crypto_private_key_import: 41| 4|{ 42| 4| struct crypto_private_key *res; 43| | 44| | /* First, check for possible PKCS #8 encoding */ 45| 4| res = pkcs8_key_import(key, len); 46| 4| if (res) ------------------ | Branch (46:6): [True: 2, False: 2] ------------------ 47| 2| return res; 48| | 49| 2| if (passwd) { ------------------ | Branch (49:6): [True: 0, False: 2] ------------------ 50| | /* Try to parse as encrypted PKCS #8 */ 51| 0| res = pkcs8_enc_key_import(key, len, passwd); 52| 0| if (res) ------------------ | Branch (52:7): [True: 0, False: 0] ------------------ 53| 0| return res; 54| 0| } 55| | 56| | /* Not PKCS#8, so try to import PKCS #1 encoded RSA private key */ 57| 2| wpa_printf(MSG_DEBUG, "Trying to parse PKCS #1 encoded RSA private " 58| 2| "key"); 59| 2| return (struct crypto_private_key *) 60| 2| crypto_rsa_import_private_key(key, len); 61| 2|} crypto_public_key_free: 100| 2|{ 101| 2| crypto_rsa_free((struct crypto_rsa_key *) key); 102| 2|} crypto_private_key_free: 106| 4|{ 107| 4| crypto_rsa_free((struct crypto_rsa_key *) key); 108| 4|} crypto_hash_init: 41| 18|{ 42| 18| struct crypto_hash *ctx; 43| 18| u8 k_pad[64]; 44| 18| u8 tk[32]; 45| 18| size_t i; 46| | 47| 18| ctx = os_zalloc(sizeof(*ctx)); 48| 18| if (ctx == NULL) ------------------ | Branch (48:6): [True: 0, False: 18] ------------------ 49| 0| return NULL; 50| | 51| 18| ctx->alg = alg; 52| | 53| 18| switch (alg) { 54| 6| case CRYPTO_HASH_ALG_MD5: ------------------ | Branch (54:2): [True: 6, False: 12] ------------------ 55| 6| MD5Init(&ctx->u.md5); 56| 6| break; 57| 6| case CRYPTO_HASH_ALG_SHA1: ------------------ | Branch (57:2): [True: 6, False: 12] ------------------ 58| 6| SHA1Init(&ctx->u.sha1); 59| 6| break; 60| 0|#ifdef CONFIG_SHA256 61| 6| case CRYPTO_HASH_ALG_SHA256: ------------------ | Branch (61:2): [True: 6, False: 12] ------------------ 62| 6| sha256_init(&ctx->u.sha256); 63| 6| break; 64| 0|#endif /* CONFIG_SHA256 */ 65| 0|#ifdef CONFIG_INTERNAL_SHA384 66| 0| case CRYPTO_HASH_ALG_SHA384: ------------------ | Branch (66:2): [True: 0, False: 18] ------------------ 67| 0| sha384_init(&ctx->u.sha384); 68| 0| break; 69| 0|#endif /* CONFIG_INTERNAL_SHA384 */ 70| |#ifdef CONFIG_INTERNAL_SHA512 71| | case CRYPTO_HASH_ALG_SHA512: 72| | sha512_init(&ctx->u.sha512); 73| | break; 74| |#endif /* CONFIG_INTERNAL_SHA512 */ 75| 0| case CRYPTO_HASH_ALG_HMAC_MD5: ------------------ | Branch (75:2): [True: 0, False: 18] ------------------ 76| 0| if (key_len > sizeof(k_pad)) { ------------------ | Branch (76:7): [True: 0, False: 0] ------------------ 77| 0| MD5Init(&ctx->u.md5); 78| 0| MD5Update(&ctx->u.md5, key, key_len); 79| 0| MD5Final(tk, &ctx->u.md5); 80| 0| key = tk; 81| 0| key_len = 16; 82| 0| } 83| 0| os_memcpy(ctx->key, key, key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 84| 0| ctx->key_len = key_len; 85| | 86| 0| os_memcpy(k_pad, key, key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 87| 0| if (key_len < sizeof(k_pad)) ------------------ | Branch (87:7): [True: 0, False: 0] ------------------ 88| 0| os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); ------------------ | | 529| 0|#define os_memset(s, c, n) memset(s, c, n) ------------------ 89| 0| for (i = 0; i < sizeof(k_pad); i++) ------------------ | Branch (89:15): [True: 0, False: 0] ------------------ 90| 0| k_pad[i] ^= 0x36; 91| 0| MD5Init(&ctx->u.md5); 92| 0| MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad)); 93| 0| break; 94| 0| case CRYPTO_HASH_ALG_HMAC_SHA1: ------------------ | Branch (94:2): [True: 0, False: 18] ------------------ 95| 0| if (key_len > sizeof(k_pad)) { ------------------ | Branch (95:7): [True: 0, False: 0] ------------------ 96| 0| SHA1Init(&ctx->u.sha1); 97| 0| SHA1Update(&ctx->u.sha1, key, key_len); 98| 0| SHA1Final(tk, &ctx->u.sha1); 99| 0| key = tk; 100| 0| key_len = 20; 101| 0| } 102| 0| os_memcpy(ctx->key, key, key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 103| 0| ctx->key_len = key_len; 104| | 105| 0| os_memcpy(k_pad, key, key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 106| 0| if (key_len < sizeof(k_pad)) ------------------ | Branch (106:7): [True: 0, False: 0] ------------------ 107| 0| os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); ------------------ | | 529| 0|#define os_memset(s, c, n) memset(s, c, n) ------------------ 108| 0| for (i = 0; i < sizeof(k_pad); i++) ------------------ | Branch (108:15): [True: 0, False: 0] ------------------ 109| 0| k_pad[i] ^= 0x36; 110| 0| SHA1Init(&ctx->u.sha1); 111| 0| SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad)); 112| 0| break; 113| 0|#ifdef CONFIG_SHA256 114| 0| case CRYPTO_HASH_ALG_HMAC_SHA256: ------------------ | Branch (114:2): [True: 0, False: 18] ------------------ 115| 0| if (key_len > sizeof(k_pad)) { ------------------ | Branch (115:7): [True: 0, False: 0] ------------------ 116| 0| sha256_init(&ctx->u.sha256); 117| 0| sha256_process(&ctx->u.sha256, key, key_len); 118| 0| sha256_done(&ctx->u.sha256, tk); 119| 0| key = tk; 120| 0| key_len = 32; 121| 0| } 122| 0| os_memcpy(ctx->key, key, key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 123| 0| ctx->key_len = key_len; 124| | 125| 0| os_memcpy(k_pad, key, key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 126| 0| if (key_len < sizeof(k_pad)) ------------------ | Branch (126:7): [True: 0, False: 0] ------------------ 127| 0| os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); ------------------ | | 529| 0|#define os_memset(s, c, n) memset(s, c, n) ------------------ 128| 0| for (i = 0; i < sizeof(k_pad); i++) ------------------ | Branch (128:15): [True: 0, False: 0] ------------------ 129| 0| k_pad[i] ^= 0x36; 130| 0| sha256_init(&ctx->u.sha256); 131| 0| sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); 132| 0| break; 133| 0|#endif /* CONFIG_SHA256 */ 134| 0| default: ------------------ | Branch (134:2): [True: 0, False: 18] ------------------ 135| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 136| 0| return NULL; 137| 18| } 138| | 139| 18| return ctx; 140| 18|} crypto_hash_finish: 180| 36|{ 181| 36| u8 k_pad[64]; 182| 36| size_t i; 183| | 184| 36| if (ctx == NULL) ------------------ | Branch (184:6): [True: 18, False: 18] ------------------ 185| 18| return -2; 186| | 187| 18| if (mac == NULL || len == NULL) { ------------------ | Branch (187:6): [True: 18, False: 0] | Branch (187:21): [True: 0, False: 0] ------------------ 188| 18| os_free(ctx); ------------------ | | 511| 18|#define os_free(p) free((p)) ------------------ 189| 18| return 0; 190| 18| } 191| | 192| 0| switch (ctx->alg) { 193| 0| case CRYPTO_HASH_ALG_MD5: ------------------ | Branch (193:2): [True: 0, False: 0] ------------------ 194| 0| if (*len < 16) { ------------------ | Branch (194:7): [True: 0, False: 0] ------------------ 195| 0| *len = 16; 196| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 197| 0| return -1; 198| 0| } 199| 0| *len = 16; 200| 0| MD5Final(mac, &ctx->u.md5); 201| 0| break; 202| 0| case CRYPTO_HASH_ALG_SHA1: ------------------ | Branch (202:2): [True: 0, False: 0] ------------------ 203| 0| if (*len < 20) { ------------------ | Branch (203:7): [True: 0, False: 0] ------------------ 204| 0| *len = 20; 205| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 206| 0| return -1; 207| 0| } 208| 0| *len = 20; 209| 0| SHA1Final(mac, &ctx->u.sha1); 210| 0| break; 211| 0|#ifdef CONFIG_SHA256 212| 0| case CRYPTO_HASH_ALG_SHA256: ------------------ | Branch (212:2): [True: 0, False: 0] ------------------ 213| 0| if (*len < 32) { ------------------ | Branch (213:7): [True: 0, False: 0] ------------------ 214| 0| *len = 32; 215| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 216| 0| return -1; 217| 0| } 218| 0| *len = 32; 219| 0| sha256_done(&ctx->u.sha256, mac); 220| 0| break; 221| 0|#endif /* CONFIG_SHA256 */ 222| 0|#ifdef CONFIG_INTERNAL_SHA384 223| 0| case CRYPTO_HASH_ALG_SHA384: ------------------ | Branch (223:2): [True: 0, False: 0] ------------------ 224| 0| if (*len < 48) { ------------------ | Branch (224:7): [True: 0, False: 0] ------------------ 225| 0| *len = 48; 226| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 227| 0| return -1; 228| 0| } 229| 0| *len = 48; 230| 0| sha384_done(&ctx->u.sha384, mac); 231| 0| break; 232| 0|#endif /* CONFIG_INTERNAL_SHA384 */ 233| |#ifdef CONFIG_INTERNAL_SHA512 234| | case CRYPTO_HASH_ALG_SHA512: 235| | if (*len < 64) { 236| | *len = 64; 237| | os_free(ctx); 238| | return -1; 239| | } 240| | *len = 64; 241| | sha512_done(&ctx->u.sha512, mac); 242| | break; 243| |#endif /* CONFIG_INTERNAL_SHA512 */ 244| 0| case CRYPTO_HASH_ALG_HMAC_MD5: ------------------ | Branch (244:2): [True: 0, False: 0] ------------------ 245| 0| if (*len < 16) { ------------------ | Branch (245:7): [True: 0, False: 0] ------------------ 246| 0| *len = 16; 247| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 248| 0| return -1; 249| 0| } 250| 0| *len = 16; 251| | 252| 0| MD5Final(mac, &ctx->u.md5); 253| | 254| 0| os_memcpy(k_pad, ctx->key, ctx->key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 255| 0| os_memset(k_pad + ctx->key_len, 0, ------------------ | | 529| 0|#define os_memset(s, c, n) memset(s, c, n) ------------------ 256| 0| sizeof(k_pad) - ctx->key_len); 257| 0| for (i = 0; i < sizeof(k_pad); i++) ------------------ | Branch (257:15): [True: 0, False: 0] ------------------ 258| 0| k_pad[i] ^= 0x5c; 259| 0| MD5Init(&ctx->u.md5); 260| 0| MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad)); 261| 0| MD5Update(&ctx->u.md5, mac, 16); 262| 0| MD5Final(mac, &ctx->u.md5); 263| 0| break; 264| 0| case CRYPTO_HASH_ALG_HMAC_SHA1: ------------------ | Branch (264:2): [True: 0, False: 0] ------------------ 265| 0| if (*len < 20) { ------------------ | Branch (265:7): [True: 0, False: 0] ------------------ 266| 0| *len = 20; 267| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 268| 0| return -1; 269| 0| } 270| 0| *len = 20; 271| | 272| 0| SHA1Final(mac, &ctx->u.sha1); 273| | 274| 0| os_memcpy(k_pad, ctx->key, ctx->key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 275| 0| os_memset(k_pad + ctx->key_len, 0, ------------------ | | 529| 0|#define os_memset(s, c, n) memset(s, c, n) ------------------ 276| 0| sizeof(k_pad) - ctx->key_len); 277| 0| for (i = 0; i < sizeof(k_pad); i++) ------------------ | Branch (277:15): [True: 0, False: 0] ------------------ 278| 0| k_pad[i] ^= 0x5c; 279| 0| SHA1Init(&ctx->u.sha1); 280| 0| SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad)); 281| 0| SHA1Update(&ctx->u.sha1, mac, 20); 282| 0| SHA1Final(mac, &ctx->u.sha1); 283| 0| break; 284| 0|#ifdef CONFIG_SHA256 285| 0| case CRYPTO_HASH_ALG_HMAC_SHA256: ------------------ | Branch (285:2): [True: 0, False: 0] ------------------ 286| 0| if (*len < 32) { ------------------ | Branch (286:7): [True: 0, False: 0] ------------------ 287| 0| *len = 32; 288| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 289| 0| return -1; 290| 0| } 291| 0| *len = 32; 292| | 293| 0| sha256_done(&ctx->u.sha256, mac); 294| | 295| 0| os_memcpy(k_pad, ctx->key, ctx->key_len); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 296| 0| os_memset(k_pad + ctx->key_len, 0, ------------------ | | 529| 0|#define os_memset(s, c, n) memset(s, c, n) ------------------ 297| 0| sizeof(k_pad) - ctx->key_len); 298| 0| for (i = 0; i < sizeof(k_pad); i++) ------------------ | Branch (298:15): [True: 0, False: 0] ------------------ 299| 0| k_pad[i] ^= 0x5c; 300| 0| sha256_init(&ctx->u.sha256); 301| 0| sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); 302| 0| sha256_process(&ctx->u.sha256, mac, 32); 303| 0| sha256_done(&ctx->u.sha256, mac); 304| 0| break; 305| 0|#endif /* CONFIG_SHA256 */ 306| 0| default: ------------------ | Branch (306:2): [True: 0, False: 0] ------------------ 307| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 308| 0| return -1; 309| 0| } 310| | 311| 0| os_free(ctx); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 312| | 313| 0| if (TEST_FAIL()) ------------------ | | 688| 0|#define TEST_FAIL() testing_test_fail(NULL, false) | | ------------------ | | | Branch (688:21): [True: 0, False: 0] | | ------------------ ------------------ 314| 0| return -1; 315| | 316| 0| return 0; 317| 0|} crypto_global_init: 321| 4|{ 322| 4| return 0; 323| 4|} crypto_global_deinit: 327| 4|{ 328| 4|} MD5Init: 88| 6|{ 89| 6| ctx->buf[0] = 0x67452301; 90| 6| ctx->buf[1] = 0xefcdab89; 91| 6| ctx->buf[2] = 0x98badcfe; 92| 6| ctx->buf[3] = 0x10325476; 93| | 94| 6| ctx->bits[0] = 0; 95| 6| ctx->bits[1] = 0; 96| 6|} SHA1Init: 235| 6|{ 236| | /* SHA1 initialization constants */ 237| 6| context->state[0] = 0x67452301; 238| 6| context->state[1] = 0xEFCDAB89; 239| 6| context->state[2] = 0x98BADCFE; 240| 6| context->state[3] = 0x10325476; 241| 6| context->state[4] = 0xC3D2E1F0; 242| 6| context->count[0] = context->count[1] = 0; 243| 6|} sha256_init: 125| 6|{ 126| 6| md->curlen = 0; 127| 6| md->length = 0; 128| 6| md->state[0] = 0x6A09E667UL; 129| 6| md->state[1] = 0xBB67AE85UL; 130| 6| md->state[2] = 0x3C6EF372UL; 131| 6| md->state[3] = 0xA54FF53AUL; 132| 6| md->state[4] = 0x510E527FUL; 133| 6| md->state[5] = 0x9B05688CUL; 134| 6| md->state[6] = 0x1F83D9ABUL; 135| 6| md->state[7] = 0x5BE0CD19UL; 136| 6|} tls_init: 41| 2|{ 42| 2| struct tls_global *global; 43| | 44| 2| if (tls_ref_count == 0) { ------------------ | Branch (44:6): [True: 2, False: 0] ------------------ 45| 2|#ifdef CONFIG_TLS_INTERNAL_CLIENT 46| 2| if (tlsv1_client_global_init()) ------------------ | Branch (46:7): [True: 0, False: 2] ------------------ 47| 0| return NULL; 48| 2|#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 49| 2|#ifdef CONFIG_TLS_INTERNAL_SERVER 50| 2| if (tlsv1_server_global_init()) ------------------ | Branch (50:7): [True: 0, False: 2] ------------------ 51| 0| return NULL; 52| 2|#endif /* CONFIG_TLS_INTERNAL_SERVER */ 53| 2| } 54| 2| tls_ref_count++; 55| | 56| 2| global = os_zalloc(sizeof(*global)); 57| 2| if (global == NULL) ------------------ | Branch (57:6): [True: 0, False: 2] ------------------ 58| 0| return NULL; 59| 2| if (conf) { ------------------ | Branch (59:6): [True: 2, False: 0] ------------------ 60| 2| global->event_cb = conf->event_cb; 61| 2| global->cb_ctx = conf->cb_ctx; 62| 2| global->cert_in_cb = conf->cert_in_cb; 63| 2| } 64| | 65| 2| return global; 66| 2|} tls_deinit: 69| 2|{ 70| 2| struct tls_global *global = ssl_ctx; 71| 2| tls_ref_count--; 72| 2| if (tls_ref_count == 0) { ------------------ | Branch (72:6): [True: 2, False: 0] ------------------ 73| 2|#ifdef CONFIG_TLS_INTERNAL_CLIENT 74| 2| tlsv1_client_global_deinit(); 75| 2|#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76| 2|#ifdef CONFIG_TLS_INTERNAL_SERVER 77| 2| tlsv1_server_global_deinit(); 78| 2|#endif /* CONFIG_TLS_INTERNAL_SERVER */ 79| 2| } 80| 2|#ifdef CONFIG_TLS_INTERNAL_SERVER 81| 2| tlsv1_cred_free(global->server_cred); 82| 2|#endif /* CONFIG_TLS_INTERNAL_SERVER */ 83| 2| os_free(global); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 84| 2|} tls_connection_init: 94| 2|{ 95| 2| struct tls_connection *conn; 96| 2| struct tls_global *global = tls_ctx; 97| | 98| 2| conn = os_zalloc(sizeof(*conn)); 99| 2| if (conn == NULL) ------------------ | Branch (99:6): [True: 0, False: 2] ------------------ 100| 0| return NULL; 101| 2| conn->global = global; 102| | 103| 2|#ifdef CONFIG_TLS_INTERNAL_CLIENT 104| 2| if (!global->server) { ------------------ | Branch (104:6): [True: 0, False: 2] ------------------ 105| 0| conn->client = tlsv1_client_init(); 106| 0| if (conn->client == NULL) { ------------------ | Branch (106:7): [True: 0, False: 0] ------------------ 107| 0| os_free(conn); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 108| 0| return NULL; 109| 0| } 110| 0| tlsv1_client_set_cb(conn->client, global->event_cb, 111| 0| global->cb_ctx, global->cert_in_cb); 112| 0| } 113| 2|#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114| 2|#ifdef CONFIG_TLS_INTERNAL_SERVER 115| 2| if (global->server) { ------------------ | Branch (115:6): [True: 2, False: 0] ------------------ 116| 2| conn->server = tlsv1_server_init(global->server_cred); 117| 2| if (conn->server == NULL) { ------------------ | Branch (117:7): [True: 0, False: 2] ------------------ 118| 0| os_free(conn); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 119| 0| return NULL; 120| 0| } 121| 2| } 122| 2|#endif /* CONFIG_TLS_INTERNAL_SERVER */ 123| | 124| 2| return conn; 125| 2|} tls_connection_deinit: 151| 2|{ 152| 2| if (conn == NULL) ------------------ | Branch (152:6): [True: 0, False: 2] ------------------ 153| 0| return; 154| 2|#ifdef CONFIG_TLS_INTERNAL_CLIENT 155| 2| if (conn->client) ------------------ | Branch (155:6): [True: 0, False: 2] ------------------ 156| 0| tlsv1_client_deinit(conn->client); 157| 2|#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 158| 2|#ifdef CONFIG_TLS_INTERNAL_SERVER 159| 2| if (conn->server) ------------------ | Branch (159:6): [True: 2, False: 0] ------------------ 160| 2| tlsv1_server_deinit(conn->server); 161| 2|#endif /* CONFIG_TLS_INTERNAL_SERVER */ 162| 2| os_free(conn); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 163| 2|} tls_global_set_params: 300| 2|{ 301| 2|#ifdef CONFIG_TLS_INTERNAL_SERVER 302| 2| struct tls_global *global = tls_ctx; 303| 2| struct tlsv1_credentials *cred; 304| | 305| 2| if (params->check_cert_subject) ------------------ | Branch (305:6): [True: 0, False: 2] ------------------ 306| 0| return -1; /* not yet supported */ 307| | 308| | /* Currently, global parameters are only set when running in server 309| | * mode. */ 310| 2| global->server = 1; 311| 2| tlsv1_cred_free(global->server_cred); 312| 2| global->server_cred = cred = tlsv1_cred_alloc(); 313| 2| if (cred == NULL) ------------------ | Branch (313:6): [True: 0, False: 2] ------------------ 314| 0| return -1; 315| | 316| 2| if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, ------------------ | Branch (316:6): [True: 0, False: 2] ------------------ 317| 2| params->ca_cert_blob_len, params->ca_path)) { 318| 0| wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 319| 0| "certificates"); 320| 0| return -1; 321| 0| } 322| | 323| 2| if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, ------------------ | Branch (323:6): [True: 0, False: 2] ------------------ 324| 2| params->client_cert_blob_len)) { 325| 0| wpa_printf(MSG_INFO, "TLS: Failed to configure server " 326| 0| "certificate"); 327| 0| return -1; 328| 0| } 329| | 330| 2| if (tlsv1_set_private_key(cred, params->private_key, ------------------ | Branch (330:6): [True: 0, False: 2] ------------------ 331| 2| params->private_key_passwd, 332| 2| params->private_key_blob, 333| 2| params->private_key_blob_len)) { 334| 0| wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 335| 0| return -1; 336| 0| } 337| | 338| 2| if (tlsv1_set_dhparams(cred, params->dh_file, NULL, 0)) { ------------------ | Branch (338:6): [True: 0, False: 2] ------------------ 339| 0| wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 340| 0| return -1; 341| 0| } 342| | 343| 2| if (params->ocsp_stapling_response) ------------------ | Branch (343:6): [True: 0, False: 2] ------------------ 344| 0| cred->ocsp_stapling_response = 345| 0| os_strdup(params->ocsp_stapling_response); ------------------ | | 517| 0|#define os_strdup(s) strdup(s) ------------------ 346| 2| if (params->ocsp_stapling_response_multi) ------------------ | Branch (346:6): [True: 0, False: 2] ------------------ 347| 0| cred->ocsp_stapling_response_multi = 348| 0| os_strdup(params->ocsp_stapling_response_multi); ------------------ | | 517| 0|#define os_strdup(s) strdup(s) ------------------ 349| | 350| 2| return 0; 351| |#else /* CONFIG_TLS_INTERNAL_SERVER */ 352| | return -1; 353| |#endif /* CONFIG_TLS_INTERNAL_SERVER */ 354| 2|} asn1_get_next: 172| 312|{ 173| 312| const u8 *pos, *end; 174| 312| u8 tmp; 175| | 176| 312| os_memset(hdr, 0, sizeof(*hdr)); ------------------ | | 529| 312|#define os_memset(s, c, n) memset(s, c, n) ------------------ 177| 312| pos = buf; 178| 312| end = buf + len; 179| | 180| 312| if (pos >= end) { ------------------ | Branch (180:6): [True: 0, False: 312] ------------------ 181| 0| wpa_printf(MSG_DEBUG, "ASN.1: No room for Identifier"); 182| 0| return -1; 183| 0| } 184| 312| hdr->identifier = *pos++; 185| 312| hdr->class = hdr->identifier >> 6; 186| 312| hdr->constructed = !!(hdr->identifier & (1 << 5)); 187| | 188| 312| if ((hdr->identifier & 0x1f) == 0x1f) { ------------------ | Branch (188:6): [True: 0, False: 312] ------------------ 189| 0| size_t ext_len = 0; 190| | 191| 0| hdr->tag = 0; 192| 0| if (pos == end || (*pos & 0x7f) == 0) { ------------------ | Branch (192:7): [True: 0, False: 0] | Branch (192:21): [True: 0, False: 0] ------------------ 193| 0| wpa_printf(MSG_DEBUG, 194| 0| "ASN.1: Invalid extended tag (first octet has to be included with at least one nonzero bit for the tag value)"); 195| 0| return -1; 196| 0| } 197| 0| do { 198| 0| if (pos >= end) { ------------------ | Branch (198:8): [True: 0, False: 0] ------------------ 199| 0| wpa_printf(MSG_DEBUG, "ASN.1: Identifier " 200| 0| "underflow"); 201| 0| return -1; 202| 0| } 203| 0| ext_len++; 204| 0| tmp = *pos++; 205| 0| wpa_printf(MSG_MSGDUMP, "ASN.1: Extended tag data: " 206| 0| "0x%02x", tmp); 207| 0| hdr->tag = (hdr->tag << 7) | (tmp & 0x7f); 208| 0| } while (tmp & 0x80); ------------------ | Branch (208:12): [True: 0, False: 0] ------------------ 209| 0| wpa_printf(MSG_MSGDUMP, "ASN.1: Extended Tag: 0x%x (len=%zu)", 210| 0| hdr->tag, ext_len); 211| 0| if ((hdr->class != ASN1_CLASS_PRIVATE && hdr->tag < 31) || ------------------ | | 46| 0|#define ASN1_CLASS_PRIVATE 3 ------------------ | Branch (211:8): [True: 0, False: 0] | Branch (211:44): [True: 0, False: 0] ------------------ 212| 0| ext_len * 7 > sizeof(hdr->tag) * 8) { ------------------ | Branch (212:7): [True: 0, False: 0] ------------------ 213| 0| wpa_printf(MSG_DEBUG, 214| 0| "ASN.1: Invalid or unsupported (too large) extended Tag: 0x%x (len=%zu)", 215| 0| hdr->tag, ext_len); 216| 0| return -1; 217| 0| } 218| 0| } else 219| 312| hdr->tag = hdr->identifier & 0x1f; 220| | 221| 312| if (pos >= end) { ------------------ | Branch (221:6): [True: 0, False: 312] ------------------ 222| 0| wpa_printf(MSG_DEBUG, "ASN.1: No room for Length"); 223| 0| return -1; 224| 0| } 225| 312| tmp = *pos++; 226| 312| if (tmp & 0x80) { ------------------ | Branch (226:6): [True: 48, False: 264] ------------------ 227| 48| if (tmp == 0xff) { ------------------ | Branch (227:7): [True: 0, False: 48] ------------------ 228| 0| wpa_printf(MSG_DEBUG, "ASN.1: Reserved length " 229| 0| "value 0xff used"); 230| 0| return -1; 231| 0| } 232| 48| tmp &= 0x7f; /* number of subsequent octets */ 233| 48| hdr->length = 0; 234| 48| if (tmp == 0 || pos == end || *pos == 0) { ------------------ | Branch (234:7): [True: 0, False: 48] | Branch (234:19): [True: 0, False: 48] | Branch (234:33): [True: 0, False: 48] ------------------ 235| 0| wpa_printf(MSG_DEBUG, 236| 0| "ASN.1: Definite long form of the length does not start with a nonzero value"); 237| 0| return -1; 238| 0| } 239| 48| if (tmp > 4) { ------------------ | Branch (239:7): [True: 0, False: 48] ------------------ 240| 0| wpa_printf(MSG_DEBUG, "ASN.1: Too long length field"); 241| 0| return -1; 242| 0| } 243| 130| while (tmp--) { ------------------ | Branch (243:10): [True: 82, False: 48] ------------------ 244| 82| if (pos >= end) { ------------------ | Branch (244:8): [True: 0, False: 82] ------------------ 245| 0| wpa_printf(MSG_DEBUG, "ASN.1: Length " 246| 0| "underflow"); 247| 0| return -1; 248| 0| } 249| 82| hdr->length = (hdr->length << 8) | *pos++; 250| 82| } 251| 48| if (hdr->length < 128) { ------------------ | Branch (251:7): [True: 0, False: 48] ------------------ 252| 0| wpa_printf(MSG_DEBUG, 253| 0| "ASN.1: Definite long form of the length used with too short length"); 254| 0| return -1; 255| 0| } 256| 264| } else { 257| | /* Short form - length 0..127 in one octet */ 258| 264| hdr->length = tmp; 259| 264| } 260| | 261| 312| if (end < pos || hdr->length > (unsigned int) (end - pos)) { ------------------ | Branch (261:6): [True: 0, False: 312] | Branch (261:19): [True: 0, False: 312] ------------------ 262| 0| wpa_printf(MSG_DEBUG, "ASN.1: Contents underflow"); 263| 0| return -1; 264| 0| } 265| | 266| 312| hdr->payload = pos; 267| | 268| 312| if (!asn1_valid_der(hdr)) { ------------------ | Branch (268:6): [True: 4, False: 308] ------------------ 269| 4| asn1_print_hdr(hdr, "ASN.1: Invalid DER encoding: "); 270| 4| return -1; 271| 4| } 272| 308| return 0; 273| 312|} asn1_print_hdr: 277| 4|{ 278| 4| wpa_printf(MSG_DEBUG, "%sclass %d constructed %d tag 0x%x", 279| 4| title, hdr->class, hdr->constructed, hdr->tag); 280| 4|} asn1_unexpected: 284| 4|{ 285| 4| wpa_printf(MSG_DEBUG, "%s - found class %d constructed %d tag 0x%x", 286| 4| title, hdr->class, hdr->constructed, hdr->tag); 287| 4|} asn1_parse_oid: 291| 64|{ 292| 64| const u8 *pos, *end; 293| 64| unsigned long val; 294| 64| u8 tmp; 295| | 296| 64| os_memset(oid, 0, sizeof(*oid)); ------------------ | | 529| 64|#define os_memset(s, c, n) memset(s, c, n) ------------------ 297| | 298| 64| pos = buf; 299| 64| end = buf + len; 300| | 301| 318| while (pos < end) { ------------------ | Branch (301:9): [True: 254, False: 64] ------------------ 302| 254| val = 0; 303| | 304| 296| do { 305| 296| if (pos >= end) ------------------ | Branch (305:8): [True: 0, False: 296] ------------------ 306| 0| return -1; 307| 296| tmp = *pos++; 308| 296| val = (val << 7) | (tmp & 0x7f); 309| 296| } while (tmp & 0x80); ------------------ | Branch (309:12): [True: 42, False: 254] ------------------ 310| | 311| 254| if (oid->len >= ASN1_MAX_OID_LEN) { ------------------ | | 55| 254|#define ASN1_MAX_OID_LEN 20 ------------------ | Branch (311:7): [True: 0, False: 254] ------------------ 312| 0| wpa_printf(MSG_DEBUG, "ASN.1: Too long OID value"); 313| 0| return -1; 314| 0| } 315| 254| if (oid->len == 0) { ------------------ | Branch (315:7): [True: 64, False: 190] ------------------ 316| | /* 317| | * The first octet encodes the first two object 318| | * identifier components in (X*40) + Y formula. 319| | * X = 0..2. 320| | */ 321| 64| oid->oid[0] = val / 40; 322| 64| if (oid->oid[0] > 2) ------------------ | Branch (322:8): [True: 0, False: 64] ------------------ 323| 0| oid->oid[0] = 2; 324| 64| oid->oid[1] = val - oid->oid[0] * 40; 325| 64| oid->len = 2; 326| 64| } else 327| 190| oid->oid[oid->len++] = val; 328| 254| } 329| | 330| 64| return 0; 331| 64|} asn1_get_oid: 336| 64|{ 337| 64| struct asn1_hdr hdr; 338| | 339| 64| if (asn1_get_next(buf, len, &hdr) < 0 || hdr.length == 0 || ------------------ | Branch (339:6): [True: 0, False: 64] | Branch (339:43): [True: 0, False: 64] ------------------ 340| 64| !asn1_is_oid(&hdr)) { ------------------ | Branch (340:6): [True: 0, False: 64] ------------------ 341| 0| asn1_unexpected(&hdr, "ASN.1: Expected OID"); 342| 0| return -1; 343| 0| } 344| | 345| 64| *next = hdr.payload + hdr.length; 346| | 347| 64| return asn1_parse_oid(hdr.payload, hdr.length, oid); 348| 64|} asn1_oid_to_str: 352| 20|{ 353| 20| char *pos = buf; 354| 20| size_t i; 355| 20| int ret; 356| | 357| 20| if (len == 0) ------------------ | Branch (357:6): [True: 0, False: 20] ------------------ 358| 0| return; 359| | 360| 20| buf[0] = '\0'; 361| | 362| 116| for (i = 0; i < oid->len; i++) { ------------------ | Branch (362:14): [True: 96, False: 20] ------------------ 363| 96| ret = os_snprintf(pos, buf + len - pos, ------------------ | | 572| 96|#define os_snprintf snprintf ------------------ 364| 96| "%s%lu", 365| 96| i == 0 ? "" : ".", oid->oid[i]); ------------------ | Branch (365:7): [True: 20, False: 76] ------------------ 366| 96| if (os_snprintf_error(buf + len - pos, ret)) ------------------ | Branch (366:7): [True: 0, False: 96] ------------------ 367| 0| break; 368| 96| pos += ret; 369| 96| } 370| 20| buf[len - 1] = '\0'; 371| 20|} asn1.c:asn1_valid_der: 127| 312|{ 128| 312| if (hdr->class != ASN1_CLASS_UNIVERSAL) ------------------ | | 43| 312|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (128:6): [True: 10, False: 302] ------------------ 129| 10| return 1; 130| 302| if (hdr->tag == ASN1_TAG_BOOLEAN && !asn1_valid_der_boolean(hdr)) ------------------ | | 13| 604|#define ASN1_TAG_BOOLEAN 0x01 ------------------ | Branch (130:6): [True: 2, False: 300] | Branch (130:38): [True: 0, False: 2] ------------------ 131| 0| return 0; 132| 302| if (hdr->tag == ASN1_TAG_NULL && hdr->length != 0) ------------------ | | 17| 604|#define ASN1_TAG_NULL 0x05 ------------------ | Branch (132:6): [True: 0, False: 302] | Branch (132:35): [True: 0, False: 0] ------------------ 133| 0| return 0; 134| | 135| | /* Check for allowed primitive/constructed values */ 136| 302| if (hdr->constructed && ------------------ | Branch (136:6): [True: 138, False: 164] ------------------ 137| 138| (hdr->tag == ASN1_TAG_BOOLEAN || ------------------ | | 13| 276|#define ASN1_TAG_BOOLEAN 0x01 ------------------ | Branch (137:7): [True: 0, False: 138] ------------------ 138| 138| hdr->tag == ASN1_TAG_INTEGER || ------------------ | | 14| 276|#define ASN1_TAG_INTEGER 0x02 ------------------ | Branch (138:7): [True: 0, False: 138] ------------------ 139| 138| hdr->tag == ASN1_TAG_NULL || ------------------ | | 17| 276|#define ASN1_TAG_NULL 0x05 ------------------ | Branch (139:7): [True: 0, False: 138] ------------------ 140| 138| hdr->tag == ASN1_TAG_OID || ------------------ | | 18| 276|#define ASN1_TAG_OID 0x06 ------------------ | Branch (140:7): [True: 0, False: 138] ------------------ 141| 138| hdr->tag == ANS1_TAG_RELATIVE_OID || ------------------ | | 25| 276|#define ANS1_TAG_RELATIVE_OID 0x0D ------------------ | Branch (141:7): [True: 4, False: 134] ------------------ 142| 134| hdr->tag == ASN1_TAG_REAL || ------------------ | | 21| 272|#define ASN1_TAG_REAL 0x09 /* not yet parsed */ ------------------ | Branch (142:7): [True: 0, False: 134] ------------------ 143| 134| hdr->tag == ASN1_TAG_ENUMERATED || ------------------ | | 22| 272|#define ASN1_TAG_ENUMERATED 0x0A /* not yet parsed */ ------------------ | Branch (143:7): [True: 0, False: 134] ------------------ 144| 134| hdr->tag == ASN1_TAG_BITSTRING || ------------------ | | 15| 272|#define ASN1_TAG_BITSTRING 0x03 ------------------ | Branch (144:7): [True: 0, False: 134] ------------------ 145| 134| hdr->tag == ASN1_TAG_OCTETSTRING || ------------------ | | 16| 272|#define ASN1_TAG_OCTETSTRING 0x04 ------------------ | Branch (145:7): [True: 0, False: 134] ------------------ 146| 134| hdr->tag == ASN1_TAG_NUMERICSTRING || ------------------ | | 29| 272|#define ASN1_TAG_NUMERICSTRING 0x12 /* not yet parsed */ ------------------ | Branch (146:7): [True: 0, False: 134] ------------------ 147| 134| hdr->tag == ASN1_TAG_PRINTABLESTRING || ------------------ | | 30| 272|#define ASN1_TAG_PRINTABLESTRING 0x13 ------------------ | Branch (147:7): [True: 0, False: 134] ------------------ 148| 134| hdr->tag == ASN1_TAG_T61STRING || ------------------ | | 31| 272|#define ASN1_TAG_T61STRING 0x14 /* not yet parsed */ ------------------ | Branch (148:7): [True: 0, False: 134] ------------------ 149| 134| hdr->tag == ASN1_TAG_VIDEOTEXSTRING || ------------------ | | 32| 272|#define ASN1_TAG_VIDEOTEXSTRING 0x15 /* not yet parsed */ ------------------ | Branch (149:7): [True: 0, False: 134] ------------------ 150| 134| hdr->tag == ASN1_TAG_VISIBLESTRING || ------------------ | | 37| 272|#define ASN1_TAG_VISIBLESTRING 0x1A ------------------ | Branch (150:7): [True: 0, False: 134] ------------------ 151| 134| hdr->tag == ASN1_TAG_IA5STRING || ------------------ | | 33| 272|#define ASN1_TAG_IA5STRING 0x16 ------------------ | Branch (151:7): [True: 0, False: 134] ------------------ 152| 134| hdr->tag == ASN1_TAG_GRAPHICSTRING || ------------------ | | 36| 272|#define ASN1_TAG_GRAPHICSTRING 0x19 /* not yet parsed */ ------------------ | Branch (152:7): [True: 0, False: 134] ------------------ 153| 134| hdr->tag == ASN1_TAG_GENERALSTRING || ------------------ | | 38| 272|#define ASN1_TAG_GENERALSTRING 0x1B /* not yet parsed */ ------------------ | Branch (153:7): [True: 0, False: 134] ------------------ 154| 134| hdr->tag == ASN1_TAG_UNIVERSALSTRING || ------------------ | | 39| 272|#define ASN1_TAG_UNIVERSALSTRING 0x1C /* not yet parsed */ ------------------ | Branch (154:7): [True: 0, False: 134] ------------------ 155| 134| hdr->tag == ASN1_TAG_UTF8STRING || ------------------ | | 24| 272|#define ASN1_TAG_UTF8STRING 0x0C /* not yet parsed */ ------------------ | Branch (155:7): [True: 0, False: 134] ------------------ 156| 134| hdr->tag == ASN1_TAG_BMPSTRING || ------------------ | | 41| 272|#define ASN1_TAG_BMPSTRING 0x1E /* not yet parsed */ ------------------ | Branch (156:7): [True: 0, False: 134] ------------------ 157| 134| hdr->tag == ASN1_TAG_CHARACTERSTRING || ------------------ | | 40| 272|#define ASN1_TAG_CHARACTERSTRING 0x1D /* not yet parsed */ ------------------ | Branch (157:7): [True: 0, False: 134] ------------------ 158| 134| hdr->tag == ASN1_TAG_UTCTIME || ------------------ | | 34| 272|#define ASN1_TAG_UTCTIME 0x17 ------------------ | Branch (158:7): [True: 0, False: 134] ------------------ 159| 134| hdr->tag == ASN1_TAG_GENERALIZEDTIME || ------------------ | | 35| 272|#define ASN1_TAG_GENERALIZEDTIME 0x18 /* not yet parsed */ ------------------ | Branch (159:7): [True: 0, False: 134] ------------------ 160| 134| hdr->tag == ASN1_TAG_TIME)) ------------------ | | 26| 134|#define ASN1_TAG_TIME 0x0E ------------------ | Branch (160:7): [True: 0, False: 134] ------------------ 161| 4| return 0; 162| 298| if (!hdr->constructed && ------------------ | Branch (162:6): [True: 164, False: 134] ------------------ 163| 164| (hdr->tag == ASN1_TAG_SEQUENCE || ------------------ | | 27| 328|#define ASN1_TAG_SEQUENCE 0x10 /* shall be constructed */ ------------------ | Branch (163:7): [True: 0, False: 164] ------------------ 164| 164| hdr->tag == ASN1_TAG_SET)) ------------------ | | 28| 164|#define ASN1_TAG_SET 0x11 ------------------ | Branch (164:7): [True: 0, False: 164] ------------------ 165| 0| return 0; 166| | 167| 298| return 1; 168| 298|} asn1.c:asn1_valid_der_boolean: 107| 2|{ 108| | /* Enforce DER requirements for a single way of encoding a BOOLEAN */ 109| 2| if (hdr->length != 1) { ------------------ | Branch (109:6): [True: 0, False: 2] ------------------ 110| 0| wpa_printf(MSG_DEBUG, "ASN.1: Unexpected BOOLEAN length (%u)", 111| 0| hdr->length); 112| 0| return 0; 113| 0| } 114| | 115| 2| if (hdr->payload[0] != 0 && hdr->payload[0] != 0xff) { ------------------ | Branch (115:6): [True: 2, False: 0] | Branch (115:30): [True: 0, False: 2] ------------------ 116| 0| wpa_printf(MSG_DEBUG, 117| 0| "ASN.1: Invalid BOOLEAN value 0x%x (DER requires 0 or 0xff)", 118| 0| hdr->payload[0]); 119| 0| return 0; 120| 0| } 121| | 122| 2| return 1; 123| 2|} tlsv1_cred.c:asn1_is_sequence: 113| 2|{ 114| 2| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 4|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (114:9): [True: 2, False: 0] ------------------ 115| 2| hdr->tag == ASN1_TAG_SEQUENCE; ------------------ | | 27| 4|#define ASN1_TAG_SEQUENCE 0x10 /* shall be constructed */ ------------------ | Branch (115:3): [True: 2, False: 0] ------------------ 116| 2|} tlsv1_cred.c:asn1_is_integer: 101| 4|{ 102| 4| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 8|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (102:9): [True: 4, False: 0] ------------------ 103| 4| hdr->tag == ASN1_TAG_INTEGER; ------------------ | | 14| 8|#define ASN1_TAG_INTEGER 0x02 ------------------ | Branch (103:3): [True: 4, False: 0] ------------------ 104| 4|} x509v3.c:asn1_is_sequence: 113| 96|{ 114| 96| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 192|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (114:9): [True: 96, False: 0] ------------------ 115| 96| hdr->tag == ASN1_TAG_SEQUENCE; ------------------ | | 27| 192|#define ASN1_TAG_SEQUENCE 0x10 /* shall be constructed */ ------------------ | Branch (115:3): [True: 96, False: 0] ------------------ 116| 96|} x509v3.c:asn1_is_set: 119| 30|{ 120| 30| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 60|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (120:9): [True: 30, False: 0] ------------------ 121| 30| hdr->tag == ASN1_TAG_SET; ------------------ | | 28| 60|#define ASN1_TAG_SET 0x11 ------------------ | Branch (121:3): [True: 30, False: 0] ------------------ 122| 30|} x509v3.c:asn1_is_string_type: 149| 30|{ 150| 30| if (hdr->class != ASN1_CLASS_UNIVERSAL || hdr->constructed) ------------------ | | 43| 60|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (150:6): [True: 0, False: 30] | Branch (150:44): [True: 0, False: 30] ------------------ 151| 0| return false; 152| 30| return hdr->tag == ASN1_TAG_UTF8STRING || ------------------ | | 24| 60|#define ASN1_TAG_UTF8STRING 0x0C /* not yet parsed */ ------------------ | Branch (152:9): [True: 22, False: 8] ------------------ 153| 8| hdr->tag == ASN1_TAG_NUMERICSTRING || ------------------ | | 29| 38|#define ASN1_TAG_NUMERICSTRING 0x12 /* not yet parsed */ ------------------ | Branch (153:3): [True: 0, False: 8] ------------------ 154| 8| hdr->tag == ASN1_TAG_PRINTABLESTRING || ------------------ | | 30| 38|#define ASN1_TAG_PRINTABLESTRING 0x13 ------------------ | Branch (154:3): [True: 8, False: 0] ------------------ 155| 0| hdr->tag == ASN1_TAG_T61STRING || ------------------ | | 31| 30|#define ASN1_TAG_T61STRING 0x14 /* not yet parsed */ ------------------ | Branch (155:3): [True: 0, False: 0] ------------------ 156| 0| hdr->tag == ASN1_TAG_VIDEOTEXSTRING || ------------------ | | 32| 30|#define ASN1_TAG_VIDEOTEXSTRING 0x15 /* not yet parsed */ ------------------ | Branch (156:3): [True: 0, False: 0] ------------------ 157| 0| hdr->tag == ASN1_TAG_IA5STRING || ------------------ | | 33| 30|#define ASN1_TAG_IA5STRING 0x16 ------------------ | Branch (157:3): [True: 0, False: 0] ------------------ 158| 0| hdr->tag == ASN1_TAG_GRAPHICSTRING || ------------------ | | 36| 30|#define ASN1_TAG_GRAPHICSTRING 0x19 /* not yet parsed */ ------------------ | Branch (158:3): [True: 0, False: 0] ------------------ 159| 0| hdr->tag == ASN1_TAG_VISIBLESTRING || ------------------ | | 37| 30|#define ASN1_TAG_VISIBLESTRING 0x1A ------------------ | Branch (159:3): [True: 0, False: 0] ------------------ 160| 0| hdr->tag == ASN1_TAG_GENERALSTRING || ------------------ | | 38| 30|#define ASN1_TAG_GENERALSTRING 0x1B /* not yet parsed */ ------------------ | Branch (160:3): [True: 0, False: 0] ------------------ 161| 0| hdr->tag == ASN1_TAG_UNIVERSALSTRING || ------------------ | | 39| 30|#define ASN1_TAG_UNIVERSALSTRING 0x1C /* not yet parsed */ ------------------ | Branch (161:3): [True: 0, False: 0] ------------------ 162| 0| hdr->tag == ASN1_TAG_CHARACTERSTRING || ------------------ | | 40| 30|#define ASN1_TAG_CHARACTERSTRING 0x1D /* not yet parsed */ ------------------ | Branch (162:3): [True: 0, False: 0] ------------------ 163| 0| hdr->tag == ASN1_TAG_BMPSTRING; ------------------ | | 41| 30|#define ASN1_TAG_BMPSTRING 0x1E /* not yet parsed */ ------------------ | Branch (163:3): [True: 0, False: 0] ------------------ 164| 30|} x509v3.c:asn1_is_cs_tag: 185| 4|{ 186| 4| return hdr->class == ASN1_CLASS_CONTEXT_SPECIFIC && ------------------ | | 45| 8|#define ASN1_CLASS_CONTEXT_SPECIFIC 2 ------------------ | Branch (186:9): [True: 4, False: 0] ------------------ 187| 4| hdr->tag == tag; ------------------ | Branch (187:3): [True: 4, False: 0] ------------------ 188| 4|} x509v3.c:asn1_is_integer: 101| 8|{ 102| 8| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 16|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (102:9): [True: 8, False: 0] ------------------ 103| 8| hdr->tag == ASN1_TAG_INTEGER; ------------------ | | 14| 16|#define ASN1_TAG_INTEGER 0x02 ------------------ | Branch (103:3): [True: 8, False: 0] ------------------ 104| 8|} x509v3.c:asn1_is_utctime: 137| 8|{ 138| 8| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 16|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (138:9): [True: 8, False: 0] ------------------ 139| 8| hdr->tag == ASN1_TAG_UTCTIME; ------------------ | | 34| 16|#define ASN1_TAG_UTCTIME 0x17 ------------------ | Branch (139:3): [True: 8, False: 0] ------------------ 140| 8|} x509v3.c:asn1_is_boolean: 95| 20|{ 96| 20| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 40|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (96:9): [True: 20, False: 0] ------------------ 97| 20| hdr->tag == ASN1_TAG_BOOLEAN; ------------------ | | 13| 40|#define ASN1_TAG_BOOLEAN 0x01 ------------------ | Branch (97:3): [True: 2, False: 18] ------------------ 98| 20|} x509v3.c:asn1_is_bitstring: 131| 8|{ 132| 8| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 16|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (132:9): [True: 8, False: 0] ------------------ 133| 8| hdr->tag == ASN1_TAG_BITSTRING; ------------------ | | 15| 16|#define ASN1_TAG_BITSTRING 0x03 ------------------ | Branch (133:3): [True: 8, False: 0] ------------------ 134| 8|} x509v3.c:asn1_is_octetstring: 125| 18|{ 126| 18| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 36|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (126:9): [True: 18, False: 0] ------------------ 127| 18| hdr->tag == ASN1_TAG_OCTETSTRING; ------------------ | | 16| 36|#define ASN1_TAG_OCTETSTRING 0x04 ------------------ | Branch (127:3): [True: 18, False: 0] ------------------ 128| 18|} asn1.c:asn1_is_oid: 89| 64|{ 90| 64| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 128|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (90:9): [True: 64, False: 0] ------------------ 91| 64| hdr->tag == ASN1_TAG_OID; ------------------ | | 18| 128|#define ASN1_TAG_OID 0x06 ------------------ | Branch (91:3): [True: 64, False: 0] ------------------ 92| 64|} pkcs8.c:asn1_is_sequence: 113| 4|{ 114| 4| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 8|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (114:9): [True: 4, False: 0] ------------------ 115| 4| hdr->tag == ASN1_TAG_SEQUENCE; ------------------ | | 27| 8|#define ASN1_TAG_SEQUENCE 0x10 /* shall be constructed */ ------------------ | Branch (115:3): [True: 4, False: 0] ------------------ 116| 4|} pkcs8.c:asn1_is_integer: 101| 2|{ 102| 2| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 4|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (102:9): [True: 2, False: 0] ------------------ 103| 2| hdr->tag == ASN1_TAG_INTEGER; ------------------ | | 14| 4|#define ASN1_TAG_INTEGER 0x02 ------------------ | Branch (103:3): [True: 2, False: 0] ------------------ 104| 2|} pkcs8.c:asn1_is_octetstring: 125| 2|{ 126| 2| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 4|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (126:9): [True: 2, False: 0] ------------------ 127| 2| hdr->tag == ASN1_TAG_OCTETSTRING; ------------------ | | 16| 4|#define ASN1_TAG_OCTETSTRING 0x04 ------------------ | Branch (127:3): [True: 2, False: 0] ------------------ 128| 2|} rsa.c:asn1_is_sequence: 113| 2|{ 114| 2| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 4|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (114:9): [True: 2, False: 0] ------------------ 115| 2| hdr->tag == ASN1_TAG_SEQUENCE; ------------------ | | 27| 4|#define ASN1_TAG_SEQUENCE 0x10 /* shall be constructed */ ------------------ | Branch (115:3): [True: 2, False: 0] ------------------ 116| 2|} rsa.c:asn1_is_integer: 101| 18|{ 102| 18| return hdr->class == ASN1_CLASS_UNIVERSAL && ------------------ | | 43| 36|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (102:9): [True: 18, False: 0] ------------------ 103| 18| hdr->tag == ASN1_TAG_INTEGER; ------------------ | | 14| 36|#define ASN1_TAG_INTEGER 0x02 ------------------ | Branch (103:3): [True: 18, False: 0] ------------------ 104| 18|} bignum_init: 31| 36|{ 32| 36| struct bignum *n = os_zalloc(sizeof(mp_int)); 33| 36| if (n == NULL) ------------------ | Branch (33:6): [True: 0, False: 36] ------------------ 34| 0| return NULL; 35| 36| if (mp_init((mp_int *) n) != MP_OKAY) { ------------------ | | 93| 36|#define MP_OKAY 0 /* ok result */ ------------------ | Branch (35:6): [True: 0, False: 36] ------------------ 36| 0| os_free(n); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 37| | n = NULL; 38| 0| } 39| 36| return n; 40| 36|} bignum_deinit: 48| 36|{ 49| 36| if (n) { ------------------ | Branch (49:6): [True: 36, False: 0] ------------------ 50| 36| mp_clear((mp_int *) n); 51| 36| os_free(n); ------------------ | | 511| 36|#define os_free(p) free((p)) ------------------ 52| 36| } 53| 36|} bignum_set_unsigned_bin: 100| 20|{ 101| 20| if (mp_read_unsigned_bin((mp_int *) n, (u8 *) buf, len) != MP_OKAY) { ------------------ | | 93| 20|#define MP_OKAY 0 /* ok result */ ------------------ | Branch (101:6): [True: 0, False: 20] ------------------ 102| 0| wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__); 103| 0| return -1; 104| 0| } 105| 20| return 0; 106| 20|} bignum_cmp_d: 128| 4|{ 129| 4| return mp_cmp_d((mp_int *) a, b); 130| 4|} bignum.c:mp_init: 368| 36|{ 369| 36| int i; 370| | 371| | /* allocate memory required and clear it */ 372| 36| a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * MP_PREC); ------------------ | | 79| 36|#define XMALLOC os_malloc | | ------------------ | | | | 505| 36|#define os_malloc(s) malloc((s)) | | ------------------ ------------------ 373| 36| if (a->dp == NULL) { ------------------ | Branch (373:7): [True: 0, False: 36] ------------------ 374| 0| return MP_MEM; ------------------ | | 94| 0|#define MP_MEM -2 /* out of mem */ ------------------ 375| 0| } 376| | 377| | /* set the digits to zero */ 378| 324| for (i = 0; i < MP_PREC; i++) { ------------------ | | 110| 324| #define MP_PREC 8 /* default digits of precision */ ------------------ | Branch (378:15): [True: 288, False: 36] ------------------ 379| 288| a->dp[i] = 0; 380| 288| } 381| | 382| | /* set the used to zero, allocated digits to the default precision 383| | * and sign to positive */ 384| 36| a->used = 0; 385| 36| a->alloc = MP_PREC; ------------------ | | 110| 36| #define MP_PREC 8 /* default digits of precision */ ------------------ 386| 36| a->sign = MP_ZPOS; ------------------ | | 90| 36|#define MP_ZPOS 0 /* positive integer */ ------------------ 387| | 388| 36| return MP_OKAY; ------------------ | | 93| 36|#define MP_OKAY 0 /* ok result */ ------------------ 389| 36|} bignum.c:mp_clear: 394| 36|{ 395| 36| int i; 396| | 397| | /* only do anything if a hasn't been freed previously */ 398| 36| if (a->dp != NULL) { ------------------ | Branch (398:7): [True: 36, False: 0] ------------------ 399| | /* first zero the digits */ 400| 356| for (i = 0; i < a->used; i++) { ------------------ | Branch (400:17): [True: 320, False: 36] ------------------ 401| 320| a->dp[i] = 0; 402| 320| } 403| | 404| | /* free ram */ 405| 36| XFREE(a->dp); ------------------ | | 80| 36|#define XFREE os_free | | ------------------ | | | | 511| 36|#define os_free(p) free((p)) | | ------------------ ------------------ 406| | 407| | /* reset members to make debugging easier */ 408| 36| a->dp = NULL; 409| 36| a->alloc = a->used = 0; 410| 36| a->sign = MP_ZPOS; ------------------ | | 90| 36|#define MP_ZPOS 0 /* positive integer */ ------------------ 411| 36| } 412| 36|} bignum.c:mp_grow: 1257| 18|{ 1258| 18| int i; 1259| 18| mp_digit *tmp; 1260| | 1261| | /* if the alloc size is smaller alloc more ram */ 1262| 18| if (a->alloc < size) { ------------------ | Branch (1262:7): [True: 18, False: 0] ------------------ 1263| | /* ensure there are always at least MP_PREC digits extra on top */ 1264| 18| size += (MP_PREC * 2) - (size % MP_PREC); ------------------ | | 110| 18| #define MP_PREC 8 /* default digits of precision */ ------------------ size += (MP_PREC * 2) - (size % MP_PREC); ------------------ | | 110| 18| #define MP_PREC 8 /* default digits of precision */ ------------------ 1265| | 1266| | /* reallocate the array a->dp 1267| | * 1268| | * We store the return in a temporary variable 1269| | * in case the operation failed we don't want 1270| | * to overwrite the dp member of a. 1271| | */ 1272| 18| tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * size); ------------------ | | 81| 18|#define XREALLOC os_realloc | | ------------------ | | | | 508| 18|#define os_realloc(p, s) realloc((p), (s)) | | ------------------ ------------------ 1273| 18| if (tmp == NULL) { ------------------ | Branch (1273:9): [True: 0, False: 18] ------------------ 1274| | /* reallocation failed but "a" is still valid [can be freed] */ 1275| 0| return MP_MEM; ------------------ | | 94| 0|#define MP_MEM -2 /* out of mem */ ------------------ 1276| 0| } 1277| | 1278| | /* reallocation succeeded so set a->dp */ 1279| 18| a->dp = tmp; 1280| | 1281| | /* zero excess digits */ 1282| 18| i = a->alloc; 1283| 18| a->alloc = size; 1284| 306| for (; i < a->alloc; i++) { ------------------ | Branch (1284:12): [True: 288, False: 18] ------------------ 1285| 288| a->dp[i] = 0; 1286| 288| } 1287| 18| } 1288| 18| return MP_OKAY; ------------------ | | 93| 18|#define MP_OKAY 0 /* ok result */ ------------------ 1289| 18|} bignum.c:mp_zero: 1106| 20|{ 1107| 20| int n; 1108| 20| mp_digit *tmp; 1109| | 1110| 20| a->sign = MP_ZPOS; ------------------ | | 90| 20|#define MP_ZPOS 0 /* positive integer */ ------------------ 1111| 20| a->used = 0; 1112| | 1113| 20| tmp = a->dp; 1114| 180| for (n = 0; n < a->alloc; n++) { ------------------ | Branch (1114:15): [True: 160, False: 20] ------------------ 1115| 160| *tmp++ = 0; 1116| 160| } 1117| 20|} bignum.c:mp_clamp: 1240| 2.34k|{ 1241| | /* decrease used while the most significant digit is 1242| | * zero. 1243| | */ 1244| 4.34k| while (a->used > 0 && a->dp[a->used - 1] == 0) { ------------------ | Branch (1244:10): [True: 4.31k, False: 34] | Branch (1244:25): [True: 2.00k, False: 2.31k] ------------------ 1245| 2.00k| --(a->used); 1246| 2.00k| } 1247| | 1248| | /* reset the sign flag if used == 0 */ 1249| 2.34k| if (a->used == 0) { ------------------ | Branch (1249:7): [True: 34, False: 2.31k] ------------------ 1250| 34| a->sign = MP_ZPOS; ------------------ | | 90| 34|#define MP_ZPOS 0 /* positive integer */ ------------------ 1251| 34| } 1252| 2.34k|} bignum.c:mp_read_unsigned_bin: 955| 20|{ 956| 20| int res; 957| | 958| | /* make sure there are at least two digits */ 959| 20| if (a->alloc < 2) { ------------------ | Branch (959:7): [True: 0, False: 20] ------------------ 960| 0| if ((res = mp_grow(a, 2)) != MP_OKAY) { ------------------ | | 93| 0|#define MP_OKAY 0 /* ok result */ ------------------ | Branch (960:10): [True: 0, False: 0] ------------------ 961| 0| return res; 962| 0| } 963| 0| } 964| | 965| | /* zero the int */ 966| 20| mp_zero (a); 967| | 968| | /* read the bytes in */ 969| 2.34k| while (c-- > 0) { ------------------ | Branch (969:10): [True: 2.32k, False: 20] ------------------ 970| 2.32k| if ((res = mp_mul_2d (a, 8, a)) != MP_OKAY) { ------------------ | | 93| 2.32k|#define MP_OKAY 0 /* ok result */ ------------------ | Branch (970:9): [True: 0, False: 2.32k] ------------------ 971| 0| return res; 972| 0| } 973| | 974| 2.32k|#ifndef MP_8BIT 975| 2.32k| a->dp[0] |= *b++; 976| 2.32k| a->used += 1; 977| |#else 978| | a->dp[0] = (*b & MP_MASK); 979| | a->dp[1] |= ((*b++ >> 7U) & 1); 980| | a->used += 2; 981| |#endif 982| 2.32k| } 983| 20| mp_clamp (a); 984| 20| return MP_OKAY; ------------------ | | 93| 20|#define MP_OKAY 0 /* ok result */ ------------------ 985| 20|} bignum.c:mp_mul_2d: 1377| 2.32k|{ 1378| 2.32k| mp_digit d; 1379| 2.32k| int res; 1380| | 1381| | /* copy */ 1382| 2.32k| if (a != c) { ------------------ | Branch (1382:7): [True: 0, False: 2.32k] ------------------ 1383| 0| if ((res = mp_copy (a, c)) != MP_OKAY) { ------------------ | | 93| 0|#define MP_OKAY 0 /* ok result */ ------------------ | Branch (1383:10): [True: 0, False: 0] ------------------ 1384| 0| return res; 1385| 0| } 1386| 0| } 1387| | 1388| 2.32k| if (c->alloc < (int)(c->used + b/DIGIT_BIT + 1)) { ------------------ | | 68| 2.32k|#define DIGIT_BIT 60 ------------------ | Branch (1388:7): [True: 18, False: 2.30k] ------------------ 1389| 18| if ((res = mp_grow (c, c->used + b / DIGIT_BIT + 1)) != MP_OKAY) { ------------------ | | 68| 18|#define DIGIT_BIT 60 ------------------ if ((res = mp_grow (c, c->used + b / DIGIT_BIT + 1)) != MP_OKAY) { ------------------ | | 93| 18|#define MP_OKAY 0 /* ok result */ ------------------ | Branch (1389:10): [True: 0, False: 18] ------------------ 1390| 0| return res; 1391| 0| } 1392| 18| } 1393| | 1394| | /* shift by as many digits in the bit count */ 1395| 2.32k| if (b >= (int)DIGIT_BIT) { ------------------ | | 68| 2.32k|#define DIGIT_BIT 60 ------------------ | Branch (1395:7): [True: 0, False: 2.32k] ------------------ 1396| 0| if ((res = mp_lshd (c, b / DIGIT_BIT)) != MP_OKAY) { ------------------ | | 68| 0|#define DIGIT_BIT 60 ------------------ if ((res = mp_lshd (c, b / DIGIT_BIT)) != MP_OKAY) { ------------------ | | 93| 0|#define MP_OKAY 0 /* ok result */ ------------------ | Branch (1396:9): [True: 0, False: 0] ------------------ 1397| 0| return res; 1398| 0| } 1399| 0| } 1400| | 1401| | /* shift any bit count < DIGIT_BIT */ 1402| 2.32k| d = (mp_digit) (b % DIGIT_BIT); ------------------ | | 68| 2.32k|#define DIGIT_BIT 60 ------------------ 1403| 2.32k| if (d != 0) { ------------------ | Branch (1403:7): [True: 2.32k, False: 0] ------------------ 1404| 2.32k| register mp_digit *tmpc, shift, mask, r, rr; 1405| 2.32k| register int x; 1406| | 1407| | /* bitmask for carries */ 1408| 2.32k| mask = (((mp_digit)1) << d) - 1; 1409| | 1410| | /* shift for msbs */ 1411| 2.32k| shift = DIGIT_BIT - d; ------------------ | | 68| 2.32k|#define DIGIT_BIT 60 ------------------ 1412| | 1413| | /* alias */ 1414| 2.32k| tmpc = c->dp; 1415| | 1416| | /* carry */ 1417| 2.32k| r = 0; 1418| 33.9k| for (x = 0; x < c->used; x++) { ------------------ | Branch (1418:17): [True: 31.5k, False: 2.32k] ------------------ 1419| | /* get the higher bits of the current word */ 1420| 31.5k| rr = (*tmpc >> shift) & mask; 1421| | 1422| | /* shift the current word and OR in the carry */ 1423| 31.5k| *tmpc = ((*tmpc << d) | r) & MP_MASK; ------------------ | | 84| 31.5k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 68| 31.5k|#define DIGIT_BIT 60 | | ------------------ ------------------ 1424| 31.5k| ++tmpc; 1425| | 1426| | /* set the carry to the carry bits of the current word */ 1427| 31.5k| r = rr; 1428| 31.5k| } 1429| | 1430| | /* set final carry */ 1431| 2.32k| if (r != 0) { ------------------ | Branch (1431:9): [True: 0, False: 2.32k] ------------------ 1432| 0| c->dp[(c->used)++] = r; 1433| 0| } 1434| 2.32k| } 1435| 2.32k| mp_clamp (c); 1436| 2.32k| return MP_OKAY; ------------------ | | 93| 2.32k|#define MP_OKAY 0 /* ok result */ ------------------ 1437| 2.32k|} bignum.c:mp_cmp_d: 701| 4|{ 702| | /* compare based on sign */ 703| 4| if (a->sign == MP_NEG) { ------------------ | | 91| 4|#define MP_NEG 1 /* negative */ ------------------ | Branch (703:7): [True: 0, False: 4] ------------------ 704| 0| return MP_LT; ------------------ | | 86| 0|#define MP_LT -1 /* less than */ ------------------ 705| 0| } 706| | 707| | /* compare based on magnitude */ 708| 4| if (a->used > 1) { ------------------ | Branch (708:7): [True: 0, False: 4] ------------------ 709| 0| return MP_GT; ------------------ | | 88| 0|#define MP_GT 1 /* greater than */ ------------------ 710| 0| } 711| | 712| | /* compare the only digit of a to b */ 713| 4| if (a->dp[0] > b) { ------------------ | Branch (713:7): [True: 0, False: 4] ------------------ 714| 0| return MP_GT; ------------------ | | 88| 0|#define MP_GT 1 /* greater than */ ------------------ 715| 4| } else if (a->dp[0] < b) { ------------------ | Branch (715:14): [True: 0, False: 4] ------------------ 716| 0| return MP_LT; ------------------ | | 86| 0|#define MP_LT -1 /* less than */ ------------------ 717| 4| } else { 718| 4| return MP_EQ; ------------------ | | 87| 4|#define MP_EQ 0 /* equal to */ ------------------ 719| 4| } 720| 4|} pkcs8_key_import: 20| 4|{ 21| 4| struct asn1_hdr hdr; 22| 4| const u8 *pos, *end; 23| 4| struct bignum *zero; 24| 4| struct asn1_oid oid; 25| 4| char obuf[80]; 26| | 27| | /* PKCS #8, Chapter 6 */ 28| | 29| | /* PrivateKeyInfo ::= SEQUENCE */ 30| 4| if (asn1_get_next(buf, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (30:6): [True: 2, False: 2] | Branch (30:43): [True: 0, False: 2] ------------------ 31| 2| asn1_unexpected(&hdr, 32| 2| "PKCS #8: Does not start with PKCS #8 header (SEQUENCE)"); 33| 2| return NULL; 34| 2| } 35| 2| pos = hdr.payload; 36| 2| end = pos + hdr.length; 37| | 38| | /* version Version (Version ::= INTEGER) */ 39| 2| if (asn1_get_next(pos, end - pos, &hdr) < 0 || !asn1_is_integer(&hdr)) { ------------------ | Branch (39:6): [True: 0, False: 2] | Branch (39:49): [True: 0, False: 2] ------------------ 40| 0| asn1_unexpected(&hdr, "PKCS #8: Expected INTEGER"); 41| 0| return NULL; 42| 0| } 43| | 44| 2| zero = bignum_init(); 45| 2| if (zero == NULL) ------------------ | Branch (45:6): [True: 0, False: 2] ------------------ 46| 0| return NULL; 47| | 48| 2| if (bignum_set_unsigned_bin(zero, hdr.payload, hdr.length) < 0) { ------------------ | Branch (48:6): [True: 0, False: 2] ------------------ 49| 0| wpa_printf(MSG_DEBUG, "PKCS #8: Failed to parse INTEGER"); 50| 0| bignum_deinit(zero); 51| 0| return NULL; 52| 0| } 53| 2| pos = hdr.payload + hdr.length; 54| | 55| 2| if (bignum_cmp_d(zero, 0) != 0) { ------------------ | Branch (55:6): [True: 0, False: 2] ------------------ 56| 0| wpa_printf(MSG_DEBUG, "PKCS #8: Expected zero INTEGER in the " 57| 0| "beginning of private key; not found; assume " 58| 0| "PKCS #8 not used"); 59| 0| bignum_deinit(zero); 60| 0| return NULL; 61| 0| } 62| 2| bignum_deinit(zero); 63| | 64| | /* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier 65| | * (PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier) */ 66| 2| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (66:6): [True: 0, False: 2] | Branch (66:43): [True: 0, False: 2] ------------------ 67| 0| asn1_unexpected(&hdr, 68| 0| "PKCS #8: Expected SEQUENCE (AlgorithmIdentifier); assume PKCS #8 not used"); 69| 0| return NULL; 70| 0| } 71| | 72| 2| if (asn1_get_oid(hdr.payload, hdr.length, &oid, &pos)) { ------------------ | Branch (72:6): [True: 0, False: 2] ------------------ 73| 0| wpa_printf(MSG_DEBUG, "PKCS #8: Failed to parse OID " 74| 0| "(algorithm); assume PKCS #8 not used"); 75| 0| return NULL; 76| 0| } 77| | 78| 2| asn1_oid_to_str(&oid, obuf, sizeof(obuf)); 79| 2| wpa_printf(MSG_DEBUG, "PKCS #8: algorithm=%s", obuf); 80| | 81| 2| if (oid.len != 7 || ------------------ | Branch (81:6): [True: 0, False: 2] ------------------ 82| 2| oid.oid[0] != 1 /* iso */ || ------------------ | Branch (82:6): [True: 0, False: 2] ------------------ 83| 2| oid.oid[1] != 2 /* member-body */ || ------------------ | Branch (83:6): [True: 0, False: 2] ------------------ 84| 2| oid.oid[2] != 840 /* us */ || ------------------ | Branch (84:6): [True: 0, False: 2] ------------------ 85| 2| oid.oid[3] != 113549 /* rsadsi */ || ------------------ | Branch (85:6): [True: 0, False: 2] ------------------ 86| 2| oid.oid[4] != 1 /* pkcs */ || ------------------ | Branch (86:6): [True: 0, False: 2] ------------------ 87| 2| oid.oid[5] != 1 /* pkcs-1 */ || ------------------ | Branch (87:6): [True: 0, False: 2] ------------------ 88| 2| oid.oid[6] != 1 /* rsaEncryption */) { ------------------ | Branch (88:6): [True: 0, False: 2] ------------------ 89| 0| wpa_printf(MSG_DEBUG, "PKCS #8: Unsupported private key " 90| 0| "algorithm %s", obuf); 91| 0| return NULL; 92| 0| } 93| | 94| 2| pos = hdr.payload + hdr.length; 95| | 96| | /* privateKey PrivateKey (PrivateKey ::= OCTET STRING) */ 97| 2| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (97:6): [True: 0, False: 2] ------------------ 98| 2| !asn1_is_octetstring(&hdr)) { ------------------ | Branch (98:6): [True: 0, False: 2] ------------------ 99| 0| asn1_unexpected(&hdr, 100| 0| "PKCS #8: Expected OCTETSTRING (privateKey)"); 101| 0| return NULL; 102| 0| } 103| 2| wpa_printf(MSG_DEBUG, "PKCS #8: Try to parse RSAPrivateKey"); 104| | 105| 2| return (struct crypto_private_key *) 106| 2| crypto_rsa_import_private_key(hdr.payload, hdr.length); 107| 2|} crypto_rsa_import_private_key: 145| 4|{ 146| 4| struct crypto_rsa_key *key; 147| 4| struct bignum *zero; 148| 4| struct asn1_hdr hdr; 149| 4| const u8 *pos, *end; 150| | 151| 4| key = os_zalloc(sizeof(*key)); 152| 4| if (key == NULL) ------------------ | Branch (152:6): [True: 0, False: 4] ------------------ 153| 0| return NULL; 154| | 155| 4| key->private_key = 1; 156| | 157| 4| key->n = bignum_init(); 158| 4| key->e = bignum_init(); 159| 4| key->d = bignum_init(); 160| 4| key->p = bignum_init(); 161| 4| key->q = bignum_init(); 162| 4| key->dmp1 = bignum_init(); 163| 4| key->dmq1 = bignum_init(); 164| 4| key->iqmp = bignum_init(); 165| | 166| 4| if (key->n == NULL || key->e == NULL || key->d == NULL || ------------------ | Branch (166:6): [True: 0, False: 4] | Branch (166:24): [True: 0, False: 4] | Branch (166:42): [True: 0, False: 4] ------------------ 167| 4| key->p == NULL || key->q == NULL || key->dmp1 == NULL || ------------------ | Branch (167:6): [True: 0, False: 4] | Branch (167:24): [True: 0, False: 4] | Branch (167:42): [True: 0, False: 4] ------------------ 168| 4| key->dmq1 == NULL || key->iqmp == NULL) { ------------------ | Branch (168:6): [True: 0, False: 4] | Branch (168:27): [True: 0, False: 4] ------------------ 169| 0| crypto_rsa_free(key); 170| 0| return NULL; 171| 0| } 172| | 173| | /* 174| | * PKCS #1, 7.2: 175| | * RSAPrivateKey ::= SEQUENCE { 176| | * version Version, 177| | * modulus INTEGER, -- n 178| | * publicExponent INTEGER, -- e 179| | * privateExponent INTEGER, -- d 180| | * prime1 INTEGER, -- p 181| | * prime2 INTEGER, -- q 182| | * exponent1 INTEGER, -- d mod (p-1) 183| | * exponent2 INTEGER, -- d mod (q-1) 184| | * coefficient INTEGER -- (inverse of q) mod p 185| | * } 186| | * 187| | * Version ::= INTEGER -- shall be 0 for this version of the standard 188| | */ 189| 4| if (asn1_get_next(buf, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (189:6): [True: 2, False: 2] | Branch (189:43): [True: 0, False: 2] ------------------ 190| 2| asn1_unexpected(&hdr, "RSA: Expected SEQUENCE (public key)"); 191| 2| goto error; 192| 2| } 193| 2| pos = hdr.payload; 194| 2| end = pos + hdr.length; 195| | 196| 2| zero = bignum_init(); 197| 2| if (zero == NULL) ------------------ | Branch (197:6): [True: 0, False: 2] ------------------ 198| 0| goto error; 199| 2| pos = crypto_rsa_parse_integer(pos, end, zero); 200| 2| if (pos == NULL || bignum_cmp_d(zero, 0) != 0) { ------------------ | Branch (200:6): [True: 0, False: 2] | Branch (200:21): [True: 0, False: 2] ------------------ 201| 0| wpa_printf(MSG_DEBUG, "RSA: Expected zero INTEGER in the " 202| 0| "beginning of private key; not found"); 203| 0| bignum_deinit(zero); 204| 0| goto error; 205| 0| } 206| 2| bignum_deinit(zero); 207| | 208| 2| pos = crypto_rsa_parse_integer(pos, end, key->n); 209| 2| pos = crypto_rsa_parse_integer(pos, end, key->e); 210| 2| pos = crypto_rsa_parse_integer(pos, end, key->d); 211| 2| pos = crypto_rsa_parse_integer(pos, end, key->p); 212| 2| pos = crypto_rsa_parse_integer(pos, end, key->q); 213| 2| pos = crypto_rsa_parse_integer(pos, end, key->dmp1); 214| 2| pos = crypto_rsa_parse_integer(pos, end, key->dmq1); 215| 2| pos = crypto_rsa_parse_integer(pos, end, key->iqmp); 216| | 217| 2| if (pos == NULL) ------------------ | Branch (217:6): [True: 0, False: 2] ------------------ 218| 0| goto error; 219| | 220| 2| if (pos != end) { ------------------ | Branch (220:6): [True: 0, False: 2] ------------------ 221| 0| wpa_hexdump(MSG_DEBUG, 222| 0| "RSA: Extra data in public key SEQUENCE", 223| 0| pos, end - pos); 224| 0| goto error; 225| 0| } 226| | 227| 2| return key; 228| | 229| 2|error: 230| 2| crypto_rsa_free(key); 231| | return NULL; 232| 2|} crypto_rsa_free: 354| 8|{ 355| 8| if (key) { ------------------ | Branch (355:6): [True: 4, False: 4] ------------------ 356| 4| bignum_deinit(key->n); 357| 4| bignum_deinit(key->e); 358| 4| bignum_deinit(key->d); 359| 4| bignum_deinit(key->p); 360| 4| bignum_deinit(key->q); 361| 4| bignum_deinit(key->dmp1); 362| 4| bignum_deinit(key->dmq1); 363| 4| bignum_deinit(key->iqmp); 364| 4| os_free(key); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 365| 4| } 366| 8|} rsa.c:crypto_rsa_parse_integer: 33| 18|{ 34| 18| struct asn1_hdr hdr; 35| | 36| 18| if (pos == NULL) ------------------ | Branch (36:6): [True: 0, False: 18] ------------------ 37| 0| return NULL; 38| | 39| 18| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (39:6): [True: 0, False: 18] ------------------ 40| 18| !asn1_is_integer(&hdr)) { ------------------ | Branch (40:6): [True: 0, False: 18] ------------------ 41| 0| asn1_unexpected(&hdr, "RSA: Expected INTEGER"); 42| 0| return NULL; 43| 0| } 44| | 45| 18| if (bignum_set_unsigned_bin(num, hdr.payload, hdr.length) < 0) { ------------------ | Branch (45:6): [True: 0, False: 18] ------------------ 46| 0| wpa_printf(MSG_DEBUG, "RSA: Failed to parse INTEGER"); 47| 0| return NULL; 48| 0| } 49| | 50| 18| return hdr.payload + hdr.length; 51| 18|} tlsv1_client_global_init: 443| 2|{ 444| 2| return crypto_global_init(); 445| 2|} tlsv1_client_global_deinit: 456| 2|{ 457| 2| crypto_global_deinit(); 458| 2|} tls_get_cipher_suite: 100| 2|{ 101| 2| size_t i; 102| 2| for (i = 0; i < NUM_TLS_CIPHER_SUITES; i++) ------------------ | | 73| 2|#define NUM_TLS_CIPHER_SUITES ARRAY_SIZE(tls_cipher_suites) | | ------------------ | | | | 607| 2|#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) | | ------------------ ------------------ | Branch (102:14): [True: 2, False: 0] ------------------ 103| 2| if (tls_cipher_suites[i].suite == suite) ------------------ | Branch (103:7): [True: 2, False: 0] ------------------ 104| 2| return &tls_cipher_suites[i]; 105| 0| return NULL; 106| 2|} tls_get_cipher_data: 110| 2|{ 111| 2| size_t i; 112| 2| for (i = 0; i < NUM_TLS_CIPHER_DATA; i++) ------------------ | | 91| 2|#define NUM_TLS_CIPHER_DATA ARRAY_SIZE(tls_ciphers) | | ------------------ | | | | 607| 2|#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) | | ------------------ ------------------ | Branch (112:14): [True: 2, False: 0] ------------------ 113| 2| if (tls_ciphers[i].cipher == cipher) ------------------ | Branch (113:7): [True: 2, False: 0] ------------------ 114| 2| return &tls_ciphers[i]; 115| 0| return NULL; 116| 2|} tls_verify_hash_init: 199| 2|{ 200| 2| tls_verify_hash_free(verify); 201| 2| verify->md5_client = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); 202| 2| verify->md5_server = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); 203| 2| verify->md5_cert = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); 204| 2| verify->sha1_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0); 205| 2| verify->sha1_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0); 206| 2| verify->sha1_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0); 207| 2| if (verify->md5_client == NULL || verify->md5_server == NULL || ------------------ | Branch (207:6): [True: 0, False: 2] | Branch (207:36): [True: 0, False: 2] ------------------ 208| 2| verify->md5_cert == NULL || verify->sha1_client == NULL || ------------------ | Branch (208:6): [True: 0, False: 2] | Branch (208:34): [True: 0, False: 2] ------------------ 209| 2| verify->sha1_server == NULL || verify->sha1_cert == NULL) { ------------------ | Branch (209:6): [True: 0, False: 2] | Branch (209:37): [True: 0, False: 2] ------------------ 210| 0| tls_verify_hash_free(verify); 211| 0| return -1; 212| 0| } 213| 2|#ifdef CONFIG_TLSV12 214| 2| verify->sha256_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 215| 2| 0); 216| 2| verify->sha256_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 217| 2| 0); 218| 2| verify->sha256_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 219| 2| 0); 220| 2| if (verify->sha256_client == NULL || verify->sha256_server == NULL || ------------------ | Branch (220:6): [True: 0, False: 2] | Branch (220:39): [True: 0, False: 2] ------------------ 221| 2| verify->sha256_cert == NULL) { ------------------ | Branch (221:6): [True: 0, False: 2] ------------------ 222| 0| tls_verify_hash_free(verify); 223| 0| return -1; 224| 0| } 225| 2|#endif /* CONFIG_TLSV12 */ 226| 2| return 0; 227| 2|} tls_verify_hash_free: 257| 4|{ 258| 4| crypto_hash_finish(verify->md5_client, NULL, NULL); 259| 4| crypto_hash_finish(verify->md5_server, NULL, NULL); 260| 4| crypto_hash_finish(verify->md5_cert, NULL, NULL); 261| 4| crypto_hash_finish(verify->sha1_client, NULL, NULL); 262| 4| crypto_hash_finish(verify->sha1_server, NULL, NULL); 263| 4| crypto_hash_finish(verify->sha1_cert, NULL, NULL); 264| 4| verify->md5_client = NULL; 265| 4| verify->md5_server = NULL; 266| 4| verify->md5_cert = NULL; 267| 4| verify->sha1_client = NULL; 268| 4| verify->sha1_server = NULL; 269| 4| verify->sha1_cert = NULL; 270| 4|#ifdef CONFIG_TLSV12 271| 4| crypto_hash_finish(verify->sha256_client, NULL, NULL); 272| 4| crypto_hash_finish(verify->sha256_server, NULL, NULL); 273| 4| crypto_hash_finish(verify->sha256_cert, NULL, NULL); 274| 4| verify->sha256_client = NULL; 275| 4| verify->sha256_server = NULL; 276| | verify->sha256_cert = NULL; 277| 4|#endif /* CONFIG_TLSV12 */ 278| 4|} tlsv1_cred_alloc: 22| 2|{ 23| 2| struct tlsv1_credentials *cred; 24| 2| cred = os_zalloc(sizeof(*cred)); 25| 2| return cred; 26| 2|} tlsv1_cred_free: 30| 4|{ 31| 4| if (cred == NULL) ------------------ | Branch (31:6): [True: 2, False: 2] ------------------ 32| 2| return; 33| | 34| 2| x509_certificate_chain_free(cred->trusted_certs); 35| 2| x509_certificate_chain_free(cred->cert); 36| 2| crypto_private_key_free(cred->key); 37| 2| os_free(cred->dh_p); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 38| 2| os_free(cred->dh_g); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 39| 2| os_free(cred->ocsp_stapling_response); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 40| 2| os_free(cred->ocsp_stapling_response_multi); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 41| 2| os_free(cred); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 42| 2|} tlsv1_set_ca_cert: 197| 2|{ 198| 2| if (cert && os_strncmp(cert, "hash://", 7) == 0) { ------------------ | | 559| 2|#define os_strncmp(s1, s2, n) strncmp((s1), (s2), (n)) ------------------ | Branch (198:6): [True: 2, False: 0] | Branch (198:14): [True: 0, False: 2] ------------------ 199| 0| const char *pos = cert + 7; 200| 0| if (os_strncmp(pos, "server/sha256/", 14) != 0) { ------------------ | | 559| 0|#define os_strncmp(s1, s2, n) strncmp((s1), (s2), (n)) ------------------ | Branch (200:7): [True: 0, False: 0] ------------------ 201| 0| wpa_printf(MSG_DEBUG, 202| 0| "TLSv1: Unsupported ca_cert hash value '%s'", 203| 0| cert); 204| 0| return -1; 205| 0| } 206| 0| pos += 14; 207| 0| if (os_strlen(pos) != 32 * 2) { ------------------ | | 536| 0|#define os_strlen(s) strlen(s) ------------------ | Branch (207:7): [True: 0, False: 0] ------------------ 208| 0| wpa_printf(MSG_DEBUG, 209| 0| "TLSv1: Unexpected SHA256 hash length in ca_cert '%s'", 210| 0| cert); 211| 0| return -1; 212| 0| } 213| 0| if (hexstr2bin(pos, cred->srv_cert_hash, 32) < 0) { ------------------ | Branch (213:7): [True: 0, False: 0] ------------------ 214| 0| wpa_printf(MSG_DEBUG, 215| 0| "TLSv1: Invalid SHA256 hash value in ca_cert '%s'", 216| 0| cert); 217| 0| return -1; 218| 0| } 219| 0| cred->server_cert_only = 1; 220| 0| cred->ca_cert_verify = 0; 221| 0| wpa_printf(MSG_DEBUG, 222| 0| "TLSv1: Checking only server certificate match"); 223| 0| return 0; 224| 0| } 225| | 226| 2| if (cert && os_strncmp(cert, "probe://", 8) == 0) { ------------------ | | 559| 2|#define os_strncmp(s1, s2, n) strncmp((s1), (s2), (n)) ------------------ | Branch (226:6): [True: 2, False: 0] | Branch (226:14): [True: 0, False: 2] ------------------ 227| 0| cred->cert_probe = 1; 228| 0| cred->ca_cert_verify = 0; 229| 0| wpa_printf(MSG_DEBUG, "TLSv1: Only probe server certificate"); 230| 0| return 0; 231| 0| } 232| | 233| 2| cred->ca_cert_verify = cert || cert_blob || path; ------------------ | Branch (233:25): [True: 2, False: 0] | Branch (233:33): [True: 0, False: 0] | Branch (233:46): [True: 0, False: 0] ------------------ 234| | 235| 2| if (tlsv1_set_cert_chain(&cred->trusted_certs, cert, ------------------ | Branch (235:6): [True: 0, False: 2] ------------------ 236| 2| cert_blob, cert_blob_len) < 0) 237| 0| return -1; 238| | 239| 2| if (path) { ------------------ | Branch (239:6): [True: 0, False: 2] ------------------ 240| | /* TODO: add support for reading number of certificate files */ 241| 0| wpa_printf(MSG_INFO, "TLSv1: Use of CA certificate directory " 242| 0| "not yet supported"); 243| 0| return -1; 244| 0| } 245| | 246| 2| return 0; 247| 2|} tlsv1_set_cert: 260| 2|{ 261| 2| return tlsv1_set_cert_chain(&cred->cert, cert, 262| 2| cert_blob, cert_blob_len); 263| 2|} tlsv1_set_private_key: 1041| 2|{ 1042| 2| crypto_private_key_free(cred->key); 1043| 2| cred->key = NULL; 1044| | 1045| 2| if (private_key_blob) ------------------ | Branch (1045:6): [True: 0, False: 2] ------------------ 1046| 0| return tlsv1_set_key(cred, private_key_blob, 1047| 0| private_key_blob_len, 1048| 0| private_key_passwd); 1049| | 1050| 2| if (private_key) { ------------------ | Branch (1050:6): [True: 2, False: 0] ------------------ 1051| 2| u8 *buf; 1052| 2| size_t len; 1053| 2| int ret; 1054| | 1055| 2| buf = (u8 *) os_readfile(private_key, &len); 1056| 2| if (buf == NULL) { ------------------ | Branch (1056:7): [True: 0, False: 2] ------------------ 1057| 0| wpa_printf(MSG_INFO, "TLSv1: Failed to read '%s'", 1058| 0| private_key); 1059| 0| return -1; 1060| 0| } 1061| | 1062| 2| ret = tlsv1_set_key(cred, buf, len, private_key_passwd); 1063| 2| os_free(buf); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 1064| 2| return ret; 1065| 2| } 1066| | 1067| 0| return 0; 1068| 2|} tlsv1_set_dhparams: 1190| 2|{ 1191| 2| if (dh_blob) ------------------ | Branch (1191:6): [True: 0, False: 2] ------------------ 1192| 0| return tlsv1_set_dhparams_blob(cred, dh_blob, dh_blob_len); 1193| | 1194| 2| if (dh_file) { ------------------ | Branch (1194:6): [True: 2, False: 0] ------------------ 1195| 2| u8 *buf; 1196| 2| size_t len; 1197| 2| int ret; 1198| | 1199| 2| buf = (u8 *) os_readfile(dh_file, &len); 1200| 2| if (buf == NULL) { ------------------ | Branch (1200:7): [True: 0, False: 2] ------------------ 1201| 0| wpa_printf(MSG_INFO, "TLSv1: Failed to read '%s'", 1202| 0| dh_file); 1203| 0| return -1; 1204| 0| } 1205| | 1206| 2| ret = tlsv1_set_dhparams_blob(cred, buf, len); 1207| 2| os_free(buf); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 1208| 2| return ret; 1209| 2| } 1210| | 1211| 0| return 0; 1212| 2|} tlsv1_cred.c:tlsv1_set_cert_chain: 160| 4|{ 161| 4| if (cert_blob) ------------------ | Branch (161:6): [True: 0, False: 4] ------------------ 162| 0| return tlsv1_add_cert(chain, cert_blob, cert_blob_len); 163| | 164| 4| if (cert) { ------------------ | Branch (164:6): [True: 4, False: 0] ------------------ 165| 4| u8 *buf; 166| 4| size_t len; 167| 4| int ret; 168| | 169| 4| buf = (u8 *) os_readfile(cert, &len); 170| 4| if (buf == NULL) { ------------------ | Branch (170:7): [True: 0, False: 4] ------------------ 171| 0| wpa_printf(MSG_INFO, "TLSv1: Failed to read '%s'", 172| 0| cert); 173| 0| return -1; 174| 0| } 175| | 176| 4| ret = tlsv1_add_cert(chain, buf, len); 177| 4| os_free(buf); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 178| 4| return ret; 179| 4| } 180| | 181| 0| return 0; 182| 4|} tlsv1_cred.c:tlsv1_add_cert: 109| 4|{ 110| 4| const u8 *pos, *end; 111| 4| unsigned char *der; 112| 4| size_t der_len; 113| | 114| 4| pos = search_tag(pem_cert_begin, buf, len); 115| 4| if (!pos) { ------------------ | Branch (115:6): [True: 0, False: 4] ------------------ 116| 0| wpa_printf(MSG_DEBUG, "TLSv1: No PEM certificate tag found - " 117| 0| "assume DER format"); 118| 0| return tlsv1_add_cert_der(chain, buf, len); 119| 0| } 120| | 121| 4| wpa_printf(MSG_DEBUG, "TLSv1: Converting PEM format certificate into " 122| 4| "DER format"); 123| | 124| 8| while (pos) { ------------------ | Branch (124:9): [True: 4, False: 4] ------------------ 125| 4| pos += os_strlen(pem_cert_begin); ------------------ | | 536| 4|#define os_strlen(s) strlen(s) ------------------ 126| 4| end = search_tag(pem_cert_end, pos, buf + len - pos); 127| 4| if (end == NULL) { ------------------ | Branch (127:7): [True: 0, False: 4] ------------------ 128| 0| wpa_printf(MSG_INFO, "TLSv1: Could not find PEM " 129| 0| "certificate end tag (%s)", pem_cert_end); 130| 0| return -1; 131| 0| } 132| | 133| 4| der = base64_decode((const char *) pos, end - pos, &der_len); 134| 4| if (der == NULL) { ------------------ | Branch (134:7): [True: 0, False: 4] ------------------ 135| 0| wpa_printf(MSG_INFO, "TLSv1: Could not decode PEM " 136| 0| "certificate"); 137| 0| return -1; 138| 0| } 139| | 140| 4| if (tlsv1_add_cert_der(chain, der, der_len) < 0) { ------------------ | Branch (140:7): [True: 0, False: 4] ------------------ 141| 0| wpa_printf(MSG_INFO, "TLSv1: Failed to parse PEM " 142| 0| "certificate after DER conversion"); 143| 0| os_free(der); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 144| 0| return -1; 145| 0| } 146| | 147| 4| os_free(der); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 148| | 149| 4| end += os_strlen(pem_cert_end); ------------------ | | 536| 4|#define os_strlen(s) strlen(s) ------------------ 150| 4| pos = search_tag(pem_cert_begin, end, buf + len - end); 151| 4| } 152| | 153| 4| return 0; 154| 4|} tlsv1_cred.c:search_tag: 91| 22|{ 92| 22| size_t i, plen; 93| | 94| 22| plen = os_strlen(tag); ------------------ | | 536| 22|#define os_strlen(s) strlen(s) ------------------ 95| 22| if (len < plen) ------------------ | Branch (95:6): [True: 4, False: 18] ------------------ 96| 4| return NULL; 97| | 98| 25.0k| for (i = 0; i < len - plen; i++) { ------------------ | Branch (98:14): [True: 25.0k, False: 2] ------------------ 99| 25.0k| if (os_memcmp(buf + i, tag, plen) == 0) ------------------ | | 532| 25.0k|#define os_memcmp(s1, s2, n) memcmp((s1), (s2), (n)) ------------------ | Branch (99:7): [True: 16, False: 25.0k] ------------------ 100| 16| return buf + i; 101| 25.0k| } 102| | 103| 2| return NULL; 104| 18|} tlsv1_cred.c:tlsv1_add_cert_der: 47| 4|{ 48| 4| struct x509_certificate *cert, *p; 49| 4| char name[128]; 50| | 51| 4| cert = x509_certificate_parse(buf, len); 52| 4| if (cert == NULL) { ------------------ | Branch (52:6): [True: 0, False: 4] ------------------ 53| 0| wpa_printf(MSG_INFO, "TLSv1: %s - failed to parse certificate", 54| 0| __func__); 55| 0| return -1; 56| 0| } 57| | 58| 4| p = *chain; 59| 4| while (p && p->next) ------------------ | Branch (59:9): [True: 0, False: 4] | Branch (59:14): [True: 0, False: 0] ------------------ 60| 0| p = p->next; 61| 4| if (p && x509_name_compare(&cert->subject, &p->issuer) == 0) { ------------------ | Branch (61:6): [True: 0, False: 4] | Branch (61:11): [True: 0, False: 0] ------------------ 62| | /* 63| | * The new certificate is the issuer of the last certificate in 64| | * the chain - add the new certificate to the end. 65| | */ 66| 0| p->next = cert; 67| 4| } else { 68| | /* Add to the beginning of the chain */ 69| 4| cert->next = *chain; 70| 4| *chain = cert; 71| 4| } 72| | 73| 4| x509_name_string(&cert->subject, name, sizeof(name)); 74| 4| wpa_printf(MSG_DEBUG, "TLSv1: Added certificate: %s", name); 75| | 76| 4| return 0; 77| 4|} tlsv1_cred.c:tlsv1_set_key: 1008| 2|{ 1009| 2| cred->key = crypto_private_key_import(key, len, passwd); 1010| 2| if (cred->key == NULL) ------------------ | Branch (1010:6): [True: 2, False: 0] ------------------ 1011| 2| cred->key = tlsv1_set_key_pem(key, len); 1012| 2| if (cred->key == NULL) ------------------ | Branch (1012:6): [True: 0, False: 2] ------------------ 1013| 0| cred->key = tlsv1_set_key_enc_pem(key, len, passwd); 1014| |#ifdef PKCS12_FUNCS 1015| | if (!cred->key) 1016| | pkcs12_parse(cred, key, len, passwd); 1017| |#endif /* PKCS12_FUNCS */ 1018| 2| if (cred->key == NULL) { ------------------ | Branch (1018:6): [True: 0, False: 2] ------------------ 1019| 0| wpa_printf(MSG_INFO, "TLSv1: Failed to parse private key"); 1020| 0| return -1; 1021| 0| } 1022| 2| return 0; 1023| 2|} tlsv1_cred.c:tlsv1_set_key_pem: 267| 2|{ 268| 2| const u8 *pos, *end; 269| 2| unsigned char *der; 270| 2| size_t der_len; 271| 2| struct crypto_private_key *pkey; 272| | 273| 2| pos = search_tag(pem_key_begin, key, len); 274| 2| if (!pos) { ------------------ | Branch (274:6): [True: 2, False: 0] ------------------ 275| 2| pos = search_tag(pem_key2_begin, key, len); 276| 2| if (!pos) ------------------ | Branch (276:7): [True: 0, False: 2] ------------------ 277| 0| return NULL; 278| 2| pos += os_strlen(pem_key2_begin); ------------------ | | 536| 2|#define os_strlen(s) strlen(s) ------------------ 279| 2| end = search_tag(pem_key2_end, pos, key + len - pos); 280| 2| if (!end) ------------------ | Branch (280:7): [True: 0, False: 2] ------------------ 281| 0| return NULL; 282| 2| } else { 283| 0| const u8 *pos2; 284| 0| pos += os_strlen(pem_key_begin); ------------------ | | 536| 0|#define os_strlen(s) strlen(s) ------------------ 285| 0| end = search_tag(pem_key_end, pos, key + len - pos); 286| 0| if (!end) ------------------ | Branch (286:7): [True: 0, False: 0] ------------------ 287| 0| return NULL; 288| 0| pos2 = search_tag("Proc-Type: 4,ENCRYPTED", pos, end - pos); 289| 0| if (pos2) { ------------------ | Branch (289:7): [True: 0, False: 0] ------------------ 290| 0| wpa_printf(MSG_DEBUG, "TLSv1: Unsupported private key " 291| 0| "format (Proc-Type/DEK-Info)"); 292| 0| return NULL; 293| 0| } 294| 0| } 295| | 296| 2| der = base64_decode((const char *) pos, end - pos, &der_len); 297| 2| if (!der) ------------------ | Branch (297:6): [True: 0, False: 2] ------------------ 298| 0| return NULL; 299| 2| pkey = crypto_private_key_import(der, der_len, NULL); 300| 2| os_free(der); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 301| 2| return pkey; 302| 2|} tlsv1_cred.c:tlsv1_set_dhparams_blob: 1138| 2|{ 1139| 2| const u8 *pos, *end; 1140| 2| unsigned char *der; 1141| 2| size_t der_len; 1142| | 1143| 2| pos = search_tag(pem_dhparams_begin, buf, len); 1144| 2| if (!pos) { ------------------ | Branch (1144:6): [True: 0, False: 2] ------------------ 1145| 0| wpa_printf(MSG_DEBUG, "TLSv1: No PEM dhparams tag found - " 1146| 0| "assume DER format"); 1147| 0| return tlsv1_set_dhparams_der(cred, buf, len); 1148| 0| } 1149| | 1150| 2| wpa_printf(MSG_DEBUG, "TLSv1: Converting PEM format dhparams into DER " 1151| 2| "format"); 1152| | 1153| 2| pos += os_strlen(pem_dhparams_begin); ------------------ | | 536| 2|#define os_strlen(s) strlen(s) ------------------ 1154| 2| end = search_tag(pem_dhparams_end, pos, buf + len - pos); 1155| 2| if (end == NULL) { ------------------ | Branch (1155:6): [True: 0, False: 2] ------------------ 1156| 0| wpa_printf(MSG_INFO, "TLSv1: Could not find PEM dhparams end " 1157| 0| "tag (%s)", pem_dhparams_end); 1158| 0| return -1; 1159| 0| } 1160| | 1161| 2| der = base64_decode((const char *) pos, end - pos, &der_len); 1162| 2| if (der == NULL) { ------------------ | Branch (1162:6): [True: 0, False: 2] ------------------ 1163| 0| wpa_printf(MSG_INFO, "TLSv1: Could not decode PEM dhparams"); 1164| 0| return -1; 1165| 0| } 1166| | 1167| 2| if (tlsv1_set_dhparams_der(cred, der, der_len) < 0) { ------------------ | Branch (1167:6): [True: 0, False: 2] ------------------ 1168| 0| wpa_printf(MSG_INFO, "TLSv1: Failed to parse PEM dhparams " 1169| 0| "DER conversion"); 1170| 0| os_free(der); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 1171| 0| return -1; 1172| 0| } 1173| | 1174| 2| os_free(der); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 1175| | 1176| 2| return 0; 1177| 2|} tlsv1_cred.c:tlsv1_set_dhparams_der: 1073| 2|{ 1074| 2| struct asn1_hdr hdr; 1075| 2| const u8 *pos, *end; 1076| | 1077| 2| pos = dh; 1078| 2| end = dh + len; 1079| | 1080| | /* 1081| | * DHParameter ::= SEQUENCE { 1082| | * prime INTEGER, -- p 1083| | * base INTEGER, -- g 1084| | * privateValueLength INTEGER OPTIONAL } 1085| | */ 1086| | 1087| | /* DHParamer ::= SEQUENCE */ 1088| 2| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (1088:6): [True: 0, False: 2] | Branch (1088:43): [True: 0, False: 2] ------------------ 1089| 0| asn1_unexpected(&hdr, 1090| 0| "DH: DH parameters did not start with a valid SEQUENCE"); 1091| 0| return -1; 1092| 0| } 1093| 2| pos = hdr.payload; 1094| | 1095| | /* prime INTEGER */ 1096| 2| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1096:6): [True: 0, False: 2] ------------------ 1097| 2| !asn1_is_integer(&hdr)) { ------------------ | Branch (1097:6): [True: 0, False: 2] ------------------ 1098| 0| asn1_unexpected(&hdr, "DH: No INTEGER tag found for p"); 1099| 0| return -1; 1100| 0| } 1101| | 1102| 2| wpa_hexdump(MSG_MSGDUMP, "DH: prime (p)", hdr.payload, hdr.length); 1103| 2| if (hdr.length == 0) ------------------ | Branch (1103:6): [True: 0, False: 2] ------------------ 1104| 0| return -1; 1105| 2| os_free(cred->dh_p); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 1106| 2| cred->dh_p = os_memdup(hdr.payload, hdr.length); 1107| 2| if (cred->dh_p == NULL) ------------------ | Branch (1107:6): [True: 0, False: 2] ------------------ 1108| 0| return -1; 1109| 2| cred->dh_p_len = hdr.length; 1110| 2| pos = hdr.payload + hdr.length; 1111| | 1112| | /* base INTEGER */ 1113| 2| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1113:6): [True: 0, False: 2] ------------------ 1114| 2| !asn1_is_integer(&hdr)) { ------------------ | Branch (1114:6): [True: 0, False: 2] ------------------ 1115| 0| asn1_unexpected(&hdr, "DH: No INTEGER tag found for g"); 1116| 0| return -1; 1117| 0| } 1118| | 1119| 2| wpa_hexdump(MSG_MSGDUMP, "DH: base (g)", hdr.payload, hdr.length); 1120| 2| if (hdr.length == 0) ------------------ | Branch (1120:6): [True: 0, False: 2] ------------------ 1121| 0| return -1; 1122| 2| os_free(cred->dh_g); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 1123| 2| cred->dh_g = os_memdup(hdr.payload, hdr.length); 1124| 2| if (cred->dh_g == NULL) ------------------ | Branch (1124:6): [True: 0, False: 2] ------------------ 1125| 0| return -1; 1126| 2| cred->dh_g_len = hdr.length; 1127| | 1128| 2| return 0; 1129| 2|} tlsv1_record_set_cipher_suite: 32| 2|{ 33| 2| const struct tls_cipher_suite *suite; 34| 2| const struct tls_cipher_data *data; 35| | 36| 2| wpa_printf(MSG_DEBUG, "TLSv1: Selected cipher suite: 0x%04x", 37| 2| cipher_suite); 38| 2| rl->cipher_suite = cipher_suite; 39| | 40| 2| suite = tls_get_cipher_suite(cipher_suite); 41| 2| if (suite == NULL) ------------------ | Branch (41:6): [True: 0, False: 2] ------------------ 42| 0| return -1; 43| | 44| 2| if (suite->hash == TLS_HASH_MD5) { ------------------ | Branch (44:6): [True: 0, False: 2] ------------------ 45| 0| rl->hash_alg = CRYPTO_HASH_ALG_HMAC_MD5; 46| 0| rl->hash_size = MD5_MAC_LEN; ------------------ | | 12| 0|#define MD5_MAC_LEN 16 ------------------ 47| 2| } else if (suite->hash == TLS_HASH_SHA) { ------------------ | Branch (47:13): [True: 0, False: 2] ------------------ 48| 0| rl->hash_alg = CRYPTO_HASH_ALG_HMAC_SHA1; 49| 0| rl->hash_size = SHA1_MAC_LEN; ------------------ | | 12| 0|#define SHA1_MAC_LEN 20 ------------------ 50| 2| } else if (suite->hash == TLS_HASH_SHA256) { ------------------ | Branch (50:13): [True: 0, False: 2] ------------------ 51| 0| rl->hash_alg = CRYPTO_HASH_ALG_HMAC_SHA256; 52| 0| rl->hash_size = SHA256_MAC_LEN; ------------------ | | 12| 0|#define SHA256_MAC_LEN 32 ------------------ 53| 0| } 54| | 55| 2| data = tls_get_cipher_data(suite->cipher); 56| 2| if (data == NULL) ------------------ | Branch (56:6): [True: 0, False: 2] ------------------ 57| 0| return -1; 58| | 59| 2| rl->key_material_len = data->key_material; 60| 2| rl->iv_size = data->block_size; 61| 2| rl->cipher_alg = data->alg; 62| | 63| 2| return 0; 64| 2|} tlsv1_record_change_write_cipher: 76| 2|{ 77| 2| wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - New write cipher suite " 78| 2| "0x%04x", rl->cipher_suite); 79| 2| rl->write_cipher_suite = rl->cipher_suite; 80| 2| os_memset(rl->write_seq_num, 0, TLS_SEQ_NUM_LEN); ------------------ | | 529| 2|#define os_memset(s, c, n) memset(s, c, n) ------------------ 81| | 82| 2| if (rl->write_cbc) { ------------------ | Branch (82:6): [True: 0, False: 2] ------------------ 83| 0| crypto_cipher_deinit(rl->write_cbc); 84| 0| rl->write_cbc = NULL; 85| 0| } 86| 2| if (rl->cipher_alg != CRYPTO_CIPHER_NULL) { ------------------ | Branch (86:6): [True: 0, False: 2] ------------------ 87| 0| rl->write_cbc = crypto_cipher_init(rl->cipher_alg, 88| 0| rl->write_iv, rl->write_key, 89| 0| rl->key_material_len); 90| 0| if (rl->write_cbc == NULL) { ------------------ | Branch (90:7): [True: 0, False: 0] ------------------ 91| 0| wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize " 92| 0| "cipher"); 93| 0| return -1; 94| 0| } 95| 0| } 96| | 97| 2| return 0; 98| 2|} tlsv1_record_change_read_cipher: 110| 2|{ 111| 2| wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - New read cipher suite " 112| 2| "0x%04x", rl->cipher_suite); 113| 2| rl->read_cipher_suite = rl->cipher_suite; 114| 2| os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN); ------------------ | | 529| 2|#define os_memset(s, c, n) memset(s, c, n) ------------------ 115| | 116| 2| if (rl->read_cbc) { ------------------ | Branch (116:6): [True: 0, False: 2] ------------------ 117| 0| crypto_cipher_deinit(rl->read_cbc); 118| 0| rl->read_cbc = NULL; 119| 0| } 120| 2| if (rl->cipher_alg != CRYPTO_CIPHER_NULL) { ------------------ | Branch (120:6): [True: 0, False: 2] ------------------ 121| 0| rl->read_cbc = crypto_cipher_init(rl->cipher_alg, 122| 0| rl->read_iv, rl->read_key, 123| 0| rl->key_material_len); 124| 0| if (rl->read_cbc == NULL) { ------------------ | Branch (124:7): [True: 0, False: 0] ------------------ 125| 0| wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize " 126| 0| "cipher"); 127| 0| return -1; 128| 0| } 129| 0| } 130| | 131| 2| return 0; 132| 2|} tlsv1_server_global_init: 354| 2|{ 355| 2| return crypto_global_init(); 356| 2|} tlsv1_server_global_deinit: 367| 2|{ 368| 2| crypto_global_deinit(); 369| 2|} tlsv1_server_init: 378| 2|{ 379| 2| struct tlsv1_server *conn; 380| 2| size_t count; 381| 2| u16 *suites; 382| | 383| 2| conn = os_zalloc(sizeof(*conn)); 384| 2| if (conn == NULL) ------------------ | Branch (384:6): [True: 0, False: 2] ------------------ 385| 0| return NULL; 386| | 387| 2| conn->cred = cred; 388| | 389| 2| conn->state = CLIENT_HELLO; 390| | 391| 2| if (tls_verify_hash_init(&conn->verify) < 0) { ------------------ | Branch (391:6): [True: 0, False: 2] ------------------ 392| 0| wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize verify " 393| 0| "hash"); 394| 0| os_free(conn); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 395| 0| return NULL; 396| 0| } 397| | 398| 2| count = 0; 399| 2| suites = conn->cipher_suites; 400| 2| suites[count++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; ------------------ | | 100| 2|#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B /* RFC 5246 */ ------------------ 401| 2| suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA256; ------------------ | | 92| 2|#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D /* RFC 5246 */ ------------------ 402| 2| suites[count++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; ------------------ | | 88| 2|#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* RFC 3268 */ ------------------ 403| 2| suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA; ------------------ | | 84| 2|#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* RFC 3268 */ ------------------ 404| 2| suites[count++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; ------------------ | | 96| 2|#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 /* RFC 5246 */ ------------------ 405| 2| suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256; ------------------ | | 91| 2|#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C /* RFC 5246 */ ------------------ 406| 2| suites[count++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; ------------------ | | 82| 2|#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 /* RFC 3268 */ ------------------ 407| 2| suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA; ------------------ | | 78| 2|#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* RFC 3268 */ ------------------ 408| 2| suites[count++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; ------------------ | | 72| 2|#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 /* RFC 2246 */ ------------------ 409| 2| suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA; ------------------ | | 60| 2|#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* RFC 2246 */ ------------------ 410| 2| suites[count++] = TLS_RSA_WITH_RC4_128_SHA; ------------------ | | 55| 2|#define TLS_RSA_WITH_RC4_128_SHA 0x0005 /* RFC 2246 */ ------------------ 411| 2| suites[count++] = TLS_RSA_WITH_RC4_128_MD5; ------------------ | | 54| 2|#define TLS_RSA_WITH_RC4_128_MD5 0x0004 /* RFC 2246 */ ------------------ 412| 2| conn->num_cipher_suites = count; 413| | 414| 2| return conn; 415| 2|} tlsv1_server_deinit: 444| 2|{ 445| 2| tlsv1_server_clear_data(conn); 446| 2| os_free(conn); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 447| 2|} tlsv1_server.c:tlsv1_server_clear_data: 419| 2|{ 420| 2| tlsv1_record_set_cipher_suite(&conn->rl, TLS_NULL_WITH_NULL_NULL); ------------------ | | 50| 2|#define TLS_NULL_WITH_NULL_NULL 0x0000 /* RFC 2246 */ ------------------ 421| 2| tlsv1_record_change_write_cipher(&conn->rl); 422| 2| tlsv1_record_change_read_cipher(&conn->rl); 423| 2| tls_verify_hash_free(&conn->verify); 424| | 425| 2| crypto_public_key_free(conn->client_rsa_key); 426| 2| conn->client_rsa_key = NULL; 427| | 428| 2| os_free(conn->session_ticket); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 429| 2| conn->session_ticket = NULL; 430| 2| conn->session_ticket_len = 0; 431| 2| conn->use_session_ticket = 0; 432| | 433| 2| os_free(conn->dh_secret); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 434| | conn->dh_secret = NULL; 435| 2| conn->dh_secret_len = 0; 436| 2|} x509_free_name: 18| 8|{ 19| 8| size_t i; 20| | 21| 38| for (i = 0; i < name->num_attr; i++) { ------------------ | Branch (21:14): [True: 30, False: 8] ------------------ 22| 30| os_free(name->attr[i].value); ------------------ | | 511| 30|#define os_free(p) free((p)) ------------------ 23| 30| name->attr[i].value = NULL; 24| 30| name->attr[i].type = X509_NAME_ATTR_NOT_USED; 25| 30| } 26| 8| name->num_attr = 0; 27| 8| os_free(name->email); ------------------ | | 511| 8|#define os_free(p) free((p)) ------------------ 28| 8| name->email = NULL; 29| | 30| 8| os_free(name->alt_email); ------------------ | | 511| 8|#define os_free(p) free((p)) ------------------ 31| 8| os_free(name->dns); ------------------ | | 511| 8|#define os_free(p) free((p)) ------------------ 32| 8| os_free(name->uri); ------------------ | | 511| 8|#define os_free(p) free((p)) ------------------ 33| 8| os_free(name->ip); ------------------ | | 511| 8|#define os_free(p) free((p)) ------------------ 34| 8| name->alt_email = name->dns = name->uri = NULL; 35| 8| name->ip = NULL; 36| 8| name->ip_len = 0; 37| 8| os_memset(&name->rid, 0, sizeof(name->rid)); ------------------ | | 529| 8|#define os_memset(s, c, n) memset(s, c, n) ------------------ 38| 8|} x509_certificate_free: 46| 4|{ 47| 4| if (cert == NULL) ------------------ | Branch (47:6): [True: 0, False: 4] ------------------ 48| 0| return; 49| 4| if (cert->next) { ------------------ | Branch (49:6): [True: 0, False: 4] ------------------ 50| 0| wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p " 51| 0| "was still on a list (next=%p)\n", 52| 0| cert, cert->next); 53| 0| } 54| 4| x509_free_name(&cert->issuer); 55| 4| x509_free_name(&cert->subject); 56| 4| os_free(cert->public_key); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 57| 4| os_free(cert->sign_value); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 58| 4| os_free(cert->subject_dn); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 59| 4| os_free(cert); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 60| 4|} x509_certificate_chain_free: 68| 4|{ 69| 4| struct x509_certificate *next; 70| | 71| 8| while (cert) { ------------------ | Branch (71:9): [True: 4, False: 4] ------------------ 72| 4| next = cert->next; 73| | cert->next = NULL; 74| 4| x509_certificate_free(cert); 75| 4| cert = next; 76| 4| } 77| 4|} x509_parse_algorithm_identifier: 184| 12|{ 185| 12| struct asn1_hdr hdr; 186| 12| const u8 *pos, *end; 187| | 188| | /* 189| | * AlgorithmIdentifier ::= SEQUENCE { 190| | * algorithm OBJECT IDENTIFIER, 191| | * parameters ANY DEFINED BY algorithm OPTIONAL 192| | * } 193| | */ 194| | 195| 12| if (asn1_get_next(buf, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (195:6): [True: 0, False: 12] | Branch (195:43): [True: 0, False: 12] ------------------ 196| 0| asn1_unexpected(&hdr, 197| 0| "X509: Expected SEQUENCE (AlgorithmIdentifier)"); 198| 0| return -1; 199| 0| } 200| 12| if (hdr.length > buf + len - hdr.payload) ------------------ | Branch (200:6): [True: 0, False: 12] ------------------ 201| 0| return -1; 202| 12| pos = hdr.payload; 203| 12| end = pos + hdr.length; 204| | 205| 12| *next = end; 206| | 207| 12| if (asn1_get_oid(pos, end - pos, &id->oid, &pos)) ------------------ | Branch (207:6): [True: 0, False: 12] ------------------ 208| 0| return -1; 209| | 210| | /* TODO: optional parameters */ 211| | 212| 12| return 0; 213| 12|} x509_parse_name: 287| 8|{ 288| 8| struct asn1_hdr hdr; 289| 8| const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end; 290| 8| struct asn1_oid oid; 291| 8| char *val; 292| | 293| | /* 294| | * Name ::= CHOICE { RDNSequence } 295| | * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 296| | * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 297| | * AttributeTypeAndValue ::= SEQUENCE { 298| | * type AttributeType, 299| | * value AttributeValue 300| | * } 301| | * AttributeType ::= OBJECT IDENTIFIER 302| | * AttributeValue ::= ANY DEFINED BY AttributeType 303| | */ 304| | 305| 8| if (asn1_get_next(buf, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (305:6): [True: 0, False: 8] | Branch (305:43): [True: 0, False: 8] ------------------ 306| 0| asn1_unexpected(&hdr, 307| 0| "X509: Expected SEQUENCE (Name / RDNSequencer)"); 308| 0| return -1; 309| 0| } 310| 8| pos = hdr.payload; 311| | 312| 8| if (hdr.length > buf + len - pos) ------------------ | Branch (312:6): [True: 0, False: 8] ------------------ 313| 0| return -1; 314| | 315| 8| end = *next = pos + hdr.length; 316| | 317| 38| while (pos < end) { ------------------ | Branch (317:9): [True: 30, False: 8] ------------------ 318| 30| enum x509_name_attr_type type; 319| | 320| 30| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (320:7): [True: 0, False: 30] ------------------ 321| 30| !asn1_is_set(&hdr)) { ------------------ | Branch (321:7): [True: 0, False: 30] ------------------ 322| 0| asn1_unexpected(&hdr, 323| 0| "X509: Expected SET (RelativeDistinguishedName)"); 324| 0| x509_free_name(name); 325| 0| return -1; 326| 0| } 327| | 328| 30| set_pos = hdr.payload; 329| 30| pos = set_end = hdr.payload + hdr.length; 330| | 331| 30| if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 || ------------------ | Branch (331:7): [True: 0, False: 30] ------------------ 332| 30| !asn1_is_sequence(&hdr)) { ------------------ | Branch (332:7): [True: 0, False: 30] ------------------ 333| 0| asn1_unexpected(&hdr, 334| 0| "X509: Expected SEQUENCE (AttributeTypeAndValue)"); 335| 0| x509_free_name(name); 336| 0| return -1; 337| 0| } 338| | 339| 30| seq_pos = hdr.payload; 340| 30| seq_end = hdr.payload + hdr.length; 341| | 342| 30| if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) { ------------------ | Branch (342:7): [True: 0, False: 30] ------------------ 343| 0| x509_free_name(name); 344| 0| return -1; 345| 0| } 346| | 347| 30| if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 || ------------------ | Branch (347:7): [True: 0, False: 30] ------------------ 348| 30| hdr.class != ASN1_CLASS_UNIVERSAL) { ------------------ | | 43| 30|#define ASN1_CLASS_UNIVERSAL 0 ------------------ | Branch (348:7): [True: 0, False: 30] ------------------ 349| 0| wpa_printf(MSG_DEBUG, "X509: Failed to parse " 350| 0| "AttributeValue"); 351| 0| x509_free_name(name); 352| 0| return -1; 353| 0| } 354| | 355| 30| if (!asn1_is_string_type(&hdr)) { ------------------ | Branch (355:7): [True: 0, False: 30] ------------------ 356| 0| wpa_printf(MSG_DEBUG, 357| 0| "X509: Ignore non-string type attribute (tag 0x%x)", 358| 0| hdr.tag); 359| 0| continue; 360| 0| } 361| | 362| | /* RFC 3280: 363| | * MUST: country, organization, organizational-unit, 364| | * distinguished name qualifier, state or province name, 365| | * common name, serial number. 366| | * SHOULD: locality, title, surname, given name, initials, 367| | * pseudonym, generation qualifier. 368| | * MUST: domainComponent (RFC 2247). 369| | */ 370| 30| type = X509_NAME_ATTR_NOT_USED; 371| 30| if (oid.len == 4 && ------------------ | Branch (371:7): [True: 30, False: 0] ------------------ 372| 30| oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) { ------------------ | Branch (372:7): [True: 30, False: 0] | Branch (372:26): [True: 30, False: 0] | Branch (372:45): [True: 30, False: 0] ------------------ 373| | /* id-at ::= 2.5.4 */ 374| 30| switch (oid.oid[3]) { ------------------ | Branch (374:12): [True: 30, False: 0] ------------------ 375| 8| case 3: ------------------ | Branch (375:4): [True: 8, False: 22] ------------------ 376| | /* commonName */ 377| 8| type = X509_NAME_ATTR_CN; 378| 8| break; 379| 8| case 6: ------------------ | Branch (379:4): [True: 8, False: 22] ------------------ 380| | /* countryName */ 381| 8| type = X509_NAME_ATTR_C; 382| 8| break; 383| 6| case 7: ------------------ | Branch (383:4): [True: 6, False: 24] ------------------ 384| | /* localityName */ 385| 6| type = X509_NAME_ATTR_L; 386| 6| break; 387| 0| case 8: ------------------ | Branch (387:4): [True: 0, False: 30] ------------------ 388| | /* stateOrProvinceName */ 389| 0| type = X509_NAME_ATTR_ST; 390| 0| break; 391| 8| case 10: ------------------ | Branch (391:4): [True: 8, False: 22] ------------------ 392| | /* organizationName */ 393| 8| type = X509_NAME_ATTR_O; 394| 8| break; 395| 0| case 11: ------------------ | Branch (395:4): [True: 0, False: 30] ------------------ 396| | /* organizationalUnitName */ 397| 0| type = X509_NAME_ATTR_OU; 398| 0| break; 399| 30| } 400| 30| } else if (oid.len == 7 && ------------------ | Branch (400:14): [True: 0, False: 0] ------------------ 401| 0| oid.oid[0] == 1 && oid.oid[1] == 2 && ------------------ | Branch (401:7): [True: 0, False: 0] | Branch (401:26): [True: 0, False: 0] ------------------ 402| 0| oid.oid[2] == 840 && oid.oid[3] == 113549 && ------------------ | Branch (402:7): [True: 0, False: 0] | Branch (402:28): [True: 0, False: 0] ------------------ 403| 0| oid.oid[4] == 1 && oid.oid[5] == 9 && ------------------ | Branch (403:7): [True: 0, False: 0] | Branch (403:26): [True: 0, False: 0] ------------------ 404| 0| oid.oid[6] == 1) { ------------------ | Branch (404:7): [True: 0, False: 0] ------------------ 405| | /* 1.2.840.113549.1.9.1 - e-mailAddress */ 406| 0| os_free(name->email); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 407| 0| name->email = os_malloc(hdr.length + 1); ------------------ | | 505| 0|#define os_malloc(s) malloc((s)) ------------------ 408| 0| if (name->email == NULL) { ------------------ | Branch (408:8): [True: 0, False: 0] ------------------ 409| 0| x509_free_name(name); 410| 0| return -1; 411| 0| } 412| 0| os_memcpy(name->email, hdr.payload, hdr.length); ------------------ | | 523| 0|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 413| 0| name->email[hdr.length] = '\0'; 414| 0| continue; 415| 0| } else if (oid.len == 7 && ------------------ | Branch (415:14): [True: 0, False: 0] ------------------ 416| 0| oid.oid[0] == 0 && oid.oid[1] == 9 && ------------------ | Branch (416:7): [True: 0, False: 0] | Branch (416:26): [True: 0, False: 0] ------------------ 417| 0| oid.oid[2] == 2342 && oid.oid[3] == 19200300 && ------------------ | Branch (417:7): [True: 0, False: 0] | Branch (417:29): [True: 0, False: 0] ------------------ 418| 0| oid.oid[4] == 100 && oid.oid[5] == 1 && ------------------ | Branch (418:7): [True: 0, False: 0] | Branch (418:28): [True: 0, False: 0] ------------------ 419| 0| oid.oid[6] == 25) { ------------------ | Branch (419:7): [True: 0, False: 0] ------------------ 420| | /* 0.9.2342.19200300.100.1.25 - domainComponent */ 421| 0| type = X509_NAME_ATTR_DC; 422| 0| } 423| | 424| 30| if (type == X509_NAME_ATTR_NOT_USED) { ------------------ | Branch (424:7): [True: 0, False: 30] ------------------ 425| 0| wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID", 426| 0| (u8 *) oid.oid, 427| 0| oid.len * sizeof(oid.oid[0])); 428| 0| wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data", 429| 0| hdr.payload, hdr.length); 430| 0| continue; 431| 0| } 432| | 433| 30| if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) { ------------------ | | 32| 30|#define X509_MAX_NAME_ATTRIBUTES 20 ------------------ | Branch (433:7): [True: 0, False: 30] ------------------ 434| 0| wpa_printf(MSG_INFO, "X509: Too many Name attributes"); 435| 0| x509_free_name(name); 436| 0| return -1; 437| 0| } 438| | 439| 30| val = dup_binstr(hdr.payload, hdr.length); 440| 30| if (val == NULL) { ------------------ | Branch (440:7): [True: 0, False: 30] ------------------ 441| 0| x509_free_name(name); 442| 0| return -1; 443| 0| } 444| 30| if (os_strlen(val) != hdr.length) { ------------------ | | 536| 30|#define os_strlen(s) strlen(s) ------------------ | Branch (444:7): [True: 0, False: 30] ------------------ 445| 0| wpa_printf(MSG_INFO, "X509: Reject certificate with " 446| 0| "embedded NUL byte in a string (%s[NUL])", 447| 0| val); 448| 0| os_free(val); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 449| 0| x509_free_name(name); 450| 0| return -1; 451| 0| } 452| | 453| 30| name->attr[name->num_attr].type = type; 454| 30| name->attr[name->num_attr].value = val; 455| 30| name->num_attr++; 456| 30| } 457| | 458| 8| return 0; 459| 8|} x509_name_string: 493| 12|{ 494| 12| char *pos, *end; 495| 12| int ret; 496| 12| size_t i; 497| | 498| 12| if (len == 0) ------------------ | Branch (498:6): [True: 0, False: 12] ------------------ 499| 0| return; 500| | 501| 12| pos = buf; 502| 12| end = buf + len; 503| | 504| 56| for (i = 0; i < name->num_attr; i++) { ------------------ | Branch (504:14): [True: 44, False: 12] ------------------ 505| 44| ret = os_snprintf(pos, end - pos, "%s=%s, ", ------------------ | | 572| 44|#define os_snprintf snprintf ------------------ 506| 44| x509_name_attr_str(name->attr[i].type), 507| 44| name->attr[i].value); 508| 44| if (os_snprintf_error(end - pos, ret)) ------------------ | Branch (508:7): [True: 0, False: 44] ------------------ 509| 0| goto done; 510| 44| pos += ret; 511| 44| } 512| | 513| 12| if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') { ------------------ | Branch (513:6): [True: 12, False: 0] | Branch (513:23): [True: 12, False: 0] | Branch (513:41): [True: 12, False: 0] ------------------ 514| 12| pos--; 515| 12| *pos = '\0'; 516| 12| pos--; 517| 12| *pos = '\0'; 518| 12| } 519| | 520| 12| if (name->email) { ------------------ | Branch (520:6): [True: 0, False: 12] ------------------ 521| 0| ret = os_snprintf(pos, end - pos, "/emailAddress=%s", ------------------ | | 572| 0|#define os_snprintf snprintf ------------------ 522| 0| name->email); 523| 0| if (os_snprintf_error(end - pos, ret)) ------------------ | Branch (523:7): [True: 0, False: 0] ------------------ 524| 0| goto done; 525| 0| pos += ret; 526| 0| } 527| | 528| 12|done: 529| 12| if (pos < end) ------------------ | Branch (529:6): [True: 12, False: 0] ------------------ 530| 12| *pos = '\0'; 531| 12| end[-1] = '\0'; 532| 12|} x509_parse_time: 570| 8|{ 571| 8| const char *pos, *end; 572| 8| int year, month, day, hour, min, sec; 573| | 574| | /* 575| | * Time ::= CHOICE { 576| | * utcTime UTCTime, 577| | * generalTime GeneralizedTime 578| | * } 579| | * 580| | * UTCTime: YYMMDDHHMMSSZ 581| | * GeneralizedTime: YYYYMMDDHHMMSSZ 582| | */ 583| | 584| 8| pos = (const char *) buf; 585| 8| end = pos + len; 586| | 587| 8| switch (asn1_tag) { 588| 8| case ASN1_TAG_UTCTIME: ------------------ | | 34| 8|#define ASN1_TAG_UTCTIME 0x17 ------------------ | Branch (588:2): [True: 8, False: 0] ------------------ 589| 8| if (len != 13 || buf[12] != 'Z') { ------------------ | Branch (589:7): [True: 0, False: 8] | Branch (589:20): [True: 0, False: 8] ------------------ 590| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 591| 0| "UTCTime format", buf, len); 592| 0| return -1; 593| 0| } 594| 8| year = parse_uint2(pos, end - pos); 595| 8| if (year < 0) { ------------------ | Branch (595:7): [True: 0, False: 8] ------------------ 596| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 597| 0| "UTCTime year", buf, len); 598| 0| return -1; 599| 0| } 600| 8| if (year < 50) ------------------ | Branch (600:7): [True: 8, False: 0] ------------------ 601| 8| year += 2000; 602| 0| else 603| 0| year += 1900; 604| 8| pos += 2; 605| 8| break; 606| 0| case ASN1_TAG_GENERALIZEDTIME: ------------------ | | 35| 0|#define ASN1_TAG_GENERALIZEDTIME 0x18 /* not yet parsed */ ------------------ | Branch (606:2): [True: 0, False: 8] ------------------ 607| 0| if (len != 15 || buf[14] != 'Z') { ------------------ | Branch (607:7): [True: 0, False: 0] | Branch (607:20): [True: 0, False: 0] ------------------ 608| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 609| 0| "GeneralizedTime format", buf, len); 610| 0| return -1; 611| 0| } 612| 0| year = parse_uint4(pos, end - pos); 613| 0| if (year < 0) { ------------------ | Branch (613:7): [True: 0, False: 0] ------------------ 614| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 615| 0| "GeneralizedTime year", buf, len); 616| 0| return -1; 617| 0| } 618| 0| pos += 4; 619| 0| break; 620| 0| default: ------------------ | Branch (620:2): [True: 0, False: 8] ------------------ 621| 0| wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or " 622| 0| "GeneralizedTime - found tag 0x%x", asn1_tag); 623| 0| return -1; 624| 8| } 625| | 626| 8| month = parse_uint2(pos, end - pos); 627| 8| if (month < 0) { ------------------ | Branch (627:6): [True: 0, False: 8] ------------------ 628| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 629| 0| "(month)", buf, len); 630| 0| return -1; 631| 0| } 632| 8| pos += 2; 633| | 634| 8| day = parse_uint2(pos, end - pos); 635| 8| if (day < 0) { ------------------ | Branch (635:6): [True: 0, False: 8] ------------------ 636| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 637| 0| "(day)", buf, len); 638| 0| return -1; 639| 0| } 640| 8| pos += 2; 641| | 642| 8| hour = parse_uint2(pos, end - pos); 643| 8| if (hour < 0) { ------------------ | Branch (643:6): [True: 0, False: 8] ------------------ 644| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 645| 0| "(hour)", buf, len); 646| 0| return -1; 647| 0| } 648| 8| pos += 2; 649| | 650| 8| min = parse_uint2(pos, end - pos); 651| 8| if (min < 0) { ------------------ | Branch (651:6): [True: 0, False: 8] ------------------ 652| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 653| 0| "(min)", buf, len); 654| 0| return -1; 655| 0| } 656| 8| pos += 2; 657| | 658| 8| sec = parse_uint2(pos, end - pos); 659| 8| if (sec < 0) { ------------------ | Branch (659:6): [True: 0, False: 8] ------------------ 660| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 661| 0| "(sec)", buf, len); 662| 0| return -1; 663| 0| } 664| | 665| 8| if (os_mktime(year, month, day, hour, min, sec, val) < 0) { ------------------ | Branch (665:6): [True: 0, False: 8] ------------------ 666| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time", 667| 0| buf, len); 668| 0| if (year < 1970) { ------------------ | Branch (668:7): [True: 0, False: 0] ------------------ 669| | /* 670| | * At least some test certificates have been configured 671| | * to use dates prior to 1970. Set the date to 672| | * beginning of 1970 to handle these case. 673| | */ 674| 0| wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - " 675| 0| "assume epoch as the time", year); 676| 0| *val = 0; 677| 0| return 0; 678| 0| } 679| 0| return -1; 680| 0| } 681| | 682| 8| return 0; 683| 8|} x509_certificate_parse: 1728| 4|{ 1729| 4| struct asn1_hdr hdr; 1730| 4| const u8 *pos, *end, *hash_start; 1731| 4| struct x509_certificate *cert; 1732| | 1733| 4| cert = os_zalloc(sizeof(*cert) + len); 1734| 4| if (cert == NULL) ------------------ | Branch (1734:6): [True: 0, False: 4] ------------------ 1735| 0| return NULL; 1736| 4| os_memcpy(cert + 1, buf, len); ------------------ | | 523| 4|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 1737| 4| cert->cert_start = (u8 *) (cert + 1); 1738| 4| cert->cert_len = len; 1739| | 1740| 4| pos = buf; 1741| 4| end = buf + len; 1742| | 1743| | /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */ 1744| | 1745| | /* Certificate ::= SEQUENCE */ 1746| 4| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (1746:6): [True: 0, False: 4] | Branch (1746:43): [True: 0, False: 4] ------------------ 1747| 0| asn1_unexpected(&hdr, 1748| 0| "X509: Certificate did not start with a valid SEQUENCE"); 1749| 0| x509_certificate_free(cert); 1750| 0| return NULL; 1751| 0| } 1752| 4| pos = hdr.payload; 1753| | 1754| 4| if (hdr.length > end - pos) { ------------------ | Branch (1754:6): [True: 0, False: 4] ------------------ 1755| 0| x509_certificate_free(cert); 1756| 0| return NULL; 1757| 0| } 1758| | 1759| 4| if (hdr.length < end - pos) { ------------------ | Branch (1759:6): [True: 0, False: 4] ------------------ 1760| 0| wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER " 1761| 0| "encoded certificate", 1762| 0| pos + hdr.length, end - (pos + hdr.length)); 1763| 0| end = pos + hdr.length; 1764| 0| } 1765| | 1766| 4| hash_start = pos; 1767| 4| cert->tbs_cert_start = cert->cert_start + (hash_start - buf); 1768| 4| if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) { ------------------ | Branch (1768:6): [True: 0, False: 4] ------------------ 1769| 0| x509_certificate_free(cert); 1770| 0| return NULL; 1771| 0| } 1772| 4| cert->tbs_cert_len = pos - hash_start; 1773| | 1774| | /* signatureAlgorithm AlgorithmIdentifier */ 1775| 4| if (x509_parse_algorithm_identifier(pos, end - pos, ------------------ | Branch (1775:6): [True: 0, False: 4] ------------------ 1776| 4| &cert->signature_alg, &pos)) { 1777| 0| x509_certificate_free(cert); 1778| 0| return NULL; 1779| 0| } 1780| | 1781| | /* signatureValue BIT STRING */ 1782| 4| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1782:6): [True: 0, False: 4] ------------------ 1783| 4| !asn1_is_bitstring(&hdr)) { ------------------ | Branch (1783:6): [True: 0, False: 4] ------------------ 1784| 0| asn1_unexpected(&hdr, 1785| 0| "X509: Expected BITSTRING (signatureValue)"); 1786| 0| x509_certificate_free(cert); 1787| 0| return NULL; 1788| 0| } 1789| 4| if (hdr.length < 1) { ------------------ | Branch (1789:6): [True: 0, False: 4] ------------------ 1790| 0| x509_certificate_free(cert); 1791| 0| return NULL; 1792| 0| } 1793| 4| pos = hdr.payload; 1794| 4| if (*pos) { ------------------ | Branch (1794:6): [True: 0, False: 4] ------------------ 1795| 0| wpa_printf(MSG_DEBUG, 1796| 0| "X509: BITSTRING (signatureValue) - %d unused bits", 1797| 0| *pos); 1798| | /* PKCS #1 v1.5 10.2.1: 1799| | * It is an error if the length in bits of the signature S is 1800| | * not a multiple of eight. 1801| | */ 1802| 0| x509_certificate_free(cert); 1803| 0| return NULL; 1804| 0| } 1805| 4| os_free(cert->sign_value); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 1806| 4| cert->sign_value = os_memdup(pos + 1, hdr.length - 1); 1807| 4| if (cert->sign_value == NULL) { ------------------ | Branch (1807:6): [True: 0, False: 4] ------------------ 1808| 0| wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 1809| 0| "signatureValue"); 1810| 0| x509_certificate_free(cert); 1811| 0| return NULL; 1812| 0| } 1813| 4| cert->sign_value_len = hdr.length - 1; 1814| 4| wpa_hexdump(MSG_MSGDUMP, "X509: signature", 1815| 4| cert->sign_value, cert->sign_value_len); 1816| | 1817| 4| return cert; 1818| 4|} x509v3.c:x509_name_attr_str: 463| 44|{ 464| 44| switch (type) { ------------------ | Branch (464:10): [True: 44, False: 0] ------------------ 465| 0| case X509_NAME_ATTR_NOT_USED: ------------------ | Branch (465:2): [True: 0, False: 44] ------------------ 466| 0| return "[N/A]"; 467| 0| case X509_NAME_ATTR_DC: ------------------ | Branch (467:2): [True: 0, False: 44] ------------------ 468| 0| return "DC"; 469| 12| case X509_NAME_ATTR_CN: ------------------ | Branch (469:2): [True: 12, False: 32] ------------------ 470| 12| return "CN"; 471| 12| case X509_NAME_ATTR_C: ------------------ | Branch (471:2): [True: 12, False: 32] ------------------ 472| 12| return "C"; 473| 8| case X509_NAME_ATTR_L: ------------------ | Branch (473:2): [True: 8, False: 36] ------------------ 474| 8| return "L"; 475| 0| case X509_NAME_ATTR_ST: ------------------ | Branch (475:2): [True: 0, False: 44] ------------------ 476| 0| return "ST"; 477| 12| case X509_NAME_ATTR_O: ------------------ | Branch (477:2): [True: 12, False: 32] ------------------ 478| 12| return "O"; 479| 0| case X509_NAME_ATTR_OU: ------------------ | Branch (479:2): [True: 0, False: 44] ------------------ 480| 0| return "OU"; 481| 44| } 482| 0| return "?"; 483| 44|} x509v3.c:parse_uint2: 536| 48|{ 537| 48| char buf[3]; 538| 48| int ret; 539| | 540| 48| if (len < 2) ------------------ | Branch (540:6): [True: 0, False: 48] ------------------ 541| 0| return -1; 542| 48| buf[0] = pos[0]; 543| 48| buf[1] = pos[1]; 544| 48| buf[2] = 0x00; 545| 48| if (sscanf(buf, "%2d", &ret) != 1) ------------------ | Branch (545:6): [True: 0, False: 48] ------------------ 546| 0| return -1; 547| 48| return ret; 548| 48|} x509v3.c:x509_parse_tbs_certificate: 1458| 4|{ 1459| 4| struct asn1_hdr hdr; 1460| 4| const u8 *pos, *end; 1461| 4| size_t left; 1462| 4| char sbuf[128]; 1463| 4| unsigned long value; 1464| 4| const u8 *subject_dn; 1465| | 1466| | /* tbsCertificate TBSCertificate ::= SEQUENCE */ 1467| 4| if (asn1_get_next(buf, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (1467:6): [True: 0, False: 4] | Branch (1467:43): [True: 0, False: 4] ------------------ 1468| 0| asn1_unexpected(&hdr, 1469| 0| "X509: tbsCertificate did not start with a valid SEQUENCE"); 1470| 0| return -1; 1471| 0| } 1472| 4| pos = hdr.payload; 1473| 4| end = *next = pos + hdr.length; 1474| | 1475| | /* 1476| | * version [0] EXPLICIT Version DEFAULT v1 1477| | * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1478| | */ 1479| 4| if (asn1_get_next(pos, end - pos, &hdr) < 0) ------------------ | Branch (1479:6): [True: 0, False: 4] ------------------ 1480| 0| return -1; 1481| 4| pos = hdr.payload; 1482| | 1483| 4| if (asn1_is_cs_tag(&hdr, 0) && hdr.constructed) { ------------------ | Branch (1483:6): [True: 4, False: 0] | Branch (1483:33): [True: 4, False: 0] ------------------ 1484| 4| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1484:7): [True: 0, False: 4] ------------------ 1485| 4| !asn1_is_integer(&hdr)) { ------------------ | Branch (1485:7): [True: 0, False: 4] ------------------ 1486| 0| asn1_unexpected(&hdr, 1487| 0| "X509: No INTEGER tag found for version field"); 1488| 0| return -1; 1489| 0| } 1490| 4| if (hdr.length != 1) { ------------------ | Branch (1490:7): [True: 0, False: 4] ------------------ 1491| 0| wpa_printf(MSG_DEBUG, "X509: Unexpected version field " 1492| 0| "length %u (expected 1)", hdr.length); 1493| 0| return -1; 1494| 0| } 1495| 4| pos = hdr.payload; 1496| 4| left = hdr.length; 1497| 4| value = 0; 1498| 8| while (left) { ------------------ | Branch (1498:10): [True: 4, False: 4] ------------------ 1499| 4| value <<= 8; 1500| 4| value |= *pos++; 1501| 4| left--; 1502| 4| } 1503| | 1504| 4| cert->version = value; 1505| 4| if (cert->version != X509_CERT_V1 && ------------------ | Branch (1505:7): [True: 4, False: 0] ------------------ 1506| 4| cert->version != X509_CERT_V2 && ------------------ | Branch (1506:7): [True: 4, False: 0] ------------------ 1507| 4| cert->version != X509_CERT_V3) { ------------------ | Branch (1507:7): [True: 0, False: 4] ------------------ 1508| 0| wpa_printf(MSG_DEBUG, "X509: Unsupported version %d", 1509| 0| cert->version + 1); 1510| 0| return -1; 1511| 0| } 1512| | 1513| 4| if (asn1_get_next(pos, end - pos, &hdr) < 0) ------------------ | Branch (1513:7): [True: 0, False: 4] ------------------ 1514| 0| return -1; 1515| 4| } else 1516| 0| cert->version = X509_CERT_V1; 1517| 4| wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1); 1518| | 1519| | /* serialNumber CertificateSerialNumber ::= INTEGER */ 1520| 4| if (!asn1_is_integer(&hdr) || ------------------ | Branch (1520:6): [True: 0, False: 4] ------------------ 1521| 4| hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) { ------------------ | | 48| 4|#define X509_MAX_SERIAL_NUM_LEN 20 ------------------ | Branch (1521:6): [True: 0, False: 4] | Branch (1521:24): [True: 0, False: 4] ------------------ 1522| 0| asn1_unexpected(&hdr, 1523| 0| "X509: No INTEGER tag found for serialNumber"); 1524| 0| return -1; 1525| 0| } 1526| | 1527| 4| pos = hdr.payload + hdr.length; 1528| 6| while (hdr.length > 0 && hdr.payload[0] == 0) { ------------------ | Branch (1528:9): [True: 6, False: 0] | Branch (1528:27): [True: 2, False: 4] ------------------ 1529| 2| hdr.payload++; 1530| 2| hdr.length--; 1531| 2| } 1532| 4| os_memcpy(cert->serial_number, hdr.payload, hdr.length); ------------------ | | 523| 4|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 1533| 4| cert->serial_number_len = hdr.length; 1534| 4| wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number, 1535| 4| cert->serial_number_len); 1536| | 1537| | /* signature AlgorithmIdentifier */ 1538| 4| if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature, ------------------ | Branch (1538:6): [True: 0, False: 4] ------------------ 1539| 4| &pos)) 1540| 0| return -1; 1541| | 1542| | /* issuer Name */ 1543| 4| if (x509_parse_name(pos, end - pos, &cert->issuer, &pos)) ------------------ | Branch (1543:6): [True: 0, False: 4] ------------------ 1544| 0| return -1; 1545| 4| x509_name_string(&cert->issuer, sbuf, sizeof(sbuf)); 1546| 4| wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf); 1547| | 1548| | /* validity Validity */ 1549| 4| if (x509_parse_validity(pos, end - pos, cert, &pos)) ------------------ | Branch (1549:6): [True: 0, False: 4] ------------------ 1550| 0| return -1; 1551| | 1552| | /* subject Name */ 1553| 4| subject_dn = pos; 1554| 4| if (x509_parse_name(pos, end - pos, &cert->subject, &pos)) ------------------ | Branch (1554:6): [True: 0, False: 4] ------------------ 1555| 0| return -1; 1556| 4| cert->subject_dn = os_malloc(pos - subject_dn); ------------------ | | 505| 4|#define os_malloc(s) malloc((s)) ------------------ 1557| 4| if (!cert->subject_dn) ------------------ | Branch (1557:6): [True: 0, False: 4] ------------------ 1558| 0| return -1; 1559| 4| cert->subject_dn_len = pos - subject_dn; 1560| 4| os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len); ------------------ | | 523| 4|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 1561| 4| x509_name_string(&cert->subject, sbuf, sizeof(sbuf)); 1562| 4| wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf); 1563| | 1564| | /* subjectPublicKeyInfo SubjectPublicKeyInfo */ 1565| 4| if (x509_parse_public_key(pos, end - pos, cert, &pos)) ------------------ | Branch (1565:6): [True: 0, False: 4] ------------------ 1566| 0| return -1; 1567| | 1568| 4| if (pos == end) ------------------ | Branch (1568:6): [True: 0, False: 4] ------------------ 1569| 0| return 0; 1570| | 1571| 4| if (cert->version == X509_CERT_V1) ------------------ | Branch (1571:6): [True: 0, False: 4] ------------------ 1572| 0| return 0; 1573| | 1574| 4| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1574:6): [True: 0, False: 4] ------------------ 1575| 4| hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { ------------------ | | 45| 4|#define ASN1_CLASS_CONTEXT_SPECIFIC 2 ------------------ | Branch (1575:6): [True: 0, False: 4] ------------------ 1576| 0| asn1_unexpected(&hdr, 1577| 0| "X509: Expected Context-Specific tag to parse optional tbsCertificate field(s)"); 1578| 0| return -1; 1579| 0| } 1580| | 1581| 4| if (hdr.tag == 1) { ------------------ | Branch (1581:6): [True: 0, False: 4] ------------------ 1582| | /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */ 1583| 0| wpa_printf(MSG_DEBUG, "X509: issuerUniqueID"); 1584| | /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1585| | 1586| 0| pos = hdr.payload + hdr.length; 1587| 0| if (pos == end) ------------------ | Branch (1587:7): [True: 0, False: 0] ------------------ 1588| 0| return 0; 1589| | 1590| 0| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1590:7): [True: 0, False: 0] ------------------ 1591| 0| hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { ------------------ | | 45| 0|#define ASN1_CLASS_CONTEXT_SPECIFIC 2 ------------------ | Branch (1591:7): [True: 0, False: 0] ------------------ 1592| 0| asn1_unexpected(&hdr, 1593| 0| "X509: Expected Context-Specific tag to parse optional tbsCertificate field(s)"); 1594| 0| return -1; 1595| 0| } 1596| 0| } 1597| | 1598| 4| if (hdr.tag == 2) { ------------------ | Branch (1598:6): [True: 0, False: 4] ------------------ 1599| | /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */ 1600| 0| wpa_printf(MSG_DEBUG, "X509: subjectUniqueID"); 1601| | /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1602| | 1603| 0| pos = hdr.payload + hdr.length; 1604| 0| if (pos == end) ------------------ | Branch (1604:7): [True: 0, False: 0] ------------------ 1605| 0| return 0; 1606| | 1607| 0| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1607:7): [True: 0, False: 0] ------------------ 1608| 0| hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { ------------------ | | 45| 0|#define ASN1_CLASS_CONTEXT_SPECIFIC 2 ------------------ | Branch (1608:7): [True: 0, False: 0] ------------------ 1609| 0| asn1_unexpected(&hdr, 1610| 0| "X509: Expected Context-Specific tag to parse optional tbsCertificate field(s)"); 1611| 0| return -1; 1612| 0| } 1613| 0| } 1614| | 1615| 4| if (hdr.tag != 3) { ------------------ | Branch (1615:6): [True: 0, False: 4] ------------------ 1616| 0| wpa_printf(MSG_DEBUG, 1617| 0| "X509: Ignored unexpected Context-Specific constructed %d tag %d in optional tbsCertificate fields", 1618| 0| hdr.constructed, hdr.tag); 1619| 0| return 0; 1620| 0| } 1621| | 1622| | /* extensions [3] EXPLICIT Extensions OPTIONAL */ 1623| | 1624| 4| if (cert->version != X509_CERT_V3) { ------------------ | Branch (1624:6): [True: 0, False: 4] ------------------ 1625| 0| wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and " 1626| 0| "Extensions data which are only allowed for " 1627| 0| "version 3", cert->version + 1); 1628| 0| return -1; 1629| 0| } 1630| | 1631| 4| if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0) ------------------ | Branch (1631:6): [True: 0, False: 4] ------------------ 1632| 0| return -1; 1633| | 1634| 4| pos = hdr.payload + hdr.length; 1635| 4| if (pos < end) { ------------------ | Branch (1635:6): [True: 0, False: 4] ------------------ 1636| 0| wpa_hexdump(MSG_DEBUG, 1637| 0| "X509: Ignored extra tbsCertificate data", 1638| 0| pos, end - pos); 1639| 0| } 1640| | 1641| 4| return 0; 1642| 4|} x509v3.c:x509_parse_validity: 688| 4|{ 689| 4| struct asn1_hdr hdr; 690| 4| const u8 *pos; 691| 4| size_t plen; 692| | 693| | /* 694| | * Validity ::= SEQUENCE { 695| | * notBefore Time, 696| | * notAfter Time 697| | * } 698| | * 699| | * RFC 3280, 4.1.2.5: 700| | * CAs conforming to this profile MUST always encode certificate 701| | * validity dates through the year 2049 as UTCTime; certificate 702| | * validity dates in 2050 or later MUST be encoded as GeneralizedTime. 703| | */ 704| | 705| 4| if (asn1_get_next(buf, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (705:6): [True: 0, False: 4] | Branch (705:43): [True: 0, False: 4] ------------------ 706| 0| asn1_unexpected(&hdr, "X509: Expected SEQUENCE (Validity)"); 707| 0| return -1; 708| 0| } 709| 4| pos = hdr.payload; 710| 4| plen = hdr.length; 711| | 712| 4| if (plen > (size_t) (buf + len - pos)) ------------------ | Branch (712:6): [True: 0, False: 4] ------------------ 713| 0| return -1; 714| | 715| 4| *next = pos + plen; 716| | 717| 4| if (asn1_get_next(pos, plen, &hdr) < 0 || ------------------ | Branch (717:6): [True: 0, False: 4] ------------------ 718| 4| (!asn1_is_utctime(&hdr) && !asn1_is_generalizedtime(&hdr)) || ------------------ | Branch (718:7): [True: 0, False: 4] | Branch (718:33): [True: 0, False: 0] ------------------ 719| 4| x509_parse_time(hdr.payload, hdr.length, hdr.tag, ------------------ | Branch (719:6): [True: 0, False: 4] ------------------ 720| 4| &cert->not_before) < 0) { 721| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore " 722| 0| "Time", hdr.payload, hdr.length); 723| 0| return -1; 724| 0| } 725| | 726| 4| pos = hdr.payload + hdr.length; 727| 4| plen = *next - pos; 728| | 729| 4| if (asn1_get_next(pos, plen, &hdr) < 0 || ------------------ | Branch (729:6): [True: 0, False: 4] ------------------ 730| 4| (!asn1_is_utctime(&hdr) && !asn1_is_generalizedtime(&hdr)) || ------------------ | Branch (730:7): [True: 0, False: 4] | Branch (730:33): [True: 0, False: 0] ------------------ 731| 4| x509_parse_time(hdr.payload, hdr.length, hdr.tag, ------------------ | Branch (731:6): [True: 0, False: 4] ------------------ 732| 4| &cert->not_after) < 0) { 733| 0| wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter " 734| 0| "Time", hdr.payload, hdr.length); 735| 0| return -1; 736| 0| } 737| | 738| 4| wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu", 739| 4| (unsigned long) cert->not_before, 740| 4| (unsigned long) cert->not_after); 741| | 742| 4| return 0; 743| 4|} x509v3.c:x509_parse_public_key: 219| 4|{ 220| 4| struct asn1_hdr hdr; 221| 4| const u8 *pos, *end; 222| | 223| | /* 224| | * SubjectPublicKeyInfo ::= SEQUENCE { 225| | * algorithm AlgorithmIdentifier, 226| | * subjectPublicKey BIT STRING 227| | * } 228| | */ 229| | 230| 4| pos = buf; 231| 4| end = buf + len; 232| | 233| 4| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (233:6): [True: 0, False: 4] ------------------ 234| 4| !asn1_is_sequence(&hdr)) { ------------------ | Branch (234:6): [True: 0, False: 4] ------------------ 235| 0| asn1_unexpected(&hdr, 236| 0| "X509: Expected SEQUENCE (SubjectPublicKeyInfo)"); 237| 0| return -1; 238| 0| } 239| 4| pos = hdr.payload; 240| | 241| 4| if (hdr.length > end - pos) ------------------ | Branch (241:6): [True: 0, False: 4] ------------------ 242| 0| return -1; 243| 4| end = pos + hdr.length; 244| 4| *next = end; 245| | 246| 4| if (x509_parse_algorithm_identifier(pos, end - pos, ------------------ | Branch (246:6): [True: 0, False: 4] ------------------ 247| 4| &cert->public_key_alg, &pos)) 248| 0| return -1; 249| | 250| 4| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (250:6): [True: 0, False: 4] ------------------ 251| 4| !asn1_is_bitstring(&hdr)) { ------------------ | Branch (251:6): [True: 0, False: 4] ------------------ 252| 0| asn1_unexpected(&hdr, 253| 0| "X509: Expected BITSTRING (subjectPublicKey)"); 254| 0| return -1; 255| 0| } 256| 4| if (hdr.length < 1) ------------------ | Branch (256:6): [True: 0, False: 4] ------------------ 257| 0| return -1; 258| 4| pos = hdr.payload; 259| 4| if (*pos) { ------------------ | Branch (259:6): [True: 0, False: 4] ------------------ 260| 0| wpa_printf(MSG_DEBUG, 261| 0| "X509: BITSTRING (subjectPublicKey) - %d unused bits", 262| 0| *pos); 263| | /* 264| | * TODO: should this be rejected? X.509 certificates are 265| | * unlikely to use such a construction. Now we would end up 266| | * including the extra bits in the buffer which may also be 267| | * ok. 268| | */ 269| 0| } 270| 4| os_free(cert->public_key); ------------------ | | 511| 4|#define os_free(p) free((p)) ------------------ 271| 4| cert->public_key = os_memdup(pos + 1, hdr.length - 1); 272| 4| if (cert->public_key == NULL) { ------------------ | Branch (272:6): [True: 0, False: 4] ------------------ 273| 0| wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 274| 0| "public key"); 275| 0| return -1; 276| 0| } 277| 4| cert->public_key_len = hdr.length - 1; 278| 4| wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey", 279| 4| cert->public_key, cert->public_key_len); 280| | 281| 4| return 0; 282| 4|} x509v3.c:x509_parse_extensions: 1431| 4|{ 1432| 4| const u8 *end; 1433| 4| struct asn1_hdr hdr; 1434| | 1435| | /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ 1436| | 1437| 4| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (1437:6): [True: 0, False: 4] | Branch (1437:43): [True: 0, False: 4] ------------------ 1438| 0| asn1_unexpected(&hdr, "X509: Expected SEQUENCE for Extensions"); 1439| 0| return -1; 1440| 0| } 1441| | 1442| 4| pos = hdr.payload; 1443| 4| end = pos + hdr.length; 1444| | 1445| 22| while (pos < end) { ------------------ | Branch (1445:9): [True: 18, False: 4] ------------------ 1446| 18| if (x509_parse_extension(cert, pos, end - pos, &pos) ------------------ | Branch (1446:7): [True: 0, False: 18] ------------------ 1447| 18| < 0) 1448| 0| return -1; 1449| 18| } 1450| | 1451| 4| return 0; 1452| 4|} x509v3.c:x509_parse_extension: 1357| 18|{ 1358| 18| const u8 *end; 1359| 18| struct asn1_hdr hdr; 1360| 18| struct asn1_oid oid; 1361| 18| int critical_ext = 0, res; 1362| 18| char buf[80]; 1363| | 1364| | /* 1365| | * Extension ::= SEQUENCE { 1366| | * extnID OBJECT IDENTIFIER, 1367| | * critical BOOLEAN DEFAULT FALSE, 1368| | * extnValue OCTET STRING 1369| | * } 1370| | */ 1371| | 1372| 18| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (1372:6): [True: 0, False: 18] | Branch (1372:43): [True: 0, False: 18] ------------------ 1373| 0| asn1_unexpected(&hdr, "X509: Expected SEQUENCE in Extensions"); 1374| 0| return -1; 1375| 0| } 1376| 18| pos = hdr.payload; 1377| 18| *next = end = pos + hdr.length; 1378| | 1379| 18| if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) { ------------------ | Branch (1379:6): [True: 0, False: 18] ------------------ 1380| 0| wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for " 1381| 0| "Extension (expected OID)"); 1382| 0| return -1; 1383| 0| } 1384| | 1385| 18| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1385:6): [True: 0, False: 18] ------------------ 1386| 18| (!asn1_is_boolean(&hdr) && !asn1_is_octetstring(&hdr))) { ------------------ | Branch (1386:7): [True: 18, False: 0] | Branch (1386:33): [True: 0, False: 18] ------------------ 1387| 0| asn1_unexpected(&hdr, 1388| 0| "X509: Expected BOOLEAN or OCTETSTRING in Extensions"); 1389| 0| return -1; 1390| 0| } 1391| | 1392| 18| if (hdr.tag == ASN1_TAG_BOOLEAN) { ------------------ | | 13| 18|#define ASN1_TAG_BOOLEAN 0x01 ------------------ | Branch (1392:6): [True: 0, False: 18] ------------------ 1393| 0| critical_ext = hdr.payload[0]; 1394| 0| pos = hdr.payload; 1395| | /* 1396| | * Number of CA certificates seem to be using Private class in 1397| | * one of the X.509v3 extensions, so let's accept that instead 1398| | * of rejecting the certificate. asn1_is_octetstring() covers 1399| | * the more common case. 1400| | */ 1401| 0| if (asn1_get_next(pos, end - pos, &hdr) < 0 || ------------------ | Branch (1401:7): [True: 0, False: 0] ------------------ 1402| 0| (!asn1_is_octetstring(&hdr) && ------------------ | Branch (1402:8): [True: 0, False: 0] ------------------ 1403| 0| !(hdr.class == ASN1_CLASS_PRIVATE && ------------------ | | 46| 0|#define ASN1_CLASS_PRIVATE 3 ------------------ | Branch (1403:10): [True: 0, False: 0] ------------------ 1404| 0| hdr.tag == ASN1_TAG_OCTETSTRING))) { ------------------ | | 16| 0|#define ASN1_TAG_OCTETSTRING 0x04 ------------------ | Branch (1404:10): [True: 0, False: 0] ------------------ 1405| 0| asn1_unexpected(&hdr, 1406| 0| "X509: Expected OCTETSTRING in Extensions"); 1407| 0| return -1; 1408| 0| } 1409| 0| } 1410| | 1411| 18| asn1_oid_to_str(&oid, buf, sizeof(buf)); 1412| 18| wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d", 1413| 18| buf, critical_ext); 1414| 18| wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length); 1415| | 1416| 18| res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length); 1417| 18| if (res < 0) ------------------ | Branch (1417:6): [True: 0, False: 18] ------------------ 1418| 0| return res; 1419| 18| if (res == 1 && critical_ext) { ------------------ | Branch (1419:6): [True: 10, False: 8] | Branch (1419:18): [True: 0, False: 10] ------------------ 1420| 0| wpa_printf(MSG_INFO, "X509: Unknown critical extension %s", 1421| 0| buf); 1422| 0| return -1; 1423| 0| } 1424| | 1425| 18| return 0; 1426| 18|} x509v3.c:x509_parse_extension_data: 1327| 18|{ 1328| 18| if (!x509_id_ce_oid(oid)) ------------------ | Branch (1328:6): [True: 2, False: 16] ------------------ 1329| 2| return 1; 1330| | 1331| | /* TODO: add other extensions required by RFC 3280, Ch 4.2: 1332| | * name constraints (section 4.2.1.11) 1333| | * policy constraints (section 4.2.1.12) 1334| | * inhibit any-policy (section 4.2.1.15) 1335| | */ 1336| 16| switch (oid->oid[3]) { 1337| 0| case 15: /* id-ce-keyUsage */ ------------------ | Branch (1337:2): [True: 0, False: 16] ------------------ 1338| 0| return x509_parse_ext_key_usage(cert, pos, len); 1339| 2| case 17: /* id-ce-subjectAltName */ ------------------ | Branch (1339:2): [True: 2, False: 14] ------------------ 1340| 2| return x509_parse_ext_subject_alt_name(cert, pos, len); 1341| 0| case 18: /* id-ce-issuerAltName */ ------------------ | Branch (1341:2): [True: 0, False: 16] ------------------ 1342| 0| return x509_parse_ext_issuer_alt_name(cert, pos, len); 1343| 4| case 19: /* id-ce-basicConstraints */ ------------------ | Branch (1343:2): [True: 4, False: 12] ------------------ 1344| 4| return x509_parse_ext_basic_constraints(cert, pos, len); 1345| 0| case 32: /* id-ce-certificatePolicies */ ------------------ | Branch (1345:2): [True: 0, False: 16] ------------------ 1346| 0| return x509_parse_ext_certificate_policies(cert, pos, len); 1347| 2| case 37: /* id-ce-extKeyUsage */ ------------------ | Branch (1347:2): [True: 2, False: 14] ------------------ 1348| 2| return x509_parse_ext_ext_key_usage(cert, pos, len); 1349| 8| default: ------------------ | Branch (1349:2): [True: 8, False: 8] ------------------ 1350| 8| return 1; 1351| 16| } 1352| 16|} x509v3.c:x509_id_ce_oid: 747| 18|{ 748| | /* id-ce arc from X.509 for standard X.509v3 extensions */ 749| 18| return oid->len >= 4 && ------------------ | Branch (749:9): [True: 18, False: 0] ------------------ 750| 18| oid->oid[0] == 2 /* joint-iso-ccitt */ && ------------------ | Branch (750:3): [True: 16, False: 2] ------------------ 751| 16| oid->oid[1] == 5 /* ds */ && ------------------ | Branch (751:3): [True: 16, False: 0] ------------------ 752| 16| oid->oid[2] == 29 /* id-ce */; ------------------ | Branch (752:3): [True: 16, False: 0] ------------------ 753| 18|} x509v3.c:x509_parse_ext_subject_alt_name: 1051| 2|{ 1052| 2| struct asn1_hdr hdr; 1053| | 1054| | /* SubjectAltName ::= GeneralNames */ 1055| | 1056| 2| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (1056:6): [True: 0, False: 2] | Branch (1056:43): [True: 0, False: 2] ------------------ 1057| 0| asn1_unexpected(&hdr, 1058| 0| "X509: Expected SEQUENCE in SubjectAltName"); 1059| 0| return -1; 1060| 0| } 1061| | 1062| 2| wpa_printf(MSG_DEBUG, "X509: SubjectAltName"); 1063| 2| cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME; ------------------ | | 74| 2|#define X509_EXT_SUBJECT_ALT_NAME (1 << 3) ------------------ 1064| | 1065| 2| if (hdr.length == 0) ------------------ | Branch (1065:6): [True: 0, False: 2] ------------------ 1066| 0| return 0; 1067| | 1068| 2| return x509_parse_ext_alt_name(&cert->subject, hdr.payload, 1069| 2| hdr.length); 1070| 2|} x509v3.c:x509_parse_ext_alt_name: 973| 2|{ 974| 2| struct asn1_hdr hdr; 975| 2| const u8 *p, *end; 976| | 977| | /* 978| | * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 979| | * 980| | * GeneralName ::= CHOICE { 981| | * otherName [0] OtherName, 982| | * rfc822Name [1] IA5String, 983| | * dNSName [2] IA5String, 984| | * x400Address [3] ORAddress, 985| | * directoryName [4] Name, 986| | * ediPartyName [5] EDIPartyName, 987| | * uniformResourceIdentifier [6] IA5String, 988| | * iPAddress [7] OCTET STRING, 989| | * registeredID [8] OBJECT IDENTIFIER } 990| | * 991| | * OtherName ::= SEQUENCE { 992| | * type-id OBJECT IDENTIFIER, 993| | * value [0] EXPLICIT ANY DEFINED BY type-id } 994| | * 995| | * EDIPartyName ::= SEQUENCE { 996| | * nameAssigner [0] DirectoryString OPTIONAL, 997| | * partyName [1] DirectoryString } 998| | */ 999| | 1000| 4| for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) { ------------------ | Branch (1000:33): [True: 2, False: 2] ------------------ 1001| 2| int res; 1002| | 1003| 2| if (asn1_get_next(p, end - p, &hdr) < 0) { ------------------ | Branch (1003:7): [True: 0, False: 2] ------------------ 1004| 0| wpa_printf(MSG_DEBUG, "X509: Failed to parse " 1005| 0| "SubjectAltName item"); 1006| 0| return -1; 1007| 0| } 1008| | 1009| 2| if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) ------------------ | | 45| 2|#define ASN1_CLASS_CONTEXT_SPECIFIC 2 ------------------ | Branch (1009:7): [True: 0, False: 2] ------------------ 1010| 0| continue; 1011| | 1012| 2| switch (hdr.tag) { 1013| 0| case 1: ------------------ | Branch (1013:3): [True: 0, False: 2] ------------------ 1014| 0| res = x509_parse_alt_name_rfc8222(name, hdr.payload, 1015| 0| hdr.length); 1016| 0| break; 1017| 2| case 2: ------------------ | Branch (1017:3): [True: 2, False: 0] ------------------ 1018| 2| res = x509_parse_alt_name_dns(name, hdr.payload, 1019| 2| hdr.length); 1020| 2| break; 1021| 0| case 6: ------------------ | Branch (1021:3): [True: 0, False: 2] ------------------ 1022| 0| res = x509_parse_alt_name_uri(name, hdr.payload, 1023| 0| hdr.length); 1024| 0| break; 1025| 0| case 7: ------------------ | Branch (1025:3): [True: 0, False: 2] ------------------ 1026| 0| res = x509_parse_alt_name_ip(name, hdr.payload, 1027| 0| hdr.length); 1028| 0| break; 1029| 0| case 8: ------------------ | Branch (1029:3): [True: 0, False: 2] ------------------ 1030| 0| res = x509_parse_alt_name_rid(name, hdr.payload, 1031| 0| hdr.length); 1032| 0| break; 1033| 0| case 0: /* TODO: otherName */ ------------------ | Branch (1033:3): [True: 0, False: 2] ------------------ 1034| 0| case 3: /* TODO: x500Address */ ------------------ | Branch (1034:3): [True: 0, False: 2] ------------------ 1035| 0| case 4: /* TODO: directoryName */ ------------------ | Branch (1035:3): [True: 0, False: 2] ------------------ 1036| 0| case 5: /* TODO: ediPartyName */ ------------------ | Branch (1036:3): [True: 0, False: 2] ------------------ 1037| 0| default: ------------------ | Branch (1037:3): [True: 0, False: 2] ------------------ 1038| 0| res = 0; 1039| 0| break; 1040| 2| } 1041| 2| if (res < 0) ------------------ | Branch (1041:7): [True: 0, False: 2] ------------------ 1042| 0| return res; 1043| 2| } 1044| | 1045| 2| return 0; 1046| 2|} x509v3.c:x509_parse_alt_name_dns: 897| 2|{ 898| | /* dNSName IA5String */ 899| 2| wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len); 900| 2| os_free(name->dns); ------------------ | | 511| 2|#define os_free(p) free((p)) ------------------ 901| 2| name->dns = os_zalloc(len + 1); 902| 2| if (name->dns == NULL) ------------------ | Branch (902:6): [True: 0, False: 2] ------------------ 903| 0| return -1; 904| 2| os_memcpy(name->dns, pos, len); ------------------ | | 523| 2|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 905| 2| if (os_strlen(name->dns) != len) { ------------------ | | 536| 2|#define os_strlen(s) strlen(s) ------------------ | Branch (905:6): [True: 0, False: 2] ------------------ 906| 0| wpa_printf(MSG_INFO, "X509: Reject certificate with " 907| 0| "embedded NUL byte in dNSName (%s[NUL])", 908| 0| name->dns); 909| 0| os_free(name->dns); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 910| 0| name->dns = NULL; 911| 0| return -1; 912| 0| } 913| 2| return 0; 914| 2|} x509v3.c:x509_parse_ext_basic_constraints: 800| 4|{ 801| 4| struct asn1_hdr hdr; 802| 4| unsigned long value; 803| 4| size_t left; 804| 4| const u8 *end_seq; 805| | 806| | /* 807| | * BasicConstraints ::= SEQUENCE { 808| | * cA BOOLEAN DEFAULT FALSE, 809| | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 810| | */ 811| | 812| 4| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (812:6): [True: 0, False: 4] | Branch (812:43): [True: 0, False: 4] ------------------ 813| 0| asn1_unexpected(&hdr, 814| 0| "X509: Expected SEQUENCE in BasicConstraints"); 815| 0| return -1; 816| 0| } 817| | 818| 4| cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS; ------------------ | | 71| 4|#define X509_EXT_BASIC_CONSTRAINTS (1 << 0) ------------------ 819| | 820| 4| if (hdr.length == 0) ------------------ | Branch (820:6): [True: 2, False: 2] ------------------ 821| 2| return 0; 822| | 823| 2| end_seq = hdr.payload + hdr.length; 824| 2| if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0) { ------------------ | Branch (824:6): [True: 0, False: 2] ------------------ 825| 0| wpa_printf(MSG_DEBUG, "X509: Failed to parse " 826| 0| "BasicConstraints"); 827| 0| return -1; 828| 0| } 829| | 830| 2| if (asn1_is_boolean(&hdr)) { ------------------ | Branch (830:6): [True: 2, False: 0] ------------------ 831| 2| cert->ca = hdr.payload[0]; 832| | 833| 2| pos = hdr.payload + hdr.length; 834| 2| if (pos >= end_seq) { ------------------ | Branch (834:7): [True: 2, False: 0] ------------------ 835| | /* No optional pathLenConstraint */ 836| 2| wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d", 837| 2| cert->ca); 838| 2| return 0; 839| 2| } 840| 0| if (asn1_get_next(pos, end_seq - pos, &hdr) < 0) { ------------------ | Branch (840:7): [True: 0, False: 0] ------------------ 841| 0| wpa_printf(MSG_DEBUG, "X509: Failed to parse " 842| 0| "BasicConstraints"); 843| 0| return -1; 844| 0| } 845| 0| } 846| | 847| 0| if (!asn1_is_integer(&hdr)) { ------------------ | Branch (847:6): [True: 0, False: 0] ------------------ 848| 0| asn1_unexpected(&hdr, 849| 0| "X509: Expected INTEGER in BasicConstraints"); 850| 0| return -1; 851| 0| } 852| | 853| 0| pos = hdr.payload; 854| 0| left = hdr.length; 855| 0| value = 0; 856| 0| while (left) { ------------------ | Branch (856:9): [True: 0, False: 0] ------------------ 857| 0| value <<= 8; 858| 0| value |= *pos++; 859| 0| left--; 860| 0| } 861| | 862| 0| cert->path_len_constraint = value; 863| 0| cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT; ------------------ | | 72| 0|#define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1) ------------------ 864| | 865| 0| wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d " 866| 0| "pathLenConstraint=%lu", 867| 0| cert->ca, cert->path_len_constraint); 868| | 869| 0| return 0; 870| 0|} x509v3.c:x509_parse_ext_ext_key_usage: 1272| 2|{ 1273| 2| struct asn1_hdr hdr; 1274| 2| const u8 *end; 1275| 2| struct asn1_oid oid; 1276| | 1277| | /* 1278| | * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1279| | * 1280| | * KeyPurposeId ::= OBJECT IDENTIFIER 1281| | */ 1282| | 1283| 2| if (asn1_get_next(pos, len, &hdr) < 0 || !asn1_is_sequence(&hdr)) { ------------------ | Branch (1283:6): [True: 0, False: 2] | Branch (1283:43): [True: 0, False: 2] ------------------ 1284| 0| asn1_unexpected(&hdr, 1285| 0| "X509: Expected SEQUENCE (ExtKeyUsageSyntax)"); 1286| 0| return -1; 1287| 0| } 1288| 2| if (hdr.length > pos + len - hdr.payload) ------------------ | Branch (1288:6): [True: 0, False: 2] ------------------ 1289| 0| return -1; 1290| 2| pos = hdr.payload; 1291| 2| end = pos + hdr.length; 1292| | 1293| 2| wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos); 1294| | 1295| 4| while (pos < end) { ------------------ | Branch (1295:9): [True: 2, False: 2] ------------------ 1296| 2| char buf[80]; 1297| | 1298| 2| if (asn1_get_oid(pos, end - pos, &oid, &pos)) ------------------ | Branch (1298:7): [True: 0, False: 2] ------------------ 1299| 0| return -1; 1300| 2| if (x509_any_ext_key_usage_oid(&oid)) { ------------------ | Branch (1300:7): [True: 0, False: 2] ------------------ 1301| 0| os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf)); 1302| 0| cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY; ------------------ | | 97| 0|#define X509_EXT_KEY_USAGE_ANY (1 << 0) ------------------ 1303| 2| } else if (x509_id_kp_server_auth_oid(&oid)) { ------------------ | Branch (1303:14): [True: 2, False: 0] ------------------ 1304| 2| os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf)); 1305| 2| cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH; ------------------ | | 98| 2|#define X509_EXT_KEY_USAGE_SERVER_AUTH (1 << 1) ------------------ 1306| 2| } else if (x509_id_kp_client_auth_oid(&oid)) { ------------------ | Branch (1306:14): [True: 0, False: 0] ------------------ 1307| 0| os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf)); 1308| 0| cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH; ------------------ | | 99| 0|#define X509_EXT_KEY_USAGE_CLIENT_AUTH (1 << 2) ------------------ 1309| 0| } else if (x509_id_kp_ocsp_oid(&oid)) { ------------------ | Branch (1309:14): [True: 0, False: 0] ------------------ 1310| 0| os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf)); 1311| 0| cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP; ------------------ | | 100| 0|#define X509_EXT_KEY_USAGE_OCSP (1 << 3) ------------------ 1312| 0| } else { 1313| 0| asn1_oid_to_str(&oid, buf, sizeof(buf)); 1314| 0| } 1315| 2| wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf); 1316| 2| } 1317| | 1318| 2| cert->extensions_present |= X509_EXT_EXT_KEY_USAGE; ------------------ | | 76| 2|#define X509_EXT_EXT_KEY_USAGE (1 << 5) ------------------ 1319| | 1320| 2| return 0; 1321| 2|} x509v3.c:x509_any_ext_key_usage_oid: 757| 2|{ 758| 2| return oid->len == 6 && ------------------ | Branch (758:9): [True: 0, False: 2] ------------------ 759| 0| x509_id_ce_oid(oid) && ------------------ | Branch (759:3): [True: 0, False: 0] ------------------ 760| 0| oid->oid[3] == 37 /* extKeyUsage */ && ------------------ | Branch (760:3): [True: 0, False: 0] ------------------ 761| 0| oid->oid[4] == 0 /* anyExtendedKeyUsage */; ------------------ | Branch (761:3): [True: 0, False: 0] ------------------ 762| 2|} x509v3.c:x509_id_kp_server_auth_oid: 1244| 2|{ 1245| | /* id-kp */ 1246| 2| return oid->len == 9 && ------------------ | Branch (1246:9): [True: 2, False: 0] ------------------ 1247| 2| x509_id_kp_oid(oid) && ------------------ | Branch (1247:3): [True: 2, False: 0] ------------------ 1248| 2| oid->oid[8] == 1 /* id-kp-serverAuth */; ------------------ | Branch (1248:3): [True: 2, False: 0] ------------------ 1249| 2|} x509v3.c:x509_id_kp_oid: 1235| 2|{ 1236| | /* id-kp */ 1237| 2| return oid->len >= 8 && ------------------ | Branch (1237:9): [True: 2, False: 0] ------------------ 1238| 2| x509_id_pkix_oid(oid) && ------------------ | Branch (1238:3): [True: 2, False: 0] ------------------ 1239| 2| oid->oid[7] == 3 /* id-kp */; ------------------ | Branch (1239:3): [True: 2, False: 0] ------------------ 1240| 2|} x509v3.c:x509_id_pkix_oid: 1222| 2|{ 1223| 2| return oid->len >= 7 && ------------------ | Branch (1223:9): [True: 2, False: 0] ------------------ 1224| 2| oid->oid[0] == 1 /* iso */ && ------------------ | Branch (1224:3): [True: 2, False: 0] ------------------ 1225| 2| oid->oid[1] == 3 /* identified-organization */ && ------------------ | Branch (1225:3): [True: 2, False: 0] ------------------ 1226| 2| oid->oid[2] == 6 /* dod */ && ------------------ | Branch (1226:3): [True: 2, False: 0] ------------------ 1227| 2| oid->oid[3] == 1 /* internet */ && ------------------ | Branch (1227:3): [True: 2, False: 0] ------------------ 1228| 2| oid->oid[4] == 5 /* security */ && ------------------ | Branch (1228:3): [True: 2, False: 0] ------------------ 1229| 2| oid->oid[5] == 5 /* mechanisms */ && ------------------ | Branch (1229:3): [True: 2, False: 0] ------------------ 1230| 2| oid->oid[6] == 7 /* id-pkix */; ------------------ | Branch (1230:3): [True: 2, False: 0] ------------------ 1231| 2|} base64_decode: 200| 8|{ 201| 8| return base64_gen_decode(src, len, out_len, base64_table); 202| 8|} base64.c:base64_gen_decode: 91| 8|{ 92| 8| unsigned char dtable[256], *out, *pos, block[4], tmp; 93| 8| size_t i, count, olen; 94| 8| int pad = 0; 95| 8| size_t extra_pad; 96| | 97| 8| os_memset(dtable, 0x80, 256); ------------------ | | 529| 8|#define os_memset(s, c, n) memset(s, c, n) ------------------ 98| 520| for (i = 0; i < sizeof(base64_table) - 1; i++) ------------------ | Branch (98:14): [True: 512, False: 8] ------------------ 99| 512| dtable[(unsigned char) table[i]] = (unsigned char) i; 100| 8| dtable['='] = 0; 101| | 102| 8| count = 0; 103| 8.96k| for (i = 0; i < len; i++) { ------------------ | Branch (103:14): [True: 8.95k, False: 8] ------------------ 104| 8.95k| if (dtable[(unsigned char) src[i]] != 0x80) ------------------ | Branch (104:7): [True: 8.80k, False: 150] ------------------ 105| 8.80k| count++; 106| 8.95k| } 107| | 108| 8| if (count == 0) ------------------ | Branch (108:6): [True: 0, False: 8] ------------------ 109| 0| return NULL; 110| 8| extra_pad = (4 - count % 4) % 4; 111| | 112| 8| olen = (count + extra_pad) / 4 * 3; 113| 8| pos = out = os_malloc(olen); ------------------ | | 505| 8|#define os_malloc(s) malloc((s)) ------------------ 114| 8| if (out == NULL) ------------------ | Branch (114:6): [True: 0, False: 8] ------------------ 115| 0| return NULL; 116| | 117| 8| count = 0; 118| 8.95k| for (i = 0; i < len + extra_pad; i++) { ------------------ | Branch (118:14): [True: 8.95k, False: 2] ------------------ 119| 8.95k| unsigned char val; 120| | 121| 8.95k| if (i >= len) ------------------ | Branch (121:7): [True: 0, False: 8.95k] ------------------ 122| 0| val = '='; 123| 8.95k| else 124| 8.95k| val = src[i]; 125| 8.95k| tmp = dtable[val]; 126| 8.95k| if (tmp == 0x80) ------------------ | Branch (126:7): [True: 144, False: 8.80k] ------------------ 127| 144| continue; 128| | 129| 8.80k| if (val == '=') ------------------ | Branch (129:7): [True: 10, False: 8.79k] ------------------ 130| 10| pad++; 131| 8.80k| block[count] = tmp; 132| 8.80k| count++; 133| 8.80k| if (count == 4) { ------------------ | Branch (133:7): [True: 2.20k, False: 6.60k] ------------------ 134| 2.20k| *pos++ = (block[0] << 2) | (block[1] >> 4); 135| 2.20k| *pos++ = (block[1] << 4) | (block[2] >> 2); 136| 2.20k| *pos++ = (block[2] << 6) | block[3]; 137| 2.20k| count = 0; 138| 2.20k| if (pad) { ------------------ | Branch (138:8): [True: 6, False: 2.19k] ------------------ 139| 6| if (pad == 1) ------------------ | Branch (139:9): [True: 2, False: 4] ------------------ 140| 2| pos--; 141| 4| else if (pad == 2) ------------------ | Branch (141:14): [True: 4, False: 0] ------------------ 142| 4| pos -= 2; 143| 0| else { 144| | /* Invalid padding */ 145| 0| os_free(out); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 146| 0| return NULL; 147| 0| } 148| 6| break; 149| 6| } 150| 2.20k| } 151| 8.80k| } 152| | 153| 8| *out_len = pos - out; 154| 8| return out; 155| 8|} dup_binstr: 767| 30|{ 768| 30| char *res; 769| | 770| 30| if (src == NULL) ------------------ | Branch (770:6): [True: 0, False: 30] ------------------ 771| 0| return NULL; 772| 30| res = os_malloc(len + 1); ------------------ | | 505| 30|#define os_malloc(s) malloc((s)) ------------------ 773| 30| if (res == NULL) ------------------ | Branch (773:6): [True: 0, False: 30] ------------------ 774| 0| return NULL; 775| 30| os_memcpy(res, src, len); ------------------ | | 523| 30|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 776| 30| res[len] = '\0'; 777| | 778| 30| return res; 779| 30|} x509v3.c:os_snprintf_error: 580| 44|{ 581| 44| return res < 0 || (unsigned int) res >= size; ------------------ | Branch (581:9): [True: 0, False: 44] | Branch (581:20): [True: 0, False: 44] ------------------ 582| 44|} asn1.c:os_snprintf_error: 580| 96|{ 581| 96| return res < 0 || (unsigned int) res >= size; ------------------ | Branch (581:9): [True: 0, False: 96] | Branch (581:20): [True: 0, False: 96] ------------------ 582| 96|} os_mktime: 136| 8|{ 137| 8| struct tm tm, *tm1; 138| 8| time_t t_local, t1, t2; 139| 8| os_time_t tz_offset; 140| | 141| 8| if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 || ------------------ | Branch (141:6): [True: 0, False: 8] | Branch (141:21): [True: 0, False: 8] | Branch (141:34): [True: 0, False: 8] | Branch (141:48): [True: 0, False: 8] | Branch (141:59): [True: 0, False: 8] ------------------ 142| 8| hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 || ------------------ | Branch (142:6): [True: 0, False: 8] | Branch (142:18): [True: 0, False: 8] | Branch (142:31): [True: 0, False: 8] | Branch (142:42): [True: 0, False: 8] | Branch (142:54): [True: 0, False: 8] ------------------ 143| 8| sec > 60) ------------------ | Branch (143:6): [True: 0, False: 8] ------------------ 144| 0| return -1; 145| | 146| 8| memset(&tm, 0, sizeof(tm)); 147| 8| tm.tm_year = year - 1900; 148| 8| tm.tm_mon = month - 1; 149| 8| tm.tm_mday = day; 150| 8| tm.tm_hour = hour; 151| 8| tm.tm_min = min; 152| 8| tm.tm_sec = sec; 153| | 154| 8| t_local = mktime(&tm); 155| | 156| | /* figure out offset to UTC */ 157| 8| tm1 = localtime(&t_local); 158| 8| if (tm1) { ------------------ | Branch (158:6): [True: 8, False: 0] ------------------ 159| 8| t1 = mktime(tm1); 160| 8| tm1 = gmtime(&t_local); 161| 8| if (tm1) { ------------------ | Branch (161:7): [True: 8, False: 0] ------------------ 162| 8| t2 = mktime(tm1); 163| 8| tz_offset = t2 - t1; 164| 8| } else 165| 0| tz_offset = 0; 166| 8| } else 167| 0| tz_offset = 0; 168| | 169| 8| *t = (os_time_t) t_local - tz_offset; 170| 8| return 0; 171| 8|} os_readfile: 421| 8|{ 422| 8| FILE *f; 423| 8| char *buf; 424| 8| long pos; 425| | 426| 8| f = fopen(name, "rb"); 427| 8| if (f == NULL) ------------------ | Branch (427:6): [True: 0, False: 8] ------------------ 428| 0| return NULL; 429| | 430| 8| if (fseek(f, 0, SEEK_END) < 0 || (pos = ftell(f)) < 0) { ------------------ | Branch (430:6): [True: 0, False: 8] | Branch (430:35): [True: 0, False: 8] ------------------ 431| 0| fclose(f); 432| 0| return NULL; 433| 0| } 434| 8| *len = pos; 435| 8| if (fseek(f, 0, SEEK_SET) < 0) { ------------------ | Branch (435:6): [True: 0, False: 8] ------------------ 436| 0| fclose(f); 437| 0| return NULL; 438| 0| } 439| | 440| 8| buf = os_malloc(*len); ------------------ | | 505| 8|#define os_malloc(s) malloc((s)) ------------------ 441| 8| if (buf == NULL) { ------------------ | Branch (441:6): [True: 0, False: 8] ------------------ 442| 0| fclose(f); 443| 0| return NULL; 444| 0| } 445| | 446| 8| if (fread(buf, 1, *len, f) != *len) { ------------------ | Branch (446:6): [True: 0, False: 8] ------------------ 447| 0| fclose(f); 448| 0| os_free(buf); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 449| 0| return NULL; 450| 0| } 451| | 452| 8| fclose(f); 453| | 454| 8| return buf; 455| 8|} os_zalloc: 485| 72|{ 486| 72| return calloc(1, size); 487| 72|} os_strlcpy: 492| 2|{ 493| 2| const char *s = src; 494| 2| size_t left = siz; 495| | 496| 2| if (left) { ------------------ | Branch (496:6): [True: 2, False: 0] ------------------ 497| | /* Copy string up to the maximum size of the dest buffer */ 498| 34| while (--left != 0) { ------------------ | Branch (498:10): [True: 34, False: 0] ------------------ 499| 34| if ((*dest++ = *s++) == '\0') ------------------ | Branch (499:8): [True: 2, False: 32] ------------------ 500| 2| break; 501| 34| } 502| 2| } 503| | 504| 2| if (left == 0) { ------------------ | Branch (504:6): [True: 0, False: 2] ------------------ 505| | /* Not enough room for the string; force NUL-termination */ 506| 0| if (siz != 0) ------------------ | Branch (506:7): [True: 0, False: 0] ------------------ 507| 0| *dest = '\0'; 508| 0| while (*s++) ------------------ | Branch (508:10): [True: 0, False: 0] ------------------ 509| 0| ; /* determine total src string length */ 510| 0| } 511| | 512| 2| return s - src - 1; 513| 2|} os_memdup: 531| 12|{ 532| 12| void *r = os_malloc(len); ------------------ | | 505| 12|#define os_malloc(s) malloc((s)) ------------------ 533| | 534| 12| if (r && src) ------------------ | Branch (534:6): [True: 12, False: 0] | Branch (534:11): [True: 12, False: 0] ------------------ 535| 12| os_memcpy(r, src, len); ------------------ | | 523| 12|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 536| 12| return r; 537| 12|} wpa_printf: 224| 72|{ 225| 72| va_list ap; 226| | 227| 72| if (level >= wpa_debug_level) { ------------------ | Branch (227:6): [True: 0, False: 72] ------------------ 228| |#ifdef CONFIG_ANDROID_LOG 229| | va_start(ap, fmt); 230| | __android_log_vprint(wpa_to_android_level(level), 231| | ANDROID_LOG_NAME, fmt, ap); 232| | va_end(ap); 233| |#else /* CONFIG_ANDROID_LOG */ 234| |#ifdef CONFIG_DEBUG_SYSLOG 235| | if (wpa_debug_syslog) { 236| | va_start(ap, fmt); 237| | vsyslog(syslog_priority(level), fmt, ap); 238| | va_end(ap); 239| | } 240| |#endif /* CONFIG_DEBUG_SYSLOG */ 241| 0| wpa_debug_print_timestamp(); 242| 0|#ifdef CONFIG_DEBUG_FILE 243| 0| if (out_file) { ------------------ | Branch (243:7): [True: 0, False: 0] ------------------ 244| 0| va_start(ap, fmt); 245| 0| vfprintf(out_file, fmt, ap); 246| 0| fprintf(out_file, "\n"); 247| 0| va_end(ap); 248| 0| } 249| 0|#endif /* CONFIG_DEBUG_FILE */ 250| 0| if (!wpa_debug_syslog && !out_file) { ------------------ | Branch (250:7): [True: 0, False: 0] | Branch (250:28): [True: 0, False: 0] ------------------ 251| 0| va_start(ap, fmt); 252| 0| vprintf(fmt, ap); 253| 0| printf("\n"); 254| 0| va_end(ap); 255| 0| } 256| 0|#endif /* CONFIG_ANDROID_LOG */ 257| 0| } 258| | 259| |#ifdef CONFIG_DEBUG_LINUX_TRACING 260| | if (wpa_debug_tracing_file != NULL) { 261| | va_start(ap, fmt); 262| | fprintf(wpa_debug_tracing_file, WPAS_TRACE_PFX, level); 263| | vfprintf(wpa_debug_tracing_file, fmt, ap); 264| | fprintf(wpa_debug_tracing_file, "\n"); 265| | fflush(wpa_debug_tracing_file); 266| | va_end(ap); 267| | } 268| |#endif /* CONFIG_DEBUG_LINUX_TRACING */ 269| 72|} wpa_hexdump: 400| 36|{ 401| 36| _wpa_hexdump(level, title, buf, len, 1, 0); 402| 36|} wpa_hexdump_ascii: 526| 2|{ 527| 2| _wpa_hexdump_ascii(level, title, buf, len, 1); 528| 2|} wpa_debug.c:_wpa_hexdump: 274| 36|{ 275| 36| size_t i; 276| | 277| |#ifdef CONFIG_DEBUG_LINUX_TRACING 278| | if (wpa_debug_tracing_file != NULL) { 279| | fprintf(wpa_debug_tracing_file, 280| | WPAS_TRACE_PFX "%s - hexdump(len=%lu):", 281| | level, title, (unsigned long) len); 282| | if (buf == NULL) { 283| | fprintf(wpa_debug_tracing_file, " [NULL]\n"); 284| | } else if (!show) { 285| | fprintf(wpa_debug_tracing_file, " [REMOVED]\n"); 286| | } else { 287| | for (i = 0; i < len; i++) 288| | fprintf(wpa_debug_tracing_file, 289| | " %02x", buf[i]); 290| | } 291| | fflush(wpa_debug_tracing_file); 292| | } 293| |#endif /* CONFIG_DEBUG_LINUX_TRACING */ 294| | 295| 36| if (level < wpa_debug_level) ------------------ | Branch (295:6): [True: 36, False: 0] ------------------ 296| 36| return; 297| |#ifdef CONFIG_ANDROID_LOG 298| | { 299| | const char *display; 300| | char *strbuf = NULL; 301| | size_t slen = len; 302| | if (buf == NULL) { 303| | display = " [NULL]"; 304| | } else if (len == 0) { 305| | display = ""; 306| | } else if (show && len) { 307| | /* Limit debug message length for Android log */ 308| | if (slen > 32) 309| | slen = 32; 310| | strbuf = os_malloc(1 + 3 * slen); 311| | if (strbuf == NULL) { 312| | wpa_printf(MSG_ERROR, "wpa_hexdump: Failed to " 313| | "allocate message buffer"); 314| | return; 315| | } 316| | 317| | for (i = 0; i < slen; i++) 318| | os_snprintf(&strbuf[i * 3], 4, " %02x", 319| | buf[i]); 320| | 321| | display = strbuf; 322| | } else { 323| | display = " [REMOVED]"; 324| | } 325| | 326| | __android_log_print(wpa_to_android_level(level), 327| | ANDROID_LOG_NAME, 328| | "%s - hexdump(len=%lu):%s%s", 329| | title, (long unsigned int) len, display, 330| | len > slen ? " ..." : ""); 331| | bin_clear_free(strbuf, 1 + 3 * slen); 332| | return; 333| | } 334| |#else /* CONFIG_ANDROID_LOG */ 335| |#ifdef CONFIG_DEBUG_SYSLOG 336| | if (wpa_debug_syslog) { 337| | const char *display; 338| | char *strbuf = NULL; 339| | 340| | if (buf == NULL) { 341| | display = " [NULL]"; 342| | } else if (len == 0) { 343| | display = ""; 344| | } else if (show && len) { 345| | strbuf = os_malloc(1 + 3 * len); 346| | if (strbuf == NULL) { 347| | wpa_printf(MSG_ERROR, "wpa_hexdump: Failed to " 348| | "allocate message buffer"); 349| | return; 350| | } 351| | 352| | for (i = 0; i < len; i++) 353| | os_snprintf(&strbuf[i * 3], 4, " %02x", 354| | buf[i]); 355| | 356| | display = strbuf; 357| | } else { 358| | display = " [REMOVED]"; 359| | } 360| | 361| | syslog(syslog_priority(level), "%s - hexdump(len=%lu):%s", 362| | title, (unsigned long) len, display); 363| | bin_clear_free(strbuf, 1 + 3 * len); 364| | if (only_syslog) 365| | return; 366| | } 367| |#endif /* CONFIG_DEBUG_SYSLOG */ 368| 0| wpa_debug_print_timestamp(); 369| 0|#ifdef CONFIG_DEBUG_FILE 370| 0| if (out_file) { ------------------ | Branch (370:6): [True: 0, False: 0] ------------------ 371| 0| fprintf(out_file, "%s - hexdump(len=%lu):", 372| 0| title, (unsigned long) len); 373| 0| if (buf == NULL) { ------------------ | Branch (373:7): [True: 0, False: 0] ------------------ 374| 0| fprintf(out_file, " [NULL]"); 375| 0| } else if (show) { ------------------ | Branch (375:14): [True: 0, False: 0] ------------------ 376| 0| for (i = 0; i < len; i++) ------------------ | Branch (376:16): [True: 0, False: 0] ------------------ 377| 0| fprintf(out_file, " %02x", buf[i]); 378| 0| } else { 379| 0| fprintf(out_file, " [REMOVED]"); 380| 0| } 381| 0| fprintf(out_file, "\n"); 382| 0| } 383| 0|#endif /* CONFIG_DEBUG_FILE */ 384| 0| if (!wpa_debug_syslog && !out_file) { ------------------ | Branch (384:6): [True: 0, False: 0] | Branch (384:27): [True: 0, False: 0] ------------------ 385| 0| printf("%s - hexdump(len=%lu):", title, (unsigned long) len); 386| 0| if (buf == NULL) { ------------------ | Branch (386:7): [True: 0, False: 0] ------------------ 387| 0| printf(" [NULL]"); 388| 0| } else if (show) { ------------------ | Branch (388:14): [True: 0, False: 0] ------------------ 389| 0| for (i = 0; i < len; i++) ------------------ | Branch (389:16): [True: 0, False: 0] ------------------ 390| 0| printf(" %02x", buf[i]); 391| 0| } else { 392| 0| printf(" [REMOVED]"); 393| 0| } 394| 0| printf("\n"); 395| 0| } 396| 0|#endif /* CONFIG_ANDROID_LOG */ 397| 0|} wpa_debug.c:_wpa_hexdump_ascii: 413| 2|{ 414| 2| size_t i, llen; 415| 2| const u8 *pos = buf; 416| 2| const size_t line_len = 16; 417| | 418| |#ifdef CONFIG_DEBUG_LINUX_TRACING 419| | if (wpa_debug_tracing_file != NULL) { 420| | fprintf(wpa_debug_tracing_file, 421| | WPAS_TRACE_PFX "%s - hexdump_ascii(len=%lu):", 422| | level, title, (unsigned long) len); 423| | if (buf == NULL) { 424| | fprintf(wpa_debug_tracing_file, " [NULL]\n"); 425| | } else if (!show) { 426| | fprintf(wpa_debug_tracing_file, " [REMOVED]\n"); 427| | } else { 428| | /* can do ascii processing in userspace */ 429| | for (i = 0; i < len; i++) 430| | fprintf(wpa_debug_tracing_file, 431| | " %02x", pos[i]); 432| | } 433| | fflush(wpa_debug_tracing_file); 434| | } 435| |#endif /* CONFIG_DEBUG_LINUX_TRACING */ 436| | 437| 2| if (level < wpa_debug_level) ------------------ | Branch (437:6): [True: 2, False: 0] ------------------ 438| 2| return; 439| |#ifdef CONFIG_ANDROID_LOG 440| | _wpa_hexdump(level, title, buf, len, show, 0); 441| |#else /* CONFIG_ANDROID_LOG */ 442| |#ifdef CONFIG_DEBUG_SYSLOG 443| | if (wpa_debug_syslog) 444| | _wpa_hexdump(level, title, buf, len, show, 1); 445| |#endif /* CONFIG_DEBUG_SYSLOG */ 446| 0| wpa_debug_print_timestamp(); 447| 0|#ifdef CONFIG_DEBUG_FILE 448| 0| if (out_file) { ------------------ | Branch (448:6): [True: 0, False: 0] ------------------ 449| 0| if (!show) { ------------------ | Branch (449:7): [True: 0, False: 0] ------------------ 450| 0| fprintf(out_file, 451| 0| "%s - hexdump_ascii(len=%lu): [REMOVED]\n", 452| 0| title, (unsigned long) len); 453| 0| goto file_done; 454| 0| } 455| 0| if (buf == NULL) { ------------------ | Branch (455:7): [True: 0, False: 0] ------------------ 456| 0| fprintf(out_file, 457| 0| "%s - hexdump_ascii(len=%lu): [NULL]\n", 458| 0| title, (unsigned long) len); 459| 0| goto file_done; 460| 0| } 461| 0| fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n", 462| 0| title, (unsigned long) len); 463| 0| while (len) { ------------------ | Branch (463:10): [True: 0, False: 0] ------------------ 464| 0| llen = len > line_len ? line_len : len; ------------------ | Branch (464:11): [True: 0, False: 0] ------------------ 465| 0| fprintf(out_file, " "); 466| 0| for (i = 0; i < llen; i++) ------------------ | Branch (466:16): [True: 0, False: 0] ------------------ 467| 0| fprintf(out_file, " %02x", pos[i]); 468| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (468:19): [True: 0, False: 0] ------------------ 469| 0| fprintf(out_file, " "); 470| 0| fprintf(out_file, " "); 471| 0| for (i = 0; i < llen; i++) { ------------------ | Branch (471:16): [True: 0, False: 0] ------------------ 472| 0| if (isprint(pos[i])) ------------------ | Branch (472:9): [True: 0, False: 0] ------------------ 473| 0| fprintf(out_file, "%c", pos[i]); 474| 0| else 475| 0| fprintf(out_file, "_"); 476| 0| } 477| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (477:19): [True: 0, False: 0] ------------------ 478| 0| fprintf(out_file, " "); 479| 0| fprintf(out_file, "\n"); 480| 0| pos += llen; 481| 0| len -= llen; 482| 0| } 483| 0| } 484| 0|file_done: 485| 0|#endif /* CONFIG_DEBUG_FILE */ 486| 0| if (!wpa_debug_syslog && !out_file) { ------------------ | Branch (486:6): [True: 0, False: 0] | Branch (486:27): [True: 0, False: 0] ------------------ 487| 0| if (!show) { ------------------ | Branch (487:7): [True: 0, False: 0] ------------------ 488| 0| printf("%s - hexdump_ascii(len=%lu): [REMOVED]\n", 489| 0| title, (unsigned long) len); 490| 0| return; 491| 0| } 492| 0| if (buf == NULL) { ------------------ | Branch (492:7): [True: 0, False: 0] ------------------ 493| 0| printf("%s - hexdump_ascii(len=%lu): [NULL]\n", 494| 0| title, (unsigned long) len); 495| 0| return; 496| 0| } 497| 0| printf("%s - hexdump_ascii(len=%lu):\n", title, 498| 0| (unsigned long) len); 499| 0| while (len) { ------------------ | Branch (499:10): [True: 0, False: 0] ------------------ 500| 0| llen = len > line_len ? line_len : len; ------------------ | Branch (500:11): [True: 0, False: 0] ------------------ 501| 0| printf(" "); 502| 0| for (i = 0; i < llen; i++) ------------------ | Branch (502:16): [True: 0, False: 0] ------------------ 503| 0| printf(" %02x", pos[i]); 504| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (504:19): [True: 0, False: 0] ------------------ 505| 0| printf(" "); 506| 0| printf(" "); 507| 0| for (i = 0; i < llen; i++) { ------------------ | Branch (507:16): [True: 0, False: 0] ------------------ 508| 0| if (isprint(pos[i])) ------------------ | Branch (508:9): [True: 0, False: 0] ------------------ 509| 0| printf("%c", pos[i]); 510| 0| else 511| 0| printf("_"); 512| 0| } 513| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (513:19): [True: 0, False: 0] ------------------ 514| 0| printf(" "); 515| 0| printf("\n"); 516| 0| pos += llen; 517| 0| len -= llen; 518| 0| } 519| 0| } 520| 0|#endif /* CONFIG_ANDROID_LOG */ 521| 0|} wpabuf_free: 187| 6|{ 188| |#ifdef WPA_TRACE 189| | struct wpabuf_trace *trace; 190| | if (buf == NULL) 191| | return; 192| | trace = wpabuf_get_trace(buf); 193| | if (trace->magic != WPABUF_MAGIC) { 194| | wpa_printf(MSG_ERROR, "wpabuf_free: invalid magic %x", 195| | trace->magic); 196| | wpa_trace_show("wpabuf_free magic mismatch"); 197| | abort(); 198| | } 199| | if (buf->flags & WPABUF_FLAG_EXT_DATA) 200| | os_free(buf->buf); 201| | os_free(trace); 202| |#else /* WPA_TRACE */ 203| 6| if (buf == NULL) ------------------ | Branch (203:6): [True: 6, False: 0] ------------------ 204| 6| return; 205| 0| if (buf->flags & WPABUF_FLAG_EXT_DATA) ------------------ | | 13| 0|#define WPABUF_FLAG_EXT_DATA BIT(0) | | ------------------ | | | | 458| 0|#define BIT(x) (1U << (x)) | | ------------------ ------------------ | Branch (205:6): [True: 0, False: 0] ------------------ 206| 0| os_free(buf->buf); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 207| 0| os_free(buf); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 208| 0|#endif /* WPA_TRACE */ 209| 0|} wpa_fuzzer_set_debug_level: 15| 2|{ 16| 2| static int first = 1; 17| | 18| 2| if (first) { ------------------ | Branch (18:6): [True: 1, False: 1] ------------------ 19| 1| char *env; 20| | 21| 1| first = 0; 22| 1| env = getenv("WPADEBUG"); 23| 1| if (env) ------------------ | Branch (23:7): [True: 0, False: 1] ------------------ 24| 0| wpa_debug_level = atoi(env); 25| 1| else 26| 1| wpa_debug_level = MSG_ERROR + 1; 27| | 28| 1| wpa_debug_show_keys = 1; 29| 1| } 30| 2|} LLVMFuzzerTestOneInput: 56| 2|{ 57| 2| struct context ctx; 58| 2| struct tls_config conf; 59| 2| void *tls_server; 60| 2| struct tls_connection_params params; 61| 2| struct tls_connection *conn_server = NULL; 62| 2| int ret = -1; 63| 2| struct wpabuf *in = NULL, *out = NULL, *appl; 64| | 65| 2| wpa_fuzzer_set_debug_level(); 66| | 67| 2| os_memset(&ctx, 0, sizeof(ctx)); ------------------ | | 529| 2|#define os_memset(s, c, n) memset(s, c, n) ------------------ 68| 2| ctx.data = data; 69| 2| ctx.data_len = size; 70| | 71| 2| os_memset(&conf, 0, sizeof(conf)); ------------------ | | 529| 2|#define os_memset(s, c, n) memset(s, c, n) ------------------ 72| 2| tls_server = tls_init(&conf); 73| 2| if (!tls_server) ------------------ | Branch (73:6): [True: 0, False: 2] ------------------ 74| 0| goto fail; 75| | 76| 2| os_memset(¶ms, 0, sizeof(params)); ------------------ | | 529| 2|#define os_memset(s, c, n) memset(s, c, n) ------------------ 77| 2| params.ca_cert = CERTDIR "ca.pem"; 78| 2| params.client_cert = CERTDIR "server.pem"; 79| 2| params.private_key = CERTDIR "server.key"; 80| 2| params.dh_file = CERTDIR "dh.conf"; 81| | 82| 2| if (tls_global_set_params(tls_server, ¶ms)) { ------------------ | Branch (82:6): [True: 0, False: 2] ------------------ 83| 0| wpa_printf(MSG_ERROR, "Failed to set TLS parameters"); 84| 0| goto fail; 85| 0| } 86| | 87| 2| conn_server = tls_connection_init(tls_server); 88| 2| if (!conn_server) ------------------ | Branch (88:6): [True: 0, False: 2] ------------------ 89| 0| goto fail; 90| | 91| 2| in = NULL; 92| 2| for (;;) { 93| 2| appl = NULL; 94| 2| out = read_msg(&ctx); 95| 2| wpabuf_free(in); 96| 2| in = NULL; 97| 2| if (!out) ------------------ | Branch (97:7): [True: 2, False: 0] ------------------ 98| 2| goto fail; 99| | 100| 0| appl = NULL; 101| 0| in = tls_connection_server_handshake(tls_server, conn_server, 102| 0| out, &appl); 103| 0| wpabuf_free(out); 104| 0| out = NULL; 105| 0| if (!in) ------------------ | Branch (105:7): [True: 0, False: 0] ------------------ 106| 0| goto fail; 107| 0| if (tls_connection_get_failed(tls_server, conn_server)) { ------------------ | Branch (107:7): [True: 0, False: 0] ------------------ 108| 0| wpa_printf(MSG_ERROR, "TLS handshake failed"); 109| 0| goto fail; 110| 0| } 111| 0| if (tls_connection_established(tls_server, conn_server)) ------------------ | Branch (111:7): [True: 0, False: 0] ------------------ 112| 0| break; 113| 0| } 114| | 115| 0| wpabuf_free(in); 116| 0| in = wpabuf_alloc(100); 117| 0| if (!in) ------------------ | Branch (117:6): [True: 0, False: 0] ------------------ 118| 0| goto fail; 119| 0| wpabuf_put_str(in, "PING"); 120| 0| wpabuf_free(out); 121| 0| out = read_msg(&ctx); 122| 0| wpabuf_free(in); 123| 0| in = NULL; 124| 0| if (!out) ------------------ | Branch (124:6): [True: 0, False: 0] ------------------ 125| 0| goto fail; 126| | 127| 0| in = tls_connection_decrypt(tls_server, conn_server, out); 128| 0| wpabuf_free(out); 129| 0| out = NULL; 130| 0| if (!in) ------------------ | Branch (130:6): [True: 0, False: 0] ------------------ 131| 0| goto fail; 132| 0| wpa_hexdump_buf(MSG_DEBUG, "Server decrypted ApplData", in); 133| | 134| 0| wpabuf_free(in); 135| 0| in = wpabuf_alloc(100); 136| 0| if (!in) ------------------ | Branch (136:6): [True: 0, False: 0] ------------------ 137| 0| goto fail; 138| 0| wpabuf_put_str(in, "PONG"); 139| 0| wpabuf_free(out); 140| 0| out = tls_connection_encrypt(tls_server, conn_server, in); 141| 0| wpabuf_free(in); 142| 0| in = NULL; 143| 0| if (!out) ------------------ | Branch (143:6): [True: 0, False: 0] ------------------ 144| 0| goto fail; 145| | 146| 0| ret = 0; 147| 2|fail: 148| 2| if (tls_server) { ------------------ | Branch (148:6): [True: 2, False: 0] ------------------ 149| 2| if (conn_server) ------------------ | Branch (149:7): [True: 2, False: 0] ------------------ 150| 2| tls_connection_deinit(tls_server, conn_server); 151| 2| tls_deinit(tls_server); 152| 2| } 153| 2| wpabuf_free(in); 154| 2| wpabuf_free(out); 155| | 156| 2| return ret; 157| 0|} tls-server.c:read_msg: 27| 2|{ 28| 2| u16 msg_len; 29| 2| struct wpabuf *msg; 30| | 31| 2| if (ctx->data_len - ctx->data_offset < 2) { ------------------ | Branch (31:6): [True: 2, False: 0] ------------------ 32| 2| wpa_printf(MSG_ERROR, "TEST-ERROR: Could not read msg len"); 33| 2| return NULL; 34| 2| } 35| 0| msg_len = WPA_GET_BE16(&ctx->data[ctx->data_offset]); 36| 0| ctx->data_offset += 2; 37| | 38| 0| msg = wpabuf_alloc(msg_len); 39| 0| if (!msg) ------------------ | Branch (39:6): [True: 0, False: 0] ------------------ 40| 0| return NULL; 41| 0| if (msg_len > 0 && ctx->data_len - ctx->data_offset < msg_len) { ------------------ | Branch (41:6): [True: 0, False: 0] | Branch (41:21): [True: 0, False: 0] ------------------ 42| 0| wpa_printf(MSG_ERROR, "TEST-ERROR: Truncated msg (msg_len=%u)", 43| 0| msg_len); 44| 0| wpabuf_free(msg); 45| 0| return NULL; 46| 0| } 47| 0| wpabuf_put_data(msg, &ctx->data[ctx->data_offset], msg_len); 48| 0| ctx->data_offset += msg_len; 49| 0| wpa_hexdump_buf(MSG_DEBUG, "TEST: Read message from file", msg); 50| | 51| 0| return msg; 52| 0|}