OpenCoverage

ssl3_record_tls13.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/record/ssl3_record_tls13.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include "../ssl_locl.h" -

11 #include "record_locl.h" -

12 #include "internal/cryptlib.h" -

13 -

14 /*- -

15 * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for -

16 * internal errors, but not otherwise. -

17 * -

18 * Returns: -

19 * 0: (in non-constant time) if the record is publically invalid (i.e. too -

20 * short etc). -

21 * 1: if the record encryption was successful. -

22 * -1: if the record's AEAD-authenticator is invalid or, if sending, -

23 * an internal error occurred. -

24 */ -

25 int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) -

26 { -

27 EVP_CIPHER_CTX *ctx; -

28 unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; -

29 size_t ivlen, taglen, offset, loop, hdrlen; -

30 unsigned char *staticiv; -

31 unsigned char *seq; -

32 int lenu, lenf; -

33 SSL3_RECORD *rec = &recs[0]; -

34 uint32_t alg_enc; -

35 WPACKET wpkt; -

36 -

if (n_recs != 1) {

n_recs != 1	Description
TRUE	never evaluated
FALSE	evaluated 36974 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-36974

38 /* Should not happen */ -

39 /* TODO(TLS1.3): Support pipelining */ -

40 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, -

41 ERR_R_INTERNAL_ERROR); -

return -1;

never executed: return -1;

43 } -

44 -

if (sending) {

sending	Description
TRUE	evaluated 15084 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 21890 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

15084-21890

46 ctx = s->enc_write_ctx; -

47 staticiv = s->write_iv; -

48 seq = RECORD_LAYER_get_write_sequence(&s->rlayer); -

} else {

executed 15084 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

15084

50 ctx = s->enc_read_ctx; -

51 staticiv = s->read_iv; -

52 seq = RECORD_LAYER_get_read_sequence(&s->rlayer); -

}

executed 21890 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

21890

54 -

55 /* -

56 * If we're sending an alert and ctx != NULL then we must be forcing -

57 * plaintext alerts. If we're reading and ctx != NULL then we allow -

58 * plaintext alerts at certain points in the handshake. If we've got this -

59 * far then we have already validated that a plaintext alert is ok here. -

60 */ -

if (ctx == NULL || rec->type == SSL3_RT_ALERT) {

ctx == ((void *)0)	Description
TRUE	evaluated 3185 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33789 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

rec->type == 21	Description
TRUE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33766 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

23-33789

62 memmove(rec->data, rec->input, rec->length); -

63 rec->input = rec->data; -

return 1;

executed 3208 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3208

65 } -

66 -

67 ivlen = EVP_CIPHER_CTX_iv_length(ctx); -

68 -

if (s->early_data_state == SSL_EARLY_DATA_WRITING

s->early_data_...Y_DATA_WRITING	Description
TRUE	evaluated 49 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33717 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

49-33717

|| s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {

s->early_data_...TA_WRITE_RETRY	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33705 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

12-33705

if (s->session != NULL && s->session->ext.max_early_data > 0) {

s->session != ((void *)0)	Description
TRUE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->session->ex...early_data > 0	Description
TRUE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-61

72 alg_enc = s->session->cipher->algorithm_enc; -

} else {

executed 50 times by 1 test: end of block

Executed by:

libssl.so.1.1

if (!ossl_assert(s->psksession != NULL

!((s->psksessi...ata > 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

s->psksession != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->psksession-...early_data > 0	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-11

75 && s->psksession->ext.max_early_data > 0)) { -

76 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, -

77 ERR_R_INTERNAL_ERROR); -

return -1;

never executed: return -1;

79 } -

80 alg_enc = s->psksession->cipher->algorithm_enc; -

}

executed 11 times by 1 test: end of block

Executed by:

libssl.so.1.1

82 } else { -

83 /* -

84 * To get here we must have selected a ciphersuite - otherwise ctx would -

85 * be NULL -

86 */ -

if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {

!((s->s3->tmp....d *)0) ) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 33705 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33705

88 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, -

89 ERR_R_INTERNAL_ERROR); -

return -1;

never executed: return -1;

91 } -

92 alg_enc = s->s3->tmp.new_cipher->algorithm_enc; -

}

executed 33705 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

33705

94 -

if (alg_enc & SSL_AESCCM) {

alg_enc & (0x0...\| 0x00020000U)	Description
TRUE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33724 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

42-33724

if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))

alg_enc & (0x0...\| 0x00020000U)	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

0-42

taglen = EVP_CCM8_TLS_TAG_LEN;

never executed: taglen = 8;

98 else -

taglen = EVP_CCM_TLS_TAG_LEN;

executed 42 times by 1 test: taglen = 16;

Executed by:

libssl.so.1.1

100

if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,

sending	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

EVP_CIPHER_CTX...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

101

NULL) <= 0) {

EVP_CIPHER_CTX...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

102 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, -

103 ERR_R_INTERNAL_ERROR); -

104

return -1;

never executed: return -1;

105 } -

106

} else if (alg_enc & SSL_AESGCM) {

executed 42 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_enc & (0x0...\| 0x00002000U)	Description
TRUE	evaluated 25243 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 8481 times by 1 test Evaluated by: libssl.so.1.1

42-25243

107 taglen = EVP_GCM_TLS_TAG_LEN; -

108

} else if (alg_enc & SSL_CHACHA20) {

executed 25243 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

alg_enc & (0x00080000U)	Description
TRUE	evaluated 8481 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-25243

109 taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; -

110

} else {

executed 8481 times by 1 test: end of block

Executed by:

libssl.so.1.1

8481

111 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, -

112 ERR_R_INTERNAL_ERROR); -

113

return -1;

never executed: return -1;

114 } -

115 -

116

if (!sending) {

!sending	Description
TRUE	evaluated 21366 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 12400 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

12400-21366

117 /* -

118 * Take off tag. There must be at least one byte of content type as -

119 * well as the tag -

120 */ -

121

if (rec->length < taglen + 1)

rec->length < taglen + 1	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21359 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

7-21359

122

return 0;

executed 7 times by 1 test: return 0;

Executed by:

libssl.so.1.1

123 rec->length -= taglen; -

124

}

executed 21359 times by 2 tests: end of block

Executed by:

libssl.so.1.1
tls13encryptiontest

21359

125 -

126 /* Set up IV */ -

127

if (ivlen < SEQ_NUM_SIZE) {

ivlen < 8	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

128 /* Should not happen */ -

129 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, -

130 ERR_R_INTERNAL_ERROR); -

131

return -1;

never executed: return -1;

132 } -

133 offset = ivlen - SEQ_NUM_SIZE; -

134 memcpy(iv, staticiv, offset); -

135

for (loop = 0; loop < SEQ_NUM_SIZE; loop++)

loop < 8	Description
TRUE	evaluated 270072 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

33759-270072

136

iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];

executed 270072 times by 2 tests: iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];

Executed by:

libssl.so.1.1
tls13encryptiontest

270072

137 -

138 /* Increment the sequence counter */ -

139

for (loop = SEQ_NUM_SIZE; loop > 0; loop--) {

loop > 0	Description
TRUE	evaluated 33795 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	never evaluated

0-33795

140 ++seq[loop - 1]; -

141

if (seq[loop - 1] != 0)

seq[loop - 1] != 0	Description
TRUE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1

36-33759

142

break;

executed 33759 times by 2 tests: break;

Executed by:

libssl.so.1.1
tls13encryptiontest

33759

143

}

executed 36 times by 1 test: end of block

Executed by:

libssl.so.1.1

144

if (loop == 0) {

loop == 0	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

145 /* Sequence has wrapped */ -

146

return -1;

never executed: return -1;

147 } -

148 -

149 /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */ -

150

if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0

EVP_CipherInit... sending) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

151

|| (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,

!sending	Description
TRUE	evaluated 21359 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 12400 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

EVP_CIPHER_CTX...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 21359 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-21359

152

taglen,

EVP_CIPHER_CTX...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 21359 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-21359

153

rec->data + rec->length) <= 0)) {

EVP_CIPHER_CTX...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 21359 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-21359

154

return -1;

never executed: return -1;

155 } -

156 -

157 /* Set up the AAD */ -

158

if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0)

!WPACKET_init_...recheader), 0)	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

159

|| !WPACKET_put_bytes_u8(&wpkt, rec->type)

!WPACKET_put_b...rec->type), 1)	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

160

|| !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)

!WPACKET_put_b...c_version), 2)	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

161

|| !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen)

!WPACKET_put_b... + taglen), 2)	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

162

|| !WPACKET_get_total_written(&wpkt, &hdrlen)

!WPACKET_get_t...wpkt, &hdrlen)	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

163

|| hdrlen != SSL3_RT_HEADER_LENGTH

hdrlen != 5	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

164

|| !WPACKET_finish(&wpkt)) {

!WPACKET_finish(&wpkt)	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

165 WPACKET_cleanup(&wpkt); -

166

return -1;

never executed: return -1;

167 } -

168 -

169 /* -

170 * For CCM we must explicitly set the total plaintext length before we add -

171 * any AAD. -

172 */ -

173

if (((alg_enc & SSL_AESCCM) != 0

(alg_enc & (0x...020000U)) != 0	Description
TRUE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33717 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

42-33717

174

&& EVP_CipherUpdate(ctx, NULL, &lenu, NULL,

EVP_CipherUpda...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

0-42

175

(unsigned int)rec->length) <= 0)

EVP_CipherUpda...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

0-42

176

|| EVP_CipherUpdate(ctx, NULL, &lenu, recheader,

EVP_CipherUpda...cheader)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

177

sizeof(recheader)) <= 0

EVP_CipherUpda...cheader)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

178

|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,

EVP_CipherUpda...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

179

(unsigned int)rec->length) <= 0

EVP_CipherUpda...->length) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 33759 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-33759

180

|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0

EVP_CipherFina...u, &lenf) <= 0	Description
TRUE	evaluated 10596 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23163 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

10596-23163

181

|| (size_t)(lenu + lenf) != rec->length) {

(size_t)(lenu ...!= rec->length	Description
TRUE	never evaluated
FALSE	evaluated 23163 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

0-23163

182

return -1;

executed 10596 times by 1 test: return -1;

Executed by:

libssl.so.1.1

10596

183 } -

184

if (sending) {

sending	Description
TRUE	evaluated 12400 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest
FALSE	evaluated 10763 times by 2 tests Evaluated by: libssl.so.1.1 tls13encryptiontest

10763-12400

185 /* Add the tag */ -