OpenCoverage

ssl_versions.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/ssl/ssl_versions.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ssl_versions.c,v 1.3 2017/05/06 20:37:25 jsing Exp $ */-
2/*-
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>-
4 *-
5 * Permission to use, copy, modify, and distribute this software for any-
6 * purpose with or without fee is hereby granted, provided that the above-
7 * copyright notice and this permission notice appear in all copies.-
8 *-
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES-
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF-
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR-
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES-
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN-
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF-
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.-
16 */-
17-
18#include "ssl_locl.h"-
19-
20static int-
21ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver,-
22 uint16_t clamp_min, uint16_t clamp_max)-
23{-
24 if (clamp_min > clamp_max || *min_ver > *max_ver)
clamp_min > clamp_maxDescription
TRUEnever evaluated
FALSEevaluated 414 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
*min_ver > *max_verDescription
TRUEevaluated 5 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 409 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
0-414
25 return 0;
executed 5 times by 1 test: return 0;
Executed by:
  • ssl_versions
5
26 if (clamp_max < *min_ver || clamp_min > *max_ver)
clamp_max < *min_verDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 408 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
clamp_min > *max_verDescription
TRUEnever evaluated
FALSEevaluated 408 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
0-408
27 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • ssl_versions
1
28-
29 if (*min_ver < clamp_min)
*min_ver < clamp_minDescription
TRUEevaluated 10 times by 2 tests
Evaluated by:
  • clienttest
  • ssl_versions
FALSEevaluated 398 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
10-398
30 *min_ver = clamp_min;
executed 10 times by 2 tests: *min_ver = clamp_min;
Executed by:
  • clienttest
  • ssl_versions
10
31 if (*max_ver > clamp_max)
*max_ver > clamp_maxDescription
TRUEevaluated 66 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • ssltest
FALSEevaluated 342 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
66-342
32 *max_ver = clamp_max;
executed 66 times by 3 tests: *max_ver = clamp_max;
Executed by:
  • clienttest
  • ssl_versions
  • ssltest
66
33-
34 return 1;
executed 408 times by 5 tests: return 1;
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
408
35}-
36-
37int-
38ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,-
39 uint16_t *out_ver)-
40{-
41 uint16_t min_version, max_version;-
42-
43 if (ver == 0) {
ver == 0Description
TRUEevaluated 18 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 17 times by 1 test
Evaluated by:
  • ssl_versions
17-18
44 *out_ver = meth->internal->min_version;-
45 return 1;
executed 18 times by 1 test: return 1;
Executed by:
  • ssl_versions
18
46 }-
47-
48 min_version = ver;-
49 max_version = max_ver;-
50-
51 if (!ssl_clamp_version_range(&min_version, &max_version,
!ssl_clamp_ver...->max_version)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 15 times by 1 test
Evaluated by:
  • ssl_versions
2-15
52 meth->internal->min_version, meth->internal->max_version))
!ssl_clamp_ver...->max_version)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 15 times by 1 test
Evaluated by:
  • ssl_versions
2-15
53 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • ssl_versions
2
54-
55 *out_ver = min_version;-
56 -
57 return 1;
executed 15 times by 1 test: return 1;
Executed by:
  • ssl_versions
15
58}-
59-
60int-
61ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,-
62 uint16_t *out_ver)-
63{-
64 uint16_t min_version, max_version;-
65-
66 if (ver == 0) {
ver == 0Description
TRUEevaluated 16 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 17 times by 1 test
Evaluated by:
  • ssl_versions
16-17
67 *out_ver = meth->internal->max_version;-
68 return 1;
executed 16 times by 1 test: return 1;
Executed by:
  • ssl_versions
16
69 }-
70-
71 min_version = min_ver;-
72 max_version = ver;-
73-
74 if (!ssl_clamp_version_range(&min_version, &max_version,
!ssl_clamp_ver...->max_version)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 14 times by 1 test
Evaluated by:
  • ssl_versions
3-14
75 meth->internal->min_version, meth->internal->max_version))
!ssl_clamp_ver...->max_version)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 14 times by 1 test
Evaluated by:
  • ssl_versions
3-14
76 return 0;
executed 3 times by 1 test: return 0;
Executed by:
  • ssl_versions
3
77-
78 *out_ver = max_version;-
79 -
80 return 1;
executed 14 times by 1 test: return 1;
Executed by:
  • ssl_versions
14
81}-
82-
83int-
84ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)-
85{-
86 uint16_t min_version, max_version;-
87-
88 /*-
89 * The enabled versions have to be a contiguous range, which means we-
90 * cannot enable and disable single versions at our whim, even though-
91 * this is what the OpenSSL flags allow. The historical way this has-
92 * been handled is by making a flag mean that all higher versions-
93 * are disabled, if any version lower than the flag is enabled.-
94 */-
95-
96 min_version = 0;-
97 max_version = TLS1_2_VERSION;-
98-
99 if ((s->internal->options & SSL_OP_NO_TLSv1) == 0)
(s->internal->...4000000L) == 0Description
TRUEevaluated 178 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
FALSEevaluated 21 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • tlstest
21-178
100 min_version = TLS1_VERSION;
executed 178 times by 4 tests: min_version = 0x0301;
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
178
101 else if ((s->internal->options & SSL_OP_NO_TLSv1_1) == 0)
(s->internal->...0000000L) == 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 17 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • tlstest
4-17
102 min_version = TLS1_1_VERSION;
executed 4 times by 1 test: min_version = 0x0302;
Executed by:
  • ssl_versions
4
103 else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0)
(s->internal->...8000000L) == 0Description
TRUEevaluated 15 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • tlstest
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
2-15
104 min_version = TLS1_2_VERSION;
executed 15 times by 3 tests: min_version = 0x0303;
Executed by:
  • clienttest
  • ssl_versions
  • tlstest
15
105-
106 if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION)
(s->internal->...& 0x08000000L)Description
TRUEevaluated 10 times by 2 tests
Evaluated by:
  • clienttest
  • ssl_versions
FALSEevaluated 189 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
min_version < 0x0303Description
TRUEevaluated 10 times by 2 tests
Evaluated by:
  • clienttest
  • ssl_versions
FALSEnever evaluated
0-189
107 max_version = TLS1_1_VERSION;
executed 10 times by 2 tests: max_version = 0x0302;
Executed by:
  • clienttest
  • ssl_versions
10
108 if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION)
(s->internal->...& 0x10000000L)Description
TRUEevaluated 23 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • tlstest
FALSEevaluated 176 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
min_version < 0x0302Description
TRUEevaluated 8 times by 2 tests
Evaluated by:
  • clienttest
  • ssl_versions
FALSEevaluated 15 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • tlstest
8-176
109 max_version = TLS1_VERSION;
executed 8 times by 2 tests: max_version = 0x0301;
Executed by:
  • clienttest
  • ssl_versions
8
110 if ((s->internal->options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION)
(s->internal->...& 0x04000000L)Description
TRUEevaluated 21 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • tlstest
FALSEevaluated 178 times by 4 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
min_version < 0x0301Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 19 times by 3 tests
Evaluated by:
  • clienttest
  • ssl_versions
  • tlstest
2-178
111 max_version = 0;
executed 2 times by 1 test: max_version = 0;
Executed by:
  • ssl_versions
2
112-
113 /* Everything has been disabled... */-
114 if (min_version == 0 || max_version == 0)
min_version == 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 197 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
max_version == 0Description
TRUEnever evaluated
FALSEevaluated 197 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
0-197
115 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • ssl_versions
2
116-
117 /* Limit to configured version range. */-
118 if (!ssl_clamp_version_range(&min_version, &max_version,
!ssl_clamp_ver...->max_version)Description
TRUEnever evaluated
FALSEevaluated 197 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
0-197
119 s->internal->min_version, s->internal->max_version))
!ssl_clamp_ver...->max_version)Description
TRUEnever evaluated
FALSEevaluated 197 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
0-197
120 return 0;
never executed: return 0;
0
121-
122 if (min_ver != NULL)
min_ver != ((void *)0)Description
TRUEevaluated 197 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
FALSEnever evaluated
0-197
123 *min_ver = min_version;
executed 197 times by 5 tests: *min_ver = min_version;
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
197
124 if (max_ver != NULL)
max_ver != ((void *)0)Description
TRUEevaluated 195 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
FALSEevaluated 2 times by 1 test
Evaluated by:
  • servertest
2-195
125 *max_ver = max_version;
executed 195 times by 5 tests: *max_ver = max_version;
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
195
126-
127 return 1;
executed 197 times by 5 tests: return 1;
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
197
128}-
129-
130int-
131ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)-
132{-
133 uint16_t min_version, max_version;-
134-
135 /* DTLS cannot currently be disabled... */-
136 if (SSL_IS_DTLS(s)) {
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 23 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
FALSEevaluated 184 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
23-184
137 min_version = max_version = DTLS1_VERSION;-
138 goto done;
executed 23 times by 2 tests: goto done;
Executed by:
  • clienttest
  • ssltest
23
139 }-
140-
141 if (!ssl_enabled_version_range(s, &min_version, &max_version))
!ssl_enabled_v... &max_version)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 183 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
1-183
142 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • ssl_versions
1
143-
144 /* Limit to the versions supported by this method. */-
145 if (!ssl_clamp_version_range(&min_version, &max_version,
!ssl_clamp_ver...->max_version)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 182 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
1-182
146 s->method->internal->min_version,
!ssl_clamp_ver...->max_version)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 182 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
1-182
147 s->method->internal->max_version))
!ssl_clamp_ver...->max_version)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 182 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
1-182
148 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • ssl_versions
1
149-
150 done:
code before this statement executed 182 times by 5 tests: done:
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
182
151 if (min_ver != NULL)
min_ver != ((void *)0)Description
TRUEevaluated 131 times by 4 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
FALSEevaluated 74 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlstest
74-131
152 *min_ver = min_version;
executed 131 times by 4 tests: *min_ver = min_version;
Executed by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
131
153 if (max_ver != NULL)
max_ver != ((void *)0)Description
TRUEevaluated 205 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
FALSEnever evaluated
0-205
154 *max_ver = max_version;
executed 205 times by 5 tests: *max_ver = max_version;
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
205
155-
156 return 1;
executed 205 times by 5 tests: return 1;
Executed by:
  • clienttest
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
205
157}-
158-
159int-
160ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)-
161{-
162 uint16_t min_version, max_version, shared_version;-
163-
164 *max_ver = 0;-
165-
166 if (SSL_IS_DTLS(s)) {
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 13 times by 2 tests
Evaluated by:
  • ssl_versions
  • ssltest
FALSEevaluated 72 times by 4 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
13-72
167 if (peer_ver >= DTLS1_VERSION) {
peer_ver >= 0xFEFFDescription
TRUEevaluated 12 times by 2 tests
Evaluated by:
  • ssl_versions
  • ssltest
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssl_versions
1-12
168 *max_ver = DTLS1_VERSION;-
169 return 1;
executed 12 times by 2 tests: return 1;
Executed by:
  • ssl_versions
  • ssltest
12
170 }-
171 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • ssl_versions
1
172 }-
173-
174 if (peer_ver >= TLS1_2_VERSION)
peer_ver >= 0x0303Description
TRUEevaluated 42 times by 4 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
30-42
175 shared_version = TLS1_2_VERSION;
executed 42 times by 4 tests: shared_version = 0x0303;
Executed by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
42
176 else if (peer_ver >= TLS1_1_VERSION)
peer_ver >= 0x0302Description
TRUEevaluated 5 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 25 times by 3 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
5-25
177 shared_version = TLS1_1_VERSION;
executed 5 times by 1 test: shared_version = 0x0302;
Executed by:
  • ssl_versions
5
178 else if (peer_ver >= TLS1_VERSION)
peer_ver >= 0x0301Description
TRUEevaluated 23 times by 3 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
2-23
179 shared_version = TLS1_VERSION;
executed 23 times by 3 tests: shared_version = 0x0301;
Executed by:
  • servertest
  • ssl_versions
  • ssltest
23
180 else-
181 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • ssl_versions
2
182-
183 if (!ssl_supported_version_range(s, &min_version, &max_version))
!ssl_supported... &max_version)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 68 times by 4 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
2-68
184 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • ssl_versions
2
185-
186 if (shared_version < min_version)
shared_version < min_versionDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 66 times by 4 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
2-66
187 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • ssl_versions
2
188-
189 if (shared_version > max_version)
shared_version > max_versionDescription
TRUEevaluated 5 times by 1 test
Evaluated by:
  • ssl_versions
FALSEevaluated 61 times by 4 tests
Evaluated by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
5-61
190 shared_version = max_version;
executed 5 times by 1 test: shared_version = max_version;
Executed by:
  • ssl_versions
5
191-
192 *max_ver = shared_version;-
193-
194 return 1;
executed 66 times by 4 tests: return 1;
Executed by:
  • servertest
  • ssl_versions
  • ssltest
  • tlstest
66
195}-
196-
197uint16_t-
198ssl_max_server_version(SSL *s)-
199{-
200 uint16_t max_version, min_version = 0;-
201-
202 if (SSL_IS_DTLS(s))
(s->method->in...ion == 0xFEFF)Description
TRUEnever evaluated
FALSEnever evaluated
0
203 return (DTLS1_VERSION);
never executed: return (0xFEFF);
0
204-
205 if (!ssl_enabled_version_range(s, &min_version, &max_version))
!ssl_enabled_v... &max_version)Description
TRUEnever evaluated
FALSEnever evaluated
0
206 return 0;
never executed: return 0;
0
207-
208 /*-
209 * Limit to the versions supported by this method. The SSL method-
210 * will be changed during version negotiation, as such we want to-
211 * use the SSL method from the context.-
212 */-
213 if (!ssl_clamp_version_range(&min_version, &max_version,
!ssl_clamp_ver...->max_version)Description
TRUEnever evaluated
FALSEnever evaluated
0
214 s->ctx->method->internal->min_version,
!ssl_clamp_ver...->max_version)Description
TRUEnever evaluated
FALSEnever evaluated
0
215 s->ctx->method->internal->max_version))
!ssl_clamp_ver...->max_version)Description
TRUEnever evaluated
FALSEnever evaluated
0
216 return 0;
never executed: return 0;
0
217-
218 return (max_version);
never executed: return (max_version);
0
219}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2