OpenCoverage

sshkey.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssh/src/sshkey.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: sshkey.c,v 1.70 2018/09/14 04:17:44 djm Exp $ */ -

2 /* -

6 * -

7 * Redistribution and use in source and binary forms, with or without -

8 * modification, are permitted provided that the following conditions -

9 * are met: -

10 * 1. Redistributions of source code must retain the above copyright -

11 * notice, this list of conditions and the following disclaimer. -

12 * 2. Redistributions in binary form must reproduce the above copyright -

13 * notice, this list of conditions and the following disclaimer in the -

14 * documentation and/or other materials provided with the distribution. -

15 * -

16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -

17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -

18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -

19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -

20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -

22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -

23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -

24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -

25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -

26 */ -

27 -

28 #include "includes.h" -

29 -

30 #include <sys/types.h> -

31 #include <netinet/in.h> -

32 -

33 #ifdef WITH_OPENSSL -

34 #include <openssl/evp.h> -

35 #include <openssl/err.h> -

36 #include <openssl/pem.h> -

37 #endif -

38 -

39 #include "crypto_api.h" -

40 -

41 #include <errno.h> -

42 #include <limits.h> -

43 #include <stdio.h> -

44 #include <string.h> -

45 #include <resolv.h> -

46 #ifdef HAVE_UTIL_H -

47 #include <util.h> -

48 #endif /* HAVE_UTIL_H */ -

49 -

50 #include "ssh2.h" -

51 #include "ssherr.h" -

52 #include "misc.h" -

53 #include "sshbuf.h" -

54 #include "cipher.h" -

55 #include "digest.h" -

56 #define SSHKEY_INTERNAL -

57 #include "sshkey.h" -

58 #include "sshkey-xmss.h" -

59 #include "match.h" -

60 -

61 #include "xmss_fast.h" -

62 -

63 #include "openbsd-compat/openssl-compat.h" -

64 -

65 /* openssh private key file format */ -

66 #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" -

67 #define MARK_END "-----END OPENSSH PRIVATE KEY-----\n" -

68 #define MARK_BEGIN_LEN (sizeof(MARK_BEGIN) - 1) -

69 #define MARK_END_LEN (sizeof(MARK_END) - 1) -

70 #define KDFNAME "bcrypt" -

71 #define AUTH_MAGIC "openssh-key-v1" -

72 #define SALT_LEN 16 -

73 #define DEFAULT_CIPHERNAME "aes256-ctr" -

74 #define DEFAULT_ROUNDS 16 -

75 -

76 /* Version identification string for SSH v1 identity files. */ -

77 #define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" -

78 -

79 int sshkey_private_serialize_opt(const struct sshkey *key, -

80 struct sshbuf *buf, enum sshkey_serialize_rep); -

81 static int sshkey_from_blob_internal(struct sshbuf *buf, -

82 struct sshkey **keyp, int allow_cert); -

83 static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep); -

84 -

85 /* Supported key types */ -

86 struct keytype { -

87 const char *name; -

88 const char *shortname; -

89 const char *sigalg; -

90 int type; -

91 int nid; -

92 int cert; -

93 int sigonly; -

94 }; -

95 static const struct keytype keytypes[] = { -

96 { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 }, -

97 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL, -

98 KEY_ED25519_CERT, 0, 1, 0 }, -

99 #ifdef WITH_XMSS -

100 { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 }, -

101 { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL, -

102 KEY_XMSS_CERT, 0, 1, 0 }, -

103 #endif /* WITH_XMSS */ -

104 #ifdef WITH_OPENSSL -

105 { "ssh-rsa", "RSA", NULL, KEY_RSA, 0, 0, 0 }, -

106 { "rsa-sha2-256", "RSA", NULL, KEY_RSA, 0, 0, 1 }, -

107 { "rsa-sha2-512", "RSA", NULL, KEY_RSA, 0, 0, 1 }, -

108 { "ssh-dss", "DSA", NULL, KEY_DSA, 0, 0, 0 }, -

109 # ifdef OPENSSL_HAS_ECC -

110 { "ecdsa-sha2-nistp256", "ECDSA", NULL, -

111 KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, -

112 { "ecdsa-sha2-nistp384", "ECDSA", NULL, -

113 KEY_ECDSA, NID_secp384r1, 0, 0 }, -

114 # ifdef OPENSSL_HAS_NISTP521 -

115 { "ecdsa-sha2-nistp521", "ECDSA", NULL, -

116 KEY_ECDSA, NID_secp521r1, 0, 0 }, -

117 # endif /* OPENSSL_HAS_NISTP521 */ -

118 # endif /* OPENSSL_HAS_ECC */ -

119 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, -

120 KEY_RSA_CERT, 0, 1, 0 }, -

121 { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT", -

122 "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, -

123 { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT", -

124 "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, -

125 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL, -

126 KEY_DSA_CERT, 0, 1, 0 }, -

127 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, -

128 KEY_RSA_CERT, 0, 1, 0 }, -

129 { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT", -

130 "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, -

131 { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT", -

132 "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, -

133 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL, -

134 KEY_DSA_CERT, 0, 1, 0 }, -

135 # ifdef OPENSSL_HAS_ECC -

136 { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", NULL, -

137 KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, -

138 { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, -

139 KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, -

140 # ifdef OPENSSL_HAS_NISTP521 -

141 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, -

142 KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, -

143 # endif /* OPENSSL_HAS_NISTP521 */ -

144 # endif /* OPENSSL_HAS_ECC */ -

145 #endif /* WITH_OPENSSL */ -

146 { NULL, NULL, NULL, -1, -1, 0, 0 } -

147 }; -

148 -

149 const char * -

150 sshkey_type(const struct sshkey *k) -

151 { -

152 const struct keytype *kt; -

153 -

154

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	evaluated 3340 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey
FALSE	never evaluated

0-3340

155

if (kt->type == k->type)

kt->type == k->type	Description
TRUE	evaluated 803 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey
FALSE	evaluated 2537 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

803-2537

156

return kt->shortname;

executed 803 times by 3 tests: return kt->shortname;

Executed by:

ssh-keygen
test_kex
test_sshkey

803

157

}

executed 2537 times by 3 tests: end of block

Executed by:

ssh-keygen
test_kex
test_sshkey

2537

158

return "unknown";

never executed: return "unknown";

159 } -

160 -

161 static const char * -

162 sshkey_ssh_name_from_type_nid(int type, int nid) -

163 { -

164 const struct keytype *kt; -

165 -

166

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	evaluated 77243 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	never evaluated

0-77243

167

if (kt->type == type && (kt->nid == 0 || kt->nid == nid))

kt->type == type	Description
TRUE	evaluated 11195 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	evaluated 66048 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

kt->nid == 0	Description
TRUE	evaluated 229 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	evaluated 10966 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

kt->nid == nid	Description
TRUE	evaluated 10920 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey
FALSE	evaluated 46 times by 1 test Evaluated by: test_sshkey

46-66048

168

return kt->name;

executed 11149 times by 4 tests: return kt->name;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

11149

169

}

executed 66094 times by 4 tests: end of block

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

66094

170

return "ssh-unknown";

never executed: return "ssh-unknown";

171 } -

172 -

173 int -

174 sshkey_type_is_cert(int type) -

175 { -

176 const struct keytype *kt; -

177 -

178

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	evaluated 5211875 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	evaluated 180136 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

180136-5211875

179

if (kt->type == type)

kt->type == type	Description
TRUE	evaluated 332251 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	evaluated 4879624 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

332251-4879624

180

return kt->cert;

executed 332251 times by 5 tests: return kt->cert;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

332251

181

}

executed 4879624 times by 5 tests: end of block

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

4879624

182

return 0;

executed 180136 times by 5 tests: return 0;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

180136

183 } -

184 -

185 const char * -

186 sshkey_ssh_name(const struct sshkey *k) -

187 { -

188

return sshkey_ssh_name_from_type_nid(k->type, k->ecdsa_nid);

executed 59 times by 4 tests: return sshkey_ssh_name_from_type_nid(k->type, k->ecdsa_nid);

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

189 } -

190 -

191 const char * -

192 sshkey_ssh_name_plain(const struct sshkey *k) -

193 { -

194

return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type),

executed 10859 times by 2 tests: return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), k->ecdsa_nid);

Executed by:

test_kex
test_sshkey

10859

195

k->ecdsa_nid);

executed 10859 times by 2 tests: return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), k->ecdsa_nid);

Executed by:

test_kex
test_sshkey

10859

196 } -

197 -

198 int -

199 sshkey_type_from_name(const char *name) -

200 { -

201 const struct keytype *kt; -

202 -

203

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	evaluated 351705 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	evaluated 3141 times by 2 tests Evaluated by: test_hostkeys test_sshkey

3141-351705

204 /* Only allow shortname matches for plain key types */ -

205

if ((kt->name != NULL && strcmp(name, kt->name) == 0) ||

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( kt->name ))[3] - __s2[3]);

never executed: end of block

kt->name != ((void *)0)	Description
TRUE	evaluated 351705 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	never evaluated

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 53927 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	evaluated 297778 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-351705

206

(!kt->cert && strcasecmp(kt->shortname, name) == 0))

!kt->cert	Description
TRUE	evaluated 183174 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	evaluated 114604 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

strcasecmp(kt-...me, name) == 0	Description
TRUE	evaluated 7 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 183167 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

7-183174

207

return kt->type;

executed 53934 times by 5 tests: return kt->type;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

53934

208

}

executed 297771 times by 5 tests: end of block

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

297771

209

return KEY_UNSPEC;

executed 3141 times by 2 tests: return KEY_UNSPEC;

Executed by:

test_hostkeys
test_sshkey

3141

210 } -

211 -

212 int -

213 sshkey_ecdsa_nid_from_name(const char *name) -

214 { -

215 const struct keytype *kt; -

216 -

217

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	evaluated 99711 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey
FALSE	evaluated 241 times by 2 tests Evaluated by: ssh-keygen test_kex

241-99711

218

if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT)

kt->type != KEY_ECDSA	Description
TRUE	evaluated 83684 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey
FALSE	evaluated 16027 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

kt->type != KEY_ECDSA_CERT	Description
TRUE	evaluated 79010 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey
FALSE	evaluated 4674 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

4674-83684

219

continue;

executed 79010 times by 4 tests: continue;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

79010

220

if (kt->name != NULL && strcmp(name, kt->name) == 0)

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( kt->name ))[3] - __s2[3]);

never executed: end of block

kt->name != ((void *)0)	Description
TRUE	evaluated 20701 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey
FALSE	never evaluated

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 7338 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey
FALSE	evaluated 13363 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-20701

221

return kt->nid;

executed 7338 times by 4 tests: return kt->nid;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

7338

222

}

executed 13363 times by 4 tests: end of block

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

13363

223

return -1;

executed 241 times by 2 tests: return -1;

Executed by:

ssh-keygen
test_kex

241

224 } -

225 -

226 char * -

227 sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) -

228 { -

229 char *tmp, *ret = NULL; -

230 size_t nlen, rlen = 0; -

231 const struct keytype *kt; -

232 -

233

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	evaluated 80 times by 1 test Evaluated by: sshd
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

4-80

234

if (kt->name == NULL)

kt->name == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 80 times by 1 test Evaluated by: sshd

0-80

235

continue;

never executed: continue;

236

if (!include_sigonly && kt->sigonly)

!include_sigonly	Description
TRUE	never evaluated
FALSE	evaluated 80 times by 1 test Evaluated by: sshd

kt->sigonly	Description
TRUE	never evaluated
FALSE	never evaluated

0-80

237

continue;

never executed: continue;

238

if ((certs_only && !kt->cert) || (plain_only && kt->cert))

certs_only	Description
TRUE	never evaluated
FALSE	evaluated 80 times by 1 test Evaluated by: sshd

!kt->cert	Description
TRUE	never evaluated
FALSE	never evaluated

plain_only	Description
TRUE	evaluated 40 times by 1 test Evaluated by: sshd
FALSE	evaluated 40 times by 1 test Evaluated by: sshd

kt->cert	Description
TRUE	evaluated 24 times by 1 test Evaluated by: sshd
FALSE	evaluated 16 times by 1 test Evaluated by: sshd

0-80

239

continue;

executed 24 times by 1 test: continue;

Executed by:

sshd

240

if (ret != NULL)

ret != ((void *)0)	Description
TRUE	evaluated 52 times by 1 test Evaluated by: sshd
FALSE	evaluated 4 times by 1 test Evaluated by: sshd

4-52

241

ret[rlen++] = sep;

executed 52 times by 1 test: ret[rlen++] = sep;

Executed by:

sshd

242 nlen = strlen(kt->name); -

243

if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) {

(tmp = realloc...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 56 times by 1 test Evaluated by: sshd

0-56

244 free(ret); -

245

return NULL;

never executed: return ((void *)0) ;

246 } -

247 ret = tmp; -

248 memcpy(ret + rlen, kt->name, nlen + 1); -

249 rlen += nlen; -

250

}

executed 56 times by 1 test: end of block

Executed by:

sshd

251

return ret;

executed 4 times by 1 test: return ret;

Executed by:

sshd

252 } -

253 -

254 int -

255 sshkey_names_valid2(const char *names, int allow_wildcard) -

256 { -

257 char *s, *cp, *p; -

258 const struct keytype *kt; -

259 int type; -

260 -

261

if (names == NULL || strcmp(names, "") == 0)

never executed: __result = (((const unsigned char *) (const char *) ( names ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "" ))[3] - __s2[3]);

never executed: end of block

names == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

__extension__ ... )))); }) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

262

return 0;

never executed: return 0;

263

if ((s = cp = strdup(names)) == NULL)

never executed: __retval = (char *) memcpy (__retval, names , __len);

(s = cp = (__e...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

__retval != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

((const char *... ))[0] == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_constant_p ( names )	Description
TRUE	never evaluated
FALSE	never evaluated

((size_t)(cons... names ) == 1)	Description
TRUE	never evaluated
FALSE	never evaluated

264

return 0;

never executed: return 0;

265

for ((p = strsep(&cp, ",")); p && *p != '\0';

p	Description
TRUE	never evaluated
FALSE	never evaluated

*p != '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

266 (p = strsep(&cp, ","))) { -

267 type = sshkey_type_from_name(p); -

268

if (type == KEY_UNSPEC) {

type == KEY_UNSPEC	Description
TRUE	never evaluated
FALSE	never evaluated

269

if (allow_wildcard) {

allow_wildcard	Description
TRUE	never evaluated
FALSE	never evaluated

270 /* -

271 * Try matching key types against the string. -

272 * If any has a positive or negative match then -

273 * the component is accepted. -

274 */ -

275

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	never evaluated
FALSE	never evaluated

276

if (match_pattern_list(kt->name,

match_pattern_...me, p, 0) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

277

p, 0) != 0)

match_pattern_...me, p, 0) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

278

break;

never executed: break;

279

}

never executed: end of block

280

if (kt->type != -1)

kt->type != -1	Description
TRUE	never evaluated
FALSE	never evaluated

281

continue;

never executed: continue;

282

}

never executed: end of block

283 free(s); -

284

return 0;

never executed: return 0;

285 } -

286

}

never executed: end of block

287 free(s); -

288

return 1;

never executed: return 1;

289 } -

290 -

291 u_int -

292 sshkey_size(const struct sshkey *k) -

293 { -

294 #ifdef WITH_OPENSSL -

295 const BIGNUM *rsa_n, *dsa_p; -

296 #endif /* WITH_OPENSSL */ -

297 -

298 switch (k->type) { -

299 #ifdef WITH_OPENSSL -

300

case KEY_RSA:

executed 29 times by 2 tests: case KEY_RSA:

Executed by:

ssh-keygen
test_hostkeys

301

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

302

if (k->rsa == NULL)

k->rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 2 tests Evaluated by: ssh-keygen test_hostkeys

0-29

303

return 0;

never executed: return 0;

304 RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); -

305

return BN_num_bits(rsa_n);

executed 29 times by 2 tests: return BN_num_bits(rsa_n);

Executed by:

ssh-keygen
test_hostkeys

306

case KEY_DSA:

executed 25 times by 2 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_hostkeys

307

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

308

if (k->dsa == NULL)

k->dsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 2 tests Evaluated by: ssh-keygen test_hostkeys

0-25

309

return 0;

never executed: return 0;

310 DSA_get0_pqg(k->dsa, &dsa_p, NULL, NULL); -

311

return BN_num_bits(dsa_p);

executed 25 times by 2 tests: return BN_num_bits(dsa_p);

Executed by:

ssh-keygen
test_hostkeys

312

case KEY_ECDSA:

executed 25 times by 2 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_hostkeys

313

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

314

return sshkey_curve_nid_to_bits(k->ecdsa_nid);

executed 25 times by 2 tests: return sshkey_curve_nid_to_bits(k->ecdsa_nid);

Executed by:

ssh-keygen
test_hostkeys

315 #endif /* WITH_OPENSSL */ -

316

case KEY_ED25519:

executed 26 times by 2 tests: case KEY_ED25519:

Executed by:

ssh-keygen
test_hostkeys

317

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

318

case KEY_XMSS:

never executed: case KEY_XMSS:

319

case KEY_XMSS_CERT:

never executed: case KEY_XMSS_CERT:

320

return 256; /* XXX */

executed 26 times by 2 tests: return 256;

Executed by:

ssh-keygen
test_hostkeys

321 } -

322

return 0;

never executed: return 0;

323 } -

324 -

325 static int -

326 sshkey_type_is_valid_ca(int type) -

327 { -

328 switch (type) { -

329

case KEY_RSA:

executed 2 times by 1 test: case KEY_RSA:

Executed by:

test_sshkey

330

case KEY_DSA:

never executed: case KEY_DSA:

331

case KEY_ECDSA:

executed 1554 times by 1 test: case KEY_ECDSA:

Executed by:

test_sshkey

1554

332

case KEY_ED25519:

executed 10207 times by 1 test: case KEY_ED25519:

Executed by:

test_sshkey

10207

333

case KEY_XMSS:

never executed: case KEY_XMSS:

334

return 1;

executed 11763 times by 1 test: return 1;

Executed by:

test_sshkey

11763

335

default:

never executed: default:

336

return 0;

never executed: return 0;

337 } -

338 } -

339 -

340 int -

341 sshkey_is_cert(const struct sshkey *k) -

342 { -

343

if (k == NULL)

k == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 499303 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-499303

344

return 0;

never executed: return 0;

345

return sshkey_type_is_cert(k->type);

executed 499303 times by 5 tests: return sshkey_type_is_cert(k->type);

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

499303

346 } -

347 -

348 /* Return the cert-less equivalent to a certified key type */ -

349 int -

350 sshkey_type_plain(int type) -

351 { -

352 switch (type) { -

353

case KEY_RSA_CERT:

executed 14 times by 1 test: case KEY_RSA_CERT:

Executed by:

test_sshkey

354

return KEY_RSA;

executed 14 times by 1 test: return KEY_RSA;

Executed by:

test_sshkey

355

case KEY_DSA_CERT:

executed 6 times by 1 test: case KEY_DSA_CERT:

Executed by:

test_sshkey

356

return KEY_DSA;

executed 6 times by 1 test: return KEY_DSA;

Executed by:

test_sshkey

357

case KEY_ECDSA_CERT:

executed 6 times by 1 test: case KEY_ECDSA_CERT:

Executed by:

test_sshkey

358

return KEY_ECDSA;

executed 6 times by 1 test: return KEY_ECDSA;

Executed by:

test_sshkey

359

case KEY_ED25519_CERT:

executed 6 times by 1 test: case KEY_ED25519_CERT:

Executed by:

test_sshkey

360

return KEY_ED25519;

executed 6 times by 1 test: return KEY_ED25519;

Executed by:

test_sshkey

361

case KEY_XMSS_CERT:

never executed: case KEY_XMSS_CERT:

362

return KEY_XMSS;

never executed: return KEY_XMSS;

363

default:

executed 116347 times by 5 tests: default:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

116347

364

return type;

executed 116347 times by 5 tests: return type;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

116347

365 } -

366 } -

367 -

368 #ifdef WITH_OPENSSL -

369 /* XXX: these are really begging for a table-driven approach */ -

370 int -

371 sshkey_curve_name_to_nid(const char *name) -

372 { -

373

if (strcmp(name, "nistp256") == 0)

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "nistp256" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 6860 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey
FALSE	evaluated 261 times by 2 tests Evaluated by: test_hostkeys test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-6860

374

return NID_X9_62_prime256v1;

executed 6860 times by 4 tests: return 415 ;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

6860

375

else if (strcmp(name, "nistp384") == 0)

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "nistp384" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 20 times by 1 test Evaluated by: test_hostkeys
FALSE	evaluated 241 times by 2 tests Evaluated by: test_hostkeys test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-241

376

return NID_secp384r1;

executed 20 times by 1 test: return 715 ;

Executed by:

test_hostkeys

377 # ifdef OPENSSL_HAS_NISTP521 -

378

else if (strcmp(name, "nistp521") == 0)

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "nistp521" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 22 times by 2 tests Evaluated by: test_hostkeys test_sshkey
FALSE	evaluated 219 times by 1 test Evaluated by: test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-219

379

return NID_secp521r1;

executed 22 times by 2 tests: return 716 ;

Executed by:

test_hostkeys
test_sshkey

380 # endif /* OPENSSL_HAS_NISTP521 */ -

381 else -

382

return -1;

executed 219 times by 1 test: return -1;

Executed by:

test_sshkey

219

383 } -

384 -

385 u_int -

386 sshkey_curve_nid_to_bits(int nid) -

387 { -

388 switch (nid) { -

389

case NID_X9_62_prime256v1:

executed 12723 times by 4 tests: case 415 :

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

12723

390

return 256;

executed 12723 times by 4 tests: return 256;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

12723

391

case NID_secp384r1:

executed 2 times by 1 test: case 715 :

Executed by:

test_hostkeys

392

return 384;

executed 2 times by 1 test: return 384;

Executed by:

test_hostkeys

393 # ifdef OPENSSL_HAS_NISTP521 -

394

case NID_secp521r1:

executed 26 times by 2 tests: case 716 :

Executed by:

test_hostkeys
test_sshkey

395

return 521;

executed 26 times by 2 tests: return 521;

Executed by:

test_hostkeys
test_sshkey

396 # endif /* OPENSSL_HAS_NISTP521 */ -

397

default:

executed 1 time by 1 test: default:

Executed by:

ssh-keygen

398

return 0;

executed 1 time by 1 test: return 0;

Executed by:

ssh-keygen

399 } -

400 } -

401 -

402 int -

403 sshkey_ecdsa_bits_to_nid(int bits) -

404 { -

405 switch (bits) { -

406

case 256:

executed 12 times by 3 tests: case 256:

Executed by:

ssh-keygen
test_kex
test_sshkey

407

return NID_X9_62_prime256v1;

executed 12 times by 3 tests: return 415 ;

Executed by:

ssh-keygen
test_kex
test_sshkey

408

case 384:

never executed: case 384:

409

return NID_secp384r1;

never executed: return 715 ;

410 # ifdef OPENSSL_HAS_NISTP521 -

411

case 521:

never executed: case 521:

412

return NID_secp521r1;

never executed: return 716 ;

413 # endif /* OPENSSL_HAS_NISTP521 */ -

414

default:

executed 1 time by 1 test: default:

Executed by:

test_sshkey

415

return -1;

executed 1 time by 1 test: return -1;

Executed by:

test_sshkey

416 } -

417 } -

418 -

419 const char * -

420 sshkey_curve_nid_to_name(int nid) -

421 { -

422 switch (nid) { -

423

case NID_X9_62_prime256v1:

executed 5989 times by 3 tests: case 415 :

Executed by:

ssh-keygen
test_kex
test_sshkey

5989

424

return "nistp256";

executed 5989 times by 3 tests: return "nistp256";

Executed by:

ssh-keygen
test_kex
test_sshkey

5989

425

case NID_secp384r1:

never executed: case 715 :

426

return "nistp384";

never executed: return "nistp384";

427 # ifdef OPENSSL_HAS_NISTP521 -

428

case NID_secp521r1:

never executed: case 716 :

429

return "nistp521";

never executed: return "nistp521";

430 # endif /* OPENSSL_HAS_NISTP521 */ -

431

default:

never executed: default:

432

return NULL;

never executed: return ((void *)0) ;

433 } -

434 } -

435 -

436 int -

437 sshkey_ec_nid_to_hash_alg(int nid) -

438 { -

439 int kbits = sshkey_curve_nid_to_bits(nid); -

440 -

441

if (kbits <= 0)

kbits <= 0	Description
TRUE	never evaluated
FALSE	evaluated 12726 times by 2 tests Evaluated by: test_kex test_sshkey

0-12726

442

return -1;

never executed: return -1;

443 -

444 /* RFC5656 section 6.2.1 */ -

445

if (kbits <= 256)

kbits <= 256	Description
TRUE	evaluated 12703 times by 2 tests Evaluated by: test_kex test_sshkey
FALSE	evaluated 23 times by 1 test Evaluated by: test_sshkey

23-12703

446

return SSH_DIGEST_SHA256;

executed 12703 times by 2 tests: return 2;

Executed by:

test_kex
test_sshkey

12703

447

else if (kbits <= 384)

kbits <= 384	Description
TRUE	never evaluated
FALSE	evaluated 23 times by 1 test Evaluated by: test_sshkey

0-23

448

return SSH_DIGEST_SHA384;

never executed: return 3;

449 else -

450

return SSH_DIGEST_SHA512;

executed 23 times by 1 test: return 4;

Executed by:

test_sshkey

451 } -

452 #endif /* WITH_OPENSSL */ -

453 -

454 static void -

455 cert_free(struct sshkey_cert *cert) -

456 { -

457 u_int i; -

458 -

459

if (cert == NULL)

cert == ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17199 times by 1 test Evaluated by: test_sshkey

11-17199

460

return;

executed 11 times by 1 test: return;

Executed by:

test_sshkey

461 sshbuf_free(cert->certblob); -

462 sshbuf_free(cert->critical); -

463 sshbuf_free(cert->extensions); -

464 free(cert->key_id); -

465

for (i = 0; i < cert->nprincipals; i++)

i < cert->nprincipals	Description
TRUE	evaluated 26614 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17199 times by 1 test Evaluated by: test_sshkey

17199-26614

466

free(cert->principals[i]);

executed 26614 times by 1 test: free(cert->principals[i]);

Executed by:

test_sshkey

26614

467 free(cert->principals); -

468 sshkey_free(cert->signature_key); -

469 free(cert->signature_type); -

470 freezero(cert, sizeof(*cert)); -

471

}

executed 17199 times by 1 test: end of block

Executed by:

test_sshkey

17199

472 -

473 static struct sshkey_cert * -

474 cert_new(void) -

475 { -

476 struct sshkey_cert *cert; -

477 -

478

if ((cert = calloc(1, sizeof(*cert))) == NULL)

(cert = calloc...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 17199 times by 1 test Evaluated by: test_sshkey

0-17199

479

return NULL;

never executed: return ((void *)0) ;

480

if ((cert->certblob = sshbuf_new()) == NULL ||

(cert->certblo...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 17199 times by 1 test Evaluated by: test_sshkey

0-17199

481

(cert->critical = sshbuf_new()) == NULL ||

(cert->critica...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 17199 times by 1 test Evaluated by: test_sshkey

0-17199

482

(cert->extensions = sshbuf_new()) == NULL) {

(cert->extensi...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 17199 times by 1 test Evaluated by: test_sshkey

0-17199

483 cert_free(cert); -

484

return NULL;

never executed: return ((void *)0) ;

485 } -

486 cert->key_id = NULL; -

487 cert->principals = NULL; -

488 cert->signature_key = NULL; -

489 cert->signature_type = NULL; -

490

return cert;

executed 17199 times by 1 test: return cert;

Executed by:

test_sshkey

17199

491 } -

492 -

493 struct sshkey * -

494 sshkey_new(int type) -

495 { -

496 struct sshkey *k; -

497 #ifdef WITH_OPENSSL -

498 RSA *rsa; -

499 DSA *dsa; -

500 #endif /* WITH_OPENSSL */ -

501 -

502

if ((k = calloc(1, sizeof(*k))) == NULL)

(k = calloc(1,...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 232433 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-232433

503

return NULL;

never executed: return ((void *)0) ;

504 k->type = type; -

505 k->ecdsa = NULL; -

506 k->ecdsa_nid = -1; -

507 k->dsa = NULL; -

508 k->rsa = NULL; -

509 k->cert = NULL; -

510 k->ed25519_sk = NULL; -

511 k->ed25519_pk = NULL; -

512 k->xmss_sk = NULL; -

513 k->xmss_pk = NULL; -

514 switch (k->type) { -

515 #ifdef WITH_OPENSSL -

516

case KEY_RSA:

executed 1635 times by 5 tests: case KEY_RSA:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

1635

517

case KEY_RSA_CERT:

executed 3845 times by 1 test: case KEY_RSA_CERT:

Executed by:

test_sshkey

3845

518

if ((rsa = RSA_new()) == NULL) {

(rsa = RSA_new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5480 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-5480

519 free(k); -

520

return NULL;

never executed: return ((void *)0) ;

521 } -

522 k->rsa = rsa; -

523

break;

executed 5480 times by 5 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

5480

524

case KEY_DSA:

executed 4480 times by 4 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

4480

525

case KEY_DSA_CERT:

executed 6682 times by 1 test: case KEY_DSA_CERT:

Executed by:

test_sshkey

6682

526

if ((dsa = DSA_new()) == NULL) {

(dsa = DSA_new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11162 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-11162

527 free(k); -

528

return NULL;

never executed: return ((void *)0) ;

529 } -

530 k->dsa = dsa; -

531

break;

executed 11162 times by 4 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

11162

532

case KEY_ECDSA:

executed 3334 times by 4 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

3334

533

case KEY_ECDSA_CERT:

executed 3951 times by 1 test: case KEY_ECDSA_CERT:

Executed by:

test_sshkey

3951

534 /* Cannot do anything until we know the group */ -

535

break;

executed 7285 times by 4 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

7285

536 #endif /* WITH_OPENSSL */ -

537

case KEY_ED25519:

executed 26159 times by 5 tests: case KEY_ED25519:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

26159

538

case KEY_ED25519_CERT:

executed 2720 times by 1 test: case KEY_ED25519_CERT:

Executed by:

test_sshkey

2720

539

case KEY_XMSS:

never executed: case KEY_XMSS:

540

case KEY_XMSS_CERT:

never executed: case KEY_XMSS_CERT:

541 /* no need to prealloc */ -

542

break;

executed 28879 times by 5 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

28879

543

case KEY_UNSPEC:

executed 179626 times by 5 tests: case KEY_UNSPEC:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

179626

544

break;

executed 179626 times by 5 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

179626

545

default:

executed 1 time by 1 test: default:

Executed by:

test_sshkey

546 free(k); -

547

return NULL;

executed 1 time by 1 test: return ((void *)0) ;

Executed by:

test_sshkey

548 } -

549 -

550

if (sshkey_is_cert(k)) {

sshkey_is_cert(k)	Description
TRUE	evaluated 17198 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 215234 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

17198-215234

551

if ((k->cert = cert_new()) == NULL) {

(k->cert = cer...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 17198 times by 1 test Evaluated by: test_sshkey

0-17198

552 sshkey_free(k); -

553

return NULL;

never executed: return ((void *)0) ;

554 } -

555

}

executed 17198 times by 1 test: end of block

Executed by:

test_sshkey

17198

556 -

557

return k;

executed 232432 times by 5 tests: return k;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

232432

558 } -

559 -

560 void -

561 sshkey_free(struct sshkey *k) -

562 { -

563

if (k == NULL)

k == ((void *)0)	Description
TRUE	evaluated 541378 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	evaluated 232424 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

232424-541378

564

return;

executed 541378 times by 5 tests: return;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

541378

565 switch (k->type) { -

566 #ifdef WITH_OPENSSL -

567

case KEY_RSA:

executed 101337 times by 5 tests: case KEY_RSA:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

101337

568

case KEY_RSA_CERT:

executed 3850 times by 1 test: case KEY_RSA_CERT:

Executed by:

test_sshkey

3850

569 RSA_free(k->rsa); -

570 k->rsa = NULL; -

571

break;

executed 105187 times by 5 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

105187

572

case KEY_DSA:

executed 78057 times by 4 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

78057

573

case KEY_DSA_CERT:

executed 6684 times by 1 test: case KEY_DSA_CERT:

Executed by:

test_sshkey

6684

574 DSA_free(k->dsa); -

575 k->dsa = NULL; -

576

break;

executed 84741 times by 4 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

84741

577 # ifdef OPENSSL_HAS_ECC -

578

case KEY_ECDSA:

executed 9452 times by 4 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

9452

579

case KEY_ECDSA_CERT:

executed 3953 times by 1 test: case KEY_ECDSA_CERT:

Executed by:

test_sshkey

3953

580 EC_KEY_free(k->ecdsa); -

581 k->ecdsa = NULL; -

582

break;

executed 13405 times by 4 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

13405

583 # endif /* OPENSSL_HAS_ECC */ -

584 #endif /* WITH_OPENSSL */ -

585

case KEY_ED25519:

executed 26338 times by 5 tests: case KEY_ED25519:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

26338

586

case KEY_ED25519_CERT:

executed 2723 times by 1 test: case KEY_ED25519_CERT:

Executed by:

test_sshkey

2723

587 freezero(k->ed25519_pk, ED25519_PK_SZ); -

588 k->ed25519_pk = NULL; -

589 freezero(k->ed25519_sk, ED25519_SK_SZ); -

590 k->ed25519_sk = NULL; -

591

break;

executed 29061 times by 5 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

29061

592 #ifdef WITH_XMSS -

593 case KEY_XMSS: -

594 case KEY_XMSS_CERT: -

595 freezero(k->xmss_pk, sshkey_xmss_pklen(k)); -

596 k->xmss_pk = NULL; -

597 freezero(k->xmss_sk, sshkey_xmss_sklen(k)); -

598 k->xmss_sk = NULL; -

599 sshkey_xmss_free_state(k); -

600 free(k->xmss_name); -

601 k->xmss_name = NULL; -

602 free(k->xmss_filename); -

603 k->xmss_filename = NULL; -

604 break; -

605 #endif /* WITH_XMSS */ -

606

case KEY_UNSPEC:

executed 30 times by 4 tests: case KEY_UNSPEC:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

607

break;

executed 30 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

608

default:

never executed: default:

609

break;

never executed: break;

610 } -

611

if (sshkey_is_cert(k))

sshkey_is_cert(k)	Description
TRUE	evaluated 17210 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 215214 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

17210-215214

612

cert_free(k->cert);

executed 17210 times by 1 test: cert_free(k->cert);

Executed by:

test_sshkey

17210

613 freezero(k, sizeof(*k)); -

614

}

executed 232424 times by 5 tests: end of block

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

232424

615 -

616 static int -

617 cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) -

618 { -

619

if (a == NULL && b == NULL)

a == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

b == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

620

return 1;

never executed: return 1;

621

if (a == NULL || b == NULL)

a == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

b == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

622

return 0;

never executed: return 0;

623

if (sshbuf_len(a->certblob) != sshbuf_len(b->certblob))

sshbuf_len(a->...n(b->certblob)	Description
TRUE	never evaluated
FALSE	never evaluated

624

return 0;

never executed: return 0;

625

if (timingsafe_bcmp(sshbuf_ptr(a->certblob), sshbuf_ptr(b->certblob),

timingsafe_bcm...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

626

sshbuf_len(a->certblob)) != 0)

timingsafe_bcm...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

627

return 0;

never executed: return 0;

628

return 1;

never executed: return 1;

629 } -

630 -

631 /* -

632 * Compare public portions of key only, allowing comparisons between -

633 * certificates and plain keys too. -

634 */ -

635 int -

636 sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) -

637 { -

638 #if defined(WITH_OPENSSL) -

639 const BIGNUM *rsa_e_a, *rsa_n_a; -

640 const BIGNUM *rsa_e_b, *rsa_n_b; -

641 const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; -

642 const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; -

643 # if defined(OPENSSL_HAS_ECC) -

644 BN_CTX *bnctx; -

645 # endif /* OPENSSL_HAS_ECC */ -

646 #endif /* WITH_OPENSSL */ -

647 -

648

if (a == NULL || b == NULL ||

a == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 268 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

b == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 268 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-268

649

sshkey_type_plain(a->type) != sshkey_type_plain(b->type))

sshkey_type_pl...plain(b->type)	Description
TRUE	never evaluated
FALSE	evaluated 268 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-268

650

return 0;

never executed: return 0;

651 -

652 switch (a->type) { -

653 #ifdef WITH_OPENSSL -

654

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

655

case KEY_RSA:

executed 67 times by 3 tests: case KEY_RSA:

Executed by:

test_hostkeys
test_kex
test_sshkey

656

if (a->rsa == NULL || b->rsa == NULL)

a->rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

b->rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-67

657

return 0;

never executed: return 0;

658 RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL); -

659 RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL); -

660

return BN_cmp(rsa_e_a, rsa_e_b) == 0 &&

executed 67 times by 3 tests: return BN_cmp(rsa_e_a, rsa_e_b) == 0 && BN_cmp(rsa_n_a, rsa_n_b) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

BN_cmp(rsa_e_a, rsa_e_b) == 0	Description
TRUE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	never evaluated

0-67

661

BN_cmp(rsa_n_a, rsa_n_b) == 0;

executed 67 times by 3 tests: return BN_cmp(rsa_e_a, rsa_e_b) == 0 && BN_cmp(rsa_n_a, rsa_n_b) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

BN_cmp(rsa_n_a, rsa_n_b) == 0	Description
TRUE	evaluated 66 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

1-67

662

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

663

case KEY_DSA:

executed 68 times by 3 tests: case KEY_DSA:

Executed by:

test_hostkeys
test_kex
test_sshkey

664

if (a->dsa == NULL || b->dsa == NULL)

a->dsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

b->dsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-68

665

return 0;

never executed: return 0;

666 DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a); -

667 DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b); -

668 DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL); -

669 DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL); -

670

return BN_cmp(dsa_p_a, dsa_p_b) == 0 &&

executed 68 times by 3 tests:

return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

BN_cmp(dsa_p_a, dsa_p_b) == 0	Description
TRUE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

1-68

671

BN_cmp(dsa_q_a, dsa_q_b) == 0 &&

executed 68 times by 3 tests:

return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

BN_cmp(dsa_q_a, dsa_q_b) == 0	Description
TRUE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	never evaluated

0-68

672

BN_cmp(dsa_g_a, dsa_g_b) == 0 &&

executed 68 times by 3 tests:

return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

BN_cmp(dsa_g_a, dsa_g_b) == 0	Description
TRUE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	never evaluated

0-68

673

BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;

executed 68 times by 3 tests:

return BN_cmp(dsa_p_a, dsa_p_b) == 0 && BN_cmp(dsa_q_a, dsa_q_b) == 0 && BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

BN_cmp(dsa_pub...ub_key_b) == 0	Description
TRUE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	never evaluated

0-68

674 # ifdef OPENSSL_HAS_ECC -

675

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

676

case KEY_ECDSA:

executed 68 times by 3 tests: case KEY_ECDSA:

Executed by:

test_hostkeys
test_kex
test_sshkey

677

if (a->ecdsa == NULL || b->ecdsa == NULL ||

a->ecdsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

b->ecdsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-68

678

EC_KEY_get0_public_key(a->ecdsa) == NULL ||

EC_KEY_get0_pu...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-68

679

EC_KEY_get0_public_key(b->ecdsa) == NULL)

EC_KEY_get0_pu...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-68

680

return 0;

never executed: return 0;

681

if ((bnctx = BN_CTX_new()) == NULL)

(bnctx = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-68

682

return 0;

never executed: return 0;

683

if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa),

EC_GROUP_cmp(E...), bnctx) != 0	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-68

684

EC_KEY_get0_group(b->ecdsa), bnctx) != 0 ||

EC_GROUP_cmp(E...), bnctx) != 0	Description
TRUE	never evaluated
FALSE	evaluated 68 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

0-68

685

EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa),

EC_POINT_cmp(E...), bnctx) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

1-67

686

EC_KEY_get0_public_key(a->ecdsa),

EC_POINT_cmp(E...), bnctx) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

1-67

687

EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) {

EC_POINT_cmp(E...), bnctx) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 67 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey

1-67

688 BN_CTX_free(bnctx); -

689

return 0;

executed 1 time by 1 test: return 0;

Executed by:

test_sshkey

690 } -

691 BN_CTX_free(bnctx); -

692

return 1;

executed 67 times by 3 tests: return 1;

Executed by:

test_hostkeys
test_kex
test_sshkey

693 # endif /* OPENSSL_HAS_ECC */ -

694 #endif /* WITH_OPENSSL */ -

695

case KEY_ED25519:

executed 65 times by 3 tests: case KEY_ED25519:

Executed by:

test_hostkeys
test_kex
test_sshkey

696

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

697

return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&

executed 65 times by 3 tests: return a->ed25519_pk != ((void *)0) && b->ed25519_pk != ((void *)0) && memcmp(a->ed25519_pk, b->ed25519_pk, 32U) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

a->ed25519_pk != ((void *)0)	Description
TRUE	evaluated 65 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	never evaluated

b->ed25519_pk != ((void *)0)	Description
TRUE	evaluated 65 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	never evaluated

0-65

698

memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;

executed 65 times by 3 tests: return a->ed25519_pk != ((void *)0) && b->ed25519_pk != ((void *)0) && memcmp(a->ed25519_pk, b->ed25519_pk, 32U) == 0;

Executed by:

test_hostkeys
test_kex
test_sshkey

memcmp(a->ed25..._pk, 32U) == 0	Description
TRUE	evaluated 64 times by 3 tests Evaluated by: test_hostkeys test_kex test_sshkey
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

1-65

699 #ifdef WITH_XMSS -

700 case KEY_XMSS: -

701 case KEY_XMSS_CERT: -

702 return a->xmss_pk != NULL && b->xmss_pk != NULL && -

703 sshkey_xmss_pklen(a) == sshkey_xmss_pklen(b) && -

704 memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) == 0; -

705 #endif /* WITH_XMSS */ -

706

default:

never executed: default:

707

return 0;

never executed: return 0;

708 } -

709 /* NOTREACHED */ -

710 } -

711 -

712 int -

713 sshkey_equal(const struct sshkey *a, const struct sshkey *b) -

714 { -

715

if (a == NULL || b == NULL || a->type != b->type)

a == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 111 times by 2 tests Evaluated by: test_hostkeys test_sshkey

b == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 111 times by 2 tests Evaluated by: test_hostkeys test_sshkey

a->type != b->type	Description
TRUE	evaluated 9 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 102 times by 2 tests Evaluated by: test_hostkeys test_sshkey

0-111

716

return 0;

executed 9 times by 1 test: return 0;

Executed by:

test_sshkey

717

if (sshkey_is_cert(a)) {

sshkey_is_cert(a)	Description
TRUE	never evaluated
FALSE	evaluated 102 times by 2 tests Evaluated by: test_hostkeys test_sshkey

0-102

718

if (!cert_compare(a->cert, b->cert))

!cert_compare(...cert, b->cert)	Description
TRUE	never evaluated
FALSE	never evaluated

719

return 0;

never executed: return 0;

720

}

never executed: end of block

721

return sshkey_equal_public(a, b);

executed 102 times by 2 tests: return sshkey_equal_public(a, b);

Executed by:

test_hostkeys
test_sshkey

102

722 } -

723 -

724 static int -

725 to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, -

726 enum sshkey_serialize_rep opts) -

727 { -

728 int type, ret = SSH_ERR_INTERNAL_ERROR; -

729 const char *typename; -

730 #ifdef WITH_OPENSSL -

731 const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; -

732 #endif /* WITH_OPENSSL */ -

733 -

734

if (key == NULL)

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 231 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-231

735

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

736 -

737

if (sshkey_is_cert(key)) {

sshkey_is_cert(key)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 221 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

10-221

738

if (key->cert == NULL)

key->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: test_sshkey

0-10

739

return SSH_ERR_EXPECTED_CERT;

never executed: return -16;

740

if (sshbuf_len(key->cert->certblob) == 0)

sshbuf_len(key...certblob) == 0	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: test_sshkey

0-10

741

return SSH_ERR_KEY_LACKS_CERTBLOB;

never executed: return -17;

742

}

executed 10 times by 1 test: end of block

Executed by:

test_sshkey

743

type = force_plain ? sshkey_type_plain(key->type) : key->type;

force_plain	Description
TRUE	evaluated 41 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	evaluated 190 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

41-190

744 typename = sshkey_ssh_name_from_type_nid(type, key->ecdsa_nid); -

745 -

746 switch (type) { -

747 #ifdef WITH_OPENSSL -

748

case KEY_DSA_CERT:

executed 1 time by 1 test: case KEY_DSA_CERT:

Executed by:

test_sshkey

749

case KEY_ECDSA_CERT:

executed 1 time by 1 test: case KEY_ECDSA_CERT:

Executed by:

test_sshkey

750

case KEY_RSA_CERT:

executed 2 times by 1 test: case KEY_RSA_CERT:

Executed by:

test_sshkey

751 #endif /* WITH_OPENSSL */ -

752

case KEY_ED25519_CERT:

executed 2 times by 1 test: case KEY_ED25519_CERT:

Executed by:

test_sshkey

753 #ifdef WITH_XMSS -

754 case KEY_XMSS_CERT: -

755 #endif /* WITH_XMSS */ -

756 /* Use the existing blob */ -

757 /* XXX modified flag? */ -

758

if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)

(ret = sshbuf_...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: test_sshkey

0-6

759

return ret;

never executed: return ret;

760

break;

executed 6 times by 1 test: break;

Executed by:

test_sshkey

761 #ifdef WITH_OPENSSL -

762

case KEY_DSA:

executed 52 times by 3 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

763

if (key->dsa == NULL)

key->dsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

764

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

765 DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); -

766 DSA_get0_key(key->dsa, &dsa_pub_key, NULL); -

767

if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||

(ret = sshbuf_...ypename)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

768

(ret = sshbuf_put_bignum2(b, dsa_p)) != 0 ||

(ret = sshbuf_..., dsa_p)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

769

(ret = sshbuf_put_bignum2(b, dsa_q)) != 0 ||

(ret = sshbuf_..., dsa_q)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

770

(ret = sshbuf_put_bignum2(b, dsa_g)) != 0 ||

(ret = sshbuf_..., dsa_g)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

771

(ret = sshbuf_put_bignum2(b, dsa_pub_key)) != 0)

(ret = sshbuf_...pub_key)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

772

return ret;

never executed: return ret;

773

break;

executed 52 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

774 # ifdef OPENSSL_HAS_ECC -

775

case KEY_ECDSA:

executed 50 times by 3 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

776

if (key->ecdsa == NULL)

key->ecdsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-50

777

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

778

if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||

(ret = sshbuf_...ypename)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-50

779

(ret = sshbuf_put_cstring(b,

(ret = sshbuf_...sa_nid))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-50

780

sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 ||

(ret = sshbuf_...sa_nid))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-50

781

(ret = sshbuf_put_eckey(b, key->ecdsa)) != 0)

(ret = sshbuf_...->ecdsa)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-50

782

return ret;

never executed: return ret;

783

break;

executed 50 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

784 # endif -

785

case KEY_RSA:

executed 64 times by 4 tests: case KEY_RSA:

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

786

if (key->rsa == NULL)

key->rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 64 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-64

787

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

788 RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL); -

789

if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||

(ret = sshbuf_...ypename)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 64 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-64

790

(ret = sshbuf_put_bignum2(b, rsa_e)) != 0 ||

(ret = sshbuf_..., rsa_e)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 64 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-64

791

(ret = sshbuf_put_bignum2(b, rsa_n)) != 0)

(ret = sshbuf_..., rsa_n)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 64 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-64

792

return ret;

never executed: return ret;

793

break;

executed 64 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

794 #endif /* WITH_OPENSSL */ -

795

case KEY_ED25519:

executed 59 times by 4 tests: case KEY_ED25519:

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

796

if (key->ed25519_pk == NULL)

key->ed25519_pk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-59

797

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

798

if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||

(ret = sshbuf_...ypename)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-59

799

(ret = sshbuf_put_string(b,

(ret = sshbuf_...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-59

800

key->ed25519_pk, ED25519_PK_SZ)) != 0)

(ret = sshbuf_...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-59

801

return ret;

never executed: return ret;

802

break;

executed 59 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

803 #ifdef WITH_XMSS -

804 case KEY_XMSS: -

805 if (key->xmss_name == NULL || key->xmss_pk == NULL || -

806 sshkey_xmss_pklen(key) == 0) -

807 return SSH_ERR_INVALID_ARGUMENT; -

808 if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -

809 (ret = sshbuf_put_cstring(b, key->xmss_name)) != 0 || -

810 (ret = sshbuf_put_string(b, -

811 key->xmss_pk, sshkey_xmss_pklen(key))) != 0 || -

812 (ret = sshkey_xmss_serialize_pk_info(key, b, opts)) != 0) -

813 return ret; -

814 break; -

815 #endif /* WITH_XMSS */ -

816

default:

never executed: default:

817

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

818 } -

819

return 0;

executed 231 times by 4 tests: return 0;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

231

820 } -

821 -

822 int -

823 sshkey_putb(const struct sshkey *key, struct sshbuf *b) -

824 { -

825

return to_blob_buf(key, b, 0, SSHKEY_SERIALIZE_DEFAULT);

executed 21 times by 2 tests: return to_blob_buf(key, b, 0, SSHKEY_SERIALIZE_DEFAULT);

Executed by:

ssh-keygen
test_sshkey

826 } -

827 -

828 int -

829 sshkey_puts_opts(const struct sshkey *key, struct sshbuf *b, -

830 enum sshkey_serialize_rep opts) -

831 { -

832 struct sshbuf *tmp; -

833 int r; -

834 -

835

if ((tmp = sshbuf_new()) == NULL)

(tmp = sshbuf_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

836

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

837 r = to_blob_buf(key, tmp, 0, opts); -

838

if (r == 0)

r == 0	Description
TRUE	never evaluated
FALSE	never evaluated

839

r = sshbuf_put_stringb(b, tmp);

never executed: r = sshbuf_put_stringb(b, tmp);

840 sshbuf_free(tmp); -

841

return r;

never executed: return r;

842 } -

843 -

844 int -

845 sshkey_puts(const struct sshkey *key, struct sshbuf *b) -

846 { -

847

return sshkey_puts_opts(key, b, SSHKEY_SERIALIZE_DEFAULT);

never executed: return sshkey_puts_opts(key, b, SSHKEY_SERIALIZE_DEFAULT);

848 } -

849 -

850 int -

851 sshkey_putb_plain(const struct sshkey *key, struct sshbuf *b) -

852 { -

853

return to_blob_buf(key, b, 1, SSHKEY_SERIALIZE_DEFAULT);

executed 1 time by 1 test: return to_blob_buf(key, b, 1, SSHKEY_SERIALIZE_DEFAULT);

Executed by:

test_sshkey

854 } -

855 -

856 static int -

857 to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain, -

858 enum sshkey_serialize_rep opts) -

859 { -

860 int ret = SSH_ERR_INTERNAL_ERROR; -

861 size_t len; -

862 struct sshbuf *b = NULL; -

863 -

864

if (lenp != NULL)

lenp != ((void *)0)	Description
TRUE	evaluated 209 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	never evaluated

0-209

865

*lenp = 0;

executed 209 times by 4 tests: *lenp = 0;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

209

866

if (blobp != NULL)

blobp != ((void *)0)	Description
TRUE	evaluated 209 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	never evaluated

0-209

867

*blobp = NULL;

executed 209 times by 4 tests: *blobp = ((void *)0) ;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

209

868

if ((b = sshbuf_new()) == NULL)

(b = sshbuf_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 209 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-209

869

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

870

if ((ret = to_blob_buf(key, b, force_plain, opts)) != 0)

(ret = to_blob...n, opts)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 209 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-209

871

goto out;

never executed: goto out;

872 len = sshbuf_len(b); -

873

if (lenp != NULL)

lenp != ((void *)0)	Description
TRUE	evaluated 209 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	never evaluated

0-209

874

*lenp = len;

executed 209 times by 4 tests: *lenp = len;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

209

875

if (blobp != NULL) {

blobp != ((void *)0)	Description
TRUE	evaluated 209 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	never evaluated

0-209

876

if ((*blobp = malloc(len)) == NULL) {

(blobp = mall...== ((void )0)	Description
TRUE	never evaluated
FALSE	evaluated 209 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-209

877 ret = SSH_ERR_ALLOC_FAIL; -

878

goto out;

never executed: goto out;

879 } -

880 memcpy(*blobp, sshbuf_ptr(b), len); -

881

}

executed 209 times by 4 tests: end of block

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

209

882 ret = 0; -

883

out:

code before this statement executed 209 times by 4 tests: out:

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

209

884 sshbuf_free(b); -

885

return ret;

executed 209 times by 4 tests: return ret;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

209

886 } -

887 -

888 int -

889 sshkey_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) -

890 { -

891

return to_blob(key, blobp, lenp, 0, SSHKEY_SERIALIZE_DEFAULT);

executed 169 times by 3 tests: return to_blob(key, blobp, lenp, 0, SSHKEY_SERIALIZE_DEFAULT);

Executed by:

ssh-keygen
test_kex
test_sshkey

169

892 } -

893 -

894 int -

895 sshkey_plain_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) -

896 { -

897

return to_blob(key, blobp, lenp, 1, SSHKEY_SERIALIZE_DEFAULT);

never executed: return to_blob(key, blobp, lenp, 1, SSHKEY_SERIALIZE_DEFAULT);

898 } -

899 -

900 int -

901 sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, -

902 u_char **retp, size_t *lenp) -

903 { -

904 u_char *blob = NULL, *ret = NULL; -

905 size_t blob_len = 0; -

906 int r = SSH_ERR_INTERNAL_ERROR; -

907 -

908

if (retp != NULL)

retp != ((void *)0)	Description
TRUE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-40

909

*retp = NULL;

executed 40 times by 3 tests: *retp = ((void *)0) ;

Executed by:

ssh-keygen
sshd
test_sshkey

910

if (lenp != NULL)

lenp != ((void *)0)	Description
TRUE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-40

911

*lenp = 0;

executed 40 times by 3 tests: *lenp = 0;

Executed by:

ssh-keygen
sshd
test_sshkey

912

if (ssh_digest_bytes(dgst_alg) == 0) {

ssh_digest_byt...dgst_alg) == 0	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-40

913 r = SSH_ERR_INVALID_ARGUMENT; -

914

goto out;

never executed: goto out;

915 } -

916

if ((r = to_blob(k, &blob, &blob_len, 1, SSHKEY_SERIALIZE_DEFAULT))

(r = to_blob(k...DEFAULT)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-40

917

!= 0)

(r = to_blob(k...DEFAULT)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-40

918

goto out;

never executed: goto out;

919

if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) {

(ret = calloc(...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-40

920 r = SSH_ERR_ALLOC_FAIL; -

921

goto out;

never executed: goto out;

922 } -

923

if ((r = ssh_digest_memory(dgst_alg, blob, blob_len,

(r = ssh_diges...ret, 64)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-40

924

ret, SSH_DIGEST_MAX_LENGTH)) != 0)

(r = ssh_diges...ret, 64)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-40

925

goto out;

never executed: goto out;

926 /* success */ -

927

if (retp != NULL) {

retp != ((void *)0)	Description
TRUE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-40

928 *retp = ret; -

929 ret = NULL; -

930

}

executed 40 times by 3 tests: end of block

Executed by:

ssh-keygen
sshd
test_sshkey

931

if (lenp != NULL)

lenp != ((void *)0)	Description
TRUE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-40

932

*lenp = ssh_digest_bytes(dgst_alg);

executed 40 times by 3 tests: *lenp = ssh_digest_bytes(dgst_alg);

Executed by:

ssh-keygen
sshd
test_sshkey

933 r = 0; -

934

out:

code before this statement executed 40 times by 3 tests: out:

Executed by:

ssh-keygen
sshd
test_sshkey

935 free(ret); -

936

if (blob != NULL) {

blob != ((void *)0)	Description
TRUE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-40

937 explicit_bzero(blob, blob_len); -

938 free(blob); -

939

}

executed 40 times by 3 tests: end of block

Executed by:

ssh-keygen
sshd
test_sshkey

940

return r;

executed 40 times by 3 tests: return r;

Executed by:

ssh-keygen
sshd
test_sshkey

941 } -

942 -

943 static char * -

944 fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) -

945 { -

946 char *ret; -

947 size_t plen = strlen(alg) + 1; -

948 size_t rlen = ((dgst_raw_len + 2) / 3) * 4 + plen + 1; -

949 int r; -

950 -

951

if (dgst_raw_len > 65536 || (ret = calloc(1, rlen)) == NULL)

dgst_raw_len > 65536	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

(ret = calloc(...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-18

952

return NULL;

never executed: return ((void *)0) ;

953 strlcpy(ret, alg, rlen); -

954 strlcat(ret, ":", rlen); -

955

if (dgst_raw_len == 0)

dgst_raw_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-18

956

return ret;

never executed: return ret;

957

if ((r = b64_ntop(dgst_raw, dgst_raw_len,

(r = __b64_nto... plen) ) == -1	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-18

958

ret + plen, rlen - plen)) == -1) {

(r = __b64_nto... plen) ) == -1	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-18

959 freezero(ret, rlen); -

960

return NULL;

never executed: return ((void *)0) ;

961 } -

962 /* Trim padding characters from end */ -

963 ret[strcspn(ret, "=")] = '\0'; -

964

return ret;

executed 18 times by 3 tests: return ret;

Executed by:

ssh-keygen
sshd
test_sshkey

965 } -

966 -

967 static char * -

968 fingerprint_hex(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) -

969 { -

970 char *retval, hex[5]; -

971 size_t i, rlen = dgst_raw_len * 3 + strlen(alg) + 2; -

972 -

973

if (dgst_raw_len > 65536 || (retval = calloc(1, rlen)) == NULL)

dgst_raw_len > 65536	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

(retval = call...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

974

return NULL;

never executed: return ((void *)0) ;

975 strlcpy(retval, alg, rlen); -

976 strlcat(retval, ":", rlen); -

977

for (i = 0; i < dgst_raw_len; i++) {

i < dgst_raw_len	Description
TRUE	evaluated 16 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

1-16

978 snprintf(hex, sizeof(hex), "%s%02x", -

979 i > 0 ? ":" : "", dgst_raw[i]); -

980 strlcat(retval, hex, rlen); -

981

}

executed 16 times by 1 test: end of block

Executed by:

ssh-keygen

982

return retval;

executed 1 time by 1 test: return retval;

Executed by:

ssh-keygen

983 } -

984 -

985 static char * -

986 fingerprint_bubblebabble(u_char *dgst_raw, size_t dgst_raw_len) -

987 { -

988 char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; -

989 char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', -

990 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; -

991 u_int i, j = 0, rounds, seed = 1; -

992 char *retval; -

993 -

994 rounds = (dgst_raw_len / 2) + 1; -

995

if ((retval = calloc(rounds, 6)) == NULL)

(retval = call...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-9

996

return NULL;

never executed: return ((void *)0) ;

997 retval[j++] = 'x'; -

998

for (i = 0; i < rounds; i++) {

i < rounds	Description
TRUE	evaluated 99 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	evaluated 9 times by 2 tests Evaluated by: ssh-keygen test_sshkey

9-99

999 u_int idx0, idx1, idx2, idx3, idx4; -

1000

if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {

(i + 1 < rounds)	Description
TRUE	evaluated 90 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	evaluated 9 times by 2 tests Evaluated by: ssh-keygen test_sshkey

(dgst_raw_len % 2 != 0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-90

1001 idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) + -

1002 seed) % 6; -

1003 idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15; -

1004 idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) + -

1005 (seed / 6)) % 6; -

1006 retval[j++] = vowels[idx0]; -

1007 retval[j++] = consonants[idx1]; -

1008 retval[j++] = vowels[idx2]; -

1009

if ((i + 1) < rounds) {

(i + 1) < rounds	Description
TRUE	evaluated 90 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	never evaluated

0-90

1010 idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15; -

1011 idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15; -

1012 retval[j++] = consonants[idx3]; -

1013 retval[j++] = '-'; -

1014 retval[j++] = consonants[idx4]; -

1015 seed = ((seed * 5) + -

1016 ((((u_int)(dgst_raw[2 * i])) * 7) + -

1017 ((u_int)(dgst_raw[(2 * i) + 1])))) % 36; -

1018

}

executed 90 times by 2 tests: end of block

Executed by:

ssh-keygen
test_sshkey

1019

} else {

executed 90 times by 2 tests: end of block

Executed by:

ssh-keygen
test_sshkey

1020 idx0 = seed % 6; -

1021 idx1 = 16; -

1022 idx2 = seed / 6; -

1023 retval[j++] = vowels[idx0]; -

1024 retval[j++] = consonants[idx1]; -

1025 retval[j++] = vowels[idx2]; -

1026

}

executed 9 times by 2 tests: end of block

Executed by:

ssh-keygen
test_sshkey

1027 } -

1028 retval[j++] = 'x'; -

1029 retval[j++] = '\0'; -

1030

return retval;

executed 9 times by 2 tests: return retval;

Executed by:

ssh-keygen
test_sshkey

1031 } -

1032 -

1033 /* -

1034 * Draw an ASCII-Art representing the fingerprint so human brain can -

1035 * profit from its built-in pattern recognition ability. -

1036 * This technique is called "random art" and can be found in some -

1037 * scientific publications like this original paper: -

1038 * -

1039 * "Hash Visualization: a New Technique to improve Real-World Security", -

1040 * Perrig A. and Song D., 1999, International Workshop on Cryptographic -

1041 * Techniques and E-Commerce (CrypTEC '99) -

1042 * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf -

1043 * -

1044 * The subject came up in a talk by Dan Kaminsky, too. -

1045 * -

1046 * If you see the picture is different, the key is different. -

1047 * If the picture looks the same, you still know nothing. -

1048 * -

1049 * The algorithm used here is a worm crawling over a discrete plane, -

1050 * leaving a trace (augmenting the field) everywhere it goes. -

1051 * Movement is taken from dgst_raw 2bit-wise. Bumping into walls -

1052 * makes the respective movement vector be ignored for this turn. -

1053 * Graphs are not unambiguous, because circles in graphs can be -

1054 * walked in either direction. -

1055 */ -

1056 -

1057 /* -

1058 * Field sizes for the random art. Have to be odd, so the starting point -

1059 * can be in the exact middle of the picture, and FLDBASE should be >=8 . -

1060 * Else pictures would be too dense, and drawing the frame would -

1061 * fail, too, because the key type would not fit in anymore. -

1062 */ -

1063 #define FLDBASE 8 -

1064 #define FLDSIZE_Y (FLDBASE + 1) -

1065 #define FLDSIZE_X (FLDBASE * 2 + 1) -

1066 static char * -

1067 fingerprint_randomart(const char *alg, u_char *dgst_raw, size_t dgst_raw_len, -

1068 const struct sshkey *k) -

1069 { -

1070 /* -

1071 * Chars to be used after each other every time the worm -

1072 * intersects with itself. Matter of taste. -

1073 */ -

1074 char *augmentation_string = " .o+=*BOX@%&#/^SE"; -

1075 char *retval, *p, title[FLDSIZE_X], hash[FLDSIZE_X]; -

1076 u_char field[FLDSIZE_X][FLDSIZE_Y]; -

1077 size_t i, tlen, hlen; -

1078 u_int b; -

1079 int x, y, r; -

1080 size_t len = strlen(augmentation_string) - 1; -

1081 -

1082

if ((retval = calloc((FLDSIZE_X + 3), (FLDSIZE_Y + 2))) == NULL)

(retval = call...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

0-12

1083

return NULL;

never executed: return ((void *)0) ;

1084 -

1085 /* initialize field */ -

1086 memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); -

1087 x = FLDSIZE_X / 2; -

1088 y = FLDSIZE_Y / 2; -

1089 -

1090 /* process raw key */ -

1091

for (i = 0; i < dgst_raw_len; i++) {

i < dgst_raw_len	Description
TRUE	evaluated 368 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

12-368

1092 int input; -

1093 /* each byte conveys four 2-bit move commands */ -

1094 input = dgst_raw[i]; -

1095

for (b = 0; b < 4; b++) {

b < 4	Description
TRUE	evaluated 1472 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 368 times by 1 test Evaluated by: ssh-keygen

368-1472

1096 /* evaluate 2 bit, rest is shifted later */ -

1097

x += (input & 0x1) ? 1 : -1;

(input & 0x1)	Description
TRUE	evaluated 756 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 716 times by 1 test Evaluated by: ssh-keygen

716-756

1098

y += (input & 0x2) ? 1 : -1;

(input & 0x2)	Description
TRUE	evaluated 760 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 712 times by 1 test Evaluated by: ssh-keygen

712-760

1099 -

1100 /* assure we are still in bounds */ -

1101

x = MAXIMUM(x, 0);

((x) > (0))	Description
TRUE	evaluated 1453 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 19 times by 1 test Evaluated by: ssh-keygen

19-1453

1102

y = MAXIMUM(y, 0);

((y) > (0))	Description
TRUE	evaluated 1366 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 106 times by 1 test Evaluated by: ssh-keygen

106-1366

1103

x = MINIMUM(x, FLDSIZE_X - 1);

((x) < ((8 * 2 + 1) - 1))	Description
TRUE	evaluated 1407 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 65 times by 1 test Evaluated by: ssh-keygen

65-1407

1104

y = MINIMUM(y, FLDSIZE_Y - 1);

((y) < ((8 + 1) - 1))	Description
TRUE	evaluated 1306 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 166 times by 1 test Evaluated by: ssh-keygen

166-1306

1105 -

1106 /* augment the field */ -

1107

if (field[x][y] < len - 2)

field[x][y] < len - 2	Description
TRUE	evaluated 1472 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-1472

1108

field[x][y]++;

executed 1472 times by 1 test: field[x][y]++;

Executed by:

ssh-keygen

1472

1109 input = input >> 2; -

1110

}

executed 1472 times by 1 test: end of block

Executed by:

ssh-keygen

1472

1111

}

executed 368 times by 1 test: end of block

Executed by:

ssh-keygen

368

1112 -

1113 /* mark starting point and end point*/ -

1114 field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1; -

1115 field[x][y] = len; -

1116 -

1117 /* assemble title */ -

1118 r = snprintf(title, sizeof(title), "[%s %u]", -

1119 sshkey_type(k), sshkey_size(k)); -

1120 /* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */ -

1121

if (r < 0 || r > (int)sizeof(title))

r < 0	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

r > (int)sizeof(title)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

0-12

1122

r = snprintf(title, sizeof(title), "[%s]", sshkey_type(k));

never executed: r = snprintf(title, sizeof(title), "[%s]", sshkey_type(k));

1123

tlen = (r <= 0) ? 0 : strlen(title);

(r <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

0-12

1124 -

1125 /* assemble hash ID. */ -

1126 r = snprintf(hash, sizeof(hash), "[%s]", alg); -

1127

hlen = (r <= 0) ? 0 : strlen(hash);

(r <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

0-12

1128 -

1129 /* output upper border */ -

1130 p = retval; -

1131 *p++ = '+'; -

1132

for (i = 0; i < (FLDSIZE_X - tlen) / 2; i++)

i < ((8 * 2 + 1) - tlen) / 2	Description
TRUE	evaluated 33 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

12-33

1133

*p++ = '-';

executed 33 times by 1 test: *p++ = '-';

Executed by:

ssh-keygen

1134 memcpy(p, title, tlen); -

1135 p += tlen; -

1136

for (i += tlen; i < FLDSIZE_X; i++)

i < (8 * 2 + 1)	Description
TRUE	evaluated 40 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

12-40

1137

*p++ = '-';

executed 40 times by 1 test: *p++ = '-';

Executed by:

ssh-keygen

1138 *p++ = '+'; -

1139 *p++ = '\n'; -

1140 -

1141 /* output content */ -

1142

for (y = 0; y < FLDSIZE_Y; y++) {

y < (8 + 1)	Description
TRUE	evaluated 108 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

12-108

1143 *p++ = '|'; -

1144

for (x = 0; x < FLDSIZE_X; x++)

x < (8 * 2 + 1)	Description
TRUE	evaluated 1836 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 108 times by 1 test Evaluated by: ssh-keygen

108-1836

1145

*p++ = augmentation_string[MINIMUM(field[x][y], len)];

executed 1836 times by 1 test: *p++ = augmentation_string[(((field[x][y]) < (len)) ? (field[x][y]) : (len))];

Executed by:

ssh-keygen

1836

1146 *p++ = '|'; -

1147 *p++ = '\n'; -

1148

}

executed 108 times by 1 test: end of block

Executed by:

ssh-keygen

108

1149 -

1150 /* output lower border */ -

1151 *p++ = '+'; -

1152

for (i = 0; i < (FLDSIZE_X - hlen) / 2; i++)

i < ((8 * 2 + 1) - hlen) / 2	Description
TRUE	evaluated 50 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

12-50

1153

*p++ = '-';

executed 50 times by 1 test: *p++ = '-';

Executed by:

ssh-keygen

1154 memcpy(p, hash, hlen); -

1155 p += hlen; -

1156

for (i += hlen; i < FLDSIZE_X; i++)

i < (8 * 2 + 1)	Description
TRUE	evaluated 61 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 12 times by 1 test Evaluated by: ssh-keygen

12-61

1157

*p++ = '-';

executed 61 times by 1 test: *p++ = '-';

Executed by:

ssh-keygen

1158 *p++ = '+'; -

1159 -

1160

return retval;

executed 12 times by 1 test: return retval;

Executed by:

ssh-keygen

1161 } -

1162 -

1163 char * -

1164 sshkey_fingerprint(const struct sshkey *k, int dgst_alg, -

1165 enum sshkey_fp_rep dgst_rep) -

1166 { -

1167 char *retval = NULL; -

1168 u_char *dgst_raw; -

1169 size_t dgst_raw_len; -

1170 -

1171

if (sshkey_fingerprint_raw(k, dgst_alg, &dgst_raw, &dgst_raw_len) != 0)

sshkey_fingerp..._raw_len) != 0	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-40

1172

return NULL;

never executed: return ((void *)0) ;

1173 switch (dgst_rep) { -

1174

case SSH_FP_DEFAULT:

executed 11 times by 2 tests: case SSH_FP_DEFAULT:

Executed by:

ssh-keygen
sshd

1175

if (dgst_alg == SSH_DIGEST_MD5) {

dgst_alg == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 10 times by 2 tests Evaluated by: ssh-keygen sshd

1-10

1176 retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg), -

1177 dgst_raw, dgst_raw_len); -

1178

} else {

executed 1 time by 1 test: end of block

Executed by:

ssh-keygen

1179 retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg), -

1180 dgst_raw, dgst_raw_len); -

1181

}

executed 10 times by 2 tests: end of block

Executed by:

ssh-keygen
sshd

1182

break;

executed 11 times by 2 tests: break;

Executed by:

ssh-keygen
sshd

1183

case SSH_FP_HEX:

never executed: case SSH_FP_HEX:

1184 retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg), -

1185 dgst_raw, dgst_raw_len); -

1186

break;

never executed: break;

1187

case SSH_FP_BASE64:

executed 8 times by 1 test: case SSH_FP_BASE64:

Executed by:

test_sshkey

1188 retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg), -

1189 dgst_raw, dgst_raw_len); -

1190

break;

executed 8 times by 1 test: break;

Executed by:

test_sshkey

1191

case SSH_FP_BUBBLEBABBLE:

executed 9 times by 2 tests: case SSH_FP_BUBBLEBABBLE:

Executed by:

ssh-keygen
test_sshkey

1192 retval = fingerprint_bubblebabble(dgst_raw, dgst_raw_len); -

1193

break;

executed 9 times by 2 tests: break;

Executed by:

ssh-keygen
test_sshkey

1194

case SSH_FP_RANDOMART:

executed 12 times by 1 test: case SSH_FP_RANDOMART:

Executed by:

ssh-keygen

1195 retval = fingerprint_randomart(ssh_digest_alg_name(dgst_alg), -

1196 dgst_raw, dgst_raw_len, k); -

1197

break;

executed 12 times by 1 test: break;

Executed by:

ssh-keygen

1198

default:

never executed: default:

1199 explicit_bzero(dgst_raw, dgst_raw_len); -

1200 free(dgst_raw); -

1201

return NULL;

never executed: return ((void *)0) ;

1202 } -

1203 explicit_bzero(dgst_raw, dgst_raw_len); -

1204 free(dgst_raw); -

1205

return retval;

executed 40 times by 3 tests: return retval;

Executed by:

ssh-keygen
sshd
test_sshkey

1206 } -

1207 -

1208 static int -

1209 peek_type_nid(const char *s, size_t l, int *nid) -

1210 { -

1211 const struct keytype *kt; -

1212 -

1213

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	evaluated 3108 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	evaluated 4 times by 1 test Evaluated by: test_hostkeys

4-3108

1214

if (kt->name == NULL || strlen(kt->name) != l)

kt->name == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3108 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

strlen(kt->name) != l	Description
TRUE	evaluated 2183 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	evaluated 925 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-3108

1215

continue;

executed 2183 times by 4 tests: continue;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

2183

1216

if (memcmp(s, kt->name, l) == 0) {

memcmp(s, kt->name, l) == 0	Description
TRUE	evaluated 682 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	evaluated 243 times by 3 tests Evaluated by: ssh-keygen test_hostkeys test_sshkey

243-682

1217 *nid = -1; -

1218

if (kt->type == KEY_ECDSA || kt->type == KEY_ECDSA_CERT)

kt->type == KEY_ECDSA	Description
TRUE	evaluated 169 times by 3 tests Evaluated by: ssh-keygen test_hostkeys test_sshkey
FALSE	evaluated 513 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

kt->type == KEY_ECDSA_CERT	Description
TRUE	evaluated 2 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 511 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

2-513

1219

*nid = kt->nid;

executed 171 times by 3 tests: *nid = kt->nid;

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

171

1220

return kt->type;

executed 682 times by 4 tests: return kt->type;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

682

1221 } -

1222

}

executed 243 times by 3 tests: end of block

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

243

1223

return KEY_UNSPEC;

executed 4 times by 1 test: return KEY_UNSPEC;

Executed by:

test_hostkeys

1224 } -

1225 -

1226 /* XXX this can now be made const char * */ -

1227 int -

1228 sshkey_read(struct sshkey *ret, char **cpp) -

1229 { -

1230 struct sshkey *k; -

1231 char *cp, *blobcopy; -

1232 size_t space; -

1233 int r, type, curve_nid = -1; -

1234 struct sshbuf *blob; -

1235 -

1236

if (ret == NULL)

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 686 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-686

1237

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

1238 -

1239 switch (ret->type) { -

1240

case KEY_UNSPEC:

executed 686 times by 4 tests: case KEY_UNSPEC:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

686

1241

case KEY_RSA:

never executed: case KEY_RSA:

1242

case KEY_DSA:

never executed: case KEY_DSA:

1243

case KEY_ECDSA:

never executed: case KEY_ECDSA:

1244

case KEY_ED25519:

never executed: case KEY_ED25519:

1245

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

1246

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

1247

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

1248

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

1249 #ifdef WITH_XMSS -

1250 case KEY_XMSS: -

1251 case KEY_XMSS_CERT: -

1252 #endif /* WITH_XMSS */ -

1253

break; /* ok */

executed 686 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

686

1254

default:

never executed: default:

1255

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

1256 } -

1257 -

1258 /* Decode type */ -

1259 cp = *cpp; -

1260 space = strcspn(cp, " \t"); -

1261

if (space == strlen(cp))

space == strlen(cp)	Description
TRUE	never evaluated
FALSE	evaluated 686 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-686

1262

return SSH_ERR_INVALID_FORMAT;

never executed: return -4;

1263

if ((type = peek_type_nid(cp, space, &curve_nid)) == KEY_UNSPEC)

(type = peek_t... == KEY_UNSPEC	Description
TRUE	evaluated 4 times by 1 test Evaluated by: test_hostkeys
FALSE	evaluated 682 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

4-682

1264

return SSH_ERR_INVALID_FORMAT;

executed 4 times by 1 test: return -4;

Executed by:

test_hostkeys

1265 -

1266 /* skip whitespace */ -

1267

for (cp += space; *cp == ' ' || *cp == '\t'; cp++)

*cp == ' '	Description
TRUE	evaluated 682 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	evaluated 682 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

*cp == '\t'	Description
TRUE	never evaluated
FALSE	evaluated 682 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-682

1268

;

executed 682 times by 4 tests: ;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

682

1269

if (*cp == '\0')

*cp == '\0'	Description
TRUE	evaluated 3 times by 1 test Evaluated by: test_hostkeys
FALSE	evaluated 679 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

3-679

1270

return SSH_ERR_INVALID_FORMAT;

executed 3 times by 1 test: return -4;

Executed by:

test_hostkeys

1271

if (ret->type != KEY_UNSPEC && ret->type != type)

ret->type != KEY_UNSPEC	Description
TRUE	never evaluated
FALSE	evaluated 679 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

ret->type != type	Description
TRUE	never evaluated
FALSE	never evaluated

0-679

1272

return SSH_ERR_KEY_TYPE_MISMATCH;

never executed: return -13;

1273

if ((blob = sshbuf_new()) == NULL)

(blob = sshbuf...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 679 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-679

1274

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

1275 -

1276 /* find end of keyblob and decode */ -

1277 space = strcspn(cp, " \t"); -

1278

if ((blobcopy = strndup(cp, space)) == NULL) {

never executed: __len = __n + 1;

never executed: end of block

(blobcopy = (_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 679 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

__n < __len	Description
TRUE	never evaluated
FALSE	never evaluated

__retval != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

((const char *... ))[0] == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_constant_p ( cp )	Description
TRUE	never evaluated
FALSE	evaluated 679 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

((size_t)(cons...*)( cp ) == 1)	Description
TRUE	never evaluated
FALSE	never evaluated

0-679

1279 sshbuf_free(blob); -

1280

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

1281 } -

1282

if ((r = sshbuf_b64tod(blob, blobcopy)) != 0) {

(r = sshbuf_b6...lobcopy)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 679 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-679

1283 free(blobcopy); -

1284 sshbuf_free(blob); -

1285

return r;

never executed: return r;

1286 } -

1287 free(blobcopy); -

1288

if ((r = sshkey_fromb(blob, &k)) != 0) {

(r = sshkey_fr...lob, &k)) != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: test_hostkeys
FALSE	evaluated 676 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

3-676

1289 sshbuf_free(blob); -

1290

return r;

executed 3 times by 1 test: return r;

Executed by:

test_hostkeys

1291 } -

1292 sshbuf_free(blob); -

1293 -

1294 /* skip whitespace and leave cp at start of comment */ -

1295

for (cp += space; *cp == ' ' || *cp == '\t'; cp++)

*cp == ' '	Description
TRUE	evaluated 672 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	evaluated 676 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

*cp == '\t'	Description
TRUE	never evaluated
FALSE	evaluated 676 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-676

1296

;

executed 672 times by 4 tests: ;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

672

1297 -

1298 /* ensure type of blob matches type at start of line */ -

1299

if (k->type != type) {

k->type != type	Description
TRUE	never evaluated
FALSE	evaluated 676 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-676

1300 sshkey_free(k); -

1301

return SSH_ERR_KEY_TYPE_MISMATCH;

never executed: return -13;

1302 } -

1303

if (sshkey_type_plain(type) == KEY_ECDSA && curve_nid != k->ecdsa_nid) {

sshkey_type_pl...) == KEY_ECDSA	Description
TRUE	evaluated 171 times by 3 tests Evaluated by: ssh-keygen test_hostkeys test_sshkey
FALSE	evaluated 505 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

curve_nid != k->ecdsa_nid	Description
TRUE	never evaluated
FALSE	evaluated 171 times by 3 tests Evaluated by: ssh-keygen test_hostkeys test_sshkey

0-505

1304 sshkey_free(k); -

1305

return SSH_ERR_EC_CURVE_MISMATCH;

never executed: return -15;

1306 } -

1307 -

1308 /* Fill in ret from parsed key */ -

1309 ret->type = type; -

1310

if (sshkey_is_cert(ret)) {

sshkey_is_cert(ret)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 665 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

11-665

1311

if (!sshkey_is_cert(k)) {

!sshkey_is_cert(k)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: test_sshkey

0-11

1312 sshkey_free(k); -

1313

return SSH_ERR_EXPECTED_CERT;

never executed: return -16;

1314 } -

1315

if (ret->cert != NULL)

ret->cert != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: test_sshkey

0-11

1316

cert_free(ret->cert);

never executed: cert_free(ret->cert);

1317 ret->cert = k->cert; -

1318 k->cert = NULL; -

1319

}

executed 11 times by 1 test: end of block

Executed by:

test_sshkey

1320 switch (sshkey_type_plain(ret->type)) { -

1321 #ifdef WITH_OPENSSL -

1322

case KEY_RSA:

executed 161 times by 4 tests: case KEY_RSA:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

161

1323 RSA_free(ret->rsa); -

1324 ret->rsa = k->rsa; -

1325 k->rsa = NULL; -

1326 #ifdef DEBUG_PK -

1327 RSA_print_fp(stderr, ret->rsa, 8); -

1328 #endif -

1329

break;

executed 161 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

161

1330

case KEY_DSA:

executed 171 times by 3 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

171

1331 DSA_free(ret->dsa); -

1332 ret->dsa = k->dsa; -

1333 k->dsa = NULL; -

1334 #ifdef DEBUG_PK -

1335 DSA_print_fp(stderr, ret->dsa, 8); -

1336 #endif -

1337

break;

executed 171 times by 3 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

171

1338 # ifdef OPENSSL_HAS_ECC -

1339

case KEY_ECDSA:

executed 171 times by 3 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

171

1340 EC_KEY_free(ret->ecdsa); -

1341 ret->ecdsa = k->ecdsa; -

1342 ret->ecdsa_nid = k->ecdsa_nid; -

1343 k->ecdsa = NULL; -

1344 k->ecdsa_nid = -1; -

1345 #ifdef DEBUG_PK -

1346 sshkey_dump_ec_key(ret->ecdsa); -

1347 #endif -

1348

break;

executed 171 times by 3 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

171

1349 # endif /* OPENSSL_HAS_ECC */ -

1350 #endif /* WITH_OPENSSL */ -

1351

case KEY_ED25519:

executed 173 times by 4 tests: case KEY_ED25519:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

173

1352 freezero(ret->ed25519_pk, ED25519_PK_SZ); -

1353 ret->ed25519_pk = k->ed25519_pk; -

1354 k->ed25519_pk = NULL; -

1355 #ifdef DEBUG_PK -

1356 /* XXX */ -

1357 #endif -

1358

break;

executed 173 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

173

1359 #ifdef WITH_XMSS -

1360 case KEY_XMSS: -

1361 free(ret->xmss_pk); -

1362 ret->xmss_pk = k->xmss_pk; -

1363 k->xmss_pk = NULL; -

1364 free(ret->xmss_state); -

1365 ret->xmss_state = k->xmss_state; -

1366 k->xmss_state = NULL; -

1367 free(ret->xmss_name); -

1368 ret->xmss_name = k->xmss_name; -

1369 k->xmss_name = NULL; -

1370 free(ret->xmss_filename); -

1371 ret->xmss_filename = k->xmss_filename; -

1372 k->xmss_filename = NULL; -

1373 #ifdef DEBUG_PK -

1374 /* XXX */ -

1375 #endif -

1376 break; -

1377 #endif /* WITH_XMSS */ -

1378

default:

never executed: default:

1379 sshkey_free(k); -

1380

return SSH_ERR_INTERNAL_ERROR;

never executed: return -1;

1381 } -

1382 sshkey_free(k); -

1383 -

1384 /* success */ -

1385 *cpp = cp; -

1386

return 0;

executed 676 times by 4 tests: return 0;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

676

1387 } -

1388 -

1389 -

1390 int -

1391 sshkey_to_base64(const struct sshkey *key, char **b64p) -

1392 { -

1393 int r = SSH_ERR_INTERNAL_ERROR; -

1394 struct sshbuf *b = NULL; -

1395 char *uu = NULL; -

1396 -

1397

if (b64p != NULL)

b64p != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-11

1398

*b64p = NULL;

executed 11 times by 1 test: *b64p = ((void *)0) ;

Executed by:

ssh-keygen

1399

if ((b = sshbuf_new()) == NULL)

(b = sshbuf_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1400

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

1401

if ((r = sshkey_putb(key, b)) != 0)

(r = sshkey_putb(key, b)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1402

goto out;

never executed: goto out;

1403

if ((uu = sshbuf_dtob64(b)) == NULL) {

(uu = sshbuf_d...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1404 r = SSH_ERR_ALLOC_FAIL; -

1405

goto out;

never executed: goto out;

1406 } -

1407 /* Success */ -

1408

if (b64p != NULL) {

b64p != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-11

1409 *b64p = uu; -

1410 uu = NULL; -

1411

}

executed 11 times by 1 test: end of block

Executed by:

ssh-keygen

1412 r = 0; -

1413

out:

code before this statement executed 11 times by 1 test: out:

Executed by:

ssh-keygen

1414 sshbuf_free(b); -

1415 free(uu); -

1416

return r;

executed 11 times by 1 test: return r;

Executed by:

ssh-keygen

1417 } -

1418 -

1419 int -

1420 sshkey_format_text(const struct sshkey *key, struct sshbuf *b) -

1421 { -

1422 int r = SSH_ERR_INTERNAL_ERROR; -

1423 char *uu = NULL; -

1424 -

1425

if ((r = sshkey_to_base64(key, &uu)) != 0)

(r = sshkey_to...ey, &uu)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1426

goto out;

never executed: goto out;

1427

if ((r = sshbuf_putf(b, "%s %s",

(r = sshbuf_pu...ey), uu)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1428

sshkey_ssh_name(key), uu)) != 0)

(r = sshbuf_pu...ey), uu)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1429

goto out;

never executed: goto out;

1430 r = 0; -

1431

out:

code before this statement executed 11 times by 1 test: out:

Executed by:

ssh-keygen

1432 free(uu); -

1433

return r;

executed 11 times by 1 test: return r;

Executed by:

ssh-keygen

1434 } -

1435 -

1436 int -

1437 sshkey_write(const struct sshkey *key, FILE *f) -

1438 { -

1439 struct sshbuf *b = NULL; -

1440 int r = SSH_ERR_INTERNAL_ERROR; -

1441 -

1442

if ((b = sshbuf_new()) == NULL)

(b = sshbuf_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1443

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

1444

if ((r = sshkey_format_text(key, b)) != 0)

(r = sshkey_fo...(key, b)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1445

goto out;

never executed: goto out;

1446

if (fwrite(sshbuf_ptr(b), sshbuf_len(b), 1, f) != 1) {

fwrite(sshbuf_...b), 1, f) != 1	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: ssh-keygen

0-11

1447

if (feof(f))

feof(f)	Description
TRUE	never evaluated
FALSE	never evaluated

1448

errno = EPIPE;

never executed: (*__errno_location ()) = 32 ;

1449 r = SSH_ERR_SYSTEM_ERROR; -

1450

goto out;

never executed: goto out;

1451 } -

1452 /* Success */ -

1453 r = 0; -

1454

out:

code before this statement executed 11 times by 1 test: out:

Executed by:

ssh-keygen

1455 sshbuf_free(b); -

1456

return r;

executed 11 times by 1 test: return r;

Executed by:

ssh-keygen

1457 } -

1458 -

1459 const char * -

1460 sshkey_cert_type(const struct sshkey *k) -

1461 { -

1462 switch (k->cert->type) { -

1463

case SSH2_CERT_TYPE_USER:

never executed: case 1:

1464

return "user";

never executed: return "user";

1465

case SSH2_CERT_TYPE_HOST:

never executed: case 2:

1466

return "host";

never executed: return "host";

1467

default:

never executed: default:

1468

return "unknown";

never executed: return "unknown";

1469 } -

1470 } -

1471 -

1472 #ifdef WITH_OPENSSL -

1473 static int -

1474 rsa_generate_private_key(u_int bits, RSA **rsap) -

1475 { -

1476 RSA *private = NULL; -

1477 BIGNUM *f4 = NULL; -

1478 int ret = SSH_ERR_INTERNAL_ERROR; -

1479 -

1480

if (rsap == NULL)

rsap == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-15

1481

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

1482

if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE ||

bits < 1024	Description
TRUE	evaluated 2 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

2-13

1483

bits > SSHBUF_MAX_BIGNUM * 8)

bits > (16384 / 8) * 8	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

1-12

1484

return SSH_ERR_KEY_LENGTH;

executed 3 times by 1 test: return -56;

Executed by:

test_sshkey

1485 *rsap = NULL; -

1486

if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) {

(private = RSA...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

(f4 = BN_new()) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-12

1487 ret = SSH_ERR_ALLOC_FAIL; -

1488

goto out;

never executed: goto out;

1489 } -

1490

if (!BN_set_word(f4, RSA_F4) ||

!BN_set_word(f4, 0x10001L )	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-12

1491

!RSA_generate_key_ex(private, bits, f4, NULL)) {

!RSA_generate_... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-12

1492 ret = SSH_ERR_LIBCRYPTO_ERROR; -

1493

goto out;

never executed: goto out;

1494 } -

1495 *rsap = private; -

1496 private = NULL; -

1497 ret = 0; -

1498

out:

code before this statement executed 12 times by 3 tests: out:

Executed by:

ssh-keygen
test_kex
test_sshkey

1499 RSA_free(private); -

1500 BN_free(f4); -

1501

return ret;

executed 12 times by 3 tests: return ret;

Executed by:

ssh-keygen
test_kex
test_sshkey

1502 } -

1503 -

1504 static int -

1505 dsa_generate_private_key(u_int bits, DSA **dsap) -

1506 { -

1507 DSA *private; -

1508 int ret = SSH_ERR_INTERNAL_ERROR; -

1509 -

1510

if (dsap == NULL)

dsap == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-12

1511

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

1512

if (bits != 1024)

bits != 1024	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

1-11

1513

return SSH_ERR_KEY_LENGTH;

executed 1 time by 1 test: return -56;

Executed by:

test_sshkey

1514

if ((private = DSA_new()) == NULL) {

(private = DSA...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-11

1515 ret = SSH_ERR_ALLOC_FAIL; -

1516

goto out;

never executed: goto out;

1517 } -

1518 *dsap = NULL; -

1519

if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,

!DSA_generate_... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-11

1520

NULL, NULL) || !DSA_generate_key(private)) {

!DSA_generate_... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

!DSA_generate_key(private)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-11

1521 ret = SSH_ERR_LIBCRYPTO_ERROR; -

1522

goto out;

never executed: goto out;

1523 } -

1524 *dsap = private; -

1525 private = NULL; -

1526 ret = 0; -

1527

out:

code before this statement executed 11 times by 3 tests: out:

Executed by:

ssh-keygen
test_kex
test_sshkey

1528 DSA_free(private); -

1529

return ret;

executed 11 times by 3 tests: return ret;

Executed by:

ssh-keygen
test_kex
test_sshkey

1530 } -

1531 -

1532 # ifdef OPENSSL_HAS_ECC -

1533 int -

1534 sshkey_ecdsa_key_to_nid(EC_KEY *k) -

1535 { -

1536 EC_GROUP *eg; -

1537 int nids[] = { -

1538 NID_X9_62_prime256v1, -

1539 NID_secp384r1, -

1540 # ifdef OPENSSL_HAS_NISTP521 -

1541 NID_secp521r1, -

1542 # endif /* OPENSSL_HAS_NISTP521 */ -

1543 -1 -

1544 }; -

1545 int nid; -

1546 u_int i; -

1547 BN_CTX *bnctx; -

1548 const EC_GROUP *g = EC_KEY_get0_group(k); -

1549 -

1550 /* -

1551 * The group may be stored in a ASN.1 encoded private key in one of two -

1552 * ways: as a "named group", which is reconstituted by ASN.1 object ID -

1553 * or explicit group parameters encoded into the key blob. Only the -

1554 * "named group" case sets the group NID for us, but we can figure -

1555 * it out for the other case by comparing against all the groups that -

1556 * are supported. -

1557 */ -

1558

if ((nid = EC_GROUP_get_curve_name(g)) > 0)

(nid = EC_GROU...e_name(g)) > 0	Description
TRUE	evaluated 5938 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-5938

1559

return nid;

executed 5938 times by 1 test: return nid;

Executed by:

test_sshkey

5938

1560

if ((bnctx = BN_CTX_new()) == NULL)

(bnctx = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1561

return -1;

never executed: return -1;

1562

for (i = 0; nids[i] != -1; i++) {

nids[i] != -1	Description
TRUE	never evaluated
FALSE	never evaluated

1563

if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) {

(eg = EC_GROUP...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1564 BN_CTX_free(bnctx); -

1565

return -1;

never executed: return -1;

1566 } -

1567

if (EC_GROUP_cmp(g, eg, bnctx) == 0)

EC_GROUP_cmp(g...g, bnctx) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1568

break;

never executed: break;

1569 EC_GROUP_free(eg); -

1570

}

never executed: end of block

1571 BN_CTX_free(bnctx); -

1572

if (nids[i] != -1) {

nids[i] != -1	Description
TRUE	never evaluated
FALSE	never evaluated

1573 /* Use the group with the NID attached */ -

1574 EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); -

1575

if (EC_KEY_set_group(k, eg) != 1) {

EC_KEY_set_group(k, eg) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

1576 EC_GROUP_free(eg); -

1577

return -1;

never executed: return -1;

1578 } -

1579

}

never executed: end of block

1580

return nids[i];

never executed: return nids[i];

1581 } -

1582 -

1583 static int -

1584 ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) -

1585 { -

1586 EC_KEY *private; -

1587 int ret = SSH_ERR_INTERNAL_ERROR; -

1588 -

1589

if (nid == NULL || ecdsap == NULL)

nid == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

ecdsap == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-12

1590

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

1591

if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1)

(*nid = sshkey...d(bits)) == -1	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

1-11

1592

return SSH_ERR_KEY_LENGTH;

executed 1 time by 1 test: return -56;

Executed by:

test_sshkey

1593 *ecdsap = NULL; -

1594

if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) {

(private = EC_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-11

1595 ret = SSH_ERR_ALLOC_FAIL; -

1596

goto out;

never executed: goto out;

1597 } -

1598

if (EC_KEY_generate_key(private) != 1) {

EC_KEY_generat...(private) != 1	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-11

1599 ret = SSH_ERR_LIBCRYPTO_ERROR; -

1600

goto out;

never executed: goto out;

1601 } -

1602 EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); -

1603 *ecdsap = private; -

1604 private = NULL; -

1605 ret = 0; -

1606

out:

code before this statement executed 11 times by 3 tests: out:

Executed by:

ssh-keygen
test_kex
test_sshkey

1607 EC_KEY_free(private); -

1608

return ret;

executed 11 times by 3 tests: return ret;

Executed by:

ssh-keygen
test_kex
test_sshkey

1609 } -

1610 # endif /* OPENSSL_HAS_ECC */ -

1611 #endif /* WITH_OPENSSL */ -

1612 -

1613 int -

1614 sshkey_generate(int type, u_int bits, struct sshkey **keyp) -

1615 { -

1616 struct sshkey *k; -

1617 int ret = SSH_ERR_INTERNAL_ERROR; -

1618 -

1619

if (keyp == NULL)

keyp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

1620

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

1621 *keyp = NULL; -

1622

if ((k = sshkey_new(KEY_UNSPEC)) == NULL)

(k = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 52 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-52

1623

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

1624 switch (type) { -

1625

case KEY_ED25519:

executed 13 times by 3 tests: case KEY_ED25519:

Executed by:

ssh-keygen
test_kex
test_sshkey

1626

if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||

(k->ed25519_pk...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 13 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-13

1627

(k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {

(k->ed25519_sk...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 13 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-13

1628 ret = SSH_ERR_ALLOC_FAIL; -

1629

break;

never executed: break;

1630 } -

1631 crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); -

1632 ret = 0; -

1633

break;

executed 13 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

1634 #ifdef WITH_XMSS -

1635 case KEY_XMSS: -

1636 ret = sshkey_xmss_generate_private_key(k, bits); -

1637 break; -

1638 #endif /* WITH_XMSS */ -

1639 #ifdef WITH_OPENSSL -

1640

case KEY_DSA:

executed 12 times by 3 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

1641 ret = dsa_generate_private_key(bits, &k->dsa); -

1642

break;

executed 12 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

1643 # ifdef OPENSSL_HAS_ECC -

1644

case KEY_ECDSA:

executed 12 times by 3 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

1645 ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid, -

1646 &k->ecdsa); -

1647

break;

executed 12 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

1648 # endif /* OPENSSL_HAS_ECC */ -

1649

case KEY_RSA:

executed 15 times by 3 tests: case KEY_RSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

1650 ret = rsa_generate_private_key(bits, &k->rsa); -

1651

break;

executed 15 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

1652 #endif /* WITH_OPENSSL */ -

1653

default:

never executed: default:

1654 ret = SSH_ERR_INVALID_ARGUMENT; -

1655

}

never executed: end of block

1656

if (ret == 0) {

ret == 0	Description
TRUE	evaluated 47 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey
FALSE	evaluated 5 times by 1 test Evaluated by: test_sshkey

5-47

1657 k->type = type; -

1658 *keyp = k; -

1659

} else

executed 47 times by 3 tests: end of block

Executed by:

ssh-keygen
test_kex
test_sshkey

1660

sshkey_free(k);

executed 5 times by 1 test: sshkey_free(k);

Executed by:

test_sshkey

1661

return ret;

executed 52 times by 3 tests: return ret;

Executed by:

ssh-keygen
test_kex
test_sshkey

1662 } -

1663 -

1664 int -

1665 sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) -

1666 { -

1667 u_int i; -

1668 const struct sshkey_cert *from; -

1669 struct sshkey_cert *to; -

1670 int r = SSH_ERR_INTERNAL_ERROR; -

1671 -

1672

if (to_key == NULL || (from = from_key->cert) == NULL)

to_key == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

(from = from_k...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1673

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

1674 -

1675

if ((to = cert_new()) == NULL)

(to = cert_new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1676

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

1677 -

1678

if ((r = sshbuf_putb(to->certblob, from->certblob)) != 0 ||

(r = sshbuf_pu...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1679

(r = sshbuf_putb(to->critical, from->critical)) != 0 ||

(r = sshbuf_pu...ritical)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1680

(r = sshbuf_putb(to->extensions, from->extensions)) != 0)

(r = sshbuf_pu...ensions)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1681

goto out;

never executed: goto out;

1682 -

1683 to->serial = from->serial; -

1684 to->type = from->type; -

1685

if (from->key_id == NULL)

from->key_id == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1686

to->key_id = NULL;

never executed: to->key_id = ((void *)0) ;

1687

else if ((to->key_id = strdup(from->key_id)) == NULL) {

never executed: __retval = (char *) memcpy (__retval, from->key_id , __len);

(to->key_id = ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

__retval != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

((const char *... ))[0] == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...from->key_id )	Description
TRUE	never evaluated
FALSE	never evaluated

((size_t)(cons...key_id ) == 1)	Description
TRUE	never evaluated
FALSE	never evaluated

1688 r = SSH_ERR_ALLOC_FAIL; -

1689

goto out;

never executed: goto out;

1690 } -

1691 to->valid_after = from->valid_after; -

1692 to->valid_before = from->valid_before; -

1693

if (from->signature_key == NULL)

from->signatur...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1694

to->signature_key = NULL;

never executed: to->signature_key = ((void *)0) ;

1695

else if ((r = sshkey_from_private(from->signature_key,

(r = sshkey_fr...ure_key)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1696

&to->signature_key)) != 0)

(r = sshkey_fr...ure_key)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1697

goto out;

never executed: goto out;

1698

if (from->signature_type != NULL &&

from->signatur...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1699

(to->signature_type = strdup(from->signature_type)) == NULL) {

never executed: __retval = (char *) memcpy (__retval, from->signature_type , __len);

__retval != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

((const char *... ))[0] == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

(to->signature...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...gnature_type )	Description
TRUE	never evaluated
FALSE	never evaluated

((size_t)(cons...e_type ) == 1)	Description
TRUE	never evaluated
FALSE	never evaluated

1700 r = SSH_ERR_ALLOC_FAIL; -

1701

goto out;

never executed: goto out;

1702 } -

1703

if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) {

from->nprincipals > 256	Description
TRUE	never evaluated
FALSE	never evaluated

1704 r = SSH_ERR_INVALID_ARGUMENT; -

1705

goto out;

never executed: goto out;

1706 } -

1707

if (from->nprincipals > 0) {

from->nprincipals > 0	Description
TRUE	never evaluated
FALSE	never evaluated

1708

if ((to->principals = calloc(from->nprincipals,

(to->principal...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1709

sizeof(*to->principals))) == NULL) {

(to->principal...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1710 r = SSH_ERR_ALLOC_FAIL; -

1711

goto out;

never executed: goto out;

1712 } -

1713

for (i = 0; i < from->nprincipals; i++) {

i < from->nprincipals	Description
TRUE	never evaluated
FALSE	never evaluated

1714

to->principals[i] = strdup(from->principals[i]);

never executed: __retval = (char *) memcpy (__retval, from->principals[i] , __len);

__retval != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

((const char *... ))[0] == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...rincipals[i] )	Description
TRUE	never evaluated
FALSE	never evaluated

((size_t)(cons...als[i] ) == 1)	Description
TRUE	never evaluated
FALSE	never evaluated

1715

if (to->principals[i] == NULL) {

to->principals...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1716 to->nprincipals = i; -

1717 r = SSH_ERR_ALLOC_FAIL; -

1718

goto out;

never executed: goto out;

1719 } -

1720

}

never executed: end of block

1721

}

never executed: end of block

1722 to->nprincipals = from->nprincipals; -

1723 -

1724 /* success */ -

1725 cert_free(to_key->cert); -

1726 to_key->cert = to; -

1727 to = NULL; -

1728 r = 0; -

1729

out:

code before this statement never executed: out:

1730 cert_free(to); -

1731

return r;

never executed: return r;

1732 } -

1733 -

1734 int -

1735 sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) -

1736 { -

1737 struct sshkey *n = NULL; -

1738 int r = SSH_ERR_INTERNAL_ERROR; -

1739 #ifdef WITH_OPENSSL -

1740 const BIGNUM *rsa_n, *rsa_e; -

1741 BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL; -

1742 const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; -

1743 BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL; -

1744 BIGNUM *dsa_pub_key_dup = NULL; -

1745 #endif /* WITH_OPENSSL */ -

1746 -

1747 *pkp = NULL; -

1748 switch (k->type) { -

1749 #ifdef WITH_OPENSSL -

1750

case KEY_DSA:

executed 26 times by 3 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

1751

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

1752

if ((n = sshkey_new(k->type)) == NULL) {

(n = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1753 r = SSH_ERR_ALLOC_FAIL; -

1754

goto out;

never executed: goto out;

1755 } -

1756 -

1757 DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); -

1758 DSA_get0_key(k->dsa, &dsa_pub_key, NULL); -

1759

if ((dsa_p_dup = BN_dup(dsa_p)) == NULL ||

(dsa_p_dup = B...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1760

(dsa_q_dup = BN_dup(dsa_q)) == NULL ||

(dsa_q_dup = B...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1761

(dsa_g_dup = BN_dup(dsa_g)) == NULL ||

(dsa_g_dup = B...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1762

(dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) {

(dsa_pub_key_d...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1763 r = SSH_ERR_ALLOC_FAIL; -

1764

goto out;

never executed: goto out;

1765 } -

1766

if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) {

!DSA_set0_pqg(...up, dsa_g_dup)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1767 r = SSH_ERR_LIBCRYPTO_ERROR; -

1768

goto out;

never executed: goto out;

1769 } -

1770 dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */ -

1771

if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) {

!DSA_set0_key(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1772 r = SSH_ERR_LIBCRYPTO_ERROR; -

1773

goto out;

never executed: goto out;

1774 } -

1775 dsa_pub_key_dup = NULL; /* transferred */ -

1776 -

1777

break;

executed 26 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

1778 # ifdef OPENSSL_HAS_ECC -

1779

case KEY_ECDSA:

executed 26 times by 3 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

1780

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

1781

if ((n = sshkey_new(k->type)) == NULL) {

(n = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1782 r = SSH_ERR_ALLOC_FAIL; -

1783

goto out;

never executed: goto out;

1784 } -

1785 n->ecdsa_nid = k->ecdsa_nid; -

1786 n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); -

1787

if (n->ecdsa == NULL) {

n->ecdsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1788 r = SSH_ERR_ALLOC_FAIL; -

1789

goto out;

never executed: goto out;

1790 } -

1791

if (EC_KEY_set_public_key(n->ecdsa,

EC_KEY_set_pub...->ecdsa)) != 1	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1792

EC_KEY_get0_public_key(k->ecdsa)) != 1) {

EC_KEY_set_pub...->ecdsa)) != 1	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-26

1793 r = SSH_ERR_LIBCRYPTO_ERROR; -

1794

goto out;

never executed: goto out;

1795 } -

1796

break;

executed 26 times by 3 tests: break;

Executed by:

ssh-keygen
test_kex
test_sshkey

1797 # endif /* OPENSSL_HAS_ECC */ -

1798

case KEY_RSA:

executed 28 times by 4 tests: case KEY_RSA:

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

1799

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

1800

if ((n = sshkey_new(k->type)) == NULL) {

(n = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 28 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-28

1801 r = SSH_ERR_ALLOC_FAIL; -

1802

goto out;

never executed: goto out;

1803 } -

1804 RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); -

1805

if ((rsa_n_dup = BN_dup(rsa_n)) == NULL ||

(rsa_n_dup = B...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 28 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-28

1806

(rsa_e_dup = BN_dup(rsa_e)) == NULL) {

(rsa_e_dup = B...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 28 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-28

1807 r = SSH_ERR_ALLOC_FAIL; -

1808

goto out;

never executed: goto out;

1809 } -

1810

if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) {

!RSA_set0_key(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 28 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-28

1811 r = SSH_ERR_LIBCRYPTO_ERROR; -

1812

goto out;

never executed: goto out;

1813 } -

1814 rsa_n_dup = rsa_e_dup = NULL; /* transferred */ -

1815

break;

executed 28 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

1816 #endif /* WITH_OPENSSL */ -

1817

case KEY_ED25519:

executed 30 times by 4 tests: case KEY_ED25519:

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

1818

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

1819

if ((n = sshkey_new(k->type)) == NULL) {

(n = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-30

1820 r = SSH_ERR_ALLOC_FAIL; -

1821

goto out;

never executed: goto out;

1822 } -

1823

if (k->ed25519_pk != NULL) {

k->ed25519_pk != ((void *)0)	Description
TRUE	evaluated 30 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey
FALSE	never evaluated

0-30

1824

if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {

(n->ed25519_pk...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

0-30

1825 r = SSH_ERR_ALLOC_FAIL; -

1826

goto out;

never executed: goto out;

1827 } -

1828 memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); -

1829

}

executed 30 times by 4 tests: end of block

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

1830

break;

executed 30 times by 4 tests: break;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

1831 #ifdef WITH_XMSS -

1832 case KEY_XMSS: -

1833 case KEY_XMSS_CERT: -

1834 if ((n = sshkey_new(k->type)) == NULL) { -

1835 r = SSH_ERR_ALLOC_FAIL; -

1836 goto out; -

1837 } -

1838 if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) -

1839 goto out; -

1840 if (k->xmss_pk != NULL) { -

1841 size_t pklen = sshkey_xmss_pklen(k); -

1842 if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { -

1843 r = SSH_ERR_INTERNAL_ERROR; -

1844 goto out; -

1845 } -

1846 if ((n->xmss_pk = malloc(pklen)) == NULL) { -

1847 r = SSH_ERR_ALLOC_FAIL; -

1848 goto out; -

1849 } -

1850 memcpy(n->xmss_pk, k->xmss_pk, pklen); -

1851 } -

1852 break; -

1853 #endif /* WITH_XMSS */ -

1854

default:

never executed: default:

1855 r = SSH_ERR_KEY_TYPE_UNKNOWN; -

1856

goto out;

never executed: goto out;

1857 } -

1858

if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0)

sshkey_is_cert(k)	Description
TRUE	never evaluated
FALSE	evaluated 110 times by 4 tests Evaluated by: ssh-keygen sshd test_kex test_sshkey

(r = sshkey_ce...py(k, n)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-110

1859

goto out;

never executed: goto out;

1860 /* success */ -

1861 *pkp = n; -

1862 n = NULL; -

1863 r = 0; -

1864

out:

code before this statement executed 110 times by 4 tests: out:

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

110

1865 sshkey_free(n); -

1866 #ifdef WITH_OPENSSL -

1867 BN_clear_free(rsa_n_dup); -

1868 BN_clear_free(rsa_e_dup); -

1869 BN_clear_free(dsa_p_dup); -

1870 BN_clear_free(dsa_q_dup); -

1871 BN_clear_free(dsa_g_dup); -

1872 BN_clear_free(dsa_pub_key_dup); -

1873 #endif -

1874 -

1875

return r;

executed 110 times by 4 tests: return r;

Executed by:

ssh-keygen
sshd
test_kex
test_sshkey

110

1876 } -

1877 -

1878 static int -

1879 cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) -

1880 { -

1881 struct sshbuf *principals = NULL, *crit = NULL; -

1882 struct sshbuf *exts = NULL, *ca = NULL; -

1883 u_char *sig = NULL; -

1884 size_t signed_len = 0, slen = 0, kidlen = 0; -

1885 int ret = SSH_ERR_INTERNAL_ERROR; -

1886 -

1887 /* Copy the entire key blob for verification and later serialisation */ -

1888

if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0)

(ret = sshbuf_...certbuf)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 15578 times by 1 test Evaluated by: test_sshkey

0-15578

1889

return ret;

never executed: return ret;

1890 -

1891 /* Parse body of certificate up to signature */ -

1892

if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||

(ret = sshbuf_...>serial)) != 0	Description
TRUE	evaluated 32 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 15546 times by 1 test Evaluated by: test_sshkey

32-15546

1893

(ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||

(ret = sshbuf_...t->type)) != 0	Description
TRUE	evaluated 16 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 15530 times by 1 test Evaluated by: test_sshkey

16-15530

1894

(ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||

(ret = sshbuf_...&kidlen)) != 0	Description
TRUE	evaluated 183 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 15347 times by 1 test Evaluated by: test_sshkey

183-15347

1895

(ret = sshbuf_froms(b, &principals)) != 0 ||

(ret = sshbuf_...ncipals)) != 0	Description
TRUE	evaluated 213 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 15134 times by 1 test Evaluated by: test_sshkey

213-15134

1896

(ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||

(ret = sshbuf_...d_after)) != 0	Description
TRUE	evaluated 32 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 15102 times by 1 test Evaluated by: test_sshkey

32-15102

1897

(ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||

(ret = sshbuf_..._before)) != 0	Description
TRUE	evaluated 32 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 15070 times by 1 test Evaluated by: test_sshkey

32-15070

1898

(ret = sshbuf_froms(b, &crit)) != 0 ||

(ret = sshbuf_..., &crit)) != 0	Description
TRUE	evaluated 147 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14923 times by 1 test Evaluated by: test_sshkey

147-14923

1899

(ret = sshbuf_froms(b, &exts)) != 0 ||

(ret = sshbuf_..., &exts)) != 0	Description
TRUE	evaluated 148 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14775 times by 1 test Evaluated by: test_sshkey

148-14775

1900

(ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 ||

(ret = sshbuf_...d *)0) )) != 0	Description
TRUE	evaluated 144 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14631 times by 1 test Evaluated by: test_sshkey

144-14631

1901

(ret = sshbuf_froms(b, &ca)) != 0) {

(ret = sshbuf_...(b, &ca)) != 0	Description
TRUE	evaluated 444 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14187 times by 1 test Evaluated by: test_sshkey

444-14187

1902 /* XXX debug print error for ret */ -

1903 ret = SSH_ERR_INVALID_FORMAT; -

1904

goto out;

executed 1391 times by 1 test: goto out;

Executed by:

test_sshkey

1391

1905 } -

1906 -

1907 /* Signature is left in the buffer so we can calculate this length */ -

1908 signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b); -

1909 -

1910

if ((ret = sshbuf_get_string(b, &sig, &slen)) != 0) {

(ret = sshbuf_..., &slen)) != 0	Description
TRUE	evaluated 531 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13656 times by 1 test Evaluated by: test_sshkey

531-13656

1911 ret = SSH_ERR_INVALID_FORMAT; -

1912

goto out;

executed 531 times by 1 test: goto out;

Executed by:

test_sshkey

531

1913 } -

1914 -

1915

if (key->cert->type != SSH2_CERT_TYPE_USER &&

key->cert->type != 1	Description
TRUE	evaluated 13652 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

4-13652

1916

key->cert->type != SSH2_CERT_TYPE_HOST) {

key->cert->type != 2	Description
TRUE	evaluated 144 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13508 times by 1 test Evaluated by: test_sshkey

144-13508

1917 ret = SSH_ERR_KEY_CERT_UNKNOWN_TYPE; -

1918

goto out;

executed 144 times by 1 test: goto out;

Executed by:

test_sshkey

144

1919 } -

1920 -

1921 /* Parse principals section */ -

1922

while (sshbuf_len(principals) > 0) {

sshbuf_len(principals) > 0	Description
TRUE	evaluated 26898 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13224 times by 1 test Evaluated by: test_sshkey

13224-26898

1923 char *principal = NULL; -

1924 char **oprincipals = NULL; -

1925 -

1926

if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) {

key->cert->nprincipals >= 256	Description
TRUE	never evaluated
FALSE	evaluated 26898 times by 1 test Evaluated by: test_sshkey

0-26898

1927 ret = SSH_ERR_INVALID_FORMAT; -

1928

goto out;

never executed: goto out;

1929 } -

1930

if ((ret = sshbuf_get_cstring(principals, &principal,

(ret = sshbuf_...d *)0) )) != 0	Description
TRUE	evaluated 288 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 26610 times by 1 test Evaluated by: test_sshkey

288-26610

1931

NULL)) != 0) {

(ret = sshbuf_...d *)0) )) != 0	Description
TRUE	evaluated 288 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 26610 times by 1 test Evaluated by: test_sshkey

288-26610

1932 ret = SSH_ERR_INVALID_FORMAT; -

1933

goto out;

executed 288 times by 1 test: goto out;

Executed by:

test_sshkey

288

1934 } -

1935 oprincipals = key->cert->principals; -

1936 key->cert->principals = recallocarray(key->cert->principals, -

1937 key->cert->nprincipals, key->cert->nprincipals + 1, -

1938 sizeof(*key->cert->principals)); -

1939

if (key->cert->principals == NULL) {

key->cert->pri...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26610 times by 1 test Evaluated by: test_sshkey

0-26610

1940 free(principal); -

1941 key->cert->principals = oprincipals; -

1942 ret = SSH_ERR_ALLOC_FAIL; -

1943

goto out;

never executed: goto out;

1944 } -

1945 key->cert->principals[key->cert->nprincipals++] = principal; -

1946

}

executed 26610 times by 1 test: end of block

Executed by:

test_sshkey

26610

1947 -

1948 /* -

1949 * Stash a copies of the critical options and extensions sections -

1950 * for later use. -

1951 */ -

1952

if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 ||

(ret = sshbuf_...l, crit)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 13224 times by 1 test Evaluated by: test_sshkey

0-13224

1953

(exts != NULL &&

exts != ((void *)0)	Description
TRUE	evaluated 13224 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-13224

1954

(ret = sshbuf_putb(key->cert->extensions, exts)) != 0))

(ret = sshbuf_...s, exts)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 13224 times by 1 test Evaluated by: test_sshkey

0-13224

1955

goto out;

never executed: goto out;

1956 -

1957 /* -

1958 * Validate critical options and extensions sections format. -

1959 */ -

1960

while (sshbuf_len(crit) != 0) {

sshbuf_len(crit) != 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13224 times by 1 test Evaluated by: test_sshkey

9-13224

1961

if ((ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0 ||

(ret = sshbuf_...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: test_sshkey

0-9

1962

(ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0) {

(ret = sshbuf_...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: test_sshkey

0-9

1963 sshbuf_reset(key->cert->critical); -

1964 ret = SSH_ERR_INVALID_FORMAT; -

1965

goto out;

never executed: goto out;

1966 } -

1967

}

executed 9 times by 1 test: end of block

Executed by:

test_sshkey

1968

while (exts != NULL && sshbuf_len(exts) != 0) {

exts != ((void *)0)	Description
TRUE	evaluated 13234 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

sshbuf_len(exts) != 0	Description
TRUE	evaluated 14 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13220 times by 1 test Evaluated by: test_sshkey

0-13234

1969

if ((ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0 ||

(ret = sshbuf_...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: test_sshkey

0-14

1970

(ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0) {

(ret = sshbuf_...d *)0) )) != 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 10 times by 1 test Evaluated by: test_sshkey

4-10

1971 sshbuf_reset(key->cert->extensions); -

1972 ret = SSH_ERR_INVALID_FORMAT; -

1973

goto out;

executed 4 times by 1 test: goto out;

Executed by:

test_sshkey

1974 } -

1975

}

executed 10 times by 1 test: end of block

Executed by:

test_sshkey

1976 -

1977 /* Parse CA key and check signature */ -

1978

if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) {

sshkey_from_bl...e_key, 0) != 0	Description
TRUE	evaluated 1458 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 11762 times by 1 test Evaluated by: test_sshkey

1458-11762

1979 ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; -

1980

goto out;

executed 1458 times by 1 test: goto out;

Executed by:

test_sshkey

1458

1981 } -

1982

if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) {

!sshkey_type_i...ure_key->type)	Description
TRUE	never evaluated
FALSE	evaluated 11762 times by 1 test Evaluated by: test_sshkey

0-11762

1983 ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; -

1984

goto out;

never executed: goto out;

1985 } -

1986

if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,

(ret = sshkey_...)0) , 0)) != 0	Description
TRUE	evaluated 11746 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 16 times by 1 test Evaluated by: test_sshkey

16-11746

1987

sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)

(ret = sshkey_...)0) , 0)) != 0	Description
TRUE	evaluated 11746 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 16 times by 1 test Evaluated by: test_sshkey

16-11746

1988

goto out;

executed 11746 times by 1 test: goto out;

Executed by:

test_sshkey

11746

1989

if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0)

(ret = get_sig...re_type)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: test_sshkey

0-16

1990

goto out;

never executed: goto out;

1991 -

1992 /* Success */ -

1993 ret = 0; -

1994

out:

code before this statement executed 16 times by 1 test: out:

Executed by:

test_sshkey

1995 sshbuf_free(ca); -

1996 sshbuf_free(crit); -

1997 sshbuf_free(exts); -

1998 sshbuf_free(principals); -

1999 free(sig); -

2000

return ret;

executed 15578 times by 1 test: return ret;

Executed by:

test_sshkey

15578

2001 } -

2002 -

2003 #ifdef WITH_OPENSSL -

2004 static int -

2005 check_rsa_length(const RSA *rsa) -

2006 { -

2007 const BIGNUM *rsa_n; -

2008 -

2009 RSA_get0_key(rsa, &rsa_n, NULL, NULL); -

2010

if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)

BN_num_bits(rsa_n) < 1024	Description
TRUE	evaluated 14 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 104542 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

14-104542

2011

return SSH_ERR_KEY_LENGTH;

executed 14 times by 1 test: return -56;

Executed by:

test_sshkey

2012

return 0;

executed 104542 times by 5 tests: return 0;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

104542

2013 } -

2014 #endif -

2015 -

2016 static int -

2017 sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, -

2018 int allow_cert) -

2019 { -

2020 int type, ret = SSH_ERR_INTERNAL_ERROR; -

2021 char *ktype = NULL, *curve = NULL, *xmss_name = NULL; -

2022 struct sshkey *key = NULL; -

2023 size_t len; -

2024 u_char *pk = NULL; -

2025 struct sshbuf *copy; -

2026 #if defined(WITH_OPENSSL) -

2027 BIGNUM *rsa_n = NULL, *rsa_e = NULL; -

2028 BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL; -

2029 # if defined(OPENSSL_HAS_ECC) -

2030 EC_POINT *q = NULL; -

2031 # endif /* OPENSSL_HAS_ECC */ -

2032 #endif /* WITH_OPENSSL */ -

2033 -

2034 #ifdef DEBUG_PK /* XXX */ -

2035 sshbuf_dump(b, stderr); -

2036 #endif -

2037

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 43059 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	never evaluated

0-43059

2038

*keyp = NULL;

executed 43059 times by 5 tests: *keyp = ((void *)0) ;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

43059

2039

if ((copy = sshbuf_fromb(b)) == NULL) {

(copy = sshbuf...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 43059 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-43059

2040 ret = SSH_ERR_ALLOC_FAIL; -

2041

goto out;

never executed: goto out;

2042 } -

2043

if (sshbuf_get_cstring(b, &ktype, NULL) != 0) {

sshbuf_get_cst...id *)0) ) != 0	Description
TRUE	evaluated 3129 times by 2 tests Evaluated by: test_hostkeys test_sshkey
FALSE	evaluated 39930 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

3129-39930

2044 ret = SSH_ERR_INVALID_FORMAT; -

2045

goto out;

executed 3129 times by 2 tests: goto out;

Executed by:

test_hostkeys
test_sshkey

3129

2046 } -

2047 -

2048 type = sshkey_type_from_name(ktype); -

2049

if (!allow_cert && sshkey_type_is_cert(type)) {

!allow_cert	Description
TRUE	evaluated 13084 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 26846 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

sshkey_type_is_cert(type)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13083 times by 1 test Evaluated by: test_sshkey

1-26846

2050 ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; -

2051

goto out;

executed 1 time by 1 test: goto out;

Executed by:

test_sshkey

2052 } -

2053 switch (type) { -

2054 #ifdef WITH_OPENSSL -

2055

case KEY_RSA_CERT:

executed 3908 times by 1 test: case KEY_RSA_CERT:

Executed by:

test_sshkey

3908

2056 /* Skip nonce */ -

2057

if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {

sshbuf_get_str...id *)0) ) != 0	Description
TRUE	evaluated 63 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 3845 times by 1 test Evaluated by: test_sshkey

63-3845

2058 ret = SSH_ERR_INVALID_FORMAT; -

2059

goto out;

executed 63 times by 1 test: goto out;

Executed by:

test_sshkey

2060 } -

2061 /* FALLTHROUGH */ -

2062

case KEY_RSA:

code before this statement executed 3845 times by 1 test: case KEY_RSA:

Executed by:

test_sshkey

executed 1600 times by 5 tests: case KEY_RSA:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

1600-3845

2063

if ((key = sshkey_new(type)) == NULL) {

(key = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5445 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-5445

2064 ret = SSH_ERR_ALLOC_FAIL; -

2065

goto out;

never executed: goto out;

2066 } -

2067

if ((rsa_e = BN_new()) == NULL ||

(rsa_e = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5445 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-5445

2068

(rsa_n = BN_new()) == NULL) {

(rsa_n = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5445 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-5445

2069 ret = SSH_ERR_ALLOC_FAIL; -

2070

goto out;

never executed: goto out;

2071 } -

2072

if (sshbuf_get_bignum2(b, rsa_e) != 0 ||

sshbuf_get_big...b, rsa_e) != 0	Description
TRUE	evaluated 82 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 5363 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

82-5363

2073

sshbuf_get_bignum2(b, rsa_n) != 0) {

sshbuf_get_big...b, rsa_n) != 0	Description
TRUE	evaluated 348 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 5015 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

348-5015

2074 ret = SSH_ERR_INVALID_FORMAT; -

2075

goto out;

executed 430 times by 1 test: goto out;

Executed by:

test_sshkey

430

2076 } -

2077

if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) {

!RSA_set0_key(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 5015 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-5015

2078 ret = SSH_ERR_LIBCRYPTO_ERROR; -

2079

goto out;

never executed: goto out;

2080 } -

2081 rsa_n = rsa_e = NULL; /* transferred */ -

2082

if ((ret = check_rsa_length(key->rsa)) != 0)

(ret = check_r...ey->rsa)) != 0	Description
TRUE	evaluated 10 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 5005 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

10-5005

2083

goto out;

executed 10 times by 1 test: goto out;

Executed by:

test_sshkey

2084 #ifdef DEBUG_PK -

2085 RSA_print_fp(stderr, key->rsa, 8); -

2086 #endif -

2087

break;

executed 5005 times by 5 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

5005

2088

case KEY_DSA_CERT:

executed 6744 times by 1 test: case KEY_DSA_CERT:

Executed by:

test_sshkey

6744

2089 /* Skip nonce */ -

2090

if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {

sshbuf_get_str...id *)0) ) != 0	Description
TRUE	evaluated 62 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 6682 times by 1 test Evaluated by: test_sshkey

62-6682

2091 ret = SSH_ERR_INVALID_FORMAT; -

2092

goto out;

executed 62 times by 1 test: goto out;

Executed by:

test_sshkey

2093 } -

2094 /* FALLTHROUGH */ -

2095

case KEY_DSA:

code before this statement executed 6682 times by 1 test: case KEY_DSA:

Executed by:

test_sshkey

executed 4451 times by 4 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

4451-6682

2096

if ((key = sshkey_new(type)) == NULL) {

(key = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11133 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-11133

2097 ret = SSH_ERR_ALLOC_FAIL; -

2098

goto out;

never executed: goto out;

2099 } -

2100

if ((dsa_p = BN_new()) == NULL ||

(dsa_p = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11133 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-11133

2101

(dsa_q = BN_new()) == NULL ||

(dsa_q = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11133 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-11133

2102

(dsa_g = BN_new()) == NULL ||

(dsa_g = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11133 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-11133

2103

(dsa_pub_key = BN_new()) == NULL) {

(dsa_pub_key =...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11133 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-11133

2104 ret = SSH_ERR_ALLOC_FAIL; -

2105

goto out;

never executed: goto out;

2106 } -

2107

if (sshbuf_get_bignum2(b, dsa_p) != 0 ||

sshbuf_get_big...b, dsa_p) != 0	Description
TRUE	evaluated 333 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 10800 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

333-10800

2108

sshbuf_get_bignum2(b, dsa_q) != 0 ||

sshbuf_get_big...b, dsa_q) != 0	Description
TRUE	evaluated 126 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 10674 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

126-10674

2109

sshbuf_get_bignum2(b, dsa_g) != 0 ||

sshbuf_get_big...b, dsa_g) != 0	Description
TRUE	evaluated 343 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 10331 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

343-10331

2110

sshbuf_get_bignum2(b, dsa_pub_key) != 0) {

sshbuf_get_big..._pub_key) != 0	Description
TRUE	evaluated 349 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 9982 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

349-9982

2111 ret = SSH_ERR_INVALID_FORMAT; -

2112

goto out;

executed 1151 times by 1 test: goto out;

Executed by:

test_sshkey

1151

2113 } -

2114

if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) {

!DSA_set0_pqg(... dsa_q, dsa_g)	Description
TRUE	never evaluated
FALSE	evaluated 9982 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-9982

2115 ret = SSH_ERR_LIBCRYPTO_ERROR; -

2116

goto out;

never executed: goto out;

2117 } -

2118 dsa_p = dsa_q = dsa_g = NULL; /* transferred */ -

2119

if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) {

!DSA_set0_key(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 9982 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-9982

2120 ret = SSH_ERR_LIBCRYPTO_ERROR; -

2121

goto out;

never executed: goto out;

2122 } -

2123 dsa_pub_key = NULL; /* transferred */ -

2124 #ifdef DEBUG_PK -

2125 DSA_print_fp(stderr, key->dsa, 8); -

2126 #endif -

2127

break;

executed 9982 times by 4 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

9982

2128

case KEY_ECDSA_CERT:

executed 4014 times by 1 test: case KEY_ECDSA_CERT:

Executed by:

test_sshkey

4014

2129 /* Skip nonce */ -

2130

if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {

sshbuf_get_str...id *)0) ) != 0	Description
TRUE	evaluated 63 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 3951 times by 1 test Evaluated by: test_sshkey

63-3951

2131 ret = SSH_ERR_INVALID_FORMAT; -

2132

goto out;

executed 63 times by 1 test: goto out;

Executed by:

test_sshkey

2133 } -

2134 /* FALLTHROUGH */ -

2135 # ifdef OPENSSL_HAS_ECC -

2136

case KEY_ECDSA:

code before this statement executed 3951 times by 1 test: case KEY_ECDSA:

Executed by:

test_sshkey

executed 3306 times by 4 tests: case KEY_ECDSA:

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

3306-3951

2137

if ((key = sshkey_new(type)) == NULL) {

(key = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7257 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-7257

2138 ret = SSH_ERR_ALLOC_FAIL; -

2139

goto out;

never executed: goto out;

2140 } -

2141 key->ecdsa_nid = sshkey_ecdsa_nid_from_name(ktype); -

2142

if (sshbuf_get_cstring(b, &curve, NULL) != 0) {

sshbuf_get_cst...id *)0) ) != 0	Description
TRUE	evaluated 137 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 7120 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

137-7120

2143 ret = SSH_ERR_INVALID_FORMAT; -

2144

goto out;

executed 137 times by 1 test: goto out;

Executed by:

test_sshkey

137

2145 } -

2146

if (key->ecdsa_nid != sshkey_curve_name_to_nid(curve)) {

key->ecdsa_nid..._to_nid(curve)	Description
TRUE	evaluated 219 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 6901 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

219-6901

2147 ret = SSH_ERR_EC_CURVE_MISMATCH; -

2148

goto out;

executed 219 times by 1 test: goto out;

Executed by:

test_sshkey

219

2149 } -

2150 EC_KEY_free(key->ecdsa); -

2151

if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid))

(key->ecdsa = ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6901 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-6901

2152

== NULL) {

(key->ecdsa = ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6901 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-6901

2153 ret = SSH_ERR_EC_CURVE_INVALID; -

2154

goto out;

never executed: goto out;

2155 } -

2156

if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL) {

(q = EC_POINT_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6901 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-6901

2157 ret = SSH_ERR_ALLOC_FAIL; -

2158

goto out;

never executed: goto out;

2159 } -

2160

if (sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa)) != 0) {

sshbuf_get_ec(...->ecdsa)) != 0	Description
TRUE	evaluated 2004 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 4897 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

2004-4897

2161 ret = SSH_ERR_INVALID_FORMAT; -

2162

goto out;

executed 2004 times by 1 test: goto out;

Executed by:

test_sshkey

2004

2163 } -

2164

if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa),

sshkey_ec_vali...cdsa), q) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4897 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-4897

2165

q) != 0) {

sshkey_ec_vali...cdsa), q) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4897 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-4897

2166 ret = SSH_ERR_KEY_INVALID_EC_VALUE; -

2167

goto out;

never executed: goto out;

2168 } -

2169

if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {

EC_KEY_set_pub...ecdsa, q) != 1	Description
TRUE	never evaluated
FALSE	evaluated 4897 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-4897

2170 /* XXX assume it is a allocation error */ -

2171 ret = SSH_ERR_ALLOC_FAIL; -

2172

goto out;

never executed: goto out;

2173 } -

2174 #ifdef DEBUG_PK -

2175 sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); -

2176 #endif -

2177

break;

executed 4897 times by 4 tests: break;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

4897

2178 # endif /* OPENSSL_HAS_ECC */ -

2179 #endif /* WITH_OPENSSL */ -

2180

case KEY_ED25519_CERT:

executed 2865 times by 1 test: case KEY_ED25519_CERT:

Executed by:

test_sshkey

2865

2181 /* Skip nonce */ -

2182

if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {

sshbuf_get_str...id *)0) ) != 0	Description
TRUE	evaluated 64 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 2801 times by 1 test Evaluated by: test_sshkey

64-2801

2183 ret = SSH_ERR_INVALID_FORMAT; -

2184

goto out;

executed 64 times by 1 test: goto out;

Executed by:

test_sshkey

2185 } -

2186 /* FALLTHROUGH */ -

2187

case KEY_ED25519:

code before this statement executed 2801 times by 1 test: case KEY_ED25519:

Executed by:

test_sshkey

executed 10895 times by 5 tests: case KEY_ED25519:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

2801-10895

2188

if ((ret = sshbuf_get_string(b, &pk, &len)) != 0)

(ret = sshbuf_...k, &len)) != 0	Description
TRUE	evaluated 248 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13448 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

248-13448

2189

goto out;

executed 248 times by 1 test: goto out;

Executed by:

test_sshkey

248

2190

if (len != ED25519_PK_SZ) {

len != 32U	Description
TRUE	evaluated 16 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 13432 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

16-13432

2191 ret = SSH_ERR_INVALID_FORMAT; -

2192

goto out;

executed 16 times by 1 test: goto out;

Executed by:

test_sshkey

2193 } -

2194

if ((key = sshkey_new(type)) == NULL) {

(key = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 13432 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-13432

2195 ret = SSH_ERR_ALLOC_FAIL; -

2196

goto out;

never executed: goto out;

2197 } -

2198 key->ed25519_pk = pk; -

2199 pk = NULL; -

2200

break;

executed 13432 times by 5 tests: break;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

13432

2201 #ifdef WITH_XMSS -

2202 case KEY_XMSS_CERT: -

2203 /* Skip nonce */ -

2204 if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { -

2205 ret = SSH_ERR_INVALID_FORMAT; -

2206 goto out; -

2207 } -

2208 /* FALLTHROUGH */ -

2209 case KEY_XMSS: -

2210 if ((ret = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0) -

2211 goto out; -

2212 if ((key = sshkey_new(type)) == NULL) { -

2213 ret = SSH_ERR_ALLOC_FAIL; -

2214 goto out; -

2215 } -

2216 if ((ret = sshkey_xmss_init(key, xmss_name)) != 0) -

2217 goto out; -

2218 if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) -

2219 goto out; -

2220 if (len == 0 || len != sshkey_xmss_pklen(key)) { -

2221 ret = SSH_ERR_INVALID_FORMAT; -

2222 goto out; -

2223 } -

2224 key->xmss_pk = pk; -

2225 pk = NULL; -

2226 if (type != KEY_XMSS_CERT && -

2227 (ret = sshkey_xmss_deserialize_pk_info(key, b)) != 0) -

2228 goto out; -

2229 break; -

2230 #endif /* WITH_XMSS */ -

2231

case KEY_UNSPEC:

executed 2146 times by 1 test: case KEY_UNSPEC:

Executed by:

test_sshkey

2146

2232

default:

never executed: default:

2233 ret = SSH_ERR_KEY_TYPE_UNKNOWN; -

2234

goto out;

executed 2146 times by 1 test: goto out;

Executed by:

test_sshkey

2146

2235 } -

2236 -

2237 /* Parse certificate potion */ -

2238

if (sshkey_is_cert(key) && (ret = cert_parse(b, key, copy)) != 0)

sshkey_is_cert(key)	Description
TRUE	evaluated 15578 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17738 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

(ret = cert_pa...y, copy)) != 0	Description
TRUE	evaluated 15562 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 16 times by 1 test Evaluated by: test_sshkey

16-17738

2239

goto out;

executed 15562 times by 1 test: goto out;

Executed by:

test_sshkey

15562

2240 -

2241

if (key != NULL && sshbuf_len(b) != 0) {

key != ((void *)0)	Description
TRUE	evaluated 17754 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	never evaluated

sshbuf_len(b) != 0	Description
TRUE	evaluated 11 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17743 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey

0-17754

2242 ret = SSH_ERR_INVALID_FORMAT; -

2243

goto out;

executed 11 times by 1 test: goto out;

Executed by:

test_sshkey

2244 } -

2245 ret = 0; -

2246

if (keyp != NULL) {

keyp != ((void *)0)	Description
TRUE	evaluated 17743 times by 5 tests Evaluated by: ssh-keygen sshd test_hostkeys test_kex test_sshkey
FALSE	never evaluated

0-17743

2247 *keyp = key; -

2248 key = NULL; -

2249

}

executed 17743 times by 5 tests: end of block

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

17743

2250

out:

code before this statement executed 17743 times by 5 tests: out:

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

17743

2251 sshbuf_free(copy); -

2252 sshkey_free(key); -

2253 free(xmss_name); -

2254 free(ktype); -

2255 free(curve); -

2256 free(pk); -

2257 #if defined(WITH_OPENSSL) -

2258 BN_clear_free(rsa_n); -

2259 BN_clear_free(rsa_e); -

2260 BN_clear_free(dsa_p); -

2261 BN_clear_free(dsa_q); -

2262 BN_clear_free(dsa_g); -

2263 BN_clear_free(dsa_pub_key); -

2264 # if defined(OPENSSL_HAS_ECC) -

2265 EC_POINT_free(q); -

2266 # endif /* OPENSSL_HAS_ECC */ -

2267 #endif /* WITH_OPENSSL */ -

2268

return ret;

executed 43059 times by 5 tests: return ret;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_kex
test_sshkey

43059

2269 } -

2270 -

2271 int -

2272 sshkey_from_blob(const u_char *blob, size_t blen, struct sshkey **keyp) -

2273 { -

2274 struct sshbuf *b; -

2275 int r; -

2276 -

2277

if ((b = sshbuf_from(blob, blen)) == NULL)

(b = sshbuf_fr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29160 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-29160

2278

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

2279 r = sshkey_from_blob_internal(b, keyp, 1); -

2280 sshbuf_free(b); -

2281

return r;

executed 29160 times by 3 tests: return r;

Executed by:

ssh-keygen
test_kex
test_sshkey

29160

2282 } -

2283 -

2284 int -

2285 sshkey_fromb(struct sshbuf *b, struct sshkey **keyp) -

2286 { -

2287

return sshkey_from_blob_internal(b, keyp, 1);

executed 679 times by 4 tests: return sshkey_from_blob_internal(b, keyp, 1);

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

679

2288 } -

2289 -

2290 int -

2291 sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) -

2292 { -

2293 struct sshbuf *b; -

2294 int r; -

2295 -

2296

if ((r = sshbuf_froms(buf, &b)) != 0)

(r = sshbuf_fr...buf, &b)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2297

return r;

never executed: return r;

2298 r = sshkey_from_blob_internal(b, keyp, 1); -

2299 sshbuf_free(b); -

2300

return r;

never executed: return r;

2301 } -

2302 -

2303 static int -

2304 get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) -

2305 { -

2306 int r; -

2307 struct sshbuf *b = NULL; -

2308 char *sigtype = NULL; -

2309 -

2310

if (sigtypep != NULL)

sigtypep != ((void *)0)	Description
TRUE	evaluated 17 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-17

2311

*sigtypep = NULL;

executed 17 times by 1 test: *sigtypep = ((void *)0) ;

Executed by:

test_sshkey

2312

if ((b = sshbuf_from(sig, siglen)) == NULL)

(b = sshbuf_fr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: test_sshkey

0-17

2313

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

2314

if ((r = sshbuf_get_cstring(b, &sigtype, NULL)) != 0)

(r = sshbuf_ge...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: test_sshkey

0-17

2315

goto out;

never executed: goto out;

2316 /* success */ -

2317

if (sigtypep != NULL) {

sigtypep != ((void *)0)	Description
TRUE	evaluated 17 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-17

2318 *sigtypep = sigtype; -

2319 sigtype = NULL; -

2320

}

executed 17 times by 1 test: end of block

Executed by:

test_sshkey

2321 r = 0; -

2322

out:

code before this statement executed 17 times by 1 test: out:

Executed by:

test_sshkey

2323 free(sigtype); -

2324 sshbuf_free(b); -

2325

return r;

executed 17 times by 1 test: return r;

Executed by:

test_sshkey

2326 } -

2327 -

2328 /* -

2329 * -

2330 * Checks whether a certificate's signature type is allowed. -

2331 * Returns 0 (success) if the certificate signature type appears in the -

2332 * "allowed" pattern-list, or the key is not a certificate to begin with. -

2333 * Otherwise returns a ssherr.h code. -

2334 */ -

2335 int -

2336 sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed) -

2337 { -

2338

if (key == NULL || allowed == NULL)

key == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

allowed == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2339

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2340

if (!sshkey_type_is_cert(key->type))

!sshkey_type_i...ert(key->type)	Description
TRUE	never evaluated
FALSE	never evaluated

2341

return 0;

never executed: return 0;

2342

if (key->cert == NULL || key->cert->signature_type == NULL)

key->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

key->cert->sig...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2343

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2344

if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1)

match_pattern_...lowed, 0) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

2345

return SSH_ERR_SIGN_ALG_UNSUPPORTED;

never executed: return -58;

2346

return 0;

never executed: return 0;

2347 } -

2348 -

2349 /* -

2350 * Returns the expected signature algorithm for a given public key algorithm. -

2351 */ -

2352 const char * -

2353 sshkey_sigalg_by_name(const char *name) -

2354 { -

2355 const struct keytype *kt; -

2356 -

2357

for (kt = keytypes; kt->type != -1; kt++) {

kt->type != -1	Description
TRUE	never evaluated
FALSE	never evaluated

2358

if (strcmp(kt->name, name) != 0)

never executed: __result = (((const unsigned char *) (const char *) ( kt->name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2359

continue;

never executed: continue;

2360

if (kt->sigalg != NULL)

kt->sigalg != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2361

return kt->sigalg;

never executed: return kt->sigalg;

2362

if (!kt->cert)

!kt->cert	Description
TRUE	never evaluated
FALSE	never evaluated

2363

return kt->name;

never executed: return kt->name;

2364

return sshkey_ssh_name_from_type_nid(

never executed: return sshkey_ssh_name_from_type_nid( sshkey_type_plain(kt->type), kt->nid);

2365

sshkey_type_plain(kt->type), kt->nid);

never executed: return sshkey_ssh_name_from_type_nid( sshkey_type_plain(kt->type), kt->nid);

2366 } -

2367

return NULL;

never executed: return ((void *)0) ;

2368 } -

2369 -

2370 /* -

2371 * Verifies that the signature algorithm appearing inside the signature blob -

2372 * matches that which was requested. -

2373 */ -

2374 int -

2375 sshkey_check_sigtype(const u_char *sig, size_t siglen, -

2376 const char *requested_alg) -

2377 { -

2378 const char *expected_alg; -

2379 char *sigtype = NULL; -

2380 int r; -

2381 -

2382

if (requested_alg == NULL)

requested_alg == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2383

return 0;

never executed: return 0;

2384

if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL)

(expected_alg ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2385

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2386

if ((r = get_sigtype(sig, siglen, &sigtype)) != 0)

(r = get_sigty...sigtype)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2387

return r;

never executed: return r;

2388

r = strcmp(expected_alg, sigtype) == 0;

never executed: __result = (((const unsigned char *) (const char *) ( expected_alg ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( sigtype ))[3] - __s2[3]);

never executed: end of block

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2389 free(sigtype); -

2390

return r ? 0 : SSH_ERR_SIGN_ALG_UNSUPPORTED;

never executed: return r ? 0 : -58;

r	Description
TRUE	never evaluated
FALSE	never evaluated

2391 } -

2392 -

2393 int -

2394 sshkey_sign(const struct sshkey *key, -

2395 u_char **sigp, size_t *lenp, -

2396 const u_char *data, size_t datalen, const char *alg, u_int compat) -

2397 { -

2398

if (sigp != NULL)

sigp != ((void *)0)	Description
TRUE	evaluated 310 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey
FALSE	never evaluated

0-310

2399

*sigp = NULL;

executed 310 times by 3 tests: *sigp = ((void *)0) ;

Executed by:

ssh-keygen
test_kex
test_sshkey

310

2400

if (lenp != NULL)

lenp != ((void *)0)	Description
TRUE	evaluated 310 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey
FALSE	never evaluated

0-310

2401

*lenp = 0;

executed 310 times by 3 tests: *lenp = 0;

Executed by:

ssh-keygen
test_kex
test_sshkey

310

2402

if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)

datalen > (1 << 20)	Description
TRUE	never evaluated
FALSE	evaluated 310 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-310

2403

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2404 switch (key->type) { -

2405 #ifdef WITH_OPENSSL -

2406

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

2407

case KEY_DSA:

executed 65 times by 3 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

2408

return ssh_dss_sign(key, sigp, lenp, data, datalen, compat);

executed 65 times by 3 tests: return ssh_dss_sign(key, sigp, lenp, data, datalen, compat);

Executed by:

ssh-keygen
test_kex
test_sshkey

2409 # ifdef OPENSSL_HAS_ECC -

2410

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

2411

case KEY_ECDSA:

executed 64 times by 2 tests: case KEY_ECDSA:

Executed by:

test_kex
test_sshkey

2412

return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat);

executed 64 times by 2 tests: return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat);

Executed by:

test_kex
test_sshkey

2413 # endif /* OPENSSL_HAS_ECC */ -

2414

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

2415

case KEY_RSA:

executed 116 times by 3 tests: case KEY_RSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

116

2416

return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg);

executed 116 times by 3 tests: return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg);

Executed by:

ssh-keygen
test_kex
test_sshkey

116

2417 #endif /* WITH_OPENSSL */ -

2418

case KEY_ED25519:

executed 65 times by 2 tests: case KEY_ED25519:

Executed by:

test_kex
test_sshkey

2419

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

2420

return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);

executed 65 times by 2 tests: return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);

Executed by:

test_kex
test_sshkey

2421 #ifdef WITH_XMSS -

2422 case KEY_XMSS: -

2423 case KEY_XMSS_CERT: -

2424 return ssh_xmss_sign(key, sigp, lenp, data, datalen, compat); -

2425 #endif /* WITH_XMSS */ -

2426

default:

never executed: default:

2427

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

2428 } -

2429 } -

2430 -

2431 /* -

2432 * ssh_key_verify returns 0 for a correct signature and < 0 on error. -

2433 * If "alg" specified, then the signature must use that algorithm. -

2434 */ -

2435 int -

2436 sshkey_verify(const struct sshkey *key, -

2437 const u_char *sig, size_t siglen, -

2438 const u_char *data, size_t dlen, const char *alg, u_int compat) -

2439 { -

2440

if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE)

siglen == 0	Description
TRUE	evaluated 6 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 103275 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

dlen > (1 << 20)	Description
TRUE	never evaluated
FALSE	evaluated 103275 times by 3 tests Evaluated by: ssh-keygen test_kex test_sshkey

0-103275

2441

return SSH_ERR_INVALID_ARGUMENT;

executed 6 times by 1 test: return -10;

Executed by:

test_sshkey

2442 switch (key->type) { -

2443 #ifdef WITH_OPENSSL -

2444

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

2445

case KEY_DSA:

executed 3684 times by 3 tests: case KEY_DSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

3684

2446

return ssh_dss_verify(key, sig, siglen, data, dlen, compat);

executed 3684 times by 3 tests: return ssh_dss_verify(key, sig, siglen, data, dlen, compat);

Executed by:

ssh-keygen
test_kex
test_sshkey

3684

2447 # ifdef OPENSSL_HAS_ECC -

2448

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

2449

case KEY_ECDSA:

executed 12662 times by 2 tests: case KEY_ECDSA:

Executed by:

test_kex
test_sshkey

12662

2450

return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat);

executed 12662 times by 2 tests: return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat);

Executed by:

test_kex
test_sshkey

12662

2451 # endif /* OPENSSL_HAS_ECC */ -

2452

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

2453

case KEY_RSA:

executed 68896 times by 3 tests: case KEY_RSA:

Executed by:

ssh-keygen
test_kex
test_sshkey

68896

2454

return ssh_rsa_verify(key, sig, siglen, data, dlen, alg);

executed 68896 times by 3 tests: return ssh_rsa_verify(key, sig, siglen, data, dlen, alg);

Executed by:

ssh-keygen
test_kex
test_sshkey

68896

2455 #endif /* WITH_OPENSSL */ -

2456

case KEY_ED25519:

executed 18033 times by 2 tests: case KEY_ED25519:

Executed by:

test_kex
test_sshkey

18033

2457

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

2458

return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);

executed 18033 times by 2 tests: return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);

Executed by:

test_kex
test_sshkey

18033

2459 #ifdef WITH_XMSS -

2460 case KEY_XMSS: -

2461 case KEY_XMSS_CERT: -

2462 return ssh_xmss_verify(key, sig, siglen, data, dlen, compat); -

2463 #endif /* WITH_XMSS */ -

2464

default:

never executed: default:

2465

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

2466 } -

2467 } -

2468 -

2469 /* Convert a plain key to their _CERT equivalent */ -

2470 int -

2471 sshkey_to_certified(struct sshkey *k) -

2472 { -

2473 int newtype; -

2474 -

2475 switch (k->type) { -

2476 #ifdef WITH_OPENSSL -

2477

case KEY_RSA:

never executed: case KEY_RSA:

2478 newtype = KEY_RSA_CERT; -

2479

break;

never executed: break;

2480

case KEY_DSA:

never executed: case KEY_DSA:

2481 newtype = KEY_DSA_CERT; -

2482

break;

never executed: break;

2483

case KEY_ECDSA:

never executed: case KEY_ECDSA:

2484 newtype = KEY_ECDSA_CERT; -

2485

break;

never executed: break;

2486 #endif /* WITH_OPENSSL */ -

2487

case KEY_ED25519:

executed 1 time by 1 test: case KEY_ED25519:

Executed by:

test_sshkey

2488 newtype = KEY_ED25519_CERT; -

2489

break;

executed 1 time by 1 test: break;

Executed by:

test_sshkey

2490 #ifdef WITH_XMSS -

2491 case KEY_XMSS: -

2492 newtype = KEY_XMSS_CERT; -

2493 break; -

2494 #endif /* WITH_XMSS */ -

2495

default:

never executed: default:

2496

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2497 } -

2498

if ((k->cert = cert_new()) == NULL)

(k->cert = cer...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2499

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

2500 k->type = newtype; -

2501

return 0;

executed 1 time by 1 test: return 0;

Executed by:

test_sshkey

2502 } -

2503 -

2504 /* Convert a certificate to its raw key equivalent */ -

2505 int -

2506 sshkey_drop_cert(struct sshkey *k) -

2507 { -

2508

if (!sshkey_type_is_cert(k->type))

!sshkey_type_is_cert(k->type)	Description
TRUE	never evaluated
FALSE	never evaluated

2509

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

2510 cert_free(k->cert); -

2511 k->cert = NULL; -

2512 k->type = sshkey_type_plain(k->type); -

2513

return 0;

never executed: return 0;

2514 } -

2515 -

2516 /* Sign a certified key, (re-)generating the signed certblob. */ -

2517 int -

2518 sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, -

2519 sshkey_certify_signer *signer, void *signer_ctx) -

2520 { -

2521 struct sshbuf *principals = NULL; -

2522 u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; -

2523 size_t i, ca_len, sig_len; -

2524 int ret = SSH_ERR_INTERNAL_ERROR; -

2525 struct sshbuf *cert = NULL; -

2526 char *sigtype = NULL; -

2527 #ifdef WITH_OPENSSL -

2528 const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; -

2529 #endif /* WITH_OPENSSL */ -

2530 -

2531

if (k == NULL || k->cert == NULL ||

k == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

k->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2532

k->cert->certblob == NULL || ca == NULL)

k->cert->certb...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

ca == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2533

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2534

if (!sshkey_is_cert(k))

!sshkey_is_cert(k)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2535

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

2536

if (!sshkey_type_is_valid_ca(ca->type))

!sshkey_type_i...d_ca(ca->type)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2537

return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;

never executed: return -19;

2538 -

2539 /* -

2540 * If no alg specified as argument but a signature_type was set, -

2541 * then prefer that. If both were specified, then they must match. -

2542 */ -

2543

if (alg == NULL)

alg == ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-1

2544

alg = k->cert->signature_type;

executed 1 time by 1 test: alg = k->cert->signature_type;

Executed by:

test_sshkey

2545

else if (k->cert->signature_type != NULL &&

k->cert->signa...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2546

strcmp(alg, k->cert->signature_type) != 0)

never executed: __result = (((const unsigned char *) (const char *) ( alg ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( k->cert->signature_type ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2547

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2548 -

2549

if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)

(ret = sshkey_...&ca_len)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2550

return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;

never executed: return -19;

2551 -

2552 cert = k->cert->certblob; /* for readability */ -

2553 sshbuf_reset(cert); -

2554

if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0)

(ret = sshbuf_...name(k))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2555

goto out;

never executed: goto out;

2556 -

2557 /* -v01 certs put nonce first */ -

2558 arc4random_buf(&nonce, sizeof(nonce)); -

2559

if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0)

(ret = sshbuf_...(nonce))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2560

goto out;

never executed: goto out;

2561 -

2562 /* XXX this substantially duplicates to_blob(); refactor */ -

2563 switch (k->type) { -

2564 #ifdef WITH_OPENSSL -

2565

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

2566 DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); -

2567 DSA_get0_key(k->dsa, &dsa_pub_key, NULL); -

2568

if ((ret = sshbuf_put_bignum2(cert, dsa_p)) != 0 ||

(ret = sshbuf_..., dsa_p)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2569

(ret = sshbuf_put_bignum2(cert, dsa_q)) != 0 ||

(ret = sshbuf_..., dsa_q)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2570

(ret = sshbuf_put_bignum2(cert, dsa_g)) != 0 ||

(ret = sshbuf_..., dsa_g)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2571

(ret = sshbuf_put_bignum2(cert, dsa_pub_key)) != 0)

(ret = sshbuf_...pub_key)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2572

goto out;

never executed: goto out;

2573

break;

never executed: break;

2574 # ifdef OPENSSL_HAS_ECC -

2575

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

2576

if ((ret = sshbuf_put_cstring(cert,

(ret = sshbuf_...sa_nid))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2577

sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 ||

(ret = sshbuf_...sa_nid))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2578

(ret = sshbuf_put_ec(cert,

(ret = sshbuf_...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2579

EC_KEY_get0_public_key(k->ecdsa),

(ret = sshbuf_...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2580

EC_KEY_get0_group(k->ecdsa))) != 0)

(ret = sshbuf_...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2581

goto out;

never executed: goto out;

2582

break;

never executed: break;

2583 # endif /* OPENSSL_HAS_ECC */ -

2584

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

2585 RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); -

2586

if ((ret = sshbuf_put_bignum2(cert, rsa_e)) != 0 ||

(ret = sshbuf_..., rsa_e)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2587

(ret = sshbuf_put_bignum2(cert, rsa_n)) != 0)

(ret = sshbuf_..., rsa_n)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2588

goto out;

never executed: goto out;

2589

break;

never executed: break;

2590 #endif /* WITH_OPENSSL */ -

2591

case KEY_ED25519_CERT:

executed 1 time by 1 test: case KEY_ED25519_CERT:

Executed by:

test_sshkey

2592

if ((ret = sshbuf_put_string(cert,

(ret = sshbuf_...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2593

k->ed25519_pk, ED25519_PK_SZ)) != 0)

(ret = sshbuf_...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2594

goto out;

never executed: goto out;

2595

break;

executed 1 time by 1 test: break;

Executed by:

test_sshkey

2596 #ifdef WITH_XMSS -

2597 case KEY_XMSS_CERT: -

2598 if (k->xmss_name == NULL) { -

2599 ret = SSH_ERR_INVALID_ARGUMENT; -

2600 goto out; -

2601 } -

2602 if ((ret = sshbuf_put_cstring(cert, k->xmss_name)) || -

2603 (ret = sshbuf_put_string(cert, -

2604 k->xmss_pk, sshkey_xmss_pklen(k))) != 0) -

2605 goto out; -

2606 break; -

2607 #endif /* WITH_XMSS */ -

2608

default:

never executed: default:

2609 ret = SSH_ERR_INVALID_ARGUMENT; -

2610

goto out;

never executed: goto out;

2611 } -

2612 -

2613

if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 ||

(ret = sshbuf_...>serial)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2614

(ret = sshbuf_put_u32(cert, k->cert->type)) != 0 ||

(ret = sshbuf_...t->type)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2615

(ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0)

(ret = sshbuf_...>key_id)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2616

goto out;

never executed: goto out;

2617 -

2618

if ((principals = sshbuf_new()) == NULL) {

(principals = ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2619 ret = SSH_ERR_ALLOC_FAIL; -

2620

goto out;

never executed: goto out;

2621 } -

2622

for (i = 0; i < k->cert->nprincipals; i++) {

i < k->cert->nprincipals	Description
TRUE	evaluated 4 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

1-4

2623

if ((ret = sshbuf_put_cstring(principals,

(ret = sshbuf_...pals[i])) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

0-4

2624

k->cert->principals[i])) != 0)

(ret = sshbuf_...pals[i])) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

0-4

2625

goto out;

never executed: goto out;

2626

}

executed 4 times by 1 test: end of block

Executed by:

test_sshkey

2627

if ((ret = sshbuf_put_stringb(cert, principals)) != 0 ||

(ret = sshbuf_...ncipals)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2628

(ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 ||

(ret = sshbuf_...d_after)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2629

(ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 ||

(ret = sshbuf_..._before)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2630

(ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 ||

(ret = sshbuf_...ritical)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2631

(ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 ||

(ret = sshbuf_...ensions)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2632

(ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */

(ret = sshbuf_...)0) , 0)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2633

(ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0)

(ret = sshbuf_... ca_len)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2634

goto out;

never executed: goto out;

2635 -

2636 /* Sign the whole mess */ -

2637

if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),

(ret = signer(...ner_ctx)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2638

sshbuf_len(cert), alg, 0, signer_ctx)) != 0)

(ret = signer(...ner_ctx)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2639

goto out;

never executed: goto out;

2640 /* Check and update signature_type against what was actually used */ -

2641

if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0)

(ret = get_sig...sigtype)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2642

goto out;

never executed: goto out;

2643

if (alg != NULL && strcmp(alg, sigtype) != 0) {

never executed: __result = (((const unsigned char *) (const char *) ( alg ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( sigtype ))[3] - __s2[3]);

never executed: end of block

alg != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-1

2644 ret = SSH_ERR_SIGN_ALG_UNSUPPORTED; -

2645

goto out;

never executed: goto out;

2646 } -

2647

if (k->cert->signature_type == NULL) {

k->cert->signa...== ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-1

2648 k->cert->signature_type = sigtype; -

2649 sigtype = NULL; -

2650

}

executed 1 time by 1 test: end of block

Executed by:

test_sshkey

2651 /* Append signature and we are done */ -

2652

if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)

(ret = sshbuf_...sig_len)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2653

goto out;

never executed: goto out;

2654 ret = 0; -

2655

out:

code before this statement executed 1 time by 1 test: out:

Executed by:

test_sshkey

2656

if (ret != 0)

ret != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2657

sshbuf_reset(cert);

never executed: sshbuf_reset(cert);

2658 free(sig_blob); -

2659 free(ca_blob); -

2660 free(sigtype); -

2661 sshbuf_free(principals); -

2662

return ret;

executed 1 time by 1 test: return ret;

Executed by:

test_sshkey

2663 } -

2664 -

2665 static int -

2666 default_key_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, -

2667 const u_char *data, size_t datalen, -

2668 const char *alg, u_int compat, void *ctx) -

2669 { -

2670

if (ctx != NULL)

ctx != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2671

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

2672

return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat);

executed 1 time by 1 test: return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat);

Executed by:

test_sshkey

2673 } -

2674 -

2675 int -

2676 sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) -

2677 { -

2678

return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL);

executed 1 time by 1 test: return sshkey_certify_custom(k, ca, alg, default_key_sign, ((void *)0) );

Executed by:

test_sshkey

2679 } -

2680 -

2681 int -

2682 sshkey_cert_check_authority(const struct sshkey *k, -

2683 int want_host, int require_principal, -

2684 const char *name, const char **reason) -

2685 { -

2686 u_int i, principal_matches; -

2687 time_t now = time(NULL); -

2688 -

2689

if (reason != NULL)

reason != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2690

*reason = NULL;

never executed: *reason = ((void *)0) ;

2691 -

2692

if (want_host) {

want_host	Description
TRUE	never evaluated
FALSE	never evaluated

2693

if (k->cert->type != SSH2_CERT_TYPE_HOST) {

k->cert->type != 2	Description
TRUE	never evaluated
FALSE	never evaluated

2694 *reason = "Certificate invalid: not a host certificate"; -

2695

return SSH_ERR_KEY_CERT_INVALID;

never executed: return -25;

2696 } -

2697

} else {

never executed: end of block

2698

if (k->cert->type != SSH2_CERT_TYPE_USER) {

k->cert->type != 1	Description
TRUE	never evaluated
FALSE	never evaluated

2699 *reason = "Certificate invalid: not a user certificate"; -

2700

return SSH_ERR_KEY_CERT_INVALID;

never executed: return -25;

2701 } -

2702

}

never executed: end of block

2703

if (now < 0) {

now < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2704 /* yikes - system clock before epoch! */ -

2705 *reason = "Certificate invalid: not yet valid"; -

2706

return SSH_ERR_KEY_CERT_INVALID;

never executed: return -25;

2707 } -

2708

if ((u_int64_t)now < k->cert->valid_after) {

(u_int64_t)now...t->valid_after	Description
TRUE	never evaluated
FALSE	never evaluated

2709 *reason = "Certificate invalid: not yet valid"; -

2710

return SSH_ERR_KEY_CERT_INVALID;

never executed: return -25;

2711 } -

2712

if ((u_int64_t)now >= k->cert->valid_before) {

(u_int64_t)now...->valid_before	Description
TRUE	never evaluated
FALSE	never evaluated

2713 *reason = "Certificate invalid: expired"; -

2714

return SSH_ERR_KEY_CERT_INVALID;

never executed: return -25;

2715 } -

2716

if (k->cert->nprincipals == 0) {

k->cert->nprincipals == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2717

if (require_principal) {

require_principal	Description
TRUE	never evaluated
FALSE	never evaluated

2718 *reason = "Certificate lacks principal list"; -

2719

return SSH_ERR_KEY_CERT_INVALID;

never executed: return -25;

2720 } -

2721

} else if (name != NULL) {

never executed: end of block

name != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2722 principal_matches = 0; -

2723

for (i = 0; i < k->cert->nprincipals; i++) {

i < k->cert->nprincipals	Description
TRUE	never evaluated
FALSE	never evaluated

2724

if (strcmp(name, k->cert->principals[i]) == 0) {

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( k->cert->principals[i] ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2725 principal_matches = 1; -

2726

break;

never executed: break;

2727 } -

2728

}

never executed: end of block

2729

if (!principal_matches) {

!principal_matches	Description
TRUE	never evaluated
FALSE	never evaluated

2730 *reason = "Certificate invalid: name is not a listed " -

2731 "principal"; -

2732

return SSH_ERR_KEY_CERT_INVALID;

never executed: return -25;

2733 } -

2734

}

never executed: end of block

2735

return 0;

never executed: return 0;

2736 } -

2737 -

2738 size_t -

2739 sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) -

2740 { -

2741 char from[32], to[32], ret[64]; -

2742 time_t tt; -

2743 struct tm *tm; -

2744 -

2745 *from = *to = '\0'; -

2746

if (cert->valid_after == 0 &&

cert->valid_after == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2747

cert->valid_before == 0xffffffffffffffffULL)

cert->valid_be...fffffffffffULL	Description
TRUE	never evaluated
FALSE	never evaluated

2748

return strlcpy(s, "forever", l);

never executed: return strlcpy(s, "forever", l);

2749 -

2750

if (cert->valid_after != 0) {

cert->valid_after != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2751 /* XXX revisit INT_MAX in 2038 :) */ -

2752

tt = cert->valid_after > INT_MAX ?

cert->valid_after > 0x7fffffff	Description
TRUE	never evaluated
FALSE	never evaluated

2753 INT_MAX : cert->valid_after; -

2754 tm = localtime(&tt); -

2755 strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); -

2756

}

never executed: end of block

2757

if (cert->valid_before != 0xffffffffffffffffULL) {

cert->valid_be...fffffffffffULL	Description
TRUE	never evaluated
FALSE	never evaluated

2758 /* XXX revisit INT_MAX in 2038 :) */ -

2759

tt = cert->valid_before > INT_MAX ?

cert->valid_be...e > 0x7fffffff	Description
TRUE	never evaluated
FALSE	never evaluated

2760 INT_MAX : cert->valid_before; -

2761 tm = localtime(&tt); -

2762 strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); -

2763

}

never executed: end of block

2764 -

2765

if (cert->valid_after == 0)

cert->valid_after == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2766

snprintf(ret, sizeof(ret), "before %s", to);

never executed: snprintf(ret, sizeof(ret), "before %s", to);

2767

else if (cert->valid_before == 0xffffffffffffffffULL)

cert->valid_be...fffffffffffULL	Description
TRUE	never evaluated
FALSE	never evaluated

2768

snprintf(ret, sizeof(ret), "after %s", from);

never executed: snprintf(ret, sizeof(ret), "after %s", from);

2769 else -

2770

snprintf(ret, sizeof(ret), "from %s to %s", from, to);

never executed: snprintf(ret, sizeof(ret), "from %s to %s", from, to);

2771 -

2772

return strlcpy(s, ret, l);

never executed: return strlcpy(s, ret, l);

2773 } -

2774 -

2775 int -

2776 sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, -

2777 enum sshkey_serialize_rep opts) -

2778 { -

2779 int r = SSH_ERR_INTERNAL_ERROR; -

2780 #ifdef WITH_OPENSSL -

2781 const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q; -

2782 const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key; -

2783 #endif /* WITH_OPENSSL */ -

2784 -

2785

if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0)

(r = sshbuf_pu...me(key))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 2 tests Evaluated by: ssh-keygen sshd

0-11

2786

goto out;

never executed: goto out;

2787 switch (key->type) { -

2788 #ifdef WITH_OPENSSL -

2789

case KEY_RSA:

executed 4 times by 2 tests: case KEY_RSA:

Executed by:

ssh-keygen
sshd

2790 RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d); -

2791 RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); -

2792 RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); -

2793

if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 ||

(r = sshbuf_pu..., rsa_n)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 2 tests Evaluated by: ssh-keygen sshd

0-4

2794

(r = sshbuf_put_bignum2(b, rsa_e)) != 0 ||

(r = sshbuf_pu..., rsa_e)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 2 tests Evaluated by: ssh-keygen sshd

0-4

2795

(r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||

(r = sshbuf_pu..., rsa_d)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 2 tests Evaluated by: ssh-keygen sshd

0-4

2796

(r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||

(r = sshbuf_pu...sa_iqmp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 2 tests Evaluated by: ssh-keygen sshd

0-4

2797

(r = sshbuf_put_bignum2(b, rsa_p)) != 0 ||

(r = sshbuf_pu..., rsa_p)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 2 tests Evaluated by: ssh-keygen sshd

0-4

2798

(r = sshbuf_put_bignum2(b, rsa_q)) != 0)

(r = sshbuf_pu..., rsa_q)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 2 tests Evaluated by: ssh-keygen sshd

0-4

2799

goto out;

never executed: goto out;

2800

break;

executed 4 times by 2 tests: break;

Executed by:

ssh-keygen
sshd

2801

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

2802

if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {

key->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

sshbuf_len(key...certblob) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2803 r = SSH_ERR_INVALID_ARGUMENT; -

2804

goto out;

never executed: goto out;

2805 } -

2806 RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); -

2807 RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); -

2808 RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); -

2809

if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||

(r = sshbuf_pu...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2810

(r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||

(r = sshbuf_pu..., rsa_d)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2811

(r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||

(r = sshbuf_pu...sa_iqmp)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2812

(r = sshbuf_put_bignum2(b, rsa_p)) != 0 ||

(r = sshbuf_pu..., rsa_p)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2813

(r = sshbuf_put_bignum2(b, rsa_q)) != 0)

(r = sshbuf_pu..., rsa_q)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2814

goto out;

never executed: goto out;

2815

break;

never executed: break;

2816

case KEY_DSA:

executed 1 time by 1 test: case KEY_DSA:

Executed by:

ssh-keygen

2817 DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); -

2818 DSA_get0_key(key->dsa, &dsa_pub_key, &dsa_priv_key); -

2819

if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 ||

(r = sshbuf_pu..., dsa_p)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2820

(r = sshbuf_put_bignum2(b, dsa_q)) != 0 ||

(r = sshbuf_pu..., dsa_q)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2821

(r = sshbuf_put_bignum2(b, dsa_g)) != 0 ||

(r = sshbuf_pu..., dsa_g)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2822

(r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0 ||

(r = sshbuf_pu...pub_key)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2823

(r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)

(r = sshbuf_pu...riv_key)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2824

goto out;

never executed: goto out;

2825

break;

executed 1 time by 1 test: break;

Executed by:

ssh-keygen

2826

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

2827

if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {

key->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

sshbuf_len(key...certblob) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2828 r = SSH_ERR_INVALID_ARGUMENT; -

2829

goto out;

never executed: goto out;

2830 } -

2831 DSA_get0_key(key->dsa, NULL, &dsa_priv_key); -

2832

if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||

(r = sshbuf_pu...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2833

(r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)

(r = sshbuf_pu...riv_key)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2834

goto out;

never executed: goto out;

2835

break;

never executed: break;

2836 # ifdef OPENSSL_HAS_ECC -

2837

case KEY_ECDSA:

executed 1 time by 1 test: case KEY_ECDSA:

Executed by:

ssh-keygen

2838

if ((r = sshbuf_put_cstring(b,

(r = sshbuf_pu...sa_nid))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2839

sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 ||

(r = sshbuf_pu...sa_nid))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2840

(r = sshbuf_put_eckey(b, key->ecdsa)) != 0 ||

(r = sshbuf_pu...->ecdsa)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2841

(r = sshbuf_put_bignum2(b,

(r = sshbuf_pu...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2842

EC_KEY_get0_private_key(key->ecdsa))) != 0)

(r = sshbuf_pu...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: ssh-keygen

0-1

2843

goto out;

never executed: goto out;

2844

break;

executed 1 time by 1 test: break;

Executed by:

ssh-keygen

2845

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

2846

if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {

key->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

sshbuf_len(key...certblob) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2847 r = SSH_ERR_INVALID_ARGUMENT; -

2848

goto out;

never executed: goto out;

2849 } -

2850

if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||

(r = sshbuf_pu...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2851

(r = sshbuf_put_bignum2(b,

(r = sshbuf_pu...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2852

EC_KEY_get0_private_key(key->ecdsa))) != 0)

(r = sshbuf_pu...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2853

goto out;

never executed: goto out;

2854

break;

never executed: break;

2855 # endif /* OPENSSL_HAS_ECC */ -

2856 #endif /* WITH_OPENSSL */ -

2857

case KEY_ED25519:

executed 5 times by 2 tests: case KEY_ED25519:

Executed by:

ssh-keygen
sshd

2858

if ((r = sshbuf_put_string(b, key->ed25519_pk,

(r = sshbuf_pu...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: ssh-keygen sshd

0-5

2859

ED25519_PK_SZ)) != 0 ||

(r = sshbuf_pu...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: ssh-keygen sshd

0-5

2860

(r = sshbuf_put_string(b, key->ed25519_sk,

(r = sshbuf_pu...sk, 64U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: ssh-keygen sshd

0-5

2861

ED25519_SK_SZ)) != 0)

(r = sshbuf_pu...sk, 64U)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: ssh-keygen sshd

0-5

2862

goto out;

never executed: goto out;

2863

break;

executed 5 times by 2 tests: break;

Executed by:

ssh-keygen
sshd

2864

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

2865

if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {

key->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

sshbuf_len(key...certblob) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2866 r = SSH_ERR_INVALID_ARGUMENT; -

2867

goto out;

never executed: goto out;

2868 } -

2869

if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||

(r = sshbuf_pu...ertblob)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2870

(r = sshbuf_put_string(b, key->ed25519_pk,

(r = sshbuf_pu...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2871

ED25519_PK_SZ)) != 0 ||

(r = sshbuf_pu...pk, 32U)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2872

(r = sshbuf_put_string(b, key->ed25519_sk,

(r = sshbuf_pu...sk, 64U)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2873

ED25519_SK_SZ)) != 0)

(r = sshbuf_pu...sk, 64U)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2874

goto out;

never executed: goto out;

2875

break;

never executed: break;

2876 #ifdef WITH_XMSS -

2877 case KEY_XMSS: -

2878 if (key->xmss_name == NULL) { -

2879 r = SSH_ERR_INVALID_ARGUMENT; -

2880 goto out; -

2881 } -

2882 if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || -

2883 (r = sshbuf_put_string(b, key->xmss_pk, -

2884 sshkey_xmss_pklen(key))) != 0 || -

2885 (r = sshbuf_put_string(b, key->xmss_sk, -

2886 sshkey_xmss_sklen(key))) != 0 || -

2887 (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) -

2888 goto out; -

2889 break; -

2890 case KEY_XMSS_CERT: -

2891 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0 || -

2892 key->xmss_name == NULL) { -

2893 r = SSH_ERR_INVALID_ARGUMENT; -

2894 goto out; -

2895 } -

2896 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -

2897 (r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || -

2898 (r = sshbuf_put_string(b, key->xmss_pk, -

2899 sshkey_xmss_pklen(key))) != 0 || -

2900 (r = sshbuf_put_string(b, key->xmss_sk, -

2901 sshkey_xmss_sklen(key))) != 0 || -

2902 (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) -

2903 goto out; -

2904 break; -

2905 #endif /* WITH_XMSS */ -

2906

default:

never executed: default:

2907 r = SSH_ERR_INVALID_ARGUMENT; -

2908

goto out;

never executed: goto out;

2909 } -

2910 /* success */ -

2911 r = 0; -

2912

out:

code before this statement executed 11 times by 2 tests: out:

Executed by:

ssh-keygen
sshd

2913

return r;

executed 11 times by 2 tests: return r;

Executed by:

ssh-keygen
sshd

2914 } -

2915 -

2916 int -

2917 sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) -

2918 { -

2919

return sshkey_private_serialize_opt(key, b,

executed 4 times by 1 test: return sshkey_private_serialize_opt(key, b, SSHKEY_SERIALIZE_DEFAULT);

Executed by:

sshd

2920

SSHKEY_SERIALIZE_DEFAULT);

executed 4 times by 1 test: return sshkey_private_serialize_opt(key, b, SSHKEY_SERIALIZE_DEFAULT);

Executed by:

sshd

2921 } -

2922 -

2923 int -

2924 sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) -

2925 { -

2926 char *tname = NULL, *curve = NULL, *xmss_name = NULL; -

2927 struct sshkey *k = NULL; -

2928 size_t pklen = 0, sklen = 0; -

2929 int type, r = SSH_ERR_INTERNAL_ERROR; -

2930 u_char *ed25519_pk = NULL, *ed25519_sk = NULL; -

2931 u_char *xmss_pk = NULL, *xmss_sk = NULL; -

2932 #ifdef WITH_OPENSSL -

2933 BIGNUM *exponent = NULL; -

2934 BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; -

2935 BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; -

2936 BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; -

2937 BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; -

2938 #endif /* WITH_OPENSSL */ -

2939 -

2940

if (kp != NULL)

kp != ((void *)0)	Description
TRUE	evaluated 16680 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	never evaluated

0-16680

2941

*kp = NULL;

executed 16680 times by 2 tests: *kp = ((void *)0) ;

Executed by:

sshd
test_sshkey

16680

2942

if ((r = sshbuf_get_cstring(buf, &tname, NULL)) != 0)

(r = sshbuf_ge...d *)0) )) != 0	Description
TRUE	evaluated 282 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 16398 times by 2 tests Evaluated by: sshd test_sshkey

282-16398

2943

goto out;

executed 282 times by 1 test: goto out;

Executed by:

test_sshkey

282

2944 type = sshkey_type_from_name(tname); -

2945 switch (type) { -

2946 #ifdef WITH_OPENSSL -

2947

case KEY_DSA:

executed 1 time by 1 test: case KEY_DSA:

Executed by:

test_sshkey

2948

if ((k = sshkey_new(type)) == NULL) {

(k = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2949 r = SSH_ERR_ALLOC_FAIL; -

2950

goto out;

never executed: goto out;

2951 } -

2952

if ((dsa_p = BN_new()) == NULL ||

(dsa_p = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2953

(dsa_q = BN_new()) == NULL ||

(dsa_q = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2954

(dsa_g = BN_new()) == NULL ||

(dsa_g = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2955

(dsa_pub_key = BN_new()) == NULL ||

(dsa_pub_key =...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2956

(dsa_priv_key = BN_new()) == NULL) {

(dsa_priv_key ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2957 r = SSH_ERR_ALLOC_FAIL; -

2958

goto out;

never executed: goto out;

2959 } -

2960

if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 ||

(r = sshbuf_ge..., dsa_p)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2961

(r = sshbuf_get_bignum2(buf, dsa_q)) != 0 ||

(r = sshbuf_ge..., dsa_q)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2962

(r = sshbuf_get_bignum2(buf, dsa_g)) != 0 ||

(r = sshbuf_ge..., dsa_g)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2963

(r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 ||

(r = sshbuf_ge...pub_key)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2964

(r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)

(r = sshbuf_ge...riv_key)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2965

goto out;

never executed: goto out;

2966

if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) {

!DSA_set0_pqg(... dsa_q, dsa_g)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2967 r = SSH_ERR_LIBCRYPTO_ERROR; -

2968

goto out;

never executed: goto out;

2969 } -

2970 dsa_p = dsa_q = dsa_g = NULL; /* transferred */ -

2971

if (!DSA_set0_key(k->dsa, dsa_pub_key, dsa_priv_key)) {

!DSA_set0_key(... dsa_priv_key)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2972 r = SSH_ERR_LIBCRYPTO_ERROR; -

2973

goto out;

never executed: goto out;

2974 } -

2975 dsa_pub_key = dsa_priv_key = NULL; /* transferred */ -

2976

break;

executed 1 time by 1 test: break;

Executed by:

test_sshkey

2977

case KEY_DSA_CERT:

never executed: case KEY_DSA_CERT:

2978

if ((dsa_priv_key = BN_new()) == NULL) {

(dsa_priv_key ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2979 r = SSH_ERR_ALLOC_FAIL; -

2980

goto out;

never executed: goto out;

2981 } -

2982

if ((r = sshkey_froms(buf, &k)) != 0 ||

(r = sshkey_fr...buf, &k)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2983

(r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)

(r = sshbuf_ge...riv_key)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

2984

goto out;

never executed: goto out;

2985

if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {

!DSA_set0_key(... dsa_priv_key)	Description
TRUE	never evaluated
FALSE	never evaluated

2986 r = SSH_ERR_LIBCRYPTO_ERROR; -

2987

goto out;

never executed: goto out;

2988 } -

2989 dsa_priv_key = NULL; /* transferred */ -

2990

break;

never executed: break;

2991 # ifdef OPENSSL_HAS_ECC -

2992

case KEY_ECDSA:

executed 1 time by 1 test: case KEY_ECDSA:

Executed by:

test_sshkey

2993

if ((k = sshkey_new(type)) == NULL) {

(k = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2994 r = SSH_ERR_ALLOC_FAIL; -

2995

goto out;

never executed: goto out;

2996 } -

2997

if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) {

(k->ecdsa_nid ...(tname)) == -1	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

2998 r = SSH_ERR_INVALID_ARGUMENT; -

2999

goto out;

never executed: goto out;

3000 } -

3001

if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0)

(r = sshbuf_ge...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3002

goto out;

never executed: goto out;

3003

if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) {

k->ecdsa_nid !..._to_nid(curve)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3004 r = SSH_ERR_EC_CURVE_MISMATCH; -

3005

goto out;

never executed: goto out;

3006 } -

3007 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); -

3008

if (k->ecdsa == NULL || (exponent = BN_new()) == NULL) {

k->ecdsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

(exponent = BN...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3009 r = SSH_ERR_LIBCRYPTO_ERROR; -

3010

goto out;

never executed: goto out;

3011 } -

3012

if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 ||

(r = sshbuf_ge...->ecdsa)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3013

(r = sshbuf_get_bignum2(buf, exponent)))

(r = sshbuf_ge...uf, exponent))	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3014

goto out;

never executed: goto out;

3015

if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {

EC_KEY_set_pri...exponent) != 1	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3016 r = SSH_ERR_LIBCRYPTO_ERROR; -

3017

goto out;

never executed: goto out;

3018 } -

3019

if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa),

(r = sshkey_ec...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3020

EC_KEY_get0_public_key(k->ecdsa))) != 0 ||

(r = sshkey_ec...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3021

(r = sshkey_ec_validate_private(k->ecdsa)) != 0)

(r = sshkey_ec...->ecdsa)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: test_sshkey

0-1

3022

goto out;

never executed: goto out;

3023

break;

executed 1 time by 1 test: break;

Executed by:

test_sshkey

3024

case KEY_ECDSA_CERT:

never executed: case KEY_ECDSA_CERT:

3025

if ((exponent = BN_new()) == NULL) {

(exponent = BN...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3026 r = SSH_ERR_LIBCRYPTO_ERROR; -

3027

goto out;

never executed: goto out;

3028 } -

3029

if ((r = sshkey_froms(buf, &k)) != 0 ||

(r = sshkey_fr...buf, &k)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3030

(r = sshbuf_get_bignum2(buf, exponent)) != 0)

(r = sshbuf_ge...xponent)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3031

goto out;

never executed: goto out;

3032

if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {

EC_KEY_set_pri...exponent) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

3033 r = SSH_ERR_LIBCRYPTO_ERROR; -

3034

goto out;

never executed: goto out;

3035 } -

3036

if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa),

(r = sshkey_ec...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3037

EC_KEY_get0_public_key(k->ecdsa))) != 0 ||

(r = sshkey_ec...>ecdsa))) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3038

(r = sshkey_ec_validate_private(k->ecdsa)) != 0)

(r = sshkey_ec...->ecdsa)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3039

goto out;

never executed: goto out;

3040

break;

never executed: break;

3041 # endif /* OPENSSL_HAS_ECC */ -

3042

case KEY_RSA:

executed 3 times by 2 tests: case KEY_RSA:

Executed by:

sshd
test_sshkey

3043

if ((k = sshkey_new(type)) == NULL) {

(k = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3044 r = SSH_ERR_ALLOC_FAIL; -

3045

goto out;

never executed: goto out;

3046 } -

3047

if ((rsa_n = BN_new()) == NULL ||

(rsa_n = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3048

(rsa_e = BN_new()) == NULL ||

(rsa_e = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3049

(rsa_d = BN_new()) == NULL ||

(rsa_d = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3050

(rsa_iqmp = BN_new()) == NULL ||

(rsa_iqmp = BN...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3051

(rsa_p = BN_new()) == NULL ||

(rsa_p = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3052

(rsa_q = BN_new()) == NULL) {

(rsa_q = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3053 r = SSH_ERR_ALLOC_FAIL; -

3054

goto out;

never executed: goto out;

3055 } -

3056

if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 ||

(r = sshbuf_ge..., rsa_n)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3057

(r = sshbuf_get_bignum2(buf, rsa_e)) != 0 ||

(r = sshbuf_ge..., rsa_e)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3058

(r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||

(r = sshbuf_ge..., rsa_d)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3059

(r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||

(r = sshbuf_ge...sa_iqmp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3060

(r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||

(r = sshbuf_ge..., rsa_p)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3061

(r = sshbuf_get_bignum2(buf, rsa_q)) != 0)

(r = sshbuf_ge..., rsa_q)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3062

goto out;

never executed: goto out;

3063

if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) {

!RSA_set0_key(... rsa_e, rsa_d)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3064 r = SSH_ERR_LIBCRYPTO_ERROR; -

3065

goto out;

never executed: goto out;

3066 } -

3067 rsa_n = rsa_e = rsa_d = NULL; /* transferred */ -

3068

if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) {

!RSA_set0_fact... rsa_p, rsa_q)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3069 r = SSH_ERR_LIBCRYPTO_ERROR; -

3070

goto out;

never executed: goto out;

3071 } -

3072 rsa_p = rsa_q = NULL; /* transferred */ -

3073

if ((r = check_rsa_length(k->rsa)) != 0)

(r = check_rsa...(k->rsa)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3074

goto out;

never executed: goto out;

3075

if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)

(r = ssh_rsa_c...sa_iqmp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3076

goto out;

never executed: goto out;

3077

break;

executed 3 times by 2 tests: break;

Executed by:

sshd
test_sshkey

3078

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

3079

if ((rsa_d = BN_new()) == NULL ||

(rsa_d = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3080

(rsa_iqmp = BN_new()) == NULL ||

(rsa_iqmp = BN...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3081

(rsa_p = BN_new()) == NULL ||

(rsa_p = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3082

(rsa_q = BN_new()) == NULL) {

(rsa_q = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3083 r = SSH_ERR_ALLOC_FAIL; -

3084

goto out;

never executed: goto out;

3085 } -

3086

if ((r = sshkey_froms(buf, &k)) != 0 ||

(r = sshkey_fr...buf, &k)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3087

(r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||

(r = sshbuf_ge..., rsa_d)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3088

(r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||

(r = sshbuf_ge...sa_iqmp)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3089

(r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||

(r = sshbuf_ge..., rsa_p)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3090

(r = sshbuf_get_bignum2(buf, rsa_q)) != 0)

(r = sshbuf_ge..., rsa_q)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3091

goto out;

never executed: goto out;

3092

if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) {

!RSA_set0_key(... *)0) , rsa_d)	Description
TRUE	never evaluated
FALSE	never evaluated

3093 r = SSH_ERR_LIBCRYPTO_ERROR; -

3094

goto out;

never executed: goto out;

3095 } -

3096 rsa_d = NULL; /* transferred */ -

3097

if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) {

!RSA_set0_fact... rsa_p, rsa_q)	Description
TRUE	never evaluated
FALSE	never evaluated

3098 r = SSH_ERR_LIBCRYPTO_ERROR; -

3099

goto out;

never executed: goto out;

3100 } -

3101 rsa_p = rsa_q = NULL; /* transferred */ -

3102

if ((r = check_rsa_length(k->rsa)) != 0)

(r = check_rsa...(k->rsa)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3103

goto out;

never executed: goto out;

3104

if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)

(r = ssh_rsa_c...sa_iqmp)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3105

goto out;

never executed: goto out;

3106

break;

never executed: break;

3107 #endif /* WITH_OPENSSL */ -

3108

case KEY_ED25519:

executed 15416 times by 2 tests: case KEY_ED25519:

Executed by:

sshd
test_sshkey

15416

3109

if ((k = sshkey_new(type)) == NULL) {

(k = sshkey_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 15416 times by 2 tests Evaluated by: sshd test_sshkey

0-15416

3110 r = SSH_ERR_ALLOC_FAIL; -

3111

goto out;

never executed: goto out;

3112 } -

3113

if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 ||

(r = sshbuf_ge... &pklen)) != 0	Description
TRUE	evaluated 261 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 15155 times by 2 tests Evaluated by: sshd test_sshkey

261-15155

3114

(r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0)

(r = sshbuf_ge... &sklen)) != 0	Description
TRUE	evaluated 374 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14781 times by 2 tests Evaluated by: sshd test_sshkey

374-14781

3115

goto out;

executed 635 times by 1 test: goto out;

Executed by:

test_sshkey

635

3116

if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) {

pklen != 32U	Description
TRUE	never evaluated
FALSE	evaluated 14781 times by 2 tests Evaluated by: sshd test_sshkey

sklen != 64U	Description
TRUE	evaluated 65 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14716 times by 2 tests Evaluated by: sshd test_sshkey

0-14781

3117 r = SSH_ERR_INVALID_FORMAT; -

3118

goto out;

executed 65 times by 1 test: goto out;

Executed by:

test_sshkey

3119 } -

3120 k->ed25519_pk = ed25519_pk; -

3121 k->ed25519_sk = ed25519_sk; -

3122 ed25519_pk = ed25519_sk = NULL; -

3123

break;

executed 14716 times by 2 tests: break;

Executed by:

sshd
test_sshkey

14716

3124

case KEY_ED25519_CERT:

never executed: case KEY_ED25519_CERT:

3125

if ((r = sshkey_froms(buf, &k)) != 0 ||

(r = sshkey_fr...buf, &k)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3126

(r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 ||

(r = sshbuf_ge... &pklen)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3127

(r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0)

(r = sshbuf_ge... &sklen)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3128

goto out;

never executed: goto out;

3129

if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) {

pklen != 32U	Description
TRUE	never evaluated
FALSE	never evaluated

sklen != 64U	Description
TRUE	never evaluated
FALSE	never evaluated

3130 r = SSH_ERR_INVALID_FORMAT; -

3131

goto out;

never executed: goto out;

3132 } -

3133 k->ed25519_pk = ed25519_pk; -

3134 k->ed25519_sk = ed25519_sk; -

3135 ed25519_pk = ed25519_sk = NULL; -

3136

break;

never executed: break;

3137 #ifdef WITH_XMSS -

3138 case KEY_XMSS: -

3139 if ((k = sshkey_new(type)) == NULL) { -

3140 r = SSH_ERR_ALLOC_FAIL; -

3141 goto out; -

3142 } -

3143 if ((r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || -

3144 (r = sshkey_xmss_init(k, xmss_name)) != 0 || -

3145 (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || -

3146 (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) -

3147 goto out; -

3148 if (pklen != sshkey_xmss_pklen(k) || -

3149 sklen != sshkey_xmss_sklen(k)) { -

3150 r = SSH_ERR_INVALID_FORMAT; -

3151 goto out; -

3152 } -

3153 k->xmss_pk = xmss_pk; -

3154 k->xmss_sk = xmss_sk; -

3155 xmss_pk = xmss_sk = NULL; -

3156 /* optional internal state */ -

3157 if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) -

3158 goto out; -

3159 break; -

3160 case KEY_XMSS_CERT: -

3161 if ((r = sshkey_froms(buf, &k)) != 0 || -

3162 (r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || -

3163 (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || -

3164 (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) -

3165 goto out; -

3166 if (strcmp(xmss_name, k->xmss_name)) { -

3167 r = SSH_ERR_INVALID_FORMAT; -

3168 goto out; -

3169 } -

3170 if (pklen != sshkey_xmss_pklen(k) || -

3171 sklen != sshkey_xmss_sklen(k)) { -

3172 r = SSH_ERR_INVALID_FORMAT; -

3173 goto out; -

3174 } -

3175 k->xmss_pk = xmss_pk; -

3176 k->xmss_sk = xmss_sk; -

3177 xmss_pk = xmss_sk = NULL; -

3178 /* optional internal state */ -

3179 if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) -

3180 goto out; -

3181 break; -

3182 #endif /* WITH_XMSS */ -

3183

default:

executed 977 times by 1 test: default:

Executed by:

test_sshkey

977

3184 r = SSH_ERR_KEY_TYPE_UNKNOWN; -

3185

goto out;

executed 977 times by 1 test: goto out;

Executed by:

test_sshkey

977

3186 } -

3187 #ifdef WITH_OPENSSL -

3188 /* enable blinding */ -

3189 switch (k->type) { -

3190

case KEY_RSA:

executed 3 times by 2 tests: case KEY_RSA:

Executed by:

sshd
test_sshkey

3191

case KEY_RSA_CERT:

never executed: case KEY_RSA_CERT:

3192

if (RSA_blinding_on(k->rsa, NULL) != 1) {

RSA_blinding_o...id *)0) ) != 1	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 2 tests Evaluated by: sshd test_sshkey

0-3

3193 r = SSH_ERR_LIBCRYPTO_ERROR; -

3194

goto out;

never executed: goto out;

3195 } -

3196

break;

executed 3 times by 2 tests: break;

Executed by:

sshd
test_sshkey

3197 } -

3198 #endif /* WITH_OPENSSL */ -

3199 /* success */ -

3200 r = 0; -

3201

if (kp != NULL) {

kp != ((void *)0)	Description
TRUE	evaluated 14721 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	never evaluated

0-14721

3202 *kp = k; -

3203 k = NULL; -

3204

}

executed 14721 times by 2 tests: end of block

Executed by:

sshd
test_sshkey

14721

3205

out:

code before this statement executed 14721 times by 2 tests: out:

Executed by:

sshd
test_sshkey

14721

3206 free(tname); -

3207 free(curve); -

3208 #ifdef WITH_OPENSSL -

3209 BN_clear_free(exponent); -

3210 BN_clear_free(dsa_p); -

3211 BN_clear_free(dsa_q); -

3212 BN_clear_free(dsa_g); -

3213 BN_clear_free(dsa_pub_key); -

3214 BN_clear_free(dsa_priv_key); -

3215 BN_clear_free(rsa_n); -

3216 BN_clear_free(rsa_e); -

3217 BN_clear_free(rsa_d); -

3218 BN_clear_free(rsa_p); -

3219 BN_clear_free(rsa_q); -

3220 BN_clear_free(rsa_iqmp); -

3221 #endif /* WITH_OPENSSL */ -

3222 sshkey_free(k); -

3223 freezero(ed25519_pk, pklen); -

3224 freezero(ed25519_sk, sklen); -

3225 free(xmss_name); -

3226 freezero(xmss_pk, pklen); -

3227 freezero(xmss_sk, sklen); -

3228

return r;

executed 16680 times by 2 tests: return r;

Executed by:

sshd
test_sshkey

16680

3229 } -

3230 -

3231 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) -

3232 int -

3233 sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) -

3234 { -

3235 BN_CTX *bnctx; -

3236 EC_POINT *nq = NULL; -

3237 BIGNUM *order, *x, *y, *tmp; -

3238 int ret = SSH_ERR_KEY_INVALID_EC_VALUE; -

3239 -

3240 /* -

3241 * NB. This assumes OpenSSL has already verified that the public -

3242 * point lies on the curve. This is done by EC_POINT_oct2point() -

3243 * implicitly calling EC_POINT_is_on_curve(). If this code is ever -

3244 * reachable with public points not unmarshalled using -

3245 * EC_POINT_oct2point then the caller will need to explicitly check. -

3246 */ -

3247 -

3248

if ((bnctx = BN_CTX_new()) == NULL)

(bnctx = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3249

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

3250 BN_CTX_start(bnctx); -

3251 -

3252 /* -

3253 * We shouldn't ever hit this case because bignum_get_ecpoint() -

3254 * refuses to load GF2m points. -

3255 */ -

3256

if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=

EC_METHOD_get_...group)) != 406	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3257

NID_X9_62_prime_field)

EC_METHOD_get_...group)) != 406	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3258

goto out;

never executed: goto out;

3259 -

3260 /* Q != infinity */ -

3261

if (EC_POINT_is_at_infinity(group, public))

EC_POINT_is_at...group, public)	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3262

goto out;

never executed: goto out;

3263 -

3264

if ((x = BN_CTX_get(bnctx)) == NULL ||

(x = BN_CTX_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3265

(y = BN_CTX_get(bnctx)) == NULL ||

(y = BN_CTX_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3266

(order = BN_CTX_get(bnctx)) == NULL ||

(order = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3267

(tmp = BN_CTX_get(bnctx)) == NULL) {

(tmp = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3268 ret = SSH_ERR_ALLOC_FAIL; -

3269

goto out;

never executed: goto out;

3270 } -

3271 -

3272 /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ -

3273

if (EC_GROUP_get_order(group, order, bnctx) != 1 ||

EC_GROUP_get_o...r, bnctx) != 1	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3274

EC_POINT_get_affine_coordinates_GFp(group, public,

EC_POINT_get_a...y, bnctx) != 1	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3275

x, y, bnctx) != 1) {

EC_POINT_get_a...y, bnctx) != 1	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3276 ret = SSH_ERR_LIBCRYPTO_ERROR; -

3277

goto out;

never executed: goto out;

3278 } -

3279

if (BN_num_bits(x) <= BN_num_bits(order) / 2 ||

BN_num_bits(x)...its(order) / 2	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3280

BN_num_bits(y) <= BN_num_bits(order) / 2)

BN_num_bits(y)...its(order) / 2	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3281

goto out;

never executed: goto out;

3282 -

3283 /* nQ == infinity (n == order of subgroup) */ -

3284

if ((nq = EC_POINT_new(group)) == NULL) {

(nq = EC_POINT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3285 ret = SSH_ERR_ALLOC_FAIL; -

3286

goto out;

never executed: goto out;

3287 } -

3288

if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) {

EC_POINT_mul(g...r, bnctx) != 1	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3289 ret = SSH_ERR_LIBCRYPTO_ERROR; -

3290

goto out;

never executed: goto out;

3291 } -

3292

if (EC_POINT_is_at_infinity(group, nq) != 1)

EC_POINT_is_at...roup, nq) != 1	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3293

goto out;

never executed: goto out;

3294 -

3295 /* x < order - 1, y < order - 1 */ -

3296

if (!BN_sub(tmp, order, BN_value_one())) {

!BN_sub(tmp, o...N_value_one())	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3297 ret = SSH_ERR_LIBCRYPTO_ERROR; -

3298

goto out;

never executed: goto out;

3299 } -

3300

if (BN_cmp(x, tmp) >= 0 || BN_cmp(y, tmp) >= 0)

BN_cmp(x, tmp) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

BN_cmp(y, tmp) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 10956 times by 4 tests Evaluated by: ssh-keygen test_hostkeys test_kex test_sshkey

0-10956

3301

goto out;

never executed: goto out;

3302 ret = 0; -

3303

out:

code before this statement executed 10956 times by 4 tests: out:

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

10956

3304 BN_CTX_free(bnctx); -

3305 EC_POINT_free(nq); -

3306

return ret;

executed 10956 times by 4 tests: return ret;

Executed by:

ssh-keygen
test_hostkeys
test_kex
test_sshkey

10956

3307 } -

3308 -

3309 int -

3310 sshkey_ec_validate_private(const EC_KEY *key) -

3311 { -

3312 BN_CTX *bnctx; -

3313 BIGNUM *order, *tmp; -

3314 int ret = SSH_ERR_KEY_INVALID_EC_VALUE; -

3315 -

3316

if ((bnctx = BN_CTX_new()) == NULL)

(bnctx = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3317

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

3318 BN_CTX_start(bnctx); -

3319 -

3320

if ((order = BN_CTX_get(bnctx)) == NULL ||

(order = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3321

(tmp = BN_CTX_get(bnctx)) == NULL) {

(tmp = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3322 ret = SSH_ERR_ALLOC_FAIL; -

3323

goto out;

never executed: goto out;

3324 } -

3325 -

3326 /* log2(private) > log2(order)/2 */ -

3327

if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) {

EC_GROUP_get_o...r, bnctx) != 1	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3328 ret = SSH_ERR_LIBCRYPTO_ERROR; -

3329

goto out;

never executed: goto out;

3330 } -

3331

if (BN_num_bits(EC_KEY_get0_private_key(key)) <=

BN_num_bits(EC...its(order) / 2	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3332

BN_num_bits(order) / 2)

BN_num_bits(EC...its(order) / 2	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3333

goto out;

never executed: goto out;

3334 -

3335 /* private < order - 1 */ -

3336

if (!BN_sub(tmp, order, BN_value_one())) {

!BN_sub(tmp, o...N_value_one())	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3337 ret = SSH_ERR_LIBCRYPTO_ERROR; -

3338

goto out;

never executed: goto out;

3339 } -

3340

if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0)

BN_cmp(EC_KEY_...ey), tmp) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 5939 times by 1 test Evaluated by: test_sshkey

0-5939

3341

goto out;

never executed: goto out;

3342 ret = 0; -

3343

out:

code before this statement executed 5939 times by 1 test: out:

Executed by:

test_sshkey

5939

3344 BN_CTX_free(bnctx); -

3345

return ret;

executed 5939 times by 1 test: return ret;

Executed by:

test_sshkey

5939

3346 } -

3347 -

3348 void -

3349 sshkey_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) -

3350 { -

3351 BIGNUM *x, *y; -

3352 BN_CTX *bnctx; -

3353 -

3354

if (point == NULL) {

point == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3355 fputs("point=(NULL)\n", stderr); -

3356

return;

never executed: return;

3357 } -

3358

if ((bnctx = BN_CTX_new()) == NULL) {

(bnctx = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3359 fprintf(stderr, "%s: BN_CTX_new failed\n", __func__); -

3360

return;

never executed: return;

3361 } -

3362 BN_CTX_start(bnctx); -

3363

if ((x = BN_CTX_get(bnctx)) == NULL ||

(x = BN_CTX_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3364

(y = BN_CTX_get(bnctx)) == NULL) {

(y = BN_CTX_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3365 fprintf(stderr, "%s: BN_CTX_get failed\n", __func__); -

3366

return;

never executed: return;

3367 } -

3368

if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=

EC_METHOD_get_...group)) != 406	Description
TRUE	never evaluated
FALSE	never evaluated

3369

NID_X9_62_prime_field) {

EC_METHOD_get_...group)) != 406	Description
TRUE	never evaluated
FALSE	never evaluated

3370 fprintf(stderr, "%s: group is not a prime field\n", __func__); -

3371

return;

never executed: return;

3372 } -

3373

if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y,

EC_POINT_get_a...y, bnctx) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

3374

bnctx) != 1) {

EC_POINT_get_a...y, bnctx) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

3375 fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n", -

3376 __func__); -

3377

return;

never executed: return;

3378 } -

3379 fputs("x=", stderr); -

3380 BN_print_fp(stderr, x); -

3381 fputs("\ny=", stderr); -

3382 BN_print_fp(stderr, y); -

3383 fputs("\n", stderr); -

3384 BN_CTX_free(bnctx); -

3385

}

never executed: end of block

3386 -

3387 void -

3388 sshkey_dump_ec_key(const EC_KEY *key) -

3389 { -

3390 const BIGNUM *exponent; -

3391 -

3392 sshkey_dump_ec_point(EC_KEY_get0_group(key), -

3393 EC_KEY_get0_public_key(key)); -

3394 fputs("exponent=", stderr); -

3395

if ((exponent = EC_KEY_get0_private_key(key)) == NULL)

(exponent = EC...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3396

fputs("(NULL)", stderr);

never executed: fputs("(NULL)", stderr );

3397 else -

3398

BN_print_fp(stderr, EC_KEY_get0_private_key(key));

never executed: BN_print_fp( stderr , EC_KEY_get0_private_key(key));

3399 fputs("\n", stderr); -

3400

}

never executed: end of block

3401 #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ -

3402 -

3403 static int -

3404 sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, -

3405 const char *passphrase, const char *comment, const char *ciphername, -

3406 int rounds) -

3407 { -

3408 u_char *cp, *key = NULL, *pubkeyblob = NULL; -

3409 u_char salt[SALT_LEN]; -

3410 char *b64 = NULL; -

3411 size_t i, pubkeylen, keylen, ivlen, blocksize, authlen; -

3412 u_int check; -

3413 int r = SSH_ERR_INTERNAL_ERROR; -

3414 struct sshcipher_ctx *ciphercontext = NULL; -

3415 const struct sshcipher *cipher; -

3416 const char *kdfname = KDFNAME; -

3417 struct sshbuf *encoded = NULL, *encrypted = NULL, *kdf = NULL; -

3418 -

3419

if (rounds <= 0)

rounds <= 0	Description
TRUE	evaluated 7 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-7

3420

rounds = DEFAULT_ROUNDS;

executed 7 times by 1 test: rounds = 16;

Executed by:

ssh-keygen

3421

if (passphrase == NULL || !strlen(passphrase)) {

passphrase == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

!strlen(passphrase)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-7

3422 ciphername = "none"; -

3423 kdfname = "none"; -

3424

} else if (ciphername == NULL)

executed 7 times by 1 test: end of block

Executed by:

ssh-keygen

ciphername == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-7

3425

ciphername = DEFAULT_CIPHERNAME;

never executed: ciphername = "aes256-ctr";

3426

if ((cipher = cipher_by_name(ciphername)) == NULL) {

(cipher = ciph...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3427 r = SSH_ERR_INVALID_ARGUMENT; -

3428

goto out;

never executed: goto out;

3429 } -

3430 -

3431

if ((kdf = sshbuf_new()) == NULL ||

(kdf = sshbuf_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3432

(encoded = sshbuf_new()) == NULL ||

(encoded = ssh...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3433

(encrypted = sshbuf_new()) == NULL) {

(encrypted = s...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3434 r = SSH_ERR_ALLOC_FAIL; -

3435

goto out;

never executed: goto out;

3436 } -

3437 blocksize = cipher_blocksize(cipher); -

3438 keylen = cipher_keylen(cipher); -

3439 ivlen = cipher_ivlen(cipher); -

3440 authlen = cipher_authlen(cipher); -

3441

if ((key = calloc(1, keylen + ivlen)) == NULL) {

(key = calloc(...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3442 r = SSH_ERR_ALLOC_FAIL; -

3443

goto out;

never executed: goto out;

3444 } -

3445

if (strcmp(kdfname, "bcrypt") == 0) {

never executed: __result = (((const unsigned char *) (const char *) ( kdfname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "bcrypt" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-7

3446 arc4random_buf(salt, SALT_LEN); -

3447

if (bcrypt_pbkdf(passphrase, strlen(passphrase),

bcrypt_pbkdf(p...n, rounds) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

3448

salt, SALT_LEN, key, keylen + ivlen, rounds) < 0) {

bcrypt_pbkdf(p...n, rounds) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

3449 r = SSH_ERR_INVALID_ARGUMENT; -

3450

goto out;

never executed: goto out;

3451 } -

3452

if ((r = sshbuf_put_string(kdf, salt, SALT_LEN)) != 0 ||

(r = sshbuf_pu...alt, 16)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3453

(r = sshbuf_put_u32(kdf, rounds)) != 0)

(r = sshbuf_pu... rounds)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3454

goto out;

never executed: goto out;

3455

} else if (strcmp(kdfname, "none") != 0) {

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( kdfname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-7

3456 /* Unsupported KDF type */ -

3457 r = SSH_ERR_KEY_UNKNOWN_CIPHER; -

3458

goto out;

never executed: goto out;

3459 } -

3460

if ((r = cipher_init(&ciphercontext, cipher, key, keylen,

(r = cipher_in...vlen, 1)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3461

key + keylen, ivlen, 1)) != 0)

(r = cipher_in...vlen, 1)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3462

goto out;

never executed: goto out;

3463 -

3464

if ((r = sshbuf_put(encoded, AUTH_MAGIC, sizeof(AUTH_MAGIC))) != 0 ||

(r = sshbuf_pu...ey-v1"))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3465

(r = sshbuf_put_cstring(encoded, ciphername)) != 0 ||

(r = sshbuf_pu...hername)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3466

(r = sshbuf_put_cstring(encoded, kdfname)) != 0 ||

(r = sshbuf_pu...kdfname)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3467

(r = sshbuf_put_stringb(encoded, kdf)) != 0 ||

(r = sshbuf_pu...ed, kdf)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3468

(r = sshbuf_put_u32(encoded, 1)) != 0 || /* number of keys */

(r = sshbuf_pu...oded, 1)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3469

(r = sshkey_to_blob(prv, &pubkeyblob, &pubkeylen)) != 0 ||

(r = sshkey_to...bkeylen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3470

(r = sshbuf_put_string(encoded, pubkeyblob, pubkeylen)) != 0)

(r = sshbuf_pu...bkeylen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3471

goto out;

never executed: goto out;

3472 -

3473 /* set up the buffer that will be encrypted */ -

3474 -

3475 /* Random check bytes */ -

3476 check = arc4random(); -

3477

if ((r = sshbuf_put_u32(encrypted, check)) != 0 ||

(r = sshbuf_pu..., check)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3478

(r = sshbuf_put_u32(encrypted, check)) != 0)

(r = sshbuf_pu..., check)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3479

goto out;

never executed: goto out;

3480 -

3481 /* append private key and comment*/ -

3482

if ((r = sshkey_private_serialize_opt(prv, encrypted,

(r = sshkey_pr...ZE_FULL)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3483

SSHKEY_SERIALIZE_FULL)) != 0 ||

(r = sshkey_pr...ZE_FULL)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3484

(r = sshbuf_put_cstring(encrypted, comment)) != 0)

(r = sshbuf_pu...comment)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3485

goto out;

never executed: goto out;

3486 -

3487 /* padding */ -

3488 i = 0; -

3489

while (sshbuf_len(encrypted) % blocksize) {

sshbuf_len(enc...d) % blocksize	Description
TRUE	evaluated 21 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

7-21

3490

if ((r = sshbuf_put_u8(encrypted, ++i & 0xff)) != 0)

(r = sshbuf_pu... & 0xff)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: ssh-keygen

0-21

3491

goto out;

never executed: goto out;

3492

}

executed 21 times by 1 test: end of block

Executed by:

ssh-keygen

3493 -

3494 /* length in destination buffer */ -

3495

if ((r = sshbuf_put_u32(encoded, sshbuf_len(encrypted))) != 0)

(r = sshbuf_pu...rypted))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3496

goto out;

never executed: goto out;

3497 -

3498 /* encrypt */ -

3499

if ((r = sshbuf_reserve(encoded,

(r = sshbuf_re...en, &cp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3500

sshbuf_len(encrypted) + authlen, &cp)) != 0)

(r = sshbuf_re...en, &cp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3501

goto out;

never executed: goto out;

3502

if ((r = cipher_crypt(ciphercontext, 0, cp,

(r = cipher_cr...authlen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3503

sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0)

(r = cipher_cr...authlen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3504

goto out;

never executed: goto out;

3505 -

3506 /* uuencode */ -

3507

if ((b64 = sshbuf_dtob64(encoded)) == NULL) {

(b64 = sshbuf_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3508 r = SSH_ERR_ALLOC_FAIL; -

3509

goto out;

never executed: goto out;

3510 } -

3511 -

3512 sshbuf_reset(blob); -

3513

if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0)

(r = sshbuf_pu...") - 1))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3514

goto out;

never executed: goto out;

3515

for (i = 0; i < strlen(b64); i++) {

i < strlen(b64)	Description
TRUE	evaluated 6248 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

7-6248

3516

if ((r = sshbuf_put_u8(blob, b64[i])) != 0)

(r = sshbuf_pu... b64[i])) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6248 times by 1 test Evaluated by: ssh-keygen

0-6248

3517

goto out;

never executed: goto out;

3518 /* insert line breaks */ -

3519

if (i % 70 == 69 && (r = sshbuf_put_u8(blob, '\n')) != 0)

i % 70 == 69	Description
TRUE	evaluated 84 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 6164 times by 1 test Evaluated by: ssh-keygen

(r = sshbuf_pu...b, '\n')) != 0	Description
TRUE	never evaluated
FALSE	evaluated 84 times by 1 test Evaluated by: ssh-keygen

0-6164

3520

goto out;

never executed: goto out;

3521

}

executed 6248 times by 1 test: end of block

Executed by:

ssh-keygen

6248

3522

if (i % 70 != 69 && (r = sshbuf_put_u8(blob, '\n')) != 0)

i % 70 != 69	Description
TRUE	evaluated 7 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

(r = sshbuf_pu...b, '\n')) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3523

goto out;

never executed: goto out;

3524

if ((r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0)

(r = sshbuf_pu...") - 1))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

3525

goto out;

never executed: goto out;

3526 -

3527 /* success */ -

3528 r = 0; -

3529 -

3530

out:

code before this statement executed 7 times by 1 test: out:

Executed by:

ssh-keygen

3531 sshbuf_free(kdf); -

3532 sshbuf_free(encoded); -

3533 sshbuf_free(encrypted); -

3534 cipher_free(ciphercontext); -

3535 explicit_bzero(salt, sizeof(salt)); -

3536

if (key != NULL) {

key != ((void *)0)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-7

3537 explicit_bzero(key, keylen + ivlen); -

3538 free(key); -

3539

}

executed 7 times by 1 test: end of block

Executed by:

ssh-keygen

3540

if (pubkeyblob != NULL) {

pubkeyblob != ((void *)0)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-7

3541 explicit_bzero(pubkeyblob, pubkeylen); -

3542 free(pubkeyblob); -

3543

}

executed 7 times by 1 test: end of block

Executed by:

ssh-keygen

3544

if (b64 != NULL) {

b64 != ((void *)0)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-7

3545 explicit_bzero(b64, strlen(b64)); -

3546 free(b64); -

3547

}

executed 7 times by 1 test: end of block

Executed by:

ssh-keygen

3548

return r;

executed 7 times by 1 test: return r;

Executed by:

ssh-keygen

3549 } -

3550 -

3551 static int -

3552 sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, -

3553 struct sshkey **keyp, char **commentp) -

3554 { -

3555 char *comment = NULL, *ciphername = NULL, *kdfname = NULL; -

3556 const struct sshcipher *cipher = NULL; -

3557 const u_char *cp; -

3558 int r = SSH_ERR_INTERNAL_ERROR; -

3559 size_t encoded_len; -

3560 size_t i, keylen = 0, ivlen = 0, authlen = 0, slen = 0; -

3561 struct sshbuf *encoded = NULL, *decoded = NULL; -

3562 struct sshbuf *kdf = NULL, *decrypted = NULL; -

3563 struct sshcipher_ctx *ciphercontext = NULL; -

3564 struct sshkey *k = NULL; -

3565 u_char *key = NULL, *salt = NULL, *dp, pad, last; -

3566 u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; -

3567 -

3568

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-254950

3569

*keyp = NULL;

executed 254950 times by 3 tests: *keyp = ((void *)0) ;

Executed by:

ssh-keygen
sshd
test_sshkey

254950

3570

if (commentp != NULL)

commentp != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-254950

3571

*commentp = NULL;

never executed: *commentp = ((void *)0) ;

3572 -

3573

if ((encoded = sshbuf_new()) == NULL ||

(encoded = ssh...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-254950

3574

(decoded = sshbuf_new()) == NULL ||

(decoded = ssh...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-254950

3575

(decrypted = sshbuf_new()) == NULL) {

(decrypted = s...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-254950

3576 r = SSH_ERR_ALLOC_FAIL; -

3577

goto out;

never executed: goto out;

3578 } -

3579 -

3580 /* check preamble */ -

3581 cp = sshbuf_ptr(blob); -

3582 encoded_len = sshbuf_len(blob); -

3583

if (encoded_len < (MARK_BEGIN_LEN + MARK_END_LEN) ||

encoded_len < ...----\n") - 1))	Description
TRUE	never evaluated
FALSE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-254950

3584

memcmp(cp, MARK_BEGIN, MARK_BEGIN_LEN) != 0) {

memcmp(cp, "--...n") - 1)) != 0	Description
TRUE	evaluated 230915 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	evaluated 24035 times by 2 tests Evaluated by: sshd test_sshkey

24035-230915

3585 r = SSH_ERR_INVALID_FORMAT; -

3586

goto out;

executed 230915 times by 2 tests: goto out;

Executed by:

ssh-keygen
test_sshkey

230915

3587 } -

3588 cp += MARK_BEGIN_LEN; -

3589 encoded_len -= MARK_BEGIN_LEN; -

3590 -

3591 /* Look for end marker, removing whitespace as we go */ -

3592

while (encoded_len > 0) {

encoded_len > 0	Description
TRUE	evaluated 8276088 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 2219 times by 1 test Evaluated by: test_sshkey

2219-8276088

3593

if (*cp != '\n' && *cp != '\r') {

*cp != '\n'	Description
TRUE	evaluated 8154010 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 122078 times by 2 tests Evaluated by: sshd test_sshkey

*cp != '\r'	Description
TRUE	evaluated 8154010 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	never evaluated

0-8154010

3594

if ((r = sshbuf_put_u8(encoded, *cp)) != 0)

(r = sshbuf_pu...ed, *cp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 8154010 times by 2 tests Evaluated by: sshd test_sshkey

0-8154010

3595

goto out;

never executed: goto out;

3596

}

executed 8154010 times by 2 tests: end of block

Executed by:

sshd
test_sshkey

8154010

3597 last = *cp; -

3598 encoded_len--; -

3599 cp++; -

3600

if (last == '\n') {

last == '\n'	Description
TRUE	evaluated 122078 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 8154010 times by 2 tests Evaluated by: sshd test_sshkey

122078-8154010

3601

if (encoded_len >= MARK_END_LEN &&

encoded_len >=...-----\n") - 1)	Description
TRUE	evaluated 119922 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 2156 times by 1 test Evaluated by: test_sshkey

2156-119922

3602

memcmp(cp, MARK_END, MARK_END_LEN) == 0) {

memcmp(cp, "--...n") - 1)) == 0	Description
TRUE	evaluated 21816 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 98106 times by 2 tests Evaluated by: sshd test_sshkey

21816-98106

3603 /* \0 terminate */ -

3604

if ((r = sshbuf_put_u8(encoded, 0)) != 0)

(r = sshbuf_pu...oded, 0)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 21816 times by 2 tests Evaluated by: sshd test_sshkey

0-21816

3605

goto out;

never executed: goto out;

3606

break;

executed 21816 times by 2 tests: break;

Executed by:

sshd
test_sshkey

21816

3607 } -

3608

}

executed 100262 times by 2 tests: end of block

Executed by:

sshd
test_sshkey

100262

3609

}

executed 8254272 times by 2 tests: end of block

Executed by:

sshd
test_sshkey

8254272

3610

if (encoded_len == 0) {

encoded_len == 0	Description
TRUE	evaluated 2219 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 21816 times by 2 tests Evaluated by: sshd test_sshkey

2219-21816

3611 r = SSH_ERR_INVALID_FORMAT; -

3612

goto out;

executed 2219 times by 1 test: goto out;

Executed by:

test_sshkey

2219

3613 } -

3614 -

3615 /* decode base64 */ -

3616

if ((r = sshbuf_b64tod(decoded, (char *)sshbuf_ptr(encoded))) != 0)

(r = sshbuf_b6...ncoded))) != 0	Description
TRUE	evaluated 428 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 21388 times by 2 tests Evaluated by: sshd test_sshkey

428-21388

3617

goto out;

executed 428 times by 1 test: goto out;

Executed by:

test_sshkey

428

3618 -

3619 /* check magic */ -

3620

if (sshbuf_len(decoded) < sizeof(AUTH_MAGIC) ||

sshbuf_len(dec...enssh-key-v1")	Description
TRUE	never evaluated
FALSE	evaluated 21388 times by 2 tests Evaluated by: sshd test_sshkey

0-21388

3621

memcmp(sshbuf_ptr(decoded), AUTH_MAGIC, sizeof(AUTH_MAGIC))) {

memcmp(sshbuf_...nssh-key-v1"))	Description
TRUE	evaluated 1260 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 20128 times by 2 tests Evaluated by: sshd test_sshkey

1260-20128

3622 r = SSH_ERR_INVALID_FORMAT; -

3623

goto out;

executed 1260 times by 1 test: goto out;

Executed by:

test_sshkey

1260

3624 } -

3625 /* parse public portion of key */ -

3626

if ((r = sshbuf_consume(decoded, sizeof(AUTH_MAGIC))) != 0 ||

(r = sshbuf_co...ey-v1"))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 20128 times by 2 tests Evaluated by: sshd test_sshkey

0-20128

3627

(r = sshbuf_get_cstring(decoded, &ciphername, NULL)) != 0 ||

(r = sshbuf_ge...d *)0) )) != 0	Description
TRUE	evaluated 346 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 19782 times by 2 tests Evaluated by: sshd test_sshkey

346-19782

3628

(r = sshbuf_get_cstring(decoded, &kdfname, NULL)) != 0 ||

(r = sshbuf_ge...d *)0) )) != 0	Description
TRUE	evaluated 375 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 19407 times by 2 tests Evaluated by: sshd test_sshkey

375-19407

3629

(r = sshbuf_froms(decoded, &kdf)) != 0 ||

(r = sshbuf_fr...d, &kdf)) != 0	Description
TRUE	evaluated 303 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 19104 times by 2 tests Evaluated by: sshd test_sshkey

303-19104

3630

(r = sshbuf_get_u32(decoded, &nkeys)) != 0 ||

(r = sshbuf_ge... &nkeys)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 19104 times by 2 tests Evaluated by: sshd test_sshkey

0-19104

3631

(r = sshbuf_skip_string(decoded)) != 0 || /* pubkey */

(r = sshbuf_ge...d *)0) )) != 0	Description
TRUE	evaluated 334 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 18770 times by 2 tests Evaluated by: sshd test_sshkey

334-18770

3632

(r = sshbuf_get_u32(decoded, &encrypted_len)) != 0)

(r = sshbuf_ge...ted_len)) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: test_sshkey
FALSE	evaluated 18769 times by 2 tests Evaluated by: sshd test_sshkey

1-18769

3633

goto out;

executed 1359 times by 1 test: goto out;

Executed by:

test_sshkey

1359

3634 -

3635

if ((cipher = cipher_by_name(ciphername)) == NULL) {

(cipher = ciph...== ((void *)0)	Description
TRUE	evaluated 282 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 18487 times by 2 tests Evaluated by: sshd test_sshkey

282-18487

3636 r = SSH_ERR_KEY_UNKNOWN_CIPHER; -

3637

goto out;

executed 282 times by 1 test: goto out;

Executed by:

test_sshkey

282

3638 } -

3639

if ((passphrase == NULL || strlen(passphrase) == 0) &&

passphrase == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 18487 times by 2 tests Evaluated by: sshd test_sshkey

strlen(passphrase) == 0	Description
TRUE	evaluated 18483 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

0-18487

3640

strcmp(ciphername, "none") != 0) {

never executed: __result = (((const unsigned char *) (const char *) ( ciphername ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	evaluated 18483 times by 2 tests Evaluated by: sshd test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-18483

3641 /* passphrase required */ -

3642 r = SSH_ERR_KEY_WRONG_PASSPHRASE; -

3643

goto out;

never executed: goto out;

3644 } -

3645

if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) {

never executed: __result = (((const unsigned char *) (const char *) ( kdfname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( kdfname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "bcrypt" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) != 0	Description
TRUE	evaluated 322 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 18165 times by 2 tests Evaluated by: sshd test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__extension__ ... )))); }) != 0	Description
TRUE	evaluated 318 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-18165

3646 r = SSH_ERR_KEY_UNKNOWN_CIPHER; -

3647

goto out;

executed 318 times by 1 test: goto out;

Executed by:

test_sshkey

318

3648 } -

3649

if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) {

never executed: __result = (((const unsigned char *) (const char *) ( kdfname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( ciphername ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);

never executed: end of block

! __extension_...none" )))); })	Description
TRUE	evaluated 18165 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	evaluated 18165 times by 2 tests Evaluated by: sshd test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-18165

3650 r = SSH_ERR_INVALID_FORMAT; -

3651

goto out;

never executed: goto out;

3652 } -

3653

if (nkeys != 1) {

nkeys != 1	Description
TRUE	evaluated 322 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17847 times by 2 tests Evaluated by: sshd test_sshkey

322-17847

3654 /* XXX only one key supported */ -

3655 r = SSH_ERR_INVALID_FORMAT; -

3656

goto out;

executed 322 times by 1 test: goto out;

Executed by:

test_sshkey

322

3657 } -

3658 -

3659 /* check size of encrypted key blob */ -

3660 blocksize = cipher_blocksize(cipher); -

3661

if (encrypted_len < blocksize || (encrypted_len % blocksize) != 0) {

encrypted_len < blocksize	Description
TRUE	never evaluated
FALSE	evaluated 17847 times by 2 tests Evaluated by: sshd test_sshkey

(encrypted_len...locksize) != 0	Description
TRUE	evaluated 96 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17751 times by 2 tests Evaluated by: sshd test_sshkey

0-17847

3662 r = SSH_ERR_INVALID_FORMAT; -

3663

goto out;

executed 96 times by 1 test: goto out;

Executed by:

test_sshkey

3664 } -

3665 -

3666 /* setup key */ -

3667 keylen = cipher_keylen(cipher); -

3668 ivlen = cipher_ivlen(cipher); -

3669 authlen = cipher_authlen(cipher); -

3670

if ((key = calloc(1, keylen + ivlen)) == NULL) {

(key = calloc(...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 17751 times by 2 tests Evaluated by: sshd test_sshkey

0-17751

3671 r = SSH_ERR_ALLOC_FAIL; -

3672

goto out;

never executed: goto out;

3673 } -

3674

if (strcmp(kdfname, "bcrypt") == 0) {

never executed: __result = (((const unsigned char *) (const char *) ( kdfname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "bcrypt" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17747 times by 2 tests Evaluated by: sshd test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-17747

3675

if ((r = sshbuf_get_string(kdf, &salt, &slen)) != 0 ||

(r = sshbuf_ge..., &slen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

0-4

3676

(r = sshbuf_get_u32(kdf, &rounds)) != 0)

(r = sshbuf_ge...&rounds)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

0-4

3677

goto out;

never executed: goto out;

3678

if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen,

bcrypt_pbkdf(p...n, rounds) < 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

0-4

3679

key, keylen + ivlen, rounds) < 0) {

bcrypt_pbkdf(p...n, rounds) < 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: test_sshkey

0-4

3680 r = SSH_ERR_INVALID_FORMAT; -

3681

goto out;

never executed: goto out;

3682 } -

3683

}

executed 4 times by 1 test: end of block

Executed by:

test_sshkey

3684 -

3685 /* check that an appropriate amount of auth data is present */ -

3686

if (sshbuf_len(decoded) < encrypted_len + authlen) {

sshbuf_len(dec..._len + authlen	Description
TRUE	evaluated 360 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17391 times by 2 tests Evaluated by: sshd test_sshkey

360-17391

3687 r = SSH_ERR_INVALID_FORMAT; -

3688

goto out;

executed 360 times by 1 test: goto out;

Executed by:

test_sshkey

360

3689 } -

3690 -

3691 /* decrypt private portion of key */ -

3692

if ((r = sshbuf_reserve(decrypted, encrypted_len, &dp)) != 0 ||

(r = sshbuf_re...en, &dp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17391 times by 2 tests Evaluated by: sshd test_sshkey

0-17391

3693

(r = cipher_init(&ciphercontext, cipher, key, keylen,

(r = cipher_in...vlen, 0)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17391 times by 2 tests Evaluated by: sshd test_sshkey

0-17391

3694

key + keylen, ivlen, 0)) != 0)

(r = cipher_in...vlen, 0)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17391 times by 2 tests Evaluated by: sshd test_sshkey

0-17391

3695

goto out;

never executed: goto out;

3696

if ((r = cipher_crypt(ciphercontext, 0, dp, sshbuf_ptr(decoded),

(r = cipher_cr...authlen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17391 times by 2 tests Evaluated by: sshd test_sshkey

0-17391

3697

encrypted_len, 0, authlen)) != 0) {

(r = cipher_cr...authlen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17391 times by 2 tests Evaluated by: sshd test_sshkey

0-17391

3698 /* an integrity error here indicates an incorrect passphrase */ -

3699

if (r == SSH_ERR_MAC_INVALID)

r == -30	Description
TRUE	never evaluated
FALSE	never evaluated

3700

r = SSH_ERR_KEY_WRONG_PASSPHRASE;

never executed: r = -43;

3701

goto out;

never executed: goto out;

3702 } -

3703

if ((r = sshbuf_consume(decoded, encrypted_len + authlen)) != 0)

(r = sshbuf_co...authlen)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17391 times by 2 tests Evaluated by: sshd test_sshkey

0-17391

3704

goto out;

never executed: goto out;

3705 /* there should be no trailing data */ -

3706

if (sshbuf_len(decoded) != 0) {

sshbuf_len(decoded) != 0	Description
TRUE	evaluated 30 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 17361 times by 2 tests Evaluated by: sshd test_sshkey

30-17361

3707 r = SSH_ERR_INVALID_FORMAT; -

3708

goto out;

executed 30 times by 1 test: goto out;

Executed by:

test_sshkey

3709 } -

3710 -

3711 /* check check bytes */ -

3712

if ((r = sshbuf_get_u32(decrypted, &check1)) != 0 ||

(r = sshbuf_ge...&check1)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17361 times by 2 tests Evaluated by: sshd test_sshkey

0-17361

3713

(r = sshbuf_get_u32(decrypted, &check2)) != 0)

(r = sshbuf_ge...&check2)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 17361 times by 2 tests Evaluated by: sshd test_sshkey

0-17361

3714

goto out;

never executed: goto out;

3715

if (check1 != check2) {

check1 != check2	Description
TRUE	evaluated 681 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 16680 times by 2 tests Evaluated by: sshd test_sshkey

681-16680

3716 r = SSH_ERR_KEY_WRONG_PASSPHRASE; -

3717

goto out;

executed 681 times by 1 test: goto out;

Executed by:

test_sshkey

681

3718 } -

3719 -

3720 /* Load the private key and comment */ -

3721

if ((r = sshkey_private_deserialize(decrypted, &k)) != 0 ||

(r = sshkey_pr...ted, &k)) != 0	Description
TRUE	evaluated 1959 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14721 times by 2 tests Evaluated by: sshd test_sshkey

1959-14721

3722

(r = sshbuf_get_cstring(decrypted, &comment, NULL)) != 0)

(r = sshbuf_ge...d *)0) )) != 0	Description
TRUE	evaluated 320 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 14401 times by 2 tests Evaluated by: sshd test_sshkey

320-14401

3723

goto out;

executed 2279 times by 1 test: goto out;

Executed by:

test_sshkey

2279

3724 -

3725 /* Check deterministic padding */ -

3726 i = 0; -

3727

while (sshbuf_len(decrypted)) {

sshbuf_len(decrypted)	Description
TRUE	evaluated 28668 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 14172 times by 2 tests Evaluated by: sshd test_sshkey

14172-28668

3728

if ((r = sshbuf_get_u8(decrypted, &pad)) != 0)

(r = sshbuf_ge...d, &pad)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 28668 times by 2 tests Evaluated by: sshd test_sshkey

0-28668

3729

goto out;

never executed: goto out;

3730

if (pad != (++i & 0xff)) {

pad != (++i & 0xff)	Description
TRUE	evaluated 229 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 28439 times by 2 tests Evaluated by: sshd test_sshkey

229-28439

3731 r = SSH_ERR_INVALID_FORMAT; -

3732

goto out;

executed 229 times by 1 test: goto out;

Executed by:

test_sshkey

229

3733 } -

3734

}

executed 28439 times by 2 tests: end of block

Executed by:

sshd
test_sshkey

28439

3735 -

3736 /* XXX decode pubkey and check against private */ -

3737 -

3738 /* success */ -

3739 r = 0; -

3740

if (keyp != NULL) {

keyp != ((void *)0)	Description
TRUE	evaluated 14172 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	never evaluated

0-14172

3741 *keyp = k; -

3742 k = NULL; -

3743

}

executed 14172 times by 2 tests: end of block

Executed by:

sshd
test_sshkey

14172

3744

if (commentp != NULL) {

commentp != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 14172 times by 2 tests Evaluated by: sshd test_sshkey

0-14172

3745 *commentp = comment; -

3746 comment = NULL; -

3747

}

never executed: end of block

3748

out:

code before this statement executed 14172 times by 2 tests: out:

Executed by:

sshd
test_sshkey

14172

3749 pad = 0; -

3750 cipher_free(ciphercontext); -

3751 free(ciphername); -

3752 free(kdfname); -

3753 free(comment); -

3754

if (salt != NULL) {

salt != ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 254946 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

4-254946

3755 explicit_bzero(salt, slen); -

3756 free(salt); -

3757

}

executed 4 times by 1 test: end of block

Executed by:

test_sshkey

3758

if (key != NULL) {

key != ((void *)0)	Description
TRUE	evaluated 17751 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 237199 times by 2 tests Evaluated by: ssh-keygen test_sshkey

17751-237199

3759 explicit_bzero(key, keylen + ivlen); -

3760 free(key); -

3761

}

executed 17751 times by 2 tests: end of block

Executed by:

sshd
test_sshkey

17751

3762 sshbuf_free(encoded); -

3763 sshbuf_free(decoded); -

3764 sshbuf_free(kdf); -

3765 sshbuf_free(decrypted); -

3766 sshkey_free(k); -

3767

return r;

executed 254950 times by 3 tests: return r;

Executed by:

ssh-keygen
sshd
test_sshkey

254950

3768 } -

3769 -

3770 -

3771 #ifdef WITH_OPENSSL -

3772 /* convert SSH v2 key in OpenSSL PEM format */ -

3773 static int -

3774 sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, -

3775 const char *_passphrase, const char *comment) -

3776 { -

3777 int success, r; -

3778 int blen, len = strlen(_passphrase); -

3779

u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;

(len > 0)	Description
TRUE	never evaluated
FALSE	never evaluated

3780

const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;

(len > 0)	Description
TRUE	never evaluated
FALSE	never evaluated

3781 char *bptr; -

3782 BIO *bio = NULL; -

3783 -

3784

if (len > 0 && len <= 4)

len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

len <= 4	Description
TRUE	never evaluated
FALSE	never evaluated

3785

return SSH_ERR_PASSPHRASE_TOO_SHORT;

never executed: return -40;

3786

if ((bio = BIO_new(BIO_s_mem())) == NULL)

(bio = BIO_new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3787

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

3788 -

3789 switch (key->type) { -

3790

case KEY_DSA:

never executed: case KEY_DSA:

3791 success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, -

3792 cipher, passphrase, len, NULL, NULL); -

3793

break;

never executed: break;

3794 #ifdef OPENSSL_HAS_ECC -

3795

case KEY_ECDSA:

never executed: case KEY_ECDSA:

3796 success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, -

3797 cipher, passphrase, len, NULL, NULL); -

3798

break;

never executed: break;

3799 #endif -

3800

case KEY_RSA:

never executed: case KEY_RSA:

3801 success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, -

3802 cipher, passphrase, len, NULL, NULL); -

3803

break;

never executed: break;

3804

default:

never executed: default:

3805 success = 0; -

3806

break;

never executed: break;

3807 } -

3808

if (success == 0) {

success == 0	Description
TRUE	never evaluated
FALSE	never evaluated

3809 r = SSH_ERR_LIBCRYPTO_ERROR; -

3810

goto out;

never executed: goto out;

3811 } -

3812

if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) {

(blen = BIO_ct...&bptr ) ) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3813 r = SSH_ERR_INTERNAL_ERROR; -

3814

goto out;

never executed: goto out;

3815 } -

3816

if ((r = sshbuf_put(blob, bptr, blen)) != 0)

(r = sshbuf_pu...r, blen)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3817

goto out;

never executed: goto out;

3818 r = 0; -

3819

out:

code before this statement never executed: out:

3820 BIO_free(bio); -

3821

return r;

never executed: return r;

3822 } -

3823 #endif /* WITH_OPENSSL */ -

3824 -

3825 /* Serialise "key" to buffer "blob" */ -

3826 int -

3827 sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, -

3828 const char *passphrase, const char *comment, -

3829 int force_new_format, const char *new_format_cipher, int new_format_rounds) -

3830 { -

3831 switch (key->type) { -

3832 #ifdef WITH_OPENSSL -

3833

case KEY_DSA:

executed 1 time by 1 test: case KEY_DSA:

Executed by:

ssh-keygen

3834

case KEY_ECDSA:

executed 1 time by 1 test: case KEY_ECDSA:

Executed by:

ssh-keygen

3835

case KEY_RSA:

executed 2 times by 1 test: case KEY_RSA:

Executed by:

ssh-keygen

3836

if (force_new_format) {

force_new_format	Description
TRUE	evaluated 4 times by 1 test Evaluated by: ssh-keygen
FALSE	never evaluated

0-4

3837

return sshkey_private_to_blob2(key, blob, passphrase,

executed 4 times by 1 test: return sshkey_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds);

Executed by:

ssh-keygen

3838

comment, new_format_cipher, new_format_rounds);

executed 4 times by 1 test: return sshkey_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds);

Executed by:

ssh-keygen

3839 } -

3840

return sshkey_private_pem_to_blob(key, blob,

never executed: return sshkey_private_pem_to_blob(key, blob, passphrase, comment);

3841

passphrase, comment);

never executed: return sshkey_private_pem_to_blob(key, blob, passphrase, comment);

3842 #endif /* WITH_OPENSSL */ -

3843

case KEY_ED25519:

executed 3 times by 1 test: case KEY_ED25519:

Executed by:

ssh-keygen

3844 #ifdef WITH_XMSS -

3845 case KEY_XMSS: -

3846 #endif /* WITH_XMSS */ -

3847

return sshkey_private_to_blob2(key, blob, passphrase,

executed 3 times by 1 test: return sshkey_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds);

Executed by:

ssh-keygen

3848

comment, new_format_cipher, new_format_rounds);

executed 3 times by 1 test: return sshkey_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds);

Executed by:

ssh-keygen

3849

default:

never executed: default:

3850

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

3851 } -

3852 } -

3853 -

3854 -

3855 #ifdef WITH_OPENSSL -

3856 static int -

3857 translate_libcrypto_error(unsigned long pem_err) -

3858 { -

3859 int pem_reason = ERR_GET_REASON(pem_err); -

3860 -

3861 switch (ERR_GET_LIB(pem_err)) { -

3862

case ERR_LIB_PEM:

executed 99618 times by 1 test: case 9 :

Executed by:

test_sshkey

99618

3863 switch (pem_reason) { -

3864

case PEM_R_BAD_PASSWORD_READ:

never executed: case 104 :

3865

case PEM_R_PROBLEMS_GETTING_PASSWORD:

never executed: case 109 :

3866

case PEM_R_BAD_DECRYPT:

never executed: case 101 :

3867

return SSH_ERR_KEY_WRONG_PASSPHRASE;

never executed: return -43;

3868

default:

executed 99618 times by 1 test: default:

Executed by:

test_sshkey

99618

3869

return SSH_ERR_INVALID_FORMAT;

executed 99618 times by 1 test: return -4;

Executed by:

test_sshkey

99618

3870 } -

3871

case ERR_LIB_EVP:

never executed: case 6 :

3872 switch (pem_reason) { -

3873

case EVP_R_BAD_DECRYPT:

never executed: case 100 :

3874

return SSH_ERR_KEY_WRONG_PASSPHRASE;

never executed: return -43;

3875 #ifdef EVP_R_BN_DECODE_ERROR -

3876

case EVP_R_BN_DECODE_ERROR:

never executed: case 112 :

3877 #endif -

3878

case EVP_R_DECODE_ERROR:

never executed: case 114 :

3879 #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR -

3880

case EVP_R_PRIVATE_KEY_DECODE_ERROR:

never executed: case 145 :

3881 #endif -

3882

return SSH_ERR_INVALID_FORMAT;

never executed: return -4;

3883

default:

never executed: default:

3884

return SSH_ERR_LIBCRYPTO_ERROR;

never executed: return -22;

3885 } -

3886

case ERR_LIB_ASN1:

executed 10612 times by 1 test: case 13 :

Executed by:

test_sshkey

10612

3887

return SSH_ERR_INVALID_FORMAT;

executed 10612 times by 1 test: return -4;

Executed by:

test_sshkey

10612

3888 } -

3889

return SSH_ERR_LIBCRYPTO_ERROR;

executed 12218 times by 1 test: return -22;

Executed by:

test_sshkey

12218

3890 } -

3891 -

3892 static void -

3893 clear_libcrypto_errors(void) -

3894 { -

3895

while (ERR_get_error() != 0)

ERR_get_error() != 0	Description
TRUE	evaluated 215165 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 240097 times by 2 tests Evaluated by: ssh-keygen test_sshkey

215165-240097

3896

;

executed 215165 times by 1 test: ;

Executed by:

test_sshkey

215165

3897

}

executed 240097 times by 2 tests: end of block

Executed by:

ssh-keygen
test_sshkey

240097

3898 -

3899 /* -

3900 * Translate OpenSSL error codes to determine whether -

3901 * passphrase is required/incorrect. -

3902 */ -

3903 static int -

3904 convert_libcrypto_error(void) -

3905 { -

3906 /* -

3907 * Some password errors are reported at the beginning -

3908 * of the error queue. -

3909 */ -

3910

if (translate_libcrypto_error(ERR_peek_error()) ==

translate_libc...rror()) == -43	Description
TRUE	never evaluated
FALSE	evaluated 61224 times by 1 test Evaluated by: test_sshkey

0-61224

3911

SSH_ERR_KEY_WRONG_PASSPHRASE)

translate_libc...rror()) == -43	Description
TRUE	never evaluated
FALSE	evaluated 61224 times by 1 test Evaluated by: test_sshkey

0-61224

3912

return SSH_ERR_KEY_WRONG_PASSPHRASE;

never executed: return -43;

3913

return translate_libcrypto_error(ERR_peek_last_error());

executed 61224 times by 1 test: return translate_libcrypto_error(ERR_peek_last_error());

Executed by:

test_sshkey

61224

3914 } -

3915 -

3916 static int -

3917 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, -

3918 const char *passphrase, struct sshkey **keyp) -

3919 { -

3920 EVP_PKEY *pk = NULL; -

3921 struct sshkey *prv = NULL; -

3922 BIO *bio = NULL; -

3923 int r; -

3924 -

3925

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 240097 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	never evaluated

0-240097

3926

*keyp = NULL;

executed 240097 times by 2 tests: *keyp = ((void *)0) ;

Executed by:

ssh-keygen
test_sshkey

240097

3927 -

3928

if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX)

(bio = BIO_new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 240097 times by 2 tests Evaluated by: ssh-keygen test_sshkey

sshbuf_len(blob) > 0x7fffffff	Description
TRUE	never evaluated
FALSE	evaluated 240097 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-240097

3929

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

3930

if (BIO_write(bio, sshbuf_ptr(blob), sshbuf_len(blob)) !=

BIO_write(bio,...hbuf_len(blob)	Description
TRUE	never evaluated
FALSE	evaluated 240097 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-240097

3931

(int)sshbuf_len(blob)) {

BIO_write(bio,...hbuf_len(blob)	Description
TRUE	never evaluated
FALSE	evaluated 240097 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-240097

3932 r = SSH_ERR_ALLOC_FAIL; -

3933

goto out;

never executed: goto out;

3934 } -

3935 -

3936 clear_libcrypto_errors(); -

3937

if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,

(pk = PEM_read...== ((void *)0)	Description
TRUE	evaluated 61224 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 178873 times by 2 tests Evaluated by: ssh-keygen test_sshkey

61224-178873

3938

(char *)passphrase)) == NULL) {

(pk = PEM_read...== ((void *)0)	Description
TRUE	evaluated 61224 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 178873 times by 2 tests Evaluated by: ssh-keygen test_sshkey

61224-178873

3939 r = convert_libcrypto_error(); -

3940

goto out;

executed 61224 times by 1 test: goto out;

Executed by:

test_sshkey

61224

3941 } -

3942

if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA &&

EVP_PKEY_base_id(pk) == 6	Description
TRUE	evaluated 99538 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	evaluated 79335 times by 2 tests Evaluated by: ssh-keygen test_sshkey

79335-99538

3943

(type == KEY_UNSPEC || type == KEY_RSA)) {

type == KEY_UNSPEC	Description
TRUE	evaluated 99538 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	never evaluated

type == KEY_RSA	Description
TRUE	never evaluated
FALSE	never evaluated

0-99538

3944

if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {

(prv = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 99538 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-99538

3945 r = SSH_ERR_ALLOC_FAIL; -

3946

goto out;

never executed: goto out;

3947 } -

3948 prv->rsa = EVP_PKEY_get1_RSA(pk); -

3949 prv->type = KEY_RSA; -

3950 #ifdef DEBUG_PK -

3951 RSA_print_fp(stderr, prv->rsa, 8); -

3952 #endif -

3953

if (RSA_blinding_on(prv->rsa, NULL) != 1) {

RSA_blinding_o...id *)0) ) != 1	Description
TRUE	never evaluated
FALSE	evaluated 99538 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-99538

3954 r = SSH_ERR_LIBCRYPTO_ERROR; -

3955

goto out;

never executed: goto out;

3956 } -

3957

if ((r = check_rsa_length(prv->rsa)) != 0)

(r = check_rsa...rv->rsa)) != 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 99534 times by 2 tests Evaluated by: ssh-keygen test_sshkey

4-99534

3958

goto out;

executed 4 times by 1 test: goto out;

Executed by:

test_sshkey

3959

} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA &&

executed 99534 times by 2 tests: end of block

Executed by:

ssh-keygen
test_sshkey

EVP_PKEY_base_id(pk) == 116	Description
TRUE	evaluated 73397 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	evaluated 5938 times by 1 test Evaluated by: test_sshkey

5938-99534

3960

(type == KEY_UNSPEC || type == KEY_DSA)) {

type == KEY_UNSPEC	Description
TRUE	evaluated 73397 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	never evaluated

type == KEY_DSA	Description
TRUE	never evaluated
FALSE	never evaluated

0-73397

3961

if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {

(prv = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 73397 times by 2 tests Evaluated by: ssh-keygen test_sshkey

0-73397

3962 r = SSH_ERR_ALLOC_FAIL; -

3963

goto out;

never executed: goto out;

3964 } -

3965 prv->dsa = EVP_PKEY_get1_DSA(pk); -

3966 prv->type = KEY_DSA; -

3967 #ifdef DEBUG_PK -

3968 DSA_print_fp(stderr, prv->dsa, 8); -

3969 #endif -

3970 #ifdef OPENSSL_HAS_ECC -

3971

} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC &&

executed 73397 times by 2 tests: end of block

Executed by:

ssh-keygen
test_sshkey

EVP_PKEY_base_id(pk) == 408	Description
TRUE	evaluated 5938 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-73397

3972

(type == KEY_UNSPEC || type == KEY_ECDSA)) {

type == KEY_UNSPEC	Description
TRUE	evaluated 5938 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

type == KEY_ECDSA	Description
TRUE	never evaluated
FALSE	never evaluated

0-5938

3973

if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {

(prv = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5938 times by 1 test Evaluated by: test_sshkey

0-5938

3974 r = SSH_ERR_ALLOC_FAIL; -

3975

goto out;

never executed: goto out;

3976 } -

3977 prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); -

3978 prv->type = KEY_ECDSA; -

3979 prv->ecdsa_nid = sshkey_ecdsa_key_to_nid(prv->ecdsa); -

3980

if (prv->ecdsa_nid == -1 ||

prv->ecdsa_nid == -1	Description
TRUE	never evaluated
FALSE	evaluated 5938 times by 1 test Evaluated by: test_sshkey

0-5938

3981

sshkey_curve_nid_to_name(prv->ecdsa_nid) == NULL ||

sshkey_curve_n...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5938 times by 1 test Evaluated by: test_sshkey

0-5938

3982

sshkey_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),

sshkey_ec_vali...->ecdsa)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5938 times by 1 test Evaluated by: test_sshkey

0-5938

3983

EC_KEY_get0_public_key(prv->ecdsa)) != 0 ||

sshkey_ec_vali...->ecdsa)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5938 times by 1 test Evaluated by: test_sshkey

0-5938

3984

sshkey_ec_validate_private(prv->ecdsa) != 0) {

sshkey_ec_vali...v->ecdsa) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5938 times by 1 test Evaluated by: test_sshkey

0-5938

3985 r = SSH_ERR_INVALID_FORMAT; -

3986

goto out;

never executed: goto out;

3987 } -

3988 # ifdef DEBUG_PK -

3989 if (prv != NULL && prv->ecdsa != NULL) -

3990 sshkey_dump_ec_key(prv->ecdsa); -

3991 # endif -

3992 #endif /* OPENSSL_HAS_ECC */ -

3993

} else {

executed 5938 times by 1 test: end of block

Executed by:

test_sshkey

5938

3994 r = SSH_ERR_INVALID_FORMAT; -

3995

goto out;

never executed: goto out;

3996 } -

3997 r = 0; -

3998

if (keyp != NULL) {

keyp != ((void *)0)	Description
TRUE	evaluated 178869 times by 2 tests Evaluated by: ssh-keygen test_sshkey
FALSE	never evaluated

0-178869

3999 *keyp = prv; -

4000 prv = NULL; -

4001

}

executed 178869 times by 2 tests: end of block

Executed by:

ssh-keygen
test_sshkey

178869

4002

out:

code before this statement executed 178869 times by 2 tests: out:

Executed by:

ssh-keygen
test_sshkey

178869

4003 BIO_free(bio); -

4004 EVP_PKEY_free(pk); -

4005 sshkey_free(prv); -

4006

return r;

executed 240097 times by 2 tests: return r;

Executed by:

ssh-keygen
test_sshkey

240097

4007 } -

4008 #endif /* WITH_OPENSSL */ -

4009 -

4010 int -

4011 sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, -

4012 const char *passphrase, struct sshkey **keyp, char **commentp) -

4013 { -

4014 int r = SSH_ERR_INTERNAL_ERROR; -

4015 -

4016

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-254950

4017

*keyp = NULL;

executed 254950 times by 3 tests: *keyp = ((void *)0) ;

Executed by:

ssh-keygen
sshd
test_sshkey

254950

4018

if (commentp != NULL)

commentp != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-254950

4019

*commentp = NULL;

never executed: *commentp = ((void *)0) ;

4020 -

4021 switch (type) { -

4022 #ifdef WITH_OPENSSL -

4023

case KEY_DSA:

never executed: case KEY_DSA:

4024

case KEY_ECDSA:

never executed: case KEY_ECDSA:

4025

case KEY_RSA:

never executed: case KEY_RSA:

4026

return sshkey_parse_private_pem_fileblob(blob, type,

never executed: return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp);

4027

passphrase, keyp);

never executed: return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp);

4028 #endif /* WITH_OPENSSL */ -

4029

case KEY_ED25519:

never executed: case KEY_ED25519:

4030 #ifdef WITH_XMSS -

4031 case KEY_XMSS: -

4032 #endif /* WITH_XMSS */ -

4033

return sshkey_parse_private2(blob, type, passphrase,

never executed: return sshkey_parse_private2(blob, type, passphrase, keyp, commentp);

4034

keyp, commentp);

never executed: return sshkey_parse_private2(blob, type, passphrase, keyp, commentp);

4035

case KEY_UNSPEC:

executed 254950 times by 3 tests: case KEY_UNSPEC:

Executed by:

ssh-keygen
sshd
test_sshkey

254950

4036 r = sshkey_parse_private2(blob, type, passphrase, keyp, -

4037 commentp); -

4038 /* Do not fallback to PEM parser if only passphrase is wrong. */ -

4039

if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE)

r == 0	Description
TRUE	evaluated 14172 times by 2 tests Evaluated by: sshd test_sshkey
FALSE	evaluated 240778 times by 2 tests Evaluated by: ssh-keygen test_sshkey

r == -43	Description
TRUE	evaluated 681 times by 1 test Evaluated by: test_sshkey
FALSE	evaluated 240097 times by 2 tests Evaluated by: ssh-keygen test_sshkey

681-240778

4040

return r;

executed 14853 times by 2 tests: return r;

Executed by:

sshd
test_sshkey

14853

4041 #ifdef WITH_OPENSSL -

4042

return sshkey_parse_private_pem_fileblob(blob, type,

executed 240097 times by 2 tests: return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp);

Executed by:

ssh-keygen
test_sshkey

240097

4043

passphrase, keyp);

executed 240097 times by 2 tests: return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp);

Executed by:

ssh-keygen
test_sshkey

240097

4044 #else -

4045 return SSH_ERR_INVALID_FORMAT; -

4046 #endif /* WITH_OPENSSL */ -

4047

default:

never executed: default:

4048

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

4049 } -

4050 } -

4051 -

4052 int -

4053 sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, -

4054 struct sshkey **keyp, char **commentp) -

4055 { -

4056

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-254950

4057

*keyp = NULL;

executed 254950 times by 3 tests: *keyp = ((void *)0) ;

Executed by:

ssh-keygen
sshd
test_sshkey

254950

4058

if (commentp != NULL)

commentp != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 254950 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-254950

4059

*commentp = NULL;

never executed: *commentp = ((void *)0) ;

4060 -

4061

return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC,

executed 254950 times by 3 tests: return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, passphrase, keyp, commentp);

Executed by:

ssh-keygen
sshd
test_sshkey

254950

4062

passphrase, keyp, commentp);

executed 254950 times by 3 tests: return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, passphrase, keyp, commentp);

Executed by:

ssh-keygen
sshd
test_sshkey

254950

4063 } -

4064 -

4065 #ifdef WITH_XMSS -

4066 /* -

4067 * serialize the key with the current state and forward the state -

4068 * maxsign times. -

4069 */ -

4070 int -

4071 sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b, -

4072 u_int32_t maxsign, sshkey_printfn *pr) -

4073 { -

4074 int r, rupdate; -

4075 -

4076 if (maxsign == 0 || -

4077 sshkey_type_plain(k->type) != KEY_XMSS) -

4078 return sshkey_private_serialize_opt(k, b, -

4079 SSHKEY_SERIALIZE_DEFAULT); -

4080 if ((r = sshkey_xmss_get_state(k, pr)) != 0 || -

4081 (r = sshkey_private_serialize_opt(k, b, -

4082 SSHKEY_SERIALIZE_STATE)) != 0 || -

4083 (r = sshkey_xmss_forward_state(k, maxsign)) != 0) -

4084 goto out; -

4085 r = 0; -

4086 out: -

4087 if ((rupdate = sshkey_xmss_update_state(k, pr)) != 0) { -

4088 if (r == 0) -

4089 r = rupdate; -

4090 } -

4091 return r; -

4092 } -

4093 -

4094 u_int32_t -

4095 sshkey_signatures_left(const struct sshkey *k) -

4096 { -

4097 if (sshkey_type_plain(k->type) == KEY_XMSS) -

4098 return sshkey_xmss_signatures_left(k); -

4099 return 0; -

4100 } -

4101 -

4102 int -

4103 sshkey_enable_maxsign(struct sshkey *k, u_int32_t maxsign) -

4104 { -

4105 if (sshkey_type_plain(k->type) != KEY_XMSS) -

4106 return SSH_ERR_INVALID_ARGUMENT; -

4107 return sshkey_xmss_enable_maxsign(k, maxsign); -

4108 } -

4109 -

4110 int -

4111 sshkey_set_filename(struct sshkey *k, const char *filename) -

4112 { -

4113 if (k == NULL) -

4114 return SSH_ERR_INVALID_ARGUMENT; -

4115 if (sshkey_type_plain(k->type) != KEY_XMSS) -

4116 return 0; -

4117 if (filename == NULL) -

4118 return SSH_ERR_INVALID_ARGUMENT; -

4119 if ((k->xmss_filename = strdup(filename)) == NULL) -

4120 return SSH_ERR_ALLOC_FAIL; -

4121 return 0; -

4122 } -

4123 #else -

4124 int -

4125 sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b, -

4126 u_int32_t maxsign, sshkey_printfn *pr) -

4127 { -

4128

return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT);

never executed: return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT);

4129 } -

4130 -

4131 u_int32_t -

4132 sshkey_signatures_left(const struct sshkey *k) -

4133 { -

4134

return 0;

never executed: return 0;

4135 } -

4136 -

4137 int -

4138 sshkey_enable_maxsign(struct sshkey *k, u_int32_t maxsign) -

4139 { -

4140

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

4141 } -

4142 -

4143 int -

4144 sshkey_set_filename(struct sshkey *k, const char *filename) -

4145 { -

4146

if (k == NULL)

k == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

4147

return SSH_ERR_INVALID_ARGUMENT;

never executed: return -10;

4148

return 0;

executed 6 times by 2 tests: return 0;

Executed by:

ssh-keygen
sshd

4149 } -

4150 #endif /* WITH_XMSS */ -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2