OpenCoverage

ssl_cert.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/ssl_cert.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

4 * -

5 * Licensed under the OpenSSL license (the "License"). You may not use -

6 * this file except in compliance with the License. You can obtain a copy -

7 * in the file LICENSE in the source distribution or at -

8 * https://www.openssl.org/source/license.html -

9 */ -

10 -

11 #include <stdio.h> -

12 #include <sys/types.h> -

13 -

14 #include "internal/nelem.h" -

15 #include "internal/o_dir.h" -

16 #include <openssl/bio.h> -

17 #include <openssl/pem.h> -

18 #include <openssl/x509v3.h> -

19 #include <openssl/dh.h> -

20 #include <openssl/bn.h> -

21 #include <openssl/crypto.h> -

22 #include "internal/refcount.h" -

23 #include "ssl_locl.h" -

24 #include "ssl_cert_table.h" -

25 #include "internal/thread_once.h" -

26 -

27 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, -

28 int op, int bits, int nid, void *other, -

29 void *ex); -

30 -

31 static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; -

32 static volatile int ssl_x509_store_ctx_idx = -1; -

33 -

DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)

executed 539 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

539

35 { -

36 ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0, -

37 "SSL for verify callback", -

38 NULL, NULL, NULL); -

return ssl_x509_store_ctx_idx >= 0;

executed 539 times by 2 tests: return ssl_x509_store_ctx_idx >= 0;

Executed by:

libssl.so.1.1
tls13encryptiontest

539

40 } -

41 -

42 int SSL_get_ex_data_X509_STORE_CTX_idx(void) -

43 { -

44 -

if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))

!(CRYPTO_THREA...ossl_ret_ : 0)	Description
TRUE	never evaluated
FALSE	evaluated 10679 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

CRYPTO_THREAD_...tx_init_ossl_)	Description
TRUE	evaluated 10679 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	never evaluated

0-10679

return -1;

never executed: return -1;

return ssl_x509_store_ctx_idx;

executed 10679 times by 2 tests: return ssl_x509_store_ctx_idx;

Executed by:

libssl.so.1.1
tls13encryptiontest

10679

48 } -

49 -

50 CERT *ssl_cert_new(void) -

51 { -

52 CERT *ret = OPENSSL_zalloc(sizeof(*ret)); -

53 -

if (ret == NULL) {

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

55 SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); -

return NULL;

never executed: return ((void *)0) ;

57 } -

58 -

59 ret->key = &(ret->pkeys[SSL_PKEY_RSA]); -

60 ret->references = 1; -

61 ret->sec_cb = ssl_security_default_callback; -

62 ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL; -

63 ret->sec_ex = NULL; -

64 ret->lock = CRYPTO_THREAD_lock_new(); -

if (ret->lock == NULL) {

ret->lock == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

66 SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); -

67 OPENSSL_free(ret); -

return NULL;

never executed: return ((void *)0) ;

69 } -

70 -

return ret;

executed 8017 times by 2 tests: return ret;

Executed by:

libssl.so.1.1
tls13encryptiontest

8017

72 } -

73 -

74 CERT *ssl_cert_dup(CERT *cert) -

75 { -

76 CERT *ret = OPENSSL_zalloc(sizeof(*ret)); -

77 int i; -

78 -

if (ret == NULL) {

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8278 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8278

80 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); -

return NULL;

never executed: return ((void *)0) ;

82 } -

83 -

84 ret->references = 1; -

85 ret->key = &ret->pkeys[cert->key - cert->pkeys]; -

86 ret->lock = CRYPTO_THREAD_lock_new(); -

if (ret->lock == NULL) {

ret->lock == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8278 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8278

88 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); -

89 OPENSSL_free(ret); -

return NULL;

never executed: return ((void *)0) ;

91 } -

92 #ifndef OPENSSL_NO_DH -

if (cert->dh_tmp != NULL) {

cert->dh_tmp != ((void *)0)	Description
TRUE	evaluated 116 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8162 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

116-8162

94 ret->dh_tmp = cert->dh_tmp; -

95 EVP_PKEY_up_ref(ret->dh_tmp); -

}

executed 116 times by 1 test: end of block

Executed by:

libssl.so.1.1

116

97 ret->dh_tmp_cb = cert->dh_tmp_cb; -

98 ret->dh_tmp_auto = cert->dh_tmp_auto; -

99 #endif -

100 -

101

for (i = 0; i < SSL_PKEY_NUM; i++) {

i < 9	Description
TRUE	evaluated 74502 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 8278 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

8278-74502

102 CERT_PKEY *cpk = cert->pkeys + i; -

103 CERT_PKEY *rpk = ret->pkeys + i; -

104

if (cpk->x509 != NULL) {

cpk->x509 != ((void *)0)	Description
TRUE	evaluated 7858 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 66644 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

7858-66644

105 rpk->x509 = cpk->x509; -

106 X509_up_ref(rpk->x509); -

107

}

executed 7858 times by 1 test: end of block

Executed by:

libssl.so.1.1

7858

108 -

109

if (cpk->privatekey != NULL) {

cpk->privatekey != ((void *)0)	Description
TRUE	evaluated 7858 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 66644 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

7858-66644

110 rpk->privatekey = cpk->privatekey; -

111 EVP_PKEY_up_ref(cpk->privatekey); -

112

}

executed 7858 times by 1 test: end of block

Executed by:

libssl.so.1.1

7858

113 -

114

if (cpk->chain) {

cpk->chain	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 74466 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

36-74466

115 rpk->chain = X509_chain_up_ref(cpk->chain); -

116

if (!rpk->chain) {

!rpk->chain	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

117 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); -

118

goto err;

never executed: goto err;

119 } -

120

}

executed 36 times by 1 test: end of block

Executed by:

libssl.so.1.1

121

if (cert->pkeys[i].serverinfo != NULL) {

cert->pkeys[i]...!= ((void *)0)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 74495 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

7-74495

122 /* Just copy everything. */ -

123 ret->pkeys[i].serverinfo = -

124 OPENSSL_malloc(cert->pkeys[i].serverinfo_length); -

125

if (ret->pkeys[i].serverinfo == NULL) {

ret->pkeys[i]....== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

0-7

126 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); -

127

goto err;

never executed: goto err;

128 } -

129 ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length; -

130 memcpy(ret->pkeys[i].serverinfo, -

131 cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); -

132

}

executed 7 times by 1 test: end of block

Executed by:

libssl.so.1.1

133

}

executed 74502 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

74502

134 -

135 /* Configured sigalgs copied across */ -

136

if (cert->conf_sigalgs) {

cert->conf_sigalgs	Description
TRUE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8237 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

41-8237

137 ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen -

138 * sizeof(*cert->conf_sigalgs)); -

139

if (ret->conf_sigalgs == NULL)

ret->conf_siga...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

0-41

140

goto err;

never executed: goto err;

141 memcpy(ret->conf_sigalgs, cert->conf_sigalgs, -

142 cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); -

143 ret->conf_sigalgslen = cert->conf_sigalgslen; -

144

} else

executed 41 times by 1 test: end of block

Executed by:

libssl.so.1.1

145

ret->conf_sigalgs = NULL;

executed 8237 times by 2 tests: ret->conf_sigalgs = ((void *)0) ;

Executed by:

libssl.so.1.1
tls13encryptiontest

8237

146 -

147

if (cert->client_sigalgs) {

cert->client_sigalgs	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8267 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

11-8267

148 ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen -

149 * sizeof(*cert->client_sigalgs)); -

150

if (ret->client_sigalgs == NULL)

ret->client_si...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

151

goto err;

never executed: goto err;

152 memcpy(ret->client_sigalgs, cert->client_sigalgs, -

153 cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); -

154 ret->client_sigalgslen = cert->client_sigalgslen; -

155

} else

executed 11 times by 1 test: end of block

Executed by:

libssl.so.1.1

156

ret->client_sigalgs = NULL;

executed 8267 times by 2 tests: ret->client_sigalgs = ((void *)0) ;

Executed by:

libssl.so.1.1
tls13encryptiontest

8267

157 /* Shared sigalgs also NULL */ -

158 ret->shared_sigalgs = NULL; -

159 /* Copy any custom client certificate types */ -

160

if (cert->ctype) {

cert->ctype	Description
TRUE	never evaluated
FALSE	evaluated 8278 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8278

161 ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len); -

162

if (ret->ctype == NULL)

ret->ctype == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

163

goto err;

never executed: goto err;

164 ret->ctype_len = cert->ctype_len; -

165

}

never executed: end of block

166 -

167 ret->cert_flags = cert->cert_flags; -

168 -

169 ret->cert_cb = cert->cert_cb; -

170 ret->cert_cb_arg = cert->cert_cb_arg; -

171 -

172

if (cert->verify_store) {

cert->verify_store	Description
TRUE	evaluated 1239 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7039 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

1239-7039

173 X509_STORE_up_ref(cert->verify_store); -

174 ret->verify_store = cert->verify_store; -

175

}

executed 1239 times by 1 test: end of block

Executed by:

libssl.so.1.1

1239

176 -

177

if (cert->chain_store) {

cert->chain_store	Description
TRUE	never evaluated
FALSE	evaluated 8278 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8278

178 X509_STORE_up_ref(cert->chain_store); -

179 ret->chain_store = cert->chain_store; -

180

}

never executed: end of block

181 -

182 ret->sec_cb = cert->sec_cb; -

183 ret->sec_level = cert->sec_level; -

184 ret->sec_ex = cert->sec_ex; -

185 -

186

if (!custom_exts_copy(&ret->custext, &cert->custext))

!custom_exts_c...cert->custext)	Description
TRUE	never evaluated
FALSE	evaluated 8278 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8278

187

goto err;

never executed: goto err;

188 #ifndef OPENSSL_NO_PSK -

189

if (cert->psk_identity_hint) {

cert->psk_identity_hint	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8276 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

2-8276

190 ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint); -

191

if (ret->psk_identity_hint == NULL)

ret->psk_ident...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

192

goto err;

never executed: goto err;

193

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

194 #endif -

195

return ret;

executed 8278 times by 2 tests: return ret;

Executed by:

libssl.so.1.1
tls13encryptiontest

8278

196 -

197 err: -

198 ssl_cert_free(ret); -

199 -

200

return NULL;

never executed: return ((void *)0) ;

201 } -

202 -

203 /* Free up and clear all certificates and chains */ -

204 -

205 void ssl_cert_clear_certs(CERT *c) -

206 { -

207 int i; -

208

if (c == NULL)

c == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 16295 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-16295

209

return;

never executed: return;

210

for (i = 0; i < SSL_PKEY_NUM; i++) {

i < 9	Description
TRUE	evaluated 146655 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 16295 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

16295-146655

211 CERT_PKEY *cpk = c->pkeys + i; -

212 X509_free(cpk->x509); -

213 cpk->x509 = NULL; -

214 EVP_PKEY_free(cpk->privatekey); -

215 cpk->privatekey = NULL; -

216 sk_X509_pop_free(cpk->chain, X509_free); -

217 cpk->chain = NULL; -

218 OPENSSL_free(cpk->serverinfo); -

219 cpk->serverinfo = NULL; -

220 cpk->serverinfo_length = 0; -

221

}

executed 146655 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

146655

222

}

executed 16295 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

16295

223 -

224 void ssl_cert_free(CERT *c) -

225 { -

226 int i; -

227 -

228

if (c == NULL)

c == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 16295 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-16295

229

return;

never executed: return;

230 CRYPTO_DOWN_REF(&c->references, &i, c->lock); -

231 REF_PRINT_COUNT("CERT", c); -

232

if (i > 0)

i > 0	Description
TRUE	never evaluated
FALSE	evaluated 16295 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-16295

233

return;

never executed: return;

234 REF_ASSERT_ISNT(i < 0); -

235 -

236 #ifndef OPENSSL_NO_DH -

237 EVP_PKEY_free(c->dh_tmp); -

238 #endif -

239 -

240 ssl_cert_clear_certs(c); -

241 OPENSSL_free(c->conf_sigalgs); -

242 OPENSSL_free(c->client_sigalgs); -

243 OPENSSL_free(c->shared_sigalgs); -

244 OPENSSL_free(c->ctype); -

245 X509_STORE_free(c->verify_store); -

246 X509_STORE_free(c->chain_store); -

247 custom_exts_free(&c->custext); -

248 #ifndef OPENSSL_NO_PSK -

249 OPENSSL_free(c->psk_identity_hint); -

250 #endif -

251 CRYPTO_THREAD_lock_free(c->lock); -

252 OPENSSL_free(c); -

253

}

executed 16295 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

16295

254 -

255 int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) -

256 { -

257 int i, r; -

258

CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;

s	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

259

if (!cpk)

!cpk	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

260

return 0;

never executed: return 0;

261

for (i = 0; i < sk_X509_num(chain); i++) {

i < sk_X509_num(chain)	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

262 r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0); -

263

if (r != 1) {

r != 1	Description
TRUE	never evaluated
FALSE	never evaluated

264 SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r); -

265

return 0;

never executed: return 0;

266 } -

267

}

never executed: end of block

268 sk_X509_pop_free(cpk->chain, X509_free); -

269 cpk->chain = chain; -

270

return 1;

executed 2111 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2111

271 } -

272 -

273 int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) -

274 { -

275 STACK_OF(X509) *dchain; -

276

if (!chain)

!chain	Description
TRUE	never evaluated
FALSE	never evaluated

277

return ssl_cert_set0_chain(s, ctx, NULL);

never executed: return ssl_cert_set0_chain(s, ctx, ((void *)0) );

278 dchain = X509_chain_up_ref(chain); -

279

if (!dchain)

!dchain	Description
TRUE	never evaluated
FALSE	never evaluated

280

return 0;

never executed: return 0;

281

if (!ssl_cert_set0_chain(s, ctx, dchain)) {

!ssl_cert_set0..., ctx, dchain)	Description
TRUE	never evaluated
FALSE	never evaluated

282 sk_X509_pop_free(dchain, X509_free); -

283

return 0;

never executed: return 0;

284 } -

285

return 1;

never executed: return 1;

286 } -

287 -

288 int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) -

289 { -

290 int r; -

291

CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;

s	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

292

if (!cpk)

!cpk	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

293

return 0;

never executed: return 0;

294 r = ssl_security_cert(s, ctx, x, 0, 0); -

295

if (r != 1) {

r != 1	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

296 SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r); -

297

return 0;

never executed: return 0;

298 } -

299

if (!cpk->chain)

!cpk->chain	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-36

300

cpk->chain = sk_X509_new_null();

executed 36 times by 1 test: cpk->chain = sk_X509_new_null();

Executed by:

libssl.so.1.1

301

if (!cpk->chain || !sk_X509_push(cpk->chain, x))

!cpk->chain	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

!sk_X509_push(cpk->chain, x)	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

302

return 0;

never executed: return 0;

303

return 1;

executed 36 times by 1 test: return 1;

Executed by:

libssl.so.1.1

304 } -

305 -

306 int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) -

307 { -

308

if (!ssl_cert_add0_chain_cert(s, ctx, x))

!ssl_cert_add0...ert(s, ctx, x)	Description
TRUE	never evaluated
FALSE	never evaluated

309

return 0;

never executed: return 0;

310 X509_up_ref(x); -

311

return 1;

never executed: return 1;

312 } -

313 -

314 int ssl_cert_select_current(CERT *c, X509 *x) -

315 { -

316 int i; -

317

if (x == NULL)

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

318

return 0;

never executed: return 0;

319

for (i = 0; i < SSL_PKEY_NUM; i++) {

i < 9	Description
TRUE	never evaluated
FALSE	never evaluated

320 CERT_PKEY *cpk = c->pkeys + i; -

321

if (cpk->x509 == x && cpk->privatekey) {

cpk->x509 == x	Description
TRUE	never evaluated
FALSE	never evaluated

cpk->privatekey	Description
TRUE	never evaluated
FALSE	never evaluated

322 c->key = cpk; -

323

return 1;

never executed: return 1;

324 } -

325

}

never executed: end of block

326 -

327

for (i = 0; i < SSL_PKEY_NUM; i++) {

i < 9	Description
TRUE	never evaluated
FALSE	never evaluated

328 CERT_PKEY *cpk = c->pkeys + i; -

329

if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {

cpk->privatekey	Description
TRUE	never evaluated
FALSE	never evaluated

cpk->x509	Description
TRUE	never evaluated
FALSE	never evaluated

!X509_cmp(cpk->x509, x)	Description
TRUE	never evaluated
FALSE	never evaluated

330 c->key = cpk; -

331

return 1;

never executed: return 1;

332 } -

333

}

never executed: end of block

334

return 0;

never executed: return 0;

335 } -

336 -

337 int ssl_cert_set_current(CERT *c, long op) -

338 { -

339 int i, idx; -

340

if (!c)

!c	Description
TRUE	never evaluated
FALSE	never evaluated

341

return 0;

never executed: return 0;

342

if (op == SSL_CERT_SET_FIRST)

op == 1	Description
TRUE	never evaluated
FALSE	never evaluated

343

idx = 0;

never executed: idx = 0;

344

else if (op == SSL_CERT_SET_NEXT) {

op == 2	Description
TRUE	never evaluated
FALSE	never evaluated

345 idx = (int)(c->key - c->pkeys + 1); -

346

if (idx >= SSL_PKEY_NUM)

idx >= 9	Description
TRUE	never evaluated
FALSE	never evaluated

347

return 0;

never executed: return 0;

348

} else

never executed: end of block

349

return 0;

never executed: return 0;

350

for (i = idx; i < SSL_PKEY_NUM; i++) {

i < 9	Description
TRUE	never evaluated
FALSE	never evaluated

351 CERT_PKEY *cpk = c->pkeys + i; -

352

if (cpk->x509 && cpk->privatekey) {

cpk->x509	Description
TRUE	never evaluated
FALSE	never evaluated

cpk->privatekey	Description
TRUE	never evaluated
FALSE	never evaluated

353 c->key = cpk; -

354

return 1;

never executed: return 1;

355 } -

356

}

never executed: end of block

357

return 0;

never executed: return 0;

358 } -

359 -

360 void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg) -

361 { -

362 c->cert_cb = cb; -

363 c->cert_cb_arg = arg; -

364

}

executed 3 times by 1 test: end of block

Executed by:

libssl.so.1.1

365 -

366 int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) -

367 { -

368 X509 *x; -

369 int i = 0; -

370 X509_STORE *verify_store; -

371 X509_STORE_CTX *ctx = NULL; -

372 X509_VERIFY_PARAM *param; -

373 -

374

if ((sk == NULL) || (sk_X509_num(sk) == 0))

(sk == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1

(sk_X509_num(sk) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1

0-2611

375

return 0;

never executed: return 0;

376 -

377

if (s->cert->verify_store)

s->cert->verify_store	Description
TRUE	evaluated 963 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1648 times by 1 test Evaluated by: libssl.so.1.1

963-1648

378

verify_store = s->cert->verify_store;

executed 963 times by 1 test: verify_store = s->cert->verify_store;

Executed by:

libssl.so.1.1

963

379 else -

380

verify_store = s->ctx->cert_store;

executed 1648 times by 1 test: verify_store = s->ctx->cert_store;

Executed by:

libssl.so.1.1

1648

381 -

382 ctx = X509_STORE_CTX_new(); -

383

if (ctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1

0-2611

384 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE); -

385

return 0;

never executed: return 0;

386 } -

387 -

388 x = sk_X509_value(sk, 0); -

389

if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {

!X509_STORE_CT..._store, x, sk)	Description
TRUE	never evaluated
FALSE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1

0-2611

390 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); -

391

goto end;

never executed: goto end;

392 } -

393 param = X509_STORE_CTX_get0_param(ctx); -

394 /* -

395 * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some -

396 * point, for now a single @SECLEVEL sets the same policy for TLS crypto -

397 * and PKI authentication. -

398 */ -

399 X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); -

400 -

401 /* Set suite B flags if needed */ -

402 X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); -

403

if (!X509_STORE_CTX_set_ex_data

!X509_STORE_CT..._CTX_idx(), s)	Description
TRUE	never evaluated
FALSE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1

0-2611

404

(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {

!X509_STORE_CT..._CTX_idx(), s)	Description
TRUE	never evaluated
FALSE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1

0-2611

405

goto end;

never executed: goto end;

406 } -

407 -

408 /* Verify via DANE if enabled */ -

409

if (DANETLS_ENABLED(&s->dane))

(&s->dane) != ((void *)0)	Description
TRUE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

sk_danetls_rec...e)->trecs) > 0	Description
TRUE	never evaluated
FALSE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1

0-2611

410

X509_STORE_CTX_set0_dane(ctx, &s->dane);

never executed: X509_STORE_CTX_set0_dane(ctx, &s->dane);

411 -

412 /* -

413 * We need to inherit the verify parameters. These can be determined by -

414 * the context: if its a server it will verify SSL client certificates or -

415 * vice versa. -

416 */ -

417 -

418 X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server"); -

419 /* -

420 * Anything non-default in "s->param" should overwrite anything in the ctx. -

421 */ -

422 X509_VERIFY_PARAM_set1(param, s->param); -

423 -

424

if (s->verify_callback)

s->verify_callback	Description
TRUE	evaluated 127 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2484 times by 1 test Evaluated by: libssl.so.1.1

127-2484

425

X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);

executed 127 times by 1 test: X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);

Executed by:

libssl.so.1.1

127

426 -

427

if (s->ctx->app_verify_callback != NULL)

s->ctx->app_ve...!= ((void *)0)	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2599 times by 1 test Evaluated by: libssl.so.1.1

12-2599

428

i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);

executed 12 times by 1 test: i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);

Executed by:

libssl.so.1.1

429 else -

430

i = X509_verify_cert(ctx);

executed 2599 times by 1 test: i = X509_verify_cert(ctx);

Executed by:

libssl.so.1.1

2599

431 -

432 s->verify_result = X509_STORE_CTX_get_error(ctx); -

433 sk_X509_pop_free(s->verified_chain, X509_free); -

434 s->verified_chain = NULL; -

435

if (X509_STORE_CTX_get0_chain(ctx) != NULL) {

X509_STORE_CTX...!= ((void *)0)	Description
TRUE	evaluated 2603 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-2603

436 s->verified_chain = X509_STORE_CTX_get1_chain(ctx); -

437

if (s->verified_chain == NULL) {

s->verified_ch...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2603 times by 1 test Evaluated by: libssl.so.1.1

0-2603

438 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE); -

439 i = 0; -

440

}

never executed: end of block

441

}

executed 2603 times by 1 test: end of block

Executed by:

libssl.so.1.1

2603

442 -

443 /* Move peername from the store context params to the SSL handle's */ -

444 X509_VERIFY_PARAM_move_peername(s->param, param); -

445 -

446

end:

code before this statement executed 2611 times by 1 test: end:

Executed by:

libssl.so.1.1

2611

447 X509_STORE_CTX_free(ctx); -

448

return i;

executed 2611 times by 1 test: return i;

Executed by:

libssl.so.1.1

2611

449 } -

450 -

451 static void set0_CA_list(STACK_OF(X509_NAME) **ca_list, -

452 STACK_OF(X509_NAME) *name_list) -

453 { -

454 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); -

455 *ca_list = name_list; -

456

}

executed 15 times by 1 test: end of block

Executed by:

libssl.so.1.1

457 -

458 STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) -

459 { -

460 int i; -

461 const int num = sk_X509_NAME_num(sk); -

462 STACK_OF(X509_NAME) *ret; -

463 X509_NAME *name; -

464 -

465 ret = sk_X509_NAME_new_reserve(NULL, num); -

466

if (ret == NULL) {

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

0-36

467 SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); -

468

return NULL;

never executed: return ((void *)0) ;

469 } -

470

for (i = 0; i < num; i++) {

i < num	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

10-36

471 name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); -

472

if (name == NULL) {

name == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

473 SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); -

474 sk_X509_NAME_pop_free(ret, X509_NAME_free); -

475

return NULL;

never executed: return ((void *)0) ;

476 } -

477 sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ -

478

}

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

479

return ret;

executed 36 times by 1 test: return ret;

Executed by:

libssl.so.1.1

480 } -

481 -

482 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) -

483 { -

484 set0_CA_list(&s->ca_names, name_list); -

485

}

never executed: end of block

486 -

487 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) -

488 { -

489 set0_CA_list(&ctx->ca_names, name_list); -

490

}

executed 15 times by 1 test: end of block

Executed by:

libssl.so.1.1

491 -

492 const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx) -

493 { -

494

return ctx->ca_names;

never executed: return ctx->ca_names;

495 } -

496 -

497 const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s) -

498 { -

499

return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;

executed 4000 times by 1 test: return s->ca_names != ((void *)0) ? s->ca_names : s->ctx->ca_names;

Executed by:

libssl.so.1.1

s->ca_names != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4000 times by 1 test Evaluated by: libssl.so.1.1

0-4000

500 } -

501 -

502 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) -

503 { -

504 SSL_CTX_set0_CA_list(ctx, name_list); -

505

}

never executed: end of block

506 -

507 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) -

508 { -

509

return ctx->ca_names;

never executed: return ctx->ca_names;

510 } -

511 -

512 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) -

513 { -

514 SSL_set0_CA_list(s, name_list); -

515

}

never executed: end of block

516 -

517 const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) -

518 { -

519

return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;

executed 2611 times by 1 test: return s->s3 != ((void *)0) ? s->s3->tmp.peer_ca_names : ((void *)0) ;

Executed by:

libssl.so.1.1

s->s3 != ((void *)0)	Description
TRUE	evaluated 2611 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2611

520 } -

521 -

522 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) -

523 { -

524

if (!s->server)

!s->server	Description
TRUE	never evaluated
FALSE	never evaluated

525

return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;

never executed: return s->s3 != ((void *)0) ? s->s3->tmp.peer_ca_names : ((void *)0) ;

s->s3 != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

526

return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;

never executed: return s->ca_names != ((void *)0) ? s->ca_names : s->ctx->ca_names;

s->ca_names != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

527 } -

528 -

529 static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x) -

530 { -

531 X509_NAME *name; -

532 -

533

if (x == NULL)

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

534

return 0;

never executed: return 0;

535

if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))

sk == ((void )0)	Description
TRUE	never evaluated
FALSE	never evaluated

((sk = sk_X50... ((void )0) )	Description
TRUE	never evaluated
FALSE	never evaluated

536

return 0;

never executed: return 0;

537 -

538

if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)

(name = X509_N...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

539

return 0;

never executed: return 0;

540 -

541

if (!sk_X509_NAME_push(*sk, name)) {

!sk_X509_NAME_push(*sk, name)	Description
TRUE	never evaluated
FALSE	never evaluated

542 X509_NAME_free(name); -

543

return 0;

never executed: return 0;

544 } -

545

return 1;

never executed: return 1;

546 } -

547 -

548 int SSL_add1_to_CA_list(SSL *ssl, const X509 *x) -

549 { -

550

return add_ca_name(&ssl->ca_names, x);

never executed: return add_ca_name(&ssl->ca_names, x);

551 } -

552 -

553 int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x) -

554 { -

555

return add_ca_name(&ctx->ca_names, x);

never executed: return add_ca_name(&ctx->ca_names, x);

556 } -

557 -

558 /* -

559 * The following two are older names are to be replaced with -

560 * SSL(_CTX)_add1_to_CA_list -

561 */ -

562 int SSL_add_client_CA(SSL *ssl, X509 *x) -

563 { -

564

return add_ca_name(&ssl->ca_names, x);

never executed: return add_ca_name(&ssl->ca_names, x);

565 } -

566 -

567 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -

568 { -

569

return add_ca_name(&ctx->ca_names, x);

never executed: return add_ca_name(&ctx->ca_names, x);

570 } -

571 -

572 static int xname_cmp(const X509_NAME *a, const X509_NAME *b) -

573 { -

574 unsigned char *abuf = NULL, *bbuf = NULL; -

575 int alen, blen, ret; -

576 -

577 /* X509_NAME_cmp() itself casts away constness in this way, so -

578 * assume it's safe: -

579 */ -

580 alen = i2d_X509_NAME((X509_NAME *)a, &abuf); -

581 blen = i2d_X509_NAME((X509_NAME *)b, &bbuf); -

582 -

583

if (alen < 0 || blen < 0)

alen < 0	Description
TRUE	never evaluated
FALSE	never evaluated

blen < 0	Description
TRUE	never evaluated
FALSE	never evaluated

584

ret = -2;

never executed: ret = -2;

585

else if (alen != blen)

alen != blen	Description
TRUE	never evaluated
FALSE	never evaluated

586

ret = alen - blen;

never executed: ret = alen - blen;

587 else /* alen == blen */ -

588

ret = memcmp(abuf, bbuf, alen);

never executed: ret = memcmp(abuf, bbuf, alen);

589 -

590 OPENSSL_free(abuf); -

591 OPENSSL_free(bbuf); -

592 -

593

return ret;

never executed: return ret;

594 } -

595 -

596 static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b) -

597 { -

598

return xname_cmp(*a, *b);

never executed: return xname_cmp(*a, *b);

599 } -

600 -

601 static unsigned long xname_hash(const X509_NAME *a) -

602 { -

603

return X509_NAME_hash((X509_NAME *)a);

executed 20 times by 1 test: return X509_NAME_hash((X509_NAME *)a);

Executed by:

libssl.so.1.1

604 } -

605 -

606 /** -

607 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; -

608 * it doesn't really have anything to do with clients (except that a common use -

609 * for a stack of CAs is to send it to the client). Actually, it doesn't have -

610 * much to do with CAs, either, since it will load any old cert. -

611 * \param file the file containing one or more certs. -

612 * \return a ::STACK containing the certs. -

613 */ -

614 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) -

615 { -

616 BIO *in = BIO_new(BIO_s_file()); -

617 X509 *x = NULL; -

618 X509_NAME *xn = NULL; -

619 STACK_OF(X509_NAME) *ret = NULL; -

620 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); -

621 -

622

if ((name_hash == NULL) || (in == NULL)) {

(name_hash == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

(in == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

623 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); -

624

goto err;

never executed: goto err;

625 } -

626 -

627

if (!BIO_read_filename(in, file))

!(int)BIO_ctrl...char *)(file))	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

628

goto err;

never executed: goto err;

629 -

630 for (;;) { -

631

if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)

PEM_read_bio_X...== ((void *)0)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

632

break;

executed 10 times by 1 test: break;

Executed by:

libssl.so.1.1

633

if (ret == NULL) {

ret == ((void *)0)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-10

634 ret = sk_X509_NAME_new_null(); -

635

if (ret == NULL) {

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

636 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); -

637

goto err;

never executed: goto err;

638 } -

639

}

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

640

if ((xn = X509_get_subject_name(x)) == NULL)

(xn = X509_get...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

641

goto err;

never executed: goto err;

642 /* check for duplicates */ -

643 xn = X509_NAME_dup(xn); -

644

if (xn == NULL)

xn == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

645

goto err;

never executed: goto err;

646

if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {

lh_X509_NAME_r...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

647 /* Duplicate. */ -

648 X509_NAME_free(xn); -

649 xn = NULL; -

650

} else {

never executed: end of block

651 lh_X509_NAME_insert(name_hash, xn); -

652

if (!sk_X509_NAME_push(ret, xn))

!sk_X509_NAME_push(ret, xn)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

653

goto err;

never executed: goto err;

654

}

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

655 } -

656

goto done;

executed 10 times by 1 test: goto done;

Executed by:

libssl.so.1.1

657 -

658 err: -

659 X509_NAME_free(xn); -

660 sk_X509_NAME_pop_free(ret, X509_NAME_free); -

661 ret = NULL; -

662

done:

code before this statement never executed: done:

663 BIO_free(in); -

664 X509_free(x); -

665 lh_X509_NAME_free(name_hash); -

666

if (ret != NULL)

ret != ((void *)0)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-10

667

ERR_clear_error();

executed 10 times by 1 test: ERR_clear_error();

Executed by:

libssl.so.1.1

668

return ret;

executed 10 times by 1 test: return ret;

Executed by:

libssl.so.1.1

669 } -

670 -

671 /** -

672 * Add a file of certs to a stack. -

673 * \param stack the stack to add to. -

674 * \param file the file to add from. All certs in this file that are not -

675 * already in the stack will be added. -

676 * \return 1 for success, 0 for failure. Note that in the case of failure some -

677 * certs may have been added to \c stack. -

678 */ -

679 -

680 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, -

681 const char *file) -

682 { -

683 BIO *in; -

684 X509 *x = NULL; -

685 X509_NAME *xn = NULL; -

686 int ret = 1; -

687 int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b); -

688 -

689 oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); -

690 -

691 in = BIO_new(BIO_s_file()); -

692 -

693

if (in == NULL) {

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

694 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); -

695

goto err;

never executed: goto err;

696 } -

697 -

698

if (!BIO_read_filename(in, file))

!(int)BIO_ctrl...char *)(file))	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

699

goto err;

never executed: goto err;

700 -

701 for (;;) { -

702

if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)

PEM_read_bio_X...== ((void *)0)	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

703

break;

executed 15 times by 1 test: break;

Executed by:

libssl.so.1.1

704

if ((xn = X509_get_subject_name(x)) == NULL)

(xn = X509_get...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

705

goto err;

never executed: goto err;

706 xn = X509_NAME_dup(xn); -

707

if (xn == NULL)

xn == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

708

goto err;

never executed: goto err;

709

if (sk_X509_NAME_find(stack, xn) >= 0) {

sk_X509_NAME_f...tack, xn) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

710 /* Duplicate. */ -

711 X509_NAME_free(xn); -

712

} else if (!sk_X509_NAME_push(stack, xn)) {

never executed: end of block

!sk_X509_NAME_push(stack, xn)	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

713 X509_NAME_free(xn); -

714

goto err;

never executed: goto err;

715 } -

716

}

executed 15 times by 1 test: end of block

Executed by:

libssl.so.1.1

717 -

718 ERR_clear_error(); -

719

goto done;

executed 15 times by 1 test: goto done;

Executed by:

libssl.so.1.1

720 -

721 err: -

722 ret = 0; -

723

done:

code before this statement never executed: done:

724 BIO_free(in); -

725 X509_free(x); -

726 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); -

727

return ret;

executed 15 times by 1 test: return ret;

Executed by:

libssl.so.1.1

728 } -

729 -

730 /** -

731 * Add a directory of certs to a stack. -

732 * \param stack the stack to append to. -

733 * \param dir the directory to append from. All files in this directory will be -

734 * examined as potential certs. Any that are acceptable to -

735 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be -

736 * included. -

737 * \return 1 for success, 0 for failure. Note that in the case of failure some -

738 * certs may have been added to \c stack. -

739 */ -

740 -

741 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, -

742 const char *dir) -

743 { -

744 OPENSSL_DIR_CTX *d = NULL; -

745 const char *filename; -

746 int ret = 0; -

747 -

748 /* Note that a side effect is that the CAs will be sorted by name */ -

749 -

750

while ((filename = OPENSSL_DIR_read(&d, dir))) {

(filename = OP...read(&d, dir))	Description
TRUE	never evaluated
FALSE	never evaluated

751 char buf[1024]; -

752 int r; -

753 -

754

if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {

strlen(dir) + ... > sizeof(buf)	Description
TRUE	never evaluated
FALSE	never evaluated

755 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, -

756 SSL_R_PATH_TOO_LONG); -

757

goto err;

never executed: goto err;

758 } -

759 #ifdef OPENSSL_SYS_VMS -

760 r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename); -

761 #else -

762 r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename); -

763 #endif -

764

if (r <= 0 || r >= (int)sizeof(buf))

r <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

r >= (int)sizeof(buf)	Description
TRUE	never evaluated
FALSE	never evaluated

765

goto err;

never executed: goto err;

766

if (!SSL_add_file_cert_subjects_to_stack(stack, buf))

!SSL_add_file_...ck(stack, buf)	Description
TRUE	never evaluated
FALSE	never evaluated

767

goto err;

never executed: goto err;

768

}

never executed: end of block

769 -

770

if (errno) {

(*__errno_location ())	Description
TRUE	never evaluated
FALSE	never evaluated

771 SYSerr(SYS_F_OPENDIR, get_last_sys_error()); -

772 ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); -

773 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); -

774

goto err;

never executed: goto err;

775 } -

776 -

777 ret = 1; -

778 -

779

err:

code before this statement never executed: err:

780

if (d)

d	Description
TRUE	never evaluated
FALSE	never evaluated

781

OPENSSL_DIR_end(&d);

never executed: OPENSSL_DIR_end(&d);

782 -

783

return ret;

never executed: return ret;

784 } -

785 -

786 /* Build a certificate chain for current certificate */ -

787 int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) -

788 { -

789

CERT *c = s ? s->cert : ctx->cert;

s	Description
TRUE	never evaluated
FALSE	never evaluated

790 CERT_PKEY *cpk = c->key; -

791 X509_STORE *chain_store = NULL; -

792 X509_STORE_CTX *xs_ctx = NULL; -

793 STACK_OF(X509) *chain = NULL, *untrusted = NULL; -

794 X509 *x; -

795 int i, rv = 0; -

796 -

797

if (!cpk->x509) {

!cpk->x509	Description
TRUE	never evaluated
FALSE	never evaluated

798 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET); -

799

goto err;

never executed: goto err;

800 } -

801 /* Rearranging and check the chain: add everything to a store */ -

802

if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {

flags & 0x4	Description
TRUE	never evaluated
FALSE	never evaluated

803 chain_store = X509_STORE_new(); -

804

if (chain_store == NULL)

chain_store == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

805

goto err;

never executed: goto err;

806

for (i = 0; i < sk_X509_num(cpk->chain); i++) {

i < sk_X509_num(cpk->chain)	Description
TRUE	never evaluated
FALSE	never evaluated

807 x = sk_X509_value(cpk->chain, i); -

808

if (!X509_STORE_add_cert(chain_store, x))

!X509_STORE_ad...hain_store, x)	Description
TRUE	never evaluated
FALSE	never evaluated

809

goto err;

never executed: goto err;

810

}

never executed: end of block

811 /* Add EE cert too: it might be self signed */ -

812

if (!X509_STORE_add_cert(chain_store, cpk->x509))

!X509_STORE_ad...re, cpk->x509)	Description
TRUE	never evaluated
FALSE	never evaluated

813

goto err;

never executed: goto err;

814

} else {

never executed: end of block

815

if (c->chain_store)

c->chain_store	Description
TRUE	never evaluated
FALSE	never evaluated

816

chain_store = c->chain_store;

never executed: chain_store = c->chain_store;

817

else if (s)

s	Description
TRUE	never evaluated
FALSE	never evaluated

818

chain_store = s->ctx->cert_store;

never executed: chain_store = s->ctx->cert_store;

819 else -

820

chain_store = ctx->cert_store;

never executed: chain_store = ctx->cert_store;

821 -

822

if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)

flags & 0x1	Description
TRUE	never evaluated
FALSE	never evaluated

823

untrusted = cpk->chain;

never executed: untrusted = cpk->chain;

824

}

never executed: end of block

825 -

826 xs_ctx = X509_STORE_CTX_new(); -

827

if (xs_ctx == NULL) {

xs_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

828 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE); -

829

goto err;

never executed: goto err;

830 } -

831

if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {

!X509_STORE_CT...09, untrusted)	Description
TRUE	never evaluated
FALSE	never evaluated

832 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB); -

833

goto err;

never executed: goto err;

834 } -

835 /* Set suite B flags if needed */ -

836 X509_STORE_CTX_set_flags(xs_ctx, -

837 c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS); -

838 -

839 i = X509_verify_cert(xs_ctx); -

840

if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {

i <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

flags & 0x8	Description
TRUE	never evaluated
FALSE	never evaluated

841

if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)

flags & 0x10	Description
TRUE	never evaluated
FALSE	never evaluated

842

ERR_clear_error();

never executed: ERR_clear_error();

843 i = 1; -

844 rv = 2; -

845

}

never executed: end of block

846

if (i > 0)

i > 0	Description
TRUE	never evaluated
FALSE	never evaluated

847

chain = X509_STORE_CTX_get1_chain(xs_ctx);

never executed: chain = X509_STORE_CTX_get1_chain(xs_ctx);

848

if (i <= 0) {

i <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

849 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED); -

850 i = X509_STORE_CTX_get_error(xs_ctx); -

851 ERR_add_error_data(2, "Verify error:", -

852 X509_verify_cert_error_string(i)); -

853 -

854

goto err;

never executed: goto err;

855 } -

856 /* Remove EE certificate from chain */ -

857 x = sk_X509_shift(chain); -

858 X509_free(x); -

859

if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {

flags & 0x2	Description
TRUE	never evaluated
FALSE	never evaluated

860

if (sk_X509_num(chain) > 0) {

sk_X509_num(chain) > 0	Description
TRUE	never evaluated
FALSE	never evaluated

861 /* See if last cert is self signed */ -

862 x = sk_X509_value(chain, sk_X509_num(chain) - 1); -

863

if (X509_get_extension_flags(x) & EXFLAG_SS) {

X509_get_exten...gs(x) & 0x2000	Description
TRUE	never evaluated
FALSE	never evaluated

864 x = sk_X509_pop(chain); -

865 X509_free(x); -

866

}

never executed: end of block

867

}

never executed: end of block

868

}

never executed: end of block

869 /* -

870 * Check security level of all CA certificates: EE will have been checked -

871 * already. -

872 */ -

873

for (i = 0; i < sk_X509_num(chain); i++) {

i < sk_X509_num(chain)	Description
TRUE	never evaluated
FALSE	never evaluated

874 x = sk_X509_value(chain, i); -

875 rv = ssl_security_cert(s, ctx, x, 0, 0); -

876

if (rv != 1) {

rv != 1	Description
TRUE	never evaluated
FALSE	never evaluated

877 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv); -

878 sk_X509_pop_free(chain, X509_free); -

879 rv = 0; -

880

goto err;

never executed: goto err;

881 } -

882

}

never executed: end of block

883 sk_X509_pop_free(cpk->chain, X509_free); -

884 cpk->chain = chain; -

885

if (rv == 0)

rv == 0	Description
TRUE	never evaluated
FALSE	never evaluated

886

rv = 1;

never executed: rv = 1;

887

err:

code before this statement never executed: err:

888

if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)

flags & 0x4	Description
TRUE	never evaluated
FALSE	never evaluated

889

X509_STORE_free(chain_store);

never executed: X509_STORE_free(chain_store);

890 X509_STORE_CTX_free(xs_ctx); -

891 -

892

return rv;

never executed: return rv;

893 } -

894 -

895 int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) -

896 { -

897 X509_STORE **pstore; -

898

if (chain)

chain	Description
TRUE	never evaluated
FALSE	never evaluated

899

pstore = &c->chain_store;

never executed: pstore = &c->chain_store;

900 else -

901

pstore = &c->verify_store;

never executed: pstore = &c->verify_store;

902 X509_STORE_free(*pstore); -

903 *pstore = store; -

904

if (ref && store)

ref	Description
TRUE	never evaluated
FALSE	never evaluated

store	Description
TRUE	never evaluated
FALSE	never evaluated

905

X509_STORE_up_ref(store);

never executed: X509_STORE_up_ref(store);

906

return 1;

never executed: return 1;

907 } -

908 -

909 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, -

910 int op, int bits, int nid, void *other, -

911 void *ex) -

912 { -

913 int level, minbits; -

914 static const int minbits_table[5] = { 80, 112, 128, 192, 256 }; -

915

if (ctx)

ctx	Description
TRUE	evaluated 16365 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 672459 times by 1 test Evaluated by: libssl.so.1.1

16365-672459

916

level = SSL_CTX_get_security_level(ctx);

executed 16365 times by 1 test: level = SSL_CTX_get_security_level(ctx);

Executed by:

libssl.so.1.1

16365

917 else -

918

level = SSL_get_security_level(s);

executed 672459 times by 1 test: level = SSL_get_security_level(s);

Executed by:

libssl.so.1.1

672459

919 -

920

if (level <= 0) {

level <= 0	Description
TRUE	evaluated 499530 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 189294 times by 1 test Evaluated by: libssl.so.1.1

189294-499530

921 /* -

922 * No EDH keys weaker than 1024-bits even at level 0, otherwise, -

923 * anything goes. -

924 */ -

925

if (op == SSL_SECOP_TMP_DH && bits < 80)

op == (7 \| (4 << 16))	Description
TRUE	evaluated 653 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 498877 times by 1 test Evaluated by: libssl.so.1.1

bits < 80	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 649 times by 1 test Evaluated by: libssl.so.1.1

4-498877

926

return 0;

executed 4 times by 1 test: return 0;

Executed by:

libssl.so.1.1

927

return 1;

executed 499526 times by 1 test: return 1;

Executed by:

libssl.so.1.1

499526

928 } -

929

if (level > 5)

level > 5	Description
TRUE	never evaluated
FALSE	evaluated 189294 times by 1 test Evaluated by: libssl.so.1.1

0-189294

930

level = 5;

never executed: level = 5;

931 minbits = minbits_table[level - 1]; -

932 switch (op) { -

933

case SSL_SECOP_CIPHER_SUPPORTED:

executed 41520 times by 1 test: case (1 | (1 << 16)):

Executed by:

libssl.so.1.1

41520

934

case SSL_SECOP_CIPHER_SHARED:

executed 1538 times by 1 test: case (2 | (1 << 16)):

Executed by:

libssl.so.1.1

1538

935

case SSL_SECOP_CIPHER_CHECK:

executed 1533 times by 1 test: case (3 | (1 << 16)):

Executed by:

libssl.so.1.1

1533

936 { -

937 const SSL_CIPHER *c = other; -

938 /* No ciphers below security level */ -

939

if (bits < minbits)

bits < minbits	Description
TRUE	evaluated 86 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 44505 times by 1 test Evaluated by: libssl.so.1.1

86-44505

940

return 0;

executed 86 times by 1 test: return 0;

Executed by:

libssl.so.1.1

941 /* No unauthenticated ciphersuites */ -

942

if (c->algorithm_auth & SSL_aNULL)

c->algorithm_a... & 0x00000004U	Description
TRUE	evaluated 46 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 44459 times by 1 test Evaluated by: libssl.so.1.1

46-44459

943

return 0;

executed 46 times by 1 test: return 0;

Executed by:

libssl.so.1.1

944 /* No MD5 mac ciphersuites */ -

945

if (c->algorithm_mac & SSL_MD5)

c->algorithm_mac & 0x00000001U	Description
TRUE	never evaluated
FALSE	evaluated 44459 times by 1 test Evaluated by: libssl.so.1.1

0-44459

946

return 0;

never executed: return 0;

947 /* SHA1 HMAC is 160 bits of security */ -

948

if (minbits > 160 && c->algorithm_mac & SSL_SHA1)

minbits > 160	Description
TRUE	never evaluated
FALSE	evaluated 44459 times by 1 test Evaluated by: libssl.so.1.1

c->algorithm_mac & 0x00000002U	Description
TRUE	never evaluated
FALSE	never evaluated

0-44459

949

return 0;

never executed: return 0;

950 /* Level 2: no RC4 */ -

951

if (level >= 2 && c->algorithm_enc == SSL_RC4)

level >= 2	Description
TRUE	never evaluated
FALSE	evaluated 44459 times by 1 test Evaluated by: libssl.so.1.1

c->algorithm_e...== 0x00000004U	Description
TRUE	never evaluated
FALSE	never evaluated

0-44459

952

return 0;

never executed: return 0;

953 /* Level 3: forward secure ciphersuites only */ -

954

if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||

level >= 3	Description
TRUE	never evaluated
FALSE	evaluated 44459 times by 1 test Evaluated by: libssl.so.1.1

c->min_tls != 0x0304	Description
TRUE	never evaluated
FALSE	never evaluated

0-44459

955

!(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))

!(c->algorithm... 0x00000004U))	Description
TRUE	never evaluated
FALSE	never evaluated

956

return 0;

never executed: return 0;

957

break;

executed 44459 times by 1 test: break;

Executed by:

libssl.so.1.1

44459

958 } -

959

case SSL_SECOP_VERSION:

executed 43696 times by 1 test: case (9 | 0):

Executed by:

libssl.so.1.1

43696

960

if (!SSL_IS_DTLS(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 41455 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2241 times by 1 test Evaluated by: libssl.so.1.1

2241-41455

961 /* SSLv3 not allowed at level 2 */ -

962

if (nid <= SSL3_VERSION && level >= 2)

nid <= 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 41455 times by 1 test Evaluated by: libssl.so.1.1

level >= 2	Description
TRUE	never evaluated
FALSE	never evaluated

0-41455

963

return 0;

never executed: return 0;

964 /* TLS v1.1 and above only for level 3 */ -

965

if (nid <= TLS1_VERSION && level >= 3)

nid <= 0x0301	Description
TRUE	evaluated 7689 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33766 times by 1 test Evaluated by: libssl.so.1.1

level >= 3	Description
TRUE	never evaluated
FALSE	evaluated 7689 times by 1 test Evaluated by: libssl.so.1.1

0-33766

966

return 0;

never executed: return 0;

967 /* TLS v1.2 only for level 4 and above */ -

968

if (nid <= TLS1_1_VERSION && level >= 4)

nid <= 0x0302	Description
TRUE	evaluated 16173 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 25282 times by 1 test Evaluated by: libssl.so.1.1

level >= 4	Description
TRUE	never evaluated
FALSE	evaluated 16173 times by 1 test Evaluated by: libssl.so.1.1

0-25282

969

return 0;

never executed: return 0;

970

} else {

executed 41455 times by 1 test: end of block

Executed by:

libssl.so.1.1

41455

971 /* DTLS v1.2 only for level 4 and above */ -

972

if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4)

((nid) == 0x0100)	Description
TRUE	evaluated 302 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1939 times by 1 test Evaluated by: libssl.so.1.1

((((nid) == 0x...0 : (0xFEFD)))	Description
TRUE	evaluated 999 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1242 times by 1 test Evaluated by: libssl.so.1.1

level >= 4	Description
TRUE	never evaluated
FALSE	evaluated 999 times by 1 test Evaluated by: libssl.so.1.1

0-1939

973

return 0;

never executed: return 0;

974

}

executed 2241 times by 1 test: end of block

Executed by:

libssl.so.1.1

2241

975

break;

executed 43696 times by 1 test: break;

Executed by:

libssl.so.1.1

43696

976 -

977

case SSL_SECOP_COMPRESSION:

never executed: case (15 | 0):

978

if (level >= 2)

level >= 2	Description
TRUE	never evaluated
FALSE	never evaluated

979

return 0;

never executed: return 0;

980

break;

never executed: break;

981

case SSL_SECOP_TICKET:

executed 4205 times by 1 test: case (10 | 0):

Executed by:

libssl.so.1.1

4205

982

if (level >= 3)

level >= 3	Description
TRUE	never evaluated
FALSE	evaluated 4205 times by 1 test Evaluated by: libssl.so.1.1

0-4205

983

return 0;

never executed: return 0;

984

break;

executed 4205 times by 1 test: break;

Executed by:

libssl.so.1.1

4205

985

default:

executed 96802 times by 1 test: default:

Executed by:

libssl.so.1.1

96802

986

if (bits < minbits)

bits < minbits	Description
TRUE	never evaluated
FALSE	evaluated 96802 times by 1 test Evaluated by: libssl.so.1.1

0-96802

987

return 0;

never executed: return 0;

988

}

executed 96802 times by 1 test: end of block

Executed by:

libssl.so.1.1

96802

989

return 1;

executed 189162 times by 1 test: return 1;

Executed by:

libssl.so.1.1

189162

990 } -

991 -

992 int ssl_security(const SSL *s, int op, int bits, int nid, void *other) -

993 { -

994

return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);

executed 672459 times by 1 test: return s->cert->sec_cb(s, ((void *)0) , op, bits, nid, other, s->cert->sec_ex);

Executed by:

libssl.so.1.1

672459

995 } -

996 -

997 int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) -

998 { -

999

return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,

executed 16365 times by 1 test: return ctx->cert->sec_cb( ((void *)0) , ctx, op, bits, nid, other, ctx->cert->sec_ex);

Executed by:

libssl.so.1.1

16365

1000

ctx->cert->sec_ex);

executed 16365 times by 1 test: return ctx->cert->sec_cb( ((void *)0) , ctx, op, bits, nid, other, ctx->cert->sec_ex);

Executed by:

libssl.so.1.1

16365

1001 } -

1002 -

1003 int ssl_cert_lookup_by_nid(int nid, size_t *pidx) -

1004 { -

1005 size_t i; -

1006 -

1007

for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {

i < (sizeof(ss...ert_info)[0]))	Description
TRUE	evaluated 45652 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-45652

1008

if (ssl_cert_info[i].nid == nid) {

ssl_cert_info[i].nid == nid	Description
TRUE	evaluated 22006 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23646 times by 1 test Evaluated by: libssl.so.1.1

22006-23646

1009 *pidx = i; -

1010

return 1;

executed 22006 times by 1 test: return 1;

Executed by:

libssl.so.1.1

22006

1011 } -

1012

}

executed 23646 times by 1 test: end of block

Executed by:

libssl.so.1.1

23646

1013 -

1014

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1015 } -

1016 -

1017 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) -

1018 { -

1019 int nid = EVP_PKEY_id(pk); -

1020 size_t tmpidx; -

1021 -

1022

if (nid == NID_undef)

nid == 0	Description
TRUE	never evaluated
FALSE	evaluated 20624 times by 1 test Evaluated by: libssl.so.1.1

0-20624

1023

return NULL;

never executed: return ((void *)0) ;

1024 -

1025

if (!ssl_cert_lookup_by_nid(nid, &tmpidx))

!ssl_cert_look...(nid, &tmpidx)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20621 times by 1 test Evaluated by: libssl.so.1.1

3-20621

1026

return NULL;

executed 3 times by 1 test: return ((void *)0) ;

Executed by:

libssl.so.1.1

1027 -

1028

if (pidx != NULL)

pidx != ((void *)0)	Description
TRUE	evaluated 20112 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 509 times by 1 test Evaluated by: libssl.so.1.1

509-20112

1029

*pidx = tmpidx;

executed 20112 times by 1 test: *pidx = tmpidx;

Executed by:

libssl.so.1.1

20112

1030 -

1031

return &ssl_cert_info[tmpidx];

executed 20621 times by 1 test: return &ssl_cert_info[tmpidx];

Executed by:

libssl.so.1.1

20621

1032 } -

1033 -

1034 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) -

1035 { -

1036

if (idx >= OSSL_NELEM(ssl_cert_info))

idx >= (sizeof...ert_info)[0]))	Description
TRUE	never evaluated
FALSE	evaluated 327134 times by 1 test Evaluated by: libssl.so.1.1

0-327134

1037

return NULL;

never executed: return ((void *)0) ;

1038

return &ssl_cert_info[idx];

executed 327134 times by 1 test: return &ssl_cert_info[idx];

Executed by:

libssl.so.1.1

327134

1039 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2