OpenCoverage

extensions.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/statem/extensions.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <string.h> -

11 #include "internal/nelem.h" -

12 #include "internal/cryptlib.h" -

13 #include "../ssl_locl.h" -

14 #include "statem_locl.h" -

15 #include "internal/cryptlib.h" -

16 -

17 static int final_renegotiate(SSL *s, unsigned int context, int sent); -

18 static int init_server_name(SSL *s, unsigned int context); -

19 static int final_server_name(SSL *s, unsigned int context, int sent); -

20 #ifndef OPENSSL_NO_EC -

21 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); -

22 #endif -

23 static int init_session_ticket(SSL *s, unsigned int context); -

24 #ifndef OPENSSL_NO_OCSP -

25 static int init_status_request(SSL *s, unsigned int context); -

26 #endif -

27 #ifndef OPENSSL_NO_NEXTPROTONEG -

28 static int init_npn(SSL *s, unsigned int context); -

29 #endif -

30 static int init_alpn(SSL *s, unsigned int context); -

31 static int final_alpn(SSL *s, unsigned int context, int sent); -

32 static int init_sig_algs_cert(SSL *s, unsigned int context); -

33 static int init_sig_algs(SSL *s, unsigned int context); -

34 static int init_certificate_authorities(SSL *s, unsigned int context); -

35 static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, -

36 unsigned int context, -

37 X509 *x, -

38 size_t chainidx); -

39 static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, -

40 unsigned int context, X509 *x, -

41 size_t chainidx); -

42 #ifndef OPENSSL_NO_SRP -

43 static int init_srp(SSL *s, unsigned int context); -

44 #endif -

45 static int init_etm(SSL *s, unsigned int context); -

46 static int init_ems(SSL *s, unsigned int context); -

47 static int final_ems(SSL *s, unsigned int context, int sent); -

48 static int init_psk_kex_modes(SSL *s, unsigned int context); -

49 #ifndef OPENSSL_NO_EC -

50 static int final_key_share(SSL *s, unsigned int context, int sent); -

51 #endif -

52 #ifndef OPENSSL_NO_SRTP -

53 static int init_srtp(SSL *s, unsigned int context); -

54 #endif -

55 static int final_sig_algs(SSL *s, unsigned int context, int sent); -

56 static int final_early_data(SSL *s, unsigned int context, int sent); -

57 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); -

58 static int init_post_handshake_auth(SSL *s, unsigned int context); -

59 -

60 /* Structure to define a built-in extension */ -

61 typedef struct extensions_definition_st { -

62 /* The defined type for the extension */ -

63 unsigned int type; -

64 /* -

65 * The context that this extension applies to, e.g. what messages and -

66 * protocol versions -

67 */ -

68 unsigned int context; -

69 /* -

70 * Initialise extension before parsing. Always called for relevant contexts -

71 * even if extension not present -

72 */ -

73 int (*init)(SSL *s, unsigned int context); -

74 /* Parse extension sent from client to server */ -

75 int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, -

76 size_t chainidx); -

77 /* Parse extension send from server to client */ -

78 int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, -

79 size_t chainidx); -

80 /* Construct extension sent from server to client */ -

81 EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, -

82 X509 *x, size_t chainidx); -

83 /* Construct extension sent from client to server */ -

84 EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, -

85 X509 *x, size_t chainidx); -

86 /* -

87 * Finalise extension after parsing. Always called where an extensions was -

88 * initialised even if the extension was not present. |sent| is set to 1 if -

89 * the extension was seen, or 0 otherwise. -

90 */ -

91 int (*final)(SSL *s, unsigned int context, int sent); -

92 } EXTENSION_DEFINITION; -

93 -

94 /* -

95 * Definitions of all built-in extensions. NOTE: Changes in the number or order -

96 * of these extensions should be mirrored with equivalent changes to the -

97 * indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h. -

98 * Each extension has an initialiser, a client and -

99 * server side parser and a finaliser. The initialiser is called (if the -

100 * extension is relevant to the given context) even if we did not see the -

101 * extension in the message that we received. The parser functions are only -

102 * called if we see the extension in the message. The finalisers are always -

103 * called if the initialiser was called. -

104 * There are also server and client side constructor functions which are always -

105 * called during message construction if the extension is relevant for the -

106 * given context. -

107 * The initialisation, parsing, finalisation and construction functions are -

108 * always called in the order defined in this list. Some extensions may depend -

109 * on others having been processed first, so the order of this list is -

110 * significant. -

111 * The extension context is defined by a series of flags which specify which -

112 * messages the extension is relevant to. These flags also specify whether the -

113 * extension is relevant to a particular protocol or protocol version. -

114 * -

115 * TODO(TLS1.3): Make sure we have a test to check the consistency of these -

116 * -

117 * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at -

118 * the end, keep these extensions before signature_algorithm. -

119 */ -

120 #define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL } -

121 static const EXTENSION_DEFINITION ext_defs[] = { -

122 { -

123 TLSEXT_TYPE_renegotiate, -

124 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

125 | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

126 NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate, -

127 tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate, -

128 final_renegotiate -

129 }, -

130 { -

131 TLSEXT_TYPE_server_name, -

132 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

133 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, -

134 init_server_name, -

135 tls_parse_ctos_server_name, tls_parse_stoc_server_name, -

136 tls_construct_stoc_server_name, tls_construct_ctos_server_name, -

137 final_server_name -

138 }, -

139 { -

140 TLSEXT_TYPE_max_fragment_length, -

141 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

142 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, -

143 NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen, -

144 tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen, -

145 final_maxfragmentlen -

146 }, -

147 #ifndef OPENSSL_NO_SRP -

148 { -

149 TLSEXT_TYPE_srp, -

150 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

151 init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL -

152 }, -

153 #else -

154 INVALID_EXTENSION, -

155 #endif -

156 #ifndef OPENSSL_NO_EC -

157 { -

158 TLSEXT_TYPE_ec_point_formats, -

159 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

160 | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

161 NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, -

162 tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, -

163 final_ec_pt_formats -

164 }, -

165 { -

166 /* -

167 * "supported_groups" is spread across several specifications. -

168 * It was originally specified as "elliptic_curves" in RFC 4492, -

169 * and broadened to include named FFDH groups by RFC 7919. -

170 * Both RFCs 4492 and 7919 do not include a provision for the server -

171 * to indicate to the client the complete list of groups supported -

172 * by the server, with the server instead just indicating the -

173 * selected group for this connection in the ServerKeyExchange -

174 * message. TLS 1.3 adds a scheme for the server to indicate -

175 * to the client its list of supported groups in the -

176 * EncryptedExtensions message, but none of the relevant -

177 * specifications permit sending supported_groups in the ServerHello. -

178 * Nonetheless (possibly due to the close proximity to the -

179 * "ec_point_formats" extension, which is allowed in the ServerHello), -

180 * there are several servers that send this extension in the -

181 * ServerHello anyway. Up to and including the 1.1.0 release, -

182 * we did not check for the presence of nonpermitted extensions, -

183 * so to avoid a regression, we must permit this extension in the -

184 * TLS 1.2 ServerHello as well. -

185 * -

186 * Note that there is no tls_parse_stoc_supported_groups function, -

187 * so we do not perform any additional parsing, validation, or -

188 * processing on the server's group list -- this is just a minimal -

189 * change to preserve compatibility with these misbehaving servers. -

190 */ -

191 TLSEXT_TYPE_supported_groups, -

192 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS -

193 | SSL_EXT_TLS1_2_SERVER_HELLO, -

194 NULL, tls_parse_ctos_supported_groups, NULL, -

195 tls_construct_stoc_supported_groups, -

196 tls_construct_ctos_supported_groups, NULL -

197 }, -

198 #else -

199 INVALID_EXTENSION, -

200 INVALID_EXTENSION, -

201 #endif -

202 { -

203 TLSEXT_TYPE_session_ticket, -

204 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

205 | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

206 init_session_ticket, tls_parse_ctos_session_ticket, -

207 tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket, -

208 tls_construct_ctos_session_ticket, NULL -

209 }, -

210 #ifndef OPENSSL_NO_OCSP -

211 { -

212 TLSEXT_TYPE_status_request, -

213 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

214 | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, -

215 init_status_request, tls_parse_ctos_status_request, -

216 tls_parse_stoc_status_request, tls_construct_stoc_status_request, -

217 tls_construct_ctos_status_request, NULL -

218 }, -

219 #else -

220 INVALID_EXTENSION, -

221 #endif -

222 #ifndef OPENSSL_NO_NEXTPROTONEG -

223 { -

224 TLSEXT_TYPE_next_proto_neg, -

225 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

226 | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

227 init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn, -

228 tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL -

229 }, -

230 #else -

231 INVALID_EXTENSION, -

232 #endif -

233 { -

234 /* -

235 * Must appear in this list after server_name so that finalisation -

236 * happens after server_name callbacks -

237 */ -

238 TLSEXT_TYPE_application_layer_protocol_negotiation, -

239 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

240 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, -

241 init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn, -

242 tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn -

243 }, -

244 #ifndef OPENSSL_NO_SRTP -

245 { -

246 TLSEXT_TYPE_use_srtp, -

247 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

248 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, -

249 init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp, -

250 tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL -

251 }, -

252 #else -

253 INVALID_EXTENSION, -

254 #endif -

255 { -

256 TLSEXT_TYPE_encrypt_then_mac, -

257 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

258 | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

259 init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm, -

260 tls_construct_stoc_etm, tls_construct_ctos_etm, NULL -

261 }, -

262 #ifndef OPENSSL_NO_CT -

263 { -

264 TLSEXT_TYPE_signed_certificate_timestamp, -

265 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

266 | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, -

267 NULL, -

268 /* -

269 * No server side support for this, but can be provided by a custom -

270 * extension. This is an exception to the rule that custom extensions -

271 * cannot override built in ones. -

272 */ -

273 NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL -

274 }, -

275 #else -

276 INVALID_EXTENSION, -

277 #endif -

278 { -

279 TLSEXT_TYPE_extended_master_secret, -

280 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO -

281 | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

282 init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems, -

283 tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems -

284 }, -

285 { -

286 TLSEXT_TYPE_signature_algorithms_cert, -

287 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, -

288 init_sig_algs_cert, tls_parse_ctos_sig_algs_cert, -

289 tls_parse_ctos_sig_algs_cert, -

290 /* We do not generate signature_algorithms_cert at present. */ -

291 NULL, NULL, NULL -

292 }, -

293 { -

294 TLSEXT_TYPE_post_handshake_auth, -

295 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY, -

296 init_post_handshake_auth, -

297 tls_parse_ctos_post_handshake_auth, NULL, -

298 NULL, tls_construct_ctos_post_handshake_auth, -

299 NULL, -

300 }, -

301 { -

302 TLSEXT_TYPE_signature_algorithms, -

303 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, -

304 init_sig_algs, tls_parse_ctos_sig_algs, -

305 tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs, -

306 tls_construct_ctos_sig_algs, final_sig_algs -

307 }, -

308 { -

309 TLSEXT_TYPE_supported_versions, -

310 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO -

311 | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, -

312 NULL, -

313 /* Processed inline as part of version selection */ -

314 NULL, tls_parse_stoc_supported_versions, -

315 tls_construct_stoc_supported_versions, -

316 tls_construct_ctos_supported_versions, NULL -

317 }, -

318 { -

319 TLSEXT_TYPE_psk_kex_modes, -

320 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY -

321 | SSL_EXT_TLS1_3_ONLY, -

322 init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, -

323 tls_construct_ctos_psk_kex_modes, NULL -

324 }, -

325 #ifndef OPENSSL_NO_EC -

326 { -

327 /* -

328 * Must be in this list after supported_groups. We need that to have -

329 * been parsed before we do this one. -

330 */ -

331 TLSEXT_TYPE_key_share, -

332 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO -

333 | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY -

334 | SSL_EXT_TLS1_3_ONLY, -

335 NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share, -

336 tls_construct_stoc_key_share, tls_construct_ctos_key_share, -

337 final_key_share -

338 }, -

339 #endif -

340 { -

341 /* Must be after key_share */ -

342 TLSEXT_TYPE_cookie, -

343 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST -

344 | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, -

345 NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie, -

346 tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL -

347 }, -

348 { -

349 /* -

350 * Special unsolicited ServerHello extension only used when -

351 * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set -

352 */ -

353 TLSEXT_TYPE_cryptopro_bug, -

354 SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, -

355 NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL -

356 }, -

357 { -

358 TLSEXT_TYPE_early_data, -

359 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS -

360 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, -

361 NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data, -

362 tls_construct_stoc_early_data, tls_construct_ctos_early_data, -

363 final_early_data -

364 }, -

365 { -

366 TLSEXT_TYPE_certificate_authorities, -

367 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST -

368 | SSL_EXT_TLS1_3_ONLY, -

369 init_certificate_authorities, -

370 tls_parse_certificate_authorities, tls_parse_certificate_authorities, -

371 tls_construct_certificate_authorities, -

372 tls_construct_certificate_authorities, NULL, -

373 }, -

374 { -

375 /* Must be immediately before pre_shared_key */ -

376 TLSEXT_TYPE_padding, -

377 SSL_EXT_CLIENT_HELLO, -

378 NULL, -

379 /* We send this, but don't read it */ -

380 NULL, NULL, NULL, tls_construct_ctos_padding, NULL -

381 }, -

382 { -

383 /* Required by the TLSv1.3 spec to always be the last extension */ -

384 TLSEXT_TYPE_psk, -

385 SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO -

386 | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, -

387 NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, -

388 tls_construct_ctos_psk, NULL -

389 } -

390 }; -

391 -

392 /* Check whether an extension's context matches the current context */ -

393 static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) -

394 { -

395 /* Check we're allowed to use this extension in this context */ -

396

if ((thisctx & extctx) == 0)

(thisctx & extctx) == 0	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 43031 times by 1 test Evaluated by: libssl.so.1.1

13-43031

397

return 0;

executed 13 times by 1 test: return 0;

Executed by:

libssl.so.1.1

398 -

399

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 2542 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 40489 times by 1 test Evaluated by: libssl.so.1.1

2542-40489

400

if ((extctx & SSL_EXT_TLS_ONLY) != 0)

(extctx & 0x0001) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2542 times by 1 test Evaluated by: libssl.so.1.1

0-2542

401

return 0;

never executed: return 0;

402

} else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) {

executed 2542 times by 1 test: end of block

Executed by:

libssl.so.1.1

(extctx & 0x0002) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 40487 times by 1 test Evaluated by: libssl.so.1.1

2-40487

403

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

404 } -

405 -

406

return 1;

executed 43029 times by 1 test: return 1;

Executed by:

libssl.so.1.1

43029

407 } -

408 -

409 int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) -

410 { -

411 size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset; -

412 RAW_EXTENSION *thisext; -

413 unsigned int context; -

414 ENDPOINT role = ENDPOINT_BOTH; -

415 -

416

if ((thisctx & SSL_EXT_CLIENT_HELLO) != 0)

(thisctx & 0x0080) != 0	Description
TRUE	never evaluated
FALSE	evaluated 3492 times by 1 test Evaluated by: libssl.so.1.1

0-3492

417

role = ENDPOINT_SERVER;

never executed: role = ENDPOINT_SERVER;

418

else if ((thisctx & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)

(thisctx & 0x0100) != 0	Description
TRUE	evaluated 2856 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 636 times by 1 test Evaluated by: libssl.so.1.1

636-2856

419

role = ENDPOINT_CLIENT;

executed 2856 times by 1 test: role = ENDPOINT_CLIENT;

Executed by:

libssl.so.1.1

2856

420 -

421 /* Calculate the number of extensions in the extensions list */ -

422 num_exts = builtin_num + s->cert->custext.meths_count; -

423 -

424

for (thisext = exts, i = 0; i < num_exts; i++, thisext++) {

i < num_exts	Description
TRUE	evaluated 90758 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3489 times by 1 test Evaluated by: libssl.so.1.1

3489-90758

425

if (!thisext->present)

!thisext->present	Description
TRUE	evaluated 80860 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9898 times by 1 test Evaluated by: libssl.so.1.1

9898-80860

426

continue;

executed 80860 times by 1 test: continue;

Executed by:

libssl.so.1.1

80860

427 -

428

if (i < builtin_num) {

i < builtin_num	Description
TRUE	evaluated 9884 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1

14-9884

429 context = ext_defs[i].context; -

430

} else {

executed 9884 times by 1 test: end of block

Executed by:

libssl.so.1.1

9884

431 custom_ext_method *meth = NULL; -

432 -

433 meth = custom_ext_find(&s->cert->custext, role, thisext->type, -

434 &offset); -

435

if (!ossl_assert(meth != NULL))

!((meth != ((void *)0) ) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1

0-14

436

return 0;

never executed: return 0;

437 context = meth->context; -

438

}

executed 14 times by 1 test: end of block

Executed by:

libssl.so.1.1

439 -

440

if (!validate_context(s, context, thisctx))

!validate_cont...text, thisctx)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9895 times by 1 test Evaluated by: libssl.so.1.1

3-9895

441

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

442

}

executed 9895 times by 1 test: end of block

Executed by:

libssl.so.1.1

9895

443 -

444

return 1;

executed 3489 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3489

445 } -

446 -

447 /* -

448 * Verify whether we are allowed to use the extension |type| in the current -

449 * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to -

450 * indicate the extension is not allowed. If returning 1 then |*found| is set to -

451 * the definition for the extension we found. -

452 */ -

453 static int verify_extension(SSL *s, unsigned int context, unsigned int type, -

454 custom_ext_methods *meths, RAW_EXTENSION *rawexlist, -

455 RAW_EXTENSION **found) -

456 { -

457 size_t i; -

458 size_t builtin_num = OSSL_NELEM(ext_defs); -

459 const EXTENSION_DEFINITION *thisext; -

460 -

461

for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) {

i < builtin_num	Description
TRUE	evaluated 466521 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4344 times by 1 test Evaluated by: libssl.so.1.1

4344-466521

462

if (type == thisext->type) {

type == thisext->type	Description
TRUE	evaluated 33107 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 433414 times by 1 test Evaluated by: libssl.so.1.1

33107-433414

463

if (!validate_context(s, thisext->context, context))

!validate_cont...text, context)	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33095 times by 1 test Evaluated by: libssl.so.1.1

12-33095

464

return 0;

executed 12 times by 1 test: return 0;

Executed by:

libssl.so.1.1

465 -

466 *found = &rawexlist[i]; -

467

return 1;

executed 33095 times by 1 test: return 1;

Executed by:

libssl.so.1.1

33095

468 } -

469

}

executed 433414 times by 1 test: end of block

Executed by:

libssl.so.1.1

433414

470 -

471 /* Check the custom extensions */ -

472

if (meths != NULL) {

meths != ((void *)0)	Description
TRUE	evaluated 4344 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4344

473 size_t offset = 0; -

474 ENDPOINT role = ENDPOINT_BOTH; -

475 custom_ext_method *meth = NULL; -

476 -

477

if ((context & SSL_EXT_CLIENT_HELLO) != 0)

(context & 0x0080) != 0	Description
TRUE	evaluated 2133 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2211 times by 1 test Evaluated by: libssl.so.1.1

2133-2211

478

role = ENDPOINT_SERVER;

executed 2133 times by 1 test: role = ENDPOINT_SERVER;

Executed by:

libssl.so.1.1

2133

479

else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)

(context & 0x0100) != 0	Description
TRUE	evaluated 1039 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1172 times by 1 test Evaluated by: libssl.so.1.1

1039-1172

480

role = ENDPOINT_CLIENT;

executed 1039 times by 1 test: role = ENDPOINT_CLIENT;

Executed by:

libssl.so.1.1

1039

481 -

482 meth = custom_ext_find(meths, role, type, &offset); -

483

if (meth != NULL) {

meth != ((void *)0)	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4305 times by 1 test Evaluated by: libssl.so.1.1

39-4305

484

if (!validate_context(s, meth->context, context))

!validate_cont...text, context)	Description
TRUE	never evaluated
FALSE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1

0-39

485

return 0;

never executed: return 0;

486 *found = &rawexlist[offset + builtin_num]; -

487

return 1;

executed 39 times by 1 test: return 1;

Executed by:

libssl.so.1.1

488 } -

489

}

executed 4305 times by 1 test: end of block

Executed by:

libssl.so.1.1

4305

490 -

491 /* Unknown extension. We allow it */ -

492 *found = NULL; -

493

return 1;

executed 4305 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4305

494 } -

495 -

496 /* -

497 * Check whether the context defined for an extension |extctx| means whether -

498 * the extension is relevant for the current context |thisctx| or not. Returns -

499 * 1 if the extension is relevant for this context, and 0 otherwise -

500 */ -

501 int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) -

502 { -

503 int is_tls13; -

504 -

505 /* -

506 * For HRR we haven't selected the version yet but we know it will be -

507 * TLSv1.3 -

508 */ -

509

if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)

(thisctx & 0x0800) != 0	Description
TRUE	evaluated 1072 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 268271 times by 1 test Evaluated by: libssl.so.1.1

1072-268271

510

is_tls13 = 1;

executed 1072 times by 1 test: is_tls13 = 1;

Executed by:

libssl.so.1.1

1072

511 else -

512

is_tls13 = SSL_IS_TLS13(s);

executed 268271 times by 1 test:

is_tls13 = (!(s->method->ssl3_enc->enc_flags & 0x8) && (s)->method->version >= 0x0304 && (s)->method->version != 0x10000);

Executed by:

libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 254914 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13357 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 219061 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 35853 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 23738 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 195323 times by 1 test Evaluated by: libssl.so.1.1

13357-268271

513 -

514

if ((SSL_IS_DTLS(s)

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 13357 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 255986 times by 1 test Evaluated by: libssl.so.1.1

13357-255986

515

&& (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)

(extctx & 0x0004) != 0	Description
TRUE	evaluated 1150 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12207 times by 1 test Evaluated by: libssl.so.1.1

1150-12207

516

|| (s->version == SSL3_VERSION

s->version == 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 268193 times by 1 test Evaluated by: libssl.so.1.1

0-268193

517

&& (extctx & SSL_EXT_SSL3_ALLOWED) == 0)

(extctx & 0x0008) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

518 /* -

519 * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", -

520 * which is never true when generating the ClientHello. -

521 * However, version negotiation *has* occurred by the time the -

522 * ClientHello extensions are being parsed. -

523 * Be careful to allow TLS 1.3-only extensions when generating -

524 * the ClientHello. -

525 */ -

526

|| (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)

is_tls13	Description
TRUE	evaluated 24810 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 243383 times by 1 test Evaluated by: libssl.so.1.1

(extctx & 0x0010) != 0	Description
TRUE	evaluated 4091 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20719 times by 1 test Evaluated by: libssl.so.1.1

4091-243383

527

|| (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0

!is_tls13	Description
TRUE	evaluated 243383 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20719 times by 1 test Evaluated by: libssl.so.1.1

(extctx & 0x0020) != 0	Description
TRUE	evaluated 44868 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 198515 times by 1 test Evaluated by: libssl.so.1.1

20719-243383

528

&& (thisctx & SSL_EXT_CLIENT_HELLO) == 0)

(thisctx & 0x0080) == 0	Description
TRUE	never evaluated
FALSE	evaluated 44868 times by 1 test Evaluated by: libssl.so.1.1

0-44868

529

|| (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)

s->server	Description
TRUE	evaluated 97816 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 166286 times by 1 test Evaluated by: libssl.so.1.1

!is_tls13	Description
TRUE	evaluated 81280 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16536 times by 1 test Evaluated by: libssl.so.1.1

(extctx & 0x0020) != 0	Description
TRUE	evaluated 11069 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 70211 times by 1 test Evaluated by: libssl.so.1.1

11069-166286

530

|| (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))

s->hit	Description
TRUE	evaluated 4013 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 249020 times by 1 test Evaluated by: libssl.so.1.1

(extctx & 0x0040) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4011 times by 1 test Evaluated by: libssl.so.1.1

2-249020

531

return 0;

executed 16312 times by 1 test: return 0;

Executed by:

libssl.so.1.1

16312

532

return 1;

executed 253031 times by 1 test: return 1;

Executed by:

libssl.so.1.1

253031

533 } -

534 -

535 /* -

536 * Gather a list of all the extensions from the data in |packet]. |context| -

537 * tells us which message this extension is for. The raw extension data is -

538 * stored in |*res| on success. We don't actually process the content of the -

539 * extensions yet, except to check their types. This function also runs the -

540 * initialiser functions for all known extensions if |init| is nonzero (whether -

541 * we have collected them or not). If successful the caller is responsible for -

542 * freeing the contents of |*res|. -

543 * -

544 * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be -

545 * more than one extension of the same type in a ClientHello or ServerHello. -

546 * This function returns 1 if all extensions are unique and we have parsed their -

547 * types, and 0 if the extensions contain duplicates, could not be successfully -

548 * found, or an internal error occurred. We only check duplicates for -

549 * extensions that we know about. We ignore others. -

550 */ -

551 int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, -

552 RAW_EXTENSION **res, size_t *len, int init) -

553 { -

554 PACKET extensions = *packet; -

555 size_t i = 0; -

556 size_t num_exts; -

557 custom_ext_methods *exts = &s->cert->custext; -

558 RAW_EXTENSION *raw_extensions = NULL; -

559 const EXTENSION_DEFINITION *thisexd; -

560 -

561 *res = NULL; -

562 -

563 /* -

564 * Initialise server side custom extensions. Client side is done during -

565 * construction of extensions for the ClientHello. -

566 */ -

567

if ((context & SSL_EXT_CLIENT_HELLO) != 0)

(context & 0x0080) != 0	Description
TRUE	evaluated 3693 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6709 times by 1 test Evaluated by: libssl.so.1.1

3693-6709

568

custom_ext_init(&s->cert->custext);

executed 3693 times by 1 test: custom_ext_init(&s->cert->custext);

Executed by:

libssl.so.1.1

3693

569 -

570

num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0);

exts != ((void *)0)	Description
TRUE	evaluated 10402 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-10402

571 raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions)); -

572

if (raw_extensions == NULL) {

raw_extensions == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10402 times by 1 test Evaluated by: libssl.so.1.1

0-10402

573 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS, -

574 ERR_R_MALLOC_FAILURE); -

575

return 0;

never executed: return 0;

576 } -

577 -

578 i = 0; -

579

while (PACKET_remaining(&extensions) > 0) {

PACKET_remaini...xtensions) > 0	Description
TRUE	evaluated 37466 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10333 times by 1 test Evaluated by: libssl.so.1.1

10333-37466

580 unsigned int type, idx; -

581 PACKET extension; -

582 RAW_EXTENSION *thisex; -

583 -

584

if (!PACKET_get_net_2(&extensions, &type) ||

!PACKET_get_ne...nsions, &type)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 37462 times by 1 test Evaluated by: libssl.so.1.1

4-37462

585

!PACKET_get_length_prefixed_2(&extensions, &extension)) {

!PACKET_get_le...s, &extension)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 37451 times by 1 test Evaluated by: libssl.so.1.1

11-37451

586 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS, -

587 SSL_R_BAD_EXTENSION); -

588

goto err;

executed 15 times by 1 test: goto err;

Executed by:

libssl.so.1.1

589 } -

590 /* -

591 * Verify this extension is allowed. We only check duplicates for -

592 * extensions that we recognise. We also have a special case for the -

593 * PSK extension, which must be the last one in the ClientHello. -

594 */ -

595

if (!verify_extension(s, context, type, exts, raw_extensions, &thisex)

!verify_extens...ions, &thisex)	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 37439 times by 1 test Evaluated by: libssl.so.1.1

12-37439

596

|| (thisex != NULL && thisex->present == 1)

thisex != ((void *)0)	Description
TRUE	evaluated 33134 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4305 times by 1 test Evaluated by: libssl.so.1.1

thisex->present == 1	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33103 times by 1 test Evaluated by: libssl.so.1.1

31-33134

597

|| (type == TLSEXT_TYPE_psk

type == 41	Description
TRUE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 37100 times by 1 test Evaluated by: libssl.so.1.1

308-37100

598

&& (context & SSL_EXT_CLIENT_HELLO) != 0

(context & 0x0080) != 0	Description
TRUE	evaluated 200 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 108 times by 1 test Evaluated by: libssl.so.1.1

108-200

599

&& PACKET_remaining(&extensions) != 0)) {

PACKET_remaini...tensions) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 198 times by 1 test Evaluated by: libssl.so.1.1

2-198

600 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_COLLECT_EXTENSIONS, -

601 SSL_R_BAD_EXTENSION); -

602

goto err;

executed 45 times by 1 test: goto err;

Executed by:

libssl.so.1.1

603 } -

604 idx = thisex - raw_extensions; -

605 /*- -

606 * Check that we requested this extension (if appropriate). Requests can -

607 * be sent in the ClientHello and CertificateRequest. Unsolicited -

608 * extensions can be sent in the NewSessionTicket. We only do this for -

609 * the built-in extensions. Custom extensions have a different but -

610 * similar check elsewhere. -

611 * Special cases: -

612 * - The HRR cookie extension is unsolicited -

613 * - The renegotiate extension is unsolicited (the client signals -

614 * support via an SCSV) -

615 * - The signed_certificate_timestamp extension can be provided by a -

616 * custom extension or by the built-in version. We let the extension -

617 * itself handle unsolicited response checks. -

618 */ -

619

if (idx < OSSL_NELEM(ext_defs)

idx < (sizeof(...ext_defs)[0]))	Description
TRUE	evaluated 33062 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4344 times by 1 test Evaluated by: libssl.so.1.1

4344-33062

620

&& (context & (SSL_EXT_CLIENT_HELLO

(context & (0x... 0x2000)) == 0	Description
TRUE	evaluated 11272 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21790 times by 1 test Evaluated by: libssl.so.1.1

11272-21790

621

| SSL_EXT_TLS1_3_CERTIFICATE_REQUEST

(context & (0x... 0x2000)) == 0	Description
TRUE	evaluated 11272 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21790 times by 1 test Evaluated by: libssl.so.1.1

11272-21790

622

| SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0

(context & (0x... 0x2000)) == 0	Description
TRUE	evaluated 11272 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21790 times by 1 test Evaluated by: libssl.so.1.1

11272-21790

623

&& type != TLSEXT_TYPE_cookie

type != 44	Description
TRUE	evaluated 11128 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

144-11128

624

&& type != TLSEXT_TYPE_renegotiate

type != 0xff01	Description
TRUE	evaluated 8353 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2775 times by 1 test Evaluated by: libssl.so.1.1

2775-8353

625

&& type != TLSEXT_TYPE_signed_certificate_timestamp

type != 18	Description
TRUE	evaluated 8344 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

9-8344

626

&& (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {

(s->ext.extfla...x] & 0x2) == 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8335 times by 1 test Evaluated by: libssl.so.1.1

9-8335

627 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, -

628 SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION); -

629

goto err;

executed 9 times by 1 test: goto err;

Executed by:

libssl.so.1.1

630 } -

631

if (thisex != NULL) {

thisex != ((void *)0)	Description
TRUE	evaluated 33092 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4305 times by 1 test Evaluated by: libssl.so.1.1

4305-33092

632 thisex->data = extension; -

633 thisex->present = 1; -

634 thisex->type = type; -

635 thisex->received_order = i++; -

636

if (s->ext.debug_cb)

s->ext.debug_cb	Description
TRUE	never evaluated
FALSE	evaluated 33092 times by 1 test Evaluated by: libssl.so.1.1

0-33092

637

s->ext.debug_cb(s, !s->server, thisex->type,

never executed:

s->ext.debug_cb(s, !s->server, thisex->type, PACKET_data(&thisex->data), PACKET_remaining(&thisex->data), s->ext.debug_arg);

638

PACKET_data(&thisex->data),

never executed:

s->ext.debug_cb(s, !s->server, thisex->type, PACKET_data(&thisex->data), PACKET_remaining(&thisex->data), s->ext.debug_arg);

639

PACKET_remaining(&thisex->data),

never executed:

s->ext.debug_cb(s, !s->server, thisex->type, PACKET_data(&thisex->data), PACKET_remaining(&thisex->data), s->ext.debug_arg);

640

s->ext.debug_arg);

never executed:

s->ext.debug_cb(s, !s->server, thisex->type, PACKET_data(&thisex->data), PACKET_remaining(&thisex->data), s->ext.debug_arg);

641

}

executed 33092 times by 1 test: end of block

Executed by:

libssl.so.1.1

33092

642

}

executed 37397 times by 1 test: end of block

Executed by:

libssl.so.1.1

37397

643 -

644

if (init) {

init	Description
TRUE	evaluated 10233 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 100 times by 1 test Evaluated by: libssl.so.1.1

100-10233

645 /* -

646 * Initialise all known extensions relevant to this context, -

647 * whether we have found them or not -

648 */ -

649

for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs);

i < (sizeof(ex...ext_defs)[0]))	Description
TRUE	evaluated 266058 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10233 times by 1 test Evaluated by: libssl.so.1.1

10233-266058

650 i++, thisexd++) { -

651

if (thisexd->init != NULL && (thisexd->context & context) != 0

thisexd->init != ((void *)0)	Description
TRUE	evaluated 143262 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 122796 times by 1 test Evaluated by: libssl.so.1.1

(thisexd->cont... context) != 0	Description
TRUE	evaluated 84149 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 59113 times by 1 test Evaluated by: libssl.so.1.1

59113-143262

652

&& extension_is_relevant(s, thisexd->context, context)

extension_is_r...text, context)	Description
TRUE	evaluated 73048 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11101 times by 1 test Evaluated by: libssl.so.1.1

11101-73048

653

&& !thisexd->init(s, context)) {

!thisexd->init(s, context)	Description
TRUE	never evaluated
FALSE	evaluated 73048 times by 1 test Evaluated by: libssl.so.1.1

0-73048

654 /* SSLfatal() already called */ -

655

goto err;

never executed: goto err;

656 } -

657

}

executed 266058 times by 1 test: end of block

Executed by:

libssl.so.1.1

266058

658

}

executed 10233 times by 1 test: end of block

Executed by:

libssl.so.1.1

10233

659 -

660 *res = raw_extensions; -

661

if (len != NULL)

len != ((void *)0)	Description
TRUE	evaluated 3657 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6676 times by 1 test Evaluated by: libssl.so.1.1

3657-6676

662

*len = num_exts;

executed 3657 times by 1 test: *len = num_exts;

Executed by:

libssl.so.1.1

3657

663

return 1;

executed 10333 times by 1 test: return 1;

Executed by:

libssl.so.1.1

10333

664 -

665 err: -

666 OPENSSL_free(raw_extensions); -

667

return 0;

executed 69 times by 1 test: return 0;

Executed by:

libssl.so.1.1

668 } -

669 -

670 /* -

671 * Runs the parser for a given extension with index |idx|. |exts| contains the -

672 * list of all parsed extensions previously collected by -

673 * tls_collect_extensions(). The parser is only run if it is applicable for the -

674 * given |context| and the parser has not already been run. If this is for a -

675 * Certificate message, then we also provide the parser with the relevant -

676 * Certificate |x| and its position in the |chainidx| with 0 being the first -

677 * Certificate. Returns 1 on success or 0 on failure. If an extension is not -

678 * present this counted as success. -

679 */ -

680 int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, -

681 RAW_EXTENSION *exts, X509 *x, size_t chainidx) -

682 { -

683 RAW_EXTENSION *currext = &exts[idx]; -

684 int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, -

685 size_t chainidx) = NULL; -

686 -

687 /* Skip if the extension is not present */ -

688

if (!currext->present)

!currext->present	Description
TRUE	evaluated 213464 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 34722 times by 1 test Evaluated by: libssl.so.1.1

34722-213464

689

return 1;

executed 213464 times by 1 test: return 1;

Executed by:

libssl.so.1.1

213464

690 -

691 /* Skip if we've already parsed this extension */ -

692

if (currext->parsed)

currext->parsed	Description
TRUE	evaluated 5214 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 29508 times by 1 test Evaluated by: libssl.so.1.1

5214-29508

693

return 1;

executed 5214 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5214

694 -

695 currext->parsed = 1; -

696 -

697

if (idx < OSSL_NELEM(ext_defs)) {

idx < (sizeof(...ext_defs)[0]))	Description
TRUE	evaluated 29469 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1

39-29469

698 /* We are handling a built-in extension */ -

699 const EXTENSION_DEFINITION *extdef = &ext_defs[idx]; -

700 -

701 /* Check if extension is defined for our protocol. If not, skip */ -

702

if (!extension_is_relevant(s, extdef->context, context))

!extension_is_...text, context)	Description
TRUE	evaluated 4249 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 25220 times by 1 test Evaluated by: libssl.so.1.1

4249-25220

703

return 1;

executed 4249 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4249

704 -

705

parser = s->server ? extdef->parse_ctos : extdef->parse_stoc;

s->server	Description
TRUE	evaluated 14488 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10732 times by 1 test Evaluated by: libssl.so.1.1

10732-14488

706 -

707

if (parser != NULL)

parser != ((void *)0)	Description
TRUE	evaluated 24926 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 294 times by 1 test Evaluated by: libssl.so.1.1

294-24926

708

return parser(s, &currext->data, context, x, chainidx);

executed 24926 times by 1 test: return parser(s, &currext->data, context, x, chainidx);

Executed by:

libssl.so.1.1

24926

709 -

710 /* -

711 * If the parser is NULL we fall through to the custom extension -

712 * processing -

713 */ -

714

}

executed 294 times by 1 test: end of block

Executed by:

libssl.so.1.1

294

715 -

716 /* Parse custom extensions */ -

717

return custom_ext_parse(s, context, currext->type,

executed 333 times by 1 test:

return custom_ext_parse(s, context, currext->type, PACKET_data(&currext->data), PACKET_remaining(&currext->data), x, chainidx);

Executed by:

libssl.so.1.1

333

718

PACKET_data(&currext->data),

executed 333 times by 1 test:

return custom_ext_parse(s, context, currext->type, PACKET_data(&currext->data), PACKET_remaining(&currext->data), x, chainidx);

Executed by:

libssl.so.1.1

333

719

PACKET_remaining(&currext->data),

executed 333 times by 1 test:

return custom_ext_parse(s, context, currext->type, PACKET_data(&currext->data), PACKET_remaining(&currext->data), x, chainidx);

Executed by:

libssl.so.1.1

333

720

x, chainidx);

executed 333 times by 1 test:

return custom_ext_parse(s, context, currext->type, PACKET_data(&currext->data), PACKET_remaining(&currext->data), x, chainidx);

Executed by:

libssl.so.1.1

333

721 } -

722 -

723 /* -

724 * Parse all remaining extensions that have not yet been parsed. Also calls the -

725 * finalisation for all extensions at the end if |fin| is nonzero, whether we -

726 * collected them or not. Returns 1 for success or 0 for failure. If we are -

727 * working on a Certificate message then we also pass the Certificate |x| and -

728 * its position in the |chainidx|, with 0 being the first certificate. -

729 */ -

730 int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, -

731 size_t chainidx, int fin) -

732 { -

733 size_t i, numexts = OSSL_NELEM(ext_defs); -

734 const EXTENSION_DEFINITION *thisexd; -

735 -

736 /* Calculate the number of extensions in the extensions list */ -

737 numexts += s->cert->custext.meths_count; -

738 -

739 /* Parse each extension in turn */ -

740

for (i = 0; i < numexts; i++) {

i < numexts	Description
TRUE	evaluated 238354 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9001 times by 1 test Evaluated by: libssl.so.1.1

9001-238354

741

if (!tls_parse_extension(s, i, context, exts, x, chainidx)) {

!tls_parse_ext..., x, chainidx)	Description
TRUE	evaluated 379 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 237975 times by 1 test Evaluated by: libssl.so.1.1

379-237975

742 /* SSLfatal() already called */ -

743

return 0;

executed 379 times by 1 test: return 0;

Executed by:

libssl.so.1.1

379

744 } -

745

}

executed 237975 times by 1 test: end of block

Executed by:

libssl.so.1.1

237975

746 -

747

if (fin) {

fin	Description
TRUE	evaluated 8901 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 100 times by 1 test Evaluated by: libssl.so.1.1

100-8901

748 /* -

749 * Finalise all known extensions relevant to this context, -

750 * whether we have found them or not -

751 */ -

752

for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs);

i < (sizeof(ex...ext_defs)[0]))	Description
TRUE	evaluated 231175 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8872 times by 1 test Evaluated by: libssl.so.1.1

8872-231175

753 i++, thisexd++) { -

754

if (thisexd->final != NULL && (thisexd->context & context) != 0

thisexd->final != ((void *)0)	Description
TRUE	evaluated 80055 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 151120 times by 1 test Evaluated by: libssl.so.1.1

(thisexd->cont... context) != 0	Description
TRUE	evaluated 46006 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 34049 times by 1 test Evaluated by: libssl.so.1.1

34049-151120

755

&& !thisexd->final(s, context, exts[i].present)) {

!thisexd->fina...ts[i].present)	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 45977 times by 1 test Evaluated by: libssl.so.1.1

29-45977

756 /* SSLfatal() already called */ -

757

return 0;

executed 29 times by 1 test: return 0;

Executed by:

libssl.so.1.1

758 } -

759

}

executed 231146 times by 1 test: end of block

Executed by:

libssl.so.1.1

231146

760

}

executed 8872 times by 1 test: end of block

Executed by:

libssl.so.1.1

8872

761 -

762

return 1;

executed 8972 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8972

763 } -

764 -

765 int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, -

766 int max_version) -

767 { -

768 /* Skip if not relevant for our context */ -

769

if ((extctx & thisctx) == 0)

(extctx & thisctx) == 0	Description
TRUE	evaluated 109840 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 155678 times by 1 test Evaluated by: libssl.so.1.1

109840-155678

770

return 0;

executed 109840 times by 1 test: return 0;

Executed by:

libssl.so.1.1

109840

771 -

772 /* Check if this extension is defined for our protocol. If not, skip */ -

773

if (!extension_is_relevant(s, extctx, thisctx)

!extension_is_...tctx, thisctx)	Description
TRUE	evaluated 961 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 154717 times by 1 test Evaluated by: libssl.so.1.1

961-154717

774

|| ((extctx & SSL_EXT_TLS1_3_ONLY) != 0

(extctx & 0x0020) != 0	Description
TRUE	evaluated 37671 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 117046 times by 1 test Evaluated by: libssl.so.1.1

37671-117046

775

&& (thisctx & SSL_EXT_CLIENT_HELLO) != 0

(thisctx & 0x0080) != 0	Description
TRUE	evaluated 33799 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3872 times by 1 test Evaluated by: libssl.so.1.1

3872-33799

776

&& (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)))

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 576 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33223 times by 1 test Evaluated by: libssl.so.1.1

max_version < 0x0304	Description
TRUE	evaluated 5803 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27420 times by 1 test Evaluated by: libssl.so.1.1

576-33223

777

return 0;

executed 7340 times by 1 test: return 0;

Executed by:

libssl.so.1.1

7340

778 -

779

return 1;

executed 148338 times by 1 test: return 1;

Executed by:

libssl.so.1.1

148338

780 } -

781 -

782 /* -

783 * Construct all the extensions relevant to the current |context| and write -

784 * them to |pkt|. If this is an extension for a Certificate in a Certificate -

785 * message, then |x| will be set to the Certificate we are handling, and -

786 * |chainidx| will indicate the position in the chainidx we are processing (with -

787 * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a -

788 * failure construction stops at the first extension to fail to construct. -

789 */ -

790 int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, -

791 X509 *x, size_t chainidx) -

792 { -

793 size_t i; -

794 int min_version, max_version = 0, reason; -

795 const EXTENSION_DEFINITION *thisexd; -

796 -

797

if (!WPACKET_start_sub_packet_u16(pkt)

!WPACKET_start...en__((pkt), 2)	Description
TRUE	never evaluated
FALSE	evaluated 10211 times by 1 test Evaluated by: libssl.so.1.1

0-10211

798 /* -

799 * If extensions are of zero length then we don't even add the -

800 * extensions length bytes to a ClientHello/ServerHello -

801 * (for non-TLSv1.3). -

802 */ -

803

|| ((context &

(context & (0x... 0x0100)) != 0	Description
TRUE	evaluated 6449 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3762 times by 1 test Evaluated by: libssl.so.1.1

3762-6449

804

(SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0

(context & (0x... 0x0100)) != 0	Description
TRUE	evaluated 6449 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3762 times by 1 test Evaluated by: libssl.so.1.1

3762-6449

805

&& !WPACKET_set_flags(pkt,

!WPACKET_set_flags(pkt, 2)	Description
TRUE	never evaluated
FALSE	evaluated 6449 times by 1 test Evaluated by: libssl.so.1.1

0-6449

806

WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {

!WPACKET_set_flags(pkt, 2)	Description
TRUE	never evaluated
FALSE	evaluated 6449 times by 1 test Evaluated by: libssl.so.1.1

0-6449

807 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, -

808 ERR_R_INTERNAL_ERROR); -

809

return 0;

never executed: return 0;

810 } -

811 -

812

if ((context & SSL_EXT_CLIENT_HELLO) != 0) {

(context & 0x0080) != 0	Description
TRUE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5272 times by 1 test Evaluated by: libssl.so.1.1

4939-5272

813 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); -

814

if (reason != 0) {

reason != 0	Description
TRUE	never evaluated
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

0-4939

815 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, -

816 reason); -

817

return 0;

never executed: return 0;

818 } -

819

}

executed 4939 times by 1 test: end of block

Executed by:

libssl.so.1.1

4939

820 -

821 /* Add custom extensions first */ -

822

if ((context & SSL_EXT_CLIENT_HELLO) != 0) {

(context & 0x0080) != 0	Description
TRUE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5272 times by 1 test Evaluated by: libssl.so.1.1

4939-5272

823 /* On the server side with initialise during ClientHello parsing */ -

824 custom_ext_init(&s->cert->custext); -

825

}

executed 4939 times by 1 test: end of block

Executed by:

libssl.so.1.1

4939

826

if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) {

!custom_ext_ad..., max_version)	Description
TRUE	never evaluated
FALSE	evaluated 10211 times by 1 test Evaluated by: libssl.so.1.1

0-10211

827 /* SSLfatal() already called */ -

828

return 0;

never executed: return 0;

829 } -

830 -

831

for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {

i < (sizeof(ex...ext_defs)[0]))	Description
TRUE	evaluated 265451 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10204 times by 1 test Evaluated by: libssl.so.1.1

10204-265451

832 EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, -

833 X509 *x, size_t chainidx); -

834 EXT_RETURN ret; -

835 -

836 /* Skip if not relevant for our context */ -

837

if (!should_add_extension(s, thisexd->context, context, max_version))

!should_add_ex..., max_version)	Description
TRUE	evaluated 117171 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 148280 times by 1 test Evaluated by: libssl.so.1.1

117171-148280

838

continue;

executed 117171 times by 1 test: continue;

Executed by:

libssl.so.1.1

117171

839 -

840

construct = s->server ? thisexd->construct_stoc

s->server	Description
TRUE	evaluated 32085 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 116195 times by 1 test Evaluated by: libssl.so.1.1

32085-116195

841 : thisexd->construct_ctos; -

842 -

843

if (construct == NULL)

construct == ((void *)0)	Description
TRUE	evaluated 7365 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 140915 times by 1 test Evaluated by: libssl.so.1.1

7365-140915

844

continue;

executed 7365 times by 1 test: continue;

Executed by:

libssl.so.1.1

7365

845 -

846 ret = construct(s, pkt, context, x, chainidx); -

847

if (ret == EXT_RETURN_FAIL) {

ret == EXT_RETURN_FAIL	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 140908 times by 1 test Evaluated by: libssl.so.1.1

7-140908

848 /* SSLfatal() already called */ -

849

return 0;

executed 7 times by 1 test: return 0;

Executed by:

libssl.so.1.1

850 } -

851

if (ret == EXT_RETURN_SENT

ret == EXT_RETURN_SENT	Description
TRUE	evaluated 52570 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 88338 times by 1 test Evaluated by: libssl.so.1.1

52570-88338

852

&& (context & (SSL_EXT_CLIENT_HELLO

(context & (0x... 0x2000)) != 0	Description
TRUE	evaluated 44846 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7724 times by 1 test Evaluated by: libssl.so.1.1

7724-44846

853

| SSL_EXT_TLS1_3_CERTIFICATE_REQUEST

(context & (0x... 0x2000)) != 0	Description
TRUE	evaluated 44846 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7724 times by 1 test Evaluated by: libssl.so.1.1

7724-44846

854

| SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0)

(context & (0x... 0x2000)) != 0	Description
TRUE	evaluated 44846 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7724 times by 1 test Evaluated by: libssl.so.1.1

7724-44846

855

s->ext.extflags[i] |= SSL_EXT_FLAG_SENT;

executed 44846 times by 1 test: s->ext.extflags[i] |= 0x2;

Executed by:

libssl.so.1.1

44846

856

}

executed 140908 times by 1 test: end of block

Executed by:

libssl.so.1.1

140908

857 -

858

if (!WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 10204 times by 1 test Evaluated by: libssl.so.1.1

0-10204

859 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, -

860 ERR_R_INTERNAL_ERROR); -

861

return 0;

never executed: return 0;

862 } -

863 -

864

return 1;

executed 10204 times by 1 test: return 1;

Executed by:

libssl.so.1.1

10204

865 } -

866 -

867 /* -

868 * Built in extension finalisation and initialisation functions. All initialise -

869 * or finalise the associated extension type for the given |context|. For -

870 * finalisers |sent| is set to 1 if we saw the extension during parsing, and 0 -

871 * otherwise. These functions return 1 on success or 0 on failure. -

872 */ -

873 -

874 static int final_renegotiate(SSL *s, unsigned int context, int sent) -

875 { -

876

if (!s->server) {

!s->server	Description
TRUE	evaluated 2787 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2745 times by 1 test Evaluated by: libssl.so.1.1

2745-2787

877 /* -

878 * Check if we can connect to a server that doesn't support safe -

879 * renegotiation -

880 */ -

881

if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT)

!(s->options & 0x00000004U)	Description
TRUE	never evaluated
FALSE	evaluated 2787 times by 1 test Evaluated by: libssl.so.1.1

0-2787

882

&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)

!(s->options & 0x00040000U)	Description
TRUE	never evaluated
FALSE	never evaluated

883

&& !sent) {

!sent	Description
TRUE	never evaluated
FALSE	never evaluated

884 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE, -

885 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); -

886

return 0;

never executed: return 0;

887 } -

888 -

889

return 1;

executed 2787 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2787

890 } -

891 -

892 /* Need RI if renegotiating */ -

893

if (s->renegotiate

s->renegotiate	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2723 times by 1 test Evaluated by: libssl.so.1.1

22-2723

894

&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)

!(s->options & 0x00040000U)	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-22

895

&& !sent) {

!sent	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

896 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE, -

897 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); -

898

return 0;

never executed: return 0;

899 } -

900 -

901 -

902

return 1;

executed 2745 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2745

903 } -

904 -

905 static int init_server_name(SSL *s, unsigned int context) -

906 { -

907

if (s->server) {

s->server	Description
TRUE	evaluated 3657 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4401 times by 1 test Evaluated by: libssl.so.1.1

3657-4401

908 s->servername_done = 0; -

909 -

910 OPENSSL_free(s->ext.hostname); -

911 s->ext.hostname = NULL; -

912

}

executed 3657 times by 1 test: end of block

Executed by:

libssl.so.1.1

3657

913 -

914

return 1;

executed 8058 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8058

915 } -

916 -

917 static int final_server_name(SSL *s, unsigned int context, int sent) -

918 { -

919 int ret = SSL_TLSEXT_ERR_NOACK; -

920 int altmp = SSL_AD_UNRECOGNIZED_NAME; -

921 int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0; -

922 -

923

if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {

!((s->ctx != (...d *)0) ) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 6116 times by 1 test Evaluated by: libssl.so.1.1

!((s->session_...d *)0) ) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 6116 times by 1 test Evaluated by: libssl.so.1.1

0-6116

924 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, -

925 ERR_R_INTERNAL_ERROR); -

926

return 0;

never executed: return 0;

927 } -

928 -

929

if (s->ctx->ext.servername_cb != NULL)

s->ctx->ext.se...!= ((void *)0)	Description
TRUE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5940 times by 1 test Evaluated by: libssl.so.1.1

176-5940

930

ret = s->ctx->ext.servername_cb(s, &altmp,

executed 176 times by 1 test: ret = s->ctx->ext.servername_cb(s, &altmp, s->ctx->ext.servername_arg);

Executed by:

libssl.so.1.1

176

931

s->ctx->ext.servername_arg);

executed 176 times by 1 test: ret = s->ctx->ext.servername_cb(s, &altmp, s->ctx->ext.servername_arg);

Executed by:

libssl.so.1.1

176

932

else if (s->session_ctx->ext.servername_cb != NULL)

s->session_ctx...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5940 times by 1 test Evaluated by: libssl.so.1.1

0-5940

933

ret = s->session_ctx->ext.servername_cb(s, &altmp,

never executed: ret = s->session_ctx->ext.servername_cb(s, &altmp, s->session_ctx->ext.servername_arg);

934

s->session_ctx->ext.servername_arg);

never executed: ret = s->session_ctx->ext.servername_cb(s, &altmp, s->session_ctx->ext.servername_arg);

935 -

936 /* -

937 * For servers, propagate the SNI hostname from the temporary -

938 * storage in the SSL to the persistent SSL_SESSION, now that we -

939 * know we accepted it. -

940 * Clients make this copy when parsing the server's response to -

941 * the extension, which is when they find out that the negotiation -

942 * was successful. -

943 */ -

944

if (s->server) {

s->server	Description
TRUE	evaluated 2745 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3371 times by 1 test Evaluated by: libssl.so.1.1

2745-3371

945 /* TODO(OpenSSL1.2) revisit !sent case */ -

946

if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) {

sent	Description
TRUE	evaluated 462 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2283 times by 1 test Evaluated by: libssl.so.1.1

ret == 0	Description
TRUE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 430 times by 1 test Evaluated by: libssl.so.1.1

!s->hit	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2283

947 /* Only store the hostname in the session if we accepted it. */ -

948 OPENSSL_free(s->session->ext.hostname); -

949 s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); -

950

if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) {

s->session->ex...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

s->ext.hostname != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-32

951 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, -

952 ERR_R_INTERNAL_ERROR); -

953

}

never executed: end of block

954

}

executed 32 times by 1 test: end of block

Executed by:

libssl.so.1.1

955

}

executed 2745 times by 1 test: end of block

Executed by:

libssl.so.1.1

2745

956 -

957 /* -

958 * If we switched contexts (whether here or in the client_hello callback), -

959 * move the sess_accept increment from the session_ctx to the new -

960 * context, to avoid the confusing situation of having sess_accept_good -

961 * exceed sess_accept (zero) for the new context. -

962 */ -

963

if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 6072 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1

s->ctx != s->session_ctx	Description
TRUE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6049 times by 1 test Evaluated by: libssl.so.1.1

0-6072

964 tsan_counter(&s->ctx->stats.sess_accept); -

965 tsan_counter(&s->session_ctx->stats.sess_accept); -

966

}

executed 23 times by 1 test: end of block

Executed by:

libssl.so.1.1

967 -

968 /* -

969 * If we're expecting to send a ticket, and tickets were previously enabled, -

970 * and now tickets are disabled, then turn off expected ticket. -

971 * Also, if this is not a resumption, create a new session ID -

972 */ -

973

if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected

ret == 0	Description
TRUE	evaluated 172 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5944 times by 1 test Evaluated by: libssl.so.1.1

s->ext.ticket_expected	Description
TRUE	evaluated 94 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 78 times by 1 test Evaluated by: libssl.so.1.1

78-5944

974

&& was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) {

was_ticket	Description
TRUE	evaluated 94 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(SSL_get_optio...0004000U) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 93 times by 1 test Evaluated by: libssl.so.1.1

0-94

975 s->ext.ticket_expected = 0; -

976

if (!s->hit) {

!s->hit	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

977 SSL_SESSION* ss = SSL_get_session(s); -

978 -

979

if (ss != NULL) {

ss != ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

980 OPENSSL_free(ss->ext.tick); -

981 ss->ext.tick = NULL; -

982 ss->ext.ticklen = 0; -

983 ss->ext.tick_lifetime_hint = 0; -

984 ss->ext.tick_age_add = 0; -

985 ss->ext.tick_identity = 0; -

986

if (!ssl_generate_session_id(s, ss)) {

!ssl_generate_...sion_id(s, ss)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

987 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, -

988 ERR_R_INTERNAL_ERROR); -

989

return 0;

never executed: return 0;

990 } -

991

} else {

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

992 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, -

993 ERR_R_INTERNAL_ERROR); -

994

return 0;

never executed: return 0;

995 } -

996 } -

997

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

998 -

999 switch (ret) { -

1000

case SSL_TLSEXT_ERR_ALERT_FATAL:

executed 1 time by 1 test: case 2:

Executed by:

libssl.so.1.1

1001 SSLfatal(s, altmp, SSL_F_FINAL_SERVER_NAME, SSL_R_CALLBACK_FAILED); -

1002

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1003 -

1004

case SSL_TLSEXT_ERR_ALERT_WARNING:

never executed: case 1:

1005 /* TLSv1.3 doesn't have warning alerts so we suppress this */ -

1006

if (!SSL_IS_TLS13(s))

!(s->method->s...c_flags & 0x8)	Description
TRUE	never evaluated
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	never evaluated
FALSE	never evaluated

(s)->method->v...ion != 0x10000	Description
TRUE	never evaluated
FALSE	never evaluated

1007

ssl3_send_alert(s, SSL3_AL_WARNING, altmp);

never executed: ssl3_send_alert(s, 1, altmp);

1008

return 1;

never executed: return 1;

1009 -

1010

case SSL_TLSEXT_ERR_NOACK:

executed 5943 times by 1 test: case 3:

Executed by:

libssl.so.1.1

5943

1011 s->servername_done = 0; -

1012

return 1;

executed 5943 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5943

1013 -

1014

default:

executed 172 times by 1 test: default:

Executed by:

libssl.so.1.1

172

1015

return 1;

executed 172 times by 1 test: return 1;

Executed by:

libssl.so.1.1

172

1016 } -

1017 } -

1018 -

1019 #ifndef OPENSSL_NO_EC -

1020 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) -

1021 { -

1022 unsigned long alg_k, alg_a; -

1023 -

1024

if (s->server)

s->server	Description
TRUE	evaluated 2744 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2787 times by 1 test Evaluated by: libssl.so.1.1

2744-2787

1025

return 1;

executed 2744 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2744

1026 -

1027 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -

1028 alg_a = s->s3->tmp.new_cipher->algorithm_auth; -

1029 -

1030 /* -

1031 * If we are client and using an elliptic curve cryptography cipher -

1032 * suite, then if server returns an EC point formats lists extension it -

1033 * must contain uncompressed. -

1034 */ -

1035

if (s->ext.ecpointformats != NULL

s->ext.ecpoint...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2787 times by 1 test Evaluated by: libssl.so.1.1

0-2787

1036

&& s->ext.ecpointformats_len > 0

s->ext.ecpointformats_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

1037

&& s->session->ext.ecpointformats != NULL

s->session->ex...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1038

&& s->session->ext.ecpointformats_len > 0

s->session->ex...ormats_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

1039

&& ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {

(alg_k & 0x00000004U)	Description
TRUE	never evaluated
FALSE	never evaluated

(alg_a & 0x00000008U)	Description
TRUE	never evaluated
FALSE	never evaluated

1040 /* we are using an ECC cipher */ -

1041 size_t i; -

1042 unsigned char *list = s->session->ext.ecpointformats; -

1043 -

1044

for (i = 0; i < s->session->ext.ecpointformats_len; i++) {

i < s->session...intformats_len	Description
TRUE	never evaluated
FALSE	never evaluated

1045

if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed)

*list++ == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1046

break;

never executed: break;

1047

}

never executed: end of block

1048

if (i == s->session->ext.ecpointformats_len) {

i == s->sessio...intformats_len	Description
TRUE	never evaluated
FALSE	never evaluated

1049 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS, -

1050 SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); -

1051

return 0;

never executed: return 0;

1052 } -

1053

}

never executed: end of block

1054 -

1055

return 1;

executed 2787 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2787

1056 } -

1057 #endif -

1058 -

1059 static int init_session_ticket(SSL *s, unsigned int context) -

1060 { -

1061

if (!s->server)

!s->server	Description
TRUE	evaluated 3816 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3592 times by 1 test Evaluated by: libssl.so.1.1

3592-3816

1062

s->ext.ticket_expected = 0;

executed 3816 times by 1 test: s->ext.ticket_expected = 0;

Executed by:

libssl.so.1.1

3816

1063 -

1064

return 1;

executed 7408 times by 1 test: return 1;

Executed by:

libssl.so.1.1

7408

1065 } -

1066 -

1067 #ifndef OPENSSL_NO_OCSP -

1068 static int init_status_request(SSL *s, unsigned int context) -

1069 { -

1070

if (s->server) {

s->server	Description
TRUE	evaluated 3675 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4337 times by 1 test Evaluated by: libssl.so.1.1

3675-4337

1071 s->ext.status_type = TLSEXT_STATUSTYPE_nothing; -

1072

} else {

executed 3675 times by 1 test: end of block

Executed by:

libssl.so.1.1

3675

1073 /* -

1074 * Ensure we get sensible values passed to tlsext_status_cb in the event -

1075 * that we don't receive a status message -

1076 */ -

1077 OPENSSL_free(s->ext.ocsp.resp); -

1078 s->ext.ocsp.resp = NULL; -

1079 s->ext.ocsp.resp_len = 0; -

1080

}

executed 4337 times by 1 test: end of block

Executed by:

libssl.so.1.1

4337

1081 -

1082

return 1;

executed 8012 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8012

1083 } -

1084 #endif -

1085 -

1086 #ifndef OPENSSL_NO_NEXTPROTONEG -

1087 static int init_npn(SSL *s, unsigned int context) -

1088 { -

1089 s->s3->npn_seen = 0; -

1090 -

1091

return 1;

executed 7408 times by 1 test: return 1;

Executed by:

libssl.so.1.1

7408

1092 } -

1093 #endif -

1094 -

1095 static int init_alpn(SSL *s, unsigned int context) -

1096 { -

1097 OPENSSL_free(s->s3->alpn_selected); -

1098 s->s3->alpn_selected = NULL; -

1099 s->s3->alpn_selected_len = 0; -

1100

if (s->server) {

s->server	Description
TRUE	evaluated 3657 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4401 times by 1 test Evaluated by: libssl.so.1.1

3657-4401

1101 OPENSSL_free(s->s3->alpn_proposed); -

1102 s->s3->alpn_proposed = NULL; -

1103 s->s3->alpn_proposed_len = 0; -

1104

}

executed 3657 times by 1 test: end of block

Executed by:

libssl.so.1.1

3657

1105

return 1;

executed 8058 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8058

1106 } -

1107 -

1108 static int final_alpn(SSL *s, unsigned int context, int sent) -

1109 { -

1110

if (!s->server && !sent && s->session->ext.alpn_selected != NULL)

!s->server	Description
TRUE	evaluated 3371 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2744 times by 1 test Evaluated by: libssl.so.1.1

!sent	Description
TRUE	evaluated 3350 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

s->session->ex...!= ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3346 times by 1 test Evaluated by: libssl.so.1.1

4-3371

1111

s->ext.early_data_ok = 0;

executed 4 times by 1 test: s->ext.early_data_ok = 0;

Executed by:

libssl.so.1.1

1112 -

1113

if (!s->server || !SSL_IS_TLS13(s))

!s->server	Description
TRUE	evaluated 3371 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2744 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2558 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1025 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1533 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1025 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3371

1114

return 1;

executed 5090 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5090

1115 -

1116 /* -

1117 * Call alpn_select callback if needed. Has to be done after SNI and -

1118 * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3 -

1119 * we also have to do this before we decide whether to accept early_data. -

1120 * In TLSv1.3 we've already negotiated our cipher so we do this call now. -

1121 * For < TLSv1.3 we defer it until after cipher negotiation. -

1122 * -

1123 * On failure SSLfatal() already called. -

1124 */ -

1125

return tls_handle_alpn(s);

executed 1025 times by 1 test: return tls_handle_alpn(s);

Executed by:

libssl.so.1.1

1025

1126 } -

1127 -

1128 static int init_sig_algs(SSL *s, unsigned int context) -

1129 { -

1130 /* Clear any signature algorithms extension received */ -

1131 OPENSSL_free(s->s3->tmp.peer_sigalgs); -

1132 s->s3->tmp.peer_sigalgs = NULL; -

1133 -

1134

return 1;

executed 3700 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3700

1135 } -

1136 -

1137 static int init_sig_algs_cert(SSL *s, unsigned int context) -

1138 { -

1139 /* Clear any signature algorithms extension received */ -

1140 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); -

1141 s->s3->tmp.peer_cert_sigalgs = NULL; -

1142 -

1143

return 1;

executed 3700 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3700

1144 } -

1145 -

1146 #ifndef OPENSSL_NO_SRP -

1147 static int init_srp(SSL *s, unsigned int context) -

1148 { -

1149 OPENSSL_free(s->srp_ctx.login); -

1150 s->srp_ctx.login = NULL; -

1151 -

1152

return 1;

executed 3592 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3592

1153 } -

1154 #endif -

1155 -

1156 static int init_etm(SSL *s, unsigned int context) -

1157 { -

1158 s->ext.use_etm = 0; -

1159 -

1160

return 1;

executed 7408 times by 1 test: return 1;

Executed by:

libssl.so.1.1

7408

1161 } -

1162 -

1163 static int init_ems(SSL *s, unsigned int context) -

1164 { -

1165

if (!s->server)

!s->server	Description
TRUE	evaluated 3816 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3592 times by 1 test Evaluated by: libssl.so.1.1

3592-3816

1166

s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;

executed 3816 times by 1 test: s->s3->flags &= ~0x0200;

Executed by:

libssl.so.1.1

3816

1167 -

1168

return 1;

executed 7408 times by 1 test: return 1;

Executed by:

libssl.so.1.1

7408

1169 } -

1170 -

1171 static int final_ems(SSL *s, unsigned int context, int sent) -

1172 { -

1173

if (!s->server && s->hit) {

!s->server	Description
TRUE	evaluated 2787 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2742 times by 1 test Evaluated by: libssl.so.1.1

s->hit	Description
TRUE	evaluated 65 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2722 times by 1 test Evaluated by: libssl.so.1.1

65-2787

1174 /* -

1175 * Check extended master secret extension is consistent with -

1176 * original session. -

1177 */ -

1178

if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) !=

!(s->s3->flags...->flags & 0x1)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 63 times by 1 test Evaluated by: libssl.so.1.1

2-63

1179

!(s->session->flags & SSL_SESS_FLAG_EXTMS)) {

!(s->s3->flags...->flags & 0x1)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 63 times by 1 test Evaluated by: libssl.so.1.1

2-63

1180 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, -

1181 SSL_R_INCONSISTENT_EXTMS); -

1182

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1183 } -

1184

}

executed 63 times by 1 test: end of block

Executed by:

libssl.so.1.1

1185 -

1186

return 1;

executed 5527 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5527

1187 } -

1188 -

1189 static int init_certificate_authorities(SSL *s, unsigned int context) -

1190 { -

1191 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); -

1192 s->s3->tmp.peer_ca_names = NULL; -

1193

return 1;

executed 108 times by 1 test: return 1;

Executed by:

libssl.so.1.1

108

1194 } -

1195 -

1196 static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, -

1197 unsigned int context, -

1198 X509 *x, -

1199 size_t chainidx) -

1200 { -

1201 const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s); -

1202 -

1203

if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0)

ca_sk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3960 times by 1 test Evaluated by: libssl.so.1.1

sk_X509_NAME_num(ca_sk) == 0	Description
TRUE	evaluated 3955 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-3960

1204

return EXT_RETURN_NOT_SENT;

executed 3955 times by 1 test: return EXT_RETURN_NOT_SENT;

Executed by:

libssl.so.1.1

3955

1205 -

1206

if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_certificate_authorities)

!WPACKET_put_b...pkt), (47), 2)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

1207

|| !WPACKET_start_sub_packet_u16(pkt)) {

!WPACKET_start...en__((pkt), 2)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

1208 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1209 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, -

1210 ERR_R_INTERNAL_ERROR); -

1211

return EXT_RETURN_FAIL;

never executed: return EXT_RETURN_FAIL;

1212 } -

1213 -

1214

if (!construct_ca_names(s, pkt)) {

!construct_ca_names(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

1215 /* SSLfatal() already called */ -

1216

return EXT_RETURN_FAIL;

never executed: return EXT_RETURN_FAIL;

1217 } -

1218 -

1219

if (!WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

1220 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1221 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, -

1222 ERR_R_INTERNAL_ERROR); -

1223

return EXT_RETURN_FAIL;

never executed: return EXT_RETURN_FAIL;

1224 } -

1225 -

1226

return EXT_RETURN_SENT;

executed 5 times by 1 test: return EXT_RETURN_SENT;

Executed by:

libssl.so.1.1

1227 } -

1228 -

1229 static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, -

1230 unsigned int context, X509 *x, -

1231 size_t chainidx) -

1232 { -

1233

if (!parse_ca_names(s, pkt))

!parse_ca_names(s, pkt)	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-14

1234

return 0;

executed 14 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1235

if (PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

1-7

1236 SSLfatal(s, SSL_AD_DECODE_ERROR, -

1237 SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, SSL_R_BAD_EXTENSION); -

1238

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1239 } -

1240

return 1;

executed 7 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1241 } -

1242 -

1243 #ifndef OPENSSL_NO_SRTP -

1244 static int init_srtp(SSL *s, unsigned int context) -

1245 { -

1246

if (s->server)

s->server	Description
TRUE	evaluated 3657 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4401 times by 1 test Evaluated by: libssl.so.1.1

3657-4401

1247

s->srtp_profile = NULL;

executed 3657 times by 1 test: s->srtp_profile = ((void *)0) ;

Executed by:

libssl.so.1.1

3657

1248 -

1249

return 1;

executed 8058 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8058

1250 } -

1251 #endif -

1252 -

1253 static int final_sig_algs(SSL *s, unsigned int context, int sent) -

1254 { -

1255

if (!sent && SSL_IS_TLS13(s) && !s->hit) {

!sent	Description
TRUE	evaluated 560 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2225 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 534 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 524 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!s->hit	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-2225

1256 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_SIG_ALGS, -

1257 SSL_R_MISSING_SIGALGS_EXTENSION); -

1258

return 0;

executed 9 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1259 } -

1260 -

1261

return 1;

executed 2776 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2776

1262 } -

1263 -

1264 #ifndef OPENSSL_NO_EC -

1265 static int final_key_share(SSL *s, unsigned int context, int sent) -

1266 { -

1267

if (!SSL_IS_TLS13(s))

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3846 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 2313 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1533 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1633 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 680 times by 1 test Evaluated by: libssl.so.1.1

186-3846

1268

return 1;

executed 2399 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2399

1269 -

1270 /* Nothing to do for key_share in an HRR */ -

1271

if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)

(context & 0x0800) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1633 times by 1 test Evaluated by: libssl.so.1.1

0-1633

1272

return 1;

never executed: return 1;

1273 -

1274 /* -

1275 * If -

1276 * we are a client -

1277 * AND -

1278 * we have no key_share -

1279 * AND -

1280 * (we are not resuming -

1281 * OR the kex_mode doesn't allow non key_share resumes) -

1282 * THEN -

1283 * fail; -

1284 */ -

1285

if (!s->server

!s->server	Description
TRUE	evaluated 619 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1014 times by 1 test Evaluated by: libssl.so.1.1

619-1014

1286

&& !sent

!sent	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 615 times by 1 test Evaluated by: libssl.so.1.1

4-615

1287

&& (!s->hit

!s->hit	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

1288

|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) {

(s->ext.psk_kex_mode & 1) == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

1289 /* Nothing left we can do - just fail */ -

1290 SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_KEY_SHARE, -

1291 SSL_R_NO_SUITABLE_KEY_SHARE); -

1292

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1293 } -

1294 /* -

1295 * IF -

1296 * we are a server -

1297 * THEN -

1298 * IF -

1299 * we have a suitable key_share -

1300 * THEN -

1301 * IF -

1302 * we are stateless AND we have no cookie -

1303 * THEN -

1304 * send a HelloRetryRequest -

1305 * ELSE -

1306 * IF -

1307 * we didn't already send a HelloRetryRequest -

1308 * AND -

1309 * the client sent a key_share extension -

1310 * AND -

1311 * (we are not resuming -

1312 * OR the kex_mode allows key_share resumes) -

1313 * AND -

1314 * a shared group exists -

1315 * THEN -

1316 * send a HelloRetryRequest -

1317 * ELSE IF -

1318 * we are not resuming -

1319 * OR -

1320 * the kex_mode doesn't allow non key_share resumes -

1321 * THEN -

1322 * fail -

1323 * ELSE IF -

1324 * we are stateless AND we have no cookie -

1325 * THEN -

1326 * send a HelloRetryRequest -

1327 */ -

1328

if (s->server) {

s->server	Description
TRUE	evaluated 1014 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 617 times by 1 test Evaluated by: libssl.so.1.1

617-1014

1329

if (s->s3->peer_tmp != NULL) {

s->s3->peer_tmp != ((void *)0)	Description
TRUE	evaluated 876 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 138 times by 1 test Evaluated by: libssl.so.1.1

138-876

1330 /* We have a suitable key_share */ -

1331

if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0

(s->s3->flags & 0x0800) != 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 872 times by 1 test Evaluated by: libssl.so.1.1

4-872

1332

&& !s->ext.cookieok) {

!s->ext.cookieok	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-3

1333

if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {

!((s->hello_re...RR_NONE) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

1334 /* -

1335 * If we are stateless then we wouldn't know about any -

1336 * previously sent HRR - so how can this be anything other -

1337 * than 0? -

1338 */ -

1339 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE, -

1340 ERR_R_INTERNAL_ERROR); -

1341

return 0;

never executed: return 0;

1342 } -

1343 s->hello_retry_request = SSL_HRR_PENDING; -

1344

return 1;

executed 3 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1345 } -

1346

} else {

executed 873 times by 1 test: end of block

Executed by:

libssl.so.1.1

873

1347 /* No suitable key_share */ -

1348

if (s->hello_retry_request == SSL_HRR_NONE && sent

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 133 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

sent	Description
TRUE	evaluated 128 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-133

1349

&& (!s->hit

!s->hit	Description
TRUE	evaluated 107 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

21-107

1350

|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)

(s->ext.psk_kex_mode & 2) != 0	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-20

1351

!= 0)) {

(s->ext.psk_kex_mode & 2) != 0	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-20

1352 const uint16_t *pgroups, *clntgroups; -

1353 size_t num_groups, clnt_num_groups, i; -

1354 unsigned int group_id = 0; -

1355 -

1356 /* Check if a shared group exists */ -

1357 -

1358 /* Get the clients list of supported groups. */ -

1359 tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); -

1360 tls1_get_supported_groups(s, &pgroups, &num_groups); -

1361 -

1362 /* -

1363 * Find the first group we allow that is also in client's list -

1364 */ -

1365

for (i = 0; i < num_groups; i++) {

i < num_groups	Description
TRUE	evaluated 222 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-222

1366 group_id = pgroups[i]; -

1367 -

1368

if (check_in_list(s, group_id, clntgroups, clnt_num_groups,

check_in_list(...num_groups, 1)	Description
TRUE	evaluated 123 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 99 times by 1 test Evaluated by: libssl.so.1.1

99-123

1369

1))

check_in_list(...num_groups, 1)	Description
TRUE	evaluated 123 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 99 times by 1 test Evaluated by: libssl.so.1.1

99-123

1370

break;

executed 123 times by 1 test: break;

Executed by:

libssl.so.1.1

123

1371

}

executed 99 times by 1 test: end of block

Executed by:

libssl.so.1.1

1372 -

1373

if (i < num_groups) {

i < num_groups	Description
TRUE	evaluated 123 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-123

1374 /* A shared group exists so send a HelloRetryRequest */ -

1375 s->s3->group_id = group_id; -

1376 s->hello_retry_request = SSL_HRR_PENDING; -

1377

return 1;

executed 123 times by 1 test: return 1;

Executed by:

libssl.so.1.1

123

1378 } -

1379

}

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

1380

if (!s->hit

!s->hit	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-12

1381

|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {

(s->ext.psk_kex_mode & 1) == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

1-2

1382 /* Nothing left we can do - just fail */ -

1383 SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE -

1384 : SSL_AD_MISSING_EXTENSION, -

1385 SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE); -

1386

return 0;

executed 13 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1387 } -

1388 -

1389

if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0

(s->s3->flags & 0x0800) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

1390

&& !s->ext.cookieok) {

!s->ext.cookieok	Description
TRUE	never evaluated
FALSE	never evaluated

1391

if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {

!((s->hello_re...RR_NONE) != 0)	Description
TRUE	never evaluated
FALSE	never evaluated

1392 /* -

1393 * If we are stateless then we wouldn't know about any -

1394 * previously sent HRR - so how can this be anything other -

1395 * than 0? -

1396 */ -

1397 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE, -

1398 ERR_R_INTERNAL_ERROR); -

1399

return 0;

never executed: return 0;

1400 } -

1401 s->hello_retry_request = SSL_HRR_PENDING; -

1402

return 1;

never executed: return 1;

1403 } -

1404

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

1405 -

1406 /* -

1407 * We have a key_share so don't send any more HelloRetryRequest -

1408 * messages -

1409 */ -

1410

if (s->hello_retry_request == SSL_HRR_PENDING)

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 837 times by 1 test Evaluated by: libssl.so.1.1

38-837

1411

s->hello_retry_request = SSL_HRR_COMPLETE;

executed 38 times by 1 test: s->hello_retry_request = SSL_HRR_COMPLETE;

Executed by:

libssl.so.1.1

1412

} else {

executed 875 times by 1 test: end of block

Executed by:

libssl.so.1.1

875

1413 /* -

1414 * For a client side resumption with no key_share we need to generate -

1415 * the handshake secret (otherwise this is done during key_share -

1416 * processing). -

1417 */ -

1418

if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) {

!sent	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 615 times by 1 test Evaluated by: libssl.so.1.1

!tls13_generat...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-615

1419 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE, -

1420 ERR_R_INTERNAL_ERROR); -

1421

return 0;

never executed: return 0;

1422 } -

1423

}

executed 617 times by 1 test: end of block

Executed by:

libssl.so.1.1

617

1424 -

1425

return 1;

executed 1492 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1492

1426 } -

1427 #endif -

1428 -

1429 static int init_psk_kex_modes(SSL *s, unsigned int context) -

1430 { -

1431 s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE; -

1432

return 1;

executed 65 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1433 } -

1434 -

1435 int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, -

1436 size_t binderoffset, const unsigned char *binderin, -

1437 unsigned char *binderout, SSL_SESSION *sess, int sign, -

1438 int external) -

1439 { -

1440 EVP_PKEY *mackey = NULL; -

1441 EVP_MD_CTX *mctx = NULL; -

1442 unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE]; -

1443 unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE]; -

1444 unsigned char *early_secret; -

1445 static const unsigned char resumption_label[] = "res binder"; -

1446 static const unsigned char external_label[] = "ext binder"; -

1447 const unsigned char *label; -

1448 size_t bindersize, labelsize, hashsize; -

1449 int hashsizei = EVP_MD_size(md); -

1450 int ret = -1; -

1451 int usepskfored = 0; -

1452 -

1453 /* Ensure cast to size_t is safe */ -

1454

if (!ossl_assert(hashsizei >= 0)) {

!((hashsizei >= 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1455 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1456 ERR_R_INTERNAL_ERROR); -

1457

goto err;

never executed: goto err;

1458 } -

1459 hashsize = (size_t)hashsizei; -

1460 -

1461

if (external

external	Description
TRUE	evaluated 58 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 250 times by 1 test Evaluated by: libssl.so.1.1

58-250

1462

&& s->early_data_state == SSL_EARLY_DATA_CONNECTING

s->early_data_...ATA_CONNECTING	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

13-45

1463

&& s->session->ext.max_early_data == 0

s->session->ex...arly_data == 0	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-12

1464

&& sess->ext.max_early_data > 0)

sess->ext.max_early_data > 0	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-12

1465

usepskfored = 1;

executed 12 times by 1 test: usepskfored = 1;

Executed by:

libssl.so.1.1

1466 -

1467

if (external) {

external	Description
TRUE	evaluated 58 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 250 times by 1 test Evaluated by: libssl.so.1.1

58-250

1468 label = external_label; -

1469 labelsize = sizeof(external_label) - 1; -

1470

} else {

executed 58 times by 1 test: end of block

Executed by:

libssl.so.1.1

1471 label = resumption_label; -

1472 labelsize = sizeof(resumption_label) - 1; -

1473

}

executed 250 times by 1 test: end of block

Executed by:

libssl.so.1.1

250

1474 -

1475 /* -

1476 * Generate the early_secret. On the server side we've selected a PSK to -

1477 * resume with (internal or external) so we always do this. On the client -

1478 * side we do this for a non-external (i.e. resumption) PSK or external PSK -

1479 * that will be used for early_data so that it is in place for sending early -

1480 * data. For client side external PSK not being used for early_data we -

1481 * generate it but store it away for later use. -

1482 */ -

1483

if (s->server || !external || usepskfored)

s->server	Description
TRUE	evaluated 134 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 174 times by 1 test Evaluated by: libssl.so.1.1

!external	Description
TRUE	evaluated 142 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

usepskfored	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

12-174

1484

early_secret = (unsigned char *)s->early_secret;

executed 288 times by 1 test: early_secret = (unsigned char *)s->early_secret;

Executed by:

libssl.so.1.1

288

1485 else -

1486

early_secret = (unsigned char *)sess->early_secret;

executed 20 times by 1 test: early_secret = (unsigned char *)sess->early_secret;

Executed by:

libssl.so.1.1

1487 -

1488

if (!tls13_generate_secret(s, md, NULL, sess->master_key,

!tls13_generat... early_secret)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1489

sess->master_key_length, early_secret)) {

!tls13_generat... early_secret)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1490 /* SSLfatal() already called */ -

1491

goto err;

never executed: goto err;

1492 } -

1493 -

1494 /* -

1495 * Create the handshake hash for the binder key...the messages so far are -

1496 * empty! -

1497 */ -

1498 mctx = EVP_MD_CTX_new(); -

1499

if (mctx == NULL

mctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1500

|| EVP_DigestInit_ex(mctx, md, NULL) <= 0

EVP_DigestInit...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1501

|| EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {

EVP_DigestFina...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1502 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1503 ERR_R_INTERNAL_ERROR); -

1504

goto err;

never executed: goto err;

1505 } -

1506 -

1507 /* Generate the binder key */ -

1508

if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,

!tls13_hkdf_ex...key, hashsize)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1509

hashsize, binderkey, hashsize)) {

!tls13_hkdf_ex...key, hashsize)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1510 /* SSLfatal() already called */ -

1511

goto err;

never executed: goto err;

1512 } -

1513 -

1514 /* Generate the finished key */ -

1515

if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) {

!tls13_derive_...key, hashsize)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1516 /* SSLfatal() already called */ -

1517

goto err;

never executed: goto err;

1518 } -

1519 -

1520

if (EVP_DigestInit_ex(mctx, md, NULL) <= 0) {

EVP_DigestInit...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1521 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1522 ERR_R_INTERNAL_ERROR); -

1523

goto err;

never executed: goto err;

1524 } -

1525 -

1526 /* -

1527 * Get a hash of the ClientHello up to the start of the binders. If we are -

1528 * following a HelloRetryRequest then this includes the hash of the first -

1529 * ClientHello and the HelloRetryRequest itself. -

1530 */ -

1531

if (s->hello_retry_request == SSL_HRR_PENDING) {

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 279 times by 1 test Evaluated by: libssl.so.1.1

29-279

1532 size_t hdatalen; -

1533 void *hdata; -

1534 -

1535 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); -

1536

if (hdatalen <= 0) {

hdatalen <= 0	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

1537 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1538 SSL_R_BAD_HANDSHAKE_LENGTH); -

1539

goto err;

never executed: goto err;

1540 } -

1541 -

1542 /* -

1543 * For servers the handshake buffer data will include the second -

1544 * ClientHello - which we don't want - so we need to take that bit off. -

1545 */ -

1546

if (s->server) {

s->server	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1

11-18

1547 PACKET hashprefix, msg; -

1548 -

1549 /* Find how many bytes are left after the first two messages */ -

1550

if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)

!PACKET_buf_in...ata, hdatalen)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

1551

|| !PACKET_forward(&hashprefix, 1)

!PACKET_forwar...hashprefix, 1)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

1552

|| !PACKET_get_length_prefixed_3(&hashprefix, &msg)

!PACKET_get_le...hprefix, &msg)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

1553

|| !PACKET_forward(&hashprefix, 1)

!PACKET_forwar...hashprefix, 1)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

1554

|| !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {

!PACKET_get_le...hprefix, &msg)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

1555 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1556 ERR_R_INTERNAL_ERROR); -

1557

goto err;

never executed: goto err;

1558 } -

1559 hdatalen -= PACKET_remaining(&hashprefix); -

1560

}

executed 11 times by 1 test: end of block

Executed by:

libssl.so.1.1

1561 -

1562

if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {

EVP_DigestUpda...hdatalen) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

1563 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1564 ERR_R_INTERNAL_ERROR); -

1565

goto err;

never executed: goto err;

1566 } -

1567

}

executed 29 times by 1 test: end of block

Executed by:

libssl.so.1.1

1568 -

1569

if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0

EVP_DigestUpda...eroffset) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1570

|| EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {

EVP_DigestFina...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1571 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1572 ERR_R_INTERNAL_ERROR); -

1573

goto err;

never executed: goto err;

1574 } -

1575 -

1576 mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey, -

1577 hashsize); -

1578

if (mackey == NULL) {

mackey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1579 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1580 ERR_R_INTERNAL_ERROR); -

1581

goto err;

never executed: goto err;

1582 } -

1583 -

1584

if (!sign)

!sign	Description
TRUE	evaluated 134 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 174 times by 1 test Evaluated by: libssl.so.1.1

134-174

1585

binderout = tmpbinder;

executed 134 times by 1 test: binderout = tmpbinder;

Executed by:

libssl.so.1.1

134

1586 -

1587 bindersize = hashsize; -

1588

if (EVP_DigestSignInit(mctx, NULL, md, NULL, mackey) <= 0

EVP_DigestSign..., mackey) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1589

|| EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0

EVP_DigestUpda...hashsize) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1590

|| EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0

EVP_DigestSign...ndersize) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1591

|| bindersize != hashsize) {

bindersize != hashsize	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1592 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, -

1593 ERR_R_INTERNAL_ERROR); -

1594

goto err;

never executed: goto err;

1595 } -

1596 -

1597

if (sign) {

sign	Description
TRUE	evaluated 174 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 134 times by 1 test Evaluated by: libssl.so.1.1

134-174

1598 ret = 1; -

1599

} else {

executed 174 times by 1 test: end of block

Executed by:

libssl.so.1.1

174

1600 /* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */ -

1601 ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0); -

1602

if (!ret)

!ret	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 133 times by 1 test Evaluated by: libssl.so.1.1

1-133

1603

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PSK_DO_BINDER,

executed 1 time by 1 test: ossl_statem_fatal((s), (47), (506), (253), __FILE__ , 1604 ) ;

Executed by:

libssl.so.1.1

1604

SSL_R_BINDER_DOES_NOT_VERIFY);

executed 1 time by 1 test: ossl_statem_fatal((s), (47), (506), (253), __FILE__ , 1604 ) ;

Executed by:

libssl.so.1.1

1605

}

executed 134 times by 1 test: end of block

Executed by:

libssl.so.1.1

134

1606 -

1607

err:

code before this statement executed 308 times by 1 test: err:

Executed by:

libssl.so.1.1

308

1608 OPENSSL_cleanse(binderkey, sizeof(binderkey)); -

1609 OPENSSL_cleanse(finishedkey, sizeof(finishedkey)); -

1610 EVP_PKEY_free(mackey); -

1611 EVP_MD_CTX_free(mctx); -

1612 -

1613

return ret;

executed 308 times by 1 test: return ret;

Executed by:

libssl.so.1.1

308

1614 } -

1615 -

1616 static int final_early_data(SSL *s, unsigned int context, int sent) -

1617 { -

1618

if (!sent)

!sent	Description
TRUE	evaluated 3848 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 403 times by 1 test Evaluated by: libssl.so.1.1

403-3848

1619

return 1;

executed 3848 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3848

1620 -

1621

if (!s->server) {

!s->server	Description
TRUE	evaluated 150 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 253 times by 1 test Evaluated by: libssl.so.1.1

150-253

1622

if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS

context == 0x0400	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 132 times by 1 test Evaluated by: libssl.so.1.1

18-132

1623

&& sent

sent	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-18

1624

&& !s->ext.early_data_ok) {

!s->ext.early_data_ok	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1

0-18

1625 /* -

1626 * If we get here then the server accepted our early_data but we -

1627 * later realised that it shouldn't have done (e.g. inconsistent -

1628 * ALPN) -

1629 */ -

1630 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EARLY_DATA, -

1631 SSL_R_BAD_EARLY_DATA); -

1632

return 0;

never executed: return 0;

1633 } -

1634 -

1635

return 1;

executed 150 times by 1 test: return 1;

Executed by:

libssl.so.1.1

150

1636 } -

1637 -

1638

if (s->max_early_data == 0

s->max_early_data == 0	Description
TRUE	evaluated 203 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

50-203

1639

|| !s->hit

!s->hit	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1

6-44

1640

|| s->session->ext.tick_identity != 0

s->session->ex..._identity != 0	Description
TRUE	never evaluated
FALSE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1

0-44

1641

|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING

s->early_data_...DATA_ACCEPTING	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

3-41

1642

|| !s->ext.early_data_ok

!s->ext.early_data_ok	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

6-35

1643

|| s->hello_retry_request != SSL_HRR_NONE

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

9-26

1644

|| (s->ctx->allow_early_data_cb != NULL

s->ctx->allow_...!= ((void *)0)	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1

8-18

1645

&& !s->ctx->allow_early_data_cb(s,

!s->ctx->allow..._data_cb_data)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

1646

s->ctx->allow_early_data_cb_data))) {

!s->ctx->allow..._data_cb_data)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

1647 s->ext.early_data = SSL_EARLY_DATA_REJECTED; -

1648

} else {

executed 231 times by 1 test: end of block

Executed by:

libssl.so.1.1

231

1649 s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; -

1650 -

1651

if (!tls13_change_cipher_state(s,

!tls13_change_...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

1652

SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {

!tls13_change_...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

1653 /* SSLfatal() already called */ -

1654

return 0;

never executed: return 0;

1655 } -

1656

}

executed 22 times by 1 test: end of block

Executed by:

libssl.so.1.1

1657 -

1658

return 1;

executed 253 times by 1 test: return 1;

Executed by:

libssl.so.1.1

253

1659 } -

1660 -

1661 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent) -

1662 { -

1663 /* -

1664 * Session resumption on server-side with MFL extension active -

1665 * BUT MFL extension packet was not resent (i.e. sent == 0) -

1666 */ -

1667

if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)

s->server	Description
TRUE	evaluated 2744 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3371 times by 1 test Evaluated by: libssl.so.1.1

s->hit	Description
TRUE	evaluated 216 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2528 times by 1 test Evaluated by: libssl.so.1.1

((s->session->...en_mode) >= 1)	Description
TRUE	never evaluated
FALSE	evaluated 216 times by 1 test Evaluated by: libssl.so.1.1

((s->session->...en_mode) <= 4)	Description
TRUE	never evaluated
FALSE	never evaluated

0-3371

1668

&& !sent ) {

!sent	Description
TRUE	never evaluated
FALSE	never evaluated

1669 SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_MAXFRAGMENTLEN, -

1670 SSL_R_BAD_EXTENSION); -

1671

return 0;

never executed: return 0;

1672 } -

1673 -

1674 /* Current SSL buffer is lower than requested MFL */ -

1675

if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)

s->session	Description
TRUE	evaluated 6115 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

((s->session->...en_mode) >= 1)	Description
TRUE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6082 times by 1 test Evaluated by: libssl.so.1.1

((s->session->...en_mode) <= 4)	Description
TRUE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-6115

1676

&& s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session))

s->max_send_fr...len_mode - 1))	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

6-27

1677 /* trigger a larger buffer reallocation */ -

1678

if (!ssl3_setup_buffers(s)) {

!ssl3_setup_buffers(s)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

1679 /* SSLfatal() already called */ -

1680

return 0;

never executed: return 0;

1681 } -

1682 -

1683

return 1;

executed 6115 times by 1 test: return 1;

Executed by:

libssl.so.1.1

6115

1684 } -

1685 -

1686 static int init_post_handshake_auth(SSL *s, unsigned int context) -

1687 { -

1688 s->post_handshake_auth = SSL_PHA_NONE; -

1689 -

1690

return 1;

executed 65 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1691 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2