statem_srvr.c

Line

Source

Count

1

/*

-

-

-

-

*

-

6

* Licensed under the OpenSSL license (the "License"). You may not use

-

7

* this file except in compliance with the License. You can obtain a copy

-

8

* in the file LICENSE in the source distribution or at

-

9

* https://www.openssl.org/source/license.html

-

10

*/

-

11

-

12

#include <stdio.h>

-

13

#include "../ssl_locl.h"

-

14

#include "statem_locl.h"

-

15

#include "internal/constant_time_locl.h"

-

16

#include "internal/cryptlib.h"

-

17

#include <openssl/buffer.h>

-

18

#include <openssl/rand.h>

-

19

#include <openssl/objects.h>

-

20

#include <openssl/evp.h>

-

21

#include <openssl/hmac.h>

-

22

#include <openssl/x509.h>

-

23

#include <openssl/dh.h>

-

24

#include <openssl/bn.h>

-

25

#include <openssl/md5.h>

-

26

-

27

#define TICKET_NONCE_SIZE 8

-

28

-

29

static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);

-

30

-

31

/*

-

32

* ossl_statem_server13_read_transition() encapsulates the logic for the allowed

-

33

* handshake state transitions when a TLSv1.3 server is reading messages from

-

34

* the client. The message type that the client has sent is provided in |mt|.

-

35

* The current state is in |s->statem.hand_state|.

-

36

*

-

37

* Return values are 1 for success (transition allowed) and 0 on error

-

38

* (transition not allowed)

-

39

*/

-

40

static int ossl_statem_server13_read_transition(SSL *s, int mt)

-

41

{

-

42

OSSL_STATEM *st = &s->statem;

-

43

-

44

/*

-

45

* Note: There is no case for TLS_ST_BEFORE because at that stage we have

-

46

* not negotiated TLSv1.3 yet, so that case is handled by

-

47

* ossl_statem_server_read_transition()

-

48

*/

-

49

switch (st->hand_state) {

-

50

default:

never executed: default:

0

51

break;

never executed: break;

0

52

-

53

case TLS_ST_EARLY_DATA:

executed 656 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

656

54

if (s->hello_retry_request == SSL_HRR_PENDING) {

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 87 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 569 times by 1 test Evaluated by: libssl.so.1.1

87-569

55

if (mt == SSL3_MT_CLIENT_HELLO) {

mt == 1	Description
TRUE	evaluated 86 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-86

56

st->hand_state = TLS_ST_SR_CLNT_HELLO;

-

57

return 1;

executed 86 times by 1 test: return 1;

Executed by:

libssl.so.1.1

86

58

}

-

59

break;

executed 1 time by 1 test: break;

Executed by:

libssl.so.1.1

1

60

} else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {

s->ext.early_data == 2	Description
TRUE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 553 times by 1 test Evaluated by: libssl.so.1.1

16-553

61

if (mt == SSL3_MT_END_OF_EARLY_DATA) {

mt == 5	Description
TRUE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-16

62

st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;

-

63

return 1;

executed 16 times by 1 test: return 1;

Executed by:

libssl.so.1.1

16

64

}

-

65

break;

never executed: break;

0

66

}

-

67

/* Fall through */

-

68

-

69

case TLS_ST_SR_END_OF_EARLY_DATA:

code before this statement executed 553 times by 1 test: case TLS_ST_SR_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

executed 16 times by 1 test: case TLS_ST_SR_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

16-553

70

case TLS_ST_SW_FINISHED:

never executed: case TLS_ST_SW_FINISHED:

0

71

if (s->s3->tmp.cert_request) {

s->s3->tmp.cert_request	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 550 times by 1 test Evaluated by: libssl.so.1.1

19-550

72

if (mt == SSL3_MT_CERTIFICATE) {

mt == 11	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-19

73

st->hand_state = TLS_ST_SR_CERT;

-

74

return 1;

executed 19 times by 1 test: return 1;

Executed by:

libssl.so.1.1

19

75

}

-

76

} else {

never executed: end of block

0

77

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 550 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-550

78

st->hand_state = TLS_ST_SR_FINISHED;

-

79

return 1;

executed 550 times by 1 test: return 1;

Executed by:

libssl.so.1.1

550

80

}

-

81

}

never executed: end of block

0

82

break;

never executed: break;

0

83

-

84

case TLS_ST_SR_CERT:

executed 37 times by 1 test: case TLS_ST_SR_CERT:

Executed by:

libssl.so.1.1

37

85

if (s->session->peer == NULL) {

s->session->pe...== ((void *)0)	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

15-22

86

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-22

87

st->hand_state = TLS_ST_SR_FINISHED;

-

88

return 1;

executed 22 times by 1 test: return 1;

Executed by:

libssl.so.1.1

22

89

}

-

90

} else {

never executed: end of block

0

91

if (mt == SSL3_MT_CERTIFICATE_VERIFY) {

mt == 15	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-15

92

st->hand_state = TLS_ST_SR_CERT_VRFY;

-

93

return 1;

executed 15 times by 1 test: return 1;

Executed by:

libssl.so.1.1

15

94

}

-

95

}

never executed: end of block

0

96

break;

never executed: break;

0

97

-

98

case TLS_ST_SR_CERT_VRFY:

executed 15 times by 1 test: case TLS_ST_SR_CERT_VRFY:

Executed by:

libssl.so.1.1

15

99

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-15

100

st->hand_state = TLS_ST_SR_FINISHED;

-

101

return 1;

executed 15 times by 1 test: return 1;

Executed by:

libssl.so.1.1

15

102

}

-

103

break;

never executed: break;

0

104

-

105

case TLS_ST_OK:

executed 26 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

26

106

/*

-

107

* Its never ok to start processing handshake messages in the middle of

-

108

* early data (i.e. before we've received the end of early data alert)

-

109

*/

-

110

if (s->early_data_state == SSL_EARLY_DATA_READING)

s->early_data_...Y_DATA_READING	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

111

break;

never executed: break;

0

112

-

113

if (mt == SSL3_MT_CERTIFICATE

mt == 11	Description
TRUE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-23

114

&& s->post_handshake_auth == SSL_PHA_REQUESTED) {

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-23

115

st->hand_state = TLS_ST_SR_CERT;

-

116

return 1;

executed 23 times by 1 test: return 1;

Executed by:

libssl.so.1.1

23

117

}

-

118

-

119

if (mt == SSL3_MT_KEY_UPDATE) {

mt == 24	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3

120

st->hand_state = TLS_ST_SR_KEY_UPDATE;

-

121

return 1;

executed 3 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3

122

}

-

123

break;

never executed: break;

0

124

}

-

125

-

126

/* No valid transition found */

-

127

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1

128

}

-

129

-

130

/*

-

131

* ossl_statem_server_read_transition() encapsulates the logic for the allowed

-

132

* handshake state transitions when the server is reading messages from the

-

133

* client. The message type that the client has sent is provided in |mt|. The

-

134

* current state is in |s->statem.hand_state|.

-

135

*

-

136

* Return values are 1 for success (transition allowed) and 0 on error

-

137

* (transition not allowed)

-

138

*/

-

139

int ossl_statem_server_read_transition(SSL *s, int mt)

-

140

{

-

141

OSSL_STATEM *st = &s->statem;

-

142

-

143

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 7287 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 726 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 4206 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3081 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 750 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3456 times by 1 test Evaluated by: libssl.so.1.1

726-7287

144

if (!ossl_statem_server13_read_transition(s, mt))

!ossl_statem_s...nsition(s, mt)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 749 times by 1 test Evaluated by: libssl.so.1.1

1-749

145

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

146

return 1;

executed 749 times by 1 test: return 1;

Executed by:

libssl.so.1.1

749

147

}

-

148

-

149

switch (st->hand_state) {

-

150

default:

never executed: default:

0

151

break;

never executed: break;

0

152

-

153

case TLS_ST_BEFORE:

executed 3637 times by 1 test: case TLS_ST_BEFORE:

Executed by:

libssl.so.1.1

3637

154

case TLS_ST_OK:

executed 24 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

24

155

case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

never executed: case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

0

156

if (mt == SSL3_MT_CLIENT_HELLO) {

mt == 1	Description
TRUE	evaluated 3659 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2-3659

157

st->hand_state = TLS_ST_SR_CLNT_HELLO;

-

158

return 1;

executed 3659 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3659

159

}

-

160

break;

executed 2 times by 1 test: break;

Executed by:

libssl.so.1.1

2

161

-

162

case TLS_ST_SW_SRVR_DONE:

executed 1269 times by 1 test: case TLS_ST_SW_SRVR_DONE:

Executed by:

libssl.so.1.1

1269

163

/*

-

164

* If we get a CKE message after a ServerDone then either

-

165

* 1) We didn't request a Certificate

-

166

* OR

-

167

* 2) If we did request one then

-

168

* a) We allow no Certificate to be returned

-

169

* AND

-

170

* b) We are running SSL3 (in TLS1.0+ the client must return a 0

-

171

* list if we requested a certificate)

-

172

*/

-

173

if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {

mt == 16	Description
TRUE	evaluated 1228 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 41 times by 1 test Evaluated by: libssl.so.1.1

41-1228

174

if (s->s3->tmp.cert_request) {

s->s3->tmp.cert_request	Description
TRUE	never evaluated
FALSE	evaluated 1228 times by 1 test Evaluated by: libssl.so.1.1

0-1228

175

if (s->version == SSL3_VERSION) {

s->version == 0x0300	Description
TRUE	never evaluated
FALSE	never evaluated

0

176

if ((s->verify_mode & SSL_VERIFY_PEER)

(s->verify_mode & 0x01)	Description
TRUE	never evaluated
FALSE	never evaluated

0

177

&& (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {

(s->verify_mode & 0x02)	Description
TRUE	never evaluated
FALSE	never evaluated

0

178

/*

-

179

* This isn't an unexpected message as such - we're just

-

180

* not going to accept it because we require a client

-

181

* cert.

-

182

*/

-

183

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

184

SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,

-

185

SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);

-

186

return 0;

never executed: return 0;

0

187

}

-

188

st->hand_state = TLS_ST_SR_KEY_EXCH;

-

189

return 1;

never executed: return 1;

0

190

}

-

191

} else {

never executed: end of block

0

192

st->hand_state = TLS_ST_SR_KEY_EXCH;

-

193

return 1;

executed 1228 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1228

194

}

-

195

} else if (s->s3->tmp.cert_request) {

s->s3->tmp.cert_request	Description
TRUE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-35

196

if (mt == SSL3_MT_CERTIFICATE) {

mt == 11	Description
TRUE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-35

197

st->hand_state = TLS_ST_SR_CERT;

-

198

return 1;

executed 35 times by 1 test: return 1;

Executed by:

libssl.so.1.1

35

199

}

-

200

}

never executed: end of block

0

201

break;

executed 6 times by 1 test: break;

Executed by:

libssl.so.1.1

6

202

-

203

case TLS_ST_SR_CERT:

executed 25 times by 1 test: case TLS_ST_SR_CERT:

Executed by:

libssl.so.1.1

25

204

if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {

mt == 16	Description
TRUE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-25

205

st->hand_state = TLS_ST_SR_KEY_EXCH;

-

206

return 1;

executed 25 times by 1 test: return 1;

Executed by:

libssl.so.1.1

25

207

}

-

208

break;

never executed: break;

0

209

-

210

case TLS_ST_SR_KEY_EXCH:

executed 1150 times by 1 test: case TLS_ST_SR_KEY_EXCH:

Executed by:

libssl.so.1.1

1150

211

/*

-

212

* We should only process a CertificateVerify message if we have

-

213

* received a Certificate from the client. If so then |s->session->peer|

-

214

* will be non NULL. In some instances a CertificateVerify message is

-

215

* not required even if the peer has sent a Certificate (e.g. such as in

-

216

* the case of static DH). In that case |st->no_cert_verify| should be

-

217

* set.

-

218

*/

-

219

if (s->session->peer == NULL || st->no_cert_verify) {

s->session->pe...== ((void *)0)	Description
TRUE	evaluated 1130 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

st->no_cert_verify	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-1130

220

if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

mt == 0x0101	Description
TRUE	evaluated 1128 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2-1128

221

/*

-

222

* For the ECDH ciphersuites when the client sends its ECDH

-

223

* pub key in a certificate, the CertificateVerify message is

-

224

* not sent. Also for GOST ciphersuites when the client uses

-

225

* its key from the certificate for key exchange.

-

226

*/

-

227

st->hand_state = TLS_ST_SR_CHANGE;

-

228

return 1;

executed 1128 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1128

229

}

-

230

} else {

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

2

231

if (mt == SSL3_MT_CERTIFICATE_VERIFY) {

mt == 15	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-20

232

st->hand_state = TLS_ST_SR_CERT_VRFY;

-

233

return 1;

executed 20 times by 1 test: return 1;

Executed by:

libssl.so.1.1

20

234

}

-

235

}

never executed: end of block

0

236

break;

executed 2 times by 1 test: break;

Executed by:

libssl.so.1.1

2

237

-

238

case TLS_ST_SR_CERT_VRFY:

executed 19 times by 1 test: case TLS_ST_SR_CERT_VRFY:

Executed by:

libssl.so.1.1

19

239

if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

mt == 0x0101	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-19

240

st->hand_state = TLS_ST_SR_CHANGE;

-

241

return 1;

executed 19 times by 1 test: return 1;

Executed by:

libssl.so.1.1

19

242

}

-

243

break;

never executed: break;

0

244

-

245

case TLS_ST_SR_CHANGE:

executed 1046 times by 1 test: case TLS_ST_SR_CHANGE:

Executed by:

libssl.so.1.1

1046

246

#ifndef OPENSSL_NO_NEXTPROTONEG

-

247

if (s->s3->npn_seen) {

s->s3->npn_seen	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1025 times by 1 test Evaluated by: libssl.so.1.1

21-1025

248

if (mt == SSL3_MT_NEXT_PROTO) {

mt == 67	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-21

249

st->hand_state = TLS_ST_SR_NEXT_PROTO;

-

250

return 1;

executed 21 times by 1 test: return 1;

Executed by:

libssl.so.1.1

21

251

}

-

252

} else {

never executed: end of block

0

253

#endif

-

254

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 1025 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1025

255

st->hand_state = TLS_ST_SR_FINISHED;

-

256

return 1;

executed 1025 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1025

257

}

-

258

#ifndef OPENSSL_NO_NEXTPROTONEG

-

259

}

never executed: end of block

0

260

#endif

-

261

break;

never executed: break;

0

262

-

263

#ifndef OPENSSL_NO_NEXTPROTONEG

-

264

case TLS_ST_SR_NEXT_PROTO:

executed 21 times by 1 test: case TLS_ST_SR_NEXT_PROTO:

Executed by:

libssl.so.1.1

21

265

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-21

266

st->hand_state = TLS_ST_SR_FINISHED;

-

267

return 1;

executed 21 times by 1 test: return 1;

Executed by:

libssl.so.1.1

21

268

}

-

269

break;

never executed: break;

0

270

#endif

-

271

-

272

case TLS_ST_SW_FINISHED:

executed 72 times by 1 test: case TLS_ST_SW_FINISHED:

Executed by:

libssl.so.1.1

72

273

if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

mt == 0x0101	Description
TRUE	evaluated 70 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2-70

274

st->hand_state = TLS_ST_SR_CHANGE;

-

275

return 1;

executed 70 times by 1 test: return 1;

Executed by:

libssl.so.1.1

70

276

}

-

277

break;

executed 2 times by 1 test: break;

Executed by:

libssl.so.1.1

2

278

}

-

279

-

280

err:

code before this statement executed 12 times by 1 test: err:

Executed by:

libssl.so.1.1

12

281

/* No valid transition found */

-

282

if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

mt == 0x0101	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-12

283

BIO *rbio;

-

284

-

285

/*

-

286

* CCS messages don't have a message sequence number so this is probably

-

287

* because of an out-of-order CCS. We'll just drop it.

-

288

*/

-

289

s->init_num = 0;

-

290

s->rwstate = SSL_READING;

-

291

rbio = SSL_get_rbio(s);

-

292

BIO_clear_retry_flags(rbio);

-

293

BIO_set_retry_read(rbio);

-

294

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1

295

}

-

296

SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,

-

297

SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,

-

298

SSL_R_UNEXPECTED_MESSAGE);

-

299

return 0;

executed 12 times by 1 test: return 0;

Executed by:

libssl.so.1.1

12

300

}

-

301

-

302

/*

-

303

* Should we send a ServerKeyExchange message?

-

304

*

-

305

* Valid return values are:

-

306

* 1: Yes

-

307

* 0: No

-

308

*/

-

309

static int send_server_key_exchange(SSL *s)

-

310

{

-

311

unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

-

312

-

313

/*

-

314

* only send a ServerKeyExchange if DH or fortezza but we have a

-

315

* sign only certificate PSK: may send PSK identity hints For

-

316

* ECC ciphersuites, we send a serverKeyExchange message only if

-

317

* the cipher suite is either ECDH-anon or ECDHE. In other cases,

-

318

* the server certificate contains the server's public key for

-

319

* key exchange.

-

320

*/

-

321

if (alg_k & (SSL_kDHE | SSL_kECDHE)

alg_k & (0x000...\| 0x00000004U)	Description
TRUE	evaluated 1144 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 284 times by 1 test Evaluated by: libssl.so.1.1

284-1144

322

/*

-

323

* PSK: send ServerKeyExchange if PSK identity hint if

-

324

* provided

-

325

*/

-

326

#ifndef OPENSSL_NO_PSK

-

327

/* Only send SKE if we have identity hint for plain PSK */

-

328

|| ((alg_k & (SSL_kPSK | SSL_kRSAPSK))

(alg_k & (0x00... 0x00000040U))	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 257 times by 1 test Evaluated by: libssl.so.1.1

27-257

329

&& s->cert->psk_identity_hint)

s->cert->psk_identity_hint	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

330

/* For other PSK always send SKE */

-

331

|| (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))

(alg_k & ((0x0...0x00000080U)))	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 282 times by 1 test Evaluated by: libssl.so.1.1

2-282

332

#endif

-

333

#ifndef OPENSSL_NO_SRP

-

334

/* SRP: send ServerKeyExchange */

-

335

|| (alg_k & SSL_kSRP)

(alg_k & 0x00000020U)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 272 times by 1 test Evaluated by: libssl.so.1.1

10-272

336

#endif

-

337

) {

-

338

return 1;

executed 1156 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1156

339

}

-

340

-

341

return 0;

executed 272 times by 1 test: return 0;

Executed by:

libssl.so.1.1

272

342

}

-

343

-

344

/*

-

345

* Should we send a CertificateRequest message?

-

346

*

-

347

* Valid return values are:

-

348

* 1: Yes

-

349

* 0: No

-

350

*/

-

351

int send_certificate_request(SSL *s)

-

352

{

-

353

if (

-

354

/* don't request cert unless asked for it: */

-

355

s->verify_mode & SSL_VERIFY_PEER

s->verify_mode & 0x01	Description
TRUE	evaluated 91 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1

91-2104

356

/*

-

357

* don't request if post-handshake-only unless doing

-

358

* post-handshake in TLSv1.3:

-

359

*/

-

360

&& (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 77 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 54 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 54 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!(s->verify_mode & 0x08)	Description
TRUE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1

0-77

361

|| s->post_handshake_auth == SSL_PHA_REQUEST_PENDING)

s->post_handsh...EQUEST_PENDING	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

6-8

362

/*

-

363

* if SSL_VERIFY_CLIENT_ONCE is set, don't request cert

-

364

* a second time:

-

365

*/

-

366

&& (s->certreqs_sent < 1 ||

s->certreqs_sent < 1	Description
TRUE	evaluated 79 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-79

367

!(s->verify_mode & SSL_VERIFY_CLIENT_ONCE))

!(s->verify_mode & 0x04)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2

368

/*

-

369

* never request cert in anonymous ciphersuites (see

-

370

* section "Certificate request" in SSL 3 drafts and in

-

371

* RFC 2246):

-

372

*/

-

373

&& (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)

!(s->s3->tmp.n...& 0x00000004U)	Description
TRUE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-81

374

/*

-

375

* ... except when the application insists on

-

376

* verification (against the specs, but statem_clnt.c accepts

-

377

* this for SSL 3)

-

378

*/

-

379

|| (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))

(s->verify_mode & 0x02)	Description
TRUE	never evaluated
FALSE	never evaluated

0

380

/* don't request certificate for SRP auth */

-

381

&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)

!(s->s3->tmp.n...& 0x00000040U)	Description
TRUE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-81

382

/*

-

383

* With normal PSK Certificates and Certificate Requests

-

384

* are omitted

-

385

*/

-

386

&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) {

!(s->s3->tmp.n...& 0x00000010U)	Description
TRUE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-81

387

return 1;

executed 81 times by 1 test: return 1;

Executed by:

libssl.so.1.1

81

388

}

-

389

-

390

return 0;

executed 2114 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2114

391

}

-

392

-

393

/*

-

394

* ossl_statem_server13_write_transition() works out what handshake state to

-

395

* move to next when a TLSv1.3 server is writing messages to be sent to the

-

396

* client.

-

397

*/

-

398

static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)

-

399

{

-

400

OSSL_STATEM *st = &s->statem;

-

401

-

402

/*

-

403

* No case for TLS_ST_BEFORE, because at that stage we have not negotiated

-

404

* TLSv1.3 yet, so that is handled by ossl_statem_server_write_transition()

-

405

*/

-

406

-

407

switch (st->hand_state) {

-

408

default:

never executed: default:

0

409

/* Shouldn't happen */

-

410

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

411

SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION,

-

412

ERR_R_INTERNAL_ERROR);

-

413

return WRITE_TRAN_ERROR;

never executed: return WRITE_TRAN_ERROR;

0

414

-

415

case TLS_ST_OK:

executed 55 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

55

416

if (s->key_update != SSL_KEY_UPDATE_NONE) {

s->key_update != -1	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 52 times by 1 test Evaluated by: libssl.so.1.1

3-52

417

st->hand_state = TLS_ST_SW_KEY_UPDATE;

-

418

return WRITE_TRAN_CONTINUE;

executed 3 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

3

419

}

-

420

if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {

s->post_handsh...EQUEST_PENDING	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

26

421

st->hand_state = TLS_ST_SW_CERT_REQ;

-

422

return WRITE_TRAN_CONTINUE;

executed 26 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

26

423

}

-

424

/* Try to read from the client instead */

-

425

return WRITE_TRAN_FINISHED;

executed 26 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

26

426

-

427

case TLS_ST_SR_CLNT_HELLO:

executed 971 times by 1 test: case TLS_ST_SR_CLNT_HELLO:

Executed by:

libssl.so.1.1

971

428

st->hand_state = TLS_ST_SW_SRVR_HELLO;

-

429

return WRITE_TRAN_CONTINUE;

executed 971 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

971

430

-

431

case TLS_ST_SW_SRVR_HELLO:

executed 968 times by 1 test: case TLS_ST_SW_SRVR_HELLO:

Executed by:

libssl.so.1.1

968

432

if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0

(s->options & ...0100000U) != 0	Description
TRUE	evaluated 960 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-960

433

&& s->hello_retry_request != SSL_HRR_COMPLETE)

s->hello_retry...L_HRR_COMPLETE	Description
TRUE	evaluated 927 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1

33-927

434

st->hand_state = TLS_ST_SW_CHANGE;

executed 927 times by 1 test: st->hand_state = TLS_ST_SW_CHANGE;

Executed by:

libssl.so.1.1

927

435

else if (s->hello_retry_request == SSL_HRR_PENDING)

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1

2-39

436

st->hand_state = TLS_ST_EARLY_DATA;

executed 2 times by 1 test: st->hand_state = TLS_ST_EARLY_DATA;

Executed by:

libssl.so.1.1

2

437

else

-

438

st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;

executed 39 times by 1 test: st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;

Executed by:

libssl.so.1.1

39

439

return WRITE_TRAN_CONTINUE;

executed 968 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

968

440

-

441

case TLS_ST_SW_CHANGE:

executed 927 times by 1 test: case TLS_ST_SW_CHANGE:

Executed by:

libssl.so.1.1

927

442

if (s->hello_retry_request == SSL_HRR_PENDING)

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 112 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 815 times by 1 test Evaluated by: libssl.so.1.1

112-815

443

st->hand_state = TLS_ST_EARLY_DATA;

executed 112 times by 1 test: st->hand_state = TLS_ST_EARLY_DATA;

Executed by:

libssl.so.1.1

112

444

else

-

445

st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;

executed 815 times by 1 test: st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;

Executed by:

libssl.so.1.1

815

446

return WRITE_TRAN_CONTINUE;

executed 927 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

927

447

-

448

case TLS_ST_SW_ENCRYPTED_EXTENSIONS:

executed 854 times by 1 test: case TLS_ST_SW_ENCRYPTED_EXTENSIONS:

Executed by:

libssl.so.1.1

854

449

if (s->hit)

s->hit	Description
TRUE	evaluated 113 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 741 times by 1 test Evaluated by: libssl.so.1.1

113-741

450

st->hand_state = TLS_ST_SW_FINISHED;

executed 113 times by 1 test: st->hand_state = TLS_ST_SW_FINISHED;

Executed by:

libssl.so.1.1

113

451

else if (send_certificate_request(s))

send_certificate_request(s)	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 721 times by 1 test Evaluated by: libssl.so.1.1

20-721

452

st->hand_state = TLS_ST_SW_CERT_REQ;

executed 20 times by 1 test: st->hand_state = TLS_ST_SW_CERT_REQ;

Executed by:

libssl.so.1.1

20

453

else

-

454

st->hand_state = TLS_ST_SW_CERT;

executed 721 times by 1 test: st->hand_state = TLS_ST_SW_CERT;

Executed by:

libssl.so.1.1

721

455

-

456

return WRITE_TRAN_CONTINUE;

executed 854 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

854

457

-

458

case TLS_ST_SW_CERT_REQ:

executed 45 times by 1 test: case TLS_ST_SW_CERT_REQ:

Executed by:

libssl.so.1.1

45

459

if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {

s->post_handsh...EQUEST_PENDING	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1

19-26

460

s->post_handshake_auth = SSL_PHA_REQUESTED;

-

461

st->hand_state = TLS_ST_OK;

-

462

} else {

executed 26 times by 1 test: end of block

Executed by:

libssl.so.1.1

26

463

st->hand_state = TLS_ST_SW_CERT;

-

464

}

executed 19 times by 1 test: end of block

Executed by:

libssl.so.1.1

19

465

return WRITE_TRAN_CONTINUE;

executed 45 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

45

466

-

467

case TLS_ST_SW_CERT:

executed 740 times by 1 test: case TLS_ST_SW_CERT:

Executed by:

libssl.so.1.1

740

468

st->hand_state = TLS_ST_SW_CERT_VRFY;

-

469

return WRITE_TRAN_CONTINUE;

executed 740 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

740

470

-

471

case TLS_ST_SW_CERT_VRFY:

executed 740 times by 1 test: case TLS_ST_SW_CERT_VRFY:

Executed by:

libssl.so.1.1

740

472

st->hand_state = TLS_ST_SW_FINISHED;

-

473

return WRITE_TRAN_CONTINUE;

executed 740 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

740

474

-

475

case TLS_ST_SW_FINISHED:

executed 853 times by 1 test: case TLS_ST_SW_FINISHED:

Executed by:

libssl.so.1.1

853

476

st->hand_state = TLS_ST_EARLY_DATA;

-

477

return WRITE_TRAN_CONTINUE;

executed 853 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

853

478

-

479

case TLS_ST_EARLY_DATA:

executed 957 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

957

480

return WRITE_TRAN_FINISHED;

executed 957 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

957

481

-

482

case TLS_ST_SR_FINISHED:

executed 587 times by 1 test: case TLS_ST_SR_FINISHED:

Executed by:

libssl.so.1.1

587

483

/*

-

484

* Technically we have finished the handshake at this point, but we're

-

485

* going to remain "in_init" for now and write out any session tickets

-

486

* immediately.

-

487

*/

-

488

if (s->post_handshake_auth == SSL_PHA_REQUESTED) {

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 565 times by 1 test Evaluated by: libssl.so.1.1

22-565

489

s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;

-

490

} else if (!s->ext.ticket_expected) {

executed 22 times by 1 test: end of block

Executed by:

libssl.so.1.1

!s->ext.ticket_expected	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 561 times by 1 test Evaluated by: libssl.so.1.1

4-561

491

/*

-

492

* If we're not going to renew the ticket then we just finish the

-

493

* handshake at this point.

-

494

*/

-

495

st->hand_state = TLS_ST_OK;

-

496

return WRITE_TRAN_CONTINUE;

executed 4 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

4

497

}

-

498

if (s->num_tickets > s->sent_tickets)

s->num_tickets...->sent_tickets	Description
TRUE	evaluated 577 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-577

499

st->hand_state = TLS_ST_SW_SESSION_TICKET;

executed 577 times by 1 test: st->hand_state = TLS_ST_SW_SESSION_TICKET;

Executed by:

libssl.so.1.1

577

500

else

-

501

st->hand_state = TLS_ST_OK;

executed 6 times by 1 test: st->hand_state = TLS_ST_OK;

Executed by:

libssl.so.1.1

6

502

return WRITE_TRAN_CONTINUE;

executed 583 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

583

503

-

504

case TLS_ST_SR_KEY_UPDATE:

executed 3 times by 1 test: case TLS_ST_SR_KEY_UPDATE:

Executed by:

libssl.so.1.1

3

505

if (s->key_update != SSL_KEY_UPDATE_NONE) {

s->key_update != -1	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

1-2

506

st->hand_state = TLS_ST_SW_KEY_UPDATE;

-

507

return WRITE_TRAN_CONTINUE;

executed 1 time by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1

508

}

-

509

/* Fall through */

-

510

-

511

case TLS_ST_SW_KEY_UPDATE:

code before this statement executed 2 times by 1 test: case TLS_ST_SW_KEY_UPDATE:

Executed by:

libssl.so.1.1

executed 4 times by 1 test: case TLS_ST_SW_KEY_UPDATE:

Executed by:

libssl.so.1.1

2-4

512

st->hand_state = TLS_ST_OK;

-

513

return WRITE_TRAN_CONTINUE;

executed 6 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

6

514

-

515

case TLS_ST_SW_SESSION_TICKET:

executed 1033 times by 1 test: case TLS_ST_SW_SESSION_TICKET:

Executed by:

libssl.so.1.1

1033

516

/* In a resumption we only ever send a maximum of one new ticket.

-

517

* Following an initial handshake we send the number of tickets we have

-

518

* been configured for.

-

519

*/

-

520

if (s->hit || s->num_tickets <= s->sent_tickets) {

s->hit	Description
TRUE	evaluated 111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 922 times by 1 test Evaluated by: libssl.so.1.1

s->num_tickets...->sent_tickets	Description
TRUE	evaluated 466 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 456 times by 1 test Evaluated by: libssl.so.1.1

111-922

521

/* We've written enough tickets out. */

-

522

st->hand_state = TLS_ST_OK;

-

523

}

executed 577 times by 1 test: end of block

Executed by:

libssl.so.1.1

577

524

return WRITE_TRAN_CONTINUE;

executed 1033 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1033

525

}

-

526

}

-

527

-

528

/*

-

529

* ossl_statem_server_write_transition() works out what handshake state to move

-

530

* to next when the server is writing messages to be sent to the client.

-

531

*/

-

532

WRITE_TRAN ossl_statem_server_write_transition(SSL *s)

-

533

{

-

534

OSSL_STATEM *st = &s->statem;

-

535

-

536

/*

-

537

* Note that before the ClientHello we don't know what version we are going

-

538

* to negotiate yet, so we don't take this branch until later

-

539

*/

-

540

-

541

if (SSL_IS_TLS13(s))

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 21813 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1704 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 12219 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9594 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 8737 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3482 times by 1 test Evaluated by: libssl.so.1.1

1704-21813

542

return ossl_statem_server13_write_transition(s);

executed 8737 times by 1 test: return ossl_statem_server13_write_transition(s);

Executed by:

libssl.so.1.1

8737

543

-

544

switch (st->hand_state) {

-

545

default:

never executed: default:

0

546

/* Shouldn't happen */

-

547

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

548

SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION,

-

549

ERR_R_INTERNAL_ERROR);

-

550

return WRITE_TRAN_ERROR;

never executed: return WRITE_TRAN_ERROR;

0

551

-

552

case TLS_ST_OK:

executed 32 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

32

553

if (st->request_state == TLS_ST_SW_HELLO_REQ) {

st->request_st...T_SW_HELLO_REQ	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

8-24

554

/* We must be trying to renegotiate */

-

555

st->hand_state = TLS_ST_SW_HELLO_REQ;

-

556

st->request_state = TLS_ST_BEFORE;

-

557

return WRITE_TRAN_CONTINUE;

executed 8 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

8

558

}

-

559

/* Must be an incoming ClientHello */

-

560

if (!tls_setup_handshake(s)) {

!tls_setup_handshake(s)	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-24

561

/* SSLfatal() already called */

-

562

return WRITE_TRAN_ERROR;

never executed: return WRITE_TRAN_ERROR;

0

563

}

-

564

/* Fall through */

-

565

-

566

case TLS_ST_BEFORE:

code before this statement executed 24 times by 1 test: case TLS_ST_BEFORE:

Executed by:

libssl.so.1.1

executed 3663 times by 1 test: case TLS_ST_BEFORE:

Executed by:

libssl.so.1.1

24-3663

567

/* Just go straight to trying to read from the client */

-

568

return WRITE_TRAN_FINISHED;

executed 3687 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

3687

569

-

570

case TLS_ST_SW_HELLO_REQ:

executed 8 times by 1 test: case TLS_ST_SW_HELLO_REQ:

Executed by:

libssl.so.1.1

8

571

st->hand_state = TLS_ST_OK;

-

572

return WRITE_TRAN_CONTINUE;

executed 8 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

8

573

-

574

case TLS_ST_SR_CLNT_HELLO:

executed 1512 times by 1 test: case TLS_ST_SR_CLNT_HELLO:

Executed by:

libssl.so.1.1

1512

575

if (SSL_IS_DTLS(s) && !s->d1->cookie_verified

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1326 times by 1 test Evaluated by: libssl.so.1.1

!s->d1->cookie_verified	Description
TRUE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1326

576

&& (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) {

(SSL_get_optio...& 0x00002000U)	Description
TRUE	never evaluated
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

0-186

577

st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;

-

578

} else if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {

never executed: end of block

s->renegotiate == 0	Description
TRUE	evaluated 1490 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 1488 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-1490

579

/* We must have rejected the renegotiation */

-

580

st->hand_state = TLS_ST_OK;

-

581

return WRITE_TRAN_CONTINUE;

executed 2 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

2

582

} else {

-

583

st->hand_state = TLS_ST_SW_SRVR_HELLO;

-

584

}

executed 1510 times by 1 test: end of block

Executed by:

libssl.so.1.1

1510

585

return WRITE_TRAN_CONTINUE;

executed 1510 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1510

586

-

587

case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

never executed: case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

0

588

return WRITE_TRAN_FINISHED;

never executed: return WRITE_TRAN_FINISHED;

0

589

-

590

case TLS_ST_SW_SRVR_HELLO:

executed 1510 times by 1 test: case TLS_ST_SW_SRVR_HELLO:

Executed by:

libssl.so.1.1

1510

591

if (s->hit) {

s->hit	Description
TRUE	evaluated 82 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1428 times by 1 test Evaluated by: libssl.so.1.1

82-1428

592

if (s->ext.ticket_expected)

s->ext.ticket_expected	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 79 times by 1 test Evaluated by: libssl.so.1.1

3-79

593

st->hand_state = TLS_ST_SW_SESSION_TICKET;

executed 3 times by 1 test: st->hand_state = TLS_ST_SW_SESSION_TICKET;

Executed by:

libssl.so.1.1

3

594

else

-

595

st->hand_state = TLS_ST_SW_CHANGE;

executed 79 times by 1 test: st->hand_state = TLS_ST_SW_CHANGE;

Executed by:

libssl.so.1.1

79

596

} else {

-

597

/* Check if it is anon DH or anon ECDH, */

-

598

/* normal PSK or SRP */

-

599

if (!(s->s3->tmp.new_cipher->algorithm_auth &

!(s->s3->tmp.n... 0x00000010U))	Description
TRUE	evaluated 1359 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 69 times by 1 test Evaluated by: libssl.so.1.1

69-1359

600

(SSL_aNULL | SSL_aSRP | SSL_aPSK))) {

!(s->s3->tmp.n... 0x00000010U))	Description
TRUE	evaluated 1359 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 69 times by 1 test Evaluated by: libssl.so.1.1

69-1359

601

st->hand_state = TLS_ST_SW_CERT;

-

602

} else if (send_server_key_exchange(s)) {

executed 1359 times by 1 test: end of block

Executed by:

libssl.so.1.1

send_server_key_exchange(s)	Description
TRUE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

27-1359

603

st->hand_state = TLS_ST_SW_KEY_EXCH;

-

604

} else if (send_certificate_request(s)) {

executed 42 times by 1 test: end of block

Executed by:

libssl.so.1.1

send_certificate_request(s)	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-42

605

st->hand_state = TLS_ST_SW_CERT_REQ;

-

606

} else {

never executed: end of block

0

607

st->hand_state = TLS_ST_SW_SRVR_DONE;

-

608

}

executed 27 times by 1 test: end of block

Executed by:

libssl.so.1.1

27

609

}

-

610

return WRITE_TRAN_CONTINUE;

executed 1510 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1510

611

-

612

case TLS_ST_SW_CERT:

executed 1359 times by 1 test: case TLS_ST_SW_CERT:

Executed by:

libssl.so.1.1

1359

613

if (s->ext.status_expected) {

s->ext.status_expected	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1354 times by 1 test Evaluated by: libssl.so.1.1

5-1354

614

st->hand_state = TLS_ST_SW_CERT_STATUS;

-

615

return WRITE_TRAN_CONTINUE;

executed 5 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

5

616

}

-

617

/* Fall through */

-

618

-

619

case TLS_ST_SW_CERT_STATUS:

code before this statement executed 1354 times by 1 test: case TLS_ST_SW_CERT_STATUS:

Executed by:

libssl.so.1.1

executed 5 times by 1 test: case TLS_ST_SW_CERT_STATUS:

Executed by:

libssl.so.1.1

5-1354

620

if (send_server_key_exchange(s)) {

send_server_key_exchange(s)	Description
TRUE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 245 times by 1 test Evaluated by: libssl.so.1.1

245-1114

621

st->hand_state = TLS_ST_SW_KEY_EXCH;

-

622

return WRITE_TRAN_CONTINUE;

executed 1114 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1114

623

}

-

624

/* Fall through */

-

625

-

626

case TLS_ST_SW_KEY_EXCH:

code before this statement executed 245 times by 1 test: case TLS_ST_SW_KEY_EXCH:

Executed by:

libssl.so.1.1

executed 1156 times by 1 test: case TLS_ST_SW_KEY_EXCH:

Executed by:

libssl.so.1.1

245-1156

627

if (send_certificate_request(s)) {

send_certificate_request(s)	Description
TRUE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1366 times by 1 test Evaluated by: libssl.so.1.1

35-1366

628

st->hand_state = TLS_ST_SW_CERT_REQ;

-

629

return WRITE_TRAN_CONTINUE;

executed 35 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

35

630

}

-

631

/* Fall through */

-

632

-

633

case TLS_ST_SW_CERT_REQ:

code before this statement executed 1366 times by 1 test: case TLS_ST_SW_CERT_REQ:

Executed by:

libssl.so.1.1

executed 35 times by 1 test: case TLS_ST_SW_CERT_REQ:

Executed by:

libssl.so.1.1

35-1366

634

st->hand_state = TLS_ST_SW_SRVR_DONE;

-

635

return WRITE_TRAN_CONTINUE;

executed 1401 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1401

636

-

637

case TLS_ST_SW_SRVR_DONE:

executed 1428 times by 1 test: case TLS_ST_SW_SRVR_DONE:

Executed by:

libssl.so.1.1

1428

638

return WRITE_TRAN_FINISHED;

executed 1428 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

1428

639

-

640

case TLS_ST_SR_FINISHED:

executed 1046 times by 1 test: case TLS_ST_SR_FINISHED:

Executed by:

libssl.so.1.1

1046

641

if (s->hit) {

s->hit	Description
TRUE	evaluated 62 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 984 times by 1 test Evaluated by: libssl.so.1.1

62-984

642

st->hand_state = TLS_ST_OK;

-

643

return WRITE_TRAN_CONTINUE;

executed 62 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

62

644

} else if (s->ext.ticket_expected) {

s->ext.ticket_expected	Description
TRUE	evaluated 891 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 93 times by 1 test Evaluated by: libssl.so.1.1

93-891

645

st->hand_state = TLS_ST_SW_SESSION_TICKET;

-

646

} else {

executed 891 times by 1 test: end of block

Executed by:

libssl.so.1.1

891

647

st->hand_state = TLS_ST_SW_CHANGE;

-

648

}

executed 93 times by 1 test: end of block

Executed by:

libssl.so.1.1

93

649

return WRITE_TRAN_CONTINUE;

executed 984 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

984

650

-

651

case TLS_ST_SW_SESSION_TICKET:

executed 894 times by 1 test: case TLS_ST_SW_SESSION_TICKET:

Executed by:

libssl.so.1.1

894

652

st->hand_state = TLS_ST_SW_CHANGE;

-

653

return WRITE_TRAN_CONTINUE;

executed 894 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

894

654

-

655

case TLS_ST_SW_CHANGE:

executed 1066 times by 1 test: case TLS_ST_SW_CHANGE:

Executed by:

libssl.so.1.1

1066

656

st->hand_state = TLS_ST_SW_FINISHED;

-

657

return WRITE_TRAN_CONTINUE;

executed 1066 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1066

658

-

659

case TLS_ST_SW_FINISHED:

executed 1066 times by 1 test: case TLS_ST_SW_FINISHED:

Executed by:

libssl.so.1.1

1066

660

if (s->hit) {

s->hit	Description
TRUE	evaluated 82 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 984 times by 1 test Evaluated by: libssl.so.1.1

82-984

661

return WRITE_TRAN_FINISHED;

executed 82 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

82

662

}

-

663

st->hand_state = TLS_ST_OK;

-

664

return WRITE_TRAN_CONTINUE;

executed 984 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

984

665

}

-

666

}

-

667

-

668

/*

-

669

* Perform any pre work that needs to be done prior to sending a message from

-

670

* the server to the client.

-

671

*/

-

672

WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)

-

673

{

-

674

OSSL_STATEM *st = &s->statem;

-

675

-

676

switch (st->hand_state) {

-

677

default:

executed 6858 times by 1 test: default:

Executed by:

libssl.so.1.1

6858

678

/* No pre work to be done */

-

679

break;

executed 6858 times by 1 test: break;

Executed by:

libssl.so.1.1

6858

680

-

681

case TLS_ST_SW_HELLO_REQ:

executed 8 times by 1 test: case TLS_ST_SW_HELLO_REQ:

Executed by:

libssl.so.1.1

8

682

s->shutdown = 0;

-

683

if (SSL_IS_DTLS(s))

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

3-5

684

dtls1_clear_sent_buffer(s);

executed 3 times by 1 test: dtls1_clear_sent_buffer(s);

Executed by:

libssl.so.1.1

3

685

break;

executed 8 times by 1 test: break;

Executed by:

libssl.so.1.1

8

686

-

687

case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

never executed: case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

0

688

s->shutdown = 0;

-

689

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	never evaluated
FALSE	never evaluated

0

690

dtls1_clear_sent_buffer(s);

-

691

/* We don't buffer this message so don't use the timer */

-

692

st->use_timer = 0;

-

693

}

never executed: end of block

0

694

break;

never executed: break;

0

695

-

696

case TLS_ST_SW_SRVR_HELLO:

executed 2481 times by 1 test: case TLS_ST_SW_SRVR_HELLO:

Executed by:

libssl.so.1.1

2481

697

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2295 times by 1 test Evaluated by: libssl.so.1.1

186-2295

698

/*

-

699

* Messages we write from now on should be buffered and

-

700

* retransmitted if necessary, so we need to use the timer now

-

701

*/

-

702

st->use_timer = 1;

-

703

}

executed 186 times by 1 test: end of block

Executed by:

libssl.so.1.1

186

704

break;

executed 2481 times by 1 test: break;

Executed by:

libssl.so.1.1

2481

705

-

706

case TLS_ST_SW_SRVR_DONE:

executed 1428 times by 1 test: case TLS_ST_SW_SRVR_DONE:

Executed by:

libssl.so.1.1

1428

707

#ifndef OPENSSL_NO_SCTP

-

708

if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {

-

709

/* Calls SSLfatal() as required */

-

710

return dtls_wait_for_dry(s);

-

711

}

-

712

#endif

-

713

return WORK_FINISHED_CONTINUE;

executed 1428 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

1428

714

-

715

case TLS_ST_SW_SESSION_TICKET:

executed 1927 times by 1 test: case TLS_ST_SW_SESSION_TICKET:

Executed by:

libssl.so.1.1

1927

716

if (SSL_IS_TLS13(s) && s->sent_tickets == 0) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1783 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 750 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->sent_tickets == 0	Description
TRUE	evaluated 577 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 456 times by 1 test Evaluated by: libssl.so.1.1

0-1783

717

/*

-

718

* Actually this is the end of the handshake, but we're going

-

719

* straight into writing the session ticket out. So we finish off

-

720

* the handshake, but keep the various buffers active.

-

721

*

-

722

* Calls SSLfatal as required.

-

723

*/

-

724

return tls_finish_handshake(s, wst, 0, 0);

executed 577 times by 1 test: return tls_finish_handshake(s, wst, 0, 0);

Executed by:

libssl.so.1.1

577

725

} if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1206 times by 1 test Evaluated by: libssl.so.1.1

144-1206

726

/*

-

727

* We're into the last flight. We don't retransmit the last flight

-

728

* unless we need to, so we don't use the timer

-

729

*/

-

730

st->use_timer = 0;

-

731

}

executed 144 times by 1 test: end of block

Executed by:

libssl.so.1.1

144

732

break;

executed 1350 times by 1 test: break;

Executed by:

libssl.so.1.1

1350

733

-

734

case TLS_ST_SW_CHANGE:

executed 1993 times by 1 test: case TLS_ST_SW_CHANGE:

Executed by:

libssl.so.1.1

1993

735

if (SSL_IS_TLS13(s))

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1816 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 927 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 889 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 927 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1816

736

break;

executed 927 times by 1 test: break;

Executed by:

libssl.so.1.1

927

737

s->session->cipher = s->s3->tmp.new_cipher;

-

738

if (!s->method->ssl3_enc->setup_key_block(s)) {

!s->method->ss...p_key_block(s)	Description
TRUE	never evaluated
FALSE	evaluated 1066 times by 1 test Evaluated by: libssl.so.1.1

0-1066

739

/* SSLfatal() already called */

-

740

return WORK_ERROR;

never executed: return WORK_ERROR;

0

741

}

-

742

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 889 times by 1 test Evaluated by: libssl.so.1.1

177-889

743

/*

-

744

* We're into the last flight. We don't retransmit the last flight

-

745

* unless we need to, so we don't use the timer. This might have

-

746

* already been set to 0 if we sent a NewSessionTicket message,

-

747

* but we'll set it again here in case we didn't.

-

748

*/

-

749

st->use_timer = 0;

-

750

}

executed 177 times by 1 test: end of block

Executed by:

libssl.so.1.1

177

751

return WORK_FINISHED_CONTINUE;

executed 1066 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

1066

752

-

753

case TLS_ST_EARLY_DATA:

executed 967 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

967

754

if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING

s->early_data_...DATA_ACCEPTING	Description
TRUE	evaluated 811 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 156 times by 1 test Evaluated by: libssl.so.1.1

156-811

755

&& (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)

(s->s3->flags & 0x0800) == 0	Description
TRUE	evaluated 808 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-808

756

return WORK_FINISHED_CONTINUE;

executed 808 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

808

757

/* Fall through */

-

758

-

759

case TLS_ST_OK:

code before this statement executed 159 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

executed 1834 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

159-1834

760

/* Calls SSLfatal() as required */

-

761

return tls_finish_handshake(s, wst, 1, 1);

executed 1834 times by 1 test: return tls_finish_handshake(s, wst, 1, 1);

Executed by:

libssl.so.1.1

1834

762

}

-

763

-

764

return WORK_FINISHED_CONTINUE;

executed 11624 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

11624

765

}

-

766

-

767

static ossl_inline int conn_is_closed(void)

-

768

{

-

769

switch (get_last_sys_error()) {

-

770

#if defined(EPIPE)

-

771

case EPIPE:

never executed: case 32 :

0

772

return 1;

never executed: return 1;

0

773

#endif

-

774

#if defined(ECONNRESET)

-

775

case ECONNRESET:

never executed: case 104 :

0

776

return 1;

never executed: return 1;

0

777

#endif

-

778

default:

never executed: default:

0

779

return 0;

never executed: return 0;

0

780

}

-

781

}

-

782

-

783

/*

-

784

* Perform any work that needs to be done after sending a message from the

-

785

* server to the client.

-

786

*/

-

787

WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)

-

788

{

-

789

OSSL_STATEM *st = &s->statem;

-

790

-

791

s->init_num = 0;

-

792

-

793

switch (st->hand_state) {

-

794

default:

executed 5662 times by 1 test: default:

Executed by:

libssl.so.1.1

5662

795

/* No post work to be done */

-

796

break;

executed 5662 times by 1 test: break;

Executed by:

libssl.so.1.1

5662

797

-

798

case TLS_ST_SW_HELLO_REQ:

executed 8 times by 1 test: case TLS_ST_SW_HELLO_REQ:

Executed by:

libssl.so.1.1

8

799

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

800

return WORK_MORE_A;

never executed: return WORK_MORE_A;

0

801

if (!ssl3_init_finished_mac(s)) {

!ssl3_init_finished_mac(s)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

802

/* SSLfatal() already called */

-

803

return WORK_ERROR;

never executed: return WORK_ERROR;

0

804

}

-

805

break;

executed 8 times by 1 test: break;

Executed by:

libssl.so.1.1

8

806

-

807

case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

never executed: case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

0

808

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	never evaluated
FALSE	never evaluated

0

809

return WORK_MORE_A;

never executed: return WORK_MORE_A;

0

810

/* HelloVerifyRequest resets Finished MAC */

-

811

if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {

s->version != 0x0100	Description
TRUE	never evaluated
FALSE	never evaluated

!ssl3_init_finished_mac(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0

812

/* SSLfatal() already called */

-

813

return WORK_ERROR;

never executed: return WORK_ERROR;

0

814

}

-

815

/*

-

816

* The next message should be another ClientHello which we need to

-

817

* treat like it was the first packet

-

818

*/

-

819

s->first_packet = 1;

-

820

break;

never executed: break;

0

821

-

822

case TLS_ST_SW_SRVR_HELLO:

executed 2478 times by 1 test: case TLS_ST_SW_SRVR_HELLO:

Executed by:

libssl.so.1.1

2478

823

if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2292 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 968 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1324 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 968 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1

0-2292

824

if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0

(s->options & ...0100000U) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 112 times by 1 test Evaluated by: libssl.so.1.1

2-112

825

&& statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

826

return WORK_MORE_A;

never executed: return WORK_MORE_A;

0

827

break;

executed 114 times by 1 test: break;

Executed by:

libssl.so.1.1

114

828

}

-

829

#ifndef OPENSSL_NO_SCTP

-

830

if (SSL_IS_DTLS(s) && s->hit) {

-

831

unsigned char sctpauthkey[64];

-

832

char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];

-

833

-

834

/*

-

835

* Add new shared key for SCTP-Auth, will be ignored if no

-

836

* SCTP used.

-

837

*/

-

838

memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,

-

839

sizeof(DTLS1_SCTP_AUTH_LABEL));

-

840

-

841

if (SSL_export_keying_material(s, sctpauthkey,

-

842

sizeof(sctpauthkey), labelbuffer,

-

843

sizeof(labelbuffer), NULL, 0,

-

844

0) <= 0) {

-

845

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

846

SSL_F_OSSL_STATEM_SERVER_POST_WORK,

-

847

ERR_R_INTERNAL_ERROR);

-

848

return WORK_ERROR;

-

849

}

-

850

-

851

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,

-

852

sizeof(sctpauthkey), sctpauthkey);

-

853

}

-

854

#endif

-

855

if (!SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2178 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1324 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2178

856

|| ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0

(s->options & ...0100000U) != 0	Description
TRUE	evaluated 848 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-848

857

&& s->hello_retry_request != SSL_HRR_COMPLETE))

s->hello_retry...L_HRR_COMPLETE	Description
TRUE	evaluated 815 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1

33-815

858

break;

executed 2325 times by 1 test: break;

Executed by:

libssl.so.1.1

2325

859

/* Fall through */

-

860

-

861

case TLS_ST_SW_CHANGE:

code before this statement executed 39 times by 1 test: case TLS_ST_SW_CHANGE:

Executed by:

libssl.so.1.1

executed 1993 times by 1 test: case TLS_ST_SW_CHANGE:

Executed by:

libssl.so.1.1

39-1993

862

if (s->hello_retry_request == SSL_HRR_PENDING) {

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 112 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1920 times by 1 test Evaluated by: libssl.so.1.1

112-1920

863

if (!statem_flush(s))

!statem_flush(s)	Description
TRUE	never evaluated
FALSE	evaluated 112 times by 1 test Evaluated by: libssl.so.1.1

0-112

864

return WORK_MORE_A;

never executed: return WORK_MORE_A;

0

865

break;

executed 112 times by 1 test: break;

Executed by:

libssl.so.1.1

112

866

}

-

867

-

868

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1743 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 889 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1743

869

if (!s->method->ssl3_enc->setup_key_block(s)

!s->method->ss...p_key_block(s)	Description
TRUE	never evaluated
FALSE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1

0-854

870

|| !s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x020\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1

0-854

871

SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) {

!s->method->ss...(0x020\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1

0-854

872

/* SSLfatal() already called */

-

873

return WORK_ERROR;

never executed: return WORK_ERROR;

0

874

}

-

875

-

876

if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED

s->ext.early_data != 2	Description
TRUE	evaluated 832 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

22-832

877

&& !s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 832 times by 1 test Evaluated by: libssl.so.1.1

0-832

878

SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) {

!s->method->ss...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 832 times by 1 test Evaluated by: libssl.so.1.1

0-832

879

/* SSLfatal() already called */

-

880

return WORK_ERROR;

never executed: return WORK_ERROR;

0

881

}

-

882

/*

-

883

* We don't yet know whether the next record we are going to receive

-

884

* is an unencrypted alert, an encrypted alert, or an encrypted

-

885

* handshake message. We temporarily tolerate unencrypted alerts.

-

886

*/

-

887

s->statem.enc_read_state = ENC_READ_STATE_ALLOW_PLAIN_ALERTS;

-

888

break;

executed 854 times by 1 test: break;

Executed by:

libssl.so.1.1

854

889

}

-

890

-

891

#ifndef OPENSSL_NO_SCTP

-

892

if (SSL_IS_DTLS(s) && !s->hit) {

-

893

/*

-

894

* Change to new shared key of SCTP-Auth, will be ignored if

-

895

* no SCTP used.

-

896

*/

-

897

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,

-

898

0, NULL);

-

899

}

-

900

#endif

-

901

if (!s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x020\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 1066 times by 1 test Evaluated by: libssl.so.1.1

0-1066

902

SSL3_CHANGE_CIPHER_SERVER_WRITE))

!s->method->ss...(0x020\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 1066 times by 1 test Evaluated by: libssl.so.1.1

0-1066

903

{

-

904

/* SSLfatal() already called */

-

905

return WORK_ERROR;

never executed: return WORK_ERROR;

0

906

}

-

907

-

908

if (SSL_IS_DTLS(s))

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 889 times by 1 test Evaluated by: libssl.so.1.1

177-889

909

dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);

executed 177 times by 1 test: dtls1_reset_seq_numbers(s, 0x002);

Executed by:

libssl.so.1.1

177

910

break;

executed 1066 times by 1 test: break;

Executed by:

libssl.so.1.1

1066

911

-

912

case TLS_ST_SW_SRVR_DONE:

executed 1718 times by 1 test: case TLS_ST_SW_SRVR_DONE:

Executed by:

libssl.so.1.1

1718

913

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	evaluated 290 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1428 times by 1 test Evaluated by: libssl.so.1.1

290-1428

914

return WORK_MORE_A;

executed 290 times by 1 test: return WORK_MORE_A;

Executed by:

libssl.so.1.1

290

915

break;

executed 1428 times by 1 test: break;

Executed by:

libssl.so.1.1

1428

916

-

917

case TLS_ST_SW_FINISHED:

executed 2031 times by 1 test: case TLS_ST_SW_FINISHED:

Executed by:

libssl.so.1.1

2031

918

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	evaluated 112 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1919 times by 1 test Evaluated by: libssl.so.1.1

112-1919

919

return WORK_MORE_A;

executed 112 times by 1 test: return WORK_MORE_A;

Executed by:

libssl.so.1.1

112

920

#ifndef OPENSSL_NO_SCTP

-

921

if (SSL_IS_DTLS(s) && s->hit) {

-

922

/*

-

923

* Change to new shared key of SCTP-Auth, will be ignored if

-

924

* no SCTP used.

-

925

*/

-

926

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,

-

927

0, NULL);

-

928

}

-

929

#endif

-

930

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 889 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1742

931

if (!s->method->ssl3_enc->generate_master_secret(s,

!s->method->ss...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1

0-853

932

s->master_secret, s->handshake_secret, 0,

!s->method->ss...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1

0-853

933

&s->session->master_key_length)

!s->method->ss...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1

0-853

934

|| !s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x020\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1

0-853

935

SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))

!s->method->ss...(0x020\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1

0-853

936

/* SSLfatal() already called */

-

937

return WORK_ERROR;

never executed: return WORK_ERROR;

0

938

}

executed 853 times by 1 test: end of block

Executed by:

libssl.so.1.1

853

939

break;

executed 1919 times by 1 test: break;

Executed by:

libssl.so.1.1

1919

940

-

941

case TLS_ST_SW_CERT_REQ:

executed 80 times by 1 test: case TLS_ST_SW_CERT_REQ:

Executed by:

libssl.so.1.1

80

942

if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {

s->post_handsh...EQUEST_PENDING	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 54 times by 1 test Evaluated by: libssl.so.1.1

26-54

943

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

944

return WORK_MORE_A;

never executed: return WORK_MORE_A;

0

945

}

executed 26 times by 1 test: end of block

Executed by:

libssl.so.1.1

26

946

break;

executed 80 times by 1 test: break;

Executed by:

libssl.so.1.1

80

947

-

948

case TLS_ST_SW_KEY_UPDATE:

executed 4 times by 1 test: case TLS_ST_SW_KEY_UPDATE:

Executed by:

libssl.so.1.1

4

949

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

950

return WORK_MORE_A;

never executed: return WORK_MORE_A;

0

951

if (!tls13_update_key(s, 1)) {

!tls13_update_key(s, 1)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

952

/* SSLfatal() already called */

-

953

return WORK_ERROR;

never executed: return WORK_ERROR;

0

954

}

-

955

break;

executed 4 times by 1 test: break;

Executed by:

libssl.so.1.1

4

956

-

957

case TLS_ST_SW_SESSION_TICKET:

executed 1993 times by 1 test: case TLS_ST_SW_SESSION_TICKET:

Executed by:

libssl.so.1.1

1993

958

clear_sys_error();

-

959

if (SSL_IS_TLS13(s) && statem_flush(s) != 1) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1849 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1099 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 750 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1099 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

statem_flush(s) != 1	Description
TRUE	evaluated 66 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1849

960

if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL

SSL_get_error(s, 0) == 5	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 1 test Evaluated by: libssl.so.1.1

0-66

961

&& conn_is_closed()) {

conn_is_closed()	Description
TRUE	never evaluated
FALSE	never evaluated

0

962

/*

-

963

* We ignore connection closed errors in TLSv1.3 when sending a

-

964

* NewSessionTicket and behave as if we were successful. This is

-

965

* so that we are still able to read data sent to us by a client

-

966

* that closes soon after the end of the handshake without

-

967

* waiting to read our post-handshake NewSessionTickets.

-

968

*/

-

969

s->rwstate = SSL_NOTHING;

-

970

break;

never executed: break;

0

971

}

-

972

-

973

return WORK_MORE_A;

executed 66 times by 1 test: return WORK_MORE_A;

Executed by:

libssl.so.1.1

66

974

}

-

975

break;

executed 1927 times by 1 test: break;

Executed by:

libssl.so.1.1

1927

976

}

-

977

-

978

return WORK_FINISHED_CONTINUE;

executed 15499 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

15499

979

}

-

980

-

981

/*

-

982

* Get the message construction function and message type for sending from the

-

983

* server

-

984

*

-

985

* Valid return values are:

-

986

* 1: Success

-

987

* 0: Error

-

988

*/

-

989

int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,

-

990

confunc_f *confunc, int *mt)

-

991

{

-

992

OSSL_STATEM *st = &s->statem;

-

993

-

994

switch (st->hand_state) {

-

995

default:

never executed: default:

0

996

/* Shouldn't happen */

-

997

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

998

SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,

-

999

SSL_R_BAD_HANDSHAKE_STATE);

-

1000

return 0;

never executed: return 0;

0

1001

-

1002

case TLS_ST_SW_CHANGE:

executed 1993 times by 1 test: case TLS_ST_SW_CHANGE:

Executed by:

libssl.so.1.1

1993

1003

if (SSL_IS_DTLS(s))

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1816 times by 1 test Evaluated by: libssl.so.1.1

177-1816

1004

*confunc = dtls_construct_change_cipher_spec;

executed 177 times by 1 test: *confunc = dtls_construct_change_cipher_spec;

Executed by:

libssl.so.1.1

177

1005

else

-

1006

*confunc = tls_construct_change_cipher_spec;

executed 1816 times by 1 test: *confunc = tls_construct_change_cipher_spec;

Executed by:

libssl.so.1.1

1816

1007

*mt = SSL3_MT_CHANGE_CIPHER_SPEC;

-

1008

break;

executed 1993 times by 1 test: break;

Executed by:

libssl.so.1.1

1993

1009

-

1010

case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

never executed: case DTLS_ST_SW_HELLO_VERIFY_REQUEST:

0

1011

*confunc = dtls_construct_hello_verify_request;

-

1012

*mt = DTLS1_MT_HELLO_VERIFY_REQUEST;

-

1013

break;

never executed: break;

0

1014

-

1015

case TLS_ST_SW_HELLO_REQ:

executed 8 times by 1 test: case TLS_ST_SW_HELLO_REQ:

Executed by:

libssl.so.1.1

8

1016

/* No construction function needed */

-

1017

*confunc = NULL;

-

1018

*mt = SSL3_MT_HELLO_REQUEST;

-

1019

break;

executed 8 times by 1 test: break;

Executed by:

libssl.so.1.1

8

1020

-

1021

case TLS_ST_SW_SRVR_HELLO:

executed 2481 times by 1 test: case TLS_ST_SW_SRVR_HELLO:

Executed by:

libssl.so.1.1

2481

1022

*confunc = tls_construct_server_hello;

-

1023

*mt = SSL3_MT_SERVER_HELLO;

-

1024

break;

executed 2481 times by 1 test: break;

Executed by:

libssl.so.1.1

2481

1025

-

1026

case TLS_ST_SW_CERT:

executed 2099 times by 1 test: case TLS_ST_SW_CERT:

Executed by:

libssl.so.1.1

2099

1027

*confunc = tls_construct_server_certificate;

-

1028

*mt = SSL3_MT_CERTIFICATE;

-

1029

break;

executed 2099 times by 1 test: break;

Executed by:

libssl.so.1.1

2099

1030

-

1031

case TLS_ST_SW_CERT_VRFY:

executed 740 times by 1 test: case TLS_ST_SW_CERT_VRFY:

Executed by:

libssl.so.1.1

740

1032

*confunc = tls_construct_cert_verify;

-

1033

*mt = SSL3_MT_CERTIFICATE_VERIFY;

-

1034

break;

executed 740 times by 1 test: break;

Executed by:

libssl.so.1.1

740

1035

-

1036

-

1037

case TLS_ST_SW_KEY_EXCH:

executed 1156 times by 1 test: case TLS_ST_SW_KEY_EXCH:

Executed by:

libssl.so.1.1

1156

1038

*confunc = tls_construct_server_key_exchange;

-

1039

*mt = SSL3_MT_SERVER_KEY_EXCHANGE;

-

1040

break;

executed 1156 times by 1 test: break;

Executed by:

libssl.so.1.1

1156

1041

-

1042

case TLS_ST_SW_CERT_REQ:

executed 81 times by 1 test: case TLS_ST_SW_CERT_REQ:

Executed by:

libssl.so.1.1

81

1043

*confunc = tls_construct_certificate_request;

-

1044

*mt = SSL3_MT_CERTIFICATE_REQUEST;

-

1045

break;

executed 81 times by 1 test: break;

Executed by:

libssl.so.1.1

81

1046

-

1047

case TLS_ST_SW_SRVR_DONE:

executed 1428 times by 1 test: case TLS_ST_SW_SRVR_DONE:

Executed by:

libssl.so.1.1

1428

1048

*confunc = tls_construct_server_done;

-

1049

*mt = SSL3_MT_SERVER_DONE;

-

1050

break;

executed 1428 times by 1 test: break;

Executed by:

libssl.so.1.1

1428

1051

-

1052

case TLS_ST_SW_SESSION_TICKET:

executed 1927 times by 1 test: case TLS_ST_SW_SESSION_TICKET:

Executed by:

libssl.so.1.1

1927

1053

*confunc = tls_construct_new_session_ticket;

-

1054

*mt = SSL3_MT_NEWSESSION_TICKET;

-

1055

break;

executed 1927 times by 1 test: break;

Executed by:

libssl.so.1.1

1927

1056

-

1057

case TLS_ST_SW_CERT_STATUS:

executed 5 times by 1 test: case TLS_ST_SW_CERT_STATUS:

Executed by:

libssl.so.1.1

5

1058

*confunc = tls_construct_cert_status;

-

1059

*mt = SSL3_MT_CERTIFICATE_STATUS;

-

1060

break;

executed 5 times by 1 test: break;

Executed by:

libssl.so.1.1

5

1061

-

1062

case TLS_ST_SW_FINISHED:

executed 1919 times by 1 test: case TLS_ST_SW_FINISHED:

Executed by:

libssl.so.1.1

1919

1063

*confunc = tls_construct_finished;

-

1064

*mt = SSL3_MT_FINISHED;

-

1065

break;

executed 1919 times by 1 test: break;

Executed by:

libssl.so.1.1

1919

1066

-

1067

case TLS_ST_EARLY_DATA:

executed 808 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

808

1068

*confunc = NULL;

-

1069

*mt = SSL3_MT_DUMMY;

-

1070

break;

executed 808 times by 1 test: break;

Executed by:

libssl.so.1.1

808

1071

-

1072

case TLS_ST_SW_ENCRYPTED_EXTENSIONS:

executed 854 times by 1 test: case TLS_ST_SW_ENCRYPTED_EXTENSIONS:

Executed by:

libssl.so.1.1

854

1073

*confunc = tls_construct_encrypted_extensions;

-

1074

*mt = SSL3_MT_ENCRYPTED_EXTENSIONS;

-

1075

break;

executed 854 times by 1 test: break;

Executed by:

libssl.so.1.1

854

1076

-

1077

case TLS_ST_SW_KEY_UPDATE:

executed 4 times by 1 test: case TLS_ST_SW_KEY_UPDATE:

Executed by:

libssl.so.1.1

4

1078

*confunc = tls_construct_key_update;

-

1079

*mt = SSL3_MT_KEY_UPDATE;

-

1080

break;

executed 4 times by 1 test: break;

Executed by:

libssl.so.1.1

4

1081

}

-

1082

-

1083

return 1;

executed 15503 times by 1 test: return 1;

Executed by:

libssl.so.1.1

15503

1084

}

-

1085

-

1086

/*

-

1087

* Maximum size (excluding the Handshake header) of a ClientHello message,

-

1088

* calculated as follows:

-

1089

*

-

1090

* 2 + # client_version

-

1091

* 32 + # only valid length for random

-

1092

* 1 + # length of session_id

-

1093

* 32 + # maximum size for session_id

-

1094

* 2 + # length of cipher suites

-

1095

* 2^16-2 + # maximum length of cipher suites array

-

1096

* 1 + # length of compression_methods

-

1097

* 2^8-1 + # maximum length of compression methods

-

1098

* 2 + # length of extensions

-

1099

* 2^16-1 # maximum length of extensions

-

1100

*/

-

1101

#define CLIENT_HELLO_MAX_LENGTH 131396

-

1102

-

1103

#define CLIENT_KEY_EXCH_MAX_LENGTH 2048

-

1104

#define NEXT_PROTO_MAX_LENGTH 514

-

1105

-

1106

/*

-

1107

* Returns the maximum allowed length for the current message that we are

-

1108

* reading. Excludes the message header.

-

1109

*/

-

1110

size_t ossl_statem_server_max_message_size(SSL *s)

-

1111

{

-

1112

OSSL_STATEM *st = &s->statem;

-

1113

-

1114

switch (st->hand_state) {

-

1115

default:

never executed: default:

0

1116

/* Shouldn't happen */

-

1117

return 0;

never executed: return 0;

0

1118

-

1119

case TLS_ST_SR_CLNT_HELLO:

executed 3745 times by 1 test: case TLS_ST_SR_CLNT_HELLO:

Executed by:

libssl.so.1.1

3745

1120

return CLIENT_HELLO_MAX_LENGTH;

executed 3745 times by 1 test: return 131396;

Executed by:

libssl.so.1.1

3745

1121

-

1122

case TLS_ST_SR_END_OF_EARLY_DATA:

executed 16 times by 1 test: case TLS_ST_SR_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

16

1123

return END_OF_EARLY_DATA_MAX_LENGTH;

executed 16 times by 1 test: return 0;

Executed by:

libssl.so.1.1

16

1124

-

1125

case TLS_ST_SR_CERT:

executed 77 times by 1 test: case TLS_ST_SR_CERT:

Executed by:

libssl.so.1.1

77

1126

return s->max_cert_list;

executed 77 times by 1 test: return s->max_cert_list;

Executed by:

libssl.so.1.1

77

1127

-

1128

case TLS_ST_SR_KEY_EXCH:

executed 1253 times by 1 test: case TLS_ST_SR_KEY_EXCH:

Executed by:

libssl.so.1.1

1253

1129

return CLIENT_KEY_EXCH_MAX_LENGTH;

executed 1253 times by 1 test: return 2048;

Executed by:

libssl.so.1.1

1253

1130

-

1131

case TLS_ST_SR_CERT_VRFY:

executed 35 times by 1 test: case TLS_ST_SR_CERT_VRFY:

Executed by:

libssl.so.1.1

35

1132

return SSL3_RT_MAX_PLAIN_LENGTH;

executed 35 times by 1 test: return 16384;

Executed by:

libssl.so.1.1

35

1133

-

1134

#ifndef OPENSSL_NO_NEXTPROTONEG

-

1135

case TLS_ST_SR_NEXT_PROTO:

executed 21 times by 1 test: case TLS_ST_SR_NEXT_PROTO:

Executed by:

libssl.so.1.1

21

1136

return NEXT_PROTO_MAX_LENGTH;

executed 21 times by 1 test: return 514;

Executed by:

libssl.so.1.1

21

1137

#endif

-

1138

-

1139

case TLS_ST_SR_CHANGE:

executed 1217 times by 1 test: case TLS_ST_SR_CHANGE:

Executed by:

libssl.so.1.1

1217

1140

return CCS_MAX_LENGTH;

executed 1217 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1217

1141

-

1142

case TLS_ST_SR_FINISHED:

executed 1633 times by 1 test: case TLS_ST_SR_FINISHED:

Executed by:

libssl.so.1.1

1633

1143

return FINISHED_MAX_LENGTH;

executed 1633 times by 1 test: return 64;

Executed by:

libssl.so.1.1

1633

1144

-

1145

case TLS_ST_SR_KEY_UPDATE:

executed 3 times by 1 test: case TLS_ST_SR_KEY_UPDATE:

Executed by:

libssl.so.1.1

3

1146

return KEY_UPDATE_MAX_LENGTH;

executed 3 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3

1147

}

-

1148

}

-

1149

-

1150

/*

-

1151

* Process a message that the server has received from the client.

-

1152

*/

-

1153

MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)

-

1154

{

-

1155

OSSL_STATEM *st = &s->statem;

-

1156

-

1157

switch (st->hand_state) {

-

1158

default:

never executed: default:

0

1159

/* Shouldn't happen */

-

1160

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

1161

SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE,

-

1162

ERR_R_INTERNAL_ERROR);

-

1163

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

0

1164

-

1165

case TLS_ST_SR_CLNT_HELLO:

executed 3714 times by 1 test: case TLS_ST_SR_CLNT_HELLO:

Executed by:

libssl.so.1.1

3714

1166

return tls_process_client_hello(s, pkt);

executed 3714 times by 1 test: return tls_process_client_hello(s, pkt);

Executed by:

libssl.so.1.1

3714

1167

-

1168

case TLS_ST_SR_END_OF_EARLY_DATA:

executed 16 times by 1 test: case TLS_ST_SR_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

16

1169

return tls_process_end_of_early_data(s, pkt);

executed 16 times by 1 test: return tls_process_end_of_early_data(s, pkt);

Executed by:

libssl.so.1.1

16

1170

-

1171

case TLS_ST_SR_CERT:

executed 77 times by 1 test: case TLS_ST_SR_CERT:

Executed by:

libssl.so.1.1

77

1172

return tls_process_client_certificate(s, pkt);

executed 77 times by 1 test: return tls_process_client_certificate(s, pkt);

Executed by:

libssl.so.1.1

77

1173

-

1174

case TLS_ST_SR_KEY_EXCH:

executed 1250 times by 1 test: case TLS_ST_SR_KEY_EXCH:

Executed by:

libssl.so.1.1

1250

1175

return tls_process_client_key_exchange(s, pkt);

executed 1250 times by 1 test: return tls_process_client_key_exchange(s, pkt);

Executed by:

libssl.so.1.1

1250

1176

-

1177

case TLS_ST_SR_CERT_VRFY:

executed 35 times by 1 test: case TLS_ST_SR_CERT_VRFY:

Executed by:

libssl.so.1.1

35

1178

return tls_process_cert_verify(s, pkt);

executed 35 times by 1 test: return tls_process_cert_verify(s, pkt);

Executed by:

libssl.so.1.1

35

1179

-

1180

#ifndef OPENSSL_NO_NEXTPROTONEG

-

1181

case TLS_ST_SR_NEXT_PROTO:

executed 21 times by 1 test: case TLS_ST_SR_NEXT_PROTO:

Executed by:

libssl.so.1.1

21

1182

return tls_process_next_proto(s, pkt);

executed 21 times by 1 test: return tls_process_next_proto(s, pkt);

Executed by:

libssl.so.1.1

21

1183

#endif

-

1184

-

1185

case TLS_ST_SR_CHANGE:

executed 1217 times by 1 test: case TLS_ST_SR_CHANGE:

Executed by:

libssl.so.1.1

1217

1186

return tls_process_change_cipher_spec(s, pkt);

executed 1217 times by 1 test: return tls_process_change_cipher_spec(s, pkt);

Executed by:

libssl.so.1.1

1217

1187

-

1188

case TLS_ST_SR_FINISHED:

executed 1633 times by 1 test: case TLS_ST_SR_FINISHED:

Executed by:

libssl.so.1.1

1633

1189

return tls_process_finished(s, pkt);

executed 1633 times by 1 test: return tls_process_finished(s, pkt);

Executed by:

libssl.so.1.1

1633

1190

-

1191

case TLS_ST_SR_KEY_UPDATE:

executed 3 times by 1 test: case TLS_ST_SR_KEY_UPDATE:

Executed by:

libssl.so.1.1

3

1192

return tls_process_key_update(s, pkt);

executed 3 times by 1 test: return tls_process_key_update(s, pkt);

Executed by:

libssl.so.1.1

3

1193

-

1194

}

-

1195

}

-

1196

-

1197

/*

-

1198

* Perform any further processing required following the receipt of a message

-

1199

* from the client

-

1200

*/

-

1201

WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)

-

1202

{

-

1203

OSSL_STATEM *st = &s->statem;

-

1204

-

1205

switch (st->hand_state) {

-

1206

default:

never executed: default:

0

1207

/* Shouldn't happen */

-

1208

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

1209

SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE,

-

1210

ERR_R_INTERNAL_ERROR);

-

1211

return WORK_ERROR;

never executed: return WORK_ERROR;

0

1212

-

1213

case TLS_ST_SR_CLNT_HELLO:

executed 3660 times by 1 test: case TLS_ST_SR_CLNT_HELLO:

Executed by:

libssl.so.1.1

3660

1214

return tls_post_process_client_hello(s, wst);

executed 3660 times by 1 test: return tls_post_process_client_hello(s, wst);

Executed by:

libssl.so.1.1

3660

1215

-

1216

case TLS_ST_SR_KEY_EXCH:

executed 1189 times by 1 test: case TLS_ST_SR_KEY_EXCH:

Executed by:

libssl.so.1.1

1189

1217

return tls_post_process_client_key_exchange(s, wst);

executed 1189 times by 1 test: return tls_post_process_client_key_exchange(s, wst);

Executed by:

libssl.so.1.1

1189

1218

}

-

1219

}

-

1220

-

1221

#ifndef OPENSSL_NO_SRP

-

1222

/* Returns 1 on success, 0 for retryable error, -1 for fatal error */

-

1223

static int ssl_check_srp_ext_ClientHello(SSL *s)

-

1224

{

-

1225

int ret;

-

1226

int al = SSL_AD_UNRECOGNIZED_NAME;

-

1227

-

1228

if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&

(s->s3->tmp.ne...& 0x00000020U)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2471 times by 1 test Evaluated by: libssl.so.1.1

10-2471

1229

(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {

(s->srp_ctx.TL... ((void *)0) )	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-10

1230

if (s->srp_ctx.login == NULL) {

s->srp_ctx.log...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

1231

/*

-

1232

* RFC 5054 says SHOULD reject, we do so if There is no srp

-

1233

* login name

-

1234

*/

-

1235

SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,

-

1236

SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,

-

1237

SSL_R_PSK_IDENTITY_NOT_FOUND);

-

1238

return -1;

never executed: return -1;

0

1239

} else {

-

1240

ret = SSL_srp_server_param_with_username(s, &al);

-

1241

if (ret < 0)

ret < 0	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

1242

return 0;

never executed: return 0;

0

1243

if (ret == SSL3_AL_FATAL) {

ret == 2	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

1244

SSLfatal(s, al, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,

-

1245

al == SSL_AD_UNKNOWN_PSK_IDENTITY

-

1246

? SSL_R_PSK_IDENTITY_NOT_FOUND

-

1247

: SSL_R_CLIENTHELLO_TLSEXT);

-

1248

return -1;

never executed: return -1;

0

1249

}

-

1250

}

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

10

1251

}

-

1252

return 1;

executed 2481 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2481

1253

}

-

1254

#endif

-

1255

-

1256

int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,

-

1257

size_t cookie_len)

-

1258

{

-

1259

/* Always use DTLS 1.0 version: see RFC 6347 */

-

1260

if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION)

!WPACKET_put_b..., (0xFEFF), 2)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

1261

|| !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len))

!WPACKET_sub_m...ookie_len), 1)	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

1262

return 0;

never executed: return 0;

0

1263

-

1264

return 1;

executed 3 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3

1265

}

-

1266

-

1267

int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)

-

1268

{

-

1269

unsigned int cookie_leni;

-

1270

if (s->ctx->app_gen_cookie_cb == NULL ||

s->ctx->app_ge...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1271

s->ctx->app_gen_cookie_cb(s, s->d1->cookie,

s->ctx->app_ge...kie_leni) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1272

&cookie_leni) == 0 ||

s->ctx->app_ge...kie_leni) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1273

cookie_leni > 255) {

cookie_leni > 255	Description
TRUE	never evaluated
FALSE	never evaluated

0

1274

SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,

-

1275

SSL_R_COOKIE_GEN_CALLBACK_FAILURE);

-

1276

return 0;

never executed: return 0;

0

1277

}

-

1278

s->d1->cookie_len = cookie_leni;

-

1279

-

1280

if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,

!dtls_raw_hell...1->cookie_len)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1281

s->d1->cookie_len)) {

!dtls_raw_hell...1->cookie_len)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1282

SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,

-

1283

ERR_R_INTERNAL_ERROR);

-

1284

return 0;

never executed: return 0;

0

1285

}

-

1286

-

1287

return 1;

never executed: return 1;

0

1288

}

-

1289

-

1290

#ifndef OPENSSL_NO_EC

-

1291

/*-

-

1292

* ssl_check_for_safari attempts to fingerprint Safari using OS X

-

1293

* SecureTransport using the TLS extension block in |hello|.

-

1294

* Safari, since 10.6, sends exactly these extensions, in this order:

-

1295

* SNI,

-

1296

* elliptic_curves

-

1297

* ec_point_formats

-

1298

* signature_algorithms (for TLSv1.2 only)

-

1299

*

-

1300

* We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,

-

1301

* but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.

-

1302

* Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from

-

1303

* 10.8..10.8.3 (which don't work).

-

1304

*/

-

1305

static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)

-

1306

{

-

1307

static const unsigned char kSafariExtensionsBlock[] = {

-

1308

0x00, 0x0a, /* elliptic_curves extension */

-

1309

0x00, 0x08, /* 8 bytes */

-

1310

0x00, 0x06, /* 6 bytes of curve ids */

-

1311

0x00, 0x17, /* P-256 */

-

1312

0x00, 0x18, /* P-384 */

-

1313

0x00, 0x19, /* P-521 */

-

1314

-

1315

0x00, 0x0b, /* ec_point_formats */

-

1316

0x00, 0x02, /* 2 bytes */

-

1317

0x01, /* 1 point format */

-

1318

0x00, /* uncompressed */

-

1319

/* The following is only present in TLS 1.2 */

-

1320

0x00, 0x0d, /* signature_algorithms */

-

1321

0x00, 0x0c, /* 12 bytes */

-

1322

0x00, 0x0a, /* 10 bytes */

-

1323

0x05, 0x01, /* SHA-384/RSA */

-

1324

0x04, 0x01, /* SHA-256/RSA */

-

1325

0x02, 0x01, /* SHA-1/RSA */

-

1326

0x04, 0x03, /* SHA-256/ECDSA */

-

1327

0x02, 0x03, /* SHA-1/ECDSA */

-

1328

};

-

1329

/* Length of the common prefix (first two extensions). */

-

1330

static const size_t kSafariCommonExtensionsLength = 18;

-

1331

unsigned int type;

-

1332

PACKET sni, tmppkt;

-

1333

size_t ext_len;

-

1334

-

1335

tmppkt = hello->extensions;

-

1336

-

1337

if (!PACKET_forward(&tmppkt, 2)

!PACKET_forward(&tmppkt, 2)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1338

|| !PACKET_get_net_2(&tmppkt, &type)

!PACKET_get_ne...tmppkt, &type)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1339

|| !PACKET_get_length_prefixed_2(&tmppkt, &sni)) {

!PACKET_get_le...&tmppkt, &sni)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1340

return;

never executed: return;

0

1341

}

-

1342

-

1343

if (type != TLSEXT_TYPE_server_name)

type != 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1344

return;

never executed: return;

0

1345

-

1346

ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ?

((SSL_client_v...: 0) >= 0x0303	Description
TRUE	never evaluated
FALSE	never evaluated

(SSL_client_ve... >> 8) == 0x03	Description
TRUE	never evaluated
FALSE	never evaluated

0

1347

sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength;

-

1348

-

1349

s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,

-

1350

ext_len);

-

1351

}

never executed: end of block

0

1352

#endif /* !OPENSSL_NO_EC */

-

1353

-

1354

MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)

-

1355

{

-

1356

/* |cookie| will only be initialized for DTLS. */

-

1357

PACKET session_id, compression, extensions, cookie;

-

1358

static const unsigned char null_compression = 0;

-

1359

CLIENTHELLO_MSG *clienthello = NULL;

-

1360

-

1361

/* Check if this is actually an unexpected renegotiation ClientHello */

-

1362

if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {

s->renegotiate == 0	Description
TRUE	evaluated 3707 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 3690 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1

0-3707

1363

if (!ossl_assert(!SSL_IS_TLS13(s))) {

!((!(!(s->meth...x10000)) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	never evaluated
FALSE	never evaluated

0-17

1364

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1365

ERR_R_INTERNAL_ERROR);

-

1366

goto err;

never executed: goto err;

0

1367

}

-

1368

if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0

(s->options & ...0000000U) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

1-16

1369

|| (!s->s3->send_connection_binding

!s->s3->send_c...ection_binding	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

1-15

1370

&& (s->options

(s->options & ...0040000U) == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

1371

& SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) {

(s->options & ...0040000U) == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

1372

ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);

-

1373

return MSG_PROCESS_FINISHED_READING;

executed 2 times by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

2

1374

}

-

1375

s->renegotiate = 1;

-

1376

s->new_session = 1;

-

1377

}

executed 15 times by 1 test: end of block

Executed by:

libssl.so.1.1

15

1378

-

1379

clienthello = OPENSSL_zalloc(sizeof(*clienthello));

-

1380

if (clienthello == NULL) {

clienthello == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3712 times by 1 test Evaluated by: libssl.so.1.1

0-3712

1381

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1382

ERR_R_INTERNAL_ERROR);

-

1383

goto err;

never executed: goto err;

0

1384

}

-

1385

-

1386

/*

-

1387

* First, parse the raw ClientHello data into the CLIENTHELLO_MSG structure.

-

1388

*/

-

1389

clienthello->isv2 = RECORD_LAYER_is_sslv2_record(&s->rlayer);

-

1390

PACKET_null_init(&cookie);

-

1391

-

1392

if (clienthello->isv2) {

clienthello->isv2	Description
TRUE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3527 times by 1 test Evaluated by: libssl.so.1.1

185-3527

1393

unsigned int mt;

-

1394

-

1395

if (!SSL_IS_FIRST_HANDSHAKE(s)

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-185

1396

|| s->hello_retry_request != SSL_HRR_NONE) {

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1397

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,

-

1398

SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNEXPECTED_MESSAGE);

-

1399

goto err;

never executed: goto err;

0

1400

}

-

1401

-

1402

/*-

-

1403

* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2

-

1404

* header is sent directly on the wire, not wrapped as a TLS

-

1405

* record. Our record layer just processes the message length and passes

-

1406

* the rest right through. Its format is:

-

1407

* Byte Content

-

1408

* 0-1 msg_length - decoded by the record layer

-

1409

* 2 msg_type - s->init_msg points here

-

1410

* 3-4 version

-

1411

* 5-6 cipher_spec_length

-

1412

* 7-8 session_id_length

-

1413

* 9-10 challenge_length

-

1414

* ... ...

-

1415

*/

-

1416

-

1417

if (!PACKET_get_1(pkt, &mt)

!PACKET_get_1(pkt, &mt)	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1418

|| mt != SSL2_MT_CLIENT_HELLO) {

mt != 1	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1419

/*

-

1420

* Should never happen. We should have tested this in the record

-

1421

* layer in order to have determined that this is a SSLv2 record

-

1422

* in the first place

-

1423

*/

-

1424

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1425

ERR_R_INTERNAL_ERROR);

-

1426

goto err;

never executed: goto err;

0

1427

}

-

1428

}

executed 185 times by 1 test: end of block

Executed by:

libssl.so.1.1

185

1429

-

1430

if (!PACKET_get_net_2(pkt, &clienthello->legacy_version)) {

!PACKET_get_ne...egacy_version)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3711 times by 1 test Evaluated by: libssl.so.1.1

1-3711

1431

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1432

SSL_R_LENGTH_TOO_SHORT);

-

1433

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

1434

}

-

1435

-

1436

/* Parse the message and load client random. */

-

1437

if (clienthello->isv2) {

clienthello->isv2	Description
TRUE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3526 times by 1 test Evaluated by: libssl.so.1.1

185-3526

1438

/*

-

1439

* Handle an SSLv2 backwards compatible ClientHello

-

1440

* Note, this is only for SSLv3+ using the backward compatible format.

-

1441

* Real SSLv2 is not supported, and is rejected below.

-

1442

*/

-

1443

unsigned int ciphersuite_len, session_id_len, challenge_len;

-

1444

PACKET challenge;

-

1445

-

1446

if (!PACKET_get_net_2(pkt, &ciphersuite_len)

!PACKET_get_ne...phersuite_len)	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1447

|| !PACKET_get_net_2(pkt, &session_id_len)

!PACKET_get_ne...ession_id_len)	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1448

|| !PACKET_get_net_2(pkt, &challenge_len)) {

!PACKET_get_ne...challenge_len)	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1449

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1450

SSL_R_RECORD_LENGTH_MISMATCH);

-

1451

goto err;

never executed: goto err;

0

1452

}

-

1453

-

1454

if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {

session_id_len > 32	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 184 times by 1 test Evaluated by: libssl.so.1.1

1-184

1455

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,

-

1456

SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);

-

1457

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

1458

}

-

1459

-

1460

if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites,

!PACKET_get_su...phersuite_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

1-183

1461

ciphersuite_len)

!PACKET_get_su...phersuite_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

1-183

1462

|| !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len)

!PACKET_copy_b...ession_id_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 182 times by 1 test Evaluated by: libssl.so.1.1

1-182

1463

|| !PACKET_get_sub_packet(pkt, &challenge, challenge_len)

!PACKET_get_su...challenge_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 181 times by 1 test Evaluated by: libssl.so.1.1

1-181

1464

/* No extensions. */

-

1465

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1

1-180

1466

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1467

SSL_R_RECORD_LENGTH_MISMATCH);

-

1468

goto err;

executed 4 times by 1 test: goto err;

Executed by:

libssl.so.1.1

4

1469

}

-

1470

clienthello->session_id_len = session_id_len;

-

1471

-

1472

/* Load the client random and compression list. We use SSL3_RANDOM_SIZE

-

1473

* here rather than sizeof(clienthello->random) because that is the limit

-

1474

* for SSLv3 and it is fixed. It won't change even if

-

1475

* sizeof(clienthello->random) does.

-

1476

*/

-

1477

challenge_len = challenge_len > SSL3_RANDOM_SIZE

challenge_len > 32	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 179 times by 1 test Evaluated by: libssl.so.1.1

1-179

1478

? SSL3_RANDOM_SIZE : challenge_len;

-

1479

memset(clienthello->random, 0, SSL3_RANDOM_SIZE);

-

1480

if (!PACKET_copy_bytes(&challenge,

!PACKET_copy_b...challenge_len)	Description
TRUE	never evaluated
FALSE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1

0-180

1481

clienthello->random + SSL3_RANDOM_SIZE -

!PACKET_copy_b...challenge_len)	Description
TRUE	never evaluated
FALSE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1

0-180

1482

challenge_len, challenge_len)

!PACKET_copy_b...challenge_len)	Description
TRUE	never evaluated
FALSE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1

0-180

1483

/* Advertise only null compression. */

-

1484

|| !PACKET_buf_init(&compression, &null_compression, 1)) {

!PACKET_buf_in...ompression, 1)	Description
TRUE	never evaluated
FALSE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1

0-180

1485

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1486

ERR_R_INTERNAL_ERROR);

-

1487

goto err;

never executed: goto err;

0

1488

}

-

1489

-

1490

PACKET_null_init(&clienthello->extensions);

-

1491

} else {

executed 180 times by 1 test: end of block

Executed by:

libssl.so.1.1

180

1492

/* Regular ClientHello. */

-

1493

if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE)

!PACKET_copy_b...o->random, 32)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3525 times by 1 test Evaluated by: libssl.so.1.1

1-3525

1494

|| !PACKET_get_length_prefixed_1(pkt, &session_id)

!PACKET_get_le..., &session_id)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3523 times by 1 test Evaluated by: libssl.so.1.1

2-3523

1495

|| !PACKET_copy_all(&session_id, clienthello->session_id,

!PACKET_copy_a...ession_id_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3522 times by 1 test Evaluated by: libssl.so.1.1

1-3522

1496

SSL_MAX_SSL_SESSION_ID_LENGTH,

!PACKET_copy_a...ession_id_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3522 times by 1 test Evaluated by: libssl.so.1.1

1-3522

1497

&clienthello->session_id_len)) {

!PACKET_copy_a...ession_id_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3522 times by 1 test Evaluated by: libssl.so.1.1

1-3522

1498

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1499

SSL_R_LENGTH_MISMATCH);

-

1500

goto err;

executed 4 times by 1 test: goto err;

Executed by:

libssl.so.1.1

4

1501

}

-

1502

-

1503

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3332 times by 1 test Evaluated by: libssl.so.1.1

190-3332

1504

if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {

!PACKET_get_le...(pkt, &cookie)	Description
TRUE	never evaluated
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

0-190

1505

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1506

SSL_R_LENGTH_MISMATCH);

-

1507

goto err;

never executed: goto err;

0

1508

}

-

1509

if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie,

!PACKET_copy_a...ls_cookie_len)	Description
TRUE	never evaluated
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

0-190

1510

DTLS1_COOKIE_LENGTH,

!PACKET_copy_a...ls_cookie_len)	Description
TRUE	never evaluated
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

0-190

1511

&clienthello->dtls_cookie_len)) {

!PACKET_copy_a...ls_cookie_len)	Description
TRUE	never evaluated
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

0-190

1512

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

1513

SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

-

1514

goto err;

never executed: goto err;

0

1515

}

-

1516

/*

-

1517

* If we require cookies and this ClientHello doesn't contain one,

-

1518

* just return since we do not want to allocate any memory yet.

-

1519

* So check cookie length...

-

1520

*/

-

1521

if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {

SSL_get_option... & 0x00002000U	Description
TRUE	never evaluated
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

0-190

1522

if (clienthello->dtls_cookie_len == 0)

clienthello->d...ookie_len == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1523

return MSG_PROCESS_FINISHED_READING;

never executed: return MSG_PROCESS_FINISHED_READING;

0

1524

}

never executed: end of block

0

1525

}

executed 190 times by 1 test: end of block

Executed by:

libssl.so.1.1

190

1526

-

1527

if (!PACKET_get_length_prefixed_2(pkt, &clienthello->ciphersuites)) {

!PACKET_get_le...>ciphersuites)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3519 times by 1 test Evaluated by: libssl.so.1.1

3-3519

1528

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1529

SSL_R_LENGTH_MISMATCH);

-

1530

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3

1531

}

-

1532

-

1533

if (!PACKET_get_length_prefixed_1(pkt, &compression)) {

!PACKET_get_le... &compression)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3516 times by 1 test Evaluated by: libssl.so.1.1

3-3516

1534

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1535

SSL_R_LENGTH_MISMATCH);

-

1536

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3

1537

}

-

1538

-

1539

/* Could be empty. */

-

1540

if (PACKET_remaining(pkt) == 0) {

PACKET_remaining(pkt) == 0	Description
TRUE	evaluated 249 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3267 times by 1 test Evaluated by: libssl.so.1.1

249-3267

1541

PACKET_null_init(&clienthello->extensions);

-

1542

} else {

executed 249 times by 1 test: end of block

Executed by:

libssl.so.1.1

249

1543

if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)

!PACKET_get_le...o->extensions)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3265 times by 1 test Evaluated by: libssl.so.1.1

2-3265

1544

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3264 times by 1 test Evaluated by: libssl.so.1.1

1-3264

1545

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1546

SSL_R_LENGTH_MISMATCH);

-

1547

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3

1548

}

-

1549

}

executed 3264 times by 1 test: end of block

Executed by:

libssl.so.1.1

3264

1550

}

-

1551

-

1552

if (!PACKET_copy_all(&compression, clienthello->compressions,

!PACKET_copy_a...pressions_len)	Description
TRUE	never evaluated
FALSE	evaluated 3693 times by 1 test Evaluated by: libssl.so.1.1

0-3693

1553

MAX_COMPRESSIONS_SIZE,

!PACKET_copy_a...pressions_len)	Description
TRUE	never evaluated
FALSE	evaluated 3693 times by 1 test Evaluated by: libssl.so.1.1

0-3693

1554

&clienthello->compressions_len)) {

!PACKET_copy_a...pressions_len)	Description
TRUE	never evaluated
FALSE	evaluated 3693 times by 1 test Evaluated by: libssl.so.1.1

0-3693

1555

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,

-

1556

ERR_R_INTERNAL_ERROR);

-

1557

goto err;

never executed: goto err;

0

1558

}

-

1559

-

1560

/* Preserve the raw extensions PACKET for later use */

-

1561

extensions = clienthello->extensions;

-

1562

if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO,

!tls_collect_e...c_exts_len, 1)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3657 times by 1 test Evaluated by: libssl.so.1.1

36-3657

1563

&clienthello->pre_proc_exts,

!tls_collect_e...c_exts_len, 1)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3657 times by 1 test Evaluated by: libssl.so.1.1

36-3657

1564

&clienthello->pre_proc_exts_len, 1)) {

!tls_collect_e...c_exts_len, 1)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3657 times by 1 test Evaluated by: libssl.so.1.1

36-3657

1565

/* SSLfatal already been called */

-

1566

goto err;

executed 36 times by 1 test: goto err;

Executed by:

libssl.so.1.1

36

1567

}

-

1568

s->clienthello = clienthello;

-

1569

-

1570

return MSG_PROCESS_CONTINUE_PROCESSING;

executed 3657 times by 1 test: return MSG_PROCESS_CONTINUE_PROCESSING;

Executed by:

libssl.so.1.1

3657

1571

-

1572

err:

-

1573

if (clienthello != NULL)

clienthello != ((void *)0)	Description
TRUE	evaluated 55 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-55

1574

OPENSSL_free(clienthello->pre_proc_exts);

executed 55 times by 1 test: CRYPTO_free(clienthello->pre_proc_exts, __FILE__, 1574);

Executed by:

libssl.so.1.1

55

1575

OPENSSL_free(clienthello);

-

1576

-

1577

return MSG_PROCESS_ERROR;

executed 55 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

55

1578

}

-

1579

-

1580

static int tls_early_post_process_client_hello(SSL *s)

-

1581

{

-

1582

unsigned int j;

-

1583

int i, al = SSL_AD_INTERNAL_ERROR;

-

1584

int protverr;

-

1585

size_t loop;

-

1586

unsigned long id;

-

1587

#ifndef OPENSSL_NO_COMP

-

1588

SSL_COMP *comp = NULL;

-

1589

#endif

-

1590

const SSL_CIPHER *c;

-

1591

STACK_OF(SSL_CIPHER) *ciphers = NULL;

-

1592

STACK_OF(SSL_CIPHER) *scsvs = NULL;

-

1593

CLIENTHELLO_MSG *clienthello = s->clienthello;

-

1594

DOWNGRADE dgrd = DOWNGRADE_NONE;

-

1595

-

1596

/* Finished parsing the ClientHello, now we can start processing it */

-

1597

/* Give the ClientHello callback a crack at things */

-

1598

if (s->ctx->client_hello_cb != NULL) {

s->ctx->client...!= ((void *)0)	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3653 times by 1 test Evaluated by: libssl.so.1.1

5-3653

1599

/* A failure in the ClientHello callback terminates the connection. */

-

1600

switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) {

-

1601

case SSL_CLIENT_HELLO_SUCCESS:

executed 3 times by 1 test: case 1:

Executed by:

libssl.so.1.1

3

1602

break;

executed 3 times by 1 test: break;

Executed by:

libssl.so.1.1

3

1603

case SSL_CLIENT_HELLO_RETRY:

executed 1 time by 1 test: case (-1):

Executed by:

libssl.so.1.1

1

1604

s->rwstate = SSL_CLIENT_HELLO_CB;

-

1605

return -1;

executed 1 time by 1 test: return -1;

Executed by:

libssl.so.1.1

1

1606

case SSL_CLIENT_HELLO_ERROR:

executed 1 time by 1 test: case 0:

Executed by:

libssl.so.1.1

1

1607

default:

never executed: default:

0

1608

SSLfatal(s, al,

-

1609

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1610

SSL_R_CALLBACK_FAILED);

-

1611

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

1612

}

-

1613

}

-

1614

-

1615

/* Set up the client_random */

-

1616

memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE);

-

1617

-

1618

/* Choose the version */

-

1619

-

1620

if (clienthello->isv2) {

clienthello->isv2	Description
TRUE	evaluated 180 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3476 times by 1 test Evaluated by: libssl.so.1.1

180-3476

1621

if (clienthello->legacy_version == SSL2_VERSION

clienthello->l...sion == 0x0002	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 178 times by 1 test Evaluated by: libssl.so.1.1

2-178

1622

|| (clienthello->legacy_version & 0xff00)

(clienthello->...!= (0x03 << 8)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

1-177

1623

!= (SSL3_VERSION_MAJOR << 8)) {

(clienthello->...!= (0x03 << 8)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

1-177

1624

/*

-

1625

* This is real SSLv2 or something completely unknown. We don't

-

1626

* support it.

-

1627

*/

-

1628

SSLfatal(s, SSL_AD_PROTOCOL_VERSION,

-

1629

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1630

SSL_R_UNKNOWN_PROTOCOL);

-

1631

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3

1632

}

-

1633

/* SSLv3/TLS */

-

1634

s->client_version = clienthello->legacy_version;

-

1635

}

executed 177 times by 1 test: end of block

Executed by:

libssl.so.1.1

177

1636

/*

-

1637

* Do SSL/TLS version negotiation if applicable. For DTLS we just check

-

1638

* versions are potentially compatible. Version negotiation comes later.

-

1639

*/

-

1640

if (!SSL_IS_DTLS(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3463 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

190-3463

1641

protverr = ssl_choose_server_version(s, clienthello, &dgrd);

-

1642

} else if (s->method->version != DTLS_ANY_VERSION &&

executed 3463 times by 1 test: end of block

Executed by:

libssl.so.1.1

s->method->version != 0x1FFFF	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 181 times by 1 test Evaluated by: libssl.so.1.1

9-3463

1643

DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {

(((int)clienth...on) == 0x0100)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

(((((int)clien...(s->version)))	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

1644

protverr = SSL_R_VERSION_TOO_LOW;

-

1645

} else {

never executed: end of block

0

1646

protverr = 0;

-

1647

}

executed 190 times by 1 test: end of block

Executed by:

libssl.so.1.1

190

1648

-

1649

if (protverr) {

protverr	Description
TRUE	evaluated 518 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3135 times by 1 test Evaluated by: libssl.so.1.1

518-3135

1650

if (SSL_IS_FIRST_HANDSHAKE(s)) {

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 518 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-518

1651

/* like ssl3_get_record, send alert using remote version number */

-

1652

s->version = s->client_version = clienthello->legacy_version;

-

1653

}

executed 518 times by 1 test: end of block

Executed by:

libssl.so.1.1

518

1654

SSLfatal(s, SSL_AD_PROTOCOL_VERSION,

-

1655

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);

-

1656

goto err;

executed 518 times by 1 test: goto err;

Executed by:

libssl.so.1.1

518

1657

}

-

1658

-

1659

/* TLSv1.3 specifies that a ClientHello must end on a record boundary */

-

1660

if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2945 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1141 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1804 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1141 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

RECORD_LAYER_p...ng(&s->rlayer)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1140 times by 1 test Evaluated by: libssl.so.1.1

0-2945

1661

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,

-

1662

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1663

SSL_R_NOT_ON_RECORD_BOUNDARY);

-

1664

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

1665

}

-

1666

-

1667

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2944 times by 1 test Evaluated by: libssl.so.1.1

190-2944

1668

/* Empty cookie was already handled above by returning early. */

-

1669

if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {

SSL_get_option... & 0x00002000U	Description
TRUE	never evaluated
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

0-190

1670

if (s->ctx->app_verify_cookie_cb != NULL) {

s->ctx->app_ve...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1671

if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie,

s->ctx->app_ve...okie_len) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1672

clienthello->dtls_cookie_len) == 0) {

s->ctx->app_ve...okie_len) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1673

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

1674

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1675

SSL_R_COOKIE_MISMATCH);

-

1676

goto err;

never executed: goto err;

0

1677

/* else cookie verification succeeded */

-

1678

}

-

1679

/* default verification */

-

1680

} else if (s->d1->cookie_len != clienthello->dtls_cookie_len

never executed: end of block

s->d1->cookie_...tls_cookie_len	Description
TRUE	never evaluated
FALSE	never evaluated

0

1681

|| memcmp(clienthello->dtls_cookie, s->d1->cookie,

memcmp(clienth...okie_len) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1682

s->d1->cookie_len) != 0) {

memcmp(clienth...okie_len) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1683

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

1684

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1685

SSL_R_COOKIE_MISMATCH);

-

1686

goto err;

never executed: goto err;

0

1687

}

-

1688

s->d1->cookie_verified = 1;

-

1689

}

never executed: end of block

0

1690

if (s->method->version == DTLS_ANY_VERSION) {

s->method->version == 0x1FFFF	Description
TRUE	evaluated 181 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

9-181

1691

protverr = ssl_choose_server_version(s, clienthello, &dgrd);

-

1692

if (protverr != 0) {

protverr != 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

4-177

1693

s->version = s->client_version;

-

1694

SSLfatal(s, SSL_AD_PROTOCOL_VERSION,

-

1695

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);

-

1696

goto err;

executed 4 times by 1 test: goto err;

Executed by:

libssl.so.1.1

4

1697

}

-

1698

}

executed 177 times by 1 test: end of block

Executed by:

libssl.so.1.1

177

1699

}

executed 186 times by 1 test: end of block

Executed by:

libssl.so.1.1

186

1700

-

1701

s->hit = 0;

-

1702

-

1703

if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites,

!ssl_cache_cip...nthello->isv2)	Description
TRUE	never evaluated
FALSE	evaluated 3130 times by 1 test Evaluated by: libssl.so.1.1

0-3130

1704

clienthello->isv2) ||

!ssl_cache_cip...nthello->isv2)	Description
TRUE	never evaluated
FALSE	evaluated 3130 times by 1 test Evaluated by: libssl.so.1.1

0-3130

1705

!bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs,

!bytes_to_ciph...ello->isv2, 1)	Description
TRUE	never evaluated
FALSE	evaluated 3130 times by 1 test Evaluated by: libssl.so.1.1

0-3130

1706

clienthello->isv2, 1)) {

!bytes_to_ciph...ello->isv2, 1)	Description
TRUE	never evaluated
FALSE	evaluated 3130 times by 1 test Evaluated by: libssl.so.1.1

0-3130

1707

/* SSLfatal() already called */

-

1708

goto err;

never executed: goto err;

0

1709

}

-

1710

-

1711

s->s3->send_connection_binding = 0;

-

1712

/* Check what signalling cipher-suite values were received. */

-

1713

if (scsvs != NULL) {

scsvs != ((void *)0)	Description
TRUE	evaluated 3130 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3130

1714

for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) {

i < sk_SSL_CIPHER_num(scsvs)	Description
TRUE	evaluated 2395 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3129 times by 1 test Evaluated by: libssl.so.1.1

2395-3129

1715

c = sk_SSL_CIPHER_value(scsvs, i);

-

1716

if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) {

SSL_CIPHER_get... == 0x030000FF	Description
TRUE	evaluated 2338 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1

57-2338

1717

if (s->renegotiate) {

s->renegotiate	Description
TRUE	never evaluated
FALSE	evaluated 2338 times by 1 test Evaluated by: libssl.so.1.1

0-2338

1718

/* SCSV is fatal if renegotiating */

-

1719

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

1720

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1721

SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);

-

1722

goto err;

never executed: goto err;

0

1723

}

-

1724

s->s3->send_connection_binding = 1;

-

1725

} else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV &&

executed 2338 times by 1 test: end of block

Executed by:

libssl.so.1.1

SSL_CIPHER_get... == 0x03005600	Description
TRUE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2338

1726

!ssl_check_version_downgrade(s)) {

!ssl_check_ver...n_downgrade(s)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 56 times by 1 test Evaluated by: libssl.so.1.1

1-56

1727

/*

-

1728

* This SCSV indicates that the client previously tried

-

1729

* a higher version. We should fail if the current version

-

1730

* is an unexpected downgrade, as that indicates that the first

-

1731

* connection may have been tampered with in order to trigger

-

1732

* an insecure downgrade.

-

1733

*/

-

1734

SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK,

-

1735

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1736

SSL_R_INAPPROPRIATE_FALLBACK);

-

1737

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

1738

}

-

1739

}

executed 2394 times by 1 test: end of block

Executed by:

libssl.so.1.1

2394

1740

}

executed 3129 times by 1 test: end of block

Executed by:

libssl.so.1.1

3129

1741

-

1742

/* For TLSv1.3 we must select the ciphersuite *before* session resumption */

-

1743

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2943 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1140 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1803 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1140 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2943

1744

const SSL_CIPHER *cipher =

-

1745

ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));

-

1746

-

1747

if (cipher == NULL) {

cipher == ((void *)0)	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1135 times by 1 test Evaluated by: libssl.so.1.1

5-1135

1748

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

1749

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1750

SSL_R_NO_SHARED_CIPHER);

-

1751

goto err;

executed 5 times by 1 test: goto err;

Executed by:

libssl.so.1.1

5

1752

}

-

1753

if (s->hello_retry_request == SSL_HRR_PENDING

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 54 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1081 times by 1 test Evaluated by: libssl.so.1.1

54-1081

1754

&& (s->s3->tmp.new_cipher == NULL

s->s3->tmp.new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 54 times by 1 test Evaluated by: libssl.so.1.1

0-54

1755

|| s->s3->tmp.new_cipher->id != cipher->id)) {

s->s3->tmp.new... != cipher->id	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 52 times by 1 test Evaluated by: libssl.so.1.1

2-52

1756

/*

-

1757

* A previous HRR picked a different ciphersuite to the one we

-

1758

* just selected. Something must have changed.

-

1759

*/

-

1760

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,

-

1761

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1762

SSL_R_BAD_CIPHER);

-

1763

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2

1764

}

-

1765

s->s3->tmp.new_cipher = cipher;

-

1766

}

executed 1133 times by 1 test: end of block

Executed by:

libssl.so.1.1

1133

1767

-

1768

/* We need to do this before getting the session */

-

1769

if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret,

!tls_parse_ext...void *)0) , 0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3121 times by 1 test Evaluated by: libssl.so.1.1

1-3121

1770

SSL_EXT_CLIENT_HELLO,

!tls_parse_ext...void *)0) , 0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3121 times by 1 test Evaluated by: libssl.so.1.1

1-3121

1771

clienthello->pre_proc_exts, NULL, 0)) {

!tls_parse_ext...void *)0) , 0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3121 times by 1 test Evaluated by: libssl.so.1.1

1-3121

1772

/* SSLfatal() already called */

-

1773

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

1774

}

-

1775

-

1776

/*

-

1777

* We don't allow resumption in a backwards compatible ClientHello.

-

1778

* TODO(openssl-team): in TLS1.1+, session_id MUST be empty.

-

1779

*

-

1780

* Versions before 0.9.7 always allow clients to resume sessions in

-

1781

* renegotiation. 0.9.7 and later allow this by default, but optionally

-

1782

* ignore resumption requests with flag

-

1783

* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather

-

1784

* than a change to default behavior so that applications relying on

-

1785

* this for security won't even compile against older library versions).

-

1786

* 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to

-

1787

* request renegotiation but not a new session (s->new_session remains

-

1788

* unset): for servers, this essentially just means that the

-

1789

* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be

-

1790

* ignored.

-

1791

*/

-

1792

if (clienthello->isv2 ||

clienthello->isv2	Description
TRUE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3068 times by 1 test Evaluated by: libssl.so.1.1

53-3068

1793

(s->new_session &&

s->new_session	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3046 times by 1 test Evaluated by: libssl.so.1.1

22-3046

1794

(s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {

(s->options & 0x00010000U)	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

9-13

1795

if (!ssl_get_new_session(s, 1)) {

!ssl_get_new_session(s, 1)	Description
TRUE	never evaluated
FALSE	evaluated 66 times by 1 test Evaluated by: libssl.so.1.1

0-66

1796

/* SSLfatal() already called */

-

1797

goto err;

never executed: goto err;

0

1798

}

-

1799

} else {

executed 66 times by 1 test: end of block

Executed by:

libssl.so.1.1

66

1800

i = ssl_get_prev_session(s, clienthello);

-

1801

if (i == 1) {

i == 1	Description
TRUE	evaluated 223 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2832 times by 1 test Evaluated by: libssl.so.1.1

223-2832

1802

/* previous session */

-

1803

s->hit = 1;

-

1804

} else if (i == -1) {

executed 223 times by 1 test: end of block

Executed by:

libssl.so.1.1

i == -1	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2813 times by 1 test Evaluated by: libssl.so.1.1

19-2813

1805

/* SSLfatal() already called */

-

1806

goto err;

executed 19 times by 1 test: goto err;

Executed by:

libssl.so.1.1

19

1807

} else {

-

1808

/* i == 0 */

-

1809

if (!ssl_get_new_session(s, 1)) {

!ssl_get_new_session(s, 1)	Description
TRUE	never evaluated
FALSE	evaluated 2813 times by 1 test Evaluated by: libssl.so.1.1

0-2813

1810

/* SSLfatal() already called */

-

1811

goto err;

never executed: goto err;

0

1812

}

-

1813

}

executed 2813 times by 1 test: end of block

Executed by:

libssl.so.1.1

2813

1814

}

-

1815

-

1816

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2916 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1116 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1800 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1116 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2916

1817

memcpy(s->tmp_session_id, s->clienthello->session_id,

-

1818

s->clienthello->session_id_len);

-

1819

s->tmp_session_id_len = s->clienthello->session_id_len;

-

1820

}

executed 1116 times by 1 test: end of block

Executed by:

libssl.so.1.1

1116

1821

-

1822

/*

-

1823

* If it is a hit, check that the cipher is in the list. In TLSv1.3 we check

-

1824

* ciphersuite compatibility with the session as part of resumption.

-

1825

*/

-

1826

if (!SSL_IS_TLS13(s) && s->hit) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2916 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1116 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1800 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1116 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->hit	Description
TRUE	evaluated 89 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1897 times by 1 test Evaluated by: libssl.so.1.1

0-2916

1827

j = 0;

-

1828

id = s->session->cipher->id;

-

1829

-

1830

#ifdef CIPHER_DEBUG

-

1831

fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));

-

1832

#endif

-

1833

for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {

i < sk_SSL_CIPHER_num(ciphers)	Description
TRUE	evaluated 602 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-602

1834

c = sk_SSL_CIPHER_value(ciphers, i);

-

1835

#ifdef CIPHER_DEBUG

-

1836

fprintf(stderr, "client [%2d of %2d]:%s\n",

-

1837

i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));

-

1838

#endif

-

1839

if (c->id == id) {

c->id == id	Description
TRUE	evaluated 86 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 516 times by 1 test Evaluated by: libssl.so.1.1

86-516

1840

j = 1;

-

1841

break;

executed 86 times by 1 test: break;

Executed by:

libssl.so.1.1

86

1842

}

-

1843

}

executed 516 times by 1 test: end of block

Executed by:

libssl.so.1.1

516

1844

if (j == 0) {

j == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 86 times by 1 test Evaluated by: libssl.so.1.1

3-86

1845

/*

-

1846

* we need to have the cipher in the cipher list if we are asked

-

1847

* to reuse it

-

1848

*/

-

1849

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,

-

1850

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1851

SSL_R_REQUIRED_CIPHER_MISSING);

-

1852

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3

1853

}

-

1854

}

executed 86 times by 1 test: end of block

Executed by:

libssl.so.1.1

86

1855

-

1856

for (loop = 0; loop < clienthello->compressions_len; loop++) {

loop < clienth...mpressions_len	Description
TRUE	evaluated 4081 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-4081

1857

if (clienthello->compressions[loop] == 0)

clienthello->c...ons[loop] == 0	Description
TRUE	evaluated 3093 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 988 times by 1 test Evaluated by: libssl.so.1.1

988-3093

1858

break;

executed 3093 times by 1 test: break;

Executed by:

libssl.so.1.1

3093

1859

}

executed 988 times by 1 test: end of block

Executed by:

libssl.so.1.1

988

1860

-

1861

if (loop >= clienthello->compressions_len) {

loop >= client...mpressions_len	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3093 times by 1 test Evaluated by: libssl.so.1.1

6-3093

1862

/* no compress */

-

1863

SSLfatal(s, SSL_AD_DECODE_ERROR,

-

1864

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1865

SSL_R_NO_COMPRESSION_SPECIFIED);

-

1866

goto err;

executed 6 times by 1 test: goto err;

Executed by:

libssl.so.1.1

6

1867

}

-

1868

-

1869

#ifndef OPENSSL_NO_EC

-

1870

if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)

s->options & 0x00000040U	Description
TRUE	never evaluated
FALSE	evaluated 3093 times by 1 test Evaluated by: libssl.so.1.1

0-3093

1871

ssl_check_for_safari(s, clienthello);

never executed: ssl_check_for_safari(s, clienthello);

0

1872

#endif /* !OPENSSL_NO_EC */

-

1873

-

1874

/* TLS extensions */

-

1875

if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO,

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	evaluated 373 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2720 times by 1 test Evaluated by: libssl.so.1.1

373-2720

1876

clienthello->pre_proc_exts, NULL, 0, 1)) {

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	evaluated 373 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2720 times by 1 test Evaluated by: libssl.so.1.1

373-2720

1877

/* SSLfatal() already called */

-

1878

goto err;

executed 373 times by 1 test: goto err;

Executed by:

libssl.so.1.1

373

1879

}

-

1880

-

1881

/*

-

1882

* Check if we want to use external pre-shared secret for this handshake

-

1883

* for not reused session only. We need to generate server_random before

-

1884

* calling tls_session_secret_cb in order to allow SessionTicket

-

1885

* processing to use it in key derivation.

-

1886

*/

-

1887

{

-

1888

unsigned char *pos;

-

1889

pos = s->s3->server_random;

-

1890

if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) {

ssl_fill_hello...32, dgrd) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 2720 times by 1 test Evaluated by: libssl.so.1.1

0-2720

1891

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

1892

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1893

ERR_R_INTERNAL_ERROR);

-

1894

goto err;

never executed: goto err;

0

1895

}

-

1896

}

-

1897

-

1898

if (!s->hit

!s->hit	Description
TRUE	evaluated 2506 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 214 times by 1 test Evaluated by: libssl.so.1.1

214-2506

1899

&& s->version >= TLS1_VERSION

s->version >= 0x0301	Description
TRUE	evaluated 2506 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2506

1900

&& !SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2336 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 170 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 869 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1467 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 869 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2336

1901

&& !SSL_IS_DTLS(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1467 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 170 times by 1 test Evaluated by: libssl.so.1.1

170-1467

1902

&& s->ext.session_secret_cb) {

s->ext.session_secret_cb	Description
TRUE	never evaluated
FALSE	evaluated 1467 times by 1 test Evaluated by: libssl.so.1.1

0-1467

1903

const SSL_CIPHER *pref_cipher = NULL;

-

1904

/*

-

1905

* s->session->master_key_length is a size_t, but this is an int for

-

1906

* backwards compat reasons

-

1907

*/

-

1908

int master_key_length;

-

1909

-

1910

master_key_length = sizeof(s->session->master_key);

-

1911

if (s->ext.session_secret_cb(s, s->session->master_key,

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1912

&master_key_length, ciphers,

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1913

&pref_cipher,

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1914

s->ext.session_secret_cb_arg)

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1915

&& master_key_length > 0) {

master_key_length > 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

1916

s->session->master_key_length = master_key_length;

-

1917

s->hit = 1;

-

1918

s->session->ciphers = ciphers;

-

1919

s->session->verify_result = X509_V_OK;

-

1920

-

1921

ciphers = NULL;

-

1922

-

1923

/* check if some cipher was preferred by call back */

-

1924

if (pref_cipher == NULL)

pref_cipher == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1925

pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,

never executed: pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));

0

1926

SSL_get_ciphers(s));

never executed: pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));

0

1927

if (pref_cipher == NULL) {

pref_cipher == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1928

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

1929

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1930

SSL_R_NO_SHARED_CIPHER);

-

1931

goto err;

never executed: goto err;

0

1932

}

-

1933

-

1934

s->session->cipher = pref_cipher;

-

1935

sk_SSL_CIPHER_free(s->cipher_list);

-

1936

s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);

-

1937

sk_SSL_CIPHER_free(s->cipher_list_by_id);

-

1938

s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);

-

1939

}

never executed: end of block

0

1940

}

never executed: end of block

0

1941

-

1942

/*

-

1943

* Worst case, we will use the NULL compression, but if we have other

-

1944

* options, we will now look for them. We have complen-1 compression

-

1945

* algorithms from the client, starting at q.

-

1946

*/

-

1947

s->s3->tmp.new_compression = NULL;

-

1948

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2534 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1001 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1533 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1001 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2534

1949

/*

-

1950

* We already checked above that the NULL compression method appears in

-

1951

* the list. Now we check there aren't any others (which is illegal in

-

1952

* a TLSv1.3 ClientHello.

-

1953

*/

-

1954

if (clienthello->compressions_len != 1) {

clienthello->c...sions_len != 1	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 999 times by 1 test Evaluated by: libssl.so.1.1

2-999

1955

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,

-

1956

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1957

SSL_R_INVALID_COMPRESSION_ALGORITHM);

-

1958

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2

1959

}

-

1960

}

executed 999 times by 1 test: end of block

Executed by:

libssl.so.1.1

999

1961

#ifndef OPENSSL_NO_COMP

-

1962

/* This only happens if we have a cache hit */

-

1963

else if (s->session->compress_meth != 0) {

s->session->compress_meth != 0	Description
TRUE	never evaluated
FALSE	evaluated 1719 times by 1 test Evaluated by: libssl.so.1.1

0-1719

1964

int m, comp_id = s->session->compress_meth;

-

1965

unsigned int k;

-

1966

/* Perform sanity checks on resumed compression algorithm */

-

1967

/* Can't disable compression */

-

1968

if (!ssl_allow_compression(s)) {

!ssl_allow_compression(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1969

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

1970

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1971

SSL_R_INCONSISTENT_COMPRESSION);

-

1972

goto err;

never executed: goto err;

0

1973

}

-

1974

/* Look for resumed compression method */

-

1975

for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {

m < sk_SSL_COM...>comp_methods)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1976

comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);

-

1977

if (comp_id == comp->id) {

comp_id == comp->id	Description
TRUE	never evaluated
FALSE	never evaluated

0

1978

s->s3->tmp.new_compression = comp;

-

1979

break;

never executed: break;

0

1980

}

-

1981

}

never executed: end of block

0

1982

if (s->s3->tmp.new_compression == NULL) {

s->s3->tmp.new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

1983

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

1984

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1985

SSL_R_INVALID_COMPRESSION_ALGORITHM);

-

1986

goto err;

never executed: goto err;

0

1987

}

-

1988

/* Look for resumed method in compression list */

-

1989

for (k = 0; k < clienthello->compressions_len; k++) {

k < clienthell...mpressions_len	Description
TRUE	never evaluated
FALSE	never evaluated

0

1990

if (clienthello->compressions[k] == comp_id)

clienthello->c...[k] == comp_id	Description
TRUE	never evaluated
FALSE	never evaluated

0

1991

break;

never executed: break;

0

1992

}

never executed: end of block

0

1993

if (k >= clienthello->compressions_len) {

k >= clienthel...mpressions_len	Description
TRUE	never evaluated
FALSE	never evaluated

0

1994

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,

-

1995

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

1996

SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);

-

1997

goto err;

never executed: goto err;

0

1998

}

-

1999

} else if (s->hit) {

never executed: end of block

s->hit	Description
TRUE	evaluated 82 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1637 times by 1 test Evaluated by: libssl.so.1.1

0-1637

2000

comp = NULL;

-

2001

} else if (ssl_allow_compression(s) && s->ctx->comp_methods) {

executed 82 times by 1 test: end of block

Executed by:

libssl.so.1.1

ssl_allow_compression(s)	Description
TRUE	never evaluated
FALSE	evaluated 1637 times by 1 test Evaluated by: libssl.so.1.1

s->ctx->comp_methods	Description
TRUE	never evaluated
FALSE	never evaluated

0-1637

2002

/* See if we have a match */

-

2003

int m, nn, v, done = 0;

-

2004

unsigned int o;

-

2005

-

2006

nn = sk_SSL_COMP_num(s->ctx->comp_methods);

-

2007

for (m = 0; m < nn; m++) {

m < nn	Description
TRUE	never evaluated
FALSE	never evaluated

0

2008

comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);

-

2009

v = comp->id;

-

2010

for (o = 0; o < clienthello->compressions_len; o++) {

o < clienthell...mpressions_len	Description
TRUE	never evaluated
FALSE	never evaluated

0

2011

if (v == clienthello->compressions[o]) {

v == clienthel...ompressions[o]	Description
TRUE	never evaluated
FALSE	never evaluated

0

2012

done = 1;

-

2013

break;

never executed: break;

0

2014

}

-

2015

}

never executed: end of block

0

2016

if (done)

done	Description
TRUE	never evaluated
FALSE	never evaluated

0

2017

break;

never executed: break;

0

2018

}

never executed: end of block

0

2019

if (done)

done	Description
TRUE	never evaluated
FALSE	never evaluated

0

2020

s->s3->tmp.new_compression = comp;

never executed: s->s3->tmp.new_compression = comp;

0

2021

else

-

2022

comp = NULL;

never executed: comp = ((void *)0) ;

0

2023

}

-

2024

#else

-

2025

/*

-

2026

* If compression is disabled we'd better not try to resume a session

-

2027

* using compression.

-

2028

*/

-

2029

if (s->session->compress_meth != 0) {

-

2030

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

2031

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

2032

SSL_R_INCONSISTENT_COMPRESSION);

-

2033

goto err;

-

2034

}

-

2035

#endif

-

2036

-

2037

/*

-

2038

* Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher

-

2039

*/

-

2040

-

2041

if (!s->hit || SSL_IS_TLS13(s)) {

!s->hit	Description
TRUE	evaluated 2504 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 214 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 198 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 132 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 66 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 132 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2504

2042

sk_SSL_CIPHER_free(s->session->ciphers);

-

2043

s->session->ciphers = ciphers;

-

2044

if (ciphers == NULL) {

ciphers == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2636 times by 1 test Evaluated by: libssl.so.1.1

0-2636

2045

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2046

SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,

-

2047

ERR_R_INTERNAL_ERROR);

-

2048

goto err;

never executed: goto err;

0

2049

}

-

2050

ciphers = NULL;

-

2051

}

executed 2636 times by 1 test: end of block

Executed by:

libssl.so.1.1

2636

2052

-

2053

if (!s->hit) {

!s->hit	Description
TRUE	evaluated 2504 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 214 times by 1 test Evaluated by: libssl.so.1.1

214-2504

2054

#ifdef OPENSSL_NO_COMP

-

2055

s->session->compress_meth = 0;

-

2056

#else

-

2057

s->session->compress_meth = (comp == NULL) ? 0 : comp->id;

(comp == ((void *)0) )	Description
TRUE	evaluated 2504 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2504

2058

#endif

-

2059

}

executed 2504 times by 1 test: end of block

Executed by:

libssl.so.1.1

2504

2060

-

2061

sk_SSL_CIPHER_free(ciphers);

-

2062

sk_SSL_CIPHER_free(scsvs);

-

2063

OPENSSL_free(clienthello->pre_proc_exts);

-

2064

OPENSSL_free(s->clienthello);

-

2065

s->clienthello = NULL;

-

2066

return 1;

executed 2718 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2718

2067

err:

-

2068

sk_SSL_CIPHER_free(ciphers);

-

2069

sk_SSL_CIPHER_free(scsvs);

-

2070

OPENSSL_free(clienthello->pre_proc_exts);

-

2071

OPENSSL_free(s->clienthello);

-

2072

s->clienthello = NULL;

-

2073

-

2074

return 0;

executed 939 times by 1 test: return 0;

Executed by:

libssl.so.1.1

939

2075

}

-

2076

-

2077

/*

-

2078

* Call the status request callback if needed. Upon success, returns 1.

-

2079

* Upon failure, returns 0.

-

2080

*/

-

2081

static int tls_handle_status_request(SSL *s)

-

2082

{

-

2083

s->ext.status_expected = 0;

-

2084

-

2085

/*

-

2086

* If status request then ask callback what to do. Note: this must be

-

2087

* called after servername callbacks in case the certificate has changed,

-

2088

* and must be called after the cipher has been chosen because this may

-

2089

* influence which certificate is sent

-

2090

*/

-

2091

if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL

s->ext.status_type != -1	Description
TRUE	evaluated 164 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2318 times by 1 test Evaluated by: libssl.so.1.1

s->ctx != ((void *)0)	Description
TRUE	evaluated 164 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2318

2092

&& s->ctx->ext.status_cb != NULL) {

s->ctx->ext.st...!= ((void *)0)	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 152 times by 1 test Evaluated by: libssl.so.1.1

12-152

2093

int ret;

-

2094

-

2095

/* If no certificate can't return certificate status */

-

2096

if (s->s3->tmp.cert != NULL) {

s->s3->tmp.cert != ((void *)0)	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-12

2097

/*

-

2098

* Set current certificate to one we will use so SSL_get_certificate

-

2099

* et al can pick it up.

-

2100

*/

-

2101

s->cert->key = s->s3->tmp.cert;

-

2102

ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);

-

2103

switch (ret) {

-

2104

/* We don't want to send a status request response */

-

2105

case SSL_TLSEXT_ERR_NOACK:

never executed: case 3:

0

2106

s->ext.status_expected = 0;

-

2107

break;

never executed: break;

0

2108

/* status request response should be sent */

-

2109

case SSL_TLSEXT_ERR_OK:

executed 11 times by 1 test: case 0:

Executed by:

libssl.so.1.1

11

2110

if (s->ext.ocsp.resp)

s->ext.ocsp.resp	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-11

2111

s->ext.status_expected = 1;

executed 11 times by 1 test: s->ext.status_expected = 1;

Executed by:

libssl.so.1.1

11

2112

break;

executed 11 times by 1 test: break;

Executed by:

libssl.so.1.1

11

2113

/* something bad happened */

-

2114

case SSL_TLSEXT_ERR_ALERT_FATAL:

executed 1 time by 1 test: case 2:

Executed by:

libssl.so.1.1

1

2115

default:

never executed: default:

0

2116

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2117

SSL_F_TLS_HANDLE_STATUS_REQUEST,

-

2118

SSL_R_CLIENTHELLO_TLSEXT);

-

2119

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1

2120

}

-

2121

}

-

2122

}

executed 11 times by 1 test: end of block

Executed by:

libssl.so.1.1

11

2123

-

2124

return 1;

executed 2481 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2481

2125

}

-

2126

-

2127

/*

-

2128

* Call the alpn_select callback if needed. Upon success, returns 1.

-

2129

* Upon failure, returns 0.

-

2130

*/

-

2131

int tls_handle_alpn(SSL *s)

-

2132

{

-

2133

const unsigned char *selected = NULL;

-

2134

unsigned char selected_len = 0;

-

2135

-

2136

if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {

s->ctx->ext.al...!= ((void *)0)	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2506 times by 1 test Evaluated by: libssl.so.1.1

s->s3->alpn_pr...!= ((void *)0)	Description
TRUE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-2506

2137

int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len,

-

2138

s->s3->alpn_proposed,

-

2139

(unsigned int)s->s3->alpn_proposed_len,

-

2140

s->ctx->ext.alpn_select_cb_arg);

-

2141

-

2142

if (r == SSL_TLSEXT_ERR_OK) {

r == 0	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-22

2143

OPENSSL_free(s->s3->alpn_selected);

-

2144

s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);

-

2145

if (s->s3->alpn_selected == NULL) {

s->s3->alpn_se...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

2146

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,

-

2147

ERR_R_INTERNAL_ERROR);

-

2148

return 0;

never executed: return 0;

0

2149

}

-

2150

s->s3->alpn_selected_len = selected_len;

-

2151

#ifndef OPENSSL_NO_NEXTPROTONEG

-

2152

/* ALPN takes precedence over NPN. */

-

2153

s->s3->npn_seen = 0;

-

2154

#endif

-

2155

-

2156

/* Check ALPN is consistent with session */

-

2157

if (s->session->ext.alpn_selected == NULL

s->session->ex...== ((void *)0)	Description
TRUE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-17

2158

|| selected_len != s->session->ext.alpn_selected_len

selected_len !...n_selected_len	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2159

|| memcmp(selected, s->session->ext.alpn_selected,

memcmp(selecte...cted_len) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

2-3

2160

selected_len) != 0) {

memcmp(selecte...cted_len) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

2-3

2161

/* Not consistent so can't be used for early_data */

-

2162

s->ext.early_data_ok = 0;

-

2163

-

2164

if (!s->hit) {

!s->hit	Description
TRUE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-16

2165

/*

-

2166

* This is a new session and so alpn_selected should have

-

2167

* been initialised to NULL. We should update it with the

-

2168

* selected ALPN.

-

2169

*/

-

2170

if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {

!((s->session-...d *)0) ) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

2171

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2172

SSL_F_TLS_HANDLE_ALPN,

-

2173

ERR_R_INTERNAL_ERROR);

-

2174

return 0;

never executed: return 0;

0

2175

}

-

2176

s->session->ext.alpn_selected = OPENSSL_memdup(selected,

-

2177

selected_len);

-

2178

if (s->session->ext.alpn_selected == NULL) {

s->session->ex...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

2179

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2180

SSL_F_TLS_HANDLE_ALPN,

-

2181

ERR_R_INTERNAL_ERROR);

-

2182

return 0;

never executed: return 0;

0

2183

}

-

2184

s->session->ext.alpn_selected_len = selected_len;

-

2185

}

executed 16 times by 1 test: end of block

Executed by:

libssl.so.1.1

16

2186

}

executed 19 times by 1 test: end of block

Executed by:

libssl.so.1.1

19

2187

-

2188

return 1;

executed 22 times by 1 test: return 1;

Executed by:

libssl.so.1.1

22

2189

} else if (r != SSL_TLSEXT_ERR_NOACK) {

r != 3	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-2

2190

SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, SSL_F_TLS_HANDLE_ALPN,

-

2191

SSL_R_NO_APPLICATION_PROTOCOL);

-

2192

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2

2193

}

-

2194

/*

-

2195

* If r == SSL_TLSEXT_ERR_NOACK then behave as if no callback was

-

2196

* present.

-

2197

*/

-

2198

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

1

2199

-

2200

/* Check ALPN is consistent with session */

-

2201

if (s->session->ext.alpn_selected != NULL) {

s->session->ex...!= ((void *)0)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2507 times by 1 test Evaluated by: libssl.so.1.1

4-2507

2202

/* Not consistent so can't be used for early_data */

-

2203

s->ext.early_data_ok = 0;

-

2204

}

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

4

2205

-

2206

return 1;

executed 2511 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2511

2207

}

-

2208

-

2209

WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)

-

2210

{

-

2211

const SSL_CIPHER *cipher;

-

2212

-

2213

if (wst == WORK_MORE_A) {

wst == WORK_MORE_A	Description
TRUE	evaluated 3658 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2-3658

2214

int rv = tls_early_post_process_client_hello(s);

-

2215

if (rv == 0) {

rv == 0	Description
TRUE	evaluated 939 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2719 times by 1 test Evaluated by: libssl.so.1.1

939-2719

2216

/* SSLfatal() was already called */

-

2217

goto err;

executed 939 times by 1 test: goto err;

Executed by:

libssl.so.1.1

939

2218

}

-

2219

if (rv < 0)

rv < 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2718 times by 1 test Evaluated by: libssl.so.1.1

1-2718

2220

return WORK_MORE_A;

executed 1 time by 1 test: return WORK_MORE_A;

Executed by:

libssl.so.1.1

1

2221

wst = WORK_MORE_B;

-

2222

}

executed 2718 times by 1 test: end of block

Executed by:

libssl.so.1.1

2718

2223

if (wst == WORK_MORE_B) {

wst == WORK_MORE_B	Description
TRUE	evaluated 2720 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2720

2224

if (!s->hit || SSL_IS_TLS13(s)) {

!s->hit	Description
TRUE	evaluated 2506 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 214 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 198 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 132 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 66 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 132 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2506

2225

/* Let cert callback update server certificates if required */

-

2226

if (!s->hit) {

!s->hit	Description
TRUE	evaluated 2506 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 132 times by 1 test Evaluated by: libssl.so.1.1

132-2506

2227

if (s->cert->cert_cb != NULL) {

s->cert->cert_...!= ((void *)0)	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2501 times by 1 test Evaluated by: libssl.so.1.1

5-2501

2228

int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);

-

2229

if (rv == 0) {

rv == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

1-4

2230

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2231

SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,

-

2232

SSL_R_CERT_CB_ERROR);

-

2233

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

2234

}

-

2235

if (rv < 0) {

rv < 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2

2236

s->rwstate = SSL_X509_LOOKUP;

-

2237

return WORK_MORE_B;

executed 2 times by 1 test: return WORK_MORE_B;

Executed by:

libssl.so.1.1

2

2238

}

-

2239

s->rwstate = SSL_NOTHING;

-

2240

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

2

2241

if (!tls1_set_server_sigalgs(s)) {

!tls1_set_server_sigalgs(s)	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2484 times by 1 test Evaluated by: libssl.so.1.1

19-2484

2242

/* SSLfatal already called */

-

2243

goto err;

executed 19 times by 1 test: goto err;

Executed by:

libssl.so.1.1

19

2244

}

-

2245

}

executed 2484 times by 1 test: end of block

Executed by:

libssl.so.1.1

2484

2246

-

2247

/* In TLSv1.3 we selected the ciphersuite before resumption */

-

2248

if (!SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2446 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 170 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 994 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1452 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 994 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2446

2249

cipher =

-

2250

ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));

-

2251

-

2252

if (cipher == NULL) {

cipher == ((void *)0)	Description
TRUE	evaluated 126 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1496 times by 1 test Evaluated by: libssl.so.1.1

126-1496

2253

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

2254

SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,

-

2255

SSL_R_NO_SHARED_CIPHER);

-

2256

goto err;

executed 126 times by 1 test: goto err;

Executed by:

libssl.so.1.1

126

2257

}

-

2258

s->s3->tmp.new_cipher = cipher;

-

2259

}

executed 1496 times by 1 test: end of block

Executed by:

libssl.so.1.1

1496

2260

if (!s->hit) {

!s->hit	Description
TRUE	evaluated 2358 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 132 times by 1 test Evaluated by: libssl.so.1.1

132-2358

2261

if (!tls_choose_sigalg(s, 1)) {

!tls_choose_sigalg(s, 1)	Description
TRUE	evaluated 90 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2268 times by 1 test Evaluated by: libssl.so.1.1

90-2268

2262

/* SSLfatal already called */

-

2263

goto err;

executed 90 times by 1 test: goto err;

Executed by:

libssl.so.1.1

90

2264

}

-

2265

/* check whether we should disable session resumption */

-

2266

if (s->not_resumable_session_cb != NULL)

s->not_resumab...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2268 times by 1 test Evaluated by: libssl.so.1.1

0-2268

2267

s->session->not_resumable =

never executed:

s->session->not_resumable = s->not_resumable_session_cb(s, ((s->s3->tmp.new_cipher->algorithm_mkey & (0x00000002U | 0x00000004U)) != 0));

0

2268

s->not_resumable_session_cb(s,

never executed:

s->session->not_resumable = s->not_resumable_session_cb(s, ((s->s3->tmp.new_cipher->algorithm_mkey & (0x00000002U | 0x00000004U)) != 0));

0

2269

((s->s3->tmp.new_cipher->algorithm_mkey

never executed:

s->session->not_resumable = s->not_resumable_session_cb(s, ((s->s3->tmp.new_cipher->algorithm_mkey & (0x00000002U | 0x00000004U)) != 0));

0

2270

& (SSL_kDHE | SSL_kECDHE)) != 0));

never executed:

s->session->not_resumable = s->not_resumable_session_cb(s, ((s->s3->tmp.new_cipher->algorithm_mkey & (0x00000002U | 0x00000004U)) != 0));

0

2271

if (s->session->not_resumable)

s->session->not_resumable	Description
TRUE	never evaluated
FALSE	evaluated 2268 times by 1 test Evaluated by: libssl.so.1.1

0-2268

2272

/* do not send a session ticket */

-

2273

s->ext.ticket_expected = 0;

never executed: s->ext.ticket_expected = 0;

0

2274

}

executed 2268 times by 1 test: end of block

Executed by:

libssl.so.1.1

2268

2275

} else {

executed 2400 times by 1 test: end of block

Executed by:

libssl.so.1.1

2400

2276

/* Session-id reuse */

-

2277

s->s3->tmp.new_cipher = s->session->cipher;

-

2278

}

executed 82 times by 1 test: end of block

Executed by:

libssl.so.1.1

82

2279

-

2280

/*-

-

2281

* we now have the following setup.

-

2282

* client_random

-

2283

* cipher_list - our preferred list of ciphers

-

2284

* ciphers - the clients preferred list of ciphers

-

2285

* compression - basically ignored right now

-

2286

* ssl version is set - sslv3

-

2287

* s->session - The ssl session has been setup.

-

2288

* s->hit - session reuse flag

-

2289

* s->s3->tmp.new_cipher- the new cipher to use.

-

2290

*/

-

2291

-

2292

/*

-

2293

* Call status_request callback if needed. Has to be done after the

-

2294

* certificate callbacks etc above.

-

2295

*/

-

2296

if (!tls_handle_status_request(s)) {

!tls_handle_status_request(s)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

1-2481

2297

/* SSLfatal() already called */

-

2298

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

2299

}

-

2300

/*

-

2301

* Call alpn_select callback if needed. Has to be done after SNI and

-

2302

* cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3

-

2303

* we already did this because cipher negotiation happens earlier, and

-

2304

* we must handle ALPN before we decide whether to accept early_data.

-

2305

*/

-

2306

if (!SSL_IS_TLS13(s) && !tls_handle_alpn(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2295 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 971 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1324 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 971 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!tls_handle_alpn(s)	Description
TRUE	never evaluated
FALSE	evaluated 1510 times by 1 test Evaluated by: libssl.so.1.1

0-2295

2307

/* SSLfatal() already called */

-

2308

goto err;

never executed: goto err;

0

2309

}

-

2310

-

2311

wst = WORK_MORE_C;

-

2312

}

executed 2481 times by 1 test: end of block

Executed by:

libssl.so.1.1

2481

2313

#ifndef OPENSSL_NO_SRP

-

2314

if (wst == WORK_MORE_C) {

wst == WORK_MORE_C	Description
TRUE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2481

2315

int ret;

-

2316

if ((ret = ssl_check_srp_ext_ClientHello(s)) == 0) {

(ret = ssl_che...Hello(s)) == 0	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2317

/*

-

2318

* callback indicates further work to be done

-

2319

*/

-

2320

s->rwstate = SSL_X509_LOOKUP;

-

2321

return WORK_MORE_C;

never executed: return WORK_MORE_C;

0

2322

}

-

2323

if (ret < 0) {

ret < 0	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2324

/* SSLfatal() already called */

-

2325

goto err;

never executed: goto err;

0

2326

}

-

2327

}

executed 2481 times by 1 test: end of block

Executed by:

libssl.so.1.1

2481

2328

#endif

-

2329

-

2330

return WORK_FINISHED_STOP;

executed 2481 times by 1 test: return WORK_FINISHED_STOP;

Executed by:

libssl.so.1.1

2481

2331

err:

-

2332

return WORK_ERROR;

executed 1176 times by 1 test: return WORK_ERROR;

Executed by:

libssl.so.1.1

1176

2333

}

-

2334

-

2335

int tls_construct_server_hello(SSL *s, WPACKET *pkt)

-

2336

{

-

2337

int compm;

-

2338

size_t sl, len;

-

2339

int version;

-

2340

unsigned char *session_id;

-

2341

int usetls13 = SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING;

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2295 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 186 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 971 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1324 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 971 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->hello_retry...SL_HRR_PENDING	Description
TRUE	never evaluated
FALSE	evaluated 1510 times by 1 test Evaluated by: libssl.so.1.1

0-2295

2342

-

2343

version = usetls13 ? TLS1_2_VERSION : s->version;

usetls13	Description
TRUE	evaluated 971 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1510 times by 1 test Evaluated by: libssl.so.1.1

971-1510

2344

if (!WPACKET_put_bytes_u16(pkt, version)

!WPACKET_put_b... (version), 2)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2345

/*

-

2346

* Random stuff. Filling of the server_random takes place in

-

2347

* tls_process_client_hello()

-

2348

*/

-

2349

|| !WPACKET_memcpy(pkt,

!WPACKET_memcp...er_random, 32)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2350

s->hello_retry_request == SSL_HRR_PENDING

!WPACKET_memcp...er_random, 32)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2351

? hrrrandom : s->s3->server_random,

!WPACKET_memcp...er_random, 32)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2352

SSL3_RANDOM_SIZE)) {

!WPACKET_memcp...er_random, 32)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2353

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,

-

2354

ERR_R_INTERNAL_ERROR);

-

2355

return 0;

never executed: return 0;

0

2356

}

-

2357

-

2358

/*-

-

2359

* There are several cases for the session ID to send

-

2360

* back in the server hello:

-

2361

* - For session reuse from the session cache,

-

2362

* we send back the old session ID.

-

2363

* - If stateless session reuse (using a session ticket)

-

2364

* is successful, we send back the client's "session ID"

-

2365

* (which doesn't actually identify the session).

-

2366

* - If it is a new session, we send back the new

-

2367

* session ID.

-

2368

* - However, if we want the new session to be single-use,

-

2369

* we send back a 0-length session ID.

-

2370

* - In TLSv1.3 we echo back the session id sent to us by the client

-

2371

* regardless

-

2372

* s->hit is non-zero in either case of session reuse,

-

2373

* so the following won't overwrite an ID that we're supposed

-

2374

* to send back.

-

2375

*/

-

2376

if (s->session->not_resumable ||

s->session->not_resumable	Description
TRUE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2449 times by 1 test Evaluated by: libssl.so.1.1

32-2449

2377

(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)

!(s->ctx->sess...mode & 0x0002)	Description
TRUE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2425 times by 1 test Evaluated by: libssl.so.1.1

24-2425

2378

&& !s->hit))

!s->hit	Description
TRUE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-16

2379

s->session->session_id_length = 0;

executed 48 times by 1 test: s->session->session_id_length = 0;

Executed by:

libssl.so.1.1

48

2380

-

2381

if (usetls13) {

usetls13	Description
TRUE	evaluated 971 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1510 times by 1 test Evaluated by: libssl.so.1.1

971-1510

2382

sl = s->tmp_session_id_len;

-

2383

session_id = s->tmp_session_id;

-

2384

} else {

executed 971 times by 1 test: end of block

Executed by:

libssl.so.1.1

971

2385

sl = s->session->session_id_length;

-

2386

session_id = s->session->session_id;

-

2387

}

executed 1510 times by 1 test: end of block

Executed by:

libssl.so.1.1

1510

2388

-

2389

if (sl > sizeof(s->session->session_id)) {

sl > sizeof(s-...n->session_id)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2390

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,

-

2391

ERR_R_INTERNAL_ERROR);

-

2392

return 0;

never executed: return 0;

0

2393

}

-

2394

-

2395

/* set up the compression method */

-

2396

#ifdef OPENSSL_NO_COMP

-

2397

compm = 0;

-

2398

#else

-

2399

if (usetls13 || s->s3->tmp.new_compression == NULL)

usetls13	Description
TRUE	evaluated 971 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1510 times by 1 test Evaluated by: libssl.so.1.1

s->s3->tmp.new...== ((void *)0)	Description
TRUE	evaluated 1510 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1510

2400

compm = 0;

executed 2481 times by 1 test: compm = 0;

Executed by:

libssl.so.1.1

2481

2401

else

-

2402

compm = s->s3->tmp.new_compression->id;

never executed: compm = s->s3->tmp.new_compression->id;

0

2403

#endif

-

2404

-

2405

if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)

!WPACKET_sub_m..._id), (sl), 1)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2406

|| !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)

!s->method->pu...er, pkt, &len)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2407

|| !WPACKET_put_bytes_u8(pkt, compm)) {

!WPACKET_put_b...), (compm), 1)	Description
TRUE	never evaluated
FALSE	evaluated 2481 times by 1 test Evaluated by: libssl.so.1.1

0-2481

2408

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,

-

2409

ERR_R_INTERNAL_ERROR);

-

2410

return 0;

never executed: return 0;

0

2411

}

-

2412

-

2413

if (!tls_construct_extensions(s, pkt,

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1

3-2478

2414

s->hello_retry_request == SSL_HRR_PENDING

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1

3-2478

2415

? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1

3-2478

2416

: (SSL_IS_TLS13(s)

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1

3-2478

2417

? SSL_EXT_TLS1_3_SERVER_HELLO

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1

3-2478

2418

: SSL_EXT_TLS1_2_SERVER_HELLO),

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1

3-2478

2419

NULL, 0)) {

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1

3-2478

2420

/* SSLfatal() already called */

-

2421

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

3

2422

}

-

2423

-

2424

if (s->hello_retry_request == SSL_HRR_PENDING) {

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2364 times by 1 test Evaluated by: libssl.so.1.1

114-2364

2425

/* Ditch the session. We'll create a new one next time around */

-

2426

SSL_SESSION_free(s->session);

-

2427

s->session = NULL;

-

2428

s->hit = 0;

-

2429

-

2430

/*

-

2431

* Re-initialise the Transcript Hash. We're going to prepopulate it with

-

2432

* a synthetic message_hash in place of ClientHello1.

-

2433

*/

-

2434

if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {

!create_synthe...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 114 times by 1 test Evaluated by: libssl.so.1.1

0-114

2435

/* SSLfatal() already called */

-

2436

return 0;

never executed: return 0;

0

2437

}

-

2438

} else if (!(s->verify_mode & SSL_VERIFY_PEER)

executed 114 times by 1 test: end of block

Executed by:

libssl.so.1.1

!(s->verify_mode & 0x01)	Description
TRUE	evaluated 2299 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 65 times by 1 test Evaluated by: libssl.so.1.1

65-2299

2439

&& !ssl3_digest_cached_records(s, 0)) {

!ssl3_digest_c..._records(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 2299 times by 1 test Evaluated by: libssl.so.1.1

0-2299

2440

/* SSLfatal() already called */;

-

2441

return 0;

never executed: return 0;

0

2442

}

-

2443

-

2444

return 1;

executed 2478 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2478

2445

}

-

2446

-

2447

int tls_construct_server_done(SSL *s, WPACKET *pkt)

-

2448

{

-

2449

if (!s->s3->tmp.cert_request) {

!s->s3->tmp.cert_request	Description
TRUE	evaluated 1393 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

35-1393

2450

if (!ssl3_digest_cached_records(s, 0)) {

!ssl3_digest_c..._records(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 1393 times by 1 test Evaluated by: libssl.so.1.1

0-1393

2451

/* SSLfatal() already called */

-

2452

return 0;

never executed: return 0;

0

2453

}

-

2454

}

executed 1393 times by 1 test: end of block

Executed by:

libssl.so.1.1

1393

2455

return 1;

executed 1428 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1428

2456

}

-

2457

-

2458

int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)

-

2459

{

-

2460

#ifndef OPENSSL_NO_DH

-

2461

EVP_PKEY *pkdh = NULL;

-

2462

#endif

-

2463

#ifndef OPENSSL_NO_EC

-

2464

unsigned char *encodedPoint = NULL;

-

2465

size_t encodedlen = 0;

-

2466

int curve_id = 0;

-

2467

#endif

-

2468

const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;

-

2469

int i;

-

2470

unsigned long type;

-

2471

const BIGNUM *r[4];

-

2472

EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();

-

2473

EVP_PKEY_CTX *pctx = NULL;

-

2474

size_t paramlen, paramoffset;

-

2475

-

2476

if (!WPACKET_get_total_written(pkt, &paramoffset)) {

!WPACKET_get_t... &paramoffset)	Description
TRUE	never evaluated
FALSE	evaluated 1156 times by 1 test Evaluated by: libssl.so.1.1

0-1156

2477

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2478

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

-

2479

goto err;

never executed: goto err;

0

2480

}

-

2481

-

2482

if (md_ctx == NULL) {

md_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1156 times by 1 test Evaluated by: libssl.so.1.1

0-1156

2483

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2484

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);

-

2485

goto err;

never executed: goto err;

0

2486

}

-

2487

-

2488

type = s->s3->tmp.new_cipher->algorithm_mkey;

-

2489

-

2490

r[0] = r[1] = r[2] = r[3] = NULL;

-

2491

#ifndef OPENSSL_NO_PSK

-

2492

/* Plain PSK or RSAPSK nothing to do */

-

2493

if (type & (SSL_kPSK | SSL_kRSAPSK)) {

type & (0x0000...\| 0x00000040U)	Description
TRUE	never evaluated
FALSE	evaluated 1156 times by 1 test Evaluated by: libssl.so.1.1

0-1156

2494

} else

never executed: end of block

0

2495

#endif /* !OPENSSL_NO_PSK */

-

2496

#ifndef OPENSSL_NO_DH

-

2497

if (type & (SSL_kDHE | SSL_kDHEPSK)) {

type & (0x0000...\| 0x00000100U)	Description
TRUE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1095 times by 1 test Evaluated by: libssl.so.1.1

61-1095

2498

CERT *cert = s->cert;

-

2499

-

2500

EVP_PKEY *pkdhp = NULL;

-

2501

DH *dh;

-

2502

-

2503

if (s->cert->dh_tmp_auto) {

s->cert->dh_tmp_auto	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 52 times by 1 test Evaluated by: libssl.so.1.1

9-52

2504

DH *dhp = ssl_get_auto_dh(s);

-

2505

pkdh = EVP_PKEY_new();

-

2506

if (pkdh == NULL || dhp == NULL) {

pkdh == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

dhp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

2507

DH_free(dhp);

-

2508

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2509

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2510

ERR_R_INTERNAL_ERROR);

-

2511

goto err;

never executed: goto err;

0

2512

}

-

2513

EVP_PKEY_assign_DH(pkdh, dhp);

-

2514

pkdhp = pkdh;

-

2515

} else {

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

9

2516

pkdhp = cert->dh_tmp;

-

2517

}

executed 52 times by 1 test: end of block

Executed by:

libssl.so.1.1

52

2518

if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {

(pkdhp == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

(s->cert->dh_t... ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

0-61

2519

DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);

-

2520

pkdh = ssl_dh_to_pkey(dhp);

-

2521

if (pkdh == NULL) {

pkdh == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

2522

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2523

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2524

ERR_R_INTERNAL_ERROR);

-

2525

goto err;

never executed: goto err;

0

2526

}

-

2527

pkdhp = pkdh;

-

2528

}

never executed: end of block

0

2529

if (pkdhp == NULL) {

pkdhp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

0-61

2530

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2531

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2532

SSL_R_MISSING_TMP_DH_KEY);

-

2533

goto err;

never executed: goto err;

0

2534

}

-

2535

if (!ssl_security(s, SSL_SECOP_TMP_DH,

!ssl_security(...hp), 0, pkdhp)	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

0-61

2536

EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {

!ssl_security(...hp), 0, pkdhp)	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

0-61

2537

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

2538

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2539

SSL_R_DH_KEY_TOO_SMALL);

-

2540

goto err;

never executed: goto err;

0

2541

}

-

2542

if (s->s3->tmp.pkey != NULL) {

s->s3->tmp.pkey != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

0-61

2543

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2544

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2545

ERR_R_INTERNAL_ERROR);

-

2546

goto err;

never executed: goto err;

0

2547

}

-

2548

-

2549

s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);

-

2550

if (s->s3->tmp.pkey == NULL) {

s->s3->tmp.pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

0-61

2551

/* SSLfatal() already called */

-

2552

goto err;

never executed: goto err;

0

2553

}

-

2554

-

2555

dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);

-

2556

if (dh == NULL) {

dh == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

0-61

2557

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2558

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2559

ERR_R_INTERNAL_ERROR);

-

2560

goto err;

never executed: goto err;

0

2561

}

-

2562

-

2563

EVP_PKEY_free(pkdh);

-

2564

pkdh = NULL;

-

2565

-

2566

DH_get0_pqg(dh, &r[0], NULL, &r[1]);

-

2567

DH_get0_key(dh, &r[2], NULL);

-

2568

} else

executed 61 times by 1 test: end of block

Executed by:

libssl.so.1.1

61

2569

#endif

-

2570

#ifndef OPENSSL_NO_EC

-

2571

if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {

type & (0x0000...\| 0x00000080U)	Description
TRUE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

10-1085

2572

-

2573

if (s->s3->tmp.pkey != NULL) {

s->s3->tmp.pkey != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2574

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2575

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2576

ERR_R_INTERNAL_ERROR);

-

2577

goto err;

never executed: goto err;

0

2578

}

-

2579

-

2580

/* Get NID of appropriate shared curve */

-

2581

curve_id = tls1_shared_group(s, -2);

-

2582

if (curve_id == 0) {

curve_id == 0	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2583

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

2584

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2585

SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);

-

2586

goto err;

never executed: goto err;

0

2587

}

-

2588

s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id);

-

2589

/* Generate a new key for this curve */

-

2590

if (s->s3->tmp.pkey == NULL) {

s->s3->tmp.pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2591

/* SSLfatal() already called */

-

2592

goto err;

never executed: goto err;

0

2593

}

-

2594

-

2595

/* Encode the public key. */

-

2596

encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey,

-

2597

&encodedPoint);

-

2598

if (encodedlen == 0) {

encodedlen == 0	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2599

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2600

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);

-

2601

goto err;

never executed: goto err;

0

2602

}

-

2603

-

2604

/*

-

2605

* We'll generate the serverKeyExchange message explicitly so we

-

2606

* can set these to NULLs

-

2607

*/

-

2608

r[0] = NULL;

-

2609

r[1] = NULL;

-

2610

r[2] = NULL;

-

2611

r[3] = NULL;

-

2612

} else

executed 1085 times by 1 test: end of block

Executed by:

libssl.so.1.1

1085

2613

#endif /* !OPENSSL_NO_EC */

-

2614

#ifndef OPENSSL_NO_SRP

-

2615

if (type & SSL_kSRP) {

type & 0x00000020U	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-10

2616

if ((s->srp_ctx.N == NULL) ||

(s->srp_ctx.N == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2617

(s->srp_ctx.g == NULL) ||

(s->srp_ctx.g == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2618

(s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {

(s->srp_ctx.s == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

(s->srp_ctx.B == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2619

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2620

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2621

SSL_R_MISSING_SRP_PARAM);

-

2622

goto err;

never executed: goto err;

0

2623

}

-

2624

r[0] = s->srp_ctx.N;

-

2625

r[1] = s->srp_ctx.g;

-

2626

r[2] = s->srp_ctx.s;

-

2627

r[3] = s->srp_ctx.B;

-

2628

} else

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

10

2629

#endif

-

2630

{

-

2631

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2632

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2633

SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);

-

2634

goto err;

never executed: goto err;

0

2635

}

-

2636

-

2637

if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0)

((s->s3->tmp.n...00040U)) != 0)	Description
TRUE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1116 times by 1 test Evaluated by: libssl.so.1.1

40-1116

2638

|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) {

((s->s3->tmp.n...00100U))) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

2-1114

2639

lu = NULL;

-

2640

} else if (lu == NULL) {

executed 42 times by 1 test: end of block

Executed by:

libssl.so.1.1

lu == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2641

SSLfatal(s, SSL_AD_DECODE_ERROR,

-

2642

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

-

2643

goto err;

never executed: goto err;

0

2644

}

-

2645

-

2646

#ifndef OPENSSL_NO_PSK

-

2647

if (type & SSL_PSK) {

type & (0x0000...\| 0x00000100U)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1154 times by 1 test Evaluated by: libssl.so.1.1

2-1154

2648

size_t len = (s->cert->psk_identity_hint == NULL)

(s->cert->psk_... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2649

? 0 : strlen(s->cert->psk_identity_hint);

-

2650

-

2651

/*

-

2652

* It should not happen that len > PSK_MAX_IDENTITY_LEN - we already

-

2653

* checked this when we set the identity hint - but just in case

-

2654

*/

-

2655

if (len > PSK_MAX_IDENTITY_LEN

len > 128	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2656

|| !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint,

!WPACKET_sub_m...nt), (len), 2)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2657

len)) {

-

2658

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2659

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2660

ERR_R_INTERNAL_ERROR);

-

2661

goto err;

never executed: goto err;

0

2662

}

-

2663

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

2

2664

#endif

-

2665

-

2666

for (i = 0; i < 4 && r[i] != NULL; i++) {

i < 4	Description
TRUE	evaluated 1369 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

r[i] != ((void *)0)	Description
TRUE	evaluated 223 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1146 times by 1 test Evaluated by: libssl.so.1.1

10-1369

2667

unsigned char *binval;

-

2668

int res;

-

2669

-

2670

#ifndef OPENSSL_NO_SRP

-

2671

if ((i == 2) && (type & SSL_kSRP)) {

(i == 2)	Description
TRUE	evaluated 71 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 152 times by 1 test Evaluated by: libssl.so.1.1

(type & 0x00000020U)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

10-152

2672

res = WPACKET_start_sub_packet_u8(pkt);

-

2673

} else

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

10

2674

#endif

-

2675

res = WPACKET_start_sub_packet_u16(pkt);

executed 213 times by 1 test: res = WPACKET_start_sub_packet_len__((pkt), 2);

Executed by:

libssl.so.1.1

213

2676

-

2677

if (!res) {

!res	Description
TRUE	never evaluated
FALSE	evaluated 223 times by 1 test Evaluated by: libssl.so.1.1

0-223

2678

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2679

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2680

ERR_R_INTERNAL_ERROR);

-

2681

goto err;

never executed: goto err;

0

2682

}

-

2683

-

2684

#ifndef OPENSSL_NO_DH

-

2685

/*-

-

2686

* for interoperability with some versions of the Microsoft TLS

-

2687

* stack, we need to zero pad the DHE pub key to the same length

-

2688

* as the prime

-

2689

*/

-

2690

if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {

(i == 2)	Description
TRUE	evaluated 71 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 152 times by 1 test Evaluated by: libssl.so.1.1

(type & (0x000... 0x00000100U))	Description
TRUE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

10-152

2691

size_t len = BN_num_bytes(r[0]) - BN_num_bytes(r[2]);

-

2692

-

2693

if (len > 0) {

len > 0	Description
TRUE	never evaluated
FALSE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1

0-61

2694

if (!WPACKET_allocate_bytes(pkt, len, &binval)) {

!WPACKET_alloc... len, &binval)	Description
TRUE	never evaluated
FALSE	never evaluated

0

2695

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2696

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2697

ERR_R_INTERNAL_ERROR);

-

2698

goto err;

never executed: goto err;

0

2699

}

-

2700

memset(binval, 0, len);

-

2701

}

never executed: end of block

0

2702

}

executed 61 times by 1 test: end of block

Executed by:

libssl.so.1.1

61

2703

#endif

-

2704

if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval)

!WPACKET_alloc...)/8), &binval)	Description
TRUE	never evaluated
FALSE	evaluated 223 times by 1 test Evaluated by: libssl.so.1.1

0-223

2705

|| !WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 223 times by 1 test Evaluated by: libssl.so.1.1

0-223

2706

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2707

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2708

ERR_R_INTERNAL_ERROR);

-

2709

goto err;

never executed: goto err;

0

2710

}

-

2711

-

2712

BN_bn2bin(r[i], binval);

-

2713

}

executed 223 times by 1 test: end of block

Executed by:

libssl.so.1.1

223

2714

-

2715

#ifndef OPENSSL_NO_EC

-

2716

if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {

type & (0x0000...\| 0x00000080U)	Description
TRUE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 71 times by 1 test Evaluated by: libssl.so.1.1

71-1085

2717

/*

-

2718

* We only support named (not generic) curves. In this situation, the

-

2719

* ServerKeyExchange message has: [1 byte CurveType], [2 byte CurveName]

-

2720

* [1 byte length of encoded point], followed by the actual encoded

-

2721

* point itself

-

2722

*/

-

2723

if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)

!WPACKET_put_b...(pkt), (3), 1)	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2724

|| !WPACKET_put_bytes_u8(pkt, 0)

!WPACKET_put_b...(pkt), (0), 1)	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2725

|| !WPACKET_put_bytes_u8(pkt, curve_id)

!WPACKET_put_b...(curve_id), 1)	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2726

|| !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) {

!WPACKET_sub_m...ncodedlen), 1)	Description
TRUE	never evaluated
FALSE	evaluated 1085 times by 1 test Evaluated by: libssl.so.1.1

0-1085

2727

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2728

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2729

ERR_R_INTERNAL_ERROR);

-

2730

goto err;

never executed: goto err;

0

2731

}

-

2732

OPENSSL_free(encodedPoint);

-

2733

encodedPoint = NULL;

-

2734

}

executed 1085 times by 1 test: end of block

Executed by:

libssl.so.1.1

1085

2735

#endif

-

2736

-

2737

/* not anonymous */

-

2738

if (lu != NULL) {

lu != ((void *)0)	Description
TRUE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

42-1114

2739

EVP_PKEY *pkey = s->s3->tmp.cert->privatekey;

-

2740

const EVP_MD *md;

-

2741

unsigned char *sigbytes1, *sigbytes2, *tbs;

-

2742

size_t siglen, tbslen;

-

2743

int rv;

-

2744

-

2745

if (pkey == NULL || !tls1_lookup_md(lu, &md)) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

!tls1_lookup_md(lu, &md)	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2746

/* Should never happen */

-

2747

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2748

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2749

ERR_R_INTERNAL_ERROR);

-

2750

goto err;

never executed: goto err;

0

2751

}

-

2752

/* Get length of the parameters we have written above */

-

2753

if (!WPACKET_get_length(pkt, &paramlen)) {

!WPACKET_get_l...kt, &paramlen)	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2754

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2755

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2756

ERR_R_INTERNAL_ERROR);

-

2757

goto err;

never executed: goto err;

0

2758

}

-

2759

/* send signature algorithm */

-

2760

if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {

(s->method->ss...c_flags & 0x2)	Description
TRUE	evaluated 725 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 389 times by 1 test Evaluated by: libssl.so.1.1

!WPACKET_put_b...u->sigalg), 2)	Description
TRUE	never evaluated
FALSE	evaluated 725 times by 1 test Evaluated by: libssl.so.1.1

0-725

2761

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2762

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2763

ERR_R_INTERNAL_ERROR);

-

2764

goto err;

never executed: goto err;

0

2765

}

-

2766

/*

-

2767

* Create the signature. We don't know the actual length of the sig

-

2768

* until after we've created it, so we reserve enough bytes for it

-

2769

* up front, and then properly allocate them in the WPACKET

-

2770

* afterwards.

-

2771

*/

-

2772

siglen = EVP_PKEY_size(pkey);

-

2773

if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1)

!WPACKET_sub_r...sigbytes1), 2)	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2774

|| EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {

EVP_DigestSign...) , pkey) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2775

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2776

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2777

ERR_R_INTERNAL_ERROR);

-

2778

goto err;

never executed: goto err;

0

2779

}

-

2780

if (lu->sig == EVP_PKEY_RSA_PSS) {

lu->sig == 912	Description
TRUE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 621 times by 1 test Evaluated by: libssl.so.1.1

493-621

2781

if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1

0-493

2782

|| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) {

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1

0-493

2783

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2784

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2785

ERR_R_EVP_LIB);

-

2786

goto err;

never executed: goto err;

0

2787

}

-

2788

}

executed 493 times by 1 test: end of block

Executed by:

libssl.so.1.1

493

2789

tbslen = construct_key_exchange_tbs(s, &tbs,

-

2790

s->init_buf->data + paramoffset,

-

2791

paramlen);

-

2792

if (tbslen == 0) {

tbslen == 0	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2793

/* SSLfatal() already called */

-

2794

goto err;

never executed: goto err;

0

2795

}

-

2796

rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);

-

2797

OPENSSL_free(tbs);

-

2798

if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)

rv <= 0	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

!WPACKET_sub_a...sigbytes2), 2)	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2799

|| sigbytes1 != sigbytes2) {

sigbytes1 != sigbytes2	Description
TRUE	never evaluated
FALSE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1

0-1114

2800

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2801

SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,

-

2802

ERR_R_INTERNAL_ERROR);

-

2803

goto err;

never executed: goto err;

0

2804

}

-

2805

}

executed 1114 times by 1 test: end of block

Executed by:

libssl.so.1.1

1114

2806

-

2807

EVP_MD_CTX_free(md_ctx);

-

2808

return 1;

executed 1156 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1156

2809

err:

-

2810

#ifndef OPENSSL_NO_DH

-

2811

EVP_PKEY_free(pkdh);

-

2812

#endif

-

2813

#ifndef OPENSSL_NO_EC

-

2814

OPENSSL_free(encodedPoint);

-

2815

#endif

-

2816

EVP_MD_CTX_free(md_ctx);

-

2817

return 0;

never executed: return 0;

0

2818

}

-

2819

-

2820

int tls_construct_certificate_request(SSL *s, WPACKET *pkt)

-

2821

{

-

2822

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 68 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 46 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 46 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-68

2823

/* Send random context when doing post-handshake auth */

-

2824

if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {

s->post_handsh...EQUEST_PENDING	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

20-26

2825

OPENSSL_free(s->pha_context);

-

2826

s->pha_context_len = 32;

-

2827

if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL

(s->pha_contex...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

2828

|| RAND_bytes(s->pha_context, s->pha_context_len) <= 0

RAND_bytes(s->...text_len) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

2829

|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {

!WPACKET_sub_m...ntext_len), 1)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

2830

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2831

SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,

-

2832

ERR_R_INTERNAL_ERROR);

-

2833

return 0;

never executed: return 0;

0

2834

}

-

2835

/* reset the handshake hash back to just after the ClientFinished */

-

2836

if (!tls13_restore_handshake_digest_for_pha(s)) {

!tls13_restore...est_for_pha(s)	Description
TRUE	never evaluated
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

0-26

2837

/* SSLfatal() already called */

-

2838

return 0;

never executed: return 0;

0

2839

}

-

2840

} else {

executed 26 times by 1 test: end of block

Executed by:

libssl.so.1.1

26

2841

if (!WPACKET_put_bytes_u8(pkt, 0)) {

!WPACKET_put_b...(pkt), (0), 1)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

2842

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2843

SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,

-

2844

ERR_R_INTERNAL_ERROR);

-

2845

return 0;

never executed: return 0;

0

2846

}

-

2847

}

executed 20 times by 1 test: end of block

Executed by:

libssl.so.1.1

20

2848

-

2849

if (!tls_construct_extensions(s, pkt,

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

1-45

2850

SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL,

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

1-45

2851

0)) {

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

1-45

2852

/* SSLfatal() already called */

-

2853

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1

2854

}

-

2855

goto done;

executed 45 times by 1 test: goto done;

Executed by:

libssl.so.1.1

45

2856

}

-

2857

-

2858

/* get the list of acceptable cert types */

-

2859

if (!WPACKET_start_sub_packet_u8(pkt)

!WPACKET_start...en__((pkt), 1)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

2860

|| !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {

!ssl3_get_req_...t_type(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

2861

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2862

SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);

-

2863

return 0;

never executed: return 0;

0

2864

}

-

2865

-

2866

if (SSL_USE_SIGALGS(s)) {

(s->method->ss...c_flags & 0x2)	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

15-20

2867

const uint16_t *psigs;

-

2868

size_t nl = tls12_get_psigalgs(s, 1, &psigs);

-

2869

-

2870

if (!WPACKET_start_sub_packet_u16(pkt)

!WPACKET_start...en__((pkt), 2)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

2871

|| !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)

!WPACKET_set_flags(pkt, 1)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

2872

|| !tls12_copy_sigalgs(s, pkt, psigs, nl)

!tls12_copy_si...kt, psigs, nl)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

2873

|| !WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

2874

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2875

SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,

-

2876

ERR_R_INTERNAL_ERROR);

-

2877

return 0;

never executed: return 0;

0

2878

}

-

2879

}

executed 20 times by 1 test: end of block

Executed by:

libssl.so.1.1

20

2880

-

2881

if (!construct_ca_names(s, pkt)) {

!construct_ca_names(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

2882

/* SSLfatal() already called */

-

2883

return 0;

never executed: return 0;

0

2884

}

-

2885

-

2886

done:

code before this statement executed 35 times by 1 test: done:

Executed by:

libssl.so.1.1

35

2887

s->certreqs_sent++;

-

2888

s->s3->tmp.cert_request = 1;

-

2889

return 1;

executed 80 times by 1 test: return 1;

Executed by:

libssl.so.1.1

80

2890

}

-

2891

-

2892

static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)

-

2893

{

-

2894

#ifndef OPENSSL_NO_PSK

-

2895

unsigned char psk[PSK_MAX_PSK_LEN];

-

2896

size_t psklen;

-

2897

PACKET psk_identity;

-

2898

-

2899

if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {

!PACKET_get_le...&psk_identity)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2900

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,

-

2901

SSL_R_LENGTH_MISMATCH);

-

2902

return 0;

never executed: return 0;

0

2903

}

-

2904

if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {

PACKET_remaini...dentity) > 128	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2905

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,

-

2906

SSL_R_DATA_LENGTH_TOO_LONG);

-

2907

return 0;

never executed: return 0;

0

2908

}

-

2909

if (s->psk_server_callback == NULL) {

s->psk_server_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2910

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,

-

2911

SSL_R_PSK_NO_SERVER_CB);

-

2912

return 0;

never executed: return 0;

0

2913

}

-

2914

-

2915

if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {

!PACKET_strndu...>psk_identity)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2916

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,

-

2917

ERR_R_INTERNAL_ERROR);

-

2918

return 0;

never executed: return 0;

0

2919

}

-

2920

-

2921

psklen = s->psk_server_callback(s, s->session->psk_identity,

-

2922

psk, sizeof(psk));

-

2923

-

2924

if (psklen > PSK_MAX_PSK_LEN) {

psklen > 256	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2925

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,

-

2926

ERR_R_INTERNAL_ERROR);

-

2927

return 0;

never executed: return 0;

0

2928

} else if (psklen == 0) {

psklen == 0	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2929

/*

-

2930

* PSK related to the given identity not found

-

2931

*/

-

2932

SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,

-

2933

SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,

-

2934

SSL_R_PSK_IDENTITY_NOT_FOUND);

-

2935

return 0;

never executed: return 0;

0

2936

}

-

2937

-

2938

OPENSSL_free(s->s3->tmp.psk);

-

2939

s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);

-

2940

OPENSSL_cleanse(psk, psklen);

-

2941

-

2942

if (s->s3->tmp.psk == NULL) {

s->s3->tmp.psk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2943

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

2944

SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);

-

2945

return 0;

never executed: return 0;

0

2946

}

-

2947

-

2948

s->s3->tmp.psklen = psklen;

-

2949

-

2950

return 1;

executed 29 times by 1 test: return 1;

Executed by:

libssl.so.1.1

29

2951

#else

-

2952

/* Should never happen */

-

2953

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,

-

2954

ERR_R_INTERNAL_ERROR);

-

2955

return 0;

-

2956

#endif

-

2957

}

-

2958

-

2959

static int tls_process_cke_rsa(SSL *s, PACKET *pkt)

-

2960

{

-

2961

#ifndef OPENSSL_NO_RSA

-

2962

unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];

-

2963

int decrypt_len;

-

2964

unsigned char decrypt_good, version_good;

-

2965

size_t j, padding_len;

-

2966

PACKET enc_premaster;

-

2967

RSA *rsa = NULL;

-

2968

unsigned char *rsa_decrypt = NULL;

-

2969

int ret = 0;

-

2970

-

2971

rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA].privatekey);

-

2972

if (rsa == NULL) {

rsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 148 times by 1 test Evaluated by: libssl.so.1.1

0-148

2973

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

2974

SSL_R_MISSING_RSA_CERTIFICATE);

-

2975

return 0;

never executed: return 0;

0

2976

}

-

2977

-

2978

/* SSLv3 and pre-standard DTLS omit the length bytes. */

-

2979

if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {

s->version == 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 148 times by 1 test Evaluated by: libssl.so.1.1

s->version == 0x0100	Description
TRUE	never evaluated
FALSE	evaluated 148 times by 1 test Evaluated by: libssl.so.1.1

0-148

2980

enc_premaster = *pkt;

-

2981

} else {

never executed: end of block

0

2982

if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)

!PACKET_get_le...enc_premaster)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 147 times by 1 test Evaluated by: libssl.so.1.1

1-147

2983

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

2-145

2984

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

2985

SSL_R_LENGTH_MISMATCH);

-

2986

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

3

2987

}

-

2988

}

executed 145 times by 1 test: end of block

Executed by:

libssl.so.1.1

145

2989

-

2990

/*

-

2991

* We want to be sure that the plaintext buffer size makes it safe to

-

2992

* iterate over the entire size of a premaster secret

-

2993

* (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because

-

2994

* their ciphertext cannot accommodate a premaster secret anyway.

-

2995

*/

-

2996

if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {

RSA_size(rsa) < 48	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

2997

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

2998

RSA_R_KEY_SIZE_TOO_SMALL);

-

2999

return 0;

never executed: return 0;

0

3000

}

-

3001

-

3002

rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));

-

3003

if (rsa_decrypt == NULL) {

rsa_decrypt == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3004

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

3005

ERR_R_MALLOC_FAILURE);

-

3006

return 0;

never executed: return 0;

0

3007

}

-

3008

-

3009

/*

-

3010

* We must not leak whether a decryption failure occurs because of

-

3011

* Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,

-

3012

* section 7.4.7.1). The code follows that advice of the TLS RFC and

-

3013

* generates a random premaster secret for the case that the decrypt

-

3014

* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1

-

3015

*/

-

3016

-

3017

if (RAND_priv_bytes(rand_premaster_secret,

RAND_priv_byte..._secret)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3018

sizeof(rand_premaster_secret)) <= 0) {

RAND_priv_byte..._secret)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3019

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

3020

ERR_R_INTERNAL_ERROR);

-

3021

goto err;

never executed: goto err;

0

3022

}

-

3023

-

3024

/*

-

3025

* Decrypt with no padding. PKCS#1 padding will be removed as part of

-

3026

* the timing-sensitive code below.

-

3027

*/

-

3028

/* TODO(size_t): Convert this function */

-

3029

decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster),

-

3030

PACKET_data(&enc_premaster),

-

3031

rsa_decrypt, rsa, RSA_NO_PADDING);

-

3032

if (decrypt_len < 0) {

decrypt_len < 0	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3033

SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

3034

ERR_R_INTERNAL_ERROR);

-

3035

goto err;

never executed: goto err;

0

3036

}

-

3037

-

3038

/* Check the padding. See RFC 3447, section 7.2.2. */

-

3039

-

3040

/*

-

3041

* The smallest padded premaster is 11 bytes of overhead. Small keys

-

3042

* are publicly invalid, so this may return immediately. This ensures

-

3043

* PS is at least 8 bytes.

-

3044

*/

-

3045

if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {

decrypt_len < 11 + 48	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3046

SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

3047

SSL_R_DECRYPTION_FAILED);

-

3048

goto err;

never executed: goto err;

0

3049

}

-

3050

-

3051

padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;

-

3052

decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &

-

3053

constant_time_eq_int_8(rsa_decrypt[1], 2);

-

3054

for (j = 2; j < padding_len - 1; j++) {

j < padding_len - 1	Description
TRUE	evaluated 29725 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

145-29725

3055

decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);

-

3056

}

executed 29725 times by 1 test: end of block

Executed by:

libssl.so.1.1

29725

3057

decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);

-

3058

-

3059

/*

-

3060

* If the version in the decrypted pre-master secret is correct then

-

3061

* version_good will be 0xff, otherwise it'll be zero. The

-

3062

* Klima-Pokorny-Rosa extension of Bleichenbacher's attack

-

3063

* (http://eprint.iacr.org/2003/052/) exploits the version number

-

3064

* check as a "bad version oracle". Thus version checks are done in

-

3065

* constant time and are treated like any other decryption error.

-

3066

*/

-

3067

version_good =

-

3068

constant_time_eq_8(rsa_decrypt[padding_len],

-

3069

(unsigned)(s->client_version >> 8));

-

3070

version_good &=

-

3071

constant_time_eq_8(rsa_decrypt[padding_len + 1],

-

3072

(unsigned)(s->client_version & 0xff));

-

3073

-

3074

/*

-

3075

* The premaster secret must contain the same version number as the

-

3076

* ClientHello to detect version rollback attacks (strangely, the

-

3077

* protocol does not offer such protection for DH ciphersuites).

-

3078

* However, buggy clients exist that send the negotiated protocol

-

3079

* version instead if the server does not support the requested

-

3080

* protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such

-

3081

* clients.

-

3082

*/

-

3083

if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {

s->options & 0x00800000U	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3084

unsigned char workaround_good;

-

3085

workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],

-

3086

(unsigned)(s->version >> 8));

-

3087

workaround_good &=

-

3088

constant_time_eq_8(rsa_decrypt[padding_len + 1],

-

3089

(unsigned)(s->version & 0xff));

-

3090

version_good |= workaround_good;

-

3091

}

never executed: end of block

0

3092

-

3093

/*

-

3094

* Both decryption and version must be good for decrypt_good to

-

3095

* remain non-zero (0xff).

-

3096

*/

-

3097

decrypt_good &= version_good;

-

3098

-

3099

/*

-

3100

* Now copy rand_premaster_secret over from p using

-

3101

* decrypt_good_mask. If decryption failed, then p does not

-

3102

* contain valid plaintext, however, a check above guarantees

-

3103

* it is still sufficiently large to read from.

-

3104

*/

-

3105

for (j = 0; j < sizeof(rand_premaster_secret); j++) {

j < sizeof(ran...master_secret)	Description
TRUE	evaluated 6960 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

145-6960

3106

rsa_decrypt[padding_len + j] =

-

3107

constant_time_select_8(decrypt_good,

-

3108

rsa_decrypt[padding_len + j],

-

3109

rand_premaster_secret[j]);

-

3110

}

executed 6960 times by 1 test: end of block

Executed by:

libssl.so.1.1

6960

3111

-

3112

if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,

!ssl_generate_...er_secret), 0)	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3113

sizeof(rand_premaster_secret), 0)) {

!ssl_generate_...er_secret), 0)	Description
TRUE	never evaluated
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

0-145

3114

/* SSLfatal() already called */

-

3115

goto err;

never executed: goto err;

0

3116

}

-

3117

-

3118

ret = 1;

-

3119

err:

code before this statement executed 145 times by 1 test: err:

Executed by:

libssl.so.1.1

145

3120

OPENSSL_free(rsa_decrypt);

-

3121

return ret;

executed 145 times by 1 test: return ret;

Executed by:

libssl.so.1.1

145

3122

#else

-

3123

/* Should never happen */

-

3124

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,

-

3125

ERR_R_INTERNAL_ERROR);

-

3126

return 0;

-

3127

#endif

-

3128

}

-

3129

-

3130

static int tls_process_cke_dhe(SSL *s, PACKET *pkt)

-

3131

{

-

3132

#ifndef OPENSSL_NO_DH

-

3133

EVP_PKEY *skey = NULL;

-

3134

DH *cdh;

-

3135

unsigned int i;

-

3136

BIGNUM *pub_key;

-

3137

const unsigned char *data;

-

3138

EVP_PKEY *ckey = NULL;

-

3139

int ret = 0;

-

3140

-

3141

if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {

!PACKET_get_net_2(pkt, &i)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

PACKET_remaining(pkt) != i	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3142

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,

-

3143

SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);

-

3144

goto err;

never executed: goto err;

0

3145

}

-

3146

skey = s->s3->tmp.pkey;

-

3147

if (skey == NULL) {

skey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3148

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,

-

3149

SSL_R_MISSING_TMP_DH_KEY);

-

3150

goto err;

never executed: goto err;

0

3151

}

-

3152

-

3153

if (PACKET_remaining(pkt) == 0L) {

PACKET_remaining(pkt) == 0L	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3154

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,

-

3155

SSL_R_MISSING_TMP_DH_KEY);

-

3156

goto err;

never executed: goto err;

0

3157

}

-

3158

if (!PACKET_get_bytes(pkt, &data, i)) {

!PACKET_get_by...pkt, &data, i)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3159

/* We already checked we have enough data */

-

3160

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,

-

3161

ERR_R_INTERNAL_ERROR);

-

3162

goto err;

never executed: goto err;

0

3163

}

-

3164

ckey = EVP_PKEY_new();

-

3165

if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {

ckey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

EVP_PKEY_copy_...ey, skey) == 0	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3166

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,

-

3167

SSL_R_BN_LIB);

-

3168

goto err;

never executed: goto err;

0

3169

}

-

3170

-

3171

cdh = EVP_PKEY_get0_DH(ckey);

-

3172

pub_key = BN_bin2bn(data, i, NULL);

-

3173

if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {

pub_key == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

cdh == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

!DH_set0_key(c... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3174

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,

-

3175

ERR_R_INTERNAL_ERROR);

-

3176

BN_free(pub_key);

-

3177

goto err;

never executed: goto err;

0

3178

}

-

3179

-

3180

if (ssl_derive(s, skey, ckey, 1) == 0) {

ssl_derive(s, ... ckey, 1) == 0	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3181

/* SSLfatal() already called */

-

3182

goto err;

never executed: goto err;

0

3183

}

-

3184

-

3185

ret = 1;

-

3186

EVP_PKEY_free(s->s3->tmp.pkey);

-

3187

s->s3->tmp.pkey = NULL;

-

3188

err:

code before this statement executed 59 times by 1 test: err:

Executed by:

libssl.so.1.1

59

3189

EVP_PKEY_free(ckey);

-

3190

return ret;

executed 59 times by 1 test: return ret;

Executed by:

libssl.so.1.1

59

3191

#else

-

3192

/* Should never happen */

-

3193

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,

-

3194

ERR_R_INTERNAL_ERROR);

-

3195

return 0;

-

3196

#endif

-

3197

}

-

3198

-

3199

static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)

-

3200

{

-

3201

#ifndef OPENSSL_NO_EC

-

3202

EVP_PKEY *skey = s->s3->tmp.pkey;

-

3203

EVP_PKEY *ckey = NULL;

-

3204

int ret = 0;

-

3205

-

3206

if (PACKET_remaining(pkt) == 0L) {

PACKET_remaining(pkt) == 0L	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1005 times by 1 test Evaluated by: libssl.so.1.1

1-1005

3207

/* We don't support ECDH client auth */

-

3208

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_CKE_ECDHE,

-

3209

SSL_R_MISSING_TMP_ECDH_KEY);

-

3210

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1

3211

} else {

-

3212

unsigned int i;

-

3213

const unsigned char *data;

-

3214

-

3215

/*

-

3216

* Get client's public key from encoded point in the

-

3217

* ClientKeyExchange message.

-

3218

*/

-

3219

-

3220

/* Get encoded point length */

-

3221

if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)

!PACKET_get_1(pkt, &i)	Description
TRUE	never evaluated
FALSE	evaluated 1005 times by 1 test Evaluated by: libssl.so.1.1

!PACKET_get_by...pkt, &data, i)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1004 times by 1 test Evaluated by: libssl.so.1.1

0-1005

3222

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1003 times by 1 test Evaluated by: libssl.so.1.1

1-1003

3223

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,

-

3224

SSL_R_LENGTH_MISMATCH);

-

3225

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2

3226

}

-

3227

ckey = EVP_PKEY_new();

-

3228

if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {

ckey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1003 times by 1 test Evaluated by: libssl.so.1.1

EVP_PKEY_copy_...ey, skey) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 1003 times by 1 test Evaluated by: libssl.so.1.1

0-1003

3229

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,

-

3230

ERR_R_EVP_LIB);

-

3231

goto err;

never executed: goto err;

0

3232

}

-

3233

if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {

EVP_PKEY_set1_... data, i) == 0	Description
TRUE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 956 times by 1 test Evaluated by: libssl.so.1.1

47-956

3234

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,

-

3235

ERR_R_EC_LIB);

-

3236

goto err;

executed 47 times by 1 test: goto err;

Executed by:

libssl.so.1.1

47

3237

}

-

3238

}

executed 956 times by 1 test: end of block

Executed by:

libssl.so.1.1

956

3239

-

3240

if (ssl_derive(s, skey, ckey, 1) == 0) {

ssl_derive(s, ... ckey, 1) == 0	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 948 times by 1 test Evaluated by: libssl.so.1.1

8-948

3241

/* SSLfatal() already called */

-

3242

goto err;

executed 8 times by 1 test: goto err;

Executed by:

libssl.so.1.1

8

3243

}

-

3244

-

3245

ret = 1;

-

3246

EVP_PKEY_free(s->s3->tmp.pkey);

-

3247

s->s3->tmp.pkey = NULL;

-

3248

err:

code before this statement executed 948 times by 1 test: err:

Executed by:

libssl.so.1.1

948

3249

EVP_PKEY_free(ckey);

-

3250

-

3251

return ret;

executed 1006 times by 1 test: return ret;

Executed by:

libssl.so.1.1

1006

3252

#else

-

3253

/* Should never happen */

-

3254

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,

-

3255

ERR_R_INTERNAL_ERROR);

-

3256

return 0;

-

3257

#endif

-

3258

}

-

3259

-

3260

static int tls_process_cke_srp(SSL *s, PACKET *pkt)

-

3261

{

-

3262

#ifndef OPENSSL_NO_SRP

-

3263

unsigned int i;

-

3264

const unsigned char *data;

-

3265

-

3266

if (!PACKET_get_net_2(pkt, &i)

!PACKET_get_net_2(pkt, &i)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3267

|| !PACKET_get_bytes(pkt, &data, i)) {

!PACKET_get_by...pkt, &data, i)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3268

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,

-

3269

SSL_R_BAD_SRP_A_LENGTH);

-

3270

return 0;

never executed: return 0;

0

3271

}

-

3272

if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {

(s->srp_ctx.A ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3273

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,

-

3274

ERR_R_BN_LIB);

-

3275

return 0;

never executed: return 0;

0

3276

}

-

3277

if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {

BN_ucmp(s->srp...rp_ctx.N) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

BN_is_zero(s->srp_ctx.A)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3278

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CKE_SRP,

-

3279

SSL_R_BAD_SRP_PARAMETERS);

-

3280

return 0;

never executed: return 0;

0

3281

}

-

3282

OPENSSL_free(s->session->srp_username);

-

3283

s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);

-

3284

if (s->session->srp_username == NULL) {

s->session->sr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3285

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,

-

3286

ERR_R_MALLOC_FAILURE);

-

3287

return 0;

never executed: return 0;

0

3288

}

-

3289

-

3290

if (!srp_generate_server_master_secret(s)) {

!srp_generate_...ster_secret(s)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3291

/* SSLfatal() already called */

-

3292

return 0;

never executed: return 0;

0

3293

}

-

3294

-

3295

return 1;

executed 10 times by 1 test: return 1;

Executed by:

libssl.so.1.1

10

3296

#else

-

3297

/* Should never happen */

-

3298

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,

-

3299

ERR_R_INTERNAL_ERROR);

-

3300

return 0;

-

3301

#endif

-

3302

}

-

3303

-

3304

static int tls_process_cke_gost(SSL *s, PACKET *pkt)

-

3305

{

-

3306

#ifndef OPENSSL_NO_GOST

-

3307

EVP_PKEY_CTX *pkey_ctx;

-

3308

EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;

-

3309

unsigned char premaster_secret[32];

-

3310

const unsigned char *start;

-

3311

size_t outlen = 32, inlen;

-

3312

unsigned long alg_a;

-

3313

unsigned int asn1id, asn1len;

-

3314

int ret = 0;

-

3315

PACKET encdata;

-

3316

-

3317

/* Get our certificate private key */

-

3318

alg_a = s->s3->tmp.new_cipher->algorithm_auth;

-

3319

if (alg_a & SSL_aGOST12) {

alg_a & 0x00000080U	Description
TRUE	never evaluated
FALSE	never evaluated

0

3320

/*

-

3321

* New GOST ciphersuites have SSL_aGOST01 bit too

-

3322

*/

-

3323

pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;

-

3324

if (pk == NULL) {

pk == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3325

pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;

-

3326

}

never executed: end of block

0

3327

if (pk == NULL) {

pk == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3328

pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;

-

3329

}

never executed: end of block

0

3330

} else if (alg_a & SSL_aGOST01) {

never executed: end of block

alg_a & 0x00000020U	Description
TRUE	never evaluated
FALSE	never evaluated

0

3331

pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;

-

3332

}

never executed: end of block

0

3333

-

3334

pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);

-

3335

if (pkey_ctx == NULL) {

pkey_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3336

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3337

ERR_R_MALLOC_FAILURE);

-

3338

return 0;

never executed: return 0;

0

3339

}

-

3340

if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {

EVP_PKEY_decry...pkey_ctx) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

3341

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3342

ERR_R_INTERNAL_ERROR);

-

3343

return 0;

never executed: return 0;

0

3344

}

-

3345

/*

-

3346

* If client certificate is present and is of the same type, maybe

-

3347

* use it for key exchange. Don't mind errors from

-

3348

* EVP_PKEY_derive_set_peer, because it is completely valid to use a

-

3349

* client certificate for authorization only.

-

3350

*/

-

3351

client_pub_pkey = X509_get0_pubkey(s->session->peer);

-

3352

if (client_pub_pkey) {

client_pub_pkey	Description
TRUE	never evaluated
FALSE	never evaluated

0

3353

if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)

EVP_PKEY_deriv...pub_pkey) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

3354

ERR_clear_error();

never executed: ERR_clear_error();

0

3355

}

never executed: end of block

0

3356

/* Decrypt session key */

-

3357

if (!PACKET_get_1(pkt, &asn1id)

!PACKET_get_1(pkt, &asn1id)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3358

|| asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)

asn1id != (16 \| 0x20)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3359

|| !PACKET_peek_1(pkt, &asn1len)) {

!PACKET_peek_1(pkt, &asn1len)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3360

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3361

SSL_R_DECRYPTION_FAILED);

-

3362

goto err;

never executed: goto err;

0

3363

}

-

3364

if (asn1len == 0x81) {

asn1len == 0x81	Description
TRUE	never evaluated
FALSE	never evaluated

0

3365

/*

-

3366

* Long form length. Should only be one byte of length. Anything else

-

3367

* isn't supported.

-

3368

* We did a successful peek before so this shouldn't fail

-

3369

*/

-

3370

if (!PACKET_forward(pkt, 1)) {

!PACKET_forward(pkt, 1)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3371

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3372

SSL_R_DECRYPTION_FAILED);

-

3373

goto err;

never executed: goto err;

0

3374

}

-

3375

} else if (asn1len >= 0x80) {

never executed: end of block

asn1len >= 0x80	Description
TRUE	never evaluated
FALSE	never evaluated

0

3376

/*

-

3377

* Indefinite length, or more than one long form length bytes. We don't

-

3378

* support it

-

3379

*/

-

3380

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3381

SSL_R_DECRYPTION_FAILED);

-

3382

goto err;

never executed: goto err;

0

3383

} /* else short form length */

-

3384

-

3385

if (!PACKET_as_length_prefixed_1(pkt, &encdata)) {

!PACKET_as_len...pkt, &encdata)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3386

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3387

SSL_R_DECRYPTION_FAILED);

-

3388

goto err;

never executed: goto err;

0

3389

}

-

3390

inlen = PACKET_remaining(&encdata);

-

3391

start = PACKET_data(&encdata);

-

3392

-

3393

if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,

EVP_PKEY_decry...t, inlen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

3394

inlen) <= 0) {

EVP_PKEY_decry...t, inlen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

3395

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3396

SSL_R_DECRYPTION_FAILED);

-

3397

goto err;

never executed: goto err;

0

3398

}

-

3399

/* Generate master secret */

-

3400

if (!ssl_generate_master_secret(s, premaster_secret,

!ssl_generate_...er_secret), 0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3401

sizeof(premaster_secret), 0)) {

!ssl_generate_...er_secret), 0)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3402

/* SSLfatal() already called */

-

3403

goto err;

never executed: goto err;

0

3404

}

-

3405

/* Check if pubkey from client certificate was used */

-

3406

if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,

EVP_PKEY_CTX_c...oid *)0) ) > 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

3407

NULL) > 0)

EVP_PKEY_CTX_c...oid *)0) ) > 0	Description
TRUE	never evaluated
FALSE	never evaluated

0

3408

s->statem.no_cert_verify = 1;

never executed: s->statem.no_cert_verify = 1;

0

3409

-

3410

ret = 1;

-

3411

err:

code before this statement never executed: err:

0

3412

EVP_PKEY_CTX_free(pkey_ctx);

-

3413

return ret;

never executed: return ret;

0

3414

#else

-

3415

/* Should never happen */

-

3416

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,

-

3417

ERR_R_INTERNAL_ERROR);

-

3418

return 0;

-

3419

#endif

-

3420

}

-

3421

-

3422

MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)

-

3423

{

-

3424

unsigned long alg_k;

-

3425

-

3426

alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

-

3427

-

3428

/* For PSK parse and retrieve identity, obtain PSK key */

-

3429

if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) {

(alg_k & (0x00... 0x00000100U))	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1221 times by 1 test Evaluated by: libssl.so.1.1

!tls_process_c...eamble(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-1221

3430

/* SSLfatal() already called */

-

3431

goto err;

never executed: goto err;

0

3432

}

-

3433

-

3434

if (alg_k & SSL_kPSK) {

alg_k & 0x00000008U	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1223 times by 1 test Evaluated by: libssl.so.1.1

27-1223

3435

/* Identity extracted earlier: should be nothing left */

-

3436

if (PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

3437

SSLfatal(s, SSL_AD_DECODE_ERROR,

-

3438

SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,

-

3439

SSL_R_LENGTH_MISMATCH);

-

3440

goto err;

never executed: goto err;

0

3441

}

-

3442

/* PSK handled by ssl_generate_master_secret */

-

3443

if (!ssl_generate_master_secret(s, NULL, 0, 0)) {

!ssl_generate_...d *)0) , 0, 0)	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

3444

/* SSLfatal() already called */

-

3445

goto err;

never executed: goto err;

0

3446

}

-

3447

} else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {

executed 27 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & (0x000...\| 0x00000040U)	Description
TRUE	evaluated 148 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1075 times by 1 test Evaluated by: libssl.so.1.1

27-1075

3448

if (!tls_process_cke_rsa(s, pkt)) {

!tls_process_cke_rsa(s, pkt)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 145 times by 1 test Evaluated by: libssl.so.1.1

3-145

3449

/* SSLfatal() already called */

-

3450

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3

3451

}

-

3452

} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {

executed 145 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & (0x000...\| 0x00000100U)	Description
TRUE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1016 times by 1 test Evaluated by: libssl.so.1.1

59-1016

3453

if (!tls_process_cke_dhe(s, pkt)) {

!tls_process_cke_dhe(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

0-59

3454

/* SSLfatal() already called */

-

3455

goto err;

never executed: goto err;

0

3456

}

-

3457

} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {

executed 59 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & (0x000...\| 0x00000080U)	Description
TRUE	evaluated 1006 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

10-1006

3458

if (!tls_process_cke_ecdhe(s, pkt)) {

!tls_process_cke_ecdhe(s, pkt)	Description
TRUE	evaluated 58 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 948 times by 1 test Evaluated by: libssl.so.1.1

58-948

3459

/* SSLfatal() already called */

-

3460

goto err;

executed 58 times by 1 test: goto err;

Executed by:

libssl.so.1.1

58

3461

}

-

3462

} else if (alg_k & SSL_kSRP) {

executed 948 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & 0x00000020U	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-948

3463

if (!tls_process_cke_srp(s, pkt)) {

!tls_process_cke_srp(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3464

/* SSLfatal() already called */

-

3465

goto err;

never executed: goto err;

0

3466

}

-

3467

} else if (alg_k & SSL_kGOST) {

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & 0x00000010U	Description
TRUE	never evaluated
FALSE	never evaluated

0-10

3468

if (!tls_process_cke_gost(s, pkt)) {

!tls_process_cke_gost(s, pkt)	Description
TRUE	never evaluated
FALSE	never evaluated

0

3469

/* SSLfatal() already called */

-

3470

goto err;

never executed: goto err;

0

3471

}

-

3472

} else {

never executed: end of block

0

3473

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3474

SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,

-

3475

SSL_R_UNKNOWN_CIPHER_TYPE);

-

3476

goto err;

never executed: goto err;

0

3477

}

-

3478

-

3479

return MSG_PROCESS_CONTINUE_PROCESSING;

executed 1189 times by 1 test: return MSG_PROCESS_CONTINUE_PROCESSING;

Executed by:

libssl.so.1.1

1189

3480

err:

-

3481

#ifndef OPENSSL_NO_PSK

-

3482

OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);

-

3483

s->s3->tmp.psk = NULL;

-

3484

#endif

-

3485

return MSG_PROCESS_ERROR;

executed 61 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

61

3486

}

-

3487

-

3488

WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)

-

3489

{

-

3490

#ifndef OPENSSL_NO_SCTP

-

3491

if (wst == WORK_MORE_A) {

-

3492

if (SSL_IS_DTLS(s)) {

-

3493

unsigned char sctpauthkey[64];

-

3494

char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];

-

3495

/*

-

3496

* Add new shared key for SCTP-Auth, will be ignored if no SCTP

-

3497

* used.

-

3498

*/

-

3499

memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,

-

3500

sizeof(DTLS1_SCTP_AUTH_LABEL));

-

3501

-

3502

if (SSL_export_keying_material(s, sctpauthkey,

-

3503

sizeof(sctpauthkey), labelbuffer,

-

3504

sizeof(labelbuffer), NULL, 0,

-

3505

0) <= 0) {

-

3506

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3507

SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,

-

3508

ERR_R_INTERNAL_ERROR);

-

3509

return WORK_ERROR;

-

3510

}

-

3511

-

3512

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,

-

3513

sizeof(sctpauthkey), sctpauthkey);

-

3514

}

-

3515

}

-

3516

#endif

-

3517

-

3518

if (s->statem.no_cert_verify || !s->session->peer) {

s->statem.no_cert_verify	Description
TRUE	never evaluated
FALSE	evaluated 1189 times by 1 test Evaluated by: libssl.so.1.1

!s->session->peer	Description
TRUE	evaluated 1169 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-1189

3519

/*

-

3520

* No certificate verify or no peer certificate so we no longer need

-

3521

* the handshake_buffer

-

3522

*/

-

3523

if (!ssl3_digest_cached_records(s, 0)) {

!ssl3_digest_c..._records(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 1169 times by 1 test Evaluated by: libssl.so.1.1

0-1169

3524

/* SSLfatal() already called */

-

3525

return WORK_ERROR;

never executed: return WORK_ERROR;

0

3526

}

-

3527

return WORK_FINISHED_CONTINUE;

executed 1169 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

1169

3528

} else {

-

3529

if (!s->s3->handshake_buffer) {

!s->s3->handshake_buffer	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

3530

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3531

SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,

-

3532

ERR_R_INTERNAL_ERROR);

-

3533

return WORK_ERROR;

never executed: return WORK_ERROR;

0

3534

}

-

3535

/*

-

3536

* For sigalgs freeze the handshake buffer. If we support

-

3537

* extms we've done this already so this is a no-op

-

3538

*/

-

3539

if (!ssl3_digest_cached_records(s, 1)) {

!ssl3_digest_c..._records(s, 1)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

3540

/* SSLfatal() already called */

-

3541

return WORK_ERROR;

never executed: return WORK_ERROR;

0

3542

}

-

3543

}

executed 20 times by 1 test: end of block

Executed by:

libssl.so.1.1

20

3544

-

3545

return WORK_FINISHED_CONTINUE;

executed 20 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

20

3546

}

-

3547

-

3548

MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)

-

3549

{

-

3550

int i;

-

3551

MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;

-

3552

X509 *x = NULL;

-

3553

unsigned long l;

-

3554

const unsigned char *certstart, *certbytes;

-

3555

STACK_OF(X509) *sk = NULL;

-

3556

PACKET spkt, context;

-

3557

size_t chainidx;

-

3558

SSL_SESSION *new_sess = NULL;

-

3559

-

3560

/*

-

3561

* To get this far we must have read encrypted data from the client. We no

-

3562

* longer tolerate unencrypted alerts. This value is ignored if less than

-

3563

* TLSv1.3

-

3564

*/

-

3565

s->statem.enc_read_state = ENC_READ_STATE_VALID;

-

3566

-

3567

if ((sk = sk_X509_new_null()) == NULL) {

(sk = sk_X509_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 77 times by 1 test Evaluated by: libssl.so.1.1

0-77

3568

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3569

ERR_R_MALLOC_FAILURE);

-

3570

goto err;

never executed: goto err;

0

3571

}

-

3572

-

3573

if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 64 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!PACKET_get_le...pkt, &context)	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: libssl.so.1.1

0-64

3574

|| (s->pha_context == NULL && PACKET_remaining(&context) != 0)

s->pha_context == ((void *)0)	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

PACKET_remaini...&context) != 0	Description
TRUE	never evaluated
FALSE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1

0-23

3575

|| (s->pha_context != NULL &&

s->pha_context != ((void *)0)	Description
TRUE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1

19-23

3576

!PACKET_equal(&context, s->pha_context, s->pha_context_len)))) {

!PACKET_equal(...a_context_len)	Description
TRUE	never evaluated
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

0-23

3577

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3578

SSL_R_INVALID_CONTEXT);

-

3579

goto err;

never executed: goto err;

0

3580

}

-

3581

-

3582

if (!PACKET_get_length_prefixed_3(pkt, &spkt)

!PACKET_get_le..._3(pkt, &spkt)	Description
TRUE	never evaluated
FALSE	evaluated 77 times by 1 test Evaluated by: libssl.so.1.1

0-77

3583

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	never evaluated
FALSE	evaluated 77 times by 1 test Evaluated by: libssl.so.1.1

0-77

3584

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3585

SSL_R_LENGTH_MISMATCH);

-

3586

goto err;

never executed: goto err;

0

3587

}

-

3588

-

3589

for (chainidx = 0; PACKET_remaining(&spkt) > 0; chainidx++) {

PACKET_remaining(&spkt) > 0	Description
TRUE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 77 times by 1 test Evaluated by: libssl.so.1.1

77-81

3590

if (!PACKET_get_net_3(&spkt, &l)

!PACKET_get_net_3(&spkt, &l)	Description
TRUE	never evaluated
FALSE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1

0-81

3591

|| !PACKET_get_bytes(&spkt, &certbytes, l)) {

!PACKET_get_by...&certbytes, l)	Description
TRUE	never evaluated
FALSE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1

0-81

3592

SSLfatal(s, SSL_AD_DECODE_ERROR,

-

3593

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3594

SSL_R_CERT_LENGTH_MISMATCH);

-

3595

goto err;

never executed: goto err;

0

3596

}

-

3597

-

3598

certstart = certbytes;

-

3599

x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);

-

3600

if (x == NULL) {

x == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1

0-81

3601

SSLfatal(s, SSL_AD_DECODE_ERROR,

-

3602

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);

-

3603

goto err;

never executed: goto err;

0

3604

}

-

3605

if (certbytes != (certstart + l)) {

certbytes != (certstart + l)	Description
TRUE	never evaluated
FALSE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1

0-81

3606

SSLfatal(s, SSL_AD_DECODE_ERROR,

-

3607

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3608

SSL_R_CERT_LENGTH_MISMATCH);

-

3609

goto err;

never executed: goto err;

0

3610

}

-

3611

-

3612

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 63 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-63

3613

RAW_EXTENSION *rawexts = NULL;

-

3614

PACKET extensions;

-

3615

-

3616

if (!PACKET_get_length_prefixed_2(&spkt, &extensions)) {

!PACKET_get_le..., &extensions)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3617

SSLfatal(s, SSL_AD_DECODE_ERROR,

-

3618

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3619

SSL_R_BAD_LENGTH);

-

3620

goto err;

never executed: goto err;

0

3621

}

-

3622

if (!tls_collect_extensions(s, &extensions,

!tls_collect_e...chainidx == 0)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3623

SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,

!tls_collect_e...chainidx == 0)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3624

NULL, chainidx == 0)

!tls_collect_e...chainidx == 0)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3625

|| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,

!tls_parse_all...g(&spkt) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3626

rawexts, x, chainidx,

!tls_parse_all...g(&spkt) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3627

PACKET_remaining(&spkt) == 0)) {

!tls_parse_all...g(&spkt) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3628

OPENSSL_free(rawexts);

-

3629

goto err;

never executed: goto err;

0

3630

}

-

3631

OPENSSL_free(rawexts);

-

3632

}

executed 34 times by 1 test: end of block

Executed by:

libssl.so.1.1

34

3633

-

3634

if (!sk_X509_push(sk, x)) {

!sk_X509_push(sk, x)	Description
TRUE	never evaluated
FALSE	evaluated 81 times by 1 test Evaluated by: libssl.so.1.1

0-81

3635

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3636

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3637

ERR_R_MALLOC_FAILURE);

-

3638

goto err;

never executed: goto err;

0

3639

}

-

3640

x = NULL;

-

3641

}

executed 81 times by 1 test: end of block

Executed by:

libssl.so.1.1

81

3642

-

3643

if (sk_X509_num(sk) <= 0) {

sk_X509_num(sk) <= 0	Description
TRUE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

34-43

3644

/* TLS does not mind 0 certs returned */

-

3645

if (s->version == SSL3_VERSION) {

s->version == 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1

0-34

3646

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

3647

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3648

SSL_R_NO_CERTIFICATES_RETURNED);

-

3649

goto err;

never executed: goto err;

0

3650

}

-

3651

/* Fail for TLS only if we required a certificate */

-

3652

else if ((s->verify_mode & SSL_VERIFY_PEER) &&

(s->verify_mode & 0x01)	Description
TRUE	evaluated 34 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-34

3653

(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {

(s->verify_mode & 0x02)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

7-27

3654

SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED,

-

3655

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3656

SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);

-

3657

goto err;

executed 7 times by 1 test: goto err;

Executed by:

libssl.so.1.1

7

3658

}

-

3659

/* No client certificate so digest cached records */

-

3660

if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) {

s->s3->handshake_buffer	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

!ssl3_digest_c..._records(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-22

3661

/* SSLfatal() already called */

-

3662

goto err;

never executed: goto err;

0

3663

}

-

3664

} else {

executed 27 times by 1 test: end of block

Executed by:

libssl.so.1.1

27

3665

EVP_PKEY *pkey;

-

3666

i = ssl_verify_cert_chain(s, sk);

-

3667

if (i <= 0) {

i <= 0	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

8-35

3668

SSLfatal(s, ssl_x509err2alert(s->verify_result),

-

3669

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3670

SSL_R_CERTIFICATE_VERIFY_FAILED);

-

3671

goto err;

executed 8 times by 1 test: goto err;

Executed by:

libssl.so.1.1

8

3672

}

-

3673

if (i > 1) {

i > 1	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

3674

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

3675

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i);

-

3676

goto err;

never executed: goto err;

0

3677

}

-

3678

pkey = X509_get0_pubkey(sk_X509_value(sk, 0));

-

3679

if (pkey == NULL) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1

0-35

3680

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,

-

3681

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3682

SSL_R_UNKNOWN_CERTIFICATE_TYPE);

-

3683

goto err;

never executed: goto err;

0

3684

}

-

3685

}

executed 35 times by 1 test: end of block

Executed by:

libssl.so.1.1

35

3686

-

3687

/*

-

3688

* Sessions must be immutable once they go into the session cache. Otherwise

-

3689

* we can get multi-thread problems. Therefore we don't "update" sessions,

-

3690

* we replace them with a duplicate. Here, we need to do this every time

-

3691

* a new certificate is received via post-handshake authentication, as the

-

3692

* session may have already gone into the session cache.

-

3693

*/

-

3694

-

3695

if (s->post_handshake_auth == SSL_PHA_REQUESTED) {

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

22-40

3696

if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {

(new_sess = ss...sion, 0)) == 0	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

3697

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3698

SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,

-

3699

ERR_R_MALLOC_FAILURE);

-

3700

goto err;

never executed: goto err;

0

3701

}

-

3702

-

3703

SSL_SESSION_free(s->session);

-

3704

s->session = new_sess;

-

3705

}

executed 22 times by 1 test: end of block

Executed by:

libssl.so.1.1

22

3706

-

3707

X509_free(s->session->peer);

-

3708

s->session->peer = sk_X509_shift(sk);

-

3709

s->session->verify_result = s->verify_result;

-

3710

-

3711

sk_X509_pop_free(s->session->peer_chain, X509_free);

-

3712

s->session->peer_chain = sk;

-

3713

-

3714

/*

-

3715

* Freeze the handshake buffer. For <TLS1.3 we do this after the CKE

-

3716

* message

-

3717

*/

-

3718

if (SSL_IS_TLS13(s) && !ssl3_digest_cached_records(s, 1)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!ssl3_digest_c..._records(s, 1)	Description
TRUE	never evaluated
FALSE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1

0-53

3719

/* SSLfatal() already called */

-

3720

goto err;

never executed: goto err;

0

3721

}

-

3722

-

3723

/*

-

3724

* Inconsistency alert: cert_chain does *not* include the peer's own

-

3725

* certificate, while we do include it in statem_clnt.c

-

3726

*/

-

3727

sk = NULL;

-

3728

-

3729

/* Save the current hash state for when we receive the CertificateVerify */

-

3730

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-53

3731

if (!ssl_handshake_hash(s, s->cert_verify_hash,

!ssl_handshake...rify_hash_len)	Description
TRUE	never evaluated
FALSE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1

0-37

3732

sizeof(s->cert_verify_hash),

!ssl_handshake...rify_hash_len)	Description
TRUE	never evaluated
FALSE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1

0-37

3733

&s->cert_verify_hash_len)) {

!ssl_handshake...rify_hash_len)	Description
TRUE	never evaluated
FALSE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1

0-37

3734

/* SSLfatal() already called */

-

3735

goto err;

never executed: goto err;

0

3736

}

-

3737

-

3738

/* Resend session tickets */

-

3739

s->sent_tickets = 0;

-

3740

}

executed 37 times by 1 test: end of block

Executed by:

libssl.so.1.1

37

3741

-

3742

ret = MSG_PROCESS_CONTINUE_READING;

-

3743

-

3744

err:

code before this statement executed 62 times by 1 test: err:

Executed by:

libssl.so.1.1

62

3745

X509_free(x);

-

3746

sk_X509_pop_free(sk, X509_free);

-

3747

return ret;

executed 77 times by 1 test: return ret;

Executed by:

libssl.so.1.1

77

3748

}

-

3749

-

3750

int tls_construct_server_certificate(SSL *s, WPACKET *pkt)

-

3751

{

-

3752

CERT_PKEY *cpk = s->s3->tmp.cert;

-

3753

-

3754

if (cpk == NULL) {

cpk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2099 times by 1 test Evaluated by: libssl.so.1.1

0-2099

3755

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3756

SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);

-

3757

return 0;

never executed: return 0;

0

3758

}

-

3759

-

3760

/*

-

3761

* In TLSv1.3 the certificate chain is always preceded by a 0 length context

-

3762

* for the server Certificate message

-

3763

*/

-

3764

if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1956 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 143 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 740 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1216 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 740 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!WPACKET_put_b...(pkt), (0), 1)	Description
TRUE	never evaluated
FALSE	evaluated 740 times by 1 test Evaluated by: libssl.so.1.1

0-1956

3765

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3766

SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);

-

3767

return 0;

never executed: return 0;

0

3768

}

-

3769

if (!ssl3_output_cert_chain(s, pkt, cpk)) {

!ssl3_output_c...n(s, pkt, cpk)	Description
TRUE	never evaluated
FALSE	evaluated 2099 times by 1 test Evaluated by: libssl.so.1.1

0-2099

3770

/* SSLfatal() already called */

-

3771

return 0;

never executed: return 0;

0

3772

}

-

3773

-

3774

return 1;

executed 2099 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2099

3775

}

-

3776

-

3777

static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,

-

3778

unsigned char *tick_nonce)

-

3779

{

-

3780

/*

-

3781

* Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this

-

3782

* unspecified for resumed session (for simplicity).

-

3783

* In TLSv1.3 we reset the "time" field above, and always specify the

-

3784

* timeout.

-

3785

*/

-

3786

if (!WPACKET_put_bytes_u32(pkt,

!WPACKET_put_b...->timeout), 4)	Description
TRUE	never evaluated
FALSE	evaluated 1926 times by 1 test Evaluated by: libssl.so.1.1

0-1926

3787

(s->hit && !SSL_IS_TLS13(s))

-

3788

? 0 : s->session->timeout)) {

-

3789

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,

-

3790

ERR_R_INTERNAL_ERROR);

-

3791

return 0;

never executed: return 0;

0

3792

}

-

3793

-

3794

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1782 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 749 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1782

3795

if (!WPACKET_put_bytes_u32(pkt, age_add)

!WPACKET_put_b... (age_add), 4)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

3796

|| !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) {

!WPACKET_sub_m...once), (8), 1)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

3797

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,

-

3798

ERR_R_INTERNAL_ERROR);

-

3799

return 0;

never executed: return 0;

0

3800

}

-

3801

}

executed 1033 times by 1 test: end of block

Executed by:

libssl.so.1.1

1033

3802

-

3803

/* Start the sub-packet for the actual ticket data */

-

3804

if (!WPACKET_start_sub_packet_u16(pkt)) {

!WPACKET_start...en__((pkt), 2)	Description
TRUE	never evaluated
FALSE	evaluated 1926 times by 1 test Evaluated by: libssl.so.1.1

0-1926

3805

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,

-

3806

ERR_R_INTERNAL_ERROR);

-

3807

return 0;

never executed: return 0;

0

3808

}

-

3809

-

3810

return 1;

executed 1926 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1926

3811

}

-

3812

-

3813

static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,

-

3814

unsigned char *tick_nonce)

-

3815

{

-

3816

unsigned char *senc = NULL;

-

3817

EVP_CIPHER_CTX *ctx = NULL;

-

3818

HMAC_CTX *hctx = NULL;

-

3819

unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2;

-

3820

const unsigned char *const_p;

-

3821

int len, slen_full, slen, lenfinal;

-

3822

SSL_SESSION *sess;

-

3823

unsigned int hlen;

-

3824

SSL_CTX *tctx = s->session_ctx;

-

3825

unsigned char iv[EVP_MAX_IV_LENGTH];

-

3826

unsigned char key_name[TLSEXT_KEYNAME_LENGTH];

-

3827

int iv_len, ok = 0;

-

3828

size_t macoffset, macendoffset;

-

3829

-

3830

/* get session encoding length */

-

3831

slen_full = i2d_SSL_SESSION(s->session, NULL);

-

3832

/*

-

3833

* Some length values are 16 bits, so forget it if session is too

-

3834

* long

-

3835

*/

-

3836

if (slen_full == 0 || slen_full > 0xFF00) {

slen_full == 0	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

slen_full > 0xFF00	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

3837

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3838

ERR_R_INTERNAL_ERROR);

-

3839

goto err;

never executed: goto err;

0

3840

}

-

3841

senc = OPENSSL_malloc(slen_full);

-

3842

if (senc == NULL) {

senc == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

3843

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3844

SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_MALLOC_FAILURE);

-

3845

goto err;

never executed: goto err;

0

3846

}

-

3847

-

3848

ctx = EVP_CIPHER_CTX_new();

-

3849

hctx = HMAC_CTX_new();

-

3850

if (ctx == NULL || hctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

hctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

3851

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3852

ERR_R_MALLOC_FAILURE);

-

3853

goto err;

never executed: goto err;

0

3854

}

-

3855

-

3856

p = senc;

-

3857

if (!i2d_SSL_SESSION(s->session, &p)) {

!i2d_SSL_SESSI...->session, &p)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

3858

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3859

ERR_R_INTERNAL_ERROR);

-

3860

goto err;

never executed: goto err;

0

3861

}

-

3862

-

3863

/*

-

3864

* create a fresh copy (not shared with other threads) to clean up

-

3865

*/

-

3866

const_p = senc;

-

3867

sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);

-

3868

if (sess == NULL) {

sess == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

3869

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3870

ERR_R_INTERNAL_ERROR);

-

3871

goto err;

never executed: goto err;

0

3872

}

-

3873

-

3874

slen = i2d_SSL_SESSION(sess, NULL);

-

3875

if (slen == 0 || slen > slen_full) {

slen == 0	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

slen > slen_full	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

3876

/* shouldn't ever happen */

-

3877

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3878

ERR_R_INTERNAL_ERROR);

-

3879

SSL_SESSION_free(sess);

-

3880

goto err;

never executed: goto err;

0

3881

}

-

3882

p = senc;

-

3883

if (!i2d_SSL_SESSION(sess, &p)) {

!i2d_SSL_SESSION(sess, &p)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

3884

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3885

ERR_R_INTERNAL_ERROR);

-

3886

SSL_SESSION_free(sess);

-

3887

goto err;

never executed: goto err;

0

3888

}

-

3889

SSL_SESSION_free(sess);

-

3890

-

3891

/*

-

3892

* Initialize HMAC and cipher contexts. If callback present it does

-

3893

* all the work otherwise use generated values from parent ctx.

-

3894

*/

-

3895

if (tctx->ext.ticket_key_cb) {

tctx->ext.ticket_key_cb	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1

9-1742

3896

/* if 0 is returned, write an empty ticket */

-

3897

int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,

-

3898

hctx, 1);

-

3899

-

3900

if (ret == 0) {

ret == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

1-8

3901

-

3902

/* Put timeout and length */

-

3903

if (!WPACKET_put_bytes_u32(pkt, 0)

!WPACKET_put_b...(pkt), (0), 4)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

3904

|| !WPACKET_put_bytes_u16(pkt, 0)) {

!WPACKET_put_b...(pkt), (0), 2)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

3905

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3906

SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3907

ERR_R_INTERNAL_ERROR);

-

3908

goto err;

never executed: goto err;

0

3909

}

-

3910

OPENSSL_free(senc);

-

3911

EVP_CIPHER_CTX_free(ctx);

-

3912

HMAC_CTX_free(hctx);

-

3913

return 1;

executed 1 time by 1 test: return 1;

Executed by:

libssl.so.1.1

1

3914

}

-

3915

if (ret < 0) {

ret < 0	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

3916

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3917

SSL_R_CALLBACK_FAILED);

-

3918

goto err;

never executed: goto err;

0

3919

}

-

3920

iv_len = EVP_CIPHER_CTX_iv_length(ctx);

-

3921

} else {

executed 8 times by 1 test: end of block

Executed by:

libssl.so.1.1

8

3922

const EVP_CIPHER *cipher = EVP_aes_256_cbc();

-

3923

-

3924

iv_len = EVP_CIPHER_iv_length(cipher);

-

3925

if (RAND_bytes(iv, iv_len) <= 0

RAND_bytes(iv, iv_len) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1

0-1742

3926

|| !EVP_EncryptInit_ex(ctx, cipher, NULL,

!EVP_EncryptIn...k_aes_key, iv)	Description
TRUE	never evaluated
FALSE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1

0-1742

3927

tctx->ext.secure->tick_aes_key, iv)

!EVP_EncryptIn...k_aes_key, iv)	Description
TRUE	never evaluated
FALSE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1

0-1742

3928

|| !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,

!HMAC_Init_ex(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1

0-1742

3929

sizeof(tctx->ext.secure->tick_hmac_key),

!HMAC_Init_ex(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1

0-1742

3930

EVP_sha256(), NULL)) {

!HMAC_Init_ex(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 1742 times by 1 test Evaluated by: libssl.so.1.1

0-1742

3931

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3932

ERR_R_INTERNAL_ERROR);

-

3933

goto err;

never executed: goto err;

0

3934

}

-

3935

memcpy(key_name, tctx->ext.tick_key_name,

-

3936

sizeof(tctx->ext.tick_key_name));

-

3937

}

executed 1742 times by 1 test: end of block

Executed by:

libssl.so.1.1

1742

3938

-

3939

if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {

!create_ticket...d, tick_nonce)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3940

/* SSLfatal() already called */

-

3941

goto err;

never executed: goto err;

0

3942

}

-

3943

-

3944

if (!WPACKET_get_total_written(pkt, &macoffset)

!WPACKET_get_t...t, &macoffset)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3945

/* Output key name */

-

3946

|| !WPACKET_memcpy(pkt, key_name, sizeof(key_name))

!WPACKET_memcp...eof(key_name))	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3947

/* output IV */

-

3948

|| !WPACKET_memcpy(pkt, iv, iv_len)

!WPACKET_memcp...t, iv, iv_len)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3949

|| !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH,

!WPACKET_reser...32, &encdata1)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3950

&encdata1)

!WPACKET_reser...32, &encdata1)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3951

/* Encrypt session data */

-

3952

|| !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen)

!EVP_EncryptUp...n, senc, slen)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3953

|| !WPACKET_allocate_bytes(pkt, len, &encdata2)

!WPACKET_alloc...en, &encdata2)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3954

|| encdata1 != encdata2

encdata1 != encdata2	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3955

|| !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal)

!EVP_EncryptFi...en, &lenfinal)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3956

|| !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2)

!WPACKET_alloc...al, &encdata2)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3957

|| encdata1 + len != encdata2

encdata1 + len != encdata2	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3958

|| len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH

len + lenfinal > slen + 32	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3959

|| !WPACKET_get_total_written(pkt, &macendoffset)

!WPACKET_get_t...&macendoffset)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3960

|| !HMAC_Update(hctx,

!HMAC_Update(h...t - macoffset)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3961

(unsigned char *)s->init_buf->data + macoffset,

!HMAC_Update(h...t - macoffset)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3962

macendoffset - macoffset)

!HMAC_Update(h...t - macoffset)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3963

|| !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1)

!WPACKET_reser...64, &macdata1)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3964

|| !HMAC_Final(hctx, macdata1, &hlen)

!HMAC_Final(hc...cdata1, &hlen)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3965

|| hlen > EVP_MAX_MD_SIZE

hlen > 64	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3966

|| !WPACKET_allocate_bytes(pkt, hlen, &macdata2)

!WPACKET_alloc...en, &macdata2)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3967

|| macdata1 != macdata2) {

macdata1 != macdata2	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3968

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

3969

SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR);

-

3970

goto err;

never executed: goto err;

0

3971

}

-

3972

-

3973

/* Close the sub-packet created by create_ticket_prequel() */

-

3974

if (!WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 1750 times by 1 test Evaluated by: libssl.so.1.1

0-1750

3975

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,

-

3976

ERR_R_INTERNAL_ERROR);

-

3977

goto err;

never executed: goto err;

0

3978

}

-

3979

-

3980

ok = 1;

-

3981

err:

code before this statement executed 1750 times by 1 test: err:

Executed by:

libssl.so.1.1

1750

3982

OPENSSL_free(senc);

-

3983

EVP_CIPHER_CTX_free(ctx);

-

3984

HMAC_CTX_free(hctx);

-

3985

return ok;

executed 1750 times by 1 test: return ok;

Executed by:

libssl.so.1.1

1750

3986

}

-

3987

-

3988

static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,

-

3989

unsigned char *tick_nonce)

-

3990

{

-

3991

if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {

!create_ticket...d, tick_nonce)	Description
TRUE	never evaluated
FALSE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1

0-176

3992

/* SSLfatal() already called */

-

3993

return 0;

never executed: return 0;

0

3994

}

-

3995

-

3996

if (!WPACKET_memcpy(pkt, s->session->session_id,

!WPACKET_memcp...ion_id_length)	Description
TRUE	never evaluated
FALSE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1

0-176

3997

s->session->session_id_length)

!WPACKET_memcp...ion_id_length)	Description
TRUE	never evaluated
FALSE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1

0-176

3998

|| !WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1

0-176

3999

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATEFUL_TICKET,

-

4000

ERR_R_INTERNAL_ERROR);

-

4001

return 0;

never executed: return 0;

0

4002

}

-

4003

-

4004

return 1;

executed 176 times by 1 test: return 1;

Executed by:

libssl.so.1.1

176

4005

}

-

4006

-

4007

int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)

-

4008

{

-

4009

SSL_CTX *tctx = s->session_ctx;

-

4010

unsigned char tick_nonce[TICKET_NONCE_SIZE];

-

4011

union {

-

4012

unsigned char age_add_c[sizeof(uint32_t)];

-

4013

uint32_t age_add;

-

4014

} age_add_u;

-

4015

-

4016

age_add_u.age_add = 0;

-

4017

-

4018

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1783 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 750 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1783

4019

size_t i, hashlen;

-

4020

uint64_t nonce;

-

4021

static const unsigned char nonce_label[] = "resumption";

-

4022

const EVP_MD *md = ssl_handshake_md(s);

-

4023

void (*cb) (const SSL *ssl, int type, int val) = NULL;

-

4024

int hashleni = EVP_MD_size(md);

-

4025

-

4026

/* Ensure cast to size_t is safe */

-

4027

if (!ossl_assert(hashleni >= 0)) {

!((hashleni >= 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4028

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

4029

SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,

-

4030

ERR_R_INTERNAL_ERROR);

-

4031

goto err;

never executed: goto err;

0

4032

}

-

4033

hashlen = (size_t)hashleni;

-

4034

-

4035

if (s->info_callback != NULL)

s->info_callba...!= ((void *)0)	Description
TRUE	evaluated 547 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 486 times by 1 test Evaluated by: libssl.so.1.1

486-547

4036

cb = s->info_callback;

executed 547 times by 1 test: cb = s->info_callback;

Executed by:

libssl.so.1.1

547

4037

else if (s->ctx->info_callback != NULL)

s->ctx->info_c...!= ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 483 times by 1 test Evaluated by: libssl.so.1.1

3-483

4038

cb = s->ctx->info_callback;

executed 3 times by 1 test: cb = s->ctx->info_callback;

Executed by:

libssl.so.1.1

3

4039

-

4040

if (cb != NULL) {

cb != ((void *)0)	Description
TRUE	evaluated 550 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 483 times by 1 test Evaluated by: libssl.so.1.1

483-550

4041

/*

-

4042

* We don't start and stop the handshake in between each ticket when

-

4043

* sending more than one - but it should appear that way to the info

-

4044

* callback.

-

4045

*/

-

4046

if (s->sent_tickets != 0) {

s->sent_tickets != 0	Description
TRUE	evaluated 267 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 283 times by 1 test Evaluated by: libssl.so.1.1

267-283

4047

ossl_statem_set_in_init(s, 0);

-

4048

cb(s, SSL_CB_HANDSHAKE_DONE, 1);

-

4049

ossl_statem_set_in_init(s, 1);

-

4050

}

executed 267 times by 1 test: end of block

Executed by:

libssl.so.1.1

267

4051

cb(s, SSL_CB_HANDSHAKE_START, 1);

-

4052

}

executed 550 times by 1 test: end of block

Executed by:

libssl.so.1.1

550

4053

/*

-

4054

* If we already sent one NewSessionTicket, or we resumed then

-

4055

* s->session may already be in a cache and so we must not modify it.

-

4056

* Instead we need to take a copy of it and modify that.

-

4057

*/

-

4058

if (s->sent_tickets != 0 || s->hit) {

s->sent_tickets != 0	Description
TRUE	evaluated 456 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 577 times by 1 test Evaluated by: libssl.so.1.1

s->hit	Description
TRUE	evaluated 111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 466 times by 1 test Evaluated by: libssl.so.1.1

111-577

4059

SSL_SESSION *new_sess = ssl_session_dup(s->session, 0);

-

4060

-

4061

if (new_sess == NULL) {

new_sess == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 567 times by 1 test Evaluated by: libssl.so.1.1

0-567

4062

/* SSLfatal already called */

-

4063

goto err;

never executed: goto err;

0

4064

}

-

4065

-

4066

SSL_SESSION_free(s->session);

-

4067

s->session = new_sess;

-

4068

}

executed 567 times by 1 test: end of block

Executed by:

libssl.so.1.1

567

4069

-

4070

if (!ssl_generate_session_id(s, s->session)) {

!ssl_generate_...s, s->session)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4071

/* SSLfatal() already called */

-

4072

goto err;

never executed: goto err;

0

4073

}

-

4074

if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {

RAND_bytes(age...e_add_u)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4075

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

4076

SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,

-

4077

ERR_R_INTERNAL_ERROR);

-

4078

goto err;

never executed: goto err;

0

4079

}

-

4080

s->session->ext.tick_age_add = age_add_u.age_add;

-

4081

-

4082

nonce = s->next_ticket_nonce;

-

4083

for (i = TICKET_NONCE_SIZE; i > 0; i--) {

i > 0	Description
TRUE	evaluated 8264 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

1033-8264

4084

tick_nonce[i - 1] = (unsigned char)(nonce & 0xff);

-

4085

nonce >>= 8;

-

4086

}

executed 8264 times by 1 test: end of block

Executed by:

libssl.so.1.1

8264

4087

-

4088

if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4089

nonce_label,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4090

sizeof(nonce_label) - 1,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4091

tick_nonce,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4092

TICKET_NONCE_SIZE,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4093

s->session->master_key,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4094

hashlen)) {

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4095

/* SSLfatal() already called */

-

4096

goto err;

never executed: goto err;

0

4097

}

-

4098

s->session->master_key_length = hashlen;

-

4099

-

4100

s->session->time = (long)time(NULL);

-

4101

if (s->s3->alpn_selected != NULL) {

s->s3->alpn_se...!= ((void *)0)	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1004 times by 1 test Evaluated by: libssl.so.1.1

29-1004

4102

OPENSSL_free(s->session->ext.alpn_selected);

-

4103

s->session->ext.alpn_selected =

-

4104

OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);

-

4105

if (s->session->ext.alpn_selected == NULL) {

s->session->ex...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

4106

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

-

4107

SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,

-

4108

ERR_R_MALLOC_FAILURE);

-

4109

goto err;

never executed: goto err;

0

4110

}

-

4111

s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;

-

4112

}

executed 29 times by 1 test: end of block

Executed by:

libssl.so.1.1

29

4113

s->session->ext.max_early_data = s->max_early_data;

-

4114

}

executed 1033 times by 1 test: end of block

Executed by:

libssl.so.1.1

1033

4115

-

4116

if (tctx->generate_ticket_cb != NULL &&

tctx->generate...!= ((void *)0)	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1898 times by 1 test Evaluated by: libssl.so.1.1

29-1898

4117

tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)

tctx->generate..._cb_data) == 0	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

4118

goto err;

never executed: goto err;

0

4119

-

4120

/*

-

4121

* If we are using anti-replay protection then we behave as if

-

4122

* SSL_OP_NO_TICKET is set - we are caching tickets anyway so there

-

4123

* is no point in using full stateless tickets.

-

4124

*/

-

4125

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1783 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 750 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1783

4126

&& ((s->options & SSL_OP_NO_TICKET) != 0

(s->options & ...0004000U) != 0	Description
TRUE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 972 times by 1 test Evaluated by: libssl.so.1.1

61-972

4127

|| (s->max_early_data > 0

s->max_early_data > 0	Description
TRUE	evaluated 147 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 825 times by 1 test Evaluated by: libssl.so.1.1

147-825

4128

&& (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) {

(s->options & ...1000000U) == 0	Description
TRUE	evaluated 115 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 32 times by 1 test Evaluated by: libssl.so.1.1

32-115

4129

if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {

!construct_sta...d, tick_nonce)	Description
TRUE	never evaluated
FALSE	evaluated 176 times by 1 test Evaluated by: libssl.so.1.1

0-176

4130

/* SSLfatal() already called */

-

4131

goto err;

never executed: goto err;

0

4132

}

-

4133

} else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add,

executed 176 times by 1 test: end of block

Executed by:

libssl.so.1.1

!construct_sta...d, tick_nonce)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

4134

tick_nonce)) {

!construct_sta...d, tick_nonce)	Description
TRUE	never evaluated
FALSE	evaluated 1751 times by 1 test Evaluated by: libssl.so.1.1

0-1751

4135

/* SSLfatal() already called */

-

4136

goto err;

never executed: goto err;

0

4137

}

-

4138

-

4139

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1783 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 750 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1783

4140

if (!tls_construct_extensions(s, pkt,

!tls_construct...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4141

SSL_EXT_TLS1_3_NEW_SESSION_TICKET,

!tls_construct...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4142

NULL, 0)) {

!tls_construct...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-1033

4143

/* SSLfatal() already called */

-

4144

goto err;

never executed: goto err;

0

4145

}

-

4146

/*

-

4147

-

4148

* gets reset to 0 if we send more tickets following a post-handshake

-

4149

* auth, but |next_ticket_nonce| does not.

-

4150

*/

-

4151

s->sent_tickets++;

-

4152

s->next_ticket_nonce++;

-

4153

ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

-

4154

}

executed 1033 times by 1 test: end of block

Executed by:

libssl.so.1.1

1033

4155

-

4156

return 1;

executed 1927 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1927

4157

err:

-

4158

return 0;

never executed: return 0;

0

4159

}

-

4160

-

4161

/*

-

4162

* In TLSv1.3 this is called from the extensions code, otherwise it is used to

-

4163

* create a separate message. Returns 1 on success or 0 on failure.

-

4164

*/

-

4165

int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)

-

4166

{

-

4167

if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)

!WPACKET_put_b...atus_type), 1)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

4168

|| !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,

!WPACKET_sub_m....resp_len), 3)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

4169

s->ext.ocsp.resp_len)) {

-

4170

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY,

-

4171

ERR_R_INTERNAL_ERROR);

-

4172

return 0;

never executed: return 0;

0

4173

}

-

4174

-

4175

return 1;

executed 11 times by 1 test: return 1;

Executed by:

libssl.so.1.1

11

4176

}

-

4177

-

4178

int tls_construct_cert_status(SSL *s, WPACKET *pkt)

-

4179

{

-

4180

if (!tls_construct_cert_status_body(s, pkt)) {

!tls_construct...s_body(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

4181

/* SSLfatal() already called */

-

4182

return 0;

never executed: return 0;

0

4183

}

-

4184

-

4185

return 1;

executed 5 times by 1 test: return 1;

Executed by:

libssl.so.1.1

5

4186

}

-

4187

-

4188

#ifndef OPENSSL_NO_NEXTPROTONEG

-

4189

/*

-

4190

* tls_process_next_proto reads a Next Protocol Negotiation handshake message.

-

4191

* It sets the next_proto member in s if found

-

4192

*/

-

4193

MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)

-

4194

{

-

4195

PACKET next_proto, padding;

-

4196

size_t next_proto_len;

-

4197

-

4198

/*-

-

4199

* The payload looks like:

-

4200

* uint8 proto_len;

-

4201

* uint8 proto[proto_len];

-

4202

* uint8 padding_len;

-

4203

* uint8 padding[padding_len];

-

4204

*/

-

4205

if (!PACKET_get_length_prefixed_1(pkt, &next_proto)

!PACKET_get_le..., &next_proto)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

4206

|| !PACKET_get_length_prefixed_1(pkt, &padding)

!PACKET_get_le...pkt, &padding)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

4207

|| PACKET_remaining(pkt) > 0) {

PACKET_remaining(pkt) > 0	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

4208

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,

-

4209

SSL_R_LENGTH_MISMATCH);

-

4210

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

0

4211

}

-

4212

-

4213

if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) {

!PACKET_memdup...ext_proto_len)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

4214

s->ext.npn_len = 0;

-

4215

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,

-

4216

ERR_R_INTERNAL_ERROR);

-

4217

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

0

4218

}

-

4219

-

4220

s->ext.npn_len = (unsigned char)next_proto_len;

-

4221

-

4222

return MSG_PROCESS_CONTINUE_READING;

executed 21 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

21

4223

}

-

4224

#endif

-

4225

-

4226

static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt)

-

4227

{

-

4228

if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,

!tls_construct...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1

0-854

4229

NULL, 0)) {

!tls_construct...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 854 times by 1 test Evaluated by: libssl.so.1.1

0-854

4230

/* SSLfatal() already called */

-

4231

return 0;

never executed: return 0;

0

4232

}

-

4233

-

4234

return 1;

executed 854 times by 1 test: return 1;

Executed by:

libssl.so.1.1

854

4235

}

-

4236

-

4237

MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt)

-

4238

{

-

4239

if (PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

4240

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,

-

4241

SSL_R_LENGTH_MISMATCH);

-

4242

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

0

4243

}

-

4244

-

4245

if (s->early_data_state != SSL_EARLY_DATA_READING

s->early_data_...Y_DATA_READING	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

6-10

4246

&& s->early_data_state != SSL_EARLY_DATA_READ_RETRY) {

s->early_data_...ATA_READ_RETRY	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

4247

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,

-

4248

ERR_R_INTERNAL_ERROR);

-

4249

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

0

4250

}

-

4251

-

4252

/*

-

4253

* EndOfEarlyData signals a key change so the end of the message must be on

-

4254

* a record boundary.

-

4255

*/

-

4256

if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {

RECORD_LAYER_p...ng(&s->rlayer)	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

4257

SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,

-

4258

SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,

-

4259

SSL_R_NOT_ON_RECORD_BOUNDARY);

-

4260

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

0

4261

}

-

4262

-

4263

s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;

-

4264

if (!s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

4265

SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) {

!s->method->ss...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

0-16

4266

/* SSLfatal() already called */

-

4267

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

0

4268

}

-

4269

-

4270

return MSG_PROCESS_CONTINUE_READING;

executed 16 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

16

4271

}

-