Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | #include "../ssl_locl.h" | - |
11 | #include "record_locl.h" | - |
12 | #include "internal/cryptlib.h" | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) | - |
26 | { | - |
27 | EVP_CIPHER_CTX *ctx; | - |
28 | unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; | - |
29 | size_t ivlen, taglen, offset, loop, hdrlen; | - |
30 | unsigned char *staticiv; | - |
31 | unsigned char *seq; | - |
32 | int lenu, lenf; | - |
33 | SSL3_RECORD *rec = &recs[0]; | - |
34 | uint32_t alg_enc; | - |
35 | WPACKET wpkt; | - |
36 | | - |
37 | if (n_recs != 1) {TRUE | never evaluated | FALSE | evaluated 36974 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-36974 |
38 | | - |
39 | | - |
40 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, | - |
41 | ERR_R_INTERNAL_ERROR); | - |
42 | return -1; never executed: return -1; | 0 |
43 | } | - |
44 | | - |
45 | if (sending) {TRUE | evaluated 15084 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | evaluated 21890 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 15084-21890 |
46 | ctx = s->enc_write_ctx; | - |
47 | staticiv = s->write_iv; | - |
48 | seq = RECORD_LAYER_get_write_sequence(&s->rlayer); | - |
49 | } else {executed 15084 times by 2 tests: end of block Executed by:- libssl.so.1.1
- tls13encryptiontest
| 15084 |
50 | ctx = s->enc_read_ctx; | - |
51 | staticiv = s->read_iv; | - |
52 | seq = RECORD_LAYER_get_read_sequence(&s->rlayer); | - |
53 | }executed 21890 times by 2 tests: end of block Executed by:- libssl.so.1.1
- tls13encryptiontest
| 21890 |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | | - |
60 | | - |
61 | if (ctx == NULL || rec->type == SSL3_RT_ALERT) {TRUE | evaluated 3185 times by 1 test | FALSE | evaluated 33789 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
TRUE | evaluated 23 times by 1 test | FALSE | evaluated 33766 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 23-33789 |
62 | memmove(rec->data, rec->input, rec->length); | - |
63 | rec->input = rec->data; | - |
64 | return 1;executed 3208 times by 1 test: return 1; | 3208 |
65 | } | - |
66 | | - |
67 | ivlen = EVP_CIPHER_CTX_iv_length(ctx); | - |
68 | | - |
69 | if (s->early_data_state == SSL_EARLY_DATA_WRITINGTRUE | evaluated 49 times by 1 test | FALSE | evaluated 33717 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 49-33717 |
70 | || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {TRUE | evaluated 12 times by 1 test | FALSE | evaluated 33705 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 12-33705 |
71 | if (s->session != NULL && s->session->ext.max_early_data > 0) {TRUE | evaluated 61 times by 1 test | FALSE | never evaluated |
TRUE | evaluated 50 times by 1 test | FALSE | evaluated 11 times by 1 test |
| 0-61 |
72 | alg_enc = s->session->cipher->algorithm_enc; | - |
73 | } else {executed 50 times by 1 test: end of block | 50 |
74 | if (!ossl_assert(s->psksession != NULLTRUE | never evaluated | FALSE | evaluated 11 times by 1 test |
TRUE | evaluated 11 times by 1 test | FALSE | never evaluated |
TRUE | evaluated 11 times by 1 test | FALSE | never evaluated |
| 0-11 |
75 | && s->psksession->ext.max_early_data > 0)) { | - |
76 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, | - |
77 | ERR_R_INTERNAL_ERROR); | - |
78 | return -1; never executed: return -1; | 0 |
79 | } | - |
80 | alg_enc = s->psksession->cipher->algorithm_enc; | - |
81 | }executed 11 times by 1 test: end of block | 11 |
82 | } else { | - |
83 | | - |
84 | | - |
85 | | - |
86 | | - |
87 | if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {TRUE | never evaluated | FALSE | evaluated 33705 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33705 |
88 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, | - |
89 | ERR_R_INTERNAL_ERROR); | - |
90 | return -1; never executed: return -1; | 0 |
91 | } | - |
92 | alg_enc = s->s3->tmp.new_cipher->algorithm_enc; | - |
93 | }executed 33705 times by 2 tests: end of block Executed by:- libssl.so.1.1
- tls13encryptiontest
| 33705 |
94 | | - |
95 | if (alg_enc & SSL_AESCCM) {TRUE | evaluated 42 times by 1 test | FALSE | evaluated 33724 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 42-33724 |
96 | if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))TRUE | never evaluated | FALSE | evaluated 42 times by 1 test |
| 0-42 |
97 | taglen = EVP_CCM8_TLS_TAG_LEN; never executed: taglen = 8; | 0 |
98 | else | - |
99 | taglen = EVP_CCM_TLS_TAG_LEN;executed 42 times by 1 test: taglen = 16; | 42 |
100 | if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,TRUE | evaluated 21 times by 1 test | FALSE | evaluated 21 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 21 times by 1 test |
| 0-21 |
101 | NULL) <= 0) {TRUE | never evaluated | FALSE | evaluated 21 times by 1 test |
| 0-21 |
102 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, | - |
103 | ERR_R_INTERNAL_ERROR); | - |
104 | return -1; never executed: return -1; | 0 |
105 | } | - |
106 | } else if (alg_enc & SSL_AESGCM) {executed 42 times by 1 test: end of block TRUE | evaluated 25243 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | evaluated 8481 times by 1 test |
| 42-25243 |
107 | taglen = EVP_GCM_TLS_TAG_LEN; | - |
108 | } else if (alg_enc & SSL_CHACHA20) {executed 25243 times by 2 tests: end of block Executed by:- libssl.so.1.1
- tls13encryptiontest
TRUE | evaluated 8481 times by 1 test | FALSE | never evaluated |
| 0-25243 |
109 | taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; | - |
110 | } else {executed 8481 times by 1 test: end of block | 8481 |
111 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, | - |
112 | ERR_R_INTERNAL_ERROR); | - |
113 | return -1; never executed: return -1; | 0 |
114 | } | - |
115 | | - |
116 | if (!sending) {TRUE | evaluated 21366 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | evaluated 12400 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 12400-21366 |
117 | | - |
118 | | - |
119 | | - |
120 | | - |
121 | if (rec->length < taglen + 1)TRUE | evaluated 7 times by 1 test | FALSE | evaluated 21359 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 7-21359 |
122 | return 0;executed 7 times by 1 test: return 0; | 7 |
123 | rec->length -= taglen; | - |
124 | }executed 21359 times by 2 tests: end of block Executed by:- libssl.so.1.1
- tls13encryptiontest
| 21359 |
125 | | - |
126 | | - |
127 | if (ivlen < SEQ_NUM_SIZE) {TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
128 | | - |
129 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, | - |
130 | ERR_R_INTERNAL_ERROR); | - |
131 | return -1; never executed: return -1; | 0 |
132 | } | - |
133 | offset = ivlen - SEQ_NUM_SIZE; | - |
134 | memcpy(iv, staticiv, offset); | - |
135 | for (loop = 0; loop < SEQ_NUM_SIZE; loop++)TRUE | evaluated 270072 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 33759-270072 |
136 | iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];executed 270072 times by 2 tests: iv[offset + loop] = staticiv[offset + loop] ^ seq[loop]; Executed by:- libssl.so.1.1
- tls13encryptiontest
| 270072 |
137 | | - |
138 | | - |
139 | for (loop = SEQ_NUM_SIZE; loop > 0; loop--) {TRUE | evaluated 33795 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | never evaluated |
| 0-33795 |
140 | ++seq[loop - 1]; | - |
141 | if (seq[loop - 1] != 0)TRUE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | evaluated 36 times by 1 test |
| 36-33759 |
142 | break;executed 33759 times by 2 tests: break; Executed by:- libssl.so.1.1
- tls13encryptiontest
| 33759 |
143 | }executed 36 times by 1 test: end of block | 36 |
144 | if (loop == 0) {TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
145 | | - |
146 | return -1; never executed: return -1; | 0 |
147 | } | - |
148 | | - |
149 | | - |
150 | if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
151 | || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,TRUE | evaluated 21359 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | evaluated 12400 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
TRUE | never evaluated | FALSE | evaluated 21359 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-21359 |
152 | taglen,TRUE | never evaluated | FALSE | evaluated 21359 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-21359 |
153 | rec->data + rec->length) <= 0)) {TRUE | never evaluated | FALSE | evaluated 21359 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-21359 |
154 | return -1; never executed: return -1; | 0 |
155 | } | - |
156 | | - |
157 | | - |
158 | if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0)TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
159 | || !WPACKET_put_bytes_u8(&wpkt, rec->type)TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
160 | || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
161 | || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen)TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
162 | || !WPACKET_get_total_written(&wpkt, &hdrlen)TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
163 | || hdrlen != SSL3_RT_HEADER_LENGTHTRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
164 | || !WPACKET_finish(&wpkt)) {TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
165 | WPACKET_cleanup(&wpkt); | - |
166 | return -1; never executed: return -1; | 0 |
167 | } | - |
168 | | - |
169 | | - |
170 | | - |
171 | | - |
172 | | - |
173 | if (((alg_enc & SSL_AESCCM) != 0TRUE | evaluated 42 times by 1 test | FALSE | evaluated 33717 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 42-33717 |
174 | && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,TRUE | never evaluated | FALSE | evaluated 42 times by 1 test |
| 0-42 |
175 | (unsigned int)rec->length) <= 0)TRUE | never evaluated | FALSE | evaluated 42 times by 1 test |
| 0-42 |
176 | || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
177 | sizeof(recheader)) <= 0TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
178 | || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
179 | (unsigned int)rec->length) <= 0TRUE | never evaluated | FALSE | evaluated 33759 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-33759 |
180 | || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0TRUE | evaluated 10596 times by 1 test | FALSE | evaluated 23163 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 10596-23163 |
181 | || (size_t)(lenu + lenf) != rec->length) {TRUE | never evaluated | FALSE | evaluated 23163 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-23163 |
182 | return -1;executed 10596 times by 1 test: return -1; | 10596 |
183 | } | - |
184 | if (sending) {TRUE | evaluated 12400 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
| FALSE | evaluated 10763 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 10763-12400 |
185 | | - |
186 | if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,TRUE | never evaluated | FALSE | evaluated 12400 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-12400 |
187 | rec->data + rec->length) <= 0) {TRUE | never evaluated | FALSE | evaluated 12400 times by 2 testsEvaluated by:- libssl.so.1.1
- tls13encryptiontest
|
| 0-12400 |
188 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, | - |
189 | ERR_R_INTERNAL_ERROR); | - |
190 | return -1; never executed: return -1; | 0 |
191 | } | - |
192 | rec->length += taglen; | - |
193 | }executed 12400 times by 2 tests: end of block Executed by:- libssl.so.1.1
- tls13encryptiontest
| 12400 |
194 | | - |
195 | return 1;executed 23163 times by 2 tests: return 1; Executed by:- libssl.so.1.1
- tls13encryptiontest
| 23163 |
196 | } | - |
| | |