ssl3_record.c

i < num_recs	Description
TRUE	evaluated 784736 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 24523 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

24523-784736

43

comp = r[i].comp;

-

44

-

45

memset(&r[i], 0, sizeof(*r));

-

46

r[i].comp = comp;

-

47

}

executed 784736 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

784736

48

}

executed 24523 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

24523

49

-

50

void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)

-

51

{

-

52

size_t i;

-

53

-

54

for (i = 0; i < num_recs; i++) {

i < num_recs	Description
TRUE	evaluated 265472 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 8296 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

8296-265472

55

OPENSSL_free(r[i].comp);

-

56

r[i].comp = NULL;

-

57

}

executed 265472 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

265472

58

}

executed 8296 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

8296

59

-

60

void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)

-

61

{

-

62

memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);

-

63

}

executed 3418 times by 1 test: end of block

Executed by:

libssl.so.1.1

3418

64

-

65

/*

-

66

* Peeks ahead into "read_ahead" data to see if we have a whole record waiting

-

67

* for us in the buffer.

-

68

*/

-

69

static int ssl3_record_app_data_waiting(SSL *s)

-

70

{

-

71

SSL3_BUFFER *rbuf;

-

72

size_t left, len;

-

73

unsigned char *p;

-

74

-

75

rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);

-

76

-

77

p = SSL3_BUFFER_get_buf(rbuf);

-

78

if (p == NULL)

p == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

79

return 0;

never executed: return 0;

0

80

-

81

left = SSL3_BUFFER_get_left(rbuf);

-

82

-

83

if (left < SSL3_RT_HEADER_LENGTH)

left < 5	Description
TRUE	never evaluated
FALSE	never evaluated

0

84

return 0;

never executed: return 0;

0

85

-

86

p += SSL3_BUFFER_get_offset(rbuf);

-

87

-

88

/*

-

89

* We only check the type and record length, we will sanity check version

-

90

* etc later

-

91

*/

-

92

if (*p != SSL3_RT_APPLICATION_DATA)

*p != 23	Description
TRUE	never evaluated
FALSE	never evaluated

0

93

return 0;

never executed: return 0;

0

94

-

95

p += 3;

-

96

n2s(p, len);

-

97

-

98

if (left < SSL3_RT_HEADER_LENGTH + len)

left < 5 + len	Description
TRUE	never evaluated
FALSE	never evaluated

0

99

return 0;

never executed: return 0;

0

100

-

101

return 1;

never executed: return 1;

0

102

}

-

103

-

104

int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)

-

105

{

-

106

uint32_t max_early_data;

-

107

SSL_SESSION *sess = s->session;

-

108

-

109

/*

-

110

* If we are a client then we always use the max_early_data from the

-

111

* session/psksession. Otherwise we go with the lowest out of the max early

-

112

* data set in the session and the configured max_early_data.

-

113

*/

-

114

if (!s->server && sess->ext.max_early_data == 0) {

!s->server	Description
TRUE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10812 times by 1 test Evaluated by: libssl.so.1.1

sess->ext.max_early_data == 0	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

12-10812

115

if (!ossl_assert(s->psksession != NULL

!((s->psksessi...ata > 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

s->psksession != ((void *)0)	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->psksession-...early_data > 0	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-12

116

&& s->psksession->ext.max_early_data > 0)) {

-

117

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_EARLY_DATA_COUNT_OK,

-

118

ERR_R_INTERNAL_ERROR);

-

119

return 0;

never executed: return 0;

0

120

}

-

121

sess = s->psksession;

-

122

}

executed 12 times by 1 test: end of block

Executed by:

libssl.so.1.1

12

123

-

124

if (!s->server)

!s->server	Description
TRUE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10812 times by 1 test Evaluated by: libssl.so.1.1

53-10812

125

max_early_data = sess->ext.max_early_data;

executed 53 times by 1 test: max_early_data = sess->ext.max_early_data;

Executed by:

libssl.so.1.1

53

126

else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)

s->ext.early_data != 2	Description
TRUE	evaluated 10791 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

21-10791

127

max_early_data = s->recv_max_early_data;

executed 10791 times by 1 test: max_early_data = s->recv_max_early_data;

Executed by:

libssl.so.1.1

10791

128

else

-

129

max_early_data = s->recv_max_early_data < sess->ext.max_early_data

executed 21 times by 1 test: max_early_data = s->recv_max_early_data < sess->ext.max_early_data ? s->recv_max_early_data : sess->ext.max_early_data;

Executed by:

libssl.so.1.1

s->recv_max_ea...max_early_data	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

130

? s->recv_max_early_data : sess->ext.max_early_data;

executed 21 times by 1 test: max_early_data = s->recv_max_early_data < sess->ext.max_early_data ? s->recv_max_early_data : sess->ext.max_early_data;

Executed by:

libssl.so.1.1

21

131

-

132

if (max_early_data == 0) {

max_early_data == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10862 times by 1 test Evaluated by: libssl.so.1.1

3-10862

133

SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,

-

134

SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);

-

135

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

3

136

}

-

137

-

138

/* If we are dealing with ciphertext we need to allow for the overhead */

-

139

max_early_data += overhead;

-

140

-

141

if (s->early_data_count + length > max_early_data) {

s->early_data_...max_early_data	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10860 times by 1 test Evaluated by: libssl.so.1.1

2-10860

142

SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,

-

143

SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);

-

144

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2

145

}

-

146

s->early_data_count += length;

-

147

-

148

return 1;

executed 10860 times by 1 test: return 1;

Executed by:

libssl.so.1.1

10860

149

}

-

150

-

151

/*

-

152

* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that

-

153

* will be processed per call to ssl3_get_record. Without this limit an

-

154

* attacker could send empty records at a faster rate than we can process and

-

155

* cause ssl3_get_record to loop forever.

-

156

*/

-

157

#define MAX_EMPTY_RECORDS 32

-

158

-

159

#define SSL2_RT_HEADER_LENGTH 2

-

160

/*-

-

161

* Call this to get new input records.

-

162

* It will return <= 0 if more data is needed, normally due to an error

-

163

* or non-blocking IO.

-

164

* When it finishes, |numrpipes| records have been decoded. For each record 'i':

-

165

* rr[i].type - is the type of record

-

166

* rr[i].data, - data

-

167

* rr[i].length, - number of bytes

-

168

* Multiple records will only be returned if the record types are all

-

169

* SSL3_RT_APPLICATION_DATA. The number of records returned will always be <=

-

170

* |max_pipelines|

-

171

*/

-

172

/* used only by ssl3_read_bytes */

-

173

int ssl3_get_record(SSL *s)

-

174

{

-

175

int enc_err, rret;

-

176

int i;

-

177

size_t more, n;

-

178

SSL3_RECORD *rr, *thisrr;

-

179

SSL3_BUFFER *rbuf;

-

180

SSL_SESSION *sess;

-

181

unsigned char *p;

-

182

unsigned char md[EVP_MAX_MD_SIZE];

-

183

unsigned int version;

-

184

size_t mac_size;

-

185

int imac_size;

-

186

size_t num_recs = 0, max_recs, j;

-

187

PACKET pkt, sslv2pkt;

-

188

size_t first_rec_len;

-

189

-

190

rr = RECORD_LAYER_get_rrec(&s->rlayer);

-

191

rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);

-

192

max_recs = s->max_pipelines;

-

193

if (max_recs == 0)

max_recs == 0	Description
TRUE	evaluated 80271 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-80271

194

max_recs = 1;

executed 80271 times by 1 test: max_recs = 1;

Executed by:

libssl.so.1.1

80271

195

sess = s->session;

-

196

-

197

do {

-

198

thisrr = &rr[num_recs];

-

199

-

200

/* check if we have the header */

-

201

if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||

(((&s->rlayer)...tate) != 0xF1)	Description
TRUE	evaluated 74994 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5277 times by 1 test Evaluated by: libssl.so.1.1

5277-74994

202

(RECORD_LAYER_get_packet_length(&s->rlayer)

(((&s->rlayer)...t_length) < 5)	Description
TRUE	never evaluated
FALSE	evaluated 5277 times by 1 test Evaluated by: libssl.so.1.1

0-5277

203

< SSL3_RT_HEADER_LENGTH)) {

(((&s->rlayer)...t_length) < 5)	Description
TRUE	never evaluated
FALSE	evaluated 5277 times by 1 test Evaluated by: libssl.so.1.1

0-5277

204

size_t sslv2len;

-

205

unsigned int type;

-

206

-

207

rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,

-

208

SSL3_BUFFER_get_len(rbuf), 0,

-

209

num_recs == 0 ? 1 : 0, &n);

-

210

if (rret <= 0)

rret <= 0	Description
TRUE	evaluated 23243 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 51751 times by 1 test Evaluated by: libssl.so.1.1

23243-51751

211

return rret; /* error or non-blocking */

executed 23243 times by 1 test: return rret;

Executed by:

libssl.so.1.1

23243

212

RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);

-

213

-

214

p = RECORD_LAYER_get_packet(&s->rlayer);

-

215

if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer),

!PACKET_buf_in...acket_length))	Description
TRUE	never evaluated
FALSE	evaluated 51751 times by 1 test Evaluated by: libssl.so.1.1

0-51751

216

RECORD_LAYER_get_packet_length(&s->rlayer))) {

!PACKET_buf_in...acket_length))	Description
TRUE	never evaluated
FALSE	evaluated 51751 times by 1 test Evaluated by: libssl.so.1.1

0-51751

217

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,

-

218

ERR_R_INTERNAL_ERROR);

-

219

return -1;

never executed: return -1;

0

220

}

-

221

sslv2pkt = pkt;

-

222

if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)

!PACKET_get_ne...kt, &sslv2len)	Description
TRUE	never evaluated
FALSE	evaluated 51751 times by 1 test Evaluated by: libssl.so.1.1

0-51751

223

|| !PACKET_get_1(&sslv2pkt, &type)) {

!PACKET_get_1(...lv2pkt, &type)	Description
TRUE	never evaluated
FALSE	evaluated 51751 times by 1 test Evaluated by: libssl.so.1.1

0-51751

224

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,

-

225

ERR_R_INTERNAL_ERROR);

-

226

return -1;

never executed: return -1;

0

227

}

-

228

/*

-

229

* The first record received by the server may be a V2ClientHello.

-

230

*/

-

231

if (s->server && RECORD_LAYER_is_first_record(&s->rlayer)

s->server	Description
TRUE	evaluated 28754 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22997 times by 1 test Evaluated by: libssl.so.1.1

((&s->rlayer)-..._first_record)	Description
TRUE	evaluated 3452 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 25302 times by 1 test Evaluated by: libssl.so.1.1

3452-28754

232

&& (sslv2len & 0x8000) != 0

(sslv2len & 0x8000) != 0	Description
TRUE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3262 times by 1 test Evaluated by: libssl.so.1.1

190-3262

233

&& (type == SSL2_MT_CLIENT_HELLO)) {

(type == 1)	Description
TRUE	evaluated 189 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-189

234

/*

-

235

* SSLv2 style record

-

236

*

-

237

* |num_recs| here will actually always be 0 because

-

238

* |num_recs > 0| only ever occurs when we are processing

-

239

* multiple app data records - which we know isn't the case here

-

240

* because it is an SSLv2ClientHello. We keep it using

-

241

* |num_recs| for the sake of consistency

-

242

*/

-

243

thisrr->type = SSL3_RT_HANDSHAKE;

-

244

thisrr->rec_version = SSL2_VERSION;

-

245

-

246

thisrr->length = sslv2len & 0x7fff;

-

247

-

248

if (thisrr->length > SSL3_BUFFER_get_len(rbuf)

thisrr->length...buf)->len) - 2	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 188 times by 1 test Evaluated by: libssl.so.1.1

1-188

249

- SSL2_RT_HEADER_LENGTH) {

thisrr->length...buf)->len) - 2	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 188 times by 1 test Evaluated by: libssl.so.1.1

1-188

250

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,

-

251

SSL_R_PACKET_LENGTH_TOO_LONG);

-

252

return -1;

executed 1 time by 1 test: return -1;

Executed by:

libssl.so.1.1

1

253

}

-

254

-

255

if (thisrr->length < MIN_SSL2_RECORD_LEN) {

thisrr->length < 9	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 187 times by 1 test Evaluated by: libssl.so.1.1

1-187

256

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,

-

257

SSL_R_LENGTH_TOO_SHORT);

-

258

return -1;

executed 1 time by 1 test: return -1;

Executed by:

libssl.so.1.1

1

259

}

-

260

} else {

executed 187 times by 1 test: end of block

Executed by:

libssl.so.1.1

187

261

/* SSLv3+ style record */

-

262

if (s->msg_callback)

s->msg_callback	Description
TRUE	never evaluated
FALSE	evaluated 51562 times by 1 test Evaluated by: libssl.so.1.1

0-51562

263

s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,

never executed: s->msg_callback(0, 0, 0x100, p, 5, s, s->msg_callback_arg);

0

264

s->msg_callback_arg);

never executed: s->msg_callback(0, 0, 0x100, p, 5, s, s->msg_callback_arg);

0

265

-

266

/* Pull apart the header into the SSL3_RECORD */

-

267

if (!PACKET_get_1(&pkt, &type)

!PACKET_get_1(&pkt, &type)	Description
TRUE	never evaluated
FALSE	evaluated 51562 times by 1 test Evaluated by: libssl.so.1.1

0-51562

268

|| !PACKET_get_net_2(&pkt, &version)

!PACKET_get_ne...pkt, &version)	Description
TRUE	never evaluated
FALSE	evaluated 51562 times by 1 test Evaluated by: libssl.so.1.1

0-51562

269

|| !PACKET_get_net_2_len(&pkt, &thisrr->length)) {

!PACKET_get_ne...hisrr->length)	Description
TRUE	never evaluated
FALSE	evaluated 51562 times by 1 test Evaluated by: libssl.so.1.1

0-51562

270

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,

-

271

ERR_R_INTERNAL_ERROR);

-

272

return -1;

never executed: return -1;

0

273

}

-

274

thisrr->type = type;

-

275

thisrr->rec_version = version;

-

276

-

277

/*

-

278

* Lets check version. In TLSv1.3 we only check this field

-

279

* when encryption is occurring (see later check). For the

-

280

* ServerHello after an HRR we haven't actually selected TLSv1.3

-

281

* yet, but we still treat it as TLSv1.3, so we must check for

-

282

* that explicitly

-

283

*/

-

284

if (!s->first_packet && !SSL_IS_TLS13(s)

!s->first_packet	Description
TRUE	evaluated 39582 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11980 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 39582 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 23471 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16111 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 23209 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 262 times by 1 test Evaluated by: libssl.so.1.1

0-39582

285

&& s->hello_retry_request != SSL_HRR_PENDING

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 16111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 262 times by 1 test Evaluated by: libssl.so.1.1

262-16111

286

&& version != (unsigned int)s->version) {

version != (un...int)s->version	Description
TRUE	evaluated 60 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16051 times by 1 test Evaluated by: libssl.so.1.1

60-16051

287

if ((s->version & 0xFF00) == (version & 0xFF00)

(s->version & ...sion & 0xFF00)	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1

27-33

288

&& !s->enc_write_ctx && !s->write_hash) {

!s->enc_write_ctx	Description
TRUE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

!s->write_hash	Description
TRUE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-24

289

if (thisrr->type == SSL3_RT_ALERT) {

thisrr->type == 21	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-20

290

/*

-

291

* The record is using an incorrect version number,

-

292

* but what we've got appears to be an alert. We

-

293

* haven't read the body yet to check whether its a

-

294

* fatal or not - but chances are it is. We probably

-

295

* shouldn't send a fatal alert back. We'll just

-

296

* end.

-

297

*/

-

298

SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,

-

299

SSL_R_WRONG_VERSION_NUMBER);

-

300

return -1;

executed 20 times by 1 test: return -1;

Executed by:

libssl.so.1.1

20

301

}

-

302

/*

-

303

* Send back error using their minor version number :-)

-

304

*/

-

305

s->version = (unsigned short)version;

-

306

}

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

4

307

SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD,

-

308

SSL_R_WRONG_VERSION_NUMBER);

-

309

return -1;

executed 40 times by 1 test: return -1;

Executed by:

libssl.so.1.1

40

310

}

-

311

-

312

if ((version >> 8) != SSL3_VERSION_MAJOR) {

(version >> 8) != 0x03	Description
TRUE	evaluated 94 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 51408 times by 1 test Evaluated by: libssl.so.1.1

94-51408

313

if (RECORD_LAYER_is_first_record(&s->rlayer)) {

((&s->rlayer)-..._first_record)	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1

13-81

314

/* Go back to start of packet, look at the five bytes

-

315

* that we have. */

-

316

p = RECORD_LAYER_get_packet(&s->rlayer);

-

317

if (strncmp((char *)p, "GET ", 4) == 0 ||

never executed: __result = (((const unsigned char *) (const char *) ( (char *)p ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "GET " ))[3] - __s2[3]);

never executed: end of block

(__extension__..." , 4 ))) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( 4 )	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

__builtin_cons... ( (char *)p )	Description
TRUE	never evaluated
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

strlen ( (char...size_t) ( 4 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...t_p ( "GET " )	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

strlen ( "GET ...size_t) ( 4 ))	Description
TRUE	never evaluated
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-13

318

strncmp((char *)p, "POST ", 5) == 0 ||

never executed: __result = (((const unsigned char *) (const char *) ( (char *)p ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "POST " ))[3] - __s2[3]);

never executed: end of block

(__extension__..." , 5 ))) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( 5 )	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

__builtin_cons... ( (char *)p )	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

strlen ( (char...size_t) ( 5 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons..._p ( "POST " )	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

strlen ( "POST...size_t) ( 5 ))	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-11

319

strncmp((char *)p, "HEAD ", 5) == 0 ||

never executed: __result = (((const unsigned char *) (const char *) ( (char *)p ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "HEAD " ))[3] - __s2[3]);

never executed: end of block

(__extension__..." , 5 ))) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( 5 )	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

__builtin_cons... ( (char *)p )	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

strlen ( (char...size_t) ( 5 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons..._p ( "HEAD " )	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

strlen ( "HEAD...size_t) ( 5 ))	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-9

320

strncmp((char *)p, "PUT ", 4) == 0) {

never executed: __result = (((const unsigned char *) (const char *) ( (char *)p ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "PUT " ))[3] - __s2[3]);

never executed: end of block

(__extension__..." , 4 ))) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( 4 )	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

__builtin_cons... ( (char *)p )	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

strlen ( (char...size_t) ( 4 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...t_p ( "PUT " )	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

strlen ( "PUT ...size_t) ( 4 ))	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-7

321

SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,

-

322

SSL_R_HTTP_REQUEST);

-

323

return -1;

executed 8 times by 1 test: return -1;

Executed by:

libssl.so.1.1

8

324

} else if (strncmp((char *)p, "CONNE", 5) == 0) {

never executed: __result = (((const unsigned char *) (const char *) ( (char *)p ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "CONNE" ))[3] - __s2[3]);

never executed: end of block

(__extension__..." , 5 ))) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

__builtin_constant_p ( 5 )	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

__builtin_cons... ( (char *)p )	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

strlen ( (char...size_t) ( 5 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons..._p ( "CONNE" )	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

strlen ( "CONN...size_t) ( 5 ))	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-5

325

SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,

-

326

SSL_R_HTTPS_PROXY_REQUEST);

-

327

return -1;

executed 2 times by 1 test: return -1;

Executed by:

libssl.so.1.1

2

328

}

-

329

-

330

/* Doesn't look like TLS - don't send an alert */

-

331

SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,

-

332

SSL_R_WRONG_VERSION_NUMBER);

-

333

return -1;

executed 3 times by 1 test: return -1;

Executed by:

libssl.so.1.1

3

334

} else {

-

335

SSLfatal(s, SSL_AD_PROTOCOL_VERSION,

-

336

SSL_F_SSL3_GET_RECORD,

-

337

SSL_R_WRONG_VERSION_NUMBER);

-

338

return -1;

executed 81 times by 1 test: return -1;

Executed by:

libssl.so.1.1

81

339

}

-

340

}

-

341

-

342

if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 51408 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 35357 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16051 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 23135 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12222 times by 1 test Evaluated by: libssl.so.1.1

s->enc_read_ctx != ((void *)0)	Description
TRUE	evaluated 22537 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 598 times by 1 test Evaluated by: libssl.so.1.1

0-51408

343

if (thisrr->type != SSL3_RT_APPLICATION_DATA

thisrr->type != 23	Description
TRUE	evaluated 1157 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21380 times by 1 test Evaluated by: libssl.so.1.1

1157-21380

344

&& (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC

thisrr->type != 20	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1126 times by 1 test Evaluated by: libssl.so.1.1

31-1126

345

|| !SSL_IS_FIRST_HANDSHAKE(s))

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 572 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 554 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	evaluated 554 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-572

346

&& (thisrr->type != SSL3_RT_ALERT

thisrr->type != 21	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

6-25

347

|| s->statem.enc_read_state

s->statem.enc_...W_PLAIN_ALERTS	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

1-24

348

!= ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) {

s->statem.enc_...W_PLAIN_ALERTS	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

1-24

349

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,

-

350

SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);

-

351

return -1;

executed 7 times by 1 test: return -1;

Executed by:

libssl.so.1.1

7

352

}

-

353

if (thisrr->rec_version != TLS1_2_VERSION) {

thisrr->rec_version != 0x0303	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22523 times by 1 test Evaluated by: libssl.so.1.1

7-22523

354

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,

-

355

SSL_R_WRONG_VERSION_NUMBER);

-

356

return -1;

executed 7 times by 1 test: return -1;

Executed by:

libssl.so.1.1

7

357

}

-

358

}

executed 22523 times by 1 test: end of block

Executed by:

libssl.so.1.1

22523

359

-

360

if (thisrr->length >

thisrr->length...buf)->len) - 5	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 51392 times by 1 test Evaluated by: libssl.so.1.1

2-51392

361

SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {

thisrr->length...buf)->len) - 5	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 51392 times by 1 test Evaluated by: libssl.so.1.1

2-51392

362

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,

-

363

SSL_R_PACKET_LENGTH_TOO_LONG);

-

364

return -1;

executed 2 times by 1 test: return -1;

Executed by:

libssl.so.1.1

2

365

}

-

366

}

executed 51392 times by 1 test: end of block

Executed by:

libssl.so.1.1

51392

367

-

368

/* now s->rlayer.rstate == SSL_ST_READ_BODY */

-

369

}

-

370

-

371

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 56856 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 39895 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16961 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 26463 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13432 times by 1 test Evaluated by: libssl.so.1.1

0-56856

372

if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {

thisrr->length > (16384 + 256)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26460 times by 1 test Evaluated by: libssl.so.1.1

3-26460

373

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,

-

374

SSL_R_ENCRYPTED_LENGTH_TOO_LONG);

-

375

return -1;

executed 3 times by 1 test: return -1;

Executed by:

libssl.so.1.1

3

376

}

-

377

} else {

executed 26460 times by 1 test: end of block

Executed by:

libssl.so.1.1

26460

378

size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;

-

379

-

380

#ifndef OPENSSL_NO_COMP

-

381

/*

-

382

* If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH

-

383

* does not include the compression overhead anyway.

-

384

*/

-

385

if (s->expand == NULL)

s->expand == ((void *)0)	Description
TRUE	evaluated 30393 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-30393

386

len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;

executed 30393 times by 1 test: len -= 1024;

Executed by:

libssl.so.1.1

30393

387

#endif

-

388

-

389

if (thisrr->length > len) {

thisrr->length > len	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 30390 times by 1 test Evaluated by: libssl.so.1.1

3-30390

390

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,

-

391

SSL_R_ENCRYPTED_LENGTH_TOO_LONG);

-

392

return -1;

executed 3 times by 1 test: return -1;

Executed by:

libssl.so.1.1

3

393

}

-

394

}

executed 30390 times by 1 test: end of block

Executed by:

libssl.so.1.1

30390

395

-

396

/*

-

397

* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data.

-

398

* Calculate how much more data we need to read for the rest of the

-

399

* record

-

400

*/

-

401

if (thisrr->rec_version == SSL2_VERSION) {

thisrr->rec_version == 0x0002	Description
TRUE	evaluated 188 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 56662 times by 1 test Evaluated by: libssl.so.1.1

188-56662

402

more = thisrr->length + SSL2_RT_HEADER_LENGTH

-

403

- SSL3_RT_HEADER_LENGTH;

-

404

} else {

executed 188 times by 1 test: end of block

Executed by:

libssl.so.1.1

188

405

more = thisrr->length;

-

406

}

executed 56662 times by 1 test: end of block

Executed by:

libssl.so.1.1

56662

407

if (more > 0) {

more > 0	Description
TRUE	evaluated 55254 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1596 times by 1 test Evaluated by: libssl.so.1.1

1596-55254

408

/* now s->packet_length == SSL3_RT_HEADER_LENGTH */

-

409

-

410

rret = ssl3_read_n(s, more, more, 1, 0, &n);

-

411

if (rret <= 0)

rret <= 0	Description
TRUE	evaluated 5306 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 49948 times by 1 test Evaluated by: libssl.so.1.1

5306-49948

412

return rret; /* error or non-blocking io */

executed 5306 times by 1 test: return rret;

Executed by:

libssl.so.1.1

5306

413

}

executed 49948 times by 1 test: end of block

Executed by:

libssl.so.1.1

49948

414

-

415

/* set state for later operations */

-

416

RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);

-

417

-

418

/*

-

419

* At this point, s->packet_length == SSL3_RT_HEADER_LENGTH

-

420

* + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH

-

421

* + thisrr->length and we have that many bytes in s->packet

-

422

*/

-

423

if (thisrr->rec_version == SSL2_VERSION) {

thisrr->rec_version == 0x0002	Description
TRUE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 51358 times by 1 test Evaluated by: libssl.so.1.1

186-51358

424

thisrr->input =

-

425

&(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);

-

426

} else {

executed 186 times by 1 test: end of block

Executed by:

libssl.so.1.1

186

427

thisrr->input =

-

428

&(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]);

-

429

}

executed 51358 times by 1 test: end of block

Executed by:

libssl.so.1.1

51358

430

-

431

/*

-

432

* ok, we can now read from 's->packet' data into 'thisrr' thisrr->input

-

433

* points at thisrr->length bytes, which need to be copied into

-

434

* thisrr->data by either the decryption or by the decompression When

-

435

* the data is 'copied' into the thisrr->data buffer, thisrr->input will

-

436

* be pointed at the new buffer

-

437

*/

-

438

-

439

/*

-

440

* We now have - encrypted [ MAC [ compressed [ plain ] ] ]

-

441

* thisrr->length bytes of encrypted compressed stuff.

-

442

*/

-

443

-

444

/* decrypt in place in 'thisrr->input' */

-

445

thisrr->data = thisrr->input;

-

446

thisrr->orig_len = thisrr->length;

-

447

-

448

/* Mark this record as not read by upper layers yet */

-

449

thisrr->read = 0;

-

450

-

451

num_recs++;

-

452

-

453

/* we have pulled in a full packet so zero things */

-

454

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

455

RECORD_LAYER_clear_first_record(&s->rlayer);

-

456

} while (num_recs < max_recs

executed 51544 times by 1 test: end of block

Executed by:

libssl.so.1.1

num_recs < max_recs	Description
TRUE	never evaluated
FALSE	evaluated 51544 times by 1 test Evaluated by: libssl.so.1.1

0-51544

457

&& thisrr->type == SSL3_RT_APPLICATION_DATA

thisrr->type == 23	Description
TRUE	never evaluated
FALSE	never evaluated

0

458

&& SSL_USE_EXPLICIT_IV(s)

(s->method->ss...c_flags & 0x1)	Description
TRUE	never evaluated
FALSE	never evaluated

0

459

&& s->enc_read_ctx != NULL

s->enc_read_ctx != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

460

&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))

(EVP_CIPHER_fl...)) & 0X800000)	Description
TRUE	never evaluated
FALSE	never evaluated

0

461

& EVP_CIPH_FLAG_PIPELINE)

(EVP_CIPHER_fl...)) & 0X800000)	Description
TRUE	never evaluated
FALSE	never evaluated

0

462

&& ssl3_record_app_data_waiting(s));

ssl3_record_ap...ata_waiting(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0

463

-

464

if (num_recs == 1

num_recs == 1	Description
TRUE	evaluated 51544 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-51544

465

&& thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC

thisrr->type == 20	Description
TRUE	evaluated 3903 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 47641 times by 1 test Evaluated by: libssl.so.1.1

3903-47641

466

&& (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3903 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1674 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2229 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1221 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 453 times by 1 test Evaluated by: libssl.so.1.1

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 66 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2616 times by 1 test Evaluated by: libssl.so.1.1

0-3903

467

&& SSL_IS_FIRST_HANDSHAKE(s)) {

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 734 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 553 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	evaluated 553 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-734

468

/*

-

469

* CCS messages must be exactly 1 byte long, containing the value 0x01

-

470

*/

-

471

if (thisrr->length != 1 || thisrr->data[0] != 0x01) {

thisrr->length != 1	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1283 times by 1 test Evaluated by: libssl.so.1.1

thisrr->data[0] != 0x01	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1280 times by 1 test Evaluated by: libssl.so.1.1

3-1283

472

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_GET_RECORD,

-

473

SSL_R_INVALID_CCS_MESSAGE);

-

474

return -1;

executed 7 times by 1 test: return -1;

Executed by:

libssl.so.1.1

7

475

}

-

476

/*

-

477

* CCS messages are ignored in TLSv1.3. We treat it like an empty

-

478

* handshake record

-

479

*/

-

480

thisrr->type = SSL3_RT_HANDSHAKE;

-

481

RECORD_LAYER_inc_empty_record_count(&s->rlayer);

-

482

if (RECORD_LAYER_get_empty_record_count(&s->rlayer)

((&s->rlayer)-...rd_count) > 32	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1279 times by 1 test Evaluated by: libssl.so.1.1

1-1279

483

> MAX_EMPTY_RECORDS) {

((&s->rlayer)-...rd_count) > 32	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1279 times by 1 test Evaluated by: libssl.so.1.1

1-1279

484

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,

-

485

SSL_R_UNEXPECTED_CCS_MESSAGE);

-

486

return -1;

executed 1 time by 1 test: return -1;

Executed by:

libssl.so.1.1

1

487

}

-

488

thisrr->read = 1;

-

489

RECORD_LAYER_set_numrpipes(&s->rlayer, 1);

-

490

-

491

return 1;

executed 1279 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1279

492

}

-

493

-

494

/*

-

495

* If in encrypt-then-mac mode calculate mac from encrypted record. All

-

496

* the details below are public so no timing details can leak.

-

497

*/

-

498

if (SSL_READ_ETM(s) && s->read_hash) {

(s->s3->flags & 0x0100)	Description
TRUE	evaluated 4686 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 45571 times by 1 test Evaluated by: libssl.so.1.1

s->read_hash	Description
TRUE	evaluated 4686 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-45571

499

unsigned char *mac;

-

500

/* TODO(size_t): convert this to do size_t properly */

-

501

imac_size = EVP_MD_CTX_size(s->read_hash);

-

502

if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {

!((imac_size >...e <= 64) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 4686 times by 1 test Evaluated by: libssl.so.1.1

imac_size >= 0	Description
TRUE	evaluated 4686 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

imac_size <= 64	Description
TRUE	evaluated 4686 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4686

503

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,

-

504

ERR_LIB_EVP);

-

505

return -1;

never executed: return -1;

0

506

}

-

507

mac_size = (size_t)imac_size;

-

508

for (j = 0; j < num_recs; j++) {

j < num_recs	Description
TRUE	evaluated 4686 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4647 times by 1 test Evaluated by: libssl.so.1.1

4647-4686

509

thisrr = &rr[j];

-

510

-

511

if (thisrr->length < mac_size) {

thisrr->length < mac_size	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4684 times by 1 test Evaluated by: libssl.so.1.1

2-4684

512

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,

-

513

SSL_R_LENGTH_TOO_SHORT);

-

514

return -1;

executed 2 times by 1 test: return -1;

Executed by:

libssl.so.1.1

2

515

}

-

516

thisrr->length -= mac_size;

-

517

mac = thisrr->data + thisrr->length;

-

518

i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );

-

519

if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {

i == 0	Description
TRUE	never evaluated
FALSE	evaluated 4684 times by 1 test Evaluated by: libssl.so.1.1

CRYPTO_memcmp(...mac_size) != 0	Description
TRUE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4647 times by 1 test Evaluated by: libssl.so.1.1

0-4684

520

SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,

-

521

SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);

-

522

return -1;

executed 37 times by 1 test: return -1;

Executed by:

libssl.so.1.1

37

523

}

-

524

}

executed 4647 times by 1 test: end of block

Executed by:

libssl.so.1.1

4647

525

}

executed 4647 times by 1 test: end of block

Executed by:

libssl.so.1.1

4647

526

-

527

first_rec_len = rr[0].length;

-

528

-

529

enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0);

-

530

-

531

/*-

-

532

* enc_err is:

-

533

* 0: (in non-constant time) if the record is publicly invalid.

-

534

* 1: if the padding is valid

-

535

* -1: if the padding is invalid

-

536

*/

-

537

if (enc_err == 0) {

enc_err == 0	Description
TRUE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 50175 times by 1 test Evaluated by: libssl.so.1.1

43-50175

538

if (ossl_statem_in_error(s)) {

ossl_statem_in_error(s)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

539

/* SSLfatal() already got called */

-

540

return -1;

never executed: return -1;

0

541

}

-

542

if (num_recs == 1 && ossl_statem_skip_early_data(s)) {

num_recs == 1	Description
TRUE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

ossl_statem_skip_early_data(s)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

0-43

543

/*

-

544

* Valid early_data that we cannot decrypt might fail here as

-

545

* publicly invalid. We treat it like an empty record.

-

546

*/

-

547

-

548

thisrr = &rr[0];

-

549

-

550

if (!early_data_count_ok(s, thisrr->length,

!early_data_co...+ 1)) + 2), 0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

551

EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {

!early_data_co...+ 1)) + 2), 0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

552

/* SSLfatal() already called */

-

553

return -1;

never executed: return -1;

0

554

}

-

555

-

556

thisrr->length = 0;

-

557

thisrr->read = 1;

-

558

RECORD_LAYER_set_numrpipes(&s->rlayer, 1);

-

559

RECORD_LAYER_reset_read_sequence(&s->rlayer);

-

560

return 1;

executed 2 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2

561

}

-

562

SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,

-

563

SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);

-

564

return -1;

executed 41 times by 1 test: return -1;

Executed by:

libssl.so.1.1

41

565

}

-

566

#ifdef SSL_DEBUG

-

567

printf("dec %lu\n", (unsigned long)rr[0].length);

-

568

{

-

569

size_t z;

-

570

for (z = 0; z < rr[0].length; z++)

-

571

printf("%02X%c", rr[0].data[z], ((z + 1) % 16) ? ' ' : '\n');

-

572

}

-

573

printf("\n");

-

574

#endif

-

575

-

576

/* r->length is now the compressed data plus mac */

-

577

if ((sess != NULL) &&

(sess != ((void *)0) )	Description
TRUE	evaluated 43189 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6986 times by 1 test Evaluated by: libssl.so.1.1

6986-43189

578

(s->enc_read_ctx != NULL) &&

(s->enc_read_c... ((void *)0) )	Description
TRUE	evaluated 28442 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14747 times by 1 test Evaluated by: libssl.so.1.1

14747-28442

579

(!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {

!(s->s3->flags & 0x0100)	Description
TRUE	evaluated 23795 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4647 times by 1 test Evaluated by: libssl.so.1.1

EVP_MD_CTX_md(...!= ((void *)0)	Description
TRUE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23600 times by 1 test Evaluated by: libssl.so.1.1

195-23795

580

/* s->read_hash != NULL => mac_size != -1 */

-

581

unsigned char *mac = NULL;

-

582

unsigned char mac_tmp[EVP_MAX_MD_SIZE];

-

583

-

584

mac_size = EVP_MD_CTX_size(s->read_hash);

-

585

if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {

!((mac_size <= 64) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1

0-195

586

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,

-

587

ERR_R_INTERNAL_ERROR);

-

588

return -1;

never executed: return -1;

0

589

}

-

590

-

591

for (j = 0; j < num_recs; j++) {

j < num_recs	Description
TRUE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1

195

592

thisrr = &rr[j];

-

593

/*

-

594

* orig_len is the length of the record before any padding was

-

595

* removed. This is public information, as is the MAC in use,

-

596

* therefore we can safely process the record in a different amount

-

597

* of time if it's too short to possibly contain a MAC.

-

598

*/

-

599

if (thisrr->orig_len < mac_size ||

thisrr->orig_len < mac_size	Description
TRUE	never evaluated
FALSE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1

0-195

600

/* CBC records must have a padding length byte too. */

-

601

(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

(EVP_CIPHER_fl...xF0007) == 0x2	Description
TRUE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

15-180

602

thisrr->orig_len < mac_size + 1)) {

thisrr->orig_l...< mac_size + 1	Description
TRUE	never evaluated
FALSE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1

0-180

603

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,

-

604

SSL_R_LENGTH_TOO_SHORT);

-

605

return -1;

never executed: return -1;

0

606

}

-

607

-

608

if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {

(EVP_CIPHER_fl...xF0007) == 0x2	Description
TRUE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

15-180

609

/*

-

610

* We update the length so that the TLS header bytes can be

-

611

* constructed correctly but we need to extract the MAC in

-

612

* constant time from within the record, without leaking the

-

613

* contents of the padding bytes.

-

614

*/

-

615

mac = mac_tmp;

-

616

if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) {

!ssl3_cbc_copy...srr, mac_size)	Description
TRUE	never evaluated
FALSE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1

0-180

617

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,

-

618

ERR_R_INTERNAL_ERROR);

-

619

return -1;

never executed: return -1;

0

620

}

-

621

thisrr->length -= mac_size;

-

622

} else {

executed 180 times by 1 test: end of block

Executed by:

libssl.so.1.1

180

623

/*

-

624

* In this case there's no padding, so |rec->orig_len| equals

-

625

* |rec->length| and we checked that there's enough bytes for

-

626

* |mac_size| above.

-

627

*/

-

628

thisrr->length -= mac_size;

-

629

mac = &thisrr->data[thisrr->length];

-

630

}

executed 15 times by 1 test: end of block

Executed by:

libssl.so.1.1

15

631

-

632

i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );

-

633

if (i == 0 || mac == NULL

i == 0	Description
TRUE	never evaluated
FALSE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1

mac == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1

0-195

634

|| CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)

CRYPTO_memcmp(...mac_size) != 0	Description
TRUE	evaluated 125 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 70 times by 1 test Evaluated by: libssl.so.1.1

70-125

635

enc_err = -1;

executed 125 times by 1 test: enc_err = -1;

Executed by:

libssl.so.1.1

125

636

if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)

thisrr->length...24) + mac_size	Description
TRUE	never evaluated
FALSE	evaluated 195 times by 1 test Evaluated by: libssl.so.1.1

0-195

637

enc_err = -1;

never executed: enc_err = -1;

0

638

}

executed 195 times by 1 test: end of block

Executed by:

libssl.so.1.1

195

639

}

executed 195 times by 1 test: end of block

Executed by:

libssl.so.1.1

195

640

-

641

if (enc_err < 0) {

enc_err < 0	Description
TRUE	evaluated 10883 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 39292 times by 1 test Evaluated by: libssl.so.1.1

10883-39292

642

if (ossl_statem_in_error(s)) {

ossl_statem_in_error(s)	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10870 times by 1 test Evaluated by: libssl.so.1.1

13-10870

643

/* We already called SSLfatal() */

-

644

return -1;

executed 13 times by 1 test: return -1;

Executed by:

libssl.so.1.1

13

645

}

-

646

if (num_recs == 1 && ossl_statem_skip_early_data(s)) {

num_recs == 1	Description
TRUE	evaluated 10870 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

ossl_statem_skip_early_data(s)	Description
TRUE	evaluated 10573 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 297 times by 1 test Evaluated by: libssl.so.1.1

0-10870

647

/*

-

648

* We assume this is unreadable early_data - we treat it like an

-

649

* empty record

-

650

*/

-

651

-

652

/*

-

653

* The record length may have been modified by the mac check above

-

654

* so we use the previously saved value

-

655

*/

-

656

if (!early_data_count_ok(s, first_rec_len,

!early_data_co...+ 1)) + 2), 0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10569 times by 1 test Evaluated by: libssl.so.1.1

4-10569

657

EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {

!early_data_co...+ 1)) + 2), 0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10569 times by 1 test Evaluated by: libssl.so.1.1

4-10569

658

/* SSLfatal() already called */

-

659

return -1;

executed 4 times by 1 test: return -1;

Executed by:

libssl.so.1.1

4

660

}

-

661

-

662

thisrr = &rr[0];

-

663

thisrr->length = 0;

-

664

thisrr->read = 1;

-

665

RECORD_LAYER_set_numrpipes(&s->rlayer, 1);

-

666

RECORD_LAYER_reset_read_sequence(&s->rlayer);

-

667

return 1;

executed 10569 times by 1 test: return 1;

Executed by:

libssl.so.1.1

10569

668

}

-

669

/*

-

670

* A separate 'decryption_failed' alert was introduced with TLS 1.0,

-

671

* SSL 3.0 only has 'bad_record_mac'. But unless a decryption

-

672

* failure is directly visible from the ciphertext anyway, we should

-

673

* not reveal which kind of error occurred -- this might become

-

674

* visible to an attacker (e.g. via a logfile)

-

675

*/

-

676

SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,

-

677

SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);

-

678

return -1;

executed 297 times by 1 test: return -1;

Executed by:

libssl.so.1.1

297

679

}

-

680

-

681

for (j = 0; j < num_recs; j++) {

j < num_recs	Description
TRUE	evaluated 39292 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 39283 times by 1 test Evaluated by: libssl.so.1.1

39283-39292

682

thisrr = &rr[j];

-

683

-

684

/* thisrr->length is now just compressed */

-

685

if (s->expand != NULL) {

s->expand != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 39292 times by 1 test Evaluated by: libssl.so.1.1

0-39292

686

if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {

thisrr->length > (16384 +1024)	Description
TRUE	never evaluated
FALSE	never evaluated

0

687

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,

-

688

SSL_R_COMPRESSED_LENGTH_TOO_LONG);

-

689

return -1;

never executed: return -1;

0

690

}

-

691

if (!ssl3_do_uncompress(s, thisrr)) {

!ssl3_do_uncompress(s, thisrr)	Description
TRUE	never evaluated
FALSE	never evaluated

0

692

SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_SSL3_GET_RECORD,

-

693

SSL_R_BAD_DECOMPRESSION);

-

694

return -1;

never executed: return -1;

0

695

}

-

696

}

never executed: end of block

0

697

-

698

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 39292 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 23612 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15680 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 11280 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12332 times by 1 test Evaluated by: libssl.so.1.1

0-39292

699

&& s->enc_read_ctx != NULL

s->enc_read_ctx != ((void *)0)	Description
TRUE	evaluated 10779 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 501 times by 1 test Evaluated by: libssl.so.1.1

501-10779

700

&& thisrr->type != SSL3_RT_ALERT) {

thisrr->type != 21	Description
TRUE	evaluated 10756 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

23-10756

701

size_t end;

-

702

-

703

if (thisrr->length == 0

thisrr->length == 0	Description
TRUE	never evaluated
FALSE	evaluated 10756 times by 1 test Evaluated by: libssl.so.1.1

0-10756

704

|| thisrr->type != SSL3_RT_APPLICATION_DATA) {

thisrr->type != 23	Description
TRUE	never evaluated
FALSE	evaluated 10756 times by 1 test Evaluated by: libssl.so.1.1

0-10756

705

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,

-

706

SSL_R_BAD_RECORD_TYPE);

-

707

return -1;

never executed: return -1;

0

708

}

-

709

-

710

/* Strip trailing padding */

-

711

for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;

end > 0	Description
TRUE	evaluated 11105 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

thisrr->data[end] == 0	Description
TRUE	evaluated 349 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10756 times by 1 test Evaluated by: libssl.so.1.1

0-11105

712

end--)

-

713

continue;

executed 349 times by 1 test: continue;

Executed by:

libssl.so.1.1

349

714

-

715

thisrr->length = end;

-

716

thisrr->type = thisrr->data[end];

-

717

if (thisrr->type != SSL3_RT_APPLICATION_DATA

thisrr->type != 23	Description
TRUE	evaluated 4720 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6036 times by 1 test Evaluated by: libssl.so.1.1

4720-6036

718

&& thisrr->type != SSL3_RT_ALERT

thisrr->type != 21	Description
TRUE	evaluated 4118 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 602 times by 1 test Evaluated by: libssl.so.1.1

602-4118

719

&& thisrr->type != SSL3_RT_HANDSHAKE) {

thisrr->type != 22	Description
TRUE	never evaluated
FALSE	evaluated 4118 times by 1 test Evaluated by: libssl.so.1.1

0-4118

720

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,

-

721

SSL_R_BAD_RECORD_TYPE);

-

722

return -1;

never executed: return -1;

0

723

}

-

724

if (s->msg_callback)

s->msg_callback	Description
TRUE	never evaluated
FALSE	evaluated 10756 times by 1 test Evaluated by: libssl.so.1.1

0-10756

725

s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,

never executed: s->msg_callback(0, s->version, 0x101, &thisrr->data[end], 1, s, s->msg_callback_arg);

0

726

&thisrr->data[end], 1, s, s->msg_callback_arg);

never executed: s->msg_callback(0, s->version, 0x101, &thisrr->data[end], 1, s, s->msg_callback_arg);

0

727

}

executed 10756 times by 1 test: end of block

Executed by:

libssl.so.1.1

10756

728

-

729

/*

-

730

* TLSv1.3 alert and handshake records are required to be non-zero in

-

731

* length.

-

732

*/

-

733

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 39292 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 23612 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15680 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 11280 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12332 times by 1 test Evaluated by: libssl.so.1.1

0-39292

734

&& (thisrr->type == SSL3_RT_HANDSHAKE

thisrr->type == 22	Description
TRUE	evaluated 4395 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6885 times by 1 test Evaluated by: libssl.so.1.1

4395-6885

735

|| thisrr->type == SSL3_RT_ALERT)

thisrr->type == 21	Description
TRUE	evaluated 633 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6252 times by 1 test Evaluated by: libssl.so.1.1

633-6252

736

&& thisrr->length == 0) {

thisrr->length == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5026 times by 1 test Evaluated by: libssl.so.1.1

2-5026

737

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,

-

738

SSL_R_BAD_LENGTH);

-

739

return -1;

executed 2 times by 1 test: return -1;

Executed by:

libssl.so.1.1

2

740

}

-

741

-

742

if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {

thisrr->length > 16384	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 39287 times by 1 test Evaluated by: libssl.so.1.1

3-39287

743

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,

-

744

SSL_R_DATA_LENGTH_TOO_LONG);

-

745

return -1;

executed 3 times by 1 test: return -1;

Executed by:

libssl.so.1.1

3

746

}

-

747

-

748

/* If received packet overflows current Max Fragment Length setting */

-

749

if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)

s->session != ((void *)0)	Description
TRUE	evaluated 32305 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6982 times by 1 test Evaluated by: libssl.so.1.1

((s->session->...en_mode) >= 1)	Description
TRUE	evaluated 152 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32153 times by 1 test Evaluated by: libssl.so.1.1

((s->session->...en_mode) <= 4)	Description
TRUE	evaluated 152 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-32305

750

&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {

thisrr->length...len_mode - 1))	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 151 times by 1 test Evaluated by: libssl.so.1.1

1-151

751

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,

-

752

SSL_R_DATA_LENGTH_TOO_LONG);

-

753

return -1;

executed 1 time by 1 test: return -1;

Executed by:

libssl.so.1.1

1

754

}

-

755

-

756

thisrr->off = 0;

-

757

/*-

-

758

* So at this point the following is true

-

759

* thisrr->type is the type of record

-

760

* thisrr->length == number of bytes in record

-

761

* thisrr->off == offset to first valid byte

-

762

* thisrr->data == where to take bytes from, increment after use :-).

-

763

*/

-

764

-

765

/* just read a 0 length packet */

-

766

if (thisrr->length == 0) {

thisrr->length == 0	Description
TRUE	evaluated 1929 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 37357 times by 1 test Evaluated by: libssl.so.1.1

1929-37357

767

RECORD_LAYER_inc_empty_record_count(&s->rlayer);

-

768

if (RECORD_LAYER_get_empty_record_count(&s->rlayer)

((&s->rlayer)-...rd_count) > 32	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1926 times by 1 test Evaluated by: libssl.so.1.1

3-1926

769

> MAX_EMPTY_RECORDS) {

((&s->rlayer)-...rd_count) > 32	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1926 times by 1 test Evaluated by: libssl.so.1.1

3-1926

770

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,

-

771

SSL_R_RECORD_TOO_SMALL);

-

772

return -1;

executed 3 times by 1 test: return -1;

Executed by:

libssl.so.1.1

3

773

}

-

774

} else {

executed 1926 times by 1 test: end of block

Executed by:

libssl.so.1.1

1926

775

RECORD_LAYER_reset_empty_record_count(&s->rlayer);

-

776

}

executed 37357 times by 1 test: end of block

Executed by:

libssl.so.1.1

37357

777

}

-

778

-

779

if (s->early_data_state == SSL_EARLY_DATA_READING) {

s->early_data_...Y_DATA_READING	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 39252 times by 1 test Evaluated by: libssl.so.1.1

31-39252

780

thisrr = &rr[0];

-

781

if (thisrr->type == SSL3_RT_APPLICATION_DATA

thisrr->type == 23	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

10-21

782

&& !early_data_count_ok(s, thisrr->length, 0, 0)) {

!early_data_co...>length, 0, 0)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

783

/* SSLfatal already called */

-

784

return -1;

never executed: return -1;

0

785

}

-

786

}

executed 31 times by 1 test: end of block

Executed by:

libssl.so.1.1

31

787

-

788

RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);

-

789

return 1;

executed 39283 times by 1 test: return 1;

Executed by:

libssl.so.1.1

39283

790

}

-

791

-

792

int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)

-

793

{

-

794

#ifndef OPENSSL_NO_COMP

-

795

int i;

-

796

-

797

if (rr->comp == NULL) {

rr->comp == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

798

rr->comp = (unsigned char *)

-

799

OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);

-

800

}

never executed: end of block

0

801

if (rr->comp == NULL)

rr->comp == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

802

return 0;

never executed: return 0;

0

803

-

804

/* TODO(size_t): Convert this call */

-

805

i = COMP_expand_block(ssl->expand, rr->comp,

-

806

SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);

-

807

if (i < 0)

i < 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

808

return 0;

never executed: return 0;

0

809

else

-

810

rr->length = i;

never executed: rr->length = i;

0

811

rr->data = rr->comp;

-

812

#endif

-

813

return 1;

never executed: return 1;

0

814

}

-

815

-

816

int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)

-

817

{

-

818

#ifndef OPENSSL_NO_COMP

-

819

int i;

-

820

-

821

/* TODO(size_t): Convert this call */

-

822

i = COMP_compress_block(ssl->compress, wr->data,

-

823

(int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),

-

824

wr->input, (int)wr->length);

-

825

if (i < 0)

i < 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

826

return 0;

never executed: return 0;

0

827

else

-

828

wr->length = i;

never executed: wr->length = i;

0

829

-

830

wr->input = wr->data;

-

831

#endif

-

832

return 1;

never executed: return 1;

0

833

}

-

834

-

835

/*-

-

836

* ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|. Will call

-

837

* SSLfatal() for internal errors, but not otherwise.

-

838

*

-

839

* Returns:

-

840

* 0: (in non-constant time) if the record is publically invalid (i.e. too

-

841

* short etc).

-

842

* 1: if the record's padding is valid / the encryption was successful.

-

843

* -1: if the record's padding is invalid or, if sending, an internal error

-

844

* occurred.

-

845

*/

-

846

int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)

-

847

{

-

848

SSL3_RECORD *rec;

-

849

EVP_CIPHER_CTX *ds;

-

850

size_t l, i;

-

851

size_t bs, mac_size = 0;

-

852

int imac_size;

-

853

const EVP_CIPHER *enc;

-

854

-

855

rec = inrecs;

-

856

/*

-

857

* We shouldn't ever be called with more than one record in the SSLv3 case

-

858

*/

-

859

if (n_recs != 1)

n_recs != 1	Description
TRUE	never evaluated
FALSE	never evaluated

0

860

return 0;

never executed: return 0;

0

861

if (sending) {

sending	Description
TRUE	never evaluated
FALSE	never evaluated

0

862

ds = s->enc_write_ctx;

-

863

if (s->enc_write_ctx == NULL)

s->enc_write_c...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

864

enc = NULL;

never executed: enc = ((void *)0) ;

0

865

else

-

866

enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);

never executed: enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);

0

867

} else {

-

868

ds = s->enc_read_ctx;

-

869

if (s->enc_read_ctx == NULL)

s->enc_read_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

870

enc = NULL;

never executed: enc = ((void *)0) ;

0

871

else

-

872

enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

never executed: enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

0

873

}

-

874

-

875

if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {

(s->session == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

(ds == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

(enc == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

0

876

memmove(rec->data, rec->input, rec->length);

-

877

rec->input = rec->data;

-

878

} else {

never executed: end of block

0

879

l = rec->length;

-

880

/* TODO(size_t): Convert this call */

-

881

bs = EVP_CIPHER_CTX_block_size(ds);

-

882

-

883

/* COMPRESS */

-

884

-

885

if ((bs != 1) && sending) {

(bs != 1)	Description
TRUE	never evaluated
FALSE	never evaluated

sending	Description
TRUE	never evaluated
FALSE	never evaluated

0

886

i = bs - (l % bs);

-

887

-

888

/* we need to add 'i-1' padding bytes */

-

889

l += i;

-

890

/*

-

891

* the last of these zero bytes will be overwritten with the

-

892

* padding length.

-

893

*/

-

894

memset(&rec->input[rec->length], 0, i);

-

895

rec->length += i;

-

896

rec->input[l - 1] = (unsigned char)(i - 1);

-

897

}

never executed: end of block

0

898

-

899

if (!sending) {

!sending	Description
TRUE	never evaluated
FALSE	never evaluated

0

900

if (l == 0 || l % bs != 0)

l == 0	Description
TRUE	never evaluated
FALSE	never evaluated

l % bs != 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

901

return 0;

never executed: return 0;

0

902

/* otherwise, rec->length >= bs */

-

903

}

never executed: end of block

0

904

-

905

/* TODO(size_t): Convert this call */

-

906

if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1)

EVP_Cipher(ds,...ned int)l) < 1	Description
TRUE	never evaluated
FALSE	never evaluated

0

907

return -1;

never executed: return -1;

0

908

-

909

if (EVP_MD_CTX_md(s->read_hash) != NULL) {

EVP_MD_CTX_md(...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

910

/* TODO(size_t): convert me */

-

911

imac_size = EVP_MD_CTX_size(s->read_hash);

-

912

if (imac_size < 0) {

imac_size < 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

913

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_ENC,

-

914

ERR_R_INTERNAL_ERROR);

-

915

return -1;

never executed: return -1;

0

916

}

-

917

mac_size = (size_t)imac_size;

-

918

}

never executed: end of block

0

919

if ((bs != 1) && !sending)

(bs != 1)	Description
TRUE	never evaluated
FALSE	never evaluated

!sending	Description
TRUE	never evaluated
FALSE	never evaluated

0

920

return ssl3_cbc_remove_padding(rec, bs, mac_size);

never executed: return ssl3_cbc_remove_padding(rec, bs, mac_size);

0

921

}

never executed: end of block

0

922

return 1;

never executed: return 1;

0

923

}

-

924

-

925

#define MAX_PADDING 256

-

926

/*-

-

927

* tls1_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for

-

928

* internal errors, but not otherwise.

-

929

*

-

930

* Returns:

-

931

* 0: (in non-constant time) if the record is publically invalid (i.e. too

-

932

* short etc).

-

933

* 1: if the record's padding is valid / the encryption was successful.

-

934

* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,

-

935

* an internal error occurred.

-

936

*/

-

937

int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)

-

938

{

-

939

EVP_CIPHER_CTX *ds;

-

940

size_t reclen[SSL_MAX_PIPELINES];

-

941

unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];

-

942

int i, pad = 0, ret, tmpr;

-

943

size_t bs, mac_size = 0, ctr, padnum, loop;

-

944

unsigned char padval;

-

945

int imac_size;

-

946

const EVP_CIPHER *enc;

-

947

-

948

if (n_recs == 0) {

n_recs == 0	Description
TRUE	never evaluated
FALSE	evaluated 62064 times by 1 test Evaluated by: libssl.so.1.1

0-62064

949

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

950

ERR_R_INTERNAL_ERROR);

-

951

return 0;

never executed: return 0;

0

952

}

-

953

-

954

if (sending) {

sending	Description
TRUE	evaluated 30320 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 31744 times by 1 test Evaluated by: libssl.so.1.1

30320-31744

955

if (EVP_MD_CTX_md(s->write_hash)) {

EVP_MD_CTX_md(s->write_hash)	Description
TRUE	evaluated 6387 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23933 times by 1 test Evaluated by: libssl.so.1.1

6387-23933

956

int n = EVP_MD_CTX_size(s->write_hash);

-

957

if (!ossl_assert(n >= 0)) {

!((n >= 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 6387 times by 1 test Evaluated by: libssl.so.1.1

0-6387

958

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

959

ERR_R_INTERNAL_ERROR);

-

960

return -1;

never executed: return -1;

0

961

}

-

962

}

executed 6387 times by 1 test: end of block

Executed by:

libssl.so.1.1

6387

963

ds = s->enc_write_ctx;

-

964

if (s->enc_write_ctx == NULL)

s->enc_write_c...== ((void *)0)	Description
TRUE	evaluated 20672 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9648 times by 1 test Evaluated by: libssl.so.1.1

9648-20672

965

enc = NULL;

executed 20672 times by 1 test: enc = ((void *)0) ;

Executed by:

libssl.so.1.1

20672

966

else {

-

967

int ivlen;

-

968

enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);

-

969

/* For TLSv1.1 and later explicit IV */

-

970

if (SSL_USE_EXPLICIT_IV(s)

(s->method->ss...c_flags & 0x1)	Description
TRUE	evaluated 8097 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1551 times by 1 test Evaluated by: libssl.so.1.1

1551-8097

971

&& EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)

(EVP_CIPHER_fl...xF0007) == 0x2	Description
TRUE	evaluated 4611 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3486 times by 1 test Evaluated by: libssl.so.1.1

3486-4611

972

ivlen = EVP_CIPHER_iv_length(enc);

executed 4611 times by 1 test: ivlen = EVP_CIPHER_iv_length(enc);

Executed by:

libssl.so.1.1

4611

973

else

-

974

ivlen = 0;

executed 5037 times by 1 test: ivlen = 0;

Executed by:

libssl.so.1.1

5037

975

if (ivlen > 1) {

ivlen > 1	Description
TRUE	evaluated 4611 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5037 times by 1 test Evaluated by: libssl.so.1.1

4611-5037

976

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	evaluated 4611 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4611 times by 1 test Evaluated by: libssl.so.1.1

4611

977

if (recs[ctr].data != recs[ctr].input) {

recs[ctr].data...ecs[ctr].input	Description
TRUE	never evaluated
FALSE	evaluated 4611 times by 1 test Evaluated by: libssl.so.1.1

0-4611

978

/*

-

979

* we can't write into the input stream: Can this ever

-

980

* happen?? (steve)

-

981

*/

-

982

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

983

ERR_R_INTERNAL_ERROR);

-

984

return -1;

never executed: return -1;

0

985

} else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {

RAND_bytes(rec...t, ivlen) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 4611 times by 1 test Evaluated by: libssl.so.1.1

0-4611

986

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

987

ERR_R_INTERNAL_ERROR);

-

988

return -1;

never executed: return -1;

0

989

}

-

990

}

executed 4611 times by 1 test: end of block

Executed by:

libssl.so.1.1

4611

991

}

executed 4611 times by 1 test: end of block

Executed by:

libssl.so.1.1

4611

992

}

executed 9648 times by 1 test: end of block

Executed by:

libssl.so.1.1

9648

993

} else {

-

994

if (EVP_MD_CTX_md(s->read_hash)) {

EVP_MD_CTX_md(s->read_hash)	Description
TRUE	evaluated 5233 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26511 times by 1 test Evaluated by: libssl.so.1.1

5233-26511

995

int n = EVP_MD_CTX_size(s->read_hash);

-

996

if (!ossl_assert(n >= 0)) {

!((n >= 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 5233 times by 1 test Evaluated by: libssl.so.1.1

0-5233

997

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

998

ERR_R_INTERNAL_ERROR);

-

999

return -1;

never executed: return -1;

0

1000

}

-

1001

}

executed 5233 times by 1 test: end of block

Executed by:

libssl.so.1.1

5233

1002

ds = s->enc_read_ctx;

-

1003

if (s->enc_read_ctx == NULL)

s->enc_read_ctx == ((void *)0)	Description
TRUE	evaluated 23670 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8074 times by 1 test Evaluated by: libssl.so.1.1

8074-23670

1004

enc = NULL;

executed 23670 times by 1 test: enc = ((void *)0) ;

Executed by:

libssl.so.1.1

23670

1005

else

-

1006

enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

executed 8074 times by 1 test: enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

Executed by:

libssl.so.1.1

8074

1007

}

-

1008

-

1009

if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {

(s->session == ((void *)0) )	Description
TRUE	evaluated 7365 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 54699 times by 1 test Evaluated by: libssl.so.1.1

(ds == ((void *)0) )	Description
TRUE	evaluated 36977 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17722 times by 1 test Evaluated by: libssl.so.1.1

(enc == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 17722 times by 1 test Evaluated by: libssl.so.1.1

0-54699

1010

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	evaluated 44342 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 44342 times by 1 test Evaluated by: libssl.so.1.1

44342

1011

memmove(recs[ctr].data, recs[ctr].input, recs[ctr].length);

-

1012

recs[ctr].input = recs[ctr].data;

-

1013

}

executed 44342 times by 1 test: end of block

Executed by:

libssl.so.1.1

44342

1014

ret = 1;

-

1015

} else {

executed 44342 times by 1 test: end of block

Executed by:

libssl.so.1.1

44342

1016

bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));

-

1017

-

1018

if (n_recs > 1) {

n_recs > 1	Description
TRUE	never evaluated
FALSE	evaluated 17722 times by 1 test Evaluated by: libssl.so.1.1

0-17722

1019

if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))

!(EVP_CIPHER_f...)) & 0X800000)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1020

& EVP_CIPH_FLAG_PIPELINE)) {

!(EVP_CIPHER_f...)) & 0X800000)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1021

/*

-

1022

* We shouldn't have been called with pipeline data if the

-

1023

* cipher doesn't support pipelining

-

1024

*/

-

1025

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

1026

SSL_R_PIPELINE_FAILURE);

-

1027

return -1;

never executed: return -1;

0

1028

}

-

1029

}

never executed: end of block

0

1030

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	evaluated 17722 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17705 times by 1 test Evaluated by: libssl.so.1.1

17705-17722

1031

reclen[ctr] = recs[ctr].length;

-

1032

-

1033

if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))

EVP_CIPHER_fla...s)) & 0x200000	Description
TRUE	evaluated 6102 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11620 times by 1 test Evaluated by: libssl.so.1.1

6102-11620

1034

& EVP_CIPH_FLAG_AEAD_CIPHER) {

EVP_CIPHER_fla...s)) & 0x200000	Description
TRUE	evaluated 6102 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11620 times by 1 test Evaluated by: libssl.so.1.1

6102-11620

1035

unsigned char *seq;

-

1036

-

1037

seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)

sending	Description
TRUE	evaluated 3261 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2841 times by 1 test Evaluated by: libssl.so.1.1

2841-3261

1038

: RECORD_LAYER_get_read_sequence(&s->rlayer);

-

1039

-

1040

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 1532 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4570 times by 1 test Evaluated by: libssl.so.1.1

1532-4570

1041

/* DTLS does not support pipelining */

-

1042

unsigned char dtlsseq[9], *p = dtlsseq;

-

1043

-

1044

s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :

-

1045

DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);

-

1046

memcpy(p, &seq[2], 6);

-

1047

memcpy(buf[ctr], dtlsseq, 8);

-

1048

} else {

executed 1532 times by 1 test: end of block

Executed by:

libssl.so.1.1

1532

1049

memcpy(buf[ctr], seq, 8);

-

1050

for (i = 7; i >= 0; i--) { /* increment */

i >= 0	Description
TRUE	evaluated 4570 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4570

1051

++seq[i];

-

1052

if (seq[i] != 0)

seq[i] != 0	Description
TRUE	evaluated 4570 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4570

1053

break;

executed 4570 times by 1 test: break;

Executed by:

libssl.so.1.1

4570

1054

}

never executed: end of block

0

1055

}

executed 4570 times by 1 test: end of block

Executed by:

libssl.so.1.1

4570

1056

-

1057

buf[ctr][8] = recs[ctr].type;

-

1058

buf[ctr][9] = (unsigned char)(s->version >> 8);

-

1059

buf[ctr][10] = (unsigned char)(s->version);

-

1060

buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8);

-

1061

buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff);

-

1062

pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,

-

1063

EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);

-

1064

if (pad <= 0) {

pad <= 0	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6089 times by 1 test Evaluated by: libssl.so.1.1

13-6089

1065

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

1066

ERR_R_INTERNAL_ERROR);

-

1067

return -1;

executed 13 times by 1 test: return -1;

Executed by:

libssl.so.1.1

13

1068

}

-

1069

-

1070

if (sending) {

sending	Description
TRUE	evaluated 3261 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2828 times by 1 test Evaluated by: libssl.so.1.1

2828-3261

1071

reclen[ctr] += pad;

-

1072

recs[ctr].length += pad;

-

1073

}

executed 3261 times by 1 test: end of block

Executed by:

libssl.so.1.1

3261

1074

-

1075

} else if ((bs != 1) && sending) {

executed 6089 times by 1 test: end of block

Executed by:

libssl.so.1.1

(bs != 1)	Description
TRUE	evaluated 11345 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 275 times by 1 test Evaluated by: libssl.so.1.1

sending	Description
TRUE	evaluated 6146 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5199 times by 1 test Evaluated by: libssl.so.1.1

275-11345

1076

padnum = bs - (reclen[ctr] % bs);

-

1077

-

1078

/* Add weird padding of upto 256 bytes */

-

1079

-

1080

if (padnum > MAX_PADDING) {

padnum > 256	Description
TRUE	never evaluated
FALSE	evaluated 6146 times by 1 test Evaluated by: libssl.so.1.1

0-6146

1081

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

1082

ERR_R_INTERNAL_ERROR);

-

1083

return -1;

never executed: return -1;

0

1084

}

-

1085

/* we need to add 'padnum' padding bytes of value padval */

-

1086

padval = (unsigned char)(padnum - 1);

-

1087

for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++)

loop < reclen[ctr] + padnum	Description
TRUE	evaluated 81489 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6146 times by 1 test Evaluated by: libssl.so.1.1

6146-81489

1088

recs[ctr].input[loop] = padval;

executed 81489 times by 1 test: recs[ctr].input[loop] = padval;

Executed by:

libssl.so.1.1

81489

1089

reclen[ctr] += padnum;

-

1090

recs[ctr].length += padnum;

-

1091

}

executed 6146 times by 1 test: end of block

Executed by:

libssl.so.1.1

6146

1092

-

1093

if (!sending) {

!sending	Description
TRUE	evaluated 8061 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9648 times by 1 test Evaluated by: libssl.so.1.1

8061-9648

1094

if (reclen[ctr] == 0 || reclen[ctr] % bs != 0)

reclen[ctr] == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8060 times by 1 test Evaluated by: libssl.so.1.1

reclen[ctr] % bs != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8057 times by 1 test Evaluated by: libssl.so.1.1

1-8060

1095

return 0;

executed 4 times by 1 test: return 0;

Executed by:

libssl.so.1.1

4

1096

}

executed 8057 times by 1 test: end of block

Executed by:

libssl.so.1.1

8057

1097

}

executed 17705 times by 1 test: end of block

Executed by:

libssl.so.1.1

17705

1098

if (n_recs > 1) {

n_recs > 1	Description
TRUE	never evaluated
FALSE	evaluated 17705 times by 1 test Evaluated by: libssl.so.1.1

0-17705

1099

unsigned char *data[SSL_MAX_PIPELINES];

-

1100

-

1101

/* Set the output buffers */

-

1102

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	never evaluated
FALSE	never evaluated

0

1103

data[ctr] = recs[ctr].data;

-

1104

}

never executed: end of block

0

1105

if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,

EVP_CIPHER_CTX...cs, data) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1106

(int)n_recs, data) <= 0) {

EVP_CIPHER_CTX...cs, data) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1107

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

1108

SSL_R_PIPELINE_FAILURE);

-

1109

return -1;

never executed: return -1;

0

1110

}

-

1111

/* Set the input buffers */

-

1112

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	never evaluated
FALSE	never evaluated

0

1113

data[ctr] = recs[ctr].input;

-

1114

}

never executed: end of block

0

1115

if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,

EVP_CIPHER_CTX...cs, data) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1116

(int)n_recs, data) <= 0

EVP_CIPHER_CTX...cs, data) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1117

|| EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,

EVP_CIPHER_CTX..., reclen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1118

(int)n_recs, reclen) <= 0) {

EVP_CIPHER_CTX..., reclen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1119

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

1120

SSL_R_PIPELINE_FAILURE);

-

1121

return -1;

never executed: return -1;

0

1122

}

-

1123

}

never executed: end of block

0

1124

-

1125

/* TODO(size_t): Convert this call */

-

1126

tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,

-

1127

(unsigned int)reclen[0]);

-

1128

if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))

(EVP_CIPHER_fl... : (tmpr == 0)	Description
TRUE	evaluated 147 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17558 times by 1 test Evaluated by: libssl.so.1.1

(EVP_CIPHER_fl...)) & 0x100000)	Description
TRUE	evaluated 6089 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11616 times by 1 test Evaluated by: libssl.so.1.1

147-17558

1129

& EVP_CIPH_FLAG_CUSTOM_CIPHER)

(EVP_CIPHER_fl... : (tmpr == 0)	Description
TRUE	evaluated 147 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17558 times by 1 test Evaluated by: libssl.so.1.1

(EVP_CIPHER_fl...)) & 0x100000)	Description
TRUE	evaluated 6089 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11616 times by 1 test Evaluated by: libssl.so.1.1

147-17558

1130

? (tmpr < 0)

(EVP_CIPHER_fl... : (tmpr == 0)	Description
TRUE	evaluated 147 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17558 times by 1 test Evaluated by: libssl.so.1.1

147-17558

1131

: (tmpr == 0))

(EVP_CIPHER_fl... : (tmpr == 0)	Description
TRUE	evaluated 147 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17558 times by 1 test Evaluated by: libssl.so.1.1

147-17558

1132

return -1; /* AEAD can fail to verify MAC */

executed 147 times by 1 test: return -1;

Executed by:

libssl.so.1.1

147

1133

-

1134

if (sending == 0) {

sending == 0	Description
TRUE	evaluated 7910 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9648 times by 1 test Evaluated by: libssl.so.1.1

7910-9648

1135

if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {

(EVP_CIPHER_fl...xF0007) == 0x6	Description
TRUE	evaluated 2596 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5314 times by 1 test Evaluated by: libssl.so.1.1

2596-5314

1136

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	evaluated 2596 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2596 times by 1 test Evaluated by: libssl.so.1.1

2596

1137

recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;

-

1138

recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;

-

1139

recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;

-

1140

}

executed 2596 times by 1 test: end of block

Executed by:

libssl.so.1.1

2596

1141

} else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {

executed 2596 times by 1 test: end of block

Executed by:

libssl.so.1.1

(EVP_CIPHER_fl...xF0007) == 0x7	Description
TRUE	evaluated 60 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5254 times by 1 test Evaluated by: libssl.so.1.1

60-5254

1142

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	evaluated 60 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 60 times by 1 test Evaluated by: libssl.so.1.1

60

1143

recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;

-

1144

recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;

-

1145

recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;

-

1146

}

executed 60 times by 1 test: end of block

Executed by:

libssl.so.1.1

60

1147

}

executed 60 times by 1 test: end of block

Executed by:

libssl.so.1.1

60

1148

}

executed 7910 times by 1 test: end of block

Executed by:

libssl.so.1.1

7910

1149

-

1150

ret = 1;

-

1151

if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) {

!(s->s3->flags & 0x0100)	Description
TRUE	evaluated 7595 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9963 times by 1 test Evaluated by: libssl.so.1.1

EVP_MD_CTX_md(...!= ((void *)0)	Description
TRUE	evaluated 748 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6847 times by 1 test Evaluated by: libssl.so.1.1

748-9963

1152

imac_size = EVP_MD_CTX_size(s->read_hash);

-

1153

if (imac_size < 0) {

imac_size < 0	Description
TRUE	never evaluated
FALSE	evaluated 748 times by 1 test Evaluated by: libssl.so.1.1

0-748

1154

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,

-

1155

ERR_R_INTERNAL_ERROR);

-

1156

return -1;

never executed: return -1;

0

1157

}

-

1158

mac_size = (size_t)imac_size;

-

1159

}

executed 748 times by 1 test: end of block

Executed by:

libssl.so.1.1

748

1160

if ((bs != 1) && !sending) {

(bs != 1)	Description
TRUE	evaluated 11341 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6217 times by 1 test Evaluated by: libssl.so.1.1

!sending	Description
TRUE	evaluated 5195 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6146 times by 1 test Evaluated by: libssl.so.1.1

5195-11341

1161

int tmpret;

-

1162

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	evaluated 5195 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5163 times by 1 test Evaluated by: libssl.so.1.1

5163-5195

1163

tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);

-

1164

/*

-

1165

* If tmpret == 0 then this means publicly invalid so we can

-

1166

* short circuit things here. Otherwise we must respect constant

-

1167

* time behaviour.

-

1168

*/

-

1169

if (tmpret == 0)

tmpret == 0	Description
TRUE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5163 times by 1 test Evaluated by: libssl.so.1.1

32-5163

1170

return 0;

executed 32 times by 1 test: return 0;

Executed by:

libssl.so.1.1

32

1171

ret = constant_time_select_int(constant_time_eq_int(tmpret, 1),

-

1172

ret, -1);

-

1173

}

executed 5163 times by 1 test: end of block

Executed by:

libssl.so.1.1

5163

1174

}

executed 5163 times by 1 test: end of block

Executed by:

libssl.so.1.1

5163

1175

if (pad && !sending) {

pad	Description
TRUE	evaluated 5942 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11584 times by 1 test Evaluated by: libssl.so.1.1

!sending	Description
TRUE	evaluated 2681 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3261 times by 1 test Evaluated by: libssl.so.1.1

2681-11584

1176

for (ctr = 0; ctr < n_recs; ctr++) {

ctr < n_recs	Description
TRUE	evaluated 2681 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2681 times by 1 test Evaluated by: libssl.so.1.1

2681

1177

recs[ctr].length -= pad;

-

1178

}

executed 2681 times by 1 test: end of block

Executed by:

libssl.so.1.1

2681

1179

}

executed 2681 times by 1 test: end of block

Executed by:

libssl.so.1.1

2681

1180

}

executed 17526 times by 1 test: end of block

Executed by:

libssl.so.1.1

17526

1181

return ret;

executed 61868 times by 1 test: return ret;

Executed by:

libssl.so.1.1

61868

1182

}

-

1183

-

1184

int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)

-

1185

{

-

1186

unsigned char *mac_sec, *seq;

-

1187

const EVP_MD_CTX *hash;

-

1188

unsigned char *p, rec_char;

-

1189

size_t md_size;

-

1190

size_t npad;

-

1191

int t;

-

1192

-

1193

if (sending) {

sending	Description
TRUE	never evaluated
FALSE	never evaluated

0

1194

mac_sec = &(ssl->s3->write_mac_secret[0]);

-

1195

seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);

-

1196

hash = ssl->write_hash;

-

1197

} else {

never executed: end of block

0

1198

mac_sec = &(ssl->s3->read_mac_secret[0]);

-

1199

seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);

-

1200

hash = ssl->read_hash;

-

1201

}

never executed: end of block

0

1202

-

1203

t = EVP_MD_CTX_size(hash);

-

1204

if (t < 0)

t < 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1205

return 0;

never executed: return 0;

0

1206

md_size = t;

-

1207

npad = (48 / md_size) * md_size;

-

1208

-

1209

if (!sending &&

!sending	Description
TRUE	never evaluated
FALSE	never evaluated

0

1210

EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

(EVP_CIPHER_fl...xF0007) == 0x2	Description
TRUE	never evaluated
FALSE	never evaluated

0

1211

ssl3_cbc_record_digest_supported(hash)) {

ssl3_cbc_recor...upported(hash)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1212

/*

-

1213

* This is a CBC-encrypted record. We must avoid leaking any

-

1214

* timing-side channel information about how many blocks of data we

-

1215

* are hashing because that gives an attacker a timing-oracle.

-

1216

*/

-

1217

-

1218

/*-

-

1219

* npad is, at most, 48 bytes and that's with MD5:

-

1220

* 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.

-

1221

*

-

1222

* With SHA-1 (the largest hash speced for SSLv3) the hash size

-

1223

* goes up 4, but npad goes down by 8, resulting in a smaller

-

1224

* total size.

-

1225

*/

-

1226

unsigned char header[75];

-

1227

size_t j = 0;

-

1228

memcpy(header + j, mac_sec, md_size);

-

1229

j += md_size;

-

1230

memcpy(header + j, ssl3_pad_1, npad);

-

1231

j += npad;

-

1232

memcpy(header + j, seq, 8);

-

1233

j += 8;

-

1234

header[j++] = rec->type;

-

1235

header[j++] = (unsigned char)(rec->length >> 8);

-

1236

header[j++] = (unsigned char)(rec->length & 0xff);

-

1237

-

1238

/* Final param == is SSLv3 */

-

1239

if (ssl3_cbc_digest_record(hash,

ssl3_cbc_diges..._size, 1) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1240

md, &md_size,

ssl3_cbc_diges..._size, 1) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1241

header, rec->input,

ssl3_cbc_diges..._size, 1) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1242

rec->length + md_size, rec->orig_len,

ssl3_cbc_diges..._size, 1) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1243

mac_sec, md_size, 1) <= 0)

ssl3_cbc_diges..._size, 1) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1244

return 0;

never executed: return 0;

0

1245

} else {

never executed: end of block

0

1246

unsigned int md_size_u;

-

1247

/* Chop the digest off the end :-) */

-

1248

EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();

-

1249

-

1250

if (md_ctx == NULL)

md_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1251

return 0;

never executed: return 0;

0

1252

-

1253

rec_char = rec->type;

-

1254

p = md;

-

1255

s2n(rec->length, p);

-

1256

if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0

EVP_MD_CTX_cop...tx, hash) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1257

|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0

EVP_DigestUpda... md_size) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1258

|| EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0

EVP_DigestUpda..._1, npad) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1259

|| EVP_DigestUpdate(md_ctx, seq, 8) <= 0

EVP_DigestUpda..., seq, 8) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1260

|| EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0

EVP_DigestUpda..._char, 1) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1261

|| EVP_DigestUpdate(md_ctx, md, 2) <= 0

EVP_DigestUpda...x, md, 2) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1262

|| EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0

EVP_DigestUpda...->length) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1263

|| EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0

EVP_DigestFina...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1264

|| EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0

EVP_MD_CTX_cop...tx, hash) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1265

|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0

EVP_DigestUpda... md_size) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1266

|| EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0

EVP_DigestUpda..._2, npad) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1267

|| EVP_DigestUpdate(md_ctx, md, md_size) <= 0

EVP_DigestUpda... md_size) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1268

|| EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {

EVP_DigestFina...d_size_u) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1269

EVP_MD_CTX_free(md_ctx);

-

1270

return 0;

never executed: return 0;

0

1271

}

-

1272

-

1273

EVP_MD_CTX_free(md_ctx);

-

1274

}

never executed: end of block

0

1275

-

1276

ssl3_record_sequence_update(seq);

-

1277

return 1;

never executed: return 1;

0

1278

}

-

1279

-

1280

int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)

-

1281

{

-

1282

unsigned char *seq;

-

1283

EVP_MD_CTX *hash;

-

1284

size_t md_size;

-

1285

int i;

-

1286

EVP_MD_CTX *hmac = NULL, *mac_ctx;

-

1287

unsigned char header[13];

-

1288

int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)

sending	Description
TRUE	evaluated 6387 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5234 times by 1 test Evaluated by: libssl.so.1.1

5234-6387

1289

: (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));

-

1290

int t;

-

1291

-

1292

if (sending) {

sending	Description
TRUE	evaluated 6387 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5234 times by 1 test Evaluated by: libssl.so.1.1

5234-6387

1293

seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);

-

1294

hash = ssl->write_hash;

-

1295

} else {

executed 6387 times by 1 test: end of block

Executed by:

libssl.so.1.1

6387

1296

seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);

-

1297

hash = ssl->read_hash;

-

1298

}

executed 5234 times by 1 test: end of block

Executed by:

libssl.so.1.1

5234

1299

-

1300

t = EVP_MD_CTX_size(hash);

-

1301

if (!ossl_assert(t >= 0))

!((t >= 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 11621 times by 1 test Evaluated by: libssl.so.1.1

0-11621

1302

return 0;

never executed: return 0;

0

1303

md_size = t;

-

1304

-

1305

/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */

-

1306

if (stream_mac) {

stream_mac	Description
TRUE	never evaluated
FALSE	evaluated 11621 times by 1 test Evaluated by: libssl.so.1.1

0-11621

1307

mac_ctx = hash;

-

1308

} else {

never executed: end of block

0

1309

hmac = EVP_MD_CTX_new();

-

1310

if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) {

hmac == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11621 times by 1 test Evaluated by: libssl.so.1.1

!EVP_MD_CTX_copy(hmac, hash)	Description
TRUE	never evaluated
FALSE	evaluated 11621 times by 1 test Evaluated by: libssl.so.1.1

0-11621

1311

EVP_MD_CTX_free(hmac);

-

1312

return 0;

never executed: return 0;

0

1313

}

-

1314

mac_ctx = hmac;

-

1315

}

executed 11621 times by 1 test: end of block

Executed by:

libssl.so.1.1

11621

1316

-

1317

if (SSL_IS_DTLS(ssl)) {

(ssl->method->...c_flags & 0x8)	Description
TRUE	evaluated 1260 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10361 times by 1 test Evaluated by: libssl.so.1.1

1260-10361

1318

unsigned char dtlsseq[8], *p = dtlsseq;

-

1319

-

1320

s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :

-

1321

DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);

-

1322

memcpy(p, &seq[2], 6);

-

1323

-

1324

memcpy(header, dtlsseq, 8);

-

1325

} else

executed 1260 times by 1 test: end of block

Executed by:

libssl.so.1.1

1260

1326

memcpy(header, seq, 8);

executed 10361 times by 1 test: memcpy(header, seq, 8);

Executed by:

libssl.so.1.1

10361

1327

-

1328

header[8] = rec->type;

-

1329

header[9] = (unsigned char)(ssl->version >> 8);

-

1330

header[10] = (unsigned char)(ssl->version);

-

1331

header[11] = (unsigned char)(rec->length >> 8);

-

1332

header[12] = (unsigned char)(rec->length & 0xff);

-

1333

-

1334

if (!sending && !SSL_READ_ETM(ssl) &&

!sending	Description
TRUE	evaluated 5234 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6387 times by 1 test Evaluated by: libssl.so.1.1

!(ssl->s3->flags & 0x0100)	Description
TRUE	evaluated 242 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4992 times by 1 test Evaluated by: libssl.so.1.1

242-6387

1335

EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

(EVP_CIPHER_fl...xF0007) == 0x2	Description
TRUE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

21-221

1336

ssl3_cbc_record_digest_supported(mac_ctx)) {

ssl3_cbc_recor...orted(mac_ctx)	Description
TRUE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-221

1337

/*

-

1338

* This is a CBC-encrypted record. We must avoid leaking any

-

1339

* timing-side channel information about how many blocks of data we

-

1340

* are hashing because that gives an attacker a timing-oracle.

-

1341

*/

-

1342

/* Final param == not SSLv3 */

-

1343

if (ssl3_cbc_digest_record(mac_ctx,

ssl3_cbc_diges..._size, 0) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

0-221

1344

md, &md_size,

ssl3_cbc_diges..._size, 0) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

0-221

1345

header, rec->input,

ssl3_cbc_diges..._size, 0) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

0-221

1346

rec->length + md_size, rec->orig_len,

ssl3_cbc_diges..._size, 0) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

0-221

1347

ssl->s3->read_mac_secret,

ssl3_cbc_diges..._size, 0) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

0-221

1348

ssl->s3->read_mac_secret_size, 0) <= 0) {

ssl3_cbc_diges..._size, 0) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

0-221

1349

EVP_MD_CTX_free(hmac);

-

1350

return 0;

never executed: return 0;

0

1351

}

-

1352

} else {

executed 221 times by 1 test: end of block

Executed by:

libssl.so.1.1

221

1353

/* TODO(size_t): Convert these calls */

-

1354

if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0

EVP_DigestUpda...(header)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 11400 times by 1 test Evaluated by: libssl.so.1.1

0-11400

1355

|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0

EVP_DigestUpda...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 11400 times by 1 test Evaluated by: libssl.so.1.1

0-11400

1356

|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {

EVP_DigestSign...&md_size) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 11400 times by 1 test Evaluated by: libssl.so.1.1

0-11400

1357

EVP_MD_CTX_free(hmac);

-

1358

return 0;

never executed: return 0;

0

1359

}

-

1360

}

executed 11400 times by 1 test: end of block

Executed by:

libssl.so.1.1

11400

1361

-

1362

EVP_MD_CTX_free(hmac);

-

1363

-

1364

#ifdef SSL_DEBUG

-

1365

fprintf(stderr, "seq=");

-

1366

{

-

1367

int z;

-

1368

for (z = 0; z < 8; z++)

-

1369

fprintf(stderr, "%02X ", seq[z]);

-

1370

fprintf(stderr, "\n");

-

1371

}

-

1372

fprintf(stderr, "rec=");

-

1373

{

-

1374

size_t z;

-

1375

for (z = 0; z < rec->length; z++)

-

1376

fprintf(stderr, "%02X ", rec->data[z]);

-

1377

fprintf(stderr, "\n");

-

1378

}

-

1379

#endif

-

1380

-

1381

if (!SSL_IS_DTLS(ssl)) {

!(ssl->method-...c_flags & 0x8)	Description
TRUE	evaluated 10361 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1260 times by 1 test Evaluated by: libssl.so.1.1

1260-10361

1382

for (i = 7; i >= 0; i--) {

i >= 0	Description
TRUE	evaluated 10369 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-10369

1383

++seq[i];

-

1384

if (seq[i] != 0)

seq[i] != 0	Description
TRUE	evaluated 10361 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-10361

1385

break;

executed 10361 times by 1 test: break;

Executed by:

libssl.so.1.1

10361

1386

}

executed 8 times by 1 test: end of block

Executed by:

libssl.so.1.1

8

1387

}

executed 10361 times by 1 test: end of block

Executed by:

libssl.so.1.1

10361

1388

#ifdef SSL_DEBUG

-

1389

{

-

1390

unsigned int z;

-

1391

for (z = 0; z < md_size; z++)

-

1392

fprintf(stderr, "%02X ", md[z]);

-

1393

fprintf(stderr, "\n");

-

1394

}

-

1395

#endif

-

1396

return 1;

executed 11621 times by 1 test: return 1;

Executed by:

libssl.so.1.1

11621

1397

}

-

1398

-

1399

/*-

-

1400

* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC

-

1401

* record in |rec| by updating |rec->length| in constant time.

-

1402

*

-

1403

* block_size: the block size of the cipher used to encrypt the record.

-

1404

* returns:

-

1405

* 0: (in non-constant time) if the record is publicly invalid.

-

1406

* 1: if the padding was valid

-

1407

* -1: otherwise.

-

1408

*/

-

1409

int ssl3_cbc_remove_padding(SSL3_RECORD *rec,

-

1410

size_t block_size, size_t mac_size)

-

1411

{

-

1412

size_t padding_length;

-

1413

size_t good;

-

1414

const size_t overhead = 1 /* padding length byte */ + mac_size;

-

1415

-

1416

/*

-

1417

* These lengths are all public so we can test them in non-constant time.

-

1418

*/

-

1419

if (overhead > rec->length)

overhead > rec->length	Description
TRUE	never evaluated
FALSE	never evaluated

0

1420

return 0;

never executed: return 0;

0

1421

-

1422

padding_length = rec->data[rec->length - 1];

-

1423

good = constant_time_ge_s(rec->length, padding_length + overhead);

-

1424

/* SSLv3 requires that the padding is minimal. */

-

1425

good &= constant_time_ge_s(block_size, padding_length + 1);

-

1426

rec->length -= good & (padding_length + 1);

-

1427

return constant_time_select_int_s(good, 1, -1);

never executed: return constant_time_select_int_s(good, 1, -1);

0

1428

}

-

1429

-

1430

/*-

-

1431

* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC

-

1432

* record in |rec| in constant time and returns 1 if the padding is valid and

-

1433

* -1 otherwise. It also removes any explicit IV from the start of the record

-

1434

* without leaking any timing about whether there was enough space after the

-

1435

* padding was removed.

-

1436

*

-

1437

* block_size: the block size of the cipher used to encrypt the record.

-

1438

* returns:

-

1439

* 0: (in non-constant time) if the record is publicly invalid.

-

1440

* 1: if the padding was valid

-

1441

* -1: otherwise.

-

1442

*/

-

1443

int tls1_cbc_remove_padding(const SSL *s,

-

1444

SSL3_RECORD *rec,

-

1445

size_t block_size, size_t mac_size)

-

1446

{

-

1447

size_t good;

-

1448

size_t padding_length, to_check, i;

-

1449

const size_t overhead = 1 /* padding length byte */ + mac_size;

-

1450

/* Check if version requires explicit IV */

-

1451

if (SSL_USE_EXPLICIT_IV(s)) {

(s->method->ss...c_flags & 0x1)	Description
TRUE	evaluated 3872 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1323 times by 1 test Evaluated by: libssl.so.1.1

1323-3872

1452

/*

-

1453

* These lengths are all public so we can test them in non-constant

-

1454

* time.

-

1455

*/

-

1456

if (overhead + block_size > rec->length)

overhead + blo... > rec->length	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3853 times by 1 test Evaluated by: libssl.so.1.1

19-3853

1457

return 0;

executed 19 times by 1 test: return 0;

Executed by:

libssl.so.1.1

19

1458

/* We can now safely skip explicit IV */

-

1459

rec->data += block_size;

-

1460

rec->input += block_size;

-

1461

rec->length -= block_size;

-

1462

rec->orig_len -= block_size;

-

1463

} else if (overhead > rec->length)

executed 3853 times by 1 test: end of block

Executed by:

libssl.so.1.1

overhead > rec->length	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1310 times by 1 test Evaluated by: libssl.so.1.1

13-3853

1464

return 0;

executed 13 times by 1 test: return 0;

Executed by:

libssl.so.1.1

13

1465

-

1466

padding_length = rec->data[rec->length - 1];

-

1467

-

1468

if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) &

EVP_CIPHER_fla...x)) & 0x200000	Description
TRUE	never evaluated
FALSE	evaluated 5163 times by 1 test Evaluated by: libssl.so.1.1

0-5163

1469

EVP_CIPH_FLAG_AEAD_CIPHER) {

EVP_CIPHER_fla...x)) & 0x200000	Description
TRUE	never evaluated
FALSE	evaluated 5163 times by 1 test Evaluated by: libssl.so.1.1

0-5163

1470

/* padding is already verified */

-

1471

rec->length -= padding_length + 1;

-

1472

return 1;

never executed: return 1;

0

1473

}

-

1474

-

1475

good = constant_time_ge_s(rec->length, overhead + padding_length);

-

1476

/*

-

1477

* The padding consists of a length byte at the end of the record and

-

1478

* then that many bytes of padding, all with the same value as the length

-

1479

* byte. Thus, with the length byte included, there are i+1 bytes of

-

1480

* padding. We can't check just |padding_length+1| bytes because that

-

1481

* leaks decrypted information. Therefore we always have to check the

-

1482

* maximum amount of padding possible. (Again, the length of the record

-

1483

* is public information so we can use it.)

-

1484

*/

-

1485

to_check = 256; /* maximum amount of padding, inc length byte. */

-

1486

if (to_check > rec->length)

to_check > rec->length	Description
TRUE	evaluated 2380 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2783 times by 1 test Evaluated by: libssl.so.1.1

2380-2783

1487

to_check = rec->length;

executed 2380 times by 1 test: to_check = rec->length;

Executed by:

libssl.so.1.1

2380

1488

-

1489

for (i = 0; i < to_check; i++) {

i < to_check	Description
TRUE	evaluated 781112 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5163 times by 1 test Evaluated by: libssl.so.1.1

5163-781112

1490

unsigned char mask = constant_time_ge_8_s(padding_length, i);

-

1491

unsigned char b = rec->data[rec->length - 1 - i];

-

1492

/*

-

1493

* The final |padding_length+1| bytes should all have the value

-

1494

* |padding_length|. Therefore the XOR should be zero.

-

1495

*/

-

1496

good &= ~(mask & (padding_length ^ b));

-

1497

}

executed 781112 times by 1 test: end of block

Executed by:

libssl.so.1.1

781112

1498

-

1499

/*

-

1500

* If any of the final |padding_length+1| bytes had the wrong value, one

-

1501

* or more of the lower eight bits of |good| will be cleared.

-

1502

*/

-

1503

good = constant_time_eq_s(0xff, good & 0xff);

-

1504

rec->length -= good & (padding_length + 1);

-

1505

-

1506

return constant_time_select_int_s(good, 1, -1);

executed 5163 times by 1 test: return constant_time_select_int_s(good, 1, -1);

Executed by:

libssl.so.1.1

5163

1507

}

-

1508

-

1509

/*-

-

1510

* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in

-

1511

* constant time (independent of the concrete value of rec->length, which may

-

1512

* vary within a 256-byte window).

-

1513

*

-

1514

* ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to

-

1515

* this function.

-

1516

*

-

1517

* On entry:

-

1518

* rec->orig_len >= md_size

-

1519

* md_size <= EVP_MAX_MD_SIZE

-

1520

*

-

1521

* If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with

-

1522

* variable accesses in a 64-byte-aligned buffer. Assuming that this fits into

-

1523

* a single or pair of cache-lines, then the variable memory accesses don't

-

1524

* actually affect the timing. CPUs with smaller cache-lines [if any] are

-

1525

* not multi-core and are not considered vulnerable to cache-timing attacks.

-

1526

*/

-

1527

#define CBC_MAC_ROTATE_IN_PLACE

-

1528

-

1529

int ssl3_cbc_copy_mac(unsigned char *out,

-

1530

const SSL3_RECORD *rec, size_t md_size)

-

1531

{

-

1532

#if defined(CBC_MAC_ROTATE_IN_PLACE)

-

1533

unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];

-

1534

unsigned char *rotated_mac;

-

1535

#else

-

1536

unsigned char rotated_mac[EVP_MAX_MD_SIZE];

-

1537

#endif

-

1538

-

1539

/*

-

1540

* mac_end is the index of |rec->data| just after the end of the MAC.

-

1541

*/

-

1542

size_t mac_end = rec->length;

-

1543

size_t mac_start = mac_end - md_size;

-

1544

size_t in_mac;

-

1545

/*

-

1546

* scan_start contains the number of bytes that we can ignore because the

-

1547

* MAC's position can only vary by 255 bytes.

-

1548

*/

-

1549

size_t scan_start = 0;

-

1550

size_t i, j;

-

1551

size_t rotate_offset;

-

1552

-

1553

if (!ossl_assert(rec->orig_len >= md_size

!((rec->orig_l...e <= 64) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

rec->orig_len >= md_size	Description
TRUE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

md_size <= 64	Description
TRUE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-221

1554

&& md_size <= EVP_MAX_MD_SIZE))

-

1555

return 0;

never executed: return 0;

0

1556

-

1557

#if defined(CBC_MAC_ROTATE_IN_PLACE)

-

1558

rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);

-

1559

#endif

-

1560

-

1561

/* This information is public so it's safe to branch based on it. */

-

1562

if (rec->orig_len > md_size + 255 + 1)

rec->orig_len ...size + 255 + 1	Description
TRUE	evaluated 58 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 163 times by 1 test Evaluated by: libssl.so.1.1

58-163

1563

scan_start = rec->orig_len - (md_size + 255 + 1);

executed 58 times by 1 test: scan_start = rec->orig_len - (md_size + 255 + 1);

Executed by:

libssl.so.1.1

58

1564

-

1565

in_mac = 0;

-

1566

rotate_offset = 0;

-

1567

memset(rotated_mac, 0, md_size);

-

1568

for (i = scan_start, j = 0; i < rec->orig_len; i++) {

i < rec->orig_len	Description
TRUE	evaluated 30844 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

221-30844

1569

size_t mac_started = constant_time_eq_s(i, mac_start);

-

1570

size_t mac_ended = constant_time_lt_s(i, mac_end);

-

1571

unsigned char b = rec->data[i];

-

1572

-

1573

in_mac |= mac_started;

-

1574

in_mac &= mac_ended;

-

1575

rotate_offset |= j & mac_started;

-

1576

rotated_mac[j++] |= b & in_mac;

-

1577

j &= constant_time_lt_s(j, md_size);

-

1578

}

executed 30844 times by 1 test: end of block

Executed by:

libssl.so.1.1

30844

1579

-

1580

/* Now rotate the MAC */

-

1581

#if defined(CBC_MAC_ROTATE_IN_PLACE)

-

1582

j = 0;

-

1583

for (i = 0; i < md_size; i++) {

i < md_size	Description
TRUE	evaluated 5464 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

221-5464

1584

/* in case cache-line is 32 bytes, touch second line */

-

1585

((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32];

-

1586

out[j++] = rotated_mac[rotate_offset++];

-

1587

rotate_offset &= constant_time_lt_s(rotate_offset, md_size);

-

1588

}

executed 5464 times by 1 test: end of block

Executed by:

libssl.so.1.1

5464

1589

#else

-

1590

memset(out, 0, md_size);

-

1591

rotate_offset = md_size - rotate_offset;

-

1592

rotate_offset &= constant_time_lt_s(rotate_offset, md_size);

-

1593

for (i = 0; i < md_size; i++) {

-

1594

for (j = 0; j < md_size; j++)

-

1595

out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset);

-

1596

rotate_offset++;

-

1597

rotate_offset &= constant_time_lt_s(rotate_offset, md_size);

-

1598

}

-

1599

#endif

-

1600

-

1601

return 1;

executed 221 times by 1 test: return 1;

Executed by:

libssl.so.1.1

221

1602

}

-

1603

-

1604

int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)

-

1605

{

-

1606

int i;

-

1607

int enc_err;

-

1608

SSL_SESSION *sess;

-

1609

SSL3_RECORD *rr;

-

1610

int imac_size;

-

1611

size_t mac_size;

-

1612

unsigned char md[EVP_MAX_MD_SIZE];

-

1613

-

1614

rr = RECORD_LAYER_get_rrec(&s->rlayer);

-

1615

sess = s->session;

-

1616

-

1617

/*

-

1618

* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,

-

1619

* and we have that many bytes in s->packet

-

1620

*/

-

1621

rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);

-

1622

-

1623

/*

-

1624

* ok, we can now read from 's->packet' data into 'rr' rr->input points

-

1625

* at rr->length bytes, which need to be copied into rr->data by either

-

1626

* the decryption or by the decompression When the data is 'copied' into

-

1627

* the rr->data buffer, rr->input will be pointed at the new buffer

-

1628

*/

-

1629

-

1630

/*

-

1631

* We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length

-

1632

* bytes of encrypted compressed stuff.

-

1633

*/

-

1634

-

1635

/* check is not needed I believe */

-

1636

if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {

rr->length > (...(16384 +1024))	Description
TRUE	never evaluated
FALSE	evaluated 3409 times by 1 test Evaluated by: libssl.so.1.1

0-3409

1637

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,

-

1638

SSL_R_ENCRYPTED_LENGTH_TOO_LONG);

-

1639

return 0;

never executed: return 0;

0

1640

}

-

1641

-

1642

/* decrypt in place in 'rr->input' */

-

1643

rr->data = rr->input;

-

1644

rr->orig_len = rr->length;

-

1645

-

1646

if (SSL_READ_ETM(s) && s->read_hash) {

(s->s3->flags & 0x0100)	Description
TRUE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3101 times by 1 test Evaluated by: libssl.so.1.1

s->read_hash	Description
TRUE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3101

1647

unsigned char *mac;

-

1648

mac_size = EVP_MD_CTX_size(s->read_hash);

-

1649

if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {

!((mac_size <= 64) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1650

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,

-

1651

ERR_R_INTERNAL_ERROR);

-

1652

return 0;

never executed: return 0;

0

1653

}

-

1654

if (rr->orig_len < mac_size) {

rr->orig_len < mac_size	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1655

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,

-

1656

SSL_R_LENGTH_TOO_SHORT);

-

1657

return 0;

never executed: return 0;

0

1658

}

-

1659

rr->length -= mac_size;

-

1660

mac = rr->data + rr->length;

-

1661

i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );

-

1662

if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {

i == 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

CRYPTO_memcmp(...mac_size) != 0	Description
TRUE	never evaluated
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

0-308

1663

SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_DTLS1_PROCESS_RECORD,

-

1664

SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);

-

1665

return 0;

never executed: return 0;

0

1666

}

-

1667

}

executed 308 times by 1 test: end of block

Executed by:

libssl.so.1.1

308

1668

-

1669

enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);

-

1670

/*-

-

1671

* enc_err is:

-

1672

* 0: (in non-constant time) if the record is publically invalid.

-

1673

* 1: if the padding is valid

-

1674

* -1: if the padding is invalid

-

1675

*/

-

1676

if (enc_err == 0) {

enc_err == 0	Description
TRUE	never evaluated
FALSE	evaluated 3409 times by 1 test Evaluated by: libssl.so.1.1

0-3409

1677

if (ossl_statem_in_error(s)) {

ossl_statem_in_error(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1678

/* SSLfatal() got called */

-

1679

return 0;

never executed: return 0;

0

1680

}

-

1681

/* For DTLS we simply ignore bad packets. */

-

1682

rr->length = 0;

-

1683

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1684

return 0;

never executed: return 0;

0

1685

}

-

1686

#ifdef SSL_DEBUG

-

1687

printf("dec %ld\n", rr->length);

-

1688

{

-

1689

size_t z;

-

1690

for (z = 0; z < rr->length; z++)

-

1691

printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');

-

1692

}

-

1693

printf("\n");

-

1694

#endif

-

1695

-

1696

/* r->length is now the compressed data plus mac */

-

1697

if ((sess != NULL) && !SSL_READ_ETM(s) &&

(sess != ((void *)0) )	Description
TRUE	evaluated 3213 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 196 times by 1 test Evaluated by: libssl.so.1.1

!(s->s3->flags & 0x0100)	Description
TRUE	evaluated 2905 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 308 times by 1 test Evaluated by: libssl.so.1.1

196-3213

1698

(s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {

(s->enc_read_c... ((void *)0) )	Description
TRUE	evaluated 663 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2242 times by 1 test Evaluated by: libssl.so.1.1

(EVP_MD_CTX_md... ((void *)0) )	Description
TRUE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 616 times by 1 test Evaluated by: libssl.so.1.1

47-2242

1699

/* s->read_hash != NULL => mac_size != -1 */

-

1700

unsigned char *mac = NULL;

-

1701

unsigned char mac_tmp[EVP_MAX_MD_SIZE];

-

1702

-

1703

/* TODO(size_t): Convert this to do size_t properly */

-

1704

imac_size = EVP_MD_CTX_size(s->read_hash);

-

1705

if (imac_size < 0) {

imac_size < 0	Description
TRUE	never evaluated
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

0-47

1706

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,

-

1707

ERR_LIB_EVP);

-

1708

return 0;

never executed: return 0;

0

1709

}

-

1710

mac_size = (size_t)imac_size;

-

1711

if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {

!((mac_size <= 64) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

0-47

1712

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,

-

1713

ERR_R_INTERNAL_ERROR);

-

1714

return 0;

never executed: return 0;

0

1715

}

-

1716

-

1717

/*

-

1718

* orig_len is the length of the record before any padding was

-

1719

* removed. This is public information, as is the MAC in use,

-

1720

* therefore we can safely process the record in a different amount

-

1721

* of time if it's too short to possibly contain a MAC.

-

1722

*/

-

1723

if (rr->orig_len < mac_size ||

rr->orig_len < mac_size	Description
TRUE	never evaluated
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

0-47

1724

/* CBC records must have a padding length byte too. */

-

1725

(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

(EVP_CIPHER_fl...xF0007) == 0x2	Description
TRUE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-41

1726

rr->orig_len < mac_size + 1)) {

rr->orig_len < mac_size + 1	Description
TRUE	never evaluated
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

0-41

1727

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,

-

1728

SSL_R_LENGTH_TOO_SHORT);

-

1729

return 0;

never executed: return 0;

0

1730

}

-

1731

-

1732

if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {

(EVP_CIPHER_fl...xF0007) == 0x2	Description
TRUE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-41

1733

/*

-

1734

* We update the length so that the TLS header bytes can be

-

1735

* constructed correctly but we need to extract the MAC in

-

1736

* constant time from within the record, without leaking the

-

1737

* contents of the padding bytes.

-

1738

*/

-

1739

mac = mac_tmp;

-

1740

if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) {

!ssl3_cbc_copy... rr, mac_size)	Description
TRUE	never evaluated
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

0-41

1741

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,

-

1742

ERR_R_INTERNAL_ERROR);

-

1743

return 0;

never executed: return 0;

0

1744

}

-

1745

rr->length -= mac_size;

-

1746

} else {

executed 41 times by 1 test: end of block

Executed by:

libssl.so.1.1

41

1747

/*

-

1748

* In this case there's no padding, so |rec->orig_len| equals

-

1749

* |rec->length| and we checked that there's enough bytes for

-

1750

* |mac_size| above.

-

1751

*/

-

1752

rr->length -= mac_size;

-

1753

mac = &rr->data[rr->length];

-

1754

}

executed 6 times by 1 test: end of block

Executed by:

libssl.so.1.1

6

1755

-

1756

i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );

-

1757

if (i == 0 || mac == NULL

i == 0	Description
TRUE	never evaluated
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

mac == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

0-47

1758

|| CRYPTO_memcmp(md, mac, mac_size) != 0)

CRYPTO_memcmp(...mac_size) != 0	Description
TRUE	never evaluated
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

0-47

1759

enc_err = -1;

never executed: enc_err = -1;

0

1760

if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)

rr->length > (...24) + mac_size	Description
TRUE	never evaluated
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

0-47

1761

enc_err = -1;

never executed: enc_err = -1;

0

1762

}

executed 47 times by 1 test: end of block

Executed by:

libssl.so.1.1

47

1763

-

1764

if (enc_err < 0) {

enc_err < 0	Description
TRUE	never evaluated
FALSE	evaluated 3409 times by 1 test Evaluated by: libssl.so.1.1

0-3409

1765

/* decryption failed, silently discard message */

-

1766

rr->length = 0;

-

1767

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1768

return 0;

never executed: return 0;

0

1769

}

-

1770

-

1771

/* r->length is now just compressed */

-

1772

if (s->expand != NULL) {

s->expand != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3409 times by 1 test Evaluated by: libssl.so.1.1

0-3409

1773

if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {

rr->length > (16384 +1024)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1774

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,

-

1775

SSL_R_COMPRESSED_LENGTH_TOO_LONG);

-

1776

return 0;

never executed: return 0;

0

1777

}

-

1778

if (!ssl3_do_uncompress(s, rr)) {

!ssl3_do_uncompress(s, rr)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1779

SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE,

-

1780

SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);

-

1781

return 0;

never executed: return 0;

0

1782

}

-

1783

}

never executed: end of block

0

1784

-

1785

if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {

rr->length > 16384	Description
TRUE	never evaluated
FALSE	evaluated 3409 times by 1 test Evaluated by: libssl.so.1.1

0-3409

1786

SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,

-

1787

SSL_R_DATA_LENGTH_TOO_LONG);

-

1788

return 0;

never executed: return 0;

0

1789

}

-

1790

-

1791

rr->off = 0;

-

1792

/*-

-

1793

* So at this point the following is true

-

1794

* ssl->s3->rrec.type is the type of record

-

1795

* ssl->s3->rrec.length == number of bytes in record

-

1796

* ssl->s3->rrec.off == offset to first valid byte

-

1797

* ssl->s3->rrec.data == where to take bytes from, increment

-

1798

* after use :-).

-

1799

*/

-

1800

-

1801

/* we have pulled in a full packet so zero things */

-

1802

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1803

-

1804

/* Mark receipt of record. */

-

1805

dtls1_record_bitmap_update(s, bitmap);

-

1806

-

1807

return 1;

executed 3409 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3409

1808

}

-

1809

-

1810

/*

-

1811

* Retrieve a buffered record that belongs to the current epoch, i.e. processed

-

1812

*/

-

1813

#define dtls1_get_processed_record(s) \

-

1814

dtls1_retrieve_buffered_record((s), \

-

1815

&(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer)))

-

1816

-

1817

/*-

-

1818

* Call this to get a new input record.

-

1819

* It will return <= 0 if more data is needed, normally due to an error

-

1820

* or non-blocking IO.

-

1821

* When it finishes, one packet has been decoded and can be found in

-

1822

* ssl->s3->rrec.type - is the type of record

-

1823

* ssl->s3->rrec.data, - data

-

1824

* ssl->s3->rrec.length, - number of bytes

-

1825

*/

-

1826

/* used only by dtls1_read_bytes */

-

1827

int dtls1_get_record(SSL *s)

-

1828

{

-

1829

int ssl_major, ssl_minor;

-

1830

int rret;

-

1831

size_t more, n;

-

1832

SSL3_RECORD *rr;

-

1833

unsigned char *p = NULL;

-

1834

unsigned short version;

-

1835

DTLS1_BITMAP *bitmap;

-

1836

unsigned int is_next_epoch;

-

1837

-

1838

rr = RECORD_LAYER_get_rrec(&s->rlayer);

-

1839

-

1840

again:

code before this statement executed 4613 times by 1 test: again:

Executed by:

libssl.so.1.1

4613

1841

/*

-

1842

* The epoch may have changed. If so, process all the pending records.

-

1843

* This is a non-blocking operation.

-

1844

*/

-

1845

if (!dtls1_process_buffered_records(s)) {

!dtls1_process...red_records(s)	Description
TRUE	never evaluated
FALSE	evaluated 4705 times by 1 test Evaluated by: libssl.so.1.1

0-4705

1846

/* SSLfatal() already called */

-

1847

return -1;

never executed: return -1;

0

1848

}

-

1849

-

1850

/* if we're renegotiating, then there may be buffered records */

-

1851

if (dtls1_get_processed_record(s))

dtls1_retrieve...cessed_rcds)))	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4698 times by 1 test Evaluated by: libssl.so.1.1

7-4698

1852

return 1;

executed 7 times by 1 test: return 1;

Executed by:

libssl.so.1.1

7

1853

-

1854

/* get something from the wire */

-

1855

-

1856

/* check if we have the header */

-

1857

if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||

(((&s->rlayer)...tate) != 0xF1)	Description
TRUE	evaluated 4630 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 68 times by 1 test Evaluated by: libssl.so.1.1

68-4630

1858

(RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {

(((&s->rlayer)..._length) < 13)	Description
TRUE	evaluated 68 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-68

1859

rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,

-

1860

SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n);

-

1861

/* read timeout is handled by dtls1_read_bytes */

-

1862

if (rret <= 0) {

rret <= 0	Description
TRUE	evaluated 1204 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3494 times by 1 test Evaluated by: libssl.so.1.1

1204-3494

1863

/* SSLfatal() already called if appropriate */

-

1864

return rret; /* error or non-blocking */

executed 1204 times by 1 test: return rret;

Executed by:

libssl.so.1.1

1204

1865

}

-

1866

-

1867

/* this packet contained a partial record, dump it */

-

1868

if (RECORD_LAYER_get_packet_length(&s->rlayer) !=

((&s->rlayer)-..._length) != 13	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3490 times by 1 test Evaluated by: libssl.so.1.1

4-3490

1869

DTLS1_RT_HEADER_LENGTH) {

((&s->rlayer)-..._length) != 13	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3490 times by 1 test Evaluated by: libssl.so.1.1

4-3490

1870

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1871

goto again;

executed 4 times by 1 test: goto again;

Executed by:

libssl.so.1.1

4

1872

}

-

1873

-

1874

RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);

-

1875

-

1876

p = RECORD_LAYER_get_packet(&s->rlayer);

-

1877

-

1878

if (s->msg_callback)

s->msg_callback	Description
TRUE	never evaluated
FALSE	evaluated 3490 times by 1 test Evaluated by: libssl.so.1.1

0-3490

1879

s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,

never executed: s->msg_callback(0, 0, 0x100, p, 13, s, s->msg_callback_arg);

0

1880

s, s->msg_callback_arg);

never executed: s->msg_callback(0, 0, 0x100, p, 13, s, s->msg_callback_arg);

0

1881

-

1882

/* Pull apart the header into the DTLS1_RECORD */

-

1883

rr->type = *(p++);

-

1884

ssl_major = *(p++);

-

1885

ssl_minor = *(p++);

-

1886

version = (ssl_major << 8) | ssl_minor;

-

1887

-

1888

/* sequence number is 64 bits, with top 2 bytes = epoch */

-

1889

n2s(p, rr->epoch);

-

1890

-

1891

memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);

-

1892

p += 6;

-

1893

-

1894

n2s(p, rr->length);

-

1895

rr->read = 0;

-

1896

-

1897

/*

-

1898

* Lets check the version. We tolerate alerts that don't have the exact

-

1899

* version number (e.g. because of protocol version errors)

-

1900

*/

-

1901

if (!s->first_packet && rr->type != SSL3_RT_ALERT) {

!s->first_packet	Description
TRUE	evaluated 3091 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 399 times by 1 test Evaluated by: libssl.so.1.1

rr->type != 21	Description
TRUE	evaluated 2870 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 221 times by 1 test Evaluated by: libssl.so.1.1

221-3091

1902

if (version != s->version) {

version != s->version	Description
TRUE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2809 times by 1 test Evaluated by: libssl.so.1.1

61-2809

1903

/* unexpected version, silently discard */

-

1904

rr->length = 0;

-

1905

rr->read = 1;

-

1906

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1907

goto again;

executed 61 times by 1 test: goto again;

Executed by:

libssl.so.1.1

61

1908

}

-

1909

}

executed 2809 times by 1 test: end of block

Executed by:

libssl.so.1.1

2809

1910

-

1911

if ((version & 0xff00) != (s->version & 0xff00)) {

(version & 0xf...sion & 0xff00)	Description
TRUE	never evaluated
FALSE	evaluated 3429 times by 1 test Evaluated by: libssl.so.1.1

0-3429

1912

/* wrong version, silently discard record */

-

1913

rr->length = 0;

-

1914

rr->read = 1;

-

1915

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1916

goto again;

never executed: goto again;

0

1917

}

-

1918

-

1919

if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {

rr->length > (...(16384 +1024))	Description
TRUE	never evaluated
FALSE	evaluated 3429 times by 1 test Evaluated by: libssl.so.1.1

0-3429

1920

/* record too long, silently discard it */

-

1921

rr->length = 0;

-

1922

rr->read = 1;

-

1923

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1924

goto again;

never executed: goto again;

0

1925

}

-

1926

-

1927

/* If received packet overflows own-client Max Fragment Length setting */

-

1928

if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)

s->session != ((void *)0)	Description
TRUE	evaluated 3233 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 196 times by 1 test Evaluated by: libssl.so.1.1

((s->session->...en_mode) >= 1)	Description
TRUE	never evaluated
FALSE	evaluated 3233 times by 1 test Evaluated by: libssl.so.1.1

((s->session->...en_mode) <= 4)	Description
TRUE	never evaluated
FALSE	never evaluated

0-3233

1929

&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {

rr->length > (...len_mode - 1))	Description
TRUE	never evaluated
FALSE	never evaluated

0

1930

/* record too long, silently discard it */

-

1931

rr->length = 0;

-

1932

rr->read = 1;

-

1933

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1934

goto again;

never executed: goto again;

0

1935

}

-

1936

-

1937

/* now s->rlayer.rstate == SSL_ST_READ_BODY */

-

1938

}

executed 3429 times by 1 test: end of block

Executed by:

libssl.so.1.1

3429

1939

-

1940

/* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */

-

1941

-

1942

if (rr->length >

rr->length > (...t_length) - 13	Description
TRUE	evaluated 3429 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3429

1943

RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {

rr->length > (...t_length) - 13	Description
TRUE	evaluated 3429 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3429

1944

/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */

-

1945

more = rr->length;

-

1946

rret = ssl3_read_n(s, more, more, 1, 1, &n);

-

1947

/* this packet contained a partial record, dump it */

-

1948

if (rret <= 0 || n != more) {

rret <= 0	Description
TRUE	never evaluated
FALSE	evaluated 3429 times by 1 test Evaluated by: libssl.so.1.1

n != more	Description
TRUE	never evaluated
FALSE	evaluated 3429 times by 1 test Evaluated by: libssl.so.1.1

0-3429

1949

if (ossl_statem_in_error(s)) {

ossl_statem_in_error(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1950

/* ssl3_read_n() called SSLfatal() */

-

1951

return -1;

never executed: return -1;

0

1952

}

-

1953

rr->length = 0;

-

1954

rr->read = 1;

-

1955

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

1956

goto again;

never executed: goto again;

0

1957

}

-

1958

-

1959

/*

-

1960

* now n == rr->length, and s->packet_length ==

-

1961

* DTLS1_RT_HEADER_LENGTH + rr->length

-

1962

*/

-

1963

}

executed 3429 times by 1 test: end of block

Executed by:

libssl.so.1.1

3429

1964

/* set state for later operations */

-

1965

RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);

-

1966

-

1967

/* match epochs. NULL means the packet is dropped on the floor */

-

1968

bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);

-

1969

if (bitmap == NULL) {

bitmap == ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3418 times by 1 test Evaluated by: libssl.so.1.1

11-3418

1970

rr->length = 0;

-

1971

RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */

-

1972

goto again; /* get another record */

executed 11 times by 1 test: goto again;

Executed by:

libssl.so.1.1

11

1973

}

-

1974

#ifndef OPENSSL_NO_SCTP

-

1975

/* Only do replay check if no SCTP bio */

-

1976

if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {

-

1977

#endif

-

1978

/* Check whether this is a repeat, or aged record. */

-

1979

/*

-

1980

* TODO: Does it make sense to have replay protection in epoch 0 where

-

1981

* we have no integrity negotiated yet?

-

1982

*/

-

1983

if (!dtls1_record_replay_check(s, bitmap)) {

!dtls1_record_...eck(s, bitmap)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3411 times by 1 test Evaluated by: libssl.so.1.1

7-3411

1984

rr->length = 0;

-

1985

rr->read = 1;

-

1986

RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */

-

1987

goto again; /* get another record */

executed 7 times by 1 test: goto again;

Executed by:

libssl.so.1.1

7

1988

}

-

1989

#ifndef OPENSSL_NO_SCTP

-

1990

}

-

1991

#endif

-

1992

-

1993

/* just read a 0 length packet */

-

1994

if (rr->length == 0) {

rr->length == 0	Description
TRUE	never evaluated
FALSE	evaluated 3411 times by 1 test Evaluated by: libssl.so.1.1

0-3411

1995

rr->read = 1;

-

1996

goto again;

never executed: goto again;

0

1997

}

-

1998

-

1999

/*

-

2000

* If this record is from the next epoch (either HM or ALERT), and a

-

2001

* handshake is currently in progress, buffer it since it cannot be

-

2002

* processed at this time.

-

2003

*/

-

2004

if (is_next_epoch) {

is_next_epoch	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3402 times by 1 test Evaluated by: libssl.so.1.1

9-3402

2005

if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {

SSL_in_init(s)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

ossl_statem_ge...n_handshake(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0-9

2006

if (dtls1_buffer_record (s,

dtls1_buffer_r...->seq_num) < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

2007

&(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),

dtls1_buffer_r...->seq_num) < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

2008

rr->seq_num) < 0) {

dtls1_buffer_r...->seq_num) < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

2009

/* SSLfatal() already called */

-

2010

return -1;

never executed: return -1;

0

2011

}

-

2012

}

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

9

2013

rr->length = 0;

-

2014

rr->read = 1;

-

2015

RECORD_LAYER_reset_packet_length(&s->rlayer);

-

2016

goto again;

executed 9 times by 1 test: goto again;

Executed by:

libssl.so.1.1

9

2017

}

-

2018

-

2019

if (!dtls1_process_record(s, bitmap)) {

!dtls1_process...ord(s, bitmap)	Description
TRUE	never evaluated
FALSE	evaluated 3402 times by 1 test Evaluated by: libssl.so.1.1

0-3402

2020

if (ossl_statem_in_error(s)) {

ossl_statem_in_error(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0

2021

/* dtls1_process_record() called SSLfatal */

-

2022

return -1;

never executed: return -1;

0

2023

}

-

2024

rr->length = 0;

-

2025

rr->read = 1;

-

2026

RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */

-

2027

goto again; /* get another record */

never executed: goto again;

0

2028

}

-

2029

-

2030

return 1;

executed 3402 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3402

2031

-

2032

}

-