)) == NULL)
dgst_raw_len > 65536Description
TRUEnever evaluated
FALSEevaluated 18 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
(ret = calloc(...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 18 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-18
952 return NULL;
never executed: return ((void *)0) ;
0
953 strlcpy(ret, alg, rlen);-
954 strlcat(ret, ":", rlen);-
955 if (dgst_raw_len == 0)
dgst_raw_len == 0Description
TRUEnever evaluated
FALSEevaluated 18 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-18
956 return ret;
never executed: return ret;
0
957 if ((r = b64_ntop(dgst_raw, dgst_raw_len,
(r = __b64_nto... plen) ) == -1Description
TRUEnever evaluated
FALSEevaluated 18 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-18
958 ret + plen, rlen - plen)) == -1) {
(r = __b64_nto... plen) ) == -1Description
TRUEnever evaluated
FALSEevaluated 18 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-18
959 freezero(ret, rlen);-
960 return NULL;
never executed: return ((void *)0) ;
0
961 }-
962 /* Trim padding characters from end */-
963 ret[strcspn(ret, "=")] = '\0';-
964 return ret;
executed 18 times by 3 tests: return ret;
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
18
965}-
966-
967static char *-
968fingerprint_hex(const char *alg, u_char *dgst_raw, size_t dgst_raw_len)-
969{-
970 char *retval, hex[5];-
971 size_t i, rlen = dgst_raw_len * 3 + strlen(alg) + 2;-
972-
973 if (dgst_raw_len > 65536 || (retval = calloc(1, rlen)) == NULL)
dgst_raw_len > 65536Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
(retval = call...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
974 return NULL;
never executed: return ((void *)0) ;
0
975 strlcpy(retval, alg, rlen);-
976 strlcat(retval, ":", rlen);-
977 for (i = 0; i < dgst_raw_len; i++) {
i < dgst_raw_lenDescription
TRUEevaluated 16 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
1-16
978 snprintf(hex, sizeof(hex), "%s%02x",-
979 i > 0 ? ":" : "", dgst_raw[i]);-
980 strlcat(retval, hex, rlen);-
981 }
executed 16 times by 1 test: end of block
Executed by:
  • ssh-keygen
16
982 return retval;
executed 1 time by 1 test: return retval;
Executed by:
  • ssh-keygen
1
983}-
984-
985static char *-
986fingerprint_bubblebabble(u_char *dgst_raw, size_t dgst_raw_len)-
987{-
988 char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };-
989 char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',-
990 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };-
991 u_int i, j = 0, rounds, seed = 1;-
992 char *retval;-
993-
994 rounds = (dgst_raw_len / 2) + 1;-
995 if ((retval = calloc(rounds, 6)) == NULL)
(retval = call...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 9 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
0-9
996 return NULL;
never executed: return ((void *)0) ;
0
997 retval[j++] = 'x';-
998 for (i = 0; i < rounds; i++) {
i < roundsDescription
TRUEevaluated 99 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
FALSEevaluated 9 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
9-99
999 u_int idx0, idx1, idx2, idx3, idx4;-
1000 if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
(i + 1 < rounds)Description
TRUEevaluated 90 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
FALSEevaluated 9 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
(dgst_raw_len % 2 != 0)Description
TRUEnever evaluated
FALSEevaluated 9 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
0-90
1001 idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +-
1002 seed) % 6;-
1003 idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;-
1004 idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +-
1005 (seed / 6)) % 6;-
1006 retval[j++] = vowels[idx0];-
1007 retval[j++] = consonants[idx1];-
1008 retval[j++] = vowels[idx2];-
1009 if ((i + 1) < rounds) {
(i + 1) < roundsDescription
TRUEevaluated 90 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
FALSEnever evaluated
0-90
1010 idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;-
1011 idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;-
1012 retval[j++] = consonants[idx3];-
1013 retval[j++] = '-';-
1014 retval[j++] = consonants[idx4];-
1015 seed = ((seed * 5) +-
1016 ((((u_int)(dgst_raw[2 * i])) * 7) +-
1017 ((u_int)(dgst_raw[(2 * i) + 1])))) % 36;-
1018 }
executed 90 times by 2 tests: end of block
Executed by:
  • ssh-keygen
  • test_sshkey
90
1019 } else {
executed 90 times by 2 tests: end of block
Executed by:
  • ssh-keygen
  • test_sshkey
90
1020 idx0 = seed % 6;-
1021 idx1 = 16;-
1022 idx2 = seed / 6;-
1023 retval[j++] = vowels[idx0];-
1024 retval[j++] = consonants[idx1];-
1025 retval[j++] = vowels[idx2];-
1026 }
executed 9 times by 2 tests: end of block
Executed by:
  • ssh-keygen
  • test_sshkey
9
1027 }-
1028 retval[j++] = 'x';-
1029 retval[j++] = '\0';-
1030 return retval;
executed 9 times by 2 tests: return retval;
Executed by:
  • ssh-keygen
  • test_sshkey
9
1031}-
1032-
1033/*-
1034 * Draw an ASCII-Art representing the fingerprint so human brain can-
1035 * profit from its built-in pattern recognition ability.-
1036 * This technique is called "random art" and can be found in some-
1037 * scientific publications like this original paper:-
1038 *-
1039 * "Hash Visualization: a New Technique to improve Real-World Security",-
1040 * Perrig A. and Song D., 1999, International Workshop on Cryptographic-
1041 * Techniques and E-Commerce (CrypTEC '99)-
1042 * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf-
1043 *-
1044 * The subject came up in a talk by Dan Kaminsky, too.-
1045 *-
1046 * If you see the picture is different, the key is different.-
1047 * If the picture looks the same, you still know nothing.-
1048 *-
1049 * The algorithm used here is a worm crawling over a discrete plane,-
1050 * leaving a trace (augmenting the field) everywhere it goes.-
1051 * Movement is taken from dgst_raw 2bit-wise. Bumping into walls-
1052 * makes the respective movement vector be ignored for this turn.-
1053 * Graphs are not unambiguous, because circles in graphs can be-
1054 * walked in either direction.-
1055 */-
1056-
1057/*-
1058 * Field sizes for the random art. Have to be odd, so the starting point-
1059 * can be in the exact middle of the picture, and FLDBASE should be >=8 .-
1060 * Else pictures would be too dense, and drawing the frame would-
1061 * fail, too, because the key type would not fit in anymore.-
1062 */-
1063#define FLDBASE 8-
1064#define FLDSIZE_Y (FLDBASE + 1)-
1065#define FLDSIZE_X (FLDBASE * 2 + 1)-
1066static char *-
1067fingerprint_randomart(const char *alg, u_char *dgst_raw, size_t dgst_raw_len,-
1068 const struct sshkey *k)-
1069{-
1070 /*-
1071 * Chars to be used after each other every time the worm-
1072 * intersects with itself. Matter of taste.-
1073 */-
1074 char *augmentation_string = " .o+=*BOX@%&#/^SE";-
1075 char *retval, *p, title[FLDSIZE_X], hash[FLDSIZE_X];-
1076 u_char field[FLDSIZE_X][FLDSIZE_Y];-
1077 size_t i, tlen, hlen;-
1078 u_int b;-
1079 int x, y, r;-
1080 size_t len = strlen(augmentation_string) - 1;-
1081-
1082 if ((retval = calloc((FLDSIZE_X + 3), (FLDSIZE_Y + 2))) == NULL)
(retval = call...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
1083 return NULL;
never executed: return ((void *)0) ;
0
1084-
1085 /* initialize field */-
1086 memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));-
1087 x = FLDSIZE_X / 2;-
1088 y = FLDSIZE_Y / 2;-
1089-
1090 /* process raw key */-
1091 for (i = 0; i < dgst_raw_len; i++) {
i < dgst_raw_lenDescription
TRUEevaluated 368 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
12-368
1092 int input;-
1093 /* each byte conveys four 2-bit move commands */-
1094 input = dgst_raw[i];-
1095 for (b = 0; b < 4; b++) {
b < 4Description
TRUEevaluated 1472 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 368 times by 1 test
Evaluated by:
  • ssh-keygen
368-1472
1096 /* evaluate 2 bit, rest is shifted later */-
1097 x += (input & 0x1) ? 1 : -1;
(input & 0x1)Description
TRUEevaluated 756 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 716 times by 1 test
Evaluated by:
  • ssh-keygen
716-756
1098 y += (input & 0x2) ? 1 : -1;
(input & 0x2)Description
TRUEevaluated 760 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 712 times by 1 test
Evaluated by:
  • ssh-keygen
712-760
1099-
1100 /* assure we are still in bounds */-
1101 x = MAXIMUM(x, 0);
((x) > (0))Description
TRUEevaluated 1453 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 19 times by 1 test
Evaluated by:
  • ssh-keygen
19-1453
1102 y = MAXIMUM(y, 0);
((y) > (0))Description
TRUEevaluated 1366 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 106 times by 1 test
Evaluated by:
  • ssh-keygen
106-1366
1103 x = MINIMUM(x, FLDSIZE_X - 1);
((x) < ((8 * 2 + 1) - 1))Description
TRUEevaluated 1407 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 65 times by 1 test
Evaluated by:
  • ssh-keygen
65-1407
1104 y = MINIMUM(y, FLDSIZE_Y - 1);
((y) < ((8 + 1) - 1))Description
TRUEevaluated 1306 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 166 times by 1 test
Evaluated by:
  • ssh-keygen
166-1306
1105-
1106 /* augment the field */-
1107 if (field[x][y] < len - 2)
field[x][y] < len - 2Description
TRUEevaluated 1472 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-1472
1108 field[x][y]++;
executed 1472 times by 1 test: field[x][y]++;
Executed by:
  • ssh-keygen
1472
1109 input = input >> 2;-
1110 }
executed 1472 times by 1 test: end of block
Executed by:
  • ssh-keygen
1472
1111 }
executed 368 times by 1 test: end of block
Executed by:
  • ssh-keygen
368
1112-
1113 /* mark starting point and end point*/-
1114 field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;-
1115 field[x][y] = len;-
1116-
1117 /* assemble title */-
1118 r = snprintf(title, sizeof(title), "[%s %u]",-
1119 sshkey_type(k), sshkey_size(k));-
1120 /* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */-
1121 if (r < 0 || r > (int)sizeof(title))
r < 0Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
r > (int)sizeof(title)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
1122 r = snprintf(title, sizeof(title), "[%s]", sshkey_type(k));
never executed: r = snprintf(title, sizeof(title), "[%s]", sshkey_type(k));
0
1123 tlen = (r <= 0) ? 0 : strlen(title);
(r <= 0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
1124-
1125 /* assemble hash ID. */-
1126 r = snprintf(hash, sizeof(hash), "[%s]", alg);-
1127 hlen = (r <= 0) ? 0 : strlen(hash);
(r <= 0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
1128-
1129 /* output upper border */-
1130 p = retval;-
1131 *p++ = '+';-
1132 for (i = 0; i < (FLDSIZE_X - tlen) / 2; i++)
i < ((8 * 2 + 1) - tlen) / 2Description
TRUEevaluated 33 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
12-33
1133 *p++ = '-';
executed 33 times by 1 test: *p++ = '-';
Executed by:
  • ssh-keygen
33
1134 memcpy(p, title, tlen);-
1135 p += tlen;-
1136 for (i += tlen; i < FLDSIZE_X; i++)
i < (8 * 2 + 1)Description
TRUEevaluated 40 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
12-40
1137 *p++ = '-';
executed 40 times by 1 test: *p++ = '-';
Executed by:
  • ssh-keygen
40
1138 *p++ = '+';-
1139 *p++ = '\n';-
1140-
1141 /* output content */-
1142 for (y = 0; y < FLDSIZE_Y; y++) {
y < (8 + 1)Description
TRUEevaluated 108 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
12-108
1143 *p++ = '|';-
1144 for (x = 0; x < FLDSIZE_X; x++)
x < (8 * 2 + 1)Description
TRUEevaluated 1836 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 108 times by 1 test
Evaluated by:
  • ssh-keygen
108-1836
1145 *p++ = augmentation_string[MINIMUM(field[x][y], len)];
executed 1836 times by 1 test: *p++ = augmentation_string[(((field[x][y]) < (len)) ? (field[x][y]) : (len))];
Executed by:
  • ssh-keygen
1836
1146 *p++ = '|';-
1147 *p++ = '\n';-
1148 }
executed 108 times by 1 test: end of block
Executed by:
  • ssh-keygen
108
1149-
1150 /* output lower border */-
1151 *p++ = '+';-
1152 for (i = 0; i < (FLDSIZE_X - hlen) / 2; i++)
i < ((8 * 2 + 1) - hlen) / 2Description
TRUEevaluated 50 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
12-50
1153 *p++ = '-';
executed 50 times by 1 test: *p++ = '-';
Executed by:
  • ssh-keygen
50
1154 memcpy(p, hash, hlen);-
1155 p += hlen;-
1156 for (i += hlen; i < FLDSIZE_X; i++)
i < (8 * 2 + 1)Description
TRUEevaluated 61 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
12-61
1157 *p++ = '-';
executed 61 times by 1 test: *p++ = '-';
Executed by:
  • ssh-keygen
61
1158 *p++ = '+';-
1159-
1160 return retval;
executed 12 times by 1 test: return retval;
Executed by:
  • ssh-keygen
12
1161}-
1162-
1163char *-
1164sshkey_fingerprint(const struct sshkey *k, int dgst_alg,-
1165 enum sshkey_fp_rep dgst_rep)-
1166{-
1167 char *retval = NULL;-
1168 u_char *dgst_raw;-
1169 size_t dgst_raw_len;-
1170-
1171 if (sshkey_fingerprint_raw(k, dgst_alg, &dgst_raw, &dgst_raw_len) != 0)
sshkey_fingerp..._raw_len) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-40
1172 return NULL;
never executed: return ((void *)0) ;
0
1173 switch (dgst_rep) {-
1174 case SSH_FP_DEFAULT:
executed 11 times by 2 tests: case SSH_FP_DEFAULT:
Executed by:
  • ssh-keygen
  • sshd
11
1175 if (dgst_alg == SSH_DIGEST_MD5) {
dgst_alg == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 10 times by 2 tests
Evaluated by:
  • ssh-keygen
  • sshd
1-10
1176 retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg),-
1177 dgst_raw, dgst_raw_len);-
1178 } else {
executed 1 time by 1 test: end of block
Executed by:
  • ssh-keygen
1
1179 retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg),-
1180 dgst_raw, dgst_raw_len);-
1181 }
executed 10 times by 2 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
10
1182 break;
executed 11 times by 2 tests: break;
Executed by:
  • ssh-keygen
  • sshd
11
1183 case SSH_FP_HEX:
never executed: case SSH_FP_HEX:
0
1184 retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg),-
1185 dgst_raw, dgst_raw_len);-
1186 break;
never executed: break;
0
1187 case SSH_FP_BASE64:
executed 8 times by 1 test: case SSH_FP_BASE64:
Executed by:
  • test_sshkey
8
1188 retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg),-
1189 dgst_raw, dgst_raw_len);-
1190 break;
executed 8 times by 1 test: break;
Executed by:
  • test_sshkey
8
1191 case SSH_FP_BUBBLEBABBLE:
executed 9 times by 2 tests: case SSH_FP_BUBBLEBABBLE:
Executed by:
  • ssh-keygen
  • test_sshkey
9
1192 retval = fingerprint_bubblebabble(dgst_raw, dgst_raw_len);-
1193 break;
executed 9 times by 2 tests: break;
Executed by:
  • ssh-keygen
  • test_sshkey
9
1194 case SSH_FP_RANDOMART:
executed 12 times by 1 test: case SSH_FP_RANDOMART:
Executed by:
  • ssh-keygen
12
1195 retval = fingerprint_randomart(ssh_digest_alg_name(dgst_alg),-
1196 dgst_raw, dgst_raw_len, k);-
1197 break;
executed 12 times by 1 test: break;
Executed by:
  • ssh-keygen
12
1198 default:
never executed: default:
0
1199 explicit_bzero(dgst_raw, dgst_raw_len);-
1200 free(dgst_raw);-
1201 return NULL;
never executed: return ((void *)0) ;
0
1202 }-
1203 explicit_bzero(dgst_raw, dgst_raw_len);-
1204 free(dgst_raw);-
1205 return retval;
executed 40 times by 3 tests: return retval;
Executed by:
  • ssh-keygen
  • sshd
  • test_sshkey
40
1206}-
1207-
1208static int-
1209peek_type_nid(const char *s, size_t l, int *nid)-
1210{-
1211 const struct keytype *kt;-
1212-
1213 for (kt = keytypes; kt->type != -1; kt++) {
kt->type != -1Description
TRUEevaluated 3108 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_hostkeys
4-3108
1214 if (kt->name == NULL || strlen(kt->name) != l)
kt->name == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3108 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
strlen(kt->name) != lDescription
TRUEevaluated 2183 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
FALSEevaluated 925 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-3108
1215 continue;
executed 2183 times by 4 tests: continue;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
2183
1216 if (memcmp(s, kt->name, l) == 0) {
memcmp(s, kt->name, l) == 0Description
TRUEevaluated 682 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
FALSEevaluated 243 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
243-682
1217 *nid = -1;-
1218 if (kt->type == KEY_ECDSA || kt->type == KEY_ECDSA_CERT)
kt->type == KEY_ECDSADescription
TRUEevaluated 169 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
FALSEevaluated 513 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
kt->type == KEY_ECDSA_CERTDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 511 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
2-513
1219 *nid = kt->nid;
executed 171 times by 3 tests: *nid = kt->nid;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
171
1220 return kt->type;
executed 682 times by 4 tests: return kt->type;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
682
1221 }-
1222 }
executed 243 times by 3 tests: end of block
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
243
1223 return KEY_UNSPEC;
executed 4 times by 1 test: return KEY_UNSPEC;
Executed by:
  • test_hostkeys
4
1224}-
1225-
1226/* XXX this can now be made const char * */-
1227int-
1228sshkey_read(struct sshkey *ret, char **cpp)-
1229{-
1230 struct sshkey *k;-
1231 char *cp, *blobcopy;-
1232 size_t space;-
1233 int r, type, curve_nid = -1;-
1234 struct sshbuf *blob;-
1235-
1236 if (ret == NULL)
ret == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 686 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-686
1237 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1238-
1239 switch (ret->type) {-
1240 case KEY_UNSPEC:
executed 686 times by 4 tests: case KEY_UNSPEC:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
686
1241 case KEY_RSA:
never executed: case KEY_RSA:
0
1242 case KEY_DSA:
never executed: case KEY_DSA:
0
1243 case KEY_ECDSA:
never executed: case KEY_ECDSA:
0
1244 case KEY_ED25519:
never executed: case KEY_ED25519:
0
1245 case KEY_DSA_CERT:
never executed: case KEY_DSA_CERT:
0
1246 case KEY_ECDSA_CERT:
never executed: case KEY_ECDSA_CERT:
0
1247 case KEY_RSA_CERT:
never executed: case KEY_RSA_CERT:
0
1248 case KEY_ED25519_CERT:
never executed: case KEY_ED25519_CERT:
0
1249#ifdef WITH_XMSS-
1250 case KEY_XMSS:-
1251 case KEY_XMSS_CERT:-
1252#endif /* WITH_XMSS */-
1253 break; /* ok */
executed 686 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
686
1254 default:
never executed: default:
0
1255 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1256 }-
1257-
1258 /* Decode type */-
1259 cp = *cpp;-
1260 space = strcspn(cp, " \t");-
1261 if (space == strlen(cp))
space == strlen(cp)Description
TRUEnever evaluated
FALSEevaluated 686 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-686
1262 return SSH_ERR_INVALID_FORMAT;
never executed: return -4;
0
1263 if ((type = peek_type_nid(cp, space, &curve_nid)) == KEY_UNSPEC)
(type = peek_t... == KEY_UNSPECDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • test_hostkeys
FALSEevaluated 682 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
4-682
1264 return SSH_ERR_INVALID_FORMAT;
executed 4 times by 1 test: return -4;
Executed by:
  • test_hostkeys
4
1265-
1266 /* skip whitespace */-
1267 for (cp += space; *cp == ' ' || *cp == '\t'; cp++)
*cp == ' 'Description
TRUEevaluated 682 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
FALSEevaluated 682 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
*cp == '\t'Description
TRUEnever evaluated
FALSEevaluated 682 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-682
1268 ;
executed 682 times by 4 tests: ;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
682
1269 if (*cp == '\0')
*cp == '\0'Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • test_hostkeys
FALSEevaluated 679 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
3-679
1270 return SSH_ERR_INVALID_FORMAT;
executed 3 times by 1 test: return -4;
Executed by:
  • test_hostkeys
3
1271 if (ret->type != KEY_UNSPEC && ret->type != type)
ret->type != KEY_UNSPECDescription
TRUEnever evaluated
FALSEevaluated 679 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
ret->type != typeDescription
TRUEnever evaluated
FALSEnever evaluated
0-679
1272 return SSH_ERR_KEY_TYPE_MISMATCH;
never executed: return -13;
0
1273 if ((blob = sshbuf_new()) == NULL)
(blob = sshbuf...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 679 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-679
1274 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1275-
1276 /* find end of keyblob and decode */-
1277 space = strcspn(cp, " \t");-
1278 if ((blobcopy = strndup(cp, space)) == NULL) {
never executed: __len = __n + 1;
never executed: end of block
(blobcopy = (_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 679 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
__n < __lenDescription
TRUEnever evaluated
FALSEnever evaluated
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( cp )Description
TRUEnever evaluated
FALSEevaluated 679 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
((size_t)(cons...*)( cp ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-679
1279 sshbuf_free(blob);-
1280 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1281 }-
1282 if ((r = sshbuf_b64tod(blob, blobcopy)) != 0) {
(r = sshbuf_b6...lobcopy)) != 0Description
TRUEnever evaluated
FALSEevaluated 679 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-679
1283 free(blobcopy);-
1284 sshbuf_free(blob);-
1285 return r;
never executed: return r;
0
1286 }-
1287 free(blobcopy);-
1288 if ((r = sshkey_fromb(blob, &k)) != 0) {
(r = sshkey_fr...lob, &k)) != 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • test_hostkeys
FALSEevaluated 676 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
3-676
1289 sshbuf_free(blob);-
1290 return r;
executed 3 times by 1 test: return r;
Executed by:
  • test_hostkeys
3
1291 }-
1292 sshbuf_free(blob);-
1293-
1294 /* skip whitespace and leave cp at start of comment */-
1295 for (cp += space; *cp == ' ' || *cp == '\t'; cp++)
*cp == ' 'Description
TRUEevaluated 672 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
FALSEevaluated 676 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
*cp == '\t'Description
TRUEnever evaluated
FALSEevaluated 676 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-676
1296 ;
executed 672 times by 4 tests: ;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
672
1297-
1298 /* ensure type of blob matches type at start of line */-
1299 if (k->type != type) {
k->type != typeDescription
TRUEnever evaluated
FALSEevaluated 676 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
0-676
1300 sshkey_free(k);-
1301 return SSH_ERR_KEY_TYPE_MISMATCH;
never executed: return -13;
0
1302 }-
1303 if (sshkey_type_plain(type) == KEY_ECDSA && curve_nid != k->ecdsa_nid) {
sshkey_type_pl...) == KEY_ECDSADescription
TRUEevaluated 171 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
FALSEevaluated 505 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
curve_nid != k->ecdsa_nidDescription
TRUEnever evaluated
FALSEevaluated 171 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
0-505
1304 sshkey_free(k);-
1305 return SSH_ERR_EC_CURVE_MISMATCH;
never executed: return -15;
0
1306 }-
1307-
1308 /* Fill in ret from parsed key */-
1309 ret->type = type;-
1310 if (sshkey_is_cert(ret)) {
sshkey_is_cert(ret)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 665 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
11-665
1311 if (!sshkey_is_cert(k)) {
!sshkey_is_cert(k)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • test_sshkey
0-11
1312 sshkey_free(k);-
1313 return SSH_ERR_EXPECTED_CERT;
never executed: return -16;
0
1314 }-
1315 if (ret->cert != NULL)
ret->cert != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • test_sshkey
0-11
1316 cert_free(ret->cert);
never executed: cert_free(ret->cert);
0
1317 ret->cert = k->cert;-
1318 k->cert = NULL;-
1319 }
executed 11 times by 1 test: end of block
Executed by:
  • test_sshkey
11
1320 switch (sshkey_type_plain(ret->type)) {-
1321#ifdef WITH_OPENSSL-
1322 case KEY_RSA:
executed 161 times by 4 tests: case KEY_RSA:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
161
1323 RSA_free(ret->rsa);-
1324 ret->rsa = k->rsa;-
1325 k->rsa = NULL;-
1326#ifdef DEBUG_PK-
1327 RSA_print_fp(stderr, ret->rsa, 8);-
1328#endif-
1329 break;
executed 161 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
161
1330 case KEY_DSA:
executed 171 times by 3 tests: case KEY_DSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
171
1331 DSA_free(ret->dsa);-
1332 ret->dsa = k->dsa;-
1333 k->dsa = NULL;-
1334#ifdef DEBUG_PK-
1335 DSA_print_fp(stderr, ret->dsa, 8);-
1336#endif-
1337 break;
executed 171 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
171
1338# ifdef OPENSSL_HAS_ECC-
1339 case KEY_ECDSA:
executed 171 times by 3 tests: case KEY_ECDSA:
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
171
1340 EC_KEY_free(ret->ecdsa);-
1341 ret->ecdsa = k->ecdsa;-
1342 ret->ecdsa_nid = k->ecdsa_nid;-
1343 k->ecdsa = NULL;-
1344 k->ecdsa_nid = -1;-
1345#ifdef DEBUG_PK-
1346 sshkey_dump_ec_key(ret->ecdsa);-
1347#endif-
1348 break;
executed 171 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_hostkeys
  • test_sshkey
171
1349# endif /* OPENSSL_HAS_ECC */-
1350#endif /* WITH_OPENSSL */-
1351 case KEY_ED25519:
executed 173 times by 4 tests: case KEY_ED25519:
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
173
1352 freezero(ret->ed25519_pk, ED25519_PK_SZ);-
1353 ret->ed25519_pk = k->ed25519_pk;-
1354 k->ed25519_pk = NULL;-
1355#ifdef DEBUG_PK-
1356 /* XXX */-
1357#endif-
1358 break;
executed 173 times by 4 tests: break;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
173
1359#ifdef WITH_XMSS-
1360 case KEY_XMSS:-
1361 free(ret->xmss_pk);-
1362 ret->xmss_pk = k->xmss_pk;-
1363 k->xmss_pk = NULL;-
1364 free(ret->xmss_state);-
1365 ret->xmss_state = k->xmss_state;-
1366 k->xmss_state = NULL;-
1367 free(ret->xmss_name);-
1368 ret->xmss_name = k->xmss_name;-
1369 k->xmss_name = NULL;-
1370 free(ret->xmss_filename);-
1371 ret->xmss_filename = k->xmss_filename;-
1372 k->xmss_filename = NULL;-
1373#ifdef DEBUG_PK-
1374 /* XXX */-
1375#endif-
1376 break;-
1377#endif /* WITH_XMSS */-
1378 default:
never executed: default:
0
1379 sshkey_free(k);-
1380 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
1381 }-
1382 sshkey_free(k);-
1383-
1384 /* success */-
1385 *cpp = cp;-
1386 return 0;
executed 676 times by 4 tests: return 0;
Executed by:
  • ssh-keygen
  • sshd
  • test_hostkeys
  • test_sshkey
676
1387}-
1388-
1389-
1390int-
1391sshkey_to_base64(const struct sshkey *key, char **b64p)-
1392{-
1393 int r = SSH_ERR_INTERNAL_ERROR;-
1394 struct sshbuf *b = NULL;-
1395 char *uu = NULL;-
1396-
1397 if (b64p != NULL)
b64p != ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-11
1398 *b64p = NULL;
executed 11 times by 1 test: *b64p = ((void *)0) ;
Executed by:
  • ssh-keygen
11
1399 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1400 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1401 if ((r = sshkey_putb(key, b)) != 0)
(r = sshkey_putb(key, b)) != 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1402 goto out;
never executed: goto out;
0
1403 if ((uu = sshbuf_dtob64(b)) == NULL) {
(uu = sshbuf_d...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1404 r = SSH_ERR_ALLOC_FAIL;-
1405 goto out;
never executed: goto out;
0
1406 }-
1407 /* Success */-
1408 if (b64p != NULL) {
b64p != ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-11
1409 *b64p = uu;-
1410 uu = NULL;-
1411 }
executed 11 times by 1 test: end of block
Executed by:
  • ssh-keygen
11
1412 r = 0;-
1413 out:
code before this statement executed 11 times by 1 test: out:
Executed by:
  • ssh-keygen
11
1414 sshbuf_free(b);-
1415 free(uu);-
1416 return r;
executed 11 times by 1 test: return r;
Executed by:
  • ssh-keygen
11
1417}-
1418-
1419int-
1420sshkey_format_text(const struct sshkey *key, struct sshbuf *b)-
1421{-
1422 int r = SSH_ERR_INTERNAL_ERROR;-
1423 char *uu = NULL;-
1424-
1425 if ((r = sshkey_to_base64(key, &uu)) != 0)
(r = sshkey_to...ey, &uu)) != 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1426 goto out;
never executed: goto out;
0
1427 if ((r = sshbuf_putf(b, "%s %s",
(r = sshbuf_pu...ey), uu)) != 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1428 sshkey_ssh_name(key), uu)) != 0)
(r = sshbuf_pu...ey), uu)) != 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1429 goto out;
never executed: goto out;
0
1430 r = 0;-
1431 out:
code before this statement executed 11 times by 1 test: out:
Executed by:
  • ssh-keygen
11
1432 free(uu);-
1433 return r;
executed 11 times by 1 test: return r;
Executed by:
  • ssh-keygen
11
1434}-
1435-
1436int-
1437sshkey_write(const struct sshkey *key, FILE *f)-
1438{-
1439 struct sshbuf *b = NULL;-
1440 int r = SSH_ERR_INTERNAL_ERROR;-
1441-
1442 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1443 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1444 if ((r = sshkey_format_text(key, b)) != 0)
(r = sshkey_fo...(key, b)) != 0Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1445 goto out;
never executed: goto out;
0
1446 if (fwrite(sshbuf_ptr(b), sshbuf_len(b), 1, f) != 1) {
fwrite(sshbuf_...b), 1, f) != 1Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
0-11
1447 if (feof(f))
feof(f)Description
TRUEnever evaluated
FALSEnever evaluated
0
1448 errno = EPIPE;
never executed: (*__errno_location ()) = 32 ;
0
1449 r = SSH_ERR_SYSTEM_ERROR;-
1450 goto out;
never executed: goto out;
0
1451 }-
1452 /* Success */-
1453 r = 0;-
1454 out:
code before this statement executed 11 times by 1 test: out:
Executed by:
  • ssh-keygen
11
1455 sshbuf_free(b);-
1456 return r;
executed 11 times by 1 test: return r;
Executed by:
  • ssh-keygen
11
1457}-
1458-
1459const char *-
1460sshkey_cert_type(const struct sshkey *k)-
1461{-
1462 switch (k->cert->type) {-
1463 case SSH2_CERT_TYPE_USER:
never executed: case 1:
0
1464 return "user";
never executed: return "user";
0
1465 case SSH2_CERT_TYPE_HOST:
never executed: case 2:
0
1466 return "host";
never executed: return "host";
0
1467 default:
never executed: default:
0
1468 return "unknown";
never executed: return "unknown";
0
1469 }-
1470}-
1471-
1472#ifdef WITH_OPENSSL-
1473static int-
1474rsa_generate_private_key(u_int bits, RSA **rsap)-
1475{-
1476 RSA *private = NULL;-
1477 BIGNUM *f4 = NULL;-
1478 int ret = SSH_ERR_INTERNAL_ERROR;-
1479-
1480 if (rsap == NULL)
rsap == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 15 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-15
1481 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1482 if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
bits < 1024Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 13 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
2-13
1483 bits > SSHBUF_MAX_BIGNUM * 8)
bits > (16384 / 8) * 8Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
1-12
1484 return SSH_ERR_KEY_LENGTH;
executed 3 times by 1 test: return -56;
Executed by:
  • test_sshkey
3
1485 *rsap = NULL;-
1486 if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) {
(private = RSA...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
(f4 = BN_new()) == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-12
1487 ret = SSH_ERR_ALLOC_FAIL;-
1488 goto out;
never executed: goto out;
0
1489 }-
1490 if (!BN_set_word(f4, RSA_F4) ||
!BN_set_word(f4, 0x10001L )Description
TRUEnever evaluated
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-12
1491 !RSA_generate_key_ex(private, bits, f4, NULL)) {
!RSA_generate_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-12
1492 ret = SSH_ERR_LIBCRYPTO_ERROR;-
1493 goto out;
never executed: goto out;
0
1494 }-
1495 *rsap = private;-
1496 private = NULL;-
1497 ret = 0;-
1498 out:
code before this statement executed 12 times by 3 tests: out:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
1499 RSA_free(private);-
1500 BN_free(f4);-
1501 return ret;
executed 12 times by 3 tests: return ret;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
1502}-
1503-
1504static int-
1505dsa_generate_private_key(u_int bits, DSA **dsap)-
1506{-
1507 DSA *private;-
1508 int ret = SSH_ERR_INTERNAL_ERROR;-
1509-
1510 if (dsap == NULL)
dsap == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-12
1511 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1512 if (bits != 1024)
bits != 1024Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
1-11
1513 return SSH_ERR_KEY_LENGTH;
executed 1 time by 1 test: return -56;
Executed by:
  • test_sshkey
1
1514 if ((private = DSA_new()) == NULL) {
(private = DSA...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-11
1515 ret = SSH_ERR_ALLOC_FAIL;-
1516 goto out;
never executed: goto out;
0
1517 }-
1518 *dsap = NULL;-
1519 if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
!DSA_generate_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-11
1520 NULL, NULL) || !DSA_generate_key(private)) {
!DSA_generate_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
!DSA_generate_key(private)Description
TRUEnever evaluated
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-11
1521 ret = SSH_ERR_LIBCRYPTO_ERROR;-
1522 goto out;
never executed: goto out;
0
1523 }-
1524 *dsap = private;-
1525 private = NULL;-
1526 ret = 0;-
1527 out:
code before this statement executed 11 times by 3 tests: out:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
11
1528 DSA_free(private);-
1529 return ret;
executed 11 times by 3 tests: return ret;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
11
1530}-
1531-
1532# ifdef OPENSSL_HAS_ECC-
1533int-
1534sshkey_ecdsa_key_to_nid(EC_KEY *k)-
1535{-
1536 EC_GROUP *eg;-
1537 int nids[] = {-
1538 NID_X9_62_prime256v1,-
1539 NID_secp384r1,-
1540# ifdef OPENSSL_HAS_NISTP521-
1541 NID_secp521r1,-
1542# endif /* OPENSSL_HAS_NISTP521 */-
1543 -1-
1544 };-
1545 int nid;-
1546 u_int i;-
1547 BN_CTX *bnctx;-
1548 const EC_GROUP *g = EC_KEY_get0_group(k);-
1549-
1550 /*-
1551 * The group may be stored in a ASN.1 encoded private key in one of two-
1552 * ways: as a "named group", which is reconstituted by ASN.1 object ID-
1553 * or explicit group parameters encoded into the key blob. Only the-
1554 * "named group" case sets the group NID for us, but we can figure-
1555 * it out for the other case by comparing against all the groups that-
1556 * are supported.-
1557 */-
1558 if ((nid = EC_GROUP_get_curve_name(g)) > 0)
(nid = EC_GROU...e_name(g)) > 0Description
TRUEevaluated 5938 times by 1 test
Evaluated by:
  • test_sshkey
FALSEnever evaluated
0-5938
1559 return nid;
executed 5938 times by 1 test: return nid;
Executed by:
  • test_sshkey
5938
1560 if ((bnctx = BN_CTX_new()) == NULL)
(bnctx = BN_CT...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1561 return -1;
never executed: return -1;
0
1562 for (i = 0; nids[i] != -1; i++) {
nids[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1563 if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) {
(eg = EC_GROUP...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1564 BN_CTX_free(bnctx);-
1565 return -1;
never executed: return -1;
0
1566 }-
1567 if (EC_GROUP_cmp(g, eg, bnctx) == 0)
EC_GROUP_cmp(g...g, bnctx) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1568 break;
never executed: break;
0
1569 EC_GROUP_free(eg);-
1570 }
never executed: end of block
0
1571 BN_CTX_free(bnctx);-
1572 if (nids[i] != -1) {
nids[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1573 /* Use the group with the NID attached */-
1574 EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE);-
1575 if (EC_KEY_set_group(k, eg) != 1) {
EC_KEY_set_group(k, eg) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1576 EC_GROUP_free(eg);-
1577 return -1;
never executed: return -1;
0
1578 }-
1579 }
never executed: end of block
0
1580 return nids[i];
never executed: return nids[i];
0
1581}-
1582-
1583static int-
1584ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap)-
1585{-
1586 EC_KEY *private;-
1587 int ret = SSH_ERR_INTERNAL_ERROR;-
1588-
1589 if (nid == NULL || ecdsap == NULL)
nid == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
ecdsap == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-12
1590 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1591 if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1)
(*nid = sshkey...d(bits)) == -1Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • test_sshkey
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
1-11
1592 return SSH_ERR_KEY_LENGTH;
executed 1 time by 1 test: return -56;
Executed by:
  • test_sshkey
1
1593 *ecdsap = NULL;-
1594 if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) {
(private = EC_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-11
1595 ret = SSH_ERR_ALLOC_FAIL;-
1596 goto out;
never executed: goto out;
0
1597 }-
1598 if (EC_KEY_generate_key(private) != 1) {
EC_KEY_generat...(private) != 1Description
TRUEnever evaluated
FALSEevaluated 11 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-11
1599 ret = SSH_ERR_LIBCRYPTO_ERROR;-
1600 goto out;
never executed: goto out;
0
1601 }-
1602 EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE);-
1603 *ecdsap = private;-
1604 private = NULL;-
1605 ret = 0;-
1606 out:
code before this statement executed 11 times by 3 tests: out:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
11
1607 EC_KEY_free(private);-
1608 return ret;
executed 11 times by 3 tests: return ret;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
11
1609}-
1610# endif /* OPENSSL_HAS_ECC */-
1611#endif /* WITH_OPENSSL */-
1612-
1613int-
1614sshkey_generate(int type, u_int bits, struct sshkey **keyp)-
1615{-
1616 struct sshkey *k;-
1617 int ret = SSH_ERR_INTERNAL_ERROR;-
1618-
1619 if (keyp == NULL)
keyp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
1620 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1621 *keyp = NULL;-
1622 if ((k = sshkey_new(KEY_UNSPEC)) == NULL)
(k = sshkey_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 52 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-52
1623 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1624 switch (type) {-
1625 case KEY_ED25519:
executed 13 times by 3 tests: case KEY_ED25519:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
13
1626 if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||
(k->ed25519_pk...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 13 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-13
1627 (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {
(k->ed25519_sk...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 13 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
0-13
1628 ret = SSH_ERR_ALLOC_FAIL;-
1629 break;
never executed: break;
0
1630 }-
1631 crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);-
1632 ret = 0;-
1633 break;
executed 13 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
13
1634#ifdef WITH_XMSS-
1635 case KEY_XMSS:-
1636 ret = sshkey_xmss_generate_private_key(k, bits);-
1637 break;-
1638#endif /* WITH_XMSS */-
1639#ifdef WITH_OPENSSL-
1640 case KEY_DSA:
executed 12 times by 3 tests: case KEY_DSA:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
1641 ret = dsa_generate_private_key(bits, &k->dsa);-
1642 break;
executed 12 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
1643# ifdef OPENSSL_HAS_ECC-
1644 case KEY_ECDSA:
executed 12 times by 3 tests: case KEY_ECDSA:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
1645 ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid,-
1646 &k->ecdsa);-
1647 break;
executed 12 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
12
1648# endif /* OPENSSL_HAS_ECC */-
1649 case KEY_RSA:
executed 15 times by 3 tests: case KEY_RSA:
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
15
1650 ret = rsa_generate_private_key(bits, &k->rsa);-
1651 break;
executed 15 times by 3 tests: break;
Executed by:
  • ssh-keygen
  • test_kex
  • test_sshkey
15
1652#endif /* WITH_OPENSSL */-
1653 default:
never executed: default:
0
1654 ret = SSH_ERR_INVALID_ARGUMENT;-
1655 }
never executed: end of block
0
1656 if (ret == 0) {
ret == 0Description
TRUEevaluated 47 times by 3 tests
Evaluated by:
  • ssh-keygen
  • test_kex
  • test_sshkey
FALSEevaluated 5 times by 1 test
Evaluated by:
  • test_sshkey
5-47
1657 k->type = type;-