OpenCoverage

ssl_rsa.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/ssl_rsa.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <stdio.h> -

11 #include "ssl_locl.h" -

12 #include "packet_locl.h" -

13 #include <openssl/bio.h> -

14 #include <openssl/objects.h> -

15 #include <openssl/evp.h> -

16 #include <openssl/x509.h> -

17 #include <openssl/pem.h> -

18 -

19 static int ssl_set_cert(CERT *c, X509 *x509); -

20 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -

21 -

22 #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ -

23 | SSL_EXT_CLIENT_HELLO \ -

24 | SSL_EXT_TLS1_2_SERVER_HELLO \ -

25 | SSL_EXT_IGNORE_ON_RESUMPTION) -

26 -

27 int SSL_use_certificate(SSL *ssl, X509 *x) -

28 { -

29 int rv; -

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

31 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); -

return 0;

never executed: return 0;

33 } -

34 rv = ssl_security_cert(ssl, NULL, x, 0, 1); -

if (rv != 1) {

rv != 1	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

36 SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv); -

return 0;

never executed: return 0;

38 } -

39 -

return ssl_set_cert(ssl->cert, x);

executed 2 times by 1 test: return ssl_set_cert(ssl->cert, x);

Executed by:

libssl.so.1.1

41 } -

42 -

43 int SSL_use_certificate_file(SSL *ssl, const char *file, int type) -

44 { -

45 int j; -

46 BIO *in; -

47 int ret = 0; -

48 X509 *x = NULL; -

49 -

50 in = BIO_new(BIO_s_file()); -

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

52 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); -

goto end;

never executed: goto end;

54 } -

55 -

if (BIO_read_filename(in, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

57 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); -

goto end;

never executed: goto end;

59 } -

if (type == SSL_FILETYPE_ASN1) {

type == 2	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

61 j = ERR_R_ASN1_LIB; -

62 x = d2i_X509_bio(in, NULL); -

} else if (type == SSL_FILETYPE_PEM) {

never executed: end of block

type == 1	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

64 j = ERR_R_PEM_LIB; -

65 x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback, -

66 ssl->default_passwd_callback_userdata); -

} else {

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

68 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); -

goto end;

never executed: goto end;

70 } -

71 -

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

73 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); -

goto end;

never executed: goto end;

75 } -

76 -

77 ret = SSL_use_certificate(ssl, x); -

end:

code before this statement executed 2 times by 1 test: end:

Executed by:

libssl.so.1.1

79 X509_free(x); -

80 BIO_free(in); -

return ret;

executed 2 times by 1 test: return ret;

Executed by:

libssl.so.1.1

82 } -

83 -

84 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) -

85 { -

86 X509 *x; -

87 int ret; -

88 -

89 x = d2i_X509(NULL, &d, (long)len); -

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

91 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); -

return 0;

never executed: return 0;

93 } -

94 -

95 ret = SSL_use_certificate(ssl, x); -

96 X509_free(x); -

return ret;

never executed: return ret;

98 } -

99 -

100 #ifndef OPENSSL_NO_RSA -

101 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) -

102 { -

103 EVP_PKEY *pkey; -

104 int ret; -

105 -

106

if (rsa == NULL) {

rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

107 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); -

108

return 0;

never executed: return 0;

109 } -

110

if ((pkey = EVP_PKEY_new()) == NULL) {

(pkey = EVP_PK...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

111 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); -

112

return 0;

never executed: return 0;

113 } -

114 -

115 RSA_up_ref(rsa); -

116

if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {

EVP_PKEY_assig... *)(rsa)) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

117 RSA_free(rsa); -

118 EVP_PKEY_free(pkey); -

119

return 0;

never executed: return 0;

120 } -

121 -

122 ret = ssl_set_pkey(ssl->cert, pkey); -

123 EVP_PKEY_free(pkey); -

124

return ret;

never executed: return ret;

125 } -

126 #endif -

127 -

128 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) -

129 { -

130 size_t i; -

131 -

132

if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {

ssl_cert_looku...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8031 times by 1 test Evaluated by: libssl.so.1.1

0-8031

133 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); -

134

return 0;

never executed: return 0;

135 } -

136 -

137

if (c->pkeys[i].x509 != NULL) {

c->pkeys[i].x5...!= ((void *)0)	Description
TRUE	evaluated 2277 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5754 times by 1 test Evaluated by: libssl.so.1.1

2277-5754

138 EVP_PKEY *pktmp; -

139 pktmp = X509_get0_pubkey(c->pkeys[i].x509); -

140

if (pktmp == NULL) {

pktmp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2277 times by 1 test Evaluated by: libssl.so.1.1

0-2277

141 SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE); -

142

return 0;

never executed: return 0;

143 } -

144 /* -

145 * The return code from EVP_PKEY_copy_parameters is deliberately -

146 * ignored. Some EVP_PKEY types cannot do this. -

147 */ -

148 EVP_PKEY_copy_parameters(pktmp, pkey); -

149 ERR_clear_error(); -

150 -

151 #ifndef OPENSSL_NO_RSA -

152 /* -

153 * Don't check the public/private key, this is mostly for smart -

154 * cards. -

155 */ -

156

if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA

EVP_PKEY_id(pkey) == 6	Description
TRUE	evaluated 1790 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 487 times by 1 test Evaluated by: libssl.so.1.1

487-1790

157

&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;

never executed: ;

RSA_flags(EVP_...key)) & 0x0001	Description
TRUE	never evaluated
FALSE	evaluated 1790 times by 1 test Evaluated by: libssl.so.1.1

0-1790

158 else -

159 #endif -

160

if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {

!X509_check_pr...i].x509, pkey)	Description
TRUE	never evaluated
FALSE	evaluated 2277 times by 1 test Evaluated by: libssl.so.1.1

0-2277

161 X509_free(c->pkeys[i].x509); -

162 c->pkeys[i].x509 = NULL; -

163

return 0;

never executed: return 0;

164 } -

165

}

executed 2277 times by 1 test: end of block

Executed by:

libssl.so.1.1

2277

166 -

167 EVP_PKEY_free(c->pkeys[i].privatekey); -

168 EVP_PKEY_up_ref(pkey); -

169 c->pkeys[i].privatekey = pkey; -

170 c->key = &c->pkeys[i]; -

171

return 1;

executed 8031 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8031

172 } -

173 -

174 #ifndef OPENSSL_NO_RSA -

175 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) -

176 { -

177 int j, ret = 0; -

178 BIO *in; -

179 RSA *rsa = NULL; -

180 -

181 in = BIO_new(BIO_s_file()); -

182

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

183 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); -

184

goto end;

never executed: goto end;

185 } -

186 -

187

if (BIO_read_filename(in, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

188 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); -

189

goto end;

never executed: goto end;

190 } -

191

if (type == SSL_FILETYPE_ASN1) {

type == 2	Description
TRUE	never evaluated
FALSE	never evaluated

192 j = ERR_R_ASN1_LIB; -

193 rsa = d2i_RSAPrivateKey_bio(in, NULL); -

194

} else if (type == SSL_FILETYPE_PEM) {

never executed: end of block

type == 1	Description
TRUE	never evaluated
FALSE	never evaluated

195 j = ERR_R_PEM_LIB; -

196 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, -

197 ssl->default_passwd_callback, -

198 ssl->default_passwd_callback_userdata); -

199

} else {

never executed: end of block

200 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); -

201

goto end;

never executed: goto end;

202 } -

203

if (rsa == NULL) {

rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

204 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); -

205

goto end;

never executed: goto end;

206 } -

207 ret = SSL_use_RSAPrivateKey(ssl, rsa); -

208 RSA_free(rsa); -

209

end:

code before this statement never executed: end:

210 BIO_free(in); -

211

return ret;

never executed: return ret;

212 } -

213 -

214 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) -

215 { -

216 int ret; -

217 const unsigned char *p; -

218 RSA *rsa; -

219 -

220 p = d; -

221

if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {

(rsa = d2i_RSA...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

222 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); -

223

return 0;

never executed: return 0;

224 } -

225 -

226 ret = SSL_use_RSAPrivateKey(ssl, rsa); -

227 RSA_free(rsa); -

228

return ret;

never executed: return ret;

229 } -

230 #endif /* !OPENSSL_NO_RSA */ -

231 -

232 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) -

233 { -

234 int ret; -

235 -

236

if (pkey == NULL) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

237 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); -

238

return 0;

never executed: return 0;

239 } -

240 ret = ssl_set_pkey(ssl->cert, pkey); -

241

return ret;

executed 2 times by 1 test: return ret;

Executed by:

libssl.so.1.1

242 } -

243 -

244 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) -

245 { -

246 int j, ret = 0; -

247 BIO *in; -

248 EVP_PKEY *pkey = NULL; -

249 -

250 in = BIO_new(BIO_s_file()); -

251

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

252 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); -

253

goto end;

never executed: goto end;

254 } -

255 -

256

if (BIO_read_filename(in, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

257 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); -

258

goto end;

never executed: goto end;

259 } -

260

if (type == SSL_FILETYPE_PEM) {

type == 1	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

261 j = ERR_R_PEM_LIB; -

262 pkey = PEM_read_bio_PrivateKey(in, NULL, -

263 ssl->default_passwd_callback, -

264 ssl->default_passwd_callback_userdata); -

265

} else if (type == SSL_FILETYPE_ASN1) {

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

type == 2	Description
TRUE	never evaluated
FALSE	never evaluated

0-2

266 j = ERR_R_ASN1_LIB; -

267 pkey = d2i_PrivateKey_bio(in, NULL); -

268

} else {

never executed: end of block

269 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); -

270

goto end;

never executed: goto end;

271 } -

272

if (pkey == NULL) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

273 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); -

274

goto end;

never executed: goto end;

275 } -

276 ret = SSL_use_PrivateKey(ssl, pkey); -

277 EVP_PKEY_free(pkey); -

278

end:

code before this statement executed 2 times by 1 test: end:

Executed by:

libssl.so.1.1

279 BIO_free(in); -

280

return ret;

executed 2 times by 1 test: return ret;

Executed by:

libssl.so.1.1

281 } -

282 -

283 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, -

284 long len) -

285 { -

286 int ret; -

287 const unsigned char *p; -

288 EVP_PKEY *pkey; -

289 -

290 p = d; -

291

if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {

(pkey = d2i_Pr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

292 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); -

293

return 0;

never executed: return 0;

294 } -

295 -

296 ret = SSL_use_PrivateKey(ssl, pkey); -

297 EVP_PKEY_free(pkey); -

298

return ret;

never executed: return ret;

299 } -

300 -

301 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) -

302 { -

303 int rv; -

304

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8029 times by 1 test Evaluated by: libssl.so.1.1

0-8029

305 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); -

306

return 0;

never executed: return 0;

307 } -

308 rv = ssl_security_cert(NULL, ctx, x, 0, 1); -

309

if (rv != 1) {

rv != 1	Description
TRUE	never evaluated
FALSE	evaluated 8029 times by 1 test Evaluated by: libssl.so.1.1

0-8029

310 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv); -

311

return 0;

never executed: return 0;

312 } -

313

return ssl_set_cert(ctx->cert, x);

executed 8029 times by 1 test: return ssl_set_cert(ctx->cert, x);

Executed by:

libssl.so.1.1

8029

314 } -

315 -

316 static int ssl_set_cert(CERT *c, X509 *x) -

317 { -

318 EVP_PKEY *pkey; -

319 size_t i; -

320 -

321 pkey = X509_get0_pubkey(x); -

322

if (pkey == NULL) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8031 times by 1 test Evaluated by: libssl.so.1.1

0-8031

323 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); -

324

return 0;

never executed: return 0;

325 } -

326 -

327

if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {

ssl_cert_looku...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8031 times by 1 test Evaluated by: libssl.so.1.1

0-8031

328 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); -

329

return 0;

never executed: return 0;

330 } -

331 #ifndef OPENSSL_NO_EC -

332

if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {

i == 3	Description
TRUE	evaluated 2030 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6001 times by 1 test Evaluated by: libssl.so.1.1

!EC_KEY_can_si..._EC_KEY(pkey))	Description
TRUE	never evaluated
FALSE	evaluated 2030 times by 1 test Evaluated by: libssl.so.1.1

0-6001

333 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING); -

334

return 0;

never executed: return 0;

335 } -

336 #endif -

337

if (c->pkeys[i].privatekey != NULL) {

c->pkeys[i].pr...!= ((void *)0)	Description
TRUE	evaluated 5754 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2277 times by 1 test Evaluated by: libssl.so.1.1

2277-5754

338 /* -

339 * The return code from EVP_PKEY_copy_parameters is deliberately -

340 * ignored. Some EVP_PKEY types cannot do this. -

341 */ -

342 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); -

343 ERR_clear_error(); -

344 -

345 #ifndef OPENSSL_NO_RSA -

346 /* -

347 * Don't check the public/private key, this is mostly for smart -

348 * cards. -

349 */ -

350

if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA

EVP_PKEY_id(c-...ivatekey) == 6	Description
TRUE	evaluated 2152 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3602 times by 1 test Evaluated by: libssl.so.1.1

2152-3602

351

&& RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &

RSA_flags(EVP_...key)) & 0x0001	Description
TRUE	never evaluated
FALSE	evaluated 2152 times by 1 test Evaluated by: libssl.so.1.1

0-2152

352

RSA_METHOD_FLAG_NO_CHECK) ;

never executed: ;

RSA_flags(EVP_...key)) & 0x0001	Description
TRUE	never evaluated
FALSE	evaluated 2152 times by 1 test Evaluated by: libssl.so.1.1

0-2152

353 else -

354 #endif /* OPENSSL_NO_RSA */ -

355

if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {

!X509_check_pr...i].privatekey)	Description
TRUE	never evaluated
FALSE	evaluated 5754 times by 1 test Evaluated by: libssl.so.1.1

0-5754

356 /* -

357 * don't fail for a cert/key mismatch, just free current private -

358 * key (when switching to a different cert & key, first this -

359 * function should be used, then ssl_set_pkey -

360 */ -

361 EVP_PKEY_free(c->pkeys[i].privatekey); -

362 c->pkeys[i].privatekey = NULL; -

363 /* clear error queue */ -

364 ERR_clear_error(); -

365

}

never executed: end of block

366

}

executed 5754 times by 1 test: end of block

Executed by:

libssl.so.1.1

5754

367 -

368 X509_free(c->pkeys[i].x509); -

369 X509_up_ref(x); -

370 c->pkeys[i].x509 = x; -

371 c->key = &(c->pkeys[i]); -

372 -

373

return 1;

executed 8031 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8031

374 } -

375 -

376 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) -

377 { -

378 int j; -

379 BIO *in; -

380 int ret = 0; -

381 X509 *x = NULL; -

382 -

383 in = BIO_new(BIO_s_file()); -

384

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 330 times by 1 test Evaluated by: libssl.so.1.1

0-330

385 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); -

386

goto end;

never executed: goto end;

387 } -

388 -

389

if (BIO_read_filename(in, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 330 times by 1 test Evaluated by: libssl.so.1.1

0-330

390 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); -

391

goto end;

never executed: goto end;

392 } -

393

if (type == SSL_FILETYPE_ASN1) {

type == 2	Description
TRUE	never evaluated
FALSE	evaluated 330 times by 1 test Evaluated by: libssl.so.1.1

0-330

394 j = ERR_R_ASN1_LIB; -

395 x = d2i_X509_bio(in, NULL); -

396

} else if (type == SSL_FILETYPE_PEM) {

never executed: end of block

type == 1	Description
TRUE	evaluated 330 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-330

397 j = ERR_R_PEM_LIB; -

398 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, -

399 ctx->default_passwd_callback_userdata); -

400

} else {

executed 330 times by 1 test: end of block

Executed by:

libssl.so.1.1

330

401 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); -

402

goto end;

never executed: goto end;

403 } -

404 -

405

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 330 times by 1 test Evaluated by: libssl.so.1.1

0-330

406 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); -

407

goto end;

never executed: goto end;

408 } -

409 -

410 ret = SSL_CTX_use_certificate(ctx, x); -

411

end:

code before this statement executed 330 times by 1 test: end:

Executed by:

libssl.so.1.1

330

412 X509_free(x); -

413 BIO_free(in); -

414

return ret;

executed 330 times by 1 test: return ret;

Executed by:

libssl.so.1.1

330

415 } -

416 -

417 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) -

418 { -

419 X509 *x; -

420 int ret; -

421 -

422 x = d2i_X509(NULL, &d, (long)len); -

423

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

424 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); -

425

return 0;

never executed: return 0;

426 } -

427 -

428 ret = SSL_CTX_use_certificate(ctx, x); -

429 X509_free(x); -

430

return ret;

never executed: return ret;

431 } -

432 -

433 #ifndef OPENSSL_NO_RSA -

434 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) -

435 { -

436 int ret; -

437 EVP_PKEY *pkey; -

438 -

439

if (rsa == NULL) {

rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

440 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); -

441

return 0;

never executed: return 0;

442 } -

443

if ((pkey = EVP_PKEY_new()) == NULL) {

(pkey = EVP_PK...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

444 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); -

445

return 0;

never executed: return 0;

446 } -

447 -

448 RSA_up_ref(rsa); -

449

if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {

EVP_PKEY_assig... *)(rsa)) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

450 RSA_free(rsa); -

451 EVP_PKEY_free(pkey); -

452

return 0;

never executed: return 0;

453 } -

454 -

455 ret = ssl_set_pkey(ctx->cert, pkey); -

456 EVP_PKEY_free(pkey); -

457

return ret;

never executed: return ret;

458 } -

459 -

460 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) -

461 { -

462 int j, ret = 0; -

463 BIO *in; -

464 RSA *rsa = NULL; -

465 -

466 in = BIO_new(BIO_s_file()); -

467

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

468 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); -

469

goto end;

never executed: goto end;

470 } -

471 -

472

if (BIO_read_filename(in, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

473 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); -

474

goto end;

never executed: goto end;

475 } -

476

if (type == SSL_FILETYPE_ASN1) {

type == 2	Description
TRUE	never evaluated
FALSE	never evaluated

477 j = ERR_R_ASN1_LIB; -

478 rsa = d2i_RSAPrivateKey_bio(in, NULL); -

479

} else if (type == SSL_FILETYPE_PEM) {

never executed: end of block

type == 1	Description
TRUE	never evaluated
FALSE	never evaluated

480 j = ERR_R_PEM_LIB; -

481 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, -

482 ctx->default_passwd_callback, -

483 ctx->default_passwd_callback_userdata); -

484

} else {

never executed: end of block

485 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); -

486

goto end;

never executed: goto end;

487 } -

488

if (rsa == NULL) {

rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

489 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); -

490

goto end;

never executed: goto end;

491 } -

492 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); -

493 RSA_free(rsa); -

494

end:

code before this statement never executed: end:

495 BIO_free(in); -

496

return ret;

never executed: return ret;

497 } -

498 -

499 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, -

500 long len) -

501 { -

502 int ret; -

503 const unsigned char *p; -

504 RSA *rsa; -

505 -

506 p = d; -

507

if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {

(rsa = d2i_RSA...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

508 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); -

509

return 0;

never executed: return 0;

510 } -

511 -

512 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); -

513 RSA_free(rsa); -

514

return ret;

never executed: return ret;

515 } -

516 #endif /* !OPENSSL_NO_RSA */ -

517 -

518 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) -

519 { -

520

if (pkey == NULL) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8029 times by 1 test Evaluated by: libssl.so.1.1

0-8029

521 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); -

522

return 0;

never executed: return 0;

523 } -

524

return ssl_set_pkey(ctx->cert, pkey);

executed 8029 times by 1 test: return ssl_set_pkey(ctx->cert, pkey);

Executed by:

libssl.so.1.1

8029

525 } -

526 -

527 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) -

528 { -

529 int j, ret = 0; -

530 BIO *in; -

531 EVP_PKEY *pkey = NULL; -

532 -

533 in = BIO_new(BIO_s_file()); -

534

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2441 times by 1 test Evaluated by: libssl.so.1.1

0-2441

535 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); -

536

goto end;

never executed: goto end;

537 } -

538 -

539

if (BIO_read_filename(in, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 2441 times by 1 test Evaluated by: libssl.so.1.1

0-2441

540 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); -

541

goto end;

never executed: goto end;

542 } -

543

if (type == SSL_FILETYPE_PEM) {

type == 1	Description
TRUE	evaluated 2441 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2441

544 j = ERR_R_PEM_LIB; -

545 pkey = PEM_read_bio_PrivateKey(in, NULL, -

546 ctx->default_passwd_callback, -

547 ctx->default_passwd_callback_userdata); -

548

} else if (type == SSL_FILETYPE_ASN1) {

executed 2441 times by 1 test: end of block

Executed by:

libssl.so.1.1

type == 2	Description
TRUE	never evaluated
FALSE	never evaluated

0-2441

549 j = ERR_R_ASN1_LIB; -

550 pkey = d2i_PrivateKey_bio(in, NULL); -

551

} else {

never executed: end of block

552 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); -

553

goto end;

never executed: goto end;

554 } -

555

if (pkey == NULL) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2441 times by 1 test Evaluated by: libssl.so.1.1

0-2441

556 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); -

557

goto end;

never executed: goto end;

558 } -

559 ret = SSL_CTX_use_PrivateKey(ctx, pkey); -

560 EVP_PKEY_free(pkey); -

561

end:

code before this statement executed 2441 times by 1 test: end:

Executed by:

libssl.so.1.1

2441

562 BIO_free(in); -

563

return ret;

executed 2441 times by 1 test: return ret;

Executed by:

libssl.so.1.1

2441

564 } -

565 -

566 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, -

567 const unsigned char *d, long len) -

568 { -

569 int ret; -

570 const unsigned char *p; -

571 EVP_PKEY *pkey; -

572 -

573 p = d; -

574

if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {

(pkey = d2i_Pr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

575 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); -

576

return 0;

never executed: return 0;

577 } -

578 -

579 ret = SSL_CTX_use_PrivateKey(ctx, pkey); -

580 EVP_PKEY_free(pkey); -

581

return ret;

never executed: return ret;

582 } -

583 -

584 /* -

585 * Read a file that contains our certificate in "PEM" format, possibly -

586 * followed by a sequence of CA certificates that should be sent to the peer -

587 * in the Certificate message. -

588 */ -

589 static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) -

590 { -

591 BIO *in; -

592 int ret = 0; -

593 X509 *x = NULL; -

594 pem_password_cb *passwd_callback; -

595 void *passwd_callback_userdata; -

596 -

597 ERR_clear_error(); /* clear error stack for -

598 * SSL_CTX_use_certificate() */ -

599 -

600

if (ctx != NULL) {

ctx != ((void *)0)	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2111

601 passwd_callback = ctx->default_passwd_callback; -

602 passwd_callback_userdata = ctx->default_passwd_callback_userdata; -

603

} else {

executed 2111 times by 1 test: end of block

Executed by:

libssl.so.1.1

2111

604 passwd_callback = ssl->default_passwd_callback; -

605 passwd_callback_userdata = ssl->default_passwd_callback_userdata; -

606

}

never executed: end of block

607 -

608 in = BIO_new(BIO_s_file()); -

609

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

610 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); -

611

goto end;

never executed: goto end;

612 } -

613 -

614

if (BIO_read_filename(in, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

615 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); -

616

goto end;

never executed: goto end;

617 } -

618 -

619 x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback, -

620 passwd_callback_userdata); -

621

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

622 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); -

623

goto end;

never executed: goto end;

624 } -

625 -

626

if (ctx)

ctx	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2111

627

ret = SSL_CTX_use_certificate(ctx, x);

executed 2111 times by 1 test: ret = SSL_CTX_use_certificate(ctx, x);

Executed by:

libssl.so.1.1

2111

628 else -

629

ret = SSL_use_certificate(ssl, x);

never executed: ret = SSL_use_certificate(ssl, x);

630 -

631

if (ERR_peek_error() != 0)

ERR_peek_error() != 0	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

632

ret = 0; /* Key/certificate mismatch doesn't imply

never executed: ret = 0;

633 * ret==0 ... */ -

634

if (ret) {

ret	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2111

635 /* -

636 * If we could set up our certificate, now proceed to the CA -

637 * certificates. -

638 */ -

639 X509 *ca; -

640 int r; -

641 unsigned long err; -

642 -

643

if (ctx)

ctx	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2111

644

r = SSL_CTX_clear_chain_certs(ctx);

executed 2111 times by 1 test: r = SSL_CTX_ctrl(ctx,88,0,(char *)( ((void *)0) ));

Executed by:

libssl.so.1.1

2111

645 else -

646

r = SSL_clear_chain_certs(ssl);

never executed: r = SSL_ctrl(ssl,88,0,(char *)( ((void *)0) ));

647 -

648

if (r == 0) {

r == 0	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

649 ret = 0; -

650

goto end;

never executed: goto end;

651 } -

652 -

653

while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,

(ca = PEM_read...!= ((void *)0)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

36-2111

654

passwd_callback_userdata))

(ca = PEM_read...!= ((void *)0)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

36-2111

655

!= NULL) {

(ca = PEM_read...!= ((void *)0)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

36-2111

656

if (ctx)

ctx	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-36

657

r = SSL_CTX_add0_chain_cert(ctx, ca);

executed 36 times by 1 test: r = SSL_CTX_ctrl(ctx,89,0,(char *)(ca));

Executed by:

libssl.so.1.1

658 else -

659

r = SSL_add0_chain_cert(ssl, ca);

never executed: r = SSL_ctrl(ssl,89,0,(char *)(ca));

660 /* -

661 * Note that we must not free ca if it was successfully added to -

662 * the chain (while we must free the main certificate, since its -

663 * reference count is increased by SSL_CTX_use_certificate). -

664 */ -

665

if (!r) {

!r	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

666 X509_free(ca); -

667 ret = 0; -

668

goto end;

never executed: goto end;

669 } -

670

}

executed 36 times by 1 test: end of block

Executed by:

libssl.so.1.1

671 /* When the while loop ends, it's usually just EOF. */ -

672 err = ERR_peek_last_error(); -

673

if (ERR_GET_LIB(err) == ERR_LIB_PEM

(int)(((err) >...& 0x0FFL) == 9	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2111

674

&& ERR_GET_REASON(err) == PEM_R_NO_START_LINE)

(int)( (err) & 0xFFFL) == 108	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2111

675

ERR_clear_error();

executed 2111 times by 1 test: ERR_clear_error();

Executed by:

libssl.so.1.1

2111

676 else -

677

ret = 0; /* some real error */

never executed: ret = 0;

678 } -

679 -

680

end:

code before this statement executed 2111 times by 1 test: end:

Executed by:

libssl.so.1.1

2111

681 X509_free(x); -

682 BIO_free(in); -

683

return ret;

executed 2111 times by 1 test: return ret;

Executed by:

libssl.so.1.1

2111

684 } -

685 -

686 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) -

687 { -

688

return use_certificate_chain_file(ctx, NULL, file);

executed 2111 times by 1 test: return use_certificate_chain_file(ctx, ((void *)0) , file);

Executed by:

libssl.so.1.1

2111

689 } -

690 -

691 int SSL_use_certificate_chain_file(SSL *ssl, const char *file) -

692 { -

693

return use_certificate_chain_file(NULL, ssl, file);

never executed: return use_certificate_chain_file( ((void *)0) , ssl, file);

694 } -

695 -

696 static int serverinfo_find_extension(const unsigned char *serverinfo, -

697 size_t serverinfo_length, -

698 unsigned int extension_type, -

699 const unsigned char **extension_data, -

700 size_t *extension_length) -

701 { -

702 PACKET pkt, data; -

703 -

704 *extension_data = NULL; -

705 *extension_length = 0; -

706

if (serverinfo == NULL || serverinfo_length == 0)

serverinfo == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

serverinfo_length == 0	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

707

return -1;

never executed: return -1;

708 -

709

if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))

!PACKET_buf_in...erinfo_length)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

710

return -1;

never executed: return -1;

711 -

712 for (;;) { -

713 unsigned int type = 0; -

714 unsigned long context = 0; -

715 -

716 /* end of serverinfo */ -

717

if (PACKET_remaining(&pkt) == 0)

PACKET_remaining(&pkt) == 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

718

return 0; /* Extension not found */

never executed: return 0;

719 -

720

if (!PACKET_get_net_4(&pkt, &context)

!PACKET_get_ne...pkt, &context)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

721

|| !PACKET_get_net_2(&pkt, &type)

!PACKET_get_net_2(&pkt, &type)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

722

|| !PACKET_get_length_prefixed_2(&pkt, &data))

!PACKET_get_le...2(&pkt, &data)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

723

return -1;

never executed: return -1;

724 -

725

if (type == extension_type) {

type == extension_type	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-8

726 *extension_data = PACKET_data(&data); -

727 *extension_length = PACKET_remaining(&data);; -

728

return 1; /* Success */

executed 8 times by 1 test: return 1;

Executed by:

libssl.so.1.1

729 } -

730

}

executed 3 times by 1 test: end of block

Executed by:

libssl.so.1.1

731 /* Unreachable */ -

732

}

never executed: end of block

733 -

734 static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type, -

735 unsigned int context, -

736 const unsigned char *in, -

737 size_t inlen, X509 *x, size_t chainidx, -

738 int *al, void *arg) -

739 { -

740 -

741

if (inlen != 0) {

inlen != 0	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

742 *al = SSL_AD_DECODE_ERROR; -

743

return 0;

never executed: return 0;

744 } -

745 -

746

return 1;

executed 8 times by 1 test: return 1;

Executed by:

libssl.so.1.1

747 } -

748 -

749 static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, -

750 const unsigned char *in, -

751 size_t inlen, int *al, void *arg) -

752 { -

753

return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,

executed 7 times by 1 test: return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, ((void *)0) , 0, al, arg);

Executed by:

libssl.so.1.1

754

arg);

executed 7 times by 1 test: return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, ((void *)0) , 0, al, arg);

Executed by:

libssl.so.1.1

755 } -

756 -

757 static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type, -

758 unsigned int context, -

759 const unsigned char **out, -

760 size_t *outlen, X509 *x, size_t chainidx, -

761 int *al, void *arg) -

762 { -

763 const unsigned char *serverinfo = NULL; -

764 size_t serverinfo_length = 0; -

765 -

766 /* We only support extensions for the first Certificate */ -

767

if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)

(context & 0x1000) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

chainidx > 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-7

768

return 0;

never executed: return 0;

769 -

770 /* Is there serverinfo data for the chosen server cert? */ -

771

if ((ssl_get_server_cert_serverinfo(s, &serverinfo,

(ssl_get_serve..._length)) != 0	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-8

772

&serverinfo_length)) != 0) {

(ssl_get_serve..._length)) != 0	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-8

773 /* Find the relevant extension from the serverinfo */ -

774 int retval = serverinfo_find_extension(serverinfo, serverinfo_length, -

775 ext_type, out, outlen); -

776

if (retval == -1) {

retval == -1	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

777 *al = SSL_AD_INTERNAL_ERROR; -

778

return -1; /* Error */

never executed: return -1;

779 } -

780

if (retval == 0)

retval == 0	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

781

return 0; /* No extension found, don't send extension */

never executed: return 0;

782

return 1; /* Send extension */

executed 8 times by 1 test: return 1;

Executed by:

libssl.so.1.1

783 } -

784

return 0; /* No serverinfo data found, don't send

never executed: return 0;

785 * extension */ -

786 } -

787 -

788 static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, -

789 const unsigned char **out, size_t *outlen, -

790 int *al, void *arg) -

791 { -

792

return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,

executed 7 times by 1 test: return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, ((void *)0) , 0, al, arg);

Executed by:

libssl.so.1.1

793

arg);

executed 7 times by 1 test: return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, ((void *)0) , 0, al, arg);

Executed by:

libssl.so.1.1

794 } -

795 -

796 /* -

797 * With a NULL context, this function just checks that the serverinfo data -

798 * parses correctly. With a non-NULL context, it registers callbacks for -

799 * the included extensions. -

800 */ -

801 static int serverinfo_process_buffer(unsigned int version, -

802 const unsigned char *serverinfo, -

803 size_t serverinfo_length, SSL_CTX *ctx) -

804 { -

805 PACKET pkt; -

806 -

807

if (serverinfo == NULL || serverinfo_length == 0)

serverinfo == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

serverinfo_length == 0	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

808

return 0;

never executed: return 0;

809 -

810

if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)

version != 1	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

version != 2	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

811

return 0;

never executed: return 0;

812 -

813

if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))

!PACKET_buf_in...erinfo_length)	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

814

return 0;

never executed: return 0;

815 -

816

while (PACKET_remaining(&pkt)) {

PACKET_remaining(&pkt)	Description
TRUE	evaluated 58 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

32-58

817 unsigned long context = 0; -

818 unsigned int ext_type = 0; -

819 PACKET data; -

820 -

821

if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))

version == 2	Description
TRUE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

!PACKET_get_ne...pkt, &context)	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1

0-49

822

|| !PACKET_get_net_2(&pkt, &ext_type)

!PACKET_get_ne...kt, &ext_type)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1

1-57

823

|| !PACKET_get_length_prefixed_2(&pkt, &data))

!PACKET_get_le...2(&pkt, &data)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 54 times by 1 test Evaluated by: libssl.so.1.1

3-54

824

return 0;

executed 4 times by 1 test: return 0;

Executed by:

libssl.so.1.1

825 -

826

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

827

continue;

executed 27 times by 1 test: continue;

Executed by:

libssl.so.1.1

828 -

829 /* -

830 * The old style custom extensions API could be set separately for -

831 * server/client, i.e. you could set one custom extension for a client, -

832 * and *for the same extension in the same SSL_CTX* you could set a -

833 * custom extension for the server as well. It seems quite weird to be -

834 * setting a custom extension for both client and server in a single -

835 * SSL_CTX - but theoretically possible. This isn't possible in the -

836 * new API. Therefore, if we have V1 serverinfo we use the old API. We -

837 * also use the old API even if we have V2 serverinfo but the context -

838 * looks like an old style <= TLSv1.2 extension. -

839 */ -

840

if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {

version == 1	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

context == (0x...0100 \| 0x0040)	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2-24

841

if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,

!SSL_CTX_add_s... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

0-25

842

serverinfo_srv_add_cb,

!SSL_CTX_add_s... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

0-25

843

NULL, NULL,

!SSL_CTX_add_s... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

0-25

844

serverinfo_srv_parse_cb,

!SSL_CTX_add_s... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

0-25

845

NULL))

!SSL_CTX_add_s... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

0-25

846

return 0;

never executed: return 0;

847

} else {

executed 25 times by 1 test: end of block

Executed by:

libssl.so.1.1

848

if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,

!SSL_CTX_add_c... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

849

serverinfoex_srv_add_cb,

!SSL_CTX_add_c... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

850

NULL, NULL,

!SSL_CTX_add_c... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

851

serverinfoex_srv_parse_cb,

!SSL_CTX_add_c... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

852

NULL))

!SSL_CTX_add_c... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

853

return 0;

never executed: return 0;

854

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

855 } -

856 -

857

return 1;

executed 32 times by 1 test: return 1;

Executed by:

libssl.so.1.1

858 } -

859 -

860 int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, -

861 const unsigned char *serverinfo, -

862 size_t serverinfo_length) -

863 { -

864 unsigned char *new_serverinfo; -

865 -

866

if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

serverinfo == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

serverinfo_length == 0	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

867 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER); -

868

return 0;

never executed: return 0;

869 } -

870

if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,

!serverinfo_pr... ((void *)0) )	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

4-16

871

NULL)) {

!serverinfo_pr... ((void *)0) )	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

4-16

872 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA); -

873

return 0;

executed 4 times by 1 test: return 0;

Executed by:

libssl.so.1.1

874 } -

875

if (ctx->cert->key == NULL) {

ctx->cert->key == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

876 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR); -

877

return 0;

never executed: return 0;

878 } -

879 new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, -

880 serverinfo_length); -

881

if (new_serverinfo == NULL) {

new_serverinfo == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

882 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE); -

883

return 0;

never executed: return 0;

884 } -

885 ctx->cert->key->serverinfo = new_serverinfo; -

886 memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length); -

887 ctx->cert->key->serverinfo_length = serverinfo_length; -

888 -

889 /* -

890 * Now that the serverinfo is validated and stored, go ahead and -

891 * register callbacks. -

892 */ -

893

if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,

!serverinfo_pr...o_length, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

894

ctx)) {

!serverinfo_pr...o_length, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

895 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA); -

896

return 0;

never executed: return 0;

897 } -

898

return 1;

executed 16 times by 1 test: return 1;

Executed by:

libssl.so.1.1

899 } -

900 -

901 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, -

902 size_t serverinfo_length) -

903 { -

904

return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,

executed 4 times by 1 test: return SSL_CTX_use_serverinfo_ex(ctx, 1, serverinfo, serverinfo_length);

Executed by:

libssl.so.1.1

905

serverinfo_length);

executed 4 times by 1 test: return SSL_CTX_use_serverinfo_ex(ctx, 1, serverinfo, serverinfo_length);

Executed by:

libssl.so.1.1

906 } -

907 -

908 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) -

909 { -

910 unsigned char *serverinfo = NULL; -

911 unsigned char *tmp; -

912 size_t serverinfo_length = 0; -

913 unsigned char *extension = 0; -

914 long extension_length = 0; -

915 char *name = NULL; -

916 char *header = NULL; -

917 char namePrefix1[] = "SERVERINFO FOR "; -

918 char namePrefix2[] = "SERVERINFOV2 FOR "; -

919 int ret = 0; -

920 BIO *bin = NULL; -

921 size_t num_extensions = 0, contextoff = 0; -

922 -

923

if (ctx == NULL || file == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

file == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

0-12

924 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER); -

925

goto end;

never executed: goto end;

926 } -

927 -

928 bin = BIO_new(BIO_s_file()); -

929

if (bin == NULL) {

bin == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

0-12

930 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB); -

931

goto end;

never executed: goto end;

932 } -

933

if (BIO_read_filename(bin, file) <= 0) {

(int)BIO_ctrl(...*)(file)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

0-12

934 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB); -

935

goto end;

never executed: goto end;

936 } -

937 -

938 for (num_extensions = 0;; num_extensions++) { -

939 unsigned int version; -

940 -

941

if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)

PEM_read_bio(b...n_length) == 0	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

12-23

942

== 0) {

PEM_read_bio(b...n_length) == 0	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

12-23

943 /* -

944 * There must be at least one extension in this file -

945 */ -

946

if (num_extensions == 0) {

num_extensions == 0	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

0-12

947 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, -

948 SSL_R_NO_PEM_EXTENSIONS); -

949

goto end;

never executed: goto end;

950 } else /* End of file, we're done */ -

951

break;

executed 12 times by 1 test: break;

Executed by:

libssl.so.1.1

952 } -

953 /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ -

954

if (strlen(name) < strlen(namePrefix1)) {

strlen(name) <...n(namePrefix1)	Description
TRUE	never evaluated
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

0-23

955 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); -

956

goto end;

never executed: goto end;

957 } -

958

if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) {

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( namePrefix1 ))[3] - __s2[3]);

never executed: end of block

(__extension__...fix1) ))) == 0	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

__builtin_cons...namePrefix1) )	Description
TRUE	never evaluated
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( name )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( name ...amePrefix1) ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons... namePrefix1 )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( nameP...amePrefix1) ))	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-23

959 version = SSL_SERVERINFOV1; -

960

} else {

executed 22 times by 1 test: end of block

Executed by:

libssl.so.1.1

961

if (strlen(name) < strlen(namePrefix2)) {

strlen(name) <...n(namePrefix2)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

962 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, -

963 SSL_R_PEM_NAME_TOO_SHORT); -

964

goto end;

never executed: goto end;

965 } -

966

if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) {

never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( namePrefix2 ))[3] - __s2[3]);

never executed: end of block

(__extension__...fix2) ))) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

__builtin_cons...namePrefix2) )	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( name )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( name ...amePrefix2) ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons... namePrefix2 )	Description
TRUE	never evaluated
FALSE	never evaluated

strlen ( nameP...amePrefix2) ))	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-1

967 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, -

968 SSL_R_PEM_NAME_BAD_PREFIX); -

969

goto end;

never executed: goto end;

970 } -

971 version = SSL_SERVERINFOV2; -

972

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

973 /* -

974 * Check that the decoded PEM data is plausible (valid length field) -

975 */ -

976

if (version == SSL_SERVERINFOV1) {

version == 1	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-22

977 /* 4 byte header: 2 bytes type, 2 bytes len */ -

978

if (extension_length < 4

extension_length < 4	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

979

|| (extension[2] << 8) + extension[3]

(extension[2] ...ion_length - 4	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

980

!= extension_length - 4) {

(extension[2] ...ion_length - 4	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

981 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA); -

982

goto end;

never executed: goto end;

983 } -

984 /* -

985 * File does not have a context value so we must take account of -

986 * this later. -

987 */ -

988 contextoff = 4; -

989

} else {

executed 22 times by 1 test: end of block

Executed by:

libssl.so.1.1

990 /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */ -

991

if (extension_length < 8

extension_length < 8	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

992

|| (extension[6] << 8) + extension[7]

(extension[6] ...ion_length - 8	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

993

!= extension_length - 8) {

(extension[6] ...ion_length - 8	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

994 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA); -

995

goto end;

never executed: goto end;

996 } -

997

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

998 /* Append the decoded extension to the serverinfo buffer */ -

999 tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length -

1000 + contextoff); -

1001

if (tmp == NULL) {

tmp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

0-23

1002 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); -

1003

goto end;

never executed: goto end;

1004 } -

1005 serverinfo = tmp; -

1006

if (contextoff > 0) {

contextoff > 0	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-22

1007 unsigned char *sinfo = serverinfo + serverinfo_length; -

1008 -

1009 /* We know this only uses the last 2 bytes */ -

1010 sinfo[0] = 0; -

1011 sinfo[1] = 0; -

1012 sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff; -

1013 sinfo[3] = SYNTHV1CONTEXT & 0xff; -

1014

}

executed 22 times by 1 test: end of block

Executed by:

libssl.so.1.1

1015 memcpy(serverinfo + serverinfo_length + contextoff, -

1016 extension, extension_length); -

1017 serverinfo_length += extension_length + contextoff; -

1018 -

1019 OPENSSL_free(name); -

1020 name = NULL; -

1021 OPENSSL_free(header); -

1022 header = NULL; -

1023 OPENSSL_free(extension); -

1024 extension = NULL; -

1025

}

executed 23 times by 1 test: end of block

Executed by:

libssl.so.1.1

1026 -

1027 ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo, -

1028 serverinfo_length); -

1029

end:

code before this statement executed 12 times by 1 test: end:

Executed by:

libssl.so.1.1

1030 /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */ -

1031 OPENSSL_free(name); -

1032 OPENSSL_free(header); -

1033 OPENSSL_free(extension); -

1034 OPENSSL_free(serverinfo); -

1035 BIO_free(bin); -

1036

return ret;

executed 12 times by 1 test: return ret;

Executed by:

libssl.so.1.1

1037 } -

1038 -

1039 static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, -

1040 STACK_OF(X509) *chain, int override) -

1041 { -

1042 int ret = 0; -

1043 size_t i; -

1044 int j; -

1045 int rv; -

1046

CERT *c = ssl != NULL ? ssl->cert : ctx->cert;

ssl != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1047 STACK_OF(X509) *dup_chain = NULL; -

1048 EVP_PKEY *pubkey = NULL; -

1049 -

1050 /* Do all security checks before anything else */ -

1051 rv = ssl_security_cert(ssl, ctx, x509, 0, 1); -

1052

if (rv != 1) {

rv != 1	Description
TRUE	never evaluated
FALSE	never evaluated

1053 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv); -

1054

goto out;

never executed: goto out;

1055 } -

1056

for (j = 0; j < sk_X509_num(chain); j++) {

j < sk_X509_num(chain)	Description
TRUE	never evaluated
FALSE	never evaluated

1057 rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0); -

1058

if (rv != 1) {

rv != 1	Description
TRUE	never evaluated
FALSE	never evaluated

1059 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv); -

1060

goto out;

never executed: goto out;

1061 } -

1062

}

never executed: end of block

1063 -

1064 pubkey = X509_get_pubkey(x509); /* bumps reference */ -

1065

if (pubkey == NULL)

pubkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1066

goto out;

never executed: goto out;

1067

if (privatekey == NULL) {

privatekey == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1068 privatekey = pubkey; -

1069

} else {

never executed: end of block

1070 /* For RSA, which has no parameters, missing returns 0 */ -

1071

if (EVP_PKEY_missing_parameters(privatekey)) {

EVP_PKEY_missi...rs(privatekey)	Description
TRUE	never evaluated
FALSE	never evaluated

1072

if (EVP_PKEY_missing_parameters(pubkey)) {

EVP_PKEY_missi...meters(pubkey)	Description
TRUE	never evaluated
FALSE	never evaluated

1073 /* nobody has parameters? - error */ -

1074 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS); -

1075

goto out;

never executed: goto out;

1076 } else { -

1077 /* copy to privatekey from pubkey */ -

1078 EVP_PKEY_copy_parameters(privatekey, pubkey); -

1079

}

never executed: end of block

1080

} else if (EVP_PKEY_missing_parameters(pubkey)) {

EVP_PKEY_missi...meters(pubkey)	Description
TRUE	never evaluated
FALSE	never evaluated

1081 /* copy to pubkey from privatekey */ -

1082 EVP_PKEY_copy_parameters(pubkey, privatekey); -

1083

} /* else both have parameters */

never executed: end of block

1084 -

1085 /* Copied from ssl_set_cert/pkey */ -

1086 #ifndef OPENSSL_NO_RSA -

1087

if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&

(EVP_PKEY_id(privatekey) == 6)	Description
TRUE	never evaluated
FALSE	never evaluated

1088

((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK)))

((RSA_flags(EV...y)) & 0x0001))	Description
TRUE	never evaluated
FALSE	never evaluated

1089

/* no-op */ ;

never executed: ;

1090 else -

1091 #endif -

1092 /* check that key <-> cert match */ -

1093

if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {

EVP_PKEY_cmp(p...ivatekey) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

1094 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); -

1095

goto out;

never executed: goto out;

1096 } -

1097

}

never executed: end of block

1098

if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {

ssl_cert_looku...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1099 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); -

1100

goto out;

never executed: goto out;

1101 } -

1102 -

1103

if (!override && (c->pkeys[i].x509 != NULL

!override	Description
TRUE	never evaluated
FALSE	never evaluated

c->pkeys[i].x5...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1104

|| c->pkeys[i].privatekey != NULL

c->pkeys[i].pr...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1105

|| c->pkeys[i].chain != NULL)) {

c->pkeys[i].ch...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1106 /* No override, and something already there */ -

1107 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE); -

1108

goto out;

never executed: goto out;

1109 } -

1110 -

1111

if (chain != NULL) {

chain != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1112 dup_chain = X509_chain_up_ref(chain); -

1113

if (dup_chain == NULL) {

dup_chain == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1114 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE); -

1115

goto out;

never executed: goto out;

1116 } -

1117

}

never executed: end of block

1118 -

1119 sk_X509_pop_free(c->pkeys[i].chain, X509_free); -

1120 c->pkeys[i].chain = dup_chain; -

1121 -

1122 X509_free(c->pkeys[i].x509); -

1123 X509_up_ref(x509); -

1124 c->pkeys[i].x509 = x509; -

1125 -

1126 EVP_PKEY_free(c->pkeys[i].privatekey); -

1127 EVP_PKEY_up_ref(privatekey); -

1128 c->pkeys[i].privatekey = privatekey; -

1129 -

1130 c->key = &(c->pkeys[i]); -

1131 -

1132 ret = 1; -

1133

out:

code before this statement never executed: out:

1134 EVP_PKEY_free(pubkey); -

1135

return ret;

never executed: return ret;

1136 } -

1137 -

1138 int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, -

1139 STACK_OF(X509) *chain, int override) -

1140 { -

1141

return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);

never executed: return ssl_set_cert_and_key(ssl, ((void *)0) , x509, privatekey, chain, override);

1142 } -

1143 -

1144 int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, -

1145 STACK_OF(X509) *chain, int override) -

1146 { -

1147

return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);

never executed: return ssl_set_cert_and_key( ((void *)0) , ctx, x509, privatekey, chain, override);

1148 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2