| Line | Source Code | Coverage |
|---|
| 1 | | - |
| 2 | | - |
| 3 | | - |
| 4 | | - |
| 5 | bool QSslSocketPrivate::s_libraryLoaded = false; | - |
| 6 | bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; | - |
| 7 | bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; | - |
| 8 | class QOpenSslLocks | - |
| 9 | { | - |
| 10 | public: | - |
| 11 | inline QOpenSslLocks() | - |
| 12 | : initLocker(QMutex::Recursive), | - |
| 13 | locksLocker(QMutex::Recursive) | - |
| 14 | { | - |
| 15 | QMutexLocker locker(&locksLocker); | - |
| 16 | int numLocks = q_CRYPTO_num_locks(); | - |
| 17 | locks = new QMutex *[numLocks]; | - |
| 18 | memset(locks, 0, numLocks * sizeof(QMutex *)); | - |
| 19 | } executed: }Execution Count:10 | 10 |
| 20 | inline ~QOpenSslLocks() | - |
| 21 | { | - |
| 22 | QMutexLocker locker(&locksLocker); | - |
| 23 | for (int i = 0; i < q_CRYPTO_num_locks(); ++i) evaluated: i < q_CRYPTO_num_locks()| yes Evaluation Count:390 | yes Evaluation Count:10 |
| 10-390 |
| 24 | delete locks[i]; executed: delete locks[i];Execution Count:390 | 390 |
| 25 | delete [] locks; | - |
| 26 | | - |
| 27 | QSslSocketPrivate::deinitialize(); | - |
| 28 | } executed: }Execution Count:10 | 10 |
| 29 | inline QMutex *lock(int num) | - |
| 30 | { | - |
| 31 | QMutexLocker locker(&locksLocker); | - |
| 32 | QMutex *tmp = locks[num]; | - |
| 33 | if (!tmp) evaluated: !tmp| yes Evaluation Count:129 | yes Evaluation Count:239169 |
| 129-239169 |
| 34 | tmp = locks[num] = new QMutex(QMutex::Recursive); executed: tmp = locks[num] = new QMutex(QMutex::Recursive);Execution Count:129 | 129 |
| 35 | return tmp; executed: return tmp;Execution Count:239298 | 239298 |
| 36 | } | - |
| 37 | | - |
| 38 | QMutex *globalLock() | - |
| 39 | { | - |
| 40 | return &locksLocker; never executed: return &locksLocker; | 0 |
| 41 | } | - |
| 42 | | - |
| 43 | QMutex *initLock() | - |
| 44 | { | - |
| 45 | return &initLocker; executed: return &initLocker;Execution Count:57988 | 57988 |
| 46 | } | - |
| 47 | | - |
| 48 | private: | - |
| 49 | QMutex initLocker; | - |
| 50 | QMutex locksLocker; | - |
| 51 | QMutex **locks; | - |
| 52 | }; | - |
| 53 | static QOpenSslLocks *openssl_locks() { static QGlobalStatic<QOpenSslLocks > thisGlobalStatic = { { (0) }, false }; if (!thisGlobalStatic.pointer.load() && !thisGlobalStatic.destroyed) { QOpenSslLocks *x = new QOpenSslLocks; if (!thisGlobalStatic.pointer.testAndSetOrdered(0, x)) delete x; else static QGlobalStaticDeleter<QOpenSslLocks > cleanup(thisGlobalStatic); } return thisGlobalStatic.pointer.load(); } partially evaluated: !thisGlobalStatic.pointer.testAndSetOrdered(0, x)| no Evaluation Count:0 | yes Evaluation Count:10 |
evaluated: !thisGlobalStatic.pointer.load()| yes Evaluation Count:10 | yes Evaluation Count:297267 |
partially evaluated: !thisGlobalStatic.destroyed| yes Evaluation Count:10 | no Evaluation Count:0 |
never executed: delete x; executed: return thisGlobalStatic.pointer.load();Execution Count:297277 | 0-297277 |
| 54 | | - |
| 55 | extern "C" { | - |
| 56 | static void locking_function(int mode, int lockNumber, const char *, int) | - |
| 57 | { | - |
| 58 | QMutex *mutex = openssl_locks()->lock(lockNumber); | - |
| 59 | | - |
| 60 | | - |
| 61 | if (mode & 1) evaluated: mode & 1| yes Evaluation Count:119649 | yes Evaluation Count:119649 |
| 119649 |
| 62 | mutex->lock(); executed: mutex->lock();Execution Count:119649 | 119649 |
| 63 | else | - |
| 64 | mutex->unlock(); executed: mutex->unlock();Execution Count:119649 | 119649 |
| 65 | } | - |
| 66 | static unsigned long id_function() | - |
| 67 | { | - |
| 68 | return (quintptr)QThread::currentThreadId(); executed: return (quintptr)QThread::currentThreadId();Execution Count:12470 | 12470 |
| 69 | } | - |
| 70 | } | - |
| 71 | | - |
| 72 | QSslSocketBackendPrivate::QSslSocketBackendPrivate() | - |
| 73 | : ssl(0), | - |
| 74 | ctx(0), | - |
| 75 | pkey(0), | - |
| 76 | readBio(0), | - |
| 77 | writeBio(0), | - |
| 78 | session(0) | - |
| 79 | { | - |
| 80 | | - |
| 81 | ensureInitialized(); | - |
| 82 | } executed: }Execution Count:100 | 100 |
| 83 | | - |
| 84 | QSslSocketBackendPrivate::~QSslSocketBackendPrivate() | - |
| 85 | { | - |
| 86 | destroySslContext(); | - |
| 87 | } executed: }Execution Count:100 | 100 |
| 88 | | - |
| 89 | QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) | - |
| 90 | { | - |
| 91 | QSslCipher ciph; | - |
| 92 | | - |
| 93 | char buf [256]; | - |
| 94 | QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf))); | - |
| 95 | | - |
| 96 | QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts); | - |
| 97 | if (descriptionList.size() > 5) { partially evaluated: descriptionList.size() > 5| yes Evaluation Count:367 | no Evaluation Count:0 |
| 0-367 |
| 98 | | - |
| 99 | ciph.d->isNull = false; | - |
| 100 | ciph.d->name = descriptionList.at(0); | - |
| 101 | | - |
| 102 | QString protoString = descriptionList.at(1); | - |
| 103 | ciph.d->protocolString = protoString; | - |
| 104 | ciph.d->protocol = QSsl::UnknownProtocol; | - |
| 105 | if (protoString == QLatin1String("SSLv3")) evaluated: protoString == QLatin1String("SSLv3")| yes Evaluation Count:313 | yes Evaluation Count:54 |
| 54-313 |
| 106 | ciph.d->protocol = QSsl::SslV3; executed: ciph.d->protocol = QSsl::SslV3;Execution Count:313 | 313 |
| 107 | else if (protoString == QLatin1String("SSLv2")) partially evaluated: protoString == QLatin1String("SSLv2")| yes Evaluation Count:54 | no Evaluation Count:0 |
| 0-54 |
| 108 | ciph.d->protocol = QSsl::SslV2; executed: ciph.d->protocol = QSsl::SslV2;Execution Count:54 | 54 |
| 109 | else if (protoString == QLatin1String("TLSv1")) never evaluated: protoString == QLatin1String("TLSv1") | 0 |
| 110 | ciph.d->protocol = QSsl::TlsV1_0; never executed: ciph.d->protocol = QSsl::TlsV1_0; | 0 |
| 111 | else if (protoString == QLatin1String("TLSv1.1")) never evaluated: protoString == QLatin1String("TLSv1.1") | 0 |
| 112 | ciph.d->protocol = QSsl::TlsV1_1; never executed: ciph.d->protocol = QSsl::TlsV1_1; | 0 |
| 113 | else if (protoString == QLatin1String("TLSv1.2")) never evaluated: protoString == QLatin1String("TLSv1.2") | 0 |
| 114 | ciph.d->protocol = QSsl::TlsV1_2; never executed: ciph.d->protocol = QSsl::TlsV1_2; | 0 |
| 115 | | - |
| 116 | if (descriptionList.at(2).startsWith(QLatin1String("Kx="))) partially evaluated: descriptionList.at(2).startsWith(QLatin1String("Kx="))| yes Evaluation Count:367 | no Evaluation Count:0 |
| 0-367 |
| 117 | ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3); executed: ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);Execution Count:367 | 367 |
| 118 | if (descriptionList.at(3).startsWith(QLatin1String("Au="))) partially evaluated: descriptionList.at(3).startsWith(QLatin1String("Au="))| yes Evaluation Count:367 | no Evaluation Count:0 |
| 0-367 |
| 119 | ciph.d->authenticationMethod = descriptionList.at(3).mid(3); executed: ciph.d->authenticationMethod = descriptionList.at(3).mid(3);Execution Count:367 | 367 |
| 120 | if (descriptionList.at(4).startsWith(QLatin1String("Enc="))) partially evaluated: descriptionList.at(4).startsWith(QLatin1String("Enc="))| yes Evaluation Count:367 | no Evaluation Count:0 |
| 0-367 |
| 121 | ciph.d->encryptionMethod = descriptionList.at(4).mid(4); executed: ciph.d->encryptionMethod = descriptionList.at(4).mid(4);Execution Count:367 | 367 |
| 122 | ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export")); evaluated: descriptionList.size() > 6| yes Evaluation Count:108 | yes Evaluation Count:259 |
partially evaluated: descriptionList.at(6) == QLatin1String("export")| no Evaluation Count:0 | yes Evaluation Count:108 |
| 0-259 |
| 123 | | - |
| 124 | ciph.d->bits = cipher->strength_bits; | - |
| 125 | ciph.d->supportedBits = cipher->alg_bits; | - |
| 126 | | - |
| 127 | } executed: }Execution Count:367 | 367 |
| 128 | return ciph; executed: return ciph;Execution Count:367 | 367 |
| 129 | } | - |
| 130 | | - |
| 131 | | - |
| 132 | | - |
| 133 | struct QSslErrorList | - |
| 134 | { | - |
| 135 | QMutex mutex; | - |
| 136 | QList<QPair<int, int> > errors; | - |
| 137 | }; | - |
| 138 | static QSslErrorList *_q_sslErrorList() { static QGlobalStatic<QSslErrorList > thisGlobalStatic = { { (0) }, false }; if (!thisGlobalStatic.pointer.load() && !thisGlobalStatic.destroyed) { QSslErrorList *x = new QSslErrorList; if (!thisGlobalStatic.pointer.testAndSetOrdered(0, x)) delete x; else static QGlobalStaticDeleter<QSslErrorList > cleanup(thisGlobalStatic); } return thisGlobalStatic.pointer.load(); } never executed: delete x; executed: return thisGlobalStatic.pointer.load();Execution Count:2387 partially evaluated: !thisGlobalStatic.pointer.testAndSetOrdered(0, x)| no Evaluation Count:0 | yes Evaluation Count:3 |
evaluated: !thisGlobalStatic.pointer.load()| yes Evaluation Count:3 | yes Evaluation Count:2384 |
partially evaluated: !thisGlobalStatic.destroyed| yes Evaluation Count:3 | no Evaluation Count:0 |
| 0-2387 |
| 139 | static int q_X509Callback(int ok, X509_STORE_CTX *ctx) | - |
| 140 | { | - |
| 141 | if (!ok) { evaluated: !ok| yes Evaluation Count:50 | yes Evaluation Count:91 |
| 50-91 |
| 142 | | - |
| 143 | _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx)); | - |
| 144 | } executed: }Execution Count:50 | 50 |
| 145 | | - |
| 146 | | - |
| 147 | | - |
| 148 | return 1; executed: return 1;Execution Count:141 | 141 |
| 149 | } | - |
| 150 | | - |
| 151 | long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions) | - |
| 152 | { | - |
| 153 | long options; | - |
| 154 | if (protocol == QSsl::TlsV1SslV3 || protocol == QSsl::SecureProtocols) partially evaluated: protocol == QSsl::TlsV1SslV3| no Evaluation Count:0 | yes Evaluation Count:87 |
evaluated: protocol == QSsl::SecureProtocols| yes Evaluation Count:84 | yes Evaluation Count:3 |
| 0-87 |
| 155 | options = 0x00000FFFL|0x01000000L; executed: options = 0x00000FFFL|0x01000000L;Execution Count:84 | 84 |
| 156 | else | - |
| 157 | options = 0x00000FFFL; executed: options = 0x00000FFFL;Execution Count:3 | 3 |
| 158 | | - |
| 159 | | - |
| 160 | if (sslOptions & QSsl::SslOptionDisableEmptyFragments) partially evaluated: sslOptions & QSsl::SslOptionDisableEmptyFragments| yes Evaluation Count:87 | no Evaluation Count:0 |
| 0-87 |
| 161 | options |= 0x00000800L; executed: options |= 0x00000800L;Execution Count:87 | 87 |
| 162 | else | - |
| 163 | options &= ~0x00000800L; never executed: options &= ~0x00000800L; | 0 |
| 164 | | - |
| 165 | | - |
| 166 | | - |
| 167 | if (sslOptions & QSsl::SslOptionDisableLegacyRenegotiation) partially evaluated: sslOptions & QSsl::SslOptionDisableLegacyRenegotiation| yes Evaluation Count:87 | no Evaluation Count:0 |
| 0-87 |
| 168 | options &= ~0x00040000L; executed: options &= ~0x00040000L;Execution Count:87 | 87 |
| 169 | else | - |
| 170 | options |= 0x00040000L; never executed: options |= 0x00040000L; | 0 |
| 171 | | - |
| 172 | | - |
| 173 | | - |
| 174 | if (sslOptions & QSsl::SslOptionDisableSessionTickets) partially evaluated: sslOptions & QSsl::SslOptionDisableSessionTickets| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 175 | options |= 0x00004000L; never executed: options |= 0x00004000L; | 0 |
| 176 | | - |
| 177 | | - |
| 178 | | - |
| 179 | | - |
| 180 | | - |
| 181 | | - |
| 182 | return options; executed: return options;Execution Count:87 | 87 |
| 183 | } | - |
| 184 | | - |
| 185 | bool QSslSocketBackendPrivate::initSslContext() | - |
| 186 | { | - |
| 187 | QSslSocket * const q = q_func(); | - |
| 188 | | - |
| 189 | | - |
| 190 | bool client = (mode == QSslSocket::SslClientMode); | - |
| 191 | | - |
| 192 | bool reinitialized = false; | - |
| 193 | | - |
| 194 | init_context: code before this statement executed: init_context:Execution Count:87 | 87 |
| 195 | switch (configuration.protocol) { | - |
| 196 | case QSsl::SslV2: | - |
| 197 | | - |
| 198 | ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); | - |
| 199 | | - |
| 200 | | - |
| 201 | | - |
| 202 | break; | 0 |
| 203 | case QSsl::SslV3: | - |
| 204 | ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); | - |
| 205 | break; | 0 |
| 206 | case QSsl::SecureProtocols: | - |
| 207 | case QSsl::TlsV1SslV3: | - |
| 208 | case QSsl::AnyProtocol: | - |
| 209 | default: | - |
| 210 | ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); | - |
| 211 | break; executed: break;Execution Count:87 | 87 |
| 212 | case QSsl::TlsV1_0: | - |
| 213 | ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); | - |
| 214 | break; | 0 |
| 215 | case QSsl::TlsV1_1: | - |
| 216 | | - |
| 217 | | - |
| 218 | | - |
| 219 | ctx = 0; | - |
| 220 | | - |
| 221 | break; | 0 |
| 222 | case QSsl::TlsV1_2: | - |
| 223 | | - |
| 224 | | - |
| 225 | | - |
| 226 | ctx = 0; | - |
| 227 | | - |
| 228 | break; | 0 |
| 229 | } | - |
| 230 | if (!ctx) { partially evaluated: !ctx| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 231 | | - |
| 232 | | - |
| 233 | if (!reinitialized) { never evaluated: !reinitialized | 0 |
| 234 | reinitialized = true; | - |
| 235 | if (q_SSL_library_init() == 1) never evaluated: q_SSL_library_init() == 1 | 0 |
| 236 | goto init_context; never executed: goto init_context; | 0 |
| 237 | } | 0 |
| 238 | | - |
| 239 | q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(getErrorsFromOpenSsl())); | - |
| 240 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 241 | q->error(QAbstractSocket::SslInternalError); | - |
| 242 | return false; never executed: return false; | 0 |
| 243 | } | - |
| 244 | | - |
| 245 | | - |
| 246 | long options = setupOpenSslOptions(configuration.protocol, configuration.sslOptions); | - |
| 247 | q_SSL_CTX_ctrl((ctx),32,(options),__null); | - |
| 248 | QByteArray cipherString; | - |
| 249 | int first = true; | - |
| 250 | QList<QSslCipher> ciphers = configuration.ciphers; | - |
| 251 | if (ciphers.isEmpty()) evaluated: ciphers.isEmpty()| yes Evaluation Count:40 | yes Evaluation Count:47 |
| 40-47 |
| 252 | ciphers = defaultCiphers(); executed: ciphers = defaultCiphers();Execution Count:40 | 40 |
| 253 | for (QForeachContainer<__typeof__(ciphers)> _container_(ciphers); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCipher &cipher = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 254 | if (first) evaluated: first| yes Evaluation Count:87 | yes Evaluation Count:2088 |
| 87-2088 |
| 255 | first = false; executed: first = false;Execution Count:87 | 87 |
| 256 | else | - |
| 257 | cipherString.append(':'); executed: cipherString.append(':');Execution Count:2088 | 2088 |
| 258 | cipherString.append(cipher.name().toLatin1()); | - |
| 259 | } executed: }Execution Count:2175 | 2175 |
| 260 | | - |
| 261 | if (!q_SSL_CTX_set_cipher_list(ctx, cipherString.data())) { partially evaluated: !q_SSL_CTX_set_cipher_list(ctx, cipherString.data())| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 262 | q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(getErrorsFromOpenSsl())); | - |
| 263 | q->setSocketError(QAbstractSocket::SslInvalidUserDataError); | - |
| 264 | q->error(QAbstractSocket::SslInvalidUserDataError); | - |
| 265 | return false; never executed: return false; | 0 |
| 266 | } | - |
| 267 | | - |
| 268 | | - |
| 269 | QList<QSslCertificate> expiredCerts; | - |
| 270 | for (QForeachContainer<__typeof__(q->caCertificates())> _container_(q->caCertificates()); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 271 | | - |
| 272 | | - |
| 273 | if (caCertificate.expiryDate() < QDateTime::currentDateTime()) { partially evaluated: caCertificate.expiryDate() < QDateTime::currentDateTime()| no Evaluation Count:0 | yes Evaluation Count:42 |
| 0-42 |
| 274 | expiredCerts.append(caCertificate); | - |
| 275 | } else { | 0 |
| 276 | q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle())); | - |
| 277 | } executed: }Execution Count:42 | 42 |
| 278 | } | - |
| 279 | | - |
| 280 | bool addExpiredCerts = true; | - |
| 281 | | - |
| 282 | | - |
| 283 | | - |
| 284 | | - |
| 285 | | - |
| 286 | | - |
| 287 | if (addExpiredCerts) { partially evaluated: addExpiredCerts| yes Evaluation Count:87 | no Evaluation Count:0 |
| 0-87 |
| 288 | for (QForeachContainer<__typeof__(expiredCerts)> _container_(expiredCerts); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 289 | q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle())); | - |
| 290 | } | 0 |
| 291 | } executed: }Execution Count:87 | 87 |
| 292 | | - |
| 293 | if (s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { partially evaluated: s_loadRootCertsOnDemand| yes Evaluation Count:87 | no Evaluation Count:0 |
evaluated: allowRootCertOnDemandLoading| yes Evaluation Count:45 | yes Evaluation Count:42 |
| 0-87 |
| 294 | | - |
| 295 | QList<QByteArray> unixDirs = unixRootCertDirectories(); | - |
| 296 | for (int a = 0; a < unixDirs.count(); ++a) evaluated: a < unixDirs.count()| yes Evaluation Count:360 | yes Evaluation Count:45 |
| 45-360 |
| 297 | q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData()); executed: q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData());Execution Count:360 | 360 |
| 298 | } executed: }Execution Count:45 | 45 |
| 299 | | - |
| 300 | | - |
| 301 | ((ctx->cert_store)->verify_cb=(q_X509Callback)); | - |
| 302 | | - |
| 303 | if (!configuration.localCertificate.isNull()) { evaluated: !configuration.localCertificate.isNull()| yes Evaluation Count:3 | yes Evaluation Count:84 |
| 3-84 |
| 304 | | - |
| 305 | if (configuration.privateKey.isNull()) { partially evaluated: configuration.privateKey.isNull()| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 306 | q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(getErrorsFromOpenSsl())); | - |
| 307 | q->setSocketError(QAbstractSocket::SslInvalidUserDataError); | - |
| 308 | q->error(QAbstractSocket::SslInvalidUserDataError); | - |
| 309 | return false; never executed: return false; | 0 |
| 310 | } | - |
| 311 | | - |
| 312 | | - |
| 313 | if (!q_SSL_CTX_use_certificate(ctx, reinterpret_cast<X509 *>(configuration.localCertificate.handle()))) { partially evaluated: !q_SSL_CTX_use_certificate(ctx, reinterpret_cast<X509 *>(configuration.localCertificate.handle()))| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 314 | q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(getErrorsFromOpenSsl())); | - |
| 315 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 316 | q->error(QAbstractSocket::SslInternalError); | - |
| 317 | return false; never executed: return false; | 0 |
| 318 | } | - |
| 319 | | - |
| 320 | if (configuration.privateKey.algorithm() == QSsl::Opaque) { partially evaluated: configuration.privateKey.algorithm() == QSsl::Opaque| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 321 | pkey = reinterpret_cast<EVP_PKEY *>(configuration.privateKey.handle()); | - |
| 322 | } else { | 0 |
| 323 | | - |
| 324 | pkey = q_EVP_PKEY_new(); | - |
| 325 | | - |
| 326 | | - |
| 327 | | - |
| 328 | if (configuration.privateKey.algorithm() == QSsl::Rsa) partially evaluated: configuration.privateKey.algorithm() == QSsl::Rsa| yes Evaluation Count:3 | no Evaluation Count:0 |
| 0-3 |
| 329 | q_EVP_PKEY_set1_RSA(pkey, reinterpret_cast<RSA *>(configuration.privateKey.handle())); executed: q_EVP_PKEY_set1_RSA(pkey, reinterpret_cast<RSA *>(configuration.privateKey.handle()));Execution Count:3 | 3 |
| 330 | else | - |
| 331 | q_EVP_PKEY_set1_DSA(pkey, reinterpret_cast<DSA *>(configuration.privateKey.handle())); never executed: q_EVP_PKEY_set1_DSA(pkey, reinterpret_cast<DSA *>(configuration.privateKey.handle())); | 0 |
| 332 | } | - |
| 333 | | - |
| 334 | if (!q_SSL_CTX_use_PrivateKey(ctx, pkey)) { partially evaluated: !q_SSL_CTX_use_PrivateKey(ctx, pkey)| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 335 | q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(getErrorsFromOpenSsl())); | - |
| 336 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 337 | q->error(QAbstractSocket::SslInternalError); | - |
| 338 | return false; never executed: return false; | 0 |
| 339 | } | - |
| 340 | if (configuration.privateKey.algorithm() == QSsl::Opaque) partially evaluated: configuration.privateKey.algorithm() == QSsl::Opaque| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 341 | pkey = 0; never executed: pkey = 0; | 0 |
| 342 | | - |
| 343 | | - |
| 344 | if (!q_SSL_CTX_check_private_key(ctx)) { partially evaluated: !q_SSL_CTX_check_private_key(ctx)| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 345 | q->setErrorString(QSslSocket::tr("Private key does not certify public key, %1").arg(getErrorsFromOpenSsl())); | - |
| 346 | q->setSocketError(QAbstractSocket::SslInvalidUserDataError); | - |
| 347 | q->error(QAbstractSocket::SslInvalidUserDataError); | - |
| 348 | return false; never executed: return false; | 0 |
| 349 | } | - |
| 350 | } executed: }Execution Count:3 | 3 |
| 351 | | - |
| 352 | | - |
| 353 | if (configuration.peerVerifyMode == QSslSocket::VerifyNone) { partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyNone| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 354 | q_SSL_CTX_set_verify(ctx, 0x00, 0); | - |
| 355 | } else { | 0 |
| 356 | q_SSL_CTX_set_verify(ctx, 0x01, q_X509Callback); | - |
| 357 | } executed: }Execution Count:87 | 87 |
| 358 | | - |
| 359 | | - |
| 360 | if (configuration.peerVerifyDepth != 0) partially evaluated: configuration.peerVerifyDepth != 0| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 361 | q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth); never executed: q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth); | 0 |
| 362 | | - |
| 363 | | - |
| 364 | if (!(ssl = q_SSL_new(ctx))) { partially evaluated: !(ssl = q_SSL_new(ctx))| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 365 | | - |
| 366 | q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(getErrorsFromOpenSsl())); | - |
| 367 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 368 | q->error(QAbstractSocket::SslInternalError); | - |
| 369 | return false; never executed: return false; | 0 |
| 370 | } | - |
| 371 | | - |
| 372 | | - |
| 373 | if ((configuration.protocol == QSsl::TlsV1SslV3 || partially evaluated: configuration.protocol == QSsl::TlsV1SslV3| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 374 | configuration.protocol == QSsl::TlsV1_0 || partially evaluated: configuration.protocol == QSsl::TlsV1_0| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 375 | configuration.protocol == QSsl::TlsV1_1 || partially evaluated: configuration.protocol == QSsl::TlsV1_1| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 376 | configuration.protocol == QSsl::TlsV1_2 || partially evaluated: configuration.protocol == QSsl::TlsV1_2| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 377 | configuration.protocol == QSsl::SecureProtocols || evaluated: configuration.protocol == QSsl::SecureProtocols| yes Evaluation Count:84 | yes Evaluation Count:3 |
| 3-84 |
| 378 | configuration.protocol == QSsl::AnyProtocol) && partially evaluated: configuration.protocol == QSsl::AnyProtocol| yes Evaluation Count:3 | no Evaluation Count:0 |
| 0-3 |
| 379 | client && q_SSLeay() >= 0x00090806fL) { evaluated: client| yes Evaluation Count:84 | yes Evaluation Count:3 |
partially evaluated: q_SSLeay() >= 0x00090806fL| yes Evaluation Count:84 | no Evaluation Count:0 |
| 0-84 |
| 380 | | - |
| 381 | QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; partially evaluated: verificationPeerName.isEmpty()| yes Evaluation Count:84 | no Evaluation Count:0 |
| 0-84 |
| 382 | if (tlsHostName.isEmpty()) partially evaluated: tlsHostName.isEmpty()| no Evaluation Count:0 | yes Evaluation Count:84 |
| 0-84 |
| 383 | tlsHostName = hostName; never executed: tlsHostName = hostName; | 0 |
| 384 | QByteArray ace = QUrl::toAce(tlsHostName); | - |
| 385 | | - |
| 386 | if (!ace.isEmpty() partially evaluated: !ace.isEmpty()| yes Evaluation Count:84 | no Evaluation Count:0 |
| 0-84 |
| 387 | && !QHostAddress().setAddress(tlsHostName) evaluated: !QHostAddress().setAddress(tlsHostName)| yes Evaluation Count:75 | yes Evaluation Count:9 |
| 9-75 |
| 388 | && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) { partially evaluated: !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)| yes Evaluation Count:75 | no Evaluation Count:0 |
| 0-75 |
| 389 | if (!q_SSL_ctrl(ssl, 55, 0, ace.data())) partially evaluated: !q_SSL_ctrl(ssl, 55, 0, ace.data())| no Evaluation Count:0 | yes Evaluation Count:75 |
| 0-75 |
| 390 | QMessageLogger("ssl/qsslsocket_openssl.cpp", 524, __PRETTY_FUNCTION__).warning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled"); never executed: QMessageLogger("ssl/qsslsocket_openssl.cpp", 524, __PRETTY_FUNCTION__).warning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled"); | 0 |
| 391 | } executed: }Execution Count:75 | 75 |
| 392 | } executed: }Execution Count:84 | 84 |
| 393 | | - |
| 394 | | - |
| 395 | | - |
| 396 | q_SSL_clear(ssl); | - |
| 397 | errorList.clear(); | - |
| 398 | | - |
| 399 | | - |
| 400 | readBio = q_BIO_new(q_BIO_s_mem()); | - |
| 401 | writeBio = q_BIO_new(q_BIO_s_mem()); | - |
| 402 | if (!readBio || !writeBio) { partially evaluated: !readBio| no Evaluation Count:0 | yes Evaluation Count:87 |
partially evaluated: !writeBio| no Evaluation Count:0 | yes Evaluation Count:87 |
| 0-87 |
| 403 | q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(getErrorsFromOpenSsl())); | - |
| 404 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 405 | q->error(QAbstractSocket::SslInternalError); | - |
| 406 | return false; never executed: return false; | 0 |
| 407 | } | - |
| 408 | | - |
| 409 | | - |
| 410 | q_SSL_set_bio(ssl, readBio, writeBio); | - |
| 411 | | - |
| 412 | if (mode == QSslSocket::SslClientMode) evaluated: mode == QSslSocket::SslClientMode| yes Evaluation Count:84 | yes Evaluation Count:3 |
| 3-84 |
| 413 | q_SSL_set_connect_state(ssl); executed: q_SSL_set_connect_state(ssl);Execution Count:84 | 84 |
| 414 | else | - |
| 415 | q_SSL_set_accept_state(ssl); executed: q_SSL_set_accept_state(ssl);Execution Count:3 | 3 |
| 416 | | - |
| 417 | return true; executed: return true;Execution Count:87 | 87 |
| 418 | } | - |
| 419 | | - |
| 420 | void QSslSocketBackendPrivate::destroySslContext() | - |
| 421 | { | - |
| 422 | if (ssl) { evaluated: ssl| yes Evaluation Count:87 | yes Evaluation Count:137 |
| 87-137 |
| 423 | q_SSL_free(ssl); | - |
| 424 | ssl = 0; | - |
| 425 | } executed: }Execution Count:87 | 87 |
| 426 | if (ctx) { evaluated: ctx| yes Evaluation Count:87 | yes Evaluation Count:137 |
| 87-137 |
| 427 | q_SSL_CTX_free(ctx); | - |
| 428 | ctx = 0; | - |
| 429 | } executed: }Execution Count:87 | 87 |
| 430 | if (pkey) { evaluated: pkey| yes Evaluation Count:3 | yes Evaluation Count:221 |
| 3-221 |
| 431 | q_EVP_PKEY_free(pkey); | - |
| 432 | pkey = 0; | - |
| 433 | } executed: }Execution Count:3 | 3 |
| 434 | } executed: }Execution Count:224 | 224 |
| 435 | | - |
| 436 | | - |
| 437 | | - |
| 438 | | - |
| 439 | void QSslSocketPrivate::deinitialize() | - |
| 440 | { | - |
| 441 | q_CRYPTO_set_id_callback(0); | - |
| 442 | q_CRYPTO_set_locking_callback(0); | - |
| 443 | q_ERR_free_strings(); | - |
| 444 | } executed: }Execution Count:10 | 10 |
| 445 | bool QSslSocketPrivate::supportsSsl() | - |
| 446 | { | - |
| 447 | return ensureLibraryLoaded(); executed: return ensureLibraryLoaded();Execution Count:36021 | 36021 |
| 448 | } | - |
| 449 | | - |
| 450 | bool QSslSocketPrivate::ensureLibraryLoaded() | - |
| 451 | { | - |
| 452 | if (!q_resolveOpenSslSymbols()) partially evaluated: !q_resolveOpenSslSymbols()| no Evaluation Count:0 | yes Evaluation Count:36022 |
| 0-36022 |
| 453 | return false; never executed: return false; | 0 |
| 454 | | - |
| 455 | | - |
| 456 | QMutexLocker locker(openssl_locks()->initLock()); | - |
| 457 | | - |
| 458 | if (!s_libraryLoaded) { evaluated: !s_libraryLoaded| yes Evaluation Count:10 | yes Evaluation Count:36012 |
| 10-36012 |
| 459 | s_libraryLoaded = true; | - |
| 460 | | - |
| 461 | | - |
| 462 | q_CRYPTO_set_id_callback(id_function); | - |
| 463 | q_CRYPTO_set_locking_callback(locking_function); | - |
| 464 | if (q_SSL_library_init() != 1) partially evaluated: q_SSL_library_init() != 1| no Evaluation Count:0 | yes Evaluation Count:10 |
| 0-10 |
| 465 | return false; never executed: return false; | 0 |
| 466 | q_SSL_load_error_strings(); | - |
| 467 | q_OPENSSL_add_all_algorithms_conf(); | - |
| 468 | | - |
| 469 | | - |
| 470 | if (!q_RAND_status()) { partially evaluated: !q_RAND_status()| no Evaluation Count:0 | yes Evaluation Count:10 |
| 0-10 |
| 471 | struct { | - |
| 472 | int msec; | - |
| 473 | int sec; | - |
| 474 | void *stack; | - |
| 475 | } randomish; | - |
| 476 | | - |
| 477 | int attempts = 500; | - |
| 478 | do { | - |
| 479 | if (attempts < 500) { never evaluated: attempts < 500 | 0 |
| 480 | | - |
| 481 | struct timespec ts = {0, 33333333}; | - |
| 482 | nanosleep(&ts, 0); | - |
| 483 | | - |
| 484 | | - |
| 485 | | - |
| 486 | randomish.msec = attempts; | - |
| 487 | } | 0 |
| 488 | randomish.stack = (void *)&randomish; | - |
| 489 | randomish.msec = QTime::currentTime().msec(); | - |
| 490 | randomish.sec = QTime::currentTime().second(); | - |
| 491 | q_RAND_seed((const char *)&randomish, sizeof(randomish)); | - |
| 492 | } while (!q_RAND_status() && --attempts); never evaluated: !q_RAND_status() never evaluated: --attempts | 0 |
| 493 | if (!attempts) never evaluated: !attempts | 0 |
| 494 | return false; never executed: return false; | 0 |
| 495 | } | 0 |
| 496 | } executed: }Execution Count:10 | 10 |
| 497 | return true; executed: return true;Execution Count:36022 | 36022 |
| 498 | } | - |
| 499 | | - |
| 500 | void QSslSocketPrivate::ensureCiphersAndCertsLoaded() | - |
| 501 | { | - |
| 502 | QMutexLocker locker(openssl_locks()->initLock()); | - |
| 503 | if (s_loadedCiphersAndCerts) evaluated: s_loadedCiphersAndCerts| yes Evaluation Count:21960 | yes Evaluation Count:9 |
| 9-21960 |
| 504 | return; executed: return;Execution Count:21960 | 21960 |
| 505 | s_loadedCiphersAndCerts = true; | - |
| 506 | | - |
| 507 | resetDefaultCiphers(); | - |
| 508 | QList<QByteArray> dirs = unixRootCertDirectories(); | - |
| 509 | QStringList symLinkFilter; | - |
| 510 | symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); | - |
| 511 | for (int a = 0; a < dirs.count(); ++a) { partially evaluated: a < dirs.count()| yes Evaluation Count:9 | no Evaluation Count:0 |
| 0-9 |
| 512 | QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); | - |
| 513 | if (iterator.hasNext()) { partially evaluated: iterator.hasNext()| yes Evaluation Count:9 | no Evaluation Count:0 |
| 0-9 |
| 514 | s_loadRootCertsOnDemand = true; | - |
| 515 | break; executed: break;Execution Count:9 | 9 |
| 516 | } | - |
| 517 | } | 0 |
| 518 | | - |
| 519 | | - |
| 520 | | - |
| 521 | if (!s_loadRootCertsOnDemand) partially evaluated: !s_loadRootCertsOnDemand| no Evaluation Count:0 | yes Evaluation Count:9 |
| 0-9 |
| 522 | setDefaultCaCertificates(systemCaCertificates()); never executed: setDefaultCaCertificates(systemCaCertificates()); | 0 |
| 523 | } executed: }Execution Count:9 | 9 |
| 524 | void QSslSocketPrivate::ensureInitialized() | - |
| 525 | { | - |
| 526 | if (!supportsSsl()) partially evaluated: !supportsSsl()| no Evaluation Count:0 | yes Evaluation Count:21968 |
| 0-21968 |
| 527 | return; | 0 |
| 528 | | - |
| 529 | ensureCiphersAndCertsLoaded(); | - |
| 530 | } executed: }Execution Count:21969 | 21969 |
| 531 | | - |
| 532 | long QSslSocketPrivate::sslLibraryVersionNumber() | - |
| 533 | { | - |
| 534 | return q_SSLeay(); never executed: return q_SSLeay(); | 0 |
| 535 | } | - |
| 536 | | - |
| 537 | QString QSslSocketPrivate::sslLibraryVersionString() | - |
| 538 | { | - |
| 539 | if (!supportsSsl()) never evaluated: !supportsSsl() | 0 |
| 540 | return QString(); never executed: return QString(); | 0 |
| 541 | | - |
| 542 | const char *versionString = q_SSLeay_version(0); | - |
| 543 | if (!versionString) never evaluated: !versionString | 0 |
| 544 | return QString(); never executed: return QString(); | 0 |
| 545 | | - |
| 546 | return QString::fromLatin1(versionString); never executed: return QString::fromLatin1(versionString); | 0 |
| 547 | } | - |
| 548 | | - |
| 549 | | - |
| 550 | | - |
| 551 | | - |
| 552 | | - |
| 553 | | - |
| 554 | | - |
| 555 | void QSslSocketPrivate::resetDefaultCiphers() | - |
| 556 | { | - |
| 557 | SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); | - |
| 558 | SSL *mySsl = q_SSL_new(myCtx); | - |
| 559 | | - |
| 560 | QList<QSslCipher> ciphers; | - |
| 561 | | - |
| 562 | STACK *supportedCiphers = q_SSL_get_ciphers(mySsl); | - |
| 563 | for (int i = 0; i < ((int (*)(const STACK *))q_sk_num)((supportedCiphers)); ++i) { evaluated: i < ((int (*)(const STACK *))q_sk_num)((supportedCiphers))| yes Evaluation Count:225 | yes Evaluation Count:9 |
| 9-225 |
| 564 | if (SSL_CIPHER *cipher = ((SSL_CIPHER * (*)(const STACK *, int))q_sk_value)((supportedCiphers), (i))) { partially evaluated: SSL_CIPHER *cipher = ((SSL_CIPHER * (*)(const STACK *, int))q_sk_value)((supportedCiphers), (i))| yes Evaluation Count:225 | no Evaluation Count:0 |
| 0-225 |
| 565 | if (cipher->valid) { partially evaluated: cipher->valid| yes Evaluation Count:225 | no Evaluation Count:0 |
| 0-225 |
| 566 | QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); | - |
| 567 | if (!ciph.isNull()) { partially evaluated: !ciph.isNull()| yes Evaluation Count:225 | no Evaluation Count:0 |
| 0-225 |
| 568 | if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) partially evaluated: !ciph.name().toLower().startsWith(QLatin1String("adh"))| yes Evaluation Count:225 | no Evaluation Count:0 |
| 0-225 |
| 569 | ciphers << ciph; executed: ciphers << ciph;Execution Count:225 | 225 |
| 570 | } executed: }Execution Count:225 | 225 |
| 571 | } executed: }Execution Count:225 | 225 |
| 572 | } executed: }Execution Count:225 | 225 |
| 573 | } executed: }Execution Count:225 | 225 |
| 574 | | - |
| 575 | q_SSL_CTX_free(myCtx); | - |
| 576 | q_SSL_free(mySsl); | - |
| 577 | | - |
| 578 | setDefaultSupportedCiphers(ciphers); | - |
| 579 | setDefaultCiphers(ciphers); | - |
| 580 | } executed: }Execution Count:9 | 9 |
| 581 | | - |
| 582 | QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() | - |
| 583 | { | - |
| 584 | ensureInitialized(); | - |
| 585 | | - |
| 586 | | - |
| 587 | | - |
| 588 | | - |
| 589 | QList<QSslCertificate> systemCerts; | - |
| 590 | QSet<QString> certFiles; | - |
| 591 | QList<QByteArray> directories = unixRootCertDirectories(); | - |
| 592 | QDir currentDir; | - |
| 593 | QStringList nameFilters; | - |
| 594 | nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt"); | - |
| 595 | currentDir.setNameFilters(nameFilters); | - |
| 596 | for (int a = 0; a < directories.count(); a++) { evaluated: a < directories.count()| yes Evaluation Count:8 | yes Evaluation Count:1 |
| 1-8 |
| 597 | currentDir.setPath(QLatin1String(directories.at(a))); | - |
| 598 | QDirIterator it(currentDir); | - |
| 599 | while(it.hasNext()) { evaluated: it.hasNext()| yes Evaluation Count:282 | yes Evaluation Count:8 |
| 8-282 |
| 600 | it.next(); | - |
| 601 | | - |
| 602 | certFiles.insert(it.fileInfo().canonicalFilePath()); | - |
| 603 | } executed: }Execution Count:282 | 282 |
| 604 | } executed: }Execution Count:8 | 8 |
| 605 | QSetIterator<QString> it(certFiles); | - |
| 606 | while(it.hasNext()) { evaluated: it.hasNext()| yes Evaluation Count:141 | yes Evaluation Count:1 |
| 1-141 |
| 607 | systemCerts.append(QSslCertificate::fromPath(it.next())); | - |
| 608 | } executed: }Execution Count:141 | 141 |
| 609 | systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); | - |
| 610 | systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); | - |
| 611 | | - |
| 612 | | - |
| 613 | | - |
| 614 | | - |
| 615 | | - |
| 616 | | - |
| 617 | return systemCerts; executed: return systemCerts;Execution Count:1 | 1 |
| 618 | } | - |
| 619 | | - |
| 620 | void QSslSocketBackendPrivate::startClientEncryption() | - |
| 621 | { | - |
| 622 | QSslSocket * const q = q_func(); | - |
| 623 | if (!initSslContext()) { partially evaluated: !initSslContext()| no Evaluation Count:0 | yes Evaluation Count:84 |
| 0-84 |
| 624 | q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl())); | - |
| 625 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 626 | q->error(QAbstractSocket::SslInternalError); | - |
| 627 | return; | 0 |
| 628 | } | - |
| 629 | | - |
| 630 | | - |
| 631 | | - |
| 632 | startHandshake(); | - |
| 633 | transmit(); | - |
| 634 | } executed: }Execution Count:84 | 84 |
| 635 | | - |
| 636 | void QSslSocketBackendPrivate::startServerEncryption() | - |
| 637 | { | - |
| 638 | QSslSocket * const q = q_func(); | - |
| 639 | if (!initSslContext()) { partially evaluated: !initSslContext()| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 640 | q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl())); | - |
| 641 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 642 | q->error(QAbstractSocket::SslInternalError); | - |
| 643 | return; | 0 |
| 644 | } | - |
| 645 | | - |
| 646 | | - |
| 647 | | - |
| 648 | startHandshake(); | - |
| 649 | transmit(); | - |
| 650 | } executed: }Execution Count:3 | 3 |
| 651 | | - |
| 652 | | - |
| 653 | | - |
| 654 | | - |
| 655 | | - |
| 656 | | - |
| 657 | void QSslSocketBackendPrivate::transmit() | - |
| 658 | { | - |
| 659 | QSslSocket * const q = q_func(); | - |
| 660 | | - |
| 661 | | - |
| 662 | if (!ssl) partially evaluated: !ssl| no Evaluation Count:0 | yes Evaluation Count:3843 |
| 0-3843 |
| 663 | return; | 0 |
| 664 | | - |
| 665 | bool transmitting; | - |
| 666 | do { | - |
| 667 | transmitting = false; | - |
| 668 | | - |
| 669 | | - |
| 670 | | - |
| 671 | if (connectionEncrypted && !writeBuffer.isEmpty()) { evaluated: connectionEncrypted| yes Evaluation Count:7438 | yes Evaluation Count:492 |
evaluated: !writeBuffer.isEmpty()| yes Evaluation Count:3398 | yes Evaluation Count:4040 |
| 492-7438 |
| 672 | qint64 totalBytesWritten = 0; | - |
| 673 | int nextDataBlockSize; | - |
| 674 | while ((nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0) { evaluated: (nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0| yes Evaluation Count:3406 | yes Evaluation Count:3398 |
| 3398-3406 |
| 675 | int writtenBytes = q_SSL_write(ssl, writeBuffer.readPointer(), nextDataBlockSize); | - |
| 676 | if (writtenBytes <= 0) { partially evaluated: writtenBytes <= 0| no Evaluation Count:0 | yes Evaluation Count:3406 |
| 0-3406 |
| 677 | | - |
| 678 | q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(getErrorsFromOpenSsl())); | - |
| 679 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 680 | q->error(QAbstractSocket::SslInternalError); | - |
| 681 | return; | 0 |
| 682 | } | - |
| 683 | | - |
| 684 | | - |
| 685 | | - |
| 686 | writeBuffer.free(writtenBytes); | - |
| 687 | totalBytesWritten += writtenBytes; | - |
| 688 | | - |
| 689 | if (writtenBytes < nextDataBlockSize) { partially evaluated: writtenBytes < nextDataBlockSize| no Evaluation Count:0 | yes Evaluation Count:3406 |
| 0-3406 |
| 690 | | - |
| 691 | transmitting = true; | - |
| 692 | break; | 0 |
| 693 | } | - |
| 694 | } executed: }Execution Count:3406 | 3406 |
| 695 | | - |
| 696 | if (totalBytesWritten > 0) { partially evaluated: totalBytesWritten > 0| yes Evaluation Count:3398 | no Evaluation Count:0 |
| 0-3398 |
| 697 | | - |
| 698 | if (!emittedBytesWritten) { partially evaluated: !emittedBytesWritten| yes Evaluation Count:3398 | no Evaluation Count:0 |
| 0-3398 |
| 699 | emittedBytesWritten = true; | - |
| 700 | q->bytesWritten(totalBytesWritten); | - |
| 701 | emittedBytesWritten = false; | - |
| 702 | } executed: }Execution Count:3398 | 3398 |
| 703 | } executed: }Execution Count:3398 | 3398 |
| 704 | } executed: }Execution Count:3398 | 3398 |
| 705 | | - |
| 706 | | - |
| 707 | QVarLengthArray<char, 4096> data; | - |
| 708 | int pendingBytes; | - |
| 709 | while (plainSocket->isValid() && (pendingBytes = (int)q_BIO_ctrl(writeBio,10,0,__null)) > 0) { partially evaluated: plainSocket->isValid()| yes Evaluation Count:11495 | no Evaluation Count:0 |
evaluated: (pendingBytes = (int)q_BIO_ctrl(writeBio,10,0,__null)) > 0| yes Evaluation Count:3565 | yes Evaluation Count:7930 |
| 0-11495 |
| 710 | | - |
| 711 | data.resize(pendingBytes); | - |
| 712 | int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes); | - |
| 713 | | - |
| 714 | | - |
| 715 | qint64 actualWritten = plainSocket->write(data.constData(), encryptedBytesRead); | - |
| 716 | | - |
| 717 | | - |
| 718 | | - |
| 719 | if (actualWritten < 0) { partially evaluated: actualWritten < 0| no Evaluation Count:0 | yes Evaluation Count:3565 |
| 0-3565 |
| 720 | | - |
| 721 | q->setErrorString(plainSocket->errorString()); | - |
| 722 | q->setSocketError(plainSocket->error()); | - |
| 723 | q->error(plainSocket->error()); | - |
| 724 | return; | 0 |
| 725 | } | - |
| 726 | transmitting = true; | - |
| 727 | } executed: }Execution Count:3565 | 3565 |
| 728 | | - |
| 729 | | - |
| 730 | if (!connectionEncrypted || !readBufferMaxSize || buffer.size() < readBufferMaxSize) evaluated: !connectionEncrypted| yes Evaluation Count:492 | yes Evaluation Count:7438 |
evaluated: !readBufferMaxSize| yes Evaluation Count:4956 | yes Evaluation Count:2482 |
evaluated: buffer.size() < readBufferMaxSize| yes Evaluation Count:2457 | yes Evaluation Count:25 |
| 25-7438 |
| 731 | while ((pendingBytes = plainSocket->bytesAvailable()) > 0) { evaluated: (pendingBytes = plainSocket->bytesAvailable()) > 0| yes Evaluation Count:543 | yes Evaluation Count:7905 |
| 543-7905 |
| 732 | | - |
| 733 | data.resize(pendingBytes); | - |
| 734 | | - |
| 735 | int encryptedBytesRead = plainSocket->peek(data.data(), pendingBytes); | - |
| 736 | | - |
| 737 | | - |
| 738 | | - |
| 739 | | - |
| 740 | | - |
| 741 | int writtenToBio = q_BIO_write(readBio, data.constData(), encryptedBytesRead); | - |
| 742 | | - |
| 743 | | - |
| 744 | if (writtenToBio > 0) { partially evaluated: writtenToBio > 0| yes Evaluation Count:543 | no Evaluation Count:0 |
| 0-543 |
| 745 | | - |
| 746 | plainSocket->read(data.data(), writtenToBio); | - |
| 747 | } else { executed: }Execution Count:543 | 543 |
| 748 | | - |
| 749 | q->setErrorString(QSslSocket::tr("Unable to decrypt data: %1").arg(getErrorsFromOpenSsl())); | - |
| 750 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 751 | q->error(QAbstractSocket::SslInternalError); | - |
| 752 | return; | 0 |
| 753 | } | - |
| 754 | | - |
| 755 | transmitting = true; | - |
| 756 | } executed: }Execution Count:543 | 543 |
| 757 | | - |
| 758 | | - |
| 759 | | - |
| 760 | if (!connectionEncrypted) { evaluated: !connectionEncrypted| yes Evaluation Count:492 | yes Evaluation Count:7438 |
| 492-7438 |
| 761 | | - |
| 762 | | - |
| 763 | | - |
| 764 | if (startHandshake()) { evaluated: startHandshake()| yes Evaluation Count:71 | yes Evaluation Count:421 |
| 71-421 |
| 765 | | - |
| 766 | | - |
| 767 | | - |
| 768 | connectionEncrypted = true; | - |
| 769 | transmitting = true; | - |
| 770 | } else if (plainSocket->state() != QAbstractSocket::ConnectedState) { executed: }Execution Count:71 evaluated: plainSocket->state() != QAbstractSocket::ConnectedState| yes Evaluation Count:10 | yes Evaluation Count:411 |
| 10-411 |
| 771 | | - |
| 772 | | - |
| 773 | | - |
| 774 | break; executed: break;Execution Count:10 | 10 |
| 775 | } else if (paused) { partially evaluated: paused| no Evaluation Count:0 | yes Evaluation Count:411 |
| 0-411 |
| 776 | | - |
| 777 | return; | 0 |
| 778 | } else { | - |
| 779 | | - |
| 780 | | - |
| 781 | | - |
| 782 | } executed: }Execution Count:411 | 411 |
| 783 | } | - |
| 784 | | - |
| 785 | | - |
| 786 | | - |
| 787 | | - |
| 788 | if (!ssl) partially evaluated: !ssl| no Evaluation Count:0 | yes Evaluation Count:7920 |
| 0-7920 |
| 789 | continue; never executed: continue; | 0 |
| 790 | | - |
| 791 | | - |
| 792 | | - |
| 793 | | - |
| 794 | int readBytes = 0; | - |
| 795 | data.resize(4096); | - |
| 796 | ::memset(data.data(), 0, data.size()); | - |
| 797 | do { | - |
| 798 | | - |
| 799 | if ((readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0) { evaluated: (readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0| yes Evaluation Count:3145 | yes Evaluation Count:7910 |
| 3145-7910 |
| 800 | | - |
| 801 | | - |
| 802 | | - |
| 803 | char *ptr = buffer.reserve(readBytes); | - |
| 804 | ::memcpy(ptr, data.data(), readBytes); | - |
| 805 | | - |
| 806 | if (readyReadEmittedPointer) evaluated: readyReadEmittedPointer| yes Evaluation Count:4 | yes Evaluation Count:3141 |
| 4-3141 |
| 807 | *readyReadEmittedPointer = true; executed: *readyReadEmittedPointer = true;Execution Count:4 | 4 |
| 808 | q->readyRead(); | - |
| 809 | transmitting = true; | - |
| 810 | continue; executed: continue;Execution Count:3145 | 3145 |
| 811 | } | - |
| 812 | | - |
| 813 | | - |
| 814 | switch (q_SSL_get_error(ssl, readBytes)) { | - |
| 815 | case 2: | - |
| 816 | case 3: | - |
| 817 | | - |
| 818 | break; executed: break;Execution Count:7909 | 7909 |
| 819 | case 6: | - |
| 820 | | - |
| 821 | | - |
| 822 | | - |
| 823 | | - |
| 824 | plainSocket->disconnectFromHost(); | - |
| 825 | break; executed: break;Execution Count:1 | 1 |
| 826 | case 5: | - |
| 827 | case 1: | - |
| 828 | | - |
| 829 | | - |
| 830 | q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl())); | - |
| 831 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 832 | q->error(QAbstractSocket::SslInternalError); | - |
| 833 | return; | 0 |
| 834 | default: | - |
| 835 | | - |
| 836 | | - |
| 837 | | - |
| 838 | | - |
| 839 | | - |
| 840 | q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl())); | - |
| 841 | q->setSocketError(QAbstractSocket::SslInternalError); | - |
| 842 | q->error(QAbstractSocket::SslInternalError); | - |
| 843 | break; | 0 |
| 844 | } | - |
| 845 | } while (ssl && readBytes > 0); executed: }Execution Count:7910 evaluated: ssl| yes Evaluation Count:11044 | yes Evaluation Count:11 |
evaluated: readBytes > 0| yes Evaluation Count:3135 | yes Evaluation Count:7909 |
| 11-11044 |
| 846 | } while (ssl && ctx && transmitting); executed: }Execution Count:7920 evaluated: ssl| yes Evaluation Count:7909 | yes Evaluation Count:11 |
partially evaluated: ctx| yes Evaluation Count:7909 | no Evaluation Count:0 |
evaluated: transmitting| yes Evaluation Count:4087 | yes Evaluation Count:3822 |
| 0-7920 |
| 847 | } executed: }Execution Count:3843 | 3843 |
| 848 | | - |
| 849 | static QSslError _q_OpenSSL_to_QSslError(int errorCode, const QSslCertificate &cert) | - |
| 850 | { | - |
| 851 | QSslError error; | - |
| 852 | switch (errorCode) { | - |
| 853 | case 0: | - |
| 854 | | - |
| 855 | break; | 0 |
| 856 | case 2: | - |
| 857 | error = QSslError(QSslError::UnableToGetIssuerCertificate, cert); break; | 0 |
| 858 | case 4: | - |
| 859 | error = QSslError(QSslError::UnableToDecryptCertificateSignature, cert); break; | 0 |
| 860 | case 6: | - |
| 861 | error = QSslError(QSslError::UnableToDecodeIssuerPublicKey, cert); break; | 0 |
| 862 | case 7: | - |
| 863 | error = QSslError(QSslError::CertificateSignatureFailed, cert); break; | 0 |
| 864 | case 9: | - |
| 865 | error = QSslError(QSslError::CertificateNotYetValid, cert); break; | 0 |
| 866 | case 10: | - |
| 867 | error = QSslError(QSslError::CertificateExpired, cert); break; executed: break;Execution Count:1 | 1 |
| 868 | case 13: | - |
| 869 | error = QSslError(QSslError::InvalidNotBeforeField, cert); break; | 0 |
| 870 | case 14: | - |
| 871 | error = QSslError(QSslError::InvalidNotAfterField, cert); break; | 0 |
| 872 | case 18: | - |
| 873 | error = QSslError(QSslError::SelfSignedCertificate, cert); break; executed: break;Execution Count:65 | 65 |
| 874 | case 19: | - |
| 875 | error = QSslError(QSslError::SelfSignedCertificateInChain, cert); break; | 0 |
| 876 | case 20: | - |
| 877 | error = QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert); break; executed: break;Execution Count:12 | 12 |
| 878 | case 21: | - |
| 879 | error = QSslError(QSslError::UnableToVerifyFirstCertificate, cert); break; executed: break;Execution Count:12 | 12 |
| 880 | case 23: | - |
| 881 | error = QSslError(QSslError::CertificateRevoked, cert); break; | 0 |
| 882 | case 24: | - |
| 883 | error = QSslError(QSslError::InvalidCaCertificate, cert); break; executed: break;Execution Count:1 | 1 |
| 884 | case 25: | - |
| 885 | error = QSslError(QSslError::PathLengthExceeded, cert); break; | 0 |
| 886 | case 26: | - |
| 887 | error = QSslError(QSslError::InvalidPurpose, cert); break; | 0 |
| 888 | case 27: | - |
| 889 | error = QSslError(QSslError::CertificateUntrusted, cert); break; executed: break;Execution Count:6 | 6 |
| 890 | case 28: | - |
| 891 | error = QSslError(QSslError::CertificateRejected, cert); break; | 0 |
| 892 | default: | - |
| 893 | error = QSslError(QSslError::UnspecifiedError, cert); break; | 0 |
| 894 | } | - |
| 895 | return error; executed: return error;Execution Count:97 | 97 |
| 896 | } | - |
| 897 | | - |
| 898 | bool QSslSocketBackendPrivate::startHandshake() | - |
| 899 | { | - |
| 900 | QSslSocket * const q = q_func(); | - |
| 901 | | - |
| 902 | | - |
| 903 | | - |
| 904 | _q_sslErrorList()->mutex.lock(); | - |
| 905 | _q_sslErrorList()->errors.clear(); | - |
| 906 | int result = (mode == QSslSocket::SslClientMode) ? q_SSL_connect(ssl) : q_SSL_accept(ssl); evaluated: (mode == QSslSocket::SslClientMode)| yes Evaluation Count:561 | yes Evaluation Count:18 |
| 18-561 |
| 907 | | - |
| 908 | const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors; | - |
| 909 | for (int i = 0; i < lastErrors.size(); ++i) { evaluated: i < lastErrors.size()| yes Evaluation Count:47 | yes Evaluation Count:579 |
| 47-579 |
| 910 | const QPair<int, int> ¤tError = lastErrors.at(i); | - |
| 911 | | - |
| 912 | if (configuration.peerCertificateChain.isEmpty()) evaluated: configuration.peerCertificateChain.isEmpty()| yes Evaluation Count:41 | yes Evaluation Count:6 |
| 6-41 |
| 913 | configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl)); executed: configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));Execution Count:41 | 41 |
| 914 | q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first, | - |
| 915 | configuration.peerCertificateChain.value(currentError.second))); | - |
| 916 | if (q->state() != QAbstractSocket::ConnectedState) partially evaluated: q->state() != QAbstractSocket::ConnectedState| no Evaluation Count:0 | yes Evaluation Count:47 |
| 0-47 |
| 917 | break; | 0 |
| 918 | } executed: }Execution Count:47 | 47 |
| 919 | | - |
| 920 | errorList << lastErrors; | - |
| 921 | _q_sslErrorList()->mutex.unlock(); | - |
| 922 | | - |
| 923 | | - |
| 924 | if (q->state() != QAbstractSocket::ConnectedState) partially evaluated: q->state() != QAbstractSocket::ConnectedState| no Evaluation Count:0 | yes Evaluation Count:579 |
| 0-579 |
| 925 | return false; never executed: return false; | 0 |
| 926 | | - |
| 927 | | - |
| 928 | if (result <= 0) { evaluated: result <= 0| yes Evaluation Count:499 | yes Evaluation Count:80 |
| 80-499 |
| 929 | switch (q_SSL_get_error(ssl, result)) { | - |
| 930 | case 2: | - |
| 931 | case 3: | - |
| 932 | | - |
| 933 | break; executed: break;Execution Count:498 | 498 |
| 934 | default: | - |
| 935 | q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(getErrorsFromOpenSsl())); | - |
| 936 | q->setSocketError(QAbstractSocket::SslHandshakeFailedError); | - |
| 937 | | - |
| 938 | | - |
| 939 | | - |
| 940 | q->error(QAbstractSocket::SslHandshakeFailedError); | - |
| 941 | q->abort(); | - |
| 942 | } executed: }Execution Count:1 | 1 |
| 943 | return false; executed: return false;Execution Count:499 | 499 |
| 944 | } | - |
| 945 | | - |
| 946 | | - |
| 947 | | - |
| 948 | | - |
| 949 | | - |
| 950 | if (configuration.peerCertificateChain.isEmpty()) evaluated: configuration.peerCertificateChain.isEmpty()| yes Evaluation Count:45 | yes Evaluation Count:35 |
| 35-45 |
| 951 | configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl)); executed: configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));Execution Count:45 | 45 |
| 952 | X509 *x509 = q_SSL_get_peer_certificate(ssl); | - |
| 953 | configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509); | - |
| 954 | q_X509_free(x509); | - |
| 955 | | - |
| 956 | | - |
| 957 | QList<QSslError> errors; | - |
| 958 | | - |
| 959 | | - |
| 960 | for (QForeachContainer<__typeof__(configuration.peerCertificateChain)> _container_(configuration.peerCertificateChain); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &cert = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 961 | if (QSslCertificatePrivate::isBlacklisted(cert)) { partially evaluated: QSslCertificatePrivate::isBlacklisted(cert)| no Evaluation Count:0 | yes Evaluation Count:77 |
| 0-77 |
| 962 | QSslError error(QSslError::CertificateBlacklisted, cert); | - |
| 963 | errors << error; | - |
| 964 | q->peerVerifyError(error); | - |
| 965 | if (q->state() != QAbstractSocket::ConnectedState) never evaluated: q->state() != QAbstractSocket::ConnectedState | 0 |
| 966 | return false; never executed: return false; | 0 |
| 967 | } | 0 |
| 968 | } executed: }Execution Count:77 | 77 |
| 969 | | - |
| 970 | bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyPeer| no Evaluation Count:0 | yes Evaluation Count:80 |
| 0-80 |
| 971 | || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer partially evaluated: configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer| yes Evaluation Count:80 | no Evaluation Count:0 |
| 0-80 |
| 972 | && mode == QSslSocket::SslClientMode); evaluated: mode == QSslSocket::SslClientMode| yes Evaluation Count:77 | yes Evaluation Count:3 |
| 3-77 |
| 973 | | - |
| 974 | | - |
| 975 | | - |
| 976 | | - |
| 977 | if (!configuration.peerCertificate.isNull()) { evaluated: !configuration.peerCertificate.isNull()| yes Evaluation Count:77 | yes Evaluation Count:3 |
| 3-77 |
| 978 | | - |
| 979 | | - |
| 980 | if (mode == QSslSocket::SslClientMode) { partially evaluated: mode == QSslSocket::SslClientMode| yes Evaluation Count:77 | no Evaluation Count:0 |
| 0-77 |
| 981 | QString peerName = (verificationPeerName.isEmpty () ? q->peerName() : verificationPeerName); partially evaluated: verificationPeerName.isEmpty ()| yes Evaluation Count:77 | no Evaluation Count:0 |
| 0-77 |
| 982 | | - |
| 983 | if (!isMatchingHostname(configuration.peerCertificate, peerName)) { evaluated: !isMatchingHostname(configuration.peerCertificate, peerName)| yes Evaluation Count:3 | yes Evaluation Count:74 |
| 3-74 |
| 984 | | - |
| 985 | QSslError error(QSslError::HostNameMismatch, configuration.peerCertificate); | - |
| 986 | errors << error; | - |
| 987 | q->peerVerifyError(error); | - |
| 988 | if (q->state() != QAbstractSocket::ConnectedState) partially evaluated: q->state() != QAbstractSocket::ConnectedState| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 989 | return false; never executed: return false; | 0 |
| 990 | } executed: }Execution Count:3 | 3 |
| 991 | } executed: }Execution Count:77 | 77 |
| 992 | } else { executed: }Execution Count:77 | 77 |
| 993 | | - |
| 994 | | - |
| 995 | if (doVerifyPeer) { partially evaluated: doVerifyPeer| no Evaluation Count:0 | yes Evaluation Count:3 |
| 0-3 |
| 996 | QSslError error(QSslError::NoPeerCertificate); | - |
| 997 | errors << error; | - |
| 998 | q->peerVerifyError(error); | - |
| 999 | if (q->state() != QAbstractSocket::ConnectedState) never evaluated: q->state() != QAbstractSocket::ConnectedState | 0 |
| 1000 | return false; never executed: return false; | 0 |
| 1001 | } | 0 |
| 1002 | } executed: }Execution Count:3 | 3 |
| 1003 | | - |
| 1004 | | - |
| 1005 | for (int i = 0; i < errorList.size(); ++i) { evaluated: i < errorList.size()| yes Evaluation Count:47 | yes Evaluation Count:80 |
| 47-80 |
| 1006 | const QPair<int, int> &errorAndDepth = errorList.at(i); | - |
| 1007 | int err = errorAndDepth.first; | - |
| 1008 | int depth = errorAndDepth.second; | - |
| 1009 | errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth)); | - |
| 1010 | } executed: }Execution Count:47 | 47 |
| 1011 | | - |
| 1012 | if (!errors.isEmpty()) { evaluated: !errors.isEmpty()| yes Evaluation Count:38 | yes Evaluation Count:42 |
| 38-42 |
| 1013 | sslErrors = errors; | - |
| 1014 | if (!checkSslErrors()) evaluated: !checkSslErrors()| yes Evaluation Count:9 | yes Evaluation Count:29 |
| 9-29 |
| 1015 | return false; executed: return false;Execution Count:9 | 9 |
| 1016 | } else { executed: }Execution Count:29 | 29 |
| 1017 | sslErrors.clear(); | - |
| 1018 | } executed: }Execution Count:42 | 42 |
| 1019 | | - |
| 1020 | continueHandshake(); | - |
| 1021 | return true; executed: return true;Execution Count:71 | 71 |
| 1022 | } | - |
| 1023 | | - |
| 1024 | bool QSslSocketBackendPrivate::checkSslErrors() | - |
| 1025 | { | - |
| 1026 | QSslSocket * const q = q_func(); | - |
| 1027 | if (sslErrors.isEmpty()) partially evaluated: sslErrors.isEmpty()| no Evaluation Count:0 | yes Evaluation Count:38 |
| 0-38 |
| 1028 | return true; never executed: return true; | 0 |
| 1029 | | - |
| 1030 | q->sslErrors(sslErrors); | - |
| 1031 | | - |
| 1032 | bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyPeer| no Evaluation Count:0 | yes Evaluation Count:38 |
| 0-38 |
| 1033 | || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer partially evaluated: configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer| yes Evaluation Count:38 | no Evaluation Count:0 |
| 0-38 |
| 1034 | && mode == QSslSocket::SslClientMode); evaluated: mode == QSslSocket::SslClientMode| yes Evaluation Count:35 | yes Evaluation Count:3 |
| 3-35 |
| 1035 | bool doEmitSslError = !verifyErrorsHaveBeenIgnored(); | - |
| 1036 | | - |
| 1037 | if (doVerifyPeer && doEmitSslError) { evaluated: doVerifyPeer| yes Evaluation Count:35 | yes Evaluation Count:3 |
evaluated: doEmitSslError| yes Evaluation Count:9 | yes Evaluation Count:26 |
| 3-35 |
| 1038 | if (q->pauseMode() & QAbstractSocket::PauseOnSslErrors) { partially evaluated: q->pauseMode() & QAbstractSocket::PauseOnSslErrors| no Evaluation Count:0 | yes Evaluation Count:9 |
| 0-9 |
| 1039 | pauseSocketNotifiers(q); | - |
| 1040 | paused = true; | - |
| 1041 | } else { | 0 |
| 1042 | q->setErrorString(sslErrors.first().errorString()); | - |
| 1043 | q->setSocketError(QAbstractSocket::SslHandshakeFailedError); | - |
| 1044 | q->error(QAbstractSocket::SslHandshakeFailedError); | - |
| 1045 | plainSocket->disconnectFromHost(); | - |
| 1046 | } executed: }Execution Count:9 | 9 |
| 1047 | return false; executed: return false;Execution Count:9 | 9 |
| 1048 | } | - |
| 1049 | return true; executed: return true;Execution Count:29 | 29 |
| 1050 | } | - |
| 1051 | void QSslSocketBackendPrivate::disconnectFromHost() | - |
| 1052 | { | - |
| 1053 | if (ssl) { | 0 |
| 1054 | q_SSL_shutdown(ssl); | - |
| 1055 | transmit(); | - |
| 1056 | } | 0 |
| 1057 | plainSocket->disconnectFromHost(); | - |
| 1058 | } | 0 |
| 1059 | | - |
| 1060 | void QSslSocketBackendPrivate::disconnected() | - |
| 1061 | { | - |
| 1062 | if (plainSocket->bytesAvailable() <= 0) evaluated: plainSocket->bytesAvailable() <= 0| yes Evaluation Count:124 | yes Evaluation Count:3 |
| 3-124 |
| 1063 | destroySslContext(); executed: destroySslContext();Execution Count:124 | 124 |
| 1064 | | - |
| 1065 | | - |
| 1066 | } executed: }Execution Count:127 | 127 |
| 1067 | | - |
| 1068 | QSslCipher QSslSocketBackendPrivate::sessionCipher() const | - |
| 1069 | { | - |
| 1070 | if (!ssl || !ctx) evaluated: !ssl| yes Evaluation Count:17 | yes Evaluation Count:142 |
partially evaluated: !ctx| no Evaluation Count:0 | yes Evaluation Count:142 |
| 0-142 |
| 1071 | return QSslCipher(); executed: return QSslCipher();Execution Count:17 | 17 |
| 1072 | | - |
| 1073 | | - |
| 1074 | | - |
| 1075 | | - |
| 1076 | | - |
| 1077 | | - |
| 1078 | SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); | - |
| 1079 | | - |
| 1080 | return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); executed: return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher();Execution Count:142 | 142 |
| 1081 | } | - |
| 1082 | | - |
| 1083 | void QSslSocketBackendPrivate::continueHandshake() | - |
| 1084 | { | - |
| 1085 | QSslSocket * const q = q_func(); | - |
| 1086 | | - |
| 1087 | if (readBufferMaxSize) evaluated: readBufferMaxSize| yes Evaluation Count:67 | yes Evaluation Count:4 |
| 4-67 |
| 1088 | plainSocket->setReadBufferSize(readBufferMaxSize); executed: plainSocket->setReadBufferSize(readBufferMaxSize);Execution Count:67 | 67 |
| 1089 | | - |
| 1090 | connectionEncrypted = true; | - |
| 1091 | q->encrypted(); | - |
| 1092 | if (autoStartHandshake && pendingClose) { evaluated: autoStartHandshake| yes Evaluation Count:67 | yes Evaluation Count:4 |
partially evaluated: pendingClose| no Evaluation Count:0 | yes Evaluation Count:67 |
| 0-67 |
| 1093 | pendingClose = false; | - |
| 1094 | q->disconnectFromHost(); | - |
| 1095 | } | 0 |
| 1096 | } executed: }Execution Count:71 | 71 |
| 1097 | | - |
| 1098 | QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK *x509) | - |
| 1099 | { | - |
| 1100 | ensureInitialized(); | - |
| 1101 | QList<QSslCertificate> certificates; | - |
| 1102 | for (int i = 0; i < ((int (*)(const STACK *))q_sk_num)((x509)); ++i) { evaluated: i < ((int (*)(const STACK *))q_sk_num)((x509))| yes Evaluation Count:77 | yes Evaluation Count:86 |
| 77-86 |
| 1103 | if (X509 *entry = ((X509 * (*)(const STACK *, int))q_sk_value)((x509), (i))) partially evaluated: X509 *entry = ((X509 * (*)(const STACK *, int))q_sk_value)((x509), (i))| yes Evaluation Count:77 | no Evaluation Count:0 |
| 0-77 |
| 1104 | certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry); executed: certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry);Execution Count:77 | 77 |
| 1105 | } executed: }Execution Count:77 | 77 |
| 1106 | return certificates; executed: return certificates;Execution Count:86 | 86 |
| 1107 | } | - |
| 1108 | | - |
| 1109 | QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() | - |
| 1110 | { | - |
| 1111 | QString errorString; | - |
| 1112 | unsigned long errNum; | - |
| 1113 | while((errNum = q_ERR_get_error())) { evaluated: (errNum = q_ERR_get_error())| yes Evaluation Count:1 | yes Evaluation Count:1 |
| 1 |
| 1114 | if (! errorString.isEmpty()) partially evaluated: ! errorString.isEmpty()| no Evaluation Count:0 | yes Evaluation Count:1 |
| 0-1 |
| 1115 | errorString.append(QLatin1String(", ")); never executed: errorString.append(QLatin1String(", ")); | 0 |
| 1116 | const char *error = q_ERR_error_string(errNum, __null); | - |
| 1117 | errorString.append(QString::fromLatin1(error)); | - |
| 1118 | } executed: }Execution Count:1 | 1 |
| 1119 | return errorString; executed: return errorString;Execution Count:1 | 1 |
| 1120 | } | - |
| 1121 | | - |
| 1122 | bool QSslSocketBackendPrivate::isMatchingHostname(const QSslCertificate &cert, const QString &peerName) | - |
| 1123 | { | - |
| 1124 | QStringList commonNameList = cert.subjectInfo(QSslCertificate::CommonName); | - |
| 1125 | | - |
| 1126 | for (QForeachContainer<__typeof__(commonNameList)> _container_(commonNameList); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QString &commonName = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 1127 | if (isMatchingHostname(commonName.toLower(), peerName.toLower())) { evaluated: isMatchingHostname(commonName.toLower(), peerName.toLower())| yes Evaluation Count:75 | yes Evaluation Count:4 |
| 4-75 |
| 1128 | return true; executed: return true;Execution Count:75 | 75 |
| 1129 | } | - |
| 1130 | } executed: }Execution Count:4 | 4 |
| 1131 | | - |
| 1132 | for (QForeachContainer<__typeof__(cert.subjectAlternativeNames().values(QSsl::DnsEntry))> _container_(cert.subjectAlternativeNames().values(QSsl::DnsEntry)); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QString &altName = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 1133 | if (isMatchingHostname(altName.toLower(), peerName.toLower())) { never evaluated: isMatchingHostname(altName.toLower(), peerName.toLower()) | 0 |
| 1134 | return true; never executed: return true; | 0 |
| 1135 | } | - |
| 1136 | } | 0 |
| 1137 | | - |
| 1138 | return false; executed: return false;Execution Count:4 | 4 |
| 1139 | } | - |
| 1140 | | - |
| 1141 | bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QString &hostname) | - |
| 1142 | { | - |
| 1143 | int wildcard = cn.indexOf(QLatin1Char('*')); | - |
| 1144 | | - |
| 1145 | | - |
| 1146 | if (wildcard < 0) partially evaluated: wildcard < 0| yes Evaluation Count:79 | no Evaluation Count:0 |
| 0-79 |
| 1147 | return cn == hostname; executed: return cn == hostname;Execution Count:79 | 79 |
| 1148 | | - |
| 1149 | int firstCnDot = cn.indexOf(QLatin1Char('.')); | - |
| 1150 | int secondCnDot = cn.indexOf(QLatin1Char('.'), firstCnDot+1); | - |
| 1151 | | - |
| 1152 | | - |
| 1153 | if ((-1 == secondCnDot) || (secondCnDot+1 >= cn.length())) never evaluated: (-1 == secondCnDot) never evaluated: (secondCnDot+1 >= cn.length()) | 0 |
| 1154 | return false; never executed: return false; | 0 |
| 1155 | | - |
| 1156 | | - |
| 1157 | if (wildcard+1 != firstCnDot) never evaluated: wildcard+1 != firstCnDot | 0 |
| 1158 | return false; never executed: return false; | 0 |
| 1159 | | - |
| 1160 | | - |
| 1161 | if (cn.lastIndexOf(QLatin1Char('*')) != wildcard) never evaluated: cn.lastIndexOf(QLatin1Char('*')) != wildcard | 0 |
| 1162 | return false; never executed: return false; | 0 |
| 1163 | | - |
| 1164 | | - |
| 1165 | if (wildcard && (hostname.leftRef(wildcard) != cn.leftRef(wildcard))) never evaluated: wildcard never evaluated: (hostname.leftRef(wildcard) != cn.leftRef(wildcard)) | 0 |
| 1166 | return false; never executed: return false; | 0 |
| 1167 | | - |
| 1168 | | - |
| 1169 | if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot)) never evaluated: hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot) | 0 |
| 1170 | return false; never executed: return false; | 0 |
| 1171 | | - |
| 1172 | | - |
| 1173 | QHostAddress addr(hostname); | - |
| 1174 | if (!addr.isNull()) never evaluated: !addr.isNull() | 0 |
| 1175 | return false; never executed: return false; | 0 |
| 1176 | | - |
| 1177 | | - |
| 1178 | return true; never executed: return true; | 0 |
| 1179 | } | - |
| 1180 | | - |
| 1181 | QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certificateChain, const QString &hostName) | - |
| 1182 | { | - |
| 1183 | QList<QSslError> errors; | - |
| 1184 | if (certificateChain.count() <= 0) { evaluated: certificateChain.count() <= 0| yes Evaluation Count:1 | yes Evaluation Count:7 |
| 1-7 |
| 1185 | errors << QSslError(QSslError::UnspecifiedError); | - |
| 1186 | return errors; executed: return errors;Execution Count:1 | 1 |
| 1187 | } | - |
| 1188 | | - |
| 1189 | | - |
| 1190 | X509_STORE *certStore = q_X509_STORE_new(); | - |
| 1191 | if (!certStore) { partially evaluated: !certStore| no Evaluation Count:0 | yes Evaluation Count:7 |
| 0-7 |
| 1192 | QMessageLogger("ssl/qsslsocket_openssl.cpp", 1657, __PRETTY_FUNCTION__).warning() << "Unable to create certificate store"; | - |
| 1193 | errors << QSslError(QSslError::UnspecifiedError); | - |
| 1194 | return errors; never executed: return errors; | 0 |
| 1195 | } | - |
| 1196 | | - |
| 1197 | if (s_loadRootCertsOnDemand) { evaluated: s_loadRootCertsOnDemand| yes Evaluation Count:1 | yes Evaluation Count:6 |
| 1-6 |
| 1198 | setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates()); | - |
| 1199 | } executed: }Execution Count:1 | 1 |
| 1200 | | - |
| 1201 | QList<QSslCertificate> expiredCerts; | - |
| 1202 | | - |
| 1203 | for (QForeachContainer<__typeof__(QSslSocket::defaultCaCertificates())> _container_(QSslSocket::defaultCaCertificates()); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 1204 | | - |
| 1205 | | - |
| 1206 | if (caCertificate.expiryDate() < QDateTime::currentDateTime()) { evaluated: caCertificate.expiryDate() < QDateTime::currentDateTime()| yes Evaluation Count:224 | yes Evaluation Count:1757 |
| 224-1757 |
| 1207 | expiredCerts.append(caCertificate); | - |
| 1208 | } else { executed: }Execution Count:224 | 224 |
| 1209 | q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle())); | - |
| 1210 | } executed: }Execution Count:1757 | 1757 |
| 1211 | } | - |
| 1212 | | - |
| 1213 | bool addExpiredCerts = true; | - |
| 1214 | | - |
| 1215 | | - |
| 1216 | | - |
| 1217 | | - |
| 1218 | | - |
| 1219 | | - |
| 1220 | if (addExpiredCerts) { partially evaluated: addExpiredCerts| yes Evaluation Count:7 | no Evaluation Count:0 |
| 0-7 |
| 1221 | for (QForeachContainer<__typeof__(expiredCerts)> _container_(expiredCerts); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 1222 | q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle())); | - |
| 1223 | } executed: }Execution Count:224 | 224 |
| 1224 | } executed: }Execution Count:7 | 7 |
| 1225 | | - |
| 1226 | QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex); | - |
| 1227 | | - |
| 1228 | | - |
| 1229 | ((certStore)->verify_cb=(q_X509Callback)); | - |
| 1230 | | - |
| 1231 | | - |
| 1232 | STACK *intermediates = 0; | - |
| 1233 | if (certificateChain.length() > 1) { evaluated: certificateChain.length() > 1| yes Evaluation Count:4 | yes Evaluation Count:3 |
| 3-4 |
| 1234 | intermediates = (STACK *) q_sk_new_null(); | - |
| 1235 | | - |
| 1236 | if (!intermediates) { partially evaluated: !intermediates| no Evaluation Count:0 | yes Evaluation Count:4 |
| 0-4 |
| 1237 | q_X509_STORE_free(certStore); | - |
| 1238 | errors << QSslError(QSslError::UnspecifiedError); | - |
| 1239 | return errors; never executed: return errors; | 0 |
| 1240 | } | - |
| 1241 | | - |
| 1242 | bool first = true; | - |
| 1243 | for (QForeachContainer<__typeof__(certificateChain)> _container_(certificateChain); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &cert = *_container_.i;; __extension__ ({--_container_.brk; break;})) { | - |
| 1244 | if (first) { evaluated: first| yes Evaluation Count:4 | yes Evaluation Count:4 |
| 4 |
| 1245 | first = false; | - |
| 1246 | continue; executed: continue;Execution Count:4 | 4 |
| 1247 | } | - |
| 1248 | | - |
| 1249 | | - |
| 1250 | | - |
| 1251 | q_sk_push( (STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); | - |
| 1252 | | - |
| 1253 | } executed: }Execution Count:4 | 4 |
| 1254 | } executed: }Execution Count:4 | 4 |
| 1255 | | - |
| 1256 | X509_STORE_CTX *storeContext = q_X509_STORE_CTX_new(); | - |
| 1257 | if (!storeContext) { partially evaluated: !storeContext| no Evaluation Count:0 | yes Evaluation Count:7 |
| 0-7 |
| 1258 | q_X509_STORE_free(certStore); | - |
| 1259 | errors << QSslError(QSslError::UnspecifiedError); | - |
| 1260 | return errors; never executed: return errors; | 0 |
| 1261 | } | - |
| 1262 | | - |
| 1263 | if (!q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)) { partially evaluated: !q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)| no Evaluation Count:0 | yes Evaluation Count:7 |
| 0-7 |
| 1264 | q_X509_STORE_CTX_free(storeContext); | - |
| 1265 | q_X509_STORE_free(certStore); | - |
| 1266 | errors << QSslError(QSslError::UnspecifiedError); | - |
| 1267 | return errors; never executed: return errors; | 0 |
| 1268 | } | - |
| 1269 | | - |
| 1270 | | - |
| 1271 | | - |
| 1272 | | - |
| 1273 | (void) q_X509_verify_cert(storeContext); | - |
| 1274 | | - |
| 1275 | q_X509_STORE_CTX_free(storeContext); | - |
| 1276 | | - |
| 1277 | | - |
| 1278 | | - |
| 1279 | q_sk_free( (STACK *) intermediates); | - |
| 1280 | | - |
| 1281 | | - |
| 1282 | | - |
| 1283 | const QList<QPair<int, int> > errorList = _q_sslErrorList()->errors; | - |
| 1284 | _q_sslErrorList()->errors.clear(); | - |
| 1285 | | - |
| 1286 | sslErrorListMutexLocker.unlock(); | - |
| 1287 | | - |
| 1288 | | - |
| 1289 | if (QSslCertificatePrivate::isBlacklisted(certificateChain[0])) { evaluated: QSslCertificatePrivate::isBlacklisted(certificateChain[0])| yes Evaluation Count:1 | yes Evaluation Count:6 |
| 1-6 |
| 1290 | QSslError error(QSslError::CertificateBlacklisted, certificateChain[0]); | - |
| 1291 | errors << error; | - |
| 1292 | } executed: }Execution Count:1 | 1 |
| 1293 | | - |
| 1294 | | - |
| 1295 | if ((!hostName.isEmpty()) && (!isMatchingHostname(certificateChain[0], hostName))) { evaluated: (!hostName.isEmpty())| yes Evaluation Count:2 | yes Evaluation Count:5 |
evaluated: (!isMatchingHostname(certificateChain[0], hostName))| yes Evaluation Count:1 | yes Evaluation Count:1 |
| 1-5 |
| 1296 | | - |
| 1297 | QSslError error(QSslError::HostNameMismatch, certificateChain[0]); | - |
| 1298 | errors << error; | - |
| 1299 | } executed: }Execution Count:1 | 1 |
| 1300 | | - |
| 1301 | | - |
| 1302 | for (int i = 0; i < errorList.size(); ++i) { evaluated: i < errorList.size()| yes Evaluation Count:3 | yes Evaluation Count:7 |
| 3-7 |
| 1303 | const QPair<int, int> &errorAndDepth = errorList.at(i); | - |
| 1304 | int err = errorAndDepth.first; | - |
| 1305 | int depth = errorAndDepth.second; | - |
| 1306 | errors << _q_OpenSSL_to_QSslError(err, certificateChain.value(depth)); | - |
| 1307 | } executed: }Execution Count:3 | 3 |
| 1308 | | - |
| 1309 | q_X509_STORE_free(certStore); | - |
| 1310 | | - |
| 1311 | return errors; executed: return errors;Execution Count:7 | 7 |
| 1312 | } | - |
| 1313 | | - |
| 1314 | | - |
| 1315 | | - |
| | |