OpenCoverage

statem_lib.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/statem/statem_lib.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

4 * -

5 * Licensed under the OpenSSL license (the "License"). You may not use -

6 * this file except in compliance with the License. You can obtain a copy -

7 * in the file LICENSE in the source distribution or at -

8 * https://www.openssl.org/source/license.html -

9 */ -

10 -

11 #include <limits.h> -

12 #include <string.h> -

13 #include <stdio.h> -

14 #include "../ssl_locl.h" -

15 #include "statem_locl.h" -

16 #include "internal/cryptlib.h" -

17 #include <openssl/buffer.h> -

18 #include <openssl/objects.h> -

19 #include <openssl/evp.h> -

20 #include <openssl/x509.h> -

21 -

22 /* -

23 * Map error codes to TLS/SSL alart types. -

24 */ -

25 typedef struct x509err2alert_st { -

26 int x509err; -

27 int alert; -

28 } X509ERR2ALERT; -

29 -

30 /* Fixed value used in the ServerHello random field to identify an HRR */ -

31 const unsigned char hrrrandom[] = { -

32 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, -

33 0x1e, 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, -

34 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c -

35 }; -

36 -

37 /* -

38 * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or -

39 * SSL3_RT_CHANGE_CIPHER_SPEC) -

40 */ -

41 int ssl3_do_write(SSL *s, int type) -

42 { -

43 int ret; -

44 size_t written = 0; -

45 -

46 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], -

47 s->init_num, &written); -

if (ret < 0)

ret < 0	Description
TRUE	never evaluated
FALSE	evaluated 24034 times by 1 test Evaluated by: libssl.so.1.1

0-24034

return -1;

never executed: return -1;

if (type == SSL3_RT_HANDSHAKE)

type == 22	Description
TRUE	evaluated 19718 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4316 times by 1 test Evaluated by: libssl.so.1.1

4316-19718

51 /* -

52 * should not be done for 'Hello Request's, but in that case we'll -

53 * ignore the result anyway -

54 * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added -

55 */ -

if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 19718 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 10648 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9070 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 5919 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4729 times by 1 test Evaluated by: libssl.so.1.1

s->statem.hand...SESSION_TICKET	Description
TRUE	evaluated 4886 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1033 times by 1 test Evaluated by: libssl.so.1.1

0-19718

&& s->statem.hand_state != TLS_ST_CW_KEY_UPDATE

s->statem.hand..._CW_KEY_UPDATE	Description
TRUE	evaluated 4882 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-4882

&& s->statem.hand_state != TLS_ST_SW_KEY_UPDATE))

s->statem.hand..._SW_KEY_UPDATE	Description
TRUE	evaluated 4878 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-4878

if (!ssl3_finish_mac(s,

!ssl3_finish_m...off], written)	Description
TRUE	never evaluated
FALSE	evaluated 18677 times by 1 test Evaluated by: libssl.so.1.1

0-18677

(unsigned char *)&s->init_buf->data[s->init_off],

!ssl3_finish_m...off], written)	Description
TRUE	never evaluated
FALSE	evaluated 18677 times by 1 test Evaluated by: libssl.so.1.1

0-18677

written))

!ssl3_finish_m...off], written)	Description
TRUE	never evaluated
FALSE	evaluated 18677 times by 1 test Evaluated by: libssl.so.1.1

0-18677

return -1;

never executed: return -1;

if (written == s->init_num) {

written == s->init_num	Description
TRUE	evaluated 24034 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-24034

if (s->msg_callback)

s->msg_callback	Description
TRUE	never evaluated
FALSE	evaluated 24034 times by 1 test Evaluated by: libssl.so.1.1

0-24034

s->msg_callback(1, s->version, type, s->init_buf->data,

never executed: s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);

(size_t)(s->init_off + s->init_num), s,

never executed: s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);

s->msg_callback_arg);

never executed: s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);

return 1;

executed 24034 times by 1 test: return 1;

Executed by:

libssl.so.1.1

24034

69 } -

70 s->init_off += written; -

71 s->init_num -= written; -

return 0;

never executed: return 0;

73 } -

74 -

75 int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) -

76 { -

77 size_t msglen; -

78 -

if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt))

htype != 0x0101	Description
TRUE	evaluated 19718 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4316 times by 1 test Evaluated by: libssl.so.1.1

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 19718 times by 1 test Evaluated by: libssl.so.1.1

0-19718

|| !WPACKET_get_length(pkt, &msglen)

!WPACKET_get_l...(pkt, &msglen)	Description
TRUE	never evaluated
FALSE	evaluated 24034 times by 1 test Evaluated by: libssl.so.1.1

0-24034

|| msglen > INT_MAX)

msglen > 0x7fffffff	Description
TRUE	never evaluated
FALSE	evaluated 24034 times by 1 test Evaluated by: libssl.so.1.1

0-24034

return 0;

never executed: return 0;

83 s->init_num = (int)msglen; -

84 s->init_off = 0; -

85 -

return 1;

executed 24034 times by 1 test: return 1;

Executed by:

libssl.so.1.1

24034

87 } -

88 -

89 int tls_setup_handshake(SSL *s) -

90 { -

if (!ssl3_init_finished_mac(s)) {

!ssl3_init_finished_mac(s)	Description
TRUE	never evaluated
FALSE	evaluated 8064 times by 1 test Evaluated by: libssl.so.1.1

0-8064

92 /* SSLfatal() already called */ -

return 0;

never executed: return 0;

94 } -

95 -

96 /* Reset any extension flags */ -

97 memset(s->ext.extflags, 0, sizeof(s->ext.extflags)); -

98 -

if (s->server) {

s->server	Description
TRUE	evaluated 3751 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4313 times by 1 test Evaluated by: libssl.so.1.1

3751-4313

100 STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s); -

101 int i, ver_min, ver_max, ok = 0; -

102 -

103 /* -

104 * Sanity check that the maximum version we accept has ciphers -

105 * enabled. For clients we do this check during construction of the -

106 * ClientHello. -

107 */ -

108

if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) {

ssl_get_min_ma...id *)0) ) != 0	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3703 times by 1 test Evaluated by: libssl.so.1.1

48-3703

109 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE, -

110 ERR_R_INTERNAL_ERROR); -

111

return 0;

executed 48 times by 1 test: return 0;

Executed by:

libssl.so.1.1

112 } -

113

for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {

i < sk_SSL_CIPHER_num(ciphers)	Description
TRUE	evaluated 10179 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-10179

114 const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); -

115 -

116

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 1234 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8945 times by 1 test Evaluated by: libssl.so.1.1

1234-8945

117

if (DTLS_VERSION_GE(ver_max, c->min_dtls) &&

((ver_max) == 0x0100)	Description
TRUE	never evaluated
FALSE	evaluated 1234 times by 1 test Evaluated by: libssl.so.1.1

((c->min_dtls) == 0x0100)	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1186 times by 1 test Evaluated by: libssl.so.1.1

((((ver_max) =...c->min_dtls)))	Description
TRUE	evaluated 196 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1038 times by 1 test Evaluated by: libssl.so.1.1

0-1234

118

DTLS_VERSION_LE(ver_max, c->max_dtls))

((ver_max) == 0x0100)	Description
TRUE	never evaluated
FALSE	evaluated 196 times by 1 test Evaluated by: libssl.so.1.1

((c->max_dtls) == 0x0100)	Description
TRUE	never evaluated
FALSE	evaluated 196 times by 1 test Evaluated by: libssl.so.1.1

((((ver_max) =...c->max_dtls)))	Description
TRUE	evaluated 196 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-196

119

ok = 1;

executed 196 times by 1 test: ok = 1;

Executed by:

libssl.so.1.1

196

120

} else if (ver_max >= c->min_tls && ver_max <= c->max_tls) {

executed 1234 times by 1 test: end of block

Executed by:

libssl.so.1.1

ver_max >= c->min_tls	Description
TRUE	evaluated 3507 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5438 times by 1 test Evaluated by: libssl.so.1.1

ver_max <= c->max_tls	Description
TRUE	evaluated 3506 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-5438

121 ok = 1; -

122

}

executed 3506 times by 1 test: end of block

Executed by:

libssl.so.1.1

3506

123

if (ok)

ok	Description
TRUE	evaluated 3702 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6477 times by 1 test Evaluated by: libssl.so.1.1

3702-6477

124

break;

executed 3702 times by 1 test: break;

Executed by:

libssl.so.1.1

3702

125

}

executed 6477 times by 1 test: end of block

Executed by:

libssl.so.1.1

6477

126

if (!ok) {

!ok	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3702 times by 1 test Evaluated by: libssl.so.1.1

1-3702

127 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE, -

128 SSL_R_NO_CIPHERS_AVAILABLE); -

129 ERR_add_error_data(1, "No ciphers enabled for max supported " -

130 "SSL/TLS version"); -

131

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

132 } -

133

if (SSL_IS_FIRST_HANDSHAKE(s)) {

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 3663 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1

0-3663

134 /* N.B. s->session_ctx == s->ctx here */ -

135 tsan_counter(&s->session_ctx->stats.sess_accept); -

136

} else {

executed 3663 times by 1 test: end of block

Executed by:

libssl.so.1.1

3663

137 /* N.B. s->ctx may not equal s->session_ctx */ -

138 tsan_counter(&s->ctx->stats.sess_accept_renegotiate); -

139 -

140 s->s3->tmp.cert_request = 0; -

141

}

executed 39 times by 1 test: end of block

Executed by:

libssl.so.1.1

142 } else { -

143

if (SSL_IS_FIRST_HANDSHAKE(s))

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 4289 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-4289

144

tsan_counter(&s->session_ctx->stats.sess_connect);

executed 4289 times by 1 test: __atomic_fetch_add (( (&s->session_ctx->stats.sess_connect) ), ( 1 ), ( memory_order_relaxed )) ;

Executed by:

libssl.so.1.1

4289

145 else -

146

tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate);

executed 24 times by 1 test: __atomic_fetch_add (( (&s->session_ctx->stats.sess_connect_renegotiate) ), ( 1 ), ( memory_order_relaxed )) ;

Executed by:

libssl.so.1.1

147 -

148 /* mark client_random uninitialized */ -

149 memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); -

150 s->hit = 0; -

151 -

152 s->s3->tmp.cert_req = 0; -

153 -

154

if (SSL_IS_DTLS(s))

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 191 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4122 times by 1 test Evaluated by: libssl.so.1.1

191-4122

155

s->statem.use_timer = 1;

executed 191 times by 1 test: s->statem.use_timer = 1;

Executed by:

libssl.so.1.1

191

156

}

executed 4313 times by 1 test: end of block

Executed by:

libssl.so.1.1

4313

157 -

158

return 1;

executed 8015 times by 1 test: return 1;

Executed by:

libssl.so.1.1

8015

159 } -

160 -

161 /* -

162 * Size of the to-be-signed TLS13 data, without the hash size itself: -

163 * 64 bytes of value 32, 33 context bytes, 1 byte separator -

164 */ -

165 #define TLS13_TBS_START_SIZE 64 -

166 #define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) -

167 -

168 static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, -

169 void **hdata, size_t *hdatalen) -

170 { -

171 static const char *servercontext = "TLS 1.3, server CertificateVerify"; -

172 static const char *clientcontext = "TLS 1.3, client CertificateVerify"; -

173 -

174

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1275 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1246 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1246 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1275

175 size_t hashlen; -

176 -

177 /* Set the first 64 bytes of to-be-signed data to octet 32 */ -

178 memset(tls13tbs, 32, TLS13_TBS_START_SIZE); -

179 /* This copies the 33 bytes of context plus the 0 separator byte */ -

180

if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY

s->statem.hand...T_CR_CERT_VRFY	Description
TRUE	evaluated 473 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 773 times by 1 test Evaluated by: libssl.so.1.1

473-773

181

|| s->statem.hand_state == TLS_ST_SW_CERT_VRFY)

s->statem.hand...T_SW_CERT_VRFY	Description
TRUE	evaluated 740 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1

33-740

182

strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext);

executed 1213 times by 1 test: strcpy((char *)tls13tbs + 64, servercontext);

Executed by:

libssl.so.1.1

1213

183 else -

184

strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext);

executed 33 times by 1 test: strcpy((char *)tls13tbs + 64, clientcontext);

Executed by:

libssl.so.1.1

185 -

186 /* -

187 * If we're currently reading then we need to use the saved handshake -

188 * hash value. We can't use the current handshake hash state because -

189 * that includes the CertVerify itself. -

190 */ -

191

if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY

s->statem.hand...T_CR_CERT_VRFY	Description
TRUE	evaluated 473 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 773 times by 1 test Evaluated by: libssl.so.1.1

473-773

192

|| s->statem.hand_state == TLS_ST_SR_CERT_VRFY) {

s->statem.hand...T_SR_CERT_VRFY	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 758 times by 1 test Evaluated by: libssl.so.1.1

15-758

193 memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash, -

194 s->cert_verify_hash_len); -

195 hashlen = s->cert_verify_hash_len; -

196

} else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE,

executed 488 times by 1 test: end of block

Executed by:

libssl.so.1.1

!ssl_handshake... 64, &hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: libssl.so.1.1

0-758

197

EVP_MAX_MD_SIZE, &hashlen)) {

!ssl_handshake... 64, &hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: libssl.so.1.1

0-758

198 /* SSLfatal() already called */ -

199

return 0;

never executed: return 0;

200 } -

201 -

202 *hdata = tls13tbs; -

203 *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen; -

204

} else {

executed 1246 times by 1 test: end of block

Executed by:

libssl.so.1.1

1246

205 size_t retlen; -

206 -

207 retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata); -

208

if (retlen <= 0) {

retlen <= 0	Description
TRUE	never evaluated
FALSE	evaluated 45 times by 1 test Evaluated by: libssl.so.1.1

0-45

209 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, -

210 ERR_R_INTERNAL_ERROR); -

211

return 0;

never executed: return 0;

212 } -

213 *hdatalen = retlen; -

214

}

executed 45 times by 1 test: end of block

Executed by:

libssl.so.1.1

215 -

216

return 1;

executed 1291 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1291

217 } -

218 -

219 int tls_construct_cert_verify(SSL *s, WPACKET *pkt) -

220 { -

221 EVP_PKEY *pkey = NULL; -

222 const EVP_MD *md = NULL; -

223 EVP_MD_CTX *mctx = NULL; -

224 EVP_PKEY_CTX *pctx = NULL; -

225 size_t hdatalen = 0, siglen = 0; -

226 void *hdata; -

227 unsigned char *sig = NULL; -

228 unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; -

229 const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; -

230 -

231

if (lu == NULL || s->s3->tmp.cert == NULL) {

lu == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

s->s3->tmp.cert == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

232 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

233 ERR_R_INTERNAL_ERROR); -

234

goto err;

never executed: goto err;

235 } -

236 pkey = s->s3->tmp.cert->privatekey; -

237 -

238

if (pkey == NULL || !tls1_lookup_md(lu, &md)) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

!tls1_lookup_md(lu, &md)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

239 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

240 ERR_R_INTERNAL_ERROR); -

241

goto err;

never executed: goto err;

242 } -

243 -

244 mctx = EVP_MD_CTX_new(); -

245

if (mctx == NULL) {

mctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

246 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

247 ERR_R_MALLOC_FAILURE); -

248

goto err;

never executed: goto err;

249 } -

250 -

251 /* Get the data to be signed */ -

252

if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {

!get_cert_veri...ta, &hdatalen)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

253 /* SSLfatal() already called */ -

254

goto err;

never executed: goto err;

255 } -

256 -

257

if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {

(s->method->ss...c_flags & 0x2)	Description
TRUE	evaluated 774 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

!WPACKET_put_b...u->sigalg), 2)	Description
TRUE	never evaluated
FALSE	evaluated 774 times by 1 test Evaluated by: libssl.so.1.1

0-774

258 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

259 ERR_R_INTERNAL_ERROR); -

260

goto err;

never executed: goto err;

261 } -

262 siglen = EVP_PKEY_size(pkey); -

263 sig = OPENSSL_malloc(siglen); -

264

if (sig == NULL) {

sig == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

265 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

266 ERR_R_MALLOC_FAILURE); -

267

goto err;

never executed: goto err;

268 } -

269 -

270

if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) {

EVP_DigestSign...) , pkey) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

271 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

272 ERR_R_EVP_LIB); -

273

goto err;

never executed: goto err;

274 } -

275 -

276

if (lu->sig == EVP_PKEY_RSA_PSS) {

lu->sig == 912	Description
TRUE	evaluated 593 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

190-593

277

if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 593 times by 1 test Evaluated by: libssl.so.1.1

0-593

278

|| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 593 times by 1 test Evaluated by: libssl.so.1.1

0-593

279

RSA_PSS_SALTLEN_DIGEST) <= 0) {

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 593 times by 1 test Evaluated by: libssl.so.1.1

0-593

280 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

281 ERR_R_EVP_LIB); -

282

goto err;

never executed: goto err;

283 } -

284

}

executed 593 times by 1 test: end of block

Executed by:

libssl.so.1.1

593

285

if (s->version == SSL3_VERSION) {

s->version == 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

286

if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0

EVP_DigestUpda...hdatalen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

287

|| !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,

!EVP_MD_CTX_ct...n->master_key)	Description
TRUE	never evaluated
FALSE	never evaluated

288

(int)s->session->master_key_length,

!EVP_MD_CTX_ct...n->master_key)	Description
TRUE	never evaluated
FALSE	never evaluated

289

s->session->master_key)

!EVP_MD_CTX_ct...n->master_key)	Description
TRUE	never evaluated
FALSE	never evaluated

290

|| EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {

EVP_DigestSign... &siglen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

291 -

292 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

293 ERR_R_EVP_LIB); -

294

goto err;

never executed: goto err;

295 } -

296

} else if (EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {

never executed: end of block

EVP_DigestSign...hdatalen) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

297 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

298 ERR_R_EVP_LIB); -

299

goto err;

never executed: goto err;

300 } -

301 -

302 #ifndef OPENSSL_NO_GOST -

303 { -

304 int pktype = lu->sig; -

305 -

306

if (pktype == NID_id_GostR3410_2001

pktype == 811	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

307

|| pktype == NID_id_GostR3410_2012_256

pktype == 979	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

308

|| pktype == NID_id_GostR3410_2012_512)

pktype == 980	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

309

BUF_reverse(sig, NULL, siglen);

never executed: BUF_reverse(sig, ((void *)0) , siglen);

310 } -

311 #endif -

312 -

313

if (!WPACKET_sub_memcpy_u16(pkt, sig, siglen)) {

!WPACKET_sub_m..., (siglen), 2)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

314 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -

315 ERR_R_INTERNAL_ERROR); -

316

goto err;

never executed: goto err;

317 } -

318 -

319 /* Digest cached records and discard handshake buffer */ -

320

if (!ssl3_digest_cached_records(s, 0)) {

!ssl3_digest_c..._records(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-783

321 /* SSLfatal() already called */ -

322

goto err;

never executed: goto err;

323 } -

324 -

325 OPENSSL_free(sig); -

326 EVP_MD_CTX_free(mctx); -

327

return 1;

executed 783 times by 1 test: return 1;

Executed by:

libssl.so.1.1

783

328 err: -

329 OPENSSL_free(sig); -

330 EVP_MD_CTX_free(mctx); -

331

return 0;

never executed: return 0;

332 } -

333 -

334 MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) -

335 { -

336 EVP_PKEY *pkey = NULL; -

337 const unsigned char *data; -

338 #ifndef OPENSSL_NO_GOST -

339 unsigned char *gost_data = NULL; -

340 #endif -

341 MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; -

342 int j; -

343 unsigned int len; -

344 X509 *peer; -

345 const EVP_MD *md = NULL; -

346 size_t hdatalen = 0; -

347 void *hdata; -

348 unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; -

349 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); -

350 EVP_PKEY_CTX *pctx = NULL; -

351 -

352

if (mctx == NULL) {

mctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 509 times by 1 test Evaluated by: libssl.so.1.1

0-509

353 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

354 ERR_R_MALLOC_FAILURE); -

355

goto err;

never executed: goto err;

356 } -

357 -

358 peer = s->session->peer; -

359 pkey = X509_get0_pubkey(peer); -

360

if (pkey == NULL) {

pkey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 509 times by 1 test Evaluated by: libssl.so.1.1

0-509

361 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

362 ERR_R_INTERNAL_ERROR); -

363

goto err;

never executed: goto err;

364 } -

365 -

366

if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) {

ssl_cert_looku...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 509 times by 1 test Evaluated by: libssl.so.1.1

0-509

367 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CERT_VERIFY, -

368 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); -

369

goto err;

never executed: goto err;

370 } -

371 -

372

if (SSL_USE_SIGALGS(s)) {

(s->method->ss...c_flags & 0x2)	Description
TRUE	evaluated 503 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-503

373 unsigned int sigalg; -

374 -

375

if (!PACKET_get_net_2(pkt, &sigalg)) {

!PACKET_get_ne...(pkt, &sigalg)	Description
TRUE	never evaluated
FALSE	evaluated 503 times by 1 test Evaluated by: libssl.so.1.1

0-503

376 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

377 SSL_R_BAD_PACKET); -

378

goto err;

never executed: goto err;

379 } -

380

if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) {

tls12_check_pe...lg, pkey) <= 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 502 times by 1 test Evaluated by: libssl.so.1.1

1-502

381 /* SSLfatal() already called */ -

382

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

383 } -

384

} else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {

executed 502 times by 1 test: end of block

Executed by:

libssl.so.1.1

!tls1_set_peer...igalg(s, pkey)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-502

385 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

386 ERR_R_INTERNAL_ERROR); -

387

goto err;

never executed: goto err;

388 } -

389 -

390

if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {

!tls1_lookup_m...r_sigalg, &md)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

391 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

392 ERR_R_INTERNAL_ERROR); -

393

goto err;

never executed: goto err;

394 } -

395 -

396 #ifdef SSL_DEBUG -

397 if (SSL_USE_SIGALGS(s)) -

398 fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); -

399 #endif -

400 -

401 /* Check for broken implementations of GOST ciphersuites */ -

402 /* -

403 * If key is GOST and len is exactly 64 or 128, it is signature without -

404 * length field (CryptoPro implementations at least till TLS 1.2) -

405 */ -

406 #ifndef OPENSSL_NO_GOST -

407

if (!SSL_USE_SIGALGS(s)

!(s->method->s...c_flags & 0x2)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 502 times by 1 test Evaluated by: libssl.so.1.1

6-502

408

&& ((PACKET_remaining(pkt) == 64

PACKET_remaining(pkt) == 64	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

409

&& (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001

EVP_PKEY_id(pkey) == 811	Description
TRUE	never evaluated
FALSE	never evaluated

410

|| EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))

EVP_PKEY_id(pkey) == 979	Description
TRUE	never evaluated
FALSE	never evaluated

411

|| (PACKET_remaining(pkt) == 128

PACKET_remaining(pkt) == 128	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

0-6

412

&& EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {

EVP_PKEY_id(pkey) == 980	Description
TRUE	never evaluated
FALSE	never evaluated

413 len = PACKET_remaining(pkt); -

414

} else

never executed: end of block

415 #endif -

416

if (!PACKET_get_net_2(pkt, &len)) {

!PACKET_get_net_2(pkt, &len)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

417 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

418 SSL_R_LENGTH_MISMATCH); -

419

goto err;

never executed: goto err;

420 } -

421 -

422 j = EVP_PKEY_size(pkey); -

423

if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)

((int)len > j)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

((int)PACKET_r...ning(pkt) > j)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

424

|| (PACKET_remaining(pkt) == 0)) {

(PACKET_remaining(pkt) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

425 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

426 SSL_R_WRONG_SIGNATURE_SIZE); -

427

goto err;

never executed: goto err;

428 } -

429

if (!PACKET_get_bytes(pkt, &data, len)) {

!PACKET_get_by...t, &data, len)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

430 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

431 SSL_R_LENGTH_MISMATCH); -

432

goto err;

never executed: goto err;

433 } -

434 -

435

if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {

!get_cert_veri...ta, &hdatalen)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

436 /* SSLfatal() already called */ -

437

goto err;

never executed: goto err;

438 } -

439 -

440 #ifdef SSL_DEBUG -

441 fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md)); -

442 #endif -

443

if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {

EVP_DigestVeri...) , pkey) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

444 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

445 ERR_R_EVP_LIB); -

446

goto err;

never executed: goto err;

447 } -

448 #ifndef OPENSSL_NO_GOST -

449 { -

450 int pktype = EVP_PKEY_id(pkey); -

451

if (pktype == NID_id_GostR3410_2001

pktype == 811	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

452

|| pktype == NID_id_GostR3410_2012_256

pktype == 979	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

453

|| pktype == NID_id_GostR3410_2012_512) {

pktype == 980	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

454

if ((gost_data = OPENSSL_malloc(len)) == NULL) {

(gost_data = C...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

455 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

456 SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE); -

457

goto err;

never executed: goto err;

458 } -

459 BUF_reverse(gost_data, data, len); -

460 data = gost_data; -

461

}

never executed: end of block

462 } -

463 #endif -

464 -

465

if (SSL_USE_PSS(s)) {

s->s3->tmp.pee...!= ((void *)0)	Description
TRUE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->s3->tmp.pee...lg->sig == 912	Description
TRUE	evaluated 485 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23 times by 1 test Evaluated by: libssl.so.1.1

0-508

466

if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 485 times by 1 test Evaluated by: libssl.so.1.1

0-485

467

|| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 485 times by 1 test Evaluated by: libssl.so.1.1

0-485

468

RSA_PSS_SALTLEN_DIGEST) <= 0) {

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 485 times by 1 test Evaluated by: libssl.so.1.1

0-485

469 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

470 ERR_R_EVP_LIB); -

471

goto err;

never executed: goto err;

472 } -

473

}

executed 485 times by 1 test: end of block

Executed by:

libssl.so.1.1

485

474

if (s->version == SSL3_VERSION) {

s->version == 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 1 test Evaluated by: libssl.so.1.1

0-508

475

if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0

EVP_DigestUpda...hdatalen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

476

|| !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,

!EVP_MD_CTX_ct...n->master_key)	Description
TRUE	never evaluated
FALSE	never evaluated

477

(int)s->session->master_key_length,

!EVP_MD_CTX_ct...n->master_key)	Description
TRUE	never evaluated
FALSE	never evaluated

478

s->session->master_key)) {

!EVP_MD_CTX_ct...n->master_key)	Description
TRUE	never evaluated
FALSE	never evaluated

479 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

480 ERR_R_EVP_LIB); -

481

goto err;

never executed: goto err;

482 } -

483

if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) {

EVP_DigestVeri...ata, len) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

484 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

485 SSL_R_BAD_SIGNATURE); -

486

goto err;

never executed: goto err;

487 } -

488

} else {

never executed: end of block

489 j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen); -

490

if (j <= 0) {

j <= 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 506 times by 1 test Evaluated by: libssl.so.1.1

2-506

491 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -

492 SSL_R_BAD_SIGNATURE); -

493

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

494 } -

495

}

executed 506 times by 1 test: end of block

Executed by:

libssl.so.1.1

506

496 -

497 ret = MSG_PROCESS_CONTINUE_READING; -

498

err:

code before this statement executed 506 times by 1 test: err:

Executed by:

libssl.so.1.1

506

499 BIO_free(s->s3->handshake_buffer); -

500 s->s3->handshake_buffer = NULL; -

501 EVP_MD_CTX_free(mctx); -

502 #ifndef OPENSSL_NO_GOST -

503 OPENSSL_free(gost_data); -

504 #endif -

505

return ret;

executed 509 times by 1 test: return ret;

Executed by:

libssl.so.1.1

509

506 } -

507 -

508 int tls_construct_finished(SSL *s, WPACKET *pkt) -

509 { -

510 size_t finish_md_len; -

511 const char *sender; -

512 size_t slen; -

513 -

514 /* This is a real handshake so make sure we clean it up at the end */ -

515

if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED)

!s->server	Description
TRUE	evaluated 2054 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1919 times by 1 test Evaluated by: libssl.so.1.1

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 2029 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

25-2054

516

s->statem.cleanuphand = 1;

executed 2029 times by 1 test: s->statem.cleanuphand = 1;

Executed by:

libssl.so.1.1

2029

517 -

518 /* -

519 * We only change the keys if we didn't already do this when we sent the -

520 * client certificate -

521 */ -

522

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3614 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 359 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1451 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2163 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1451 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3614

523

&& !s->server

!s->server	Description
TRUE	evaluated 598 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 853 times by 1 test Evaluated by: libssl.so.1.1

598-853

524

&& s->s3->tmp.cert_req == 0

s->s3->tmp.cert_req == 0	Description
TRUE	evaluated 555 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

43-555

525

&& (!s->method->ssl3_enc->change_cipher_state(s,

(!s->method->s...0x010\|0x002)))	Description
TRUE	never evaluated
FALSE	evaluated 555 times by 1 test Evaluated by: libssl.so.1.1

0-555

526

SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;

(!s->method->s...0x010\|0x002)))	Description
TRUE	never evaluated
FALSE	evaluated 555 times by 1 test Evaluated by: libssl.so.1.1

0-555

527 /* SSLfatal() already called */ -

528

return 0;

never executed: return 0;

529 } -

530 -

531

if (s->server) {

s->server	Description
TRUE	evaluated 1919 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2054 times by 1 test Evaluated by: libssl.so.1.1

1919-2054

532 sender = s->method->ssl3_enc->server_finished_label; -

533 slen = s->method->ssl3_enc->server_finished_label_len; -

534

} else {

executed 1919 times by 1 test: end of block

Executed by:

libssl.so.1.1

1919

535 sender = s->method->ssl3_enc->client_finished_label; -

536 slen = s->method->ssl3_enc->client_finished_label_len; -

537

}

executed 2054 times by 1 test: end of block

Executed by:

libssl.so.1.1

2054

538 -

539 finish_md_len = s->method->ssl3_enc->final_finish_mac(s, -

540 sender, slen, -

541 s->s3->tmp.finish_md); -

542

if (finish_md_len == 0) {

finish_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 3973 times by 1 test Evaluated by: libssl.so.1.1

0-3973

543 /* SSLfatal() already called */ -

544

return 0;

never executed: return 0;

545 } -

546 -

547 s->s3->tmp.finish_md_len = finish_md_len; -

548 -

549

if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) {

!WPACKET_memcp...finish_md_len)	Description
TRUE	never evaluated
FALSE	evaluated 3973 times by 1 test Evaluated by: libssl.so.1.1

0-3973

550 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED, -

551 ERR_R_INTERNAL_ERROR); -

552

return 0;

never executed: return 0;

553 } -

554 -

555 /* -

556 * Log the master secret, if logging is enabled. We don't log it for -

557 * TLSv1.3: there's a different key schedule for that. -

558 */ -

559

if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL,

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3614 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 359 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1451 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2163 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1451 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!ssl_log_secre...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 2522 times by 1 test Evaluated by: libssl.so.1.1

0-3614

560

s->session->master_key,

!ssl_log_secre...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 2522 times by 1 test Evaluated by: libssl.so.1.1

0-2522

561

s->session->master_key_length)) {

!ssl_log_secre...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 2522 times by 1 test Evaluated by: libssl.so.1.1

0-2522

562 /* SSLfatal() already called */ -

563

return 0;

never executed: return 0;

564 } -

565 -

566 /* -

567 * Copy the finished so we can use it for renegotiation checks -

568 */ -

569

if (!ossl_assert(finish_md_len <= EVP_MAX_MD_SIZE)) {

!((finish_md_len <= 64) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 3973 times by 1 test Evaluated by: libssl.so.1.1

0-3973

570 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED, -

571 ERR_R_INTERNAL_ERROR); -

572

return 0;

never executed: return 0;

573 } -

574

if (!s->server) {

!s->server	Description
TRUE	evaluated 2054 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1919 times by 1 test Evaluated by: libssl.so.1.1

1919-2054

575 memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, -

576 finish_md_len); -

577 s->s3->previous_client_finished_len = finish_md_len; -

578

} else {

executed 2054 times by 1 test: end of block

Executed by:

libssl.so.1.1

2054

579 memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, -

580 finish_md_len); -

581 s->s3->previous_server_finished_len = finish_md_len; -

582

}

executed 1919 times by 1 test: end of block

Executed by:

libssl.so.1.1

1919

583 -

584

return 1;

executed 3973 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3973

585 } -

586 -

587 int tls_construct_key_update(SSL *s, WPACKET *pkt) -

588 { -

589

if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {

!WPACKET_put_b...ey_update), 1)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

590 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, -

591 ERR_R_INTERNAL_ERROR); -

592

return 0;

never executed: return 0;

593 } -

594 -

595 s->key_update = SSL_KEY_UPDATE_NONE; -

596

return 1;

executed 8 times by 1 test: return 1;

Executed by:

libssl.so.1.1

597 } -

598 -

599 MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) -

600 { -

601 unsigned int updatetype; -

602 -

603 s->key_update_count++; -

604

if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) {

s->key_update_count > 32	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

605 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE, -

606 SSL_R_TOO_MANY_KEY_UPDATES); -

607

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

608 } -

609 -

610 /* -

611 * A KeyUpdate message signals a key change so the end of the message must -

612 * be on a record boundary. -

613 */ -

614

if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {

RECORD_LAYER_p...ng(&s->rlayer)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

1-7

615 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE, -

616 SSL_R_NOT_ON_RECORD_BOUNDARY); -

617

return MSG_PROCESS_ERROR;

executed 1 time by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

618 } -

619 -

620

if (!PACKET_get_1(pkt, &updatetype)

!PACKET_get_1(..., &updatetype)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

0-7

621

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

0-7

622 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE, -

623 SSL_R_BAD_KEY_UPDATE); -

624

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

625 } -

626 -

627 /* -

628 * There are only two defined key update types. Fail if we get a value we -

629 * didn't recognise. -

630 */ -

631

if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED

updatetype != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

3-4

632

&& updatetype != SSL_KEY_UPDATE_REQUESTED) {

updatetype != 1	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

633 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE, -

634 SSL_R_BAD_KEY_UPDATE); -

635

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

636 } -

637 -

638 /* -

639 * If we get a request for us to update our sending keys too then, we need -

640 * to additionally send a KeyUpdate message. However that message should -

641 * not also request an update (otherwise we get into an infinite loop). We -

642 * ignore a request for us to update our sending keys too if we already -

643 * sent close_notify. -

644 */ -

645

if (updatetype == SSL_KEY_UPDATE_REQUESTED

updatetype == 1	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

3-4

646

&& (s->shutdown & SSL_SENT_SHUTDOWN) == 0)

(s->shutdown & 1) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-2

647

s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;

executed 2 times by 1 test: s->key_update = 0;

Executed by:

libssl.so.1.1

648 -

649

if (!tls13_update_key(s, 0)) {

!tls13_update_key(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

0-7

650 /* SSLfatal() already called */ -

651

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

652 } -

653 -

654

return MSG_PROCESS_FINISHED_READING;

executed 7 times by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

655 } -

656 -

657 /* -

658 * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen -

659 * to far. -

660 */ -

661 int ssl3_take_mac(SSL *s) -

662 { -

663 const char *sender; -

664 size_t slen; -

665 -

666

if (!s->server) {

!s->server	Description
TRUE	evaluated 1626 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1633 times by 1 test Evaluated by: libssl.so.1.1

1626-1633

667 sender = s->method->ssl3_enc->server_finished_label; -

668 slen = s->method->ssl3_enc->server_finished_label_len; -

669

} else {

executed 1626 times by 1 test: end of block

Executed by:

libssl.so.1.1

1626

670 sender = s->method->ssl3_enc->client_finished_label; -

671 slen = s->method->ssl3_enc->client_finished_label_len; -

672

}

executed 1633 times by 1 test: end of block

Executed by:

libssl.so.1.1

1633

673 -

674 s->s3->tmp.peer_finish_md_len = -

675 s->method->ssl3_enc->final_finish_mac(s, sender, slen, -

676 s->s3->tmp.peer_finish_md); -

677 -

678

if (s->s3->tmp.peer_finish_md_len == 0) {

s->s3->tmp.pee...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 3259 times by 1 test Evaluated by: libssl.so.1.1

0-3259

679 /* SSLfatal() already called */ -

680

return 0;

never executed: return 0;

681 } -

682 -

683

return 1;

executed 3259 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3259

684 } -

685 -

686 MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) -

687 { -

688 size_t remain; -

689 -

690 remain = PACKET_remaining(pkt); -

691 /* -

692 * 'Change Cipher Spec' is just a single byte, which should already have -

693 * been consumed by ssl_get_message() so there should be no bytes left, -

694 * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes -

695 */ -

696

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 355 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2114 times by 1 test Evaluated by: libssl.so.1.1

355-2114

697

if ((s->version == DTLS1_BAD_VER

s->version == 0x0100	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 354 times by 1 test Evaluated by: libssl.so.1.1

1-354

698

&& remain != DTLS1_CCS_HEADER_LENGTH + 1)

remain != 1 + 1	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

699

|| (s->version != DTLS1_BAD_VER

s->version != 0x0100	Description
TRUE	evaluated 354 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-354

700

&& remain != DTLS1_CCS_HEADER_LENGTH - 1)) {

remain != 1 - 1	Description
TRUE	never evaluated
FALSE	evaluated 354 times by 1 test Evaluated by: libssl.so.1.1

0-354

701 SSLfatal(s, SSL_AD_DECODE_ERROR, -

702 SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, -

703 SSL_R_BAD_CHANGE_CIPHER_SPEC); -

704

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

705 } -

706

} else {

executed 355 times by 1 test: end of block

Executed by:

libssl.so.1.1

355

707

if (remain != 0) {

remain != 0	Description
TRUE	never evaluated
FALSE	evaluated 2114 times by 1 test Evaluated by: libssl.so.1.1

0-2114

708 SSLfatal(s, SSL_AD_DECODE_ERROR, -

709 SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, -

710 SSL_R_BAD_CHANGE_CIPHER_SPEC); -

711

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

712 } -

713

}

executed 2114 times by 1 test: end of block

Executed by:

libssl.so.1.1

2114

714 -

715 /* Check we have a cipher to change to */ -

716

if (s->s3->tmp.new_cipher == NULL) {

s->s3->tmp.new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2469 times by 1 test Evaluated by: libssl.so.1.1

0-2469

717 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, -

718 SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); -

719

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

720 } -

721 -

722 s->s3->change_cipher_spec = 1; -

723

if (!ssl3_do_change_cipher_spec(s)) {

!ssl3_do_change_cipher_spec(s)	Description
TRUE	never evaluated
FALSE	evaluated 2469 times by 1 test Evaluated by: libssl.so.1.1

0-2469

724 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, -

725 ERR_R_INTERNAL_ERROR); -

726

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

727 } -

728 -

729

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 355 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2114 times by 1 test Evaluated by: libssl.so.1.1

355-2114

730 dtls1_reset_seq_numbers(s, SSL3_CC_READ); -

731 -

732

if (s->version == DTLS1_BAD_VER)

s->version == 0x0100	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 354 times by 1 test Evaluated by: libssl.so.1.1

1-354

733

s->d1->handshake_read_seq++;

executed 1 time by 1 test: s->d1->handshake_read_seq++;

Executed by:

libssl.so.1.1

734 -

735 #ifndef OPENSSL_NO_SCTP -

736 /* -

737 * Remember that a CCS has been received, so that an old key of -

738 * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no -

739 * SCTP is used -

740 */ -

741 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); -

742 #endif -

743

}

executed 355 times by 1 test: end of block

Executed by:

libssl.so.1.1

355

744 -

745

return MSG_PROCESS_CONTINUE_READING;

executed 2469 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

2469

746 } -

747 -

748 MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) -

749 { -

750 size_t md_len; -

751 -

752 -

753 /* This is a real handshake so make sure we clean it up at the end */ -

754

if (s->server) {

s->server	Description
TRUE	evaluated 1633 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1626 times by 1 test Evaluated by: libssl.so.1.1

1626-1633

755 /* -

756 * To get this far we must have read encrypted data from the client. We -

757 * no longer tolerate unencrypted alerts. This value is ignored if less -

758 * than TLSv1.3 -

759 */ -

760 s->statem.enc_read_state = ENC_READ_STATE_VALID; -

761

if (s->post_handshake_auth != SSL_PHA_REQUESTED)

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 1611 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

22-1611

762

s->statem.cleanuphand = 1;

executed 1611 times by 1 test: s->statem.cleanuphand = 1;

Executed by:

libssl.so.1.1

1611

763

if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1456 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 587 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 869 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 587 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!tls13_save_ha...est_for_pha(s)	Description
TRUE	never evaluated
FALSE	evaluated 587 times by 1 test Evaluated by: libssl.so.1.1

0-1456

764 /* SSLfatal() already called */ -

765

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

766 } -

767

}

executed 1633 times by 1 test: end of block

Executed by:

libssl.so.1.1

1633

768 -

769 /* -

770 * In TLSv1.3 a Finished message signals a key change so the end of the -

771 * message must be on a record boundary. -

772 */ -

773

if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2904 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 355 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1163 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1741 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1163 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

RECORD_LAYER_p...ng(&s->rlayer)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1162 times by 1 test Evaluated by: libssl.so.1.1

0-2904

774 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED, -

775 SSL_R_NOT_ON_RECORD_BOUNDARY); -

776

return MSG_PROCESS_ERROR;

executed 1 time by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

777 } -

778 -

779 /* If this occurs, we have missed a message */ -

780

if (!SSL_IS_TLS13(s) && !s->s3->change_cipher_spec) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2903 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 355 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1162 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1741 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1162 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!s->s3->change_cipher_spec	Description
TRUE	never evaluated
FALSE	evaluated 2096 times by 1 test Evaluated by: libssl.so.1.1

0-2903

781 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED, -

782 SSL_R_GOT_A_FIN_BEFORE_A_CCS); -

783

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

784 } -

785 s->s3->change_cipher_spec = 0; -

786 -

787 md_len = s->s3->tmp.peer_finish_md_len; -

788 -

789

if (md_len != PACKET_remaining(pkt)) {

md_len != PACK...remaining(pkt)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3257 times by 1 test Evaluated by: libssl.so.1.1

1-3257

790 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED, -

791 SSL_R_BAD_DIGEST_LENGTH); -

792

return MSG_PROCESS_ERROR;

executed 1 time by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

793 } -

794 -

795

if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md,

CRYPTO_memcmp(..., md_len) != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3254 times by 1 test Evaluated by: libssl.so.1.1

3-3254

796

md_len) != 0) {

CRYPTO_memcmp(..., md_len) != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3254 times by 1 test Evaluated by: libssl.so.1.1

3-3254

797 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED, -

798 SSL_R_DIGEST_CHECK_FAILED); -

799

return MSG_PROCESS_ERROR;

executed 3 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

800 } -

801 -

802 /* -

803 * Copy the finished so we can use it for renegotiation checks -

804 */ -

805

if (!ossl_assert(md_len <= EVP_MAX_MD_SIZE)) {

!((md_len <= 64) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 3254 times by 1 test Evaluated by: libssl.so.1.1

0-3254

806 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_FINISHED, -

807 ERR_R_INTERNAL_ERROR); -

808

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

809 } -

810

if (s->server) {

s->server	Description
TRUE	evaluated 1633 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1621 times by 1 test Evaluated by: libssl.so.1.1

1621-1633

811 memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, -

812 md_len); -

813 s->s3->previous_client_finished_len = md_len; -

814

} else {

executed 1633 times by 1 test: end of block

Executed by:

libssl.so.1.1

1633

815 memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, -

816 md_len); -

817 s->s3->previous_server_finished_len = md_len; -

818

}

executed 1621 times by 1 test: end of block

Executed by:

libssl.so.1.1

1621

819 -

820 /* -

821 * In TLS1.3 we also have to change cipher state and do any final processing -

822 * of the initial server flight (if we are a client) -

823 */ -

824

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2899 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 355 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1162 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1737 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 1162 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2899

825

if (s->server) {

s->server	Description
TRUE	evaluated 587 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 575 times by 1 test Evaluated by: libssl.so.1.1

575-587

826

if (s->post_handshake_auth != SSL_PHA_REQUESTED &&

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 565 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

22-565

827

!s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 565 times by 1 test Evaluated by: libssl.so.1.1

0-565

828

SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {

!s->method->ss...(0x020\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 565 times by 1 test Evaluated by: libssl.so.1.1

0-565

829 /* SSLfatal() already called */ -

830

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

831 } -

832

} else {

executed 587 times by 1 test: end of block

Executed by:

libssl.so.1.1

587

833

if (!s->method->ssl3_enc->generate_master_secret(s,

!s->method->ss...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 575 times by 1 test Evaluated by: libssl.so.1.1

0-575

834

s->master_secret, s->handshake_secret, 0,

!s->method->ss...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 575 times by 1 test Evaluated by: libssl.so.1.1

0-575

835

&s->session->master_key_length)) {

!s->method->ss...er_key_length)	Description
TRUE	never evaluated
FALSE	evaluated 575 times by 1 test Evaluated by: libssl.so.1.1

0-575

836 /* SSLfatal() already called */ -

837

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

838 } -

839

if (!s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x010\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 575 times by 1 test Evaluated by: libssl.so.1.1

0-575

840

SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {

!s->method->ss...(0x010\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 575 times by 1 test Evaluated by: libssl.so.1.1

0-575

841 /* SSLfatal() already called */ -

842

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

843 } -

844

if (!tls_process_initial_server_flight(s)) {

!tls_process_i...rver_flight(s)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 573 times by 1 test Evaluated by: libssl.so.1.1

2-573

845 /* SSLfatal() already called */ -

846

return MSG_PROCESS_ERROR;

executed 2 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

847 } -

848

}

executed 573 times by 1 test: end of block

Executed by:

libssl.so.1.1

573

849 } -

850 -

851

return MSG_PROCESS_FINISHED_READING;

executed 3252 times by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

3252

852 } -

853 -

854 int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) -

855 { -

856

if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {

!WPACKET_put_b...(pkt), (1), 1)	Description
TRUE	never evaluated
FALSE	evaluated 4316 times by 1 test Evaluated by: libssl.so.1.1

0-4316

857 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

858 SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); -

859

return 0;

never executed: return 0;

860 } -

861 -

862

return 1;

executed 4316 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4316

863 } -

864 -

865 /* Add a certificate to the WPACKET */ -

866 static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) -

867 { -

868 int len; -

869 unsigned char *outbytes; -

870 -

871 len = i2d_X509(x, NULL); -

872

if (len < 0) {

len < 0	Description
TRUE	never evaluated
FALSE	evaluated 2304 times by 1 test Evaluated by: libssl.so.1.1

0-2304

873 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET, -

874 ERR_R_BUF_LIB); -

875

return 0;

never executed: return 0;

876 } -

877

if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes)

!WPACKET_sub_a...&outbytes), 3)	Description
TRUE	never evaluated
FALSE	evaluated 2304 times by 1 test Evaluated by: libssl.so.1.1

0-2304

878

|| i2d_X509(x, &outbytes) != len) {

i2d_X509(x, &outbytes) != len	Description
TRUE	never evaluated
FALSE	evaluated 2304 times by 1 test Evaluated by: libssl.so.1.1

0-2304

879 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET, -

880 ERR_R_INTERNAL_ERROR); -

881

return 0;

never executed: return 0;

882 } -

883 -

884

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2103 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 201 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 858 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1245 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 858 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2103

885

&& !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x,

!tls_construct...000, x, chain)	Description
TRUE	never evaluated
FALSE	evaluated 858 times by 1 test Evaluated by: libssl.so.1.1

0-858

886

chain)) {

!tls_construct...000, x, chain)	Description
TRUE	never evaluated
FALSE	evaluated 858 times by 1 test Evaluated by: libssl.so.1.1

0-858

887 /* SSLfatal() already called */ -

888

return 0;

never executed: return 0;

889 } -

890 -

891

return 1;

executed 2304 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2304

892 } -

893 -

894 /* Add certificate chain to provided WPACKET */ -

895 static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) -

896 { -

897 int i, chain_count; -

898 X509 *x; -

899 STACK_OF(X509) *extra_certs; -

900 STACK_OF(X509) *chain = NULL; -

901 X509_STORE *chain_store; -

902 -

903

if (cpk == NULL || cpk->x509 == NULL)

cpk == ((void *)0)	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2143 times by 1 test Evaluated by: libssl.so.1.1

cpk->x509 == ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2142 times by 1 test Evaluated by: libssl.so.1.1

1-2143

904

return 1;

executed 40 times by 1 test: return 1;

Executed by:

libssl.so.1.1

905 -

906 x = cpk->x509; -

907 -

908 /* -

909 * If we have a certificate specific chain use it, else use parent ctx. -

910 */ -

911

if (cpk->chain != NULL)

cpk->chain != ((void *)0)	Description
TRUE	evaluated 35 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2107 times by 1 test Evaluated by: libssl.so.1.1

35-2107

912

extra_certs = cpk->chain;

executed 35 times by 1 test: extra_certs = cpk->chain;

Executed by:

libssl.so.1.1

913 else -

914

extra_certs = s->ctx->extra_certs;

executed 2107 times by 1 test: extra_certs = s->ctx->extra_certs;

Executed by:

libssl.so.1.1

2107

915 -

916

if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)

(s->mode & 0x00000008U)	Description
TRUE	never evaluated
FALSE	evaluated 2142 times by 1 test Evaluated by: libssl.so.1.1

extra_certs	Description
TRUE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1

0-2142

917

chain_store = NULL;

executed 38 times by 1 test: chain_store = ((void *)0) ;

Executed by:

libssl.so.1.1

918

else if (s->cert->chain_store)

s->cert->chain_store	Description
TRUE	never evaluated
FALSE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1

0-2104

919

chain_store = s->cert->chain_store;

never executed: chain_store = s->cert->chain_store;

920 else -

921

chain_store = s->ctx->cert_store;

executed 2104 times by 1 test: chain_store = s->ctx->cert_store;

Executed by:

libssl.so.1.1

2104

922 -

923

if (chain_store != NULL) {

chain_store != ((void *)0)	Description
TRUE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1

38-2104

924 X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new(); -

925 -

926

if (xs_ctx == NULL) {

xs_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1

0-2104

927 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, -

928 ERR_R_MALLOC_FAILURE); -

929

return 0;

never executed: return 0;

930 } -

931

if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) {

!X509_STORE_CT... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1

0-2104

932 X509_STORE_CTX_free(xs_ctx); -

933 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, -

934 ERR_R_X509_LIB); -

935

return 0;

never executed: return 0;

936 } -

937 /* -

938 * It is valid for the chain not to be complete (because normally we -

939 * don't include the root cert in the chain). Therefore we deliberately -

940 * ignore the error return from this call. We're not actually verifying -

941 * the cert - we're just building as much of the chain as we can -

942 */ -

943 (void)X509_verify_cert(xs_ctx); -

944 /* Don't leave errors in the queue */ -

945 ERR_clear_error(); -

946 chain = X509_STORE_CTX_get0_chain(xs_ctx); -

947 i = ssl_security_cert_chain(s, chain, NULL, 0); -

948

if (i != 1) {

i != 1	Description
TRUE	never evaluated
FALSE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1

0-2104

949 #if 0 -

950 /* Dummy error calls so mkerr generates them */ -

951 SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL); -

952 SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL); -

953 SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK); -

954 #endif -

955 X509_STORE_CTX_free(xs_ctx); -

956 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i); -

957

return 0;

never executed: return 0;

958 } -

959 chain_count = sk_X509_num(chain); -

960

for (i = 0; i < chain_count; i++) {

i < chain_count	Description
TRUE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2104 times by 1 test Evaluated by: libssl.so.1.1

2104-2111

961 x = sk_X509_value(chain, i); -

962 -

963

if (!ssl_add_cert_to_wpacket(s, pkt, x, i)) {

!ssl_add_cert_...(s, pkt, x, i)	Description
TRUE	never evaluated
FALSE	evaluated 2111 times by 1 test Evaluated by: libssl.so.1.1

0-2111

964 /* SSLfatal() already called */ -

965 X509_STORE_CTX_free(xs_ctx); -

966

return 0;

never executed: return 0;

967 } -

968

}

executed 2111 times by 1 test: end of block

Executed by:

libssl.so.1.1

2111

969 X509_STORE_CTX_free(xs_ctx); -

970

} else {

executed 2104 times by 1 test: end of block

Executed by:

libssl.so.1.1

2104

971 i = ssl_security_cert_chain(s, extra_certs, x, 0); -

972

if (i != 1) {

i != 1	Description
TRUE	never evaluated
FALSE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1

0-38

973 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i); -

974

return 0;

never executed: return 0;

975 } -

976

if (!ssl_add_cert_to_wpacket(s, pkt, x, 0)) {

!ssl_add_cert_...(s, pkt, x, 0)	Description
TRUE	never evaluated
FALSE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1

0-38

977 /* SSLfatal() already called */ -

978

return 0;

never executed: return 0;

979 } -

980

for (i = 0; i < sk_X509_num(extra_certs); i++) {

i < sk_X509_num(extra_certs)	Description
TRUE	evaluated 155 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 38 times by 1 test Evaluated by: libssl.so.1.1

38-155

981 x = sk_X509_value(extra_certs, i); -

982

if (!ssl_add_cert_to_wpacket(s, pkt, x, i + 1)) {

!ssl_add_cert_...pkt, x, i + 1)	Description
TRUE	never evaluated
FALSE	evaluated 155 times by 1 test Evaluated by: libssl.so.1.1

0-155

983 /* SSLfatal() already called */ -

984

return 0;

never executed: return 0;

985 } -

986

}

executed 155 times by 1 test: end of block

Executed by:

libssl.so.1.1

155

987

}

executed 38 times by 1 test: end of block

Executed by:

libssl.so.1.1

988

return 1;

executed 2142 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2142

989 } -

990 -

991 unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) -

992 { -

993

if (!WPACKET_start_sub_packet_u24(pkt)) {

!WPACKET_start...en__((pkt), 3)	Description
TRUE	never evaluated
FALSE	evaluated 2182 times by 1 test Evaluated by: libssl.so.1.1

0-2182

994 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN, -

995 ERR_R_INTERNAL_ERROR); -

996

return 0;

never executed: return 0;

997 } -

998 -

999

if (!ssl_add_cert_chain(s, pkt, cpk))

!ssl_add_cert_...n(s, pkt, cpk)	Description
TRUE	never evaluated
FALSE	evaluated 2182 times by 1 test Evaluated by: libssl.so.1.1

0-2182

1000

return 0;

never executed: return 0;

1001 -

1002

if (!WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 2182 times by 1 test Evaluated by: libssl.so.1.1

0-2182

1003 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN, -

1004 ERR_R_INTERNAL_ERROR); -

1005

return 0;

never executed: return 0;

1006 } -

1007 -

1008

return 1;

executed 2182 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2182

1009 } -

1010 -

1011 /* -

1012 * Tidy up after the end of a handshake. In the case of SCTP this may result -

1013 * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is -

1014 * freed up as well. -

1015 */ -

1016 WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) -

1017 { -

1018 void (*cb) (const SSL *ssl, int type, int val) = NULL; -

1019 -

1020

if (clearbufs) {

clearbufs	Description
TRUE	evaluated 4433 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 630 times by 1 test Evaluated by: libssl.so.1.1

630-4433

1021

if (!SSL_IS_DTLS(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 4075 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 358 times by 1 test Evaluated by: libssl.so.1.1

358-4075

1022 /* -

1023 * We don't do this in DTLS because we may still need the init_buf -

1024 * in case there are any unexpected retransmits -

1025 */ -

1026 BUF_MEM_free(s->init_buf); -

1027 s->init_buf = NULL; -

1028

}

executed 4075 times by 1 test: end of block

Executed by:

libssl.so.1.1

4075

1029

if (!ssl_free_wbio_buffer(s)) {

!ssl_free_wbio_buffer(s)	Description
TRUE	never evaluated
FALSE	evaluated 4433 times by 1 test Evaluated by: libssl.so.1.1

0-4433

1030 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE, -

1031 ERR_R_INTERNAL_ERROR); -

1032

return WORK_ERROR;

never executed: return WORK_ERROR;

1033 } -

1034 s->init_num = 0; -

1035

}

executed 4433 times by 1 test: end of block

Executed by:

libssl.so.1.1

4433

1036 -

1037

if (SSL_IS_TLS13(s) && !s->server

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 4705 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 358 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 2960 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1745 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 2910 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

!s->server	Description
TRUE	evaluated 1555 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1355 times by 1 test Evaluated by: libssl.so.1.1

50-4705

1038

&& s->post_handshake_auth == SSL_PHA_REQUESTED)

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1530 times by 1 test Evaluated by: libssl.so.1.1

25-1530

1039

s->post_handshake_auth = SSL_PHA_EXT_SENT;

executed 25 times by 1 test: s->post_handshake_auth = SSL_PHA_EXT_SENT;

Executed by:

libssl.so.1.1

1040 -

1041 /* -

1042 * Only set if there was a Finished message and this isn't after a TLSv1.3 -

1043 * post handshake exchange -

1044 */ -

1045

if (s->statem.cleanuphand) {

s->statem.cleanuphand	Description
TRUE	evaluated 3230 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1833 times by 1 test Evaluated by: libssl.so.1.1

1833-3230

1046 /* skipped if we just sent a HelloRequest */ -

1047 s->renegotiate = 0; -

1048 s->new_session = 0; -

1049 s->statem.cleanuphand = 0; -

1050 s->ext.ticket_expected = 0; -

1051 -

1052 ssl3_cleanup_key_block(s); -

1053 -

1054

if (s->server) {

s->server	Description
TRUE	evaluated 1611 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1619 times by 1 test Evaluated by: libssl.so.1.1

1611-1619

1055 /* -

1056 * In TLSv1.3 we update the cache as part of constructing the -

1057 * NewSessionTicket -

1058 */ -

1059

if (!SSL_IS_TLS13(s))

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1434 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 565 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 869 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 565 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1434

1060

ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

executed 1046 times by 1 test: ssl_update_cache(s, 0x0002);

Executed by:

libssl.so.1.1

1046

1061 -

1062 /* N.B. s->ctx may not equal s->session_ctx */ -

1063 tsan_counter(&s->ctx->stats.sess_accept_good); -

1064 s->handshake_func = ossl_statem_accept; -

1065 -

1066

if (SSL_IS_DTLS(s) && !s->hit) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1434 times by 1 test Evaluated by: libssl.so.1.1

!s->hit	Description
TRUE	evaluated 161 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

16-1434

1067 /* -

1068 * We are finishing after the client. We start the timer going -

1069 * in case there are any retransmits of our final flight -

1070 * required. -

1071 */ -

1072 dtls1_start_timer(s); -

1073

}

executed 161 times by 1 test: end of block

Executed by:

libssl.so.1.1

161

1074

} else {

executed 1611 times by 1 test: end of block

Executed by:

libssl.so.1.1

1611

1075

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1441 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 178 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 573 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 868 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 573 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1441

1076 /* -

1077 * We encourage applications to only use TLSv1.3 tickets once, -

1078 * so we remove this one from the cache. -

1079 */ -

1080

if ((s->session_ctx->session_cache_mode

(s->session_ct...& 0x0001) != 0	Description
TRUE	evaluated 95 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 478 times by 1 test Evaluated by: libssl.so.1.1

95-478

1081

& SSL_SESS_CACHE_CLIENT) != 0)

(s->session_ct...& 0x0001) != 0	Description
TRUE	evaluated 95 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 478 times by 1 test Evaluated by: libssl.so.1.1

95-478

1082

SSL_CTX_remove_session(s->session_ctx, s->session);

executed 95 times by 1 test: SSL_CTX_remove_session(s->session_ctx, s->session);

Executed by:

libssl.so.1.1

1083

} else {

executed 573 times by 1 test: end of block

Executed by:

libssl.so.1.1

573

1084 /* -

1085 * In TLSv1.3 we update the cache as part of processing the -

1086 * NewSessionTicket -

1087 */ -

1088 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); -

1089

}

executed 1046 times by 1 test: end of block

Executed by:

libssl.so.1.1

1046

1090

if (s->hit)

s->hit	Description
TRUE	evaluated 168 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1451 times by 1 test Evaluated by: libssl.so.1.1

168-1451

1091

tsan_counter(&s->session_ctx->stats.sess_hit);

executed 168 times by 1 test: __atomic_fetch_add (( (&s->session_ctx->stats.sess_hit) ), ( 1 ), ( memory_order_relaxed )) ;

Executed by:

libssl.so.1.1

168

1092 -

1093 s->handshake_func = ossl_statem_connect; -

1094 tsan_counter(&s->session_ctx->stats.sess_connect_good); -

1095 -

1096

if (SSL_IS_DTLS(s) && s->hit) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 178 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1441 times by 1 test Evaluated by: libssl.so.1.1

s->hit	Description
TRUE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 161 times by 1 test Evaluated by: libssl.so.1.1

17-1441

1097 /* -

1098 * We are finishing after the server. We start the timer going -

1099 * in case there are any retransmits of our final flight -

1100 * required. -

1101 */ -

1102 dtls1_start_timer(s); -

1103

}

executed 17 times by 1 test: end of block

Executed by:

libssl.so.1.1

1104

}

executed 1619 times by 1 test: end of block

Executed by:

libssl.so.1.1

1619

1105 -

1106

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 355 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2875 times by 1 test Evaluated by: libssl.so.1.1

355-2875

1107 /* done with handshaking */ -

1108 s->d1->handshake_read_seq = 0; -

1109 s->d1->handshake_write_seq = 0; -

1110 s->d1->next_handshake_write_seq = 0; -

1111 dtls1_clear_received_buffer(s); -

1112

}

executed 355 times by 1 test: end of block

Executed by:

libssl.so.1.1

355

1113

}

executed 3230 times by 1 test: end of block

Executed by:

libssl.so.1.1

3230

1114 -

1115

if (s->info_callback != NULL)

s->info_callba...!= ((void *)0)	Description
TRUE	evaluated 2805 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2258 times by 1 test Evaluated by: libssl.so.1.1

2258-2805

1116

cb = s->info_callback;

executed 2805 times by 1 test: cb = s->info_callback;

Executed by:

libssl.so.1.1

2805

1117

else if (s->ctx->info_callback != NULL)

s->ctx->info_c...!= ((void *)0)	Description
TRUE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2245 times by 1 test Evaluated by: libssl.so.1.1

13-2245

1118

cb = s->ctx->info_callback;

executed 13 times by 1 test: cb = s->ctx->info_callback;

Executed by:

libssl.so.1.1

1119 -

1120 /* The callback may expect us to not be in init at handshake done */ -

1121 ossl_statem_set_in_init(s, 0); -

1122 -

1123

if (cb != NULL)

cb != ((void *)0)	Description
TRUE	evaluated 2818 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2245 times by 1 test Evaluated by: libssl.so.1.1

2245-2818

1124

cb(s, SSL_CB_HANDSHAKE_DONE, 1);

executed 2818 times by 1 test: cb(s, 0x20, 1);

Executed by:

libssl.so.1.1

2818

1125 -

1126

if (!stop) {

!stop	Description
TRUE	evaluated 577 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4486 times by 1 test Evaluated by: libssl.so.1.1

577-4486

1127 /* If we've got more work to do we go back into init */ -

1128 ossl_statem_set_in_init(s, 1); -

1129

return WORK_FINISHED_CONTINUE;

executed 577 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

577

1130 } -

1131 -

1132

return WORK_FINISHED_STOP;

executed 4486 times by 1 test: return WORK_FINISHED_STOP;

Executed by:

libssl.so.1.1

4486

1133 } -

1134 -

1135 int tls_get_message_header(SSL *s, int *mt) -

1136 { -

1137 /* s->init_num < SSL3_HM_HEADER_LENGTH */ -

1138 int skip_message, i, recvd_type; -

1139 unsigned char *p; -

1140 size_t l, readbytes; -

1141 -

1142 p = (unsigned char *)s->init_buf->data; -

1143 -

1144 do { -

1145

while (s->init_num < SSL3_HM_HEADER_LENGTH) {

s->init_num < 4	Description
TRUE	evaluated 41601 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21641 times by 1 test Evaluated by: libssl.so.1.1

21641-41601

1146 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, -

1147 &p[s->init_num], -

1148 SSL3_HM_HEADER_LENGTH - s->init_num, -

1149 0, &readbytes); -

1150

if (i <= 0) {

i <= 0	Description
TRUE	evaluated 17479 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24122 times by 1 test Evaluated by: libssl.so.1.1

17479-24122

1151 s->rwstate = SSL_READING; -

1152

return 0;

executed 17479 times by 1 test: return 0;

Executed by:

libssl.so.1.1

17479

1153 } -

1154

if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {

recvd_type == 20	Description
TRUE	evaluated 2125 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 21997 times by 1 test Evaluated by: libssl.so.1.1

2125-21997

1155 /* -

1156 * A ChangeCipherSpec must be a single byte and may not occur -

1157 * in the middle of a handshake message. -

1158 */ -

1159

if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) {

s->init_num != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2123 times by 1 test Evaluated by: libssl.so.1.1

readbytes != 1	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2120 times by 1 test Evaluated by: libssl.so.1.1

p[0] != 1	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2116 times by 1 test Evaluated by: libssl.so.1.1

2-2123

1160 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, -

1161 SSL_F_TLS_GET_MESSAGE_HEADER, -

1162 SSL_R_BAD_CHANGE_CIPHER_SPEC); -

1163

return 0;

executed 9 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1164 } -

1165

if (s->statem.hand_state == TLS_ST_BEFORE

s->statem.hand... TLS_ST_BEFORE	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2115 times by 1 test Evaluated by: libssl.so.1.1

1-2115

1166

&& (s->s3->flags & TLS1_FLAGS_STATELESS) != 0) {

(s->s3->flags & 0x0800) != 0	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

1167 /* -

1168 * We are stateless and we received a CCS. Probably this is -

1169 * from a client between the first and second ClientHellos. -

1170 * We should ignore this, but return an error because we do -

1171 * not return success until we see the second ClientHello -

1172 * with a valid cookie. -

1173 */ -

1174

return 0;

never executed: return 0;

1175 } -

1176 s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; -

1177 s->init_num = readbytes - 1; -

1178 s->init_msg = s->init_buf->data; -

1179 s->s3->tmp.message_size = readbytes; -

1180

return 1;

executed 2116 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2116

1181

} else if (recvd_type != SSL3_RT_HANDSHAKE) {

recvd_type != 22	Description
TRUE	never evaluated
FALSE	evaluated 21997 times by 1 test Evaluated by: libssl.so.1.1

0-21997

1182 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, -

1183 SSL_F_TLS_GET_MESSAGE_HEADER, -

1184 SSL_R_CCS_RECEIVED_EARLY); -

1185

return 0;

never executed: return 0;

1186 } -

1187 s->init_num += readbytes; -

1188

}

executed 21997 times by 1 test: end of block

Executed by:

libssl.so.1.1

21997

1189 -

1190 skip_message = 0; -

1191

if (!s->server)

!s->server	Description
TRUE	evaluated 15395 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6246 times by 1 test Evaluated by: libssl.so.1.1

6246-15395

1192

if (s->statem.hand_state != TLS_ST_OK

s->statem.hand...e != TLS_ST_OK	Description
TRUE	evaluated 14412 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 983 times by 1 test Evaluated by: libssl.so.1.1

983-14412

1193

&& p[0] == SSL3_MT_HELLO_REQUEST)

p[0] == 0	Description
TRUE	evaluated 1130 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13282 times by 1 test Evaluated by: libssl.so.1.1

1130-13282

1194 /* -

1195 * The server may always send 'Hello Request' messages -- -

1196 * we are doing a handshake anyway now, so ignore them if -

1197 * their format is correct. Does not count for 'Finished' -

1198 * MAC. -

1199 */ -

1200

if (p[1] == 0 && p[2] == 0 && p[3] == 0) {

p[1] == 0	Description
TRUE	evaluated 1114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1

p[2] == 0	Description
TRUE	evaluated 1106 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

p[3] == 0	Description
TRUE	evaluated 1105 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-1114

1201 s->init_num = 0; -

1202 skip_message = 1; -

1203 -

1204

if (s->msg_callback)

s->msg_callback	Description
TRUE	never evaluated
FALSE	evaluated 1105 times by 1 test Evaluated by: libssl.so.1.1

0-1105

1205

s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,

never executed: s->msg_callback(0, s->version, 22, p, 4, s, s->msg_callback_arg);

1206

p, SSL3_HM_HEADER_LENGTH, s,

never executed: s->msg_callback(0, s->version, 22, p, 4, s, s->msg_callback_arg);

1207

s->msg_callback_arg);

never executed: s->msg_callback(0, s->version, 22, p, 4, s, s->msg_callback_arg);

1208

}

executed 1105 times by 1 test: end of block

Executed by:

libssl.so.1.1

1105

1209

} while (skip_message);

executed 21641 times by 1 test: end of block

Executed by:

libssl.so.1.1

skip_message	Description
TRUE	evaluated 1105 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20536 times by 1 test Evaluated by: libssl.so.1.1

1105-21641

1210 /* s->init_num == SSL3_HM_HEADER_LENGTH */ -

1211 -

1212 *mt = *p; -

1213 s->s3->tmp.message_type = *(p++); -

1214 -

1215

if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {

RECORD_LAYER_i...rd(&s->rlayer)	Description
TRUE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20351 times by 1 test Evaluated by: libssl.so.1.1

185-20351

1216 /* -

1217 * Only happens with SSLv3+ in an SSLv2 backward compatible -

1218 * ClientHello -

1219 * -

1220 * Total message size is the remaining record bytes to read -

1221 * plus the SSL3_HM_HEADER_LENGTH bytes that we already read -

1222 */ -

1223 l = RECORD_LAYER_get_rrec_length(&s->rlayer) -

1224 + SSL3_HM_HEADER_LENGTH; -

1225 s->s3->tmp.message_size = l; -

1226 -

1227 s->init_msg = s->init_buf->data; -

1228 s->init_num = SSL3_HM_HEADER_LENGTH; -

1229

} else {

executed 185 times by 1 test: end of block

Executed by:

libssl.so.1.1

185

1230 n2l3(p, l); -

1231 /* BUF_MEM_grow takes an 'int' parameter */ -

1232

if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) {

l > (0x7fffffff - 4)	Description
TRUE	never evaluated
FALSE	evaluated 20351 times by 1 test Evaluated by: libssl.so.1.1

0-20351

1233 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_GET_MESSAGE_HEADER, -

1234 SSL_R_EXCESSIVE_MESSAGE_SIZE); -

1235

return 0;

never executed: return 0;

1236 } -

1237 s->s3->tmp.message_size = l; -

1238 -

1239 s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; -

1240 s->init_num = 0; -

1241

}

executed 20351 times by 1 test: end of block

Executed by:

libssl.so.1.1

20351

1242 -

1243

return 1;

executed 20536 times by 1 test: return 1;

Executed by:

libssl.so.1.1

20536

1244 } -

1245 -

1246 int tls_get_message_body(SSL *s, size_t *len) -

1247 { -

1248 size_t n, readbytes; -

1249 unsigned char *p; -

1250 int i; -

1251 -

1252

if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {

s->s3->tmp.mes...type == 0x0101	Description
TRUE	evaluated 2114 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22875 times by 1 test Evaluated by: libssl.so.1.1

2114-22875

1253 /* We've already read everything in */ -

1254 *len = (unsigned long)s->init_num; -

1255

return 1;

executed 2114 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2114

1256 } -

1257 -

1258 p = s->init_msg; -

1259 n = s->s3->tmp.message_size - s->init_num; -

1260

while (n > 0) {

n > 0	Description
TRUE	evaluated 26088 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20397 times by 1 test Evaluated by: libssl.so.1.1

20397-26088

1261 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, -

1262 &p[s->init_num], n, 0, &readbytes); -

1263

if (i <= 0) {

i <= 0	Description
TRUE	evaluated 2478 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23610 times by 1 test Evaluated by: libssl.so.1.1

2478-23610

1264 s->rwstate = SSL_READING; -

1265 *len = 0; -

1266

return 0;

executed 2478 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2478

1267 } -

1268 s->init_num += readbytes; -

1269 n -= readbytes; -

1270

}

executed 23610 times by 1 test: end of block

Executed by:

libssl.so.1.1

23610

1271 -

1272 /* -

1273 * If receiving Finished, record MAC of prior handshake messages for -

1274 * Finished verification. -

1275 */ -

1276

if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {

*(s->init_buf->data) == 20	Description
TRUE	evaluated 2904 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17493 times by 1 test Evaluated by: libssl.so.1.1

!ssl3_take_mac(s)	Description
TRUE	never evaluated
FALSE	evaluated 2904 times by 1 test Evaluated by: libssl.so.1.1

0-17493

1277 /* SSLfatal() already called */ -

1278 *len = 0; -

1279

return 0;

never executed: return 0;

1280 } -

1281 -

1282 /* Feed this message into MAC computation. */ -

1283

if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {

RECORD_LAYER_i...rd(&s->rlayer)	Description
TRUE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 20212 times by 1 test Evaluated by: libssl.so.1.1

185-20212

1284

if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,

!ssl3_finish_m..., s->init_num)	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1285

s->init_num)) {

!ssl3_finish_m..., s->init_num)	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1286 /* SSLfatal() already called */ -

1287 *len = 0; -

1288

return 0;

never executed: return 0;

1289 } -

1290

if (s->msg_callback)

s->msg_callback	Description
TRUE	never evaluated
FALSE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1

0-185

1291

s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,

never executed: s->msg_callback(0, 0x0002, 0, s->init_buf->data, (size_t)s->init_num, s, s->msg_callback_arg);

1292

(size_t)s->init_num, s, s->msg_callback_arg);

never executed: s->msg_callback(0, 0x0002, 0, s->init_buf->data, (size_t)s->init_num, s, s->msg_callback_arg);

1293

} else {

executed 185 times by 1 test: end of block

Executed by:

libssl.so.1.1

185

1294 /* -

1295 * We defer feeding in the HRR until later. We'll do it as part of -

1296 * processing the message -

1297 * The TLsv1.3 handshake transcript stops at the ClientFinished -

1298 * message. -

1299 */ -

1300 #define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) -

1301 /* KeyUpdate and NewSessionTicket do not need to be added */ -

1302

if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 20212 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 11497 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8715 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 3855 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7642 times by 1 test Evaluated by: libssl.so.1.1

s->s3->tmp.message_type != 4	Description
TRUE	evaluated 2908 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-20212

1303

&& s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) {

s->s3->tmp.message_type != 24	Description
TRUE	evaluated 2900 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-2900

1304

if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO

s->s3->tmp.message_type != 2	Description
TRUE	evaluated 14844 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4413 times by 1 test Evaluated by: libssl.so.1.1

4413-14844

1305

|| s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE

s->init_num < (4 + 2) + 32	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4403 times by 1 test Evaluated by: libssl.so.1.1

10-4403

1306

|| memcmp(hrrrandom,

memcmp(hrrrand...+ 2), 32) != 0	Description
TRUE	evaluated 3667 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 736 times by 1 test Evaluated by: libssl.so.1.1

736-3667

1307

s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET,

memcmp(hrrrand...+ 2), 32) != 0	Description
TRUE	evaluated 3667 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 736 times by 1 test Evaluated by: libssl.so.1.1

736-3667

1308

SSL3_RANDOM_SIZE) != 0) {

memcmp(hrrrand...+ 2), 32) != 0	Description
TRUE	evaluated 3667 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 736 times by 1 test Evaluated by: libssl.so.1.1

736-3667

1309

if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,

!ssl3_finish_m...>init_num + 4)	Description
TRUE	never evaluated
FALSE	evaluated 18521 times by 1 test Evaluated by: libssl.so.1.1

0-18521

1310

s->init_num + SSL3_HM_HEADER_LENGTH)) {

!ssl3_finish_m...>init_num + 4)	Description
TRUE	never evaluated
FALSE	evaluated 18521 times by 1 test Evaluated by: libssl.so.1.1

0-18521

1311 /* SSLfatal() already called */ -

1312 *len = 0; -

1313

return 0;

never executed: return 0;

1314 } -

1315

}

executed 18521 times by 1 test: end of block

Executed by:

libssl.so.1.1

18521

1316

}

executed 19257 times by 1 test: end of block

Executed by:

libssl.so.1.1

19257

1317

if (s->msg_callback)

s->msg_callback	Description
TRUE	never evaluated
FALSE	evaluated 20212 times by 1 test Evaluated by: libssl.so.1.1

0-20212

1318

s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,

never executed: s->msg_callback(0, s->version, 22, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);

1319

(size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,

never executed: s->msg_callback(0, s->version, 22, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);

1320

s->msg_callback_arg);

never executed: s->msg_callback(0, s->version, 22, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);

1321

}

executed 20212 times by 1 test: end of block

Executed by:

libssl.so.1.1

20212

1322 -

1323 *len = s->init_num; -

1324

return 1;

executed 20397 times by 1 test: return 1;

Executed by:

libssl.so.1.1

20397

1325 } -

1326 -

1327 static const X509ERR2ALERT x509table[] = { -

1328 {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, -

1329 {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, -

1330 {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, -

1331 {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, -

1332 {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, -

1333 {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, -

1334 {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE}, -

1335 {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED}, -

1336 {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, -

1337 {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE}, -

1338 {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, -

1339 {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, -

1340 {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, -

1341 {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE}, -

1342 {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA}, -

1343 {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, -

1344 {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE}, -

1345 {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE}, -

1346 {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE}, -

1347 {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, -

1348 {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, -

1349 {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE}, -

1350 {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA}, -

1351 {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR}, -

1352 {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE}, -

1353 {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE}, -

1354 {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR}, -

1355 {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA}, -

1356 {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA}, -

1357 {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR}, -

1358 {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE}, -

1359 {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, -

1360 {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, -

1361 {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA}, -

1362 {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA}, -

1363 {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA}, -

1364 {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA}, -

1365 {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA}, -

1366 {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR}, -

1367 -

1368 /* Last entry; return this if we don't find the value above. */ -

1369 {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN} -

1370 }; -

1371 -

1372 int ssl_x509err2alert(int x509err) -

1373 { -

1374 const X509ERR2ALERT *tp; -

1375 -

1376

for (tp = x509table; tp->x509err != X509_V_OK; ++tp)

tp->x509err != 0	Description
TRUE	evaluated 372 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-372

1377

if (tp->x509err == x509err)

tp->x509err == x509err	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 360 times by 1 test Evaluated by: libssl.so.1.1

12-360

1378

break;

executed 12 times by 1 test: break;

Executed by:

libssl.so.1.1

1379

return tp->alert;

executed 12 times by 1 test: return tp->alert;

Executed by:

libssl.so.1.1

1380 } -

1381 -

1382 int ssl_allow_compression(SSL *s) -

1383 { -

1384

if (s->options & SSL_OP_NO_COMPRESSION)

s->options & 0x00020000U	Description
TRUE	evaluated 23912 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-23912

1385

return 0;

executed 23912 times by 1 test: return 0;

Executed by:

libssl.so.1.1

23912

1386

return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);

never executed: return ssl_security(s, (15 | 0), 0, 0, ((void *)0) );

1387 } -

1388 -

1389 static int version_cmp(const SSL *s, int a, int b) -

1390 { -

1391 int dtls = SSL_IS_DTLS(s); -

1392 -

1393

if (a == b)

a == b	Description
TRUE	evaluated 31290 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 70559 times by 1 test Evaluated by: libssl.so.1.1

31290-70559

1394

return 0;

executed 31290 times by 1 test: return 0;

Executed by:

libssl.so.1.1

31290

1395

if (!dtls)

!dtls	Description
TRUE	evaluated 68287 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2272 times by 1 test Evaluated by: libssl.so.1.1

2272-68287

1396

return a < b ? -1 : 1;

executed 68287 times by 1 test: return a < b ? -1 : 1;

Executed by:

libssl.so.1.1

a < b	Description
TRUE	evaluated 36816 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 31471 times by 1 test Evaluated by: libssl.so.1.1

31471-68287

1397

return DTLS_VERSION_LT(a, b) ? -1 : 1;

executed 2272 times by 1 test: return ((((a) == 0x0100) ? 0xff00 : (a)) > (((b) == 0x0100) ? 0xff00 : (b))) ? -1 : 1;

Executed by:

libssl.so.1.1

((((a) == 0x01...0xff00 : (b)))	Description
TRUE	evaluated 1647 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 625 times by 1 test Evaluated by: libssl.so.1.1

((a) == 0x0100)	Description
TRUE	evaluated 774 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1498 times by 1 test Evaluated by: libssl.so.1.1

625-2272

1398 } -

1399 -

1400 typedef struct { -

1401 int version; -

1402 const SSL_METHOD *(*cmeth) (void); -

1403 const SSL_METHOD *(*smeth) (void); -

1404 } version_info; -

1405 -

1406 #if TLS_MAX_VERSION != TLS1_3_VERSION -

1407 # error Code needs update for TLS_method() support beyond TLS1_3_VERSION. -

1408 #endif -

1409 -

1410 /* Must be in order high to low */ -

1411 static const version_info tls_version_table[] = { -

1412 #ifndef OPENSSL_NO_TLS1_3 -

1413 {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, -

1414 #else -

1415 {TLS1_3_VERSION, NULL, NULL}, -

1416 #endif -

1417 #ifndef OPENSSL_NO_TLS1_2 -

1418 {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, -

1419 #else -

1420 {TLS1_2_VERSION, NULL, NULL}, -

1421 #endif -

1422 #ifndef OPENSSL_NO_TLS1_1 -

1423 {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method}, -

1424 #else -

1425 {TLS1_1_VERSION, NULL, NULL}, -

1426 #endif -

1427 #ifndef OPENSSL_NO_TLS1 -

1428 {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method}, -

1429 #else -

1430 {TLS1_VERSION, NULL, NULL}, -

1431 #endif -

1432 #ifndef OPENSSL_NO_SSL3 -

1433 {SSL3_VERSION, sslv3_client_method, sslv3_server_method}, -

1434 #else -

1435 {SSL3_VERSION, NULL, NULL}, -

1436 #endif -

1437 {0, NULL, NULL}, -

1438 }; -

1439 -

1440 #if DTLS_MAX_VERSION != DTLS1_2_VERSION -

1441 # error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. -

1442 #endif -

1443 -

1444 /* Must be in order high to low */ -

1445 static const version_info dtls_version_table[] = { -

1446 #ifndef OPENSSL_NO_DTLS1_2 -

1447 {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method}, -

1448 #else -

1449 {DTLS1_2_VERSION, NULL, NULL}, -

1450 #endif -

1451 #ifndef OPENSSL_NO_DTLS1 -

1452 {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method}, -

1453 {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL}, -

1454 #else -

1455 {DTLS1_VERSION, NULL, NULL}, -

1456 {DTLS1_BAD_VER, NULL, NULL}, -

1457 #endif -

1458 {0, NULL, NULL}, -

1459 }; -

1460 -

1461 /* -

1462 * ssl_method_error - Check whether an SSL_METHOD is enabled. -

1463 * -

1464 * @s: The SSL handle for the candidate method -

1465 * @method: the intended method. -

1466 * -

1467 * Returns 0 on success, or an SSL error reason on failure. -

1468 */ -

1469 static int ssl_method_error(const SSL *s, const SSL_METHOD *method) -

1470 { -

1471 int version = method->version; -

1472 -

1473

if ((s->min_proto_version != 0 &&

s->min_proto_version != 0	Description
TRUE	evaluated 29064 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 84877 times by 1 test Evaluated by: libssl.so.1.1

29064-84877

1474

version_cmp(s, version, s->min_proto_version) < 0) ||

version_cmp(s,...o_version) < 0	Description
TRUE	evaluated 5423 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23641 times by 1 test Evaluated by: libssl.so.1.1

5423-23641

1475

ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0)

ssl_security(s...id *)0) ) == 0	Description
TRUE	never evaluated
FALSE	evaluated 108518 times by 1 test Evaluated by: libssl.so.1.1

0-108518

1476

return SSL_R_VERSION_TOO_LOW;

executed 5423 times by 1 test: return 396;

Executed by:

libssl.so.1.1

5423

1477 -

1478

if (s->max_proto_version != 0 &&

s->max_proto_version != 0	Description
TRUE	evaluated 41761 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 66757 times by 1 test Evaluated by: libssl.so.1.1

41761-66757

1479

version_cmp(s, version, s->max_proto_version) > 0)

version_cmp(s,...o_version) > 0	Description
TRUE	evaluated 8340 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 33421 times by 1 test Evaluated by: libssl.so.1.1

8340-33421

1480

return SSL_R_VERSION_TOO_HIGH;

executed 8340 times by 1 test: return 166;

Executed by:

libssl.so.1.1

8340

1481 -

1482

if ((s->options & method->mask) != 0)

(s->options & ...od->mask) != 0	Description
TRUE	evaluated 429 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 99749 times by 1 test Evaluated by: libssl.so.1.1

429-99749

1483

return SSL_R_UNSUPPORTED_PROTOCOL;

executed 429 times by 1 test: return 258;

Executed by:

libssl.so.1.1

429

1484

if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s))

(method->flags & (1U<<1)) != 0	Description
TRUE	evaluated 48926 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 50823 times by 1 test Evaluated by: libssl.so.1.1

(s->cert->cert...ags & 0x30000)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 48922 times by 1 test Evaluated by: libssl.so.1.1

4-50823

1485

return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE;

executed 4 times by 1 test: return 158;

Executed by:

libssl.so.1.1

1486 -

1487

return 0;

executed 99745 times by 1 test: return 0;

Executed by:

libssl.so.1.1

99745

1488 } -

1489 -

1490 /* -

1491 * Only called by servers. Returns 1 if the server has a TLSv1.3 capable -

1492 * certificate type, or has PSK or a certificate callback configured. Otherwise -

1493 * returns 0. -

1494 */ -

1495 static int is_tls13_capable(const SSL *s) -

1496 { -

1497 int i; -

1498 -

1499 #ifndef OPENSSL_NO_PSK -

1500

if (s->psk_server_callback != NULL)

s->psk_server_...!= ((void *)0)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1980 times by 1 test Evaluated by: libssl.so.1.1

10-1980

1501

return 1;

executed 10 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1502 #endif -

1503 -

1504

if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL)

s->psk_find_se...!= ((void *)0)	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1960 times by 1 test Evaluated by: libssl.so.1.1

s->cert->cert_...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1960 times by 1 test Evaluated by: libssl.so.1.1

0-1960

1505

return 1;

executed 20 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1506 -

1507

for (i = 0; i < SSL_PKEY_NUM; i++) {

i < 9	Description
TRUE	evaluated 1966 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1966

1508 /* Skip over certs disallowed for TLSv1.3 */ -

1509 switch (i) { -

1510

case SSL_PKEY_DSA_SIGN:

executed 1 time by 1 test: case 2:

Executed by:

libssl.so.1.1

1511

case SSL_PKEY_GOST01:

never executed: case 4:

1512

case SSL_PKEY_GOST12_256:

never executed: case 5:

1513

case SSL_PKEY_GOST12_512:

never executed: case 6:

1514

continue;

executed 1 time by 1 test: continue;

Executed by:

libssl.so.1.1

1515

default:

executed 1965 times by 1 test: default:

Executed by:

libssl.so.1.1

1965

1516

break;

executed 1965 times by 1 test: break;

Executed by:

libssl.so.1.1

1965

1517 } -

1518

if (ssl_has_cert(s, i))

ssl_has_cert(s, i)	Description
TRUE	evaluated 1960 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-1960

1519

return 1;

executed 1960 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1960

1520

}

executed 5 times by 1 test: end of block

Executed by:

libssl.so.1.1

1521 -

1522

return 0;

never executed: return 0;

1523 } -

1524 -

1525 /* -

1526 * ssl_version_supported - Check that the specified `version` is supported by -

1527 * `SSL *` instance -

1528 * -

1529 * @s: The SSL handle for the candidate method -

1530 * @version: Protocol version to test against -

1531 * -

1532 * Returns 1 when supported, otherwise 0 -

1533 */ -

1534 int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) -

1535 { -

1536 const version_info *vent; -

1537 const version_info *table; -

1538 -

1539 switch (s->method->version) { -

1540

default:

executed 519 times by 1 test: default:

Executed by:

libssl.so.1.1

519

1541 /* Version should match method version for non-ANY method */ -

1542

return version_cmp(s, version, s->version) == 0;

executed 519 times by 1 test: return version_cmp(s, version, s->version) == 0;

Executed by:

libssl.so.1.1

519

1543

case TLS_ANY_VERSION:

executed 5831 times by 1 test: case 0x10000:

Executed by:

libssl.so.1.1

5831

1544 table = tls_version_table; -

1545

break;

executed 5831 times by 1 test: break;

Executed by:

libssl.so.1.1

5831

1546

case DTLS_ANY_VERSION:

executed 25 times by 1 test: case 0x1FFFF:

Executed by:

libssl.so.1.1

1547 table = dtls_version_table; -

1548

break;

executed 25 times by 1 test: break;

Executed by:

libssl.so.1.1

1549 } -

1550 -

1551 for (vent = table; -

1552

vent->version != 0 && version_cmp(s, version, vent->version) <= 0;

vent->version != 0	Description
TRUE	evaluated 8778 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 105 times by 1 test Evaluated by: libssl.so.1.1

version_cmp(s,...>version) <= 0	Description
TRUE	evaluated 6758 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2020 times by 1 test Evaluated by: libssl.so.1.1

105-8778

1553 ++vent) { -

1554

if (vent->cmeth != NULL

vent->cmeth != ((void *)0)	Description
TRUE	evaluated 6653 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 105 times by 1 test Evaluated by: libssl.so.1.1

105-6653

1555

&& version_cmp(s, version, vent->version) == 0

version_cmp(s,...>version) == 0	Description
TRUE	evaluated 4669 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1984 times by 1 test Evaluated by: libssl.so.1.1

1984-4669

1556

&& ssl_method_error(s, vent->cmeth()) == 0

ssl_method_err...>cmeth()) == 0	Description
TRUE	evaluated 3731 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 938 times by 1 test Evaluated by: libssl.so.1.1

938-3731

1557

&& (!s->server

!s->server	Description
TRUE	evaluated 914 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2817 times by 1 test Evaluated by: libssl.so.1.1

914-2817

1558

|| version != TLS1_3_VERSION

version != 0x0304	Description
TRUE	evaluated 827 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1990 times by 1 test Evaluated by: libssl.so.1.1

827-1990

1559

|| is_tls13_capable(s))) {

is_tls13_capable(s)	Description
TRUE	evaluated 1990 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1990

1560

if (meth != NULL)

meth != ((void *)0)	Description
TRUE	evaluated 1574 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2157 times by 1 test Evaluated by: libssl.so.1.1

1574-2157

1561

*meth = vent->cmeth();

executed 1574 times by 1 test: *meth = vent->cmeth();

Executed by:

libssl.so.1.1

1574

1562

return 1;

executed 3731 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3731

1563 } -

1564

}

executed 3027 times by 1 test: end of block

Executed by:

libssl.so.1.1

3027

1565

return 0;

executed 2125 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2125

1566 } -

1567 -

1568 /* -

1569 * ssl_check_version_downgrade - In response to RFC7507 SCSV version -

1570 * fallback indication from a client check whether we're using the highest -

1571 * supported protocol version. -

1572 * -

1573 * @s server SSL handle. -

1574 * -

1575 * Returns 1 when using the highest enabled version, 0 otherwise. -

1576 */ -

1577 int ssl_check_version_downgrade(SSL *s) -

1578 { -

1579 const version_info *vent; -

1580 const version_info *table; -

1581 -

1582 /* -

1583 * Check that the current protocol is the highest enabled version -

1584 * (according to s->ctx->method, as version negotiation may have changed -

1585 * s->method). -

1586 */ -

1587

if (s->version == s->ctx->method->version)

s->version == ...ethod->version	Description
TRUE	never evaluated
FALSE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1

0-57

1588

return 1;

never executed: return 1;

1589 -

1590 /* -

1591 * Apparently we're using a version-flexible SSL_METHOD (not at its -

1592 * highest protocol version). -

1593 */ -

1594

if (s->ctx->method->version == TLS_method()->version)

s->ctx->method...hod()->version	Description
TRUE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-57

1595

table = tls_version_table;

executed 57 times by 1 test: table = tls_version_table;

Executed by:

libssl.so.1.1

1596

else if (s->ctx->method->version == DTLS_method()->version)

s->ctx->method...hod()->version	Description
TRUE	never evaluated
FALSE	never evaluated

1597

table = dtls_version_table;

never executed: table = dtls_version_table;

1598 else { -

1599 /* Unexpected state; fail closed. */ -

1600

return 0;

never executed: return 0;

1601 } -

1602 -

1603

for (vent = table; vent->version != 0; ++vent) {

vent->version != 0	Description
TRUE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-57

1604

if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)

vent->smeth != ((void *)0)	Description
TRUE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

ssl_method_err...>smeth()) == 0	Description
TRUE	evaluated 57 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-57

1605

return s->version == vent->version;

executed 57 times by 1 test: return s->version == vent->version;

Executed by:

libssl.so.1.1

1606

}

never executed: end of block

1607

return 0;

never executed: return 0;

1608 } -

1609 -

1610 /* -

1611 * ssl_set_version_bound - set an upper or lower bound on the supported (D)TLS -

1612 * protocols, provided the initial (D)TLS method is version-flexible. This -

1613 * function sanity-checks the proposed value and makes sure the method is -

1614 * version-flexible, then sets the limit if all is well. -

1615 * -

1616 * @method_version: The version of the current SSL_METHOD. -

1617 * @version: the intended limit. -

1618 * @bound: pointer to limit to be updated. -

1619 * -

1620 * Returns 1 on success, 0 on failure. -

1621 */ -

1622 int ssl_set_version_bound(int method_version, int version, int *bound) -

1623 { -

1624

if (version == 0) {

version == 0	Description
TRUE	evaluated 4115 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7703 times by 1 test Evaluated by: libssl.so.1.1

4115-7703

1625 *bound = version; -

1626

return 1;

executed 4115 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4115

1627 } -

1628 -

1629 /*- -

1630 * Restrict TLS methods to TLS protocol versions. -

1631 * Restrict DTLS methods to DTLS protocol versions. -

1632 * Note, DTLS version numbers are decreasing, use comparison macros. -

1633 * -

1634 * Note that for both lower-bounds we use explicit versions, not -

1635 * (D)TLS_MIN_VERSION. This is because we don't want to break user -

1636 * configurations. If the MIN (supported) version ever rises, the user's -

1637 * "floor" remains valid even if no longer available. We don't expect the -

1638 * MAX ceiling to ever get lower, so making that variable makes sense. -

1639 */ -

1640 switch (method_version) { -

1641

default:

never executed: default:

1642 /* -

1643 * XXX For fixed version methods, should we always fail and not set any -

1644 * bounds, always succeed and not set any bounds, or set the bounds and -

1645 * arrange to fail later if they are not met? At present fixed-version -

1646 * methods are not subject to controls that disable individual protocol -

1647 * versions. -

1648 */ -

1649

return 0;

never executed: return 0;

1650 -

1651

case TLS_ANY_VERSION:

executed 7095 times by 1 test: case 0x10000:

Executed by:

libssl.so.1.1

7095

1652

if (version < SSL3_VERSION || version > TLS_MAX_VERSION)

version < 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 7095 times by 1 test Evaluated by: libssl.so.1.1

version > 0x0304	Description
TRUE	never evaluated
FALSE	evaluated 7095 times by 1 test Evaluated by: libssl.so.1.1

0-7095

1653

return 0;

never executed: return 0;

1654

break;

executed 7095 times by 1 test: break;

Executed by:

libssl.so.1.1

7095

1655 -

1656

case DTLS_ANY_VERSION:

executed 608 times by 1 test: case 0x1FFFF:

Executed by:

libssl.so.1.1

608

1657

if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||

((version) == 0x0100)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 606 times by 1 test Evaluated by: libssl.so.1.1

((((version) =...0 : (0xFEFD)))	Description
TRUE	never evaluated
FALSE	evaluated 608 times by 1 test Evaluated by: libssl.so.1.1

0-608

1658

DTLS_VERSION_LT(version, DTLS1_BAD_VER))

((version) == 0x0100)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 606 times by 1 test Evaluated by: libssl.so.1.1

((((version) =...0 : (0x0100)))	Description
TRUE	never evaluated
FALSE	evaluated 608 times by 1 test Evaluated by: libssl.so.1.1

0-608

1659

return 0;

never executed: return 0;

1660

break;

executed 608 times by 1 test: break;

Executed by:

libssl.so.1.1

608

1661 } -

1662 -

1663 *bound = version; -

1664

return 1;

executed 7703 times by 1 test: return 1;

Executed by:

libssl.so.1.1

7703

1665 } -

1666 -

1667 static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) -

1668 { -

1669

if (vers == TLS1_2_VERSION

vers == 0x0303	Description
TRUE	evaluated 1213 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1841 times by 1 test Evaluated by: libssl.so.1.1

1213-1841

1670

&& ssl_version_supported(s, TLS1_3_VERSION, NULL)) {

ssl_version_su... ((void *)0) )	Description
TRUE	evaluated 904 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 309 times by 1 test Evaluated by: libssl.so.1.1

309-904

1671 *dgrd = DOWNGRADE_TO_1_2; -

1672

} else if (!SSL_IS_DTLS(s)

executed 904 times by 1 test: end of block

Executed by:

libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1973 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

177-1973

1673

&& vers < TLS1_2_VERSION

vers < 0x0303	Description
TRUE	evaluated 578 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1395 times by 1 test Evaluated by: libssl.so.1.1

578-1395

1674 /* -

1675 * We need to ensure that a server that disables TLSv1.2 -

1676 * (creating a hole between TLSv1.3 and TLSv1.1) can still -

1677 * complete handshakes with clients that support TLSv1.2 and -

1678 * below. Therefore we do not enable the sentinel if TLSv1.3 is -

1679 * enabled and TLSv1.2 is not. -

1680 */ -

1681

&& ssl_version_supported(s, TLS1_2_VERSION, NULL)) {

ssl_version_su... ((void *)0) )	Description
TRUE	evaluated 339 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 239 times by 1 test Evaluated by: libssl.so.1.1

239-339

1682 *dgrd = DOWNGRADE_TO_1_1; -

1683

} else {

executed 339 times by 1 test: end of block

Executed by:

libssl.so.1.1

339

1684 *dgrd = DOWNGRADE_NONE; -

1685

}

executed 1811 times by 1 test: end of block

Executed by:

libssl.so.1.1

1811

1686 } -

1687 -

1688 /* -

1689 * ssl_choose_server_version - Choose server (D)TLS version. Called when the -

1690 * client HELLO is received to select the final server protocol version and -

1691 * the version specific method. -

1692 * -

1693 * @s: server SSL handle. -

1694 * -

1695 * Returns 0 on success or an SSL error reason number on failure. -

1696 */ -

1697 int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) -

1698 { -

1699 /*- -

1700 * With version-flexible methods we have an initial state with: -

1701 * -

1702 * s->method->version == (D)TLS_ANY_VERSION, -

1703 * s->version == (D)TLS_MAX_VERSION. -

1704 * -

1705 * So we detect version-flexible methods via the method version, not the -

1706 * handle version. -

1707 */ -

1708 int server_version = s->method->version; -

1709 int client_version = hello->legacy_version; -

1710 const version_info *vent; -

1711 const version_info *table; -

1712 int disabled = 0; -

1713 RAW_EXTENSION *suppversions; -

1714 -

1715 s->client_version = client_version; -

1716 -

1717 switch (server_version) { -

1718

default:

executed 78 times by 1 test: default:

Executed by:

libssl.so.1.1

1719

if (!SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 78 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 65 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 65 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-78

1720

if (version_cmp(s, client_version, s->version) < 0)

version_cmp(s,...->version) < 0	Description
TRUE	never evaluated
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

0-13

1721

return SSL_R_WRONG_SSL_VERSION;

never executed: return 266;

1722 *dgrd = DOWNGRADE_NONE; -

1723 /* -

1724 * If this SSL handle is not from a version flexible method we don't -

1725 * (and never did) check min/max FIPS or Suite B constraints. Hope -

1726 * that's OK. It is up to the caller to not choose fixed protocol -

1727 * versions they don't want. If not, then easy to fix, just return -

1728 * ssl_method_error(s, s->method) -

1729 */ -

1730

return 0;

executed 13 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1731 } -

1732 /* -

1733 * Fall through if we are TLSv1.3 already (this means we must be after -

1734 * a HelloRetryRequest -

1735 */ -

1736 /* fall thru */ -

1737

case TLS_ANY_VERSION:

code before this statement executed 65 times by 1 test: case 0x10000:

Executed by:

libssl.so.1.1

executed 3385 times by 1 test: case 0x10000:

Executed by:

libssl.so.1.1

65-3385

1738 table = tls_version_table; -

1739

break;

executed 3450 times by 1 test: break;

Executed by:

libssl.so.1.1

3450

1740

case DTLS_ANY_VERSION:

executed 181 times by 1 test: case 0x1FFFF:

Executed by:

libssl.so.1.1

181

1741 table = dtls_version_table; -

1742

break;

executed 181 times by 1 test: break;

Executed by:

libssl.so.1.1

181

1743 } -

1744 -

1745 suppversions = &hello->pre_proc_exts[TLSEXT_IDX_supported_versions]; -

1746 -

1747 /* If we did an HRR then supported versions is mandatory */ -

1748

if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE)

!suppversions->present	Description
TRUE	evaluated 2210 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1421 times by 1 test Evaluated by: libssl.so.1.1

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2209 times by 1 test Evaluated by: libssl.so.1.1

1-2210

1749

return SSL_R_UNSUPPORTED_PROTOCOL;

executed 1 time by 1 test: return 258;

Executed by:

libssl.so.1.1

1750 -

1751

if (suppversions->present && !SSL_IS_DTLS(s)) {

suppversions->present	Description
TRUE	evaluated 1421 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2209 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1421 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2209

1752 unsigned int candidate_vers = 0; -

1753 unsigned int best_vers = 0; -

1754 const SSL_METHOD *best_method = NULL; -

1755 PACKET versionslist; -

1756 -

1757 suppversions->parsed = 1; -

1758 -

1759

if (!PACKET_as_length_prefixed_1(&suppversions->data, &versionslist)) {

!PACKET_as_len...&versionslist)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1417 times by 1 test Evaluated by: libssl.so.1.1

4-1417

1760 /* Trailing or invalid data? */ -

1761

return SSL_R_LENGTH_MISMATCH;

executed 4 times by 1 test: return 159;

Executed by:

libssl.so.1.1

1762 } -

1763 -

1764 /* -

1765 * The TLSv1.3 spec says the client MUST set this to TLS1_2_VERSION. -

1766 * The spec only requires servers to check that it isn't SSLv3: -

1767 * "Any endpoint receiving a Hello message with -

1768 * ClientHello.legacy_version or ServerHello.legacy_version set to -

1769 * 0x0300 MUST abort the handshake with a "protocol_version" alert." -

1770 * We are slightly stricter and require that it isn't SSLv3 or lower. -

1771 * We tolerate TLSv1 and TLSv1.1. -

1772 */ -

1773

if (client_version <= SSL3_VERSION)

client_version <= 0x0300	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1415 times by 1 test Evaluated by: libssl.so.1.1

2-1415

1774

return SSL_R_BAD_LEGACY_VERSION;

executed 2 times by 1 test: return 292;

Executed by:

libssl.so.1.1

1775 -

1776

while (PACKET_get_net_2(&versionslist, &candidate_vers)) {

PACKET_get_net...andidate_vers)	Description
TRUE	evaluated 6950 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1415 times by 1 test Evaluated by: libssl.so.1.1

1415-6950

1777

if (version_cmp(s, candidate_vers, best_vers) <= 0)

version_cmp(s,...est_vers) <= 0	Description
TRUE	evaluated 3318 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3632 times by 1 test Evaluated by: libssl.so.1.1

3318-3632

1778

continue;

executed 3318 times by 1 test: continue;

Executed by:

libssl.so.1.1

3318

1779

if (ssl_version_supported(s, candidate_vers, &best_method))

ssl_version_su... &best_method)	Description
TRUE	evaluated 1632 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2000 times by 1 test Evaluated by: libssl.so.1.1

1632-2000

1780

best_vers = candidate_vers;

executed 1632 times by 1 test: best_vers = candidate_vers;

Executed by:

libssl.so.1.1

1632

1781

}

executed 3632 times by 1 test: end of block

Executed by:

libssl.so.1.1

3632

1782

if (PACKET_remaining(&versionslist) != 0) {

PACKET_remaini...ionslist) != 0	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1393 times by 1 test Evaluated by: libssl.so.1.1

22-1393

1783 /* Trailing data? */ -

1784

return SSL_R_LENGTH_MISMATCH;

executed 22 times by 1 test: return 159;

Executed by:

libssl.so.1.1

1785 } -

1786 -

1787

if (best_vers > 0) {

best_vers > 0	Description
TRUE	evaluated 1340 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 53 times by 1 test Evaluated by: libssl.so.1.1

53-1340

1788

if (s->hello_retry_request != SSL_HRR_NONE) {

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 55 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1285 times by 1 test Evaluated by: libssl.so.1.1

55-1285

1789 /* -

1790 * This is after a HelloRetryRequest so we better check that we -

1791 * negotiated TLSv1.3 -

1792 */ -

1793

if (best_vers != TLS1_3_VERSION)

best_vers != 0x0304	Description
TRUE	never evaluated
FALSE	evaluated 55 times by 1 test Evaluated by: libssl.so.1.1

0-55

1794

return SSL_R_UNSUPPORTED_PROTOCOL;

never executed: return 258;

1795

return 0;

executed 55 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1796 } -

1797 check_for_downgrade(s, best_vers, dgrd); -

1798 s->version = best_vers; -

1799 s->method = best_method; -

1800

return 0;

executed 1285 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1285

1801 } -

1802

return SSL_R_UNSUPPORTED_PROTOCOL;

executed 53 times by 1 test: return 258;

Executed by:

libssl.so.1.1

1803 } -

1804 -

1805 /* -

1806 * If the supported versions extension isn't present, then the highest -

1807 * version we can negotiate is TLSv1.2 -

1808 */ -

1809

if (version_cmp(s, client_version, TLS1_3_VERSION) >= 0)

version_cmp(s,..., 0x0304) >= 0	Description
TRUE	evaluated 367 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1842 times by 1 test Evaluated by: libssl.so.1.1

367-1842

1810

client_version = TLS1_2_VERSION;

executed 367 times by 1 test: client_version = 0x0303;

Executed by:

libssl.so.1.1

367

1811 -

1812 /* -

1813 * No supported versions extension, so we just use the version supplied in -

1814 * the ClientHello. -

1815 */ -

1816

for (vent = table; vent->version != 0; ++vent) {

vent->version != 0	Description
TRUE	evaluated 6342 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 440 times by 1 test Evaluated by: libssl.so.1.1

440-6342

1817 const SSL_METHOD *method; -

1818 -

1819

if (vent->smeth == NULL ||

vent->smeth == ((void *)0)	Description
TRUE	evaluated 440 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5902 times by 1 test Evaluated by: libssl.so.1.1

440-5902

1820

version_cmp(s, client_version, vent->version) < 0)

version_cmp(s,...->version) < 0	Description
TRUE	evaluated 3931 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1971 times by 1 test Evaluated by: libssl.so.1.1

1971-3931

1821

continue;

executed 4371 times by 1 test: continue;

Executed by:

libssl.so.1.1

4371

1822 method = vent->smeth(); -

1823

if (ssl_method_error(s, method) == 0) {

ssl_method_err..., method) == 0	Description
TRUE	evaluated 1769 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 202 times by 1 test Evaluated by: libssl.so.1.1

202-1769

1824 check_for_downgrade(s, vent->version, dgrd); -

1825 s->version = vent->version; -

1826 s->method = method; -

1827

return 0;

executed 1769 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1769

1828 } -

1829 disabled = 1; -

1830

}

executed 202 times by 1 test: end of block

Executed by:

libssl.so.1.1

202

1831

return disabled ? SSL_R_UNSUPPORTED_PROTOCOL : SSL_R_VERSION_TOO_LOW;

executed 440 times by 1 test: return disabled ? 258 : 396;

Executed by:

libssl.so.1.1

disabled	Description
TRUE	evaluated 66 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 374 times by 1 test Evaluated by: libssl.so.1.1

66-440

1832 } -

1833 -

1834 /* -

1835 * ssl_choose_client_version - Choose client (D)TLS version. Called when the -

1836 * server HELLO is received to select the final client protocol version and -

1837 * the version specific method. -

1838 * -

1839 * @s: client SSL handle. -

1840 * @version: The proposed version from the server's HELLO. -

1841 * @extensions: The extensions received -

1842 * -

1843 * Returns 1 on success or 0 on error. -

1844 */ -

1845 int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) -

1846 { -

1847 const version_info *vent; -

1848 const version_info *table; -

1849 int ret, ver_min, ver_max, real_max, origv; -

1850 -

1851 origv = s->version; -

1852 s->version = version; -

1853 -

1854 /* This will overwrite s->version if the extension is present */ -

1855

if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions,

!tls_parse_ext...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3813 times by 1 test Evaluated by: libssl.so.1.1

3-3813

1856

SSL_EXT_TLS1_2_SERVER_HELLO

!tls_parse_ext...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3813 times by 1 test Evaluated by: libssl.so.1.1

3-3813

1857

| SSL_EXT_TLS1_3_SERVER_HELLO, extensions,

!tls_parse_ext...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3813 times by 1 test Evaluated by: libssl.so.1.1

3-3813

1858

NULL, 0)) {

!tls_parse_ext...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3813 times by 1 test Evaluated by: libssl.so.1.1

3-3813

1859 s->version = origv; -

1860

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1861 } -

1862 -

1863

if (s->hello_retry_request != SSL_HRR_NONE

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 33 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3780 times by 1 test Evaluated by: libssl.so.1.1

33-3780

1864

&& s->version != TLS1_3_VERSION) {

s->version != 0x0304	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

4-29

1865 s->version = origv; -

1866 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION, -

1867 SSL_R_WRONG_SSL_VERSION); -

1868

return 0;

executed 4 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1869 } -

1870 -

1871 switch (s->method->version) { -

1872

default:

executed 22 times by 1 test: default:

Executed by:

libssl.so.1.1

1873

if (s->version != s->method->version) {

s->version != ...ethod->version	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

1874 s->version = origv; -

1875 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, -

1876 SSL_F_SSL_CHOOSE_CLIENT_VERSION, -

1877 SSL_R_WRONG_SSL_VERSION); -

1878

return 0;

never executed: return 0;

1879 } -

1880 /* -

1881 * If this SSL handle is not from a version flexible method we don't -

1882 * (and never did) check min/max, FIPS or Suite B constraints. Hope -

1883 * that's OK. It is up to the caller to not choose fixed protocol -

1884 * versions they don't want. If not, then easy to fix, just return -

1885 * ssl_method_error(s, s->method) -

1886 */ -

1887

return 1;

executed 22 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1888

case TLS_ANY_VERSION:

executed 3609 times by 1 test: case 0x10000:

Executed by:

libssl.so.1.1

3609

1889 table = tls_version_table; -

1890

break;

executed 3609 times by 1 test: break;

Executed by:

libssl.so.1.1

3609

1891

case DTLS_ANY_VERSION:

executed 178 times by 1 test: case 0x1FFFF:

Executed by:

libssl.so.1.1

178

1892 table = dtls_version_table; -

1893

break;

executed 178 times by 1 test: break;

Executed by:

libssl.so.1.1

178

1894 } -

1895 -

1896 ret = ssl_get_min_max_version(s, &ver_min, &ver_max, &real_max); -

1897

if (ret != 0) {

ret != 0	Description
TRUE	never evaluated
FALSE	evaluated 3787 times by 1 test Evaluated by: libssl.so.1.1

0-3787

1898 s->version = origv; -

1899 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, -

1900 SSL_F_SSL_CHOOSE_CLIENT_VERSION, ret); -

1901

return 0;

never executed: return 0;

1902 } -

1903

if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)

(s->method->ss...sion < ver_min	Description
TRUE	evaluated 307 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3480 times by 1 test Evaluated by: libssl.so.1.1

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 178 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3609 times by 1 test Evaluated by: libssl.so.1.1

((s->version) == 0x0100)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 177 times by 1 test Evaluated by: libssl.so.1.1

1-3609

1904

: s->version < ver_min) {

(s->method->ss...sion < ver_min	Description
TRUE	evaluated 307 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3480 times by 1 test Evaluated by: libssl.so.1.1

307-3480

1905 s->version = origv; -

1906 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, -

1907 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); -

1908

return 0;

executed 307 times by 1 test: return 0;

Executed by:

libssl.so.1.1

307

1909

} else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)

(s->method->ss...sion > ver_max	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3479 times by 1 test Evaluated by: libssl.so.1.1

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 174 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3306 times by 1 test Evaluated by: libssl.so.1.1

((s->version) == 0x0100)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 173 times by 1 test Evaluated by: libssl.so.1.1

1-3479

1910

: s->version > ver_max) {

(s->method->ss...sion > ver_max	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3479 times by 1 test Evaluated by: libssl.so.1.1

1-3479

1911 s->version = origv; -

1912 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, -

1913 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); -

1914

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1915 } -

1916 -

1917

if ((s->mode & SSL_MODE_SEND_FALLBACK_SCSV) == 0)

(s->mode & 0x00000080U) == 0	Description
TRUE	evaluated 3478 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-3478

1918

real_max = ver_max;

executed 3478 times by 1 test: real_max = ver_max;

Executed by:

libssl.so.1.1

3478

1919 -

1920 /* Check for downgrades */ -

1921

if (s->version == TLS1_2_VERSION && real_max > s->version) {

s->version == 0x0303	Description
TRUE	evaluated 1994 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1485 times by 1 test Evaluated by: libssl.so.1.1

real_max > s->version	Description
TRUE	evaluated 1553 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 441 times by 1 test Evaluated by: libssl.so.1.1

441-1994

1922

if (memcmp(tls12downgrade,

memcmp(tls12do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1550 times by 1 test Evaluated by: libssl.so.1.1

3-1550

1923

s->s3->server_random + SSL3_RANDOM_SIZE

memcmp(tls12do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1550 times by 1 test Evaluated by: libssl.so.1.1

3-1550

1924

- sizeof(tls12downgrade),

memcmp(tls12do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1550 times by 1 test Evaluated by: libssl.so.1.1

3-1550

1925

sizeof(tls12downgrade)) == 0) {

memcmp(tls12do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1550 times by 1 test Evaluated by: libssl.so.1.1

3-1550

1926 s->version = origv; -

1927 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1928 SSL_F_SSL_CHOOSE_CLIENT_VERSION, -

1929 SSL_R_INAPPROPRIATE_FALLBACK); -

1930

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1931 } -

1932

} else if (!SSL_IS_DTLS(s)

executed 1550 times by 1 test: end of block

Executed by:

libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1752 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 174 times by 1 test Evaluated by: libssl.so.1.1

174-1752

1933

&& s->version < TLS1_2_VERSION

s->version < 0x0303	Description
TRUE	evaluated 672 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1080 times by 1 test Evaluated by: libssl.so.1.1

672-1080

1934

&& real_max > s->version) {

real_max > s->version	Description
TRUE	evaluated 457 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 215 times by 1 test Evaluated by: libssl.so.1.1

215-457

1935

if (memcmp(tls11downgrade,

memcmp(tls11do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 454 times by 1 test Evaluated by: libssl.so.1.1

3-454

1936

s->s3->server_random + SSL3_RANDOM_SIZE

memcmp(tls11do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 454 times by 1 test Evaluated by: libssl.so.1.1

3-454

1937

- sizeof(tls11downgrade),

memcmp(tls11do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 454 times by 1 test Evaluated by: libssl.so.1.1

3-454

1938

sizeof(tls11downgrade)) == 0) {

memcmp(tls11do...wngrade)) == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 454 times by 1 test Evaluated by: libssl.so.1.1

3-454

1939 s->version = origv; -

1940 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1941 SSL_F_SSL_CHOOSE_CLIENT_VERSION, -

1942 SSL_R_INAPPROPRIATE_FALLBACK); -

1943

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1944 } -

1945

}

executed 454 times by 1 test: end of block

Executed by:

libssl.so.1.1

454

1946 -

1947

for (vent = table; vent->version != 0; ++vent) {

vent->version != 0	Description
TRUE	evaluated 7188 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-7188

1948

if (vent->cmeth == NULL || s->version != vent->version)

vent->cmeth == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7188 times by 1 test Evaluated by: libssl.so.1.1

s->version != vent->version	Description
TRUE	evaluated 3715 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3473 times by 1 test Evaluated by: libssl.so.1.1

0-7188

1949

continue;

executed 3715 times by 1 test: continue;

Executed by:

libssl.so.1.1

3715

1950 -

1951 s->method = vent->cmeth(); -

1952

return 1;

executed 3473 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3473

1953 } -

1954 -

1955 s->version = origv; -

1956 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION, -

1957 SSL_R_UNSUPPORTED_PROTOCOL); -

1958

return 0;

never executed: return 0;

1959 } -

1960 -

1961 /* -

1962 * ssl_get_min_max_version - get minimum and maximum protocol version -

1963 * @s: The SSL connection -

1964 * @min_version: The minimum supported version -

1965 * @max_version: The maximum supported version -

1966 * @real_max: The highest version below the lowest compile time version hole -

1967 * where that hole lies above at least one run-time enabled -

1968 * protocol. -

1969 * -

1970 * Work out what version we should be using for the initial ClientHello if the -

1971 * version is initially (D)TLS_ANY_VERSION. We apply any explicit SSL_OP_NO_xxx -

1972 * options, the MinProtocol and MaxProtocol configuration commands, any Suite B -

1973 * constraints and any floor imposed by the security level here, -

1974 * so we don't advertise the wrong protocol version to only reject the outcome later. -

1975 * -

1976 * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled, -

1977 * TLS 1.1 is disabled, but the security level, Suite-B and/or MinProtocol -

1978 * only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1. -

1979 * -

1980 * Returns 0 on success or an SSL error reason number on failure. On failure -

1981 * min_version and max_version will also be set to 0. -

1982 */ -

1983 int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, -

1984 int *real_max) -

1985 { -

1986 int version, tmp_real_max; -

1987 int hole; -

1988 const SSL_METHOD *single = NULL; -

1989 const SSL_METHOD *method; -

1990 const version_info *table; -

1991 const version_info *vent; -

1992 -

1993 switch (s->method->version) { -

1994

default:

executed 102 times by 1 test: default:

Executed by:

libssl.so.1.1

102

1995 /* -

1996 * If this SSL handle is not from a version flexible method we don't -

1997 * (and never did) check min/max FIPS or Suite B constraints. Hope -

1998 * that's OK. It is up to the caller to not choose fixed protocol -

1999 * versions they don't want. If not, then easy to fix, just return -

2000 * ssl_method_error(s, s->method) -

2001 */ -

2002 *min_version = *max_version = s->version; -

2003 /* -

2004 * Providing a real_max only makes sense where we're using a version -

2005 * flexible method. -

2006 */ -

2007

if (!ossl_assert(real_max == NULL))

!((real_max ==...d *)0) ) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 102 times by 1 test Evaluated by: libssl.so.1.1

0-102

2008

return ERR_R_INTERNAL_ERROR;

never executed: return (4|64);

2009

return 0;

executed 102 times by 1 test: return 0;

Executed by:

libssl.so.1.1

102

2010

case TLS_ANY_VERSION:

executed 26130 times by 1 test: case 0x10000:

Executed by:

libssl.so.1.1

26130

2011 table = tls_version_table; -

2012

break;

executed 26130 times by 1 test: break;

Executed by:

libssl.so.1.1

26130

2013

case DTLS_ANY_VERSION:

executed 908 times by 1 test: case 0x1FFFF:

Executed by:

libssl.so.1.1

908

2014 table = dtls_version_table; -

2015

break;

executed 908 times by 1 test: break;

Executed by:

libssl.so.1.1

908

2016 } -

2017 -

2018 /* -

2019 * SSL_OP_NO_X disables all protocols above X *if* there are some protocols -

2020 * below X enabled. This is required in order to maintain the "version -

2021 * capability" vector contiguous. Any versions with a NULL client method -

2022 * (protocol version client is disabled at compile-time) is also a "hole". -

2023 * -

2024 * Our initial state is hole == 1, version == 0. That is, versions above -

2025 * the first version in the method table are disabled (a "hole" above -

2026 * the valid protocol entries) and we don't have a selected version yet. -

2027 * -

2028 * Whenever "hole == 1", and we hit an enabled method, its version becomes -

2029 * the selected version, and the method becomes a candidate "single" -

2030 * method. We're no longer in a hole, so "hole" becomes 0. -

2031 * -

2032 * If "hole == 0" and we hit an enabled method, then "single" is cleared, -

2033 * as we support a contiguous range of at least two methods. If we hit -

2034 * a disabled method, then hole becomes true again, but nothing else -

2035 * changes yet, because all the remaining methods may be disabled too. -

2036 * If we again hit an enabled method after the new hole, it becomes -

2037 * selected, as we start from scratch. -

2038 */ -

2039 *min_version = version = 0; -

2040 hole = 1; -

2041

if (real_max != NULL)

real_max != ((void *)0)	Description
TRUE	evaluated 3787 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23251 times by 1 test Evaluated by: libssl.so.1.1

3787-23251

2042

*real_max = 0;

executed 3787 times by 1 test: *real_max = 0;

Executed by:

libssl.so.1.1

3787

2043 tmp_real_max = 0; -

2044

for (vent = table; vent->version != 0; ++vent) {

vent->version != 0	Description
TRUE	evaluated 133374 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27038 times by 1 test Evaluated by: libssl.so.1.1

27038-133374

2045 /* -

2046 * A table entry with a NULL client method is still a hole in the -

2047 * "version capability" vector. -

2048 */ -

2049

if (vent->cmeth == NULL) {

vent->cmeth == ((void *)0)	Description
TRUE	evaluated 26130 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 107244 times by 1 test Evaluated by: libssl.so.1.1

26130-107244

2050 hole = 1; -

2051 tmp_real_max = 0; -

2052

continue;

executed 26130 times by 1 test: continue;

Executed by:

libssl.so.1.1

26130

2053 } -

2054 method = vent->cmeth(); -

2055 -

2056

if (hole == 1 && tmp_real_max == 0)

hole == 1	Description
TRUE	evaluated 37117 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 70127 times by 1 test Evaluated by: libssl.so.1.1

tmp_real_max == 0	Description
TRUE	evaluated 27038 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10079 times by 1 test Evaluated by: libssl.so.1.1

10079-70127

2057

tmp_real_max = vent->version;

executed 27038 times by 1 test: tmp_real_max = vent->version;

Executed by:

libssl.so.1.1

27038

2058 -

2059

if (ssl_method_error(s, method) != 0) {

ssl_method_err..., method) != 0	Description
TRUE	evaluated 13056 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 94188 times by 1 test Evaluated by: libssl.so.1.1

13056-94188

2060 hole = 1; -

2061

} else if (!hole) {

executed 13056 times by 1 test: end of block

Executed by:

libssl.so.1.1

!hole	Description
TRUE	evaluated 67244 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26944 times by 1 test Evaluated by: libssl.so.1.1

13056-67244

2062 single = NULL; -

2063 *min_version = method->version; -

2064

} else {

executed 67244 times by 1 test: end of block

Executed by:

libssl.so.1.1

67244

2065

if (real_max != NULL && tmp_real_max != 0)

real_max != ((void *)0)	Description
TRUE	evaluated 3788 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 23156 times by 1 test Evaluated by: libssl.so.1.1

tmp_real_max != 0	Description
TRUE	evaluated 3788 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-23156

2066

*real_max = tmp_real_max;

executed 3788 times by 1 test: *real_max = tmp_real_max;

Executed by:

libssl.so.1.1

3788

2067 version = (single = method)->version; -

2068 *min_version = version; -

2069 hole = 0; -

2070

}

executed 26944 times by 1 test: end of block

Executed by:

libssl.so.1.1

26944

2071 } -

2072 -

2073 *max_version = version; -

2074 -

2075 /* Fail if everything is disabled */ -

2076

if (version == 0)

version == 0	Description
TRUE	evaluated 100 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26938 times by 1 test Evaluated by: libssl.so.1.1

100-26938

2077

return SSL_R_NO_PROTOCOLS_AVAILABLE;

executed 100 times by 1 test: return 191;

Executed by:

libssl.so.1.1

100

2078 -

2079

return 0;

executed 26938 times by 1 test: return 0;

Executed by:

libssl.so.1.1

26938

2080 } -

2081 -

2082 /* -

2083 * ssl_set_client_hello_version - Work out what version we should be using for -

2084 * the initial ClientHello.legacy_version field. -

2085 * -

2086 * @s: client SSL handle. -

2087 * -

2088 * Returns 0 on success or an SSL error reason number on failure. -

2089 */ -

2090 int ssl_set_client_hello_version(SSL *s) -

2091 { -

2092 int ver_min, ver_max, ret; -

2093 -

2094 /* -

2095 * In a renegotiation we always send the same client_version that we sent -

2096 * last time, regardless of which version we eventually negotiated. -

2097 */ -

2098

if (!SSL_IS_FIRST_HANDSHAKE(s))

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 4968 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-4968

2099

return 0;

executed 24 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2100 -

2101 ret = ssl_get_min_max_version(s, &ver_min, &ver_max, NULL); -

2102 -

2103

if (ret != 0)

ret != 0	Description
TRUE	evaluated 52 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4916 times by 1 test Evaluated by: libssl.so.1.1

52-4916

2104

return ret;

executed 52 times by 1 test: return ret;

Executed by:

libssl.so.1.1

2105 -

2106 s->version = ver_max; -

2107 -

2108 /* TLS1.3 always uses TLS1.2 in the legacy_version field */ -

2109

if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 4733 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

ver_max > 0x0303	Description
TRUE	evaluated 3919 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 814 times by 1 test Evaluated by: libssl.so.1.1

183-4733

2110

ver_max = TLS1_2_VERSION;

executed 3919 times by 1 test: ver_max = 0x0303;

Executed by:

libssl.so.1.1

3919

2111 -

2112 s->client_version = ver_max; -

2113

return 0;

executed 4916 times by 1 test: return 0;

Executed by:

libssl.so.1.1

4916

2114 } -

2115 -

2116 /* -

2117 * Checks a list of |groups| to determine if the |group_id| is in it. If it is -

2118 * and |checkallow| is 1 then additionally check if the group is allowed to be -

2119 * used. Returns 1 if the group is in the list (and allowed if |checkallow| is -

2120 * 1) or 0 otherwise. -

2121 */ -

2122 #ifndef OPENSSL_NO_EC -

2123 int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, -

2124 size_t num_groups, int checkallow) -

2125 { -

2126 size_t i; -

2127 -

2128

if (groups == NULL || num_groups == 0)

groups == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2424 times by 1 test Evaluated by: libssl.so.1.1

num_groups == 0	Description
TRUE	never evaluated
FALSE	evaluated 2424 times by 1 test Evaluated by: libssl.so.1.1

0-2424

2129

return 0;

never executed: return 0;

2130 -

2131

for (i = 0; i < num_groups; i++) {

i < num_groups	Description
TRUE	evaluated 4840 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 280 times by 1 test Evaluated by: libssl.so.1.1

280-4840

2132 uint16_t group = groups[i]; -

2133 -

2134

if (group_id == group

group_id == group	Description
TRUE	evaluated 2144 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2696 times by 1 test Evaluated by: libssl.so.1.1

2144-2696

2135

&& (!checkallow

!checkallow	Description
TRUE	evaluated 1100 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1044 times by 1 test Evaluated by: libssl.so.1.1

1044-1100

2136

|| tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {

tls_curve_allo... \| (2 << 16)))	Description
TRUE	evaluated 1044 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1044

2137

return 1;

executed 2144 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2144

2138 } -

2139

}

executed 2696 times by 1 test: end of block

Executed by:

libssl.so.1.1

2696

2140 -

2141

return 0;

executed 280 times by 1 test: return 0;

Executed by:

libssl.so.1.1

280

2142 } -

2143 #endif -

2144 -

2145 /* Replace ClientHello1 in the transcript hash with a synthetic message */ -

2146 int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, -

2147 size_t hashlen, const unsigned char *hrr, -

2148 size_t hrrlen) -

2149 { -

2150 unsigned char hashvaltmp[EVP_MAX_MD_SIZE]; -

2151 unsigned char msghdr[SSL3_HM_HEADER_LENGTH]; -

2152 -

2153 memset(msghdr, 0, sizeof(msghdr)); -

2154 -

2155

if (hashval == NULL) {

hashval == ((void *)0)	Description
TRUE	evaluated 792 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-792

2156 hashval = hashvaltmp; -

2157 hashlen = 0; -

2158 /* Get the hash of the initial ClientHello */ -

2159

if (!ssl3_digest_cached_records(s, 0)

!ssl3_digest_c..._records(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 792 times by 1 test Evaluated by: libssl.so.1.1

0-792

2160

|| !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp),

!ssl_handshake...mp), &hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 792 times by 1 test Evaluated by: libssl.so.1.1

0-792

2161

&hashlen)) {

!ssl_handshake...mp), &hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 792 times by 1 test Evaluated by: libssl.so.1.1

0-792

2162 /* SSLfatal() already called */ -

2163

return 0;

never executed: return 0;

2164 } -

2165

}

executed 792 times by 1 test: end of block

Executed by:

libssl.so.1.1

792

2166 -

2167 /* Reinitialise the transcript hash */ -

2168

if (!ssl3_init_finished_mac(s)) {

!ssl3_init_finished_mac(s)	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

2169 /* SSLfatal() already called */ -

2170

return 0;

never executed: return 0;

2171 } -

2172 -

2173 /* Inject the synthetic message_hash message */ -

2174 msghdr[0] = SSL3_MT_MESSAGE_HASH; -

2175 msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen; -

2176

if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH)

!ssl3_finish_mac(s, msghdr, 4)	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

2177

|| !ssl3_finish_mac(s, hashval, hashlen)) {

!ssl3_finish_m...hval, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

2178 /* SSLfatal() already called */ -

2179

return 0;

never executed: return 0;

2180 } -

2181 -

2182 /* -

2183 * Now re-inject the HRR and current message if appropriate (we just deleted -

2184 * it when we reinitialised the transcript hash above). Only necessary after -

2185 * receiving a ClientHello2 with a cookie. -

2186 */ -

2187

if (hrr != NULL

hrr != ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 792 times by 1 test Evaluated by: libssl.so.1.1

1-792

2188

&& (!ssl3_finish_mac(s, hrr, hrrlen)

!ssl3_finish_m..., hrr, hrrlen)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

2189

|| !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,

!ssl3_finish_m...sage_size + 4)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

2190

s->s3->tmp.message_size

!ssl3_finish_m...sage_size + 4)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

2191

+ SSL3_HM_HEADER_LENGTH))) {

!ssl3_finish_m...sage_size + 4)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

2192 /* SSLfatal() already called */ -

2193

return 0;

never executed: return 0;

2194 } -

2195 -

2196

return 1;

executed 793 times by 1 test: return 1;

Executed by:

libssl.so.1.1

793

2197 } -

2198 -

2199 static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b) -

2200 { -

2201

return X509_NAME_cmp(*a, *b);

never executed: return X509_NAME_cmp(*a, *b);

2202 } -

2203 -

2204 int parse_ca_names(SSL *s, PACKET *pkt) -

2205 { -

2206 STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp); -

2207 X509_NAME *xn = NULL; -

2208 PACKET cadns; -

2209 -

2210

if (ca_sk == NULL) {

ca_sk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 115 times by 1 test Evaluated by: libssl.so.1.1

0-115

2211 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES, -

2212 ERR_R_MALLOC_FAILURE); -

2213

goto err;

never executed: goto err;

2214 } -

2215 /* get the CA RDNs */ -

2216

if (!PACKET_get_length_prefixed_2(pkt, &cadns)) {

!PACKET_get_le...2(pkt, &cadns)	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 67 times by 1 test Evaluated by: libssl.so.1.1

48-67

2217 SSLfatal(s, SSL_AD_DECODE_ERROR,SSL_F_PARSE_CA_NAMES, -

2218 SSL_R_LENGTH_MISMATCH); -

2219

goto err;

executed 48 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2220 } -

2221 -

2222

while (PACKET_remaining(&cadns)) {

PACKET_remaining(&cadns)	Description
TRUE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 51 times by 1 test Evaluated by: libssl.so.1.1

51-59

2223 const unsigned char *namestart, *namebytes; -

2224 unsigned int name_len; -

2225 -

2226

if (!PACKET_get_net_2(&cadns, &name_len)

!PACKET_get_ne...ns, &name_len)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 56 times by 1 test Evaluated by: libssl.so.1.1

3-56

2227

|| !PACKET_get_bytes(&cadns, &namebytes, name_len)) {

!PACKET_get_by...tes, name_len)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

6-50

2228 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES, -

2229 SSL_R_LENGTH_MISMATCH); -

2230

goto err;

executed 9 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2231 } -

2232 -

2233 namestart = namebytes; -

2234

if ((xn = d2i_X509_NAME(NULL, &namebytes, name_len)) == NULL) {

(xn = d2i_X509...== ((void *)0)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1

6-44

2235 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES, -

2236 ERR_R_ASN1_LIB); -

2237

goto err;

executed 6 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2238 } -

2239

if (namebytes != (namestart + name_len)) {

namebytes != (...rt + name_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

1-43

2240 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES, -

2241 SSL_R_CA_DN_LENGTH_MISMATCH); -

2242

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

2243 } -

2244 -

2245

if (!sk_X509_NAME_push(ca_sk, xn)) {

!sk_X509_NAME_push(ca_sk, xn)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2246 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES, -

2247 ERR_R_MALLOC_FAILURE); -

2248

goto err;

never executed: goto err;

2249 } -

2250 xn = NULL; -

2251

}

executed 43 times by 1 test: end of block

Executed by:

libssl.so.1.1

2252 -

2253 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); -

2254 s->s3->tmp.peer_ca_names = ca_sk; -

2255 -

2256

return 1;

executed 51 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2257 -

2258 err: -

2259 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); -

2260 X509_NAME_free(xn); -

2261

return 0;

executed 64 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2262 } -

2263 -

2264 int construct_ca_names(SSL *s, WPACKET *pkt) -

2265 { -

2266 const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s); -

2267 -

2268 /* Start sub-packet for client CA list */ -

2269

if (!WPACKET_start_sub_packet_u16(pkt)) {

!WPACKET_start...en__((pkt), 2)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

2270 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES, -

2271 ERR_R_INTERNAL_ERROR); -

2272

return 0;

never executed: return 0;

2273 } -

2274 -

2275

if (ca_sk != NULL) {

ca_sk != ((void *)0)	Description
TRUE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-40

2276 int i; -

2277 -

2278

for (i = 0; i < sk_X509_NAME_num(ca_sk); i++) {

i < sk_X509_NAME_num(ca_sk)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

10-40

2279 unsigned char *namebytes; -

2280 X509_NAME *name = sk_X509_NAME_value(ca_sk, i); -

2281 int namelen; -

2282 -

2283

if (name == NULL

name == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2284

|| (namelen = i2d_X509_NAME(name, NULL)) < 0

(namelen = i2d...id *)0) )) < 0	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2285

|| !WPACKET_sub_allocate_bytes_u16(pkt, namelen,

!WPACKET_sub_a...namebytes), 2)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2286 &namebytes) -

2287

|| i2d_X509_NAME(name, &namebytes) != namelen) {

i2d_X509_NAME(...es) != namelen	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2288 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES, -

2289 ERR_R_INTERNAL_ERROR); -

2290

return 0;

never executed: return 0;

2291 } -

2292

}

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

2293

}

executed 40 times by 1 test: end of block

Executed by:

libssl.so.1.1

2294 -

2295

if (!WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

2296 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES, -

2297 ERR_R_INTERNAL_ERROR); -

2298

return 0;

never executed: return 0;

2299 } -

2300 -

2301

return 1;

executed 40 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2302 } -

2303 -

2304 /* Create a buffer containing data to be signed for server key exchange */ -

2305 size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, -

2306 const void *param, size_t paramlen) -

2307 { -

2308 size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen; -

2309 unsigned char *tbs = OPENSSL_malloc(tbslen); -

2310 -

2311

if (tbs == NULL) {

tbs == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2344 times by 1 test Evaluated by: libssl.so.1.1

0-2344

2312 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, -

2313 ERR_R_MALLOC_FAILURE); -

2314

return 0;

never executed: return 0;

2315 } -

2316 memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE); -

2317 memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE); -

2318 -

2319 memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen); -

2320 -

2321 *ptbs = tbs; -

2322

return tbslen;

executed 2344 times by 1 test: return tbslen;

Executed by:

libssl.so.1.1

2344

2323 } -

2324 -

2325 /* -

2326 * Saves the current handshake digest for Post-Handshake Auth, -

2327 * Done after ClientFinished is processed, done exactly once -

2328 */ -

2329 int tls13_save_handshake_digest_for_pha(SSL *s) -

2330 { -

2331

if (s->pha_dgst == NULL) {

s->pha_dgst == ((void *)0)	Description
TRUE	evaluated 1138 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 47 times by 1 test Evaluated by: libssl.so.1.1

47-1138

2332

if (!ssl3_digest_cached_records(s, 1))

!ssl3_digest_c..._records(s, 1)	Description
TRUE	never evaluated
FALSE	evaluated 1138 times by 1 test Evaluated by: libssl.so.1.1

0-1138

2333 /* SSLfatal() already called */ -

2334

return 0;

never executed: return 0;

2335 -

2336 s->pha_dgst = EVP_MD_CTX_new(); -

2337

if (s->pha_dgst == NULL) {

s->pha_dgst == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1138 times by 1 test Evaluated by: libssl.so.1.1

0-1138

2338 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2339 SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, -

2340 ERR_R_INTERNAL_ERROR); -

2341

return 0;

never executed: return 0;

2342 } -

2343

if (!EVP_MD_CTX_copy_ex(s->pha_dgst,

!EVP_MD_CTX_co...andshake_dgst)	Description
TRUE	never evaluated
FALSE	evaluated 1138 times by 1 test Evaluated by: libssl.so.1.1

0-1138

2344

s->s3->handshake_dgst)) {

!EVP_MD_CTX_co...andshake_dgst)	Description
TRUE	never evaluated
FALSE	evaluated 1138 times by 1 test Evaluated by: libssl.so.1.1

0-1138

2345 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2346 SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, -

2347 ERR_R_INTERNAL_ERROR); -

2348

return 0;

never executed: return 0;

2349 } -

2350

}

executed 1138 times by 1 test: end of block

Executed by:

libssl.so.1.1

1138

2351

return 1;

executed 1185 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1185

2352 } -

2353 -

2354 /* -

2355 * Restores the Post-Handshake Auth handshake digest -

2356 * Done just before sending/processing the Cert Request -

2357 */ -

2358 int tls13_restore_handshake_digest_for_pha(SSL *s) -

2359 { -

2360

if (s->pha_dgst == NULL) {

s->pha_dgst == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 1 test Evaluated by: libssl.so.1.1

0-51

2361 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2362 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, -

2363 ERR_R_INTERNAL_ERROR); -

2364

return 0;

never executed: return 0;

2365 } -

2366

if (!EVP_MD_CTX_copy_ex(s->s3->handshake_dgst,

!EVP_MD_CTX_co..., s->pha_dgst)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 1 test Evaluated by: libssl.so.1.1

0-51

2367

s->pha_dgst)) {

!EVP_MD_CTX_co..., s->pha_dgst)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 1 test Evaluated by: libssl.so.1.1

0-51

2368 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2369 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, -

2370 ERR_R_INTERNAL_ERROR); -

2371

return 0;

never executed: return 0;

2372 } -

2373

return 1;

executed 51 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2374 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2