OpenCoverage

ssl_tlsext.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/libressl/src/ssl/ssl_tlsext.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: ssl_tlsext.c,v 1.22 2018/05/12 17:27:22 jsing Exp $ */ -

2 /* -

6 * -

7 * Permission to use, copy, modify, and distribute this software for any -

8 * purpose with or without fee is hereby granted, provided that the above -

9 * copyright notice and this permission notice appear in all copies. -

10 * -

11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -

12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -

13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -

14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -

15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -

16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -

17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -

18 */ -

19 #include <openssl/ocsp.h> -

20 -

21 #include "ssl_locl.h" -

22 -

23 #include "bytestring.h" -

24 #include "ssl_tlsext.h" -

25 -

26 /* -

27 * Supported Application-Layer Protocol Negotiation - RFC 7301 -

28 */ -

29 -

30 int -

31 tlsext_alpn_clienthello_needs(SSL *s) -

32 { -

33 /* ALPN protos have been specified and this is the initial handshake */ -

return s->internal->alpn_client_proto_list != NULL &&

executed 80 times by 4 tests: return s->internal->alpn_client_proto_list != ((void *)0) && (s->s3->internal)->tmp.finish_md_len == 0;

Executed by:

clienttest
ssltest
tlsexttest
tlstest

s->internal->a...!= ((void *)0)	Description
TRUE	evaluated 10 times by 2 tests Evaluated by: ssltest tlsexttest
FALSE	evaluated 70 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

10-80

S3I(s)->tmp.finish_md_len == 0;

executed 80 times by 4 tests: return s->internal->alpn_client_proto_list != ((void *)0) && (s->s3->internal)->tmp.finish_md_len == 0;

Executed by:

clienttest
ssltest
tlsexttest
tlstest

(s->s3->intern...sh_md_len == 0	Description
TRUE	evaluated 10 times by 2 tests Evaluated by: ssltest tlsexttest
FALSE	never evaluated

0-80

36 } -

37 -

38 int -

39 tlsext_alpn_clienthello_build(SSL *s, CBB *cbb) -

40 { -

41 CBB protolist; -

42 -

if (!CBB_add_u16_length_prefixed(cbb, &protolist))

!CBB_add_u16_l...b, &protolist)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 2 tests Evaluated by: ssltest tlsexttest

0-10

return 0;

never executed: return 0;

45 -

if (!CBB_add_bytes(&protolist, s->internal->alpn_client_proto_list,

!CBB_add_bytes...roto_list_len)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 2 tests Evaluated by: ssltest tlsexttest

0-10

s->internal->alpn_client_proto_list_len))

!CBB_add_bytes...roto_list_len)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 2 tests Evaluated by: ssltest tlsexttest

0-10

return 0;

never executed: return 0;

49 -

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 2 tests Evaluated by: ssltest tlsexttest

0-10

return 0;

never executed: return 0;

52 -

return 1;

executed 10 times by 2 tests: return 1;

Executed by:

ssltest
tlsexttest

54 } -

55 -

56 int -

57 tlsext_alpn_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

58 { -

59 CBS proto_name_list, alpn; -

60 const unsigned char *selected; -

61 unsigned char selected_len; -

62 int r; -

63 -

if (!CBS_get_u16_length_prefixed(cbs, &alpn))

!CBS_get_u16_l...ed(cbs, &alpn)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 18 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

3-18

goto err;

executed 3 times by 1 test: goto err;

Executed by:

tls_ext_alpn

if (CBS_len(&alpn) < 2)

CBS_len(&alpn) < 2	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 17 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

1-17

goto err;

executed 1 time by 1 test: goto err;

Executed by:

tls_ext_alpn

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 16 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

1-16

goto err;

executed 1 time by 1 test: goto err;

Executed by:

tls_ext_alpn

70 -

71 CBS_dup(&alpn, &proto_name_list); -

while (CBS_len(&proto_name_list) > 0) {

CBS_len(&proto_name_list) > 0	Description
TRUE	evaluated 29 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest
FALSE	evaluated 14 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

14-29

73 CBS proto_name; -

74 -

if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name))

!CBS_get_u8_le..., &proto_name)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 27 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

2-27

goto err;

executed 2 times by 1 test: goto err;

Executed by:

tls_ext_alpn

if (CBS_len(&proto_name) == 0)

CBS_len(&proto_name) == 0	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

0-27

goto err;

never executed: goto err;

}

executed 27 times by 3 tests: end of block

Executed by:

ssltest
tls_ext_alpn
tlsexttest

80 -

if (s->ctx->internal->alpn_select_cb == NULL)

s->ctx->intern...== ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 12 times by 2 tests Evaluated by: ssltest tls_ext_alpn

2-12

return 1;

executed 2 times by 1 test: return 1;

Executed by:

tlsexttest

83 -

84 r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len, -

85 CBS_data(&alpn), CBS_len(&alpn), -

86 s->ctx->internal->alpn_select_cb_arg); -

if (r == SSL_TLSEXT_ERR_OK) {

r == 0	Description
TRUE	evaluated 10 times by 2 tests Evaluated by: ssltest tls_ext_alpn
FALSE	evaluated 2 times by 1 test Evaluated by: ssltest

2-10

88 free(S3I(s)->alpn_selected); -

if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {

((s->s3->inter...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 2 tests Evaluated by: ssltest tls_ext_alpn

0-10

90 *alert = SSL_AD_INTERNAL_ERROR; -

return 0;

never executed: return 0;

92 } -

93 memcpy(S3I(s)->alpn_selected, selected, selected_len); -

94 S3I(s)->alpn_selected_len = selected_len; -

}

executed 10 times by 2 tests: end of block

Executed by:

ssltest
tls_ext_alpn

96 -

return 1;

executed 12 times by 2 tests: return 1;

Executed by:

ssltest
tls_ext_alpn

98 -

99 err: -

100 *alert = SSL_AD_DECODE_ERROR; -

101

return 0;

executed 7 times by 1 test: return 0;

Executed by:

tls_ext_alpn

102 } -

103 -

104 int -

105 tlsext_alpn_serverhello_needs(SSL *s) -

106 { -

107

return S3I(s)->alpn_selected != NULL;

executed 70 times by 4 tests: return (s->s3->internal)->alpn_selected != ((void *)0) ;

Executed by:

servertest
ssltest
tlsexttest
tlstest

108 } -

109 -

110 int -

111 tlsext_alpn_serverhello_build(SSL *s, CBB *cbb) -

112 { -

113 CBB list, selected; -

114 -

115

if (!CBB_add_u16_length_prefixed(cbb, &list))

!CBB_add_u16_l...ed(cbb, &list)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 2 tests Evaluated by: ssltest tlsexttest

0-7

116

return 0;

never executed: return 0;

117 -

118

if (!CBB_add_u8_length_prefixed(&list, &selected))

!CBB_add_u8_le...st, &selected)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 2 tests Evaluated by: ssltest tlsexttest

0-7

119

return 0;

never executed: return 0;

120 -

121

if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected,

!CBB_add_bytes..._selected_len)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 2 tests Evaluated by: ssltest tlsexttest

0-7

122

S3I(s)->alpn_selected_len))

!CBB_add_bytes..._selected_len)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 2 tests Evaluated by: ssltest tlsexttest

0-7

123

return 0;

never executed: return 0;

124 -

125

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 2 tests Evaluated by: ssltest tlsexttest

0-7

126

return 0;

never executed: return 0;

127 -

128

return 1;

executed 7 times by 2 tests: return 1;

Executed by:

ssltest
tlsexttest

129 } -

130 -

131 int -

132 tlsext_alpn_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

133 { -

134 CBS list, proto; -

135 -

136

if (s->internal->alpn_client_proto_list == NULL) {

s->internal->a...== ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 18 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

1-18

137 *alert = TLS1_AD_UNSUPPORTED_EXTENSION; -

138

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

139 } -

140 -

141

if (!CBS_get_u16_length_prefixed(cbs, &list))

!CBS_get_u16_l...ed(cbs, &list)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 15 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

3-15

142

goto err;

executed 3 times by 1 test: goto err;

Executed by:

tls_ext_alpn

143

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 14 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

1-14

144

goto err;

executed 1 time by 1 test: goto err;

Executed by:

tls_ext_alpn

145 -

146

if (!CBS_get_u8_length_prefixed(&list, &proto))

!CBS_get_u8_le...&list, &proto)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 13 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

1-13

147

goto err;

executed 1 time by 1 test: goto err;

Executed by:

tls_ext_alpn

148 -

149

if (CBS_len(&list) != 0)

CBS_len(&list) != 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 9 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

4-9

150

goto err;

executed 4 times by 1 test: goto err;

Executed by:

tls_ext_alpn

151

if (CBS_len(&proto) == 0)

CBS_len(&proto) == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 8 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

1-8

152

goto err;

executed 1 time by 1 test: goto err;

Executed by:

tls_ext_alpn

153 -

154

if (!CBS_stow(&proto, &(S3I(s)->alpn_selected),

!CBS_stow(&pro...selected_len))	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

0-8

155

&(S3I(s)->alpn_selected_len)))

!CBS_stow(&pro...selected_len))	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlsexttest

0-8

156

goto err;

never executed: goto err;

157 -

158

return 1;

executed 8 times by 3 tests: return 1;

Executed by:

ssltest
tls_ext_alpn
tlsexttest

159 -

160 err: -

161 *alert = TLS1_AD_DECODE_ERROR; -

162

return 0;

executed 10 times by 1 test: return 0;

Executed by:

tls_ext_alpn

163 } -

164 -

165 /* -

166 * Supported Elliptic Curves - RFC 4492 section 5.1.1 -

167 */ -

168 int -

169 tlsext_ec_clienthello_needs(SSL *s) -

170 { -

171

return ssl_has_ecc_ciphers(s);

executed 81 times by 4 tests: return ssl_has_ecc_ciphers(s);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

172 } -

173 -

174 int -

175 tlsext_ec_clienthello_build(SSL *s, CBB *cbb) -

176 { -

177 CBB curvelist; -

178 size_t curves_len; -

179 int i; -

180 const uint16_t *curves; -

181 -

182 tls1_get_curvelist(s, 0, &curves, &curves_len); -

183 -

184

if (curves_len == 0) {

curves_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 41 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-41

185 SSLerror(s, ERR_R_INTERNAL_ERROR); -

186

return 0;

never executed: return 0;

187 } -

188 -

189

if (!CBB_add_u16_length_prefixed(cbb, &curvelist))

!CBB_add_u16_l...b, &curvelist)	Description
TRUE	never evaluated
FALSE	evaluated 41 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-41

190

return 0;

never executed: return 0;

191 -

192

for (i = 0; i < curves_len; i++) {

i < curves_len	Description
TRUE	evaluated 122 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest
FALSE	evaluated 41 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

41-122

193

if (!CBB_add_u16(&curvelist, curves[i]))

!CBB_add_u16(&...st, curves[i])	Description
TRUE	never evaluated
FALSE	evaluated 122 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-122

194

return 0;

never executed: return 0;

195

}

executed 122 times by 4 tests: end of block

Executed by:

clienttest
ssltest
tlsexttest
tlstest

122

196 -

197

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 41 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-41

198

return 0;

never executed: return 0;

199 -

200

return 1;

executed 41 times by 4 tests: return 1;

Executed by:

clienttest
ssltest
tlsexttest
tlstest

201 } -

202 -

203 int -

204 tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

205 { -

206 CBS curvelist; -

207 size_t curves_len; -

208 -

209

if (!CBS_get_u16_length_prefixed(cbs, &curvelist))

!CBS_get_u16_l...s, &curvelist)	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-30

210

goto err;

never executed: goto err;

211

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-30

212

goto err;

never executed: goto err;

213 -

214 curves_len = CBS_len(&curvelist); -

215

if (curves_len == 0 || curves_len % 2 != 0)

curves_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

curves_len % 2 != 0	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-30

216

goto err;

never executed: goto err;

217 curves_len /= 2; -

218 -

219

if (!s->internal->hit) {

!s->internal->hit	Description
TRUE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest
FALSE	never evaluated

0-30

220 int i; -

221 uint16_t *curves; -

222 -

223

if (SSI(s)->tlsext_supportedgroups != NULL)

(s->session->i...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-30

224

goto err;

never executed: goto err;

225 -

226

if ((curves = reallocarray(NULL, curves_len,

(curves = real...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-30

227

sizeof(uint16_t))) == NULL) {

(curves = real...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-30

228 *alert = TLS1_AD_INTERNAL_ERROR; -

229

return 0;

never executed: return 0;

230 } -

231 -

232

for (i = 0; i < curves_len; i++) {

i < curves_len	Description
TRUE	evaluated 87 times by 3 tests Evaluated by: ssltest tlsexttest tlstest
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

30-87

233

if (!CBS_get_u16(&curvelist, &curves[i])) {

!CBS_get_u16(&...t, &curves[i])	Description
TRUE	never evaluated
FALSE	evaluated 87 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-87

234 free(curves); -

235

goto err;

never executed: goto err;

236 } -

237

}

executed 87 times by 3 tests: end of block

Executed by:

ssltest
tlsexttest
tlstest

238 -

239

if (CBS_len(&curvelist) != 0) {

CBS_len(&curvelist) != 0	Description
TRUE	never evaluated
FALSE	evaluated 30 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-30

240 free(curves); -

241

goto err;

never executed: goto err;

242 } -

243 -

244 SSI(s)->tlsext_supportedgroups = curves; -

245 SSI(s)->tlsext_supportedgroups_length = curves_len; -

246

}

executed 30 times by 3 tests: end of block

Executed by:

ssltest
tlsexttest
tlstest

247 -

248

return 1;

executed 30 times by 3 tests: return 1;

Executed by:

ssltest
tlsexttest
tlstest

249 -

250 err: -

251 *alert = TLS1_AD_DECODE_ERROR; -

252

return 0;

never executed: return 0;

253 } -

254 -

255 /* This extension is never used by the server. */ -

256 int -

257 tlsext_ec_serverhello_needs(SSL *s) -

258 { -

259

return 0;

executed 69 times by 4 tests: return 0;

Executed by:

servertest
ssltest
tlsexttest
tlstest

260 } -

261 -

262 int -

263 tlsext_ec_serverhello_build(SSL *s, CBB *cbb) -

264 { -

265

return 0;

never executed: return 0;

266 } -

267 -

268 int -

269 tlsext_ec_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

270 { -

271 /* -

272 * Servers should not send this extension per the RFC. -

273 * -

274 * However, certain F5 BIG-IP systems incorrectly send it. This bug is -

275 * from at least 2014 but as of 2017, there are still large sites with -

276 * this unpatched in production. As a result, we need to currently skip -

277 * over the extension and ignore its content: -

278 * -

279 * https://support.f5.com/csp/article/K37345003 -

280 */ -

281

if (!CBS_skip(cbs, CBS_len(cbs))) {

!CBS_skip(cbs, CBS_len(cbs))	Description
TRUE	never evaluated
FALSE	never evaluated

282 *alert = TLS1_AD_INTERNAL_ERROR; -

283

return 0;

never executed: return 0;

284 } -

285 -

286

return 1;

never executed: return 1;

287 } -

288 -

289 /* -

290 * Supported Point Formats Extension - RFC 4492 section 5.1.2 -

291 */ -

292 static int -

293 tlsext_ecpf_build(SSL *s, CBB *cbb) -

294 { -

295 CBB ecpf; -

296 size_t formats_len; -

297 const uint8_t *formats; -

298 -

299 tls1_get_formatlist(s, 0, &formats, &formats_len); -

300 -

301

if (formats_len == 0) {

formats_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 72 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-72

302 SSLerror(s, ERR_R_INTERNAL_ERROR); -

303

return 0;

never executed: return 0;

304 } -

305 -

306

if (!CBB_add_u8_length_prefixed(cbb, &ecpf))

!CBB_add_u8_le...ed(cbb, &ecpf)	Description
TRUE	never evaluated
FALSE	evaluated 72 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-72

307

return 0;

never executed: return 0;

308

if (!CBB_add_bytes(&ecpf, formats, formats_len))

!CBB_add_bytes..., formats_len)	Description
TRUE	never evaluated
FALSE	evaluated 72 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-72

309

return 0;

never executed: return 0;

310

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 72 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-72

311

return 0;

never executed: return 0;

312 -

313

return 1;

executed 72 times by 4 tests: return 1;

Executed by:

clienttest
ssltest
tlsexttest
tlstest

314 } -

315 -

316 static int -

317 tlsext_ecpf_parse(SSL *s, CBS *cbs, int *alert) -

318 { -

319 CBS ecpf; -

320 -

321

if (!CBS_get_u8_length_prefixed(cbs, &ecpf))

!CBS_get_u8_le...ed(cbs, &ecpf)	Description
TRUE	never evaluated
FALSE	evaluated 60 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-60

322

goto err;

never executed: goto err;

323

if (CBS_len(&ecpf) == 0)

CBS_len(&ecpf) == 0	Description
TRUE	never evaluated
FALSE	evaluated 60 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-60

324

goto err;

never executed: goto err;

325

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	never evaluated
FALSE	evaluated 60 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-60

326

goto err;

never executed: goto err;

327 -

328 /* Must contain uncompressed (0) */ -

329

if (!CBS_contains_zero_byte(&ecpf)) {

!CBS_contains_zero_byte(&ecpf)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 59 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

1-59

330 SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); -

331

goto err;

executed 1 time by 1 test: goto err;

Executed by:

tlsexttest

332 } -

333 -

334

if (!s->internal->hit) {

!s->internal->hit	Description
TRUE	evaluated 59 times by 3 tests Evaluated by: ssltest tlsexttest tlstest
FALSE	never evaluated

0-59

335

if (!CBS_stow(&ecpf, &(SSI(s)->tlsext_ecpointformatlist),

!CBS_stow(&ecp...tlist_length))	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-59

336

&(SSI(s)->tlsext_ecpointformatlist_length))) {

!CBS_stow(&ecp...tlist_length))	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-59

337 *alert = TLS1_AD_INTERNAL_ERROR; -

338

return 0;

never executed: return 0;

339 } -

340

}

executed 59 times by 3 tests: end of block

Executed by:

ssltest
tlsexttest
tlstest

341 -

342

return 1;

executed 59 times by 3 tests: return 1;

Executed by:

ssltest
tlsexttest
tlstest

343 -

344 err: -

345 *alert = SSL_AD_DECODE_ERROR; -

346

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

347 } -

348 -

349 int -

350 tlsext_ecpf_clienthello_needs(SSL *s) -

351 { -

352

return ssl_has_ecc_ciphers(s);

executed 80 times by 4 tests: return ssl_has_ecc_ciphers(s);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

353 } -

354 -

355 int -

356 tlsext_ecpf_clienthello_build(SSL *s, CBB *cbb) -

357 { -

358

return tlsext_ecpf_build(s, cbb);

executed 41 times by 4 tests: return tlsext_ecpf_build(s, cbb);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

359 } -

360 -

361 int -

362 tlsext_ecpf_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

363 { -

364

return tlsext_ecpf_parse(s, cbs, alert);

executed 30 times by 3 tests: return tlsext_ecpf_parse(s, cbs, alert);

Executed by:

ssltest
tlsexttest
tlstest

365 } -

366 -

367 int -

368 tlsext_ecpf_serverhello_needs(SSL *s) -

369 { -

370

if (s->version == DTLS1_VERSION)

s->version == 0xFEFF	Description
TRUE	evaluated 11 times by 1 test Evaluated by: ssltest
FALSE	evaluated 58 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

11-58

371

return 0;

executed 11 times by 1 test: return 0;

Executed by:

ssltest

372 -

373

return ssl_using_ecc_cipher(s);

executed 58 times by 4 tests: return ssl_using_ecc_cipher(s);

Executed by:

servertest
ssltest
tlsexttest
tlstest

374 } -

375 -

376 int -

377 tlsext_ecpf_serverhello_build(SSL *s, CBB *cbb) -

378 { -

379

return tlsext_ecpf_build(s, cbb);

executed 31 times by 3 tests: return tlsext_ecpf_build(s, cbb);

Executed by:

ssltest
tlsexttest
tlstest

380 } -

381 -

382 int -

383 tlsext_ecpf_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

384 { -

385

return tlsext_ecpf_parse(s, cbs, alert);

executed 30 times by 3 tests: return tlsext_ecpf_parse(s, cbs, alert);

Executed by:

ssltest
tlsexttest
tlstest

386 } -

387 -

388 /* -

389 * Renegotiation Indication - RFC 5746. -

390 */ -

391 int -

392 tlsext_ri_clienthello_needs(SSL *s) -

393 { -

394

return (s->internal->renegotiate);

executed 78 times by 4 tests: return (s->internal->renegotiate);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

395 } -

396 -

397 int -

398 tlsext_ri_clienthello_build(SSL *s, CBB *cbb) -

399 { -

400 CBB reneg; -

401 -

402

if (!CBB_add_u8_length_prefixed(cbb, &reneg))

!CBB_add_u8_le...d(cbb, &reneg)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

403

return 0;

never executed: return 0;

404

if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,

!CBB_add_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

405

S3I(s)->previous_client_finished_len))

!CBB_add_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

406

return 0;

never executed: return 0;

407

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

408

return 0;

never executed: return 0;

409 -

410

return 1;

executed 1 time by 1 test: return 1;

Executed by:

tlsexttest

411 } -

412 -

413 int -

414 tlsext_ri_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

415 { -

416 CBS reneg; -

417 -

418

if (!CBS_get_u8_length_prefixed(cbs, &reneg))

!CBS_get_u8_le...d(cbs, &reneg)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

419

goto err;

never executed: goto err;

420

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

421

goto err;

never executed: goto err;

422 -

423

if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,

!CBS_mem_equal..._finished_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

424

S3I(s)->previous_client_finished_len)) {

!CBS_mem_equal..._finished_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

425 SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); -

426 *alert = SSL_AD_HANDSHAKE_FAILURE; -

427

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

428 } -

429 -

430 S3I(s)->renegotiate_seen = 1; -

431 S3I(s)->send_connection_binding = 1; -

432 -

433

return 1;

executed 1 time by 1 test: return 1;

Executed by:

tlsexttest

434 -

435 err: -

436 SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); -

437 *alert = SSL_AD_DECODE_ERROR; -

438

return 0;

never executed: return 0;

439 } -

440 -

441 int -

442 tlsext_ri_serverhello_needs(SSL *s) -

443 { -

444

return (S3I(s)->send_connection_binding);

executed 69 times by 4 tests: return ((s->s3->internal)->send_connection_binding);

Executed by:

servertest
ssltest
tlsexttest
tlstest

445 } -

446 -

447 int -

448 tlsext_ri_serverhello_build(SSL *s, CBB *cbb) -

449 { -

450 CBB reneg; -

451 -

452

if (!CBB_add_u8_length_prefixed(cbb, &reneg))

!CBB_add_u8_le...d(cbb, &reneg)	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

0-66

453

return 0;

never executed: return 0;

454

if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,

!CBB_add_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

0-66

455

S3I(s)->previous_client_finished_len))

!CBB_add_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

0-66

456

return 0;

never executed: return 0;

457

if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished,

!CBB_add_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

0-66

458

S3I(s)->previous_server_finished_len))

!CBB_add_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

0-66

459

return 0;

never executed: return 0;

460

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

0-66

461

return 0;

never executed: return 0;

462 -

463

return 1;

executed 66 times by 4 tests: return 1;

Executed by:

servertest
ssltest
tlsexttest
tlstest

464 } -

465 -

466 int -

467 tlsext_ri_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

468 { -

469 CBS reneg, prev_client, prev_server; -

470 -

471 /* -

472 * Ensure that the previous client and server values are both not -

473 * present, or that they are both present. -

474 */ -

475

if ((S3I(s)->previous_client_finished_len == 0 &&

(s->s3->intern...ished_len == 0	Description
TRUE	evaluated 63 times by 2 tests Evaluated by: ssltest tlstest
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

2-63

476

S3I(s)->previous_server_finished_len != 0) ||

(s->s3->intern...ished_len != 0	Description
TRUE	never evaluated
FALSE	evaluated 63 times by 2 tests Evaluated by: ssltest tlstest

0-63

477

(S3I(s)->previous_client_finished_len != 0 &&

(s->s3->intern...ished_len != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 63 times by 2 tests Evaluated by: ssltest tlstest

2-63

478

S3I(s)->previous_server_finished_len == 0)) {

(s->s3->intern...ished_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

479 *alert = TLS1_AD_INTERNAL_ERROR; -

480

return 0;

never executed: return 0;

481 } -

482 -

483

if (!CBS_get_u8_length_prefixed(cbs, &reneg))

!CBS_get_u8_le...d(cbs, &reneg)	Description
TRUE	never evaluated
FALSE	evaluated 65 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-65

484

goto err;

never executed: goto err;

485

if (!CBS_get_bytes(&reneg, &prev_client,

!CBS_get_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 65 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-65

486

S3I(s)->previous_client_finished_len))

!CBS_get_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 65 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-65

487

goto err;

never executed: goto err;

488

if (!CBS_get_bytes(&reneg, &prev_server,

!CBS_get_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 65 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-65

489

S3I(s)->previous_server_finished_len))

!CBS_get_bytes..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 65 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-65

490

goto err;

never executed: goto err;

491

if (CBS_len(&reneg) != 0)

CBS_len(&reneg) != 0	Description
TRUE	never evaluated
FALSE	evaluated 65 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-65

492

goto err;

never executed: goto err;

493

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	never evaluated
FALSE	evaluated 65 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-65

494

goto err;

never executed: goto err;

495 -

496

if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished,

!CBS_mem_equal..._finished_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 64 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

1-64

497

S3I(s)->previous_client_finished_len)) {

!CBS_mem_equal..._finished_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 64 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

1-64

498 SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); -

499 *alert = SSL_AD_HANDSHAKE_FAILURE; -

500

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

501 } -

502

if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished,

!CBS_mem_equal..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 64 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-64

503

S3I(s)->previous_server_finished_len)) {

!CBS_mem_equal..._finished_len)	Description
TRUE	never evaluated
FALSE	evaluated 64 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-64

504 SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); -

505 *alert = SSL_AD_HANDSHAKE_FAILURE; -

506

return 0;

never executed: return 0;

507 } -

508 -

509 S3I(s)->renegotiate_seen = 1; -

510 S3I(s)->send_connection_binding = 1; -

511 -

512

return 1;

executed 64 times by 3 tests: return 1;

Executed by:

ssltest
tlsexttest
tlstest

513 -

514 err: -

515 SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); -

516 *alert = SSL_AD_DECODE_ERROR; -

517

return 0;

never executed: return 0;

518 } -

519 -

520 /* -

521 * Signature Algorithms - RFC 5246 section 7.4.1.4.1. -

522 */ -

523 int -

524 tlsext_sigalgs_clienthello_needs(SSL *s) -

525 { -

526

return (TLS1_get_client_version(s) >= TLS1_2_VERSION);

executed 78 times by 4 tests: return (((s->client_version >> 8) == 0x03 ? s->client_version : 0) >= 0x0303);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

(s->client_ver... >> 8) == 0x03	Description
TRUE	evaluated 66 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest
FALSE	evaluated 12 times by 2 tests Evaluated by: clienttest ssltest

12-78

527 } -

528 -

529 int -

530 tlsext_sigalgs_clienthello_build(SSL *s, CBB *cbb) -

531 { -

532 unsigned char *sigalgs_data; -

533 size_t sigalgs_len; -

534 CBB sigalgs; -

535 -

536 tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len); -

537 -

538

if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))

!CBB_add_u16_l...cbb, &sigalgs)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-40

539

return 0;

never executed: return 0;

540

if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))

!CBB_add_bytes..., sigalgs_len)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-40

541

return 0;

never executed: return 0;

542

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

0-40

543

return 0;

never executed: return 0;

544 -

545

return 1;

executed 40 times by 4 tests: return 1;

Executed by:

clienttest
ssltest
tlsexttest
tlstest

546 } -

547 -

548 int -

549 tlsext_sigalgs_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

550 { -

551 CBS sigalgs; -

552 -

553

if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))

!CBS_get_u16_l...cbs, &sigalgs)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 3 tests Evaluated by: ssltest tlsexttest tlstest

0-35

554

return 0;

never executed: return 0;

555 -

556

return tls1_process_sigalgs(s, &sigalgs);

executed 35 times by 3 tests: return tls1_process_sigalgs(s, &sigalgs);

Executed by:

ssltest
tlsexttest
tlstest

557 } -

558 -

559 int -

560 tlsext_sigalgs_serverhello_needs(SSL *s) -

561 { -

562

return 0;

executed 68 times by 4 tests: return 0;

Executed by:

servertest
ssltest
tlsexttest
tlstest

563 } -

564 -

565 int -

566 tlsext_sigalgs_serverhello_build(SSL *s, CBB *cbb) -

567 { -

568

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

569 } -

570 -

571 int -

572 tlsext_sigalgs_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

573 { -

574 /* As per the RFC, servers must not send this extension. */ -

575

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

576 } -

577 -

578 /* -

579 * Server Name Indication - RFC 6066, section 3. -

580 */ -

581 int -

582 tlsext_sni_clienthello_needs(SSL *s) -

583 { -

584

return (s->tlsext_hostname != NULL);

executed 78 times by 4 tests: return (s->tlsext_hostname != ((void *)0) );

Executed by:

clienttest
ssltest
tlsexttest
tlstest

585 } -

586 -

587 int -

588 tlsext_sni_clienthello_build(SSL *s, CBB *cbb) -

589 { -

590 CBB server_name_list, host_name; -

591 -

592

if (!CBB_add_u16_length_prefixed(cbb, &server_name_list))

!CBB_add_u16_l...ver_name_list)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

593

return 0;

never executed: return 0;

594

if (!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name))

!CBB_add_u8(&s..._name_list, 0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

595

return 0;

never executed: return 0;

596

if (!CBB_add_u16_length_prefixed(&server_name_list, &host_name))

!CBB_add_u16_l...t, &host_name)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

597

return 0;

never executed: return 0;

598

if (!CBB_add_bytes(&host_name, (const uint8_t *)s->tlsext_hostname,

!CBB_add_bytes...ext_hostname))	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

599

strlen(s->tlsext_hostname)))

!CBB_add_bytes...ext_hostname))	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

600

return 0;

never executed: return 0;

601

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

602

return 0;

never executed: return 0;

603 -

604

return 1;

executed 5 times by 2 tests: return 1;

Executed by:

tlsexttest
tlstest

605 } -

606 -

607 int -

608 tlsext_sni_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

609 { -

610 CBS server_name_list, host_name; -

611 uint8_t name_type; -

612 -

613

if (!CBS_get_u16_length_prefixed(cbs, &server_name_list))

!CBS_get_u16_l...ver_name_list)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest

0-6

614

goto err;

never executed: goto err;

615 -

616 /* -

617 * RFC 6066 section 3 forbids multiple host names with the same type. -

618 * Additionally, only one type (host_name) is specified. -

619 */ -

620

if (!CBS_get_u8(&server_name_list, &name_type))

!CBS_get_u8(&s...t, &name_type)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest

0-6

621

goto err;

never executed: goto err;

622

if (name_type != TLSEXT_NAMETYPE_host_name)

name_type != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest

0-6

623

goto err;

never executed: goto err;

624 -

625

if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name))

!CBS_get_u16_l...t, &host_name)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest

0-6

626

goto err;

never executed: goto err;

627

if (CBS_len(&host_name) == 0 ||

CBS_len(&host_name) == 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest

0-6

628

CBS_len(&host_name) > TLSEXT_MAXLEN_host_name ||

CBS_len(&host_name) > 255	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest

0-6

629

CBS_contains_zero_byte(&host_name)) {

CBS_contains_z...te(&host_name)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest

0-6

630 *alert = TLS1_AD_UNRECOGNIZED_NAME; -

631

return 0;

never executed: return 0;

632 } -

633 -

634

if (s->internal->hit) {

s->internal->hit	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

1-5

635

if (s->session->tlsext_hostname == NULL) {

s->session->tl...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

636 *alert = TLS1_AD_UNRECOGNIZED_NAME; -

637

return 0;

never executed: return 0;

638 } -

639

if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname,

!CBS_mem_equal...ext_hostname))	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	never evaluated

0-1

640

strlen(s->session->tlsext_hostname))) {

!CBS_mem_equal...ext_hostname))	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	never evaluated

0-1

641 *alert = TLS1_AD_UNRECOGNIZED_NAME; -

642

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

643 } -

644

} else {

never executed: end of block

645

if (s->session->tlsext_hostname != NULL)

s->session->tl...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

646

goto err;

never executed: goto err;

647

if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) {

!CBS_strdup(&h...sext_hostname)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

648 *alert = TLS1_AD_INTERNAL_ERROR; -

649

return 0;

never executed: return 0;

650 } -

651

}

executed 5 times by 2 tests: end of block

Executed by:

tlsexttest
tlstest

652 -

653

if (CBS_len(&server_name_list) != 0)

CBS_len(&serve...ame_list) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

654

goto err;

never executed: goto err;

655

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

656

goto err;

never executed: goto err;

657 -

658

return 1;

executed 5 times by 2 tests: return 1;

Executed by:

tlsexttest
tlstest

659 -

660 err: -

661 *alert = SSL_AD_DECODE_ERROR; -

662

return 0;

never executed: return 0;

663 } -

664 -

665 int -

666 tlsext_sni_serverhello_needs(SSL *s) -

667 { -

668

return (s->session->tlsext_hostname != NULL);

executed 69 times by 4 tests: return (s->session->tlsext_hostname != ((void *)0) );

Executed by:

servertest
ssltest
tlsexttest
tlstest

669 } -

670 -

671 int -

672 tlsext_sni_serverhello_build(SSL *s, CBB *cbb) -

673 { -

674

return 1;

executed 5 times by 2 tests: return 1;

Executed by:

tlsexttest
tlstest

675 } -

676 -

677 int -

678 tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

679 { -

680

if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {

s->tlsext_host...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

CBS_len(cbs) != 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

681 *alert = TLS1_AD_UNRECOGNIZED_NAME; -

682

return 0;

never executed: return 0;

683 } -

684 -

685

if (s->internal->hit) {

s->internal->hit	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

686

if (s->session->tlsext_hostname == NULL) {

s->session->tl...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

687 *alert = TLS1_AD_UNRECOGNIZED_NAME; -

688

return 0;

never executed: return 0;

689 } -

690

if (strcmp(s->tlsext_hostname,

never executed: __result = (((const unsigned char *) (const char *) ( s->tlsext_hostname ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( s->session->tlsext_hostname ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

691

s->session->tlsext_hostname) != 0) {

__extension__ ... )))); }) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

692 *alert = TLS1_AD_UNRECOGNIZED_NAME; -

693

return 0;

never executed: return 0;

694 } -

695

} else {

never executed: end of block

696

if (s->session->tlsext_hostname != NULL) {

s->session->tl...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

697 *alert = SSL_AD_DECODE_ERROR; -

698

return 0;

never executed: return 0;

699 } -

700

if ((s->session->tlsext_hostname =

(s->session->t...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

701

strdup(s->tlsext_hostname)) == NULL) {

never executed: __retval = (char *) memcpy (__retval, s->tlsext_hostname , __len);

(s->session->t...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

__retval != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

((const char *... ))[0] == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...ext_hostname )	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

((size_t)(cons...stname ) == 1)	Description
TRUE	never evaluated
FALSE	never evaluated

0-5

702 *alert = TLS1_AD_INTERNAL_ERROR; -

703

return 0;

never executed: return 0;

704 } -

705

}

executed 5 times by 2 tests: end of block

Executed by:

tlsexttest
tlstest

706 -

707

return 1;

executed 5 times by 2 tests: return 1;

Executed by:

tlsexttest
tlstest

708 } -

709 -

710 -

711 /* -

712 *Certificate Status Request - RFC 6066 section 8. -

713 */ -

714 -

715 int -

716 tlsext_ocsp_clienthello_needs(SSL *s) -

717 { -

718

return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&

executed 78 times by 4 tests: return (s->tlsext_status_type == 1 && s->version != 0xFEFF);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

s->tlsext_status_type == 1	Description
TRUE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest
FALSE	evaluated 73 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

5-78

719

s->version != DTLS1_VERSION);

executed 78 times by 4 tests: return (s->tlsext_status_type == 1 && s->version != 0xFEFF);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

s->version != 0xFEFF	Description
TRUE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest
FALSE	never evaluated

0-78

720 } -

721 -

722 int -

723 tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb) -

724 { -

725 CBB respid_list, respid, exts; -

726 unsigned char *ext_data; -

727 size_t ext_len; -

728 int i; -

729 -

730

if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))

!CBB_add_u8(cbb, 1)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

731

return 0;

never executed: return 0;

732

if (!CBB_add_u16_length_prefixed(cbb, &respid_list))

!CBB_add_u16_l... &respid_list)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

733

return 0;

never executed: return 0;

734

for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {

i < sk_num(((_...P_RESPID*)0)))	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

735 unsigned char *respid_data; -

736 OCSP_RESPID *id; -

737 size_t id_len; -

738 -

739

if ((id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids,

(id = ((OCSP_R...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

740

i)) == NULL)

(id = ((OCSP_R...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

741

return 0;

never executed: return 0;

742

if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1)

(id_len = i2d_... *)0) )) == -1	Description
TRUE	never evaluated
FALSE	never evaluated

743

return 0;

never executed: return 0;

744

if (!CBB_add_u16_length_prefixed(&respid_list, &respid))

!CBB_add_u16_l...list, &respid)	Description
TRUE	never evaluated
FALSE	never evaluated

745

return 0;

never executed: return 0;

746

if (!CBB_add_space(&respid, &respid_data, id_len))

!CBB_add_space..._data, id_len)	Description
TRUE	never evaluated
FALSE	never evaluated

747

return 0;

never executed: return 0;

748

if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len)

(i2d_OCSP_RESP...ta)) != id_len	Description
TRUE	never evaluated
FALSE	never evaluated

749

return 0;

never executed: return 0;

750

}

never executed: end of block

751

if (!CBB_add_u16_length_prefixed(cbb, &exts))

!CBB_add_u16_l...ed(cbb, &exts)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

752

return 0;

never executed: return 0;

753

if ((ext_len = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts,

(ext_len = i2d... *)0) )) == -1	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

754

NULL)) == -1)

(ext_len = i2d... *)0) )) == -1	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

755

return 0;

never executed: return 0;

756

if (!CBB_add_space(&exts, &ext_data, ext_len))

!CBB_add_space...data, ext_len)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

757

return 0;

never executed: return 0;

758

if ((i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ext_data) !=

(i2d_X509_EXTE...a) != ext_len)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

759

ext_len))

(i2d_X509_EXTE...a) != ext_len)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

760

return 0;

never executed: return 0;

761

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

762

return 0;

never executed: return 0;

763

return 1;

executed 5 times by 2 tests: return 1;

Executed by:

tlsexttest
tlstest

764 } -

765 -

766 int -

767 tlsext_ocsp_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

768 { -

769 int failure = SSL_AD_DECODE_ERROR; -

770 CBS respid_list, respid, exts; -

771 const unsigned char *p; -

772 uint8_t status_type; -

773 int ret = 0; -

774 -

775

if (!CBS_get_u8(cbs, &status_type))

!CBS_get_u8(cbs, &status_type)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

776

goto err;

never executed: goto err;

777

if (status_type != TLSEXT_STATUSTYPE_ocsp) {

status_type != 1	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

778 /* ignore unknown status types */ -

779 s->tlsext_status_type = -1; -

780 -

781

if (!CBS_skip(cbs, CBS_len(cbs))) {

!CBS_skip(cbs, CBS_len(cbs))	Description
TRUE	never evaluated
FALSE	never evaluated

782 *alert = TLS1_AD_INTERNAL_ERROR; -

783

return 0;

never executed: return 0;

784 } -

785

return 1;

never executed: return 1;

786 } -

787 s->tlsext_status_type = status_type; -

788

if (!CBS_get_u16_length_prefixed(cbs, &respid_list))

!CBS_get_u16_l... &respid_list)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

789

goto err;

never executed: goto err;

790 -

791 /* XXX */ -

792 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); -

793 s->internal->tlsext_ocsp_ids = NULL; -

794

if (CBS_len(&respid_list) > 0) {

CBS_len(&respid_list) > 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

795 s->internal->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null(); -

796

if (s->internal->tlsext_ocsp_ids == NULL) {

s->internal->t...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

797 failure = SSL_AD_INTERNAL_ERROR; -

798

goto err;

never executed: goto err;

799 } -

800

}

never executed: end of block

801 -

802

while (CBS_len(&respid_list) > 0) {

CBS_len(&respid_list) > 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

803 OCSP_RESPID *id; -

804 -

805

if (!CBS_get_u16_length_prefixed(&respid_list, &respid))

!CBS_get_u16_l...list, &respid)	Description
TRUE	never evaluated
FALSE	never evaluated

806

goto err;

never executed: goto err;

807 p = CBS_data(&respid); -

808

if ((id = d2i_OCSP_RESPID(NULL, &p, CBS_len(&respid))) == NULL)

(id = d2i_OCSP...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

809

goto err;

never executed: goto err;

810

if (!sk_OCSP_RESPID_push(s->internal->tlsext_ocsp_ids, id)) {

!sk_push(((_ST...P_RESPID*)0)))	Description
TRUE	never evaluated
FALSE	never evaluated

811 failure = SSL_AD_INTERNAL_ERROR; -

812 OCSP_RESPID_free(id); -

813

goto err;

never executed: goto err;

814 } -

815

}

never executed: end of block

816 -

817 /* Read in request_extensions */ -

818

if (!CBS_get_u16_length_prefixed(cbs, &exts))

!CBS_get_u16_l...ed(cbs, &exts)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

819

goto err;

never executed: goto err;

820

if (CBS_len(&exts) > 0) {

CBS_len(&exts) > 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

821 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, -

822 X509_EXTENSION_free); -

823 p = CBS_data(&exts); -

824

if ((s->internal->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL,

(s->internal->...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

825

&p, CBS_len(&exts))) == NULL)

(s->internal->...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

826

goto err;

never executed: goto err;

827

}

never executed: end of block

828 -

829 /* should be nothing left */ -

830

if (CBS_len(cbs) > 0)

CBS_len(cbs) > 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

831

goto err;

never executed: goto err;

832 -

833 ret = 1; -

834

err:

code before this statement executed 5 times by 2 tests: err:

Executed by:

tlsexttest
tlstest

835

if (ret == 0)

ret == 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 2 tests Evaluated by: tlsexttest tlstest

0-5

836

*alert = failure;

never executed: *alert = failure;

837

return ret;

executed 5 times by 2 tests: return ret;

Executed by:

tlsexttest
tlstest

838 } -

839 -

840 int -

841 tlsext_ocsp_serverhello_needs(SSL *s) -

842 { -

843

return s->internal->tlsext_status_expected;

executed 69 times by 4 tests: return s->internal->tlsext_status_expected;

Executed by:

servertest
ssltest
tlsexttest
tlstest

844 } -

845 -

846 int -

847 tlsext_ocsp_serverhello_build(SSL *s, CBB *cbb) -

848 { -

849

return 1;

executed 2 times by 1 test: return 1;

Executed by:

tlsexttest

850 } -

851 -

852 int -

853 tlsext_ocsp_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

854 { -

855

if (s->tlsext_status_type == -1) {

s->tlsext_status_type == -1	Description
TRUE	never evaluated
FALSE	never evaluated

856 *alert = TLS1_AD_UNSUPPORTED_EXTENSION; -

857

return 0;

never executed: return 0;

858 } -

859 /* Set flag to expect CertificateStatus message */ -

860 s->internal->tlsext_status_expected = 1; -

861

return 1;

never executed: return 1;

862 } -

863 -

864 /* -

865 * SessionTicket extension - RFC 5077 section 3.2 -

866 */ -

867 int -

868 tlsext_sessionticket_clienthello_needs(SSL *s) -

869 { -

870 /* -

871 * Send session ticket extension when enabled and not overridden. -

872 * -

873 * When renegotiating, send an empty session ticket to indicate support. -

874 */ -

875

if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0)

(SSL_ctrl((s),...0004000L) != 0	Description
TRUE	evaluated 6 times by 2 tests Evaluated by: tlsexttest tlstest
FALSE	evaluated 78 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

6-78

876

return 0;

executed 6 times by 2 tests: return 0;

Executed by:

tlsexttest
tlstest

877 -

878

if (s->internal->new_session)

s->internal->new_session	Description
TRUE	never evaluated
FALSE	evaluated 78 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

0-78

879

return 1;

never executed: return 1;

880 -

881

if (s->internal->tlsext_session_ticket != NULL &&

s->internal->t...!= ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 76 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

2-76

882

s->internal->tlsext_session_ticket->data == NULL)

s->internal->t...== ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

883

return 0;

executed 1 time by 1 test: return 0;

Executed by:

tlsexttest

884 -

885

return 1;

executed 77 times by 3 tests: return 1;

Executed by:

clienttest
ssltest
tlsexttest

886 } -

887 -

888 int -

889 tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb) -

890 { -

891 /* -

892 * Signal that we support session tickets by sending an empty -

893 * extension when renegotiating or no session found. -

894 */ -

895

if (s->internal->new_session || s->session == NULL)

s->internal->new_session	Description
TRUE	never evaluated
FALSE	evaluated 75 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

s->session == ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 73 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

0-75

896

return 1;

executed 2 times by 1 test: return 1;

Executed by:

tlsexttest

897 -

898

if (s->session->tlsext_tick != NULL) {

s->session->tl...!= ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 72 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

1-72

899 /* Attempt to resume with an existing session ticket */ -

900

if (!CBB_add_bytes(cbb, s->session->tlsext_tick,

!CBB_add_bytes...lsext_ticklen)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

901

s->session->tlsext_ticklen))

!CBB_add_bytes...lsext_ticklen)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

902

return 0;

never executed: return 0;

903 -

904

} else if (s->internal->tlsext_session_ticket != NULL) {

executed 1 time by 1 test: end of block

Executed by:

tlsexttest

s->internal->t...!= ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 71 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

1-71

905 /* -

906 * Attempt to resume with a custom provided session ticket set -

907 * by SSL_set_session_ticket_ext(). -

908 */ -

909

if (s->internal->tlsext_session_ticket->length > 0) {

s->internal->t...et->length > 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	never evaluated

0-1

910 size_t ticklen = s->internal->tlsext_session_ticket->length; -

911 -

912

if ((s->session->tlsext_tick = malloc(ticklen)) == NULL)

(s->session->t...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

913

return 0;

never executed: return 0;

914 memcpy(s->session->tlsext_tick, -

915 s->internal->tlsext_session_ticket->data, -

916 ticklen); -

917 s->session->tlsext_ticklen = ticklen; -

918 -

919

if (!CBB_add_bytes(cbb, s->session->tlsext_tick,

!CBB_add_bytes...lsext_ticklen)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

920

s->session->tlsext_ticklen))

!CBB_add_bytes...lsext_ticklen)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

921

return 0;

never executed: return 0;

922

}

executed 1 time by 1 test: end of block

Executed by:

tlsexttest

923

}

executed 1 time by 1 test: end of block

Executed by:

tlsexttest

924 -

925

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 73 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

0-73

926

return 0;

never executed: return 0;

927 -

928

return 1;

executed 73 times by 3 tests: return 1;

Executed by:

clienttest
ssltest
tlsexttest

929 } -

930 -

931 int -

932 tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

933 { -

934

if (s->internal->tls_session_ticket_ext_cb) {

s->internal->t..._ticket_ext_cb	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: ssltest

0-59

935

if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),

!s->internal->...et_ext_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

936

(int)CBS_len(cbs),

!s->internal->...et_ext_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

937

s->internal->tls_session_ticket_ext_cb_arg)) {

!s->internal->...et_ext_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

938 *alert = TLS1_AD_INTERNAL_ERROR; -

939

return 0;

never executed: return 0;

940 } -

941

}

never executed: end of block

942 -

943 /* We need to signal that this was processed fully */ -

944

if (!CBS_skip(cbs, CBS_len(cbs))) {

!CBS_skip(cbs, CBS_len(cbs))	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: ssltest

0-59

945 *alert = TLS1_AD_INTERNAL_ERROR; -

946

return 0;

never executed: return 0;

947 } -

948 -

949

return 1;

executed 59 times by 1 test: return 1;

Executed by:

ssltest

950 } -

951 -

952 int -

953 tlsext_sessionticket_serverhello_needs(SSL *s) -

954 { -

955

return (s->internal->tlsext_ticket_expected &&

executed 71 times by 4 tests: return (s->internal->tlsext_ticket_expected && !(SSL_ctrl((s),32,0, ((void *)0) ) & 0x00004000L));

Executed by:

servertest
ssltest
tlsexttest
tlstest

s->internal->t...icket_expected	Description
TRUE	evaluated 61 times by 2 tests Evaluated by: ssltest tlsexttest
FALSE	evaluated 10 times by 3 tests Evaluated by: servertest tlsexttest tlstest

10-71

956

!(SSL_get_options(s) & SSL_OP_NO_TICKET));

executed 71 times by 4 tests: return (s->internal->tlsext_ticket_expected && !(SSL_ctrl((s),32,0, ((void *)0) ) & 0x00004000L));

Executed by:

servertest
ssltest
tlsexttest
tlstest

!(SSL_ctrl((s)...& 0x00004000L)	Description
TRUE	evaluated 61 times by 2 tests Evaluated by: ssltest tlsexttest
FALSE	never evaluated

0-71

957 } -

958 -

959 int -

960 tlsext_sessionticket_serverhello_build(SSL *s, CBB *cbb) -

961 { -

962 /* Empty ticket */ -

963 -

964

return 1;

executed 61 times by 2 tests: return 1;

Executed by:

ssltest
tlsexttest

965 } -

966 -

967 int -

968 tlsext_sessionticket_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

969 { -

970

if (s->internal->tls_session_ticket_ext_cb) {

s->internal->t..._ticket_ext_cb	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: ssltest

0-59

971

if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),

!s->internal->...et_ext_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

972

(int)CBS_len(cbs),

!s->internal->...et_ext_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

973

s->internal->tls_session_ticket_ext_cb_arg)) {

!s->internal->...et_ext_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

974 *alert = TLS1_AD_INTERNAL_ERROR; -

975

return 0;

never executed: return 0;

976 } -

977

}

never executed: end of block

978 -

979

if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 || CBS_len(cbs) > 0) {

(SSL_ctrl((s),...0004000L) != 0	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: ssltest

CBS_len(cbs) > 0	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: ssltest

0-59

980 *alert = TLS1_AD_UNSUPPORTED_EXTENSION; -

981

return 0;

never executed: return 0;

982 } -

983 -

984 s->internal->tlsext_ticket_expected = 1; -

985 -

986

return 1;

executed 59 times by 1 test: return 1;

Executed by:

ssltest

987 } -

988 -

989 /* -

990 * DTLS extension for SRTP key establishment - RFC 5764 -

991 */ -

992 -

993 #ifndef OPENSSL_NO_SRTP -

994 -

995 int -

996 tlsext_srtp_clienthello_needs(SSL *s) -

997 { -

998

return SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) != NULL;

executed 79 times by 4 tests: return (s->method->internal->version == 0xFEFF) && SSL_get_srtp_profiles(s) != ((void *)0) ;

Executed by:

clienttest
ssltest
tlsexttest
tlstest

(s->method->in...ion == 0xFEFF)	Description
TRUE	evaluated 15 times by 3 tests Evaluated by: clienttest ssltest tlsexttest
FALSE	evaluated 64 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

SSL_get_srtp_p...!= ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 13 times by 3 tests Evaluated by: clienttest ssltest tlsexttest

2-79

999 } -

1000 -

1001 int -

1002 tlsext_srtp_clienthello_build(SSL *s, CBB *cbb) -

1003 { -

1004 CBB profiles, mki; -

1005 int ct, i; -

1006 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL; -

1007 SRTP_PROTECTION_PROFILE *prof; -

1008 -

1009

if ((clnt = SSL_get_srtp_profiles(s)) == NULL) {

(clnt = SSL_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

1010 SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); -

1011

return 0;

never executed: return 0;

1012 } -

1013 -

1014

if ((ct = sk_SRTP_PROTECTION_PROFILE_num(clnt)) < 1) {

(ct = sk_num((...ILE*)0)))) < 1	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

1015 SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); -

1016

return 0;

never executed: return 0;

1017 } -

1018 -

1019

if (!CBB_add_u16_length_prefixed(cbb, &profiles))

!CBB_add_u16_l...bb, &profiles)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

1020

return 0;

never executed: return 0;

1021 -

1022

for (i = 0; i < ct; i++) {

i < ct	Description
TRUE	evaluated 3 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

2-3

1023

if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) == NULL)

(prof = ((SRTP...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

0-3

1024

return 0;

never executed: return 0;

1025

if (!CBB_add_u16(&profiles, prof->id))

!CBB_add_u16(&...les, prof->id)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

0-3

1026

return 0;

never executed: return 0;

1027

}

executed 3 times by 1 test: end of block

Executed by:

tlsexttest

1028 -

1029

if (!CBB_add_u8_length_prefixed(cbb, &mki))

!CBB_add_u8_le...xed(cbb, &mki)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

1030

return 0;

never executed: return 0;

1031 -

1032

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

1033

return 0;

never executed: return 0;

1034 -

1035

return 1;

executed 2 times by 1 test: return 1;

Executed by:

tlsexttest

1036 } -

1037 -

1038 int -

1039 tlsext_srtp_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

1040 { -

1041 SRTP_PROTECTION_PROFILE *cprof, *sprof; -

1042 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr; -

1043 int i, j; -

1044 int ret; -

1045 uint16_t id; -

1046 CBS profiles, mki; -

1047 -

1048 ret = 0; -

1049 -

1050

if (!CBS_get_u16_length_prefixed(cbs, &profiles))

!CBS_get_u16_l...bs, &profiles)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1051

goto err;

never executed: goto err;

1052

if (CBS_len(&profiles) == 0 || CBS_len(&profiles) % 2 != 0)

CBS_len(&profiles) == 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

CBS_len(&profiles) % 2 != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1053

goto err;

never executed: goto err;

1054 -

1055

if ((clnt = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL)

(clnt = ((stru...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1056

goto err;

never executed: goto err;

1057 -

1058

while (CBS_len(&profiles) > 0) {

CBS_len(&profiles) > 0	Description
TRUE	evaluated 7 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

4-7

1059

if (!CBS_get_u16(&profiles, &id))

!CBS_get_u16(&profiles, &id)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: tlsexttest

0-7

1060

goto err;

never executed: goto err;

1061 -

1062

if (!srtp_find_profile_by_num(id, &cprof)) {

!srtp_find_pro...um(id, &cprof)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

3-4

1063

if (!sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof))

!sk_push(((_ST..._PROFILE*)0)))	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1064

goto err;

never executed: goto err;

1065

}

executed 4 times by 1 test: end of block

Executed by:

tlsexttest

1066

}

executed 7 times by 1 test: end of block

Executed by:

tlsexttest

1067 -

1068

if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) {

!CBS_get_u8_le...xed(cbs, &mki)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

CBS_len(&mki) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1069 SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE); -

1070 *alert = SSL_AD_DECODE_ERROR; -

1071

goto done;

never executed: goto done;

1072 } -

1073

if (CBS_len(cbs) != 0)

CBS_len(cbs) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1074

goto err;

never executed: goto err;

1075 -

1076 /* -

1077 * Per RFC 5764 section 4.1.1 -

1078 * -

1079 * Find the server preferred profile using the client's list. -

1080 * -

1081 * The server MUST send a profile if it sends the use_srtp -

1082 * extension. If one is not found, it should fall back to the -

1083 * negotiated DTLS cipher suite or return a DTLS alert. -

1084 */ -

1085

if ((srvr = SSL_get_srtp_profiles(s)) == NULL)

(srvr = SSL_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1086

goto err;

never executed: goto err;

1087

for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {

i < sk_num(((_..._PROFILE*)0)))	Description
TRUE	evaluated 6 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

1-6

1088

if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i))

(sprof = ((SRT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: tlsexttest

0-6

1089

== NULL)

(sprof = ((SRT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: tlsexttest

0-6

1090

goto err;

never executed: goto err;

1091 -

1092

for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {

j < sk_num(((_..._PROFILE*)0)))	Description
TRUE	evaluated 4 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

3-4

1093

if ((cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j))

(cprof = ((SRT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1094

== NULL)

(cprof = ((SRT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: tlsexttest

0-4

1095

goto err;

never executed: goto err;

1096 -

1097

if (cprof->id == sprof->id) {

cprof->id == sprof->id	Description
TRUE	evaluated 3 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

1-3

1098 s->internal->srtp_profile = sprof; -

1099 ret = 1; -

1100

goto done;

executed 3 times by 1 test: goto done;

Executed by:

tlsexttest

1101 } -

1102

}

executed 1 time by 1 test: end of block

Executed by:

tlsexttest

1103

}

executed 3 times by 1 test: end of block

Executed by:

tlsexttest

1104 -

1105 /* If we didn't find anything, fall back to the negotiated */ -

1106 ret = 1; -

1107

goto done;

executed 1 time by 1 test: goto done;

Executed by:

tlsexttest

1108 -

1109 err: -

1110 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); -

1111 *alert = SSL_AD_DECODE_ERROR; -

1112 -

1113

done:

code before this statement never executed: done:

1114 sk_SRTP_PROTECTION_PROFILE_free(clnt); -

1115

return ret;

executed 4 times by 1 test: return ret;

Executed by:

tlsexttest

1116 } -

1117 -

1118 int -

1119 tlsext_srtp_serverhello_needs(SSL *s) -

1120 { -

1121

return SSL_IS_DTLS(s) && SSL_get_selected_srtp_profile(s) != NULL;

executed 73 times by 4 tests: return (s->method->internal->version == 0xFEFF) && SSL_get_selected_srtp_profile(s) != ((void *)0) ;

Executed by:

servertest
ssltest
tlsexttest
tlstest

(s->method->in...ion == 0xFEFF)	Description
TRUE	evaluated 17 times by 2 tests Evaluated by: ssltest tlsexttest
FALSE	evaluated 56 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest

SSL_get_select...!= ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 13 times by 2 tests Evaluated by: ssltest tlsexttest

4-73

1122 } -

1123 -

1124 int -

1125 tlsext_srtp_serverhello_build(SSL *s, CBB *cbb) -

1126 { -

1127 SRTP_PROTECTION_PROFILE *profile; -

1128 CBB srtp, mki; -

1129 -

1130

if (!CBB_add_u16_length_prefixed(cbb, &srtp))

!CBB_add_u16_l...ed(cbb, &srtp)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

1131

return 0;

never executed: return 0;

1132 -

1133

if ((profile = SSL_get_selected_srtp_profile(s)) == NULL)

(profile = SSL...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

1134

return 0;

never executed: return 0;

1135 -

1136

if (!CBB_add_u16(&srtp, profile->id))

!CBB_add_u16(&..., profile->id)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

1137

return 0;

never executed: return 0;

1138 -

1139

if (!CBB_add_u8_length_prefixed(cbb, &mki))

!CBB_add_u8_le...xed(cbb, &mki)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

1140

return 0;

never executed: return 0;

1141 -

1142

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

0-1

1143

return 0;

never executed: return 0;

1144 -

1145

return 1;

executed 1 time by 1 test: return 1;

Executed by:

tlsexttest

1146 } -

1147 -

1148 int -

1149 tlsext_srtp_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

1150 { -

1151 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; -

1152 SRTP_PROTECTION_PROFILE *prof; -

1153 int i; -

1154 uint16_t id; -

1155 CBS profile_ids, mki; -

1156 -

1157

if (!CBS_get_u16_length_prefixed(cbs, &profile_ids)) {

!CBS_get_u16_l... &profile_ids)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

0-3

1158 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); -

1159

goto err;

never executed: goto err;

1160 } -

1161 -

1162

if (!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {

!CBS_get_u16(&...file_ids, &id)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

CBS_len(&profile_ids) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-3

1163 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); -

1164

goto err;

executed 1 time by 1 test: goto err;

Executed by:

tlsexttest

1165 } -

1166 -

1167

if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) {

!CBS_get_u8_le...xed(cbs, &mki)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

CBS_len(&mki) != 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

1168 SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE); -

1169 *alert = SSL_AD_ILLEGAL_PARAMETER; -

1170

return 0;

never executed: return 0;

1171 } -

1172 -

1173

if ((clnt = SSL_get_srtp_profiles(s)) == NULL) {

(clnt = SSL_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

0-2

1174 SSLerror(s, SSL_R_NO_SRTP_PROFILES); -

1175

goto err;

never executed: goto err;

1176 } -

1177 -

1178

for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {

i < sk_num(((_..._PROFILE*)0)))	Description
TRUE	evaluated 3 times by 1 test Evaluated by: tlsexttest
FALSE	evaluated 1 time by 1 test Evaluated by: tlsexttest

1-3

1179

if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i))

(prof = ((SRTP...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

0-3

1180

== NULL) {

(prof = ((SRTP...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: tlsexttest

0-3

1181 SSLerror(s, SSL_R_NO_SRTP_PROFILES); -

1182

goto err;

never executed: goto err;

1183 } -

1184 -

1185

if (prof->id == id) {

prof->id == id	Description
TRUE	evaluated 1 time by 1 test Evaluated by: tlsexttest
FALSE	evaluated 2 times by 1 test Evaluated by: tlsexttest

1-2

1186 s->internal->srtp_profile = prof; -

1187

return 1;

executed 1 time by 1 test: return 1;

Executed by:

tlsexttest

1188 } -

1189

}

executed 2 times by 1 test: end of block

Executed by:

tlsexttest

1190 -

1191 SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); -

1192

err:

code before this statement executed 1 time by 1 test: err:

Executed by:

tlsexttest

1193 *alert = SSL_AD_DECODE_ERROR; -

1194

return 0;

executed 2 times by 1 test: return 0;

Executed by:

tlsexttest

1195 } -

1196 -

1197 #endif /* OPENSSL_NO_SRTP */ -

1198 -

1199 struct tls_extension { -

1200 uint16_t type; -

1201 int (*clienthello_needs)(SSL *s); -

1202 int (*clienthello_build)(SSL *s, CBB *cbb); -

1203 int (*clienthello_parse)(SSL *s, CBS *cbs, int *alert); -

1204 int (*serverhello_needs)(SSL *s); -

1205 int (*serverhello_build)(SSL *s, CBB *cbb); -

1206 int (*serverhello_parse)(SSL *s, CBS *cbs, int *alert); -

1207 }; -

1208 -

1209 static struct tls_extension tls_extensions[] = { -

1210 { -

1211 .type = TLSEXT_TYPE_server_name, -

1212 .clienthello_needs = tlsext_sni_clienthello_needs, -

1213 .clienthello_build = tlsext_sni_clienthello_build, -

1214 .clienthello_parse = tlsext_sni_clienthello_parse, -

1215 .serverhello_needs = tlsext_sni_serverhello_needs, -

1216 .serverhello_build = tlsext_sni_serverhello_build, -

1217 .serverhello_parse = tlsext_sni_serverhello_parse, -

1218 }, -

1219 { -

1220 .type = TLSEXT_TYPE_renegotiate, -

1221 .clienthello_needs = tlsext_ri_clienthello_needs, -

1222 .clienthello_build = tlsext_ri_clienthello_build, -

1223 .clienthello_parse = tlsext_ri_clienthello_parse, -

1224 .serverhello_needs = tlsext_ri_serverhello_needs, -

1225 .serverhello_build = tlsext_ri_serverhello_build, -

1226 .serverhello_parse = tlsext_ri_serverhello_parse, -

1227 }, -

1228 { -

1229 .type = TLSEXT_TYPE_status_request, -

1230 .clienthello_needs = tlsext_ocsp_clienthello_needs, -

1231 .clienthello_build = tlsext_ocsp_clienthello_build, -

1232 .clienthello_parse = tlsext_ocsp_clienthello_parse, -

1233 .serverhello_needs = tlsext_ocsp_serverhello_needs, -

1234 .serverhello_build = tlsext_ocsp_serverhello_build, -

1235 .serverhello_parse = tlsext_ocsp_serverhello_parse, -

1236 }, -

1237 { -

1238 .type = TLSEXT_TYPE_ec_point_formats, -

1239 .clienthello_needs = tlsext_ecpf_clienthello_needs, -

1240 .clienthello_build = tlsext_ecpf_clienthello_build, -

1241 .clienthello_parse = tlsext_ecpf_clienthello_parse, -

1242 .serverhello_needs = tlsext_ecpf_serverhello_needs, -

1243 .serverhello_build = tlsext_ecpf_serverhello_build, -

1244 .serverhello_parse = tlsext_ecpf_serverhello_parse, -

1245 }, -

1246 { -

1247 .type = TLSEXT_TYPE_elliptic_curves, -

1248 .clienthello_needs = tlsext_ec_clienthello_needs, -

1249 .clienthello_build = tlsext_ec_clienthello_build, -

1250 .clienthello_parse = tlsext_ec_clienthello_parse, -

1251 .serverhello_needs = tlsext_ec_serverhello_needs, -

1252 .serverhello_build = tlsext_ec_serverhello_build, -

1253 .serverhello_parse = tlsext_ec_serverhello_parse, -

1254 }, -

1255 { -

1256 .type = TLSEXT_TYPE_session_ticket, -

1257 .clienthello_needs = tlsext_sessionticket_clienthello_needs, -

1258 .clienthello_build = tlsext_sessionticket_clienthello_build, -

1259 .clienthello_parse = tlsext_sessionticket_clienthello_parse, -

1260 .serverhello_needs = tlsext_sessionticket_serverhello_needs, -

1261 .serverhello_build = tlsext_sessionticket_serverhello_build, -

1262 .serverhello_parse = tlsext_sessionticket_serverhello_parse, -

1263 }, -

1264 { -

1265 .type = TLSEXT_TYPE_signature_algorithms, -

1266 .clienthello_needs = tlsext_sigalgs_clienthello_needs, -

1267 .clienthello_build = tlsext_sigalgs_clienthello_build, -

1268 .clienthello_parse = tlsext_sigalgs_clienthello_parse, -

1269 .serverhello_needs = tlsext_sigalgs_serverhello_needs, -

1270 .serverhello_build = tlsext_sigalgs_serverhello_build, -

1271 .serverhello_parse = tlsext_sigalgs_serverhello_parse, -

1272 }, -

1273 { -

1274 .type = TLSEXT_TYPE_application_layer_protocol_negotiation, -

1275 .clienthello_needs = tlsext_alpn_clienthello_needs, -

1276 .clienthello_build = tlsext_alpn_clienthello_build, -

1277 .clienthello_parse = tlsext_alpn_clienthello_parse, -

1278 .serverhello_needs = tlsext_alpn_serverhello_needs, -

1279 .serverhello_build = tlsext_alpn_serverhello_build, -

1280 .serverhello_parse = tlsext_alpn_serverhello_parse, -

1281 }, -

1282 #ifndef OPENSSL_NO_SRTP -

1283 { -

1284 .type = TLSEXT_TYPE_use_srtp, -

1285 .clienthello_needs = tlsext_srtp_clienthello_needs, -

1286 .clienthello_build = tlsext_srtp_clienthello_build, -

1287 .clienthello_parse = tlsext_srtp_clienthello_parse, -

1288 .serverhello_needs = tlsext_srtp_serverhello_needs, -

1289 .serverhello_build = tlsext_srtp_serverhello_build, -

1290 .serverhello_parse = tlsext_srtp_serverhello_parse, -

1291 } -

1292 #endif /* OPENSSL_NO_SRTP */ -

1293 }; -

1294 -

1295 #define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions)) -

1296 -

1297 /* Ensure that extensions fit in a uint32_t bitmask. */ -

1298 CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8)); -

1299 -

1300 static struct tls_extension * -

1301 tls_extension_find(uint16_t type, size_t *tls_extensions_idx) -

1302 { -

1303 size_t i; -

1304 -

1305

for (i = 0; i < N_TLS_EXTENSIONS; i++) {

i < (sizeof(tl...s_extensions))	Description
TRUE	evaluated 1744 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest
FALSE	never evaluated

0-1744

1306

if (tls_extensions[i].type == type) {

tls_extensions[i].type == type	Description
TRUE	evaluated 347 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest
FALSE	evaluated 1397 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

347-1397

1307 *tls_extensions_idx = i; -

1308

return &tls_extensions[i];

executed 347 times by 3 tests: return &tls_extensions[i];

Executed by:

ssltest
tls_ext_alpn
tlstest

347

1309 } -

1310

}

executed 1397 times by 3 tests: end of block

Executed by:

ssltest
tls_ext_alpn
tlstest

1397

1311 -

1312

return NULL;

never executed: return ((void *)0) ;

1313 } -

1314 -

1315 static int -

1316 tls_extension_needs(struct tls_extension *tlsext, int is_serverhello, SSL *s) -

1317 { -

1318

if (is_serverhello)

is_serverhello	Description
TRUE	evaluated 603 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest
FALSE	evaluated 684 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

603-684

1319

return tlsext->serverhello_needs(s);

executed 603 times by 4 tests: return tlsext->serverhello_needs(s);

Executed by:

servertest
ssltest
tlsexttest
tlstest

603

1320

return tlsext->clienthello_needs(s);

executed 684 times by 4 tests: return tlsext->clienthello_needs(s);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

684

1321 } -

1322 -

1323 static int -

1324 tls_extension_build(struct tls_extension *tlsext, int is_serverhello, SSL *s, -

1325 CBB *cbb) -

1326 { -

1327

if (is_serverhello)

is_serverhello	Description
TRUE	evaluated 165 times by 4 tests Evaluated by: servertest ssltest tlsexttest tlstest
FALSE	evaluated 204 times by 4 tests Evaluated by: clienttest ssltest tlsexttest tlstest

165-204

1328

return tlsext->serverhello_build(s, cbb);

executed 165 times by 4 tests: return tlsext->serverhello_build(s, cbb);

Executed by:

servertest
ssltest
tlsexttest
tlstest

165

1329

return tlsext->clienthello_build(s, cbb);

executed 204 times by 4 tests: return tlsext->clienthello_build(s, cbb);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

204

1330 } -

1331 -

1332 static int -

1333 tls_extension_parse(struct tls_extension *tlsext, int is_serverhello, SSL *s, -

1334 CBS *cbs, int *alert) -

1335 { -

1336

if (is_serverhello)

is_serverhello	Description
TRUE	evaluated 171 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest
FALSE	evaluated 176 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

171-176

1337

return tlsext->serverhello_parse(s, cbs, alert);

executed 171 times by 3 tests: return tlsext->serverhello_parse(s, cbs, alert);

Executed by:

ssltest
tls_ext_alpn
tlstest

171

1338

return tlsext->clienthello_parse(s, cbs, alert);

executed 176 times by 3 tests: return tlsext->clienthello_parse(s, cbs, alert);

Executed by:

ssltest
tls_ext_alpn
tlstest

176

1339 } -

1340 -

1341 static int -

1342 tlsext_build(SSL *s, CBB *cbb, int is_serverhello) -

1343 { -

1344 CBB extensions, extension_data; -

1345 struct tls_extension *tlsext; -

1346 int extensions_present = 0; -

1347 size_t i; -

1348 -

1349

if (!CBB_add_u16_length_prefixed(cbb, &extensions))

!CBB_add_u16_l..., &extensions)	Description
TRUE	never evaluated
FALSE	evaluated 143 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

0-143

1350

return 0;

never executed: return 0;

1351 -

1352

for (i = 0; i < N_TLS_EXTENSIONS; i++) {

i < (sizeof(tl...s_extensions))	Description
TRUE	evaluated 1287 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest
FALSE	evaluated 143 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

143-1287

1353 tlsext = &tls_extensions[i]; -

1354 -

1355

if (!tls_extension_needs(tlsext, is_serverhello, s))

!tls_extension...erverhello, s)	Description
TRUE	evaluated 918 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest
FALSE	evaluated 369 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

369-918

1356

continue;

executed 918 times by 5 tests: continue;

Executed by:

clienttest
servertest
ssltest
tlsexttest
tlstest

918

1357 -

1358

if (!CBB_add_u16(&extensions, tlsext->type))

!CBB_add_u16(&... tlsext->type)	Description
TRUE	never evaluated
FALSE	evaluated 369 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

0-369

1359

return 0;

never executed: return 0;

1360

if (!CBB_add_u16_length_prefixed(&extensions, &extension_data))

!CBB_add_u16_l...xtension_data)	Description
TRUE	never evaluated
FALSE	evaluated 369 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

0-369

1361

return 0;

never executed: return 0;

1362 -

1363

if (!tls_extension_build(tlsext, is_serverhello, s,

!tls_extension...xtension_data)	Description
TRUE	never evaluated
FALSE	evaluated 369 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

0-369

1364

&extension_data))

!tls_extension...xtension_data)	Description
TRUE	never evaluated
FALSE	evaluated 369 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

0-369

1365

return 0;

never executed: return 0;

1366 -

1367 extensions_present = 1; -

1368

}

executed 369 times by 5 tests: end of block

Executed by:

clienttest
servertest
ssltest
tlsexttest
tlstest

369

1369 -

1370

if (!extensions_present)

!extensions_present	Description
TRUE	evaluated 3 times by 2 tests Evaluated by: servertest tlsexttest
FALSE	evaluated 140 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

3-140

1371

CBB_discard_child(cbb);

executed 3 times by 2 tests: CBB_discard_child(cbb);

Executed by:

servertest
tlsexttest

1372 -

1373

if (!CBB_flush(cbb))

!CBB_flush(cbb)	Description
TRUE	never evaluated
FALSE	evaluated 143 times by 5 tests Evaluated by: clienttest servertest ssltest tlsexttest tlstest

0-143

1374

return 0;

never executed: return 0;

1375 -

1376

return 1;

executed 143 times by 5 tests: return 1;

Executed by:

clienttest
servertest
ssltest
tlsexttest
tlstest

143

1377 } -

1378 -

1379 static int -

1380 tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_serverhello) -

1381 { -

1382 CBS extensions, extension_data; -

1383 struct tls_extension *tlsext; -

1384 uint32_t extensions_seen = 0; -

1385 uint16_t type; -

1386 size_t idx; -

1387 -

1388 /* An empty extensions block is valid. */ -

1389

if (CBS_len(cbs) == 0)

CBS_len(cbs) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: servertest
FALSE	evaluated 170 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

2-170

1390

return 1;

executed 2 times by 1 test: return 1;

Executed by:

servertest

1391 -

1392 *alert = SSL_AD_DECODE_ERROR; -

1393 -

1394

if (!CBS_get_u16_length_prefixed(cbs, &extensions))

!CBS_get_u16_l..., &extensions)	Description
TRUE	evaluated 14 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 156 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

14-156

1395

return 0;

executed 14 times by 1 test: return 0;

Executed by:

tls_ext_alpn

1396 -

1397

while (CBS_len(&extensions) > 0) {

CBS_len(&extensions) > 0	Description
TRUE	evaluated 353 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest
FALSE	evaluated 133 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

133-353

1398

if (!CBS_get_u16(&extensions, &type))

!CBS_get_u16(&...nsions, &type)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 351 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

2-351

1399

return 0;

executed 2 times by 1 test: return 0;

Executed by:

tls_ext_alpn

1400

if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))

!CBS_get_u16_l...xtension_data)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 347 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

4-347

1401

return 0;

executed 4 times by 1 test: return 0;

Executed by:

tls_ext_alpn

1402 -

1403

if (s->internal->tlsext_debug_cb != NULL)

s->internal->t...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 347 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

0-347

1404

s->internal->tlsext_debug_cb(s, is_serverhello, type,

never executed:

s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);

1405

(unsigned char *)CBS_data(&extension_data),

never executed:

s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);

1406

CBS_len(&extension_data),

never executed:

s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);

1407

s->internal->tlsext_debug_arg);

never executed:

s->internal->tlsext_debug_cb(s, is_serverhello, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg);

1408 -

1409 /* Unknown extensions are ignored. */ -

1410

if ((tlsext = tls_extension_find(type, &idx)) == NULL)

(tlsext = tls_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 347 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

0-347

1411

continue;

never executed: continue;

1412 -

1413 /* Check for duplicate known extensions. */ -

1414

if ((extensions_seen & (1 << idx)) != 0)

(extensions_se... << idx)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 347 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

0-347

1415

return 0;

never executed: return 0;

1416 extensions_seen |= (1 << idx); -

1417 -

1418

if (!tls_extension_parse(tlsext, is_serverhello, s,

!tls_extension...n_data, alert)	Description
TRUE	evaluated 17 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 330 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

17-330

1419

&extension_data, alert))

!tls_extension...n_data, alert)	Description
TRUE	evaluated 17 times by 1 test Evaluated by: tls_ext_alpn
FALSE	evaluated 330 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

17-330

1420

return 0;

executed 17 times by 1 test: return 0;

Executed by:

tls_ext_alpn

1421 -

1422

if (CBS_len(&extension_data) != 0)

CBS_len(&extension_data) != 0	Description
TRUE	never evaluated
FALSE	evaluated 330 times by 3 tests Evaluated by: ssltest tls_ext_alpn tlstest

0-330

1423

return 0;

never executed: return 0;

1424

}

executed 330 times by 3 tests: end of block

Executed by:

ssltest
tls_ext_alpn
tlstest

330

1425 -

1426

return 1;

executed 133 times by 3 tests: return 1;

Executed by:

ssltest
tls_ext_alpn
tlstest

133

1427 } -

1428 -

1429 static void -

1430 tlsext_clienthello_reset_state(SSL *s) -

1431 { -

1432 s->internal->servername_done = 0; -

1433 s->tlsext_status_type = -1; -

1434 S3I(s)->renegotiate_seen = 0; -

1435 free(S3I(s)->alpn_selected); -

1436 S3I(s)->alpn_selected = NULL; -

1437 s->internal->srtp_profile = NULL; -

1438

}

executed 87 times by 4 tests: end of block

Executed by:

servertest
ssltest
tls_ext_alpn
tlstest

1439 -

1440 int -

1441 tlsext_clienthello_build(SSL *s, CBB *cbb) -

1442 { -

1443

return tlsext_build(s, cbb, 0);

executed 76 times by 4 tests: return tlsext_build(s, cbb, 0);

Executed by:

clienttest
ssltest
tlsexttest
tlstest

1444 } -

1445 -

1446 int -

1447 tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert) -

1448 { -

1449 /* XXX - this possibly should be done by the caller... */ -

1450 tlsext_clienthello_reset_state(s); -

1451 -

1452

return tlsext_parse(s, cbs, alert, 0);

executed 87 times by 4 tests: return tlsext_parse(s, cbs, alert, 0);

Executed by:

servertest
ssltest
tls_ext_alpn
tlstest

1453 } -

1454 -

1455 static void -

1456 tlsext_serverhello_reset_state(SSL *s) -

1457 { -

1458 S3I(s)->renegotiate_seen = 0; -

1459 free(S3I(s)->alpn_selected); -

1460 S3I(s)->alpn_selected = NULL; -

1461

}

executed 85 times by 3 tests: end of block

Executed by:

ssltest
tls_ext_alpn
tlstest

1462 -

1463 int -

1464 tlsext_serverhello_build(SSL *s, CBB *cbb) -

1465 { -

1466

return tlsext_build(s, cbb, 1);

executed 67 times by 4 tests: return tlsext_build(s, cbb, 1);

Executed by:

servertest
ssltest
tlsexttest
tlstest

1467 } -

1468 -

1469 int -

1470 tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert) -

1471 { -

1472 /* XXX - this possibly should be done by the caller... */ -

1473 tlsext_serverhello_reset_state(s); -

1474 -

1475

return tlsext_parse(s, cbs, alert, 1);

executed 85 times by 3 tests: return tlsext_parse(s, cbs, alert, 1);

Executed by:

ssltest
tls_ext_alpn
tlstest

1476 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2