Branch Coverage

inc/matrixssl-3-9-3-open/matrixssl/matrixssl.c
Criterion Covered Total %
branch 272 704 38.6


line true false branch
106 0 17 if (*g_config == 'Y')
113 0 17 if (strncmp(g_config, config, clen) != 0)
120 0 17 if (psCryptoOpen(config + clen) < 0)
181 448 14 for (i = 0; i < SSL_SESSION_TABLE_SIZE; i++)
223 0 100808 if (lkeys == NULL)
233 0 100808 if (rc < 0)
248 1148 4592 if (id == 19)
250 0 1148 if (!(ecFlags & IS_SECP192R1))
255 1148 3444 else if (id == 21)
257 0 1148 if (!(ecFlags & IS_SECP224R1))
262 1148 2296 else if (id == 23)
264 0 1148 if (!(ecFlags & IS_SECP256R1))
269 1148 1148 else if (id == 24)
271 0 1148 if (!(ecFlags & IS_SECP384R1))
276 1148 0 else if (id == 25)
278 0 1148 if (!(ecFlags & IS_SECP521R1))
283 0 0 else if (id == 255)
285 0 0 if (!(ecFlags & IS_BRAIN224R1))
290 0 0 else if (id == 26)
292 0 0 if (!(ecFlags & IS_BRAIN256R1))
297 0 0 else if (id == 27)
299 0 0 if (!(ecFlags & IS_BRAIN384R1))
304 0 0 else if (id == 28)
306 0 0 if (!(ecFlags & IS_BRAIN512R1))
320 1148 4592 if (id == 19)
324 1148 3444 else if (id == 21)
328 1148 2296 else if (id == 23)
332 1148 1148 else if (id == 24)
336 1148 0 else if (id == 25)
340 0 0 else if (id == 255)
344 0 0 else if (id == 26)
348 0 0 else if (id == 27)
352 0 0 else if (id == 28)
368 0 0 if (keys->privKey.type == PS_ECC)
371 0 0 if (psTestUserEcID(eccKey->curve->curveId, ecFlags) < 0)
379 0 0 while (cert)
381 0 0 if (cert->publicKey.type == PS_ECC)
384 0 0 if (psTestUserEcID(eccKey->curve->curveId, ecFlags) < 0)
396 0 0 while (cert)
398 0 0 if (cert->publicKey.type == PS_ECC)
401 0 0 if (psTestUserEcID(eccKey->curve->curveId, ecFlags) < 0)
426 11 10 while (currCert)
429 1 10 while (nextCert && memcmp(currCert->issuer.hash, nextCert->subject.hash,
0 1 while (nextCert && memcmp(currCert->issuer.hash, nextCert->subject.hash,
435 0 0 if (nextCert && memcmp(currCert->issuer.hash,
0 0 if (nextCert && memcmp(currCert->issuer.hash,
461 0 15 if (keys == NULL)
468 11 4 if (macPass == NULL)
478 5 10 if ((rc = psPkcs12Parse(pool, &keys->cert, &keys->privKey, certFile, flags,
481 0 5 if (keys->cert)
493 1 9 if (verifyReadKeys(pool, keys, keys->poolUserPtr) < PS_SUCCESS)
543 0 0 if (opts)
546 0 0 if (privBuf == NULL)
549 0 0 if (privBuf != NULL && keytype == 0)
0 0 if (privBuf != NULL && keytype == 0)
558 0 0 if (keytype < 0)
588 0 0 if (opts)
591 0 0 if (privFile == NULL)
594 0 0 if (keytype == 0)
602 0 0 if (keytype < 0)
632 0 667 if (keys == NULL)
651 136 531 if (certFile)
654 0 136 if (keys->cert != NULL)
658 1 135 if ((err = psX509ParseCertFile(pool, (char *) certFile,
664 0 135 if (keys->cert->authFailFlags)
666 0 0 psAssert(keys->cert->authFailFlags == PS_CERT_AUTH_FAIL_DATE_FLAG);
682 134 532 if (privFile)
686 0 134 if (keys->privKey.keysize > 0)
688 0 0 if (keys->cert)
696 134 0 if (privKeyType == PS_RSA)
699 5 129 if ((err = psPkcs1ParsePrivFile(pool, (char *) privFile,
702 5 0 if (keys->cert)
713 0 129 if (privKeyType == PS_ECC)
716 0 0 if ((err = psEccParsePrivFile(pool, (char *) privFile,
719 0 0 if (keys->cert)
736 1 660 if (verifyReadKeys(pool, keys, keys->poolUserPtr) < PS_SUCCESS)
749 641 19 if (CAfile)
752 0 641 if (keys->CAcerts != NULL)
760 640 1 if (err >= 0)
774 0 640 if (keys->CAcerts->authFailFlags)
777 0 0 psAssert(keys->CAcerts->authFailFlags ==
791 1 640 if (err < 0)
794 0 1 if (keys->cert)
856 2203 0 psAssert(keys && curve);
2203 0 psAssert(keys && curve);
860 27 2176 if (keys->cache.eccPrivKey.curve != curve)
866 2 2174 if (keys->cache.eccPrivKeyUse > ECC_EPHEMERAL_CACHE_USAGE)
872 0 2174 if (psDiffMsecs(keys->cache.eccPrivKeyTime, t, keys->poolUserPtr) >
881 2174 0 if (ecc)
888 2 27 if (keys->cache.eccPrivKeyUse)
895 0 29 if (rc < 0)
903 29 0 if (ecc)
933 1 113 if (certBuf == NULL && privBuf == NULL && CAbuf == NULL)
1 0 if (certBuf == NULL && privBuf == NULL && CAbuf == NULL)
0 1 if (certBuf == NULL && privBuf == NULL && CAbuf == NULL)
938 0 114 if (keys == NULL)
956 113 1 if (certBuf)
959 0 113 if (keys->cert != NULL)
964 1 112 if ((err = psX509ParseCert(pool, (unsigned char *) certBuf,
976 112 1 if (privBuf)
980 112 0 if (privKeyType == PS_RSA)
983 0 112 if ((err = psRsaParsePkcs1PrivKey(pool, privBuf,
988 0 0 if ((err = psPkcs8ParsePrivBin(pool, (unsigned char *) privBuf,
1003 0 112 if (privKeyType == PS_ECC)
1006 0 0 if ((err = psEccParsePrivKey(pool, (unsigned char *) privBuf,
1011 0 0 if ((err = psPkcs8ParsePrivBin(pool, (unsigned char *) privBuf,
1031 0 113 if (verifyReadKeys(pool, keys, keys->poolUserPtr) < PS_SUCCESS)
1045 112 1 if (CAbuf)
1048 0 112 if (keys->CAcerts != NULL)
1082 0 113 if (err < 0)
1103 3 0 if (keys == NULL || OCSPResponseBuf == NULL || OCSPResponseBufLen == 0)
3 0 if (keys == NULL || OCSPResponseBuf == NULL || OCSPResponseBufLen == 0)
0 3 if (keys == NULL || OCSPResponseBuf == NULL || OCSPResponseBufLen == 0)
1111 1 2 if (keys->OCSPResponseBuf != NULL)
1118 0 3 if ((keys->OCSPResponseBuf = psMalloc(pool, OCSPResponseBufLen)) == NULL)
1135 5 0 if (keys == NULL || SCTResponseBuf == NULL || SCTResponseBufLen == 0) {
5 0 if (keys == NULL || SCTResponseBuf == NULL || SCTResponseBufLen == 0) {
0 5 if (keys == NULL || SCTResponseBuf == NULL || SCTResponseBufLen == 0) {
1141 3 2 if (keys->SCTResponseBuf != NULL) {
1147 0 5 if ((keys->SCTResponseBuf = psMalloc(pool, SCTResponseBufLen)) == NULL) {
1175 0 100808 if (keys == NULL)
1181 250 100558 if (keys->cert)
1190 752 100056 if (keys->CAcerts)
1202 0 100808 if (keys->pskKeys)
1205 0 0 while (psk)
1217 1 100807 if (keys->sessTickets)
1220 1 1 while (tick)
1232 27 100781 if (keys->cache.eccPrivKeyUse > 0)
1242 2 100806 if (keys->OCSPResponseBuf != NULL)
1270 532 252 if (keys->cert == NULL && keys->privKey.type == 0)
532 0 if (keys->cert == NULL && keys->privKey.type == 0)
1280 252 0 if (keys->cert != NULL && keys->privKey.type == 0)
1 251 if (keys->cert != NULL && keys->privKey.type == 0)
1285 251 0 if (keys->privKey.type != 0 && keys->cert == NULL)
0 251 if (keys->privKey.type != 0 && keys->cert == NULL)
1301 251 0 if (keys->cert != NULL && keys->cert->next != NULL)
1 250 if (keys->cert != NULL && keys->cert->next != NULL)
1307 1 0 while (tmp->next != NULL)
1309 1 0 if (tmp->authStatus != PS_TRUE)
1320 250 0 if (keys->privKey.type == PS_RSA)
1322 0 250 if (psRsaCmpPubKey(&keys->privKey.key.rsa,
1346 0 0 if (keys == NULL)
1358 0 0 if (keys == NULL)
1435 0 22314 if (flags & SSL_FLAGS_INTERCEPTOR)
1442 0 22314 if (lssl == NULL)
1451 0 22314 if (options->keep_peer_cert_der)
1455 0 22314 if (options->keep_peer_certs)
1461 22314 0 if (options->validateCertsOpts.max_verify_depth >= 0)
1467 0 22314 if (options->userDataPtr != NULL)
1475 0 22314 if (options->ecFlags)
1477 0 0 if (testUserEc(options->ecFlags, keys) < 0)
1508 0 22314 if (lssl->outbuf == NULL)
1522 0 22314 if (lssl->inbuf == NULL)
1532 0 22314 if ((lssl->cipher = sslGetCipherSpec(lssl, SSL_NULL_WITH_NULL_NULL)) == NULL)
1573 11158 11156 if (flags & SSL_FLAGS_SERVER)
1579 0 11158 if (flags & SSL_FLAGS_CLIENT_AUTH)
1588 0 11158 if (flags & SSL_FLAGS_SSLV3)
1598 0 11158 if (flags & SSL_FLAGS_TLS_1_0)
1612 0 11158 if (flags & SSL_FLAGS_TLS_1_1)
1626 0 11158 if (flags & SSL_FLAGS_TLS_1_2)
1636 0 11158 if (specificVersion)
1687 0 11156 if (flags & SSL_FLAGS_SSLV3)
1698 0 11156 if (flags & SSL_FLAGS_TLS_1_0)
1714 0 11156 if (flags & SSL_FLAGS_TLS_1_1)
1730 0 11156 if (flags & SSL_FLAGS_TLS_1_2)
1742 0 11156 if (specificVersion == 2)
1749 11156 0 if (specificVersion == 0)
1767 0 11156 if (lssl->majVer == 0)
1820 10521 635 if (session != NULL && session->cipherId != SSL_NULL_WITH_NULL_NULL)
0 10521 if (session != NULL && session->cipherId != SSL_NULL_WITH_NULL_NULL)
1823 0 0 if (lssl->cipher == NULL)
1837 0 0 for (i = 0; i < SSL_MAX_SESSION_ID_SIZE; i++)
1839 0 0 if (session->id[i] != 0x0)
1870 0 22314 if (ssl == NULL)
1895 2284 20030 if (ssl->sessionIdLen > 0 && (ssl->flags & SSL_FLAGS_SERVER))
1142 1142 if (ssl->sessionIdLen > 0 && (ssl->flags & SSL_FLAGS_SERVER))
1900 11158 11156 if ((ssl->flags & SSL_FLAGS_SERVER) && ssl->sid)
0 11158 if ((ssl->flags & SSL_FLAGS_SERVER) && ssl->sid)
1910 0 22314 if (ssl->expectedName)
1916 90 22224 if (ssl->sec.cert)
1926 0 22314 if (ssl->sec.dhP)
1930 0 22314 if (ssl->sec.dhG)
1934 0 22314 if (ssl->sec.dhKeyPub)
1940 0 22314 if (ssl->sec.dhKeyPriv)
1949 0 22314 if (ssl->sec.eccKeyPub)
1953 90 22224 if (ssl->sec.eccKeyPriv)
1963 0 22314 if (ssl->sec.premaster)
1967 0 22314 if (ssl->fragMessage)
2012 0 22314 if (ssl->alpn)
2033 9 0 if (option == SSL_OPTION_FULL_HANDSHAKE)
2036 0 9 if (ssl->flags & SSL_FLAGS_SERVER)
2046 0 9 if (option == SSL_OPTION_DISABLE_REHANDSHAKES)
2051 0 9 if (option == SSL_OPTION_REENABLE_REHANDSHAKES)
2058 0 9 if (ssl->flags & SSL_FLAGS_SERVER)
2060 0 0 if (option == SSL_OPTION_DISABLE_CLIENT_AUTH)
2064 0 0 else if (option == SSL_OPTION_ENABLE_CLIENT_AUTH)
2312 10129 0 if ((ssl != NULL) && (certValidator != NULL))
10129 0 if ((ssl != NULL) && (certValidator != NULL))
2332 544 17 for (i = 0; i < SSL_SESSION_TABLE_SIZE; i++)
2334 0 544 DLListInsertTail(&g_sessionChronList, &g_sessionTable[i].chronList);
2355 0 1147 if (!(ssl->flags & SSL_FLAGS_SERVER))
2362 0 1147 if (ssl->sid &&
0 0 if (ssl->sid &&
2388 0 1147 if (DLListIsEmpty(&g_sessionChronList))
2400 0 1147 if (i >= SSL_SESSION_TABLE_SIZE)
2454 0 7 if (ssl->sessionIdLen <= 0)
2461 0 7 if (i >= SSL_SESSION_TABLE_SIZE)
2467 7 0 if (g_sessionTable[i].inUse == 0)
2469 0 7 DLListInsertTail(&g_sessionChronList, &g_sessionTable[i].chronList);
2477 0 7 if (remove)
2503 0 2 if (!(ssl->flags & SSL_FLAGS_SERVER))
2507 0 2 if (ssl->sessionIdLen <= 0)
2515 2 0 if (i >= SSL_SESSION_TABLE_SIZE || g_sessionTable[i].cipher == NULL)
0 2 if (i >= SSL_SESSION_TABLE_SIZE || g_sessionTable[i].cipher == NULL)
2525 0 2 if ((memcmp(g_sessionTable[i].id, id,
2 0 if ((memcmp(g_sessionTable[i].id, id,
2526 2 0 (uint32) min(ssl->sessionIdLen, SSL_MAX_SESSION_ID_SIZE)) != 0) ||
2528 2 0 SSL_SESSION_ENTRY_LIFE) || (g_sessionTable[i].majVer != ssl->majVer)
2529 0 2 || (g_sessionTable[i].minVer != ssl->minVer))
2538 0 2 if (g_sessionTable[i].extendedMasterSecret == 0 &&
0 0 if (g_sessionTable[i].extendedMasterSecret == 0 &&
2544 2 0 if (g_sessionTable[i].extendedMasterSecret == 1 &&
0 2 if (g_sessionTable[i].extendedMasterSecret == 1 &&
2556 2 0 if (g_sessionTable[i].inUse == 1)
2576 0 2199 if (!(ssl->flags & SSL_FLAGS_SERVER))
2580 0 2199 if (ssl->sessionIdLen == 0)
2587 0 2199 if (i >= SSL_SESSION_TABLE_SIZE)
2595 1142 1057 g_sessionTable[i].inUse += ssl->flags & SSL_FLAGS_CLOSED ? -1 : 0;
2596 1142 1057 if (g_sessionTable[i].inUse == 0)
2599 0 1142 DLListInsertTail(&g_sessionChronList, &g_sessionTable[i].chronList);
2601 90 2109 if (ssl->flags & SSL_FLAGS_ERROR)
2633 0 0 while (lkey)
2635 0 0 if (lkey->inUse == 0 && (memcmp(lkey->name, name, 16) == 0))
0 0 if (lkey->inUse == 0 && (memcmp(lkey->name, name, 16) == 0))
2637 0 0 if (prev == NULL)
2640 0 0 if (lkey->next == NULL)
2691 1 0 if (symkeyLen != 16 && symkeyLen != 32)
0 1 if (symkeyLen != 16 && symkeyLen != 32)
2696 0 1 if (hashkeyLen != 32)
2702 1 0 if (keys->sessTickets == NULL)
2706 0 1 if (keys->sessTickets == NULL)
2717 0 0 while (keylist)
2723 0 0 if (i > SSL_SESSION_TICKET_LIST_LEN)
2730 0 0 if (keylist == NULL)
2797 0 0 if ((ticketLen + 6) > *outLen)
2851 0 0 if ((rc = psAesInitCBC(&ctx, out + 6 + 16, keys->symkey, keys->symkeyLen, PS_AES_ENCRYPT)) < 0)
2860 0 0 if ((rc = psHmacSha256Init(&dgst, keys->hashkey, keys->hashkeyLen)) < 0)
2901 0 0 while (lkey)
2903 0 0 if (memcmp(lkey->name, name, 16) == 0)
2908 0 0 if (ssl->keys->ticket_cb)
2921 0 0 if (ssl->keys->ticket_cb)
2927 0 0 if (rc < 0)
2929 0 0 if (lkey)
2938 0 0 if (cachedTicket == 0)
2942 0 0 if (lkey == NULL)
2946 0 0 while (lkey->next)
2950 0 0 if (memcmp(lkey->name, c, 16) != 0)
2984 0 0 if (inLen != matrixSessionTicketLen())
2991 0 0 if (getTicketKeys(ssl, c, &keys) < 0)
3024 0 0 if (memcmp(hash, c, L_HASHLEN) != 0)
3035 0 0 if (majVer != ssl->majVer || minVer != ssl->minVer)
0 0 if (majVer != ssl->majVer || minVer != ssl->minVer)
3045 0 0 if ((ssl->cipher = sslGetCipherSpec(ssl, cipherSuite)) == NULL)
3055 0 0 if (*enc == 0x0 && ssl->extFlags.require_extended_master_secret == 1)
0 0 if (*enc == 0x0 && ssl->extFlags.require_extended_master_secret == 1)
3074 0 0 if ((now - time) > (SSL_SESSION_ENTRY_LIFE / 1000))
3103 2119 0 if (ssl == NULL || ssl->flags & SSL_FLAGS_SERVER || session == NULL)
1060 1059 if (ssl == NULL || ssl->flags & SSL_FLAGS_SERVER || session == NULL)
550 510 if (ssl == NULL || ssl->flags & SSL_FLAGS_SERVER || session == NULL)
3108 510 0 if (ssl->cipher != NULL && ssl->cipher->ident != SSL_NULL_WITH_NULL_NULL &&
510 0 if (ssl->cipher != NULL && ssl->cipher->ident != SSL_NULL_WITH_NULL_NULL &&
510 0 if (ssl->cipher != NULL && ssl->cipher->ident != SSL_NULL_WITH_NULL_NULL &&
3118 0 510 if (session->sessionTicket != NULL && session->sessionTicketLen > 0)
0 0 if (session->sessionTicket != NULL && session->sessionTicketLen > 0)
3130 0 0 if (ssl->cipher != NULL && ssl->cipher->ident != SSL_NULL_WITH_NULL_NULL &&
0 0 if (ssl->cipher != NULL && ssl->cipher->ident != SSL_NULL_WITH_NULL_NULL &&
0 0 if (ssl->cipher != NULL && ssl->cipher->ident != SSL_NULL_WITH_NULL_NULL &&
3131 0 0 session->sessionTicket != NULL && session->sessionTicketLen > 0)
3153 0 0 if (protoCount > MAX_PROTO_EXT)
3159 0 0 for (i = 0; i < protoCount; i++)
3161 0 0 if (protoLen[i] <= 0 || protoLen[i] > 255)
0 0 if (protoLen[i] <= 0 || protoLen[i] > 255)
3167 0 0 if ((c = psMalloc(pool, len)) == NULL)
3177 0 0 for (i = 0; i < protoCount; i++)
3195 0 0 if ((c = psMalloc(pool, *extLen)) == NULL)
3222 0 0 if (ssl->sni_cb)
3227 0 0 if (keys)
3246 7 7 if (!(ssl->flags & SSL_FLAGS_SERVER))
3255 7 7 if (ssl->flags & SSL_FLAGS_SERVER)
3299 0 0 if (*c == '*')
3303 0 0 if (*c != '.')
3307 0 0 if (strchr(s, '@'))
3311 0 0 if ((e = strchr(s, '.')) == NULL)
3315 0 0 if (strcasecmp(c, e) == 0)
3320 0 0 else if (*c == '.')
3325 0 0 else if (strcasecmp(c, s) == 0)
3338 0 0 if (strlen(expectedEmail) != emailLen)
3343 0 0 if (caseSensitiveLocalPart)
3347 0 0 for (at_i = 0; at_i < emailLen; at_i++)
3349 0 0 if (email[at_i] == '@')
3356 0 0 if (((strncmp(email,
3357 0 0 expectedEmail, at_i)) == 0) &&
3367 0 0 if (strcasecmp(email, expectedEmail) == 0)
3433 0 1148 if (opts->mFlags & VCERTS_MFLAG_ALWAYS_CHECK_SUBJECT_CN)
3435 0 0 if (opts->nameType != NAME_TYPE_ANY &&
0 0 if (opts->nameType != NAME_TYPE_ANY &&
3436 0 0 opts->nameType != NAME_TYPE_HOSTNAME &&
3443 0 1148 if (opts->flags & VCERTS_FLAG_VALIDATE_EXPECTED_GENERAL_NAME)
3448 0 0 if (expectedName)
3450 0 0 if (psX509ValidateGeneralName(expectedName) < 0)
3463 0 1148 if (issuerCerts == NULL)
3472 1 1147 if ((ic = sc->next) != NULL)
3478 0 1 while (ic->next != NULL)
3480 0 0 if ((rc = psX509AuthenticateCert(pool, sc, ic, foundIssuer, hwCtx,
3485 0 0 if (ic->extensions.bc.pathLenConstraint >= 0)
3488 0 0 if (ic->extensions.bc.pathLenConstraint < pathLen)
3502 0 1 if ((rc = psX509AuthenticateCert(pool, sc, ic, foundIssuer, hwCtx,
3507 1 0 if (ic->extensions.bc.pathLenConstraint >= 0)
3510 0 1 if (ic->extensions.bc.pathLenConstraint < pathLen)
3531 1293 1 while (ic != NULL)
3534 1147 146 if ((rc = psX509AuthenticateCert(pool, sc, ic, foundIssuer, hwCtx,
3537 0 1147 if (ic->extensions.bc.pathLenConstraint >= 0)
3545 0 0 if (ic->signatureLen == sc->signatureLen &&
0 0 if (ic->signatureLen == sc->signatureLen &&
3549 0 0 if (pathLen > 0)
3554 0 0 if (ic->extensions.bc.pathLenConstraint < pathLen)
3566 0 1147 if (ext->critFlags & EXT_CRIT_FLAG(OID_ENUM(id_ce_extKeyUsage)))
3568 0 0 if (!(ext->ekuFlags & (EXT_KEY_USAGE_TLS_SERVER_AUTH |
3578 0 1147 if (expectedName == NULL ||
0 0 if (expectedName == NULL ||
3584 0 0 for (n = ext->san; n != NULL; n = n->next)
3590 0 0 if (opts->nameType == NAME_TYPE_ANY ||
0 0 if (opts->nameType == NAME_TYPE_ANY ||
3591 0 0 opts->nameType == NAME_TYPE_HOSTNAME ||
3594 0 0 if (wildcardMatch((char *) n->data, expectedName) == 0)
3602 0 0 if (opts->nameType == NAME_TYPE_ANY ||
0 0 if (opts->nameType == NAME_TYPE_ANY ||
3605 0 0 if (opts->mFlags &
3608 0 0 if (matchEmail((char *) n->data, n->dataLen,
3616 0 0 if (matchEmail((char *) n->data, n->dataLen,
3626 0 0 if (opts->nameType == NAME_TYPE_ANY ||
0 0 if (opts->nameType == NAME_TYPE_ANY ||
3635 0 0 if (strcmp(ip, expectedName) == 0)
3669 0 0 if (opts->nameType == NAME_TYPE_ANY ||
0 0 if (opts->nameType == NAME_TYPE_ANY ||
3670 0 0 opts->nameType == NAME_TYPE_CN ||
3673 0 0 if (!foundSupportedSAN ||
0 0 if (!foundSupportedSAN ||
3676 0 0 if (wildcardMatch(subjectCerts->subject.commonName,
3690 0 146 else if (rc == PS_MEM_FAIL)
3725 1029 119 if (certValidator == NULL)
3739 1 118 if (alert == SSL_ALERT_NONE)