OpenCoverage

ssl_tlsext.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/ssl/ssl_tlsext.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ssl_tlsext.c,v 1.22 2018/05/12 17:27:22 jsing Exp $ */-
2/*-
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>-
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>-
5 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>-
6 *-
7 * Permission to use, copy, modify, and distribute this software for any-
8 * purpose with or without fee is hereby granted, provided that the above-
9 * copyright notice and this permission notice appear in all copies.-
10 *-
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES-
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF-
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR-
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES-
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN-
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF-
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.-
18 */-
19#include <openssl/ocsp.h>-
20-
21#include "ssl_locl.h"-
22-
23#include "bytestring.h"-
24#include "ssl_tlsext.h"-
25-
26/*-
27 * Supported Application-Layer Protocol Negotiation - RFC 7301-
28 */-
29-
30int-
31tlsext_alpn_clienthello_needs(SSL *s)-
32{-
33 /* ALPN protos have been specified and this is the initial handshake */-
34 return s->internal->alpn_client_proto_list != NULL &&
executed 80 times by 4 tests: return s->internal->alpn_client_proto_list != ((void *)0) && (s->s3->internal)->tmp.finish_md_len == 0;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
s->internal->a...!= ((void *)0)Description
TRUEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
FALSEevaluated 70 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
10-80
35 S3I(s)->tmp.finish_md_len == 0;
executed 80 times by 4 tests: return s->internal->alpn_client_proto_list != ((void *)0) && (s->s3->internal)->tmp.finish_md_len == 0;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
(s->s3->intern...sh_md_len == 0Description
TRUEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
FALSEnever evaluated
0-80
36}-
37-
38int-
39tlsext_alpn_clienthello_build(SSL *s, CBB *cbb)-
40{-
41 CBB protolist;-
42-
43 if (!CBB_add_u16_length_prefixed(cbb, &protolist))
!CBB_add_u16_l...b, &protolist)Description
TRUEnever evaluated
FALSEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-10
44 return 0;
never executed: return 0;
0
45-
46 if (!CBB_add_bytes(&protolist, s->internal->alpn_client_proto_list,
!CBB_add_bytes...roto_list_len)Description
TRUEnever evaluated
FALSEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-10
47 s->internal->alpn_client_proto_list_len))
!CBB_add_bytes...roto_list_len)Description
TRUEnever evaluated
FALSEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-10
48 return 0;
never executed: return 0;
0
49-
50 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-10
51 return 0;
never executed: return 0;
0
52-
53 return 1;
executed 10 times by 2 tests: return 1;
Executed by:
  • ssltest
  • tlsexttest
10
54}-
55-
56int-
57tlsext_alpn_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
58{-
59 CBS proto_name_list, alpn;-
60 const unsigned char *selected;-
61 unsigned char selected_len;-
62 int r;-
63-
64 if (!CBS_get_u16_length_prefixed(cbs, &alpn))
!CBS_get_u16_l...ed(cbs, &alpn)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 18 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
3-18
65 goto err;
executed 3 times by 1 test: goto err;
Executed by:
  • tls_ext_alpn
3
66 if (CBS_len(&alpn) < 2)
CBS_len(&alpn) < 2Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 17 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
1-17
67 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • tls_ext_alpn
1
68 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 16 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
1-16
69 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • tls_ext_alpn
1
70-
71 CBS_dup(&alpn, &proto_name_list);-
72 while (CBS_len(&proto_name_list) > 0) {
CBS_len(&proto_name_list) > 0Description
TRUEevaluated 29 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
FALSEevaluated 14 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
14-29
73 CBS proto_name;-
74-
75 if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name))
!CBS_get_u8_le..., &proto_name)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 27 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
2-27
76 goto err;
executed 2 times by 1 test: goto err;
Executed by:
  • tls_ext_alpn
2
77 if (CBS_len(&proto_name) == 0)
CBS_len(&proto_name) == 0Description
TRUEnever evaluated
FALSEevaluated 27 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
0-27
78 goto err;
never executed: goto err;
0
79 }
executed 27 times by 3 tests: end of block
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
27
80-
81 if (s->ctx->internal->alpn_select_cb == NULL)
s->ctx->intern...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 12 times by 2 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
2-12
82 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • tlsexttest
2
83-
84 r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len,-
85 CBS_data(&alpn), CBS_len(&alpn),-
86 s->ctx->internal->alpn_select_cb_arg);-
87 if (r == SSL_TLSEXT_ERR_OK) {
r == 0Description
TRUEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssltest
2-10
88 free(S3I(s)->alpn_selected);-
89 if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {
((s->s3->inter...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 10 times by 2 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
0-10
90 *alert = SSL_AD_INTERNAL_ERROR;-
91 return 0;
never executed: return 0;
0
92 }-
93 memcpy(S3I(s)->alpn_selected, selected, selected_len);-
94 S3I(s)->alpn_selected_len = selected_len;-
95 }
executed 10 times by 2 tests: end of block
Executed by:
  • ssltest
  • tls_ext_alpn
10
96-
97 return 1;
executed 12 times by 2 tests: return 1;
Executed by:
  • ssltest
  • tls_ext_alpn
12
98-
99 err:-
100 *alert = SSL_AD_DECODE_ERROR;-
101 return 0;
executed 7 times by 1 test: return 0;
Executed by:
  • tls_ext_alpn
7
102}-
103-
104int-
105tlsext_alpn_serverhello_needs(SSL *s)-
106{-
107 return S3I(s)->alpn_selected != NULL;
executed 70 times by 4 tests: return (s->s3->internal)->alpn_selected != ((void *)0) ;
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
70
108}-
109-
110int-
111tlsext_alpn_serverhello_build(SSL *s, CBB *cbb)-
112{-
113 CBB list, selected;-
114-
115 if (!CBB_add_u16_length_prefixed(cbb, &list))
!CBB_add_u16_l...ed(cbb, &list)Description
TRUEnever evaluated
FALSEevaluated 7 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-7
116 return 0;
never executed: return 0;
0
117-
118 if (!CBB_add_u8_length_prefixed(&list, &selected))
!CBB_add_u8_le...st, &selected)Description
TRUEnever evaluated
FALSEevaluated 7 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-7
119 return 0;
never executed: return 0;
0
120-
121 if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected,
!CBB_add_bytes..._selected_len)Description
TRUEnever evaluated
FALSEevaluated 7 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-7
122 S3I(s)->alpn_selected_len))
!CBB_add_bytes..._selected_len)Description
TRUEnever evaluated
FALSEevaluated 7 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-7
123 return 0;
never executed: return 0;
0
124-
125 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 7 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
0-7
126 return 0;
never executed: return 0;
0
127-
128 return 1;
executed 7 times by 2 tests: return 1;
Executed by:
  • ssltest
  • tlsexttest
7
129}-
130-
131int-
132tlsext_alpn_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
133{-
134 CBS list, proto;-
135-
136 if (s->internal->alpn_client_proto_list == NULL) {
s->internal->a...== ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 18 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
1-18
137 *alert = TLS1_AD_UNSUPPORTED_EXTENSION;-
138 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
139 }-
140-
141 if (!CBS_get_u16_length_prefixed(cbs, &list))
!CBS_get_u16_l...ed(cbs, &list)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 15 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
3-15
142 goto err;
executed 3 times by 1 test: goto err;
Executed by:
  • tls_ext_alpn
3
143 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 14 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
1-14
144 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • tls_ext_alpn
1
145-
146 if (!CBS_get_u8_length_prefixed(&list, &proto))
!CBS_get_u8_le...&list, &proto)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 13 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
1-13
147 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • tls_ext_alpn
1
148-
149 if (CBS_len(&list) != 0)
CBS_len(&list) != 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 9 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
4-9
150 goto err;
executed 4 times by 1 test: goto err;
Executed by:
  • tls_ext_alpn
4
151 if (CBS_len(&proto) == 0)
CBS_len(&proto) == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 8 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
1-8
152 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • tls_ext_alpn
1
153-
154 if (!CBS_stow(&proto, &(S3I(s)->alpn_selected),
!CBS_stow(&pro...selected_len))Description
TRUEnever evaluated
FALSEevaluated 8 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
0-8
155 &(S3I(s)->alpn_selected_len)))
!CBS_stow(&pro...selected_len))Description
TRUEnever evaluated
FALSEevaluated 8 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
0-8
156 goto err;
never executed: goto err;
0
157-
158 return 1;
executed 8 times by 3 tests: return 1;
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlsexttest
8
159-
160 err:-
161 *alert = TLS1_AD_DECODE_ERROR;-
162 return 0;
executed 10 times by 1 test: return 0;
Executed by:
  • tls_ext_alpn
10
163}-
164-
165/*-
166 * Supported Elliptic Curves - RFC 4492 section 5.1.1-
167 */-
168int-
169tlsext_ec_clienthello_needs(SSL *s)-
170{-
171 return ssl_has_ecc_ciphers(s);
executed 81 times by 4 tests: return ssl_has_ecc_ciphers(s);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
81
172}-
173-
174int-
175tlsext_ec_clienthello_build(SSL *s, CBB *cbb)-
176{-
177 CBB curvelist;-
178 size_t curves_len;-
179 int i;-
180 const uint16_t *curves;-
181-
182 tls1_get_curvelist(s, 0, &curves, &curves_len);-
183-
184 if (curves_len == 0) {
curves_len == 0Description
TRUEnever evaluated
FALSEevaluated 41 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-41
185 SSLerror(s, ERR_R_INTERNAL_ERROR);-
186 return 0;
never executed: return 0;
0
187 }-
188-
189 if (!CBB_add_u16_length_prefixed(cbb, &curvelist))
!CBB_add_u16_l...b, &curvelist)Description
TRUEnever evaluated
FALSEevaluated 41 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-41
190 return 0;
never executed: return 0;
0
191-
192 for (i = 0; i < curves_len; i++) {
i < curves_lenDescription
TRUEevaluated 122 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
FALSEevaluated 41 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
41-122
193 if (!CBB_add_u16(&curvelist, curves[i]))
!CBB_add_u16(&...st, curves[i])Description
TRUEnever evaluated
FALSEevaluated 122 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-122
194 return 0;
never executed: return 0;
0
195 }
executed 122 times by 4 tests: end of block
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
122
196-
197 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 41 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-41
198 return 0;
never executed: return 0;
0
199-
200 return 1;
executed 41 times by 4 tests: return 1;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
41
201}-
202-
203int-
204tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
205{-
206 CBS curvelist;-
207 size_t curves_len;-
208-
209 if (!CBS_get_u16_length_prefixed(cbs, &curvelist))
!CBS_get_u16_l...s, &curvelist)Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-30
210 goto err;
never executed: goto err;
0
211 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-30
212 goto err;
never executed: goto err;
0
213-
214 curves_len = CBS_len(&curvelist);-
215 if (curves_len == 0 || curves_len % 2 != 0)
curves_len == 0Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
curves_len % 2 != 0Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-30
216 goto err;
never executed: goto err;
0
217 curves_len /= 2;-
218-
219 if (!s->internal->hit) {
!s->internal->hitDescription
TRUEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
FALSEnever evaluated
0-30
220 int i;-
221 uint16_t *curves;-
222-
223 if (SSI(s)->tlsext_supportedgroups != NULL)
(s->session->i...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-30
224 goto err;
never executed: goto err;
0
225-
226 if ((curves = reallocarray(NULL, curves_len,
(curves = real...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-30
227 sizeof(uint16_t))) == NULL) {
(curves = real...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-30
228 *alert = TLS1_AD_INTERNAL_ERROR;-
229 return 0;
never executed: return 0;
0
230 }-
231-
232 for (i = 0; i < curves_len; i++) {
i < curves_lenDescription
TRUEevaluated 87 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
30-87
233 if (!CBS_get_u16(&curvelist, &curves[i])) {
!CBS_get_u16(&...t, &curves[i])Description
TRUEnever evaluated
FALSEevaluated 87 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-87
234 free(curves);-
235 goto err;
never executed: goto err;
0
236 }-
237 }
executed 87 times by 3 tests: end of block
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
87
238-
239 if (CBS_len(&curvelist) != 0) {
CBS_len(&curvelist) != 0Description
TRUEnever evaluated
FALSEevaluated 30 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-30
240 free(curves);-
241 goto err;
never executed: goto err;
0
242 }-
243-
244 SSI(s)->tlsext_supportedgroups = curves;-
245 SSI(s)->tlsext_supportedgroups_length = curves_len;-
246 }
executed 30 times by 3 tests: end of block
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
30
247-
248 return 1;
executed 30 times by 3 tests: return 1;
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
30
249-
250 err:-
251 *alert = TLS1_AD_DECODE_ERROR;-
252 return 0;
never executed: return 0;
0
253}-
254-
255/* This extension is never used by the server. */-
256int-
257tlsext_ec_serverhello_needs(SSL *s)-
258{-
259 return 0;
executed 69 times by 4 tests: return 0;
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
69
260}-
261-
262int-
263tlsext_ec_serverhello_build(SSL *s, CBB *cbb)-
264{-
265 return 0;
never executed: return 0;
0
266}-
267-
268int-
269tlsext_ec_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
270{-
271 /*-
272 * Servers should not send this extension per the RFC.-
273 *-
274 * However, certain F5 BIG-IP systems incorrectly send it. This bug is-
275 * from at least 2014 but as of 2017, there are still large sites with-
276 * this unpatched in production. As a result, we need to currently skip-
277 * over the extension and ignore its content:-
278 *-
279 * https://support.f5.com/csp/article/K37345003-
280 */-
281 if (!CBS_skip(cbs, CBS_len(cbs))) {
!CBS_skip(cbs, CBS_len(cbs))Description
TRUEnever evaluated
FALSEnever evaluated
0
282 *alert = TLS1_AD_INTERNAL_ERROR;-
283 return 0;
never executed: return 0;
0
284 }-
285-
286 return 1;
never executed: return 1;
0
287}-
288-
289/*-
290 * Supported Point Formats Extension - RFC 4492 section 5.1.2-
291 */-
292static int-
293tlsext_ecpf_build(SSL *s, CBB *cbb)-
294{-
295 CBB ecpf;-
296 size_t formats_len;-
297 const uint8_t *formats;-
298-
299 tls1_get_formatlist(s, 0, &formats, &formats_len);-
300-
301 if (formats_len == 0) {
formats_len == 0Description
TRUEnever evaluated
FALSEevaluated 72 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-72
302 SSLerror(s, ERR_R_INTERNAL_ERROR);-
303 return 0;
never executed: return 0;
0
304 }-
305-
306 if (!CBB_add_u8_length_prefixed(cbb, &ecpf))
!CBB_add_u8_le...ed(cbb, &ecpf)Description
TRUEnever evaluated
FALSEevaluated 72 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-72
307 return 0;
never executed: return 0;
0
308 if (!CBB_add_bytes(&ecpf, formats, formats_len))
!CBB_add_bytes..., formats_len)Description
TRUEnever evaluated
FALSEevaluated 72 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-72
309 return 0;
never executed: return 0;
0
310 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 72 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-72
311 return 0;
never executed: return 0;
0
312-
313 return 1;
executed 72 times by 4 tests: return 1;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
72
314}-
315-
316static int-
317tlsext_ecpf_parse(SSL *s, CBS *cbs, int *alert)-
318{-
319 CBS ecpf;-
320-
321 if (!CBS_get_u8_length_prefixed(cbs, &ecpf))
!CBS_get_u8_le...ed(cbs, &ecpf)Description
TRUEnever evaluated
FALSEevaluated 60 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-60
322 goto err;
never executed: goto err;
0
323 if (CBS_len(&ecpf) == 0)
CBS_len(&ecpf) == 0Description
TRUEnever evaluated
FALSEevaluated 60 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-60
324 goto err;
never executed: goto err;
0
325 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEnever evaluated
FALSEevaluated 60 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-60
326 goto err;
never executed: goto err;
0
327-
328 /* Must contain uncompressed (0) */-
329 if (!CBS_contains_zero_byte(&ecpf)) {
!CBS_contains_zero_byte(&ecpf)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 59 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
1-59
330 SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);-
331 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • tlsexttest
1
332 }-
333-
334 if (!s->internal->hit) {
!s->internal->hitDescription
TRUEevaluated 59 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
FALSEnever evaluated
0-59
335 if (!CBS_stow(&ecpf, &(SSI(s)->tlsext_ecpointformatlist),
!CBS_stow(&ecp...tlist_length))Description
TRUEnever evaluated
FALSEevaluated 59 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-59
336 &(SSI(s)->tlsext_ecpointformatlist_length))) {
!CBS_stow(&ecp...tlist_length))Description
TRUEnever evaluated
FALSEevaluated 59 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-59
337 *alert = TLS1_AD_INTERNAL_ERROR;-
338 return 0;
never executed: return 0;
0
339 }-
340 }
executed 59 times by 3 tests: end of block
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
59
341-
342 return 1;
executed 59 times by 3 tests: return 1;
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
59
343-
344 err:-
345 *alert = SSL_AD_DECODE_ERROR;-
346 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
347}-
348-
349int-
350tlsext_ecpf_clienthello_needs(SSL *s)-
351{-
352 return ssl_has_ecc_ciphers(s);
executed 80 times by 4 tests: return ssl_has_ecc_ciphers(s);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
80
353}-
354-
355int-
356tlsext_ecpf_clienthello_build(SSL *s, CBB *cbb)-
357{-
358 return tlsext_ecpf_build(s, cbb);
executed 41 times by 4 tests: return tlsext_ecpf_build(s, cbb);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
41
359}-
360-
361int-
362tlsext_ecpf_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
363{-
364 return tlsext_ecpf_parse(s, cbs, alert);
executed 30 times by 3 tests: return tlsext_ecpf_parse(s, cbs, alert);
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
30
365}-
366-
367int-
368tlsext_ecpf_serverhello_needs(SSL *s)-
369{-
370 if (s->version == DTLS1_VERSION)
s->version == 0xFEFFDescription
TRUEevaluated 11 times by 1 test
Evaluated by:
  • ssltest
FALSEevaluated 58 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
11-58
371 return 0;
executed 11 times by 1 test: return 0;
Executed by:
  • ssltest
11
372-
373 return ssl_using_ecc_cipher(s);
executed 58 times by 4 tests: return ssl_using_ecc_cipher(s);
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
58
374}-
375-
376int-
377tlsext_ecpf_serverhello_build(SSL *s, CBB *cbb)-
378{-
379 return tlsext_ecpf_build(s, cbb);
executed 31 times by 3 tests: return tlsext_ecpf_build(s, cbb);
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
31
380}-
381-
382int-
383tlsext_ecpf_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
384{-
385 return tlsext_ecpf_parse(s, cbs, alert);
executed 30 times by 3 tests: return tlsext_ecpf_parse(s, cbs, alert);
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
30
386}-
387-
388/*-
389 * Renegotiation Indication - RFC 5746.-
390 */-
391int-
392tlsext_ri_clienthello_needs(SSL *s)-
393{-
394 return (s->internal->renegotiate);
executed 78 times by 4 tests: return (s->internal->renegotiate);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
78
395}-
396-
397int-
398tlsext_ri_clienthello_build(SSL *s, CBB *cbb)-
399{-
400 CBB reneg;-
401-
402 if (!CBB_add_u8_length_prefixed(cbb, &reneg))
!CBB_add_u8_le...d(cbb, &reneg)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
403 return 0;
never executed: return 0;
0
404 if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,
!CBB_add_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
405 S3I(s)->previous_client_finished_len))
!CBB_add_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
406 return 0;
never executed: return 0;
0
407 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
408 return 0;
never executed: return 0;
0
409-
410 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • tlsexttest
1
411}-
412-
413int-
414tlsext_ri_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
415{-
416 CBS reneg;-
417-
418 if (!CBS_get_u8_length_prefixed(cbs, &reneg))
!CBS_get_u8_le...d(cbs, &reneg)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
419 goto err;
never executed: goto err;
0
420 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
421 goto err;
never executed: goto err;
0
422-
423 if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
!CBS_mem_equal..._finished_len)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
1
424 S3I(s)->previous_client_finished_len)) {
!CBS_mem_equal..._finished_len)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
1
425 SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);-
426 *alert = SSL_AD_HANDSHAKE_FAILURE;-
427 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
428 }-
429-
430 S3I(s)->renegotiate_seen = 1;-
431 S3I(s)->send_connection_binding = 1;-
432-
433 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • tlsexttest
1
434-
435 err:-
436 SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);-
437 *alert = SSL_AD_DECODE_ERROR;-
438 return 0;
never executed: return 0;
0
439}-
440-
441int-
442tlsext_ri_serverhello_needs(SSL *s)-
443{-
444 return (S3I(s)->send_connection_binding);
executed 69 times by 4 tests: return ((s->s3->internal)->send_connection_binding);
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
69
445}-
446-
447int-
448tlsext_ri_serverhello_build(SSL *s, CBB *cbb)-
449{-
450 CBB reneg;-
451-
452 if (!CBB_add_u8_length_prefixed(cbb, &reneg))
!CBB_add_u8_le...d(cbb, &reneg)Description
TRUEnever evaluated
FALSEevaluated 66 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-66
453 return 0;
never executed: return 0;
0
454 if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,
!CBB_add_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 66 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-66
455 S3I(s)->previous_client_finished_len))
!CBB_add_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 66 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-66
456 return 0;
never executed: return 0;
0
457 if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished,
!CBB_add_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 66 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-66
458 S3I(s)->previous_server_finished_len))
!CBB_add_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 66 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-66
459 return 0;
never executed: return 0;
0
460 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 66 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-66
461 return 0;
never executed: return 0;
0
462-
463 return 1;
executed 66 times by 4 tests: return 1;
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
66
464}-
465-
466int-
467tlsext_ri_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
468{-
469 CBS reneg, prev_client, prev_server;-
470-
471 /*-
472 * Ensure that the previous client and server values are both not-
473 * present, or that they are both present.-
474 */-
475 if ((S3I(s)->previous_client_finished_len == 0 &&
(s->s3->intern...ished_len == 0Description
TRUEevaluated 63 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
2-63
476 S3I(s)->previous_server_finished_len != 0) ||
(s->s3->intern...ished_len != 0Description
TRUEnever evaluated
FALSEevaluated 63 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
0-63
477 (S3I(s)->previous_client_finished_len != 0 &&
(s->s3->intern...ished_len != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 63 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
2-63
478 S3I(s)->previous_server_finished_len == 0)) {
(s->s3->intern...ished_len == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
479 *alert = TLS1_AD_INTERNAL_ERROR;-
480 return 0;
never executed: return 0;
0
481 }-
482-
483 if (!CBS_get_u8_length_prefixed(cbs, &reneg))
!CBS_get_u8_le...d(cbs, &reneg)Description
TRUEnever evaluated
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-65
484 goto err;
never executed: goto err;
0
485 if (!CBS_get_bytes(&reneg, &prev_client,
!CBS_get_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-65
486 S3I(s)->previous_client_finished_len))
!CBS_get_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-65
487 goto err;
never executed: goto err;
0
488 if (!CBS_get_bytes(&reneg, &prev_server,
!CBS_get_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-65
489 S3I(s)->previous_server_finished_len))
!CBS_get_bytes..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-65
490 goto err;
never executed: goto err;
0
491 if (CBS_len(&reneg) != 0)
CBS_len(&reneg) != 0Description
TRUEnever evaluated
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-65
492 goto err;
never executed: goto err;
0
493 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEnever evaluated
FALSEevaluated 65 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-65
494 goto err;
never executed: goto err;
0
495-
496 if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished,
!CBS_mem_equal..._finished_len)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 64 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
1-64
497 S3I(s)->previous_client_finished_len)) {
!CBS_mem_equal..._finished_len)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 64 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
1-64
498 SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);-
499 *alert = SSL_AD_HANDSHAKE_FAILURE;-
500 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
501 }-
502 if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished,
!CBS_mem_equal..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 64 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-64
503 S3I(s)->previous_server_finished_len)) {
!CBS_mem_equal..._finished_len)Description
TRUEnever evaluated
FALSEevaluated 64 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-64
504 SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);-
505 *alert = SSL_AD_HANDSHAKE_FAILURE;-
506 return 0;
never executed: return 0;
0
507 }-
508-
509 S3I(s)->renegotiate_seen = 1;-
510 S3I(s)->send_connection_binding = 1;-
511-
512 return 1;
executed 64 times by 3 tests: return 1;
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
64
513-
514 err:-
515 SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);-
516 *alert = SSL_AD_DECODE_ERROR;-
517 return 0;
never executed: return 0;
0
518}-
519-
520/*-
521 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.-
522 */-
523int-
524tlsext_sigalgs_clienthello_needs(SSL *s)-
525{-
526 return (TLS1_get_client_version(s) >= TLS1_2_VERSION);
executed 78 times by 4 tests: return (((s->client_version >> 8) == 0x03 ? s->client_version : 0) >= 0x0303);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
(s->client_ver... >> 8) == 0x03Description
TRUEevaluated 66 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
FALSEevaluated 12 times by 2 tests
Evaluated by:
  • clienttest
  • ssltest
12-78
527}-
528-
529int-
530tlsext_sigalgs_clienthello_build(SSL *s, CBB *cbb)-
531{-
532 unsigned char *sigalgs_data;-
533 size_t sigalgs_len;-
534 CBB sigalgs;-
535-
536 tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len);-
537-
538 if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
!CBB_add_u16_l...cbb, &sigalgs)Description
TRUEnever evaluated
FALSEevaluated 40 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-40
539 return 0;
never executed: return 0;
0
540 if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))
!CBB_add_bytes..., sigalgs_len)Description
TRUEnever evaluated
FALSEevaluated 40 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-40
541 return 0;
never executed: return 0;
0
542 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 40 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
0-40
543 return 0;
never executed: return 0;
0
544-
545 return 1;
executed 40 times by 4 tests: return 1;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
40
546}-
547-
548int-
549tlsext_sigalgs_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
550{-
551 CBS sigalgs;-
552-
553 if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
!CBS_get_u16_l...cbs, &sigalgs)Description
TRUEnever evaluated
FALSEevaluated 35 times by 3 tests
Evaluated by:
  • ssltest
  • tlsexttest
  • tlstest
0-35
554 return 0;
never executed: return 0;
0
555-
556 return tls1_process_sigalgs(s, &sigalgs);
executed 35 times by 3 tests: return tls1_process_sigalgs(s, &sigalgs);
Executed by:
  • ssltest
  • tlsexttest
  • tlstest
35
557}-
558-
559int-
560tlsext_sigalgs_serverhello_needs(SSL *s)-
561{-
562 return 0;
executed 68 times by 4 tests: return 0;
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
68
563}-
564-
565int-
566tlsext_sigalgs_serverhello_build(SSL *s, CBB *cbb)-
567{-
568 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
569}-
570-
571int-
572tlsext_sigalgs_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
573{-
574 /* As per the RFC, servers must not send this extension. */-
575 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
576}-
577-
578/*-
579 * Server Name Indication - RFC 6066, section 3.-
580 */-
581int-
582tlsext_sni_clienthello_needs(SSL *s)-
583{-
584 return (s->tlsext_hostname != NULL);
executed 78 times by 4 tests: return (s->tlsext_hostname != ((void *)0) );
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
78
585}-
586-
587int-
588tlsext_sni_clienthello_build(SSL *s, CBB *cbb)-
589{-
590 CBB server_name_list, host_name;-
591-
592 if (!CBB_add_u16_length_prefixed(cbb, &server_name_list))
!CBB_add_u16_l...ver_name_list)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
593 return 0;
never executed: return 0;
0
594 if (!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name))
!CBB_add_u8(&s..._name_list, 0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
595 return 0;
never executed: return 0;
0
596 if (!CBB_add_u16_length_prefixed(&server_name_list, &host_name))
!CBB_add_u16_l...t, &host_name)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
597 return 0;
never executed: return 0;
0
598 if (!CBB_add_bytes(&host_name, (const uint8_t *)s->tlsext_hostname,
!CBB_add_bytes...ext_hostname))Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
599 strlen(s->tlsext_hostname)))
!CBB_add_bytes...ext_hostname))Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
600 return 0;
never executed: return 0;
0
601 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
602 return 0;
never executed: return 0;
0
603-
604 return 1;
executed 5 times by 2 tests: return 1;
Executed by:
  • tlsexttest
  • tlstest
5
605}-
606-
607int-
608tlsext_sni_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
609{-
610 CBS server_name_list, host_name;-
611 uint8_t name_type;-
612-
613 if (!CBS_get_u16_length_prefixed(cbs, &server_name_list))
!CBS_get_u16_l...ver_name_list)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
614 goto err;
never executed: goto err;
0
615-
616 /*-
617 * RFC 6066 section 3 forbids multiple host names with the same type.-
618 * Additionally, only one type (host_name) is specified.-
619 */-
620 if (!CBS_get_u8(&server_name_list, &name_type))
!CBS_get_u8(&s...t, &name_type)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
621 goto err;
never executed: goto err;
0
622 if (name_type != TLSEXT_NAMETYPE_host_name)
name_type != 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
623 goto err;
never executed: goto err;
0
624-
625 if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name))
!CBS_get_u16_l...t, &host_name)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
626 goto err;
never executed: goto err;
0
627 if (CBS_len(&host_name) == 0 ||
CBS_len(&host_name) == 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
628 CBS_len(&host_name) > TLSEXT_MAXLEN_host_name ||
CBS_len(&host_name) > 255Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
629 CBS_contains_zero_byte(&host_name)) {
CBS_contains_z...te(&host_name)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-6
630 *alert = TLS1_AD_UNRECOGNIZED_NAME;-
631 return 0;
never executed: return 0;
0
632 }-
633-
634 if (s->internal->hit) {
s->internal->hitDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
1-5
635 if (s->session->tlsext_hostname == NULL) {
s->session->tl...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
636 *alert = TLS1_AD_UNRECOGNIZED_NAME;-
637 return 0;
never executed: return 0;
0
638 }-
639 if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname,
!CBS_mem_equal...ext_hostname))Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEnever evaluated
0-1
640 strlen(s->session->tlsext_hostname))) {
!CBS_mem_equal...ext_hostname))Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEnever evaluated
0-1
641 *alert = TLS1_AD_UNRECOGNIZED_NAME;-
642 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
643 }-
644 } else {
never executed: end of block
0
645 if (s->session->tlsext_hostname != NULL)
s->session->tl...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
646 goto err;
never executed: goto err;
0
647 if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) {
!CBS_strdup(&h...sext_hostname)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
648 *alert = TLS1_AD_INTERNAL_ERROR;-
649 return 0;
never executed: return 0;
0
650 }-
651 }
executed 5 times by 2 tests: end of block
Executed by:
  • tlsexttest
  • tlstest
5
652-
653 if (CBS_len(&server_name_list) != 0)
CBS_len(&serve...ame_list) != 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
654 goto err;
never executed: goto err;
0
655 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
656 goto err;
never executed: goto err;
0
657-
658 return 1;
executed 5 times by 2 tests: return 1;
Executed by:
  • tlsexttest
  • tlstest
5
659-
660 err:-
661 *alert = SSL_AD_DECODE_ERROR;-
662 return 0;
never executed: return 0;
0
663}-
664-
665int-
666tlsext_sni_serverhello_needs(SSL *s)-
667{-
668 return (s->session->tlsext_hostname != NULL);
executed 69 times by 4 tests: return (s->session->tlsext_hostname != ((void *)0) );
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
69
669}-
670-
671int-
672tlsext_sni_serverhello_build(SSL *s, CBB *cbb)-
673{-
674 return 1;
executed 5 times by 2 tests: return 1;
Executed by:
  • tlsexttest
  • tlstest
5
675}-
676-
677int-
678tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
679{-
680 if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {
s->tlsext_host...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
CBS_len(cbs) != 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
681 *alert = TLS1_AD_UNRECOGNIZED_NAME;-
682 return 0;
never executed: return 0;
0
683 }-
684-
685 if (s->internal->hit) {
s->internal->hitDescription
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
686 if (s->session->tlsext_hostname == NULL) {
s->session->tl...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
687 *alert = TLS1_AD_UNRECOGNIZED_NAME;-
688 return 0;
never executed: return 0;
0
689 }-
690 if (strcmp(s->tlsext_hostname,
never executed: __result = (((const unsigned char *) (const char *) ( s->tlsext_hostname ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( s->session->tlsext_hostname ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
691 s->session->tlsext_hostname) != 0) {
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
692 *alert = TLS1_AD_UNRECOGNIZED_NAME;-
693 return 0;
never executed: return 0;
0
694 }-
695 } else {
never executed: end of block
0
696 if (s->session->tlsext_hostname != NULL) {
s->session->tl...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
697 *alert = SSL_AD_DECODE_ERROR;-
698 return 0;
never executed: return 0;
0
699 }-
700 if ((s->session->tlsext_hostname =
(s->session->t...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
701 strdup(s->tlsext_hostname)) == NULL) {
never executed: __retval = (char *) memcpy (__retval, s->tlsext_hostname , __len);
(s->session->t...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...ext_hostname )Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
((size_t)(cons...stname ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0-5
702 *alert = TLS1_AD_INTERNAL_ERROR;-
703 return 0;
never executed: return 0;
0
704 }-
705 }
executed 5 times by 2 tests: end of block
Executed by:
  • tlsexttest
  • tlstest
5
706-
707 return 1;
executed 5 times by 2 tests: return 1;
Executed by:
  • tlsexttest
  • tlstest
5
708}-
709-
710-
711/*-
712 *Certificate Status Request - RFC 6066 section 8.-
713 */-
714-
715int-
716tlsext_ocsp_clienthello_needs(SSL *s)-
717{-
718 return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
executed 78 times by 4 tests: return (s->tlsext_status_type == 1 && s->version != 0xFEFF);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
s->tlsext_status_type == 1Description
TRUEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
FALSEevaluated 73 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
5-78
719 s->version != DTLS1_VERSION);
executed 78 times by 4 tests: return (s->tlsext_status_type == 1 && s->version != 0xFEFF);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
s->version != 0xFEFFDescription
TRUEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
FALSEnever evaluated
0-78
720}-
721-
722int-
723tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb)-
724{-
725 CBB respid_list, respid, exts;-
726 unsigned char *ext_data;-
727 size_t ext_len;-
728 int i;-
729-
730 if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
!CBB_add_u8(cbb, 1)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
731 return 0;
never executed: return 0;
0
732 if (!CBB_add_u16_length_prefixed(cbb, &respid_list))
!CBB_add_u16_l... &respid_list)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
733 return 0;
never executed: return 0;
0
734 for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
i < sk_num(((_...P_RESPID*)0)))Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
735 unsigned char *respid_data;-
736 OCSP_RESPID *id;-
737 size_t id_len;-
738-
739 if ((id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids,
(id = ((OCSP_R...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
740 i)) == NULL)
(id = ((OCSP_R...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
741 return 0;
never executed: return 0;
0
742 if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1)
(id_len = i2d_... *)0) )) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
743 return 0;
never executed: return 0;
0
744 if (!CBB_add_u16_length_prefixed(&respid_list, &respid))
!CBB_add_u16_l...list, &respid)Description
TRUEnever evaluated
FALSEnever evaluated
0
745 return 0;
never executed: return 0;
0
746 if (!CBB_add_space(&respid, &respid_data, id_len))
!CBB_add_space..._data, id_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
747 return 0;
never executed: return 0;
0
748 if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len)
(i2d_OCSP_RESP...ta)) != id_lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
749 return 0;
never executed: return 0;
0
750 }
never executed: end of block
0
751 if (!CBB_add_u16_length_prefixed(cbb, &exts))
!CBB_add_u16_l...ed(cbb, &exts)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
752 return 0;
never executed: return 0;
0
753 if ((ext_len = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts,
(ext_len = i2d... *)0) )) == -1Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
754 NULL)) == -1)
(ext_len = i2d... *)0) )) == -1Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
755 return 0;
never executed: return 0;
0
756 if (!CBB_add_space(&exts, &ext_data, ext_len))
!CBB_add_space...data, ext_len)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
757 return 0;
never executed: return 0;
0
758 if ((i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ext_data) !=
(i2d_X509_EXTE...a) != ext_len)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
759 ext_len))
(i2d_X509_EXTE...a) != ext_len)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
760 return 0;
never executed: return 0;
0
761 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
762 return 0;
never executed: return 0;
0
763 return 1;
executed 5 times by 2 tests: return 1;
Executed by:
  • tlsexttest
  • tlstest
5
764}-
765-
766int-
767tlsext_ocsp_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
768{-
769 int failure = SSL_AD_DECODE_ERROR;-
770 CBS respid_list, respid, exts;-
771 const unsigned char *p;-
772 uint8_t status_type;-
773 int ret = 0;-
774-
775 if (!CBS_get_u8(cbs, &status_type))
!CBS_get_u8(cbs, &status_type)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
776 goto err;
never executed: goto err;
0
777 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
status_type != 1Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
778 /* ignore unknown status types */-
779 s->tlsext_status_type = -1;-
780-
781 if (!CBS_skip(cbs, CBS_len(cbs))) {
!CBS_skip(cbs, CBS_len(cbs))Description
TRUEnever evaluated
FALSEnever evaluated
0
782 *alert = TLS1_AD_INTERNAL_ERROR;-
783 return 0;
never executed: return 0;
0
784 }-
785 return 1;
never executed: return 1;
0
786 }-
787 s->tlsext_status_type = status_type;-
788 if (!CBS_get_u16_length_prefixed(cbs, &respid_list))
!CBS_get_u16_l... &respid_list)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
789 goto err;
never executed: goto err;
0
790-
791 /* XXX */-
792 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);-
793 s->internal->tlsext_ocsp_ids = NULL;-
794 if (CBS_len(&respid_list) > 0) {
CBS_len(&respid_list) > 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
795 s->internal->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();-
796 if (s->internal->tlsext_ocsp_ids == NULL) {
s->internal->t...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
797 failure = SSL_AD_INTERNAL_ERROR;-
798 goto err;
never executed: goto err;
0
799 }-
800 }
never executed: end of block
0
801-
802 while (CBS_len(&respid_list) > 0) {
CBS_len(&respid_list) > 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
803 OCSP_RESPID *id;-
804-
805 if (!CBS_get_u16_length_prefixed(&respid_list, &respid))
!CBS_get_u16_l...list, &respid)Description
TRUEnever evaluated
FALSEnever evaluated
0
806 goto err;
never executed: goto err;
0
807 p = CBS_data(&respid);-
808 if ((id = d2i_OCSP_RESPID(NULL, &p, CBS_len(&respid))) == NULL)
(id = d2i_OCSP...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
809 goto err;
never executed: goto err;
0
810 if (!sk_OCSP_RESPID_push(s->internal->tlsext_ocsp_ids, id)) {
!sk_push(((_ST...P_RESPID*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
811 failure = SSL_AD_INTERNAL_ERROR;-
812 OCSP_RESPID_free(id);-
813 goto err;
never executed: goto err;
0
814 }-
815 }
never executed: end of block
0
816-
817 /* Read in request_extensions */-
818 if (!CBS_get_u16_length_prefixed(cbs, &exts))
!CBS_get_u16_l...ed(cbs, &exts)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
819 goto err;
never executed: goto err;
0
820 if (CBS_len(&exts) > 0) {
CBS_len(&exts) > 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
821 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,-
822 X509_EXTENSION_free);-
823 p = CBS_data(&exts);-
824 if ((s->internal->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL,
(s->internal->...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
825 &p, CBS_len(&exts))) == NULL)
(s->internal->...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
826 goto err;
never executed: goto err;
0
827 }
never executed: end of block
0
828-
829 /* should be nothing left */-
830 if (CBS_len(cbs) > 0)
CBS_len(cbs) > 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
831 goto err;
never executed: goto err;
0
832-
833 ret = 1;-
834 err:
code before this statement executed 5 times by 2 tests: err:
Executed by:
  • tlsexttest
  • tlstest
5
835 if (ret == 0)
ret == 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
0-5
836 *alert = failure;
never executed: *alert = failure;
0
837 return ret;
executed 5 times by 2 tests: return ret;
Executed by:
  • tlsexttest
  • tlstest
5
838}-
839-
840int-
841tlsext_ocsp_serverhello_needs(SSL *s)-
842{-
843 return s->internal->tlsext_status_expected;
executed 69 times by 4 tests: return s->internal->tlsext_status_expected;
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
69
844}-
845-
846int-
847tlsext_ocsp_serverhello_build(SSL *s, CBB *cbb)-
848{-
849 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • tlsexttest
2
850}-
851-
852int-
853tlsext_ocsp_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
854{-
855 if (s->tlsext_status_type == -1) {
s->tlsext_status_type == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
856 *alert = TLS1_AD_UNSUPPORTED_EXTENSION;-
857 return 0;
never executed: return 0;
0
858 }-
859 /* Set flag to expect CertificateStatus message */-
860 s->internal->tlsext_status_expected = 1;-
861 return 1;
never executed: return 1;
0
862}-
863-
864/*-
865 * SessionTicket extension - RFC 5077 section 3.2-
866 */-
867int-
868tlsext_sessionticket_clienthello_needs(SSL *s)-
869{-
870 /*-
871 * Send session ticket extension when enabled and not overridden.-
872 *-
873 * When renegotiating, send an empty session ticket to indicate support.-
874 */-
875 if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0)
(SSL_ctrl((s),...0004000L) != 0Description
TRUEevaluated 6 times by 2 tests
Evaluated by:
  • tlsexttest
  • tlstest
FALSEevaluated 78 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
6-78
876 return 0;
executed 6 times by 2 tests: return 0;
Executed by:
  • tlsexttest
  • tlstest
6
877-
878 if (s->internal->new_session)
s->internal->new_sessionDescription
TRUEnever evaluated
FALSEevaluated 78 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
0-78
879 return 1;
never executed: return 1;
0
880-
881 if (s->internal->tlsext_session_ticket != NULL &&
s->internal->t...!= ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 76 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
2-76
882 s->internal->tlsext_session_ticket->data == NULL)
s->internal->t...== ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
1
883 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • tlsexttest
1
884-
885 return 1;
executed 77 times by 3 tests: return 1;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
77
886}-
887-
888int-
889tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb)-
890{-
891 /*-
892 * Signal that we support session tickets by sending an empty-
893 * extension when renegotiating or no session found.-
894 */-
895 if (s->internal->new_session || s->session == NULL)
s->internal->new_sessionDescription
TRUEnever evaluated
FALSEevaluated 75 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
s->session == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 73 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
0-75
896 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • tlsexttest
2
897-
898 if (s->session->tlsext_tick != NULL) {
s->session->tl...!= ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 72 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
1-72
899 /* Attempt to resume with an existing session ticket */-
900 if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
!CBB_add_bytes...lsext_ticklen)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
901 s->session->tlsext_ticklen))
!CBB_add_bytes...lsext_ticklen)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
902 return 0;
never executed: return 0;
0
903-
904 } else if (s->internal->tlsext_session_ticket != NULL) {
executed 1 time by 1 test: end of block
Executed by:
  • tlsexttest
s->internal->t...!= ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 71 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
1-71
905 /*-
906 * Attempt to resume with a custom provided session ticket set-
907 * by SSL_set_session_ticket_ext().-
908 */-
909 if (s->internal->tlsext_session_ticket->length > 0) {
s->internal->t...et->length > 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEnever evaluated
0-1
910 size_t ticklen = s->internal->tlsext_session_ticket->length;-
911-
912 if ((s->session->tlsext_tick = malloc(ticklen)) == NULL)
(s->session->t...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
913 return 0;
never executed: return 0;
0
914 memcpy(s->session->tlsext_tick,-
915 s->internal->tlsext_session_ticket->data,-
916 ticklen);-
917 s->session->tlsext_ticklen = ticklen;-
918-
919 if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
!CBB_add_bytes...lsext_ticklen)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
920 s->session->tlsext_ticklen))
!CBB_add_bytes...lsext_ticklen)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
921 return 0;
never executed: return 0;
0
922 }
executed 1 time by 1 test: end of block
Executed by:
  • tlsexttest
1
923 }
executed 1 time by 1 test: end of block
Executed by:
  • tlsexttest
1
924-
925 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 73 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
0-73
926 return 0;
never executed: return 0;
0
927-
928 return 1;
executed 73 times by 3 tests: return 1;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
73
929}-
930-
931int-
932tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
933{-
934 if (s->internal->tls_session_ticket_ext_cb) {
s->internal->t..._ticket_ext_cbDescription
TRUEnever evaluated
FALSEevaluated 59 times by 1 test
Evaluated by:
  • ssltest
0-59
935 if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
!s->internal->...et_ext_cb_arg)Description
TRUEnever evaluated
FALSEnever evaluated
0
936 (int)CBS_len(cbs),
!s->internal->...et_ext_cb_arg)Description
TRUEnever evaluated
FALSEnever evaluated
0
937 s->internal->tls_session_ticket_ext_cb_arg)) {
!s->internal->...et_ext_cb_arg)Description
TRUEnever evaluated
FALSEnever evaluated
0
938 *alert = TLS1_AD_INTERNAL_ERROR;-
939 return 0;
never executed: return 0;
0
940 }-
941 }
never executed: end of block
0
942-
943 /* We need to signal that this was processed fully */-
944 if (!CBS_skip(cbs, CBS_len(cbs))) {
!CBS_skip(cbs, CBS_len(cbs))Description
TRUEnever evaluated
FALSEevaluated 59 times by 1 test
Evaluated by:
  • ssltest
0-59
945 *alert = TLS1_AD_INTERNAL_ERROR;-
946 return 0;
never executed: return 0;
0
947 }-
948-
949 return 1;
executed 59 times by 1 test: return 1;
Executed by:
  • ssltest
59
950}-
951-
952int-
953tlsext_sessionticket_serverhello_needs(SSL *s)-
954{-
955 return (s->internal->tlsext_ticket_expected &&
executed 71 times by 4 tests: return (s->internal->tlsext_ticket_expected && !(SSL_ctrl((s),32,0, ((void *)0) ) & 0x00004000L));
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
s->internal->t...icket_expectedDescription
TRUEevaluated 61 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
FALSEevaluated 10 times by 3 tests
Evaluated by:
  • servertest
  • tlsexttest
  • tlstest
10-71
956 !(SSL_get_options(s) & SSL_OP_NO_TICKET));
executed 71 times by 4 tests: return (s->internal->tlsext_ticket_expected && !(SSL_ctrl((s),32,0, ((void *)0) ) & 0x00004000L));
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
!(SSL_ctrl((s)...& 0x00004000L)Description
TRUEevaluated 61 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
FALSEnever evaluated
0-71
957}-
958-
959int-
960tlsext_sessionticket_serverhello_build(SSL *s, CBB *cbb)-
961{-
962 /* Empty ticket */-
963-
964 return 1;
executed 61 times by 2 tests: return 1;
Executed by:
  • ssltest
  • tlsexttest
61
965}-
966-
967int-
968tlsext_sessionticket_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
969{-
970 if (s->internal->tls_session_ticket_ext_cb) {
s->internal->t..._ticket_ext_cbDescription
TRUEnever evaluated
FALSEevaluated 59 times by 1 test
Evaluated by:
  • ssltest
0-59
971 if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
!s->internal->...et_ext_cb_arg)Description
TRUEnever evaluated
FALSEnever evaluated
0
972 (int)CBS_len(cbs),
!s->internal->...et_ext_cb_arg)Description
TRUEnever evaluated
FALSEnever evaluated
0
973 s->internal->tls_session_ticket_ext_cb_arg)) {
!s->internal->...et_ext_cb_arg)Description
TRUEnever evaluated
FALSEnever evaluated
0
974 *alert = TLS1_AD_INTERNAL_ERROR;-
975 return 0;
never executed: return 0;
0
976 }-
977 }
never executed: end of block
0
978-
979 if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 || CBS_len(cbs) > 0) {
(SSL_ctrl((s),...0004000L) != 0Description
TRUEnever evaluated
FALSEevaluated 59 times by 1 test
Evaluated by:
  • ssltest
CBS_len(cbs) > 0Description
TRUEnever evaluated
FALSEevaluated 59 times by 1 test
Evaluated by:
  • ssltest
0-59
980 *alert = TLS1_AD_UNSUPPORTED_EXTENSION;-
981 return 0;
never executed: return 0;
0
982 }-
983-
984 s->internal->tlsext_ticket_expected = 1;-
985-
986 return 1;
executed 59 times by 1 test: return 1;
Executed by:
  • ssltest
59
987}-
988-
989/*-
990 * DTLS extension for SRTP key establishment - RFC 5764-
991 */-
992-
993#ifndef OPENSSL_NO_SRTP-
994-
995int-
996tlsext_srtp_clienthello_needs(SSL *s)-
997{-
998 return SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) != NULL;
executed 79 times by 4 tests: return (s->method->internal->version == 0xFEFF) && SSL_get_srtp_profiles(s) != ((void *)0) ;
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 15 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
FALSEevaluated 64 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
SSL_get_srtp_p...!= ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 13 times by 3 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
2-79
999}-
1000-
1001int-
1002tlsext_srtp_clienthello_build(SSL *s, CBB *cbb)-
1003{-
1004 CBB profiles, mki;-
1005 int ct, i;-
1006 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL;-
1007 SRTP_PROTECTION_PROFILE *prof;-
1008-
1009 if ((clnt = SSL_get_srtp_profiles(s)) == NULL) {
(clnt = SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
1010 SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);-
1011 return 0;
never executed: return 0;
0
1012 }-
1013-
1014 if ((ct = sk_SRTP_PROTECTION_PROFILE_num(clnt)) < 1) {
(ct = sk_num((...ILE*)0)))) < 1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
1015 SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);-
1016 return 0;
never executed: return 0;
0
1017 }-
1018-
1019 if (!CBB_add_u16_length_prefixed(cbb, &profiles))
!CBB_add_u16_l...bb, &profiles)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
1020 return 0;
never executed: return 0;
0
1021-
1022 for (i = 0; i < ct; i++) {
i < ctDescription
TRUEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
2-3
1023 if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) == NULL)
(prof = ((SRTP...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
0-3
1024 return 0;
never executed: return 0;
0
1025 if (!CBB_add_u16(&profiles, prof->id))
!CBB_add_u16(&...les, prof->id)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
0-3
1026 return 0;
never executed: return 0;
0
1027 }
executed 3 times by 1 test: end of block
Executed by:
  • tlsexttest
3
1028-
1029 if (!CBB_add_u8_length_prefixed(cbb, &mki))
!CBB_add_u8_le...xed(cbb, &mki)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
1030 return 0;
never executed: return 0;
0
1031-
1032 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
1033 return 0;
never executed: return 0;
0
1034-
1035 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • tlsexttest
2
1036}-
1037-
1038int-
1039tlsext_srtp_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
1040{-
1041 SRTP_PROTECTION_PROFILE *cprof, *sprof;-
1042 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr;-
1043 int i, j;-
1044 int ret;-
1045 uint16_t id;-
1046 CBS profiles, mki;-
1047-
1048 ret = 0;-
1049-
1050 if (!CBS_get_u16_length_prefixed(cbs, &profiles))
!CBS_get_u16_l...bs, &profiles)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1051 goto err;
never executed: goto err;
0
1052 if (CBS_len(&profiles) == 0 || CBS_len(&profiles) % 2 != 0)
CBS_len(&profiles) == 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
CBS_len(&profiles) % 2 != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1053 goto err;
never executed: goto err;
0
1054-
1055 if ((clnt = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL)
(clnt = ((stru...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1056 goto err;
never executed: goto err;
0
1057-
1058 while (CBS_len(&profiles) > 0) {
CBS_len(&profiles) > 0Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
4-7
1059 if (!CBS_get_u16(&profiles, &id))
!CBS_get_u16(&profiles, &id)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • tlsexttest
0-7
1060 goto err;
never executed: goto err;
0
1061-
1062 if (!srtp_find_profile_by_num(id, &cprof)) {
!srtp_find_pro...um(id, &cprof)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
3-4
1063 if (!sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof))
!sk_push(((_ST..._PROFILE*)0)))Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1064 goto err;
never executed: goto err;
0
1065 }
executed 4 times by 1 test: end of block
Executed by:
  • tlsexttest
4
1066 }
executed 7 times by 1 test: end of block
Executed by:
  • tlsexttest
7
1067-
1068 if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) {
!CBS_get_u8_le...xed(cbs, &mki)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
CBS_len(&mki) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1069 SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);-
1070 *alert = SSL_AD_DECODE_ERROR;-
1071 goto done;
never executed: goto done;
0
1072 }-
1073 if (CBS_len(cbs) != 0)
CBS_len(cbs) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1074 goto err;
never executed: goto err;
0
1075-
1076 /*-
1077 * Per RFC 5764 section 4.1.1-
1078 *-
1079 * Find the server preferred profile using the client's list.-
1080 *-
1081 * The server MUST send a profile if it sends the use_srtp-
1082 * extension. If one is not found, it should fall back to the-
1083 * negotiated DTLS cipher suite or return a DTLS alert.-
1084 */-
1085 if ((srvr = SSL_get_srtp_profiles(s)) == NULL)
(srvr = SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1086 goto err;
never executed: goto err;
0
1087 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
i < sk_num(((_..._PROFILE*)0)))Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
1-6
1088 if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i))
(sprof = ((SRT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • tlsexttest
0-6
1089 == NULL)
(sprof = ((SRT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • tlsexttest
0-6
1090 goto err;
never executed: goto err;
0
1091-
1092 for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
j < sk_num(((_..._PROFILE*)0)))Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
3-4
1093 if ((cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j))
(cprof = ((SRT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1094 == NULL)
(cprof = ((SRT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
0-4
1095 goto err;
never executed: goto err;
0
1096-
1097 if (cprof->id == sprof->id) {
cprof->id == sprof->idDescription
TRUEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
1-3
1098 s->internal->srtp_profile = sprof;-
1099 ret = 1;-
1100 goto done;
executed 3 times by 1 test: goto done;
Executed by:
  • tlsexttest
3
1101 }-
1102 }
executed 1 time by 1 test: end of block
Executed by:
  • tlsexttest
1
1103 }
executed 3 times by 1 test: end of block
Executed by:
  • tlsexttest
3
1104-
1105 /* If we didn't find anything, fall back to the negotiated */-
1106 ret = 1;-
1107 goto done;
executed 1 time by 1 test: goto done;
Executed by:
  • tlsexttest
1
1108-
1109 err:-
1110 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);-
1111 *alert = SSL_AD_DECODE_ERROR;-
1112-
1113 done:
code before this statement never executed: done:
0
1114 sk_SRTP_PROTECTION_PROFILE_free(clnt);-
1115 return ret;
executed 4 times by 1 test: return ret;
Executed by:
  • tlsexttest
4
1116}-
1117-
1118int-
1119tlsext_srtp_serverhello_needs(SSL *s)-
1120{-
1121 return SSL_IS_DTLS(s) && SSL_get_selected_srtp_profile(s) != NULL;
executed 73 times by 4 tests: return (s->method->internal->version == 0xFEFF) && SSL_get_selected_srtp_profile(s) != ((void *)0) ;
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
(s->method->in...ion == 0xFEFF)Description
TRUEevaluated 17 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
FALSEevaluated 56 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
SSL_get_select...!= ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 13 times by 2 tests
Evaluated by:
  • ssltest
  • tlsexttest
4-73
1122}-
1123-
1124int-
1125tlsext_srtp_serverhello_build(SSL *s, CBB *cbb)-
1126{-
1127 SRTP_PROTECTION_PROFILE *profile;-
1128 CBB srtp, mki;-
1129-
1130 if (!CBB_add_u16_length_prefixed(cbb, &srtp))
!CBB_add_u16_l...ed(cbb, &srtp)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
1131 return 0;
never executed: return 0;
0
1132-
1133 if ((profile = SSL_get_selected_srtp_profile(s)) == NULL)
(profile = SSL...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
1134 return 0;
never executed: return 0;
0
1135-
1136 if (!CBB_add_u16(&srtp, profile->id))
!CBB_add_u16(&..., profile->id)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
1137 return 0;
never executed: return 0;
0
1138-
1139 if (!CBB_add_u8_length_prefixed(cbb, &mki))
!CBB_add_u8_le...xed(cbb, &mki)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
1140 return 0;
never executed: return 0;
0
1141-
1142 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
0-1
1143 return 0;
never executed: return 0;
0
1144-
1145 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • tlsexttest
1
1146}-
1147-
1148int-
1149tlsext_srtp_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
1150{-
1151 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;-
1152 SRTP_PROTECTION_PROFILE *prof;-
1153 int i;-
1154 uint16_t id;-
1155 CBS profile_ids, mki;-
1156-
1157 if (!CBS_get_u16_length_prefixed(cbs, &profile_ids)) {
!CBS_get_u16_l... &profile_ids)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
0-3
1158 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);-
1159 goto err;
never executed: goto err;
0
1160 }-
1161-
1162 if (!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
!CBS_get_u16(&...file_ids, &id)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
CBS_len(&profile_ids) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-3
1163 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);-
1164 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • tlsexttest
1
1165 }-
1166-
1167 if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) {
!CBS_get_u8_le...xed(cbs, &mki)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
CBS_len(&mki) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
1168 SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);-
1169 *alert = SSL_AD_ILLEGAL_PARAMETER;-
1170 return 0;
never executed: return 0;
0
1171 }-
1172-
1173 if ((clnt = SSL_get_srtp_profiles(s)) == NULL) {
(clnt = SSL_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
0-2
1174 SSLerror(s, SSL_R_NO_SRTP_PROFILES);-
1175 goto err;
never executed: goto err;
0
1176 }-
1177-
1178 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
i < sk_num(((_..._PROFILE*)0)))Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
1-3
1179 if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i))
(prof = ((SRTP...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
0-3
1180 == NULL) {
(prof = ((SRTP...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tlsexttest
0-3
1181 SSLerror(s, SSL_R_NO_SRTP_PROFILES);-
1182 goto err;
never executed: goto err;
0
1183 }-
1184-
1185 if (prof->id == id) {
prof->id == idDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • tlsexttest
FALSEevaluated 2 times by 1 test
Evaluated by:
  • tlsexttest
1-2
1186 s->internal->srtp_profile = prof;-
1187 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • tlsexttest
1
1188 }-
1189 }
executed 2 times by 1 test: end of block
Executed by:
  • tlsexttest
2
1190-
1191 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);-
1192 err:
code before this statement executed 1 time by 1 test: err:
Executed by:
  • tlsexttest
1
1193 *alert = SSL_AD_DECODE_ERROR;-
1194 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • tlsexttest
2
1195}-
1196-
1197#endif /* OPENSSL_NO_SRTP */-
1198-
1199struct tls_extension {-
1200 uint16_t type;-
1201 int (*clienthello_needs)(SSL *s);-
1202 int (*clienthello_build)(SSL *s, CBB *cbb);-
1203 int (*clienthello_parse)(SSL *s, CBS *cbs, int *alert);-
1204 int (*serverhello_needs)(SSL *s);-
1205 int (*serverhello_build)(SSL *s, CBB *cbb);-
1206 int (*serverhello_parse)(SSL *s, CBS *cbs, int *alert);-
1207};-
1208-
1209static struct tls_extension tls_extensions[] = {-
1210 {-
1211 .type = TLSEXT_TYPE_server_name,-
1212 .clienthello_needs = tlsext_sni_clienthello_needs,-
1213 .clienthello_build = tlsext_sni_clienthello_build,-
1214 .clienthello_parse = tlsext_sni_clienthello_parse,-
1215 .serverhello_needs = tlsext_sni_serverhello_needs,-
1216 .serverhello_build = tlsext_sni_serverhello_build,-
1217 .serverhello_parse = tlsext_sni_serverhello_parse,-
1218 },-
1219 {-
1220 .type = TLSEXT_TYPE_renegotiate,-
1221 .clienthello_needs = tlsext_ri_clienthello_needs,-
1222 .clienthello_build = tlsext_ri_clienthello_build,-
1223 .clienthello_parse = tlsext_ri_clienthello_parse,-
1224 .serverhello_needs = tlsext_ri_serverhello_needs,-
1225 .serverhello_build = tlsext_ri_serverhello_build,-
1226 .serverhello_parse = tlsext_ri_serverhello_parse,-
1227 },-
1228 {-
1229 .type = TLSEXT_TYPE_status_request,-
1230 .clienthello_needs = tlsext_ocsp_clienthello_needs,-
1231 .clienthello_build = tlsext_ocsp_clienthello_build,-
1232 .clienthello_parse = tlsext_ocsp_clienthello_parse,-
1233 .serverhello_needs = tlsext_ocsp_serverhello_needs,-
1234 .serverhello_build = tlsext_ocsp_serverhello_build,-
1235 .serverhello_parse = tlsext_ocsp_serverhello_parse,-
1236 },-
1237 {-
1238 .type = TLSEXT_TYPE_ec_point_formats,-
1239 .clienthello_needs = tlsext_ecpf_clienthello_needs,-
1240 .clienthello_build = tlsext_ecpf_clienthello_build,-
1241 .clienthello_parse = tlsext_ecpf_clienthello_parse,-
1242 .serverhello_needs = tlsext_ecpf_serverhello_needs,-
1243 .serverhello_build = tlsext_ecpf_serverhello_build,-
1244 .serverhello_parse = tlsext_ecpf_serverhello_parse,-
1245 },-
1246 {-
1247 .type = TLSEXT_TYPE_elliptic_curves,-
1248 .clienthello_needs = tlsext_ec_clienthello_needs,-
1249 .clienthello_build = tlsext_ec_clienthello_build,-
1250 .clienthello_parse = tlsext_ec_clienthello_parse,-
1251 .serverhello_needs = tlsext_ec_serverhello_needs,-
1252 .serverhello_build = tlsext_ec_serverhello_build,-
1253 .serverhello_parse = tlsext_ec_serverhello_parse,-
1254 },-
1255 {-
1256 .type = TLSEXT_TYPE_session_ticket,-
1257 .clienthello_needs = tlsext_sessionticket_clienthello_needs,-
1258 .clienthello_build = tlsext_sessionticket_clienthello_build,-
1259 .clienthello_parse = tlsext_sessionticket_clienthello_parse,-
1260 .serverhello_needs = tlsext_sessionticket_serverhello_needs,-
1261 .serverhello_build = tlsext_sessionticket_serverhello_build,-
1262 .serverhello_parse = tlsext_sessionticket_serverhello_parse,-
1263 },-
1264 {-
1265 .type = TLSEXT_TYPE_signature_algorithms,-
1266 .clienthello_needs = tlsext_sigalgs_clienthello_needs,-
1267 .clienthello_build = tlsext_sigalgs_clienthello_build,-
1268 .clienthello_parse = tlsext_sigalgs_clienthello_parse,-
1269 .serverhello_needs = tlsext_sigalgs_serverhello_needs,-
1270 .serverhello_build = tlsext_sigalgs_serverhello_build,-
1271 .serverhello_parse = tlsext_sigalgs_serverhello_parse,-
1272 },-
1273 {-
1274 .type = TLSEXT_TYPE_application_layer_protocol_negotiation,-
1275 .clienthello_needs = tlsext_alpn_clienthello_needs,-
1276 .clienthello_build = tlsext_alpn_clienthello_build,-
1277 .clienthello_parse = tlsext_alpn_clienthello_parse,-
1278 .serverhello_needs = tlsext_alpn_serverhello_needs,-
1279 .serverhello_build = tlsext_alpn_serverhello_build,-
1280 .serverhello_parse = tlsext_alpn_serverhello_parse,-
1281 },-
1282#ifndef OPENSSL_NO_SRTP-
1283 {-
1284 .type = TLSEXT_TYPE_use_srtp,-
1285 .clienthello_needs = tlsext_srtp_clienthello_needs,-
1286 .clienthello_build = tlsext_srtp_clienthello_build,-
1287 .clienthello_parse = tlsext_srtp_clienthello_parse,-
1288 .serverhello_needs = tlsext_srtp_serverhello_needs,-
1289 .serverhello_build = tlsext_srtp_serverhello_build,-
1290 .serverhello_parse = tlsext_srtp_serverhello_parse,-
1291 }-
1292#endif /* OPENSSL_NO_SRTP */-
1293};-
1294-
1295#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))-
1296-
1297/* Ensure that extensions fit in a uint32_t bitmask. */-
1298CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));-
1299-
1300static struct tls_extension *-
1301tls_extension_find(uint16_t type, size_t *tls_extensions_idx)-
1302{-
1303 size_t i;-
1304-
1305 for (i = 0; i < N_TLS_EXTENSIONS; i++) {
i < (sizeof(tl...s_extensions))Description
TRUEevaluated 1744 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
FALSEnever evaluated
0-1744
1306 if (tls_extensions[i].type == type) {
tls_extensions[i].type == typeDescription
TRUEevaluated 347 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
FALSEevaluated 1397 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
347-1397
1307 *tls_extensions_idx = i;-
1308 return &tls_extensions[i];
executed 347 times by 3 tests: return &tls_extensions[i];
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
347
1309 }-
1310 }
executed 1397 times by 3 tests: end of block
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
1397
1311-
1312 return NULL;
never executed: return ((void *)0) ;
0
1313}-
1314-
1315static int-
1316tls_extension_needs(struct tls_extension *tlsext, int is_serverhello, SSL *s)-
1317{-
1318 if (is_serverhello)
is_serverhelloDescription
TRUEevaluated 603 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
FALSEevaluated 684 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
603-684
1319 return tlsext->serverhello_needs(s);
executed 603 times by 4 tests: return tlsext->serverhello_needs(s);
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
603
1320 return tlsext->clienthello_needs(s);
executed 684 times by 4 tests: return tlsext->clienthello_needs(s);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
684
1321}-
1322-
1323static int-
1324tls_extension_build(struct tls_extension *tlsext, int is_serverhello, SSL *s,-
1325 CBB *cbb)-
1326{-
1327 if (is_serverhello)
is_serverhelloDescription
TRUEevaluated 165 times by 4 tests
Evaluated by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
FALSEevaluated 204 times by 4 tests
Evaluated by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
165-204
1328 return tlsext->serverhello_build(s, cbb);
executed 165 times by 4 tests: return tlsext->serverhello_build(s, cbb);
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
165
1329 return tlsext->clienthello_build(s, cbb);
executed 204 times by 4 tests: return tlsext->clienthello_build(s, cbb);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
204
1330}-
1331-
1332static int-
1333tls_extension_parse(struct tls_extension *tlsext, int is_serverhello, SSL *s,-
1334 CBS *cbs, int *alert)-
1335{-
1336 if (is_serverhello)
is_serverhelloDescription
TRUEevaluated 171 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
FALSEevaluated 176 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
171-176
1337 return tlsext->serverhello_parse(s, cbs, alert);
executed 171 times by 3 tests: return tlsext->serverhello_parse(s, cbs, alert);
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
171
1338 return tlsext->clienthello_parse(s, cbs, alert);
executed 176 times by 3 tests: return tlsext->clienthello_parse(s, cbs, alert);
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
176
1339}-
1340-
1341static int-
1342tlsext_build(SSL *s, CBB *cbb, int is_serverhello)-
1343{-
1344 CBB extensions, extension_data;-
1345 struct tls_extension *tlsext;-
1346 int extensions_present = 0;-
1347 size_t i;-
1348-
1349 if (!CBB_add_u16_length_prefixed(cbb, &extensions))
!CBB_add_u16_l..., &extensions)Description
TRUEnever evaluated
FALSEevaluated 143 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-143
1350 return 0;
never executed: return 0;
0
1351-
1352 for (i = 0; i < N_TLS_EXTENSIONS; i++) {
i < (sizeof(tl...s_extensions))Description
TRUEevaluated 1287 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
FALSEevaluated 143 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
143-1287
1353 tlsext = &tls_extensions[i];-
1354-
1355 if (!tls_extension_needs(tlsext, is_serverhello, s))
!tls_extension...erverhello, s)Description
TRUEevaluated 918 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
FALSEevaluated 369 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
369-918
1356 continue;
executed 918 times by 5 tests: continue;
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
918
1357-
1358 if (!CBB_add_u16(&extensions, tlsext->type))
!CBB_add_u16(&... tlsext->type)Description
TRUEnever evaluated
FALSEevaluated 369 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-369
1359 return 0;
never executed: return 0;
0
1360 if (!CBB_add_u16_length_prefixed(&extensions, &extension_data))
!CBB_add_u16_l...xtension_data)Description
TRUEnever evaluated
FALSEevaluated 369 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-369
1361 return 0;
never executed: return 0;
0
1362-
1363 if (!tls_extension_build(tlsext, is_serverhello, s,
!tls_extension...xtension_data)Description
TRUEnever evaluated
FALSEevaluated 369 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-369
1364 &extension_data))
!tls_extension...xtension_data)Description
TRUEnever evaluated
FALSEevaluated 369 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-369
1365 return 0;
never executed: return 0;
0
1366-
1367 extensions_present = 1;-
1368 }
executed 369 times by 5 tests: end of block
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
369
1369-
1370 if (!extensions_present)
!extensions_presentDescription
TRUEevaluated 3 times by 2 tests
Evaluated by:
  • servertest
  • tlsexttest
FALSEevaluated 140 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
3-140
1371 CBB_discard_child(cbb);
executed 3 times by 2 tests: CBB_discard_child(cbb);
Executed by:
  • servertest
  • tlsexttest
3
1372-
1373 if (!CBB_flush(cbb))
!CBB_flush(cbb)Description
TRUEnever evaluated
FALSEevaluated 143 times by 5 tests
Evaluated by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
0-143
1374 return 0;
never executed: return 0;
0
1375-
1376 return 1;
executed 143 times by 5 tests: return 1;
Executed by:
  • clienttest
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
143
1377}-
1378-
1379static int-
1380tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_serverhello)-
1381{-
1382 CBS extensions, extension_data;-
1383 struct tls_extension *tlsext;-
1384 uint32_t extensions_seen = 0;-
1385 uint16_t type;-
1386 size_t idx;-
1387-
1388 /* An empty extensions block is valid. */-
1389 if (CBS_len(cbs) == 0)
CBS_len(cbs) == 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • servertest
FALSEevaluated 170 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
2-170
1390 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • servertest
2
1391-
1392 *alert = SSL_AD_DECODE_ERROR;-
1393-
1394 if (!CBS_get_u16_length_prefixed(cbs, &extensions))
!CBS_get_u16_l..., &extensions)Description
TRUEevaluated 14 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 156 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
14-156
1395 return 0;
executed 14 times by 1 test: return 0;
Executed by:
  • tls_ext_alpn
14
1396-
1397 while (CBS_len(&extensions) > 0) {
CBS_len(&extensions) > 0Description
TRUEevaluated 353 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
FALSEevaluated 133 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
133-353
1398 if (!CBS_get_u16(&extensions, &type))
!CBS_get_u16(&...nsions, &type)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 351 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
2-351
1399 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • tls_ext_alpn
2
1400 if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))
!CBS_get_u16_l...xtension_data)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 347 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
4-347
1401 return 0;
executed 4 times by 1 test: return 0;
Executed by:
  • tls_ext_alpn
4
1402-
1403 if (s->internal->tlsext_debug_cb != NULL)
s->internal->t...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 347 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
0-347
1404 s->internal->tlsext_debug_cb(s, is_serverhello, type,
never executed: s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);
0
1405 (unsigned char *)CBS_data(&extension_data),
never executed: s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);
0
1406 CBS_len(&extension_data),
never executed: s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);
0
1407 s->internal->tlsext_debug_arg);
never executed: s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);
0
1408-
1409 /* Unknown extensions are ignored. */-
1410 if ((tlsext = tls_extension_find(type, &idx)) == NULL)
(tlsext = tls_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 347 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
0-347
1411 continue;
never executed: continue;
0
1412-
1413 /* Check for duplicate known extensions. */-
1414 if ((extensions_seen & (1 << idx)) != 0)
(extensions_se... << idx)) != 0Description
TRUEnever evaluated
FALSEevaluated 347 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
0-347
1415 return 0;
never executed: return 0;
0
1416 extensions_seen |= (1 << idx);-
1417-
1418 if (!tls_extension_parse(tlsext, is_serverhello, s,
!tls_extension...n_data, alert)Description
TRUEevaluated 17 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 330 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
17-330
1419 &extension_data, alert))
!tls_extension...n_data, alert)Description
TRUEevaluated 17 times by 1 test
Evaluated by:
  • tls_ext_alpn
FALSEevaluated 330 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
17-330
1420 return 0;
executed 17 times by 1 test: return 0;
Executed by:
  • tls_ext_alpn
17
1421-
1422 if (CBS_len(&extension_data) != 0)
CBS_len(&extension_data) != 0Description
TRUEnever evaluated
FALSEevaluated 330 times by 3 tests
Evaluated by:
  • ssltest
  • tls_ext_alpn
  • tlstest
0-330
1423 return 0;
never executed: return 0;
0
1424 }
executed 330 times by 3 tests: end of block
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
330
1425-
1426 return 1;
executed 133 times by 3 tests: return 1;
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
133
1427}-
1428-
1429static void-
1430tlsext_clienthello_reset_state(SSL *s)-
1431{-
1432 s->internal->servername_done = 0;-
1433 s->tlsext_status_type = -1;-
1434 S3I(s)->renegotiate_seen = 0;-
1435 free(S3I(s)->alpn_selected);-
1436 S3I(s)->alpn_selected = NULL;-
1437 s->internal->srtp_profile = NULL;-
1438}
executed 87 times by 4 tests: end of block
Executed by:
  • servertest
  • ssltest
  • tls_ext_alpn
  • tlstest
87
1439-
1440int-
1441tlsext_clienthello_build(SSL *s, CBB *cbb)-
1442{-
1443 return tlsext_build(s, cbb, 0);
executed 76 times by 4 tests: return tlsext_build(s, cbb, 0);
Executed by:
  • clienttest
  • ssltest
  • tlsexttest
  • tlstest
76
1444}-
1445-
1446int-
1447tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert)-
1448{-
1449 /* XXX - this possibly should be done by the caller... */-
1450 tlsext_clienthello_reset_state(s);-
1451-
1452 return tlsext_parse(s, cbs, alert, 0);
executed 87 times by 4 tests: return tlsext_parse(s, cbs, alert, 0);
Executed by:
  • servertest
  • ssltest
  • tls_ext_alpn
  • tlstest
87
1453}-
1454-
1455static void-
1456tlsext_serverhello_reset_state(SSL *s)-
1457{-
1458 S3I(s)->renegotiate_seen = 0; -
1459 free(S3I(s)->alpn_selected);-
1460 S3I(s)->alpn_selected = NULL;-
1461}
executed 85 times by 3 tests: end of block
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
85
1462-
1463int-
1464tlsext_serverhello_build(SSL *s, CBB *cbb)-
1465{-
1466 return tlsext_build(s, cbb, 1);
executed 67 times by 4 tests: return tlsext_build(s, cbb, 1);
Executed by:
  • servertest
  • ssltest
  • tlsexttest
  • tlstest
67
1467}-
1468-
1469int-
1470tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert)-
1471{-
1472 /* XXX - this possibly should be done by the caller... */-
1473 tlsext_serverhello_reset_state(s);-
1474-
1475 return tlsext_parse(s, cbs, alert, 1);
executed 85 times by 3 tests: return tlsext_parse(s, cbs, alert, 1);
Executed by:
  • ssltest
  • tls_ext_alpn
  • tlstest
85
1476}-
Source codeSwitch to Preprocessed file

Generated by Squish Coco 4.2.2