OpenCoverage

ssl_lib.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/ssl_lib.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

5 * -

6 * Licensed under the OpenSSL license (the "License"). You may not use -

7 * this file except in compliance with the License. You can obtain a copy -

8 * in the file LICENSE in the source distribution or at -

9 * https://www.openssl.org/source/license.html -

10 */ -

11 -

12 #include <stdio.h> -

13 #include "ssl_locl.h" -

14 #include <openssl/objects.h> -

15 #include <openssl/x509v3.h> -

16 #include <openssl/rand.h> -

17 #include <openssl/rand_drbg.h> -

18 #include <openssl/ocsp.h> -

19 #include <openssl/dh.h> -

20 #include <openssl/engine.h> -

21 #include <openssl/async.h> -

22 #include <openssl/ct.h> -

23 #include "internal/cryptlib.h" -

24 #include "internal/refcount.h" -

25 -

26 const char SSL_version_str[] = OPENSSL_VERSION_TEXT; -

27 -

28 static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t) -

29 { -

30 (void)r; -

31 (void)s; -

32 (void)t; -

return ssl_undefined_function(ssl);

never executed: return ssl_undefined_function(ssl);

34 } -

35 -

36 static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, -

37 int t) -

38 { -

39 (void)r; -

40 (void)s; -

41 (void)t; -

return ssl_undefined_function(ssl);

never executed: return ssl_undefined_function(ssl);

43 } -

44 -

45 static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, -

46 unsigned char *s, size_t t, size_t *u) -

47 { -

48 (void)r; -

49 (void)s; -

50 (void)t; -

51 (void)u; -

return ssl_undefined_function(ssl);

never executed: return ssl_undefined_function(ssl);

53 } -

54 -

55 static int ssl_undefined_function_4(SSL *ssl, int r) -

56 { -

57 (void)r; -

return ssl_undefined_function(ssl);

never executed: return ssl_undefined_function(ssl);

59 } -

60 -

61 static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, -

62 unsigned char *t) -

63 { -

64 (void)r; -

65 (void)s; -

66 (void)t; -

return ssl_undefined_function(ssl);

never executed: return ssl_undefined_function(ssl);

68 } -

69 -

70 static int ssl_undefined_function_6(int r) -

71 { -

72 (void)r; -

return ssl_undefined_function(NULL);

never executed: return ssl_undefined_function( ((void *)0) );

74 } -

75 -

76 static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, -

77 const char *t, size_t u, -

78 const unsigned char *v, size_t w, int x) -

79 { -

80 (void)r; -

81 (void)s; -

82 (void)t; -

83 (void)u; -

84 (void)v; -

85 (void)w; -

86 (void)x; -

return ssl_undefined_function(ssl);

never executed: return ssl_undefined_function(ssl);

88 } -

89 -

90 SSL3_ENC_METHOD ssl3_undef_enc_method = { -

91 ssl_undefined_function_1, -

92 ssl_undefined_function_2, -

93 ssl_undefined_function, -

94 ssl_undefined_function_3, -

95 ssl_undefined_function_4, -

96 ssl_undefined_function_5, -

97 NULL, /* client_finished_label */ -

98 0, /* client_finished_label_len */ -

99 NULL, /* server_finished_label */ -

100 0, /* server_finished_label_len */ -

101 ssl_undefined_function_6, -

102 ssl_undefined_function_7, -

103 }; -

104 -

105 struct ssl_async_args { -

106 SSL *s; -

107 void *buf; -

108 size_t num; -

109 enum { READFUNC, WRITEFUNC, OTHERFUNC } type; -

110 union { -

111 int (*func_read) (SSL *, void *, size_t, size_t *); -

112 int (*func_write) (SSL *, const void *, size_t, size_t *); -

113 int (*func_other) (SSL *); -

114 } f; -

115 }; -

116 -

117 static const struct { -

118 uint8_t mtype; -

119 uint8_t ord; -

120 int nid; -

121 } dane_mds[] = { -

122 { -

123 DANETLS_MATCHING_FULL, 0, NID_undef -

124 }, -

125 { -

126 DANETLS_MATCHING_2256, 1, NID_sha256 -

127 }, -

128 { -

129 DANETLS_MATCHING_2512, 2, NID_sha512 -

130 }, -

131 }; -

132 -

133 static int dane_ctx_enable(struct dane_ctx_st *dctx) -

134 { -

135 const EVP_MD **mdevp; -

136 uint8_t *mdord; -

137 uint8_t mdmax = DANETLS_MATCHING_LAST; -

138 int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ -

139 size_t i; -

140 -

141

if (dctx->mdevp != NULL)

dctx->mdevp != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

142

return 1;

never executed: return 1;

143 -

144 mdevp = OPENSSL_zalloc(n * sizeof(*mdevp)); -

145 mdord = OPENSSL_zalloc(n * sizeof(*mdord)); -

146 -

147

if (mdord == NULL || mdevp == NULL) {

mdord == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

mdevp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

148 OPENSSL_free(mdord); -

149 OPENSSL_free(mdevp); -

150 SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE); -

151

return 0;

never executed: return 0;

152 } -

153 -

154 /* Install default entries */ -

155

for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {

i < (sizeof(da...dane_mds)[0]))	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-3

156 const EVP_MD *md; -

157 -

158

if (dane_mds[i].nid == NID_undef ||

dane_mds[i].nid == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

1-2

159

(md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)

(md = EVP_get_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

160

continue;

executed 1 time by 1 test: continue;

Executed by:

libssl.so.1.1

161 mdevp[dane_mds[i].mtype] = md; -

162 mdord[dane_mds[i].mtype] = dane_mds[i].ord; -

163

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

164 -

165 dctx->mdevp = mdevp; -

166 dctx->mdord = mdord; -

167 dctx->mdmax = mdmax; -

168 -

169

return 1;

executed 1 time by 1 test: return 1;

Executed by:

libssl.so.1.1

170 } -

171 -

172 static void dane_ctx_final(struct dane_ctx_st *dctx) -

173 { -

174 OPENSSL_free(dctx->mdevp); -

175 dctx->mdevp = NULL; -

176 -

177 OPENSSL_free(dctx->mdord); -

178 dctx->mdord = NULL; -

179 dctx->mdmax = 0; -

180

}

executed 8017 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

8017

181 -

182 static void tlsa_free(danetls_record *t) -

183 { -

184

if (t == NULL)

t == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

185

return;

never executed: return;

186 OPENSSL_free(t->data); -

187 EVP_PKEY_free(t->spki); -

188 OPENSSL_free(t); -

189

}

executed 50 times by 1 test: end of block

Executed by:

libssl.so.1.1

190 -

191 static void dane_final(SSL_DANE *dane) -

192 { -

193 sk_danetls_record_pop_free(dane->trecs, tlsa_free); -

194 dane->trecs = NULL; -

195 -

196 sk_X509_pop_free(dane->certs, X509_free); -

197 dane->certs = NULL; -

198 -

199 X509_free(dane->mcert); -

200 dane->mcert = NULL; -

201 dane->mtlsa = NULL; -

202 dane->mdpth = -1; -

203 dane->pdpth = -1; -

204

}

executed 8254 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

8254

205 -

206 /* -

207 * dane_copy - Copy dane configuration, sans verification state. -

208 */ -

209 static int ssl_dane_dup(SSL *to, SSL *from) -

210 { -

211 int num; -

212 int i; -

213 -

214

if (!DANETLS_ENABLED(&from->dane))

(&from->dane) != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

sk_danetls_rec...e)->trecs) > 0	Description
TRUE	never evaluated
FALSE	never evaluated

215

return 1;

never executed: return 1;

216 -

217 num = sk_danetls_record_num(from->dane.trecs); -

218 dane_final(&to->dane); -

219 to->dane.flags = from->dane.flags; -

220 to->dane.dctx = &to->ctx->dane; -

221 to->dane.trecs = sk_danetls_record_new_reserve(NULL, num); -

222 -

223

if (to->dane.trecs == NULL) {

to->dane.trecs == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

224 SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE); -

225

return 0;

never executed: return 0;

226 } -

227 -

228

for (i = 0; i < num; ++i) {

i < num	Description
TRUE	never evaluated
FALSE	never evaluated

229 danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); -

230 -

231

if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,

SSL_dane_tlsa_... t->dlen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

232

t->data, t->dlen) <= 0)

SSL_dane_tlsa_... t->dlen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

233

return 0;

never executed: return 0;

234

}

never executed: end of block

235

return 1;

never executed: return 1;

236 } -

237 -

238 static int dane_mtype_set(struct dane_ctx_st *dctx, -

239 const EVP_MD *md, uint8_t mtype, uint8_t ord) -

240 { -

241 int i; -

242 -

243

if (mtype == DANETLS_MATCHING_FULL && md != NULL) {

mtype == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

md != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-2

244 SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL); -

245

return 0;

never executed: return 0;

246 } -

247 -

248

if (mtype > dctx->mdmax) {

mtype > dctx->mdmax	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

249 const EVP_MD **mdevp; -

250 uint8_t *mdord; -

251 int n = ((int)mtype) + 1; -

252 -

253 mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp)); -

254

if (mdevp == NULL) {

mdevp == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

255 SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE); -

256

return -1;

never executed: return -1;

257 } -

258 dctx->mdevp = mdevp; -

259 -

260 mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord)); -

261

if (mdord == NULL) {

mdord == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

262 SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE); -

263

return -1;

never executed: return -1;

264 } -

265 dctx->mdord = mdord; -

266 -

267 /* Zero-fill any gaps */ -

268

for (i = dctx->mdmax + 1; i < mtype; ++i) {

i < mtype	Description
TRUE	never evaluated
FALSE	never evaluated

269 mdevp[i] = NULL; -

270 mdord[i] = 0; -

271

}

never executed: end of block

272 -

273 dctx->mdmax = mtype; -

274

}

never executed: end of block

275 -

276 dctx->mdevp[mtype] = md; -

277 /* Coerce ordinal of disabled matching types to 0 */ -

278

dctx->mdord[mtype] = (md == NULL) ? 0 : ord;

(md == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

279 -

280

return 1;

executed 2 times by 1 test: return 1;

Executed by:

libssl.so.1.1

281 } -

282 -

283 static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype) -

284 { -

285

if (mtype > dane->dctx->mdmax)

mtype > dane->dctx->mdmax	Description
TRUE	never evaluated
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

0-45

286

return NULL;

never executed: return ((void *)0) ;

287

return dane->dctx->mdevp[mtype];

executed 45 times by 1 test: return dane->dctx->mdevp[mtype];

Executed by:

libssl.so.1.1

288 } -

289 -

290 static int dane_tlsa_add(SSL_DANE *dane, -

291 uint8_t usage, -

292 uint8_t selector, -

293 uint8_t mtype, unsigned const char *data, size_t dlen) -

294 { -

295 danetls_record *t; -

296 const EVP_MD *md = NULL; -

297 int ilen = (int)dlen; -

298 int i; -

299 int num; -

300 -

301

if (dane->trecs == NULL) {

dane->trecs == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

302 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED); -

303

return -1;

never executed: return -1;

304 } -

305 -

306

if (ilen < 0 || dlen != (size_t)ilen) {

ilen < 0	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

dlen != (size_t)ilen	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

307 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH); -

308

return 0;

never executed: return 0;

309 } -

310 -

311

if (usage > DANETLS_USAGE_LAST) {

usage > 3	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

312 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE); -

313

return 0;

never executed: return 0;

314 } -

315 -

316

if (selector > DANETLS_SELECTOR_LAST) {

selector > 1	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

317 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR); -

318

return 0;

never executed: return 0;

319 } -

320 -

321

if (mtype != DANETLS_MATCHING_FULL) {

mtype != 0	Description
TRUE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-45

322 md = tlsa_md_get(dane, mtype); -

323

if (md == NULL) {

md == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

0-45

324 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE); -

325

return 0;

never executed: return 0;

326 } -

327

}

executed 45 times by 1 test: end of block

Executed by:

libssl.so.1.1

328 -

329

if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {

md != ((void *)0)	Description
TRUE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

dlen != (size_...VP_MD_size(md)	Description
TRUE	never evaluated
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

0-45

330 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH); -

331

return 0;

never executed: return 0;

332 } -

333

if (!data) {

!data	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

334 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA); -

335

return 0;

never executed: return 0;

336 } -

337 -

338

if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {

(t = CRYPTO_za...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

339 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); -

340

return -1;

never executed: return -1;

341 } -

342 -

343 t->usage = usage; -

344 t->selector = selector; -

345 t->mtype = mtype; -

346 t->data = OPENSSL_malloc(dlen); -

347

if (t->data == NULL) {

t->data == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

348 tlsa_free(t); -

349 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); -

350

return -1;

never executed: return -1;

351 } -

352 memcpy(t->data, data, dlen); -

353 t->dlen = dlen; -

354 -

355 /* Validate and cache full certificate or public key */ -

356

if (mtype == DANETLS_MATCHING_FULL) {

mtype == 0	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

5-45

357 const unsigned char *p = data; -

358 X509 *cert = NULL; -

359 EVP_PKEY *pkey = NULL; -

360 -

361 switch (selector) { -

362

case DANETLS_SELECTOR_CERT:

executed 3 times by 1 test: case 0:

Executed by:

libssl.so.1.1

363

if (!d2i_X509(&cert, &p, ilen) || p < data ||

!d2i_X509(&cert, &p, ilen)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

p < data	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

364

dlen != (size_t)(p - data)) {

dlen != (size_t)(p - data)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

365 tlsa_free(t); -

366 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); -

367

return 0;

never executed: return 0;

368 } -

369

if (X509_get0_pubkey(cert) == NULL) {

X509_get0_pubk...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

370 tlsa_free(t); -

371 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); -

372

return 0;

never executed: return 0;

373 } -

374 -

375

if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {

((((uint32_t)1... << 2)))) == 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

376 X509_free(cert); -

377

break;

never executed: break;

378 } -

379 -

380 /* -

381 * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA -

382 * records that contain full certificates of trust-anchors that are -

383 * not present in the wire chain. For usage PKIX-TA(0), we augment -

384 * the chain with untrusted Full(0) certificates from DNS, in case -

385 * they are missing from the chain. -

386 */ -

387

if ((dane->certs == NULL &&

dane->certs == ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3

388

(dane->certs = sk_X509_new_null()) == NULL) ||

(dane->certs =...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

389

!sk_X509_push(dane->certs, cert)) {

!sk_X509_push(...->certs, cert)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

390 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); -

391 X509_free(cert); -

392 tlsa_free(t); -

393

return -1;

never executed: return -1;

394 } -

395

break;

executed 3 times by 1 test: break;

Executed by:

libssl.so.1.1

396 -

397

case DANETLS_SELECTOR_SPKI:

executed 2 times by 1 test: case 1:

Executed by:

libssl.so.1.1

398

if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||

!d2i_PUBKEY(&pkey, &p, ilen)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

p < data	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

399

dlen != (size_t)(p - data)) {

dlen != (size_t)(p - data)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

400 tlsa_free(t); -

401 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); -

402

return 0;

never executed: return 0;

403 } -

404 -

405 /* -

406 * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA -

407 * records that contain full bare keys of trust-anchors that are -

408 * not present in the wire chain. -

409 */ -

410

if (usage == DANETLS_USAGE_DANE_TA)

usage == 2	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

411

t->spki = pkey;

executed 2 times by 1 test: t->spki = pkey;

Executed by:

libssl.so.1.1

412 else -

413

EVP_PKEY_free(pkey);

never executed: EVP_PKEY_free(pkey);

414

break;

executed 2 times by 1 test: break;

Executed by:

libssl.so.1.1

415 } -

416

}

executed 5 times by 1 test: end of block

Executed by:

libssl.so.1.1

417 -

418 /*- -

419 * Find the right insertion point for the new record. -

420 * -

421 * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that -

422 * they can be processed first, as they require no chain building, and no -

423 * expiration or hostname checks. Because DANE-EE(3) is numerically -

424 * largest, this is accomplished via descending sort by "usage". -

425 * -

426 * We also sort in descending order by matching ordinal to simplify -

427 * the implementation of digest agility in the verification code. -

428 * -

429 * The choice of order for the selector is not significant, so we -

430 * use the same descending order for consistency. -

431 */ -

432 num = sk_danetls_record_num(dane->trecs); -

433

for (i = 0; i < num; ++i) {

i < num	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

1-50

434 danetls_record *rec = sk_danetls_record_value(dane->trecs, i); -

435 -

436

if (rec->usage > usage)

rec->usage > usage	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

437

continue;

executed 1 time by 1 test: continue;

Executed by:

libssl.so.1.1

438

if (rec->usage < usage)

rec->usage < usage	Description
TRUE	never evaluated
FALSE	never evaluated

439

break;

never executed: break;

440

if (rec->selector > selector)

rec->selector > selector	Description
TRUE	never evaluated
FALSE	never evaluated

441

continue;

never executed: continue;

442

if (rec->selector < selector)

rec->selector < selector	Description
TRUE	never evaluated
FALSE	never evaluated

443

break;

never executed: break;

444

if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])

dane->dctx->md...->mdord[mtype]	Description
TRUE	never evaluated
FALSE	never evaluated

445

continue;

never executed: continue;

446

break;

never executed: break;

447 } -

448 -

449

if (!sk_danetls_record_insert(dane->trecs, t, i)) {

!sk_danetls_re...->trecs, t, i)	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-50

450 tlsa_free(t); -

451 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); -

452

return -1;

never executed: return -1;

453 } -

454 dane->umask |= DANETLS_USAGE_BIT(usage); -

455 -

456

return 1;

executed 50 times by 1 test: return 1;

Executed by:

libssl.so.1.1

457 } -

458 -

459 /* -

460 * Return 0 if there is only one version configured and it was disabled -

461 * at configure time. Return 1 otherwise. -

462 */ -

463 static int ssl_check_allowed_versions(int min_version, int max_version) -

464 { -

465 int minisdtls = 0, maxisdtls = 0; -

466 -

467 /* Figure out if we're doing DTLS versions or TLS versions */ -

468

if (min_version == DTLS1_BAD_VER

min_version == 0x0100	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8536 times by 1 test Evaluated by: libssl.so.1.1

2-8536

469

|| min_version >> 8 == DTLS1_VERSION_MAJOR)

min_version >> 8 == 0xFE	Description
TRUE	evaluated 112 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8424 times by 1 test Evaluated by: libssl.so.1.1

112-8424

470

minisdtls = 1;

executed 114 times by 1 test: minisdtls = 1;

Executed by:

libssl.so.1.1

114

471

if (max_version == DTLS1_BAD_VER

max_version == 0x0100	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8537 times by 1 test Evaluated by: libssl.so.1.1

1-8537

472

|| max_version >> 8 == DTLS1_VERSION_MAJOR)

max_version >> 8 == 0xFE	Description
TRUE	evaluated 294 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8243 times by 1 test Evaluated by: libssl.so.1.1

294-8243

473

maxisdtls = 1;

executed 295 times by 1 test: maxisdtls = 1;

Executed by:

libssl.so.1.1

295

474 /* A wildcard version of 0 could be DTLS or TLS. */ -

475

if ((minisdtls && !maxisdtls && max_version != 0)

minisdtls	Description
TRUE	evaluated 114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8424 times by 1 test Evaluated by: libssl.so.1.1

!maxisdtls	Description
TRUE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1

max_version != 0	Description
TRUE	never evaluated
FALSE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1

0-8424

476

|| (maxisdtls && !minisdtls && min_version != 0)) {

maxisdtls	Description
TRUE	evaluated 295 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8243 times by 1 test Evaluated by: libssl.so.1.1

!minisdtls	Description
TRUE	evaluated 238 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1

min_version != 0	Description
TRUE	never evaluated
FALSE	evaluated 238 times by 1 test Evaluated by: libssl.so.1.1

0-8243

477 /* Mixing DTLS and TLS versions will lead to sadness; deny it. */ -

478

return 0;

never executed: return 0;

479 } -

480 -

481

if (minisdtls || maxisdtls) {

minisdtls	Description
TRUE	evaluated 114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8424 times by 1 test Evaluated by: libssl.so.1.1

maxisdtls	Description
TRUE	evaluated 238 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8186 times by 1 test Evaluated by: libssl.so.1.1

114-8424

482 /* Do DTLS version checks. */ -

483

if (min_version == 0)

min_version == 0	Description
TRUE	evaluated 238 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 114 times by 1 test Evaluated by: libssl.so.1.1

114-238

484 /* Ignore DTLS1_BAD_VER */ -

485

min_version = DTLS1_VERSION;

executed 238 times by 1 test: min_version = 0xFEFF;

Executed by:

libssl.so.1.1

238

486

if (max_version == 0)

max_version == 0	Description
TRUE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 295 times by 1 test Evaluated by: libssl.so.1.1

57-295

487

max_version = DTLS1_2_VERSION;

executed 57 times by 1 test: max_version = 0xFEFD;

Executed by:

libssl.so.1.1

488 #ifdef OPENSSL_NO_DTLS1_2 -

489 if (max_version == DTLS1_2_VERSION) -

490 max_version = DTLS1_VERSION; -

491 #endif -

492 #ifdef OPENSSL_NO_DTLS1 -

493 if (min_version == DTLS1_VERSION) -

494 min_version = DTLS1_2_VERSION; -

495 #endif -

496 /* Done massaging versions; do the check. */ -

497 if (0 -

498 #ifdef OPENSSL_NO_DTLS1 -

499 || (DTLS_VERSION_GE(min_version, DTLS1_VERSION) -

500 && DTLS_VERSION_GE(DTLS1_VERSION, max_version)) -

501 #endif -

502 #ifdef OPENSSL_NO_DTLS1_2 -

503 || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION) -

504 && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version)) -

505 #endif -

506

)

dead code: return 0;

507

return 0;

dead code: return 0;

508

} else {

executed 352 times by 1 test: end of block

Executed by:

libssl.so.1.1

352

509 /* Regular TLS version checks. */ -

510

if (min_version == 0)

min_version == 0	Description
TRUE	evaluated 6336 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1850 times by 1 test Evaluated by: libssl.so.1.1

1850-6336

511

min_version = SSL3_VERSION;

executed 6336 times by 1 test: min_version = 0x0300;

Executed by:

libssl.so.1.1

6336

512

if (max_version == 0)

max_version == 0	Description
TRUE	evaluated 4969 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3217 times by 1 test Evaluated by: libssl.so.1.1

3217-4969

513

max_version = TLS1_3_VERSION;

executed 4969 times by 1 test: max_version = 0x0304;

Executed by:

libssl.so.1.1

4969

514 #ifdef OPENSSL_NO_TLS1_3 -

515 if (max_version == TLS1_3_VERSION) -

516 max_version = TLS1_2_VERSION; -

517 #endif -

518 #ifdef OPENSSL_NO_TLS1_2 -

519 if (max_version == TLS1_2_VERSION) -

520 max_version = TLS1_1_VERSION; -

521 #endif -

522 #ifdef OPENSSL_NO_TLS1_1 -

523 if (max_version == TLS1_1_VERSION) -

524 max_version = TLS1_VERSION; -

525 #endif -

526 #ifdef OPENSSL_NO_TLS1 -

527 if (max_version == TLS1_VERSION) -

528 max_version = SSL3_VERSION; -

529 #endif -

530 #ifdef OPENSSL_NO_SSL3 -

531

if (min_version == SSL3_VERSION)

min_version == 0x0300	Description
TRUE	evaluated 6384 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1802 times by 1 test Evaluated by: libssl.so.1.1

1802-6384

532

min_version = TLS1_VERSION;

executed 6384 times by 1 test: min_version = 0x0301;

Executed by:

libssl.so.1.1

6384

533 #endif -

534 #ifdef OPENSSL_NO_TLS1 -

535 if (min_version == TLS1_VERSION) -

536 min_version = TLS1_1_VERSION; -

537 #endif -

538 #ifdef OPENSSL_NO_TLS1_1 -

539 if (min_version == TLS1_1_VERSION) -

540 min_version = TLS1_2_VERSION; -

541 #endif -

542 #ifdef OPENSSL_NO_TLS1_2 -

543 if (min_version == TLS1_2_VERSION) -

544 min_version = TLS1_3_VERSION; -

545 #endif -

546 /* Done massaging versions; do the check. */ -

547 if (0 -

548 #ifdef OPENSSL_NO_SSL3 -

549

|| (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)

min_version <= 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 8186 times by 1 test Evaluated by: libssl.so.1.1

0x0300 <= max_version	Description
TRUE	never evaluated
FALSE	never evaluated

0-8186

550 #endif -

551 #ifdef OPENSSL_NO_TLS1 -

552 || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version) -

553 #endif -

554 #ifdef OPENSSL_NO_TLS1_1 -

555 || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version) -

556 #endif -

557 #ifdef OPENSSL_NO_TLS1_2 -

558 || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version) -

559 #endif -

560 #ifdef OPENSSL_NO_TLS1_3 -

561 || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) -

562 #endif -

563 ) -

564

return 0;

never executed: return 0;

565

}

executed 8186 times by 1 test: end of block

Executed by:

libssl.so.1.1

8186

566

return 1;

executed 8538 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8538

567 } -

568 -

569 static void clear_ciphers(SSL *s) -

570 { -

571 /* clear the current cipher */ -

572 ssl_clear_cipher_ctx(s); -

573 ssl_clear_hash_ctx(&s->read_hash); -

574 ssl_clear_hash_ctx(&s->write_hash); -

575

}

executed 32630 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

32630

576 -

577 int SSL_clear(SSL *s) -

578 { -

579

if (s->method == NULL) {

s->method == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 16269 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-16269

580 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); -

581

return 0;

never executed: return 0;

582 } -

583 -

584

if (ssl_clear_bad_session(s)) {

ssl_clear_bad_session(s)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16266 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

3-16266

585 SSL_SESSION_free(s->session); -

586 s->session = NULL; -

587

}

executed 3 times by 1 test: end of block

Executed by:

libssl.so.1.1

588 SSL_SESSION_free(s->psksession); -

589 s->psksession = NULL; -

590 OPENSSL_free(s->psksession_id); -

591 s->psksession_id = NULL; -

592 s->psksession_id_len = 0; -

593 s->hello_retry_request = 0; -

594 s->sent_tickets = 0; -

595 -

596 s->error = 0; -

597 s->hit = 0; -

598 s->shutdown = 0; -

599 -

600

if (s->renegotiate) {

s->renegotiate	Description
TRUE	never evaluated
FALSE	evaluated 16269 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-16269

601 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); -

602

return 0;

never executed: return 0;

603 } -

604 -

605 ossl_statem_clear(s); -

606 -

607 s->version = s->method->version; -

608 s->client_version = s->version; -

609 s->rwstate = SSL_NOTHING; -

610 -

611 BUF_MEM_free(s->init_buf); -

612 s->init_buf = NULL; -

613 clear_ciphers(s); -

614 s->first_packet = 0; -

615 -

616 s->key_update = SSL_KEY_UPDATE_NONE; -

617 -

618 EVP_MD_CTX_free(s->pha_dgst); -

619 s->pha_dgst = NULL; -

620 -

621 /* Reset DANE verification result state */ -

622 s->dane.mdpth = -1; -

623 s->dane.pdpth = -1; -

624 X509_free(s->dane.mcert); -

625 s->dane.mcert = NULL; -

626 s->dane.mtlsa = NULL; -

627 -

628 /* Clear the verification result peername */ -

629 X509_VERIFY_PARAM_move_peername(s->param, NULL); -

630 -

631 /* -

632 * Check to see if we were changed into a different method, if so, revert -

633 * back. -

634 */ -

635

if (s->method != s->ctx->method) {

s->method != s->ctx->method	Description
TRUE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16234 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

35-16234

636 s->method->ssl_free(s); -

637 s->method = s->ctx->method; -

638

if (!s->method->ssl_new(s))

!s->method->ssl_new(s)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

639

return 0;

never executed: return 0;

640

} else {

executed 35 times by 1 test: end of block

Executed by:

libssl.so.1.1

641

if (!s->method->ssl_clear(s))

!s->method->ssl_clear(s)	Description
TRUE	never evaluated
FALSE	evaluated 16234 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-16234

642

return 0;

never executed: return 0;

643

}

executed 16234 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

16234

644 -

645 RECORD_LAYER_clear(&s->rlayer); -

646 -

647

return 1;

executed 16269 times by 2 tests: return 1;

Executed by:

libssl.so.1.1
tls13encryptiontest

16269

648 } -

649 -

650 /** Used to change an SSL_CTXs default SSL method type */ -

651 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) -

652 { -

653 STACK_OF(SSL_CIPHER) *sk; -

654 -

655 ctx->method = meth; -

656 -

657

if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {

!SSL_CTX_set_c...8_GCM_SHA256")	Description
TRUE	never evaluated
FALSE	never evaluated

658 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); -

659

return 0;

never executed: return 0;

660 } -

661 sk = ssl_create_cipher_list(ctx->method, -

662 ctx->tls13_ciphersuites, -

663 &(ctx->cipher_list), -

664 &(ctx->cipher_list_by_id), -

665 SSL_DEFAULT_CIPHER_LIST, ctx->cert); -

666

if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {

(sk == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

(sk_SSL_CIPHER_num(sk) <= 0)	Description
TRUE	never evaluated
FALSE	never evaluated

667 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); -

668

return 0;

never executed: return 0;

669 } -

670

return 1;

never executed: return 1;

671 } -

672 -

673 SSL *SSL_new(SSL_CTX *ctx) -

674 { -

675 SSL *s; -

676 -

677

if (ctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

678 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); -

679

return NULL;

never executed: return ((void *)0) ;

680 } -

681

if (ctx->method == NULL) {

ctx->method == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

682 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); -

683

return NULL;

never executed: return ((void *)0) ;

684 } -

685 -

686 s = OPENSSL_zalloc(sizeof(*s)); -

687

if (s == NULL)

s == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

688

goto err;

never executed: goto err;

689 -

690 s->references = 1; -

691 s->lock = CRYPTO_THREAD_lock_new(); -

692

if (s->lock == NULL) {

s->lock == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

693 OPENSSL_free(s); -

694 s = NULL; -

695

goto err;

never executed: goto err;

696 } -

697 -

698 RECORD_LAYER_init(&s->rlayer, s); -

699 -

700 s->options = ctx->options; -

701 s->dane.flags = ctx->dane.flags; -

702 s->min_proto_version = ctx->min_proto_version; -

703 s->max_proto_version = ctx->max_proto_version; -

704 s->mode = ctx->mode; -

705 s->max_cert_list = ctx->max_cert_list; -

706 s->max_early_data = ctx->max_early_data; -

707 s->recv_max_early_data = ctx->recv_max_early_data; -

708 s->num_tickets = ctx->num_tickets; -

709 s->pha_enabled = ctx->pha_enabled; -

710 -

711 /* Shallow copy of the ciphersuites stack */ -

712 s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); -

713

if (s->tls13_ciphersuites == NULL)

s->tls13_ciphe...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

714

goto err;

never executed: goto err;

715 -

716 /* -

717 * Earlier library versions used to copy the pointer to the CERT, not -

718 * its contents; only when setting new parameters for the per-SSL -

719 * copy, ssl_cert_new would be called (and the direct reference to -

720 * the per-SSL_CTX settings would be lost, but those still were -

721 * indirectly accessed for various purposes, and for that reason they -

722 * used to be known as s->ctx->default_cert). Now we don't look at the -

723 * SSL_CTX's CERT after having duplicated it once. -

724 */ -

725 s->cert = ssl_cert_dup(ctx->cert); -

726

if (s->cert == NULL)

s->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

727

goto err;

never executed: goto err;

728 -

729 RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead); -

730 s->msg_callback = ctx->msg_callback; -

731 s->msg_callback_arg = ctx->msg_callback_arg; -

732 s->verify_mode = ctx->verify_mode; -

733 s->not_resumable_session_cb = ctx->not_resumable_session_cb; -

734 s->record_padding_cb = ctx->record_padding_cb; -

735 s->record_padding_arg = ctx->record_padding_arg; -

736 s->block_padding = ctx->block_padding; -

737 s->sid_ctx_length = ctx->sid_ctx_length; -

738

if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))

!((s->sid_ctx_...id_ctx)) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

739

goto err;

never executed: goto err;

740 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); -

741 s->verify_callback = ctx->default_verify_callback; -

742 s->generate_session_id = ctx->generate_session_id; -

743 -

744 s->param = X509_VERIFY_PARAM_new(); -

745

if (s->param == NULL)

s->param == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

746

goto err;

never executed: goto err;

747 X509_VERIFY_PARAM_inherit(s->param, ctx->param); -

748 s->quiet_shutdown = ctx->quiet_shutdown; -

749 -

750 s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode; -

751 s->max_send_fragment = ctx->max_send_fragment; -

752 s->split_send_fragment = ctx->split_send_fragment; -

753 s->max_pipelines = ctx->max_pipelines; -

754

if (s->max_pipelines > 1)

s->max_pipelines > 1	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

755

RECORD_LAYER_set_read_ahead(&s->rlayer, 1);

never executed: ((&s->rlayer)->read_ahead = (1));

756

if (ctx->default_read_buf_len > 0)

ctx->default_read_buf_len > 0	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

757

SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);

never executed: SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);

758 -

759 SSL_CTX_up_ref(ctx); -

760 s->ctx = ctx; -

761 s->ext.debug_cb = 0; -

762 s->ext.debug_arg = NULL; -

763 s->ext.ticket_expected = 0; -

764 s->ext.status_type = ctx->ext.status_type; -

765 s->ext.status_expected = 0; -

766 s->ext.ocsp.ids = NULL; -

767 s->ext.ocsp.exts = NULL; -

768 s->ext.ocsp.resp = NULL; -

769 s->ext.ocsp.resp_len = 0; -

770 SSL_CTX_up_ref(ctx); -

771 s->session_ctx = ctx; -

772 #ifndef OPENSSL_NO_EC -

773

if (ctx->ext.ecpointformats) {

ctx->ext.ecpointformats	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

774 s->ext.ecpointformats = -

775 OPENSSL_memdup(ctx->ext.ecpointformats, -

776 ctx->ext.ecpointformats_len); -

777

if (!s->ext.ecpointformats)

!s->ext.ecpointformats	Description
TRUE	never evaluated
FALSE	never evaluated

778

goto err;

never executed: goto err;

779 s->ext.ecpointformats_len = -

780 ctx->ext.ecpointformats_len; -

781

}

never executed: end of block

782

if (ctx->ext.supportedgroups) {

ctx->ext.supportedgroups	Description
TRUE	evaluated 101 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8153 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

101-8153

783 s->ext.supportedgroups = -

784 OPENSSL_memdup(ctx->ext.supportedgroups, -

785 ctx->ext.supportedgroups_len -

786 * sizeof(*ctx->ext.supportedgroups)); -

787

if (!s->ext.supportedgroups)

!s->ext.supportedgroups	Description
TRUE	never evaluated
FALSE	evaluated 101 times by 1 test Evaluated by: libssl.so.1.1

0-101

788

goto err;

never executed: goto err;

789 s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; -

790

}

executed 101 times by 1 test: end of block

Executed by:

libssl.so.1.1

101

791 #endif -

792 #ifndef OPENSSL_NO_NEXTPROTONEG -

793 s->ext.npn = NULL; -

794 #endif -

795 -

796

if (s->ctx->ext.alpn) {

s->ctx->ext.alpn	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8223 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

31-8223

797 s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); -

798

if (s->ext.alpn == NULL)

s->ext.alpn == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1

0-31

799

goto err;

never executed: goto err;

800 memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); -

801 s->ext.alpn_len = s->ctx->ext.alpn_len; -

802

}

executed 31 times by 1 test: end of block

Executed by:

libssl.so.1.1

803 -

804 s->verified_chain = NULL; -

805 s->verify_result = X509_V_OK; -

806 -

807 s->default_passwd_callback = ctx->default_passwd_callback; -

808 s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; -

809 -

810 s->method = ctx->method; -

811 -

812 s->key_update = SSL_KEY_UPDATE_NONE; -

813 -

814 s->allow_early_data_cb = ctx->allow_early_data_cb; -

815 s->allow_early_data_cb_data = ctx->allow_early_data_cb_data; -

816 -

817

if (!s->method->ssl_new(s))

!s->method->ssl_new(s)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

818

goto err;

never executed: goto err;

819 -

820

s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;

(ctx->method->...ined_function)	Description
TRUE	evaluated 1933 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6321 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

1933-6321

821 -

822

if (!SSL_clear(s))

!SSL_clear(s)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

823

goto err;

never executed: goto err;

824 -

825

if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))

!CRYPTO_new_ex..., &s->ex_data)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

826

goto err;

never executed: goto err;

827 -

828 #ifndef OPENSSL_NO_PSK -

829 s->psk_client_callback = ctx->psk_client_callback; -

830 s->psk_server_callback = ctx->psk_server_callback; -

831 #endif -

832 s->psk_find_session_cb = ctx->psk_find_session_cb; -

833 s->psk_use_session_cb = ctx->psk_use_session_cb; -

834 -

835 s->job = NULL; -

836 -

837 #ifndef OPENSSL_NO_CT -

838

if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,

!SSL_set_ct_va..._callback_arg)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

839

ctx->ct_validation_callback_arg))

!SSL_set_ct_va..._callback_arg)	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

840

goto err;

never executed: goto err;

841 #endif -

842 -

843

return s;

executed 8254 times by 2 tests: return s;

Executed by:

libssl.so.1.1
tls13encryptiontest

8254

844 err: -

845 SSL_free(s); -

846 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); -

847

return NULL;

never executed: return ((void *)0) ;

848 } -

849 -

850 int SSL_is_dtls(const SSL *s) -

851 { -

852

return SSL_IS_DTLS(s) ? 1 : 0;

executed 2042 times by 1 test: return (s->method->ssl3_enc->enc_flags & 0x8) ? 1 : 0;

Executed by:

libssl.so.1.1

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 124 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1918 times by 1 test Evaluated by: libssl.so.1.1

124-2042

853 } -

854 -

855 int SSL_up_ref(SSL *s) -

856 { -

857 int i; -

858 -

859

if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)

CRYPTO_UP_REF(... s->lock) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

860

return 0;

never executed: return 0;

861 -

862 REF_PRINT_COUNT("SSL", s); -

863 REF_ASSERT_ISNT(i < 2); -

864

return ((i > 1) ? 1 : 0);

never executed: return ((i > 1) ? 1 : 0);

(i > 1)	Description
TRUE	never evaluated
FALSE	never evaluated

865 } -

866 -

867 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, -

868 unsigned int sid_ctx_len) -

869 { -

870

if (sid_ctx_len > sizeof(ctx->sid_ctx)) {

sid_ctx_len > ...(ctx->sid_ctx)	Description
TRUE	never evaluated
FALSE	evaluated 439 times by 1 test Evaluated by: libssl.so.1.1

0-439

871 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, -

872 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); -

873

return 0;

never executed: return 0;

874 } -

875 ctx->sid_ctx_length = sid_ctx_len; -

876 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); -

877 -

878

return 1;

executed 439 times by 1 test: return 1;

Executed by:

libssl.so.1.1

439

879 } -

880 -

881 int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, -

882 unsigned int sid_ctx_len) -

883 { -

884

if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {

sid_ctx_len > 32	Description
TRUE	never evaluated
FALSE	never evaluated

885 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, -

886 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); -

887

return 0;

never executed: return 0;

888 } -

889 ssl->sid_ctx_length = sid_ctx_len; -

890 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); -

891 -

892

return 1;

never executed: return 1;

893 } -

894 -

895 int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) -

896 { -

897 CRYPTO_THREAD_write_lock(ctx->lock); -

898 ctx->generate_session_id = cb; -

899 CRYPTO_THREAD_unlock(ctx->lock); -

900

return 1;

never executed: return 1;

901 } -

902 -

903 int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) -

904 { -

905 CRYPTO_THREAD_write_lock(ssl->lock); -

906 ssl->generate_session_id = cb; -

907 CRYPTO_THREAD_unlock(ssl->lock); -

908

return 1;

never executed: return 1;

909 } -

910 -

911 int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, -

912 unsigned int id_len) -

913 { -

914 /* -

915 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how -

916 * we can "construct" a session to give us the desired check - i.e. to -

917 * find if there's a session in the hash table that would conflict with -

918 * any new session built out of this id/id_len and the ssl_version in use -

919 * by this SSL. -

920 */ -

921 SSL_SESSION r, *p; -

922 -

923

if (id_len > sizeof(r.session_id))

id_len > sizeof(r.session_id)	Description
TRUE	never evaluated
FALSE	evaluated 3372 times by 1 test Evaluated by: libssl.so.1.1

0-3372

924

return 0;

never executed: return 0;

925 -

926 r.ssl_version = ssl->version; -

927 r.session_id_length = id_len; -

928 memcpy(r.session_id, id, id_len); -

929 -

930 CRYPTO_THREAD_read_lock(ssl->session_ctx->lock); -

931 p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r); -

932 CRYPTO_THREAD_unlock(ssl->session_ctx->lock); -

933

return (p != NULL);

executed 3372 times by 1 test: return (p != ((void *)0) );

Executed by:

libssl.so.1.1

3372

934 } -

935 -

936 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) -

937 { -

938

return X509_VERIFY_PARAM_set_purpose(s->param, purpose);

never executed: return X509_VERIFY_PARAM_set_purpose(s->param, purpose);

939 } -

940 -

941 int SSL_set_purpose(SSL *s, int purpose) -

942 { -

943

return X509_VERIFY_PARAM_set_purpose(s->param, purpose);

never executed: return X509_VERIFY_PARAM_set_purpose(s->param, purpose);

944 } -

945 -

946 int SSL_CTX_set_trust(SSL_CTX *s, int trust) -

947 { -

948

return X509_VERIFY_PARAM_set_trust(s->param, trust);

never executed: return X509_VERIFY_PARAM_set_trust(s->param, trust);

949 } -

950 -

951 int SSL_set_trust(SSL *s, int trust) -

952 { -

953

return X509_VERIFY_PARAM_set_trust(s->param, trust);

never executed: return X509_VERIFY_PARAM_set_trust(s->param, trust);

954 } -

955 -

956 int SSL_set1_host(SSL *s, const char *hostname) -

957 { -

958

return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);

never executed: return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);

959 } -

960 -

961 int SSL_add1_host(SSL *s, const char *hostname) -

962 { -

963

return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);

never executed: return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);

964 } -

965 -

966 void SSL_set_hostflags(SSL *s, unsigned int flags) -

967 { -

968 X509_VERIFY_PARAM_set_hostflags(s->param, flags); -

969

}

never executed: end of block

970 -

971 const char *SSL_get0_peername(SSL *s) -

972 { -

973

return X509_VERIFY_PARAM_get0_peername(s->param);

executed 53 times by 1 test: return X509_VERIFY_PARAM_get0_peername(s->param);

Executed by:

libssl.so.1.1

974 } -

975 -

976 int SSL_CTX_dane_enable(SSL_CTX *ctx) -

977 { -

978

return dane_ctx_enable(&ctx->dane);

executed 1 time by 1 test: return dane_ctx_enable(&ctx->dane);

Executed by:

libssl.so.1.1

979 } -

980 -

981 unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags) -

982 { -

983 unsigned long orig = ctx->dane.flags; -

984 -

985 ctx->dane.flags |= flags; -

986

return orig;

never executed: return orig;

987 } -

988 -

989 unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags) -

990 { -

991 unsigned long orig = ctx->dane.flags; -

992 -

993 ctx->dane.flags &= ~flags; -

994

return orig;

never executed: return orig;

995 } -

996 -

997 int SSL_dane_enable(SSL *s, const char *basedomain) -

998 { -

999 SSL_DANE *dane = &s->dane; -

1000 -

1001

if (s->ctx->dane.mdmax == 0) {

s->ctx->dane.mdmax == 0	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1

0-49

1002 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED); -

1003

return 0;

never executed: return 0;

1004 } -

1005

if (dane->trecs != NULL) {

dane->trecs != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1

0-49

1006 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED); -

1007

return 0;

never executed: return 0;

1008 } -

1009 -

1010 /* -

1011 * Default SNI name. This rejects empty names, while set1_host below -

1012 * accepts them and disables host name checks. To avoid side-effects with -

1013 * invalid input, set the SNI name first. -

1014 */ -

1015

if (s->ext.hostname == NULL) {

s->ext.hostname == ((void *)0)	Description
TRUE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-49

1016

if (!SSL_set_tlsext_host_name(s, basedomain)) {

!SSL_ctrl(s,55... *)basedomain)	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1

0-49

1017 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); -

1018

return -1;

never executed: return -1;

1019 } -

1020

}

executed 49 times by 1 test: end of block

Executed by:

libssl.so.1.1

1021 -

1022 /* Primary RFC6125 reference identifier */ -

1023

if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {

!X509_VERIFY_P...basedomain, 0)	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1

0-49

1024 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); -

1025

return -1;

never executed: return -1;

1026 } -

1027 -

1028 dane->mdpth = -1; -

1029 dane->pdpth = -1; -

1030 dane->dctx = &s->ctx->dane; -

1031 dane->trecs = sk_danetls_record_new_null(); -

1032 -

1033

if (dane->trecs == NULL) {

dane->trecs == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1

0-49

1034 SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE); -

1035

return -1;

never executed: return -1;

1036 } -

1037

return 1;

executed 49 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1038 } -

1039 -

1040 unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags) -

1041 { -

1042 unsigned long orig = ssl->dane.flags; -

1043 -

1044 ssl->dane.flags |= flags; -

1045

return orig;

executed 9 times by 1 test: return orig;

Executed by:

libssl.so.1.1

1046 } -

1047 -

1048 unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags) -

1049 { -

1050 unsigned long orig = ssl->dane.flags; -

1051 -

1052 ssl->dane.flags &= ~flags; -

1053

return orig;

never executed: return orig;

1054 } -

1055 -

1056 int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) -

1057 { -

1058 SSL_DANE *dane = &s->dane; -

1059 -

1060

if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)

(dane) != ((void *)0)	Description
TRUE	evaluated 242 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

sk_danetls_rec...e)->trecs) > 0	Description
TRUE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 193 times by 1 test Evaluated by: libssl.so.1.1

s->verify_result != 0	Description
TRUE	never evaluated
FALSE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1

0-242

1061

return -1;

executed 193 times by 1 test: return -1;

Executed by:

libssl.so.1.1

193

1062

if (dane->mtlsa) {

dane->mtlsa	Description
TRUE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

7-42

1063

if (mcert)

mcert	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

0-42

1064

*mcert = dane->mcert;

never executed: *mcert = dane->mcert;

1065

if (mspki)

mspki	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

0-42

1066

*mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;

never executed: *mspki = (dane->mcert == ((void *)0) ) ? dane->mtlsa->spki : ((void *)0) ;

(dane->mcert == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

1067

}

executed 42 times by 1 test: end of block

Executed by:

libssl.so.1.1

1068

return dane->mdpth;

executed 49 times by 1 test: return dane->mdpth;

Executed by:

libssl.so.1.1

1069 } -

1070 -

1071 int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, -

1072 uint8_t *mtype, unsigned const char **data, size_t *dlen) -

1073 { -

1074 SSL_DANE *dane = &s->dane; -

1075 -

1076

if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)

(dane) != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

sk_danetls_rec...e)->trecs) > 0	Description
TRUE	never evaluated
FALSE	never evaluated

s->verify_result != 0	Description
TRUE	never evaluated
FALSE	never evaluated

1077

return -1;

never executed: return -1;

1078

if (dane->mtlsa) {

dane->mtlsa	Description
TRUE	never evaluated
FALSE	never evaluated

1079

if (usage)

usage	Description
TRUE	never evaluated
FALSE	never evaluated

1080

*usage = dane->mtlsa->usage;

never executed: *usage = dane->mtlsa->usage;

1081

if (selector)

selector	Description
TRUE	never evaluated
FALSE	never evaluated

1082

*selector = dane->mtlsa->selector;

never executed: *selector = dane->mtlsa->selector;

1083

if (mtype)

mtype	Description
TRUE	never evaluated
FALSE	never evaluated

1084

*mtype = dane->mtlsa->mtype;

never executed: *mtype = dane->mtlsa->mtype;

1085

if (data)

data	Description
TRUE	never evaluated
FALSE	never evaluated

1086

*data = dane->mtlsa->data;

never executed: *data = dane->mtlsa->data;

1087

if (dlen)

dlen	Description
TRUE	never evaluated
FALSE	never evaluated

1088

*dlen = dane->mtlsa->dlen;

never executed: *dlen = dane->mtlsa->dlen;

1089

}

never executed: end of block

1090

return dane->mdpth;

never executed: return dane->mdpth;

1091 } -

1092 -

1093 SSL_DANE *SSL_get0_dane(SSL *s) -

1094 { -

1095

return &s->dane;

executed 49 times by 1 test: return &s->dane;

Executed by:

libssl.so.1.1

1096 } -

1097 -

1098 int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, -

1099 uint8_t mtype, unsigned const char *data, size_t dlen) -

1100 { -

1101

return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);

executed 50 times by 1 test: return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);

Executed by:

libssl.so.1.1

1102 } -

1103 -

1104 int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, -

1105 uint8_t ord) -

1106 { -

1107

return dane_mtype_set(&ctx->dane, md, mtype, ord);

executed 2 times by 1 test: return dane_mtype_set(&ctx->dane, md, mtype, ord);

Executed by:

libssl.so.1.1

1108 } -

1109 -

1110 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) -

1111 { -

1112

return X509_VERIFY_PARAM_set1(ctx->param, vpm);

never executed: return X509_VERIFY_PARAM_set1(ctx->param, vpm);

1113 } -

1114 -

1115 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) -

1116 { -

1117

return X509_VERIFY_PARAM_set1(ssl->param, vpm);

never executed: return X509_VERIFY_PARAM_set1(ssl->param, vpm);

1118 } -

1119 -

1120 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) -

1121 { -

1122

return ctx->param;

never executed: return ctx->param;

1123 } -

1124 -

1125 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) -

1126 { -

1127

return ssl->param;

executed 49 times by 1 test: return ssl->param;

Executed by:

libssl.so.1.1

1128 } -

1129 -

1130 void SSL_certs_clear(SSL *s) -

1131 { -

1132 ssl_cert_clear_certs(s->cert); -

1133

}

never executed: end of block

1134 -

1135 void SSL_free(SSL *s) -

1136 { -

1137 int i; -

1138 -

1139

if (s == NULL)

s == ((void *)0)	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

48-8254

1140

return;

executed 48 times by 1 test: return;

Executed by:

libssl.so.1.1

1141 CRYPTO_DOWN_REF(&s->references, &i, s->lock); -

1142 REF_PRINT_COUNT("SSL", s); -

1143

if (i > 0)

i > 0	Description
TRUE	never evaluated
FALSE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8254

1144

return;

never executed: return;

1145 REF_ASSERT_ISNT(i < 0); -

1146 -

1147 X509_VERIFY_PARAM_free(s->param); -

1148 dane_final(&s->dane); -

1149 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); -

1150 -

1151 /* Ignore return value */ -

1152 ssl_free_wbio_buffer(s); -

1153 -

1154 BIO_free_all(s->wbio); -

1155 BIO_free_all(s->rbio); -

1156 -

1157 BUF_MEM_free(s->init_buf); -

1158 -

1159 /* add extra stuff */ -

1160 sk_SSL_CIPHER_free(s->cipher_list); -

1161 sk_SSL_CIPHER_free(s->cipher_list_by_id); -

1162 sk_SSL_CIPHER_free(s->tls13_ciphersuites); -

1163 -

1164 /* Make the next call work :-) */ -

1165

if (s->session != NULL) {

s->session != ((void *)0)	Description
TRUE	evaluated 7144 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1110 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

1110-7144

1166 ssl_clear_bad_session(s); -

1167 SSL_SESSION_free(s->session); -

1168

}

executed 7144 times by 1 test: end of block

Executed by:

libssl.so.1.1

7144

1169 SSL_SESSION_free(s->psksession); -

1170 OPENSSL_free(s->psksession_id); -

1171 -

1172 clear_ciphers(s); -

1173 -

1174 ssl_cert_free(s->cert); -

1175 /* Free up if allocated */ -

1176 -

1177 OPENSSL_free(s->ext.hostname); -

1178 SSL_CTX_free(s->session_ctx); -

1179 #ifndef OPENSSL_NO_EC -

1180 OPENSSL_free(s->ext.ecpointformats); -

1181 OPENSSL_free(s->ext.supportedgroups); -

1182 #endif /* OPENSSL_NO_EC */ -

1183 sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); -

1184 #ifndef OPENSSL_NO_OCSP -

1185 sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); -

1186 #endif -

1187 #ifndef OPENSSL_NO_CT -

1188 SCT_LIST_free(s->scts); -

1189 OPENSSL_free(s->ext.scts); -

1190 #endif -

1191 OPENSSL_free(s->ext.ocsp.resp); -

1192 OPENSSL_free(s->ext.alpn); -

1193 OPENSSL_free(s->ext.tls13_cookie); -

1194 OPENSSL_free(s->clienthello); -

1195 OPENSSL_free(s->pha_context); -

1196 EVP_MD_CTX_free(s->pha_dgst); -

1197 -

1198 sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); -

1199 -

1200 sk_X509_pop_free(s->verified_chain, X509_free); -

1201 -

1202

if (s->method != NULL)

s->method != ((void *)0)	Description
TRUE	evaluated 8254 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	never evaluated

0-8254

1203

s->method->ssl_free(s);

executed 8254 times by 2 tests: s->method->ssl_free(s);

Executed by:

libssl.so.1.1
tls13encryptiontest

8254

1204 -

1205 RECORD_LAYER_release(&s->rlayer); -

1206 -

1207 SSL_CTX_free(s->ctx); -

1208 -

1209 ASYNC_WAIT_CTX_free(s->waitctx); -

1210 -

1211 #if !defined(OPENSSL_NO_NEXTPROTONEG) -

1212 OPENSSL_free(s->ext.npn); -

1213 #endif -

1214 -

1215 #ifndef OPENSSL_NO_SRTP -

1216 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); -

1217 #endif -

1218 -

1219 CRYPTO_THREAD_lock_free(s->lock); -

1220 -

1221 OPENSSL_free(s); -

1222

}

executed 8254 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

8254

1223 -

1224 void SSL_set0_rbio(SSL *s, BIO *rbio) -

1225 { -

1226 BIO_free_all(s->rbio); -

1227 s->rbio = rbio; -

1228

}

executed 8403 times by 1 test: end of block

Executed by:

libssl.so.1.1

8403

1229 -

1230 void SSL_set0_wbio(SSL *s, BIO *wbio) -

1231 { -

1232 /* -

1233 * If the output buffering BIO is still in place, remove it -

1234 */ -

1235

if (s->bbio != NULL)

s->bbio != ((void *)0)	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8395 times by 1 test Evaluated by: libssl.so.1.1

5-8395

1236

s->wbio = BIO_pop(s->wbio);

executed 5 times by 1 test: s->wbio = BIO_pop(s->wbio);

Executed by:

libssl.so.1.1

1237 -

1238 BIO_free_all(s->wbio); -

1239 s->wbio = wbio; -

1240 -

1241 /* Re-attach |bbio| to the new |wbio|. */ -

1242

if (s->bbio != NULL)

s->bbio != ((void *)0)	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8395 times by 1 test Evaluated by: libssl.so.1.1

5-8395

1243

s->wbio = BIO_push(s->bbio, s->wbio);

executed 5 times by 1 test: s->wbio = BIO_push(s->bbio, s->wbio);

Executed by:

libssl.so.1.1

1244

}

executed 8400 times by 1 test: end of block

Executed by:

libssl.so.1.1

8400

1245 -

1246 void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) -

1247 { -

1248 /* -

1249 * For historical reasons, this function has many different cases in -

1250 * ownership handling. -

1251 */ -

1252 -

1253 /* If nothing has changed, do nothing */ -

1254

if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))

rbio == SSL_get_rbio(s)	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8384 times by 1 test Evaluated by: libssl.so.1.1

wbio == SSL_get_wbio(s)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1

9-8384

1255

return;

executed 9 times by 1 test: return;

Executed by:

libssl.so.1.1

1256 -

1257 /* -

1258 * If the two arguments are equal then one fewer reference is granted by the -

1259 * caller than we want to take -

1260 */ -

1261

if (rbio != NULL && rbio == wbio)

rbio != ((void *)0)	Description
TRUE	evaluated 8346 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 56 times by 1 test Evaluated by: libssl.so.1.1

rbio == wbio	Description
TRUE	evaluated 514 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7832 times by 1 test Evaluated by: libssl.so.1.1

56-8346

1262

BIO_up_ref(rbio);

executed 514 times by 1 test: BIO_up_ref(rbio);

Executed by:

libssl.so.1.1

514

1263 -

1264 /* -

1265 * If only the wbio is changed only adopt one reference. -

1266 */ -

1267

if (rbio == SSL_get_rbio(s)) {

rbio == SSL_get_rbio(s)	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8384 times by 1 test Evaluated by: libssl.so.1.1

18-8384

1268 SSL_set0_wbio(s, wbio); -

1269

return;

executed 18 times by 1 test: return;

Executed by:

libssl.so.1.1

1270 } -

1271 /* -

1272 * There is an asymmetry here for historical reasons. If only the rbio is -

1273 * changed AND the rbio and wbio were originally different, then we only -

1274 * adopt one reference. -

1275 */ -

1276

if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {

wbio == SSL_get_wbio(s)	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8366 times by 1 test Evaluated by: libssl.so.1.1

SSL_get_rbio(s...SL_get_wbio(s)	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-8366

1277 SSL_set0_rbio(s, rbio); -

1278

return;

executed 12 times by 1 test: return;

Executed by:

libssl.so.1.1

1279 } -

1280 -

1281 /* Otherwise, adopt both references. */ -

1282 SSL_set0_rbio(s, rbio); -

1283 SSL_set0_wbio(s, wbio); -

1284

}

executed 8372 times by 1 test: end of block

Executed by:

libssl.so.1.1

8372

1285 -

1286 BIO *SSL_get_rbio(const SSL *s) -

1287 { -

1288

return s->rbio;

executed 53084 times by 1 test: return s->rbio;

Executed by:

libssl.so.1.1

53084

1289 } -

1290 -

1291 BIO *SSL_get_wbio(const SSL *s) -

1292 { -

1293

if (s->bbio != NULL) {

s->bbio != ((void *)0)	Description
TRUE	evaluated 5500 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8621 times by 1 test Evaluated by: libssl.so.1.1

5500-8621

1294 /* -

1295 * If |bbio| is active, the true caller-configured BIO is its -

1296 * |next_bio|. -

1297 */ -

1298

return BIO_next(s->bbio);

executed 5500 times by 1 test: return BIO_next(s->bbio);

Executed by:

libssl.so.1.1

5500

1299 } -

1300

return s->wbio;

executed 8621 times by 1 test: return s->wbio;

Executed by:

libssl.so.1.1

8621

1301 } -

1302 -

1303 int SSL_get_fd(const SSL *s) -

1304 { -

1305

return SSL_get_rfd(s);

executed 4156 times by 1 test: return SSL_get_rfd(s);

Executed by:

libssl.so.1.1

4156

1306 } -

1307 -

1308 int SSL_get_rfd(const SSL *s) -

1309 { -

1310 int ret = -1; -

1311 BIO *b, *r; -

1312 -

1313 b = SSL_get_rbio(s); -

1314 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); -

1315

if (r != NULL)

r != ((void *)0)	Description
TRUE	evaluated 4156 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4156

1316

BIO_get_fd(r, &ret);

executed 4156 times by 1 test: BIO_ctrl(r,105,0,(char *)(&ret));

Executed by:

libssl.so.1.1

4156

1317

return ret;

executed 4156 times by 1 test: return ret;

Executed by:

libssl.so.1.1

4156

1318 } -

1319 -

1320 int SSL_get_wfd(const SSL *s) -

1321 { -

1322 int ret = -1; -

1323 BIO *b, *r; -

1324 -

1325 b = SSL_get_wbio(s); -

1326 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); -

1327

if (r != NULL)

r != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1328

BIO_get_fd(r, &ret);

never executed: BIO_ctrl(r,105,0,(char *)(&ret));

1329

return ret;

never executed: return ret;

1330 } -

1331 -

1332 #ifndef OPENSSL_NO_SOCK -

1333 int SSL_set_fd(SSL *s, int fd) -

1334 { -

1335 int ret = 0; -

1336 BIO *bio = NULL; -

1337 -

1338 bio = BIO_new(BIO_s_socket()); -

1339 -

1340

if (bio == NULL) {

bio == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1341 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); -

1342

goto err;

never executed: goto err;

1343 } -

1344 BIO_set_fd(bio, fd, BIO_NOCLOSE); -

1345 SSL_set_bio(s, bio, bio); -

1346 ret = 1; -

1347

err:

code before this statement never executed: err:

1348

return ret;

never executed: return ret;

1349 } -

1350 -

1351 int SSL_set_wfd(SSL *s, int fd) -

1352 { -

1353 BIO *rbio = SSL_get_rbio(s); -

1354 -

1355

if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET

rbio == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

BIO_method_typ...0x0400\|0x0100)	Description
TRUE	never evaluated
FALSE	never evaluated

1356

|| (int)BIO_get_fd(rbio, NULL) != fd) {

(int)BIO_ctrl(... *)0) )) != fd	Description
TRUE	never evaluated
FALSE	never evaluated

1357 BIO *bio = BIO_new(BIO_s_socket()); -

1358 -

1359

if (bio == NULL) {

bio == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1360 SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); -

1361

return 0;

never executed: return 0;

1362 } -

1363 BIO_set_fd(bio, fd, BIO_NOCLOSE); -

1364 SSL_set0_wbio(s, bio); -

1365

} else {

never executed: end of block

1366 BIO_up_ref(rbio); -

1367 SSL_set0_wbio(s, rbio); -

1368

}

never executed: end of block

1369

return 1;

never executed: return 1;

1370 } -

1371 -

1372 int SSL_set_rfd(SSL *s, int fd) -

1373 { -

1374 BIO *wbio = SSL_get_wbio(s); -

1375 -

1376

if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET

wbio == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

BIO_method_typ...0x0400\|0x0100)	Description
TRUE	never evaluated
FALSE	never evaluated

1377

|| ((int)BIO_get_fd(wbio, NULL) != fd)) {

((int)BIO_ctrl...*)0) )) != fd)	Description
TRUE	never evaluated
FALSE	never evaluated

1378 BIO *bio = BIO_new(BIO_s_socket()); -

1379 -

1380

if (bio == NULL) {

bio == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1381 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); -

1382

return 0;

never executed: return 0;

1383 } -

1384 BIO_set_fd(bio, fd, BIO_NOCLOSE); -

1385 SSL_set0_rbio(s, bio); -

1386

} else {

never executed: end of block

1387 BIO_up_ref(wbio); -

1388 SSL_set0_rbio(s, wbio); -

1389

}

never executed: end of block

1390 -

1391

return 1;

never executed: return 1;

1392 } -

1393 #endif -

1394 -

1395 /* return length of latest Finished message we sent, copy to 'buf' */ -

1396 size_t SSL_get_finished(const SSL *s, void *buf, size_t count) -

1397 { -

1398 size_t ret = 0; -

1399 -

1400

if (s->s3 != NULL) {

s->s3 != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1401 ret = s->s3->tmp.finish_md_len; -

1402

if (count > ret)

count > ret	Description
TRUE	never evaluated
FALSE	never evaluated

1403

count = ret;

never executed: count = ret;

1404 memcpy(buf, s->s3->tmp.finish_md, count); -

1405

}

never executed: end of block

1406

return ret;

never executed: return ret;

1407 } -

1408 -

1409 /* return length of latest Finished message we expected, copy to 'buf' */ -

1410 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) -

1411 { -

1412 size_t ret = 0; -

1413 -

1414

if (s->s3 != NULL) {

s->s3 != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1415 ret = s->s3->tmp.peer_finish_md_len; -

1416

if (count > ret)

count > ret	Description
TRUE	never evaluated
FALSE	never evaluated

1417

count = ret;

never executed: count = ret;

1418 memcpy(buf, s->s3->tmp.peer_finish_md, count); -

1419

}

never executed: end of block

1420

return ret;

never executed: return ret;

1421 } -

1422 -

1423 int SSL_get_verify_mode(const SSL *s) -

1424 { -

1425

return s->verify_mode;

never executed: return s->verify_mode;

1426 } -

1427 -

1428 int SSL_get_verify_depth(const SSL *s) -

1429 { -

1430

return X509_VERIFY_PARAM_get_depth(s->param);

never executed: return X509_VERIFY_PARAM_get_depth(s->param);

1431 } -

1432 -

1433 int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { -

1434

return s->verify_callback;

executed 49 times by 1 test: return s->verify_callback;

Executed by:

libssl.so.1.1

1435 } -

1436 -

1437 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) -

1438 { -

1439

return ctx->verify_mode;

never executed: return ctx->verify_mode;

1440 } -

1441 -

1442 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) -

1443 { -

1444

return X509_VERIFY_PARAM_get_depth(ctx->param);

never executed: return X509_VERIFY_PARAM_get_depth(ctx->param);

1445 } -

1446 -

1447 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { -

1448

return ctx->default_verify_callback;

never executed: return ctx->default_verify_callback;

1449 } -

1450 -

1451 void SSL_set_verify(SSL *s, int mode, -

1452 int (*callback) (int ok, X509_STORE_CTX *ctx)) -

1453 { -

1454 s->verify_mode = mode; -

1455

if (callback != NULL)

callback != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

1456

s->verify_callback = callback;

never executed: s->verify_callback = callback;

1457

}

executed 20 times by 1 test: end of block

Executed by:

libssl.so.1.1

1458 -

1459 void SSL_set_verify_depth(SSL *s, int depth) -

1460 { -

1461 X509_VERIFY_PARAM_set_depth(s->param, depth); -

1462

}

never executed: end of block

1463 -

1464 void SSL_set_read_ahead(SSL *s, int yes) -

1465 { -

1466 RECORD_LAYER_set_read_ahead(&s->rlayer, yes); -

1467

}

never executed: end of block

1468 -

1469 int SSL_get_read_ahead(const SSL *s) -

1470 { -

1471

return RECORD_LAYER_get_read_ahead(&s->rlayer);

never executed: return ((&s->rlayer)->read_ahead);

1472 } -

1473 -

1474 int SSL_pending(const SSL *s) -

1475 { -

1476 size_t pending = s->method->ssl_pending(s); -

1477 -

1478 /* -

1479 * SSL_pending cannot work properly if read-ahead is enabled -

1480 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is -

1481 * impossible to fix since SSL_pending cannot report errors that may be -

1482 * observed while scanning the new data. (Note that SSL_pending() is -

1483 * often used as a boolean value, so we'd better not return -1.) -

1484 * -

1485 * SSL_pending also cannot work properly if the value >INT_MAX. In that case -

1486 * we just return INT_MAX. -

1487 */ -

1488

return pending < INT_MAX ? (int)pending : INT_MAX;

executed 1570 times by 1 test: return pending < 0x7fffffff ? (int)pending : 0x7fffffff;

Executed by:

libssl.so.1.1

pending < 0x7fffffff	Description
TRUE	evaluated 1570 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1570

1489 } -

1490 -

1491 int SSL_has_pending(const SSL *s) -

1492 { -

1493 /* -

1494 * Similar to SSL_pending() but returns a 1 to indicate that we have -

1495 * unprocessed data available or 0 otherwise (as opposed to the number of -

1496 * bytes available). Unlike SSL_pending() this will take into account -

1497 * read_ahead data. A 1 return simply indicates that we have unprocessed -

1498 * data. That data may not result in any application data, or we may fail -

1499 * to parse the records for some reason. -

1500 */ -

1501

if (RECORD_LAYER_processed_read_pending(&s->rlayer))

RECORD_LAYER_p...ng(&s->rlayer)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 569 times by 1 test Evaluated by: libssl.so.1.1

2-569

1502

return 1;

executed 2 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1503 -

1504

return RECORD_LAYER_read_pending(&s->rlayer);

executed 569 times by 1 test: return RECORD_LAYER_read_pending(&s->rlayer);

Executed by:

libssl.so.1.1

569

1505 } -

1506 -

1507 X509 *SSL_get_peer_certificate(const SSL *s) -

1508 { -

1509 X509 *r; -

1510 -

1511

if ((s == NULL) || (s->session == NULL))

(s == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2877 times by 1 test Evaluated by: libssl.so.1.1

(s->session == ((void *)0) )	Description
TRUE	evaluated 260 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2617 times by 1 test Evaluated by: libssl.so.1.1

0-2877

1512

r = NULL;

executed 260 times by 1 test: r = ((void *)0) ;

Executed by:

libssl.so.1.1

260

1513 else -

1514

r = s->session->peer;

executed 2617 times by 1 test: r = s->session->peer;

Executed by:

libssl.so.1.1

2617

1515 -

1516

if (r == NULL)

r == ((void *)0)	Description
TRUE	evaluated 1614 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1263 times by 1 test Evaluated by: libssl.so.1.1

1263-1614

1517

return r;

executed 1614 times by 1 test: return r;

Executed by:

libssl.so.1.1

1614

1518 -

1519 X509_up_ref(r); -

1520 -

1521

return r;

executed 1263 times by 1 test: return r;

Executed by:

libssl.so.1.1

1263

1522 } -

1523 -

1524 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) -

1525 { -

1526 STACK_OF(X509) *r; -

1527 -

1528

if ((s == NULL) || (s->session == NULL))

(s == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 191 times by 1 test Evaluated by: libssl.so.1.1

(s->session == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 191 times by 1 test Evaluated by: libssl.so.1.1

0-191

1529

r = NULL;

never executed: r = ((void *)0) ;

1530 else -

1531

r = s->session->peer_chain;

executed 191 times by 1 test: r = s->session->peer_chain;

Executed by:

libssl.so.1.1

191

1532 -

1533 /* -

1534 * If we are a client, cert_chain includes the peer's own certificate; if -

1535 * we are a server, it does not. -

1536 */ -

1537 -

1538

return r;

executed 191 times by 1 test: return r;

Executed by:

libssl.so.1.1

191

1539 } -

1540 -

1541 /* -

1542 * Now in theory, since the calling process own 't' it should be safe to -

1543 * modify. We need to be able to read f without being hassled -

1544 */ -

1545 int SSL_copy_session_id(SSL *t, const SSL *f) -

1546 { -

1547 int i; -

1548 /* Do we need to to SSL locking? */ -

1549

if (!SSL_set_session(t, SSL_get_session(f))) {

!SSL_set_sessi...et_session(f))	Description
TRUE	never evaluated
FALSE	never evaluated

1550

return 0;

never executed: return 0;

1551 } -

1552 -

1553 /* -

1554 * what if we are setup for one protocol version but want to talk another -

1555 */ -

1556

if (t->method != f->method) {

t->method != f->method	Description
TRUE	never evaluated
FALSE	never evaluated

1557 t->method->ssl_free(t); -

1558 t->method = f->method; -

1559

if (t->method->ssl_new(t) == 0)

t->method->ssl_new(t) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

1560

return 0;

never executed: return 0;

1561

}

never executed: end of block

1562 -

1563 CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock); -

1564 ssl_cert_free(t->cert); -

1565 t->cert = f->cert; -

1566

if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {

!SSL_set_sessi...id_ctx_length)	Description
TRUE	never evaluated
FALSE	never evaluated

1567

return 0;

never executed: return 0;

1568 } -

1569 -

1570

return 1;

never executed: return 1;

1571 } -

1572 -

1573 /* Fix this so it checks all the valid key/cert options */ -

1574 int SSL_CTX_check_private_key(const SSL_CTX *ctx) -

1575 { -

1576

if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {

(ctx == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 515 times by 1 test Evaluated by: libssl.so.1.1

(ctx->cert->ke... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 515 times by 1 test Evaluated by: libssl.so.1.1

0-515

1577 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); -

1578

return 0;

never executed: return 0;

1579 } -

1580

if (ctx->cert->key->privatekey == NULL) {

ctx->cert->key...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 515 times by 1 test Evaluated by: libssl.so.1.1

0-515

1581 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); -

1582

return 0;

never executed: return 0;

1583 } -

1584

return X509_check_private_key

executed 515 times by 1 test: return X509_check_private_key (ctx->cert->key->x509, ctx->cert->key->privatekey);

Executed by:

libssl.so.1.1

515

1585

(ctx->cert->key->x509, ctx->cert->key->privatekey);

executed 515 times by 1 test: return X509_check_private_key (ctx->cert->key->x509, ctx->cert->key->privatekey);

Executed by:

libssl.so.1.1

515

1586 } -

1587 -

1588 /* Fix this function so that it takes an optional type parameter */ -

1589 int SSL_check_private_key(const SSL *ssl) -

1590 { -

1591

if (ssl == NULL) {

ssl == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

1592 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); -

1593

return 0;

never executed: return 0;

1594 } -

1595

if (ssl->cert->key->x509 == NULL) {

ssl->cert->key...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

1596 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); -

1597

return 0;

never executed: return 0;

1598 } -

1599

if (ssl->cert->key->privatekey == NULL) {

ssl->cert->key...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

1600 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); -

1601

return 0;

never executed: return 0;

1602 } -

1603

return X509_check_private_key(ssl->cert->key->x509,

executed 2 times by 1 test: return X509_check_private_key(ssl->cert->key->x509, ssl->cert->key->privatekey);

Executed by:

libssl.so.1.1

1604

ssl->cert->key->privatekey);

executed 2 times by 1 test: return X509_check_private_key(ssl->cert->key->x509, ssl->cert->key->privatekey);

Executed by:

libssl.so.1.1

1605 } -

1606 -

1607 int SSL_waiting_for_async(SSL *s) -

1608 { -

1609

if (s->job)

s->job	Description
TRUE	never evaluated
FALSE	never evaluated

1610

return 1;

never executed: return 1;

1611 -

1612

return 0;

never executed: return 0;

1613 } -

1614 -

1615 int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds) -

1616 { -

1617 ASYNC_WAIT_CTX *ctx = s->waitctx; -

1618 -

1619

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1620

return 0;

never executed: return 0;

1621

return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);

never executed: return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);

1622 } -

1623 -

1624 int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, -

1625 OSSL_ASYNC_FD *delfd, size_t *numdelfds) -

1626 { -

1627 ASYNC_WAIT_CTX *ctx = s->waitctx; -

1628 -

1629

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1630

return 0;

never executed: return 0;

1631

return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,

never executed: return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, numdelfds);

1632

numdelfds);

never executed: return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, numdelfds);

1633 } -

1634 -

1635 int SSL_accept(SSL *s) -

1636 { -

1637

if (s->handshake_func == NULL) {

s->handshake_f...== ((void *)0)	Description
TRUE	evaluated 414 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7144 times by 1 test Evaluated by: libssl.so.1.1

414-7144

1638 /* Not properly initialized yet */ -

1639 SSL_set_accept_state(s); -

1640

}

executed 414 times by 1 test: end of block

Executed by:

libssl.so.1.1

414

1641 -

1642

return SSL_do_handshake(s);

executed 7558 times by 1 test: return SSL_do_handshake(s);

Executed by:

libssl.so.1.1

7558

1643 } -

1644 -

1645 int SSL_connect(SSL *s) -

1646 { -

1647

if (s->handshake_func == NULL) {

s->handshake_f...== ((void *)0)	Description
TRUE	evaluated 402 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6538 times by 1 test Evaluated by: libssl.so.1.1

402-6538

1648 /* Not properly initialized yet */ -

1649 SSL_set_connect_state(s); -

1650

}

executed 402 times by 1 test: end of block

Executed by:

libssl.so.1.1

402

1651 -

1652

return SSL_do_handshake(s);

executed 6940 times by 1 test: return SSL_do_handshake(s);

Executed by:

libssl.so.1.1

6940

1653 } -

1654 -

1655 long SSL_get_default_timeout(const SSL *s) -

1656 { -

1657

return s->method->get_timeout();

never executed: return s->method->get_timeout();

1658 } -

1659 -

1660 static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, -

1661 int (*func) (void *)) -

1662 { -

1663 int ret; -

1664

if (s->waitctx == NULL) {

s->waitctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1665 s->waitctx = ASYNC_WAIT_CTX_new(); -

1666

if (s->waitctx == NULL)

s->waitctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1667

return -1;

never executed: return -1;

1668

}

never executed: end of block

1669 switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, -

1670 sizeof(struct ssl_async_args))) { -

1671

case ASYNC_ERR:

never executed: case 0:

1672 s->rwstate = SSL_NOTHING; -

1673 SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC); -

1674

return -1;

never executed: return -1;

1675

case ASYNC_PAUSE:

never executed: case 2:

1676 s->rwstate = SSL_ASYNC_PAUSED; -

1677

return -1;

never executed: return -1;

1678

case ASYNC_NO_JOBS:

never executed: case 1:

1679 s->rwstate = SSL_ASYNC_NO_JOBS; -

1680

return -1;

never executed: return -1;

1681

case ASYNC_FINISH:

never executed: case 3:

1682 s->job = NULL; -

1683

return ret;

never executed: return ret;

1684

default:

never executed: default:

1685 s->rwstate = SSL_NOTHING; -

1686 SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR); -

1687 /* Shouldn't happen */ -

1688

return -1;

never executed: return -1;

1689 } -

1690 } -

1691 -

1692 static int ssl_io_intern(void *vargs) -

1693 { -

1694 struct ssl_async_args *args; -

1695 SSL *s; -

1696 void *buf; -

1697 size_t num; -

1698 -

1699 args = (struct ssl_async_args *)vargs; -

1700 s = args->s; -

1701 buf = args->buf; -

1702 num = args->num; -

1703 switch (args->type) { -

1704

case READFUNC:

never executed: case READFUNC:

1705

return args->f.func_read(s, buf, num, &s->asyncrw);

never executed: return args->f.func_read(s, buf, num, &s->asyncrw);

1706

case WRITEFUNC:

never executed: case WRITEFUNC:

1707

return args->f.func_write(s, buf, num, &s->asyncrw);

never executed: return args->f.func_write(s, buf, num, &s->asyncrw);

1708

case OTHERFUNC:

never executed: case OTHERFUNC:

1709

return args->f.func_other(s);

never executed: return args->f.func_other(s);

1710 } -

1711

return -1;

never executed: return -1;

1712 } -

1713 -

1714 int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) -

1715 { -

1716

if (s->handshake_func == NULL) {

s->handshake_f...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 21656 times by 1 test Evaluated by: libssl.so.1.1

0-21656

1717 SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED); -

1718

return -1;

never executed: return -1;

1719 } -

1720 -

1721

if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {

s->shutdown & 2	Description
TRUE	evaluated 110 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21546 times by 1 test Evaluated by: libssl.so.1.1

110-21546

1722 s->rwstate = SSL_NOTHING; -

1723

return 0;

executed 110 times by 1 test: return 0;

Executed by:

libssl.so.1.1

110

1724 } -

1725 -

1726

if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY

s->early_data_..._CONNECT_RETRY	Description
TRUE	never evaluated
FALSE	evaluated 21546 times by 1 test Evaluated by: libssl.so.1.1

0-21546

1727

|| s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {

s->early_data_...A_ACCEPT_RETRY	Description
TRUE	never evaluated
FALSE	evaluated 21546 times by 1 test Evaluated by: libssl.so.1.1

0-21546

1728 SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

1729

return 0;

never executed: return 0;

1730 } -

1731 /* -

1732 * If we are a client and haven't received the ServerHello etc then we -

1733 * better do that -

1734 */ -

1735 ossl_statem_check_finish_init(s, 0); -

1736 -

1737

if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {

(s->mode & 0x00000100U)	Description
TRUE	never evaluated
FALSE	evaluated 21546 times by 1 test Evaluated by: libssl.so.1.1

ASYNC_get_curr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-21546

1738 struct ssl_async_args args; -

1739 int ret; -

1740 -

1741 args.s = s; -

1742 args.buf = buf; -

1743 args.num = num; -

1744 args.type = READFUNC; -

1745 args.f.func_read = s->method->ssl_read; -

1746 -

1747 ret = ssl_start_async_job(s, &args, ssl_io_intern); -

1748 *readbytes = s->asyncrw; -

1749

return ret;

never executed: return ret;

1750 } else { -

1751

return s->method->ssl_read(s, buf, num, readbytes);

executed 21546 times by 1 test: return s->method->ssl_read(s, buf, num, readbytes);

Executed by:

libssl.so.1.1

21546

1752 } -

1753 } -

1754 -

1755 int SSL_read(SSL *s, void *buf, int num) -

1756 { -

1757 int ret; -

1758 size_t readbytes; -

1759 -

1760

if (num < 0) {

num < 0	Description
TRUE	never evaluated
FALSE	evaluated 10615 times by 1 test Evaluated by: libssl.so.1.1

0-10615

1761 SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH); -

1762

return -1;

never executed: return -1;

1763 } -

1764 -

1765 ret = ssl_read_internal(s, buf, (size_t)num, &readbytes); -

1766 -

1767 /* -

1768 * The cast is safe here because ret should be <= INT_MAX because num is -

1769 * <= INT_MAX -

1770 */ -

1771

if (ret > 0)

ret > 0	Description
TRUE	evaluated 9165 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1450 times by 1 test Evaluated by: libssl.so.1.1

1450-9165

1772

ret = (int)readbytes;

executed 9165 times by 1 test: ret = (int)readbytes;

Executed by:

libssl.so.1.1

9165

1773 -

1774

return ret;

executed 10615 times by 1 test: return ret;

Executed by:

libssl.so.1.1

10615

1775 } -

1776 -

1777 int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes) -

1778 { -

1779 int ret = ssl_read_internal(s, buf, num, readbytes); -

1780 -

1781

if (ret < 0)

ret < 0	Description
TRUE	evaluated 777 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 73 times by 1 test Evaluated by: libssl.so.1.1

73-777

1782

ret = 0;

executed 777 times by 1 test: ret = 0;

Executed by:

libssl.so.1.1

777

1783

return ret;

executed 850 times by 1 test: return ret;

Executed by:

libssl.so.1.1

850

1784 } -

1785 -

1786 int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) -

1787 { -

1788 int ret; -

1789 -

1790

if (!s->server) {

!s->server	Description
TRUE	never evaluated
FALSE	evaluated 697 times by 1 test Evaluated by: libssl.so.1.1

0-697

1791 SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

1792

return SSL_READ_EARLY_DATA_ERROR;

never executed: return 0;

1793 } -

1794 -

1795 switch (s->early_data_state) { -

1796

case SSL_EARLY_DATA_NONE:

executed 675 times by 1 test: case SSL_EARLY_DATA_NONE:

Executed by:

libssl.so.1.1

675

1797

if (!SSL_in_before(s)) {

!SSL_in_before(s)	Description
TRUE	never evaluated
FALSE	evaluated 675 times by 1 test Evaluated by: libssl.so.1.1

0-675

1798 SSLerr(SSL_F_SSL_READ_EARLY_DATA, -

1799 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

1800

return SSL_READ_EARLY_DATA_ERROR;

never executed: return 0;

1801 } -

1802 /* fall through */ -

1803 -

1804

case SSL_EARLY_DATA_ACCEPT_RETRY:

code before this statement executed 675 times by 1 test: case SSL_EARLY_DATA_ACCEPT_RETRY:

Executed by:

libssl.so.1.1

executed 3 times by 1 test: case SSL_EARLY_DATA_ACCEPT_RETRY:

Executed by:

libssl.so.1.1

3-675

1805 s->early_data_state = SSL_EARLY_DATA_ACCEPTING; -

1806 ret = SSL_accept(s); -

1807

if (ret <= 0) {

ret <= 0	Description
TRUE	evaluated 519 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 159 times by 1 test Evaluated by: libssl.so.1.1

159-519

1808 /* NBIO or error */ -

1809 s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY; -

1810

return SSL_READ_EARLY_DATA_ERROR;

executed 519 times by 1 test: return 0;

Executed by:

libssl.so.1.1

519

1811 } -

1812 /* fall through */ -

1813 -

1814

case SSL_EARLY_DATA_READ_RETRY:

code before this statement executed 159 times by 1 test: case SSL_EARLY_DATA_READ_RETRY:

Executed by:

libssl.so.1.1

executed 13 times by 1 test: case SSL_EARLY_DATA_READ_RETRY:

Executed by:

libssl.so.1.1

13-159

1815

if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {

s->ext.early_data == 2	Description
TRUE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 137 times by 1 test Evaluated by: libssl.so.1.1

35-137

1816 s->early_data_state = SSL_EARLY_DATA_READING; -

1817 ret = SSL_read_ex(s, buf, num, readbytes); -

1818 /* -

1819 * State machine will update early_data_state to -

1820 * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData -

1821 * message -

1822 */ -

1823

if (ret > 0 || (ret <= 0 && s->early_data_state

ret > 0	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1

ret <= 0	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->early_data_...NISHED_READING	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-21

1824

!= SSL_EARLY_DATA_FINISHED_READING)) {

s->early_data_...NISHED_READING	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

4-10

1825 s->early_data_state = SSL_EARLY_DATA_READ_RETRY; -

1826

return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS

executed 25 times by 1 test: return ret > 0 ? 1 : 0;

Executed by:

libssl.so.1.1

ret > 0	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-25

1827

: SSL_READ_EARLY_DATA_ERROR;

executed 25 times by 1 test: return ret > 0 ? 1 : 0;

Executed by:

libssl.so.1.1

1828 } -

1829

} else {

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

1830 s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; -

1831

}

executed 137 times by 1 test: end of block

Executed by:

libssl.so.1.1

137

1832 *readbytes = 0; -

1833

return SSL_READ_EARLY_DATA_FINISH;

executed 147 times by 1 test: return 2;

Executed by:

libssl.so.1.1

147

1834 -

1835

default:

executed 6 times by 1 test: default:

Executed by:

libssl.so.1.1

1836 SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

1837

return SSL_READ_EARLY_DATA_ERROR;

executed 6 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1838 } -

1839 } -

1840 -

1841 int SSL_get_early_data_status(const SSL *s) -

1842 { -

1843

return s->ext.early_data;

executed 162 times by 1 test: return s->ext.early_data;

Executed by:

libssl.so.1.1

162

1844 } -

1845 -

1846 static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) -

1847 { -

1848

if (s->handshake_func == NULL) {

s->handshake_f...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1849 SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED); -

1850

return -1;

never executed: return -1;

1851 } -

1852 -

1853

if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {

s->shutdown & 2	Description
TRUE	never evaluated
FALSE	never evaluated

1854

return 0;

never executed: return 0;

1855 } -

1856

if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {

(s->mode & 0x00000100U)	Description
TRUE	never evaluated
FALSE	never evaluated

ASYNC_get_curr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

1857 struct ssl_async_args args; -

1858 int ret; -

1859 -

1860 args.s = s; -

1861 args.buf = buf; -

1862 args.num = num; -

1863 args.type = READFUNC; -

1864 args.f.func_read = s->method->ssl_peek; -

1865 -

1866 ret = ssl_start_async_job(s, &args, ssl_io_intern); -

1867 *readbytes = s->asyncrw; -

1868

return ret;

never executed: return ret;

1869 } else { -

1870

return s->method->ssl_peek(s, buf, num, readbytes);

never executed: return s->method->ssl_peek(s, buf, num, readbytes);

1871 } -

1872 } -

1873 -

1874 int SSL_peek(SSL *s, void *buf, int num) -

1875 { -

1876 int ret; -

1877 size_t readbytes; -

1878 -

1879

if (num < 0) {

num < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1880 SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH); -

1881

return -1;

never executed: return -1;

1882 } -

1883 -

1884 ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes); -

1885 -

1886 /* -

1887 * The cast is safe here because ret should be <= INT_MAX because num is -

1888 * <= INT_MAX -

1889 */ -

1890

if (ret > 0)

ret > 0	Description
TRUE	never evaluated
FALSE	never evaluated

1891

ret = (int)readbytes;

never executed: ret = (int)readbytes;

1892 -

1893

return ret;

never executed: return ret;

1894 } -

1895 -

1896 -

1897 int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) -

1898 { -

1899 int ret = ssl_peek_internal(s, buf, num, readbytes); -

1900 -

1901

if (ret < 0)

ret < 0	Description
TRUE	never evaluated
FALSE	never evaluated

1902

ret = 0;

never executed: ret = 0;

1903

return ret;

never executed: return ret;

1904 } -

1905 -

1906 int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) -

1907 { -

1908

if (s->handshake_func == NULL) {

s->handshake_f...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6416 times by 1 test Evaluated by: libssl.so.1.1

0-6416

1909 SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED); -

1910

return -1;

never executed: return -1;

1911 } -

1912 -

1913

if (s->shutdown & SSL_SENT_SHUTDOWN) {

s->shutdown & 1	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6405 times by 1 test Evaluated by: libssl.so.1.1

11-6405

1914 s->rwstate = SSL_NOTHING; -

1915 SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN); -

1916

return -1;

executed 11 times by 1 test: return -1;

Executed by:

libssl.so.1.1

1917 } -

1918 -

1919

if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY

s->early_data_..._CONNECT_RETRY	Description
TRUE	never evaluated
FALSE	evaluated 6405 times by 1 test Evaluated by: libssl.so.1.1

0-6405

1920

|| s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY

s->early_data_...A_ACCEPT_RETRY	Description
TRUE	never evaluated
FALSE	evaluated 6405 times by 1 test Evaluated by: libssl.so.1.1

0-6405

1921

|| s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {

s->early_data_...ATA_READ_RETRY	Description
TRUE	never evaluated
FALSE	evaluated 6405 times by 1 test Evaluated by: libssl.so.1.1

0-6405

1922 SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

1923

return 0;

never executed: return 0;

1924 } -

1925 /* If we are a client and haven't sent the Finished we better do that */ -

1926 ossl_statem_check_finish_init(s, 1); -

1927 -

1928

if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {

(s->mode & 0x00000100U)	Description
TRUE	never evaluated
FALSE	evaluated 6405 times by 1 test Evaluated by: libssl.so.1.1

ASYNC_get_curr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-6405

1929 int ret; -

1930 struct ssl_async_args args; -

1931 -

1932 args.s = s; -

1933 args.buf = (void *)buf; -

1934 args.num = num; -

1935 args.type = WRITEFUNC; -

1936 args.f.func_write = s->method->ssl_write; -

1937 -

1938 ret = ssl_start_async_job(s, &args, ssl_io_intern); -

1939 *written = s->asyncrw; -

1940

return ret;

never executed: return ret;

1941 } else { -

1942

return s->method->ssl_write(s, buf, num, written);

executed 6405 times by 1 test: return s->method->ssl_write(s, buf, num, written);

Executed by:

libssl.so.1.1

6405

1943 } -

1944 } -

1945 -

1946 int SSL_write(SSL *s, const void *buf, int num) -

1947 { -

1948 int ret; -

1949 size_t written; -

1950 -

1951

if (num < 0) {

num < 0	Description
TRUE	never evaluated
FALSE	evaluated 3371 times by 1 test Evaluated by: libssl.so.1.1

0-3371

1952 SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH); -

1953

return -1;

never executed: return -1;

1954 } -

1955 -

1956 ret = ssl_write_internal(s, buf, (size_t)num, &written); -

1957 -

1958 /* -

1959 * The cast is safe here because ret should be <= INT_MAX because num is -

1960 * <= INT_MAX -

1961 */ -

1962

if (ret > 0)

ret > 0	Description
TRUE	evaluated 3293 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 78 times by 1 test Evaluated by: libssl.so.1.1

78-3293

1963

ret = (int)written;

executed 3293 times by 1 test: ret = (int)written;

Executed by:

libssl.so.1.1

3293

1964 -

1965

return ret;

executed 3371 times by 1 test: return ret;

Executed by:

libssl.so.1.1

3371

1966 } -

1967 -

1968 int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written) -

1969 { -

1970 int ret = ssl_write_internal(s, buf, num, written); -

1971 -

1972

if (ret < 0)

ret < 0	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 94 times by 1 test Evaluated by: libssl.so.1.1

26-94

1973

ret = 0;

executed 26 times by 1 test: ret = 0;

Executed by:

libssl.so.1.1

1974

return ret;

executed 120 times by 1 test: return ret;

Executed by:

libssl.so.1.1

120

1975 } -

1976 -

1977 int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) -

1978 { -

1979 int ret, early_data_state; -

1980 size_t writtmp; -

1981 uint32_t partialwrite; -

1982 -

1983 switch (s->early_data_state) { -

1984

case SSL_EARLY_DATA_NONE:

executed 53 times by 1 test: case SSL_EARLY_DATA_NONE:

Executed by:

libssl.so.1.1

1985

if (s->server

s->server	Description
TRUE	never evaluated
FALSE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1

0-53

1986

|| !SSL_in_before(s)

!SSL_in_before(s)	Description
TRUE	never evaluated
FALSE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1

0-53

1987

|| ((s->session == NULL || s->session->ext.max_early_data == 0)

s->session == ((void *)0)	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1

s->session->ex...arly_data == 0	Description
TRUE	never evaluated
FALSE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1

0-38

1988

&& (s->psk_use_session_cb == NULL))) {

(s->psk_use_se... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

0-15

1989 SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, -

1990 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

1991

return 0;

never executed: return 0;

1992 } -

1993 /* fall through */ -

1994 -

1995

case SSL_EARLY_DATA_CONNECT_RETRY:

code before this statement executed 53 times by 1 test: case SSL_EARLY_DATA_CONNECT_RETRY:

Executed by:

libssl.so.1.1

never executed: case SSL_EARLY_DATA_CONNECT_RETRY:

0-53

1996 s->early_data_state = SSL_EARLY_DATA_CONNECTING; -

1997 ret = SSL_connect(s); -

1998

if (ret <= 0) {

ret <= 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

3-50

1999 /* NBIO or error */ -

2000 s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY; -

2001

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2002 } -

2003 /* fall through */ -

2004 -

2005

case SSL_EARLY_DATA_WRITE_RETRY:

code before this statement executed 50 times by 1 test: case SSL_EARLY_DATA_WRITE_RETRY:

Executed by:

libssl.so.1.1

executed 3 times by 1 test: case SSL_EARLY_DATA_WRITE_RETRY:

Executed by:

libssl.so.1.1

3-50

2006 s->early_data_state = SSL_EARLY_DATA_WRITING; -

2007 /* -

2008 * We disable partial write for early data because we don't keep track -

2009 * of how many bytes we've written between the SSL_write_ex() call and -

2010 * the flush if the flush needs to be retried) -

2011 */ -

2012 partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE; -

2013 s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; -

2014 ret = SSL_write_ex(s, buf, num, &writtmp); -

2015 s->mode |= partialwrite; -

2016

if (!ret) {

!ret	Description
TRUE	never evaluated
FALSE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1

0-53

2017 s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; -

2018

return ret;

never executed: return ret;

2019 } -

2020 s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH; -

2021 /* fall through */ -

2022 -

2023

case SSL_EARLY_DATA_WRITE_FLUSH:

code before this statement executed 53 times by 1 test: case SSL_EARLY_DATA_WRITE_FLUSH:

Executed by:

libssl.so.1.1

never executed: case SSL_EARLY_DATA_WRITE_FLUSH:

0-53

2024 /* The buffering BIO is still in place so we need to flush it */ -

2025

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	never evaluated
FALSE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1

0-53

2026

return 0;

never executed: return 0;

2027 *written = num; -

2028 s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; -

2029

return 1;

executed 53 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2030 -

2031

case SSL_EARLY_DATA_FINISHED_READING:

executed 3 times by 1 test: case SSL_EARLY_DATA_FINISHED_READING:

Executed by:

libssl.so.1.1

2032

case SSL_EARLY_DATA_READ_RETRY:

executed 6 times by 1 test: case SSL_EARLY_DATA_READ_RETRY:

Executed by:

libssl.so.1.1

2033 early_data_state = s->early_data_state; -

2034 /* We are a server writing to an unauthenticated client */ -

2035 s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; -

2036 ret = SSL_write_ex(s, buf, num, written); -

2037 /* The buffering BIO is still in place */ -

2038

if (ret)

ret	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-9

2039

(void)BIO_flush(s->wbio);

executed 9 times by 1 test: (void)(int)BIO_ctrl(s->wbio,11,0, ((void *)0) );

Executed by:

libssl.so.1.1

2040 s->early_data_state = early_data_state; -

2041

return ret;

executed 9 times by 1 test: return ret;

Executed by:

libssl.so.1.1

2042 -

2043

default:

executed 6 times by 1 test: default:

Executed by:

libssl.so.1.1

2044 SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

2045

return 0;

executed 6 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2046 } -

2047 } -

2048 -

2049 int SSL_shutdown(SSL *s) -

2050 { -

2051 /* -

2052 * Note that this function behaves differently from what one might -

2053 * expect. Return values are 0 for no success (yet), 1 for success; but -

2054 * calling it once is usually not enough, even if blocking I/O is used -

2055 * (see ssl3_shutdown). -

2056 */ -

2057 -

2058

if (s->handshake_func == NULL) {

s->handshake_f...== ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4751 times by 1 test Evaluated by: libssl.so.1.1

4-4751

2059 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); -

2060

return -1;

executed 4 times by 1 test: return -1;

Executed by:

libssl.so.1.1

2061 } -

2062 -

2063

if (!SSL_in_init(s)) {

!SSL_in_init(s)	Description
TRUE	evaluated 4591 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 160 times by 1 test Evaluated by: libssl.so.1.1

160-4591

2064

if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {

(s->mode & 0x00000100U)	Description
TRUE	never evaluated
FALSE	evaluated 4591 times by 1 test Evaluated by: libssl.so.1.1

ASYNC_get_curr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-4591

2065 struct ssl_async_args args; -

2066 -

2067 args.s = s; -

2068 args.type = OTHERFUNC; -

2069 args.f.func_other = s->method->ssl_shutdown; -

2070 -

2071

return ssl_start_async_job(s, &args, ssl_io_intern);

never executed: return ssl_start_async_job(s, &args, ssl_io_intern);

2072 } else { -

2073

return s->method->ssl_shutdown(s);

executed 4591 times by 1 test: return s->method->ssl_shutdown(s);

Executed by:

libssl.so.1.1

4591

2074 } -

2075 } else { -

2076 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT); -

2077

return -1;

executed 160 times by 1 test: return -1;

Executed by:

libssl.so.1.1

160

2078 } -

2079 } -

2080 -

2081 int SSL_key_update(SSL *s, int updatetype) -

2082 { -

2083 /* -

2084 * TODO(TLS1.3): How will applications know whether TLSv1.3 has been -

2085 * negotiated, and that it is appropriate to call SSL_key_update() instead -

2086 * of SSL_renegotiate(). -

2087 */ -

2088

if (!SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-6

2089 SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION); -

2090

return 0;

never executed: return 0;

2091 } -

2092 -

2093

if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED

updatetype != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

2094

&& updatetype != SSL_KEY_UPDATE_REQUESTED) {

updatetype != 1	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

2095 SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE); -

2096

return 0;

never executed: return 0;

2097 } -

2098 -

2099

if (!SSL_is_init_finished(s)) {

!SSL_is_init_finished(s)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

2100 SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT); -

2101

return 0;

never executed: return 0;

2102 } -

2103 -

2104 ossl_statem_set_in_init(s, 1); -

2105 s->key_update = updatetype; -

2106

return 1;

executed 6 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2107 } -

2108 -

2109 int SSL_get_key_update_type(SSL *s) -

2110 { -

2111

return s->key_update;

executed 191 times by 1 test: return s->key_update;

Executed by:

libssl.so.1.1

191

2112 } -

2113 -

2114 int SSL_renegotiate(SSL *s) -

2115 { -

2116

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	never evaluated
FALSE	never evaluated

0-14

2117 SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION); -

2118

return 0;

never executed: return 0;

2119 } -

2120 -

2121

if ((s->options & SSL_OP_NO_RENEGOTIATION)) {

(s->options & 0x40000000U)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

1-23

2122 SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION); -

2123

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

2124 } -

2125 -

2126 s->renegotiate = 1; -

2127 s->new_session = 1; -

2128 -

2129

return s->method->ssl_renegotiate(s);

executed 23 times by 1 test: return s->method->ssl_renegotiate(s);

Executed by:

libssl.so.1.1

2130 } -

2131 -

2132 int SSL_renegotiate_abbreviated(SSL *s) -

2133 { -

2134

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	never evaluated
FALSE	never evaluated

0-8

2135 SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION); -

2136

return 0;

never executed: return 0;

2137 } -

2138 -

2139

if ((s->options & SSL_OP_NO_RENEGOTIATION)) {

(s->options & 0x40000000U)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

1-9

2140 SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION); -

2141

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

2142 } -

2143 -

2144 s->renegotiate = 1; -

2145 s->new_session = 0; -

2146 -

2147

return s->method->ssl_renegotiate(s);

executed 9 times by 1 test: return s->method->ssl_renegotiate(s);

Executed by:

libssl.so.1.1

2148 } -

2149 -

2150 int SSL_renegotiate_pending(SSL *s) -

2151 { -

2152 /* -

2153 * becomes true when negotiation is requested; false again once a -

2154 * handshake has finished -

2155 */ -

2156

return (s->renegotiate != 0);

executed 31 times by 1 test: return (s->renegotiate != 0);

Executed by:

libssl.so.1.1

2157 } -

2158 -

2159 long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) -

2160 { -

2161 long l; -

2162 -

2163 switch (cmd) { -

2164

case SSL_CTRL_GET_READ_AHEAD:

never executed: case 40:

2165

return RECORD_LAYER_get_read_ahead(&s->rlayer);

never executed: return ((&s->rlayer)->read_ahead);

2166

case SSL_CTRL_SET_READ_AHEAD:

never executed: case 41:

2167 l = RECORD_LAYER_get_read_ahead(&s->rlayer); -

2168 RECORD_LAYER_set_read_ahead(&s->rlayer, larg); -

2169

return l;

never executed: return l;

2170 -

2171

case SSL_CTRL_SET_MSG_CALLBACK_ARG:

never executed: case 16:

2172 s->msg_callback_arg = parg; -

2173

return 1;

never executed: return 1;

2174 -

2175

case SSL_CTRL_MODE:

executed 1 time by 1 test: case 33:

Executed by:

libssl.so.1.1

2176

return (s->mode |= larg);

executed 1 time by 1 test: return (s->mode |= larg);

Executed by:

libssl.so.1.1

2177

case SSL_CTRL_CLEAR_MODE:

never executed: case 78:

2178

return (s->mode &= ~larg);

never executed: return (s->mode &= ~larg);

2179

case SSL_CTRL_GET_MAX_CERT_LIST:

never executed: case 50:

2180

return (long)s->max_cert_list;

never executed: return (long)s->max_cert_list;

2181

case SSL_CTRL_SET_MAX_CERT_LIST:

never executed: case 51:

2182

if (larg < 0)

larg < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2183

return 0;

never executed: return 0;

2184 l = (long)s->max_cert_list; -

2185 s->max_cert_list = (size_t)larg; -

2186

return l;

never executed: return l;

2187

case SSL_CTRL_SET_MAX_SEND_FRAGMENT:

executed 396 times by 1 test: case 52:

Executed by:

libssl.so.1.1

396

2188

if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)

larg < 512	Description
TRUE	never evaluated
FALSE	evaluated 396 times by 1 test Evaluated by: libssl.so.1.1

larg > 16384	Description
TRUE	never evaluated
FALSE	evaluated 396 times by 1 test Evaluated by: libssl.so.1.1

0-396

2189

return 0;

never executed: return 0;

2190 s->max_send_fragment = larg; -

2191

if (s->max_send_fragment < s->split_send_fragment)

s->max_send_fr..._send_fragment	Description
TRUE	evaluated 396 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-396

2192

s->split_send_fragment = s->max_send_fragment;

executed 396 times by 1 test: s->split_send_fragment = s->max_send_fragment;

Executed by:

libssl.so.1.1

396

2193

return 1;

executed 396 times by 1 test: return 1;

Executed by:

libssl.so.1.1

396

2194

case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:

never executed: case 125:

2195

if ((size_t)larg > s->max_send_fragment || larg == 0)

(size_t)larg >..._send_fragment	Description
TRUE	never evaluated
FALSE	never evaluated

larg == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2196

return 0;

never executed: return 0;

2197 s->split_send_fragment = larg; -

2198

return 1;

never executed: return 1;

2199

case SSL_CTRL_SET_MAX_PIPELINES:

never executed: case 126:

2200

if (larg < 1 || larg > SSL_MAX_PIPELINES)

larg < 1	Description
TRUE	never evaluated
FALSE	never evaluated

larg > 32	Description
TRUE	never evaluated
FALSE	never evaluated

2201

return 0;

never executed: return 0;

2202 s->max_pipelines = larg; -

2203

if (larg > 1)

larg > 1	Description
TRUE	never evaluated
FALSE	never evaluated

2204

RECORD_LAYER_set_read_ahead(&s->rlayer, 1);

never executed: ((&s->rlayer)->read_ahead = (1));

2205

return 1;

never executed: return 1;

2206

case SSL_CTRL_GET_RI_SUPPORT:

executed 191 times by 1 test: case 76:

Executed by:

libssl.so.1.1

191

2207

if (s->s3)

s->s3	Description
TRUE	evaluated 191 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-191

2208

return s->s3->send_connection_binding;

executed 191 times by 1 test: return s->s3->send_connection_binding;

Executed by:

libssl.so.1.1

191

2209 else -

2210

return 0;

never executed: return 0;

2211

case SSL_CTRL_CERT_FLAGS:

never executed: case 99:

2212

return (s->cert->cert_flags |= larg);

never executed: return (s->cert->cert_flags |= larg);

2213

case SSL_CTRL_CLEAR_CERT_FLAGS:

never executed: case 100:

2214

return (s->cert->cert_flags &= ~larg);

never executed: return (s->cert->cert_flags &= ~larg);

2215 -

2216

case SSL_CTRL_GET_RAW_CIPHERLIST:

executed 240 times by 1 test: case 110:

Executed by:

libssl.so.1.1

240

2217

if (parg) {

parg	Description
TRUE	evaluated 120 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 120 times by 1 test Evaluated by: libssl.so.1.1

120

2218

if (s->s3->tmp.ciphers_raw == NULL)

s->s3->tmp.cip...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 1 test Evaluated by: libssl.so.1.1

0-120

2219

return 0;

never executed: return 0;

2220 *(unsigned char **)parg = s->s3->tmp.ciphers_raw; -

2221

return (int)s->s3->tmp.ciphers_rawlen;

executed 120 times by 1 test: return (int)s->s3->tmp.ciphers_rawlen;

Executed by:

libssl.so.1.1

120

2222 } else { -

2223

return TLS_CIPHER_LEN;

executed 120 times by 1 test: return 2;

Executed by:

libssl.so.1.1

120

2224 } -

2225

case SSL_CTRL_GET_EXTMS_SUPPORT:

never executed: case 122:

2226

if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))

!s->session	Description
TRUE	never evaluated
FALSE	never evaluated

SSL_in_init(s)	Description
TRUE	never evaluated
FALSE	never evaluated

ossl_statem_ge...n_handshake(s)	Description
TRUE	never evaluated
FALSE	never evaluated

2227

return -1;

never executed: return -1;

2228

if (s->session->flags & SSL_SESS_FLAG_EXTMS)

s->session->flags & 0x1	Description
TRUE	never evaluated
FALSE	never evaluated

2229

return 1;

never executed: return 1;

2230 else -

2231

return 0;

never executed: return 0;

2232

case SSL_CTRL_SET_MIN_PROTO_VERSION:

executed 2314 times by 1 test: case 123:

Executed by:

libssl.so.1.1

2314

2233

return ssl_check_allowed_versions(larg, s->max_proto_version)

executed 2314 times by 1 test:

return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version);

Executed by:

libssl.so.1.1

ssl_check_allo...proto_version)	Description
TRUE	evaluated 2314 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2314

2234

&& ssl_set_version_bound(s->ctx->method->version, (int)larg,

executed 2314 times by 1 test:

return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 2314 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2314

2235

&s->min_proto_version);

executed 2314 times by 1 test:

return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 2314 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2314

2236

case SSL_CTRL_GET_MIN_PROTO_VERSION:

never executed: case 130:

2237

return s->min_proto_version;

never executed: return s->min_proto_version;

2238

case SSL_CTRL_SET_MAX_PROTO_VERSION:

executed 4 times by 1 test: case 124:

Executed by:

libssl.so.1.1

2239

return ssl_check_allowed_versions(s->min_proto_version, larg)

executed 4 times by 1 test:

return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version);

Executed by:

libssl.so.1.1

ssl_check_allo...version, larg)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4

2240

&& ssl_set_version_bound(s->ctx->method->version, (int)larg,

executed 4 times by 1 test:

return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4

2241

&s->max_proto_version);

executed 4 times by 1 test:

return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4

2242

case SSL_CTRL_GET_MAX_PROTO_VERSION:

never executed: case 131:

2243

return s->max_proto_version;

never executed: return s->max_proto_version;

2244

default:

executed 8649 times by 1 test: default:

Executed by:

libssl.so.1.1

8649

2245

return s->method->ssl_ctrl(s, cmd, larg, parg);

executed 8649 times by 1 test: return s->method->ssl_ctrl(s, cmd, larg, parg);

Executed by:

libssl.so.1.1

8649

2246 } -

2247 } -

2248 -

2249 long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) -

2250 { -

2251 switch (cmd) { -

2252

case SSL_CTRL_SET_MSG_CALLBACK:

never executed: case 15:

2253 s->msg_callback = (void (*) -

2254 (int write_p, int version, int content_type, -

2255 const void *buf, size_t len, SSL *ssl, -

2256 void *arg))(fp); -

2257

return 1;

never executed: return 1;

2258 -

2259

default:

never executed: default:

2260

return s->method->ssl_callback_ctrl(s, cmd, fp);

never executed: return s->method->ssl_callback_ctrl(s, cmd, fp);

2261 } -

2262 } -

2263 -

2264 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) -

2265 { -

2266

return ctx->sessions;

never executed: return ctx->sessions;

2267 } -

2268 -

2269 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) -

2270 { -

2271 long l; -

2272 /* For some cases with ctx == NULL perform syntax checks */ -

2273

if (ctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 18659 times by 1 test Evaluated by: libssl.so.1.1

0-18659

2274 switch (cmd) { -

2275 #ifndef OPENSSL_NO_EC -

2276

case SSL_CTRL_SET_GROUPS_LIST:

never executed: case 92:

2277

return tls1_set_groups_list(NULL, NULL, parg);

never executed: return tls1_set_groups_list( ((void *)0) , ((void *)0) , parg);

2278 #endif -

2279

case SSL_CTRL_SET_SIGALGS_LIST:

never executed: case 98:

2280

case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:

never executed: case 102:

2281

return tls1_set_sigalgs_list(NULL, parg, 0);

never executed: return tls1_set_sigalgs_list( ((void *)0) , parg, 0);

2282

default:

never executed: default:

2283

return 0;

never executed: return 0;

2284 } -

2285 } -

2286 -

2287 switch (cmd) { -

2288

case SSL_CTRL_GET_READ_AHEAD:

never executed: case 40:

2289

return ctx->read_ahead;

never executed: return ctx->read_ahead;

2290

case SSL_CTRL_SET_READ_AHEAD:

executed 31 times by 1 test: case 41:

Executed by:

libssl.so.1.1

2291 l = ctx->read_ahead; -

2292 ctx->read_ahead = larg; -

2293

return l;

executed 31 times by 1 test: return l;

Executed by:

libssl.so.1.1

2294 -

2295

case SSL_CTRL_SET_MSG_CALLBACK_ARG:

never executed: case 16:

2296 ctx->msg_callback_arg = parg; -

2297

return 1;

never executed: return 1;

2298 -

2299

case SSL_CTRL_GET_MAX_CERT_LIST:

never executed: case 50:

2300

return (long)ctx->max_cert_list;

never executed: return (long)ctx->max_cert_list;

2301

case SSL_CTRL_SET_MAX_CERT_LIST:

never executed: case 51:

2302

if (larg < 0)

larg < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2303

return 0;

never executed: return 0;

2304 l = (long)ctx->max_cert_list; -

2305 ctx->max_cert_list = (size_t)larg; -

2306

return l;

never executed: return l;

2307 -

2308

case SSL_CTRL_SET_SESS_CACHE_SIZE:

never executed: case 42:

2309

if (larg < 0)

larg < 0	Description
TRUE	never evaluated
FALSE	never evaluated

2310

return 0;

never executed: return 0;

2311 l = (long)ctx->session_cache_size; -

2312 ctx->session_cache_size = (size_t)larg; -

2313

return l;

never executed: return l;

2314

case SSL_CTRL_GET_SESS_CACHE_SIZE:

executed 858 times by 1 test: case 43:

Executed by:

libssl.so.1.1

858

2315

return (long)ctx->session_cache_size;

executed 858 times by 1 test: return (long)ctx->session_cache_size;

Executed by:

libssl.so.1.1

858

2316

case SSL_CTRL_SET_SESS_CACHE_MODE:

executed 418 times by 1 test: case 44:

Executed by:

libssl.so.1.1

418

2317 l = ctx->session_cache_mode; -

2318 ctx->session_cache_mode = larg; -

2319

return l;

executed 418 times by 1 test: return l;

Executed by:

libssl.so.1.1

418

2320

case SSL_CTRL_GET_SESS_CACHE_MODE:

never executed: case 45:

2321

return ctx->session_cache_mode;

never executed: return ctx->session_cache_mode;

2322 -

2323

case SSL_CTRL_SESS_NUMBER:

executed 517 times by 1 test: case 20:

Executed by:

libssl.so.1.1

517

2324

return lh_SSL_SESSION_num_items(ctx->sessions);

executed 517 times by 1 test: return lh_SSL_SESSION_num_items(ctx->sessions);

Executed by:

libssl.so.1.1

517

2325

case SSL_CTRL_SESS_CONNECT:

executed 176 times by 1 test: case 21:

Executed by:

libssl.so.1.1

176

2326

return tsan_load(&ctx->stats.sess_connect);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_connect) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2327

case SSL_CTRL_SESS_CONNECT_GOOD:

executed 176 times by 1 test: case 22:

Executed by:

libssl.so.1.1

176

2328

return tsan_load(&ctx->stats.sess_connect_good);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_connect_good) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2329

case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:

executed 176 times by 1 test: case 23:

Executed by:

libssl.so.1.1

176

2330

return tsan_load(&ctx->stats.sess_connect_renegotiate);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_connect_renegotiate) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2331

case SSL_CTRL_SESS_ACCEPT:

executed 176 times by 1 test: case 24:

Executed by:

libssl.so.1.1

176

2332

return tsan_load(&ctx->stats.sess_accept);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_accept) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2333

case SSL_CTRL_SESS_ACCEPT_GOOD:

executed 176 times by 1 test: case 25:

Executed by:

libssl.so.1.1

176

2334

return tsan_load(&ctx->stats.sess_accept_good);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_accept_good) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2335

case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:

executed 176 times by 1 test: case 26:

Executed by:

libssl.so.1.1

176

2336

return tsan_load(&ctx->stats.sess_accept_renegotiate);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_accept_renegotiate) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2337

case SSL_CTRL_SESS_HIT:

executed 176 times by 1 test: case 27:

Executed by:

libssl.so.1.1

176

2338

return tsan_load(&ctx->stats.sess_hit);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_hit) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2339

case SSL_CTRL_SESS_CB_HIT:

executed 176 times by 1 test: case 28:

Executed by:

libssl.so.1.1

176

2340

return tsan_load(&ctx->stats.sess_cb_hit);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_cb_hit) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2341

case SSL_CTRL_SESS_MISSES:

executed 176 times by 1 test: case 29:

Executed by:

libssl.so.1.1

176

2342

return tsan_load(&ctx->stats.sess_miss);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_miss) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2343

case SSL_CTRL_SESS_TIMEOUTS:

executed 176 times by 1 test: case 30:

Executed by:

libssl.so.1.1

176

2344

return tsan_load(&ctx->stats.sess_timeout);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_timeout) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2345

case SSL_CTRL_SESS_CACHE_FULL:

executed 176 times by 1 test: case 31:

Executed by:

libssl.so.1.1

176

2346

return tsan_load(&ctx->stats.sess_cache_full);

executed 176 times by 1 test:

return __extension__ ({ __auto_type __atomic_load_ptr = ( (&ctx->stats.sess_cache_full) ); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, ( memory_order_relaxed )); __atomic_load_tmp; }) ;

Executed by:

libssl.so.1.1

176

2347

case SSL_CTRL_MODE:

never executed: case 33:

2348

return (ctx->mode |= larg);

never executed: return (ctx->mode |= larg);

2349

case SSL_CTRL_CLEAR_MODE:

executed 367 times by 1 test: case 78:

Executed by:

libssl.so.1.1

367

2350

return (ctx->mode &= ~larg);

executed 367 times by 1 test: return (ctx->mode &= ~larg);

Executed by:

libssl.so.1.1

367

2351

case SSL_CTRL_SET_MAX_SEND_FRAGMENT:

executed 2453 times by 1 test: case 52:

Executed by:

libssl.so.1.1

2453

2352

if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)

larg < 512	Description
TRUE	never evaluated
FALSE	evaluated 2453 times by 1 test Evaluated by: libssl.so.1.1

larg > 16384	Description
TRUE	never evaluated
FALSE	evaluated 2453 times by 1 test Evaluated by: libssl.so.1.1

0-2453

2353

return 0;

never executed: return 0;

2354 ctx->max_send_fragment = larg; -

2355

if (ctx->max_send_fragment < ctx->split_send_fragment)

ctx->max_send_..._send_fragment	Description
TRUE	evaluated 2447 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-2447

2356

ctx->split_send_fragment = ctx->max_send_fragment;

executed 2447 times by 1 test: ctx->split_send_fragment = ctx->max_send_fragment;

Executed by:

libssl.so.1.1

2447

2357

return 1;

executed 2453 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2453

2358

case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:

never executed: case 125:

2359

if ((size_t)larg > ctx->max_send_fragment || larg == 0)

(size_t)larg >..._send_fragment	Description
TRUE	never evaluated
FALSE	never evaluated

larg == 0	Description
TRUE	never evaluated
FALSE	never evaluated

2360

return 0;

never executed: return 0;

2361 ctx->split_send_fragment = larg; -

2362

return 1;

never executed: return 1;

2363

case SSL_CTRL_SET_MAX_PIPELINES:

never executed: case 126:

2364

if (larg < 1 || larg > SSL_MAX_PIPELINES)

larg < 1	Description
TRUE	never evaluated
FALSE	never evaluated

larg > 32	Description
TRUE	never evaluated
FALSE	never evaluated

2365

return 0;

never executed: return 0;

2366 ctx->max_pipelines = larg; -

2367

return 1;

never executed: return 1;

2368

case SSL_CTRL_CERT_FLAGS:

never executed: case 99:

2369

return (ctx->cert->cert_flags |= larg);

never executed: return (ctx->cert->cert_flags |= larg);

2370

case SSL_CTRL_CLEAR_CERT_FLAGS:

never executed: case 100:

2371

return (ctx->cert->cert_flags &= ~larg);

never executed: return (ctx->cert->cert_flags &= ~larg);

2372

case SSL_CTRL_SET_MIN_PROTO_VERSION:

executed 2744 times by 1 test: case 123:

Executed by:

libssl.so.1.1

2744

2373

return ssl_check_allowed_versions(larg, ctx->max_proto_version)

executed 2744 times by 1 test:

return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version);

Executed by:

libssl.so.1.1

ssl_check_allo...proto_version)	Description
TRUE	evaluated 2744 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2744

2374

&& ssl_set_version_bound(ctx->method->version, (int)larg,

executed 2744 times by 1 test:

return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 2744 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2744

2375

&ctx->min_proto_version);

executed 2744 times by 1 test:

return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 2744 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2744

2376

case SSL_CTRL_GET_MIN_PROTO_VERSION:

executed 1 time by 1 test: case 130:

Executed by:

libssl.so.1.1

2377

return ctx->min_proto_version;

executed 1 time by 1 test: return ctx->min_proto_version;

Executed by:

libssl.so.1.1

2378

case SSL_CTRL_SET_MAX_PROTO_VERSION:

executed 3476 times by 1 test: case 124:

Executed by:

libssl.so.1.1

3476

2379

return ssl_check_allowed_versions(ctx->min_proto_version, larg)

executed 3476 times by 1 test:

return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version);

Executed by:

libssl.so.1.1

ssl_check_allo...version, larg)	Description
TRUE	evaluated 3476 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3476

2380

&& ssl_set_version_bound(ctx->method->version, (int)larg,

executed 3476 times by 1 test:

return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 3476 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3476

2381

&ctx->max_proto_version);

executed 3476 times by 1 test:

return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version);

Executed by:

libssl.so.1.1

ssl_set_versio...proto_version)	Description
TRUE	evaluated 3476 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3476

2382

case SSL_CTRL_GET_MAX_PROTO_VERSION:

never executed: case 131:

2383

return ctx->max_proto_version;

never executed: return ctx->max_proto_version;

2384

default:

executed 5858 times by 1 test: default:

Executed by:

libssl.so.1.1

5858

2385

return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);

executed 5858 times by 1 test: return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);

Executed by:

libssl.so.1.1

5858

2386 } -

2387 } -

2388 -

2389 long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) -

2390 { -

2391 switch (cmd) { -

2392

case SSL_CTRL_SET_MSG_CALLBACK:

never executed: case 15:

2393 ctx->msg_callback = (void (*) -

2394 (int write_p, int version, int content_type, -

2395 const void *buf, size_t len, SSL *ssl, -

2396 void *arg))(fp); -

2397

return 1;

never executed: return 1;

2398 -

2399

default:

executed 291 times by 1 test: default:

Executed by:

libssl.so.1.1

291

2400

return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);

executed 291 times by 1 test: return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);

Executed by:

libssl.so.1.1

291

2401 } -

2402 } -

2403 -

2404 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) -

2405 { -

2406

if (a->id > b->id)

a->id > b->id	Description
TRUE	evaluated 323717 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 448341 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

323717-448341

2407

return 1;

executed 323717 times by 1 test: return 1;

Executed by:

libssl.so.1.1

323717

2408

if (a->id < b->id)

a->id < b->id	Description
TRUE	evaluated 380490 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 67851 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

67851-380490

2409

return -1;

executed 380490 times by 2 tests: return -1;

Executed by:

libssl.so.1.1
tls13encryptiontest

380490

2410

return 0;

executed 67851 times by 2 tests: return 0;

Executed by:

libssl.so.1.1
tls13encryptiontest

67851

2411 } -

2412 -

2413 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, -

2414 const SSL_CIPHER *const *bp) -

2415 { -

2416

if ((*ap)->id > (*bp)->id)

(ap)->id > (bp)->id	Description
TRUE	evaluated 3754606 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 2941153 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

2941153-3754606

2417

return 1;

executed 3754606 times by 2 tests: return 1;

Executed by:

libssl.so.1.1
tls13encryptiontest

3754606

2418

if ((*ap)->id < (*bp)->id)

(ap)->id < (bp)->id	Description
TRUE	evaluated 2937033 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 4120 times by 1 test Evaluated by: libssl.so.1.1

4120-2937033

2419

return -1;

executed 2937033 times by 2 tests: return -1;

Executed by:

libssl.so.1.1
tls13encryptiontest

2937033

2420

return 0;

executed 4120 times by 1 test: return 0;

Executed by:

libssl.so.1.1

4120

2421 } -

2422 -

2423 /** return a STACK of the ciphers available for the SSL and in order of -

2424 * preference */ -

2425 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) -

2426 { -

2427

if (s != NULL) {

s != ((void *)0)	Description
TRUE	evaluated 21345 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-21345

2428

if (s->cipher_list != NULL) {

s->cipher_list != ((void *)0)	Description
TRUE	evaluated 9048 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12297 times by 1 test Evaluated by: libssl.so.1.1

9048-12297

2429

return s->cipher_list;

executed 9048 times by 1 test: return s->cipher_list;

Executed by:

libssl.so.1.1

9048

2430

} else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {

(s->ctx != ((void *)0) )	Description
TRUE	evaluated 12297 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s->ctx->ciphe... ((void *)0) )	Description
TRUE	evaluated 12297 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-12297

2431

return s->ctx->cipher_list;

executed 12297 times by 1 test: return s->ctx->cipher_list;

Executed by:

libssl.so.1.1

12297

2432 } -

2433

}

never executed: end of block

2434

return NULL;

never executed: return ((void *)0) ;

2435 } -

2436 -

2437 STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) -

2438 { -

2439

if ((s == NULL) || (s->session == NULL) || !s->server)

(s == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

(s->session == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

!s->server	Description
TRUE	never evaluated
FALSE	never evaluated

2440

return NULL;

never executed: return ((void *)0) ;

2441

return s->session->ciphers;

never executed: return s->session->ciphers;

2442 } -

2443 -

2444 STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) -

2445 { -

2446 STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; -

2447 int i; -

2448 -

2449 ciphers = SSL_get_ciphers(s); -

2450

if (!ciphers)

!ciphers	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

2451

return NULL;

never executed: return ((void *)0) ;

2452

if (!ssl_set_client_disabled(s))

!ssl_set_client_disabled(s)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

2453

return NULL;

never executed: return ((void *)0) ;

2454

for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {

i < sk_SSL_CIPHER_num(ciphers)	Description
TRUE	evaluated 573 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-573

2455 const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); -

2456

if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {

!ssl_cipher_di...(1 << 16)), 0)	Description
TRUE	evaluated 247 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 326 times by 1 test Evaluated by: libssl.so.1.1

247-326

2457

if (!sk)

!sk	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 239 times by 1 test Evaluated by: libssl.so.1.1

8-239

2458

sk = sk_SSL_CIPHER_new_null();

executed 8 times by 1 test: sk = sk_SSL_CIPHER_new_null();

Executed by:

libssl.so.1.1

2459

if (!sk)

!sk	Description
TRUE	never evaluated
FALSE	evaluated 247 times by 1 test Evaluated by: libssl.so.1.1

0-247

2460

return NULL;

never executed: return ((void *)0) ;

2461

if (!sk_SSL_CIPHER_push(sk, c)) {

!sk_SSL_CIPHER_push(sk, c)	Description
TRUE	never evaluated
FALSE	evaluated 247 times by 1 test Evaluated by: libssl.so.1.1

0-247

2462 sk_SSL_CIPHER_free(sk); -

2463

return NULL;

never executed: return ((void *)0) ;

2464 } -

2465

}

executed 247 times by 1 test: end of block

Executed by:

libssl.so.1.1

247

2466

}

executed 573 times by 1 test: end of block

Executed by:

libssl.so.1.1

573

2467

return sk;

executed 8 times by 1 test: return sk;

Executed by:

libssl.so.1.1

2468 } -

2469 -

2470 /** return a STACK of the ciphers available for the SSL and in order of -

2471 * algorithm id */ -

2472 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) -

2473 { -

2474

if (s != NULL) {

s != ((void *)0)	Description
TRUE	evaluated 4121 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4121

2475

if (s->cipher_list_by_id != NULL) {

s->cipher_list...!= ((void *)0)	Description
TRUE	evaluated 2453 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1668 times by 1 test Evaluated by: libssl.so.1.1

1668-2453

2476

return s->cipher_list_by_id;

executed 2453 times by 1 test: return s->cipher_list_by_id;

Executed by:

libssl.so.1.1

2453

2477

} else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {

(s->ctx != ((void *)0) )	Description
TRUE	evaluated 1668 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s->ctx->ciphe... ((void *)0) )	Description
TRUE	evaluated 1668 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1668

2478

return s->ctx->cipher_list_by_id;

executed 1668 times by 1 test: return s->ctx->cipher_list_by_id;

Executed by:

libssl.so.1.1

1668

2479 } -

2480

}

never executed: end of block

2481

return NULL;

never executed: return ((void *)0) ;

2482 } -

2483 -

2484 /** The old interface to get the same thing as SSL_get_ciphers() */ -

2485 const char *SSL_get_cipher_list(const SSL *s, int n) -

2486 { -

2487 const SSL_CIPHER *c; -

2488 STACK_OF(SSL_CIPHER) *sk; -

2489 -

2490

if (s == NULL)

s == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2491

return NULL;

never executed: return ((void *)0) ;

2492 sk = SSL_get_ciphers(s); -

2493

if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))

(sk == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

(sk_SSL_CIPHER_num(sk) <= n)	Description
TRUE	never evaluated
FALSE	never evaluated

2494

return NULL;

never executed: return ((void *)0) ;

2495 c = sk_SSL_CIPHER_value(sk, n); -

2496

if (c == NULL)

c == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

2497

return NULL;

never executed: return ((void *)0) ;

2498

return c->name;

never executed: return c->name;

2499 } -

2500 -

2501 /** return a STACK of the ciphers available for the SSL_CTX and in order of -

2502 * preference */ -

2503 STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) -

2504 { -

2505

if (ctx != NULL)

ctx != ((void *)0)	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-21

2506

return ctx->cipher_list;

executed 21 times by 1 test: return ctx->cipher_list;

Executed by:

libssl.so.1.1

2507

return NULL;

never executed: return ((void *)0) ;

2508 } -

2509 -

2510 /** specify the ciphers to be used by default by the SSL_CTX */ -

2511 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) -

2512 { -

2513 STACK_OF(SSL_CIPHER) *sk; -

2514 -

2515 sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites, -

2516 &ctx->cipher_list, &ctx->cipher_list_by_id, str, -

2517 ctx->cert); -

2518 /* -

2519 * ssl_create_cipher_list may return an empty stack if it was unable to -

2520 * find a cipher matching the given rule string (for example if the rule -

2521 * string specifies a cipher which has been disabled). This is not an -

2522 * error as far as ssl_create_cipher_list is concerned, and hence -

2523 * ctx->cipher_list and ctx->cipher_list_by_id has been updated. -

2524 */ -

2525

if (sk == NULL)

sk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4801 times by 1 test Evaluated by: libssl.so.1.1

0-4801

2526

return 0;

never executed: return 0;

2527

else if (sk_SSL_CIPHER_num(sk) == 0) {

sk_SSL_CIPHER_num(sk) == 0	Description
TRUE	never evaluated
FALSE	evaluated 4801 times by 1 test Evaluated by: libssl.so.1.1

0-4801

2528 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); -

2529

return 0;

never executed: return 0;

2530 } -

2531

return 1;

executed 4801 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4801

2532 } -

2533 -

2534 /** specify the ciphers to be used by the SSL */ -

2535 int SSL_set_cipher_list(SSL *s, const char *str) -

2536 { -

2537 STACK_OF(SSL_CIPHER) *sk; -

2538 -

2539 sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites, -

2540 &s->cipher_list, &s->cipher_list_by_id, str, -

2541 s->cert); -

2542 /* see comment in SSL_CTX_set_cipher_list */ -

2543

if (sk == NULL)

sk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2378 times by 1 test Evaluated by: libssl.so.1.1

0-2378

2544

return 0;

never executed: return 0;

2545

else if (sk_SSL_CIPHER_num(sk) == 0) {

sk_SSL_CIPHER_num(sk) == 0	Description
TRUE	never evaluated
FALSE	evaluated 2378 times by 1 test Evaluated by: libssl.so.1.1

0-2378

2546 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); -

2547

return 0;

never executed: return 0;

2548 } -

2549

return 1;

executed 2378 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2378

2550 } -

2551 -

2552 char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) -

2553 { -

2554 char *p; -

2555 STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; -

2556 const SSL_CIPHER *c; -

2557 int i; -

2558 -

2559

if (!s->server

!s->server	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2560

|| s->session == NULL

s->session == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2561

|| s->session->ciphers == NULL

s->session->ci...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2562

|| size < 2)

size < 2	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2563

return NULL;

never executed: return ((void *)0) ;

2564 -

2565 p = buf; -

2566 clntsk = s->session->ciphers; -

2567 srvrsk = SSL_get_ciphers(s); -

2568

if (clntsk == NULL || srvrsk == NULL)

clntsk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

srvrsk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2569

return NULL;

never executed: return ((void *)0) ;

2570 -

2571

if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)

sk_SSL_CIPHER_num(clntsk) == 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

sk_SSL_CIPHER_num(srvrsk) == 0	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2572

return NULL;

never executed: return ((void *)0) ;

2573 -

2574

for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {

i < sk_SSL_CIPHER_num(clntsk)	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-14

2575 int n; -

2576 -

2577 c = sk_SSL_CIPHER_value(clntsk, i); -

2578

if (sk_SSL_CIPHER_find(srvrsk, c) < 0)

sk_SSL_CIPHER_...srvrsk, c) < 0	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

5-9

2579

continue;

executed 5 times by 1 test: continue;

Executed by:

libssl.so.1.1

2580 -

2581 n = strlen(c->name); -

2582

if (n + 1 > size) {

n + 1 > size	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

2583

if (p != buf)

p != buf	Description
TRUE	never evaluated
FALSE	never evaluated

2584

--p;

never executed: --p;

2585 *p = '\0'; -

2586

return buf;

never executed: return buf;

2587 } -

2588 strcpy(p, c->name); -

2589 p += n; -

2590 *(p++) = ':'; -

2591 size -= n + 1; -

2592

}

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

2593 p[-1] = '\0'; -

2594

return buf;

executed 5 times by 1 test: return buf;

Executed by:

libssl.so.1.1

2595 } -

2596 -

2597 /** return a servername extension value if provided in Client Hello, or NULL. -

2598 * So far, only host_name types are defined (RFC 3546). -

2599 */ -

2600 -

2601 const char *SSL_get_servername(const SSL *s, const int type) -

2602 { -

2603

if (type != TLSEXT_NAMETYPE_host_name)

type != 0	Description
TRUE	never evaluated
FALSE	evaluated 175 times by 1 test Evaluated by: libssl.so.1.1

0-175

2604

return NULL;

never executed: return ((void *)0) ;

2605 -

2606 /* -

2607 * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an -

2608 * SNI value to return if we are resuming/resumed. N.B. that we still -

2609 * call the relevant callbacks for such resumption flows, and callbacks -

2610 * might error out if there is not a SNI value available. -

2611 */ -

2612

if (s->hit)

s->hit	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 155 times by 1 test Evaluated by: libssl.so.1.1

20-155

2613

return s->session->ext.hostname;

executed 20 times by 1 test: return s->session->ext.hostname;

Executed by:

libssl.so.1.1

2614

return s->ext.hostname;

executed 155 times by 1 test: return s->ext.hostname;

Executed by:

libssl.so.1.1

155

2615 } -

2616 -

2617 int SSL_get_servername_type(const SSL *s) -

2618 { -

2619

if (s->session

s->session	Description
TRUE	evaluated 136 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-136

2620

&& (!s->ext.hostname ? s->session->

!s->ext.hostname	Description
TRUE	never evaluated
FALSE	evaluated 136 times by 1 test Evaluated by: libssl.so.1.1

(!s->ext.hostn...>ext.hostname)	Description
TRUE	evaluated 136 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-136

2621

ext.hostname : s->ext.hostname))

(!s->ext.hostn...>ext.hostname)	Description
TRUE	evaluated 136 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-136

2622

return TLSEXT_NAMETYPE_host_name;

executed 136 times by 1 test: return 0;

Executed by:

libssl.so.1.1

136

2623

return -1;

never executed: return -1;

2624 } -

2625 -

2626 /* -

2627 * SSL_select_next_proto implements the standard protocol selection. It is -

2628 * expected that this function is called from the callback set by -

2629 * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a -

2630 * vector of 8-bit, length prefixed byte strings. The length byte itself is -

2631 * not included in the length. A byte string of length 0 is invalid. No byte -

2632 * string may be truncated. The current, but experimental algorithm for -

2633 * selecting the protocol is: 1) If the server doesn't support NPN then this -

2634 * is indicated to the callback. In this case, the client application has to -

2635 * abort the connection or have a default application level protocol. 2) If -

2636 * the server supports NPN, but advertises an empty list then the client -

2637 * selects the first protocol in its list, but indicates via the API that this -

2638 * fallback case was enacted. 3) Otherwise, the client finds the first -

2639 * protocol in the server's list that it supports and selects this protocol. -

2640 * This is because it's assumed that the server has better information about -

2641 * which protocol a client should use. 4) If the client doesn't support any -

2642 * of the server's advertised protocols, then this is treated the same as -

2643 * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was -

2644 * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. -

2645 */ -

2646 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, -

2647 const unsigned char *server, -

2648 unsigned int server_len, -

2649 const unsigned char *client, unsigned int client_len) -

2650 { -

2651 unsigned int i, j; -

2652 const unsigned char *result; -

2653 int status = OPENSSL_NPN_UNSUPPORTED; -

2654 -

2655 /* -

2656 * For each protocol in server preference order, see if we support it. -

2657 */ -

2658

for (i = 0; i < server_len;) {

i < server_len	Description
TRUE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-47

2659

for (j = 0; j < client_len;) {

j < client_len	Description
TRUE	evaluated 72 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-72

2660

if (server[i] == client[j] &&

server[i] == client[j]	Description
TRUE	evaluated 72 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-72

2661

memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {

memcmp(&server...erver[i]) == 0	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1

33-39

2662 /* We found a match */ -

2663 result = &server[i]; -

2664 status = OPENSSL_NPN_NEGOTIATED; -

2665

goto found;

executed 39 times by 1 test: goto found;

Executed by:

libssl.so.1.1

2666 } -

2667 j += client[j]; -

2668 j++; -

2669

}

executed 33 times by 1 test: end of block

Executed by:

libssl.so.1.1

2670 i += server[i]; -

2671 i++; -

2672

}

executed 8 times by 1 test: end of block

Executed by:

libssl.so.1.1

2673 -

2674 /* There's no overlap between our protocols and the server's list. */ -

2675 result = client; -

2676 status = OPENSSL_NPN_NO_OVERLAP; -

2677 -

2678

found:

code before this statement executed 4 times by 1 test: found:

Executed by:

libssl.so.1.1

2679 *out = (unsigned char *)result + 1; -

2680 *outlen = result[0]; -

2681

return status;

executed 43 times by 1 test: return status;

Executed by:

libssl.so.1.1

2682 } -

2683 -

2684 #ifndef OPENSSL_NO_NEXTPROTONEG -

2685 /* -

2686 * SSL_get0_next_proto_negotiated sets *data and *len to point to the -

2687 * client's requested protocol for this connection and returns 0. If the -

2688 * client didn't request any protocol, then *data is set to NULL. Note that -

2689 * the client can request any protocol it chooses. The value returned from -

2690 * this function need not be a member of the list of supported protocols -

2691 * provided by the callback. -

2692 */ -

2693 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, -

2694 unsigned *len) -

2695 { -

2696 *data = s->ext.npn; -

2697

if (!*data) {

!*data	Description
TRUE	evaluated 2668 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

41-2668

2698 *len = 0; -

2699

} else {

executed 2668 times by 1 test: end of block

Executed by:

libssl.so.1.1

2668

2700 *len = (unsigned int)s->ext.npn_len; -

2701

}

executed 41 times by 1 test: end of block

Executed by:

libssl.so.1.1

2702 } -

2703 -

2704 /* -

2705 * SSL_CTX_set_npn_advertised_cb sets a callback that is called when -

2706 * a TLS server needs a list of supported protocols for Next Protocol -

2707 * Negotiation. The returned list must be in wire format. The list is -

2708 * returned by setting |out| to point to it and |outlen| to its length. This -

2709 * memory will not be modified, but one should assume that the SSL* keeps a -

2710 * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it -

2711 * wishes to advertise. Otherwise, no such extension will be included in the -

2712 * ServerHello. -

2713 */ -

2714 void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, -

2715 SSL_CTX_npn_advertised_cb_func cb, -

2716 void *arg) -

2717 { -

2718 ctx->ext.npn_advertised_cb = cb; -

2719 ctx->ext.npn_advertised_cb_arg = arg; -

2720

}

executed 30 times by 1 test: end of block

Executed by:

libssl.so.1.1

2721 -

2722 /* -

2723 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a -

2724 * client needs to select a protocol from the server's provided list. |out| -

2725 * must be set to point to the selected protocol (which may be within |in|). -

2726 * The length of the protocol name must be written into |outlen|. The -

2727 * server's advertised protocols are provided in |in| and |inlen|. The -

2728 * callback can assume that |in| is syntactically valid. The client must -

2729 * select a protocol. It is fatal to the connection if this callback returns -

2730 * a value other than SSL_TLSEXT_ERR_OK. -

2731 */ -

2732 void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, -

2733 SSL_CTX_npn_select_cb_func cb, -

2734 void *arg) -

2735 { -

2736 ctx->ext.npn_select_cb = cb; -

2737 ctx->ext.npn_select_cb_arg = arg; -

2738

}

executed 28 times by 1 test: end of block

Executed by:

libssl.so.1.1

2739 #endif -

2740 -

2741 /* -

2742 * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. -

2743 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit -

2744 * length-prefixed strings). Returns 0 on success. -

2745 */ -

2746 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, -

2747 unsigned int protos_len) -

2748 { -

2749 OPENSSL_free(ctx->ext.alpn); -

2750 ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); -

2751

if (ctx->ext.alpn == NULL) {

ctx->ext.alpn == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1

0-31

2752 SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); -

2753

return 1;

never executed: return 1;

2754 } -

2755 ctx->ext.alpn_len = protos_len; -

2756 -

2757

return 0;

executed 31 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2758 } -

2759 -

2760 /* -

2761 * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. -

2762 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit -

2763 * length-prefixed strings). Returns 0 on success. -

2764 */ -

2765 int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, -

2766 unsigned int protos_len) -

2767 { -

2768 OPENSSL_free(ssl->ext.alpn); -

2769 ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); -

2770

if (ssl->ext.alpn == NULL) {

ssl->ext.alpn == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

2771 SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); -

2772

return 1;

never executed: return 1;

2773 } -

2774 ssl->ext.alpn_len = protos_len; -

2775 -

2776

return 0;

executed 4 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2777 } -

2778 -

2779 /* -

2780 * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is -

2781 * called during ClientHello processing in order to select an ALPN protocol -

2782 * from the client's list of offered protocols. -

2783 */ -

2784 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, -

2785 SSL_CTX_alpn_select_cb_func cb, -

2786 void *arg) -

2787 { -

2788 ctx->ext.alpn_select_cb = cb; -

2789 ctx->ext.alpn_select_cb_arg = arg; -

2790

}

executed 33 times by 1 test: end of block

Executed by:

libssl.so.1.1

2791 -

2792 /* -

2793 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. -

2794 * On return it sets |*data| to point to |*len| bytes of protocol name -

2795 * (not including the leading length-prefix byte). If the server didn't -

2796 * respond with a negotiated protocol then |*len| will be zero. -

2797 */ -

2798 void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, -

2799 unsigned int *len) -

2800 { -

2801 *data = NULL; -

2802

if (ssl->s3)

ssl->s3	Description
TRUE	evaluated 2703 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2703

2803

*data = ssl->s3->alpn_selected;

executed 2703 times by 1 test: *data = ssl->s3->alpn_selected;

Executed by:

libssl.so.1.1

2703

2804

if (*data == NULL)

data == ((void )0)	Description
TRUE	evaluated 2665 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1

38-2665

2805

*len = 0;

executed 2665 times by 1 test: *len = 0;

Executed by:

libssl.so.1.1

2665

2806 else -

2807

*len = (unsigned int)ssl->s3->alpn_selected_len;

executed 38 times by 1 test: *len = (unsigned int)ssl->s3->alpn_selected_len;

Executed by:

libssl.so.1.1

2808 } -

2809 -

2810 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, -

2811 const char *label, size_t llen, -

2812 const unsigned char *context, size_t contextlen, -

2813 int use_context) -

2814 { -

2815

if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)

s->version < 0x0301	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

s->version != 0x0100	Description
TRUE	never evaluated
FALSE	never evaluated

0-24

2816

return -1;

never executed: return -1;

2817 -

2818

return s->method->ssl3_enc->export_keying_material(s, out, olen, label,

executed 24 times by 1 test: return s->method->ssl3_enc->export_keying_material(s, out, olen, label, llen, context, contextlen, use_context);

Executed by:

libssl.so.1.1

2819

llen, context,

executed 24 times by 1 test: return s->method->ssl3_enc->export_keying_material(s, out, olen, label, llen, context, contextlen, use_context);

Executed by:

libssl.so.1.1

2820

contextlen, use_context);

executed 24 times by 1 test: return s->method->ssl3_enc->export_keying_material(s, out, olen, label, llen, context, contextlen, use_context);

Executed by:

libssl.so.1.1

2821 } -

2822 -

2823 int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, -

2824 const char *label, size_t llen, -

2825 const unsigned char *context, -

2826 size_t contextlen) -

2827 { -

2828

if (s->version != TLS1_3_VERSION)

s->version != 0x0304	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

0-12

2829

return 0;

never executed: return 0;

2830 -

2831

return tls13_export_keying_material_early(s, out, olen, label, llen,

executed 12 times by 1 test: return tls13_export_keying_material_early(s, out, olen, label, llen, context, contextlen);

Executed by:

libssl.so.1.1

2832

context, contextlen);

executed 12 times by 1 test: return tls13_export_keying_material_early(s, out, olen, label, llen, context, contextlen);

Executed by:

libssl.so.1.1

2833 } -

2834 -

2835 static unsigned long ssl_session_hash(const SSL_SESSION *a) -

2836 { -

2837 const unsigned char *session_id = a->session_id; -

2838 unsigned long l; -

2839 unsigned char tmp_storage[4]; -

2840 -

2841

if (a->session_id_length < sizeof(tmp_storage)) {

a->session_id_...f(tmp_storage)	Description
TRUE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6375 times by 1 test Evaluated by: libssl.so.1.1

33-6375

2842 memset(tmp_storage, 0, sizeof(tmp_storage)); -

2843 memcpy(tmp_storage, a->session_id, a->session_id_length); -

2844 session_id = tmp_storage; -

2845

}

executed 33 times by 1 test: end of block

Executed by:

libssl.so.1.1

2846 -

2847 l = (unsigned long) -

2848 ((unsigned long)session_id[0]) | -

2849 ((unsigned long)session_id[1] << 8L) | -

2850 ((unsigned long)session_id[2] << 16L) | -

2851 ((unsigned long)session_id[3] << 24L); -

2852

return l;

executed 6408 times by 1 test: return l;

Executed by:

libssl.so.1.1

6408

2853 } -

2854 -

2855 /* -

2856 * NB: If this function (or indeed the hash function which uses a sort of -

2857 * coarser function than this one) is changed, ensure -

2858 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on -

2859 * being able to construct an SSL_SESSION that will collide with any existing -

2860 * session with a matching session ID. -

2861 */ -

2862 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) -

2863 { -

2864

if (a->ssl_version != b->ssl_version)

a->ssl_version...b->ssl_version	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 826 times by 1 test Evaluated by: libssl.so.1.1

12-826

2865

return 1;

executed 12 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2866

if (a->session_id_length != b->session_id_length)

a->session_id_...sion_id_length	Description
TRUE	never evaluated
FALSE	evaluated 826 times by 1 test Evaluated by: libssl.so.1.1

0-826

2867

return 1;

never executed: return 1;

2868

return memcmp(a->session_id, b->session_id, a->session_id_length);

executed 826 times by 1 test: return memcmp(a->session_id, b->session_id, a->session_id_length);

Executed by:

libssl.so.1.1

826

2869 } -

2870 -

2871 /* -

2872 * These wrapper functions should remain rather than redeclaring -

2873 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each -

2874 * variable. The reason is that the functions aren't static, they're exposed -

2875 * via ssl.h. -

2876 */ -

2877 -

2878 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) -

2879 { -

2880 SSL_CTX *ret = NULL; -

2881 -

2882

if (meth == NULL) {

meth == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2883 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); -

2884

return NULL;

never executed: return ((void *)0) ;

2885 } -

2886 -

2887

if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))

!OPENSSL_init_... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2888

return NULL;

never executed: return ((void *)0) ;

2889 -

2890

if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {

SSL_get_ex_dat..._CTX_idx() < 0	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2891 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -

2892

goto err;

never executed: goto err;

2893 } -

2894 ret = OPENSSL_zalloc(sizeof(*ret)); -

2895

if (ret == NULL)

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2896

goto err;

never executed: goto err;

2897 -

2898 ret->method = meth; -

2899 ret->min_proto_version = 0; -

2900 ret->max_proto_version = 0; -

2901 ret->mode = SSL_MODE_AUTO_RETRY; -

2902 ret->session_cache_mode = SSL_SESS_CACHE_SERVER; -

2903 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; -

2904 /* We take the system default. */ -

2905 ret->session_timeout = meth->get_timeout(); -

2906 ret->references = 1; -

2907 ret->lock = CRYPTO_THREAD_lock_new(); -

2908

if (ret->lock == NULL) {

ret->lock == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2909 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); -

2910 OPENSSL_free(ret); -

2911

return NULL;

never executed: return ((void *)0) ;

2912 } -

2913 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; -

2914 ret->verify_mode = SSL_VERIFY_NONE; -

2915

if ((ret->cert = ssl_cert_new()) == NULL)

(ret->cert = s...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2916

goto err;

never executed: goto err;

2917 -

2918 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); -

2919

if (ret->sessions == NULL)

ret->sessions == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2920

goto err;

never executed: goto err;

2921 ret->cert_store = X509_STORE_new(); -

2922

if (ret->cert_store == NULL)

ret->cert_store == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2923

goto err;

never executed: goto err;

2924 #ifndef OPENSSL_NO_CT -

2925 ret->ctlog_store = CTLOG_STORE_new(); -

2926

if (ret->ctlog_store == NULL)

ret->ctlog_sto...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2927

goto err;

never executed: goto err;

2928 #endif -

2929 -

2930

if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))

!SSL_CTX_set_c...8_GCM_SHA256")	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2931

goto err;

never executed: goto err;

2932 -

2933

if (!ssl_create_cipher_list(ret->method,

!ssl_create_ci...L", ret->cert)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2934

ret->tls13_ciphersuites,

!ssl_create_ci...L", ret->cert)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2935

&ret->cipher_list, &ret->cipher_list_by_id,

!ssl_create_ci...L", ret->cert)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2936

SSL_DEFAULT_CIPHER_LIST, ret->cert)

!ssl_create_ci...L", ret->cert)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2937

|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {

sk_SSL_CIPHER_...her_list) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2938 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); -

2939

goto err2;

never executed: goto err2;

2940 } -

2941 -

2942 ret->param = X509_VERIFY_PARAM_new(); -

2943

if (ret->param == NULL)

ret->param == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2944

goto err;

never executed: goto err;

2945 -

2946

if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {

(ret->md5 = EV...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2947 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); -

2948

goto err2;

never executed: goto err2;

2949 } -

2950

if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {

(ret->sha1 = E...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2951 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); -

2952

goto err2;

never executed: goto err2;

2953 } -

2954 -

2955

if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)

(ret->ca_names...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2956

goto err;

never executed: goto err;

2957 -

2958

if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))

!CRYPTO_new_ex...&ret->ex_data)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2959

goto err;

never executed: goto err;

2960 -

2961

if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)

(ret->ext.secu...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2962

goto err;

never executed: goto err;

2963 -

2964 /* No compression for DTLS */ -

2965

if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))

!(meth->ssl3_e...c_flags & 0x8)	Description
TRUE	evaluated 7712 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 305 times by 1 test Evaluated by: libssl.so.1.1

305-7712

2966

ret->comp_methods = SSL_COMP_get_compression_methods();

executed 7712 times by 2 tests: ret->comp_methods = SSL_COMP_get_compression_methods();

Executed by:

libssl.so.1.1
tls13encryptiontest

7712

2967 -

2968 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; -

2969 ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; -

2970 -

2971 /* Setup RFC5077 ticket keys */ -

2972

if ((RAND_bytes(ret->ext.tick_key_name,

(RAND_bytes(re...y_name)) <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2973

sizeof(ret->ext.tick_key_name)) <= 0)

(RAND_bytes(re...y_name)) <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2974

|| (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,

(RAND_priv_byt...ac_key)) <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2975

sizeof(ret->ext.secure->tick_hmac_key)) <= 0)

(RAND_priv_byt...ac_key)) <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2976

|| (RAND_priv_bytes(ret->ext.secure->tick_aes_key,

(RAND_priv_byt...es_key)) <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2977

sizeof(ret->ext.secure->tick_aes_key)) <= 0))

(RAND_priv_byt...es_key)) <= 0)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2978

ret->options |= SSL_OP_NO_TICKET;

never executed: ret->options |= 0x00004000U;

2979 -

2980

if (RAND_priv_bytes(ret->ext.cookie_hmac_key,

RAND_priv_byte...mac_key)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2981

sizeof(ret->ext.cookie_hmac_key)) <= 0)

RAND_priv_byte...mac_key)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2982

goto err;

never executed: goto err;

2983 -

2984 #ifndef OPENSSL_NO_SRP -

2985

if (!SSL_CTX_SRP_CTX_init(ret))

!SSL_CTX_SRP_CTX_init(ret)	Description
TRUE	never evaluated
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-8017

2986

goto err;

never executed: goto err;

2987 #endif -

2988 #ifndef OPENSSL_NO_ENGINE -

2989 # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO -

2990 # define eng_strx(x) #x -

2991 # define eng_str(x) eng_strx(x) -

2992 /* Use specific client engine automatically... ignore errors */ -

2993 { -

2994 ENGINE *eng; -

2995 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); -

2996 if (!eng) { -

2997 ERR_clear_error(); -

2998 ENGINE_load_builtin_engines(); -

2999 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); -

3000 } -

3001 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) -

3002 ERR_clear_error(); -

3003 } -

3004 # endif -

3005 #endif -

3006 /* -

3007 * Default is to connect to non-RI servers. When RI is more widely -

3008 * deployed might change this. -

3009 */ -

3010 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; -

3011 /* -

3012 * Disable compression by default to prevent CRIME. Applications can -

3013 * re-enable compression by configuring -

3014 * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); -

3015 * or by using the SSL_CONF library. Similarly we also enable TLSv1.3 -

3016 * middlebox compatibility by default. This may be disabled by default in -

3017 * a later OpenSSL version. -

3018 */ -

3019 ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; -

3020 -

3021 ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; -

3022 -

3023 /* -

3024 * We cannot usefully set a default max_early_data here (which gets -

3025 * propagated in SSL_new(), for the following reason: setting the -

3026 * SSL field causes tls_construct_stoc_early_data() to tell the -

3027 * client that early data will be accepted when constructing a TLS 1.3 -

3028 * session ticket, and the client will accordingly send us early data -

3029 * when using that ticket (if the client has early data to send). -

3030 * However, in order for the early data to actually be consumed by -

3031 * the application, the application must also have calls to -

3032 * SSL_read_early_data(); otherwise we'll just skip past the early data -

3033 * and ignore it. So, since the application must add calls to -

3034 * SSL_read_early_data(), we also require them to add -

3035 * calls to SSL_CTX_set_max_early_data() in order to use early data, -

3036 * eliminating the bandwidth-wasting early data in the case described -

3037 * above. -

3038 */ -

3039 ret->max_early_data = 0; -

3040 -

3041 /* -

3042 * Default recv_max_early_data is a fully loaded single record. Could be -

3043 * split across multiple records in practice. We set this differently to -

3044 * max_early_data so that, in the default case, we do not advertise any -

3045 * support for early_data, but if a client were to send us some (e.g. -

3046 * because of an old, stale ticket) then we will tolerate it and skip over -

3047 * it. -

3048 */ -

3049 ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; -

3050 -

3051 /* By default we send two session tickets automatically in TLSv1.3 */ -

3052 ret->num_tickets = 2; -

3053 -

3054 ssl_ctx_system_config(ret); -

3055 -

3056

return ret;

executed 8017 times by 2 tests: return ret;

Executed by:

libssl.so.1.1
tls13encryptiontest

8017

3057 err: -

3058 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); -

3059

err2:

code before this statement never executed: err2:

3060 SSL_CTX_free(ret); -

3061

return NULL;

never executed: return ((void *)0) ;

3062 } -

3063 -

3064 int SSL_CTX_up_ref(SSL_CTX *ctx) -

3065 { -

3066 int i; -

3067 -

3068

if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)

CRYPTO_UP_REF(...tx->lock) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 16532 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-16532

3069

return 0;

never executed: return 0;

3070 -

3071 REF_PRINT_COUNT("SSL_CTX", ctx); -

3072 REF_ASSERT_ISNT(i < 2); -

3073

return ((i > 1) ? 1 : 0);

executed 16532 times by 2 tests: return ((i > 1) ? 1 : 0);

Executed by:

libssl.so.1.1
tls13encryptiontest

(i > 1)	Description
TRUE	evaluated 16532 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	never evaluated

0-16532

3074 } -

3075 -

3076 void SSL_CTX_free(SSL_CTX *a) -

3077 { -

3078 int i; -

3079 -

3080

if (a == NULL)

a == ((void *)0)	Description
TRUE	evaluated 3272 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24549 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

3272-24549

3081

return;

executed 3272 times by 1 test: return;

Executed by:

libssl.so.1.1

3272

3082 -

3083 CRYPTO_DOWN_REF(&a->references, &i, a->lock); -

3084 REF_PRINT_COUNT("SSL_CTX", a); -

3085

if (i > 0)

i > 0	Description
TRUE	evaluated 16532 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

8017-16532

3086

return;

executed 16532 times by 2 tests: return;

Executed by:

libssl.so.1.1
tls13encryptiontest

16532

3087 REF_ASSERT_ISNT(i < 0); -

3088 -

3089 X509_VERIFY_PARAM_free(a->param); -

3090 dane_ctx_final(&a->dane); -

3091 -

3092 /* -

3093 * Free internal session cache. However: the remove_cb() may reference -

3094 * the ex_data of SSL_CTX, thus the ex_data store can only be removed -

3095 * after the sessions were flushed. -

3096 * As the ex_data handling routines might also touch the session cache, -

3097 * the most secure solution seems to be: empty (flush) the cache, then -

3098 * free ex_data, then finally free the cache. -

3099 * (See ticket [openssl.org #212].) -

3100 */ -

3101

if (a->sessions != NULL)

a->sessions != ((void *)0)	Description
TRUE	evaluated 8017 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	never evaluated

0-8017

3102

SSL_CTX_flush_sessions(a, 0);

executed 8017 times by 2 tests: SSL_CTX_flush_sessions(a, 0);

Executed by:

libssl.so.1.1
tls13encryptiontest

8017

3103 -

3104 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); -

3105 lh_SSL_SESSION_free(a->sessions); -

3106 X509_STORE_free(a->cert_store); -

3107 #ifndef OPENSSL_NO_CT -

3108 CTLOG_STORE_free(a->ctlog_store); -

3109 #endif -

3110 sk_SSL_CIPHER_free(a->cipher_list); -

3111 sk_SSL_CIPHER_free(a->cipher_list_by_id); -

3112 sk_SSL_CIPHER_free(a->tls13_ciphersuites); -

3113 ssl_cert_free(a->cert); -

3114 sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); -

3115 sk_X509_pop_free(a->extra_certs, X509_free); -

3116 a->comp_methods = NULL; -

3117 #ifndef OPENSSL_NO_SRTP -

3118 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); -

3119 #endif -

3120 #ifndef OPENSSL_NO_SRP -

3121 SSL_CTX_SRP_CTX_free(a); -

3122 #endif -

3123 #ifndef OPENSSL_NO_ENGINE -

3124 ENGINE_finish(a->client_cert_engine); -

3125 #endif -

3126 -

3127 #ifndef OPENSSL_NO_EC -

3128 OPENSSL_free(a->ext.ecpointformats); -

3129 OPENSSL_free(a->ext.supportedgroups); -

3130 #endif -

3131 OPENSSL_free(a->ext.alpn); -

3132 OPENSSL_secure_free(a->ext.secure); -

3133 -

3134 CRYPTO_THREAD_lock_free(a->lock); -

3135 -

3136 OPENSSL_free(a); -

3137

}

executed 8017 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

8017

3138 -

3139 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) -

3140 { -

3141 ctx->default_passwd_callback = cb; -

3142

}

never executed: end of block

3143 -

3144 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) -

3145 { -

3146 ctx->default_passwd_callback_userdata = u; -

3147

}

never executed: end of block

3148 -

3149 pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) -

3150 { -

3151

return ctx->default_passwd_callback;

never executed: return ctx->default_passwd_callback;

3152 } -

3153 -

3154 void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) -

3155 { -

3156

return ctx->default_passwd_callback_userdata;

never executed: return ctx->default_passwd_callback_userdata;

3157 } -

3158 -

3159 void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) -

3160 { -

3161 s->default_passwd_callback = cb; -

3162

}

never executed: end of block

3163 -

3164 void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) -

3165 { -

3166 s->default_passwd_callback_userdata = u; -

3167

}

never executed: end of block

3168 -

3169 pem_password_cb *SSL_get_default_passwd_cb(SSL *s) -

3170 { -

3171

return s->default_passwd_callback;

never executed: return s->default_passwd_callback;

3172 } -

3173 -

3174 void *SSL_get_default_passwd_cb_userdata(SSL *s) -

3175 { -

3176

return s->default_passwd_callback_userdata;

never executed: return s->default_passwd_callback_userdata;

3177 } -

3178 -

3179 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, -

3180 int (*cb) (X509_STORE_CTX *, void *), -

3181 void *arg) -

3182 { -

3183 ctx->app_verify_callback = cb; -

3184 ctx->app_verify_arg = arg; -

3185

}

executed 15 times by 1 test: end of block

Executed by:

libssl.so.1.1

3186 -

3187 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, -

3188 int (*cb) (int, X509_STORE_CTX *)) -

3189 { -

3190 ctx->verify_mode = mode; -

3191 ctx->default_verify_callback = cb; -

3192

}

executed 382 times by 1 test: end of block

Executed by:

libssl.so.1.1

382

3193 -

3194 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) -

3195 { -

3196 X509_VERIFY_PARAM_set_depth(ctx->param, depth); -

3197

}

never executed: end of block

3198 -

3199 void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg) -

3200 { -

3201 ssl_cert_set_cert_cb(c->cert, cb, arg); -

3202

}

executed 3 times by 1 test: end of block

Executed by:

libssl.so.1.1

3203 -

3204 void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) -

3205 { -

3206 ssl_cert_set_cert_cb(s->cert, cb, arg); -

3207

}

never executed: end of block

3208 -

3209 void ssl_set_masks(SSL *s) -

3210 { -

3211 CERT *c = s->cert; -

3212 uint32_t *pvalid = s->s3->tmp.valid_flags; -

3213 int rsa_enc, rsa_sign, dh_tmp, dsa_sign; -

3214 unsigned long mask_k, mask_a; -

3215 #ifndef OPENSSL_NO_EC -

3216 int have_ecc_cert, ecdsa_ok; -

3217 #endif -

3218

if (c == NULL)

c == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1622 times by 1 test Evaluated by: libssl.so.1.1

0-1622

3219

return;

never executed: return;

3220 -

3221 #ifndef OPENSSL_NO_DH -

3222

dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);

c->dh_tmp != ((void *)0)	Description
TRUE	evaluated 123 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1499 times by 1 test Evaluated by: libssl.so.1.1

c->dh_tmp_cb != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1499 times by 1 test Evaluated by: libssl.so.1.1

c->dh_tmp_auto	Description
TRUE	evaluated 194 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1305 times by 1 test Evaluated by: libssl.so.1.1

0-1499

3223 #else -

3224 dh_tmp = 0; -

3225 #endif -

3226 -

3227 rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; -

3228 rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; -

3229 dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID; -

3230 #ifndef OPENSSL_NO_EC -

3231 have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; -

3232 #endif -

3233 mask_k = 0; -

3234 mask_a = 0; -

3235 -

3236 #ifdef CIPHER_DEBUG -

3237 fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n", -

3238 dh_tmp, rsa_enc, rsa_sign, dsa_sign); -

3239 #endif -

3240 -

3241 #ifndef OPENSSL_NO_GOST -

3242

if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {

ssl_has_cert(s, 6)	Description
TRUE	never evaluated
FALSE	evaluated 1622 times by 1 test Evaluated by: libssl.so.1.1

0-1622

3243 mask_k |= SSL_kGOST; -

3244 mask_a |= SSL_aGOST12; -

3245

}

never executed: end of block

3246

if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {

ssl_has_cert(s, 5)	Description
TRUE	never evaluated
FALSE	evaluated 1622 times by 1 test Evaluated by: libssl.so.1.1

0-1622

3247 mask_k |= SSL_kGOST; -

3248 mask_a |= SSL_aGOST12; -

3249

}

never executed: end of block

3250

if (ssl_has_cert(s, SSL_PKEY_GOST01)) {

ssl_has_cert(s, 4)	Description
TRUE	never evaluated
FALSE	evaluated 1622 times by 1 test Evaluated by: libssl.so.1.1

0-1622

3251 mask_k |= SSL_kGOST; -

3252 mask_a |= SSL_aGOST01; -

3253

}

never executed: end of block

3254 #endif -

3255 -

3256

if (rsa_enc)

rsa_enc	Description
TRUE	evaluated 1590 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

32-1590

3257

mask_k |= SSL_kRSA;

executed 1590 times by 1 test: mask_k |= 0x00000001U;

Executed by:

libssl.so.1.1

1590

3258 -

3259

if (dh_tmp)

dh_tmp	Description
TRUE	evaluated 317 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1305 times by 1 test Evaluated by: libssl.so.1.1

317-1305

3260

mask_k |= SSL_kDHE;

executed 317 times by 1 test: mask_k |= 0x00000002U;

Executed by:

libssl.so.1.1

317

3261 -

3262 /* -

3263 * If we only have an RSA-PSS certificate allow RSA authentication -

3264 * if TLS 1.2 and peer supports it. -

3265 */ -

3266 -

3267

if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)

rsa_enc	Description
TRUE	evaluated 1590 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

rsa_sign	Description
TRUE	never evaluated
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

ssl_has_cert(s, 1)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 30 times by 1 test Evaluated by: libssl.so.1.1

0-1590

3268

&& pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN

pvalid[1] & 0x100	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

3269

&& TLS1_get_version(s) == TLS1_2_VERSION))

(SSL_version(s) >> 8) == 0x03	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

((SSL_version(...: 0) == 0x0303	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-2

3270

mask_a |= SSL_aRSA;

executed 1591 times by 1 test: mask_a |= 0x00000001U;

Executed by:

libssl.so.1.1

1591

3271 -

3272

if (dsa_sign) {

dsa_sign	Description
TRUE	evaluated 668 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 954 times by 1 test Evaluated by: libssl.so.1.1

668-954

3273 mask_a |= SSL_aDSS; -

3274

}

executed 668 times by 1 test: end of block

Executed by:

libssl.so.1.1

668

3275 -

3276 mask_a |= SSL_aNULL; -

3277 -

3278 /* -

3279 * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites -

3280 * depending on the key usage extension. -

3281 */ -

3282 #ifndef OPENSSL_NO_EC -

3283

if (have_ecc_cert) {

have_ecc_cert	Description
TRUE	evaluated 525 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1097 times by 1 test Evaluated by: libssl.so.1.1

525-1097

3284 uint32_t ex_kusage; -

3285 ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509); -

3286 ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; -

3287

if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))

!(pvalid[3] & 0x2)	Description
TRUE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 492 times by 1 test Evaluated by: libssl.so.1.1

33-492

3288

ecdsa_ok = 0;

executed 33 times by 1 test: ecdsa_ok = 0;

Executed by:

libssl.so.1.1

3289

if (ecdsa_ok)

ecdsa_ok	Description
TRUE	evaluated 492 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1

33-492

3290

mask_a |= SSL_aECDSA;

executed 492 times by 1 test: mask_a |= 0x00000008U;

Executed by:

libssl.so.1.1

492

3291

}

executed 525 times by 1 test: end of block

Executed by:

libssl.so.1.1

525

3292 /* Allow Ed25519 for TLS 1.2 if peer supports it */ -

3293

if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)

!(mask_a & 0x00000008U)	Description
TRUE	evaluated 1130 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 492 times by 1 test Evaluated by: libssl.so.1.1

ssl_has_cert(s, 7)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1124 times by 1 test Evaluated by: libssl.so.1.1

6-1130

3294

&& pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN

pvalid[7] & 0x100	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

1-5

3295

&& TLS1_get_version(s) == TLS1_2_VERSION)

(SSL_version(s) >> 8) == 0x03	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

((SSL_version(...: 0) == 0x0303	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

3296

mask_a |= SSL_aECDSA;

executed 1 time by 1 test: mask_a |= 0x00000008U;

Executed by:

libssl.so.1.1

3297 -

3298 /* Allow Ed448 for TLS 1.2 if peer supports it */ -

3299

if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)

!(mask_a & 0x00000008U)	Description
TRUE	evaluated 1129 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1

ssl_has_cert(s, 8)	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1124 times by 1 test Evaluated by: libssl.so.1.1

5-1129

3300

&& pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN

pvalid[8] & 0x100	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

1-4

3301

&& TLS1_get_version(s) == TLS1_2_VERSION)

(SSL_version(s) >> 8) == 0x03	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

((SSL_version(...: 0) == 0x0303	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

3302

mask_a |= SSL_aECDSA;

executed 1 time by 1 test: mask_a |= 0x00000008U;

Executed by:

libssl.so.1.1

3303 #endif -

3304 -

3305 #ifndef OPENSSL_NO_EC -

3306 mask_k |= SSL_kECDHE; -

3307 #endif -

3308 -

3309 #ifndef OPENSSL_NO_PSK -

3310 mask_k |= SSL_kPSK; -

3311 mask_a |= SSL_aPSK; -

3312

if (mask_k & SSL_kRSA)

mask_k & 0x00000001U	Description
TRUE	evaluated 1590 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

32-1590

3313

mask_k |= SSL_kRSAPSK;

executed 1590 times by 1 test: mask_k |= 0x00000040U;

Executed by:

libssl.so.1.1

1590

3314

if (mask_k & SSL_kDHE)

mask_k & 0x00000002U	Description
TRUE	evaluated 317 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1305 times by 1 test Evaluated by: libssl.so.1.1

317-1305

3315

mask_k |= SSL_kDHEPSK;

executed 317 times by 1 test: mask_k |= 0x00000100U;

Executed by:

libssl.so.1.1

317

3316

if (mask_k & SSL_kECDHE)

mask_k & 0x00000004U	Description
TRUE	evaluated 1622 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1622

3317

mask_k |= SSL_kECDHEPSK;

executed 1622 times by 1 test: mask_k |= 0x00000080U;

Executed by:

libssl.so.1.1

1622

3318 #endif -

3319 -

3320 s->s3->tmp.mask_k = mask_k; -

3321 s->s3->tmp.mask_a = mask_a; -

3322

}

executed 1622 times by 1 test: end of block

Executed by:

libssl.so.1.1

1622

3323 -

3324 #ifndef OPENSSL_NO_EC -

3325 -

3326 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) -

3327 { -

3328

if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {

s->s3->tmp.new... & 0x00000008U	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-31

3329 /* key usage, if present, must allow signing */ -

3330

if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {

!(X509_get_key...e(x) & 0x0080)	Description
TRUE	never evaluated
FALSE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1

0-31

3331 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, -

3332 SSL_R_ECC_CERT_NOT_FOR_SIGNING); -

3333

return 0;

never executed: return 0;

3334 } -

3335

}

executed 31 times by 1 test: end of block

Executed by:

libssl.so.1.1

3336

return 1; /* all checks are ok */

executed 31 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3337 } -

3338 -

3339 #endif -

3340 -

3341 int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, -

3342 size_t *serverinfo_length) -

3343 { -

3344 CERT_PKEY *cpk = s->s3->tmp.cert; -

3345 *serverinfo_length = 0; -

3346 -

3347

if (cpk == NULL || cpk->serverinfo == NULL)

cpk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

cpk->serverinfo == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

3348

return 0;

never executed: return 0;

3349 -

3350 *serverinfo = cpk->serverinfo; -

3351 *serverinfo_length = cpk->serverinfo_length; -

3352

return 1;

executed 8 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3353 } -

3354 -

3355 void ssl_update_cache(SSL *s, int mode) -

3356 { -

3357 int i; -

3358 -

3359 /* -

3360 * If the session_id_length is 0, we are not supposed to cache it, and it -

3361 * would be rather hard to do anyway :-) -

3362 */ -

3363

if (s->session->session_id_length == 0)

s->session->se...id_length == 0	Description
TRUE	evaluated 895 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3177 times by 1 test Evaluated by: libssl.so.1.1

895-3177

3364

return;

executed 895 times by 1 test: return;

Executed by:

libssl.so.1.1

895

3365 -

3366 /* -

3367 * If sid_ctx_length is 0 there is no specific application context -

3368 * associated with this session, so when we try to resume it and -

3369 * SSL_VERIFY_PEER is requested to verify the client identity, we have no -

3370 * indication that this is actually a session for the proper application -

3371 * context, and the *handshake* will fail, not just the resumption attempt. -

3372 * Do not cache (on the server) these sessions that are not resumable -

3373 * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). -

3374 */ -

3375

if (s->server && s->session->sid_ctx_length == 0

s->server	Description
TRUE	evaluated 1187 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1990 times by 1 test Evaluated by: libssl.so.1.1

s->session->si...tx_length == 0	Description
TRUE	evaluated 997 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

190-1990

3376

&& (s->verify_mode & SSL_VERIFY_PEER) != 0)

(s->verify_mode & 0x01) != 0	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 949 times by 1 test Evaluated by: libssl.so.1.1

48-949

3377

return;

executed 48 times by 1 test: return;

Executed by:

libssl.so.1.1

3378 -

3379 i = s->session_ctx->session_cache_mode; -

3380

if ((i & mode) != 0

(i & mode) != 0	Description
TRUE	evaluated 1299 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1830 times by 1 test Evaluated by: libssl.so.1.1

1299-1830

3381

&& (!s->hit || SSL_IS_TLS13(s))) {

!s->hit	Description
TRUE	evaluated 1093 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 206 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 51 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1093

3382 /* -

3383 * Add the session to the internal cache. In server side TLSv1.3 we -

3384 * normally don't do this because by default it's a full stateless ticket -

3385 * with only a dummy session id so there is no reason to cache it, -

3386 * unless: -

3387 * - we are doing early_data, in which case we cache so that we can -

3388 * detect replays -

3389 * - the application has set a remove_session_cb so needs to know about -

3390 * session timeout events -

3391 * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket -

3392 */ -

3393

if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0

(i & 0x0200) == 0	Description
TRUE	evaluated 974 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 258 times by 1 test Evaluated by: libssl.so.1.1

258-974

3394

&& (!SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 957 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 890 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 67 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 890 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-957

3395

|| !s->server

!s->server	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 880 times by 1 test Evaluated by: libssl.so.1.1

10-880

3396

|| (s->max_early_data > 0

s->max_early_data > 0	Description
TRUE	evaluated 147 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 733 times by 1 test Evaluated by: libssl.so.1.1

147-733

3397

&& (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)

(s->options & ...1000000U) == 0	Description
TRUE	evaluated 115 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

32-115

3398

|| s->session_ctx->remove_session_cb != NULL

s->session_ctx...!= ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 762 times by 1 test Evaluated by: libssl.so.1.1

3-762

3399

|| (s->options & SSL_OP_NO_TICKET) != 0))

(s->options & ...0004000U) != 0	Description
TRUE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 701 times by 1 test Evaluated by: libssl.so.1.1

61-701

3400

SSL_CTX_add_session(s->session_ctx, s->session);

executed 273 times by 1 test: SSL_CTX_add_session(s->session_ctx, s->session);

Executed by:

libssl.so.1.1

273

3401 -

3402 /* -

3403 * Add the session to the external cache. We do this even in server side -

3404 * TLSv1.3 without early data because some applications just want to -

3405 * know about the creation of a session and aren't doing a full cache. -

3406 */ -

3407

if (s->session_ctx->new_session_cb != NULL) {

s->session_ctx...!= ((void *)0)	Description
TRUE	evaluated 269 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 963 times by 1 test Evaluated by: libssl.so.1.1

269-963

3408 SSL_SESSION_up_ref(s->session); -

3409

if (!s->session_ctx->new_session_cb(s, s->session))

!s->session_ct...s, s->session)	Description
TRUE	evaluated 184 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 85 times by 1 test Evaluated by: libssl.so.1.1

85-184

3410

SSL_SESSION_free(s->session);

executed 184 times by 1 test: SSL_SESSION_free(s->session);

Executed by:

libssl.so.1.1

184

3411

}

executed 269 times by 1 test: end of block

Executed by:

libssl.so.1.1

269

3412

}

executed 1232 times by 1 test: end of block

Executed by:

libssl.so.1.1

1232

3413 -

3414 /* auto flush every 255 connections */ -

3415

if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {

(!(i & 0x0080))	Description
TRUE	evaluated 3129 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

((i & mode) == mode)	Description
TRUE	evaluated 1299 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1830 times by 1 test Evaluated by: libssl.so.1.1

0-3129

3416 TSAN_QUALIFIER int *stat; -

3417

if (mode & SSL_SESS_CACHE_CLIENT)

mode & 0x0001	Description
TRUE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1119 times by 1 test Evaluated by: libssl.so.1.1

180-1119

3418

stat = &s->session_ctx->stats.sess_connect_good;

executed 180 times by 1 test: stat = &s->session_ctx->stats.sess_connect_good;

Executed by:

libssl.so.1.1

180

3419 else -

3420

stat = &s->session_ctx->stats.sess_accept_good;

executed 1119 times by 1 test: stat = &s->session_ctx->stats.sess_accept_good;

Executed by:

libssl.so.1.1

1119

3421

if ((tsan_load(stat) & 0xff) == 0xff)

( __extension_... 0xff) == 0xff	Description
TRUE	never evaluated
FALSE	evaluated 1299 times by 1 test Evaluated by: libssl.so.1.1

0-1299

3422

SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));

never executed: SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time( ((void *)0) ));

3423

}

executed 1299 times by 1 test: end of block

Executed by:

libssl.so.1.1

1299

3424

}

executed 3129 times by 1 test: end of block

Executed by:

libssl.so.1.1

3129

3425 -

3426 const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) -

3427 { -

3428

return ctx->method;

never executed: return ctx->method;

3429 } -

3430 -

3431 const SSL_METHOD *SSL_get_ssl_method(SSL *s) -

3432 { -

3433

return s->method;

never executed: return s->method;

3434 } -

3435 -

3436 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) -

3437 { -

3438 int ret = 1; -

3439 -

3440

if (s->method != meth) {

s->method != meth	Description
TRUE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-33

3441 const SSL_METHOD *sm = s->method; -

3442 int (*hf) (SSL *) = s->handshake_func; -

3443 -

3444

if (sm->version == meth->version)

sm->version == meth->version	Description
TRUE	never evaluated
FALSE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1

0-33

3445

s->method = meth;

never executed: s->method = meth;

3446 else { -

3447 sm->ssl_free(s); -

3448 s->method = meth; -

3449 ret = s->method->ssl_new(s); -

3450

}

executed 33 times by 1 test: end of block

Executed by:

libssl.so.1.1

3451 -

3452

if (hf == sm->ssl_connect)

hf == sm->ssl_connect	Description
TRUE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-33

3453

s->handshake_func = meth->ssl_connect;

executed 33 times by 1 test: s->handshake_func = meth->ssl_connect;

Executed by:

libssl.so.1.1

3454

else if (hf == sm->ssl_accept)

hf == sm->ssl_accept	Description
TRUE	never evaluated
FALSE	never evaluated

3455

s->handshake_func = meth->ssl_accept;

never executed: s->handshake_func = meth->ssl_accept;

3456

}

executed 33 times by 1 test: end of block

Executed by:

libssl.so.1.1

3457

return ret;

executed 33 times by 1 test: return ret;

Executed by:

libssl.so.1.1

3458 } -

3459 -

3460 int SSL_get_error(const SSL *s, int i) -

3461 { -

3462 int reason; -

3463 unsigned long l; -

3464 BIO *bio; -

3465 -

3466

if (i > 0)

i > 0	Description
TRUE	evaluated 1036 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 31153 times by 1 test Evaluated by: libssl.so.1.1

1036-31153

3467

return SSL_ERROR_NONE;

executed 1036 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1036

3468 -

3469 /* -

3470 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, -

3471 * where we do encode the error -

3472 */ -

3473

if ((l = ERR_peek_error()) != 0) {

(l = ERR_peek_error()) != 0	Description
TRUE	evaluated 760 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 30393 times by 1 test Evaluated by: libssl.so.1.1

760-30393

3474

if (ERR_GET_LIB(l) == ERR_LIB_SYS)

(int)(((l) >> ...& 0x0FFL) == 2	Description
TRUE	never evaluated
FALSE	evaluated 760 times by 1 test Evaluated by: libssl.so.1.1

0-760

3475

return SSL_ERROR_SYSCALL;

never executed: return 5;

3476 else -

3477

return SSL_ERROR_SSL;

executed 760 times by 1 test: return 1;

Executed by:

libssl.so.1.1

760

3478 } -

3479 -

3480

if (SSL_want_read(s)) {

(SSL_want(s) == 3)	Description
TRUE	evaluated 28917 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1476 times by 1 test Evaluated by: libssl.so.1.1

1476-28917

3481 bio = SSL_get_rbio(s); -

3482

if (BIO_should_read(bio))

BIO_test_flags(bio, 0x01)	Description
TRUE	evaluated 28908 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

9-28908

3483

return SSL_ERROR_WANT_READ;

executed 28908 times by 1 test: return 2;

Executed by:

libssl.so.1.1

28908

3484

else if (BIO_should_write(bio))

BIO_test_flags(bio, 0x02)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

3485 /* -

3486 * This one doesn't make too much sense ... We never try to write -

3487 * to the rbio, and an application program where rbio and wbio -

3488 * are separate couldn't even know what it should wait for. -

3489 * However if we ever set s->rwstate incorrectly (so that we have -

3490 * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and -

3491 * wbio *are* the same, this test works around that bug; so it -

3492 * might be safer to keep it. -

3493 */ -

3494

return SSL_ERROR_WANT_WRITE;

never executed: return 3;

3495

else if (BIO_should_io_special(bio)) {

BIO_test_flags(bio, 0x04)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

3496 reason = BIO_get_retry_reason(bio); -

3497

if (reason == BIO_RR_CONNECT)

reason == 0x02	Description
TRUE	never evaluated
FALSE	never evaluated

3498

return SSL_ERROR_WANT_CONNECT;

never executed: return 7;

3499

else if (reason == BIO_RR_ACCEPT)

reason == 0x03	Description
TRUE	never evaluated
FALSE	never evaluated

3500

return SSL_ERROR_WANT_ACCEPT;

never executed: return 8;

3501 else -

3502

return SSL_ERROR_SYSCALL; /* unknown */

never executed: return 5;

3503 } -

3504

}

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

3505 -

3506

if (SSL_want_write(s)) {

(SSL_want(s) == 2)	Description
TRUE	evaluated 1127 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 358 times by 1 test Evaluated by: libssl.so.1.1

358-1127

3507 /* Access wbio directly - in order to use the buffered bio if present */ -

3508 bio = s->wbio; -

3509

if (BIO_should_write(bio))

BIO_test_flags(bio, 0x02)	Description
TRUE	evaluated 1127 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1127

3510

return SSL_ERROR_WANT_WRITE;

executed 1127 times by 1 test: return 3;

Executed by:

libssl.so.1.1

1127

3511

else if (BIO_should_read(bio))

BIO_test_flags(bio, 0x01)	Description
TRUE	never evaluated
FALSE	never evaluated

3512 /* -

3513 * See above (SSL_want_read(s) with BIO_should_write(bio)) -

3514 */ -

3515

return SSL_ERROR_WANT_READ;

never executed: return 2;

3516

else if (BIO_should_io_special(bio)) {

BIO_test_flags(bio, 0x04)	Description
TRUE	never evaluated
FALSE	never evaluated

3517 reason = BIO_get_retry_reason(bio); -

3518

if (reason == BIO_RR_CONNECT)

reason == 0x02	Description
TRUE	never evaluated
FALSE	never evaluated

3519

return SSL_ERROR_WANT_CONNECT;

never executed: return 7;

3520

else if (reason == BIO_RR_ACCEPT)

reason == 0x03	Description
TRUE	never evaluated
FALSE	never evaluated

3521

return SSL_ERROR_WANT_ACCEPT;

never executed: return 8;

3522 else -

3523

return SSL_ERROR_SYSCALL;

never executed: return 5;

3524 } -

3525

}

never executed: end of block

3526

if (SSL_want_x509_lookup(s))

(SSL_want(s) == 4)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 356 times by 1 test Evaluated by: libssl.so.1.1

2-356

3527

return SSL_ERROR_WANT_X509_LOOKUP;

executed 2 times by 1 test: return 4;

Executed by:

libssl.so.1.1

3528

if (SSL_want_async(s))

(SSL_want(s) == 5)	Description
TRUE	never evaluated
FALSE	evaluated 356 times by 1 test Evaluated by: libssl.so.1.1

0-356

3529

return SSL_ERROR_WANT_ASYNC;

never executed: return 9;

3530

if (SSL_want_async_job(s))

(SSL_want(s) == 6)	Description
TRUE	never evaluated
FALSE	evaluated 356 times by 1 test Evaluated by: libssl.so.1.1

0-356

3531

return SSL_ERROR_WANT_ASYNC_JOB;

never executed: return 10;

3532

if (SSL_want_client_hello_cb(s))

(SSL_want(s) == 7)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 354 times by 1 test Evaluated by: libssl.so.1.1

2-354

3533

return SSL_ERROR_WANT_CLIENT_HELLO_CB;

executed 2 times by 1 test: return 11;

Executed by:

libssl.so.1.1

3534 -

3535

if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&

(s->shutdown & 2)	Description
TRUE	evaluated 223 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 131 times by 1 test Evaluated by: libssl.so.1.1

131-223

3536

(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))

(s->s3->warn_alert == 0)	Description
TRUE	evaluated 223 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-223

3537

return SSL_ERROR_ZERO_RETURN;

executed 223 times by 1 test: return 6;

Executed by:

libssl.so.1.1

223

3538 -

3539

return SSL_ERROR_SYSCALL;

executed 131 times by 1 test: return 5;

Executed by:

libssl.so.1.1

131

3540 } -

3541 -

3542 static int ssl_do_handshake_intern(void *vargs) -

3543 { -

3544 struct ssl_async_args *args; -

3545 SSL *s; -

3546 -

3547 args = (struct ssl_async_args *)vargs; -

3548 s = args->s; -

3549 -

3550

return s->handshake_func(s);

never executed: return s->handshake_func(s);

3551 } -

3552 -

3553 int SSL_do_handshake(SSL *s) -

3554 { -

3555 int ret = 1; -

3556 -

3557

if (s->handshake_func == NULL) {

s->handshake_f...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 24091 times by 1 test Evaluated by: libssl.so.1.1

0-24091

3558 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); -

3559

return -1;

never executed: return -1;

3560 } -

3561 -

3562 ossl_statem_check_finish_init(s, -1); -

3563 -

3564 s->method->ssl_renegotiate_check(s, 0); -

3565 -

3566

if (SSL_in_init(s) || SSL_in_before(s)) {

SSL_in_init(s)	Description
TRUE	evaluated 24032 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

SSL_in_before(s)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-24032

3567

if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {

(s->mode & 0x00000100U)	Description
TRUE	never evaluated
FALSE	evaluated 24032 times by 1 test Evaluated by: libssl.so.1.1

ASYNC_get_curr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-24032

3568 struct ssl_async_args args; -

3569 -

3570 args.s = s; -

3571 -

3572 ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); -

3573

} else {

never executed: end of block

3574 ret = s->handshake_func(s); -

3575

}

executed 24032 times by 1 test: end of block

Executed by:

libssl.so.1.1

24032

3576 } -

3577

return ret;

executed 24091 times by 1 test: return ret;

Executed by:

libssl.so.1.1

24091

3578 } -

3579 -

3580 void SSL_set_accept_state(SSL *s) -

3581 { -

3582 s->server = 1; -

3583 s->shutdown = 0; -

3584 ossl_statem_clear(s); -

3585 s->handshake_func = s->method->ssl_accept; -

3586 clear_ciphers(s); -

3587

}

executed 3771 times by 1 test: end of block

Executed by:

libssl.so.1.1

3771

3588 -

3589 void SSL_set_connect_state(SSL *s) -

3590 { -

3591 s->server = 0; -

3592 s->shutdown = 0; -

3593 ossl_statem_clear(s); -

3594 s->handshake_func = s->method->ssl_connect; -

3595 clear_ciphers(s); -

3596

}

executed 4336 times by 1 test: end of block

Executed by:

libssl.so.1.1

4336

3597 -

3598 int ssl_undefined_function(SSL *s) -

3599 { -

3600 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

3601

return 0;

never executed: return 0;

3602 } -

3603 -

3604 int ssl_undefined_void_function(void) -

3605 { -

3606 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, -

3607 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

3608

return 0;

never executed: return 0;

3609 } -

3610 -

3611 int ssl_undefined_const_function(const SSL *s) -

3612 { -

3613

return 0;

never executed: return 0;

3614 } -

3615 -

3616 const SSL_METHOD *ssl_bad_method(int ver) -

3617 { -

3618 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

3619

return NULL;

never executed: return ((void *)0) ;

3620 } -

3621 -

3622 const char *ssl_protocol_to_string(int version) -

3623 { -

3624 switch(version) -

3625 { -

3626

case TLS1_3_VERSION:

executed 156 times by 1 test: case 0x0304:

Executed by:

libssl.so.1.1

156

3627

return "TLSv1.3";

executed 156 times by 1 test: return "TLSv1.3";

Executed by:

libssl.so.1.1

156

3628 -

3629

case TLS1_2_VERSION:

executed 290 times by 1 test: case 0x0303:

Executed by:

libssl.so.1.1

290

3630

return "TLSv1.2";

executed 290 times by 1 test: return "TLSv1.2";

Executed by:

libssl.so.1.1

290

3631 -

3632

case TLS1_1_VERSION:

executed 8 times by 1 test: case 0x0302:

Executed by:

libssl.so.1.1

3633

return "TLSv1.1";

executed 8 times by 1 test: return "TLSv1.1";

Executed by:

libssl.so.1.1

3634 -

3635

case TLS1_VERSION:

executed 61 times by 1 test: case 0x0301:

Executed by:

libssl.so.1.1

3636

return "TLSv1";

executed 61 times by 1 test: return "TLSv1";

Executed by:

libssl.so.1.1

3637 -

3638

case SSL3_VERSION:

executed 115 times by 1 test: case 0x0300:

Executed by:

libssl.so.1.1

115

3639

return "SSLv3";

executed 115 times by 1 test: return "SSLv3";

Executed by:

libssl.so.1.1

115

3640 -

3641

case DTLS1_BAD_VER:

never executed: case 0x0100:

3642

return "DTLSv0.9";

never executed: return "DTLSv0.9";

3643 -

3644

case DTLS1_VERSION:

never executed: case 0xFEFF:

3645

return "DTLSv1";

never executed: return "DTLSv1";

3646 -

3647

case DTLS1_2_VERSION:

never executed: case 0xFEFD:

3648

return "DTLSv1.2";

never executed: return "DTLSv1.2";

3649 -

3650

default:

executed 25 times by 1 test: default:

Executed by:

libssl.so.1.1

3651

return "unknown";

executed 25 times by 1 test: return "unknown";

Executed by:

libssl.so.1.1

3652 } -

3653 } -

3654 -

3655 const char *SSL_get_version(const SSL *s) -

3656 { -

3657

return ssl_protocol_to_string(s->version);

executed 266 times by 1 test: return ssl_protocol_to_string(s->version);

Executed by:

libssl.so.1.1

266

3658 } -

3659 -

3660 SSL *SSL_dup(SSL *s) -

3661 { -

3662 STACK_OF(X509_NAME) *sk; -

3663 X509_NAME *xn; -

3664 SSL *ret; -

3665 int i; -

3666 -

3667 /* If we're not quiescent, just up_ref! */ -

3668

if (!SSL_in_init(s) || !SSL_in_before(s)) {

!SSL_in_init(s)	Description
TRUE	never evaluated
FALSE	never evaluated

!SSL_in_before(s)	Description
TRUE	never evaluated
FALSE	never evaluated

3669 CRYPTO_UP_REF(&s->references, &i, s->lock); -

3670

return s;

never executed: return s;

3671 } -

3672 -

3673 /* -

3674 * Otherwise, copy configuration state, and session if set. -

3675 */ -

3676

if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)

(ret = SSL_new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3677

return NULL;

never executed: return ((void *)0) ;

3678 -

3679

if (s->session != NULL) {

s->session != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3680 /* -

3681 * Arranges to share the same session via up_ref. This "copies" -

3682 * session-id, SSL_METHOD, sid_ctx, and 'cert' -

3683 */ -

3684

if (!SSL_copy_session_id(ret, s))

!SSL_copy_session_id(ret, s)	Description
TRUE	never evaluated
FALSE	never evaluated

3685

goto err;

never executed: goto err;

3686

} else {

never executed: end of block

3687 /* -

3688 * No session has been established yet, so we have to expect that -

3689 * s->cert or ret->cert will be changed later -- they should not both -

3690 * point to the same object, and thus we can't use -

3691 * SSL_copy_session_id. -

3692 */ -

3693

if (!SSL_set_ssl_method(ret, s->method))

!SSL_set_ssl_m...et, s->method)	Description
TRUE	never evaluated
FALSE	never evaluated

3694

goto err;

never executed: goto err;

3695 -

3696

if (s->cert != NULL) {

s->cert != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3697 ssl_cert_free(ret->cert); -

3698 ret->cert = ssl_cert_dup(s->cert); -

3699

if (ret->cert == NULL)

ret->cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3700

goto err;

never executed: goto err;

3701

}

never executed: end of block

3702 -

3703

if (!SSL_set_session_id_context(ret, s->sid_ctx,

!SSL_set_sessi...id_ctx_length)	Description
TRUE	never evaluated
FALSE	never evaluated

3704

(int)s->sid_ctx_length))

!SSL_set_sessi...id_ctx_length)	Description
TRUE	never evaluated
FALSE	never evaluated

3705

goto err;

never executed: goto err;

3706

}

never executed: end of block

3707 -

3708

if (!ssl_dane_dup(ret, s))

!ssl_dane_dup(ret, s)	Description
TRUE	never evaluated
FALSE	never evaluated

3709

goto err;

never executed: goto err;

3710 ret->version = s->version; -

3711 ret->options = s->options; -

3712 ret->mode = s->mode; -

3713 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); -

3714 SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); -

3715 ret->msg_callback = s->msg_callback; -

3716 ret->msg_callback_arg = s->msg_callback_arg; -

3717 SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); -

3718 SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); -

3719 ret->generate_session_id = s->generate_session_id; -

3720 -

3721 SSL_set_info_callback(ret, SSL_get_info_callback(s)); -

3722 -

3723 /* copy app data, a little dangerous perhaps */ -

3724

if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))

!CRYPTO_dup_ex..., &s->ex_data)	Description
TRUE	never evaluated
FALSE	never evaluated

3725

goto err;

never executed: goto err;

3726 -

3727 /* setup rbio, and wbio */ -

3728

if (s->rbio != NULL) {

s->rbio != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3729

if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))

!BIO_ctrl(s->r...*)&ret->rbio))	Description
TRUE	never evaluated
FALSE	never evaluated

3730

goto err;

never executed: goto err;

3731

}

never executed: end of block

3732

if (s->wbio != NULL) {

s->wbio != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3733

if (s->wbio != s->rbio) {

s->wbio != s->rbio	Description
TRUE	never evaluated
FALSE	never evaluated

3734

if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))

!BIO_ctrl(s->w...*)&ret->wbio))	Description
TRUE	never evaluated
FALSE	never evaluated

3735

goto err;

never executed: goto err;

3736

} else {

never executed: end of block

3737 BIO_up_ref(ret->rbio); -

3738 ret->wbio = ret->rbio; -

3739

}

never executed: end of block

3740 } -

3741 -

3742 ret->server = s->server; -

3743

if (s->handshake_func) {

s->handshake_func	Description
TRUE	never evaluated
FALSE	never evaluated

3744

if (s->server)

s->server	Description
TRUE	never evaluated
FALSE	never evaluated

3745

SSL_set_accept_state(ret);

never executed: SSL_set_accept_state(ret);

3746 else -

3747

SSL_set_connect_state(ret);

never executed: SSL_set_connect_state(ret);

3748 } -

3749 ret->shutdown = s->shutdown; -

3750 ret->hit = s->hit; -

3751 -

3752 ret->default_passwd_callback = s->default_passwd_callback; -

3753 ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; -

3754 -

3755 X509_VERIFY_PARAM_inherit(ret->param, s->param); -

3756 -

3757 /* dup the cipher_list and cipher_list_by_id stacks */ -

3758

if (s->cipher_list != NULL) {

s->cipher_list != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3759

if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)

(ret->cipher_l...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3760

goto err;

never executed: goto err;

3761

}

never executed: end of block

3762

if (s->cipher_list_by_id != NULL)

s->cipher_list...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3763

if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))

(ret->cipher_l...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3764

== NULL)

(ret->cipher_l...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3765

goto err;

never executed: goto err;

3766 -

3767 /* Dup the client_CA list */ -

3768

if (s->ca_names != NULL) {

s->ca_names != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3769

if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)

(sk = sk_X509_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3770

goto err;

never executed: goto err;

3771 ret->ca_names = sk; -

3772

for (i = 0; i < sk_X509_NAME_num(sk); i++) {

i < sk_X509_NAME_num(sk)	Description
TRUE	never evaluated
FALSE	never evaluated

3773 xn = sk_X509_NAME_value(sk, i); -

3774

if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {

sk_X509_NAME_s...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3775 X509_NAME_free(xn); -

3776

goto err;

never executed: goto err;

3777 } -

3778

}

never executed: end of block

3779

}

never executed: end of block

3780

return ret;

never executed: return ret;

3781 -

3782 err: -

3783 SSL_free(ret); -

3784

return NULL;

never executed: return ((void *)0) ;

3785 } -

3786 -

3787 void ssl_clear_cipher_ctx(SSL *s) -

3788 { -

3789

if (s->enc_read_ctx != NULL) {

s->enc_read_ctx != ((void *)0)	Description
TRUE	evaluated 3897 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 28733 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

3897-28733

3790 EVP_CIPHER_CTX_free(s->enc_read_ctx); -

3791 s->enc_read_ctx = NULL; -

3792

}

executed 3897 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

3897

3793

if (s->enc_write_ctx != NULL) {

s->enc_write_c...!= ((void *)0)	Description
TRUE	evaluated 3913 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 28717 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

3913-28717

3794 EVP_CIPHER_CTX_free(s->enc_write_ctx); -

3795 s->enc_write_ctx = NULL; -

3796

}

executed 3913 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

3913

3797 #ifndef OPENSSL_NO_COMP -

3798 COMP_CTX_free(s->expand); -

3799 s->expand = NULL; -

3800 COMP_CTX_free(s->compress); -

3801 s->compress = NULL; -

3802 #endif -

3803

}

executed 32630 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

32630

3804 -

3805 X509 *SSL_get_certificate(const SSL *s) -

3806 { -

3807

if (s->cert != NULL)

s->cert != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3808

return s->cert->key->x509;

never executed: return s->cert->key->x509;

3809 else -

3810

return NULL;

never executed: return ((void *)0) ;

3811 } -

3812 -

3813 EVP_PKEY *SSL_get_privatekey(const SSL *s) -

3814 { -

3815

if (s->cert != NULL)

s->cert != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3816

return s->cert->key->privatekey;

never executed: return s->cert->key->privatekey;

3817 else -

3818

return NULL;

never executed: return ((void *)0) ;

3819 } -

3820 -

3821 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) -

3822 { -

3823

if (ctx->cert != NULL)

ctx->cert != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3824

return ctx->cert->key->x509;

never executed: return ctx->cert->key->x509;

3825 else -

3826

return NULL;

never executed: return ((void *)0) ;

3827 } -

3828 -

3829 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) -

3830 { -

3831

if (ctx->cert != NULL)

ctx->cert != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3832

return ctx->cert->key->privatekey;

never executed: return ctx->cert->key->privatekey;

3833 else -

3834

return NULL;

never executed: return ((void *)0) ;

3835 } -

3836 -

3837 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) -

3838 { -

3839

if ((s->session != NULL) && (s->session->cipher != NULL))

(s->session != ((void *)0) )	Description
TRUE	evaluated 2425 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 52 times by 1 test Evaluated by: libssl.so.1.1

(s->session->c... ((void *)0) )	Description
TRUE	evaluated 2184 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 241 times by 1 test Evaluated by: libssl.so.1.1

52-2425

3840

return s->session->cipher;

executed 2184 times by 1 test: return s->session->cipher;

Executed by:

libssl.so.1.1

2184

3841

return NULL;

executed 293 times by 1 test: return ((void *)0) ;

Executed by:

libssl.so.1.1

293

3842 } -

3843 -

3844 const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) -

3845 { -

3846

return s->s3->tmp.new_cipher;

never executed: return s->s3->tmp.new_cipher;

3847 } -

3848 -

3849 const COMP_METHOD *SSL_get_current_compression(SSL *s) -

3850 { -

3851 #ifndef OPENSSL_NO_COMP -

3852

return s->compress ? COMP_CTX_get_method(s->compress) : NULL;

executed 1401 times by 1 test: return s->compress ? COMP_CTX_get_method(s->compress) : ((void *)0) ;

Executed by:

libssl.so.1.1

s->compress	Description
TRUE	never evaluated
FALSE	evaluated 1401 times by 1 test Evaluated by: libssl.so.1.1

0-1401

3853 #else -

3854 return NULL; -

3855 #endif -

3856 } -

3857 -

3858 const COMP_METHOD *SSL_get_current_expansion(SSL *s) -

3859 { -

3860 #ifndef OPENSSL_NO_COMP -

3861

return s->expand ? COMP_CTX_get_method(s->expand) : NULL;

executed 191 times by 1 test: return s->expand ? COMP_CTX_get_method(s->expand) : ((void *)0) ;

Executed by:

libssl.so.1.1

s->expand	Description
TRUE	never evaluated
FALSE	evaluated 191 times by 1 test Evaluated by: libssl.so.1.1

0-191

3862 #else -

3863 return NULL; -

3864 #endif -

3865 } -

3866 -

3867 int ssl_init_wbio_buffer(SSL *s) -

3868 { -

3869 BIO *bbio; -

3870 -

3871

if (s->bbio != NULL) {

s->bbio != ((void *)0)	Description
TRUE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9243 times by 1 test Evaluated by: libssl.so.1.1

47-9243

3872 /* Already buffered. */ -

3873

return 1;

executed 47 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3874 } -

3875 -

3876 bbio = BIO_new(BIO_f_buffer()); -

3877

if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {

bbio == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9243 times by 1 test Evaluated by: libssl.so.1.1

!BIO_int_ctrl(bbio,117,1,0)	Description
TRUE	never evaluated
FALSE	evaluated 9243 times by 1 test Evaluated by: libssl.so.1.1

0-9243

3878 BIO_free(bbio); -

3879 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); -

3880

return 0;

never executed: return 0;

3881 } -

3882 s->bbio = bbio; -

3883 s->wbio = BIO_push(bbio, s->wbio); -

3884 -

3885

return 1;

executed 9243 times by 1 test: return 1;

Executed by:

libssl.so.1.1

9243

3886 } -

3887 -

3888 int ssl_free_wbio_buffer(SSL *s) -

3889 { -

3890 /* callers ensure s is never null */ -

3891

if (s->bbio == NULL)

s->bbio == ((void *)0)	Description
TRUE	evaluated 36322 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 9243 times by 1 test Evaluated by: libssl.so.1.1

9243-36322

3892

return 1;

executed 36322 times by 2 tests: return 1;

Executed by:

libssl.so.1.1
tls13encryptiontest

36322

3893 -

3894 s->wbio = BIO_pop(s->wbio); -

3895 BIO_free(s->bbio); -

3896 s->bbio = NULL; -

3897 -

3898

return 1;

executed 9243 times by 1 test: return 1;

Executed by:

libssl.so.1.1

9243

3899 } -

3900 -

3901 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) -

3902 { -

3903 ctx->quiet_shutdown = mode; -

3904

}

executed 182 times by 1 test: end of block

Executed by:

libssl.so.1.1

182

3905 -

3906 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) -

3907 { -

3908

return ctx->quiet_shutdown;

never executed: return ctx->quiet_shutdown;

3909 } -

3910 -

3911 void SSL_set_quiet_shutdown(SSL *s, int mode) -

3912 { -

3913 s->quiet_shutdown = mode; -

3914

}

never executed: end of block

3915 -

3916 int SSL_get_quiet_shutdown(const SSL *s) -

3917 { -

3918

return s->quiet_shutdown;

never executed: return s->quiet_shutdown;

3919 } -

3920 -

3921 void SSL_set_shutdown(SSL *s, int mode) -

3922 { -

3923 s->shutdown = mode; -

3924

}

executed 191 times by 1 test: end of block

Executed by:

libssl.so.1.1

191

3925 -

3926 int SSL_get_shutdown(const SSL *s) -

3927 { -

3928

return s->shutdown;

executed 3 times by 1 test: return s->shutdown;

Executed by:

libssl.so.1.1

3929 } -

3930 -

3931 int SSL_version(const SSL *s) -

3932 { -

3933

return s->version;

executed 45857 times by 1 test: return s->version;

Executed by:

libssl.so.1.1

45857

3934 } -

3935 -

3936 int SSL_client_version(const SSL *s) -

3937 { -

3938

return s->client_version;

never executed: return s->client_version;

3939 } -

3940 -

3941 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) -

3942 { -

3943

return ssl->ctx;

executed 286 times by 1 test: return ssl->ctx;

Executed by:

libssl.so.1.1

286

3944 } -

3945 -

3946 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) -

3947 { -

3948 CERT *new_cert; -

3949

if (ssl->ctx == ctx)

ssl->ctx == ctx	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-24

3950

return ssl->ctx;

never executed: return ssl->ctx;

3951

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-24

3952

ctx = ssl->session_ctx;

never executed: ctx = ssl->session_ctx;

3953 new_cert = ssl_cert_dup(ctx->cert); -

3954

if (new_cert == NULL) {

new_cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-24

3955

return NULL;

never executed: return ((void *)0) ;

3956 } -

3957 -

3958

if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {

!custom_exts_c...cert->custext)	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-24

3959 ssl_cert_free(new_cert); -

3960

return NULL;

never executed: return ((void *)0) ;

3961 } -

3962 -

3963 ssl_cert_free(ssl->cert); -

3964 ssl->cert = new_cert; -

3965 -

3966 /* -

3967 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), -

3968 * so setter APIs must prevent invalid lengths from entering the system. -

3969 */ -

3970

if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))

!((ssl->sid_ct...id_ctx)) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-24

3971

return NULL;

never executed: return ((void *)0) ;

3972 -

3973 /* -

3974 * If the session ID context matches that of the parent SSL_CTX, -

3975 * inherit it from the new SSL_CTX as well. If however the context does -

3976 * not match (i.e., it was set per-ssl with SSL_set_session_id_context), -

3977 * leave it unchanged. -

3978 */ -

3979

if ((ssl->ctx != NULL) &&

(ssl->ctx != ((void *)0) )	Description
TRUE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-24

3980

(ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&

(ssl->sid_ctx_...id_ctx_length)	Description
TRUE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-24

3981

(memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {

(memcmp(ssl->s..._length) == 0)	Description
TRUE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-24

3982 ssl->sid_ctx_length = ctx->sid_ctx_length; -

3983 memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); -

3984

}

executed 24 times by 1 test: end of block

Executed by:

libssl.so.1.1

3985 -

3986 SSL_CTX_up_ref(ctx); -

3987 SSL_CTX_free(ssl->ctx); /* decrement reference count */ -

3988 ssl->ctx = ctx; -

3989 -

3990

return ssl->ctx;

executed 24 times by 1 test: return ssl->ctx;

Executed by:

libssl.so.1.1

3991 } -

3992 -

3993 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) -

3994 { -

3995

return X509_STORE_set_default_paths(ctx->cert_store);

executed 12 times by 1 test: return X509_STORE_set_default_paths(ctx->cert_store);

Executed by:

libssl.so.1.1

3996 } -

3997 -

3998 int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) -

3999 { -

4000 X509_LOOKUP *lookup; -

4001 -

4002 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir()); -

4003

if (lookup == NULL)

lookup == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 373 times by 1 test Evaluated by: libssl.so.1.1

0-373

4004

return 0;

never executed: return 0;

4005 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); -

4006 -

4007 /* Clear any errors if the default directory does not exist */ -

4008 ERR_clear_error(); -

4009 -

4010

return 1;

executed 373 times by 1 test: return 1;

Executed by:

libssl.so.1.1

373

4011 } -

4012 -

4013 int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) -

4014 { -

4015 X509_LOOKUP *lookup; -

4016 -

4017 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file()); -

4018

if (lookup == NULL)

lookup == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 373 times by 1 test Evaluated by: libssl.so.1.1

0-373

4019

return 0;

never executed: return 0;

4020 -

4021 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); -

4022 -

4023 /* Clear any errors if the default file does not exist */ -

4024 ERR_clear_error(); -

4025 -

4026

return 1;

executed 373 times by 1 test: return 1;

Executed by:

libssl.so.1.1

373

4027 } -

4028 -

4029 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, -

4030 const char *CApath) -

4031 { -

4032

return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);

executed 128 times by 1 test: return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);

Executed by:

libssl.so.1.1

128

4033 } -

4034 -

4035 void SSL_set_info_callback(SSL *ssl, -

4036 void (*cb) (const SSL *ssl, int type, int val)) -

4037 { -

4038 ssl->info_callback = cb; -

4039

}

executed 2422 times by 1 test: end of block

Executed by:

libssl.so.1.1

2422

4040 -

4041 /* -

4042 * One compiler (Diab DCC) doesn't like argument names in returned function -

4043 * pointer. -

4044 */ -

4045 void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , -

4046 int /* type */ , -

4047 int /* val */ ) { -

4048

return ssl->info_callback;

never executed: return ssl->info_callback;

4049 } -

4050 -

4051 void SSL_set_verify_result(SSL *ssl, long arg) -

4052 { -

4053 ssl->verify_result = arg; -

4054

}

executed 147 times by 1 test: end of block

Executed by:

libssl.so.1.1

147

4055 -

4056 long SSL_get_verify_result(const SSL *ssl) -

4057 { -

4058

return ssl->verify_result;

executed 339 times by 1 test: return ssl->verify_result;

Executed by:

libssl.so.1.1

339

4059 } -

4060 -

4061 size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) -

4062 { -

4063

if (outlen == 0)

outlen == 0	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

4064

return sizeof(ssl->s3->client_random);

never executed: return sizeof(ssl->s3->client_random);

4065

if (outlen > sizeof(ssl->s3->client_random))

outlen > sizeo...client_random)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

4066

outlen = sizeof(ssl->s3->client_random);

never executed: outlen = sizeof(ssl->s3->client_random);

4067 memcpy(out, ssl->s3->client_random, outlen); -

4068

return outlen;

executed 26 times by 1 test: return outlen;

Executed by:

libssl.so.1.1

4069 } -

4070 -

4071 size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) -

4072 { -

4073

if (outlen == 0)

outlen == 0	Description
TRUE	never evaluated
FALSE	never evaluated

4074

return sizeof(ssl->s3->server_random);

never executed: return sizeof(ssl->s3->server_random);

4075

if (outlen > sizeof(ssl->s3->server_random))

outlen > sizeo...server_random)	Description
TRUE	never evaluated
FALSE	never evaluated

4076

outlen = sizeof(ssl->s3->server_random);

never executed: outlen = sizeof(ssl->s3->server_random);

4077 memcpy(out, ssl->s3->server_random, outlen); -

4078

return outlen;

never executed: return outlen;

4079 } -

4080 -

4081 size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, -

4082 unsigned char *out, size_t outlen) -

4083 { -

4084

if (outlen == 0)

outlen == 0	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

13-15

4085

return session->master_key_length;

executed 13 times by 1 test: return session->master_key_length;

Executed by:

libssl.so.1.1

4086

if (outlen > session->master_key_length)

outlen > sessi...ter_key_length	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2-13

4087

outlen = session->master_key_length;

executed 13 times by 1 test: outlen = session->master_key_length;

Executed by:

libssl.so.1.1

4088 memcpy(out, session->master_key, outlen); -

4089

return outlen;

executed 15 times by 1 test: return outlen;

Executed by:

libssl.so.1.1

4090 } -

4091 -

4092 int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, -

4093 size_t len) -

4094 { -

4095

if (len > sizeof(sess->master_key))

len > sizeof(sess->master_key)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

4096

return 0;

never executed: return 0;

4097 -

4098 memcpy(sess->master_key, in, len); -

4099 sess->master_key_length = len; -

4100

return 1;

executed 35 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4101 } -

4102 -

4103 -

4104 int SSL_set_ex_data(SSL *s, int idx, void *arg) -

4105 { -

4106

return CRYPTO_set_ex_data(&s->ex_data, idx, arg);

executed 2420 times by 1 test: return CRYPTO_set_ex_data(&s->ex_data, idx, arg);

Executed by:

libssl.so.1.1

2420

4107 } -

4108 -

4109 void *SSL_get_ex_data(const SSL *s, int idx) -

4110 { -

4111

return CRYPTO_get_ex_data(&s->ex_data, idx);

executed 4259 times by 1 test: return CRYPTO_get_ex_data(&s->ex_data, idx);

Executed by:

libssl.so.1.1

4259

4112 } -

4113 -

4114 int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) -

4115 { -

4116

return CRYPTO_set_ex_data(&s->ex_data, idx, arg);

never executed: return CRYPTO_set_ex_data(&s->ex_data, idx, arg);

4117 } -

4118 -

4119 void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) -

4120 { -

4121

return CRYPTO_get_ex_data(&s->ex_data, idx);

never executed: return CRYPTO_get_ex_data(&s->ex_data, idx);

4122 } -

4123 -

4124 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) -

4125 { -

4126

return ctx->cert_store;

executed 422 times by 1 test: return ctx->cert_store;

Executed by:

libssl.so.1.1

422

4127 } -

4128 -

4129 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) -

4130 { -

4131 X509_STORE_free(ctx->cert_store); -

4132 ctx->cert_store = store; -

4133

}

never executed: end of block

4134 -

4135 void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) -

4136 { -

4137

if (store != NULL)

store != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4138

X509_STORE_up_ref(store);

never executed: X509_STORE_up_ref(store);

4139 SSL_CTX_set_cert_store(ctx, store); -

4140

}

never executed: end of block

4141 -

4142 int SSL_want(const SSL *s) -

4143 { -

4144

return s->rwstate;

executed 33304 times by 1 test: return s->rwstate;

Executed by:

libssl.so.1.1

33304

4145 } -

4146 -

4147 /** -

4148 * \brief Set the callback for generating temporary DH keys. -

4149 * \param ctx the SSL context. -

4150 * \param dh the callback -

4151 */ -

4152 -

4153 #ifndef OPENSSL_NO_DH -

4154 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, -

4155 DH *(*dh) (SSL *ssl, int is_export, -

4156 int keylength)) -

4157 { -

4158 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); -

4159

}

never executed: end of block

4160 -

4161 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, -

4162 int keylength)) -

4163 { -

4164 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); -

4165

}

never executed: end of block

4166 #endif -

4167 -

4168 #ifndef OPENSSL_NO_PSK -

4169 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) -

4170 { -

4171

if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {

identity_hint != ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1

strlen(identity_hint) > 128	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-176

4172 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); -

4173

return 0;

never executed: return 0;

4174 } -

4175 OPENSSL_free(ctx->cert->psk_identity_hint); -

4176

if (identity_hint != NULL) {

identity_hint != ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1

4-176

4177 ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); -

4178

if (ctx->cert->psk_identity_hint == NULL)

ctx->cert->psk...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

4179

return 0;

never executed: return 0;

4180

} else

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

4181

ctx->cert->psk_identity_hint = NULL;

executed 176 times by 1 test: ctx->cert->psk_identity_hint = ((void *)0) ;

Executed by:

libssl.so.1.1

176

4182

return 1;

executed 180 times by 1 test: return 1;

Executed by:

libssl.so.1.1

180

4183 } -

4184 -

4185 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) -

4186 { -

4187

if (s == NULL)

s == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4188

return 0;

never executed: return 0;

4189 -

4190

if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {

identity_hint != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

strlen(identity_hint) > 128	Description
TRUE	never evaluated
FALSE	never evaluated

4191 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); -

4192

return 0;

never executed: return 0;

4193 } -

4194 OPENSSL_free(s->cert->psk_identity_hint); -

4195

if (identity_hint != NULL) {

identity_hint != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4196 s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); -

4197

if (s->cert->psk_identity_hint == NULL)

s->cert->psk_i...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4198

return 0;

never executed: return 0;

4199

} else

never executed: end of block

4200

s->cert->psk_identity_hint = NULL;

never executed: s->cert->psk_identity_hint = ((void *)0) ;

4201

return 1;

never executed: return 1;

4202 } -

4203 -

4204 const char *SSL_get_psk_identity_hint(const SSL *s) -

4205 { -

4206

if (s == NULL || s->session == NULL)

s == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

s->session == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4207

return NULL;

never executed: return ((void *)0) ;

4208

return s->session->psk_identity_hint;

never executed: return s->session->psk_identity_hint;

4209 } -

4210 -

4211 const char *SSL_get_psk_identity(const SSL *s) -

4212 { -

4213

if (s == NULL || s->session == NULL)

s == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

s->session == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4214

return NULL;

never executed: return ((void *)0) ;

4215

return s->session->psk_identity;

never executed: return s->session->psk_identity;

4216 } -

4217 -

4218 void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb) -

4219 { -

4220 s->psk_client_callback = cb; -

4221

}

never executed: end of block

4222 -

4223 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) -

4224 { -

4225 ctx->psk_client_callback = cb; -

4226

}

executed 6 times by 1 test: end of block

Executed by:

libssl.so.1.1

4227 -

4228 void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb) -

4229 { -

4230 s->psk_server_callback = cb; -

4231

}

never executed: end of block

4232 -

4233 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) -

4234 { -

4235 ctx->psk_server_callback = cb; -

4236

}

executed 8 times by 1 test: end of block

Executed by:

libssl.so.1.1

4237 #endif -

4238 -

4239 void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb) -

4240 { -

4241 s->psk_find_session_cb = cb; -

4242

}

never executed: end of block

4243 -

4244 void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, -

4245 SSL_psk_find_session_cb_func cb) -

4246 { -

4247 ctx->psk_find_session_cb = cb; -

4248

}

executed 20 times by 1 test: end of block

Executed by:

libssl.so.1.1

4249 -

4250 void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) -

4251 { -

4252 s->psk_use_session_cb = cb; -

4253

}

never executed: end of block

4254 -

4255 void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, -

4256 SSL_psk_use_session_cb_func cb) -

4257 { -

4258 ctx->psk_use_session_cb = cb; -

4259

}

executed 20 times by 1 test: end of block

Executed by:

libssl.so.1.1

4260 -

4261 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, -

4262 void (*cb) (int write_p, int version, -

4263 int content_type, const void *buf, -

4264 size_t len, SSL *ssl, void *arg)) -

4265 { -

4266 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); -

4267

}

never executed: end of block

4268 -

4269 void SSL_set_msg_callback(SSL *ssl, -

4270 void (*cb) (int write_p, int version, -

4271 int content_type, const void *buf, -

4272 size_t len, SSL *ssl, void *arg)) -

4273 { -

4274 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); -

4275

}

never executed: end of block

4276 -

4277 void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, -

4278 int (*cb) (SSL *ssl, -

4279 int -

4280 is_forward_secure)) -

4281 { -

4282 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, -

4283 (void (*)(void))cb); -

4284

}

never executed: end of block

4285 -

4286 void SSL_set_not_resumable_session_callback(SSL *ssl, -

4287 int (*cb) (SSL *ssl, -

4288 int is_forward_secure)) -

4289 { -

4290 SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, -

4291 (void (*)(void))cb); -

4292

}

never executed: end of block

4293 -

4294 void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, -

4295 size_t (*cb) (SSL *ssl, int type, -

4296 size_t len, void *arg)) -

4297 { -

4298 ctx->record_padding_cb = cb; -

4299

}

never executed: end of block

4300 -

4301 void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg) -

4302 { -

4303 ctx->record_padding_arg = arg; -

4304

}

never executed: end of block

4305 -

4306 void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx) -

4307 { -

4308

return ctx->record_padding_arg;

never executed: return ctx->record_padding_arg;

4309 } -

4310 -

4311 int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size) -

4312 { -

4313 /* block size of 0 or 1 is basically no padding */ -

4314

if (block_size == 1)

block_size == 1	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

4315

ctx->block_padding = 0;

never executed: ctx->block_padding = 0;

4316

else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)

block_size <= 16384	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

4317

ctx->block_padding = block_size;

executed 2 times by 1 test: ctx->block_padding = block_size;

Executed by:

libssl.so.1.1

4318 else -

4319

return 0;

never executed: return 0;

4320

return 1;

executed 2 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4321 } -

4322 -

4323 void SSL_set_record_padding_callback(SSL *ssl, -

4324 size_t (*cb) (SSL *ssl, int type, -

4325 size_t len, void *arg)) -

4326 { -

4327 ssl->record_padding_cb = cb; -

4328

}

never executed: end of block

4329 -

4330 void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) -

4331 { -

4332 ssl->record_padding_arg = arg; -

4333

}

never executed: end of block

4334 -

4335 void *SSL_get_record_padding_callback_arg(SSL *ssl) -

4336 { -

4337

return ssl->record_padding_arg;

never executed: return ssl->record_padding_arg;

4338 } -

4339 -

4340 int SSL_set_block_padding(SSL *ssl, size_t block_size) -

4341 { -

4342 /* block size of 0 or 1 is basically no padding */ -

4343

if (block_size == 1)

block_size == 1	Description
TRUE	never evaluated
FALSE	never evaluated

4344

ssl->block_padding = 0;

never executed: ssl->block_padding = 0;

4345

else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)

block_size <= 16384	Description
TRUE	never evaluated
FALSE	never evaluated

4346

ssl->block_padding = block_size;

never executed: ssl->block_padding = block_size;

4347 else -

4348

return 0;

never executed: return 0;

4349

return 1;

never executed: return 1;

4350 } -

4351 -

4352 int SSL_set_num_tickets(SSL *s, size_t num_tickets) -

4353 { -

4354 s->num_tickets = num_tickets; -

4355 -

4356

return 1;

never executed: return 1;

4357 } -

4358 -

4359 size_t SSL_get_num_tickets(SSL *s) -

4360 { -

4361

return s->num_tickets;

never executed: return s->num_tickets;

4362 } -

4363 -

4364 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) -

4365 { -

4366 ctx->num_tickets = num_tickets; -

4367 -

4368

return 1;

executed 18 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4369 } -

4370 -

4371 size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx) -

4372 { -

4373

return ctx->num_tickets;

never executed: return ctx->num_tickets;

4374 } -

4375 -

4376 /* -

4377 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer -

4378 * variable, freeing EVP_MD_CTX previously stored in that variable, if any. -

4379 * If EVP_MD pointer is passed, initializes ctx with this |md|. -

4380 * Returns the newly allocated ctx; -

4381 */ -

4382 -

4383 EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) -

4384 { -

4385 ssl_clear_hash_ctx(hash); -

4386 *hash = EVP_MD_CTX_new(); -

4387

if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {

hash == ((void )0)	Description
TRUE	never evaluated
FALSE	evaluated 4632 times by 1 test Evaluated by: libssl.so.1.1

md	Description
TRUE	never evaluated
FALSE	evaluated 4632 times by 1 test Evaluated by: libssl.so.1.1

EVP_DigestInit...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-4632

4388 EVP_MD_CTX_free(*hash); -

4389 *hash = NULL; -

4390

return NULL;

never executed: return ((void *)0) ;

4391 } -

4392

return *hash;

executed 4632 times by 1 test: return *hash;

Executed by:

libssl.so.1.1

4632

4393 } -

4394 -

4395 void ssl_clear_hash_ctx(EVP_MD_CTX **hash) -

4396 { -

4397 -

4398 EVP_MD_CTX_free(*hash); -

4399 *hash = NULL; -

4400

}

executed 69892 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

69892

4401 -

4402 /* Retrieve handshake hashes */ -

4403 int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, -

4404 size_t *hashlen) -

4405 { -

4406 EVP_MD_CTX *ctx = NULL; -

4407 EVP_MD_CTX *hdgst = s->s3->handshake_dgst; -

4408 int hashleni = EVP_MD_CTX_size(hdgst); -

4409 int ret = 0; -

4410 -

4411

if (hashleni < 0 || (size_t)hashleni > outlen) {

hashleni < 0	Description
TRUE	never evaluated
FALSE	evaluated 16947 times by 1 test Evaluated by: libssl.so.1.1

(size_t)hashleni > outlen	Description
TRUE	never evaluated
FALSE	evaluated 16947 times by 1 test Evaluated by: libssl.so.1.1

0-16947

4412 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, -

4413 ERR_R_INTERNAL_ERROR); -

4414

goto err;

never executed: goto err;

4415 } -

4416 -

4417 ctx = EVP_MD_CTX_new(); -

4418

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 16947 times by 1 test Evaluated by: libssl.so.1.1

0-16947

4419

goto err;

never executed: goto err;

4420 -

4421

if (!EVP_MD_CTX_copy_ex(ctx, hdgst)

!EVP_MD_CTX_co...ex(ctx, hdgst)	Description
TRUE	never evaluated
FALSE	evaluated 16947 times by 1 test Evaluated by: libssl.so.1.1

0-16947

4422

|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {

EVP_DigestFina...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 16947 times by 1 test Evaluated by: libssl.so.1.1

0-16947

4423 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, -

4424 ERR_R_INTERNAL_ERROR); -

4425

goto err;

never executed: goto err;

4426 } -

4427 -

4428 *hashlen = hashleni; -

4429 -

4430 ret = 1; -

4431

err:

code before this statement executed 16947 times by 1 test: err:

Executed by:

libssl.so.1.1

16947

4432 EVP_MD_CTX_free(ctx); -

4433

return ret;

executed 16947 times by 1 test: return ret;

Executed by:

libssl.so.1.1

16947

4434 } -

4435 -

4436 int SSL_session_reused(SSL *s) -

4437 { -

4438

return s->hit;

executed 3001 times by 1 test: return s->hit;

Executed by:

libssl.so.1.1

3001

4439 } -

4440 -

4441 int SSL_is_server(const SSL *s) -

4442 { -

4443

return s->server;

executed 1759 times by 1 test: return s->server;

Executed by:

libssl.so.1.1

1759

4444 } -

4445 -

4446 #if OPENSSL_API_COMPAT < 0x10100000L -

4447 void SSL_set_debug(SSL *s, int debug) -

4448 { -

4449 /* Old function was do-nothing anyway... */ -

4450 (void)s; -

4451 (void)debug; -

4452

}

never executed: end of block

4453 #endif -

4454 -

4455 void SSL_set_security_level(SSL *s, int level) -

4456 { -

4457 s->cert->sec_level = level; -

4458

}

never executed: end of block

4459 -

4460 int SSL_get_security_level(const SSL *s) -

4461 { -

4462

return s->cert->sec_level;

executed 675070 times by 1 test: return s->cert->sec_level;

Executed by:

libssl.so.1.1

675070

4463 } -

4464 -

4465 void SSL_set_security_callback(SSL *s, -

4466 int (*cb) (const SSL *s, const SSL_CTX *ctx, -

4467 int op, int bits, int nid, -

4468 void *other, void *ex)) -

4469 { -

4470 s->cert->sec_cb = cb; -

4471

}

never executed: end of block

4472 -

4473 int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, -

4474 const SSL_CTX *ctx, int op, -

4475 int bits, int nid, void *other, -

4476 void *ex) { -

4477

return s->cert->sec_cb;

never executed: return s->cert->sec_cb;

4478 } -

4479 -

4480 void SSL_set0_security_ex_data(SSL *s, void *ex) -

4481 { -

4482 s->cert->sec_ex = ex; -

4483

}

never executed: end of block

4484 -

4485 void *SSL_get0_security_ex_data(const SSL *s) -

4486 { -

4487

return s->cert->sec_ex;

never executed: return s->cert->sec_ex;

4488 } -

4489 -

4490 void SSL_CTX_set_security_level(SSL_CTX *ctx, int level) -

4491 { -

4492 ctx->cert->sec_level = level; -

4493

}

executed 358 times by 1 test: end of block

Executed by:

libssl.so.1.1

358

4494 -

4495 int SSL_CTX_get_security_level(const SSL_CTX *ctx) -

4496 { -

4497

return ctx->cert->sec_level;

executed 16365 times by 1 test: return ctx->cert->sec_level;

Executed by:

libssl.so.1.1

16365

4498 } -

4499 -

4500 void SSL_CTX_set_security_callback(SSL_CTX *ctx, -

4501 int (*cb) (const SSL *s, const SSL_CTX *ctx, -

4502 int op, int bits, int nid, -

4503 void *other, void *ex)) -

4504 { -

4505 ctx->cert->sec_cb = cb; -

4506

}

never executed: end of block

4507 -

4508 int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, -

4509 const SSL_CTX *ctx, -

4510 int op, int bits, -

4511 int nid, -

4512 void *other, -

4513 void *ex) { -

4514

return ctx->cert->sec_cb;

never executed: return ctx->cert->sec_cb;

4515 } -

4516 -

4517 void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex) -

4518 { -

4519 ctx->cert->sec_ex = ex; -

4520

}

never executed: end of block

4521 -

4522 void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) -

4523 { -

4524

return ctx->cert->sec_ex;

never executed: return ctx->cert->sec_ex;

4525 } -

4526 -

4527 /* -

4528 * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that -

4529 * can return unsigned long, instead of the generic long return value from the -

4530 * control interface. -

4531 */ -

4532 unsigned long SSL_CTX_get_options(const SSL_CTX *ctx) -

4533 { -

4534

return ctx->options;

executed 17 times by 1 test: return ctx->options;

Executed by:

libssl.so.1.1

4535 } -

4536 -

4537 unsigned long SSL_get_options(const SSL *s) -

4538 { -

4539

return s->options;

executed 8252 times by 1 test: return s->options;

Executed by:

libssl.so.1.1

8252

4540 } -

4541 -

4542 unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op) -

4543 { -

4544

return ctx->options |= op;

executed 28 times by 1 test: return ctx->options |= op;

Executed by:

libssl.so.1.1

4545 } -

4546 -

4547 unsigned long SSL_set_options(SSL *s, unsigned long op) -

4548 { -

4549

return s->options |= op;

executed 28 times by 1 test: return s->options |= op;

Executed by:

libssl.so.1.1

4550 } -

4551 -

4552 unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) -

4553 { -

4554

return ctx->options &= ~op;

executed 12 times by 1 test: return ctx->options &= ~op;

Executed by:

libssl.so.1.1

4555 } -

4556 -

4557 unsigned long SSL_clear_options(SSL *s, unsigned long op) -

4558 { -

4559

return s->options &= ~op;

executed 17 times by 1 test: return s->options &= ~op;

Executed by:

libssl.so.1.1

4560 } -

4561 -

4562 STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s) -

4563 { -

4564

return s->verified_chain;

never executed: return s->verified_chain;

4565 } -

4566 -

4567

IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);

executed 772058 times by 2 tests: return ssl_cipher_id_cmp(a,b);

Executed by:

libssl.so.1.1
tls13encryptiontest

executed 185106 times by 2 tests: return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER), ssl_cipher_id_cmp_BSEARCH_CMP_FN);

Executed by:

libssl.so.1.1
tls13encryptiontest

185106-772058

4568 -

4569 #ifndef OPENSSL_NO_CT -

4570 -

4571 /* -

4572 * Moves SCTs from the |src| stack to the |dst| stack. -

4573 * The source of each SCT will be set to |origin|. -

4574 * If |dst| points to a NULL pointer, a new stack will be created and owned by -

4575 * the caller. -

4576 * Returns the number of SCTs moved, or a negative integer if an error occurs. -

4577 */ -

4578 static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, -

4579 sct_source_t origin) -

4580 { -

4581 int scts_moved = 0; -

4582 SCT *sct = NULL; -

4583 -

4584

if (*dst == NULL) {

dst == ((void )0)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-9

4585 *dst = sk_SCT_new_null(); -

4586

if (*dst == NULL) {

dst == ((void )0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

4587 SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE); -

4588

goto err;

never executed: goto err;

4589 } -

4590

}

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

4591 -

4592

while ((sct = sk_SCT_pop(src)) != NULL) {

(sct = sk_SCT_...!= ((void *)0)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1

6-14

4593

if (SCT_set_source(sct, origin) != 1)

SCT_set_source..., origin) != 1	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

4594

goto err;

never executed: goto err;

4595 -

4596

if (sk_SCT_push(*dst, sct) <= 0)

sk_SCT_push(*dst, sct) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

4597

goto err;

never executed: goto err;

4598 scts_moved += 1; -

4599

}

executed 6 times by 1 test: end of block

Executed by:

libssl.so.1.1

4600 -

4601

return scts_moved;

executed 14 times by 1 test: return scts_moved;

Executed by:

libssl.so.1.1

4602 err: -

4603

if (sct != NULL)

sct != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4604

sk_SCT_push(src, sct); /* Put the SCT back */

never executed: sk_SCT_push(src, sct);

4605

return -1;

never executed: return -1;

4606 } -

4607 -

4608 /* -

4609 * Look for data collected during ServerHello and parse if found. -

4610 * Returns the number of SCTs extracted. -

4611 */ -

4612 static int ct_extract_tls_extension_scts(SSL *s) -

4613 { -

4614 int scts_extracted = 0; -

4615 -

4616

if (s->ext.scts != NULL) {

s->ext.scts != ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

2-7

4617 const unsigned char *p = s->ext.scts; -

4618 STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len); -

4619 -

4620 scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION); -

4621 -

4622 SCT_LIST_free(scts); -

4623

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

4624 -

4625

return scts_extracted;

executed 9 times by 1 test: return scts_extracted;

Executed by:

libssl.so.1.1

4626 } -

4627 -

4628 /* -

4629 * Checks for an OCSP response and then attempts to extract any SCTs found if it -

4630 * contains an SCT X509 extension. They will be stored in |s->scts|. -

4631 * Returns: -

4632 * - The number of SCTs extracted, assuming an OCSP response exists. -

4633 * - 0 if no OCSP response exists or it contains no SCTs. -

4634 * - A negative integer if an error occurs. -

4635 */ -

4636 static int ct_extract_ocsp_response_scts(SSL *s) -

4637 { -

4638 # ifndef OPENSSL_NO_OCSP -

4639 int scts_extracted = 0; -

4640 const unsigned char *p; -

4641 OCSP_BASICRESP *br = NULL; -

4642 OCSP_RESPONSE *rsp = NULL; -

4643 STACK_OF(SCT) *scts = NULL; -

4644 int i; -

4645 -

4646

if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)

s->ext.ocsp.re...== ((void *)0)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

s->ext.ocsp.resp_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-6

4647

goto err;

executed 6 times by 1 test: goto err;

Executed by:

libssl.so.1.1

4648 -

4649 p = s->ext.ocsp.resp; -

4650 rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len); -

4651

if (rsp == NULL)

rsp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

4652

goto err;

never executed: goto err;

4653 -

4654 br = OCSP_response_get1_basic(rsp); -

4655

if (br == NULL)

br == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

4656

goto err;

never executed: goto err;

4657 -

4658

for (i = 0; i < OCSP_resp_count(br); ++i) {

i < OCSP_resp_count(br)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

4659 OCSP_SINGLERESP *single = OCSP_resp_get0(br, i); -

4660 -

4661

if (single == NULL)

single == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

4662

continue;

never executed: continue;

4663 -

4664 scts = -

4665 OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); -

4666 scts_extracted = -

4667 ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); -

4668

if (scts_extracted < 0)

scts_extracted < 0	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

4669

goto err;

never executed: goto err;

4670

}

executed 3 times by 1 test: end of block

Executed by:

libssl.so.1.1

4671

err:

code before this statement executed 3 times by 1 test: err:

Executed by:

libssl.so.1.1

4672 SCT_LIST_free(scts); -

4673 OCSP_BASICRESP_free(br); -

4674 OCSP_RESPONSE_free(rsp); -

4675

return scts_extracted;

executed 9 times by 1 test: return scts_extracted;

Executed by:

libssl.so.1.1

4676 # else -

4677 /* Behave as if no OCSP response exists */ -

4678 return 0; -

4679 # endif -

4680 } -

4681 -

4682 /* -

4683 * Attempts to extract SCTs from the peer certificate. -

4684 * Return the number of SCTs extracted, or a negative integer if an error -

4685 * occurs. -

4686 */ -

4687 static int ct_extract_x509v3_extension_scts(SSL *s) -

4688 { -

4689 int scts_extracted = 0; -

4690

X509 *cert = s->session != NULL ? s->session->peer : NULL;

s->session != ((void *)0)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-9

4691 -

4692

if (cert != NULL) {

cert != ((void *)0)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-9

4693 STACK_OF(SCT) *scts = -

4694 X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); -

4695 -

4696 scts_extracted = -

4697 ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); -

4698 -

4699 SCT_LIST_free(scts); -

4700

}

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

4701 -

4702

return scts_extracted;

executed 9 times by 1 test: return scts_extracted;

Executed by:

libssl.so.1.1

4703 } -

4704 -

4705 /* -

4706 * Attempts to find all received SCTs by checking TLS extensions, the OCSP -

4707 * response (if it exists) and X509v3 extensions in the certificate. -

4708 * Returns NULL if an error occurs. -

4709 */ -

4710 const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s) -

4711 { -

4712

if (!s->scts_parsed) {

!s->scts_parsed	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-9

4713

if (ct_extract_tls_extension_scts(s) < 0 ||

ct_extract_tls...on_scts(s) < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

4714

ct_extract_ocsp_response_scts(s) < 0 ||

ct_extract_ocs...se_scts(s) < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

4715

ct_extract_x509v3_extension_scts(s) < 0)

ct_extract_x50...on_scts(s) < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

4716

goto err;

never executed: goto err;

4717 -

4718 s->scts_parsed = 1; -

4719

}

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

4720

return s->scts;

executed 9 times by 1 test: return s->scts;

Executed by:

libssl.so.1.1

4721 err: -

4722

return NULL;

never executed: return ((void *)0) ;

4723 } -

4724 -

4725 static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx, -

4726 const STACK_OF(SCT) *scts, void *unused_arg) -

4727 { -

4728

return 1;

executed 3 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4729 } -

4730 -

4731 static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, -

4732 const STACK_OF(SCT) *scts, void *unused_arg) -

4733 { -

4734

int count = scts != NULL ? sk_SCT_num(scts) : 0;

scts != ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3

4735 int i; -

4736 -

4737

for (i = 0; i < count; ++i) {

i < count	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-2

4738 SCT *sct = sk_SCT_value(scts, i); -

4739 int status = SCT_get_validation_status(sct); -

4740 -

4741

if (status == SCT_VALIDATION_STATUS_VALID)

status == SCT_...N_STATUS_VALID	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

4742

return 1;

executed 2 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4743

}

never executed: end of block

4744 SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS); -

4745

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

4746 } -

4747 -

4748 int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, -

4749 void *arg) -

4750 { -

4751 /* -

4752 * Since code exists that uses the custom extension handler for CT, look -

4753 * for this and throw an error if they have already registered to use CT. -

4754 */ -

4755

if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,

callback != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8243 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

SSL_CTX_has_cl...xt(s->ctx, 18)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-8243

4756

TLSEXT_TYPE_signed_certificate_timestamp))

SSL_CTX_has_cl...xt(s->ctx, 18)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

4757 { -

4758 SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, -

4759 SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); -

4760

return 0;

never executed: return 0;

4761 } -

4762 -

4763

if (callback != NULL) {

callback != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8243 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

11-8243

4764 /* -

4765 * If we are validating CT, then we MUST accept SCTs served via OCSP -

4766 */ -

4767

if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))

!SSL_ctrl(s,65... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

4768

return 0;

never executed: return 0;

4769

}

executed 11 times by 1 test: end of block

Executed by:

libssl.so.1.1

4770 -

4771 s->ct_validation_callback = callback; -

4772 s->ct_validation_callback_arg = arg; -

4773 -

4774

return 1;

executed 8254 times by 2 tests: return 1;

Executed by:

libssl.so.1.1
tls13encryptiontest

8254

4775 } -

4776 -

4777 int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, -

4778 ssl_ct_validation_cb callback, void *arg) -

4779 { -

4780 /* -

4781 * Since code exists that uses the custom extension handler for CT, look for -

4782 * this and throw an error if they have already registered to use CT. -

4783 */ -

4784

if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,

callback != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

SSL_CTX_has_cl...m_ext(ctx, 18)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

4785

TLSEXT_TYPE_signed_certificate_timestamp))

SSL_CTX_has_cl...m_ext(ctx, 18)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

4786 { -

4787 SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, -

4788 SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); -

4789

return 0;

never executed: return 0;

4790 } -

4791 -

4792 ctx->ct_validation_callback = callback; -

4793 ctx->ct_validation_callback_arg = arg; -

4794

return 1;

executed 11 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4795 } -

4796 -

4797 int SSL_ct_is_enabled(const SSL *s) -

4798 { -

4799

return s->ct_validation_callback != NULL;

executed 120 times by 1 test: return s->ct_validation_callback != ((void *)0) ;

Executed by:

libssl.so.1.1

120

4800 } -

4801 -

4802 int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) -

4803 { -

4804

return ctx->ct_validation_callback != NULL;

executed 15 times by 1 test: return ctx->ct_validation_callback != ((void *)0) ;

Executed by:

libssl.so.1.1

4805 } -

4806 -

4807 int ssl_validate_ct(SSL *s) -

4808 { -

4809 int ret = 0; -

4810

X509 *cert = s->session != NULL ? s->session->peer : NULL;

s->session != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-11

4811 X509 *issuer; -

4812 SSL_DANE *dane = &s->dane; -

4813 CT_POLICY_EVAL_CTX *ctx = NULL; -

4814 const STACK_OF(SCT) *scts; -

4815 -

4816 /* -

4817 * If no callback is set, the peer is anonymous, or its chain is invalid, -

4818 * skip SCT validation - just return success. Applications that continue -

4819 * handshakes without certificates, with unverified chains, or pinned leaf -

4820 * certificates are outside the scope of the WebPKI and CT. -

4821 * -

4822 * The above exclusions notwithstanding the vast majority of peers will -

4823 * have rather ordinary certificate chains validated by typical -

4824 * applications that perform certificate verification and therefore will -

4825 * process SCTs when enabled. -

4826 */ -

4827

if (s->ct_validation_callback == NULL || cert == NULL ||

s->ct_validati...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

4828

s->verify_result != X509_V_OK ||

s->verify_result != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

3-8

4829

s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)

s->verified_ch...== ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

sk_X509_num(s-...ed_chain) <= 1	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

4830

return 1;

executed 5 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4831 -

4832 /* -

4833 * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3) -

4834 * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2 -

4835 */ -

4836

if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {

(dane) != ((void *)0)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

sk_danetls_rec...e)->trecs) > 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

dane->mtlsa != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-6

4837 switch (dane->mtlsa->usage) { -

4838

case DANETLS_USAGE_DANE_TA:

never executed: case 2:

4839

case DANETLS_USAGE_DANE_EE:

never executed: case 3:

4840

return 1;

never executed: return 1;

4841 } -

4842

}

never executed: end of block

4843 -

4844 ctx = CT_POLICY_EVAL_CTX_new(); -

4845

if (ctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

4846 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT, -

4847 ERR_R_MALLOC_FAILURE); -

4848

goto end;

never executed: goto end;

4849 } -

4850 -

4851 issuer = sk_X509_value(s->verified_chain, 1); -

4852 CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); -

4853 CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); -

4854 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); -

4855 CT_POLICY_EVAL_CTX_set_time( -

4856 ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); -

4857 -

4858 scts = SSL_get0_peer_scts(s); -

4859 -

4860 /* -

4861 * This function returns success (> 0) only when all the SCTs are valid, 0 -

4862 * when some are invalid, and < 0 on various internal errors (out of -

4863 * memory, etc.). Having some, or even all, invalid SCTs is not sufficient -

4864 * reason to abort the handshake, that decision is up to the callback. -

4865 * Therefore, we error out only in the unexpected case that the return -

4866 * value is negative. -

4867 * -

4868 * XXX: One might well argue that the return value of this function is an -

4869 * unfortunate design choice. Its job is only to determine the validation -

4870 * status of each of the provided SCTs. So long as it correctly separates -

4871 * the wheat from the chaff it should return success. Failure in this case -

4872 * ought to correspond to an inability to carry out its duties. -

4873 */ -

4874

if (SCT_LIST_validate(scts, ctx) < 0) {

SCT_LIST_valid...scts, ctx) < 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

4875 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT, -

4876 SSL_R_SCT_VERIFICATION_FAILED); -

4877

goto end;

never executed: goto end;

4878 } -

4879 -

4880 ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); -

4881

if (ret < 0)

ret < 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

4882

ret = 0; /* This function returns 0 on failure */

never executed: ret = 0;

4883

if (!ret)

!ret	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

1-5

4884

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,

executed 1 time by 1 test: ossl_statem_fatal((s), (40), (400), (234), __FILE__ , 4885 ) ;

Executed by:

libssl.so.1.1

4885

SSL_R_CALLBACK_FAILED);

executed 1 time by 1 test: ossl_statem_fatal((s), (40), (400), (234), __FILE__ , 4885 ) ;

Executed by:

libssl.so.1.1

4886 -

4887

end:

code before this statement executed 6 times by 1 test: end:

Executed by:

libssl.so.1.1

4888 CT_POLICY_EVAL_CTX_free(ctx); -

4889 /* -

4890 * With SSL_VERIFY_NONE the session may be cached and re-used despite a -

4891 * failure return code here. Also the application may wish the complete -

4892 * the handshake, and then disconnect cleanly at a higher layer, after -

4893 * checking the verification status of the completed connection. -

4894 * -

4895 * We therefore force a certificate verification failure which will be -

4896 * visible via SSL_get_verify_result() and cached as part of any resumed -

4897 * session. -

4898 * -

4899 * Note: the permissive callback is for information gathering only, always -

4900 * returns success, and does not affect verification status. Only the -

4901 * strict callback or a custom application-specified callback can trigger -

4902 * connection failure or record a verification error. -

4903 */ -

4904

if (ret <= 0)

ret <= 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

1-5

4905

s->verify_result = X509_V_ERR_NO_VALID_SCTS;

executed 1 time by 1 test: s->verify_result = 71;

Executed by:

libssl.so.1.1

4906

return ret;

executed 6 times by 1 test: return ret;

Executed by:

libssl.so.1.1

4907 } -

4908 -

4909 int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode) -

4910 { -

4911 switch (validation_mode) { -

4912

default:

never executed: default:

4913 SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); -

4914

return 0;

never executed: return 0;

4915

case SSL_CT_VALIDATION_PERMISSIVE:

executed 7 times by 1 test: case SSL_CT_VALIDATION_PERMISSIVE:

Executed by:

libssl.so.1.1

4916

return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);

executed 7 times by 1 test: return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, ((void *)0) );

Executed by:

libssl.so.1.1

4917

case SSL_CT_VALIDATION_STRICT:

executed 4 times by 1 test: case SSL_CT_VALIDATION_STRICT:

Executed by:

libssl.so.1.1

4918

return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);

executed 4 times by 1 test: return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, ((void *)0) );

Executed by:

libssl.so.1.1

4919 } -

4920 } -

4921 -

4922 int SSL_enable_ct(SSL *s, int validation_mode) -

4923 { -

4924 switch (validation_mode) { -

4925

default:

never executed: default:

4926 SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); -

4927

return 0;

never executed: return 0;

4928

case SSL_CT_VALIDATION_PERMISSIVE:

never executed: case SSL_CT_VALIDATION_PERMISSIVE:

4929

return SSL_set_ct_validation_callback(s, ct_permissive, NULL);

never executed: return SSL_set_ct_validation_callback(s, ct_permissive, ((void *)0) );

4930

case SSL_CT_VALIDATION_STRICT:

never executed: case SSL_CT_VALIDATION_STRICT:

4931

return SSL_set_ct_validation_callback(s, ct_strict, NULL);

never executed: return SSL_set_ct_validation_callback(s, ct_strict, ((void *)0) );

4932 } -

4933 } -

4934 -

4935 int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) -

4936 { -

4937

return CTLOG_STORE_load_default_file(ctx->ctlog_store);

executed 1758 times by 1 test: return CTLOG_STORE_load_default_file(ctx->ctlog_store);

Executed by:

libssl.so.1.1

1758

4938 } -

4939 -

4940 int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) -

4941 { -

4942

return CTLOG_STORE_load_file(ctx->ctlog_store, path);

never executed: return CTLOG_STORE_load_file(ctx->ctlog_store, path);

4943 } -

4944 -

4945 void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs) -

4946 { -

4947 CTLOG_STORE_free(ctx->ctlog_store); -

4948 ctx->ctlog_store = logs; -

4949

}

never executed: end of block

4950 -

4951 const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) -

4952 { -

4953

return ctx->ctlog_store;

executed 1 time by 1 test: return ctx->ctlog_store;

Executed by:

libssl.so.1.1

4954 } -

4955 -

4956 #endif /* OPENSSL_NO_CT */ -

4957 -

4958 void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, -

4959 void *arg) -

4960 { -

4961 c->client_hello_cb = cb; -

4962 c->client_hello_cb_arg = arg; -

4963

}

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

4964 -

4965 int SSL_client_hello_isv2(SSL *s) -

4966 { -

4967

if (s->clienthello == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

4968

return 0;

never executed: return 0;

4969

return s->clienthello->isv2;

never executed: return s->clienthello->isv2;

4970 } -

4971 -

4972 unsigned int SSL_client_hello_get0_legacy_version(SSL *s) -

4973 { -

4974

if (s->clienthello == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

4975

return 0;

never executed: return 0;

4976

return s->clienthello->legacy_version;

executed 1 time by 1 test: return s->clienthello->legacy_version;

Executed by:

libssl.so.1.1

4977 } -

4978 -

4979 size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out) -

4980 { -

4981

if (s->clienthello == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

4982

return 0;

never executed: return 0;

4983

if (out != NULL)

out != ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

4984

*out = s->clienthello->random;

executed 1 time by 1 test: *out = s->clienthello->random;

Executed by:

libssl.so.1.1

4985

return SSL3_RANDOM_SIZE;

executed 1 time by 1 test: return 32;

Executed by:

libssl.so.1.1

4986 } -

4987 -

4988 size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out) -

4989 { -

4990

if (s->clienthello == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

4991

return 0;

never executed: return 0;

4992

if (out != NULL)

out != ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

4993

*out = s->clienthello->session_id;

executed 1 time by 1 test: *out = s->clienthello->session_id;

Executed by:

libssl.so.1.1

4994

return s->clienthello->session_id_len;

executed 1 time by 1 test: return s->clienthello->session_id_len;

Executed by:

libssl.so.1.1

4995 } -

4996 -

4997 size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out) -

4998 { -

4999

if (s->clienthello == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

5000

return 0;

never executed: return 0;

5001

if (out != NULL)

out != ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

5002

*out = PACKET_data(&s->clienthello->ciphersuites);

executed 2 times by 1 test: *out = PACKET_data(&s->clienthello->ciphersuites);

Executed by:

libssl.so.1.1

5003

return PACKET_remaining(&s->clienthello->ciphersuites);

executed 2 times by 1 test: return PACKET_remaining(&s->clienthello->ciphersuites);

Executed by:

libssl.so.1.1

5004 } -

5005 -

5006 size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out) -

5007 { -

5008

if (s->clienthello == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

5009

return 0;

never executed: return 0;

5010

if (out != NULL)

out != ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2

5011

*out = s->clienthello->compressions;

executed 2 times by 1 test: *out = s->clienthello->compressions;

Executed by:

libssl.so.1.1

5012

return s->clienthello->compressions_len;

executed 2 times by 1 test: return s->clienthello->compressions_len;

Executed by:

libssl.so.1.1

5013 } -

5014 -

5015 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) -

5016 { -

5017 RAW_EXTENSION *ext; -

5018 int *present; -

5019 size_t num = 0, i; -

5020 -

5021

if (s->clienthello == NULL || out == NULL || outlen == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

out == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

outlen == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

5022

return 0;

never executed: return 0;

5023

for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {

i < s->clienth..._proc_exts_len	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-26

5024 ext = s->clienthello->pre_proc_exts + i; -

5025

if (ext->present)

ext->present	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

6-20

5026

num++;

executed 6 times by 1 test: num++;

Executed by:

libssl.so.1.1

5027

}

executed 26 times by 1 test: end of block

Executed by:

libssl.so.1.1

5028

if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {

(present = CRY...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

5029 SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, -

5030 ERR_R_MALLOC_FAILURE); -

5031

return 0;

never executed: return 0;

5032 } -

5033

for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {

i < s->clienth..._proc_exts_len	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-26

5034 ext = s->clienthello->pre_proc_exts + i; -

5035

if (ext->present) {

ext->present	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

6-20

5036

if (ext->received_order >= num)

ext->received_order >= num	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

5037

goto err;

never executed: goto err;

5038 present[ext->received_order] = ext->type; -

5039

}

executed 6 times by 1 test: end of block

Executed by:

libssl.so.1.1

5040

}

executed 26 times by 1 test: end of block

Executed by:

libssl.so.1.1

5041 *out = present; -

5042 *outlen = num; -

5043

return 1;

executed 1 time by 1 test: return 1;

Executed by:

libssl.so.1.1

5044 err: -

5045 OPENSSL_free(present); -

5046

return 0;

never executed: return 0;

5047 } -

5048 -

5049 int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, -

5050 size_t *outlen) -

5051 { -

5052 size_t i; -

5053 RAW_EXTENSION *r; -

5054 -

5055

if (s->clienthello == NULL)

s->clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

5056

return 0;

never executed: return 0;

5057

for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {

i < s->clienth..._proc_exts_len	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-6

5058 r = s->clienthello->pre_proc_exts + i; -

5059

if (r->present && r->type == type) {

r->present	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

r->type == type	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3

5060

if (out != NULL)

out != ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3

5061

*out = PACKET_data(&r->data);

executed 3 times by 1 test: *out = PACKET_data(&r->data);

Executed by:

libssl.so.1.1

5062

if (outlen != NULL)

outlen != ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3

5063

*outlen = PACKET_remaining(&r->data);

executed 3 times by 1 test: *outlen = PACKET_remaining(&r->data);

Executed by:

libssl.so.1.1

5064

return 1;

executed 3 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5065 } -

5066

}

executed 3 times by 1 test: end of block

Executed by:

libssl.so.1.1

5067

return 0;

never executed: return 0;

5068 } -

5069 -

5070 int SSL_free_buffers(SSL *ssl) -

5071 { -

5072 RECORD_LAYER *rl = &ssl->rlayer; -

5073 -

5074

if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))

RECORD_LAYER_read_pending(rl)	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

RECORD_LAYER_write_pending(rl)	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

0-42

5075

return 0;

never executed: return 0;

5076 -

5077 RECORD_LAYER_release(rl); -

5078

return 1;

executed 42 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5079 } -

5080 -

5081 int SSL_alloc_buffers(SSL *ssl) -

5082 { -

5083

return ssl3_setup_buffers(ssl);

executed 30 times by 1 test: return ssl3_setup_buffers(ssl);

Executed by:

libssl.so.1.1

5084 } -

5085 -

5086 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) -

5087 { -

5088 ctx->keylog_callback = cb; -

5089

}

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

5090 -

5091 SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) -

5092 { -

5093

return ctx->keylog_callback;

executed 8 times by 1 test: return ctx->keylog_callback;

Executed by:

libssl.so.1.1

5094 } -

5095 -

5096 static int nss_keylog_int(const char *prefix, -

5097 SSL *ssl, -

5098 const uint8_t *parameter_1, -

5099 size_t parameter_1_len, -

5100 const uint8_t *parameter_2, -

5101 size_t parameter_2_len) -

5102 { -

5103 char *out = NULL; -

5104 char *cursor = NULL; -

5105 size_t out_len = 0; -

5106 size_t i; -

5107 size_t prefix_len; -

5108 -

5109

if (ssl->ctx->keylog_callback == NULL) return 1;

executed 9950 times by 1 test: return 1;

Executed by:

libssl.so.1.1

ssl->ctx->keyl...== ((void *)0)	Description
TRUE	evaluated 9950 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

27-9950

5110 -

5111 /* -

5112 * Our output buffer will contain the following strings, rendered with -

5113 * space characters in between, terminated by a NULL character: first the -

5114 * prefix, then the first parameter, then the second parameter. The -

5115 * meaning of each parameter depends on the specific key material being -

5116 * logged. Note that the first and second parameters are encoded in -

5117 * hexadecimal, so we need a buffer that is twice their lengths. -

5118 */ -

5119 prefix_len = strlen(prefix); -

5120 out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3; -

5121

if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {

(out = cursor ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

5122 SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT, -

5123 ERR_R_MALLOC_FAILURE); -

5124

return 0;

never executed: return 0;

5125 } -

5126 -

5127 strcpy(cursor, prefix); -

5128 cursor += prefix_len; -

5129 *cursor++ = ' '; -

5130 -

5131

for (i = 0; i < parameter_1_len; i++) {

i < parameter_1_len	Description
TRUE	evaluated 840 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

27-840

5132 sprintf(cursor, "%02x", parameter_1[i]); -

5133 cursor += 2; -

5134

}

executed 840 times by 1 test: end of block

Executed by:

libssl.so.1.1

840

5135 *cursor++ = ' '; -

5136 -

5137

for (i = 0; i < parameter_2_len; i++) {

i < parameter_2_len	Description
TRUE	evaluated 1296 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

27-1296

5138 sprintf(cursor, "%02x", parameter_2[i]); -

5139 cursor += 2; -

5140

}

executed 1296 times by 1 test: end of block

Executed by:

libssl.so.1.1

1296

5141 *cursor = '\0'; -

5142 -

5143 ssl->ctx->keylog_callback(ssl, (const char *)out); -

5144 OPENSSL_free(out); -

5145

return 1;

executed 27 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5146 -

5147 } -

5148 -

5149 int ssl_log_rsa_client_key_exchange(SSL *ssl, -

5150 const uint8_t *encrypted_premaster, -

5151 size_t encrypted_premaster_len, -

5152 const uint8_t *premaster, -

5153 size_t premaster_len) -

5154 { -

5155

if (encrypted_premaster_len < 8) {

encrypted_premaster_len < 8	Description
TRUE	never evaluated
FALSE	evaluated 424 times by 1 test Evaluated by: libssl.so.1.1

0-424

5156 SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, -

5157 SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -

5158

return 0;

never executed: return 0;

5159 } -

5160 -

5161 /* We only want the first 8 bytes of the encrypted premaster as a tag. */ -

5162

return nss_keylog_int("RSA",

executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);

Executed by:

libssl.so.1.1

424

5163

ssl,

executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);

Executed by:

libssl.so.1.1

424

5164

encrypted_premaster,

executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);

Executed by:

libssl.so.1.1

424

5165

executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);

Executed by:

libssl.so.1.1

424

5166

premaster,

executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);

Executed by:

libssl.so.1.1

424

5167

premaster_len);

executed 424 times by 1 test: return nss_keylog_int("RSA", ssl, encrypted_premaster, 8, premaster, premaster_len);

Executed by:

libssl.so.1.1

424

5168 } -

5169 -

5170 int ssl_log_secret(SSL *ssl, -

5171 const char *label, -

5172 const uint8_t *secret, -

5173 size_t secret_len) -

5174 { -

5175

return nss_keylog_int(label,

executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);

Executed by:

libssl.so.1.1

9553

5176

ssl,

executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);

Executed by:

libssl.so.1.1

9553

5177

ssl->s3->client_random,

executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);

Executed by:

libssl.so.1.1

9553

5178

SSL3_RANDOM_SIZE,

executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);

Executed by:

libssl.so.1.1

9553

5179

secret,

executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);

Executed by:

libssl.so.1.1

9553

5180

secret_len);

executed 9553 times by 1 test: return nss_keylog_int(label, ssl, ssl->s3->client_random, 32, secret, secret_len);

Executed by:

libssl.so.1.1

9553

5181 } -

5182 -

5183 #define SSLV2_CIPHER_LEN 3 -

5184 -

5185 int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) -

5186 { -

5187 int n; -

5188 -

5189

n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;

sslv2format	Description
TRUE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3077 times by 1 test Evaluated by: libssl.so.1.1

53-3077

5190 -

5191

if (PACKET_remaining(cipher_suites) == 0) {

PACKET_remaini...r_suites) == 0	Description
TRUE	never evaluated
FALSE	evaluated 3130 times by 1 test Evaluated by: libssl.so.1.1

0-3130

5192 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST, -

5193 SSL_R_NO_CIPHERS_SPECIFIED); -

5194

return 0;

never executed: return 0;

5195 } -

5196 -

5197

if (PACKET_remaining(cipher_suites) % n != 0) {

PACKET_remaini...ites) % n != 0	Description
TRUE	never evaluated
FALSE	evaluated 3130 times by 1 test Evaluated by: libssl.so.1.1

0-3130

5198 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, -

5199 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); -

5200

return 0;

never executed: return 0;

5201 } -

5202 -

5203 OPENSSL_free(s->s3->tmp.ciphers_raw); -

5204 s->s3->tmp.ciphers_raw = NULL; -

5205 s->s3->tmp.ciphers_rawlen = 0; -

5206 -

5207

if (sslv2format) {

sslv2format	Description
TRUE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3077 times by 1 test Evaluated by: libssl.so.1.1

53-3077

5208 size_t numciphers = PACKET_remaining(cipher_suites) / n; -

5209 PACKET sslv2ciphers = *cipher_suites; -

5210 unsigned int leadbyte; -

5211 unsigned char *raw; -

5212 -

5213 /* -

5214 * We store the raw ciphers list in SSLv3+ format so we need to do some -

5215 * preprocessing to convert the list first. If there are any SSLv2 only -

5216 * ciphersuites with a non-zero leading byte then we are going to -

5217 * slightly over allocate because we won't store those. But that isn't a -

5218 * problem. -

5219 */ -

5220 raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); -

5221 s->s3->tmp.ciphers_raw = raw; -

5222

if (raw == NULL) {

raw == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1

0-53

5223 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, -

5224 ERR_R_MALLOC_FAILURE); -

5225

return 0;

never executed: return 0;

5226 } -

5227 for (s->s3->tmp.ciphers_rawlen = 0; -

5228

PACKET_remaining(&sslv2ciphers) > 0;

PACKET_remaini...v2ciphers) > 0	Description
TRUE	evaluated 1173 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1

53-1173

5229 raw += TLS_CIPHER_LEN) { -

5230

if (!PACKET_get_1(&sslv2ciphers, &leadbyte)

!PACKET_get_1(...rs, &leadbyte)	Description
TRUE	never evaluated
FALSE	evaluated 1173 times by 1 test Evaluated by: libssl.so.1.1

0-1173

5231

|| (leadbyte == 0

leadbyte == 0	Description
TRUE	evaluated 748 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 425 times by 1 test Evaluated by: libssl.so.1.1

425-748

5232

&& !PACKET_copy_bytes(&sslv2ciphers, raw,

!PACKET_copy_b...phers, raw, 2)	Description
TRUE	never evaluated
FALSE	evaluated 748 times by 1 test Evaluated by: libssl.so.1.1

0-748

5233

TLS_CIPHER_LEN))

!PACKET_copy_b...phers, raw, 2)	Description
TRUE	never evaluated
FALSE	evaluated 748 times by 1 test Evaluated by: libssl.so.1.1

0-748

5234

|| (leadbyte != 0

leadbyte != 0	Description
TRUE	evaluated 425 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 748 times by 1 test Evaluated by: libssl.so.1.1

425-748

5235

&& !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {

!PACKET_forwar...lv2ciphers, 2)	Description
TRUE	never evaluated
FALSE	evaluated 425 times by 1 test Evaluated by: libssl.so.1.1

0-425

5236 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, -

5237 SSL_R_BAD_PACKET); -

5238 OPENSSL_free(s->s3->tmp.ciphers_raw); -

5239 s->s3->tmp.ciphers_raw = NULL; -

5240 s->s3->tmp.ciphers_rawlen = 0; -

5241

return 0;

never executed: return 0;

5242 } -

5243

if (leadbyte == 0)

leadbyte == 0	Description
TRUE	evaluated 748 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 425 times by 1 test Evaluated by: libssl.so.1.1

425-748

5244

s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;

executed 748 times by 1 test: s->s3->tmp.ciphers_rawlen += 2;

Executed by:

libssl.so.1.1

748

5245

}

executed 1173 times by 1 test: end of block

Executed by:

libssl.so.1.1

1173

5246

} else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,

executed 53 times by 1 test: end of block

Executed by:

libssl.so.1.1

!PACKET_memdup...iphers_rawlen)	Description
TRUE	never evaluated
FALSE	evaluated 3077 times by 1 test Evaluated by: libssl.so.1.1

0-3077

5247

&s->s3->tmp.ciphers_rawlen)) {

!PACKET_memdup...iphers_rawlen)	Description
TRUE	never evaluated
FALSE	evaluated 3077 times by 1 test Evaluated by: libssl.so.1.1

0-3077

5248 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, -

5249 ERR_R_INTERNAL_ERROR); -

5250

return 0;

never executed: return 0;

5251 } -

5252

return 1;

executed 3130 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3130

5253 } -

5254 -

5255 int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, -

5256 int isv2format, STACK_OF(SSL_CIPHER) **sk, -

5257 STACK_OF(SSL_CIPHER) **scsvs) -

5258 { -

5259 PACKET pkt; -

5260 -

5261

if (!PACKET_buf_init(&pkt, bytes, len))

!PACKET_buf_in...t, bytes, len)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

5262

return 0;

never executed: return 0;

5263

return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);

executed 4 times by 1 test: return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);

Executed by:

libssl.so.1.1

5264 } -

5265 -

5266 int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, -

5267 STACK_OF(SSL_CIPHER) **skp, -

5268 STACK_OF(SSL_CIPHER) **scsvs_out, -

5269 int sslv2format, int fatal) -

5270 { -

5271 const SSL_CIPHER *c; -

5272 STACK_OF(SSL_CIPHER) *sk = NULL; -

5273 STACK_OF(SSL_CIPHER) *scsvs = NULL; -

5274 int n; -

5275 /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */ -

5276 unsigned char cipher[SSLV2_CIPHER_LEN]; -

5277 -

5278

n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;

sslv2format	Description
TRUE	evaluated 54 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3080 times by 1 test Evaluated by: libssl.so.1.1

54-3080

5279 -

5280

if (PACKET_remaining(cipher_suites) == 0) {

PACKET_remaini...r_suites) == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1

1-3133

5281

if (fatal)

fatal	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

5282

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,

never executed: ossl_statem_fatal((s), (47), (519), (183), __FILE__ , 5283 ) ;

5283

SSL_R_NO_CIPHERS_SPECIFIED);

never executed: ossl_statem_fatal((s), (47), (519), (183), __FILE__ , 5283 ) ;

5284 else -

5285

SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);

executed 1 time by 1 test: ERR_put_error(20,(519),(183),__FILE__,5285);

Executed by:

libssl.so.1.1

5286

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

5287 } -

5288 -

5289

if (PACKET_remaining(cipher_suites) % n != 0) {

PACKET_remaini...ites) % n != 0	Description
TRUE	never evaluated
FALSE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1

0-3133

5290

if (fatal)

fatal	Description
TRUE	never evaluated
FALSE	never evaluated

5291

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,

never executed: ossl_statem_fatal((s), (50), (519), (151), __FILE__ , 5292 ) ;

5292

SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);

never executed: ossl_statem_fatal((s), (50), (519), (151), __FILE__ , 5292 ) ;

5293 else -

5294

SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,

never executed: ERR_put_error(20,(519),(151),__FILE__,5295) ;

5295

SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);

never executed: ERR_put_error(20,(519),(151),__FILE__,5295) ;

5296

return 0;

never executed: return 0;

5297 } -

5298 -

5299 sk = sk_SSL_CIPHER_new_null(); -

5300 scsvs = sk_SSL_CIPHER_new_null(); -

5301

if (sk == NULL || scsvs == NULL) {

sk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1

scsvs == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1

0-3133

5302

if (fatal)

fatal	Description
TRUE	never evaluated
FALSE	never evaluated

5303

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,

never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5304 ) ;

5304

ERR_R_MALLOC_FAILURE);

never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5304 ) ;

5305 else -

5306

SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);

never executed: ERR_put_error(20,(519),((1|64)),__FILE__,5306);

5307

goto err;

never executed: goto err;

5308 } -

5309 -

5310

while (PACKET_copy_bytes(cipher_suites, cipher, n)) {

PACKET_copy_by...es, cipher, n)	Description
TRUE	evaluated 76040 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1

3133-76040

5311 /* -

5312 * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the -

5313 * first byte set to zero, while true SSLv2 ciphers have a non-zero -

5314 * first byte. We don't support any true SSLv2 ciphers, so skip them. -

5315 */ -

5316

if (sslv2format && cipher[0] != '\0')

sslv2format	Description
TRUE	evaluated 1176 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 74864 times by 1 test Evaluated by: libssl.so.1.1

cipher[0] != '\0'	Description
TRUE	evaluated 426 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 750 times by 1 test Evaluated by: libssl.so.1.1

426-74864

5317

continue;

executed 426 times by 1 test: continue;

Executed by:

libssl.so.1.1

426

5318 -

5319 /* For SSLv2-compat, ignore leading 0-byte. */ -

5320 c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1); -

5321

if (c != NULL) {

c != ((void *)0)	Description
TRUE	evaluated 58264 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17350 times by 1 test Evaluated by: libssl.so.1.1

17350-58264

5322

if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||

c->valid	Description
TRUE	evaluated 55836 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2428 times by 1 test Evaluated by: libssl.so.1.1

!sk_SSL_CIPHER_push(sk, c)	Description
TRUE	never evaluated
FALSE	evaluated 55836 times by 1 test Evaluated by: libssl.so.1.1

0-55836

5323

(!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {

!c->valid	Description
TRUE	evaluated 2428 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 55836 times by 1 test Evaluated by: libssl.so.1.1

!sk_SSL_CIPHER_push(scsvs, c)	Description
TRUE	never evaluated
FALSE	evaluated 2428 times by 1 test Evaluated by: libssl.so.1.1

0-55836

5324

if (fatal)

fatal	Description
TRUE	never evaluated
FALSE	never evaluated

5325

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5326 ) ;

5326

SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);

never executed: ossl_statem_fatal((s), (80), (519), ((1|64)), __FILE__ , 5326 ) ;

5327 else -

5328

SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);

never executed: ERR_put_error(20,(519),((1|64)),__FILE__,5328);

5329

goto err;

never executed: goto err;

5330 } -

5331

}

executed 58264 times by 1 test: end of block

Executed by:

libssl.so.1.1

58264

5332

}

executed 75614 times by 1 test: end of block

Executed by:

libssl.so.1.1

75614

5333

if (PACKET_remaining(cipher_suites) > 0) {

PACKET_remaini...er_suites) > 0	Description
TRUE	never evaluated
FALSE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1

0-3133

5334

if (fatal)

fatal	Description
TRUE	never evaluated
FALSE	never evaluated

5335

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,

never executed: ossl_statem_fatal((s), (50), (519), (271), __FILE__ , 5336 ) ;

5336

SSL_R_BAD_LENGTH);

never executed: ossl_statem_fatal((s), (50), (519), (271), __FILE__ , 5336 ) ;

5337 else -

5338

SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);

never executed: ERR_put_error(20,(519),(271),__FILE__,5338);

5339

goto err;

never executed: goto err;

5340 } -

5341 -

5342

if (skp != NULL)

skp != ((void *)0)	Description
TRUE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3133

5343

*skp = sk;

executed 3133 times by 1 test: *skp = sk;

Executed by:

libssl.so.1.1

3133

5344 else -

5345

sk_SSL_CIPHER_free(sk);

never executed: sk_SSL_CIPHER_free(sk);

5346

if (scsvs_out != NULL)

scsvs_out != ((void *)0)	Description
TRUE	evaluated 3133 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3133

5347

*scsvs_out = scsvs;

executed 3133 times by 1 test: *scsvs_out = scsvs;

Executed by:

libssl.so.1.1

3133

5348 else -

5349

sk_SSL_CIPHER_free(scsvs);

never executed: sk_SSL_CIPHER_free(scsvs);

5350

return 1;

executed 3133 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3133

5351 err: -

5352 sk_SSL_CIPHER_free(sk); -

5353 sk_SSL_CIPHER_free(scsvs); -

5354

return 0;

never executed: return 0;

5355 } -

5356 -

5357 int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) -

5358 { -

5359 ctx->max_early_data = max_early_data; -

5360 -

5361

return 1;

executed 62 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5362 } -

5363 -

5364 uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) -

5365 { -

5366

return ctx->max_early_data;

never executed: return ctx->max_early_data;

5367 } -

5368 -

5369 int SSL_set_max_early_data(SSL *s, uint32_t max_early_data) -

5370 { -

5371 s->max_early_data = max_early_data; -

5372 -

5373

return 1;

never executed: return 1;

5374 } -

5375 -

5376 uint32_t SSL_get_max_early_data(const SSL *s) -

5377 { -

5378

return s->max_early_data;

never executed: return s->max_early_data;

5379 } -

5380 -

5381 int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data) -

5382 { -

5383 ctx->recv_max_early_data = recv_max_early_data; -

5384 -

5385

return 1;

never executed: return 1;

5386 } -

5387 -

5388 uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx) -

5389 { -

5390

return ctx->recv_max_early_data;

never executed: return ctx->recv_max_early_data;

5391 } -

5392 -

5393 int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data) -

5394 { -

5395 s->recv_max_early_data = recv_max_early_data; -

5396 -

5397

return 1;

executed 3 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5398 } -

5399 -

5400 uint32_t SSL_get_recv_max_early_data(const SSL *s) -

5401 { -

5402

return s->recv_max_early_data;

never executed: return s->recv_max_early_data;

5403 } -

5404 -

5405 __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) -

5406 { -

5407 /* Return any active Max Fragment Len extension */ -

5408

if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))

ssl->session != ((void *)0)	Description
TRUE	evaluated 47522 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7993 times by 1 test Evaluated by: libssl.so.1.1

((ssl->session...en_mode) >= 1)	Description
TRUE	evaluated 333 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 47189 times by 1 test Evaluated by: libssl.so.1.1

((ssl->session...en_mode) <= 4)	Description
TRUE	evaluated 333 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-47522

5409

return GET_MAX_FRAGMENT_LENGTH(ssl->session);

executed 333 times by 1 test: return (512U << (ssl->session->ext.max_fragment_len_mode - 1));

Executed by:

libssl.so.1.1

333

5410 -

5411 /* return current SSL connection setting */ -

5412

return ssl->max_send_fragment;

executed 55182 times by 1 test: return ssl->max_send_fragment;

Executed by:

libssl.so.1.1

55182

5413 } -

5414 -

5415 __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) -

5416 { -

5417 /* Return a value regarding an active Max Fragment Len extension */ -

5418

if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)

ssl->session != ((void *)0)	Description
TRUE	evaluated 26393 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 226 times by 1 test Evaluated by: libssl.so.1.1

((ssl->session...en_mode) >= 1)	Description
TRUE	evaluated 163 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26230 times by 1 test Evaluated by: libssl.so.1.1

((ssl->session...en_mode) <= 4)	Description
TRUE	evaluated 163 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-26393

5419

&& ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))

ssl->split_sen...len_mode - 1))	Description
TRUE	evaluated 115 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1

48-115

5420

return GET_MAX_FRAGMENT_LENGTH(ssl->session);

executed 115 times by 1 test: return (512U << (ssl->session->ext.max_fragment_len_mode - 1));

Executed by:

libssl.so.1.1

115

5421 -

5422 /* else limit |split_send_fragment| to current |max_send_fragment| */ -

5423

if (ssl->split_send_fragment > ssl->max_send_fragment)

ssl->split_sen..._send_fragment	Description
TRUE	never evaluated
FALSE	evaluated 26504 times by 1 test Evaluated by: libssl.so.1.1

0-26504

5424

return ssl->max_send_fragment;

never executed: return ssl->max_send_fragment;

5425 -

5426 /* return current SSL connection setting */ -

5427

return ssl->split_send_fragment;

executed 26504 times by 1 test: return ssl->split_send_fragment;

Executed by:

libssl.so.1.1

26504

5428 } -

5429 -

5430 int SSL_stateless(SSL *s) -

5431 { -

5432 int ret; -

5433 -

5434 /* Ensure there is no state left over from a previous invocation */ -

5435

if (!SSL_clear(s))

!SSL_clear(s)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

5436

return 0;

never executed: return 0;

5437 -

5438 ERR_clear_error(); -

5439 -

5440 s->s3->flags |= TLS1_FLAGS_STATELESS; -

5441 ret = SSL_accept(s); -

5442 s->s3->flags &= ~TLS1_FLAGS_STATELESS; -

5443 -

5444

if (ret > 0 && s->ext.cookieok)

ret > 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

s->ext.cookieok	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

1-3

5445

return 1;

executed 1 time by 1 test: return 1;

Executed by:

libssl.so.1.1

5446 -

5447

if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!ossl_statem_in_error(s)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-3

5448

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

5449 -

5450

return -1;

executed 1 time by 1 test: return -1;

Executed by:

libssl.so.1.1

5451 } -

5452 -

5453 void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) -

5454 { -

5455 ctx->pha_enabled = val; -

5456

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

5457 -

5458 void SSL_set_post_handshake_auth(SSL *ssl, int val) -

5459 { -

5460 ssl->pha_enabled = val; -

5461

}

executed 36 times by 1 test: end of block

Executed by:

libssl.so.1.1

5462 -

5463 int SSL_verify_client_post_handshake(SSL *ssl) -

5464 { -

5465

if (!SSL_IS_TLS13(ssl)) {

!(ssl->method-...c_flags & 0x8)	Description
TRUE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(ssl)->method-...sion >= 0x0304	Description
TRUE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(ssl)->method-...ion != 0x10000	Description
TRUE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-28

5466 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION); -

5467

return 0;

never executed: return 0;

5468 } -

5469

if (!ssl->server) {

!ssl->server	Description
TRUE	never evaluated
FALSE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1

0-28

5470 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER); -

5471

return 0;

never executed: return 0;

5472 } -

5473 -

5474

if (!SSL_is_init_finished(ssl)) {

!SSL_is_init_finished(ssl)	Description
TRUE	never evaluated
FALSE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1

0-28

5475 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT); -

5476

return 0;

never executed: return 0;

5477 } -

5478 -

5479 switch (ssl->post_handshake_auth) { -

5480

case SSL_PHA_NONE:

executed 2 times by 1 test: case SSL_PHA_NONE:

Executed by:

libssl.so.1.1

5481 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED); -

5482

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

5483

default:

never executed: default:

5484

case SSL_PHA_EXT_SENT:

never executed: case SSL_PHA_EXT_SENT:

5485 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR); -

5486

return 0;

never executed: return 0;

5487

case SSL_PHA_EXT_RECEIVED:

executed 26 times by 1 test: case SSL_PHA_EXT_RECEIVED:

Executed by:

libssl.so.1.1

5488

break;

executed 26 times by 1 test: break;

Executed by:

libssl.so.1.1

5489

case SSL_PHA_REQUEST_PENDING:

never executed: case SSL_PHA_REQUEST_PENDING:

5490 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING); -

5491

return 0;

never executed: return 0;

5492

case SSL_PHA_REQUESTED:

never executed: case SSL_PHA_REQUESTED:

5493 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT); -

5494

return 0;

never executed: return 0;

5495 } -

5496 -

5497 ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING; -

5498 -

5499 /* checks verify_mode and algorithm_auth */ -

5500

if (!send_certificate_request(ssl)) {

!send_certificate_request(ssl)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

5501 ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */ -

5502 SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG); -

5503

return 0;

never executed: return 0;

5504 } -

5505 -

5506 ossl_statem_set_in_init(ssl, 1); -

5507

return 1;

executed 26 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5508 } -

5509 -

5510 int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, -

5511 SSL_CTX_generate_session_ticket_fn gen_cb, -

5512 SSL_CTX_decrypt_session_ticket_fn dec_cb, -

5513 void *arg) -

5514 { -

5515 ctx->generate_ticket_cb = gen_cb; -

5516 ctx->decrypt_ticket_cb = dec_cb; -

5517 ctx->ticket_cb_data = arg; -

5518

return 1;

executed 16 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5519 } -

5520 -

5521 void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, -

5522 SSL_allow_early_data_cb_fn cb, -

5523 void *arg) -

5524 { -

5525 ctx->allow_early_data_cb = cb; -

5526 ctx->allow_early_data_cb_data = arg; -

5527

}

executed 8 times by 1 test: end of block

Executed by:

libssl.so.1.1

5528 -

5529 void SSL_set_allow_early_data_cb(SSL *s, -

5530 SSL_allow_early_data_cb_fn cb, -

5531 void *arg) -

5532 { -

5533 s->allow_early_data_cb = cb; -

5534 s->allow_early_data_cb_data = arg; -

5535

}

never executed: end of block

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2