OpenCoverage

ssl_lib.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/ssl_lib.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved-
4 * Copyright 2005 Nokia. All rights reserved.-
5 *-
6 * Licensed under the OpenSSL license (the "License"). You may not use-
7 * this file except in compliance with the License. You can obtain a copy-
8 * in the file LICENSE in the source distribution or at-
9 * https://www.openssl.org/source/license.html-
10 */-
11-
12#include <stdio.h>-
13#include "ssl_locl.h"-
14#include <openssl/objects.h>-
15#include <openssl/x509v3.h>-
16#include <openssl/rand.h>-
17#include <openssl/rand_drbg.h>-
18#include <openssl/ocsp.h>-
19#include <openssl/dh.h>-
20#include <openssl/engine.h>-
21#include <openssl/async.h>-
22#include <openssl/ct.h>-
23#include "internal/cryptlib.h"-
24#include "internal/refcount.h"-
25-
26const char SSL_version_str[] = OPENSSL_VERSION_TEXT;-
27-
28static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)-
29{-
30 (void)r;-
31 (void)s;-
32 (void)t;-
33 return ssl_undefined_function(ssl);
never executed: return ssl_undefined_function(ssl);
0
34}-
35-
36static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,-
37 int t)-
38{-
39 (void)r;-
40 (void)s;-
41 (void)t;-
42 return ssl_undefined_function(ssl);
never executed: return ssl_undefined_function(ssl);
0
43}-
44-
45static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,-
46 unsigned char *s, size_t t, size_t *u)-
47{-
48 (void)r;-
49 (void)s;-
50 (void)t;-
51 (void)u;-
52 return ssl_undefined_function(ssl);
never executed: return ssl_undefined_function(ssl);
0
53}-
54-
55static int ssl_undefined_function_4(SSL *ssl, int r)-
56{-
57 (void)r;-
58 return ssl_undefined_function(ssl);
never executed: return ssl_undefined_function(ssl);
0
59}-
60-
61static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,-
62 unsigned char *t)-
63{-
64 (void)r;-
65 (void)s;-
66 (void)t;-
67 return ssl_undefined_function(ssl);
never executed: return ssl_undefined_function(ssl);
0
68}-
69-
70static int ssl_undefined_function_6(int r)-
71{-
72 (void)r;-
73 return ssl_undefined_function(NULL);
never executed: return ssl_undefined_function( ((void *)0) );
0
74}-
75-
76static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,-
77 const char *t, size_t u,-
78 const unsigned char *v, size_t w, int x)-
79{-
80 (void)r;-
81 (void)s;-
82 (void)t;-
83 (void)u;-
84 (void)v;-
85 (void)w;-
86 (void)x;-
87 return ssl_undefined_function(ssl);
never executed: return ssl_undefined_function(ssl);
0
88}-
89-
90SSL3_ENC_METHOD ssl3_undef_enc_method = {-
91 ssl_undefined_function_1,-
92 ssl_undefined_function_2,-
93 ssl_undefined_function,-
94 ssl_undefined_function_3,-
95 ssl_undefined_function_4,-
96 ssl_undefined_function_5,-
97 NULL, /* client_finished_label */-
98 0, /* client_finished_label_len */-
99 NULL, /* server_finished_label */-
100 0, /* server_finished_label_len */-
101 ssl_undefined_function_6,-
102 ssl_undefined_function_7,-
103};-
104-
105struct ssl_async_args {-
106 SSL *s;-
107 void *buf;-
108 size_t num;-
109 enum { READFUNC, WRITEFUNC, OTHERFUNC } type;-
110 union {-
111 int (*func_read) (SSL *, void *, size_t, size_t *);-
112 int (*func_write) (SSL *, const void *, size_t, size_t *);-
113 int (*func_other) (SSL *);-
114 } f;-
115};-
116-
117static const struct {-
118 uint8_t mtype;-
119 uint8_t ord;-
120 int nid;-
121} dane_mds[] = {-
122 {-
123 DANETLS_MATCHING_FULL, 0, NID_undef-
124 },-
125 {-
126 DANETLS_MATCHING_2256, 1, NID_sha256-
127 },-
128 {-
129 DANETLS_MATCHING_2512, 2, NID_sha512-
130 },-
131};-
132-
133static int dane_ctx_enable(struct dane_ctx_st *dctx)-
134{-
135 const EVP_MD **mdevp;-
136 uint8_t *mdord;-
137 uint8_t mdmax = DANETLS_MATCHING_LAST;-
138 int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */-
139 size_t i;-
140-
141 if (dctx->mdevp != NULL)
dctx->mdevp != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
142 return 1;
never executed: return 1;
0
143-
144 mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));-
145 mdord = OPENSSL_zalloc(n * sizeof(*mdord));-
146-
147 if (mdord == NULL || mdevp == NULL) {
mdord == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
mdevp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
148 OPENSSL_free(mdord);-
149 OPENSSL_free(mdevp);-
150 SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);-
151 return 0;
never executed: return 0;
0
152 }-
153-
154 /* Install default entries */-
155 for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
i < (sizeof(da...dane_mds)[0]))Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1-3
156 const EVP_MD *md;-
157-
158 if (dane_mds[i].nid == NID_undef ||
dane_mds[i].nid == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-2
159 (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
(md = EVP_get_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
160 continue;
executed 1 time by 1 test: continue;
Executed by:
  • libssl.so.1.1
1
161 mdevp[dane_mds[i].mtype] = md;-
162 mdord[dane_mds[i].mtype] = dane_mds[i].ord;-
163 }
executed 2 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2
164-
165 dctx->mdevp = mdevp;-
166 dctx->mdord = mdord;-
167 dctx->mdmax = mdmax;-
168-
169 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libssl.so.1.1
1
170}-
171-
172static void dane_ctx_final(struct dane_ctx_st *dctx)-
173{-
174 OPENSSL_free(dctx->mdevp);-
175 dctx->mdevp = NULL;-
176-
177 OPENSSL_free(dctx->mdord);-
178 dctx->mdord = NULL;-
179 dctx->mdmax = 0;-
180}
executed 8017 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8017
181-
182static void tlsa_free(danetls_record *t)-
183{-
184 if (t == NULL)
t == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
185 return;
never executed: return;
0
186 OPENSSL_free(t->data);-
187 EVP_PKEY_free(t->spki);-
188 OPENSSL_free(t);-
189}
executed 50 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
50
190-
191static void dane_final(SSL_DANE *dane)-
192{-
193 sk_danetls_record_pop_free(dane->trecs, tlsa_free);-
194 dane->trecs = NULL;-
195-
196 sk_X509_pop_free(dane->certs, X509_free);-
197 dane->certs = NULL;-
198-
199 X509_free(dane->mcert);-
200 dane->mcert = NULL;-
201 dane->mtlsa = NULL;-
202 dane->mdpth = -1;-
203 dane->pdpth = -1;-
204}
executed 8254 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8254
205-
206/*-
207 * dane_copy - Copy dane configuration, sans verification state.-
208 */-
209static int ssl_dane_dup(SSL *to, SSL *from)-
210{-
211 int num;-
212 int i;-
213-
214 if (!DANETLS_ENABLED(&from->dane))
(&from->dane) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
sk_danetls_rec...e)->trecs) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
215 return 1;
never executed: return 1;
0
216-
217 num = sk_danetls_record_num(from->dane.trecs);-
218 dane_final(&to->dane);-
219 to->dane.flags = from->dane.flags;-
220 to->dane.dctx = &to->ctx->dane;-
221 to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);-
222-
223 if (to->dane.trecs == NULL) {
to->dane.trecs == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
224 SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);-
225 return 0;
never executed: return 0;
0
226 }-
227-
228 for (i = 0; i < num; ++i) {
i < numDescription
TRUEnever evaluated
FALSEnever evaluated
0
229 danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);-
230-
231 if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
SSL_dane_tlsa_... t->dlen) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
232 t->data, t->dlen) <= 0)
SSL_dane_tlsa_... t->dlen) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
233 return 0;
never executed: return 0;
0
234 }
never executed: end of block
0
235 return 1;
never executed: return 1;
0
236}-
237-
238static int dane_mtype_set(struct dane_ctx_st *dctx,-
239 const EVP_MD *md, uint8_t mtype, uint8_t ord)-
240{-
241 int i;-
242-
243 if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
mtype == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
md != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-2
244 SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);-
245 return 0;
never executed: return 0;
0
246 }-
247-
248 if (mtype > dctx->mdmax) {
mtype > dctx->mdmaxDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
249 const EVP_MD **mdevp;-
250 uint8_t *mdord;-
251 int n = ((int)mtype) + 1;-
252-
253 mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));-
254 if (mdevp == NULL) {
mdevp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
255 SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);-
256 return -1;
never executed: return -1;
0
257 }-
258 dctx->mdevp = mdevp;-
259-
260 mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));-
261 if (mdord == NULL) {
mdord == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
262 SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);-
263 return -1;
never executed: return -1;
0
264 }-
265 dctx->mdord = mdord;-
266-
267 /* Zero-fill any gaps */-
268 for (i = dctx->mdmax + 1; i < mtype; ++i) {
i < mtypeDescription
TRUEnever evaluated
FALSEnever evaluated
0
269 mdevp[i] = NULL;-
270 mdord[i] = 0;-
271 }
never executed: end of block
0
272-
273 dctx->mdmax = mtype;-
274 }
never executed: end of block
0
275-
276 dctx->mdevp[mtype] = md;-
277 /* Coerce ordinal of disabled matching types to 0 */-
278 dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
(md == ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
279-
280 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
2
281}-
282-
283static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)-
284{-
285 if (mtype > dane->dctx->mdmax)
mtype > dane->dctx->mdmaxDescription
TRUEnever evaluated
FALSEevaluated 45 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-45
286 return NULL;
never executed: return ((void *)0) ;
0
287 return dane->dctx->mdevp[mtype];
executed 45 times by 1 test: return dane->dctx->mdevp[mtype];
Executed by:
  • libssl.so.1.1
45
288}-
289-
290static int dane_tlsa_add(SSL_DANE *dane,-
291 uint8_t usage,-
292 uint8_t selector,-
293 uint8_t mtype, unsigned const char *data, size_t dlen)-
294{-
295 danetls_record *t;-
296 const EVP_MD *md = NULL;-
297 int ilen = (int)dlen;-
298 int i;-
299 int num;-
300-
301 if (dane->trecs == NULL) {
dane->trecs == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
302 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);-
303 return -1;
never executed: return -1;
0
304 }-
305-
306 if (ilen < 0 || dlen != (size_t)ilen) {
ilen < 0Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
dlen != (size_t)ilenDescription
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
307 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);-
308 return 0;
never executed: return 0;
0
309 }-
310-
311 if (usage > DANETLS_USAGE_LAST) {
usage > 3Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
312 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);-
313 return 0;
never executed: return 0;
0
314 }-
315-
316 if (selector > DANETLS_SELECTOR_LAST) {
selector > 1Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
317 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);-
318 return 0;
never executed: return 0;
0
319 }-
320-
321 if (mtype != DANETLS_MATCHING_FULL) {
mtype != 0Description
TRUEevaluated 45 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-45
322 md = tlsa_md_get(dane, mtype);-
323 if (md == NULL) {
md == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 45 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-45
324 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);-
325 return 0;
never executed: return 0;
0
326 }-
327 }
executed 45 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
45
328-
329 if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
md != ((void *)0)Description
TRUEevaluated 45 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
dlen != (size_...VP_MD_size(md)Description
TRUEnever evaluated
FALSEevaluated 45 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-45
330 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);-
331 return 0;
never executed: return 0;
0
332 }-
333 if (!data) {
!dataDescription
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
334 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);-
335 return 0;
never executed: return 0;
0
336 }-
337-
338 if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
(t = CRYPTO_za...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
339 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);-
340 return -1;
never executed: return -1;
0
341 }-
342-
343 t->usage = usage;-
344 t->selector = selector;-
345 t->mtype = mtype;-
346 t->data = OPENSSL_malloc(dlen);-
347 if (t->data == NULL) {
t->data == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
348 tlsa_free(t);-
349 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);-
350 return -1;
never executed: return -1;
0
351 }-
352 memcpy(t->data, data, dlen);-
353 t->dlen = dlen;-
354-
355 /* Validate and cache full certificate or public key */-
356 if (mtype == DANETLS_MATCHING_FULL) {
mtype == 0Description
TRUEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 45 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-45
357 const unsigned char *p = data;-
358 X509 *cert = NULL;-
359 EVP_PKEY *pkey = NULL;-
360-
361 switch (selector) {-
362 case DANETLS_SELECTOR_CERT:
executed 3 times by 1 test: case 0:
Executed by:
  • libssl.so.1.1
3
363 if (!d2i_X509(&cert, &p, ilen) || p < data ||
!d2i_X509(&cert, &p, ilen)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
p < dataDescription
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
364 dlen != (size_t)(p - data)) {
dlen != (size_t)(p - data)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
365 tlsa_free(t);-
366 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);-
367 return 0;
never executed: return 0;
0
368 }-
369 if (X509_get0_pubkey(cert) == NULL) {
X509_get0_pubk...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
370 tlsa_free(t);-
371 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);-
372 return 0;
never executed: return 0;
0
373 }-
374-
375 if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
((((uint32_t)1... << 2)))) == 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
376 X509_free(cert);-
377 break;
never executed: break;
0
378 }-
379-
380 /*-
381 * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA-
382 * records that contain full certificates of trust-anchors that are-
383 * not present in the wire chain. For usage PKIX-TA(0), we augment-
384 * the chain with untrusted Full(0) certificates from DNS, in case-
385 * they are missing from the chain.-
386 */-
387 if ((dane->certs == NULL &&
dane->certs == ((void *)0)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3
388 (dane->certs = sk_X509_new_null()) == NULL) ||
(dane->certs =...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
389 !sk_X509_push(dane->certs, cert)) {
!sk_X509_push(...->certs, cert)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
390 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);-
391 X509_free(cert);-
392 tlsa_free(t);-
393 return -1;
never executed: return -1;
0
394 }-
395 break;
executed 3 times by 1 test: break;
Executed by:
  • libssl.so.1.1
3
396-
397 case DANETLS_SELECTOR_SPKI:
executed 2 times by 1 test: case 1:
Executed by:
  • libssl.so.1.1
2
398 if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
!d2i_PUBKEY(&pkey, &p, ilen)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
p < dataDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
399 dlen != (size_t)(p - data)) {
dlen != (size_t)(p - data)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
400 tlsa_free(t);-
401 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);-
402 return 0;
never executed: return 0;
0
403 }-
404-
405 /*-
406 * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA-
407 * records that contain full bare keys of trust-anchors that are-
408 * not present in the wire chain.-
409 */-
410 if (usage == DANETLS_USAGE_DANE_TA)
usage == 2Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2
411 t->spki = pkey;
executed 2 times by 1 test: t->spki = pkey;
Executed by:
  • libssl.so.1.1
2
412 else-
413 EVP_PKEY_free(pkey);
never executed: EVP_PKEY_free(pkey);
0
414 break;
executed 2 times by 1 test: break;
Executed by:
  • libssl.so.1.1
2
415 }-
416 }
executed 5 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
5
417-
418 /*--
419 * Find the right insertion point for the new record.-
420 *-
421 * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that-
422 * they can be processed first, as they require no chain building, and no-
423 * expiration or hostname checks. Because DANE-EE(3) is numerically-
424 * largest, this is accomplished via descending sort by "usage".-
425 *-
426 * We also sort in descending order by matching ordinal to simplify-
427 * the implementation of digest agility in the verification code.-
428 *-
429 * The choice of order for the selector is not significant, so we-
430 * use the same descending order for consistency.-
431 */-
432 num = sk_danetls_record_num(dane->trecs);-
433 for (i = 0; i < num; ++i) {
i < numDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-50
434 danetls_record *rec = sk_danetls_record_value(dane->trecs, i);-
435-
436 if (rec->usage > usage)
rec->usage > usageDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1
437 continue;
executed 1 time by 1 test: continue;
Executed by:
  • libssl.so.1.1
1
438 if (rec->usage < usage)
rec->usage < usageDescription
TRUEnever evaluated
FALSEnever evaluated
0
439 break;
never executed: break;
0
440 if (rec->selector > selector)
rec->selector > selectorDescription
TRUEnever evaluated
FALSEnever evaluated
0
441 continue;
never executed: continue;
0
442 if (rec->selector < selector)
rec->selector < selectorDescription
TRUEnever evaluated
FALSEnever evaluated
0
443 break;
never executed: break;
0
444 if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
dane->dctx->md...->mdord[mtype]Description
TRUEnever evaluated
FALSEnever evaluated
0
445 continue;
never executed: continue;
0
446 break;
never executed: break;
0
447 }-
448-
449 if (!sk_danetls_record_insert(dane->trecs, t, i)) {
!sk_danetls_re...->trecs, t, i)Description
TRUEnever evaluated
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-50
450 tlsa_free(t);-
451 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);-
452 return -1;
never executed: return -1;
0
453 }-
454 dane->umask |= DANETLS_USAGE_BIT(usage);-
455-
456 return 1;
executed 50 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
50
457}-
458-
459/*-
460 * Return 0 if there is only one version configured and it was disabled-
461 * at configure time. Return 1 otherwise.-
462 */-
463static int ssl_check_allowed_versions(int min_version, int max_version)-
464{-
465 int minisdtls = 0, maxisdtls = 0;-
466-
467 /* Figure out if we're doing DTLS versions or TLS versions */-
468 if (min_version == DTLS1_BAD_VER
min_version == 0x0100Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8536 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-8536
469 || min_version >> 8 == DTLS1_VERSION_MAJOR)
min_version >> 8 == 0xFEDescription
TRUEevaluated 112 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8424 times by 1 test
Evaluated by:
  • libssl.so.1.1
112-8424
470 minisdtls = 1;
executed 114 times by 1 test: minisdtls = 1;
Executed by:
  • libssl.so.1.1
114
471 if (max_version == DTLS1_BAD_VER
max_version == 0x0100Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8537 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-8537
472 || max_version >> 8 == DTLS1_VERSION_MAJOR)
max_version >> 8 == 0xFEDescription
TRUEevaluated 294 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8243 times by 1 test
Evaluated by:
  • libssl.so.1.1
294-8243
473 maxisdtls = 1;
executed 295 times by 1 test: maxisdtls = 1;
Executed by:
  • libssl.so.1.1
295
474 /* A wildcard version of 0 could be DTLS or TLS. */-
475 if ((minisdtls && !maxisdtls && max_version != 0)
minisdtlsDescription
TRUEevaluated 114 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8424 times by 1 test
Evaluated by:
  • libssl.so.1.1
!maxisdtlsDescription
TRUEevaluated 57 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 57 times by 1 test
Evaluated by:
  • libssl.so.1.1
max_version != 0Description
TRUEnever evaluated
FALSEevaluated 57 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-8424
476 || (maxisdtls && !minisdtls && min_version != 0)) {
maxisdtlsDescription
TRUEevaluated 295 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8243 times by 1 test
Evaluated by:
  • libssl.so.1.1
!minisdtlsDescription
TRUEevaluated 238 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 57 times by 1 test
Evaluated by:
  • libssl.so.1.1
min_version != 0Description
TRUEnever evaluated
FALSEevaluated 238 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-8243
477 /* Mixing DTLS and TLS versions will lead to sadness; deny it. */-
478 return 0;
never executed: return 0;
0
479 }-
480-
481 if (minisdtls || maxisdtls) {
minisdtlsDescription
TRUEevaluated 114 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8424 times by 1 test
Evaluated by:
  • libssl.so.1.1
maxisdtlsDescription
TRUEevaluated 238 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8186 times by 1 test
Evaluated by:
  • libssl.so.1.1
114-8424
482 /* Do DTLS version checks. */-
483 if (min_version == 0)
min_version == 0Description
TRUEevaluated 238 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 114 times by 1 test
Evaluated by:
  • libssl.so.1.1
114-238
484 /* Ignore DTLS1_BAD_VER */-
485 min_version = DTLS1_VERSION;
executed 238 times by 1 test: min_version = 0xFEFF;
Executed by:
  • libssl.so.1.1
238
486 if (max_version == 0)
max_version == 0Description
TRUEevaluated 57 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 295 times by 1 test
Evaluated by:
  • libssl.so.1.1
57-295
487 max_version = DTLS1_2_VERSION;
executed 57 times by 1 test: max_version = 0xFEFD;
Executed by:
  • libssl.so.1.1
57
488#ifdef OPENSSL_NO_DTLS1_2-
489 if (max_version == DTLS1_2_VERSION)-
490 max_version = DTLS1_VERSION;-
491#endif-
492#ifdef OPENSSL_NO_DTLS1-
493 if (min_version == DTLS1_VERSION)-
494 min_version = DTLS1_2_VERSION;-
495#endif-
496 /* Done massaging versions; do the check. */-
497 if (0-
498#ifdef OPENSSL_NO_DTLS1-
499 || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)-
500 && DTLS_VERSION_GE(DTLS1_VERSION, max_version))-
501#endif-
502#ifdef OPENSSL_NO_DTLS1_2-
503 || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)-
504 && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))-
505#endif-
506 )
dead code: return 0;
-
507 return 0;
dead code: return 0;
-
508 } else {
executed 352 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
352
509 /* Regular TLS version checks. */-
510 if (min_version == 0)
min_version == 0Description
TRUEevaluated 6336 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1850 times by 1 test
Evaluated by:
  • libssl.so.1.1
1850-6336
511 min_version = SSL3_VERSION;
executed 6336 times by 1 test: min_version = 0x0300;
Executed by:
  • libssl.so.1.1
6336
512 if (max_version == 0)
max_version == 0Description
TRUEevaluated 4969 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3217 times by 1 test
Evaluated by:
  • libssl.so.1.1
3217-4969
513 max_version = TLS1_3_VERSION;
executed 4969 times by 1 test: max_version = 0x0304;
Executed by:
  • libssl.so.1.1
4969
514#ifdef OPENSSL_NO_TLS1_3-
515 if (max_version == TLS1_3_VERSION)-
516 max_version = TLS1_2_VERSION;-
517#endif-
518#ifdef OPENSSL_NO_TLS1_2-
519 if (max_version == TLS1_2_VERSION)-
520 max_version = TLS1_1_VERSION;-
521#endif-
522#ifdef OPENSSL_NO_TLS1_1-
523 if (max_version == TLS1_1_VERSION)-
524 max_version = TLS1_VERSION;-
525#endif-
526#ifdef OPENSSL_NO_TLS1-
527 if (max_version == TLS1_VERSION)-
528 max_version = SSL3_VERSION;-
529#endif-
530#ifdef OPENSSL_NO_SSL3-
531 if (min_version == SSL3_VERSION)
min_version == 0x0300Description
TRUEevaluated 6384 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1802 times by 1 test
Evaluated by:
  • libssl.so.1.1
1802-6384
532 min_version = TLS1_VERSION;
executed 6384 times by 1 test: min_version = 0x0301;
Executed by:
  • libssl.so.1.1
6384
533#endif-
534#ifdef OPENSSL_NO_TLS1-
535 if (min_version == TLS1_VERSION)-
536 min_version = TLS1_1_VERSION;-
537#endif-
538#ifdef OPENSSL_NO_TLS1_1-
539 if (min_version == TLS1_1_VERSION)-
540 min_version = TLS1_2_VERSION;-
541#endif-
542#ifdef OPENSSL_NO_TLS1_2-
543 if (min_version == TLS1_2_VERSION)-
544 min_version = TLS1_3_VERSION;-
545#endif-
546 /* Done massaging versions; do the check. */-
547 if (0-
548#ifdef OPENSSL_NO_SSL3-
549 || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
min_version <= 0x0300Description
TRUEnever evaluated
FALSEevaluated 8186 times by 1 test
Evaluated by:
  • libssl.so.1.1
0x0300 <= max_versionDescription
TRUEnever evaluated
FALSEnever evaluated
0-8186
550#endif-
551#ifdef OPENSSL_NO_TLS1-
552 || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)-
553#endif-
554#ifdef OPENSSL_NO_TLS1_1-
555 || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)-
556#endif-
557#ifdef OPENSSL_NO_TLS1_2-
558 || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)-
559#endif-
560#ifdef OPENSSL_NO_TLS1_3-
561 || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)-
562#endif-
563 )-
564 return 0;
never executed: return 0;
0
565 }
executed 8186 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
8186
566 return 1;
executed 8538 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
8538
567}-
568-
569static void clear_ciphers(SSL *s)-
570{-
571 /* clear the current cipher */-
572 ssl_clear_cipher_ctx(s);-
573 ssl_clear_hash_ctx(&s->read_hash);-
574 ssl_clear_hash_ctx(&s->write_hash);-
575}
executed 32630 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
32630
576-
577int SSL_clear(SSL *s)-
578{-
579 if (s->method == NULL) {
s->method == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 16269 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-16269
580 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);-
581 return 0;
never executed: return 0;
0
582 }-
583-
584 if (ssl_clear_bad_session(s)) {
ssl_clear_bad_session(s)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 16266 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
3-16266
585 SSL_SESSION_free(s->session);-
586 s->session = NULL;-
587 }
executed 3 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3
588 SSL_SESSION_free(s->psksession);-
589 s->psksession = NULL;-
590 OPENSSL_free(s->psksession_id);-
591 s->psksession_id = NULL;-
592 s->psksession_id_len = 0;-
593 s->hello_retry_request = 0;-
594 s->sent_tickets = 0;-
595-
596 s->error = 0;-
597 s->hit = 0;-
598 s->shutdown = 0;-
599-
600 if (s->renegotiate) {
s->renegotiateDescription
TRUEnever evaluated
FALSEevaluated 16269 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-16269
601 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);-
602 return 0;
never executed: return 0;
0
603 }-
604-
605 ossl_statem_clear(s);-
606-
607 s->version = s->method->version;-
608 s->client_version = s->version;-
609 s->rwstate = SSL_NOTHING;-
610-
611 BUF_MEM_free(s->init_buf);-
612 s->init_buf = NULL;-
613 clear_ciphers(s);-
614 s->first_packet = 0;-
615-
616 s->key_update = SSL_KEY_UPDATE_NONE;-
617-
618 EVP_MD_CTX_free(s->pha_dgst);-
619 s->pha_dgst = NULL;-
620-
621 /* Reset DANE verification result state */-
622 s->dane.mdpth = -1;-
623 s->dane.pdpth = -1;-
624 X509_free(s->dane.mcert);-
625 s->dane.mcert = NULL;-
626 s->dane.mtlsa = NULL;-
627-
628 /* Clear the verification result peername */-
629 X509_VERIFY_PARAM_move_peername(s->param, NULL);-
630-
631 /*-
632 * Check to see if we were changed into a different method, if so, revert-
633 * back.-
634 */-
635 if (s->method != s->ctx->method) {
s->method != s->ctx->methodDescription
TRUEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 16234 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
35-16234
636 s->method->ssl_free(s);-
637 s->method = s->ctx->method;-
638 if (!s->method->ssl_new(s))
!s->method->ssl_new(s)Description
TRUEnever evaluated
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-35
639 return 0;
never executed: return 0;
0
640 } else {
executed 35 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
35
641 if (!s->method->ssl_clear(s))
!s->method->ssl_clear(s)Description
TRUEnever evaluated
FALSEevaluated 16234 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-16234
642 return 0;
never executed: return 0;
0
643 }
executed 16234 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
16234
644-
645 RECORD_LAYER_clear(&s->rlayer);-
646-
647 return 1;
executed 16269 times by 2 tests: return 1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
16269
648}-
649-
650/** Used to change an SSL_CTXs default SSL method type */-
651int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)-
652{-
653 STACK_OF(SSL_CIPHER) *sk;-
654-
655 ctx->method = meth;-
656-
657 if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
!SSL_CTX_set_c...8_GCM_SHA256")Description
TRUEnever evaluated
FALSEnever evaluated
0
658 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);-
659 return 0;
never executed: return 0;
0
660 }-
661 sk = ssl_create_cipher_list(ctx->method,-
662 ctx->tls13_ciphersuites,-
663 &(ctx->cipher_list),-
664 &(ctx->cipher_list_by_id),-
665 SSL_DEFAULT_CIPHER_LIST, ctx->cert);-
666 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
(sk == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
(sk_SSL_CIPHER_num(sk) <= 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
667 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);-
668 return 0;
never executed: return 0;
0
669 }-
670 return 1;
never executed: return 1;
0
671}-
672-
673SSL *SSL_new(SSL_CTX *ctx)-
674{-
675 SSL *s;-
676-
677 if (ctx == NULL) {
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
678 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);-
679 return NULL;
never executed: return ((void *)0) ;
0
680 }-
681 if (ctx->method == NULL) {
ctx->method == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
682 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);-
683 return NULL;
never executed: return ((void *)0) ;
0
684 }-
685-
686 s = OPENSSL_zalloc(sizeof(*s));-
687 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
688 goto err;
never executed: goto err;
0
689-
690 s->references = 1;-
691 s->lock = CRYPTO_THREAD_lock_new();-
692 if (s->lock == NULL) {
s->lock == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
693 OPENSSL_free(s);-
694 s = NULL;-
695 goto err;
never executed: goto err;
0
696 }-
697-
698 RECORD_LAYER_init(&s->rlayer, s);-
699-
700 s->options = ctx->options;-
701 s->dane.flags = ctx->dane.flags;-
702 s->min_proto_version = ctx->min_proto_version;-
703 s->max_proto_version = ctx->max_proto_version;-
704 s->mode = ctx->mode;-
705 s->max_cert_list = ctx->max_cert_list;-
706 s->max_early_data = ctx->max_early_data;-
707 s->recv_max_early_data = ctx->recv_max_early_data;-
708 s->num_tickets = ctx->num_tickets;-
709 s->pha_enabled = ctx->pha_enabled;-
710-
711 /* Shallow copy of the ciphersuites stack */-
712 s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);-
713 if (s->tls13_ciphersuites == NULL)
s->tls13_ciphe...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
714 goto err;
never executed: goto err;
0
715-
716 /*-
717 * Earlier library versions used to copy the pointer to the CERT, not-
718 * its contents; only when setting new parameters for the per-SSL-
719 * copy, ssl_cert_new would be called (and the direct reference to-
720 * the per-SSL_CTX settings would be lost, but those still were-
721 * indirectly accessed for various purposes, and for that reason they-
722 * used to be known as s->ctx->default_cert). Now we don't look at the-
723 * SSL_CTX's CERT after having duplicated it once.-
724 */-
725 s->cert = ssl_cert_dup(ctx->cert);-
726 if (s->cert == NULL)
s->cert == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
727 goto err;
never executed: goto err;
0
728-
729 RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);-
730 s->msg_callback = ctx->msg_callback;-
731 s->msg_callback_arg = ctx->msg_callback_arg;-
732 s->verify_mode = ctx->verify_mode;-
733 s->not_resumable_session_cb = ctx->not_resumable_session_cb;-
734 s->record_padding_cb = ctx->record_padding_cb;-
735 s->record_padding_arg = ctx->record_padding_arg;-
736 s->block_padding = ctx->block_padding;-
737 s->sid_ctx_length = ctx->sid_ctx_length;-
738 if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
!((s->sid_ctx_...id_ctx)) != 0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
739 goto err;
never executed: goto err;
0
740 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));-
741 s->verify_callback = ctx->default_verify_callback;-
742 s->generate_session_id = ctx->generate_session_id;-
743-
744 s->param = X509_VERIFY_PARAM_new();-
745 if (s->param == NULL)
s->param == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
746 goto err;
never executed: goto err;
0
747 X509_VERIFY_PARAM_inherit(s->param, ctx->param);-
748 s->quiet_shutdown = ctx->quiet_shutdown;-
749-
750 s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;-
751 s->max_send_fragment = ctx->max_send_fragment;-
752 s->split_send_fragment = ctx->split_send_fragment;-
753 s->max_pipelines = ctx->max_pipelines;-
754 if (s->max_pipelines > 1)
s->max_pipelines > 1Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
755 RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
never executed: ((&s->rlayer)->read_ahead = (1));
0
756 if (ctx->default_read_buf_len > 0)
ctx->default_read_buf_len > 0Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
757 SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
never executed: SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
0
758-
759 SSL_CTX_up_ref(ctx);-
760 s->ctx = ctx;-
761 s->ext.debug_cb = 0;-
762 s->ext.debug_arg = NULL;-
763 s->ext.ticket_expected = 0;-
764 s->ext.status_type = ctx->ext.status_type;-
765 s->ext.status_expected = 0;-
766 s->ext.ocsp.ids = NULL;-
767 s->ext.ocsp.exts = NULL;-
768 s->ext.ocsp.resp = NULL;-
769 s->ext.ocsp.resp_len = 0;-
770 SSL_CTX_up_ref(ctx);-
771 s->session_ctx = ctx;-
772#ifndef OPENSSL_NO_EC-
773 if (ctx->ext.ecpointformats) {
ctx->ext.ecpointformatsDescription
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
774 s->ext.ecpointformats =-
775 OPENSSL_memdup(ctx->ext.ecpointformats,-
776 ctx->ext.ecpointformats_len);-
777 if (!s->ext.ecpointformats)
!s->ext.ecpointformatsDescription
TRUEnever evaluated
FALSEnever evaluated
0
778 goto err;
never executed: goto err;
0
779 s->ext.ecpointformats_len =-
780 ctx->ext.ecpointformats_len;-
781 }
never executed: end of block
0
782 if (ctx->ext.supportedgroups) {
ctx->ext.supportedgroupsDescription
TRUEevaluated 101 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8153 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
101-8153
783 s->ext.supportedgroups =-
784 OPENSSL_memdup(ctx->ext.supportedgroups,-
785 ctx->ext.supportedgroups_len-
786 * sizeof(*ctx->ext.supportedgroups));-
787 if (!s->ext.supportedgroups)
!s->ext.supportedgroupsDescription
TRUEnever evaluated
FALSEevaluated 101 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-101
788 goto err;
never executed: goto err;
0
789 s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;-
790 }
executed 101 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
101
791#endif-
792#ifndef OPENSSL_NO_NEXTPROTONEG-
793 s->ext.npn = NULL;-
794#endif-
795-
796 if (s->ctx->ext.alpn) {
s->ctx->ext.alpnDescription
TRUEevaluated 31 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8223 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
31-8223
797 s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);-
798 if (s->ext.alpn == NULL)
s->ext.alpn == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 31 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-31
799 goto err;
never executed: goto err;
0
800 memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);-
801 s->ext.alpn_len = s->ctx->ext.alpn_len;-
802 }
executed 31 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
31
803-
804 s->verified_chain = NULL;-
805 s->verify_result = X509_V_OK;-
806-
807 s->default_passwd_callback = ctx->default_passwd_callback;-
808 s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;-
809-
810 s->method = ctx->method;-
811-
812 s->key_update = SSL_KEY_UPDATE_NONE;-
813-
814 s->allow_early_data_cb = ctx->allow_early_data_cb;-
815 s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;-
816-
817 if (!s->method->ssl_new(s))
!s->method->ssl_new(s)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
818 goto err;
never executed: goto err;
0
819-
820 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
(ctx->method->...ined_function)Description
TRUEevaluated 1933 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6321 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
1933-6321
821-
822 if (!SSL_clear(s))
!SSL_clear(s)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
823 goto err;
never executed: goto err;
0
824-
825 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
!CRYPTO_new_ex..., &s->ex_data)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
826 goto err;
never executed: goto err;
0
827-
828#ifndef OPENSSL_NO_PSK-
829 s->psk_client_callback = ctx->psk_client_callback;-
830 s->psk_server_callback = ctx->psk_server_callback;-
831#endif-
832 s->psk_find_session_cb = ctx->psk_find_session_cb;-
833 s->psk_use_session_cb = ctx->psk_use_session_cb;-
834-
835 s->job = NULL;-
836-
837#ifndef OPENSSL_NO_CT-
838 if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
!SSL_set_ct_va..._callback_arg)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
839 ctx->ct_validation_callback_arg))
!SSL_set_ct_va..._callback_arg)Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
840 goto err;
never executed: goto err;
0
841#endif-
842-
843 return s;
executed 8254 times by 2 tests: return s;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8254
844 err:-
845 SSL_free(s);-
846 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);-
847 return NULL;
never executed: return ((void *)0) ;
0
848}-
849-
850int SSL_is_dtls(const SSL *s)-
851{-
852 return SSL_IS_DTLS(s) ? 1 : 0;
executed 2042 times by 1 test: return (s->method->ssl3_enc->enc_flags & 0x8) ? 1 : 0;
Executed by:
  • libssl.so.1.1
(s->method->ss...c_flags & 0x8)Description
TRUEevaluated 124 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1918 times by 1 test
Evaluated by:
  • libssl.so.1.1
124-2042
853}-
854-
855int SSL_up_ref(SSL *s)-
856{-
857 int i;-
858-
859 if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
CRYPTO_UP_REF(... s->lock) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
860 return 0;
never executed: return 0;
0
861-
862 REF_PRINT_COUNT("SSL", s);-
863 REF_ASSERT_ISNT(i < 2);-
864 return ((i > 1) ? 1 : 0);
never executed: return ((i > 1) ? 1 : 0);
(i > 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
865}-
866-
867int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,-
868 unsigned int sid_ctx_len)-
869{-
870 if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
sid_ctx_len > ...(ctx->sid_ctx)Description
TRUEnever evaluated
FALSEevaluated 439 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-439
871 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,-
872 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);-
873 return 0;
never executed: return 0;
0
874 }-
875 ctx->sid_ctx_length = sid_ctx_len;-
876 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);-
877-
878 return 1;
executed 439 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
439
879}-
880-
881int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,-
882 unsigned int sid_ctx_len)-
883{-
884 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
sid_ctx_len > 32Description
TRUEnever evaluated
FALSEnever evaluated
0
885 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,-
886 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);-
887 return 0;
never executed: return 0;
0
888 }-
889 ssl->sid_ctx_length = sid_ctx_len;-
890 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);-
891-
892 return 1;
never executed: return 1;
0
893}-
894-
895int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)-
896{-
897 CRYPTO_THREAD_write_lock(ctx->lock);-
898 ctx->generate_session_id = cb;-
899 CRYPTO_THREAD_unlock(ctx->lock);-
900 return 1;
never executed: return 1;
0
901}-
902-
903int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)-
904{-
905 CRYPTO_THREAD_write_lock(ssl->lock);-
906 ssl->generate_session_id = cb;-
907 CRYPTO_THREAD_unlock(ssl->lock);-
908 return 1;
never executed: return 1;
0
909}-
910-
911int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,-
912 unsigned int id_len)-
913{-
914 /*-
915 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how-
916 * we can "construct" a session to give us the desired check - i.e. to-
917 * find if there's a session in the hash table that would conflict with-
918 * any new session built out of this id/id_len and the ssl_version in use-
919 * by this SSL.-
920 */-
921 SSL_SESSION r, *p;-
922-
923 if (id_len > sizeof(r.session_id))
id_len > sizeof(r.session_id)Description
TRUEnever evaluated
FALSEevaluated 3372 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3372
924 return 0;
never executed: return 0;
0
925-
926 r.ssl_version = ssl->version;-
927 r.session_id_length = id_len;-
928 memcpy(r.session_id, id, id_len);-
929-
930 CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);-
931 p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);-
932 CRYPTO_THREAD_unlock(ssl->session_ctx->lock);-
933 return (p != NULL);
executed 3372 times by 1 test: return (p != ((void *)0) );
Executed by:
  • libssl.so.1.1
3372
934}-
935-
936int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)-
937{-
938 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
never executed: return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
0
939}-
940-
941int SSL_set_purpose(SSL *s, int purpose)-
942{-
943 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
never executed: return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
0
944}-
945-
946int SSL_CTX_set_trust(SSL_CTX *s, int trust)-
947{-
948 return X509_VERIFY_PARAM_set_trust(s->param, trust);
never executed: return X509_VERIFY_PARAM_set_trust(s->param, trust);
0
949}-
950-
951int SSL_set_trust(SSL *s, int trust)-
952{-
953 return X509_VERIFY_PARAM_set_trust(s->param, trust);
never executed: return X509_VERIFY_PARAM_set_trust(s->param, trust);
0
954}-
955-
956int SSL_set1_host(SSL *s, const char *hostname)-
957{-
958 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
never executed: return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
0
959}-
960-
961int SSL_add1_host(SSL *s, const char *hostname)-
962{-
963 return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
never executed: return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
0
964}-
965-
966void SSL_set_hostflags(SSL *s, unsigned int flags)-
967{-
968 X509_VERIFY_PARAM_set_hostflags(s->param, flags);-
969}
never executed: end of block
0
970-
971const char *SSL_get0_peername(SSL *s)-
972{-
973 return X509_VERIFY_PARAM_get0_peername(s->param);
executed 53 times by 1 test: return X509_VERIFY_PARAM_get0_peername(s->param);
Executed by:
  • libssl.so.1.1
53
974}-
975-
976int SSL_CTX_dane_enable(SSL_CTX *ctx)-
977{-
978 return dane_ctx_enable(&ctx->dane);
executed 1 time by 1 test: return dane_ctx_enable(&ctx->dane);
Executed by:
  • libssl.so.1.1
1
979}-
980-
981unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)-
982{-
983 unsigned long orig = ctx->dane.flags;-
984-
985 ctx->dane.flags |= flags;-
986 return orig;
never executed: return orig;
0
987}-
988-
989unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)-
990{-
991 unsigned long orig = ctx->dane.flags;-
992-
993 ctx->dane.flags &= ~flags;-
994 return orig;
never executed: return orig;
0
995}-
996-
997int SSL_dane_enable(SSL *s, const char *basedomain)-
998{-
999 SSL_DANE *dane = &s->dane;-
1000-
1001 if (s->ctx->dane.mdmax == 0) {
s->ctx->dane.mdmax == 0Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-49
1002 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);-
1003 return 0;
never executed: return 0;
0
1004 }-
1005 if (dane->trecs != NULL) {
dane->trecs != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-49
1006 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);-
1007 return 0;
never executed: return 0;
0
1008 }-
1009-
1010 /*-
1011 * Default SNI name. This rejects empty names, while set1_host below-
1012 * accepts them and disables host name checks. To avoid side-effects with-
1013 * invalid input, set the SNI name first.-
1014 */-
1015 if (s->ext.hostname == NULL) {
s->ext.hostname == ((void *)0)Description
TRUEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-49
1016 if (!SSL_set_tlsext_host_name(s, basedomain)) {
!SSL_ctrl(s,55... *)basedomain)Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-49
1017 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);-
1018 return -1;
never executed: return -1;
0
1019 }-
1020 }
executed 49 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
49
1021-
1022 /* Primary RFC6125 reference identifier */-
1023 if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
!X509_VERIFY_P...basedomain, 0)Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-49
1024 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);-
1025 return -1;
never executed: return -1;
0
1026 }-
1027-
1028 dane->mdpth = -1;-
1029 dane->pdpth = -1;-
1030 dane->dctx = &s->ctx->dane;-
1031 dane->trecs = sk_danetls_record_new_null();-
1032-
1033 if (dane->trecs == NULL) {
dane->trecs == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-49
1034 SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);-
1035 return -1;
never executed: return -1;
0
1036 }-
1037 return 1;
executed 49 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
49
1038}-
1039-
1040unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)-
1041{-
1042 unsigned long orig = ssl->dane.flags;-
1043-
1044 ssl->dane.flags |= flags;-
1045 return orig;
executed 9 times by 1 test: return orig;
Executed by:
  • libssl.so.1.1
9
1046}-
1047-
1048unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)-
1049{-
1050 unsigned long orig = ssl->dane.flags;-
1051-
1052 ssl->dane.flags &= ~flags;-
1053 return orig;
never executed: return orig;
0
1054}-
1055-
1056int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)-
1057{-
1058 SSL_DANE *dane = &s->dane;-
1059-
1060 if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
(dane) != ((void *)0)Description
TRUEevaluated 242 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
sk_danetls_rec...e)->trecs) > 0Description
TRUEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 193 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->verify_result != 0Description
TRUEnever evaluated
FALSEevaluated 49 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-242
1061 return -1;
executed 193 times by 1 test: return -1;
Executed by:
  • libssl.so.1.1
193
1062 if (dane->mtlsa) {
dane->mtlsaDescription
TRUEevaluated 42 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libssl.so.1.1
7-42
1063 if (mcert)
mcertDescription
TRUEnever evaluated
FALSEevaluated 42 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-42
1064 *mcert = dane->mcert;
never executed: *mcert = dane->mcert;
0
1065 if (mspki)
mspkiDescription
TRUEnever evaluated
FALSEevaluated 42 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-42
1066 *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
never executed: *mspki = (dane->mcert == ((void *)0) ) ? dane->mtlsa->spki : ((void *)0) ;
(dane->mcert == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
1067 }
executed 42 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
42
1068 return dane->mdpth;
executed 49 times by 1 test: return dane->mdpth;
Executed by:
  • libssl.so.1.1
49
1069}-
1070-
1071int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,-
1072 uint8_t *mtype, unsigned const char **data, size_t *dlen)-
1073{-
1074 SSL_DANE *dane = &s->dane;-
1075-
1076 if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
(dane) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
sk_danetls_rec...e)->trecs) > 0Description
TRUEnever evaluated
FALSEnever evaluated
s->verify_result != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1077 return -1;
never executed: return -1;
0
1078 if (dane->mtlsa) {
dane->mtlsaDescription
TRUEnever evaluated
FALSEnever evaluated
0
1079 if (usage)
usageDescription
TRUEnever evaluated
FALSEnever evaluated
0
1080 *usage = dane->mtlsa->usage;
never executed: *usage = dane->mtlsa->usage;
0
1081 if (selector)
selectorDescription
TRUEnever evaluated
FALSEnever evaluated
0
1082 *selector = dane->mtlsa->selector;
never executed: *selector = dane->mtlsa->selector;
0
1083 if (mtype)
mtypeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1084 *mtype = dane->mtlsa->mtype;
never executed: *mtype = dane->mtlsa->mtype;
0
1085 if (data)
dataDescription
TRUEnever evaluated
FALSEnever evaluated
0
1086 *data = dane->mtlsa->data;
never executed: *data = dane->mtlsa->data;
0
1087 if (dlen)
dlenDescription
TRUEnever evaluated
FALSEnever evaluated
0
1088 *dlen = dane->mtlsa->dlen;
never executed: *dlen = dane->mtlsa->dlen;
0
1089 }
never executed: end of block
0
1090 return dane->mdpth;
never executed: return dane->mdpth;
0
1091}-
1092-
1093SSL_DANE *SSL_get0_dane(SSL *s)-
1094{-
1095 return &s->dane;
executed 49 times by 1 test: return &s->dane;
Executed by:
  • libssl.so.1.1
49
1096}-
1097-
1098int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,-
1099 uint8_t mtype, unsigned const char *data, size_t dlen)-
1100{-
1101 return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
executed 50 times by 1 test: return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
Executed by:
  • libssl.so.1.1
50
1102}-
1103-
1104int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,-
1105 uint8_t ord)-
1106{-
1107 return dane_mtype_set(&ctx->dane, md, mtype, ord);
executed 2 times by 1 test: return dane_mtype_set(&ctx->dane, md, mtype, ord);
Executed by:
  • libssl.so.1.1
2
1108}-
1109-
1110int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)-
1111{-
1112 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
never executed: return X509_VERIFY_PARAM_set1(ctx->param, vpm);
0
1113}-
1114-
1115int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)-
1116{-
1117 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
never executed: return X509_VERIFY_PARAM_set1(ssl->param, vpm);
0
1118}-
1119-
1120X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)-
1121{-
1122 return ctx->param;
never executed: return ctx->param;
0
1123}-
1124-
1125X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)-
1126{-
1127 return ssl->param;
executed 49 times by 1 test: return ssl->param;
Executed by:
  • libssl.so.1.1
49
1128}-
1129-
1130void SSL_certs_clear(SSL *s)-
1131{-
1132 ssl_cert_clear_certs(s->cert);-
1133}
never executed: end of block
0
1134-
1135void SSL_free(SSL *s)-
1136{-
1137 int i;-
1138-
1139 if (s == NULL)
s == ((void *)0)Description
TRUEevaluated 48 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
48-8254
1140 return;
executed 48 times by 1 test: return;
Executed by:
  • libssl.so.1.1
48
1141 CRYPTO_DOWN_REF(&s->references, &i, s->lock);-
1142 REF_PRINT_COUNT("SSL", s);-
1143 if (i > 0)
i > 0Description
TRUEnever evaluated
FALSEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8254
1144 return;
never executed: return;
0
1145 REF_ASSERT_ISNT(i < 0);-
1146-
1147 X509_VERIFY_PARAM_free(s->param);-
1148 dane_final(&s->dane);-
1149 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);-
1150-
1151 /* Ignore return value */-
1152 ssl_free_wbio_buffer(s);-
1153-
1154 BIO_free_all(s->wbio);-
1155 BIO_free_all(s->rbio);-
1156-
1157 BUF_MEM_free(s->init_buf);-
1158-
1159 /* add extra stuff */-
1160 sk_SSL_CIPHER_free(s->cipher_list);-
1161 sk_SSL_CIPHER_free(s->cipher_list_by_id);-
1162 sk_SSL_CIPHER_free(s->tls13_ciphersuites);-
1163-
1164 /* Make the next call work :-) */-
1165 if (s->session != NULL) {
s->session != ((void *)0)Description
TRUEevaluated 7144 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1110 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
1110-7144
1166 ssl_clear_bad_session(s);-
1167 SSL_SESSION_free(s->session);-
1168 }
executed 7144 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
7144
1169 SSL_SESSION_free(s->psksession);-
1170 OPENSSL_free(s->psksession_id);-
1171-
1172 clear_ciphers(s);-
1173-
1174 ssl_cert_free(s->cert);-
1175 /* Free up if allocated */-
1176-
1177 OPENSSL_free(s->ext.hostname);-
1178 SSL_CTX_free(s->session_ctx);-
1179#ifndef OPENSSL_NO_EC-
1180 OPENSSL_free(s->ext.ecpointformats);-
1181 OPENSSL_free(s->ext.supportedgroups);-
1182#endif /* OPENSSL_NO_EC */-
1183 sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);-
1184#ifndef OPENSSL_NO_OCSP-
1185 sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);-
1186#endif-
1187#ifndef OPENSSL_NO_CT-
1188 SCT_LIST_free(s->scts);-
1189 OPENSSL_free(s->ext.scts);-
1190#endif-
1191 OPENSSL_free(s->ext.ocsp.resp);-
1192 OPENSSL_free(s->ext.alpn);-
1193 OPENSSL_free(s->ext.tls13_cookie);-
1194 OPENSSL_free(s->clienthello);-
1195 OPENSSL_free(s->pha_context);-
1196 EVP_MD_CTX_free(s->pha_dgst);-
1197-
1198 sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);-
1199-
1200 sk_X509_pop_free(s->verified_chain, X509_free);-
1201-
1202 if (s->method != NULL)
s->method != ((void *)0)Description
TRUEevaluated 8254 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEnever evaluated
0-8254
1203 s->method->ssl_free(s);
executed 8254 times by 2 tests: s->method->ssl_free(s);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8254
1204-
1205 RECORD_LAYER_release(&s->rlayer);-
1206-
1207 SSL_CTX_free(s->ctx);-
1208-
1209 ASYNC_WAIT_CTX_free(s->waitctx);-
1210-
1211#if !defined(OPENSSL_NO_NEXTPROTONEG)-
1212 OPENSSL_free(s->ext.npn);-
1213#endif-
1214-
1215#ifndef OPENSSL_NO_SRTP-
1216 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);-
1217#endif-
1218-
1219 CRYPTO_THREAD_lock_free(s->lock);-
1220-
1221 OPENSSL_free(s);-
1222}
executed 8254 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8254
1223-
1224void SSL_set0_rbio(SSL *s, BIO *rbio)-
1225{-
1226 BIO_free_all(s->rbio);-
1227 s->rbio = rbio;-
1228}
executed 8403 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
8403
1229-
1230void SSL_set0_wbio(SSL *s, BIO *wbio)-
1231{-
1232 /*-
1233 * If the output buffering BIO is still in place, remove it-
1234 */-
1235 if (s->bbio != NULL)
s->bbio != ((void *)0)Description
TRUEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8395 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-8395
1236 s->wbio = BIO_pop(s->wbio);
executed 5 times by 1 test: s->wbio = BIO_pop(s->wbio);
Executed by:
  • libssl.so.1.1
5
1237-
1238 BIO_free_all(s->wbio);-
1239 s->wbio = wbio;-
1240-
1241 /* Re-attach |bbio| to the new |wbio|. */-
1242 if (s->bbio != NULL)
s->bbio != ((void *)0)Description
TRUEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8395 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-8395
1243 s->wbio = BIO_push(s->bbio, s->wbio);
executed 5 times by 1 test: s->wbio = BIO_push(s->bbio, s->wbio);
Executed by:
  • libssl.so.1.1
5
1244}
executed 8400 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
8400
1245-
1246void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)-
1247{-
1248 /*-
1249 * For historical reasons, this function has many different cases in-
1250 * ownership handling.-
1251 */-
1252-
1253 /* If nothing has changed, do nothing */-
1254 if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
rbio == SSL_get_rbio(s)Description
TRUEevaluated 27 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8384 times by 1 test
Evaluated by:
  • libssl.so.1.1
wbio == SSL_get_wbio(s)Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 18 times by 1 test
Evaluated by:
  • libssl.so.1.1
9-8384
1255 return;
executed 9 times by 1 test: return;
Executed by:
  • libssl.so.1.1
9
1256-
1257 /*-
1258 * If the two arguments are equal then one fewer reference is granted by the-
1259 * caller than we want to take-
1260 */-
1261 if (rbio != NULL && rbio == wbio)
rbio != ((void *)0)Description
TRUEevaluated 8346 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 56 times by 1 test
Evaluated by:
  • libssl.so.1.1
rbio == wbioDescription
TRUEevaluated 514 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 7832 times by 1 test
Evaluated by:
  • libssl.so.1.1
56-8346
1262 BIO_up_ref(rbio);
executed 514 times by 1 test: BIO_up_ref(rbio);
Executed by:
  • libssl.so.1.1
514
1263-
1264 /*-
1265 * If only the wbio is changed only adopt one reference.-
1266 */-
1267 if (rbio == SSL_get_rbio(s)) {
rbio == SSL_get_rbio(s)Description
TRUEevaluated 18 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8384 times by 1 test
Evaluated by:
  • libssl.so.1.1
18-8384
1268 SSL_set0_wbio(s, wbio);-
1269 return;
executed 18 times by 1 test: return;
Executed by:
  • libssl.so.1.1
18
1270 }-
1271 /*-
1272 * There is an asymmetry here for historical reasons. If only the rbio is-
1273 * changed AND the rbio and wbio were originally different, then we only-
1274 * adopt one reference.-
1275 */-
1276 if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
wbio == SSL_get_wbio(s)Description
TRUEevaluated 18 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8366 times by 1 test
Evaluated by:
  • libssl.so.1.1
SSL_get_rbio(s...SL_get_wbio(s)Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
6-8366
1277 SSL_set0_rbio(s, rbio);-
1278 return;
executed 12 times by 1 test: return;
Executed by:
  • libssl.so.1.1
12
1279 }-
1280-
1281 /* Otherwise, adopt both references. */-
1282 SSL_set0_rbio(s, rbio);-
1283 SSL_set0_wbio(s, wbio);-
1284}
executed 8372 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
8372
1285-
1286BIO *SSL_get_rbio(const SSL *s)-
1287{-
1288 return s->rbio;
executed 53084 times by 1 test: return s->rbio;
Executed by:
  • libssl.so.1.1
53084
1289}-
1290-
1291BIO *SSL_get_wbio(const SSL *s)-
1292{-
1293 if (s->bbio != NULL) {
s->bbio != ((void *)0)Description
TRUEevaluated 5500 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8621 times by 1 test
Evaluated by:
  • libssl.so.1.1
5500-8621
1294 /*-
1295 * If |bbio| is active, the true caller-configured BIO is its-
1296 * |next_bio|.-
1297 */-
1298 return BIO_next(s->bbio);
executed 5500 times by 1 test: return BIO_next(s->bbio);
Executed by:
  • libssl.so.1.1
5500
1299 }-
1300 return s->wbio;
executed 8621 times by 1 test: return s->wbio;
Executed by:
  • libssl.so.1.1
8621
1301}-
1302-
1303int SSL_get_fd(const SSL *s)-
1304{-
1305 return SSL_get_rfd(s);
executed 4156 times by 1 test: return SSL_get_rfd(s);
Executed by:
  • libssl.so.1.1
4156
1306}-
1307-
1308int SSL_get_rfd(const SSL *s)-
1309{-
1310 int ret = -1;-
1311 BIO *b, *r;-
1312-
1313 b = SSL_get_rbio(s);-
1314 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);-
1315 if (r != NULL)
r != ((void *)0)Description
TRUEevaluated 4156 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-4156
1316 BIO_get_fd(r, &ret);
executed 4156 times by 1 test: BIO_ctrl(r,105,0,(char *)(&ret));
Executed by:
  • libssl.so.1.1
4156
1317 return ret;
executed 4156 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
4156
1318}-
1319-
1320int SSL_get_wfd(const SSL *s)-
1321{-
1322 int ret = -1;-
1323 BIO *b, *r;-
1324-
1325 b = SSL_get_wbio(s);-
1326 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);-
1327 if (r != NULL)
r != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1328 BIO_get_fd(r, &ret);
never executed: BIO_ctrl(r,105,0,(char *)(&ret));
0
1329 return ret;
never executed: return ret;
0
1330}-
1331-
1332#ifndef OPENSSL_NO_SOCK-
1333int SSL_set_fd(SSL *s, int fd)-
1334{-
1335 int ret = 0;-
1336 BIO *bio = NULL;-
1337-
1338 bio = BIO_new(BIO_s_socket());-
1339-
1340 if (bio == NULL) {
bio == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1341 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);-
1342 goto err;
never executed: goto err;
0
1343 }-
1344 BIO_set_fd(bio, fd, BIO_NOCLOSE);-
1345 SSL_set_bio(s, bio, bio);-
1346 ret = 1;-
1347 err:
code before this statement never executed: err:
0
1348 return ret;
never executed: return ret;
0
1349}-
1350-
1351int SSL_set_wfd(SSL *s, int fd)-
1352{-
1353 BIO *rbio = SSL_get_rbio(s);-
1354-
1355 if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
rbio == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
BIO_method_typ...0x0400|0x0100)Description
TRUEnever evaluated
FALSEnever evaluated
0
1356 || (int)BIO_get_fd(rbio, NULL) != fd) {
(int)BIO_ctrl(... *)0) )) != fdDescription
TRUEnever evaluated
FALSEnever evaluated
0
1357 BIO *bio = BIO_new(BIO_s_socket());-
1358-
1359 if (bio == NULL) {
bio == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1360 SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);-
1361 return 0;
never executed: return 0;
0
1362 }-
1363 BIO_set_fd(bio, fd, BIO_NOCLOSE);-
1364 SSL_set0_wbio(s, bio);-
1365 } else {
never executed: end of block
0
1366 BIO_up_ref(rbio);-
1367 SSL_set0_wbio(s, rbio);-
1368 }
never executed: end of block
0
1369 return 1;
never executed: return 1;
0
1370}-
1371-
1372int SSL_set_rfd(SSL *s, int fd)-
1373{-
1374 BIO *wbio = SSL_get_wbio(s);-
1375-
1376 if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
wbio == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
BIO_method_typ...0x0400|0x0100)Description
TRUEnever evaluated
FALSEnever evaluated
0
1377 || ((int)BIO_get_fd(wbio, NULL) != fd)) {
((int)BIO_ctrl...*)0) )) != fd)Description
TRUEnever evaluated
FALSEnever evaluated
0
1378 BIO *bio = BIO_new(BIO_s_socket());-
1379-
1380 if (bio == NULL) {
bio == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1381 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);-
1382 return 0;
never executed: return 0;
0
1383 }-
1384 BIO_set_fd(bio, fd, BIO_NOCLOSE);-
1385 SSL_set0_rbio(s, bio);-
1386 } else {
never executed: end of block
0
1387 BIO_up_ref(wbio);-
1388 SSL_set0_rbio(s, wbio);-
1389 }
never executed: end of block
0
1390-
1391 return 1;
never executed: return 1;
0
1392}-
1393#endif-
1394-
1395/* return length of latest Finished message we sent, copy to 'buf' */-
1396size_t SSL_get_finished(const SSL *s, void *buf, size_t count)-
1397{-
1398 size_t ret = 0;-
1399-
1400 if (s->s3 != NULL) {
s->s3 != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1401 ret = s->s3->tmp.finish_md_len;-
1402 if (count > ret)
count > retDescription
TRUEnever evaluated
FALSEnever evaluated
0
1403 count = ret;
never executed: count = ret;
0
1404 memcpy(buf, s->s3->tmp.finish_md, count);-
1405 }
never executed: end of block
0
1406 return ret;
never executed: return ret;
0
1407}-
1408-
1409/* return length of latest Finished message we expected, copy to 'buf' */-
1410size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)-
1411{-
1412 size_t ret = 0;-
1413-
1414 if (s->s3 != NULL) {
s->s3 != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1415 ret = s->s3->tmp.peer_finish_md_len;-
1416 if (count > ret)
count > retDescription
TRUEnever evaluated
FALSEnever evaluated
0
1417 count = ret;
never executed: count = ret;
0
1418 memcpy(buf, s->s3->tmp.peer_finish_md, count);-
1419 }
never executed: end of block
0
1420 return ret;
never executed: return ret;
0
1421}-
1422-
1423int SSL_get_verify_mode(const SSL *s)-
1424{-
1425 return s->verify_mode;
never executed: return s->verify_mode;
0
1426}-
1427-
1428int SSL_get_verify_depth(const SSL *s)-
1429{-
1430 return X509_VERIFY_PARAM_get_depth(s->param);
never executed: return X509_VERIFY_PARAM_get_depth(s->param);
0
1431}-
1432-
1433int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {-
1434 return s->verify_callback;
executed 49 times by 1 test: return s->verify_callback;
Executed by:
  • libssl.so.1.1
49
1435}-
1436-
1437int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)-
1438{-
1439 return ctx->verify_mode;
never executed: return ctx->verify_mode;
0
1440}-
1441-
1442int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)-
1443{-
1444 return X509_VERIFY_PARAM_get_depth(ctx->param);
never executed: return X509_VERIFY_PARAM_get_depth(ctx->param);
0
1445}-
1446-
1447int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {-
1448 return ctx->default_verify_callback;
never executed: return ctx->default_verify_callback;
0
1449}-
1450-
1451void SSL_set_verify(SSL *s, int mode,-
1452 int (*callback) (int ok, X509_STORE_CTX *ctx))-
1453{-
1454 s->verify_mode = mode;-
1455 if (callback != NULL)
callback != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 20 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-20
1456 s->verify_callback = callback;
never executed: s->verify_callback = callback;
0
1457}
executed 20 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
20
1458-
1459void SSL_set_verify_depth(SSL *s, int depth)-
1460{-
1461 X509_VERIFY_PARAM_set_depth(s->param, depth);-
1462}
never executed: end of block
0
1463-
1464void SSL_set_read_ahead(SSL *s, int yes)-
1465{-
1466 RECORD_LAYER_set_read_ahead(&s->rlayer, yes);-
1467}
never executed: end of block
0
1468-
1469int SSL_get_read_ahead(const SSL *s)-
1470{-
1471 return RECORD_LAYER_get_read_ahead(&s->rlayer);
never executed: return ((&s->rlayer)->read_ahead);
0
1472}-
1473-
1474int SSL_pending(const SSL *s)-
1475{-
1476 size_t pending = s->method->ssl_pending(s);-
1477-
1478 /*-
1479 * SSL_pending cannot work properly if read-ahead is enabled-
1480 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is-
1481 * impossible to fix since SSL_pending cannot report errors that may be-
1482 * observed while scanning the new data. (Note that SSL_pending() is-
1483 * often used as a boolean value, so we'd better not return -1.)-
1484 *-
1485 * SSL_pending also cannot work properly if the value >INT_MAX. In that case-
1486 * we just return INT_MAX.-
1487 */-
1488 return pending < INT_MAX ? (int)pending : INT_MAX;
executed 1570 times by 1 test: return pending < 0x7fffffff ? (int)pending : 0x7fffffff;
Executed by:
  • libssl.so.1.1
pending < 0x7fffffffDescription
TRUEevaluated 1570 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1570
1489}-
1490-
1491int SSL_has_pending(const SSL *s)-
1492{-
1493 /*-
1494 * Similar to SSL_pending() but returns a 1 to indicate that we have-
1495 * unprocessed data available or 0 otherwise (as opposed to the number of-
1496 * bytes available). Unlike SSL_pending() this will take into account-
1497 * read_ahead data. A 1 return simply indicates that we have unprocessed-
1498 * data. That data may not result in any application data, or we may fail-
1499 * to parse the records for some reason.-
1500 */-
1501 if (RECORD_LAYER_processed_read_pending(&s->rlayer))
RECORD_LAYER_p...ng(&s->rlayer)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 569 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-569
1502 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
2
1503-
1504 return RECORD_LAYER_read_pending(&s->rlayer);
executed 569 times by 1 test: return RECORD_LAYER_read_pending(&s->rlayer);
Executed by:
  • libssl.so.1.1
569
1505}-
1506-
1507X509 *SSL_get_peer_certificate(const SSL *s)-
1508{-
1509 X509 *r;-
1510-
1511 if ((s == NULL) || (s->session == NULL))
(s == ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 2877 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s->session == ((void *)0) )Description
TRUEevaluated 260 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2617 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2877
1512 r = NULL;
executed 260 times by 1 test: r = ((void *)0) ;
Executed by:
  • libssl.so.1.1
260
1513 else-
1514 r = s->session->peer;
executed 2617 times by 1 test: r = s->session->peer;
Executed by:
  • libssl.so.1.1
2617
1515-
1516 if (r == NULL)
r == ((void *)0)Description
TRUEevaluated 1614 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1263 times by 1 test
Evaluated by:
  • libssl.so.1.1
1263-1614
1517 return r;
executed 1614 times by 1 test: return r;
Executed by:
  • libssl.so.1.1
1614
1518-
1519 X509_up_ref(r);-
1520-
1521 return r;
executed 1263 times by 1 test: return r;
Executed by:
  • libssl.so.1.1
1263
1522}-
1523-
1524STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)-
1525{-
1526 STACK_OF(X509) *r;-
1527-
1528 if ((s == NULL) || (s->session == NULL))
(s == ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 191 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s->session == ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 191 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-191
1529 r = NULL;
never executed: r = ((void *)0) ;
0
1530 else-
1531 r = s->session->peer_chain;
executed 191 times by 1 test: r = s->session->peer_chain;
Executed by:
  • libssl.so.1.1
191
1532-
1533 /*-
1534 * If we are a client, cert_chain includes the peer's own certificate; if-
1535 * we are a server, it does not.-
1536 */-
1537-
1538 return r;
executed 191 times by 1 test: return r;
Executed by:
  • libssl.so.1.1
191
1539}-
1540-
1541/*-
1542 * Now in theory, since the calling process own 't' it should be safe to-
1543 * modify. We need to be able to read f without being hassled-
1544 */-
1545int SSL_copy_session_id(SSL *t, const SSL *f)-
1546{-
1547 int i;-
1548 /* Do we need to to SSL locking? */-
1549 if (!SSL_set_session(t, SSL_get_session(f))) {
!SSL_set_sessi...et_session(f))Description
TRUEnever evaluated
FALSEnever evaluated
0
1550 return 0;
never executed: return 0;
0
1551 }-
1552-
1553 /*-
1554 * what if we are setup for one protocol version but want to talk another-
1555 */-
1556 if (t->method != f->method) {
t->method != f->methodDescription
TRUEnever evaluated
FALSEnever evaluated
0
1557 t->method->ssl_free(t);-
1558 t->method = f->method;-
1559 if (t->method->ssl_new(t) == 0)
t->method->ssl_new(t) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1560 return 0;
never executed: return 0;
0
1561 }
never executed: end of block
0
1562-
1563 CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);-
1564 ssl_cert_free(t->cert);-
1565 t->cert = f->cert;-
1566 if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
!SSL_set_sessi...id_ctx_length)Description
TRUEnever evaluated
FALSEnever evaluated
0
1567 return 0;
never executed: return 0;
0
1568 }-
1569-
1570 return 1;
never executed: return 1;
0
1571}-
1572-
1573/* Fix this so it checks all the valid key/cert options */-
1574int SSL_CTX_check_private_key(const SSL_CTX *ctx)-
1575{-
1576 if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
(ctx == ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 515 times by 1 test
Evaluated by:
  • libssl.so.1.1
(ctx->cert->ke... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 515 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-515
1577 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);-
1578 return 0;
never executed: return 0;
0
1579 }-
1580 if (ctx->cert->key->privatekey == NULL) {
ctx->cert->key...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 515 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-515
1581 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);-
1582 return 0;
never executed: return 0;
0
1583 }-
1584 return X509_check_private_key
executed 515 times by 1 test: return X509_check_private_key (ctx->cert->key->x509, ctx->cert->key->privatekey);
Executed by:
  • libssl.so.1.1
515
1585 (ctx->cert->key->x509, ctx->cert->key->privatekey);
executed 515 times by 1 test: return X509_check_private_key (ctx->cert->key->x509, ctx->cert->key->privatekey);
Executed by:
  • libssl.so.1.1
515
1586}-
1587-
1588/* Fix this function so that it takes an optional type parameter */-
1589int SSL_check_private_key(const SSL *ssl)-
1590{-
1591 if (ssl == NULL) {
ssl == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
1592 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);-
1593 return 0;
never executed: return 0;
0
1594 }-
1595 if (ssl->cert->key->x509 == NULL) {
ssl->cert->key...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
1596 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);-
1597 return 0;
never executed: return 0;
0
1598 }-
1599 if (ssl->cert->key->privatekey == NULL) {
ssl->cert->key...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
1600 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);-
1601 return 0;
never executed: return 0;
0
1602 }-
1603 return X509_check_private_key(ssl->cert->key->x509,
executed 2 times by 1 test: return X509_check_private_key(ssl->cert->key->x509, ssl->cert->key->privatekey);
Executed by:
  • libssl.so.1.1
2
1604 ssl->cert->key->privatekey);
executed 2 times by 1 test: return X509_check_private_key(ssl->cert->key->x509, ssl->cert->key->privatekey);
Executed by:
  • libssl.so.1.1
2
1605}-
1606-
1607int SSL_waiting_for_async(SSL *s)-
1608{-
1609 if (s->job)
s->jobDescription
TRUEnever evaluated
FALSEnever evaluated
0
1610 return 1;
never executed: return 1;
0
1611-
1612 return 0;
never executed: return 0;
0
1613}-
1614-
1615int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)-
1616{-
1617 ASYNC_WAIT_CTX *ctx = s->waitctx;-
1618-
1619 if (ctx == NULL)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1620 return 0;
never executed: return 0;
0
1621 return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
never executed: return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
0
1622}-
1623-
1624int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,-
1625 OSSL_ASYNC_FD *delfd, size_t *numdelfds)-
1626{-
1627 ASYNC_WAIT_CTX *ctx = s->waitctx;-
1628-
1629 if (ctx == NULL)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1630 return 0;
never executed: return 0;
0
1631 return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
never executed: return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, numdelfds);
0
1632 numdelfds);
never executed: return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, numdelfds);
0
1633}-
1634-
1635int SSL_accept(SSL *s)-
1636{-
1637 if (s->handshake_func == NULL) {
s->handshake_f...== ((void *)0)Description
TRUEevaluated 414 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 7144 times by 1 test
Evaluated by:
  • libssl.so.1.1
414-7144
1638 /* Not properly initialized yet */-
1639 SSL_set_accept_state(s);-
1640 }
executed 414 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
414
1641-
1642 return SSL_do_handshake(s);
executed 7558 times by 1 test: return SSL_do_handshake(s);
Executed by:
  • libssl.so.1.1
7558
1643}-
1644-
1645int SSL_connect(SSL *s)-
1646{-
1647 if (s->handshake_func == NULL) {
s->handshake_f...== ((void *)0)Description
TRUEevaluated 402 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6538 times by 1 test
Evaluated by:
  • libssl.so.1.1
402-6538
1648 /* Not properly initialized yet */-
1649 SSL_set_connect_state(s);-
1650 }
executed 402 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
402
1651-
1652 return SSL_do_handshake(s);
executed 6940 times by 1 test: return SSL_do_handshake(s);
Executed by:
  • libssl.so.1.1
6940
1653}-
1654-
1655long SSL_get_default_timeout(const SSL *s)-
1656{-
1657 return s->method->get_timeout();
never executed: return s->method->get_timeout();
0
1658}-
1659-
1660static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,-
1661 int (*func) (void *))-
1662{-
1663 int ret;-
1664 if (s->waitctx == NULL) {
s->waitctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1665 s->waitctx = ASYNC_WAIT_CTX_new();-
1666 if (s->waitctx == NULL)
s->waitctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1667 return -1;
never executed: return -1;
0
1668 }
never executed: end of block
0
1669 switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,-
1670 sizeof(struct ssl_async_args))) {-
1671 case ASYNC_ERR:
never executed: case 0:
0
1672 s->rwstate = SSL_NOTHING;-
1673 SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);-
1674 return -1;
never executed: return -1;
0
1675 case ASYNC_PAUSE:
never executed: case 2:
0
1676 s->rwstate = SSL_ASYNC_PAUSED;-
1677 return -1;
never executed: return -1;
0
1678 case ASYNC_NO_JOBS:
never executed: case 1:
0
1679 s->rwstate = SSL_ASYNC_NO_JOBS;-
1680 return -1;
never executed: return -1;
0
1681 case ASYNC_FINISH:
never executed: case 3:
0
1682 s->job = NULL;-
1683 return ret;
never executed: return ret;
0
1684 default:
never executed: default:
0
1685 s->rwstate = SSL_NOTHING;-
1686 SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);-
1687 /* Shouldn't happen */-
1688 return -1;
never executed: return -1;
0
1689 }-
1690}-
1691-
1692static int ssl_io_intern(void *vargs)-
1693{-
1694 struct ssl_async_args *args;-
1695 SSL *s;-
1696 void *buf;-
1697 size_t num;-
1698-
1699 args = (struct ssl_async_args *)vargs;-
1700 s = args->s;-
1701 buf = args->buf;-
1702 num = args->num;-
1703 switch (args->type) {-
1704 case READFUNC:
never executed: case READFUNC:
0
1705 return args->f.func_read(s, buf, num, &s->asyncrw);
never executed: return args->f.func_read(s, buf, num, &s->asyncrw);
0
1706 case WRITEFUNC:
never executed: case WRITEFUNC:
0
1707 return args->f.func_write(s, buf, num, &s->asyncrw);
never executed: return args->f.func_write(s, buf, num, &s->asyncrw);
0
1708 case OTHERFUNC:
never executed: case OTHERFUNC:
0
1709 return args->f.func_other(s);
never executed: return args->f.func_other(s);
0
1710 }-
1711 return -1;
never executed: return -1;
0
1712}-
1713-
1714int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)-
1715{-
1716 if (s->handshake_func == NULL) {
s->handshake_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 21656 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-21656
1717 SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);-
1718 return -1;
never executed: return -1;
0
1719 }-
1720-
1721 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
s->shutdown & 2Description
TRUEevaluated 110 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 21546 times by 1 test
Evaluated by:
  • libssl.so.1.1
110-21546
1722 s->rwstate = SSL_NOTHING;-
1723 return 0;
executed 110 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
110
1724 }-
1725-
1726 if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
s->early_data_..._CONNECT_RETRYDescription
TRUEnever evaluated
FALSEevaluated 21546 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-21546
1727 || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
s->early_data_...A_ACCEPT_RETRYDescription
TRUEnever evaluated
FALSEevaluated 21546 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-21546
1728 SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1729 return 0;
never executed: return 0;
0
1730 }-
1731 /*-
1732 * If we are a client and haven't received the ServerHello etc then we-
1733 * better do that-
1734 */-
1735 ossl_statem_check_finish_init(s, 0);-
1736-
1737 if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
(s->mode & 0x00000100U)Description
TRUEnever evaluated
FALSEevaluated 21546 times by 1 test
Evaluated by:
  • libssl.so.1.1
ASYNC_get_curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-21546
1738 struct ssl_async_args args;-
1739 int ret;-
1740-
1741 args.s = s;-
1742 args.buf = buf;-
1743 args.num = num;-
1744 args.type = READFUNC;-
1745 args.f.func_read = s->method->ssl_read;-
1746-
1747 ret = ssl_start_async_job(s, &args, ssl_io_intern);-
1748 *readbytes = s->asyncrw;-
1749 return ret;
never executed: return ret;
0
1750 } else {-
1751 return s->method->ssl_read(s, buf, num, readbytes);
executed 21546 times by 1 test: return s->method->ssl_read(s, buf, num, readbytes);
Executed by:
  • libssl.so.1.1
21546
1752 }-
1753}-
1754-
1755int SSL_read(SSL *s, void *buf, int num)-
1756{-
1757 int ret;-
1758 size_t readbytes;-
1759-
1760 if (num < 0) {
num < 0Description
TRUEnever evaluated
FALSEevaluated 10615 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-10615
1761 SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);-
1762 return -1;
never executed: return -1;
0
1763 }-
1764-
1765 ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);-
1766-
1767 /*-
1768 * The cast is safe here because ret should be <= INT_MAX because num is-
1769 * <= INT_MAX-
1770 */-
1771 if (ret > 0)
ret > 0Description
TRUEevaluated 9165 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1450 times by 1 test
Evaluated by:
  • libssl.so.1.1
1450-9165
1772 ret = (int)readbytes;
executed 9165 times by 1 test: ret = (int)readbytes;
Executed by:
  • libssl.so.1.1
9165
1773-
1774 return ret;
executed 10615 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
10615
1775}-
1776-
1777int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)-
1778{-
1779 int ret = ssl_read_internal(s, buf, num, readbytes);-
1780-
1781 if (ret < 0)
ret < 0Description
TRUEevaluated 777 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 73 times by 1 test
Evaluated by:
  • libssl.so.1.1
73-777
1782 ret = 0;
executed 777 times by 1 test: ret = 0;
Executed by:
  • libssl.so.1.1
777
1783 return ret;
executed 850 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
850
1784}-
1785-
1786int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)-
1787{-
1788 int ret;-
1789-
1790 if (!s->server) {
!s->serverDescription
TRUEnever evaluated
FALSEevaluated 697 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-697
1791 SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1792 return SSL_READ_EARLY_DATA_ERROR;
never executed: return 0;
0
1793 }-
1794-
1795 switch (s->early_data_state) {-
1796 case SSL_EARLY_DATA_NONE:
executed 675 times by 1 test: case SSL_EARLY_DATA_NONE:
Executed by:
  • libssl.so.1.1
675
1797 if (!SSL_in_before(s)) {
!SSL_in_before(s)Description
TRUEnever evaluated
FALSEevaluated 675 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-675
1798 SSLerr(SSL_F_SSL_READ_EARLY_DATA,-
1799 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1800 return SSL_READ_EARLY_DATA_ERROR;
never executed: return 0;
0
1801 }-
1802 /* fall through */-
1803-
1804 case SSL_EARLY_DATA_ACCEPT_RETRY:
code before this statement executed 675 times by 1 test: case SSL_EARLY_DATA_ACCEPT_RETRY:
Executed by:
  • libssl.so.1.1
executed 3 times by 1 test: case SSL_EARLY_DATA_ACCEPT_RETRY:
Executed by:
  • libssl.so.1.1
3-675
1805 s->early_data_state = SSL_EARLY_DATA_ACCEPTING;-
1806 ret = SSL_accept(s);-
1807 if (ret <= 0) {
ret <= 0Description
TRUEevaluated 519 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 159 times by 1 test
Evaluated by:
  • libssl.so.1.1
159-519
1808 /* NBIO or error */-
1809 s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;-
1810 return SSL_READ_EARLY_DATA_ERROR;
executed 519 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
519
1811 }-
1812 /* fall through */-
1813-
1814 case SSL_EARLY_DATA_READ_RETRY:
code before this statement executed 159 times by 1 test: case SSL_EARLY_DATA_READ_RETRY:
Executed by:
  • libssl.so.1.1
executed 13 times by 1 test: case SSL_EARLY_DATA_READ_RETRY:
Executed by:
  • libssl.so.1.1
13-159
1815 if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
s->ext.early_data == 2Description
TRUEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 137 times by 1 test
Evaluated by:
  • libssl.so.1.1
35-137
1816 s->early_data_state = SSL_EARLY_DATA_READING;-
1817 ret = SSL_read_ex(s, buf, num, readbytes);-
1818 /*-
1819 * State machine will update early_data_state to-
1820 * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData-
1821 * message-
1822 */-
1823 if (ret > 0 || (ret <= 0 && s->early_data_state
ret > 0Description
TRUEevaluated 21 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 14 times by 1 test
Evaluated by:
  • libssl.so.1.1
ret <= 0Description
TRUEevaluated 14 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
s->early_data_...NISHED_READINGDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-21
1824 != SSL_EARLY_DATA_FINISHED_READING)) {
s->early_data_...NISHED_READINGDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-10
1825 s->early_data_state = SSL_EARLY_DATA_READ_RETRY;-
1826 return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
executed 25 times by 1 test: return ret > 0 ? 1 : 0;
Executed by:
  • libssl.so.1.1
ret > 0Description
TRUEevaluated 21 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-25
1827 : SSL_READ_EARLY_DATA_ERROR;
executed 25 times by 1 test: return ret > 0 ? 1 : 0;
Executed by:
  • libssl.so.1.1
25
1828 }-
1829 } else {
executed 10 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
10
1830 s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;-
1831 }
executed 137 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
137
1832 *readbytes = 0;-
1833 return SSL_READ_EARLY_DATA_FINISH;
executed 147 times by 1 test: return 2;
Executed by:
  • libssl.so.1.1
147
1834-
1835 default:
executed 6 times by 1 test: default:
Executed by:
  • libssl.so.1.1
6
1836 SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1837 return SSL_READ_EARLY_DATA_ERROR;
executed 6 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
6
1838 }-
1839}-
1840-
1841int SSL_get_early_data_status(const SSL *s)-
1842{-
1843 return s->ext.early_data;
executed 162 times by 1 test: return s->ext.early_data;
Executed by:
  • libssl.so.1.1
162
1844}-
1845-
1846static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)-
1847{-
1848 if (s->handshake_func == NULL) {
s->handshake_f...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1849 SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);-
1850 return -1;
never executed: return -1;
0
1851 }-
1852-
1853 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
s->shutdown & 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1854 return 0;
never executed: return 0;
0
1855 }-
1856 if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
(s->mode & 0x00000100U)Description
TRUEnever evaluated
FALSEnever evaluated
ASYNC_get_curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1857 struct ssl_async_args args;-
1858 int ret;-
1859-
1860 args.s = s;-
1861 args.buf = buf;-
1862 args.num = num;-
1863 args.type = READFUNC;-
1864 args.f.func_read = s->method->ssl_peek;-
1865-
1866 ret = ssl_start_async_job(s, &args, ssl_io_intern);-
1867 *readbytes = s->asyncrw;-
1868 return ret;
never executed: return ret;
0
1869 } else {-
1870 return s->method->ssl_peek(s, buf, num, readbytes);
never executed: return s->method->ssl_peek(s, buf, num, readbytes);
0
1871 }-
1872}-
1873-
1874int SSL_peek(SSL *s, void *buf, int num)-
1875{-
1876 int ret;-
1877 size_t readbytes;-
1878-
1879 if (num < 0) {
num < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1880 SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);-
1881 return -1;
never executed: return -1;
0
1882 }-
1883-
1884 ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);-
1885-
1886 /*-
1887 * The cast is safe here because ret should be <= INT_MAX because num is-
1888 * <= INT_MAX-
1889 */-
1890 if (ret > 0)
ret > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1891 ret = (int)readbytes;
never executed: ret = (int)readbytes;
0
1892-
1893 return ret;
never executed: return ret;
0
1894}-
1895-
1896-
1897int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)-
1898{-
1899 int ret = ssl_peek_internal(s, buf, num, readbytes);-
1900-
1901 if (ret < 0)
ret < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1902 ret = 0;
never executed: ret = 0;
0
1903 return ret;
never executed: return ret;
0
1904}-
1905-
1906int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)-
1907{-
1908 if (s->handshake_func == NULL) {
s->handshake_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6416 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6416
1909 SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);-
1910 return -1;
never executed: return -1;
0
1911 }-
1912-
1913 if (s->shutdown & SSL_SENT_SHUTDOWN) {
s->shutdown & 1Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6405 times by 1 test
Evaluated by:
  • libssl.so.1.1
11-6405
1914 s->rwstate = SSL_NOTHING;-
1915 SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);-
1916 return -1;
executed 11 times by 1 test: return -1;
Executed by:
  • libssl.so.1.1
11
1917 }-
1918-
1919 if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
s->early_data_..._CONNECT_RETRYDescription
TRUEnever evaluated
FALSEevaluated 6405 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6405
1920 || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
s->early_data_...A_ACCEPT_RETRYDescription
TRUEnever evaluated
FALSEevaluated 6405 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6405
1921 || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
s->early_data_...ATA_READ_RETRYDescription
TRUEnever evaluated
FALSEevaluated 6405 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6405
1922 SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1923 return 0;
never executed: return 0;
0
1924 }-
1925 /* If we are a client and haven't sent the Finished we better do that */-
1926 ossl_statem_check_finish_init(s, 1);-
1927-
1928 if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
(s->mode & 0x00000100U)Description
TRUEnever evaluated
FALSEevaluated 6405 times by 1 test
Evaluated by:
  • libssl.so.1.1
ASYNC_get_curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-6405
1929 int ret;-
1930 struct ssl_async_args args;-
1931-
1932 args.s = s;-
1933 args.buf = (void *)buf;-
1934 args.num = num;-
1935 args.type = WRITEFUNC;-
1936 args.f.func_write = s->method->ssl_write;-
1937-
1938 ret = ssl_start_async_job(s, &args, ssl_io_intern);-
1939 *written = s->asyncrw;-
1940 return ret;
never executed: return ret;
0
1941 } else {-
1942 return s->method->ssl_write(s, buf, num, written);
executed 6405 times by 1 test: return s->method->ssl_write(s, buf, num, written);
Executed by:
  • libssl.so.1.1
6405
1943 }-
1944}-
1945-
1946int SSL_write(SSL *s, const void *buf, int num)-
1947{-
1948 int ret;-
1949 size_t written;-
1950-
1951 if (num < 0) {
num < 0Description
TRUEnever evaluated
FALSEevaluated 3371 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3371
1952 SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);-
1953 return -1;
never executed: return -1;
0
1954 }-
1955-
1956 ret = ssl_write_internal(s, buf, (size_t)num, &written);-
1957-
1958 /*-
1959 * The cast is safe here because ret should be <= INT_MAX because num is-
1960 * <= INT_MAX-
1961 */-
1962 if (ret > 0)
ret > 0Description
TRUEevaluated 3293 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 78 times by 1 test
Evaluated by:
  • libssl.so.1.1
78-3293
1963 ret = (int)written;
executed 3293 times by 1 test: ret = (int)written;
Executed by:
  • libssl.so.1.1
3293
1964-
1965 return ret;
executed 3371 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
3371
1966}-
1967-
1968int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)-
1969{-
1970 int ret = ssl_write_internal(s, buf, num, written);-
1971-
1972 if (ret < 0)
ret < 0Description
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 94 times by 1 test
Evaluated by:
  • libssl.so.1.1
26-94
1973 ret = 0;
executed 26 times by 1 test: ret = 0;
Executed by:
  • libssl.so.1.1
26
1974 return ret;
executed 120 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
120
1975}-
1976-
1977int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)-
1978{-
1979 int ret, early_data_state;-
1980 size_t writtmp;-
1981 uint32_t partialwrite;-
1982-
1983 switch (s->early_data_state) {-
1984 case SSL_EARLY_DATA_NONE:
executed 53 times by 1 test: case SSL_EARLY_DATA_NONE:
Executed by:
  • libssl.so.1.1
53
1985 if (s->server
s->serverDescription
TRUEnever evaluated
FALSEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-53
1986 || !SSL_in_before(s)
!SSL_in_before(s)Description
TRUEnever evaluated
FALSEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-53
1987 || ((s->session == NULL || s->session->ext.max_early_data == 0)
s->session == ((void *)0)Description
TRUEevaluated 15 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 38 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->session->ex...arly_data == 0Description
TRUEnever evaluated
FALSEevaluated 38 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-38
1988 && (s->psk_use_session_cb == NULL))) {
(s->psk_use_se... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 15 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-15
1989 SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,-
1990 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
1991 return 0;
never executed: return 0;
0
1992 }-
1993 /* fall through */-
1994-
1995 case SSL_EARLY_DATA_CONNECT_RETRY:
code before this statement executed 53 times by 1 test: case SSL_EARLY_DATA_CONNECT_RETRY:
Executed by:
  • libssl.so.1.1
never executed: case SSL_EARLY_DATA_CONNECT_RETRY:
0-53
1996 s->early_data_state = SSL_EARLY_DATA_CONNECTING;-
1997 ret = SSL_connect(s);-
1998 if (ret <= 0) {
ret <= 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 50 times by 1 test
Evaluated by:
  • libssl.so.1.1
3-50
1999 /* NBIO or error */-
2000 s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;-
2001 return 0;
executed 3 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
3
2002 }-
2003 /* fall through */-
2004-
2005 case SSL_EARLY_DATA_WRITE_RETRY:
code before this statement executed 50 times by 1 test: case SSL_EARLY_DATA_WRITE_RETRY:
Executed by:
  • libssl.so.1.1
executed 3 times by 1 test: case SSL_EARLY_DATA_WRITE_RETRY:
Executed by:
  • libssl.so.1.1
3-50
2006 s->early_data_state = SSL_EARLY_DATA_WRITING;-
2007 /*-
2008 * We disable partial write for early data because we don't keep track-
2009 * of how many bytes we've written between the SSL_write_ex() call and-
2010 * the flush if the flush needs to be retried)-
2011 */-
2012 partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;-
2013 s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;-
2014 ret = SSL_write_ex(s, buf, num, &writtmp);-
2015 s->mode |= partialwrite;-
2016 if (!ret) {
!retDescription
TRUEnever evaluated
FALSEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-53
2017 s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;-
2018 return ret;
never executed: return ret;
0
2019 }-
2020 s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;-
2021 /* fall through */-
2022-
2023 case SSL_EARLY_DATA_WRITE_FLUSH:
code before this statement executed 53 times by 1 test: case SSL_EARLY_DATA_WRITE_FLUSH:
Executed by:
  • libssl.so.1.1
never executed: case SSL_EARLY_DATA_WRITE_FLUSH:
0-53
2024 /* The buffering BIO is still in place so we need to flush it */-
2025 if (statem_flush(s) != 1)
statem_flush(s) != 1Description
TRUEnever evaluated
FALSEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-53
2026 return 0;
never executed: return 0;
0
2027 *written = num;-
2028 s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;-
2029 return 1;
executed 53 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
53
2030-
2031 case SSL_EARLY_DATA_FINISHED_READING:
executed 3 times by 1 test: case SSL_EARLY_DATA_FINISHED_READING:
Executed by:
  • libssl.so.1.1
3
2032 case SSL_EARLY_DATA_READ_RETRY:
executed 6 times by 1 test: case SSL_EARLY_DATA_READ_RETRY:
Executed by:
  • libssl.so.1.1
6
2033 early_data_state = s->early_data_state;-
2034 /* We are a server writing to an unauthenticated client */-
2035 s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;-
2036 ret = SSL_write_ex(s, buf, num, written);-
2037 /* The buffering BIO is still in place */-
2038 if (ret)
retDescription
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-9
2039 (void)BIO_flush(s->wbio);
executed 9 times by 1 test: (void)(int)BIO_ctrl(s->wbio,11,0, ((void *)0) );
Executed by:
  • libssl.so.1.1
9
2040 s->early_data_state = early_data_state;-
2041 return ret;
executed 9 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
9
2042-
2043 default:
executed 6 times by 1 test: default:
Executed by:
  • libssl.so.1.1
6
2044 SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
2045 return 0;
executed 6 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
6
2046 }-
2047}-
2048-
2049int SSL_shutdown(SSL *s)-
2050{-
2051 /*-
2052 * Note that this function behaves differently from what one might-
2053 * expect. Return values are 0 for no success (yet), 1 for success; but-
2054 * calling it once is usually not enough, even if blocking I/O is used-
2055 * (see ssl3_shutdown).-
2056 */-
2057-
2058 if (s->handshake_func == NULL) {
s->handshake_f...== ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4751 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-4751
2059 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);-
2060 return -1;
executed 4 times by 1 test: return -1;
Executed by:
  • libssl.so.1.1
4
2061 }-
2062-
2063 if (!SSL_in_init(s)) {
!SSL_in_init(s)Description
TRUEevaluated 4591 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 160 times by 1 test
Evaluated by:
  • libssl.so.1.1
160-4591
2064 if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
(s->mode & 0x00000100U)Description
TRUEnever evaluated
FALSEevaluated 4591 times by 1 test
Evaluated by:
  • libssl.so.1.1
ASYNC_get_curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-4591
2065 struct ssl_async_args args;-
2066-
2067 args.s = s;-
2068 args.type = OTHERFUNC;-
2069 args.f.func_other = s->method->ssl_shutdown;-
2070-
2071 return ssl_start_async_job(s, &args, ssl_io_intern);
never executed: return ssl_start_async_job(s, &args, ssl_io_intern);
0
2072 } else {-
2073 return s->method->ssl_shutdown(s);
executed 4591 times by 1 test: return s->method->ssl_shutdown(s);
Executed by:
  • libssl.so.1.1
4591
2074 }-
2075 } else {-
2076 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);-
2077 return -1;
executed 160 times by 1 test: return -1;
Executed by:
  • libssl.so.1.1
160
2078 }-
2079}-
2080-
2081int SSL_key_update(SSL *s, int updatetype)-
2082{-
2083 /*-
2084 * TODO(TLS1.3): How will applications know whether TLSv1.3 has been-
2085 * negotiated, and that it is appropriate to call SSL_key_update() instead-
2086 * of SSL_renegotiate().-
2087 */-
2088 if (!SSL_IS_TLS13(s)) {
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
(s)->method->version >= 0x0304Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
(s)->method->v...ion != 0x10000Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-6
2089 SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);-
2090 return 0;
never executed: return 0;
0
2091 }-
2092-
2093 if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
updatetype != 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
3
2094 && updatetype != SSL_KEY_UPDATE_REQUESTED) {
updatetype != 1Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
2095 SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);-
2096 return 0;
never executed: return 0;
0
2097 }-
2098-
2099 if (!SSL_is_init_finished(s)) {
!SSL_is_init_finished(s)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
2100 SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);-
2101 return 0;
never executed: return 0;
0
2102 }-
2103-
2104 ossl_statem_set_in_init(s, 1);-
2105 s->key_update = updatetype;-
2106 return 1;
executed 6 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
6
2107}-
2108-
2109int SSL_get_key_update_type(SSL *s)-
2110{-
2111 return s->key_update;
executed 191 times by 1 test: return s->key_update;
Executed by:
  • libssl.so.1.1
191
2112}-
2113-
2114int SSL_renegotiate(SSL *s)-
2115{-
2116 if (SSL_IS_TLS13(s)) {
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 14 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->version >= 0x0304Description
TRUEnever evaluated
FALSEevaluated 14 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->v...ion != 0x10000Description
TRUEnever evaluated
FALSEnever evaluated
0-14
2117 SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);-
2118 return 0;
never executed: return 0;
0
2119 }-
2120-
2121 if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
(s->options & 0x40000000U)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 23 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-23
2122 SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);-
2123 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • libssl.so.1.1
1
2124 }-
2125-
2126 s->renegotiate = 1;-
2127 s->new_session = 1;-
2128-
2129 return s->method->ssl_renegotiate(s);
executed 23 times by 1 test: return s->method->ssl_renegotiate(s);
Executed by:
  • libssl.so.1.1
23
2130}-
2131-
2132int SSL_renegotiate_abbreviated(SSL *s)-
2133{-
2134 if (SSL_IS_TLS13(s)) {
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->version >= 0x0304Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->v...ion != 0x10000Description
TRUEnever evaluated
FALSEnever evaluated
0-8
2135 SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);-
2136 return 0;
never executed: return 0;
0
2137 }-
2138-
2139 if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
(s->options & 0x40000000U)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-9
2140 SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);-
2141 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • libssl.so.1.1
1
2142 }-
2143-
2144 s->renegotiate = 1;-
2145 s->new_session = 0;-
2146-
2147 return s->method->ssl_renegotiate(s);
executed 9 times by 1 test: return s->method->ssl_renegotiate(s);
Executed by:
  • libssl.so.1.1
9
2148}-
2149-
2150int SSL_renegotiate_pending(SSL *s)-
2151{-
2152 /*-
2153 * becomes true when negotiation is requested; false again once a-
2154 * handshake has finished-
2155 */-
2156 return (s->renegotiate != 0);
executed 31 times by 1 test: return (s->renegotiate != 0);
Executed by:
  • libssl.so.1.1
31
2157}-
2158-
2159long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)-
2160{-
2161 long l;-
2162-
2163 switch (cmd) {-
2164 case SSL_CTRL_GET_READ_AHEAD:
never executed: case 40:
0
2165 return RECORD_LAYER_get_read_ahead(&s->rlayer);
never executed: return ((&s->rlayer)->read_ahead);
0
2166 case SSL_CTRL_SET_READ_AHEAD:
never executed: case 41:
0
2167 l = RECORD_LAYER_get_read_ahead(&s->rlayer);-
2168 RECORD_LAYER_set_read_ahead(&s->rlayer, larg);-
2169 return l;
never executed: return l;
0
2170-
2171 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
never executed: case 16:
0
2172 s->msg_callback_arg = parg;-
2173 return 1;
never executed: return 1;
0
2174-
2175 case SSL_CTRL_MODE:
executed 1 time by 1 test: case 33:
Executed by:
  • libssl.so.1.1
1
2176 return (s->mode |= larg);
executed 1 time by 1 test: return (s->mode |= larg);
Executed by:
  • libssl.so.1.1
1
2177 case SSL_CTRL_CLEAR_MODE:
never executed: case 78:
0
2178 return (s->mode &= ~larg);
never executed: return (s->mode &= ~larg);
0
2179 case SSL_CTRL_GET_MAX_CERT_LIST:
never executed: case 50:
0
2180 return (long)s->max_cert_list;
never executed: return (long)s->max_cert_list;
0
2181 case SSL_CTRL_SET_MAX_CERT_LIST:
never executed: case 51:
0
2182 if (larg < 0)
larg < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2183 return 0;
never executed: return 0;
0
2184 l = (long)s->max_cert_list;-
2185 s->max_cert_list = (size_t)larg;-
2186 return l;
never executed: return l;
0
2187 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
executed 396 times by 1 test: case 52:
Executed by:
  • libssl.so.1.1
396
2188 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
larg < 512Description
TRUEnever evaluated
FALSEevaluated 396 times by 1 test
Evaluated by:
  • libssl.so.1.1
larg > 16384Description
TRUEnever evaluated
FALSEevaluated 396 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-396
2189 return 0;
never executed: return 0;
0
2190 s->max_send_fragment = larg;-
2191 if (s->max_send_fragment < s->split_send_fragment)
s->max_send_fr..._send_fragmentDescription
TRUEevaluated 396 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-396
2192 s->split_send_fragment = s->max_send_fragment;
executed 396 times by 1 test: s->split_send_fragment = s->max_send_fragment;
Executed by:
  • libssl.so.1.1
396
2193 return 1;
executed 396 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
396
2194 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
never executed: case 125:
0
2195 if ((size_t)larg > s->max_send_fragment || larg == 0)
(size_t)larg >..._send_fragmentDescription
TRUEnever evaluated
FALSEnever evaluated
larg == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2196 return 0;
never executed: return 0;
0
2197 s->split_send_fragment = larg;-
2198 return 1;
never executed: return 1;
0
2199 case SSL_CTRL_SET_MAX_PIPELINES:
never executed: case 126:
0
2200 if (larg < 1 || larg > SSL_MAX_PIPELINES)
larg < 1Description
TRUEnever evaluated
FALSEnever evaluated
larg > 32Description
TRUEnever evaluated
FALSEnever evaluated
0
2201 return 0;
never executed: return 0;
0
2202 s->max_pipelines = larg;-
2203 if (larg > 1)
larg > 1Description
TRUEnever evaluated
FALSEnever evaluated
0
2204 RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
never executed: ((&s->rlayer)->read_ahead = (1));
0
2205 return 1;
never executed: return 1;
0
2206 case SSL_CTRL_GET_RI_SUPPORT:
executed 191 times by 1 test: case 76:
Executed by:
  • libssl.so.1.1
191
2207 if (s->s3)
s->s3Description
TRUEevaluated 191 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-191
2208 return s->s3->send_connection_binding;
executed 191 times by 1 test: return s->s3->send_connection_binding;
Executed by:
  • libssl.so.1.1
191
2209 else-
2210 return 0;
never executed: return 0;
0
2211 case SSL_CTRL_CERT_FLAGS:
never executed: case 99:
0
2212 return (s->cert->cert_flags |= larg);
never executed: return (s->cert->cert_flags |= larg);
0
2213 case SSL_CTRL_CLEAR_CERT_FLAGS:
never executed: case 100:
0
2214 return (s->cert->cert_flags &= ~larg);
never executed: return (s->cert->cert_flags &= ~larg);
0
2215-
2216 case SSL_CTRL_GET_RAW_CIPHERLIST:
executed 240 times by 1 test: case 110:
Executed by:
  • libssl.so.1.1
240
2217 if (parg) {
pargDescription
TRUEevaluated 120 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 120 times by 1 test
Evaluated by:
  • libssl.so.1.1
120
2218 if (s->s3->tmp.ciphers_raw == NULL)
s->s3->tmp.cip...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 120 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-120
2219 return 0;
never executed: return 0;
0
2220 *(unsigned char **)parg = s->s3->tmp.ciphers_raw;-
2221 return (int)s->s3->tmp.ciphers_rawlen;
executed 120 times by 1 test: return (int)s->s3->tmp.ciphers_rawlen;
Executed by:
  • libssl.so.1.1
120
2222 } else {-
2223 return TLS_CIPHER_LEN;
executed 120 times by 1 test: return 2;
Executed by:
  • libssl.so.1.1
120
2224 }-
2225 case SSL_CTRL_GET_EXTMS_SUPPORT:
never executed: case 122:
0
2226 if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
!s->sessionDescription
TRUEnever evaluated
FALSEnever evaluated
SSL_in_init(s)Description
TRUEnever evaluated
FALSEnever evaluated
ossl_statem_ge...n_handshake(s)Description
TRUEnever evaluated
FALSEnever evaluated
0
2227 return -1;
never executed: return -1;
0
2228 if (s->session->flags & SSL_SESS_FLAG_EXTMS)
s->session->flags & 0x1Description
TRUEnever evaluated
FALSEnever evaluated
0
2229 return 1;
never executed: return 1;
0
2230 else-
2231 return 0;
never executed: return 0;
0
2232 case SSL_CTRL_SET_MIN_PROTO_VERSION:
executed 2314 times by 1 test: case 123:
Executed by:
  • libssl.so.1.1
2314
2233 return ssl_check_allowed_versions(larg, s->max_proto_version)
executed 2314 times by 1 test: return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version);
Executed by:
  • libssl.so.1.1
ssl_check_allo...proto_version)Description
TRUEevaluated 2314 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2314
2234 && ssl_set_version_bound(s->ctx->method->version, (int)larg,
executed 2314 times by 1 test: return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 2314 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2314
2235 &s->min_proto_version);
executed 2314 times by 1 test: return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 2314 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2314
2236 case SSL_CTRL_GET_MIN_PROTO_VERSION:
never executed: case 130:
0
2237 return s->min_proto_version;
never executed: return s->min_proto_version;
0
2238 case SSL_CTRL_SET_MAX_PROTO_VERSION:
executed 4 times by 1 test: case 124:
Executed by:
  • libssl.so.1.1
4
2239 return ssl_check_allowed_versions(s->min_proto_version, larg)
executed 4 times by 1 test: return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version);
Executed by:
  • libssl.so.1.1
ssl_check_allo...version, larg)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-4
2240 && ssl_set_version_bound(s->ctx->method->version, (int)larg,
executed 4 times by 1 test: return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-4
2241 &s->max_proto_version);
executed 4 times by 1 test: return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-4
2242 case SSL_CTRL_GET_MAX_PROTO_VERSION:
never executed: case 131:
0
2243 return s->max_proto_version;
never executed: return s->max_proto_version;
0
2244 default:
executed 8649 times by 1 test: default:
Executed by:
  • libssl.so.1.1
8649
2245 return s->method->ssl_ctrl(s, cmd, larg, parg);
executed 8649 times by 1 test: return s->method->ssl_ctrl(s, cmd, larg, parg);
Executed by:
  • libssl.so.1.1
8649
2246 }-
2247}-
2248-
2249long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))-
2250{-
2251 switch (cmd) {-
2252 case SSL_CTRL_SET_MSG_CALLBACK:
never executed: case 15:
0
2253 s->msg_callback = (void (*)-
2254 (int write_p, int version, int content_type,-
2255 const void *buf, size_t len, SSL *ssl,-
2256 void *arg))(fp);-
2257 return 1;
never executed: return 1;
0
2258-
2259 default:
never executed: default:
0
2260 return s->method->ssl_callback_ctrl(s, cmd, fp);
never executed: return s->method->ssl_callback_ctrl(s, cmd, fp);
0
2261 }-
2262}-
2263-
2264LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)-
2265{-
2266 return ctx->sessions;
never executed: return ctx->sessions;
0
2267}-
2268-
2269long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)-
2270{-
2271 long l;-
2272 /* For some cases with ctx == NULL perform syntax checks */-
2273 if (ctx == NULL) {
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 18659 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-18659
2274 switch (cmd) {-
2275#ifndef OPENSSL_NO_EC-
2276 case SSL_CTRL_SET_GROUPS_LIST:
never executed: case 92:
0
2277 return tls1_set_groups_list(NULL, NULL, parg);
never executed: return tls1_set_groups_list( ((void *)0) , ((void *)0) , parg);
0
2278#endif-
2279 case SSL_CTRL_SET_SIGALGS_LIST:
never executed: case 98:
0
2280 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
never executed: case 102:
0
2281 return tls1_set_sigalgs_list(NULL, parg, 0);
never executed: return tls1_set_sigalgs_list( ((void *)0) , parg, 0);
0
2282 default:
never executed: default:
0
2283 return 0;
never executed: return 0;
0
2284 }-
2285 }-
2286-
2287 switch (cmd) {-
2288 case SSL_CTRL_GET_READ_AHEAD:
never executed: case 40:
0
2289 return ctx->read_ahead;
never executed: return ctx->read_ahead;
0
2290 case SSL_CTRL_SET_READ_AHEAD:
executed 31 times by 1 test: case 41:
Executed by:
  • libssl.so.1.1
31
2291 l = ctx->read_ahead;-
2292 ctx->read_ahead = larg;-
2293 return l;
executed 31 times by 1 test: return l;
Executed by:
  • libssl.so.1.1
31
2294-
2295 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
never executed: case 16:
0
2296 ctx->msg_callback_arg = parg;-
2297 return 1;
never executed: return 1;
0
2298-
2299 case SSL_CTRL_GET_MAX_CERT_LIST:
never executed: case 50:
0
2300 return (long)ctx->max_cert_list;
never executed: return (long)ctx->max_cert_list;
0
2301 case SSL_CTRL_SET_MAX_CERT_LIST:
never executed: case 51:
0
2302 if (larg < 0)
larg < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2303 return 0;
never executed: return 0;
0
2304 l = (long)ctx->max_cert_list;-
2305 ctx->max_cert_list = (size_t)larg;-
2306 return l;
never executed: return l;
0
2307-
2308 case SSL_CTRL_SET_SESS_CACHE_SIZE:
never executed: case 42:
0
2309 if (larg < 0)
larg < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2310 return 0;
never executed: return 0;
0
2311 l = (long)ctx->session_cache_size;-
2312 ctx->session_cache_size = (size_t)larg;-
2313 return l;
never executed: return l;
0
2314 case SSL_CTRL_GET_SESS_CACHE_SIZE:
executed 858 times by 1 test: case 43:
Executed by:
  • libssl.so.1.1
858
2315 return (long)ctx->session_cache_size;
executed 858 times by 1 test: return (long)ctx->session_cache_size;
Executed by:
  • libssl.so.1.1
858
2316 case SSL_CTRL_SET_SESS_CACHE_MODE:
executed 418 times by 1 test: case 44:
Executed by:
  • libssl.so.1.1
418
2317 l = ctx->session_cache_mode;-
2318 ctx->session_cache_mode = larg;-
2319 return l;
executed 418 times by 1 test: return l;
Executed by:
  • libssl.so.1.1
418
2320 case SSL_CTRL_GET_SESS_CACHE_MODE:
never executed: case 45:
0
2321 return ctx->session_cache_mode;
never executed: return ctx->session_cache_mode;
0
2322-
2323 case SSL_CTRL_SESS_NUMBER:
executed 517 times by 1 test: case 20:
Executed by:
  • libssl.so.1.1
517
2324 return lh_SSL_SESSION_num_items(ctx->sessions);
executed 517 times by 1 test: return lh_SSL_SESSION_num_items(ctx->sessions);
Executed by:
  • libssl.so.1.1
517
2325 case SSL_CTRL_SESS_CONNECT:
executed 176 times by 1 test: case 21:
Executed by:
  • libssl.so.1.1
176
2326 return tsan_load(&ctx->stats.sess_connect);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_connect) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2327 case SSL_CTRL_SESS_CONNECT_GOOD:
executed 176 times by 1 test: case 22:
Executed by:
  • libssl.so.1.1
176
2328 return tsan_load(&ctx->stats.sess_connect_good);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_connect_good) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2329 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
executed 176 times by 1 test: case 23:
Executed by:
  • libssl.so.1.1
176
2330 return tsan_load(&ctx->stats.sess_connect_renegotiate);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_connect_renegotiate) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2331 case SSL_CTRL_SESS_ACCEPT:
executed 176 times by 1 test: case 24:
Executed by:
  • libssl.so.1.1
176
2332 return tsan_load(&ctx->stats.sess_accept);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_accept) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2333 case SSL_CTRL_SESS_ACCEPT_GOOD:
executed 176 times by 1 test: case 25:
Executed by:
  • libssl.so.1.1
176
2334 return tsan_load(&ctx->stats.sess_accept_good);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_accept_good) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2335 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
executed 176 times by 1 test: case 26:
Executed by:
  • libssl.so.1.1
176
2336 return tsan_load(&ctx->stats.sess_accept_renegotiate);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_accept_renegotiate) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2337 case SSL_CTRL_SESS_HIT:
executed 176 times by 1 test: case 27:
Executed by:
  • libssl.so.1.1
176
2338 return tsan_load(&ctx->stats.sess_hit);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_hit) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2339 case SSL_CTRL_SESS_CB_HIT:
executed 176 times by 1 test: case 28:
Executed by:
  • libssl.so.1.1
176
2340 return tsan_load(&ctx->stats.sess_cb_hit);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_cb_hit) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2341 case SSL_CTRL_SESS_MISSES:
executed 176 times by 1 test: case 29:
Executed by:
  • libssl.so.1.1
176
2342 return tsan_load(&ctx->stats.sess_miss);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_miss) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2343 case SSL_CTRL_SESS_TIMEOUTS:
executed 176 times by 1 test: case 30:
Executed by:
  • libssl.so.1.1
176
2344 return tsan_load(&ctx->stats.sess_timeout);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_timeout) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2345 case SSL_CTRL_SESS_CACHE_FULL:
executed 176 times by 1 test: case 31:
Executed by:
  • libssl.so.1.1
176
2346 return tsan_load(&ctx->stats.sess_cache_full);
executed 176 times by 1 test: return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_cache_full) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;
Executed by:
  • libssl.so.1.1
176
2347 case SSL_CTRL_MODE:
never executed: case 33:
0
2348 return (ctx->mode |= larg);
never executed: return (ctx->mode |= larg);
0
2349 case SSL_CTRL_CLEAR_MODE:
executed 367 times by 1 test: case 78:
Executed by:
  • libssl.so.1.1
367
2350 return (ctx->mode &= ~larg);
executed 367 times by 1 test: return (ctx->mode &= ~larg);
Executed by:
  • libssl.so.1.1
367
2351 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
executed 2453 times by 1 test: case 52:
Executed by:
  • libssl.so.1.1
2453
2352 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
larg < 512Description
TRUEnever evaluated
FALSEevaluated 2453 times by 1 test
Evaluated by:
  • libssl.so.1.1
larg > 16384Description
TRUEnever evaluated
FALSEevaluated 2453 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2453
2353 return 0;
never executed: return 0;
0
2354 ctx->max_send_fragment = larg;-
2355 if (ctx->max_send_fragment < ctx->split_send_fragment)
ctx->max_send_..._send_fragmentDescription
TRUEevaluated 2447 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
6-2447
2356 ctx->split_send_fragment = ctx->max_send_fragment;
executed 2447 times by 1 test: ctx->split_send_fragment = ctx->max_send_fragment;
Executed by:
  • libssl.so.1.1
2447
2357 return 1;
executed 2453 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
2453
2358 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
never executed: case 125:
0
2359 if ((size_t)larg > ctx->max_send_fragment || larg == 0)
(size_t)larg >..._send_fragmentDescription
TRUEnever evaluated
FALSEnever evaluated
larg == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2360 return 0;
never executed: return 0;
0
2361 ctx->split_send_fragment = larg;-
2362 return 1;
never executed: return 1;
0
2363 case SSL_CTRL_SET_MAX_PIPELINES:
never executed: case 126:
0
2364 if (larg < 1 || larg > SSL_MAX_PIPELINES)
larg < 1Description
TRUEnever evaluated
FALSEnever evaluated
larg > 32Description
TRUEnever evaluated
FALSEnever evaluated
0
2365 return 0;
never executed: return 0;
0
2366 ctx->max_pipelines = larg;-
2367 return 1;
never executed: return 1;
0
2368 case SSL_CTRL_CERT_FLAGS:
never executed: case 99:
0
2369 return (ctx->cert->cert_flags |= larg);
never executed: return (ctx->cert->cert_flags |= larg);
0
2370 case SSL_CTRL_CLEAR_CERT_FLAGS:
never executed: case 100:
0
2371 return (ctx->cert->cert_flags &= ~larg);
never executed: return (ctx->cert->cert_flags &= ~larg);
0
2372 case SSL_CTRL_SET_MIN_PROTO_VERSION:
executed 2744 times by 1 test: case 123:
Executed by:
  • libssl.so.1.1
2744
2373 return ssl_check_allowed_versions(larg, ctx->max_proto_version)
executed 2744 times by 1 test: return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version);
Executed by:
  • libssl.so.1.1
ssl_check_allo...proto_version)Description
TRUEevaluated 2744 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2744
2374 && ssl_set_version_bound(ctx->method->version, (int)larg,
executed 2744 times by 1 test: return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 2744 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2744
2375 &ctx->min_proto_version);
executed 2744 times by 1 test: return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 2744 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2744
2376 case SSL_CTRL_GET_MIN_PROTO_VERSION:
executed 1 time by 1 test: case 130:
Executed by:
  • libssl.so.1.1
1
2377 return ctx->min_proto_version;
executed 1 time by 1 test: return ctx->min_proto_version;
Executed by:
  • libssl.so.1.1
1
2378 case SSL_CTRL_SET_MAX_PROTO_VERSION:
executed 3476 times by 1 test: case 124:
Executed by:
  • libssl.so.1.1
3476
2379 return ssl_check_allowed_versions(ctx->min_proto_version, larg)
executed 3476 times by 1 test: return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version);
Executed by:
  • libssl.so.1.1
ssl_check_allo...version, larg)Description
TRUEevaluated 3476 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3476
2380 && ssl_set_version_bound(ctx->method->version, (int)larg,
executed 3476 times by 1 test: return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 3476 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3476
2381 &ctx->max_proto_version);
executed 3476 times by 1 test: return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version);
Executed by:
  • libssl.so.1.1
ssl_set_versio...proto_version)Description
TRUEevaluated 3476 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3476
2382 case SSL_CTRL_GET_MAX_PROTO_VERSION:
never executed: case 131:
0
2383 return ctx->max_proto_version;
never executed: return ctx->max_proto_version;
0
2384 default:
executed 5858 times by 1 test: default:
Executed by:
  • libssl.so.1.1
5858
2385 return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
executed 5858 times by 1 test: return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
Executed by:
  • libssl.so.1.1
5858
2386 }-
2387}-
2388-
2389long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))-
2390{-
2391 switch (cmd) {-
2392 case SSL_CTRL_SET_MSG_CALLBACK:
never executed: case 15:
0
2393 ctx->msg_callback = (void (*)-
2394 (int write_p, int version, int content_type,-
2395 const void *buf, size_t len, SSL *ssl,-
2396 void *arg))(fp);-
2397 return 1;
never executed: return 1;
0
2398-
2399 default:
executed 291 times by 1 test: default:
Executed by:
  • libssl.so.1.1
291
2400 return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
executed 291 times by 1 test: return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
Executed by:
  • libssl.so.1.1
291
2401 }-
2402}-
2403-
2404int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)-
2405{-
2406 if (a->id > b->id)
a->id > b->idDescription
TRUEevaluated 323717 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 448341 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
323717-448341
2407 return 1;
executed 323717 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
323717
2408 if (a->id < b->id)
a->id < b->idDescription
TRUEevaluated 380490 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 67851 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
67851-380490
2409 return -1;
executed 380490 times by 2 tests: return -1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
380490
2410 return 0;
executed 67851 times by 2 tests: return 0;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
67851
2411}-
2412-
2413int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,-
2414 const SSL_CIPHER *const *bp)-
2415{-
2416 if ((*ap)->id > (*bp)->id)
(*ap)->id > (*bp)->idDescription
TRUEevaluated 3754606 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 2941153 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
2941153-3754606
2417 return 1;
executed 3754606 times by 2 tests: return 1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
3754606
2418 if ((*ap)->id < (*bp)->id)
(*ap)->id < (*bp)->idDescription
TRUEevaluated 2937033 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 4120 times by 1 test
Evaluated by:
  • libssl.so.1.1
4120-2937033
2419 return -1;
executed 2937033 times by 2 tests: return -1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
2937033
2420 return 0;
executed 4120 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
4120
2421}-
2422-
2423/** return a STACK of the ciphers available for the SSL and in order of-
2424 * preference */-
2425STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)-
2426{-
2427 if (s != NULL) {
s != ((void *)0)Description
TRUEevaluated 21345 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-21345
2428 if (s->cipher_list != NULL) {
s->cipher_list != ((void *)0)Description
TRUEevaluated 9048 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 12297 times by 1 test
Evaluated by:
  • libssl.so.1.1
9048-12297
2429 return s->cipher_list;
executed 9048 times by 1 test: return s->cipher_list;
Executed by:
  • libssl.so.1.1
9048
2430 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
(s->ctx != ((void *)0) )Description
TRUEevaluated 12297 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
(s->ctx->ciphe... ((void *)0) )Description
TRUEevaluated 12297 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-12297
2431 return s->ctx->cipher_list;
executed 12297 times by 1 test: return s->ctx->cipher_list;
Executed by:
  • libssl.so.1.1
12297
2432 }-
2433 }
never executed: end of block
0
2434 return NULL;
never executed: return ((void *)0) ;
0
2435}-
2436-
2437STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)-
2438{-
2439 if ((s == NULL) || (s->session == NULL) || !s->server)
(s == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
(s->session == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
!s->serverDescription
TRUEnever evaluated
FALSEnever evaluated
0
2440 return NULL;
never executed: return ((void *)0) ;
0
2441 return s->session->ciphers;
never executed: return s->session->ciphers;
0
2442}-
2443-
2444STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)-
2445{-
2446 STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;-
2447 int i;-
2448-
2449 ciphers = SSL_get_ciphers(s);-
2450 if (!ciphers)
!ciphersDescription
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-8
2451 return NULL;
never executed: return ((void *)0) ;
0
2452 if (!ssl_set_client_disabled(s))
!ssl_set_client_disabled(s)Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-8
2453 return NULL;
never executed: return ((void *)0) ;
0
2454 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
i < sk_SSL_CIPHER_num(ciphers)Description
TRUEevaluated 573 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
8-573
2455 const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);-
2456 if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
!ssl_cipher_di...(1 << 16)), 0)Description
TRUEevaluated 247 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 326 times by 1 test
Evaluated by:
  • libssl.so.1.1
247-326
2457 if (!sk)
!skDescription
TRUEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 239 times by 1 test
Evaluated by:
  • libssl.so.1.1
8-239
2458 sk = sk_SSL_CIPHER_new_null();
executed 8 times by 1 test: sk = sk_SSL_CIPHER_new_null();
Executed by:
  • libssl.so.1.1
8
2459 if (!sk)
!skDescription
TRUEnever evaluated
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-247
2460 return NULL;
never executed: return ((void *)0) ;
0
2461 if (!sk_SSL_CIPHER_push(sk, c)) {
!sk_SSL_CIPHER_push(sk, c)Description
TRUEnever evaluated
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-247
2462 sk_SSL_CIPHER_free(sk);-
2463 return NULL;
never executed: return ((void *)0) ;
0
2464 }-
2465 }
executed 247 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
247
2466 }
executed 573 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
573
2467 return sk;
executed 8 times by 1 test: return sk;
Executed by:
  • libssl.so.1.1
8
2468}-
2469-
2470/** return a STACK of the ciphers available for the SSL and in order of-
2471 * algorithm id */-
2472STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)-
2473{-
2474 if (s != NULL) {
s != ((void *)0)Description
TRUEevaluated 4121 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-4121
2475 if (s->cipher_list_by_id != NULL) {
s->cipher_list...!= ((void *)0)Description
TRUEevaluated 2453 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1668 times by 1 test
Evaluated by:
  • libssl.so.1.1
1668-2453
2476 return s->cipher_list_by_id;
executed 2453 times by 1 test: return s->cipher_list_by_id;
Executed by:
  • libssl.so.1.1
2453
2477 } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
(s->ctx != ((void *)0) )Description
TRUEevaluated 1668 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
(s->ctx->ciphe... ((void *)0) )Description
TRUEevaluated 1668 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1668
2478 return s->ctx->cipher_list_by_id;
executed 1668 times by 1 test: return s->ctx->cipher_list_by_id;
Executed by:
  • libssl.so.1.1
1668
2479 }-
2480 }
never executed: end of block
0
2481 return NULL;
never executed: return ((void *)0) ;
0
2482}-
2483-
2484/** The old interface to get the same thing as SSL_get_ciphers() */-
2485const char *SSL_get_cipher_list(const SSL *s, int n)-
2486{-
2487 const SSL_CIPHER *c;-
2488 STACK_OF(SSL_CIPHER) *sk;-
2489-
2490 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2491 return NULL;
never executed: return ((void *)0) ;
0
2492 sk = SSL_get_ciphers(s);-
2493 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
(sk == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
(sk_SSL_CIPHER_num(sk) <= n)Description
TRUEnever evaluated
FALSEnever evaluated
0
2494 return NULL;
never executed: return ((void *)0) ;
0
2495 c = sk_SSL_CIPHER_value(sk, n);-
2496 if (c == NULL)
c == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2497 return NULL;
never executed: return ((void *)0) ;
0
2498 return c->name;
never executed: return c->name;
0
2499}-
2500-
2501/** return a STACK of the ciphers available for the SSL_CTX and in order of-
2502 * preference */-
2503STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)-
2504{-
2505 if (ctx != NULL)
ctx != ((void *)0)Description
TRUEevaluated 21 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-21
2506 return ctx->cipher_list;
executed 21 times by 1 test: return ctx->cipher_list;
Executed by:
  • libssl.so.1.1
21
2507 return NULL;
never executed: return ((void *)0) ;
0
2508}-
2509-
2510/** specify the ciphers to be used by default by the SSL_CTX */-
2511int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)-
2512{-
2513 STACK_OF(SSL_CIPHER) *sk;-
2514-
2515 sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,-
2516 &ctx->cipher_list, &ctx->cipher_list_by_id, str,-
2517 ctx->cert);-
2518 /*-
2519 * ssl_create_cipher_list may return an empty stack if it was unable to-
2520 * find a cipher matching the given rule string (for example if the rule-
2521 * string specifies a cipher which has been disabled). This is not an-
2522 * error as far as ssl_create_cipher_list is concerned, and hence-
2523 * ctx->cipher_list and ctx->cipher_list_by_id has been updated.-
2524 */-
2525 if (sk == NULL)
sk == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4801 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4801
2526 return 0;
never executed: return 0;
0
2527 else if (sk_SSL_CIPHER_num(sk) == 0) {
sk_SSL_CIPHER_num(sk) == 0Description
TRUEnever evaluated
FALSEevaluated 4801 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4801
2528 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);-
2529 return 0;
never executed: return 0;
0
2530 }-
2531 return 1;
executed 4801 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
4801
2532}-
2533-
2534/** specify the ciphers to be used by the SSL */-
2535int SSL_set_cipher_list(SSL *s, const char *str)-
2536{-
2537 STACK_OF(SSL_CIPHER) *sk;-
2538-
2539 sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,-
2540 &s->cipher_list, &s->cipher_list_by_id, str,-
2541 s->cert);-
2542 /* see comment in SSL_CTX_set_cipher_list */-
2543 if (sk == NULL)
sk == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2378 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2378
2544 return 0;
never executed: return 0;
0
2545 else if (sk_SSL_CIPHER_num(sk) == 0) {
sk_SSL_CIPHER_num(sk) == 0Description
TRUEnever evaluated
FALSEevaluated 2378 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2378
2546 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);-
2547 return 0;
never executed: return 0;
0
2548 }-
2549 return 1;
executed 2378 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
2378
2550}-
2551-
2552char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)-
2553{-
2554 char *p;-
2555 STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;-
2556 const SSL_CIPHER *c;-
2557 int i;-
2558-
2559 if (!s->server
!s->serverDescription
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-5
2560 || s->session == NULL
s->session == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-5
2561 || s->session->ciphers == NULL
s->session->ci...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-5
2562 || size < 2)
size < 2Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-5
2563 return NULL;
never executed: return ((void *)0) ;
0
2564-
2565 p = buf;-
2566 clntsk = s->session->ciphers;-
2567 srvrsk = SSL_get_ciphers(s);-
2568 if (clntsk == NULL || srvrsk == NULL)
clntsk == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
srvrsk == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-5
2569 return NULL;
never executed: return ((void *)0) ;
0
2570-
2571 if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
sk_SSL_CIPHER_num(clntsk) == 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
sk_SSL_CIPHER_num(srvrsk) == 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-5
2572 return NULL;
never executed: return ((void *)0) ;
0
2573-
2574 for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
i < sk_SSL_CIPHER_num(clntsk)Description
TRUEevaluated 14 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-14
2575 int n;-
2576-
2577 c = sk_SSL_CIPHER_value(clntsk, i);-
2578 if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
sk_SSL_CIPHER_...srvrsk, c) < 0Description
TRUEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-9
2579 continue;
executed 5 times by 1 test: continue;
Executed by:
  • libssl.so.1.1
5
2580-
2581 n = strlen(c->name);-
2582 if (n + 1 > size) {
n + 1 > sizeDescription
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9
2583 if (p != buf)
p != bufDescription
TRUEnever evaluated
FALSEnever evaluated
0
2584 --p;
never executed: --p;
0
2585 *p = '\0';-
2586 return buf;
never executed: return buf;
0
2587 }-
2588 strcpy(p, c->name);-
2589 p += n;-
2590 *(p++) = ':';-
2591 size -= n + 1;-
2592 }
executed 9 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
9
2593 p[-1] = '\0';-
2594 return buf;
executed 5 times by 1 test: return buf;
Executed by:
  • libssl.so.1.1
5
2595}-
2596-
2597/** return a servername extension value if provided in Client Hello, or NULL.-
2598 * So far, only host_name types are defined (RFC 3546).-
2599 */-
2600-
2601const char *SSL_get_servername(const SSL *s, const int type)-
2602{-
2603 if (type != TLSEXT_NAMETYPE_host_name)
type != 0Description
TRUEnever evaluated
FALSEevaluated 175 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-175
2604 return NULL;
never executed: return ((void *)0) ;
0
2605-
2606 /*-
2607 * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an-
2608 * SNI value to return if we are resuming/resumed. N.B. that we still-
2609 * call the relevant callbacks for such resumption flows, and callbacks-
2610 * might error out if there is not a SNI value available.-
2611 */-
2612 if (s->hit)
s->hitDescription
TRUEevaluated 20 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 155 times by 1 test
Evaluated by:
  • libssl.so.1.1
20-155
2613 return s->session->ext.hostname;
executed 20 times by 1 test: return s->session->ext.hostname;
Executed by:
  • libssl.so.1.1
20
2614 return s->ext.hostname;
executed 155 times by 1 test: return s->ext.hostname;
Executed by:
  • libssl.so.1.1
155
2615}-
2616-
2617int SSL_get_servername_type(const SSL *s)-
2618{-
2619 if (s->session
s->sessionDescription
TRUEevaluated 136 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-136
2620 && (!s->ext.hostname ? s->session->
!s->ext.hostnameDescription
TRUEnever evaluated
FALSEevaluated 136 times by 1 test
Evaluated by:
  • libssl.so.1.1
(!s->ext.hostn...>ext.hostname)Description
TRUEevaluated 136 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-136
2621 ext.hostname : s->ext.hostname))
(!s->ext.hostn...>ext.hostname)Description
TRUEevaluated 136 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-136
2622 return TLSEXT_NAMETYPE_host_name;
executed 136 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
136
2623 return -1;
never executed: return -1;
0
2624}-
2625-
2626/*-
2627 * SSL_select_next_proto implements the standard protocol selection. It is-
2628 * expected that this function is called from the callback set by-
2629 * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a-
2630 * vector of 8-bit, length prefixed byte strings. The length byte itself is-
2631 * not included in the length. A byte string of length 0 is invalid. No byte-
2632 * string may be truncated. The current, but experimental algorithm for-
2633 * selecting the protocol is: 1) If the server doesn't support NPN then this-
2634 * is indicated to the callback. In this case, the client application has to-
2635 * abort the connection or have a default application level protocol. 2) If-
2636 * the server supports NPN, but advertises an empty list then the client-
2637 * selects the first protocol in its list, but indicates via the API that this-
2638 * fallback case was enacted. 3) Otherwise, the client finds the first-
2639 * protocol in the server's list that it supports and selects this protocol.-
2640 * This is because it's assumed that the server has better information about-
2641 * which protocol a client should use. 4) If the client doesn't support any-
2642 * of the server's advertised protocols, then this is treated the same as-
2643 * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was-
2644 * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.-
2645 */-
2646int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,-
2647 const unsigned char *server,-
2648 unsigned int server_len,-
2649 const unsigned char *client, unsigned int client_len)-
2650{-
2651 unsigned int i, j;-
2652 const unsigned char *result;-
2653 int status = OPENSSL_NPN_UNSUPPORTED;-
2654-
2655 /*-
2656 * For each protocol in server preference order, see if we support it.-
2657 */-
2658 for (i = 0; i < server_len;) {
i < server_lenDescription
TRUEevaluated 47 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-47
2659 for (j = 0; j < client_len;) {
j < client_lenDescription
TRUEevaluated 72 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
8-72
2660 if (server[i] == client[j] &&
server[i] == client[j]Description
TRUEevaluated 72 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-72
2661 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
memcmp(&server...erver[i]) == 0Description
TRUEevaluated 39 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
33-39
2662 /* We found a match */-
2663 result = &server[i];-
2664 status = OPENSSL_NPN_NEGOTIATED;-
2665 goto found;
executed 39 times by 1 test: goto found;
Executed by:
  • libssl.so.1.1
39
2666 }-
2667 j += client[j];-
2668 j++;-
2669 }
executed 33 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
33
2670 i += server[i];-
2671 i++;-
2672 }
executed 8 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
8
2673-
2674 /* There's no overlap between our protocols and the server's list. */-
2675 result = client;-
2676 status = OPENSSL_NPN_NO_OVERLAP;-
2677-
2678 found:
code before this statement executed 4 times by 1 test: found:
Executed by:
  • libssl.so.1.1
4
2679 *out = (unsigned char *)result + 1;-
2680 *outlen = result[0];-
2681 return status;
executed 43 times by 1 test: return status;
Executed by:
  • libssl.so.1.1
43
2682}-
2683-
2684#ifndef OPENSSL_NO_NEXTPROTONEG-
2685/*-
2686 * SSL_get0_next_proto_negotiated sets *data and *len to point to the-
2687 * client's requested protocol for this connection and returns 0. If the-
2688 * client didn't request any protocol, then *data is set to NULL. Note that-
2689 * the client can request any protocol it chooses. The value returned from-
2690 * this function need not be a member of the list of supported protocols-
2691 * provided by the callback.-
2692 */-
2693void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,-
2694 unsigned *len)-
2695{-
2696 *data = s->ext.npn;-
2697 if (!*data) {
!*dataDescription
TRUEevaluated 2668 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 41 times by 1 test
Evaluated by:
  • libssl.so.1.1
41-2668
2698 *len = 0;-
2699 } else {
executed 2668 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2668
2700 *len = (unsigned int)s->ext.npn_len;-
2701 }
executed 41 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
41
2702}-
2703-
2704/*-
2705 * SSL_CTX_set_npn_advertised_cb sets a callback that is called when-
2706 * a TLS server needs a list of supported protocols for Next Protocol-
2707 * Negotiation. The returned list must be in wire format. The list is-
2708 * returned by setting |out| to point to it and |outlen| to its length. This-
2709 * memory will not be modified, but one should assume that the SSL* keeps a-
2710 * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it-
2711 * wishes to advertise. Otherwise, no such extension will be included in the-
2712 * ServerHello.-
2713 */-
2714void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,-
2715 SSL_CTX_npn_advertised_cb_func cb,-
2716 void *arg)-
2717{-
2718 ctx->ext.npn_advertised_cb = cb;-
2719 ctx->ext.npn_advertised_cb_arg = arg;-
2720}
executed 30 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
30
2721-
2722/*-
2723 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a-
2724 * client needs to select a protocol from the server's provided list. |out|-
2725 * must be set to point to the selected protocol (which may be within |in|).-
2726 * The length of the protocol name must be written into |outlen|. The-
2727 * server's advertised protocols are provided in |in| and |inlen|. The-
2728 * callback can assume that |in| is syntactically valid. The client must-
2729 * select a protocol. It is fatal to the connection if this callback returns-
2730 * a value other than SSL_TLSEXT_ERR_OK.-
2731 */-
2732void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,-
2733 SSL_CTX_npn_select_cb_func cb,-
2734 void *arg)-
2735{-
2736 ctx->ext.npn_select_cb = cb;-
2737 ctx->ext.npn_select_cb_arg = arg;-
2738}
executed 28 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
28
2739#endif-
2740-
2741/*-
2742 * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.-
2743 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit-
2744 * length-prefixed strings). Returns 0 on success.-
2745 */-
2746int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,-
2747 unsigned int protos_len)-
2748{-
2749 OPENSSL_free(ctx->ext.alpn);-
2750 ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);-
2751 if (ctx->ext.alpn == NULL) {
ctx->ext.alpn == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 31 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-31
2752 SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);-
2753 return 1;
never executed: return 1;
0
2754 }-
2755 ctx->ext.alpn_len = protos_len;-
2756-
2757 return 0;
executed 31 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
31
2758}-
2759-
2760/*-
2761 * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.-
2762 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit-
2763 * length-prefixed strings). Returns 0 on success.-
2764 */-
2765int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,-
2766 unsigned int protos_len)-
2767{-
2768 OPENSSL_free(ssl->ext.alpn);-
2769 ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);-
2770 if (ssl->ext.alpn == NULL) {
ssl->ext.alpn == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4
2771 SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);-
2772 return 1;
never executed: return 1;
0
2773 }-
2774 ssl->ext.alpn_len = protos_len;-
2775-
2776 return 0;
executed 4 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
4
2777}-
2778-
2779/*-
2780 * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is-
2781 * called during ClientHello processing in order to select an ALPN protocol-
2782 * from the client's list of offered protocols.-
2783 */-
2784void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,-
2785 SSL_CTX_alpn_select_cb_func cb,-
2786 void *arg)-
2787{-
2788 ctx->ext.alpn_select_cb = cb;-
2789 ctx->ext.alpn_select_cb_arg = arg;-
2790}
executed 33 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
33
2791-
2792/*-
2793 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.-
2794 * On return it sets |*data| to point to |*len| bytes of protocol name-
2795 * (not including the leading length-prefix byte). If the server didn't-
2796 * respond with a negotiated protocol then |*len| will be zero.-
2797 */-
2798void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,-
2799 unsigned int *len)-
2800{-
2801 *data = NULL;-
2802 if (ssl->s3)
ssl->s3Description
TRUEevaluated 2703 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2703
2803 *data = ssl->s3->alpn_selected;
executed 2703 times by 1 test: *data = ssl->s3->alpn_selected;
Executed by:
  • libssl.so.1.1
2703
2804 if (*data == NULL)
*data == ((void *)0)Description
TRUEevaluated 2665 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 38 times by 1 test
Evaluated by:
  • libssl.so.1.1
38-2665
2805 *len = 0;
executed 2665 times by 1 test: *len = 0;
Executed by:
  • libssl.so.1.1
2665
2806 else-
2807 *len = (unsigned int)ssl->s3->alpn_selected_len;
executed 38 times by 1 test: *len = (unsigned int)ssl->s3->alpn_selected_len;
Executed by:
  • libssl.so.1.1
38
2808}-
2809-
2810int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,-
2811 const char *label, size_t llen,-
2812 const unsigned char *context, size_t contextlen,-
2813 int use_context)-
2814{-
2815 if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
s->version < 0x0301Description
TRUEnever evaluated
FALSEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->version != 0x0100Description
TRUEnever evaluated
FALSEnever evaluated
0-24
2816 return -1;
never executed: return -1;
0
2817-
2818 return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
executed 24 times by 1 test: return s->method->ssl3_enc->export_keying_material(s, out, olen, label, llen, context, contextlen, use_context);
Executed by:
  • libssl.so.1.1
24
2819 llen, context,
executed 24 times by 1 test: return s->method->ssl3_enc->export_keying_material(s, out, olen, label, llen, context, contextlen, use_context);
Executed by:
  • libssl.so.1.1
24
2820 contextlen, use_context);
executed 24 times by 1 test: return s->method->ssl3_enc->export_keying_material(s, out, olen, label, llen, context, contextlen, use_context);
Executed by:
  • libssl.so.1.1
24
2821}-
2822-
2823int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,-
2824 const char *label, size_t llen,-
2825 const unsigned char *context,-
2826 size_t contextlen)-
2827{-
2828 if (s->version != TLS1_3_VERSION)
s->version != 0x0304Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-12
2829 return 0;
never executed: return 0;
0
2830-
2831 return tls13_export_keying_material_early(s, out, olen, label, llen,
executed 12 times by 1 test: return tls13_export_keying_material_early(s, out, olen, label, llen, context, contextlen);
Executed by:
  • libssl.so.1.1
12
2832 context, contextlen);
executed 12 times by 1 test: return tls13_export_keying_material_early(s, out, olen, label, llen, context, contextlen);
Executed by:
  • libssl.so.1.1
12
2833}-
2834-
2835static unsigned long ssl_session_hash(const SSL_SESSION *a)-
2836{-
2837 const unsigned char *session_id = a->session_id;-
2838 unsigned long l;-
2839 unsigned char tmp_storage[4];-
2840-
2841 if (a->session_id_length < sizeof(tmp_storage)) {
a->session_id_...f(tmp_storage)Description
TRUEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6375 times by 1 test
Evaluated by:
  • libssl.so.1.1
33-6375
2842 memset(tmp_storage, 0, sizeof(tmp_storage));-
2843 memcpy(tmp_storage, a->session_id, a->session_id_length);-
2844 session_id = tmp_storage;-
2845 }
executed 33 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
33
2846-
2847 l = (unsigned long)-
2848 ((unsigned long)session_id[0]) |-
2849 ((unsigned long)session_id[1] << 8L) |-
2850 ((unsigned long)session_id[2] << 16L) |-
2851 ((unsigned long)session_id[3] << 24L);-
2852 return l;
executed 6408 times by 1 test: return l;
Executed by:
  • libssl.so.1.1
6408
2853}-
2854-
2855/*-
2856 * NB: If this function (or indeed the hash function which uses a sort of-
2857 * coarser function than this one) is changed, ensure-
2858 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on-
2859 * being able to construct an SSL_SESSION that will collide with any existing-
2860 * session with a matching session ID.-
2861 */-
2862static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)-
2863{-
2864 if (a->ssl_version != b->ssl_version)
a->ssl_version...b->ssl_versionDescription
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 826 times by 1 test
Evaluated by:
  • libssl.so.1.1
12-826
2865 return 1;
executed 12 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
12
2866 if (a->session_id_length != b->session_id_length)
a->session_id_...sion_id_lengthDescription
TRUEnever evaluated
FALSEevaluated 826 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-826
2867 return 1;
never executed: return 1;
0
2868 return memcmp(a->session_id, b->session_id, a->session_id_length);
executed 826 times by 1 test: return memcmp(a->session_id, b->session_id, a->session_id_length);
Executed by:
  • libssl.so.1.1
826
2869}-
2870-
2871/*-
2872 * These wrapper functions should remain rather than redeclaring-
2873 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each-
2874 * variable. The reason is that the functions aren't static, they're exposed-
2875 * via ssl.h.-
2876 */-
2877-
2878SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)-
2879{-
2880 SSL_CTX *ret = NULL;-
2881-
2882 if (meth == NULL) {
meth == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2883 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);-
2884 return NULL;
never executed: return ((void *)0) ;
0
2885 }-
2886-
2887 if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
!OPENSSL_init_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2888 return NULL;
never executed: return ((void *)0) ;
0
2889-
2890 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
SSL_get_ex_dat..._CTX_idx() < 0Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2891 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);-
2892 goto err;
never executed: goto err;
0
2893 }-
2894 ret = OPENSSL_zalloc(sizeof(*ret));-
2895 if (ret == NULL)
ret == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2896 goto err;
never executed: goto err;
0
2897-
2898 ret->method = meth;-
2899 ret->min_proto_version = 0;-
2900 ret->max_proto_version = 0;-
2901 ret->mode = SSL_MODE_AUTO_RETRY;-
2902 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;-
2903 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;-
2904 /* We take the system default. */-
2905 ret->session_timeout = meth->get_timeout();-
2906 ret->references = 1;-
2907 ret->lock = CRYPTO_THREAD_lock_new();-
2908 if (ret->lock == NULL) {
ret->lock == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2909 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);-
2910 OPENSSL_free(ret);-
2911 return NULL;
never executed: return ((void *)0) ;
0
2912 }-
2913 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;-
2914 ret->verify_mode = SSL_VERIFY_NONE;-
2915 if ((ret->cert = ssl_cert_new()) == NULL)
(ret->cert = s...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2916 goto err;
never executed: goto err;
0
2917-
2918 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);-
2919 if (ret->sessions == NULL)
ret->sessions == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2920 goto err;
never executed: goto err;
0
2921 ret->cert_store = X509_STORE_new();-
2922 if (ret->cert_store == NULL)
ret->cert_store == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2923 goto err;
never executed: goto err;
0
2924#ifndef OPENSSL_NO_CT-
2925 ret->ctlog_store = CTLOG_STORE_new();-
2926 if (ret->ctlog_store == NULL)
ret->ctlog_sto...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2927 goto err;
never executed: goto err;
0
2928#endif-
2929-
2930 if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
!SSL_CTX_set_c...8_GCM_SHA256")Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2931 goto err;
never executed: goto err;
0
2932-
2933 if (!ssl_create_cipher_list(ret->method,
!ssl_create_ci...L", ret->cert)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2934 ret->tls13_ciphersuites,
!ssl_create_ci...L", ret->cert)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2935 &ret->cipher_list, &ret->cipher_list_by_id,
!ssl_create_ci...L", ret->cert)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2936 SSL_DEFAULT_CIPHER_LIST, ret->cert)
!ssl_create_ci...L", ret->cert)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2937 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
sk_SSL_CIPHER_...her_list) <= 0Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2938 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);-
2939 goto err2;
never executed: goto err2;
0
2940 }-
2941-
2942 ret->param = X509_VERIFY_PARAM_new();-
2943 if (ret->param == NULL)
ret->param == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2944 goto err;
never executed: goto err;
0
2945-
2946 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
(ret->md5 = EV...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2947 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);-
2948 goto err2;
never executed: goto err2;
0
2949 }-
2950 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
(ret->sha1 = E...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2951 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);-
2952 goto err2;
never executed: goto err2;
0
2953 }-
2954-
2955 if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
(ret->ca_names...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2956 goto err;
never executed: goto err;
0
2957-
2958 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
!CRYPTO_new_ex...&ret->ex_data)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2959 goto err;
never executed: goto err;
0
2960-
2961 if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
(ret->ext.secu...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2962 goto err;
never executed: goto err;
0
2963-
2964 /* No compression for DTLS */-
2965 if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
!(meth->ssl3_e...c_flags & 0x8)Description
TRUEevaluated 7712 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 305 times by 1 test
Evaluated by:
  • libssl.so.1.1
305-7712
2966 ret->comp_methods = SSL_COMP_get_compression_methods();
executed 7712 times by 2 tests: ret->comp_methods = SSL_COMP_get_compression_methods();
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
7712
2967-
2968 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;-
2969 ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;-
2970-
2971 /* Setup RFC5077 ticket keys */-
2972 if ((RAND_bytes(ret->ext.tick_key_name,
(RAND_bytes(re...y_name)) <= 0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2973 sizeof(ret->ext.tick_key_name)) <= 0)
(RAND_bytes(re...y_name)) <= 0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2974 || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
(RAND_priv_byt...ac_key)) <= 0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2975 sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
(RAND_priv_byt...ac_key)) <= 0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2976 || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
(RAND_priv_byt...es_key)) <= 0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2977 sizeof(ret->ext.secure->tick_aes_key)) <= 0))
(RAND_priv_byt...es_key)) <= 0)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2978 ret->options |= SSL_OP_NO_TICKET;
never executed: ret->options |= 0x00004000U;
0
2979-
2980 if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
RAND_priv_byte...mac_key)) <= 0Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2981 sizeof(ret->ext.cookie_hmac_key)) <= 0)
RAND_priv_byte...mac_key)) <= 0Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2982 goto err;
never executed: goto err;
0
2983-
2984#ifndef OPENSSL_NO_SRP-
2985 if (!SSL_CTX_SRP_CTX_init(ret))
!SSL_CTX_SRP_CTX_init(ret)Description
TRUEnever evaluated
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8017
2986 goto err;
never executed: goto err;
0
2987#endif-
2988#ifndef OPENSSL_NO_ENGINE-
2989# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO-
2990# define eng_strx(x) #x-
2991# define eng_str(x) eng_strx(x)-
2992 /* Use specific client engine automatically... ignore errors */-
2993 {-
2994 ENGINE *eng;-
2995 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));-
2996 if (!eng) {-
2997 ERR_clear_error();-
2998 ENGINE_load_builtin_engines();-
2999 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));-
3000 }-
3001 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))-
3002 ERR_clear_error();-
3003 }-
3004# endif-
3005#endif-
3006 /*-
3007 * Default is to connect to non-RI servers. When RI is more widely-
3008 * deployed might change this.-
3009 */-
3010 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;-
3011 /*-
3012 * Disable compression by default to prevent CRIME. Applications can-
3013 * re-enable compression by configuring-
3014 * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);-
3015 * or by using the SSL_CONF library. Similarly we also enable TLSv1.3-
3016 * middlebox compatibility by default. This may be disabled by default in-
3017 * a later OpenSSL version.-
3018 */-
3019 ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;-
3020-
3021 ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;-
3022-
3023 /*-
3024 * We cannot usefully set a default max_early_data here (which gets-
3025 * propagated in SSL_new(), for the following reason: setting the-
3026 * SSL field causes tls_construct_stoc_early_data() to tell the-
3027 * client that early data will be accepted when constructing a TLS 1.3-
3028 * session ticket, and the client will accordingly send us early data-
3029 * when using that ticket (if the client has early data to send).-
3030 * However, in order for the early data to actually be consumed by-
3031 * the application, the application must also have calls to-
3032 * SSL_read_early_data(); otherwise we'll just skip past the early data-
3033 * and ignore it. So, since the application must add calls to-
3034 * SSL_read_early_data(), we also require them to add-
3035 * calls to SSL_CTX_set_max_early_data() in order to use early data,-
3036 * eliminating the bandwidth-wasting early data in the case described-
3037 * above.-
3038 */-
3039 ret->max_early_data = 0;-
3040-
3041 /*-
3042 * Default recv_max_early_data is a fully loaded single record. Could be-
3043 * split across multiple records in practice. We set this differently to-
3044 * max_early_data so that, in the default case, we do not advertise any-
3045 * support for early_data, but if a client were to send us some (e.g.-
3046 * because of an old, stale ticket) then we will tolerate it and skip over-
3047 * it.-
3048 */-
3049 ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;-
3050-
3051 /* By default we send two session tickets automatically in TLSv1.3 */-
3052 ret->num_tickets = 2;-
3053-
3054 ssl_ctx_system_config(ret);-
3055-
3056 return ret;
executed 8017 times by 2 tests: return ret;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8017
3057 err:-
3058 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);-
3059 err2:
code before this statement never executed: err2:
0
3060 SSL_CTX_free(ret);-
3061 return NULL;
never executed: return ((void *)0) ;
0
3062}-
3063-
3064int SSL_CTX_up_ref(SSL_CTX *ctx)-
3065{-
3066 int i;-
3067-
3068 if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
CRYPTO_UP_REF(...tx->lock) <= 0Description
TRUEnever evaluated
FALSEevaluated 16532 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-16532
3069 return 0;
never executed: return 0;
0
3070-
3071 REF_PRINT_COUNT("SSL_CTX", ctx);-
3072 REF_ASSERT_ISNT(i < 2);-
3073 return ((i > 1) ? 1 : 0);
executed 16532 times by 2 tests: return ((i > 1) ? 1 : 0);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
(i > 1)Description
TRUEevaluated 16532 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEnever evaluated
0-16532
3074}-
3075-
3076void SSL_CTX_free(SSL_CTX *a)-
3077{-
3078 int i;-
3079-
3080 if (a == NULL)
a == ((void *)0)Description
TRUEevaluated 3272 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 24549 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
3272-24549
3081 return;
executed 3272 times by 1 test: return;
Executed by:
  • libssl.so.1.1
3272
3082-
3083 CRYPTO_DOWN_REF(&a->references, &i, a->lock);-
3084 REF_PRINT_COUNT("SSL_CTX", a);-
3085 if (i > 0)
i > 0Description
TRUEevaluated 16532 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
8017-16532
3086 return;
executed 16532 times by 2 tests: return;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
16532
3087 REF_ASSERT_ISNT(i < 0);-
3088-
3089 X509_VERIFY_PARAM_free(a->param);-
3090 dane_ctx_final(&a->dane);-
3091-
3092 /*-
3093 * Free internal session cache. However: the remove_cb() may reference-
3094 * the ex_data of SSL_CTX, thus the ex_data store can only be removed-
3095 * after the sessions were flushed.-
3096 * As the ex_data handling routines might also touch the session cache,-
3097 * the most secure solution seems to be: empty (flush) the cache, then-
3098 * free ex_data, then finally free the cache.-
3099 * (See ticket [openssl.org #212].)-
3100 */-
3101 if (a->sessions != NULL)
a->sessions != ((void *)0)Description
TRUEevaluated 8017 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEnever evaluated
0-8017
3102 SSL_CTX_flush_sessions(a, 0);
executed 8017 times by 2 tests: SSL_CTX_flush_sessions(a, 0);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8017
3103-
3104 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);-
3105 lh_SSL_SESSION_free(a->sessions);-
3106 X509_STORE_free(a->cert_store);-
3107#ifndef OPENSSL_NO_CT-
3108 CTLOG_STORE_free(a->ctlog_store);-
3109#endif-
3110 sk_SSL_CIPHER_free(a->cipher_list);-
3111 sk_SSL_CIPHER_free(a->cipher_list_by_id);-
3112 sk_SSL_CIPHER_free(a->tls13_ciphersuites);-
3113 ssl_cert_free(a->cert);-
3114 sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);-
3115 sk_X509_pop_free(a->extra_certs, X509_free);-
3116 a->comp_methods = NULL;-
3117#ifndef OPENSSL_NO_SRTP-
3118 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);-
3119#endif-
3120#ifndef OPENSSL_NO_SRP-
3121 SSL_CTX_SRP_CTX_free(a);-
3122#endif-
3123#ifndef OPENSSL_NO_ENGINE-
3124 ENGINE_finish(a->client_cert_engine);-
3125#endif-
3126-
3127#ifndef OPENSSL_NO_EC-
3128 OPENSSL_free(a->ext.ecpointformats);-
3129 OPENSSL_free(a->ext.supportedgroups);-
3130#endif-
3131 OPENSSL_free(a->ext.alpn);-
3132 OPENSSL_secure_free(a->ext.secure);-
3133-
3134 CRYPTO_THREAD_lock_free(a->lock);-
3135-
3136 OPENSSL_free(a);-
3137}
executed 8017 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8017
3138-
3139void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)-
3140{-
3141 ctx->default_passwd_callback = cb;-
3142}
never executed: end of block
0
3143-
3144void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)-
3145{-
3146 ctx->default_passwd_callback_userdata = u;-
3147}
never executed: end of block
0
3148-
3149pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)-
3150{-
3151 return ctx->default_passwd_callback;
never executed: return ctx->default_passwd_callback;
0
3152}-
3153-
3154void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)-
3155{-
3156 return ctx->default_passwd_callback_userdata;
never executed: return ctx->default_passwd_callback_userdata;
0
3157}-
3158-
3159void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)-
3160{-
3161 s->default_passwd_callback = cb;-
3162}
never executed: end of block
0
3163-
3164void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)-
3165{-
3166 s->default_passwd_callback_userdata = u;-
3167}
never executed: end of block
0
3168-
3169pem_password_cb *SSL_get_default_passwd_cb(SSL *s)-
3170{-
3171 return s->default_passwd_callback;
never executed: return s->default_passwd_callback;
0
3172}-
3173-
3174void *SSL_get_default_passwd_cb_userdata(SSL *s)-
3175{-
3176 return s->default_passwd_callback_userdata;
never executed: return s->default_passwd_callback_userdata;
0
3177}-
3178-
3179void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,-
3180 int (*cb) (X509_STORE_CTX *, void *),-
3181 void *arg)-
3182{-
3183 ctx->app_verify_callback = cb;-
3184 ctx->app_verify_arg = arg;-
3185}
executed 15 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
15
3186-
3187void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,-
3188 int (*cb) (int, X509_STORE_CTX *))-
3189{-
3190 ctx->verify_mode = mode;-
3191 ctx->default_verify_callback = cb;-
3192}
executed 382 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
382
3193-
3194void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)-
3195{-
3196 X509_VERIFY_PARAM_set_depth(ctx->param, depth);-
3197}
never executed: end of block
0
3198-
3199void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)-
3200{-
3201 ssl_cert_set_cert_cb(c->cert, cb, arg);-
3202}
executed 3 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3
3203-
3204void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)-
3205{-
3206 ssl_cert_set_cert_cb(s->cert, cb, arg);-
3207}
never executed: end of block
0
3208-
3209void ssl_set_masks(SSL *s)-
3210{-
3211 CERT *c = s->cert;-
3212 uint32_t *pvalid = s->s3->tmp.valid_flags;-
3213 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;-
3214 unsigned long mask_k, mask_a;-
3215#ifndef OPENSSL_NO_EC-
3216 int have_ecc_cert, ecdsa_ok;-
3217#endif-
3218 if (c == NULL)
c == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1622 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1622
3219 return;
never executed: return;
0
3220-
3221#ifndef OPENSSL_NO_DH-
3222 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
c->dh_tmp != ((void *)0)Description
TRUEevaluated 123 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1499 times by 1 test
Evaluated by:
  • libssl.so.1.1
c->dh_tmp_cb != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1499 times by 1 test
Evaluated by:
  • libssl.so.1.1
c->dh_tmp_autoDescription
TRUEevaluated 194 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1305 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1499
3223#else-
3224 dh_tmp = 0;-
3225#endif-
3226-
3227 rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;-
3228 rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;-
3229 dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;-
3230#ifndef OPENSSL_NO_EC-
3231 have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;-
3232#endif-
3233 mask_k = 0;-
3234 mask_a = 0;-
3235-
3236#ifdef CIPHER_DEBUG-
3237 fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",-
3238 dh_tmp, rsa_enc, rsa_sign, dsa_sign);-
3239#endif-
3240-
3241#ifndef OPENSSL_NO_GOST-
3242 if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
ssl_has_cert(s, 6)Description
TRUEnever evaluated
FALSEevaluated 1622 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1622
3243 mask_k |= SSL_kGOST;-
3244 mask_a |= SSL_aGOST12;-
3245 }
never executed: end of block
0
3246 if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
ssl_has_cert(s, 5)Description
TRUEnever evaluated
FALSEevaluated 1622 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1622
3247 mask_k |= SSL_kGOST;-
3248 mask_a |= SSL_aGOST12;-
3249 }
never executed: end of block
0
3250 if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
ssl_has_cert(s, 4)Description
TRUEnever evaluated
FALSEevaluated 1622 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1622
3251 mask_k |= SSL_kGOST;-
3252 mask_a |= SSL_aGOST01;-
3253 }
never executed: end of block
0
3254#endif-
3255-
3256 if (rsa_enc)
rsa_encDescription
TRUEevaluated 1590 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
32-1590
3257 mask_k |= SSL_kRSA;
executed 1590 times by 1 test: mask_k |= 0x00000001U;
Executed by:
  • libssl.so.1.1
1590
3258-
3259 if (dh_tmp)
dh_tmpDescription
TRUEevaluated 317 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1305 times by 1 test
Evaluated by:
  • libssl.so.1.1
317-1305
3260 mask_k |= SSL_kDHE;
executed 317 times by 1 test: mask_k |= 0x00000002U;
Executed by:
  • libssl.so.1.1
317
3261-
3262 /*-
3263 * If we only have an RSA-PSS certificate allow RSA authentication-
3264 * if TLS 1.2 and peer supports it.-
3265 */-
3266-
3267 if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
rsa_encDescription
TRUEevaluated 1590 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
rsa_signDescription
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
ssl_has_cert(s, 1)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 30 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1590
3268 && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
pvalid[1] & 0x100Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2
3269 && TLS1_get_version(s) == TLS1_2_VERSION))
(SSL_version(s) >> 8) == 0x03Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
((SSL_version(...: 0) == 0x0303Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
3270 mask_a |= SSL_aRSA;
executed 1591 times by 1 test: mask_a |= 0x00000001U;
Executed by:
  • libssl.so.1.1
1591
3271-
3272 if (dsa_sign) {
dsa_signDescription
TRUEevaluated 668 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 954 times by 1 test
Evaluated by:
  • libssl.so.1.1
668-954
3273 mask_a |= SSL_aDSS;-
3274 }
executed 668 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
668
3275-
3276 mask_a |= SSL_aNULL;-
3277-
3278 /*-
3279 * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites-
3280 * depending on the key usage extension.-
3281 */-
3282#ifndef OPENSSL_NO_EC-
3283 if (have_ecc_cert) {
have_ecc_certDescription
TRUEevaluated 525 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1097 times by 1 test
Evaluated by:
  • libssl.so.1.1
525-1097
3284 uint32_t ex_kusage;-
3285 ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);-
3286 ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;-
3287 if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
!(pvalid[3] & 0x2)Description
TRUEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 492 times by 1 test
Evaluated by:
  • libssl.so.1.1
33-492
3288 ecdsa_ok = 0;
executed 33 times by 1 test: ecdsa_ok = 0;
Executed by:
  • libssl.so.1.1
33
3289 if (ecdsa_ok)
ecdsa_okDescription
TRUEevaluated 492 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
33-492
3290 mask_a |= SSL_aECDSA;
executed 492 times by 1 test: mask_a |= 0x00000008U;
Executed by:
  • libssl.so.1.1
492
3291 }
executed 525 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
525
3292 /* Allow Ed25519 for TLS 1.2 if peer supports it */-
3293 if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
!(mask_a & 0x00000008U)Description
TRUEevaluated 1130 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 492 times by 1 test
Evaluated by:
  • libssl.so.1.1
ssl_has_cert(s, 7)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1124 times by 1 test
Evaluated by:
  • libssl.so.1.1
6-1130
3294 && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
pvalid[7] & 0x100Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-5
3295 && TLS1_get_version(s) == TLS1_2_VERSION)
(SSL_version(s) >> 8) == 0x03Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
((SSL_version(...: 0) == 0x0303Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1
3296 mask_a |= SSL_aECDSA;
executed 1 time by 1 test: mask_a |= 0x00000008U;
Executed by:
  • libssl.so.1.1
1
3297-
3298 /* Allow Ed448 for TLS 1.2 if peer supports it */-
3299 if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
!(mask_a & 0x00000008U)Description
TRUEevaluated 1129 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 493 times by 1 test
Evaluated by:
  • libssl.so.1.1
ssl_has_cert(s, 8)Description
TRUEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1124 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-1129
3300 && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
pvalid[8] & 0x100Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-4
3301 && TLS1_get_version(s) == TLS1_2_VERSION)
(SSL_version(s) >> 8) == 0x03Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
((SSL_version(...: 0) == 0x0303Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1
3302 mask_a |= SSL_aECDSA;
executed 1 time by 1 test: mask_a |= 0x00000008U;
Executed by:
  • libssl.so.1.1
1
3303#endif-
3304-
3305#ifndef OPENSSL_NO_EC-
3306 mask_k |= SSL_kECDHE;-
3307#endif-
3308-
3309#ifndef OPENSSL_NO_PSK-
3310 mask_k |= SSL_kPSK;-
3311 mask_a |= SSL_aPSK;-
3312 if (mask_k & SSL_kRSA)
mask_k & 0x00000001UDescription
TRUEevaluated 1590 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
32-1590
3313 mask_k |= SSL_kRSAPSK;
executed 1590 times by 1 test: mask_k |= 0x00000040U;
Executed by:
  • libssl.so.1.1
1590
3314 if (mask_k & SSL_kDHE)
mask_k & 0x00000002UDescription
TRUEevaluated 317 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1305 times by 1 test
Evaluated by:
  • libssl.so.1.1
317-1305
3315 mask_k |= SSL_kDHEPSK;
executed 317 times by 1 test: mask_k |= 0x00000100U;
Executed by:
  • libssl.so.1.1
317
3316 if (mask_k & SSL_kECDHE)
mask_k & 0x00000004UDescription
TRUEevaluated 1622 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1622
3317 mask_k |= SSL_kECDHEPSK;
executed 1622 times by 1 test: mask_k |= 0x00000080U;
Executed by:
  • libssl.so.1.1
1622
3318#endif-
3319-
3320 s->s3->tmp.mask_k = mask_k;-
3321 s->s3->tmp.mask_a = mask_a;-
3322}
executed 1622 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1622
3323-
3324#ifndef OPENSSL_NO_EC-
3325-
3326int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)-
3327{-
3328 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
s->s3->tmp.new... & 0x00000008UDescription
TRUEevaluated 31 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-31
3329 /* key usage, if present, must allow signing */-
3330 if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
!(X509_get_key...e(x) & 0x0080)Description
TRUEnever evaluated
FALSEevaluated 31 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-31
3331 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,-
3332 SSL_R_ECC_CERT_NOT_FOR_SIGNING);-
3333 return 0;
never executed: return 0;
0
3334 }-
3335 }
executed 31 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
31
3336 return 1; /* all checks are ok */
executed 31 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
31
3337}-
3338-
3339#endif-
3340-
3341int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,-
3342 size_t *serverinfo_length)-
3343{-
3344 CERT_PKEY *cpk = s->s3->tmp.cert;-
3345 *serverinfo_length = 0;-
3346-
3347 if (cpk == NULL || cpk->serverinfo == NULL)
cpk == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
cpk->serverinfo == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-8
3348 return 0;
never executed: return 0;
0
3349-
3350 *serverinfo = cpk->serverinfo;-
3351 *serverinfo_length = cpk->serverinfo_length;-
3352 return 1;
executed 8 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
8
3353}-
3354-
3355void ssl_update_cache(SSL *s, int mode)-
3356{-
3357 int i;-
3358-
3359 /*-
3360 * If the session_id_length is 0, we are not supposed to cache it, and it-
3361 * would be rather hard to do anyway :-)-
3362 */-
3363 if (s->session->session_id_length == 0)
s->session->se...id_length == 0Description
TRUEevaluated 895 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3177 times by 1 test
Evaluated by:
  • libssl.so.1.1
895-3177
3364 return;
executed 895 times by 1 test: return;
Executed by:
  • libssl.so.1.1
895
3365-
3366 /*-
3367 * If sid_ctx_length is 0 there is no specific application context-
3368 * associated with this session, so when we try to resume it and-
3369 * SSL_VERIFY_PEER is requested to verify the client identity, we have no-
3370 * indication that this is actually a session for the proper application-
3371 * context, and the *handshake* will fail, not just the resumption attempt.-
3372 * Do not cache (on the server) these sessions that are not resumable-
3373 * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).-
3374 */-
3375 if (s->server && s->session->sid_ctx_length == 0
s->serverDescription
TRUEevaluated 1187 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1990 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->session->si...tx_length == 0Description
TRUEevaluated 997 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 190 times by 1 test
Evaluated by:
  • libssl.so.1.1
190-1990
3376 && (s->verify_mode & SSL_VERIFY_PEER) != 0)
(s->verify_mode & 0x01) != 0Description
TRUEevaluated 48 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 949 times by 1 test
Evaluated by:
  • libssl.so.1.1
48-949
3377 return;
executed 48 times by 1 test: return;
Executed by:
  • libssl.so.1.1
48
3378-
3379 i = s->session_ctx->session_cache_mode;-
3380 if ((i & mode) != 0
(i & mode) != 0Description
TRUEevaluated 1299 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1830 times by 1 test
Evaluated by:
  • libssl.so.1.1
1299-1830
3381 && (!s->hit || SSL_IS_TLS13(s))) {
!s->hitDescription
TRUEevaluated 1093 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 206 times by 1 test
Evaluated by:
  • libssl.so.1.1
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 190 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 16 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->version >= 0x0304Description
TRUEevaluated 139 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 51 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->v...ion != 0x10000Description
TRUEevaluated 139 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1093
3382 /*-
3383 * Add the session to the internal cache. In server side TLSv1.3 we-
3384 * normally don't do this because by default it's a full stateless ticket-
3385 * with only a dummy session id so there is no reason to cache it,-
3386 * unless:-
3387 * - we are doing early_data, in which case we cache so that we can-
3388 * detect replays-
3389 * - the application has set a remove_session_cb so needs to know about-
3390 * session timeout events-
3391 * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket-
3392 */-
3393 if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
(i & 0x0200) == 0Description
TRUEevaluated 974 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 258 times by 1 test
Evaluated by:
  • libssl.so.1.1
258-974
3394 && (!SSL_IS_TLS13(s)
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 957 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 17 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->version >= 0x0304Description
TRUEevaluated 890 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 67 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->v...ion != 0x10000Description
TRUEevaluated 890 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-957
3395 || !s->server
!s->serverDescription
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 880 times by 1 test
Evaluated by:
  • libssl.so.1.1
10-880
3396 || (s->max_early_data > 0
s->max_early_data > 0Description
TRUEevaluated 147 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 733 times by 1 test
Evaluated by:
  • libssl.so.1.1
147-733
3397 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
(s->options & ...1000000U) == 0Description
TRUEevaluated 115 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
32-115
3398 || s->session_ctx->remove_session_cb != NULL
s->session_ctx...!= ((void *)0)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 762 times by 1 test
Evaluated by:
  • libssl.so.1.1
3-762
3399 || (s->options & SSL_OP_NO_TICKET) != 0))
(s->options & ...0004000U) != 0Description
TRUEevaluated 61 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 701 times by 1 test
Evaluated by:
  • libssl.so.1.1
61-701
3400 SSL_CTX_add_session(s->session_ctx, s->session);
executed 273 times by 1 test: SSL_CTX_add_session(s->session_ctx, s->session);
Executed by:
  • libssl.so.1.1
273
3401-
3402 /*-
3403 * Add the session to the external cache. We do this even in server side-
3404 * TLSv1.3 without early data because some applications just want to-
3405 * know about the creation of a session and aren't doing a full cache.-
3406 */-
3407 if (s->session_ctx->new_session_cb != NULL) {
s->session_ctx...!= ((void *)0)Description
TRUEevaluated 269 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 963 times by 1 test
Evaluated by:
  • libssl.so.1.1
269-963
3408 SSL_SESSION_up_ref(s->session);-
3409 if (!s->session_ctx->new_session_cb(s, s->session))
!s->session_ct...s, s->session)Description
TRUEevaluated 184 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 85 times by 1 test
Evaluated by:
  • libssl.so.1.1
85-184
3410 SSL_SESSION_free(s->session);
executed 184 times by 1 test: SSL_SESSION_free(s->session);
Executed by:
  • libssl.so.1.1
184
3411 }
executed 269 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
269
3412 }
executed 1232 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1232
3413-
3414 /* auto flush every 255 connections */-
3415 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
(!(i & 0x0080))Description
TRUEevaluated 3129 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
((i & mode) == mode)Description
TRUEevaluated 1299 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1830 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3129
3416 TSAN_QUALIFIER int *stat;-
3417 if (mode & SSL_SESS_CACHE_CLIENT)
mode & 0x0001Description
TRUEevaluated 180 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1119 times by 1 test
Evaluated by:
  • libssl.so.1.1
180-1119
3418 stat = &s->session_ctx->stats.sess_connect_good;
executed 180 times by 1 test: stat = &s->session_ctx->stats.sess_connect_good;
Executed by:
  • libssl.so.1.1
180
3419 else-
3420 stat = &s->session_ctx->stats.sess_accept_good;
executed 1119 times by 1 test: stat = &s->session_ctx->stats.sess_accept_good;
Executed by:
  • libssl.so.1.1
1119
3421 if ((tsan_load(stat) & 0xff) == 0xff)
( __extension_... 0xff) == 0xffDescription
TRUEnever evaluated
FALSEevaluated 1299 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1299
3422 SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
never executed: SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time( ((void *)0) ));
0
3423 }
executed 1299 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1299
3424}
executed 3129 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3129
3425-
3426const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)-
3427{-
3428 return ctx->method;
never executed: return ctx->method;
0
3429}-
3430-
3431const SSL_METHOD *SSL_get_ssl_method(SSL *s)-
3432{-
3433 return s->method;
never executed: return s->method;
0
3434}-
3435-
3436int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)-
3437{-
3438 int ret = 1;-
3439-
3440 if (s->method != meth) {
s->method != methDescription
TRUEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-33
3441 const SSL_METHOD *sm = s->method;-
3442 int (*hf) (SSL *) = s->handshake_func;-
3443-
3444 if (sm->version == meth->version)
sm->version == meth->versionDescription
TRUEnever evaluated
FALSEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-33
3445 s->method = meth;
never executed: s->method = meth;
0
3446 else {-
3447 sm->ssl_free(s);-
3448 s->method = meth;-
3449 ret = s->method->ssl_new(s);-
3450 }
executed 33 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
33
3451-
3452 if (hf == sm->ssl_connect)
hf == sm->ssl_connectDescription
TRUEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-33
3453 s->handshake_func = meth->ssl_connect;
executed 33 times by 1 test: s->handshake_func = meth->ssl_connect;
Executed by:
  • libssl.so.1.1
33
3454 else if (hf == sm->ssl_accept)
hf == sm->ssl_acceptDescription
TRUEnever evaluated
FALSEnever evaluated
0
3455 s->handshake_func = meth->ssl_accept;
never executed: s->handshake_func = meth->ssl_accept;
0
3456 }
executed 33 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
33
3457 return ret;
executed 33 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
33
3458}-
3459-
3460int SSL_get_error(const SSL *s, int i)-
3461{-
3462 int reason;-
3463 unsigned long l;-
3464 BIO *bio;-
3465-
3466 if (i > 0)
i > 0Description
TRUEevaluated 1036 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 31153 times by 1 test
Evaluated by:
  • libssl.so.1.1
1036-31153
3467 return SSL_ERROR_NONE;
executed 1036 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
1036
3468-
3469 /*-
3470 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,-
3471 * where we do encode the error-
3472 */-
3473 if ((l = ERR_peek_error()) != 0) {
(l = ERR_peek_error()) != 0Description
TRUEevaluated 760 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 30393 times by 1 test
Evaluated by:
  • libssl.so.1.1
760-30393
3474 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
(int)(((l) >> ...& 0x0FFL) == 2Description
TRUEnever evaluated
FALSEevaluated 760 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-760
3475 return SSL_ERROR_SYSCALL;
never executed: return 5;
0
3476 else-
3477 return SSL_ERROR_SSL;
executed 760 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
760
3478 }-
3479-
3480 if (SSL_want_read(s)) {
(SSL_want(s) == 3)Description
TRUEevaluated 28917 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1476 times by 1 test
Evaluated by:
  • libssl.so.1.1
1476-28917
3481 bio = SSL_get_rbio(s);-
3482 if (BIO_should_read(bio))
BIO_test_flags(bio, 0x01)Description
TRUEevaluated 28908 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
9-28908
3483 return SSL_ERROR_WANT_READ;
executed 28908 times by 1 test: return 2;
Executed by:
  • libssl.so.1.1
28908
3484 else if (BIO_should_write(bio))
BIO_test_flags(bio, 0x02)Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9
3485 /*-
3486 * This one doesn't make too much sense ... We never try to write-
3487 * to the rbio, and an application program where rbio and wbio-
3488 * are separate couldn't even know what it should wait for.-
3489 * However if we ever set s->rwstate incorrectly (so that we have-
3490 * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and-
3491 * wbio *are* the same, this test works around that bug; so it-
3492 * might be safer to keep it.-
3493 */-
3494 return SSL_ERROR_WANT_WRITE;
never executed: return 3;
0
3495 else if (BIO_should_io_special(bio)) {
BIO_test_flags(bio, 0x04)Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9
3496 reason = BIO_get_retry_reason(bio);-
3497 if (reason == BIO_RR_CONNECT)
reason == 0x02Description
TRUEnever evaluated
FALSEnever evaluated
0
3498 return SSL_ERROR_WANT_CONNECT;
never executed: return 7;
0
3499 else if (reason == BIO_RR_ACCEPT)
reason == 0x03Description
TRUEnever evaluated
FALSEnever evaluated
0
3500 return SSL_ERROR_WANT_ACCEPT;
never executed: return 8;
0
3501 else-
3502 return SSL_ERROR_SYSCALL; /* unknown */
never executed: return 5;
0
3503 }-
3504 }
executed 9 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
9
3505-
3506 if (SSL_want_write(s)) {
(SSL_want(s) == 2)Description
TRUEevaluated 1127 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 358 times by 1 test
Evaluated by:
  • libssl.so.1.1
358-1127
3507 /* Access wbio directly - in order to use the buffered bio if present */-
3508 bio = s->wbio;-
3509 if (BIO_should_write(bio))
BIO_test_flags(bio, 0x02)Description
TRUEevaluated 1127 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1127
3510 return SSL_ERROR_WANT_WRITE;
executed 1127 times by 1 test: return 3;
Executed by:
  • libssl.so.1.1
1127
3511 else if (BIO_should_read(bio))
BIO_test_flags(bio, 0x01)Description
TRUEnever evaluated
FALSEnever evaluated
0
3512 /*-
3513 * See above (SSL_want_read(s) with BIO_should_write(bio))-
3514 */-
3515 return SSL_ERROR_WANT_READ;
never executed: return 2;
0
3516 else if (BIO_should_io_special(bio)) {
BIO_test_flags(bio, 0x04)Description
TRUEnever evaluated
FALSEnever evaluated
0
3517 reason = BIO_get_retry_reason(bio);-
3518 if (reason == BIO_RR_CONNECT)
reason == 0x02Description
TRUEnever evaluated
FALSEnever evaluated
0
3519 return SSL_ERROR_WANT_CONNECT;
never executed: return 7;
0
3520 else if (reason == BIO_RR_ACCEPT)
reason == 0x03Description
TRUEnever evaluated
FALSEnever evaluated
0
3521 return SSL_ERROR_WANT_ACCEPT;
never executed: return 8;
0
3522 else-
3523 return SSL_ERROR_SYSCALL;
never executed: return 5;
0
3524 }-
3525 }
never executed: end of block
0
3526 if (SSL_want_x509_lookup(s))
(SSL_want(s) == 4)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 356 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-356
3527 return SSL_ERROR_WANT_X509_LOOKUP;
executed 2 times by 1 test: return 4;
Executed by:
  • libssl.so.1.1
2
3528 if (SSL_want_async(s))
(SSL_want(s) == 5)Description
TRUEnever evaluated
FALSEevaluated 356 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-356
3529 return SSL_ERROR_WANT_ASYNC;
never executed: return 9;
0
3530 if (SSL_want_async_job(s))
(SSL_want(s) == 6)Description
TRUEnever evaluated
FALSEevaluated 356 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-356
3531 return SSL_ERROR_WANT_ASYNC_JOB;
never executed: return 10;
0
3532 if (SSL_want_client_hello_cb(s))
(SSL_want(s) == 7)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 354 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-354
3533 return SSL_ERROR_WANT_CLIENT_HELLO_CB;
executed 2 times by 1 test: return 11;
Executed by:
  • libssl.so.1.1
2
3534-
3535 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->shutdown & 2)Description
TRUEevaluated 223 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 131 times by 1 test
Evaluated by:
  • libssl.so.1.1
131-223
3536 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
(s->s3->warn_alert == 0)Description
TRUEevaluated 223 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-223
3537 return SSL_ERROR_ZERO_RETURN;
executed 223 times by 1 test: return 6;
Executed by:
  • libssl.so.1.1
223
3538-
3539 return SSL_ERROR_SYSCALL;
executed 131 times by 1 test: return 5;
Executed by:
  • libssl.so.1.1
131
3540}-
3541-
3542static int ssl_do_handshake_intern(void *vargs)-
3543{-
3544 struct ssl_async_args *args;-
3545 SSL *s;-
3546-
3547 args = (struct ssl_async_args *)vargs;-
3548 s = args->s;-
3549-
3550 return s->handshake_func(s);
never executed: return s->handshake_func(s);
0
3551}-
3552-
3553int SSL_do_handshake(SSL *s)-
3554{-
3555 int ret = 1;-
3556-
3557 if (s->handshake_func == NULL) {
s->handshake_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 24091 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-24091
3558 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);-
3559 return -1;
never executed: return -1;
0
3560 }-
3561-
3562 ossl_statem_check_finish_init(s, -1);-
3563-
3564 s->method->ssl_renegotiate_check(s, 0);-
3565-
3566 if (SSL_in_init(s) || SSL_in_before(s)) {
SSL_in_init(s)Description
TRUEevaluated 24032 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 59 times by 1 test
Evaluated by:
  • libssl.so.1.1
SSL_in_before(s)Description
TRUEnever evaluated
FALSEevaluated 59 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-24032
3567 if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
(s->mode & 0x00000100U)Description
TRUEnever evaluated
FALSEevaluated 24032 times by 1 test
Evaluated by:
  • libssl.so.1.1
ASYNC_get_curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-24032
3568 struct ssl_async_args args;-
3569-
3570 args.s = s;-
3571-
3572 ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);-
3573 } else {
never executed: end of block
0
3574 ret = s->handshake_func(s);-
3575 }
executed 24032 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
24032
3576 }-
3577 return ret;
executed 24091 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
24091
3578}-
3579-
3580void SSL_set_accept_state(SSL *s)-
3581{-
3582 s->server = 1;-
3583 s->shutdown = 0;-
3584 ossl_statem_clear(s);-
3585 s->handshake_func = s->method->ssl_accept;-
3586 clear_ciphers(s);-
3587}
executed 3771 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3771
3588-
3589void SSL_set_connect_state(SSL *s)-
3590{-
3591 s->server = 0;-
3592 s->shutdown = 0;-
3593 ossl_statem_clear(s);-
3594 s->handshake_func = s->method->ssl_connect;-
3595 clear_ciphers(s);-
3596}
executed 4336 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
4336
3597-
3598int ssl_undefined_function(SSL *s)-
3599{-
3600 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
3601 return 0;
never executed: return 0;
0
3602}-
3603-
3604int ssl_undefined_void_function(void)-
3605{-
3606 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,-
3607 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
3608 return 0;
never executed: return 0;
0
3609}-
3610-
3611int ssl_undefined_const_function(const SSL *s)-
3612{-
3613 return 0;
never executed: return 0;
0
3614}-
3615-
3616const SSL_METHOD *ssl_bad_method(int ver)-
3617{-
3618 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
3619 return NULL;
never executed: return ((void *)0) ;
0
3620}-
3621-
3622const char *ssl_protocol_to_string(int version)-
3623{-
3624 switch(version)-
3625 {-
3626 case TLS1_3_VERSION:
executed 156 times by 1 test: case 0x0304:
Executed by:
  • libssl.so.1.1
156
3627 return "TLSv1.3";
executed 156 times by 1 test: return "TLSv1.3";
Executed by:
  • libssl.so.1.1
156
3628-
3629 case TLS1_2_VERSION:
executed 290 times by 1 test: case 0x0303:
Executed by:
  • libssl.so.1.1
290
3630 return "TLSv1.2";
executed 290 times by 1 test: return "TLSv1.2";
Executed by:
  • libssl.so.1.1
290
3631-
3632 case TLS1_1_VERSION:
executed 8 times by 1 test: case 0x0302:
Executed by:
  • libssl.so.1.1
8
3633 return "TLSv1.1";
executed 8 times by 1 test: return "TLSv1.1";
Executed by:
  • libssl.so.1.1
8
3634-
3635 case TLS1_VERSION:
executed 61 times by 1 test: case 0x0301:
Executed by:
  • libssl.so.1.1
61
3636 return "TLSv1";
executed 61 times by 1 test: return "TLSv1";
Executed by:
  • libssl.so.1.1
61
3637-
3638 case SSL3_VERSION:
executed 115 times by 1 test: case 0x0300:
Executed by:
  • libssl.so.1.1
115
3639 return "SSLv3";
executed 115 times by 1 test: return "SSLv3";
Executed by:
  • libssl.so.1.1
115
3640-
3641 case DTLS1_BAD_VER:
never executed: case 0x0100:
0
3642 return "DTLSv0.9";
never executed: return "DTLSv0.9";
0
3643-
3644 case DTLS1_VERSION:
never executed: case 0xFEFF:
0
3645 return "DTLSv1";
never executed: return "DTLSv1";
0
3646-
3647 case DTLS1_2_VERSION:
never executed: case 0xFEFD:
0
3648 return "DTLSv1.2";
never executed: return "DTLSv1.2";
0
3649-
3650 default:
executed 25 times by 1 test: default:
Executed by:
  • libssl.so.1.1
25
3651 return "unknown";
executed 25 times by 1 test: return "unknown";
Executed by:
  • libssl.so.1.1
25
3652 }-
3653}-
3654-
3655const char *SSL_get_version(const SSL *s)-
3656{-
3657 return ssl_protocol_to_string(s->version);
executed 266 times by 1 test: return ssl_protocol_to_string(s->version);
Executed by:
  • libssl.so.1.1
266
3658}-
3659-
3660SSL *SSL_dup(SSL *s)-
3661{-
3662 STACK_OF(X509_NAME) *sk;-
3663 X509_NAME *xn;-
3664 SSL *ret;-
3665 int i;-
3666-
3667 /* If we're not quiescent, just up_ref! */-
3668 if (!SSL_in_init(s) || !SSL_in_before(s)) {
!SSL_in_init(s)Description
TRUEnever evaluated
FALSEnever evaluated
!SSL_in_before(s)Description
TRUEnever evaluated
FALSEnever evaluated
0
3669 CRYPTO_UP_REF(&s->references, &i, s->lock);-
3670 return s;
never executed: return s;
0
3671 }-
3672-
3673 /*-
3674 * Otherwise, copy configuration state, and session if set.-
3675 */-
3676 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
(ret = SSL_new...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3677 return NULL;
never executed: return ((void *)0) ;
0
3678-
3679 if (s->session != NULL) {
s->session != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3680 /*-
3681 * Arranges to share the same session via up_ref. This "copies"-
3682 * session-id, SSL_METHOD, sid_ctx, and 'cert'-
3683 */-
3684 if (!SSL_copy_session_id(ret, s))
!SSL_copy_session_id(ret, s)Description
TRUEnever evaluated
FALSEnever evaluated
0
3685 goto err;
never executed: goto err;
0
3686 } else {
never executed: end of block
0
3687 /*-
3688 * No session has been established yet, so we have to expect that-
3689 * s->cert or ret->cert will be changed later -- they should not both-
3690 * point to the same object, and thus we can't use-
3691 * SSL_copy_session_id.-
3692 */-
3693 if (!SSL_set_ssl_method(ret, s->method))
!SSL_set_ssl_m...et, s->method)Description
TRUEnever evaluated
FALSEnever evaluated
0
3694 goto err;
never executed: goto err;
0
3695-
3696 if (s->cert != NULL) {
s->cert != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3697 ssl_cert_free(ret->cert);-
3698 ret->cert = ssl_cert_dup(s->cert);-
3699 if (ret->cert == NULL)
ret->cert == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3700 goto err;
never executed: goto err;
0
3701 }
never executed: end of block
0
3702-
3703 if (!SSL_set_session_id_context(ret, s->sid_ctx,
!SSL_set_sessi...id_ctx_length)Description
TRUEnever evaluated
FALSEnever evaluated
0
3704 (int)s->sid_ctx_length))
!SSL_set_sessi...id_ctx_length)Description
TRUEnever evaluated
FALSEnever evaluated
0
3705 goto err;
never executed: goto err;
0
3706 }
never executed: end of block
0
3707-
3708 if (!ssl_dane_dup(ret, s))
!ssl_dane_dup(ret, s)Description
TRUEnever evaluated
FALSEnever evaluated
0
3709 goto err;
never executed: goto err;
0
3710 ret->version = s->version;-
3711 ret->options = s->options;-
3712 ret->mode = s->mode;-
3713 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));-
3714 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));-
3715 ret->msg_callback = s->msg_callback;-
3716 ret->msg_callback_arg = s->msg_callback_arg;-
3717 SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));-
3718 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));-
3719 ret->generate_session_id = s->generate_session_id;-
3720-
3721 SSL_set_info_callback(ret, SSL_get_info_callback(s));-
3722-
3723 /* copy app data, a little dangerous perhaps */-
3724 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
!CRYPTO_dup_ex..., &s->ex_data)Description
TRUEnever evaluated
FALSEnever evaluated
0
3725 goto err;
never executed: goto err;
0
3726-
3727 /* setup rbio, and wbio */-
3728 if (s->rbio != NULL) {
s->rbio != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3729 if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
!BIO_ctrl(s->r...*)&ret->rbio))Description
TRUEnever evaluated
FALSEnever evaluated
0
3730 goto err;
never executed: goto err;
0
3731 }
never executed: end of block
0
3732 if (s->wbio != NULL) {
s->wbio != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3733 if (s->wbio != s->rbio) {
s->wbio != s->rbioDescription
TRUEnever evaluated
FALSEnever evaluated
0
3734 if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
!BIO_ctrl(s->w...*)&ret->wbio))Description
TRUEnever evaluated
FALSEnever evaluated
0
3735 goto err;
never executed: goto err;
0
3736 } else {
never executed: end of block
0
3737 BIO_up_ref(ret->rbio);-
3738 ret->wbio = ret->rbio;-
3739 }
never executed: end of block
0
3740 }-
3741-
3742 ret->server = s->server;-
3743 if (s->handshake_func) {
s->handshake_funcDescription
TRUEnever evaluated
FALSEnever evaluated
0
3744 if (s->server)
s->serverDescription
TRUEnever evaluated
FALSEnever evaluated
0
3745 SSL_set_accept_state(ret);
never executed: SSL_set_accept_state(ret);
0
3746 else-
3747 SSL_set_connect_state(ret);
never executed: SSL_set_connect_state(ret);
0
3748 }-
3749 ret->shutdown = s->shutdown;-
3750 ret->hit = s->hit;-
3751-
3752 ret->default_passwd_callback = s->default_passwd_callback;-
3753 ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;-
3754-
3755 X509_VERIFY_PARAM_inherit(ret->param, s->param);-
3756-
3757 /* dup the cipher_list and cipher_list_by_id stacks */-
3758 if (s->cipher_list != NULL) {
s->cipher_list != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3759 if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
(ret->cipher_l...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3760 goto err;
never executed: goto err;
0
3761 }
never executed: end of block
0
3762 if (s->cipher_list_by_id != NULL)
s->cipher_list...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3763 if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
(ret->cipher_l...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3764 == NULL)
(ret->cipher_l...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3765 goto err;
never executed: goto err;
0
3766-
3767 /* Dup the client_CA list */-
3768 if (s->ca_names != NULL) {
s->ca_names != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3769 if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
(sk = sk_X509_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3770 goto err;
never executed: goto err;
0
3771 ret->ca_names = sk;-
3772 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
i < sk_X509_NAME_num(sk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3773 xn = sk_X509_NAME_value(sk, i);-
3774 if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
sk_X509_NAME_s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3775 X509_NAME_free(xn);-
3776 goto err;
never executed: goto err;
0
3777 }-
3778 }
never executed: end of block
0
3779 }
never executed: end of block
0
3780 return ret;
never executed: return ret;
0
3781-
3782 err:-
3783 SSL_free(ret);-
3784 return NULL;
never executed: return ((void *)0) ;
0
3785}-
3786-
3787void ssl_clear_cipher_ctx(SSL *s)-
3788{-
3789 if (s->enc_read_ctx != NULL) {
s->enc_read_ctx != ((void *)0)Description
TRUEevaluated 3897 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 28733 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
3897-28733
3790 EVP_CIPHER_CTX_free(s->enc_read_ctx);-
3791 s->enc_read_ctx = NULL;-
3792 }
executed 3897 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
3897
3793 if (s->enc_write_ctx != NULL) {
s->enc_write_c...!= ((void *)0)Description
TRUEevaluated 3913 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 28717 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
3913-28717
3794 EVP_CIPHER_CTX_free(s->enc_write_ctx);-
3795 s->enc_write_ctx = NULL;-
3796 }
executed 3913 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
3913
3797#ifndef OPENSSL_NO_COMP-
3798 COMP_CTX_free(s->expand);-
3799 s->expand = NULL;-
3800 COMP_CTX_free(s->compress);-
3801 s->compress = NULL;-
3802#endif-
3803}
executed 32630 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
32630
3804-
3805X509 *SSL_get_certificate(const SSL *s)-
3806{-
3807 if (s->cert != NULL)
s->cert != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3808 return s->cert->key->x509;
never executed: return s->cert->key->x509;
0
3809 else-
3810 return NULL;
never executed: return ((void *)0) ;
0
3811}-
3812-
3813EVP_PKEY *SSL_get_privatekey(const SSL *s)-
3814{-
3815 if (s->cert != NULL)
s->cert != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3816 return s->cert->key->privatekey;
never executed: return s->cert->key->privatekey;
0
3817 else-
3818 return NULL;
never executed: return ((void *)0) ;
0
3819}-
3820-
3821X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)-
3822{-
3823 if (ctx->cert != NULL)
ctx->cert != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3824 return ctx->cert->key->x509;
never executed: return ctx->cert->key->x509;
0
3825 else-
3826 return NULL;
never executed: return ((void *)0) ;
0
3827}-
3828-
3829EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)-
3830{-
3831 if (ctx->cert != NULL)
ctx->cert != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3832 return ctx->cert->key->privatekey;
never executed: return ctx->cert->key->privatekey;
0
3833 else-
3834 return NULL;
never executed: return ((void *)0) ;
0
3835}-
3836-
3837const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)-
3838{-
3839 if ((s->session != NULL) && (s->session->cipher != NULL))
(s->session != ((void *)0) )Description
TRUEevaluated 2425 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 52 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s->session->c... ((void *)0) )Description
TRUEevaluated 2184 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 241 times by 1 test
Evaluated by:
  • libssl.so.1.1
52-2425
3840 return s->session->cipher;
executed 2184 times by 1 test: return s->session->cipher;
Executed by:
  • libssl.so.1.1
2184
3841 return NULL;
executed 293 times by 1 test: return ((void *)0) ;
Executed by:
  • libssl.so.1.1
293
3842}-
3843-
3844const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)-
3845{-
3846 return s->s3->tmp.new_cipher;
never executed: return s->s3->tmp.new_cipher;
0
3847}-
3848-
3849const COMP_METHOD *SSL_get_current_compression(SSL *s)-
3850{-
3851#ifndef OPENSSL_NO_COMP-
3852 return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
executed 1401 times by 1 test: return s->compress ? COMP_CTX_get_method(s->compress) : ((void *)0) ;
Executed by:
  • libssl.so.1.1
s->compressDescription
TRUEnever evaluated
FALSEevaluated 1401 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1401
3853#else-
3854 return NULL;-
3855#endif-
3856}-
3857-
3858const COMP_METHOD *SSL_get_current_expansion(SSL *s)-
3859{-
3860#ifndef OPENSSL_NO_COMP-
3861 return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
executed 191 times by 1 test: return s->expand ? COMP_CTX_get_method(s->expand) : ((void *)0) ;
Executed by:
  • libssl.so.1.1
s->expandDescription
TRUEnever evaluated
FALSEevaluated 191 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-191
3862#else-
3863 return NULL;-
3864#endif-
3865}-
3866-
3867int ssl_init_wbio_buffer(SSL *s)-
3868{-
3869 BIO *bbio;-
3870-
3871 if (s->bbio != NULL) {
s->bbio != ((void *)0)Description
TRUEevaluated 47 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 9243 times by 1 test
Evaluated by:
  • libssl.so.1.1
47-9243
3872 /* Already buffered. */-
3873 return 1;
executed 47 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
47
3874 }-
3875-
3876 bbio = BIO_new(BIO_f_buffer());-
3877 if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
bbio == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 9243 times by 1 test
Evaluated by:
  • libssl.so.1.1
!BIO_int_ctrl(bbio,117,1,0)Description
TRUEnever evaluated
FALSEevaluated 9243 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9243
3878 BIO_free(bbio);-
3879 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);-
3880 return 0;
never executed: return 0;
0
3881 }-
3882 s->bbio = bbio;-
3883 s->wbio = BIO_push(bbio, s->wbio);-
3884-
3885 return 1;
executed 9243 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
9243
3886}-
3887-
3888int ssl_free_wbio_buffer(SSL *s)-
3889{-
3890 /* callers ensure s is never null */-
3891 if (s->bbio == NULL)
s->bbio == ((void *)0)Description
TRUEevaluated 36322 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 9243 times by 1 test
Evaluated by:
  • libssl.so.1.1
9243-36322
3892 return 1;
executed 36322 times by 2 tests: return 1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
36322
3893-
3894 s->wbio = BIO_pop(s->wbio);-
3895 BIO_free(s->bbio);-
3896 s->bbio = NULL;-
3897-
3898 return 1;
executed 9243 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
9243
3899}-
3900-
3901void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)-
3902{-
3903 ctx->quiet_shutdown = mode;-
3904}
executed 182 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
182
3905-
3906int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)-
3907{-
3908 return ctx->quiet_shutdown;
never executed: return ctx->quiet_shutdown;
0
3909}-
3910-
3911void SSL_set_quiet_shutdown(SSL *s, int mode)-
3912{-
3913 s->quiet_shutdown = mode;-
3914}
never executed: end of block
0
3915-
3916int SSL_get_quiet_shutdown(const SSL *s)-
3917{-
3918 return s->quiet_shutdown;
never executed: return s->quiet_shutdown;
0
3919}-
3920-
3921void SSL_set_shutdown(SSL *s, int mode)-
3922{-
3923 s->shutdown = mode;-
3924}
executed 191 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
191
3925-
3926int SSL_get_shutdown(const SSL *s)-
3927{-
3928 return s->shutdown;
executed 3 times by 1 test: return s->shutdown;
Executed by:
  • libssl.so.1.1
3
3929}-
3930-
3931int SSL_version(const SSL *s)-
3932{-
3933 return s->version;
executed 45857 times by 1 test: return s->version;
Executed by:
  • libssl.so.1.1
45857
3934}-
3935-
3936int SSL_client_version(const SSL *s)-
3937{-
3938 return s->client_version;
never executed: return s->client_version;
0
3939}-
3940-
3941SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)-
3942{-
3943 return ssl->ctx;
executed 286 times by 1 test: return ssl->ctx;
Executed by:
  • libssl.so.1.1
286
3944}-
3945-
3946SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)-
3947{-
3948 CERT *new_cert;-
3949 if (ssl->ctx == ctx)
ssl->ctx == ctxDescription
TRUEnever evaluated
FALSEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-24
3950 return ssl->ctx;
never executed: return ssl->ctx;
0
3951 if (ctx == NULL)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-24
3952 ctx = ssl->session_ctx;
never executed: ctx = ssl->session_ctx;
0
3953 new_cert = ssl_cert_dup(ctx->cert);-
3954 if (new_cert == NULL) {
new_cert == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-24
3955 return NULL;
never executed: return ((void *)0) ;
0
3956 }-
3957-
3958 if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
!custom_exts_c...cert->custext)Description
TRUEnever evaluated
FALSEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-24
3959 ssl_cert_free(new_cert);-
3960 return NULL;
never executed: return ((void *)0) ;
0
3961 }-
3962-
3963 ssl_cert_free(ssl->cert);-
3964 ssl->cert = new_cert;-
3965-
3966 /*-
3967 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),-
3968 * so setter APIs must prevent invalid lengths from entering the system.-
3969 */-
3970 if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
!((ssl->sid_ct...id_ctx)) != 0)Description
TRUEnever evaluated
FALSEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-24
3971 return NULL;
never executed: return ((void *)0) ;
0
3972-
3973 /*-
3974 * If the session ID context matches that of the parent SSL_CTX,-
3975 * inherit it from the new SSL_CTX as well. If however the context does-
3976 * not match (i.e., it was set per-ssl with SSL_set_session_id_context),-
3977 * leave it unchanged.-
3978 */-
3979 if ((ssl->ctx != NULL) &&
(ssl->ctx != ((void *)0) )Description
TRUEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-24
3980 (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
(ssl->sid_ctx_...id_ctx_length)Description
TRUEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-24
3981 (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
(memcmp(ssl->s..._length) == 0)Description
TRUEevaluated 24 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-24
3982 ssl->sid_ctx_length = ctx->sid_ctx_length;-
3983 memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));-
3984 }
executed 24 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
24
3985-
3986 SSL_CTX_up_ref(ctx);-
3987 SSL_CTX_free(ssl->ctx); /* decrement reference count */-
3988 ssl->ctx = ctx;-
3989-
3990 return ssl->ctx;
executed 24 times by 1 test: return ssl->ctx;
Executed by:
  • libssl.so.1.1
24
3991}-
3992-
3993int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)-
3994{-
3995 return X509_STORE_set_default_paths(ctx->cert_store);
executed 12 times by 1 test: return X509_STORE_set_default_paths(ctx->cert_store);
Executed by:
  • libssl.so.1.1
12
3996}-
3997-
3998int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)-
3999{-
4000 X509_LOOKUP *lookup;-
4001-
4002 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());-
4003 if (lookup == NULL)
lookup == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 373 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-373
4004 return 0;
never executed: return 0;
0
4005 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);-
4006-
4007 /* Clear any errors if the default directory does not exist */-
4008 ERR_clear_error();-
4009-
4010 return 1;
executed 373 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
373
4011}-
4012-
4013int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)-
4014{-
4015 X509_LOOKUP *lookup;-
4016-
4017 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());-
4018 if (lookup == NULL)
lookup == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 373 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-373
4019 return 0;
never executed: return 0;
0
4020-
4021 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);-
4022-
4023 /* Clear any errors if the default file does not exist */-
4024 ERR_clear_error();-
4025-
4026 return 1;
executed 373 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
373
4027}-
4028-
4029int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,-
4030 const char *CApath)-
4031{-
4032 return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
executed 128 times by 1 test: return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
Executed by:
  • libssl.so.1.1
128
4033}-
4034-
4035void SSL_set_info_callback(SSL *ssl,-
4036 void (*cb) (const SSL *ssl, int type, int val))-
4037{-
4038 ssl->info_callback = cb;-
4039}
executed 2422 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2422
4040-
4041/*-
4042 * One compiler (Diab DCC) doesn't like argument names in returned function-
4043 * pointer.-
4044 */-
4045void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,-
4046 int /* type */ ,-
4047 int /* val */ ) {-
4048 return ssl->info_callback;
never executed: return ssl->info_callback;
0
4049}-
4050-
4051void SSL_set_verify_result(SSL *ssl, long arg)-
4052{-
4053 ssl->verify_result = arg;-
4054}
executed 147 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
147
4055-
4056long SSL_get_verify_result(const SSL *ssl)-
4057{-
4058 return ssl->verify_result;
executed 339 times by 1 test: return ssl->verify_result;
Executed by:
  • libssl.so.1.1
339
4059}-
4060-
4061size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)-
4062{-
4063 if (outlen == 0)
outlen == 0Description
TRUEnever evaluated
FALSEevaluated 26 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-26
4064 return sizeof(ssl->s3->client_random);
never executed: return sizeof(ssl->s3->client_random);
0
4065 if (outlen > sizeof(ssl->s3->client_random))
outlen > sizeo...client_random)Description
TRUEnever evaluated
FALSEevaluated 26 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-26
4066 outlen = sizeof(ssl->s3->client_random);
never executed: outlen = sizeof(ssl->s3->client_random);
0
4067 memcpy(out, ssl->s3->client_random, outlen);-
4068 return outlen;
executed 26 times by 1 test: return outlen;
Executed by:
  • libssl.so.1.1
26
4069}-
4070-
4071size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)-
4072{-
4073 if (outlen == 0)
outlen == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
4074 return sizeof(ssl->s3->server_random);
never executed: return sizeof(ssl->s3->server_random);
0
4075 if (outlen > sizeof(ssl->s3->server_random))
outlen > sizeo...server_random)Description
TRUEnever evaluated
FALSEnever evaluated
0
4076 outlen = sizeof(ssl->s3->server_random);
never executed: outlen = sizeof(ssl->s3->server_random);
0
4077 memcpy(out, ssl->s3->server_random, outlen);-
4078 return outlen;
never executed: return outlen;
0
4079}-
4080-
4081size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,-
4082 unsigned char *out, size_t outlen)-
4083{-
4084 if (outlen == 0)
outlen == 0Description
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 15 times by 1 test
Evaluated by:
  • libssl.so.1.1
13-15
4085 return session->master_key_length;
executed 13 times by 1 test: return session->master_key_length;
Executed by:
  • libssl.so.1.1
13
4086 if (outlen > session->master_key_length)
outlen > sessi...ter_key_lengthDescription
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-13
4087 outlen = session->master_key_length;
executed 13 times by 1 test: outlen = session->master_key_length;
Executed by:
  • libssl.so.1.1
13
4088 memcpy(out, session->master_key, outlen);-
4089 return outlen;
executed 15 times by 1 test: return outlen;
Executed by:
  • libssl.so.1.1
15
4090}-
4091-
4092int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,-
4093 size_t len)-
4094{-
4095 if (len > sizeof(sess->master_key))
len > sizeof(sess->master_key)Description
TRUEnever evaluated
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-35
4096 return 0;
never executed: return 0;
0
4097-
4098 memcpy(sess->master_key, in, len);-
4099 sess->master_key_length = len;-
4100 return 1;
executed 35 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
35
4101}-
4102-
4103-
4104int SSL_set_ex_data(SSL *s, int idx, void *arg)-
4105{-
4106 return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
executed 2420 times by 1 test: return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
Executed by:
  • libssl.so.1.1
2420
4107}-
4108-
4109void *SSL_get_ex_data(const SSL *s, int idx)-
4110{-
4111 return CRYPTO_get_ex_data(&s->ex_data, idx);
executed 4259 times by 1 test: return CRYPTO_get_ex_data(&s->ex_data, idx);
Executed by:
  • libssl.so.1.1
4259
4112}-
4113-
4114int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)-
4115{-
4116 return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
never executed: return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
0
4117}-
4118-
4119void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)-
4120{-
4121 return CRYPTO_get_ex_data(&s->ex_data, idx);
never executed: return CRYPTO_get_ex_data(&s->ex_data, idx);
0
4122}-
4123-
4124X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)-
4125{-
4126 return ctx->cert_store;
executed 422 times by 1 test: return ctx->cert_store;
Executed by:
  • libssl.so.1.1
422
4127}-
4128-
4129void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)-
4130{-
4131 X509_STORE_free(ctx->cert_store);-
4132 ctx->cert_store = store;-
4133}
never executed: end of block
0
4134-
4135void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)-
4136{-
4137 if (store != NULL)
store != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4138 X509_STORE_up_ref(store);
never executed: X509_STORE_up_ref(store);
0
4139 SSL_CTX_set_cert_store(ctx, store);-
4140}
never executed: end of block
0
4141-
4142int SSL_want(const SSL *s)-
4143{-
4144 return s->rwstate;
executed 33304 times by 1 test: return s->rwstate;
Executed by:
  • libssl.so.1.1
33304
4145}-
4146-
4147/**-
4148 * \brief Set the callback for generating temporary DH keys.-
4149 * \param ctx the SSL context.-
4150 * \param dh the callback-
4151 */-
4152-
4153#ifndef OPENSSL_NO_DH-
4154void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,-
4155 DH *(*dh) (SSL *ssl, int is_export,-
4156 int keylength))-
4157{-
4158 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);-
4159}
never executed: end of block
0
4160-
4161void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,-
4162 int keylength))-
4163{-
4164 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);-
4165}
never executed: end of block
0
4166#endif-
4167-
4168#ifndef OPENSSL_NO_PSK-
4169int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)-
4170{-
4171 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
identity_hint != ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 176 times by 1 test
Evaluated by:
  • libssl.so.1.1
strlen(identity_hint) > 128Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-176
4172 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);-
4173 return 0;
never executed: return 0;
0
4174 }-
4175 OPENSSL_free(ctx->cert->psk_identity_hint);-
4176 if (identity_hint != NULL) {
identity_hint != ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 176 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-176
4177 ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);-
4178 if (ctx->cert->psk_identity_hint == NULL)
ctx->cert->psk...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4
4179 return 0;
never executed: return 0;
0
4180 } else
executed 4 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
4
4181 ctx->cert->psk_identity_hint = NULL;
executed 176 times by 1 test: ctx->cert->psk_identity_hint = ((void *)0) ;
Executed by:
  • libssl.so.1.1
176
4182 return 1;
executed 180 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
180
4183}-
4184-
4185int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)-
4186{-
4187 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4188 return 0;
never executed: return 0;
0
4189-
4190 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
identity_hint != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
strlen(identity_hint) > 128Description
TRUEnever evaluated
FALSEnever evaluated
0
4191 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);-
4192 return 0;
never executed: return 0;
0
4193 }-
4194 OPENSSL_free(s->cert->psk_identity_hint);-
4195 if (identity_hint != NULL) {
identity_hint != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4196 s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);-
4197 if (s->cert->psk_identity_hint == NULL)
s->cert->psk_i...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4198 return 0;
never executed: return 0;
0
4199 } else
never executed: end of block
0
4200 s->cert->psk_identity_hint = NULL;
never executed: s->cert->psk_identity_hint = ((void *)0) ;
0
4201 return 1;
never executed: return 1;
0
4202}-
4203-
4204const char *SSL_get_psk_identity_hint(const SSL *s)-
4205{-
4206 if (s == NULL || s->session == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
s->session == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4207 return NULL;
never executed: return ((void *)0) ;
0
4208 return s->session->psk_identity_hint;
never executed: return s->session->psk_identity_hint;
0
4209}-
4210-
4211const char *SSL_get_psk_identity(const SSL *s)-
4212{-
4213 if (s == NULL || s->session == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
s->session == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4214 return NULL;
never executed: return ((void *)0) ;
0
4215 return s->session->psk_identity;
never executed: return s->session->psk_identity;
0
4216}-
4217-
4218void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)-
4219{-
4220 s->psk_client_callback = cb;-
4221}
never executed: end of block
0
4222-
4223void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)-
4224{-
4225 ctx->psk_client_callback = cb;-
4226}
executed 6 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
6
4227-
4228void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)-
4229{-
4230 s->psk_server_callback = cb;-
4231}
never executed: end of block
0
4232-
4233void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)-
4234{-
4235 ctx->psk_server_callback = cb;-
4236}
executed 8 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
8
4237#endif-
4238-
4239void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)-
4240{-
4241 s->psk_find_session_cb = cb;-
4242}
never executed: end of block
0
4243-
4244void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,-
4245 SSL_psk_find_session_cb_func cb)-
4246{-
4247 ctx->psk_find_session_cb = cb;-
4248}
executed 20 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
20
4249-
4250void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)-
4251{-
4252 s->psk_use_session_cb = cb;-
4253}
never executed: end of block
0
4254-
4255void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,-
4256 SSL_psk_use_session_cb_func cb)-
4257{-
4258 ctx->psk_use_session_cb = cb;-
4259}
executed 20 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
20
4260-
4261void SSL_CTX_set_msg_callback(SSL_CTX *ctx,-
4262 void (*cb) (int write_p, int version,-
4263 int content_type, const void *buf,-
4264 size_t len, SSL *ssl, void *arg))-
4265{-
4266 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);-
4267}
never executed: end of block
0
4268-
4269void SSL_set_msg_callback(SSL *ssl,-
4270 void (*cb) (int write_p, int version,-
4271 int content_type, const void *buf,-
4272 size_t len, SSL *ssl, void *arg))-
4273{-
4274 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);-
4275}
never executed: end of block
0
4276-
4277void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,-
4278 int (*cb) (SSL *ssl,-
4279 int-
4280 is_forward_secure))-
4281{-
4282 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,-
4283 (void (*)(void))cb);-
4284}
never executed: end of block
0
4285-
4286void SSL_set_not_resumable_session_callback(SSL *ssl,-
4287 int (*cb) (SSL *ssl,-
4288 int is_forward_secure))-
4289{-
4290 SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,-
4291 (void (*)(void))cb);-
4292}
never executed: end of block
0
4293-
4294void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,-
4295 size_t (*cb) (SSL *ssl, int type,-
4296 size_t len, void *arg))-
4297{-
4298 ctx->record_padding_cb = cb;-
4299}
never executed: end of block
0
4300-
4301void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)-
4302{-
4303 ctx->record_padding_arg = arg;-
4304}
never executed: end of block
0
4305-
4306void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx)-
4307{-
4308 return ctx->record_padding_arg;
never executed: return ctx->record_padding_arg;
0
4309}-
4310-
4311int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)-
4312{-
4313 /* block size of 0 or 1 is basically no padding */-
4314 if (block_size == 1)
block_size == 1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
4315 ctx->block_padding = 0;
never executed: ctx->block_padding = 0;
0
4316 else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
block_size <= 16384Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2
4317 ctx->block_padding = block_size;
executed 2 times by 1 test: ctx->block_padding = block_size;
Executed by:
  • libssl.so.1.1
2
4318 else-
4319 return 0;
never executed: return 0;
0
4320 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
2
4321}-
4322-
4323void SSL_set_record_padding_callback(SSL *ssl,-
4324 size_t (*cb) (SSL *ssl, int type,-
4325 size_t len, void *arg))-
4326{-
4327 ssl->record_padding_cb = cb;-
4328}
never executed: end of block
0
4329-
4330void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)-
4331{-
4332 ssl->record_padding_arg = arg;-
4333}
never executed: end of block
0
4334-
4335void *SSL_get_record_padding_callback_arg(SSL *ssl)-
4336{-
4337 return ssl->record_padding_arg;
never executed: return ssl->record_padding_arg;
0
4338}-
4339-
4340int SSL_set_block_padding(SSL *ssl, size_t block_size)-
4341{-
4342 /* block size of 0 or 1 is basically no padding */-
4343 if (block_size == 1)
block_size == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
4344 ssl->block_padding = 0;
never executed: ssl->block_padding = 0;
0
4345 else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
block_size <= 16384Description
TRUEnever evaluated
FALSEnever evaluated
0
4346 ssl->block_padding = block_size;
never executed: ssl->block_padding = block_size;
0
4347 else-
4348 return 0;
never executed: return 0;
0
4349 return 1;
never executed: return 1;
0
4350}-
4351-
4352int SSL_set_num_tickets(SSL *s, size_t num_tickets)-
4353{-
4354 s->num_tickets = num_tickets;-
4355-
4356 return 1;
never executed: return 1;
0
4357}-
4358-
4359size_t SSL_get_num_tickets(SSL *s)-
4360{-
4361 return s->num_tickets;
never executed: return s->num_tickets;
0
4362}-
4363-
4364int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)-
4365{-
4366 ctx->num_tickets = num_tickets;-
4367-
4368 return 1;
executed 18 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
18
4369}-
4370-
4371size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx)-
4372{-
4373 return ctx->num_tickets;
never executed: return ctx->num_tickets;
0
4374}-
4375-
4376/*-
4377 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer-
4378 * variable, freeing EVP_MD_CTX previously stored in that variable, if any.-
4379 * If EVP_MD pointer is passed, initializes ctx with this |md|.-
4380 * Returns the newly allocated ctx;-
4381 */-
4382-
4383EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)-
4384{-
4385 ssl_clear_hash_ctx(hash);-
4386 *hash = EVP_MD_CTX_new();-
4387 if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
*hash == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4632 times by 1 test
Evaluated by:
  • libssl.so.1.1
mdDescription
TRUEnever evaluated
FALSEevaluated 4632 times by 1 test
Evaluated by:
  • libssl.so.1.1
EVP_DigestInit...id *)0) ) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0-4632
4388 EVP_MD_CTX_free(*hash);-
4389 *hash = NULL;-
4390 return NULL;
never executed: return ((void *)0) ;
0
4391 }-
4392 return *hash;
executed 4632 times by 1 test: return *hash;
Executed by:
  • libssl.so.1.1
4632
4393}-
4394-
4395void ssl_clear_hash_ctx(EVP_MD_CTX **hash)-
4396{-
4397-
4398 EVP_MD_CTX_free(*hash);-
4399 *hash = NULL;-
4400}
executed 69892 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
69892
4401-
4402/* Retrieve handshake hashes */-
4403int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,-
4404 size_t *hashlen)-
4405{-
4406 EVP_MD_CTX *ctx = NULL;-
4407 EVP_MD_CTX *hdgst = s->s3->handshake_dgst;-
4408 int hashleni = EVP_MD_CTX_size(hdgst);-
4409 int ret = 0;-
4410-
4411 if (hashleni < 0 || (size_t)hashleni > outlen) {
hashleni < 0Description
TRUEnever evaluated
FALSEevaluated 16947 times by 1 test
Evaluated by:
  • libssl.so.1.1
(size_t)hashleni > outlenDescription
TRUEnever evaluated
FALSEevaluated 16947 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-16947
4412 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,-
4413 ERR_R_INTERNAL_ERROR);-
4414 goto err;
never executed: goto err;
0
4415 }-
4416-
4417 ctx = EVP_MD_CTX_new();-
4418 if (ctx == NULL)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 16947 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-16947
4419 goto err;
never executed: goto err;
0
4420-
4421 if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
!EVP_MD_CTX_co...ex(ctx, hdgst)Description
TRUEnever evaluated
FALSEevaluated 16947 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-16947
4422 || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
EVP_DigestFina...id *)0) ) <= 0Description
TRUEnever evaluated
FALSEevaluated 16947 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-16947
4423 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,-
4424 ERR_R_INTERNAL_ERROR);-
4425 goto err;
never executed: goto err;
0
4426 }-
4427-
4428 *hashlen = hashleni;-
4429-
4430 ret = 1;-
4431 err:
code before this statement executed 16947 times by 1 test: err:
Executed by:
  • libssl.so.1.1
16947
4432 EVP_MD_CTX_free(ctx);-
4433 return ret;
executed 16947 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
16947
4434}-
4435-
4436int SSL_session_reused(SSL *s)-
4437{-
4438 return s->hit;
executed 3001 times by 1 test: return s->hit;
Executed by:
  • libssl.so.1.1
3001
4439}-
4440-
4441int SSL_is_server(const SSL *s)-
4442{-
4443 return s->server;
executed 1759 times by 1 test: return s->server;
Executed by:
  • libssl.so.1.1
1759
4444}-
4445-
4446#if OPENSSL_API_COMPAT < 0x10100000L-
4447void SSL_set_debug(SSL *s, int debug)-
4448{-
4449 /* Old function was do-nothing anyway... */-
4450 (void)s;-
4451 (void)debug;-
4452}
never executed: end of block
0
4453#endif-
4454-
4455void SSL_set_security_level(SSL *s, int level)-
4456{-
4457 s->cert->sec_level = level;-
4458}
never executed: end of block
0
4459-
4460int SSL_get_security_level(const SSL *s)-
4461{-
4462 return s->cert->sec_level;
executed 675070 times by 1 test: return s->cert->sec_level;
Executed by:
  • libssl.so.1.1
675070
4463}-
4464-
4465void SSL_set_security_callback(SSL *s,-
4466 int (*cb) (const SSL *s, const SSL_CTX *ctx,-
4467 int op, int bits, int nid,-
4468 void *other, void *ex))-
4469{-
4470 s->cert->sec_cb = cb;-
4471}
never executed: end of block
0
4472-
4473int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,-
4474 const SSL_CTX *ctx, int op,-
4475 int bits, int nid, void *other,-
4476 void *ex) {-
4477 return s->cert->sec_cb;
never executed: return s->cert->sec_cb;
0
4478}-
4479-
4480void SSL_set0_security_ex_data(SSL *s, void *ex)-
4481{-
4482 s->cert->sec_ex = ex;-
4483}
never executed: end of block
0
4484-
4485void *SSL_get0_security_ex_data(const SSL *s)-
4486{-
4487 return s->cert->sec_ex;
never executed: return s->cert->sec_ex;
0
4488}-
4489-
4490void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)-
4491{-
4492 ctx->cert->sec_level = level;-
4493}
executed 358 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
358
4494-
4495int SSL_CTX_get_security_level(const SSL_CTX *ctx)-
4496{-
4497 return ctx->cert->sec_level;
executed 16365 times by 1 test: return ctx->cert->sec_level;
Executed by:
  • libssl.so.1.1
16365
4498}-
4499-
4500void SSL_CTX_set_security_callback(SSL_CTX *ctx,-
4501 int (*cb) (const SSL *s, const SSL_CTX *ctx,-
4502 int op, int bits, int nid,-
4503 void *other, void *ex))-
4504{-
4505 ctx->cert->sec_cb = cb;-
4506}
never executed: end of block
0
4507-
4508int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,-
4509 const SSL_CTX *ctx,-
4510 int op, int bits,-
4511 int nid,-
4512 void *other,-
4513 void *ex) {-
4514 return ctx->cert->sec_cb;
never executed: return ctx->cert->sec_cb;
0
4515}-
4516-
4517void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)-
4518{-
4519 ctx->cert->sec_ex = ex;-
4520}
never executed: end of block
0
4521-
4522void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)-
4523{-
4524 return ctx->cert->sec_ex;
never executed: return ctx->cert->sec_ex;
0
4525}-
4526-
4527/*-
4528 * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that-
4529 * can return unsigned long, instead of the generic long return value from the-
4530 * control interface.-
4531 */-
4532unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)-
4533{-
4534 return ctx->options;
executed 17 times by 1 test: return ctx->options;
Executed by:
  • libssl.so.1.1
17
4535}-
4536-
4537unsigned long SSL_get_options(const SSL *s)-
4538{-
4539 return s->options;
executed 8252 times by 1 test: return s->options;
Executed by:
  • libssl.so.1.1
8252
4540}-
4541-
4542unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)-
4543{-
4544 return ctx->options |= op;
executed 28 times by 1 test: return ctx->options |= op;
Executed by:
  • libssl.so.1.1
28
4545}-
4546-
4547unsigned long SSL_set_options(SSL *s, unsigned long op)-
4548{-
4549 return s->options |= op;
executed 28 times by 1 test: return s->options |= op;
Executed by:
  • libssl.so.1.1
28
4550}-
4551-
4552unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)-
4553{-
4554 return ctx->options &= ~op;
executed 12 times by 1 test: return ctx->options &= ~op;
Executed by:
  • libssl.so.1.1
12
4555}-
4556-
4557unsigned long SSL_clear_options(SSL *s, unsigned long op)-
4558{-
4559 return s->options &= ~op;
executed 17 times by 1 test: return s->options &= ~op;
Executed by:
  • libssl.so.1.1
17
4560}-
4561-
4562STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)-
4563{-
4564 return s->verified_chain;
never executed: return s->verified_chain;
0
4565}-
4566-
4567IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
executed 772058 times by 2 tests: return ssl_cipher_id_cmp(a,b);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
executed 185106 times by 2 tests: return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER), ssl_cipher_id_cmp_BSEARCH_CMP_FN);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
185106-772058
4568-
4569#ifndef OPENSSL_NO_CT-
4570-
4571/*-
4572 * Moves SCTs from the |src| stack to the |dst| stack.-
4573 * The source of each SCT will be set to |origin|.-
4574 * If |dst| points to a NULL pointer, a new stack will be created and owned by-
4575 * the caller.-
4576 * Returns the number of SCTs moved, or a negative integer if an error occurs.-
4577 */-
4578static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,-
4579 sct_source_t origin)-
4580{-
4581 int scts_moved = 0;-
4582 SCT *sct = NULL;-
4583-
4584 if (*dst == NULL) {
*dst == ((void *)0)Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
5-9
4585 *dst = sk_SCT_new_null();-
4586 if (*dst == NULL) {
*dst == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9
4587 SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);-
4588 goto err;
never executed: goto err;
0
4589 }-
4590 }
executed 9 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
9
4591-
4592 while ((sct = sk_SCT_pop(src)) != NULL) {
(sct = sk_SCT_...!= ((void *)0)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 14 times by 1 test
Evaluated by:
  • libssl.so.1.1
6-14
4593 if (SCT_set_source(sct, origin) != 1)
SCT_set_source..., origin) != 1Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
4594 goto err;
never executed: goto err;
0
4595-
4596 if (sk_SCT_push(*dst, sct) <= 0)
sk_SCT_push(*dst, sct) <= 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
4597 goto err;
never executed: goto err;
0
4598 scts_moved += 1;-
4599 }
executed 6 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
6
4600-
4601 return scts_moved;
executed 14 times by 1 test: return scts_moved;
Executed by:
  • libssl.so.1.1
14
4602 err:-
4603 if (sct != NULL)
sct != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4604 sk_SCT_push(src, sct); /* Put the SCT back */
never executed: sk_SCT_push(src, sct);
0
4605 return -1;
never executed: return -1;
0
4606}-
4607-
4608/*-
4609 * Look for data collected during ServerHello and parse if found.-
4610 * Returns the number of SCTs extracted.-
4611 */-
4612static int ct_extract_tls_extension_scts(SSL *s)-
4613{-
4614 int scts_extracted = 0;-
4615-
4616 if (s->ext.scts != NULL) {
s->ext.scts != ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-7
4617 const unsigned char *p = s->ext.scts;-
4618 STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);-
4619-
4620 scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);-
4621-
4622 SCT_LIST_free(scts);-
4623 }
executed 2 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2
4624-
4625 return scts_extracted;
executed 9 times by 1 test: return scts_extracted;
Executed by:
  • libssl.so.1.1
9
4626}-
4627-
4628/*-
4629 * Checks for an OCSP response and then attempts to extract any SCTs found if it-
4630 * contains an SCT X509 extension. They will be stored in |s->scts|.-
4631 * Returns:-
4632 * - The number of SCTs extracted, assuming an OCSP response exists.-
4633 * - 0 if no OCSP response exists or it contains no SCTs.-
4634 * - A negative integer if an error occurs.-
4635 */-
4636static int ct_extract_ocsp_response_scts(SSL *s)-
4637{-
4638# ifndef OPENSSL_NO_OCSP-
4639 int scts_extracted = 0;-
4640 const unsigned char *p;-
4641 OCSP_BASICRESP *br = NULL;-
4642 OCSP_RESPONSE *rsp = NULL;-
4643 STACK_OF(SCT) *scts = NULL;-
4644 int i;-
4645-
4646 if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
s->ext.ocsp.re...== ((void *)0)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->ext.ocsp.resp_len == 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
4647 goto err;
executed 6 times by 1 test: goto err;
Executed by:
  • libssl.so.1.1
6
4648-
4649 p = s->ext.ocsp.resp;-
4650 rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);-
4651 if (rsp == NULL)
rsp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
4652 goto err;
never executed: goto err;
0
4653-
4654 br = OCSP_response_get1_basic(rsp);-
4655 if (br == NULL)
br == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
4656 goto err;
never executed: goto err;
0
4657-
4658 for (i = 0; i < OCSP_resp_count(br); ++i) {
i < OCSP_resp_count(br)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
3
4659 OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);-
4660-
4661 if (single == NULL)
single == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
4662 continue;
never executed: continue;
0
4663-
4664 scts =-
4665 OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);-
4666 scts_extracted =-
4667 ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);-
4668 if (scts_extracted < 0)
scts_extracted < 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
4669 goto err;
never executed: goto err;
0
4670 }
executed 3 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3
4671 err:
code before this statement executed 3 times by 1 test: err:
Executed by:
  • libssl.so.1.1
3
4672 SCT_LIST_free(scts);-
4673 OCSP_BASICRESP_free(br);-
4674 OCSP_RESPONSE_free(rsp);-
4675 return scts_extracted;
executed 9 times by 1 test: return scts_extracted;
Executed by:
  • libssl.so.1.1
9
4676# else-
4677 /* Behave as if no OCSP response exists */-
4678 return 0;-
4679# endif-
4680}-
4681-
4682/*-
4683 * Attempts to extract SCTs from the peer certificate.-
4684 * Return the number of SCTs extracted, or a negative integer if an error-
4685 * occurs.-
4686 */-
4687static int ct_extract_x509v3_extension_scts(SSL *s)-
4688{-
4689 int scts_extracted = 0;-
4690 X509 *cert = s->session != NULL ? s->session->peer : NULL;
s->session != ((void *)0)Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-9
4691-
4692 if (cert != NULL) {
cert != ((void *)0)Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-9
4693 STACK_OF(SCT) *scts =-
4694 X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);-
4695-
4696 scts_extracted =-
4697 ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);-
4698-
4699 SCT_LIST_free(scts);-
4700 }
executed 9 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
9
4701-
4702 return scts_extracted;
executed 9 times by 1 test: return scts_extracted;
Executed by:
  • libssl.so.1.1
9
4703}-
4704-
4705/*-
4706 * Attempts to find all received SCTs by checking TLS extensions, the OCSP-
4707 * response (if it exists) and X509v3 extensions in the certificate.-
4708 * Returns NULL if an error occurs.-
4709 */-
4710const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)-
4711{-
4712 if (!s->scts_parsed) {
!s->scts_parsedDescription
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-9
4713 if (ct_extract_tls_extension_scts(s) < 0 ||
ct_extract_tls...on_scts(s) < 0Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9
4714 ct_extract_ocsp_response_scts(s) < 0 ||
ct_extract_ocs...se_scts(s) < 0Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9
4715 ct_extract_x509v3_extension_scts(s) < 0)
ct_extract_x50...on_scts(s) < 0Description
TRUEnever evaluated
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-9
4716 goto err;
never executed: goto err;
0
4717-
4718 s->scts_parsed = 1;-
4719 }
executed 9 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
9
4720 return s->scts;
executed 9 times by 1 test: return s->scts;
Executed by:
  • libssl.so.1.1
9
4721 err:-
4722 return NULL;
never executed: return ((void *)0) ;
0
4723}-
4724-
4725static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,-
4726 const STACK_OF(SCT) *scts, void *unused_arg)-
4727{-
4728 return 1;
executed 3 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
3
4729}-
4730-
4731static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,-
4732 const STACK_OF(SCT) *scts, void *unused_arg)-
4733{-
4734 int count = scts != NULL ? sk_SCT_num(scts) : 0;
scts != ((void *)0)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3
4735 int i;-
4736-
4737 for (i = 0; i < count; ++i) {
i < countDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1-2
4738 SCT *sct = sk_SCT_value(scts, i);-
4739 int status = SCT_get_validation_status(sct);-
4740-
4741 if (status == SCT_VALIDATION_STATUS_VALID)
status == SCT_...N_STATUS_VALIDDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2
4742 return 1;
executed 2 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
2
4743 }
never executed: end of block
0
4744 SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);-
4745 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • libssl.so.1.1
1
4746}-
4747-
4748int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,-
4749 void *arg)-
4750{-
4751 /*-
4752 * Since code exists that uses the custom extension handler for CT, look-
4753 * for this and throw an error if they have already registered to use CT.-
4754 */-
4755 if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
callback != ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8243 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
SSL_CTX_has_cl...xt(s->ctx, 18)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-8243
4756 TLSEXT_TYPE_signed_certificate_timestamp))
SSL_CTX_has_cl...xt(s->ctx, 18)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
4757 {-
4758 SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,-
4759 SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);-
4760 return 0;
never executed: return 0;
0
4761 }-
4762-
4763 if (callback != NULL) {
callback != ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8243 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
11-8243
4764 /*-
4765 * If we are validating CT, then we MUST accept SCTs served via OCSP-
4766 */-
4767 if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
!SSL_ctrl(s,65... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
4768 return 0;
never executed: return 0;
0
4769 }
executed 11 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
11
4770-
4771 s->ct_validation_callback = callback;-
4772 s->ct_validation_callback_arg = arg;-
4773-
4774 return 1;
executed 8254 times by 2 tests: return 1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8254
4775}-
4776-
4777int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,-
4778 ssl_ct_validation_cb callback, void *arg)-
4779{-
4780 /*-
4781 * Since code exists that uses the custom extension handler for CT, look for-
4782 * this and throw an error if they have already registered to use CT.-
4783 */-
4784 if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
callback != ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
SSL_CTX_has_cl...m_ext(ctx, 18)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
4785 TLSEXT_TYPE_signed_certificate_timestamp))
SSL_CTX_has_cl...m_ext(ctx, 18)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
4786 {-
4787 SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,-
4788 SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);-
4789 return 0;
never executed: return 0;
0
4790 }-
4791-
4792 ctx->ct_validation_callback = callback;-
4793 ctx->ct_validation_callback_arg = arg;-
4794 return 1;
executed 11 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
11
4795}-
4796-
4797int SSL_ct_is_enabled(const SSL *s)-
4798{-
4799 return s->ct_validation_callback != NULL;
executed 120 times by 1 test: return s->ct_validation_callback != ((void *)0) ;
Executed by:
  • libssl.so.1.1
120
4800}-
4801-
4802int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)-
4803{-
4804 return ctx->ct_validation_callback != NULL;
executed 15 times by 1 test: return ctx->ct_validation_callback != ((void *)0) ;
Executed by:
  • libssl.so.1.1
15
4805}-
4806-
4807int ssl_validate_ct(SSL *s)-
4808{-
4809 int ret = 0;-
4810 X509 *cert = s->session != NULL ? s->session->peer : NULL;
s->session != ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-11
4811 X509 *issuer;-
4812 SSL_DANE *dane = &s->dane;-
4813 CT_POLICY_EVAL_CTX *ctx = NULL;-
4814 const STACK_OF(SCT) *scts;-
4815-
4816 /*-
4817 * If no callback is set, the peer is anonymous, or its chain is invalid,-
4818 * skip SCT validation - just return success. Applications that continue-
4819 * handshakes without certificates, with unverified chains, or pinned leaf-
4820 * certificates are outside the scope of the WebPKI and CT.-
4821 *-
4822 * The above exclusions notwithstanding the vast majority of peers will-
4823 * have rather ordinary certificate chains validated by typical-
4824 * applications that perform certificate verification and therefore will-
4825 * process SCTs when enabled.-
4826 */-
4827 if (s->ct_validation_callback == NULL || cert == NULL ||
s->ct_validati...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
cert == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
4828 s->verify_result != X509_V_OK ||
s->verify_result != 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
3-8
4829 s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
s->verified_ch...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
sk_X509_num(s-...ed_chain) <= 1Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
4830 return 1;
executed 5 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
5
4831-
4832 /*-
4833 * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)-
4834 * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2-
4835 */-
4836 if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
(dane) != ((void *)0)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
sk_danetls_rec...e)->trecs) > 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
dane->mtlsa != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-6
4837 switch (dane->mtlsa->usage) {-
4838 case DANETLS_USAGE_DANE_TA:
never executed: case 2:
0
4839 case DANETLS_USAGE_DANE_EE:
never executed: case 3:
0
4840 return 1;
never executed: return 1;
0
4841 }-
4842 }
never executed: end of block
0
4843-
4844 ctx = CT_POLICY_EVAL_CTX_new();-
4845 if (ctx == NULL) {
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
4846 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,-
4847 ERR_R_MALLOC_FAILURE);-
4848 goto end;
never executed: goto end;
0
4849 }-
4850-
4851 issuer = sk_X509_value(s->verified_chain, 1);-
4852 CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);-
4853 CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);-
4854 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);-
4855 CT_POLICY_EVAL_CTX_set_time(-
4856 ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);-
4857-
4858 scts = SSL_get0_peer_scts(s);-
4859-
4860 /*-
4861 * This function returns success (> 0) only when all the SCTs are valid, 0-
4862 * when some are invalid, and < 0 on various internal errors (out of-
4863 * memory, etc.). Having some, or even all, invalid SCTs is not sufficient-
4864 * reason to abort the handshake, that decision is up to the callback.-
4865 * Therefore, we error out only in the unexpected case that the return-
4866 * value is negative.-
4867 *-
4868 * XXX: One might well argue that the return value of this function is an-
4869 * unfortunate design choice. Its job is only to determine the validation-
4870 * status of each of the provided SCTs. So long as it correctly separates-
4871 * the wheat from the chaff it should return success. Failure in this case-
4872 * ought to correspond to an inability to carry out its duties.-
4873 */-
4874 if (SCT_LIST_validate(scts, ctx) < 0) {
SCT_LIST_valid...scts, ctx) < 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
4875 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,-
4876 SSL_R_SCT_VERIFICATION_FAILED);-
4877 goto end;
never executed: goto end;
0
4878 }-
4879-
4880 ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);-
4881 if (ret < 0)
ret < 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
4882 ret = 0; /* This function returns 0 on failure */
never executed: ret = 0;
0
4883 if (!ret)
!retDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-5
4884 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
executed 1 time by 1 test: ossl_statem_fatal((s), (40), (400), (234), __FILE__ , 4885 ) ;
Executed by:
  • libssl.so.1.1
1
4885 SSL_R_CALLBACK_FAILED);
executed 1 time by 1 test: ossl_statem_fatal((s), (40), (400), (234), __FILE__ , 4885 ) ;
Executed by:
  • libssl.so.1.1
1
4886-
4887 end:
code before this statement executed 6 times by 1 test: end:
Executed by:
  • libssl.so.1.1
6
4888 CT_POLICY_EVAL_CTX_free(ctx);-
4889 /*-
4890 * With SSL_VERIFY_NONE the session may be cached and re-used despite a-
4891 * failure return code here. Also the application may wish the complete-
4892 * the handshake, and then disconnect cleanly at a higher layer, after-
4893 * checking the verification status of the completed connection.-
4894 *-
4895 * We therefore force a certificate verification failure which will be-
4896 * visible via SSL_get_verify_result() and cached as part of any resumed-
4897 * session.-
4898 *-
4899 * Note: the permissive callback is for information gathering only, always-
4900 * returns success, and does not affect verification status. Only the-
4901 * strict callback or a custom application-specified callback can trigger-
4902 * connection failure or record a verification error.-
4903 */-
4904 if (ret <= 0)
ret <= 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-5
4905 s->verify_result = X509_V_ERR_NO_VALID_SCTS;
executed 1 time by 1 test: s->verify_result = 71;
Executed by:
  • libssl.so.1.1
1
4906 return ret;
executed 6 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
6
4907}-
4908-
4909int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)-
4910{-
4911 switch (validation_mode) {-
4912 default:
never executed: default:
0
4913 SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);-
4914 return 0;
never executed: return 0;
0
4915 case SSL_CT_VALIDATION_PERMISSIVE:
executed 7 times by 1 test: case SSL_CT_VALIDATION_PERMISSIVE:
Executed by:
  • libssl.so.1.1
7
4916 return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
executed 7 times by 1 test: return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, ((void *)0) );
Executed by:
  • libssl.so.1.1
7
4917 case SSL_CT_VALIDATION_STRICT:
executed 4 times by 1 test: case SSL_CT_VALIDATION_STRICT:
Executed by:
  • libssl.so.1.1
4
4918 return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
executed 4 times by 1 test: return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, ((void *)0) );
Executed by:
  • libssl.so.1.1
4
4919 }-
4920}-
4921-
4922int SSL_enable_ct(SSL *s, int validation_mode)-
4923{-
4924 switch (validation_mode) {-
4925 default:
never executed: default:
0
4926 SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);-
4927 return 0;
never executed: return 0;
0
4928 case SSL_CT_VALIDATION_PERMISSIVE:
never executed: case SSL_CT_VALIDATION_PERMISSIVE:
0
4929 return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
never executed: return SSL_set_ct_validation_callback(s, ct_permissive, ((void *)0) );
0
4930 case SSL_CT_VALIDATION_STRICT:
never executed: case SSL_CT_VALIDATION_STRICT:
0
4931 return SSL_set_ct_validation_callback(s, ct_strict, NULL);
never executed: return SSL_set_ct_validation_callback(s, ct_strict, ((void *)0) );
0
4932 }-
4933}-
4934-
4935int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)-
4936{-
4937 return CTLOG_STORE_load_default_file(ctx->ctlog_store);
executed 1758 times by 1 test: return CTLOG_STORE_load_default_file(ctx->ctlog_store);
Executed by:
  • libssl.so.1.1
1758
4938}-
4939-
4940int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)-
4941{-
4942 return CTLOG_STORE_load_file(ctx->ctlog_store, path);
never executed: return CTLOG_STORE_load_file(ctx->ctlog_store, path);
0
4943}-
4944-
4945void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)-
4946{-
4947 CTLOG_STORE_free(ctx->ctlog_store);-
4948 ctx->ctlog_store = logs;-
4949}
never executed: end of block
0
4950-
4951const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)-
4952{-
4953 return ctx->ctlog_store;
executed 1 time by 1 test: return ctx->ctlog_store;
Executed by:
  • libssl.so.1.1
1
4954}-
4955-
4956#endif /* OPENSSL_NO_CT */-
4957-
4958void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,-
4959 void *arg)-
4960{-
4961 c->client_hello_cb = cb;-
4962 c->client_hello_cb_arg = arg;-
4963}
executed 4 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
4
4964-
4965int SSL_client_hello_isv2(SSL *s)-
4966{-
4967 if (s->clienthello == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4968 return 0;
never executed: return 0;
0
4969 return s->clienthello->isv2;
never executed: return s->clienthello->isv2;
0
4970}-
4971-
4972unsigned int SSL_client_hello_get0_legacy_version(SSL *s)-
4973{-
4974 if (s->clienthello == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
4975 return 0;
never executed: return 0;
0
4976 return s->clienthello->legacy_version;
executed 1 time by 1 test: return s->clienthello->legacy_version;
Executed by:
  • libssl.so.1.1
1
4977}-
4978-
4979size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)-
4980{-
4981 if (s->clienthello == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
4982 return 0;
never executed: return 0;
0
4983 if (out != NULL)
out != ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1
4984 *out = s->clienthello->random;
executed 1 time by 1 test: *out = s->clienthello->random;
Executed by:
  • libssl.so.1.1
1
4985 return SSL3_RANDOM_SIZE;
executed 1 time by 1 test: return 32;
Executed by:
  • libssl.so.1.1
1
4986}-
4987-
4988size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)-
4989{-
4990 if (s->clienthello == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
4991 return 0;
never executed: return 0;
0
4992 if (out != NULL)
out != ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1
4993 *out = s->clienthello->session_id;
executed 1 time by 1 test: *out = s->clienthello->session_id;
Executed by:
  • libssl.so.1.1
1
4994 return s->clienthello->session_id_len;
executed 1 time by 1 test: return s->clienthello->session_id_len;
Executed by:
  • libssl.so.1.1
1
4995}-
4996-
4997size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)-
4998{-
4999 if (s->clienthello == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
5000 return 0;
never executed: return 0;
0
5001 if (out != NULL)
out != ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2
5002 *out = PACKET_data(&s->clienthello->ciphersuites);
executed 2 times by 1 test: *out = PACKET_data(&s->clienthello->ciphersuites);
Executed by:
  • libssl.so.1.1
2
5003 return PACKET_remaining(&s->clienthello->ciphersuites);
executed 2 times by 1 test: return PACKET_remaining(&s->clienthello->ciphersuites);
Executed by:
  • libssl.so.1.1
2
5004}-
5005-
5006size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)-
5007{-
5008 if (s->clienthello == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2
5009 return 0;
never executed: return 0;
0
5010 if (out != NULL)
out != ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2
5011 *out = s->clienthello->compressions;
executed 2 times by 1 test: *out = s->clienthello->compressions;
Executed by:
  • libssl.so.1.1
2
5012 return s->clienthello->compressions_len;
executed 2 times by 1 test: return s->clienthello->compressions_len;
Executed by:
  • libssl.so.1.1
2
5013}-
5014-
5015int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)-
5016{-
5017 RAW_EXTENSION *ext;-
5018 int *present;-
5019 size_t num = 0, i;-
5020-
5021 if (s->clienthello == NULL || out == NULL || outlen == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
out == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
outlen == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
5022 return 0;
never executed: return 0;
0
5023 for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
i < s->clienth..._proc_exts_lenDescription
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1-26
5024 ext = s->clienthello->pre_proc_exts + i;-
5025 if (ext->present)
ext->presentDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 20 times by 1 test
Evaluated by:
  • libssl.so.1.1
6-20
5026 num++;
executed 6 times by 1 test: num++;
Executed by:
  • libssl.so.1.1
6
5027 }
executed 26 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
26
5028 if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
(present = CRY...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
5029 SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,-
5030 ERR_R_MALLOC_FAILURE);-
5031 return 0;
never executed: return 0;
0
5032 }-
5033 for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
i < s->clienth..._proc_exts_lenDescription
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1-26
5034 ext = s->clienthello->pre_proc_exts + i;-
5035 if (ext->present) {
ext->presentDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 20 times by 1 test
Evaluated by:
  • libssl.so.1.1
6-20
5036 if (ext->received_order >= num)
ext->received_order >= numDescription
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
5037 goto err;
never executed: goto err;
0
5038 present[ext->received_order] = ext->type;-
5039 }
executed 6 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
6
5040 }
executed 26 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
26
5041 *out = present;-
5042 *outlen = num;-
5043 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libssl.so.1.1
1
5044 err:-
5045 OPENSSL_free(present);-
5046 return 0;
never executed: return 0;
0
5047}-
5048-
5049int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,-
5050 size_t *outlen)-
5051{-
5052 size_t i;-
5053 RAW_EXTENSION *r;-
5054-
5055 if (s->clienthello == NULL)
s->clienthello == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
5056 return 0;
never executed: return 0;
0
5057 for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
i < s->clienth..._proc_exts_lenDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-6
5058 r = s->clienthello->pre_proc_exts + i;-
5059 if (r->present && r->type == type) {
r->presentDescription
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
r->type == typeDescription
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3
5060 if (out != NULL)
out != ((void *)0)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3
5061 *out = PACKET_data(&r->data);
executed 3 times by 1 test: *out = PACKET_data(&r->data);
Executed by:
  • libssl.so.1.1
3
5062 if (outlen != NULL)
outlen != ((void *)0)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3
5063 *outlen = PACKET_remaining(&r->data);
executed 3 times by 1 test: *outlen = PACKET_remaining(&r->data);
Executed by:
  • libssl.so.1.1
3
5064 return 1;
executed 3 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
3
5065 }-
5066 }
executed 3 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3
5067 return 0;
never executed: return 0;
0
5068}-
5069-
5070int SSL_free_buffers(SSL *ssl)-
5071{-
5072 RECORD_LAYER *rl = &ssl->rlayer;-
5073-
5074 if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
RECORD_LAYER_read_pending(rl)Description
TRUEnever evaluated
FALSEevaluated 42 times by 1 test
Evaluated by:
  • libssl.so.1.1
RECORD_LAYER_write_pending(rl)Description
TRUEnever evaluated
FALSEevaluated 42 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-42
5075 return 0;
never executed: return 0;
0
5076-
5077 RECORD_LAYER_release(rl);-
5078 return 1;
executed 42 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
42
5079}-
5080-
5081int SSL_alloc_buffers(SSL *ssl)-
5082{-
5083 return ssl3_setup_buffers(ssl);
executed 30 times by 1 test: return ssl3_setup_buffers(ssl);
Executed by:
  • libssl.so.1.1
30
5084}-
5085-
5086void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)-
5087{-
5088 ctx->keylog_callback = cb;-
5089}
executed 4 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
4
5090-
5091SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)-
5092{-
5093 return ctx->keylog_callback;
executed 8 times by 1 test: return ctx->keylog_callback;
Executed by:
  • libssl.so.1.1
8
5094}-
5095-
5096static int nss_keylog_int(const char *prefix,-
5097 SSL *ssl,-
5098 const uint8_t *parameter_1,-
5099 size_t parameter_1_len,-
5100 const uint8_t *parameter_2,-
5101 size_t parameter_2_len)-
5102{-
5103 char *out = NULL;-
5104 char *cursor = NULL;-
5105 size_t out_len = 0;-
5106 size_t i;-
5107 size_t prefix_len;-
5108-
5109 if (ssl->ctx->keylog_callback == NULL) return 1;
executed 9950 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
ssl->ctx->keyl...== ((void *)0)Description
TRUEevaluated 9950 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libssl.so.1.1
27-9950
5110-
5111 /*-
5112 * Our output buffer will contain the following strings, rendered with-
5113 * space characters in between, terminated by a NULL character: first the-
5114 * prefix, then the first parameter, then the second parameter. The-
5115 * meaning of each parameter depends on the specific key material being-
5116 * logged. Note that the first and second parameters are encoded in-
5117 * hexadecimal, so we need a buffer that is twice their lengths.-
5118 */-
5119 prefix_len = strlen(prefix);-
5120 out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;-
5121 if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
(out = cursor ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-27
5122 SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,-
5123 ERR_R_MALLOC_FAILURE);-
5124 return 0;
never executed: return 0;
0
5125 }-
5126-
5127 strcpy(cursor, prefix);-
5128 cursor += prefix_len;-
5129 *cursor++ = ' ';-
5130-
5131 for (i = 0; i < parameter_1_len; i++) {
i < parameter_1_lenDescription
TRUEevaluated 840 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libssl.so.1.1
27-840
5132 sprintf(cursor, "%02x", parameter_1[i]);-
5133 cursor += 2;-
5134 }
executed 840 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
840
5135 *cursor++ = ' ';-
5136-
5137 for (i = 0; i < parameter_2_len; i++) {
i < parameter_2_lenDescription
TRUEevaluated 1296 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libssl.so.1.1
27-1296
5138 sprintf(cursor, "%02x", parameter_2[i]);-
5139 cursor += 2;-
5140 }
executed 1296 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1296
5141 *cursor = '\0';-
5142-
5143 ssl->ctx->keylog_callback(ssl, (const char *)out);-
5144 OPENSSL_free(out);-
5145 return 1;
executed 27 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
27
5146-
5147}-
5148-
5149int ssl_log_rsa_client_key_exchange(SSL *ssl,-
5150 const uint8_t *encrypted_premaster,-
5151 size_t encrypted_premaster_len,-
5152 const uint8_t *premaster,-
5153 size_t premaster_len)-
5154{-
5155 if (encrypted_premaster_len < 8) {
encrypted_premaster_len < 8Description
TRUEnever evaluated
FALSEevaluated 424 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-424
5156 SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,-
5157 SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);-
5158 return 0;
never executed: return 0;
0
5159 }-
5160-
5161 /* We only want the first 8 bytes of the encrypted premaster as a tag. */-
5162 return nss_keylog_int("RSA",
executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);
Executed by:
  • libssl.so.1.1
424
5163 ssl,
executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);
Executed by:
  • libssl.so.1.1
424
5164 encrypted_premaster,
executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);
Executed by:
  • libssl.so.1.1
424
5165 8,
executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);
Executed by:
  • libssl.so.1.1
424
5166 premaster,
executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);
Executed by:
  • libssl.so.1.1
424
5167 premaster_len);
executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);
Executed by:
  • libssl.so.1.1
424
5168}-
5169-
5170int ssl_log_secret(SSL *ssl,-
5171 const char *label,-
5172 const uint8_t *secret,-
5173 size_t secret_len)-
5174{-
5175 return nss_keylog_int(label,
executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);
Executed by:
  • libssl.so.1.1
9553
5176 ssl,
executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);
Executed by:
  • libssl.so.1.1
9553
5177 ssl->s3->client_random,
executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);
Executed by:
  • libssl.so.1.1
9553
5178 SSL3_RANDOM_SIZE,
executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);
Executed by:
  • libssl.so.1.1
9553
5179 secret,
executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);
Executed by:
  • libssl.so.1.1
9553
5180 secret_len);
executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);
Executed by:
  • libssl.so.1.1
9553
5181}-
5182-
5183#define SSLV2_CIPHER_LEN 3-
5184-
5185int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)-
5186{-
5187 int n;-
5188-
5189 n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
sslv2formatDescription
TRUEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3077 times by 1 test
Evaluated by:
  • libssl.so.1.1
53-3077
5190-
5191 if (PACKET_remaining(cipher_suites) == 0) {
PACKET_remaini...r_suites) == 0Description
TRUEnever evaluated
FALSEevaluated 3130 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3130
5192 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,-
5193 SSL_R_NO_CIPHERS_SPECIFIED);-
5194 return 0;
never executed: return 0;
0
5195 }-
5196-
5197 if (PACKET_remaining(cipher_suites) % n != 0) {
PACKET_remaini...ites) % n != 0Description
TRUEnever evaluated
FALSEevaluated 3130 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3130
5198 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,-
5199 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);-
5200 return 0;
never executed: return 0;
0
5201 }-
5202-
5203 OPENSSL_free(s->s3->tmp.ciphers_raw);-
5204 s->s3->tmp.ciphers_raw = NULL;-
5205 s->s3->tmp.ciphers_rawlen = 0;-
5206-
5207 if (sslv2format) {
sslv2formatDescription
TRUEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3077 times by 1 test
Evaluated by:
  • libssl.so.1.1
53-3077
5208 size_t numciphers = PACKET_remaining(cipher_suites) / n;-
5209 PACKET sslv2ciphers = *cipher_suites;-
5210 unsigned int leadbyte;-
5211 unsigned char *raw;-
5212-
5213 /*-
5214 * We store the raw ciphers list in SSLv3+ format so we need to do some-
5215 * preprocessing to convert the list first. If there are any SSLv2 only-
5216 * ciphersuites with a non-zero leading byte then we are going to-
5217 * slightly over allocate because we won't store those. But that isn't a-
5218 * problem.-
5219 */-
5220 raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);-
5221 s->s3->tmp.ciphers_raw = raw;-
5222 if (raw == NULL) {
raw == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-53
5223 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,-
5224 ERR_R_MALLOC_FAILURE);-
5225 return 0;
never executed: return 0;
0
5226 }-
5227 for (s->s3->tmp.ciphers_rawlen = 0;-
5228 PACKET_remaining(&sslv2ciphers) > 0;
PACKET_remaini...v2ciphers) > 0Description
TRUEevaluated 1173 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 53 times by 1 test
Evaluated by:
  • libssl.so.1.1
53-1173
5229 raw += TLS_CIPHER_LEN) {-
5230 if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
!PACKET_get_1(...rs, &leadbyte)Description
TRUEnever evaluated
FALSEevaluated 1173 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1173
5231 || (leadbyte == 0
leadbyte == 0Description
TRUEevaluated 748 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 425 times by 1 test
Evaluated by:
  • libssl.so.1.1
425-748
5232 && !PACKET_copy_bytes(&sslv2ciphers, raw,
!PACKET_copy_b...phers, raw, 2)Description
TRUEnever evaluated
FALSEevaluated 748 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-748
5233 TLS_CIPHER_LEN))
!PACKET_copy_b...phers, raw, 2)Description
TRUEnever evaluated
FALSEevaluated 748 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-748
5234 || (leadbyte != 0
leadbyte != 0Description
TRUEevaluated 425 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 748 times by 1 test
Evaluated by:
  • libssl.so.1.1
425-748
5235 && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
!PACKET_forwar...lv2ciphers, 2)Description
TRUEnever evaluated
FALSEevaluated 425 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-425
5236 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,-
5237 SSL_R_BAD_PACKET);-
5238 OPENSSL_free(s->s3->tmp.ciphers_raw);-
5239 s->s3->tmp.ciphers_raw = NULL;-
5240 s->s3->tmp.ciphers_rawlen = 0;-
5241 return 0;
never executed: return 0;
0
5242 }-
5243 if (leadbyte == 0)
leadbyte == 0Description
TRUEevaluated 748 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 425 times by 1 test
Evaluated by:
  • libssl.so.1.1
425-748
5244 s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
executed 748 times by 1 test: s->s3->tmp.ciphers_rawlen += 2;
Executed by:
  • libssl.so.1.1
748
5245 }
executed 1173 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1173
5246 } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
executed 53 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
!PACKET_memdup...iphers_rawlen)Description
TRUEnever evaluated
FALSEevaluated 3077 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3077
5247 &s->s3->tmp.ciphers_rawlen)) {
!PACKET_memdup...iphers_rawlen)Description
TRUEnever evaluated
FALSEevaluated 3077 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3077
5248 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,-
5249 ERR_R_INTERNAL_ERROR);-
5250 return 0;
never executed: return 0;
0
5251 }-
5252 return 1;
executed 3130 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
3130
5253}-
5254-
5255int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,-
5256 int isv2format, STACK_OF(SSL_CIPHER) **sk,-
5257 STACK_OF(SSL_CIPHER) **scsvs)-
5258{-
5259 PACKET pkt;-
5260-
5261 if (!PACKET_buf_init(&pkt, bytes, len))
!PACKET_buf_in...t, bytes, len)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4
5262 return 0;
never executed: return 0;
0
5263 return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
executed 4 times by 1 test: return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
Executed by:
  • libssl.so.1.1
4
5264}-
5265-
5266int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,-
5267 STACK_OF(SSL_CIPHER) **skp,-
5268 STACK_OF(SSL_CIPHER) **scsvs_out,-
5269 int sslv2format, int fatal)-
5270{-
5271 const SSL_CIPHER *c;-
5272 STACK_OF(SSL_CIPHER) *sk = NULL;-
5273 STACK_OF(SSL_CIPHER) *scsvs = NULL;-
5274 int n;-
5275 /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */-
5276 unsigned char cipher[SSLV2_CIPHER_LEN];-
5277-
5278 n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
sslv2formatDescription
TRUEevaluated 54 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3080 times by 1 test
Evaluated by:
  • libssl.so.1.1
54-3080
5279-
5280 if (PACKET_remaining(cipher_suites) == 0) {
PACKET_remaini...r_suites) == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-3133
5281 if (fatal)
fatalDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-1
5282 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
never executed: ossl_statem_fatal((s), (47), (519), (183), __FILE__ , 5283 ) ;
0
5283 SSL_R_NO_CIPHERS_SPECIFIED);
never executed: ossl_statem_fatal((s), (47), (519), (183), __FILE__ , 5283 ) ;
0
5284 else-
5285 SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
executed 1 time by 1 test: ERR_put_error(20,(519),(183),__FILE__,5285);
Executed by:
  • libssl.so.1.1
1
5286 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • libssl.so.1.1
1
5287 }-
5288-
5289 if (PACKET_remaining(cipher_suites) % n != 0) {
PACKET_remaini...ites) % n != 0Description
TRUEnever evaluated
FALSEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3133
5290 if (fatal)
fatalDescription
TRUEnever evaluated
FALSEnever evaluated
0
5291 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
never executed: ossl_statem_fatal((s), (50), (519), (151), __FILE__ , 5292 ) ;
0
5292 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
never executed: ossl_statem_fatal((s), (50), (519), (151), __FILE__ , 5292 ) ;
0
5293 else-
5294 SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
never executed: ERR_put_error(20,(519),(151),__FILE__,5295) ;
0
5295 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
never executed: ERR_put_error(20,(519),(151),__FILE__,5295) ;
0
5296 return 0;
never executed: return 0;
0
5297 }-
5298-
5299 sk = sk_SSL_CIPHER_new_null();-
5300 scsvs = sk_SSL_CIPHER_new_null();-
5301 if (sk == NULL || scsvs == NULL) {
sk == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
scsvs == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3133
5302 if (fatal)
fatalDescription
TRUEnever evaluated
FALSEnever evaluated
0
5303 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5304 ) ;
0
5304 ERR_R_MALLOC_FAILURE);
never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5304 ) ;
0
5305 else-
5306 SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
never executed: ERR_put_error(20,(519),((1|64)),__FILE__,5306);
0
5307 goto err;
never executed: goto err;
0
5308 }-
5309-
5310 while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
PACKET_copy_by...es, cipher, n)Description
TRUEevaluated 76040 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
3133-76040
5311 /*-
5312 * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the-
5313 * first byte set to zero, while true SSLv2 ciphers have a non-zero-
5314 * first byte. We don't support any true SSLv2 ciphers, so skip them.-
5315 */-
5316 if (sslv2format && cipher[0] != '\0')
sslv2formatDescription
TRUEevaluated 1176 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 74864 times by 1 test
Evaluated by:
  • libssl.so.1.1
cipher[0] != '\0'Description
TRUEevaluated 426 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 750 times by 1 test
Evaluated by:
  • libssl.so.1.1
426-74864
5317 continue;
executed 426 times by 1 test: continue;
Executed by:
  • libssl.so.1.1
426
5318-
5319 /* For SSLv2-compat, ignore leading 0-byte. */-
5320 c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);-
5321 if (c != NULL) {
c != ((void *)0)Description
TRUEevaluated 58264 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 17350 times by 1 test
Evaluated by:
  • libssl.so.1.1
17350-58264
5322 if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
c->validDescription
TRUEevaluated 55836 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2428 times by 1 test
Evaluated by:
  • libssl.so.1.1
!sk_SSL_CIPHER_push(sk, c)Description
TRUEnever evaluated
FALSEevaluated 55836 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-55836
5323 (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
!c->validDescription
TRUEevaluated 2428 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 55836 times by 1 test
Evaluated by:
  • libssl.so.1.1
!sk_SSL_CIPHER_push(scsvs, c)Description
TRUEnever evaluated
FALSEevaluated 2428 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-55836
5324 if (fatal)
fatalDescription
TRUEnever evaluated
FALSEnever evaluated
0
5325 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5326 ) ;
0
5326 SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5326 ) ;
0
5327 else-
5328 SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
never executed: ERR_put_error(20,(519),((1|64)),__FILE__,5328);
0
5329 goto err;
never executed: goto err;
0
5330 }-
5331 }
executed 58264 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
58264
5332 }
executed 75614 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
75614
5333 if (PACKET_remaining(cipher_suites) > 0) {
PACKET_remaini...er_suites) > 0Description
TRUEnever evaluated
FALSEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3133
5334 if (fatal)
fatalDescription
TRUEnever evaluated
FALSEnever evaluated
0
5335 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
never executed: ossl_statem_fatal((s), (50), (519), (271), __FILE__ , 5336 ) ;
0
5336 SSL_R_BAD_LENGTH);
never executed: ossl_statem_fatal((s), (50), (519), (271), __FILE__ , 5336 ) ;
0
5337 else-
5338 SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
never executed: ERR_put_error(20,(519),(271),__FILE__,5338);
0
5339 goto err;
never executed: goto err;
0
5340 }-
5341-
5342 if (skp != NULL)
skp != ((void *)0)Description
TRUEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3133
5343 *skp = sk;
executed 3133 times by 1 test: *skp = sk;
Executed by:
  • libssl.so.1.1
3133
5344 else-
5345 sk_SSL_CIPHER_free(sk);
never executed: sk_SSL_CIPHER_free(sk);
0
5346 if (scsvs_out != NULL)
scsvs_out != ((void *)0)Description
TRUEevaluated 3133 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3133
5347 *scsvs_out = scsvs;
executed 3133 times by 1 test: *scsvs_out = scsvs;
Executed by:
  • libssl.so.1.1
3133
5348 else-
5349 sk_SSL_CIPHER_free(scsvs);
never executed: sk_SSL_CIPHER_free(scsvs);
0
5350 return 1;
executed 3133 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
3133
5351 err:-
5352 sk_SSL_CIPHER_free(sk);-
5353 sk_SSL_CIPHER_free(scsvs);-
5354 return 0;
never executed: return 0;
0
5355}-
5356-
5357int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)-
5358{-
5359 ctx->max_early_data = max_early_data;-
5360-
5361 return 1;
executed 62 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
62
5362}-
5363-
5364uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)-
5365{-
5366 return ctx->max_early_data;
never executed: return ctx->max_early_data;
0
5367}-
5368-
5369int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)-
5370{-
5371 s->max_early_data = max_early_data;-
5372-
5373 return 1;
never executed: return 1;
0
5374}-
5375-
5376uint32_t SSL_get_max_early_data(const SSL *s)-
5377{-
5378 return s->max_early_data;
never executed: return s->max_early_data;
0
5379}-
5380-
5381int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)-
5382{-
5383 ctx->recv_max_early_data = recv_max_early_data;-
5384-
5385 return 1;
never executed: return 1;
0
5386}-
5387-
5388uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)-
5389{-
5390 return ctx->recv_max_early_data;
never executed: return ctx->recv_max_early_data;
0
5391}-
5392-
5393int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)-
5394{-
5395 s->recv_max_early_data = recv_max_early_data;-
5396-
5397 return 1;
executed 3 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
3
5398}-
5399-
5400uint32_t SSL_get_recv_max_early_data(const SSL *s)-
5401{-
5402 return s->recv_max_early_data;
never executed: return s->recv_max_early_data;
0
5403}-
5404-
5405__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)-
5406{-
5407 /* Return any active Max Fragment Len extension */-
5408 if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
ssl->session != ((void *)0)Description
TRUEevaluated 47522 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 7993 times by 1 test
Evaluated by:
  • libssl.so.1.1
((ssl->session...en_mode) >= 1)Description
TRUEevaluated 333 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 47189 times by 1 test
Evaluated by:
  • libssl.so.1.1
((ssl->session...en_mode) <= 4)Description
TRUEevaluated 333 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-47522
5409 return GET_MAX_FRAGMENT_LENGTH(ssl->session);
executed 333 times by 1 test: return (512U << (ssl->session->ext.max_fragment_len_mode - 1));
Executed by:
  • libssl.so.1.1
333
5410-
5411 /* return current SSL connection setting */-
5412 return ssl->max_send_fragment;
executed 55182 times by 1 test: return ssl->max_send_fragment;
Executed by:
  • libssl.so.1.1
55182
5413}-
5414-
5415__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)-
5416{-
5417 /* Return a value regarding an active Max Fragment Len extension */-
5418 if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
ssl->session != ((void *)0)Description
TRUEevaluated 26393 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 226 times by 1 test
Evaluated by:
  • libssl.so.1.1
((ssl->session...en_mode) >= 1)Description
TRUEevaluated 163 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 26230 times by 1 test
Evaluated by:
  • libssl.so.1.1
((ssl->session...en_mode) <= 4)Description
TRUEevaluated 163 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-26393
5419 && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
ssl->split_sen...len_mode - 1))Description
TRUEevaluated 115 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 48 times by 1 test
Evaluated by:
  • libssl.so.1.1
48-115
5420 return GET_MAX_FRAGMENT_LENGTH(ssl->session);
executed 115 times by 1 test: return (512U << (ssl->session->ext.max_fragment_len_mode - 1));
Executed by:
  • libssl.so.1.1
115
5421-
5422 /* else limit |split_send_fragment| to current |max_send_fragment| */-
5423 if (ssl->split_send_fragment > ssl->max_send_fragment)
ssl->split_sen..._send_fragmentDescription
TRUEnever evaluated
FALSEevaluated 26504 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-26504
5424 return ssl->max_send_fragment;
never executed: return ssl->max_send_fragment;
0
5425-
5426 /* return current SSL connection setting */-
5427 return ssl->split_send_fragment;
executed 26504 times by 1 test: return ssl->split_send_fragment;
Executed by:
  • libssl.so.1.1
26504
5428}-
5429-
5430int SSL_stateless(SSL *s)-
5431{-
5432 int ret;-
5433-
5434 /* Ensure there is no state left over from a previous invocation */-
5435 if (!SSL_clear(s))
!SSL_clear(s)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4
5436 return 0;
never executed: return 0;
0
5437-
5438 ERR_clear_error();-
5439-
5440 s->s3->flags |= TLS1_FLAGS_STATELESS;-
5441 ret = SSL_accept(s);-
5442 s->s3->flags &= ~TLS1_FLAGS_STATELESS;-
5443-
5444 if (ret > 0 && s->ext.cookieok)
ret > 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
s->ext.cookieokDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-3
5445 return 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libssl.so.1.1
1
5446-
5447 if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
s->hello_retry...SL_HRR_PENDINGDescription
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
!ossl_statem_in_error(s)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
5448 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
2
5449-
5450 return -1;
executed 1 time by 1 test: return -1;
Executed by:
  • libssl.so.1.1
1
5451}-
5452-
5453void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)-
5454{-
5455 ctx->pha_enabled = val;-
5456}
executed 2 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2
5457-
5458void SSL_set_post_handshake_auth(SSL *ssl, int val)-
5459{-
5460 ssl->pha_enabled = val;-
5461}
executed 36 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
36
5462-
5463int SSL_verify_client_post_handshake(SSL *ssl)-
5464{-
5465 if (!SSL_IS_TLS13(ssl)) {
!(ssl->method-...c_flags & 0x8)Description
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
(ssl)->method-...sion >= 0x0304Description
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
(ssl)->method-...ion != 0x10000Description
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-28
5466 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);-
5467 return 0;
never executed: return 0;
0
5468 }-
5469 if (!ssl->server) {
!ssl->serverDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-28
5470 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);-
5471 return 0;
never executed: return 0;
0
5472 }-
5473-
5474 if (!SSL_is_init_finished(ssl)) {
!SSL_is_init_finished(ssl)Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-28
5475 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);-
5476 return 0;
never executed: return 0;
0
5477 }-
5478-
5479 switch (ssl->post_handshake_auth) {-
5480 case SSL_PHA_NONE:
executed 2 times by 1 test: case SSL_PHA_NONE:
Executed by:
  • libssl.so.1.1
2
5481 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);-
5482 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
2
5483 default:
never executed: default:
0
5484 case SSL_PHA_EXT_SENT:
never executed: case SSL_PHA_EXT_SENT:
0
5485 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);-
5486 return 0;
never executed: return 0;
0
5487 case SSL_PHA_EXT_RECEIVED:
executed 26 times by 1 test: case SSL_PHA_EXT_RECEIVED:
Executed by:
  • libssl.so.1.1
26
5488 break;
executed 26 times by 1 test: break;
Executed by:
  • libssl.so.1.1
26
5489 case SSL_PHA_REQUEST_PENDING:
never executed: case SSL_PHA_REQUEST_PENDING:
0
5490 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);-
5491 return 0;
never executed: return 0;
0
5492 case SSL_PHA_REQUESTED:
never executed: case SSL_PHA_REQUESTED:
0
5493 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);-
5494 return 0;
never executed: return 0;
0
5495 }-
5496-
5497 ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;-
5498-
5499 /* checks verify_mode and algorithm_auth */-
5500 if (!send_certificate_request(ssl)) {
!send_certificate_request(ssl)Description
TRUEnever evaluated
FALSEevaluated 26 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-26
5501 ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */-
5502 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);-
5503 return 0;
never executed: return 0;
0
5504 }-
5505-
5506 ossl_statem_set_in_init(ssl, 1);-
5507 return 1;
executed 26 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
26
5508}-
5509-
5510int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,-
5511 SSL_CTX_generate_session_ticket_fn gen_cb,-
5512 SSL_CTX_decrypt_session_ticket_fn dec_cb,-
5513 void *arg)-
5514{-
5515 ctx->generate_ticket_cb = gen_cb;-
5516 ctx->decrypt_ticket_cb = dec_cb;-
5517 ctx->ticket_cb_data = arg;-
5518 return 1;
executed 16 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
16
5519}-
5520-
5521void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,-
5522 SSL_allow_early_data_cb_fn cb,-
5523 void *arg)-
5524{-
5525 ctx->allow_early_data_cb = cb;-
5526 ctx->allow_early_data_cb_data = arg;-
5527}
executed 8 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
8
5528-
5529void SSL_set_allow_early_data_cb(SSL *s,-
5530 SSL_allow_early_data_cb_fn cb,-
5531 void *arg)-
5532{-
5533 s->allow_early_data_cb = cb;-
5534 s->allow_early_data_cb_data = arg;-
5535}
never executed: end of block
0
Source codeSwitch to Preprocessed file

Generated by Squish Coco 4.2.2