OpenCoverage

s3_lib.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/ssl/s3_lib.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: s3_lib.c,v 1.170 2018/09/06 16:40:45 jsing Exp $ */-
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)-
3 * All rights reserved.-
4 *-
5 * This package is an SSL implementation written-
6 * by Eric Young (eay@cryptsoft.com).-
7 * The implementation was written so as to conform with Netscapes SSL.-
8 *-
9 * This library is free for commercial and non-commercial use as long as-
10 * the following conditions are aheared to. The following conditions-
11 * apply to all code found in this distribution, be it the RC4, RSA,-
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation-
13 * included with this distribution is covered by the same copyright terms-
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).-
15 *-
16 * Copyright remains Eric Young's, and as such any Copyright notices in-
17 * the code are not to be removed.-
18 * If this package is used in a product, Eric Young should be given attribution-
19 * as the author of the parts of the library used.-
20 * This can be in the form of a textual message at program startup or-
21 * in documentation (online or textual) provided with the package.-
22 *-
23 * Redistribution and use in source and binary forms, with or without-
24 * modification, are permitted provided that the following conditions-
25 * are met:-
26 * 1. Redistributions of source code must retain the copyright-
27 * notice, this list of conditions and the following disclaimer.-
28 * 2. Redistributions in binary form must reproduce the above copyright-
29 * notice, this list of conditions and the following disclaimer in the-
30 * documentation and/or other materials provided with the distribution.-
31 * 3. All advertising materials mentioning features or use of this software-
32 * must display the following acknowledgement:-
33 * "This product includes cryptographic software written by-
34 * Eric Young (eay@cryptsoft.com)"-
35 * The word 'cryptographic' can be left out if the rouines from the library-
36 * being used are not cryptographic related :-).-
37 * 4. If you include any Windows specific code (or a derivative thereof) from-
38 * the apps directory (application code) you must include an acknowledgement:-
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"-
40 *-
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND-
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE-
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE-
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL-
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS-
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT-
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY-
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF-
51 * SUCH DAMAGE.-
52 *-
53 * The licence and distribution terms for any publically available version or-
54 * derivative of this code cannot be changed. i.e. this code cannot simply be-
55 * copied and put under another distribution licence-
56 * [including the GNU Public Licence.]-
57 */-
58/* ====================================================================-
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.-
60 *-
61 * Redistribution and use in source and binary forms, with or without-
62 * modification, are permitted provided that the following conditions-
63 * are met:-
64 *-
65 * 1. Redistributions of source code must retain the above copyright-
66 * notice, this list of conditions and the following disclaimer.-
67 *-
68 * 2. Redistributions in binary form must reproduce the above copyright-
69 * notice, this list of conditions and the following disclaimer in-
70 * the documentation and/or other materials provided with the-
71 * distribution.-
72 *-
73 * 3. All advertising materials mentioning features or use of this-
74 * software must display the following acknowledgment:-
75 * "This product includes software developed by the OpenSSL Project-
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"-
77 *-
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
79 * endorse or promote products derived from this software without-
80 * prior written permission. For written permission, please contact-
81 * openssl-core@openssl.org.-
82 *-
83 * 5. Products derived from this software may not be called "OpenSSL"-
84 * nor may "OpenSSL" appear in their names without prior written-
85 * permission of the OpenSSL Project.-
86 *-
87 * 6. Redistributions of any form whatsoever must retain the following-
88 * acknowledgment:-
89 * "This product includes software developed by the OpenSSL Project-
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"-
91 *-
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
103 * OF THE POSSIBILITY OF SUCH DAMAGE.-
104 * ====================================================================-
105 *-
106 * This product includes cryptographic software written by Eric Young-
107 * (eay@cryptsoft.com). This product includes software written by Tim-
108 * Hudson (tjh@cryptsoft.com).-
109 *-
110 */-
111/* ====================================================================-
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.-
113 *-
114 * Portions of the attached software ("Contribution") are developed by-
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.-
116 *-
117 * The Contribution is licensed pursuant to the OpenSSL open source-
118 * license provided above.-
119 *-
120 * ECC cipher suite support in OpenSSL originally written by-
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.-
122 *-
123 */-
124/* ====================================================================-
125 * Copyright 2005 Nokia. All rights reserved.-
126 *-
127 * The portions of the attached software ("Contribution") is developed by-
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source-
129 * license.-
130 *-
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of-
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites-
133 * support (see RFC 4279) to OpenSSL.-
134 *-
135 * No patent licenses or other rights except those expressly stated in-
136 * the OpenSSL open source license shall be deemed granted or received-
137 * expressly, by implication, estoppel, or otherwise.-
138 *-
139 * No assurances are provided by Nokia that the Contribution does not-
140 * infringe the patent or other intellectual property rights of any third-
141 * party or that the license provides you with all the necessary rights-
142 * to make use of the Contribution.-
143 *-
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN-
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA-
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY-
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR-
148 * OTHERWISE.-
149 */-
150-
151#include <limits.h>-
152#include <stdio.h>-
153-
154#include <openssl/bn.h>-
155#include <openssl/curve25519.h>-
156#include <openssl/dh.h>-
157#include <openssl/md5.h>-
158#include <openssl/objects.h>-
159-
160#include "ssl_locl.h"-
161#include "bytestring.h"-
162-
163#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))-
164-
165/*-
166 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the-
167 * fixed nonce length in algorithms2. It is the inverse of the-
168 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.-
169 */-
170#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)-
171-
172/* list of available SSLv3 ciphers (sorted by id) */-
173SSL_CIPHER ssl3_ciphers[] = {-
174-
175 /* The RSA ciphers */-
176 /* Cipher 01 */-
177 {-
178 .valid = 1,-
179 .name = SSL3_TXT_RSA_NULL_MD5,-
180 .id = SSL3_CK_RSA_NULL_MD5,-
181 .algorithm_mkey = SSL_kRSA,-
182 .algorithm_auth = SSL_aRSA,-
183 .algorithm_enc = SSL_eNULL,-
184 .algorithm_mac = SSL_MD5,-
185 .algorithm_ssl = SSL_SSLV3,-
186 .algo_strength = SSL_STRONG_NONE,-
187 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
188 .strength_bits = 0,-
189 .alg_bits = 0,-
190 },-
191-
192 /* Cipher 02 */-
193 {-
194 .valid = 1,-
195 .name = SSL3_TXT_RSA_NULL_SHA,-
196 .id = SSL3_CK_RSA_NULL_SHA,-
197 .algorithm_mkey = SSL_kRSA,-
198 .algorithm_auth = SSL_aRSA,-
199 .algorithm_enc = SSL_eNULL,-
200 .algorithm_mac = SSL_SHA1,-
201 .algorithm_ssl = SSL_SSLV3,-
202 .algo_strength = SSL_STRONG_NONE,-
203 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
204 .strength_bits = 0,-
205 .alg_bits = 0,-
206 },-
207-
208 /* Cipher 04 */-
209 {-
210 .valid = 1,-
211 .name = SSL3_TXT_RSA_RC4_128_MD5,-
212 .id = SSL3_CK_RSA_RC4_128_MD5,-
213 .algorithm_mkey = SSL_kRSA,-
214 .algorithm_auth = SSL_aRSA,-
215 .algorithm_enc = SSL_RC4,-
216 .algorithm_mac = SSL_MD5,-
217 .algorithm_ssl = SSL_SSLV3,-
218 .algo_strength = SSL_LOW,-
219 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
220 .strength_bits = 128,-
221 .alg_bits = 128,-
222 },-
223-
224 /* Cipher 05 */-
225 {-
226 .valid = 1,-
227 .name = SSL3_TXT_RSA_RC4_128_SHA,-
228 .id = SSL3_CK_RSA_RC4_128_SHA,-
229 .algorithm_mkey = SSL_kRSA,-
230 .algorithm_auth = SSL_aRSA,-
231 .algorithm_enc = SSL_RC4,-
232 .algorithm_mac = SSL_SHA1,-
233 .algorithm_ssl = SSL_SSLV3,-
234 .algo_strength = SSL_LOW,-
235 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
236 .strength_bits = 128,-
237 .alg_bits = 128,-
238 },-
239-
240 /* Cipher 0A */-
241 {-
242 .valid = 1,-
243 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,-
244 .id = SSL3_CK_RSA_DES_192_CBC3_SHA,-
245 .algorithm_mkey = SSL_kRSA,-
246 .algorithm_auth = SSL_aRSA,-
247 .algorithm_enc = SSL_3DES,-
248 .algorithm_mac = SSL_SHA1,-
249 .algorithm_ssl = SSL_SSLV3,-
250 .algo_strength = SSL_MEDIUM,-
251 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
252 .strength_bits = 112,-
253 .alg_bits = 168,-
254 },-
255-
256 /*-
257 * Ephemeral DH (DHE) ciphers.-
258 */-
259-
260 /* Cipher 16 */-
261 {-
262 .valid = 1,-
263 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,-
264 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,-
265 .algorithm_mkey = SSL_kDHE,-
266 .algorithm_auth = SSL_aRSA,-
267 .algorithm_enc = SSL_3DES,-
268 .algorithm_mac = SSL_SHA1,-
269 .algorithm_ssl = SSL_SSLV3,-
270 .algo_strength = SSL_MEDIUM,-
271 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
272 .strength_bits = 112,-
273 .alg_bits = 168,-
274 },-
275-
276 /* Cipher 18 */-
277 {-
278 .valid = 1,-
279 .name = SSL3_TXT_ADH_RC4_128_MD5,-
280 .id = SSL3_CK_ADH_RC4_128_MD5,-
281 .algorithm_mkey = SSL_kDHE,-
282 .algorithm_auth = SSL_aNULL,-
283 .algorithm_enc = SSL_RC4,-
284 .algorithm_mac = SSL_MD5,-
285 .algorithm_ssl = SSL_SSLV3,-
286 .algo_strength = SSL_LOW,-
287 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
288 .strength_bits = 128,-
289 .alg_bits = 128,-
290 },-
291-
292 /* Cipher 1B */-
293 {-
294 .valid = 1,-
295 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,-
296 .id = SSL3_CK_ADH_DES_192_CBC_SHA,-
297 .algorithm_mkey = SSL_kDHE,-
298 .algorithm_auth = SSL_aNULL,-
299 .algorithm_enc = SSL_3DES,-
300 .algorithm_mac = SSL_SHA1,-
301 .algorithm_ssl = SSL_SSLV3,-
302 .algo_strength = SSL_MEDIUM,-
303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
304 .strength_bits = 112,-
305 .alg_bits = 168,-
306 },-
307-
308 /*-
309 * AES ciphersuites.-
310 */-
311-
312 /* Cipher 2F */-
313 {-
314 .valid = 1,-
315 .name = TLS1_TXT_RSA_WITH_AES_128_SHA,-
316 .id = TLS1_CK_RSA_WITH_AES_128_SHA,-
317 .algorithm_mkey = SSL_kRSA,-
318 .algorithm_auth = SSL_aRSA,-
319 .algorithm_enc = SSL_AES128,-
320 .algorithm_mac = SSL_SHA1,-
321 .algorithm_ssl = SSL_TLSV1,-
322 .algo_strength = SSL_HIGH,-
323 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
324 .strength_bits = 128,-
325 .alg_bits = 128,-
326 },-
327-
328 /* Cipher 33 */-
329 {-
330 .valid = 1,-
331 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,-
332 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,-
333 .algorithm_mkey = SSL_kDHE,-
334 .algorithm_auth = SSL_aRSA,-
335 .algorithm_enc = SSL_AES128,-
336 .algorithm_mac = SSL_SHA1,-
337 .algorithm_ssl = SSL_TLSV1,-
338 .algo_strength = SSL_HIGH,-
339 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
340 .strength_bits = 128,-
341 .alg_bits = 128,-
342 },-
343-
344 /* Cipher 34 */-
345 {-
346 .valid = 1,-
347 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,-
348 .id = TLS1_CK_ADH_WITH_AES_128_SHA,-
349 .algorithm_mkey = SSL_kDHE,-
350 .algorithm_auth = SSL_aNULL,-
351 .algorithm_enc = SSL_AES128,-
352 .algorithm_mac = SSL_SHA1,-
353 .algorithm_ssl = SSL_TLSV1,-
354 .algo_strength = SSL_HIGH,-
355 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
356 .strength_bits = 128,-
357 .alg_bits = 128,-
358 },-
359-
360 /* Cipher 35 */-
361 {-
362 .valid = 1,-
363 .name = TLS1_TXT_RSA_WITH_AES_256_SHA,-
364 .id = TLS1_CK_RSA_WITH_AES_256_SHA,-
365 .algorithm_mkey = SSL_kRSA,-
366 .algorithm_auth = SSL_aRSA,-
367 .algorithm_enc = SSL_AES256,-
368 .algorithm_mac = SSL_SHA1,-
369 .algorithm_ssl = SSL_TLSV1,-
370 .algo_strength = SSL_HIGH,-
371 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
372 .strength_bits = 256,-
373 .alg_bits = 256,-
374 },-
375-
376 /* Cipher 39 */-
377 {-
378 .valid = 1,-
379 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,-
380 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,-
381 .algorithm_mkey = SSL_kDHE,-
382 .algorithm_auth = SSL_aRSA,-
383 .algorithm_enc = SSL_AES256,-
384 .algorithm_mac = SSL_SHA1,-
385 .algorithm_ssl = SSL_TLSV1,-
386 .algo_strength = SSL_HIGH,-
387 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
388 .strength_bits = 256,-
389 .alg_bits = 256,-
390 },-
391-
392 /* Cipher 3A */-
393 {-
394 .valid = 1,-
395 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,-
396 .id = TLS1_CK_ADH_WITH_AES_256_SHA,-
397 .algorithm_mkey = SSL_kDHE,-
398 .algorithm_auth = SSL_aNULL,-
399 .algorithm_enc = SSL_AES256,-
400 .algorithm_mac = SSL_SHA1,-
401 .algorithm_ssl = SSL_TLSV1,-
402 .algo_strength = SSL_HIGH,-
403 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
404 .strength_bits = 256,-
405 .alg_bits = 256,-
406 },-
407-
408 /* TLS v1.2 ciphersuites */-
409 /* Cipher 3B */-
410 {-
411 .valid = 1,-
412 .name = TLS1_TXT_RSA_WITH_NULL_SHA256,-
413 .id = TLS1_CK_RSA_WITH_NULL_SHA256,-
414 .algorithm_mkey = SSL_kRSA,-
415 .algorithm_auth = SSL_aRSA,-
416 .algorithm_enc = SSL_eNULL,-
417 .algorithm_mac = SSL_SHA256,-
418 .algorithm_ssl = SSL_TLSV1_2,-
419 .algo_strength = SSL_STRONG_NONE,-
420 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
421 .strength_bits = 0,-
422 .alg_bits = 0,-
423 },-
424-
425 /* Cipher 3C */-
426 {-
427 .valid = 1,-
428 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,-
429 .id = TLS1_CK_RSA_WITH_AES_128_SHA256,-
430 .algorithm_mkey = SSL_kRSA,-
431 .algorithm_auth = SSL_aRSA,-
432 .algorithm_enc = SSL_AES128,-
433 .algorithm_mac = SSL_SHA256,-
434 .algorithm_ssl = SSL_TLSV1_2,-
435 .algo_strength = SSL_HIGH,-
436 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
437 .strength_bits = 128,-
438 .alg_bits = 128,-
439 },-
440-
441 /* Cipher 3D */-
442 {-
443 .valid = 1,-
444 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,-
445 .id = TLS1_CK_RSA_WITH_AES_256_SHA256,-
446 .algorithm_mkey = SSL_kRSA,-
447 .algorithm_auth = SSL_aRSA,-
448 .algorithm_enc = SSL_AES256,-
449 .algorithm_mac = SSL_SHA256,-
450 .algorithm_ssl = SSL_TLSV1_2,-
451 .algo_strength = SSL_HIGH,-
452 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
453 .strength_bits = 256,-
454 .alg_bits = 256,-
455 },-
456-
457#ifndef OPENSSL_NO_CAMELLIA-
458 /* Camellia ciphersuites from RFC4132 (128-bit portion) */-
459-
460 /* Cipher 41 */-
461 {-
462 .valid = 1,-
463 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,-
464 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,-
465 .algorithm_mkey = SSL_kRSA,-
466 .algorithm_auth = SSL_aRSA,-
467 .algorithm_enc = SSL_CAMELLIA128,-
468 .algorithm_mac = SSL_SHA1,-
469 .algorithm_ssl = SSL_TLSV1,-
470 .algo_strength = SSL_HIGH,-
471 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
472 .strength_bits = 128,-
473 .alg_bits = 128,-
474 },-
475-
476 /* Cipher 45 */-
477 {-
478 .valid = 1,-
479 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,-
480 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,-
481 .algorithm_mkey = SSL_kDHE,-
482 .algorithm_auth = SSL_aRSA,-
483 .algorithm_enc = SSL_CAMELLIA128,-
484 .algorithm_mac = SSL_SHA1,-
485 .algorithm_ssl = SSL_TLSV1,-
486 .algo_strength = SSL_HIGH,-
487 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
488 .strength_bits = 128,-
489 .alg_bits = 128,-
490 },-
491-
492 /* Cipher 46 */-
493 {-
494 .valid = 1,-
495 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,-
496 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,-
497 .algorithm_mkey = SSL_kDHE,-
498 .algorithm_auth = SSL_aNULL,-
499 .algorithm_enc = SSL_CAMELLIA128,-
500 .algorithm_mac = SSL_SHA1,-
501 .algorithm_ssl = SSL_TLSV1,-
502 .algo_strength = SSL_HIGH,-
503 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
504 .strength_bits = 128,-
505 .alg_bits = 128,-
506 },-
507#endif /* OPENSSL_NO_CAMELLIA */-
508-
509 /* TLS v1.2 ciphersuites */-
510 /* Cipher 67 */-
511 {-
512 .valid = 1,-
513 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,-
514 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,-
515 .algorithm_mkey = SSL_kDHE,-
516 .algorithm_auth = SSL_aRSA,-
517 .algorithm_enc = SSL_AES128,-
518 .algorithm_mac = SSL_SHA256,-
519 .algorithm_ssl = SSL_TLSV1_2,-
520 .algo_strength = SSL_HIGH,-
521 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
522 .strength_bits = 128,-
523 .alg_bits = 128,-
524 },-
525-
526 /* Cipher 6B */-
527 {-
528 .valid = 1,-
529 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,-
530 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,-
531 .algorithm_mkey = SSL_kDHE,-
532 .algorithm_auth = SSL_aRSA,-
533 .algorithm_enc = SSL_AES256,-
534 .algorithm_mac = SSL_SHA256,-
535 .algorithm_ssl = SSL_TLSV1_2,-
536 .algo_strength = SSL_HIGH,-
537 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
538 .strength_bits = 256,-
539 .alg_bits = 256,-
540 },-
541-
542 /* Cipher 6C */-
543 {-
544 .valid = 1,-
545 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,-
546 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,-
547 .algorithm_mkey = SSL_kDHE,-
548 .algorithm_auth = SSL_aNULL,-
549 .algorithm_enc = SSL_AES128,-
550 .algorithm_mac = SSL_SHA256,-
551 .algorithm_ssl = SSL_TLSV1_2,-
552 .algo_strength = SSL_HIGH,-
553 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
554 .strength_bits = 128,-
555 .alg_bits = 128,-
556 },-
557-
558 /* Cipher 6D */-
559 {-
560 .valid = 1,-
561 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,-
562 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,-
563 .algorithm_mkey = SSL_kDHE,-
564 .algorithm_auth = SSL_aNULL,-
565 .algorithm_enc = SSL_AES256,-
566 .algorithm_mac = SSL_SHA256,-
567 .algorithm_ssl = SSL_TLSV1_2,-
568 .algo_strength = SSL_HIGH,-
569 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
570 .strength_bits = 256,-
571 .alg_bits = 256,-
572 },-
573-
574 /* GOST Ciphersuites */-
575-
576 /* Cipher 81 */-
577 {-
578 .valid = 1,-
579 .name = "GOST2001-GOST89-GOST89",-
580 .id = 0x3000081,-
581 .algorithm_mkey = SSL_kGOST,-
582 .algorithm_auth = SSL_aGOST01,-
583 .algorithm_enc = SSL_eGOST2814789CNT,-
584 .algorithm_mac = SSL_GOST89MAC,-
585 .algorithm_ssl = SSL_TLSV1,-
586 .algo_strength = SSL_HIGH,-
587 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|-
588 TLS1_STREAM_MAC,-
589 .strength_bits = 256,-
590 .alg_bits = 256-
591 },-
592-
593 /* Cipher 83 */-
594 {-
595 .valid = 1,-
596 .name = "GOST2001-NULL-GOST94",-
597 .id = 0x3000083,-
598 .algorithm_mkey = SSL_kGOST,-
599 .algorithm_auth = SSL_aGOST01,-
600 .algorithm_enc = SSL_eNULL,-
601 .algorithm_mac = SSL_GOST94,-
602 .algorithm_ssl = SSL_TLSV1,-
603 .algo_strength = SSL_STRONG_NONE,-
604 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,-
605 .strength_bits = 0,-
606 .alg_bits = 0-
607 },-
608-
609#ifndef OPENSSL_NO_CAMELLIA-
610 /* Camellia ciphersuites from RFC4132 (256-bit portion) */-
611-
612 /* Cipher 84 */-
613 {-
614 .valid = 1,-
615 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,-
616 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,-
617 .algorithm_mkey = SSL_kRSA,-
618 .algorithm_auth = SSL_aRSA,-
619 .algorithm_enc = SSL_CAMELLIA256,-
620 .algorithm_mac = SSL_SHA1,-
621 .algorithm_ssl = SSL_TLSV1,-
622 .algo_strength = SSL_HIGH,-
623 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
624 .strength_bits = 256,-
625 .alg_bits = 256,-
626 },-
627-
628 /* Cipher 88 */-
629 {-
630 .valid = 1,-
631 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,-
632 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,-
633 .algorithm_mkey = SSL_kDHE,-
634 .algorithm_auth = SSL_aRSA,-
635 .algorithm_enc = SSL_CAMELLIA256,-
636 .algorithm_mac = SSL_SHA1,-
637 .algorithm_ssl = SSL_TLSV1,-
638 .algo_strength = SSL_HIGH,-
639 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
640 .strength_bits = 256,-
641 .alg_bits = 256,-
642 },-
643-
644 /* Cipher 89 */-
645 {-
646 .valid = 1,-
647 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,-
648 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,-
649 .algorithm_mkey = SSL_kDHE,-
650 .algorithm_auth = SSL_aNULL,-
651 .algorithm_enc = SSL_CAMELLIA256,-
652 .algorithm_mac = SSL_SHA1,-
653 .algorithm_ssl = SSL_TLSV1,-
654 .algo_strength = SSL_HIGH,-
655 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
656 .strength_bits = 256,-
657 .alg_bits = 256,-
658 },-
659#endif /* OPENSSL_NO_CAMELLIA */-
660-
661 /*-
662 * GCM ciphersuites from RFC5288.-
663 */-
664-
665 /* Cipher 9C */-
666 {-
667 .valid = 1,-
668 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,-
669 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,-
670 .algorithm_mkey = SSL_kRSA,-
671 .algorithm_auth = SSL_aRSA,-
672 .algorithm_enc = SSL_AES128GCM,-
673 .algorithm_mac = SSL_AEAD,-
674 .algorithm_ssl = SSL_TLSV1_2,-
675 .algo_strength = SSL_HIGH,-
676 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
677 FIXED_NONCE_LEN(4)|-
678 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
679 .strength_bits = 128,-
680 .alg_bits = 128,-
681 },-
682-
683 /* Cipher 9D */-
684 {-
685 .valid = 1,-
686 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,-
687 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,-
688 .algorithm_mkey = SSL_kRSA,-
689 .algorithm_auth = SSL_aRSA,-
690 .algorithm_enc = SSL_AES256GCM,-
691 .algorithm_mac = SSL_AEAD,-
692 .algorithm_ssl = SSL_TLSV1_2,-
693 .algo_strength = SSL_HIGH,-
694 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|-
695 FIXED_NONCE_LEN(4)|-
696 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
697 .strength_bits = 256,-
698 .alg_bits = 256,-
699 },-
700-
701 /* Cipher 9E */-
702 {-
703 .valid = 1,-
704 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,-
705 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,-
706 .algorithm_mkey = SSL_kDHE,-
707 .algorithm_auth = SSL_aRSA,-
708 .algorithm_enc = SSL_AES128GCM,-
709 .algorithm_mac = SSL_AEAD,-
710 .algorithm_ssl = SSL_TLSV1_2,-
711 .algo_strength = SSL_HIGH,-
712 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
713 FIXED_NONCE_LEN(4)|-
714 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
715 .strength_bits = 128,-
716 .alg_bits = 128,-
717 },-
718-
719 /* Cipher 9F */-
720 {-
721 .valid = 1,-
722 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,-
723 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,-
724 .algorithm_mkey = SSL_kDHE,-
725 .algorithm_auth = SSL_aRSA,-
726 .algorithm_enc = SSL_AES256GCM,-
727 .algorithm_mac = SSL_AEAD,-
728 .algorithm_ssl = SSL_TLSV1_2,-
729 .algo_strength = SSL_HIGH,-
730 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|-
731 FIXED_NONCE_LEN(4)|-
732 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
733 .strength_bits = 256,-
734 .alg_bits = 256,-
735 },-
736-
737 /* Cipher A6 */-
738 {-
739 .valid = 1,-
740 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,-
741 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,-
742 .algorithm_mkey = SSL_kDHE,-
743 .algorithm_auth = SSL_aNULL,-
744 .algorithm_enc = SSL_AES128GCM,-
745 .algorithm_mac = SSL_AEAD,-
746 .algorithm_ssl = SSL_TLSV1_2,-
747 .algo_strength = SSL_HIGH,-
748 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
749 FIXED_NONCE_LEN(4)|-
750 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
751 .strength_bits = 128,-
752 .alg_bits = 128,-
753 },-
754-
755 /* Cipher A7 */-
756 {-
757 .valid = 1,-
758 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,-
759 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,-
760 .algorithm_mkey = SSL_kDHE,-
761 .algorithm_auth = SSL_aNULL,-
762 .algorithm_enc = SSL_AES256GCM,-
763 .algorithm_mac = SSL_AEAD,-
764 .algorithm_ssl = SSL_TLSV1_2,-
765 .algo_strength = SSL_HIGH,-
766 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|-
767 FIXED_NONCE_LEN(4)|-
768 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
769 .strength_bits = 256,-
770 .alg_bits = 256,-
771 },-
772-
773#ifndef OPENSSL_NO_CAMELLIA-
774 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */-
775-
776 /* Cipher BA */-
777 {-
778 .valid = 1,-
779 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
780 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
781 .algorithm_mkey = SSL_kRSA,-
782 .algorithm_auth = SSL_aRSA,-
783 .algorithm_enc = SSL_CAMELLIA128,-
784 .algorithm_mac = SSL_SHA256,-
785 .algorithm_ssl = SSL_TLSV1_2,-
786 .algo_strength = SSL_HIGH,-
787 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
788 .strength_bits = 128,-
789 .alg_bits = 128,-
790 },-
791-
792 /* Cipher BE */-
793 {-
794 .valid = 1,-
795 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
796 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
797 .algorithm_mkey = SSL_kDHE,-
798 .algorithm_auth = SSL_aRSA,-
799 .algorithm_enc = SSL_CAMELLIA128,-
800 .algorithm_mac = SSL_SHA256,-
801 .algorithm_ssl = SSL_TLSV1_2,-
802 .algo_strength = SSL_HIGH,-
803 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
804 .strength_bits = 128,-
805 .alg_bits = 128,-
806 },-
807-
808 /* Cipher BF */-
809 {-
810 .valid = 1,-
811 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,-
812 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,-
813 .algorithm_mkey = SSL_kDHE,-
814 .algorithm_auth = SSL_aNULL,-
815 .algorithm_enc = SSL_CAMELLIA128,-
816 .algorithm_mac = SSL_SHA256,-
817 .algorithm_ssl = SSL_TLSV1_2,-
818 .algo_strength = SSL_HIGH,-
819 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
820 .strength_bits = 128,-
821 .alg_bits = 128,-
822 },-
823-
824 /* Cipher C0 */-
825 {-
826 .valid = 1,-
827 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
828 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
829 .algorithm_mkey = SSL_kRSA,-
830 .algorithm_auth = SSL_aRSA,-
831 .algorithm_enc = SSL_CAMELLIA256,-
832 .algorithm_mac = SSL_SHA256,-
833 .algorithm_ssl = SSL_TLSV1_2,-
834 .algo_strength = SSL_HIGH,-
835 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
836 .strength_bits = 256,-
837 .alg_bits = 256,-
838 },-
839-
840 /* Cipher C4 */-
841 {-
842 .valid = 1,-
843 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
844 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
845 .algorithm_mkey = SSL_kDHE,-
846 .algorithm_auth = SSL_aRSA,-
847 .algorithm_enc = SSL_CAMELLIA256,-
848 .algorithm_mac = SSL_SHA256,-
849 .algorithm_ssl = SSL_TLSV1_2,-
850 .algo_strength = SSL_HIGH,-
851 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
852 .strength_bits = 256,-
853 .alg_bits = 256,-
854 },-
855-
856 /* Cipher C5 */-
857 {-
858 .valid = 1,-
859 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,-
860 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,-
861 .algorithm_mkey = SSL_kDHE,-
862 .algorithm_auth = SSL_aNULL,-
863 .algorithm_enc = SSL_CAMELLIA256,-
864 .algorithm_mac = SSL_SHA256,-
865 .algorithm_ssl = SSL_TLSV1_2,-
866 .algo_strength = SSL_HIGH,-
867 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
868 .strength_bits = 256,-
869 .alg_bits = 256,-
870 },-
871#endif /* OPENSSL_NO_CAMELLIA */-
872-
873 /* Cipher C006 */-
874 {-
875 .valid = 1,-
876 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,-
877 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,-
878 .algorithm_mkey = SSL_kECDHE,-
879 .algorithm_auth = SSL_aECDSA,-
880 .algorithm_enc = SSL_eNULL,-
881 .algorithm_mac = SSL_SHA1,-
882 .algorithm_ssl = SSL_TLSV1,-
883 .algo_strength = SSL_STRONG_NONE,-
884 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
885 .strength_bits = 0,-
886 .alg_bits = 0,-
887 },-
888-
889 /* Cipher C007 */-
890 {-
891 .valid = 1,-
892 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,-
893 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,-
894 .algorithm_mkey = SSL_kECDHE,-
895 .algorithm_auth = SSL_aECDSA,-
896 .algorithm_enc = SSL_RC4,-
897 .algorithm_mac = SSL_SHA1,-
898 .algorithm_ssl = SSL_TLSV1,-
899 .algo_strength = SSL_LOW,-
900 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
901 .strength_bits = 128,-
902 .alg_bits = 128,-
903 },-
904-
905 /* Cipher C008 */-
906 {-
907 .valid = 1,-
908 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,-
909 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,-
910 .algorithm_mkey = SSL_kECDHE,-
911 .algorithm_auth = SSL_aECDSA,-
912 .algorithm_enc = SSL_3DES,-
913 .algorithm_mac = SSL_SHA1,-
914 .algorithm_ssl = SSL_TLSV1,-
915 .algo_strength = SSL_MEDIUM,-
916 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
917 .strength_bits = 112,-
918 .alg_bits = 168,-
919 },-
920-
921 /* Cipher C009 */-
922 {-
923 .valid = 1,-
924 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-
925 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-
926 .algorithm_mkey = SSL_kECDHE,-
927 .algorithm_auth = SSL_aECDSA,-
928 .algorithm_enc = SSL_AES128,-
929 .algorithm_mac = SSL_SHA1,-
930 .algorithm_ssl = SSL_TLSV1,-
931 .algo_strength = SSL_HIGH,-
932 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
933 .strength_bits = 128,-
934 .alg_bits = 128,-
935 },-
936-
937 /* Cipher C00A */-
938 {-
939 .valid = 1,-
940 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-
941 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-
942 .algorithm_mkey = SSL_kECDHE,-
943 .algorithm_auth = SSL_aECDSA,-
944 .algorithm_enc = SSL_AES256,-
945 .algorithm_mac = SSL_SHA1,-
946 .algorithm_ssl = SSL_TLSV1,-
947 .algo_strength = SSL_HIGH,-
948 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
949 .strength_bits = 256,-
950 .alg_bits = 256,-
951 },-
952-
953 /* Cipher C010 */-
954 {-
955 .valid = 1,-
956 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,-
957 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,-
958 .algorithm_mkey = SSL_kECDHE,-
959 .algorithm_auth = SSL_aRSA,-
960 .algorithm_enc = SSL_eNULL,-
961 .algorithm_mac = SSL_SHA1,-
962 .algorithm_ssl = SSL_TLSV1,-
963 .algo_strength = SSL_STRONG_NONE,-
964 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
965 .strength_bits = 0,-
966 .alg_bits = 0,-
967 },-
968-
969 /* Cipher C011 */-
970 {-
971 .valid = 1,-
972 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,-
973 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,-
974 .algorithm_mkey = SSL_kECDHE,-
975 .algorithm_auth = SSL_aRSA,-
976 .algorithm_enc = SSL_RC4,-
977 .algorithm_mac = SSL_SHA1,-
978 .algorithm_ssl = SSL_TLSV1,-
979 .algo_strength = SSL_LOW,-
980 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
981 .strength_bits = 128,-
982 .alg_bits = 128,-
983 },-
984-
985 /* Cipher C012 */-
986 {-
987 .valid = 1,-
988 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,-
989 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,-
990 .algorithm_mkey = SSL_kECDHE,-
991 .algorithm_auth = SSL_aRSA,-
992 .algorithm_enc = SSL_3DES,-
993 .algorithm_mac = SSL_SHA1,-
994 .algorithm_ssl = SSL_TLSV1,-
995 .algo_strength = SSL_MEDIUM,-
996 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
997 .strength_bits = 112,-
998 .alg_bits = 168,-
999 },-
1000-
1001 /* Cipher C013 */-
1002 {-
1003 .valid = 1,-
1004 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,-
1005 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,-
1006 .algorithm_mkey = SSL_kECDHE,-
1007 .algorithm_auth = SSL_aRSA,-
1008 .algorithm_enc = SSL_AES128,-
1009 .algorithm_mac = SSL_SHA1,-
1010 .algorithm_ssl = SSL_TLSV1,-
1011 .algo_strength = SSL_HIGH,-
1012 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
1013 .strength_bits = 128,-
1014 .alg_bits = 128,-
1015 },-
1016-
1017 /* Cipher C014 */-
1018 {-
1019 .valid = 1,-
1020 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,-
1021 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,-
1022 .algorithm_mkey = SSL_kECDHE,-
1023 .algorithm_auth = SSL_aRSA,-
1024 .algorithm_enc = SSL_AES256,-
1025 .algorithm_mac = SSL_SHA1,-
1026 .algorithm_ssl = SSL_TLSV1,-
1027 .algo_strength = SSL_HIGH,-
1028 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
1029 .strength_bits = 256,-
1030 .alg_bits = 256,-
1031 },-
1032-
1033 /* Cipher C015 */-
1034 {-
1035 .valid = 1,-
1036 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,-
1037 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,-
1038 .algorithm_mkey = SSL_kECDHE,-
1039 .algorithm_auth = SSL_aNULL,-
1040 .algorithm_enc = SSL_eNULL,-
1041 .algorithm_mac = SSL_SHA1,-
1042 .algorithm_ssl = SSL_TLSV1,-
1043 .algo_strength = SSL_STRONG_NONE,-
1044 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
1045 .strength_bits = 0,-
1046 .alg_bits = 0,-
1047 },-
1048-
1049 /* Cipher C016 */-
1050 {-
1051 .valid = 1,-
1052 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,-
1053 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,-
1054 .algorithm_mkey = SSL_kECDHE,-
1055 .algorithm_auth = SSL_aNULL,-
1056 .algorithm_enc = SSL_RC4,-
1057 .algorithm_mac = SSL_SHA1,-
1058 .algorithm_ssl = SSL_TLSV1,-
1059 .algo_strength = SSL_LOW,-
1060 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
1061 .strength_bits = 128,-
1062 .alg_bits = 128,-
1063 },-
1064-
1065 /* Cipher C017 */-
1066 {-
1067 .valid = 1,-
1068 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,-
1069 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,-
1070 .algorithm_mkey = SSL_kECDHE,-
1071 .algorithm_auth = SSL_aNULL,-
1072 .algorithm_enc = SSL_3DES,-
1073 .algorithm_mac = SSL_SHA1,-
1074 .algorithm_ssl = SSL_TLSV1,-
1075 .algo_strength = SSL_MEDIUM,-
1076 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
1077 .strength_bits = 112,-
1078 .alg_bits = 168,-
1079 },-
1080-
1081 /* Cipher C018 */-
1082 {-
1083 .valid = 1,-
1084 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,-
1085 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,-
1086 .algorithm_mkey = SSL_kECDHE,-
1087 .algorithm_auth = SSL_aNULL,-
1088 .algorithm_enc = SSL_AES128,-
1089 .algorithm_mac = SSL_SHA1,-
1090 .algorithm_ssl = SSL_TLSV1,-
1091 .algo_strength = SSL_HIGH,-
1092 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
1093 .strength_bits = 128,-
1094 .alg_bits = 128,-
1095 },-
1096-
1097 /* Cipher C019 */-
1098 {-
1099 .valid = 1,-
1100 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,-
1101 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,-
1102 .algorithm_mkey = SSL_kECDHE,-
1103 .algorithm_auth = SSL_aNULL,-
1104 .algorithm_enc = SSL_AES256,-
1105 .algorithm_mac = SSL_SHA1,-
1106 .algorithm_ssl = SSL_TLSV1,-
1107 .algo_strength = SSL_HIGH,-
1108 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,-
1109 .strength_bits = 256,-
1110 .alg_bits = 256,-
1111 },-
1112-
1113-
1114 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */-
1115-
1116 /* Cipher C023 */-
1117 {-
1118 .valid = 1,-
1119 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,-
1120 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,-
1121 .algorithm_mkey = SSL_kECDHE,-
1122 .algorithm_auth = SSL_aECDSA,-
1123 .algorithm_enc = SSL_AES128,-
1124 .algorithm_mac = SSL_SHA256,-
1125 .algorithm_ssl = SSL_TLSV1_2,-
1126 .algo_strength = SSL_HIGH,-
1127 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
1128 .strength_bits = 128,-
1129 .alg_bits = 128,-
1130 },-
1131-
1132 /* Cipher C024 */-
1133 {-
1134 .valid = 1,-
1135 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,-
1136 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,-
1137 .algorithm_mkey = SSL_kECDHE,-
1138 .algorithm_auth = SSL_aECDSA,-
1139 .algorithm_enc = SSL_AES256,-
1140 .algorithm_mac = SSL_SHA384,-
1141 .algorithm_ssl = SSL_TLSV1_2,-
1142 .algo_strength = SSL_HIGH,-
1143 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,-
1144 .strength_bits = 256,-
1145 .alg_bits = 256,-
1146 },-
1147-
1148 /* Cipher C027 */-
1149 {-
1150 .valid = 1,-
1151 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,-
1152 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,-
1153 .algorithm_mkey = SSL_kECDHE,-
1154 .algorithm_auth = SSL_aRSA,-
1155 .algorithm_enc = SSL_AES128,-
1156 .algorithm_mac = SSL_SHA256,-
1157 .algorithm_ssl = SSL_TLSV1_2,-
1158 .algo_strength = SSL_HIGH,-
1159 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,-
1160 .strength_bits = 128,-
1161 .alg_bits = 128,-
1162 },-
1163-
1164 /* Cipher C028 */-
1165 {-
1166 .valid = 1,-
1167 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,-
1168 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,-
1169 .algorithm_mkey = SSL_kECDHE,-
1170 .algorithm_auth = SSL_aRSA,-
1171 .algorithm_enc = SSL_AES256,-
1172 .algorithm_mac = SSL_SHA384,-
1173 .algorithm_ssl = SSL_TLSV1_2,-
1174 .algo_strength = SSL_HIGH,-
1175 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,-
1176 .strength_bits = 256,-
1177 .alg_bits = 256,-
1178 },-
1179-
1180 /* GCM based TLS v1.2 ciphersuites from RFC5289 */-
1181-
1182 /* Cipher C02B */-
1183 {-
1184 .valid = 1,-
1185 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-
1186 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-
1187 .algorithm_mkey = SSL_kECDHE,-
1188 .algorithm_auth = SSL_aECDSA,-
1189 .algorithm_enc = SSL_AES128GCM,-
1190 .algorithm_mac = SSL_AEAD,-
1191 .algorithm_ssl = SSL_TLSV1_2,-
1192 .algo_strength = SSL_HIGH,-
1193 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
1194 FIXED_NONCE_LEN(4)|-
1195 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
1196 .strength_bits = 128,-
1197 .alg_bits = 128,-
1198 },-
1199-
1200 /* Cipher C02C */-
1201 {-
1202 .valid = 1,-
1203 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,-
1204 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,-
1205 .algorithm_mkey = SSL_kECDHE,-
1206 .algorithm_auth = SSL_aECDSA,-
1207 .algorithm_enc = SSL_AES256GCM,-
1208 .algorithm_mac = SSL_AEAD,-
1209 .algorithm_ssl = SSL_TLSV1_2,-
1210 .algo_strength = SSL_HIGH,-
1211 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|-
1212 FIXED_NONCE_LEN(4)|-
1213 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
1214 .strength_bits = 256,-
1215 .alg_bits = 256,-
1216 },-
1217-
1218 /* Cipher C02F */-
1219 {-
1220 .valid = 1,-
1221 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-
1222 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-
1223 .algorithm_mkey = SSL_kECDHE,-
1224 .algorithm_auth = SSL_aRSA,-
1225 .algorithm_enc = SSL_AES128GCM,-
1226 .algorithm_mac = SSL_AEAD,-
1227 .algorithm_ssl = SSL_TLSV1_2,-
1228 .algo_strength = SSL_HIGH,-
1229 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
1230 FIXED_NONCE_LEN(4)|-
1231 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
1232 .strength_bits = 128,-
1233 .alg_bits = 128,-
1234 },-
1235-
1236 /* Cipher C030 */-
1237 {-
1238 .valid = 1,-
1239 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,-
1240 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,-
1241 .algorithm_mkey = SSL_kECDHE,-
1242 .algorithm_auth = SSL_aRSA,-
1243 .algorithm_enc = SSL_AES256GCM,-
1244 .algorithm_mac = SSL_AEAD,-
1245 .algorithm_ssl = SSL_TLSV1_2,-
1246 .algo_strength = SSL_HIGH,-
1247 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|-
1248 FIXED_NONCE_LEN(4)|-
1249 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,-
1250 .strength_bits = 256,-
1251 .alg_bits = 256,-
1252 },-
1253-
1254 /* Cipher CCA8 */-
1255 {-
1256 .valid = 1,-
1257 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,-
1258 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,-
1259 .algorithm_mkey = SSL_kECDHE,-
1260 .algorithm_auth = SSL_aRSA,-
1261 .algorithm_enc = SSL_CHACHA20POLY1305,-
1262 .algorithm_mac = SSL_AEAD,-
1263 .algorithm_ssl = SSL_TLSV1_2,-
1264 .algo_strength = SSL_HIGH,-
1265 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
1266 FIXED_NONCE_LEN(12),-
1267 .strength_bits = 256,-
1268 .alg_bits = 256,-
1269 },-
1270-
1271 /* Cipher CCA9 */-
1272 {-
1273 .valid = 1,-
1274 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,-
1275 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,-
1276 .algorithm_mkey = SSL_kECDHE,-
1277 .algorithm_auth = SSL_aECDSA,-
1278 .algorithm_enc = SSL_CHACHA20POLY1305,-
1279 .algorithm_mac = SSL_AEAD,-
1280 .algorithm_ssl = SSL_TLSV1_2,-
1281 .algo_strength = SSL_HIGH,-
1282 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
1283 FIXED_NONCE_LEN(12),-
1284 .strength_bits = 256,-
1285 .alg_bits = 256,-
1286 },-
1287-
1288 /* Cipher CCAA */-
1289 {-
1290 .valid = 1,-
1291 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,-
1292 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,-
1293 .algorithm_mkey = SSL_kDHE,-
1294 .algorithm_auth = SSL_aRSA,-
1295 .algorithm_enc = SSL_CHACHA20POLY1305,-
1296 .algorithm_mac = SSL_AEAD,-
1297 .algorithm_ssl = SSL_TLSV1_2,-
1298 .algo_strength = SSL_HIGH,-
1299 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|-
1300 FIXED_NONCE_LEN(12),-
1301 .strength_bits = 256,-
1302 .alg_bits = 256,-
1303 },-
1304-
1305 /* Cipher FF85 FIXME IANA */-
1306 {-
1307 .valid = 1,-
1308 .name = "GOST2012256-GOST89-GOST89",-
1309 .id = 0x300ff85, /* FIXME IANA */-
1310 .algorithm_mkey = SSL_kGOST,-
1311 .algorithm_auth = SSL_aGOST01,-
1312 .algorithm_enc = SSL_eGOST2814789CNT,-
1313 .algorithm_mac = SSL_GOST89MAC,-
1314 .algorithm_ssl = SSL_TLSV1,-
1315 .algo_strength = SSL_HIGH,-
1316 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|-
1317 TLS1_STREAM_MAC,-
1318 .strength_bits = 256,-
1319 .alg_bits = 256-
1320 },-
1321-
1322 /* Cipher FF87 FIXME IANA */-
1323 {-
1324 .valid = 1,-
1325 .name = "GOST2012256-NULL-STREEBOG256",-
1326 .id = 0x300ff87, /* FIXME IANA */-
1327 .algorithm_mkey = SSL_kGOST,-
1328 .algorithm_auth = SSL_aGOST01,-
1329 .algorithm_enc = SSL_eNULL,-
1330 .algorithm_mac = SSL_STREEBOG256,-
1331 .algorithm_ssl = SSL_TLSV1,-
1332 .algo_strength = SSL_STRONG_NONE,-
1333 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,-
1334 .strength_bits = 0,-
1335 .alg_bits = 0-
1336 },-
1337-
1338-
1339 /* end of list */-
1340};-
1341-
1342int-
1343ssl3_num_ciphers(void)-
1344{-
1345 return (SSL3_NUM_CIPHERS);
executed 290 times by 13 tests: return ((sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)));
Executed by:
  • cipher_list
  • cipherstest
  • clienttest
  • configtest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
  • verifytest
290
1346}-
1347-
1348const SSL_CIPHER *-
1349ssl3_get_cipher(unsigned int u)-
1350{-
1351 if (u < SSL3_NUM_CIPHERS)
u < (sizeof(ss...f(SSL_CIPHER))Description
TRUEevaluated 20010 times by 13 tests
Evaluated by:
  • cipher_list
  • cipherstest
  • clienttest
  • configtest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
  • verifytest
FALSEnever evaluated
0-20010
1352 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
executed 20010 times by 13 tests: return (&(ssl3_ciphers[(sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) - 1 - u]));
Executed by:
  • cipher_list
  • cipherstest
  • clienttest
  • configtest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
  • verifytest
20010
1353 else-
1354 return (NULL);
never executed: return ( ((void *)0) );
0
1355}-
1356-
1357const SSL_CIPHER *-
1358ssl3_get_cipher_by_id(unsigned int id)-
1359{-
1360 const SSL_CIPHER *cp;-
1361 SSL_CIPHER c;-
1362-
1363 c.id = id;-
1364 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);-
1365 if (cp != NULL && cp->valid == 1)
cp != ((void *)0)Description
TRUEevaluated 1726 times by 7 tests
Evaluated by:
  • cipher_list
  • cipherstest
  • servertest
  • ssltest
  • tls_prf
  • tlsexttest
  • tlstest
FALSEevaluated 52 times by 1 test
Evaluated by:
  • servertest
cp->valid == 1Description
TRUEevaluated 1726 times by 7 tests
Evaluated by:
  • cipher_list
  • cipherstest
  • servertest
  • ssltest
  • tls_prf
  • tlsexttest
  • tlstest
FALSEnever evaluated
0-1726
1366 return (cp);
executed 1726 times by 7 tests: return (cp);
Executed by:
  • cipher_list
  • cipherstest
  • servertest
  • ssltest
  • tls_prf
  • tlsexttest
  • tlstest
1726
1367-
1368 return (NULL);
executed 52 times by 1 test: return ( ((void *)0) );
Executed by:
  • servertest
52
1369}-
1370-
1371const SSL_CIPHER *-
1372ssl3_get_cipher_by_value(uint16_t value)-
1373{-
1374 return ssl3_get_cipher_by_id(SSL3_CK_ID | value);
executed 1730 times by 6 tests: return ssl3_get_cipher_by_id(0x03000000 | value);
Executed by:
  • cipher_list
  • cipherstest
  • servertest
  • ssltest
  • tls_prf
  • tlstest
1730
1375}-
1376-
1377uint16_t-
1378ssl3_cipher_get_value(const SSL_CIPHER *c)-
1379{-
1380 return (c->id & SSL3_CK_VALUE_MASK);
executed 2042 times by 6 tests: return (c->id & 0x0000ffff);
Executed by:
  • cipher_list
  • cipherstest
  • clienttest
  • servertest
  • ssltest
  • tlstest
2042
1381}-
1382-
1383int-
1384ssl3_pending(const SSL *s)-
1385{-
1386 if (s->internal->rstate == SSL_ST_READ_BODY)
s->internal->rstate == 0xF1Description
TRUEnever evaluated
FALSEevaluated 560 times by 1 test
Evaluated by:
  • ssltest
0-560
1387 return 0;
never executed: return 0;
0
1388-
1389 return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ?
executed 560 times by 1 test: return ((s->s3->internal)->rrec.type == 23) ? (s->s3->internal)->rrec.length : 0;
Executed by:
  • ssltest
((s->s3->inter...ec.type == 23)Description
TRUEevaluated 70 times by 1 test
Evaluated by:
  • ssltest
FALSEevaluated 490 times by 1 test
Evaluated by:
  • ssltest
70-560
1390 S3I(s)->rrec.length : 0;
executed 560 times by 1 test: return ((s->s3->internal)->rrec.type == 23) ? (s->s3->internal)->rrec.length : 0;
Executed by:
  • ssltest
560
1391}-
1392-
1393int-
1394ssl3_handshake_msg_hdr_len(SSL *s)-
1395{-
1396 return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
executed 99 times by 2 tests: return ((s->method->internal->version == 0xFEFF) ? 12 : 4);
Executed by:
  • clienttest
  • ssltest
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 99 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
FALSEnever evaluated
0-99
1397 SSL3_HM_HEADER_LENGTH);
executed 99 times by 2 tests: return ((s->method->internal->version == 0xFEFF) ? 12 : 4);
Executed by:
  • clienttest
  • ssltest
99
1398}-
1399-
1400int-
1401ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type)-
1402{-
1403 int ret = 0;-
1404-
1405 if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH))
!CBB_init(handshake, 16384)Description
TRUEnever evaluated
FALSEevaluated 579 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
0-579
1406 goto err;
never executed: goto err;
0
1407 if (!CBB_add_u8(handshake, msg_type))
!CBB_add_u8(ha...ake, msg_type)Description
TRUEnever evaluated
FALSEevaluated 579 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
0-579
1408 goto err;
never executed: goto err;
0
1409 if (SSL_IS_DTLS(s)) {
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 99 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
FALSEevaluated 480 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
99-480
1410 unsigned char *data;-
1411-
1412 if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH -
!CBB_add_space...&data, 12 - 4)Description
TRUEnever evaluated
FALSEevaluated 99 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
0-99
1413 SSL3_HM_HEADER_LENGTH))
!CBB_add_space...&data, 12 - 4)Description
TRUEnever evaluated
FALSEevaluated 99 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
0-99
1414 goto err;
never executed: goto err;
0
1415 }
executed 99 times by 2 tests: end of block
Executed by:
  • clienttest
  • ssltest
99
1416 if (!CBB_add_u24_length_prefixed(handshake, body))
!CBB_add_u24_l...ndshake, body)Description
TRUEnever evaluated
FALSEevaluated 579 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
0-579
1417 goto err;
never executed: goto err;
0
1418-
1419 ret = 1;-
1420-
1421 err:
code before this statement executed 579 times by 4 tests: err:
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
579
1422 return (ret);
executed 579 times by 4 tests: return (ret);
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
579
1423}-
1424-
1425int-
1426ssl3_handshake_msg_finish(SSL *s, CBB *handshake)-
1427{-
1428 unsigned char *data = NULL;-
1429 size_t outlen;-
1430 int ret = 0;-
1431-
1432 if (!CBB_finish(handshake, &data, &outlen))
!CBB_finish(ha...data, &outlen)Description
TRUEnever evaluated
FALSEevaluated 579 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
0-579
1433 goto err;
never executed: goto err;
0
1434-
1435 if (outlen > INT_MAX)
outlen > 0x7fffffffDescription
TRUEnever evaluated
FALSEevaluated 579 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
0-579
1436 goto err;
never executed: goto err;
0
1437-
1438 if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen))
!BUF_MEM_grow_...t_buf, outlen)Description
TRUEnever evaluated
FALSEevaluated 579 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
0-579
1439 goto err;
never executed: goto err;
0
1440-
1441 memcpy(s->internal->init_buf->data, data, outlen);-
1442-
1443 s->internal->init_num = (int)outlen;-
1444 s->internal->init_off = 0;-
1445-
1446 if (SSL_IS_DTLS(s)) {
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 99 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
FALSEevaluated 480 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
99-480
1447 unsigned long len;-
1448 uint8_t msg_type;-
1449 CBS cbs;-
1450-
1451 CBS_init(&cbs, data, outlen);-
1452 if (!CBS_get_u8(&cbs, &msg_type))
!CBS_get_u8(&cbs, &msg_type)Description
TRUEnever evaluated
FALSEevaluated 99 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
0-99
1453 goto err;
never executed: goto err;
0
1454-
1455 len = outlen - ssl3_handshake_msg_hdr_len(s);-
1456-
1457 dtls1_set_message_header(s, msg_type, len, 0, len);-
1458 dtls1_buffer_message(s, 0);-
1459 }
executed 99 times by 2 tests: end of block
Executed by:
  • clienttest
  • ssltest
99
1460-
1461 ret = 1;-
1462-
1463 err:
code before this statement executed 579 times by 4 tests: err:
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
579
1464 free(data);-
1465-
1466 return (ret);
executed 579 times by 4 tests: return (ret);
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
579
1467}-
1468-
1469int-
1470ssl3_handshake_write(SSL *s)-
1471{-
1472 return ssl3_record_write(s, SSL3_RT_HANDSHAKE);
executed 579 times by 4 tests: return ssl3_record_write(s, 22);
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
579
1473}-
1474-
1475int-
1476ssl3_record_write(SSL *s, int type)-
1477{-
1478 if (SSL_IS_DTLS(s))
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 121 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
FALSEevaluated 584 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
121-584
1479 return dtls1_do_write(s, type);
executed 121 times by 2 tests: return dtls1_do_write(s, type);
Executed by:
  • clienttest
  • ssltest
121
1480-
1481 return ssl3_do_write(s, type);
executed 584 times by 4 tests: return ssl3_do_write(s, type);
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlstest
584
1482}-
1483-
1484int-
1485ssl3_new(SSL *s)-
1486{-
1487 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
(s->s3 = callo...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 202 times by 11 tests
Evaluated by:
  • cipher_list
  • cipherstest
  • clienttest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
0-202
1488 return (0);
never executed: return (0);
0
1489 if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) {
((s->s3->inter...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 202 times by 11 tests
Evaluated by:
  • cipher_list
  • cipherstest
  • clienttest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
0-202
1490 free(s->s3);-
1491 return (0);
never executed: return (0);
0
1492 }-
1493-
1494 s->method->internal->ssl_clear(s);-
1495-
1496 return (1);
executed 202 times by 11 tests: return (1);
Executed by:
  • cipher_list
  • cipherstest
  • clienttest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
202
1497}-
1498-
1499void-
1500ssl3_free(SSL *s)-
1501{-
1502 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 195 times by 11 tests
Evaluated by:
  • cipher_list
  • cipherstest
  • clienttest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
0-195
1503 return;
never executed: return;
0
1504-
1505 tls1_cleanup_key_block(s);-
1506 ssl3_release_read_buffer(s);-
1507 ssl3_release_write_buffer(s);-
1508-
1509 DH_free(S3I(s)->tmp.dh);-
1510 EC_KEY_free(S3I(s)->tmp.ecdh);-
1511-
1512 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);-
1513-
1514 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);-
1515-
1516 BIO_free(S3I(s)->handshake_buffer);-
1517-
1518 tls1_handshake_hash_free(s);-
1519-
1520 free(S3I(s)->alpn_selected);-
1521-
1522 freezero(S3I(s), sizeof(*S3I(s)));-
1523 freezero(s->s3, sizeof(*s->s3));-
1524-
1525 s->s3 = NULL;-
1526}
executed 195 times by 11 tests: end of block
Executed by:
  • cipher_list
  • cipherstest
  • clienttest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
195
1527-
1528void-
1529ssl3_clear(SSL *s)-
1530{-
1531 struct ssl3_state_internal_st *internal;-
1532 unsigned char *rp, *wp;-
1533 size_t rlen, wlen;-
1534-
1535 tls1_cleanup_key_block(s);-
1536 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);-
1537-
1538 DH_free(S3I(s)->tmp.dh);-
1539 S3I(s)->tmp.dh = NULL;-
1540 EC_KEY_free(S3I(s)->tmp.ecdh);-
1541 S3I(s)->tmp.ecdh = NULL;-
1542-
1543 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);-
1544 S3I(s)->tmp.x25519 = NULL;-
1545-
1546 rp = s->s3->rbuf.buf;-
1547 wp = s->s3->wbuf.buf;-
1548 rlen = s->s3->rbuf.len;-
1549 wlen = s->s3->wbuf.len;-
1550-
1551 BIO_free(S3I(s)->handshake_buffer);-
1552 S3I(s)->handshake_buffer = NULL;-
1553-
1554 tls1_handshake_hash_free(s);-
1555-
1556 free(S3I(s)->alpn_selected);-
1557 S3I(s)->alpn_selected = NULL;-
1558-
1559 memset(S3I(s), 0, sizeof(*S3I(s)));-
1560 internal = S3I(s);-
1561 memset(s->s3, 0, sizeof(*s->s3));-
1562 S3I(s) = internal;-
1563-
1564 s->s3->rbuf.buf = rp;-
1565 s->s3->wbuf.buf = wp;-
1566 s->s3->rbuf.len = rlen;-
1567 s->s3->wbuf.len = wlen;-
1568-
1569 ssl_free_wbio_buffer(s);-
1570-
1571 /* Not needed... */-
1572 S3I(s)->renegotiate = 0;-
1573 S3I(s)->total_renegotiations = 0;-
1574 S3I(s)->num_renegotiations = 0;-
1575 S3I(s)->in_read_app_data = 0;-
1576-
1577 s->internal->packet_length = 0;-
1578 s->version = TLS1_VERSION;-
1579}
executed 745 times by 11 tests: end of block
Executed by:
  • cipher_list
  • cipherstest
  • clienttest
  • libssl.so.46.0.1
  • servertest
  • ssl_versions
  • ssltest
  • tls_ext_alpn
  • tls_prf
  • tlsexttest
  • tlstest
745
1580-
1581static long-
1582ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)-
1583{-
1584 EVP_PKEY *pkey = NULL;-
1585 EC_GROUP *group = NULL;-
1586 EC_POINT *point = NULL;-
1587 EC_KEY *ec_key = NULL;-
1588 BIGNUM *order = NULL;-
1589 SESS_CERT *sc;-
1590 int ret = 0;-
1591-
1592 *pkey_tmp = NULL;-
1593-
1594 if (s->server != 0)
s->server != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1595 return 0;
never executed: return 0;
0
1596 if (s->session == NULL || SSI(s)->sess_cert == NULL)
s->session == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(s->session->i...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1597 return 0;
never executed: return 0;
0
1598-
1599 sc = SSI(s)->sess_cert;-
1600-
1601 if ((pkey = EVP_PKEY_new()) == NULL)
(pkey = EVP_PK...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1602 return 0;
never executed: return 0;
0
1603-
1604 if (sc->peer_dh_tmp != NULL) {
sc->peer_dh_tmp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1605 ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp);-
1606 } else if (sc->peer_ecdh_tmp) {
never executed: end of block
sc->peer_ecdh_tmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
1607 ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp);-
1608 } else if (sc->peer_x25519_tmp != NULL) {
never executed: end of block
sc->peer_x2551...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1609 /* Fudge up an EC_KEY that looks like X25519... */-
1610 if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL)
(group = EC_GR...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1611 goto err;
never executed: goto err;
0
1612 if ((point = EC_POINT_new(group)) == NULL)
(point = EC_PO...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1613 goto err;
never executed: goto err;
0
1614 if ((order = BN_new()) == NULL)
(order = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1615 goto err;
never executed: goto err;
0
1616 if (!BN_set_bit(order, 252))
!BN_set_bit(order, 252)Description
TRUEnever evaluated
FALSEnever evaluated
0
1617 goto err;
never executed: goto err;
0
1618 if (!EC_GROUP_set_generator(group, point, order, NULL))
!EC_GROUP_set_... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
1619 goto err;
never executed: goto err;
0
1620 EC_GROUP_set_curve_name(group, NID_X25519);-
1621 if ((ec_key = EC_KEY_new()) == NULL)
(ec_key = EC_K...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1622 goto err;
never executed: goto err;
0
1623 if (!EC_KEY_set_group(ec_key, group))
!EC_KEY_set_gr...ec_key, group)Description
TRUEnever evaluated
FALSEnever evaluated
0
1624 goto err;
never executed: goto err;
0
1625 ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key);-
1626 }
never executed: end of block
0
1627-
1628 if (ret == 1) {
ret == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1629 *pkey_tmp = pkey;-
1630 pkey = NULL;-
1631 }
never executed: end of block
0
1632-
1633 err:
code before this statement never executed: err:
0
1634 EVP_PKEY_free(pkey);-
1635 EC_GROUP_free(group);-
1636 EC_POINT_free(point);-
1637 EC_KEY_free(ec_key);-
1638 BN_free(order);-
1639-
1640 return (ret);
never executed: return (ret);
0
1641}-
1642-
1643static int-
1644_SSL_session_reused(SSL *s)-
1645{-
1646 return s->internal->hit;
executed 8 times by 1 test: return s->internal->hit;
Executed by:
  • tlstest
8
1647}-
1648-
1649static int-
1650_SSL_num_renegotiations(SSL *s)-
1651{-
1652 return S3I(s)->num_renegotiations;
never executed: return (s->s3->internal)->num_renegotiations;
0
1653}-
1654-
1655static int-
1656_SSL_clear_num_renegotiations(SSL *s)-
1657{-
1658 int renegs;-
1659-
1660 renegs = S3I(s)->num_renegotiations;-
1661 S3I(s)->num_renegotiations = 0;-
1662-
1663 return renegs;
never executed: return renegs;
0
1664}-
1665-
1666static int-
1667_SSL_total_renegotiations(SSL *s)-
1668{-
1669 return S3I(s)->total_renegotiations;
never executed: return (s->s3->internal)->total_renegotiations;
0
1670}-
1671-
1672static int-
1673_SSL_set_tmp_dh(SSL *s, DH *dh)-
1674{-
1675 DH *dh_tmp;-
1676-
1677 if (!ssl_cert_inst(&s->cert)) {
!ssl_cert_inst(&s->cert)Description
TRUEnever evaluated
FALSEnever evaluated
0
1678 SSLerror(s, ERR_R_MALLOC_FAILURE);-
1679 return 0;
never executed: return 0;
0
1680 }-
1681-
1682 if (dh == NULL) {
dh == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1683 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);-
1684 return 0;
never executed: return 0;
0
1685 }-
1686-
1687 if ((dh_tmp = DHparams_dup(dh)) == NULL) {
(dh_tmp = DHpa...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1688 SSLerror(s, ERR_R_DH_LIB);-
1689 return 0;
never executed: return 0;
0
1690 }-
1691-
1692 DH_free(s->cert->dh_tmp);-
1693 s->cert->dh_tmp = dh_tmp;-
1694-
1695 return 1;
never executed: return 1;
0
1696}-
1697-
1698static int-
1699_SSL_set_dh_auto(SSL *s, int state)-
1700{-
1701 s->cert->dh_tmp_auto = state;-
1702 return 1;
never executed: return 1;
0
1703}-
1704-
1705static int-
1706_SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh)-
1707{-
1708 const EC_GROUP *group;-
1709 int nid;-
1710-
1711 if (!ssl_cert_inst(&s->cert)) {
!ssl_cert_inst(&s->cert)Description
TRUEnever evaluated
FALSEnever evaluated
0
1712 SSLerror(s, ERR_R_MALLOC_FAILURE);-
1713 return 0;
never executed: return 0;
0
1714 }-
1715-
1716 if (ecdh == NULL)
ecdh == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1717 return 0;
never executed: return 0;
0
1718 if ((group = EC_KEY_get0_group(ecdh)) == NULL)
(group = EC_KE...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1719 return 0;
never executed: return 0;
0
1720-
1721 nid = EC_GROUP_get_curve_name(group);-
1722 return SSL_set1_groups(s, &nid, 1);
never executed: return SSL_set1_groups(s, &nid, 1);
0
1723}-
1724-
1725static int-
1726_SSL_set_ecdh_auto(SSL *s, int state)-
1727{-
1728 return 1;
never executed: return 1;
0
1729}-
1730-
1731static int-
1732_SSL_set_tlsext_host_name(SSL *s, const char *name)-
1733{-
1734 free(s->tlsext_hostname);-
1735 s->tlsext_hostname = NULL;-
1736-
1737 if (name == NULL)
name == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
1738 return 1;
never executed: return 1;
0
1739-
1740 if (strlen(name) > TLSEXT_MAXLEN_host_name) {
strlen(name) > 255Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
1741 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME);-
1742 return 0;
never executed: return 0;
0
1743 }-
1744-
1745 if ((s->tlsext_hostname = strdup(name)) == NULL) {
never executed: __retval = (char *) memcpy (__retval, name , __len);
(s->tlsext_hos...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( name )Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
((size_t)(cons...( name ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-6
1746 SSLerror(s, ERR_R_INTERNAL_ERROR);-
1747 return 0;
never executed: return 0;
0
1748 }-
1749-
1750 return 1;
executed 6 times by 2 tests: return 1;
Executed by:
  • tlsexttest
  • tlstest
6
1751}-
1752-
1753static int-
1754_SSL_set_tlsext_debug_arg(SSL *s, void *arg)-
1755{-
1756 s->internal->tlsext_debug_arg = arg;-
1757 return 1;
never executed: return 1;
0
1758}-
1759-
1760static int-
1761_SSL_set_tlsext_status_type(SSL *s, int type)-
1762{-
1763 s->tlsext_status_type = type;-
1764 return 1;
executed 5 times by 2 tests: return 1;
Executed by:
  • tlsexttest
  • tlstest
5
1765}-
1766-
1767static int-
1768_SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts)-
1769{-
1770 *exts = s->internal->tlsext_ocsp_exts;-
1771 return 1;
never executed: return 1;
0
1772}-
1773-
1774static int-
1775_SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts)-
1776{-
1777 /* XXX - leak... */-
1778 s->internal->tlsext_ocsp_exts = exts;-
1779 return 1;
never executed: return 1;
0
1780}-
1781-
1782static int-
1783_SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids)-
1784{-
1785 *ids = s->internal->tlsext_ocsp_ids;-
1786 return 1;
never executed: return 1;
0
1787}-
1788-
1789static int-
1790_SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids)-
1791{-
1792 /* XXX - leak... */-
1793 s->internal->tlsext_ocsp_ids = ids;-
1794 return 1;
never executed: return 1;
0
1795}-
1796-
1797static int-
1798_SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)-
1799{-
1800 *resp = s->internal->tlsext_ocsp_resp;-
1801 return s->internal->tlsext_ocsp_resplen;
executed 4 times by 1 test: return s->internal->tlsext_ocsp_resplen;
Executed by:
  • tlstest
4
1802}-
1803-
1804static int-
1805_SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len)-
1806{-
1807 free(s->internal->tlsext_ocsp_resp);-
1808 s->internal->tlsext_ocsp_resp = resp;-
1809 s->internal->tlsext_ocsp_resplen = resp_len;-
1810 return 1;
never executed: return 1;
0
1811}-
1812-
1813int-
1814SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)-
1815{-
1816 return tls1_set_groups(&s->internal->tlsext_supportedgroups,
never executed: return tls1_set_groups(&s->internal->tlsext_supportedgroups, &s->internal->tlsext_supportedgroups_length, groups, groups_len);
0
1817 &s->internal->tlsext_supportedgroups_length, groups, groups_len);
never executed: return tls1_set_groups(&s->internal->tlsext_supportedgroups, &s->internal->tlsext_supportedgroups_length, groups, groups_len);
0
1818}-
1819-
1820int-
1821SSL_set1_groups_list(SSL *s, const char *groups)-
1822{-
1823 return tls1_set_groups_list(&s->internal->tlsext_supportedgroups,
never executed: return tls1_set_groups_list(&s->internal->tlsext_supportedgroups, &s->internal->tlsext_supportedgroups_length, groups);
0
1824 &s->internal->tlsext_supportedgroups_length, groups);
never executed: return tls1_set_groups_list(&s->internal->tlsext_supportedgroups, &s->internal->tlsext_supportedgroups_length, groups);
0
1825}-
1826-
1827long-
1828ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)-
1829{-
1830 switch (cmd) {-
1831 case SSL_CTRL_GET_SESSION_REUSED:
executed 8 times by 1 test: case 8:
Executed by:
  • tlstest
8
1832 return _SSL_session_reused(s);
executed 8 times by 1 test: return _SSL_session_reused(s);
Executed by:
  • tlstest
8
1833-
1834 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
never executed: case 10:
0
1835 return _SSL_num_renegotiations(s);
never executed: return _SSL_num_renegotiations(s);
0
1836-
1837 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
never executed: case 11:
0
1838 return _SSL_clear_num_renegotiations(s);
never executed: return _SSL_clear_num_renegotiations(s);
0
1839-
1840 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
never executed: case 12:
0
1841 return _SSL_total_renegotiations(s);
never executed: return _SSL_total_renegotiations(s);
0
1842-
1843 case SSL_CTRL_SET_TMP_DH:
never executed: case 3:
0
1844 return _SSL_set_tmp_dh(s, parg);
never executed: return _SSL_set_tmp_dh(s, parg);
0
1845-
1846 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
1847 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1848 return 0;
never executed: return 0;
0
1849-
1850 case SSL_CTRL_SET_DH_AUTO:
never executed: case 118:
0
1851 return _SSL_set_dh_auto(s, larg);
never executed: return _SSL_set_dh_auto(s, larg);
0
1852-
1853 case SSL_CTRL_SET_TMP_ECDH:
never executed: case 4:
0
1854 return _SSL_set_tmp_ecdh(s, parg);
never executed: return _SSL_set_tmp_ecdh(s, parg);
0
1855-
1856 case SSL_CTRL_SET_TMP_ECDH_CB:
never executed: case 7:
0
1857 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1858 return 0;
never executed: return 0;
0
1859-
1860 case SSL_CTRL_SET_ECDH_AUTO:
never executed: case 94:
0
1861 return _SSL_set_ecdh_auto(s, larg);
never executed: return _SSL_set_ecdh_auto(s, larg);
0
1862-
1863 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
executed 6 times by 2 tests: case 55:
Executed by:
  • tlsexttest
  • tlstest
6
1864 if (larg != TLSEXT_NAMETYPE_host_name) {
larg != 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
1865 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);-
1866 return 0;
never executed: return 0;
0
1867 }-
1868 return _SSL_set_tlsext_host_name(s, parg);
executed 6 times by 2 tests: return _SSL_set_tlsext_host_name(s, parg);
Executed by:
  • tlsexttest
  • tlstest
6
1869-
1870 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
never executed: case 57:
0
1871 return _SSL_set_tlsext_debug_arg(s, parg);
never executed: return _SSL_set_tlsext_debug_arg(s, parg);
0
1872-
1873 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
executed 5 times by 2 tests: case 65:
Executed by:
  • tlsexttest
  • tlstest
5
1874 return _SSL_set_tlsext_status_type(s, larg);
executed 5 times by 2 tests: return _SSL_set_tlsext_status_type(s, larg);
Executed by:
  • tlsexttest
  • tlstest
5
1875-
1876 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
never executed: case 66:
0
1877 return _SSL_get_tlsext_status_exts(s, parg);
never executed: return _SSL_get_tlsext_status_exts(s, parg);
0
1878-
1879 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
never executed: case 67:
0
1880 return _SSL_set_tlsext_status_exts(s, parg);
never executed: return _SSL_set_tlsext_status_exts(s, parg);
0
1881-
1882 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
never executed: case 68:
0
1883 return _SSL_get_tlsext_status_ids(s, parg);
never executed: return _SSL_get_tlsext_status_ids(s, parg);
0
1884-
1885 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
never executed: case 69:
0
1886 return _SSL_set_tlsext_status_ids(s, parg);
never executed: return _SSL_set_tlsext_status_ids(s, parg);
0
1887-
1888 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
executed 4 times by 1 test: case 70:
Executed by:
  • tlstest
4
1889 return _SSL_get_tlsext_status_ocsp_resp(s, parg);
executed 4 times by 1 test: return _SSL_get_tlsext_status_ocsp_resp(s, parg);
Executed by:
  • tlstest
4
1890-
1891 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
never executed: case 71:
0
1892 return _SSL_set_tlsext_status_ocsp_resp(s, parg, larg);
never executed: return _SSL_set_tlsext_status_ocsp_resp(s, parg, larg);
0
1893-
1894 case SSL_CTRL_SET_GROUPS:
never executed: case 91:
0
1895 return SSL_set1_groups(s, parg, larg);
never executed: return SSL_set1_groups(s, parg, larg);
0
1896-
1897 case SSL_CTRL_SET_GROUPS_LIST:
never executed: case 92:
0
1898 return SSL_set1_groups_list(s, parg);
never executed: return SSL_set1_groups_list(s, parg);
0
1899-
1900 case SSL_CTRL_GET_SERVER_TMP_KEY:
never executed: case 109:
0
1901 return ssl_ctrl_get_server_tmp_key(s, parg);
never executed: return ssl_ctrl_get_server_tmp_key(s, parg);
0
1902-
1903 case SSL_CTRL_GET_MIN_PROTO_VERSION:
never executed: case 130:
0
1904 return SSL_get_min_proto_version(s);
never executed: return SSL_get_min_proto_version(s);
0
1905-
1906 case SSL_CTRL_GET_MAX_PROTO_VERSION:
never executed: case 131:
0
1907 return SSL_get_max_proto_version(s);
never executed: return SSL_get_max_proto_version(s);
0
1908-
1909 case SSL_CTRL_SET_MIN_PROTO_VERSION:
never executed: case 123:
0
1910 if (larg < 0 || larg > UINT16_MAX)
larg < 0Description
TRUEnever evaluated
FALSEnever evaluated
larg > (65535)Description
TRUEnever evaluated
FALSEnever evaluated
0
1911 return 0;
never executed: return 0;
0
1912 return SSL_set_min_proto_version(s, larg);
never executed: return SSL_set_min_proto_version(s, larg);
0
1913-
1914 case SSL_CTRL_SET_MAX_PROTO_VERSION:
never executed: case 124:
0
1915 if (larg < 0 || larg > UINT16_MAX)
larg < 0Description
TRUEnever evaluated
FALSEnever evaluated
larg > (65535)Description
TRUEnever evaluated
FALSEnever evaluated
0
1916 return 0;
never executed: return 0;
0
1917 return SSL_set_max_proto_version(s, larg);
never executed: return SSL_set_max_proto_version(s, larg);
0
1918-
1919 /*-
1920 * Legacy controls that should eventually be removed.-
1921 */-
1922 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
never executed: case 9:
0
1923 return 0;
never executed: return 0;
0
1924-
1925 case SSL_CTRL_GET_FLAGS:
never executed: case 13:
0
1926 return (int)(s->s3->flags);
never executed: return (int)(s->s3->flags);
0
1927-
1928 case SSL_CTRL_NEED_TMP_RSA:
never executed: case 1:
0
1929 return 0;
never executed: return 0;
0
1930-
1931 case SSL_CTRL_SET_TMP_RSA:
never executed: case 2:
0
1932 case SSL_CTRL_SET_TMP_RSA_CB:
never executed: case 5:
0
1933 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1934 return 0;
never executed: return 0;
0
1935 }-
1936-
1937 return 0;
never executed: return 0;
0
1938}-
1939-
1940long-
1941ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))-
1942{-
1943 if (cmd == SSL_CTRL_SET_TMP_DH_CB || cmd == SSL_CTRL_SET_TMP_ECDH_CB) {
cmd == 6Description
TRUEnever evaluated
FALSEnever evaluated
cmd == 7Description
TRUEnever evaluated
FALSEnever evaluated
0
1944 if (!ssl_cert_inst(&s->cert)) {
!ssl_cert_inst(&s->cert)Description
TRUEnever evaluated
FALSEnever evaluated
0
1945 SSLerror(s, ERR_R_MALLOC_FAILURE);-
1946 return 0;
never executed: return 0;
0
1947 }-
1948 }
never executed: end of block
0
1949-
1950 switch (cmd) {-
1951 case SSL_CTRL_SET_TMP_RSA_CB:
never executed: case 5:
0
1952 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1953 return 0;
never executed: return 0;
0
1954-
1955 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
1956 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;-
1957 return 1;
never executed: return 1;
0
1958-
1959 case SSL_CTRL_SET_TMP_ECDH_CB:
never executed: case 7:
0
1960 return 1;
never executed: return 1;
0
1961-
1962 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
never executed: case 56:
0
1963 s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int,-
1964 unsigned char *, int, void *))fp;-
1965 return 1;
never executed: return 1;
0
1966 }-
1967-
1968 return 0;
never executed: return 0;
0
1969}-
1970-
1971static int-
1972_SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)-
1973{-
1974 DH *dh_tmp;-
1975-
1976 if ((dh_tmp = DHparams_dup(dh)) == NULL) {
(dh_tmp = DHpa...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • ssltest
0-49
1977 SSLerrorx(ERR_R_DH_LIB);-
1978 return 0;
never executed: return 0;
0
1979 }-
1980-
1981 DH_free(ctx->internal->cert->dh_tmp);-
1982 ctx->internal->cert->dh_tmp = dh_tmp;-
1983-
1984 return 1;
executed 49 times by 1 test: return 1;
Executed by:
  • ssltest
49
1985}-
1986-
1987static int-
1988_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)-
1989{-
1990 ctx->internal->cert->dh_tmp_auto = state;-
1991 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • servertest
2
1992}-
1993-
1994static int-
1995_SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh)-
1996{-
1997 const EC_GROUP *group;-
1998 int nid;-
1999-
2000 if (ecdh == NULL)
ecdh == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • ssltest
0-49
2001 return 0;
never executed: return 0;
0
2002 if ((group = EC_KEY_get0_group(ecdh)) == NULL)
(group = EC_KE...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • ssltest
0-49
2003 return 0;
never executed: return 0;
0
2004-
2005 nid = EC_GROUP_get_curve_name(group);-
2006 return SSL_CTX_set1_groups(ctx, &nid, 1);
executed 49 times by 1 test: return SSL_CTX_set1_groups(ctx, &nid, 1);
Executed by:
  • ssltest
49
2007}-
2008-
2009static int-
2010_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)-
2011{-
2012 return 1;
executed 6 times by 2 tests: return 1;
Executed by:
  • servertest
  • tlstest
6
2013}-
2014-
2015static int-
2016_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg)-
2017{-
2018 ctx->internal->tlsext_servername_arg = arg;-
2019 return 1;
executed 4 times by 1 test: return 1;
Executed by:
  • tlstest
4
2020}-
2021-
2022static int-
2023_SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)-
2024{-
2025 if (keys == NULL)
keys == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2026 return 48;
never executed: return 48;
0
2027-
2028 if (keys_len != 48) {
keys_len != 48Description
TRUEnever evaluated
FALSEnever evaluated
0
2029 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);-
2030 return 0;
never executed: return 0;
0
2031 }-
2032-
2033 memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);-
2034 memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16);-
2035 memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16);-
2036-
2037 return 1;
never executed: return 1;
0
2038}-
2039-
2040static int-
2041_SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)-
2042{-
2043 if (keys == NULL)
keys == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2044 return 48;
never executed: return 48;
0
2045-
2046 if (keys_len != 48) {
keys_len != 48Description
TRUEnever evaluated
FALSEnever evaluated
0
2047 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);-
2048 return 0;
never executed: return 0;
0
2049 }-
2050-
2051 memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);-
2052 memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16);-
2053 memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);-
2054-
2055 return 1;
never executed: return 1;
0
2056}-
2057-
2058static int-
2059_SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg)-
2060{-
2061 *arg = ctx->internal->tlsext_status_arg;-
2062 return 1;
never executed: return 1;
0
2063}-
2064-
2065static int-
2066_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg)-
2067{-
2068 ctx->internal->tlsext_status_arg = arg;-
2069 return 1;
never executed: return 1;
0
2070}-
2071-
2072static int-
2073_SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert)-
2074{-
2075 if (ctx->extra_certs == NULL) {
ctx->extra_cer...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2076 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
(ctx->extra_ce...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2077 return 0;
never executed: return 0;
0
2078 }
never executed: end of block
0
2079 if (sk_X509_push(ctx->extra_certs, cert) == 0)
sk_push(((_STA...509*)0))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2080 return 0;
never executed: return 0;
0
2081-
2082 return 1;
never executed: return 1;
0
2083}-
2084-
2085static int-
2086_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)-
2087{-
2088 *certs = ctx->extra_certs;-
2089 return 1;
never executed: return 1;
0
2090}-
2091-
2092static int-
2093_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)-
2094{-
2095 sk_X509_pop_free(ctx->extra_certs, X509_free);-
2096 ctx->extra_certs = NULL;-
2097 return 1;
never executed: return 1;
0
2098}-
2099-
2100int-
2101SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)-
2102{-
2103 return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
executed 57 times by 2 tests: return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
Executed by:
  • ssltest
  • tlstest
57
2104 &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
executed 57 times by 2 tests: return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
Executed by:
  • ssltest
  • tlstest
57
2105}-
2106-
2107int-
2108SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)-
2109{-
2110 return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
never executed: return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups, &ctx->internal->tlsext_supportedgroups_length, groups);
0
2111 &ctx->internal->tlsext_supportedgroups_length, groups);
never executed: return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups, &ctx->internal->tlsext_supportedgroups_length, groups);
0
2112}-
2113-
2114long-
2115ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)-
2116{-
2117 switch (cmd) {-
2118 case SSL_CTRL_SET_TMP_DH:
executed 49 times by 1 test: case 3:
Executed by:
  • ssltest
49
2119 return _SSL_CTX_set_tmp_dh(ctx, parg);
executed 49 times by 1 test: return _SSL_CTX_set_tmp_dh(ctx, parg);
Executed by:
  • ssltest
49
2120-
2121 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
2122 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
2123 return 0;
never executed: return 0;
0
2124-
2125 case SSL_CTRL_SET_DH_AUTO:
executed 2 times by 1 test: case 118:
Executed by:
  • servertest
2
2126 return _SSL_CTX_set_dh_auto(ctx, larg);
executed 2 times by 1 test: return _SSL_CTX_set_dh_auto(ctx, larg);
Executed by:
  • servertest
2
2127-
2128 case SSL_CTRL_SET_TMP_ECDH:
executed 49 times by 1 test: case 4:
Executed by:
  • ssltest
49
2129 return _SSL_CTX_set_tmp_ecdh(ctx, parg);
executed 49 times by 1 test: return _SSL_CTX_set_tmp_ecdh(ctx, parg);
Executed by:
  • ssltest
49
2130-
2131 case SSL_CTRL_SET_TMP_ECDH_CB:
never executed: case 7:
0
2132 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
2133 return 0;
never executed: return 0;
0
2134-
2135 case SSL_CTRL_SET_ECDH_AUTO:
executed 6 times by 2 tests: case 94:
Executed by:
  • servertest
  • tlstest
6
2136 return _SSL_CTX_set_ecdh_auto(ctx, larg);
executed 6 times by 2 tests: return _SSL_CTX_set_ecdh_auto(ctx, larg);
Executed by:
  • servertest
  • tlstest
6
2137-
2138 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
executed 4 times by 1 test: case 54:
Executed by:
  • tlstest
4
2139 return _SSL_CTX_set_tlsext_servername_arg(ctx, parg);
executed 4 times by 1 test: return _SSL_CTX_set_tlsext_servername_arg(ctx, parg);
Executed by:
  • tlstest
4
2140-
2141 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
never executed: case 58:
0
2142 return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg);
never executed: return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg);
0
2143-
2144 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
never executed: case 59:
0
2145 return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg);
never executed: return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg);
0
2146-
2147 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
never executed: case 129:
0
2148 return _SSL_CTX_get_tlsext_status_arg(ctx, parg);
never executed: return _SSL_CTX_get_tlsext_status_arg(ctx, parg);
0
2149-
2150 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
never executed: case 64:
0
2151 return _SSL_CTX_set_tlsext_status_arg(ctx, parg);
never executed: return _SSL_CTX_set_tlsext_status_arg(ctx, parg);
0
2152-
2153 case SSL_CTRL_EXTRA_CHAIN_CERT:
never executed: case 14:
0
2154 return _SSL_CTX_add_extra_chain_cert(ctx, parg);
never executed: return _SSL_CTX_add_extra_chain_cert(ctx, parg);
0
2155-
2156 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
never executed: case 82:
0
2157 return _SSL_CTX_get_extra_chain_certs(ctx, parg);
never executed: return _SSL_CTX_get_extra_chain_certs(ctx, parg);
0
2158-
2159 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
never executed: case 83:
0
2160 return _SSL_CTX_clear_extra_chain_certs(ctx);
never executed: return _SSL_CTX_clear_extra_chain_certs(ctx);
0
2161-
2162 case SSL_CTRL_SET_GROUPS:
never executed: case 91:
0
2163 return SSL_CTX_set1_groups(ctx, parg, larg);
never executed: return SSL_CTX_set1_groups(ctx, parg, larg);
0
2164-
2165 case SSL_CTRL_SET_GROUPS_LIST:
never executed: case 92:
0
2166 return SSL_CTX_set1_groups_list(ctx, parg);
never executed: return SSL_CTX_set1_groups_list(ctx, parg);
0
2167-
2168 case SSL_CTRL_GET_MIN_PROTO_VERSION:
never executed: case 130:
0
2169 return SSL_CTX_get_min_proto_version(ctx);
never executed: return SSL_CTX_get_min_proto_version(ctx);
0
2170-
2171 case SSL_CTRL_GET_MAX_PROTO_VERSION:
never executed: case 131:
0
2172 return SSL_CTX_get_max_proto_version(ctx);
never executed: return SSL_CTX_get_max_proto_version(ctx);
0
2173-
2174 case SSL_CTRL_SET_MIN_PROTO_VERSION:
never executed: case 123:
0
2175 if (larg < 0 || larg > UINT16_MAX)
larg < 0Description
TRUEnever evaluated
FALSEnever evaluated
larg > (65535)Description
TRUEnever evaluated
FALSEnever evaluated
0
2176 return 0;
never executed: return 0;
0
2177 return SSL_CTX_set_min_proto_version(ctx, larg);
never executed: return SSL_CTX_set_min_proto_version(ctx, larg);
0
2178-
2179 case SSL_CTRL_SET_MAX_PROTO_VERSION:
never executed: case 124:
0
2180 if (larg < 0 || larg > UINT16_MAX)
larg < 0Description
TRUEnever evaluated
FALSEnever evaluated
larg > (65535)Description
TRUEnever evaluated
FALSEnever evaluated
0
2181 return 0;
never executed: return 0;
0
2182 return SSL_CTX_set_max_proto_version(ctx, larg);
never executed: return SSL_CTX_set_max_proto_version(ctx, larg);
0
2183-
2184 /*-
2185 * Legacy controls that should eventually be removed.-
2186 */-
2187 case SSL_CTRL_NEED_TMP_RSA:
never executed: case 1:
0
2188 return 0;
never executed: return 0;
0
2189-
2190 case SSL_CTRL_SET_TMP_RSA:
never executed: case 2:
0
2191 case SSL_CTRL_SET_TMP_RSA_CB:
never executed: case 5:
0
2192 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
2193 return 0;
never executed: return 0;
0
2194 }-
2195-
2196 return 0;
never executed: return 0;
0
2197}-
2198-
2199long-
2200ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))-
2201{-
2202 switch (cmd) {-
2203 case SSL_CTRL_SET_TMP_RSA_CB:
executed 50 times by 1 test: case 5:
Executed by:
  • ssltest
50
2204 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
2205 return 0;
executed 50 times by 1 test: return 0;
Executed by:
  • ssltest
50
2206-
2207 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
2208 ctx->internal->cert->dh_tmp_cb =-
2209 (DH *(*)(SSL *, int, int))fp;-
2210 return 1;
never executed: return 1;
0
2211-
2212 case SSL_CTRL_SET_TMP_ECDH_CB:
never executed: case 7:
0
2213 return 1;
never executed: return 1;
0
2214-
2215 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
executed 4 times by 1 test: case 53:
Executed by:
  • tlstest
4
2216 ctx->internal->tlsext_servername_callback =-
2217 (int (*)(SSL *, int *, void *))fp;-
2218 return 1;
executed 4 times by 1 test: return 1;
Executed by:
  • tlstest
4
2219-
2220 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
never executed: case 128:
0
2221 *(int (**)(SSL *, void *))fp = ctx->internal->tlsext_status_cb;-
2222 return 1;
never executed: return 1;
0
2223-
2224 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
executed 8 times by 1 test: case 63:
Executed by:
  • tlstest
8
2225 ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp;-
2226 return 1;
executed 8 times by 1 test: return 1;
Executed by:
  • tlstest
8
2227-
2228 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
never executed: case 72:
0
2229 ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,-
2230 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;-
2231 return 1;
never executed: return 1;
0
2232 }-
2233-
2234 return 0;
never executed: return 0;
0
2235}-
2236-
2237/*-
2238 * This function needs to check if the ciphers required are actually available.-
2239 */-
2240const SSL_CIPHER *-
2241ssl3_get_cipher_by_char(const unsigned char *p)-
2242{-
2243 uint16_t cipher_value;-
2244 CBS cbs;-
2245-
2246 /* We have to assume it is at least 2 bytes due to existing API. */-
2247 CBS_init(&cbs, p, 2);-
2248 if (!CBS_get_u16(&cbs, &cipher_value))
!CBS_get_u16(&...&cipher_value)Description
TRUEnever evaluated
FALSEevaluated 663 times by 1 test
Evaluated by:
  • cipherstest
0-663
2249 return NULL;
never executed: return ((void *)0) ;
0
2250-
2251 return ssl3_get_cipher_by_value(cipher_value);
executed 663 times by 1 test: return ssl3_get_cipher_by_value(cipher_value);
Executed by:
  • cipherstest
663
2252}-
2253-
2254int-
2255ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)-
2256{-
2257 CBB cbb;-
2258-
2259 if (p == NULL)
p == ((void *)0)Description
TRUEevaluated 15 times by 1 test
Evaluated by:
  • cipherstest
FALSEevaluated 663 times by 1 test
Evaluated by:
  • cipherstest
15-663
2260 return (2);
executed 15 times by 1 test: return (2);
Executed by:
  • cipherstest
15
2261-
2262 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
(c->id & ~0x00... != 0x03000000Description
TRUEnever evaluated
FALSEevaluated 663 times by 1 test
Evaluated by:
  • cipherstest
0-663
2263 return (0);
never executed: return (0);
0
2264-
2265 memset(&cbb, 0, sizeof(cbb));-
2266-
2267 /* We have to assume it is at least 2 bytes due to existing API. */-
2268 if (!CBB_init_fixed(&cbb, p, 2))
!CBB_init_fixed(&cbb, p, 2)Description
TRUEnever evaluated
FALSEevaluated 663 times by 1 test
Evaluated by:
  • cipherstest
0-663
2269 goto err;
never executed: goto err;
0
2270 if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(c)))
!CBB_add_u16(&..._get_value(c))Description
TRUEnever evaluated
FALSEevaluated 663 times by 1 test
Evaluated by:
  • cipherstest
0-663
2271 goto err;
never executed: goto err;
0
2272 if (!CBB_finish(&cbb, NULL, NULL))
!CBB_finish(&c... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 663 times by 1 test
Evaluated by:
  • cipherstest
0-663
2273 goto err;
never executed: goto err;
0
2274-
2275 return (2);
executed 663 times by 1 test: return (2);
Executed by:
  • cipherstest
663
2276-
2277 err:-
2278 CBB_cleanup(&cbb);-
2279 return (0);
never executed: return (0);
0
2280}-
2281-
2282SSL_CIPHER *-
2283ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,-
2284 STACK_OF(SSL_CIPHER) *srvr)-
2285{-
2286 unsigned long alg_k, alg_a, mask_k, mask_a;-
2287 STACK_OF(SSL_CIPHER) *prio, *allow;-
2288 SSL_CIPHER *c, *ret = NULL;-
2289 int i, ii, ok;-
2290 CERT *cert;-
2291-
2292 /* Let's see which ciphers we can support */-
2293 cert = s->cert;-
2294-
2295 /*-
2296 * Do not set the compare functions, because this may lead to a-
2297 * reordering by "id". We want to keep the original ordering.-
2298 * We may pay a price in performance during sk_SSL_CIPHER_find(),-
2299 * but would have to pay with the price of sk_SSL_CIPHER_dup().-
2300 */-
2301-
2302 if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
s->internal->o... & 0x00400000LDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlstest
FALSEevaluated 61 times by 2 tests
Evaluated by:
  • servertest
  • ssltest
4-61
2303 prio = srvr;-
2304 allow = clnt;-
2305 } else {
executed 4 times by 1 test: end of block
Executed by:
  • tlstest
4
2306 prio = clnt;-
2307 allow = srvr;-
2308 }
executed 61 times by 2 tests: end of block
Executed by:
  • servertest
  • ssltest
61
2309-
2310 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
i < sk_num(((_...L_CIPHER*)0)))Description
TRUEevaluated 88 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
FALSEnever evaluated
0-88
2311 c = sk_SSL_CIPHER_value(prio, i);-
2312-
2313 /* Skip TLS v1.2 only ciphersuites if not supported. */-
2314 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
(c->algorithm_...& 0x00000004L)Description
TRUEevaluated 50 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
FALSEevaluated 38 times by 2 tests
Evaluated by:
  • servertest
  • ssltest
38-50
2315 !SSL_USE_TLS1_2_CIPHERS(s))
!(s->method->i...gs & (1 << 4))Description
TRUEnever evaluated
FALSEevaluated 50 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
0-50
2316 continue;
never executed: continue;
0
2317-
2318 ssl_set_cert_masks(cert, c);-
2319 mask_k = cert->mask_k;-
2320 mask_a = cert->mask_a;-
2321-
2322 alg_k = c->algorithm_mkey;-
2323 alg_a = c->algorithm_auth;-
2324-
2325-
2326 ok = (alg_k & mask_k) && (alg_a & mask_a);
(alg_k & mask_k)Description
TRUEevaluated 88 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
FALSEnever evaluated
(alg_a & mask_a)Description
TRUEevaluated 69 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
FALSEevaluated 19 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
0-88
2327-
2328 /*-
2329 * If we are considering an ECC cipher suite that uses our-
2330 * certificate check it.-
2331 */-
2332 if (alg_a & SSL_aECDSA)
alg_a & 0x00000040LDescription
TRUEevaluated 19 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEevaluated 69 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
19-69
2333 ok = ok && tls1_check_ec_server_key(s);
executed 19 times by 2 tests: ok = ok && tls1_check_ec_server_key(s);
Executed by:
  • ssltest
  • tlstest
okDescription
TRUEnever evaluated
FALSEevaluated 19 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
tls1_check_ec_server_key(s)Description
TRUEnever evaluated
FALSEnever evaluated
0-19
2334 /*-
2335 * If we are considering an ECC cipher suite that uses-
2336 * an ephemeral EC key check it.-
2337 */-
2338 if (alg_k & SSL_kECDHE)
alg_k & 0x00000080LDescription
TRUEevaluated 51 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEevaluated 37 times by 2 tests
Evaluated by:
  • servertest
  • ssltest
37-51
2339 ok = ok && tls1_check_ec_tmp_key(s);
executed 51 times by 2 tests: ok = ok && tls1_check_ec_tmp_key(s);
Executed by:
  • ssltest
  • tlstest
okDescription
TRUEevaluated 32 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEevaluated 19 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
tls1_check_ec_tmp_key(s)Description
TRUEevaluated 28 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssltest
4-51
2340-
2341 if (!ok)
!okDescription
TRUEevaluated 23 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
23-65
2342 continue;
executed 23 times by 2 tests: continue;
Executed by:
  • ssltest
  • tlstest
23
2343 ii = sk_SSL_CIPHER_find(allow, c);-
2344 if (ii >= 0) {
ii >= 0Description
TRUEevaluated 65 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tlstest
FALSEnever evaluated
0-65
2345 ret = sk_SSL_CIPHER_value(allow, ii);-
2346 break;
executed 65 times by 3 tests: break;
Executed by:
  • servertest
  • ssltest
  • tlstest
65
2347 }-
2348 }
never executed: end of block
0
2349 return (ret);
executed 65 times by 3 tests: return (ret);
Executed by:
  • servertest
  • ssltest
  • tlstest
65
2350}-
2351-
2352int-
2353ssl3_get_req_cert_types(SSL *s, CBB *cbb)-
2354{-
2355 unsigned long alg_k;-
2356-
2357 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;-
2358-
2359#ifndef OPENSSL_NO_GOST-
2360 if ((alg_k & SSL_kGOST) != 0) {
(alg_k & 0x00000200L) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssltest
0-7
2361 if (!CBB_add_u8(cbb, TLS_CT_GOST94_SIGN))
!CBB_add_u8(cbb, 21)Description
TRUEnever evaluated
FALSEnever evaluated
0
2362 return 0;
never executed: return 0;
0
2363 if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
!CBB_add_u8(cbb, 22)Description
TRUEnever evaluated
FALSEnever evaluated
0
2364 return 0;
never executed: return 0;
0
2365 if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
!CBB_add_u8(cbb, 238)Description
TRUEnever evaluated
FALSEnever evaluated
0
2366 return 0;
never executed: return 0;
0
2367 if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
!CBB_add_u8(cbb, 239)Description
TRUEnever evaluated
FALSEnever evaluated
0
2368 return 0;
never executed: return 0;
0
2369 }
never executed: end of block
0
2370#endif-
2371-
2372 if ((alg_k & SSL_kDHE) != 0) {
(alg_k & 0x00000008L) != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssltest
FALSEevaluated 5 times by 1 test
Evaluated by:
  • ssltest
2-5
2373 if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
!CBB_add_u8(cbb, 3)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssltest
0-2
2374 return 0;
never executed: return 0;
0
2375 }
executed 2 times by 1 test: end of block
Executed by:
  • ssltest
2
2376-
2377 if (!CBB_add_u8(cbb, SSL3_CT_RSA_SIGN))
!CBB_add_u8(cbb, 1)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssltest
0-7
2378 return 0;
never executed: return 0;
0
2379-
2380 /*-
2381 * ECDSA certs can be used with RSA cipher suites as well-
2382 * so we don't need to check for SSL_kECDH or SSL_kECDHE.-
2383 */-
2384 if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN))
!CBB_add_u8(cbb, 64)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssltest
0-7
2385 return 0;
never executed: return 0;
0
2386-
2387 return 1;
executed 7 times by 1 test: return 1;
Executed by:
  • ssltest
7
2388}-
2389-
2390int-
2391ssl3_shutdown(SSL *s)-
2392{-
2393 int ret;-
2394-
2395 /*-
2396 * Don't do anything much if we have not done the handshake or-
2397 * we don't want to send messages :-)-
2398 */-
2399 if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) {
(s->internal->quiet_shutdown)Description
TRUEnever evaluated
FALSEevaluated 126 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
((s->s3->inter...ate == 0x4000)Description
TRUEnever evaluated
FALSEevaluated 126 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
0-126
2400 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);-
2401 return (1);
never executed: return (1);
0
2402 }-
2403-
2404 if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) {
!(s->internal->shutdown & 1)Description
TRUEevaluated 126 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEnever evaluated
0-126
2405 s->internal->shutdown|=SSL_SENT_SHUTDOWN;-
2406 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);-
2407 /*-
2408 * Our shutdown alert has been sent now, and if it still needs-
2409 * to be written, s->s3->alert_dispatch will be true-
2410 */-
2411 if (s->s3->alert_dispatch)
s->s3->alert_dispatchDescription
TRUEevaluated 118 times by 1 test
Evaluated by:
  • ssltest
FALSEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
8-118
2412 return(-1); /* return WANT_WRITE */
executed 118 times by 1 test: return(-1);
Executed by:
  • ssltest
118
2413 } else if (s->s3->alert_dispatch) {
executed 8 times by 1 test: end of block
Executed by:
  • tlstest
s->s3->alert_dispatchDescription
TRUEnever evaluated
FALSEnever evaluated
0-8
2414 /* resend it if not sent */-
2415 ret = s->method->ssl_dispatch_alert(s);-
2416 if (ret == -1) {
ret == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2417 /*-
2418 * We only get to return -1 here the 2nd/Nth-
2419 * invocation, we must have already signalled-
2420 * return 0 upon a previous invoation,-
2421 * return WANT_WRITE-
2422 */-
2423 return (ret);
never executed: return (ret);
0
2424 }-
2425 } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
never executed: end of block
!(s->internal->shutdown & 2)Description
TRUEnever evaluated
FALSEnever evaluated
0
2426 /* If we are waiting for a close from our peer, we are closed */-
2427 s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0);-
2428 if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
!(s->internal->shutdown & 2)Description
TRUEnever evaluated
FALSEnever evaluated
0
2429 return(-1); /* return WANT_READ */
never executed: return(-1);
0
2430 }-
2431 }
never executed: end of block
0
2432-
2433 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
(s->internal->...down == (1|2))Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • tlstest
0-8
2434 !s->s3->alert_dispatch)
!s->s3->alert_dispatchDescription
TRUEnever evaluated
FALSEnever evaluated
0
2435 return (1);
never executed: return (1);
0
2436 else-
2437 return (0);
executed 8 times by 1 test: return (0);
Executed by:
  • tlstest
8
2438}-
2439-
2440int-
2441ssl3_write(SSL *s, const void *buf, int len)-
2442{-
2443 errno = 0;-
2444-
2445 if (S3I(s)->renegotiate)
(s->s3->internal)->renegotiateDescription
TRUEnever evaluated
FALSEevaluated 1526 times by 1 test
Evaluated by:
  • ssltest
0-1526
2446 ssl3_renegotiate_check(s);
never executed: ssl3_renegotiate_check(s);
0
2447-
2448 return s->method->internal->ssl_write_bytes(s,
executed 1526 times by 1 test: return s->method->internal->ssl_write_bytes(s, 23, buf, len);
Executed by:
  • ssltest
1526
2449 SSL3_RT_APPLICATION_DATA, buf, len);
executed 1526 times by 1 test: return s->method->internal->ssl_write_bytes(s, 23, buf, len);
Executed by:
  • ssltest
1526
2450}-
2451-
2452static int-
2453ssl3_read_internal(SSL *s, void *buf, int len, int peek)-
2454{-
2455 int ret;-
2456-
2457 errno = 0;-
2458 if (S3I(s)->renegotiate)
(s->s3->internal)->renegotiateDescription
TRUEnever evaluated
FALSEevaluated 1598 times by 1 test
Evaluated by:
  • ssltest
0-1598
2459 ssl3_renegotiate_check(s);
never executed: ssl3_renegotiate_check(s);
0
2460 S3I(s)->in_read_app_data = 1;-
2461 ret = s->method->internal->ssl_read_bytes(s,-
2462 SSL3_RT_APPLICATION_DATA, buf, len, peek);-
2463 if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) {
(ret == -1)Description
TRUEevaluated 1480 times by 1 test
Evaluated by:
  • ssltest
FALSEevaluated 118 times by 1 test
Evaluated by:
  • ssltest
((s->s3->inter...app_data == 2)Description
TRUEnever evaluated
FALSEevaluated 1480 times by 1 test
Evaluated by:
  • ssltest
0-1480
2464 /*-
2465 * ssl3_read_bytes decided to call s->internal->handshake_func, which-
2466 * called ssl3_read_bytes to read handshake data.-
2467 * However, ssl3_read_bytes actually found application data-
2468 * and thinks that application data makes sense here; so disable-
2469 * handshake processing and try to read application data again.-
2470 */-
2471 s->internal->in_handshake++;-
2472 ret = s->method->internal->ssl_read_bytes(s,-
2473 SSL3_RT_APPLICATION_DATA, buf, len, peek);-
2474 s->internal->in_handshake--;-
2475 } else
never executed: end of block
0
2476 S3I(s)->in_read_app_data = 0;
executed 1598 times by 1 test: (s->s3->internal)->in_read_app_data = 0;
Executed by:
  • ssltest
1598
2477-
2478 return (ret);
executed 1598 times by 1 test: return (ret);
Executed by:
  • ssltest
1598
2479}-
2480-
2481int-
2482ssl3_read(SSL *s, void *buf, int len)-
2483{-
2484 return ssl3_read_internal(s, buf, len, 0);
executed 1598 times by 1 test: return ssl3_read_internal(s, buf, len, 0);
Executed by:
  • ssltest
1598
2485}-
2486-
2487int-
2488ssl3_peek(SSL *s, void *buf, int len)-
2489{-
2490 return ssl3_read_internal(s, buf, len, 1);
never executed: return ssl3_read_internal(s, buf, len, 1);
0
2491}-
2492-
2493int-
2494ssl3_renegotiate(SSL *s)-
2495{-
2496 if (s->internal->handshake_func == NULL)
s->internal->h...== ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEnever evaluated
0-1
2497 return (1);
executed 1 time by 1 test: return (1);
Executed by:
  • tlsexttest
1
2498-
2499 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
s->s3->flags & 0x0001Description
TRUEnever evaluated
FALSEnever evaluated
0
2500 return (0);
never executed: return (0);
0
2501-
2502 S3I(s)->renegotiate = 1;-
2503 return (1);
never executed: return (1);
0
2504}-
2505-
2506int-
2507ssl3_renegotiate_check(SSL *s)-
2508{-
2509 int ret = 0;-
2510-
2511 if (S3I(s)->renegotiate) {
(s->s3->internal)->renegotiateDescription
TRUEnever evaluated
FALSEnever evaluated
0
2512 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
(s->s3->rbuf.left == 0)Description
TRUEnever evaluated
FALSEnever evaluated
(s->s3->wbuf.left == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2513 !SSL_in_init(s)) {
!(SSL_state((s...x1000|0x2000))Description
TRUEnever evaluated
FALSEnever evaluated
0
2514 /*-
2515 * If we are the server, and we have sent-
2516 * a 'RENEGOTIATE' message, we need to go-
2517 * to SSL_ST_ACCEPT.-
2518 */-
2519 /* SSL_ST_ACCEPT */-
2520 S3I(s)->hs.state = SSL_ST_RENEGOTIATE;-
2521 S3I(s)->renegotiate = 0;-
2522 S3I(s)->num_renegotiations++;-
2523 S3I(s)->total_renegotiations++;-
2524 ret = 1;-
2525 }
never executed: end of block
0
2526 }
never executed: end of block
0
2527 return (ret);
never executed: return (ret);
0
2528}-
2529/*-
2530 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF-
2531 * and handshake macs if required.-
2532 */-
2533long-
2534ssl_get_algorithm2(SSL *s)-
2535{-
2536 long alg2 = S3I(s)->hs.new_cipher->algorithm2;-
2537-
2538 if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
s->method->int...ags & (1 << 2)Description
TRUEevaluated 921 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tls_prf
  • tlstest
FALSEevaluated 455 times by 3 tests
Evaluated by:
  • servertest
  • ssltest
  • tls_prf
455-921
2539 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
alg2 == ((0x01...0x020 << 10)))Description
TRUEevaluated 188 times by 2 tests
Evaluated by:
  • ssltest
  • tls_prf
FALSEevaluated 733 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tls_prf
  • tlstest
188-733
2540 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
executed 188 times by 2 tests: return 0x080 | (0x080 << 10);
Executed by:
  • ssltest
  • tls_prf
188
2541 return alg2;
executed 1188 times by 4 tests: return alg2;
Executed by:
  • servertest
  • ssltest
  • tls_prf
  • tlstest
1188
2542}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2