OpenCoverage

statem_clnt.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/statem/statem_clnt.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

5 * -

6 * Licensed under the OpenSSL license (the "License"). You may not use -

7 * this file except in compliance with the License. You can obtain a copy -

8 * in the file LICENSE in the source distribution or at -

9 * https://www.openssl.org/source/license.html -

10 */ -

11 -

12 #include <stdio.h> -

13 #include <time.h> -

14 #include <assert.h> -

15 #include "../ssl_locl.h" -

16 #include "statem_locl.h" -

17 #include <openssl/buffer.h> -

18 #include <openssl/rand.h> -

19 #include <openssl/objects.h> -

20 #include <openssl/evp.h> -

21 #include <openssl/md5.h> -

22 #include <openssl/dh.h> -

23 #include <openssl/bn.h> -

24 #include <openssl/engine.h> -

25 #include <internal/cryptlib.h> -

26 -

27 static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt); -

28 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt); -

29 -

30 static ossl_inline int cert_req_allowed(SSL *s); -

31 static int key_exchange_expected(SSL *s); -

32 static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, -

33 WPACKET *pkt); -

34 -

35 /* -

36 * Is a CertificateRequest message allowed at the moment or not? -

37 * -

38 * Return values are: -

39 * 1: Yes -

40 * 0: No -

41 */ -

42 static ossl_inline int cert_req_allowed(SSL *s) -

43 { -

44 /* TLS does not like anon-DH with client cert */ -

if ((s->version > SSL3_VERSION

s->version > 0x0300	Description
TRUE	evaluated 98 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-98

&& (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))

(s->s3->tmp.ne...& 0x00000004U)	Description
TRUE	never evaluated
FALSE	evaluated 98 times by 1 test Evaluated by: libssl.so.1.1

0-98

|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))

(s->s3->tmp.ne... 0x00000010U))	Description
TRUE	never evaluated
FALSE	evaluated 98 times by 1 test Evaluated by: libssl.so.1.1

0-98

return 0;

never executed: return 0;

49 -

return 1;

executed 98 times by 1 test: return 1;

Executed by:

libssl.so.1.1

51 } -

52 -

53 /* -

54 * Should we expect the ServerKeyExchange message or not? -

55 * -

56 * Return values are: -

57 * 1: Yes -

58 * 0: No -

59 */ -

60 static int key_exchange_expected(SSL *s) -

61 { -

62 long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -

63 -

64 /* -

65 * Can't skip server key exchange if this is an ephemeral -

66 * ciphersuite or for SRP -

67 */ -

if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK

alg_k & (0x000...\| 0x00000020U)	Description
TRUE	evaluated 1421 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 533 times by 1 test Evaluated by: libssl.so.1.1

533-1421

| SSL_kSRP)) {

alg_k & (0x000...\| 0x00000020U)	Description
TRUE	evaluated 1421 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 533 times by 1 test Evaluated by: libssl.so.1.1

533-1421

return 1;

executed 1421 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1421

71 } -

72 -

return 0;

executed 533 times by 1 test: return 0;

Executed by:

libssl.so.1.1

533

74 } -

75 -

76 /* -

77 * ossl_statem_client_read_transition() encapsulates the logic for the allowed -

78 * handshake state transitions when a TLS1.3 client is reading messages from the -

79 * server. The message type that the server has sent is provided in |mt|. The -

80 * current state is in |s->statem.hand_state|. -

81 * -

82 * Return values are 1 for success (transition allowed) and 0 on error -

83 * (transition not allowed) -

84 */ -

85 static int ossl_statem_client13_read_transition(SSL *s, int mt) -

86 { -

87 OSSL_STATEM *st = &s->statem; -

88 -

89 /* -

90 * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't -

91 * yet negotiated TLSv1.3 at that point so that is handled by -

92 * ossl_statem_client_read_transition() -

93 */ -

94 -

95 switch (st->hand_state) { -

default:

never executed: default:

break;

never executed: break;

98 -

case TLS_ST_CW_CLNT_HELLO:

never executed: case TLS_ST_CW_CLNT_HELLO:

100 /* -

101 * This must a ClientHello following a HelloRetryRequest, so the only -

102 * thing we can get now is a ServerHello. -

103 */ -

104

if (mt == SSL3_MT_SERVER_HELLO) {

mt == 2	Description
TRUE	never evaluated
FALSE	never evaluated

105 st->hand_state = TLS_ST_CR_SRVR_HELLO; -

106

return 1;

never executed: return 1;

107 } -

108

break;

never executed: break;

109 -

110

case TLS_ST_CR_SRVR_HELLO:

executed 586 times by 1 test: case TLS_ST_CR_SRVR_HELLO:

Executed by:

libssl.so.1.1

586

111

if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) {

mt == 8	Description
TRUE	evaluated 586 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-586

112 st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS; -

113

return 1;

executed 586 times by 1 test: return 1;

Executed by:

libssl.so.1.1

586

114 } -

115

break;

never executed: break;

116 -

117

case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

executed 583 times by 1 test: case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

Executed by:

libssl.so.1.1

583

118

if (s->hit) {

s->hit	Description
TRUE	evaluated 105 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 478 times by 1 test Evaluated by: libssl.so.1.1

105-478

119

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 105 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-105

120 st->hand_state = TLS_ST_CR_FINISHED; -

121

return 1;

executed 105 times by 1 test: return 1;

Executed by:

libssl.so.1.1

105

122 } -

123

} else {

never executed: end of block

124

if (mt == SSL3_MT_CERTIFICATE_REQUEST) {

mt == 13	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 459 times by 1 test Evaluated by: libssl.so.1.1

19-459

125 st->hand_state = TLS_ST_CR_CERT_REQ; -

126

return 1;

executed 19 times by 1 test: return 1;

Executed by:

libssl.so.1.1

127 } -

128

if (mt == SSL3_MT_CERTIFICATE) {

mt == 11	Description
TRUE	evaluated 459 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-459

129 st->hand_state = TLS_ST_CR_CERT; -

130

return 1;

executed 459 times by 1 test: return 1;

Executed by:

libssl.so.1.1

459

131 } -

132

}

never executed: end of block

133

break;

never executed: break;

134 -

135

case TLS_ST_CR_CERT_REQ:

executed 19 times by 1 test: case TLS_ST_CR_CERT_REQ:

Executed by:

libssl.so.1.1

136

if (mt == SSL3_MT_CERTIFICATE) {

mt == 11	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-19

137 st->hand_state = TLS_ST_CR_CERT; -

138

return 1;

executed 19 times by 1 test: return 1;

Executed by:

libssl.so.1.1

139 } -

140

break;

never executed: break;

141 -

142

case TLS_ST_CR_CERT:

executed 474 times by 1 test: case TLS_ST_CR_CERT:

Executed by:

libssl.so.1.1

474

143

if (mt == SSL3_MT_CERTIFICATE_VERIFY) {

mt == 15	Description
TRUE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-474

144 st->hand_state = TLS_ST_CR_CERT_VRFY; -

145

return 1;

executed 474 times by 1 test: return 1;

Executed by:

libssl.so.1.1

474

146 } -

147

break;

never executed: break;

148 -

149

case TLS_ST_CR_CERT_VRFY:

executed 471 times by 1 test: case TLS_ST_CR_CERT_VRFY:

Executed by:

libssl.so.1.1

471

150

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 471 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-471

151 st->hand_state = TLS_ST_CR_FINISHED; -

152

return 1;

executed 471 times by 1 test: return 1;

Executed by:

libssl.so.1.1

471

153 } -

154

break;

never executed: break;

155 -

156

case TLS_ST_OK:

executed 978 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

978

157

if (mt == SSL3_MT_NEWSESSION_TICKET) {

mt == 4	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1

31-947

158 st->hand_state = TLS_ST_CR_SESSION_TICKET; -

159

return 1;

executed 947 times by 1 test: return 1;

Executed by:

libssl.so.1.1

947

160 } -

161

if (mt == SSL3_MT_KEY_UPDATE) {

mt == 24	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

5-26

162 st->hand_state = TLS_ST_CR_KEY_UPDATE; -

163

return 1;

executed 5 times by 1 test: return 1;

Executed by:

libssl.so.1.1

164 } -

165

if (mt == SSL3_MT_CERTIFICATE_REQUEST) {

mt == 13	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-26

166 #if DTLS_MAX_VERSION != DTLS1_2_VERSION -

167 # error TODO(DTLS1.3): Restore digest for PHA before adding message. -

168 #endif -

169

if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->post_handsh...L_PHA_EXT_SENT	Description
TRUE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-26

170 s->post_handshake_auth = SSL_PHA_REQUESTED; -

171 /* -

172 * In TLS, this is called before the message is added to the -

173 * digest. In DTLS, this is expected to be called after adding -

174 * to the digest. Either move the digest restore, or add the -

175 * message here after the swap, or do it after the clientFinished? -

176 */ -

177

if (!tls13_restore_handshake_digest_for_pha(s)) {

!tls13_restore...est_for_pha(s)	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

0-25

178 /* SSLfatal() already called */ -

179

return 0;

never executed: return 0;

180 } -

181 st->hand_state = TLS_ST_CR_CERT_REQ; -

182

return 1;

executed 25 times by 1 test: return 1;

Executed by:

libssl.so.1.1

183 } -

184

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

185

break;

executed 1 time by 1 test: break;

Executed by:

libssl.so.1.1

186 } -

187 -

188 /* No valid transition found */ -

189

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

190 } -

191 -

192 /* -

193 * ossl_statem_client_read_transition() encapsulates the logic for the allowed -

194 * handshake state transitions when the client is reading messages from the -

195 * server. The message type that the server has sent is provided in |mt|. The -

196 * current state is in |s->statem.hand_state|. -

197 * -

198 * Return values are 1 for success (transition allowed) and 0 on error -

199 * (transition not allowed) -

200 */ -

201 int ossl_statem_client_read_transition(SSL *s, int mt) -

202 { -

203 OSSL_STATEM *st = &s->statem; -

204 int ske_expected; -

205 -

206 /* -

207 * Note that after writing the first ClientHello we don't know what version -

208 * we are going to negotiate yet, so we don't take this branch until later. -

209 */ -

210

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 15365 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1142 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 7553 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7812 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 3111 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4442 times by 1 test Evaluated by: libssl.so.1.1

1142-15365

211

if (!ossl_statem_client13_read_transition(s, mt))

!ossl_statem_c...nsition(s, mt)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3110 times by 1 test Evaluated by: libssl.so.1.1

1-3110

212

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

213

return 1;

executed 3110 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3110

214 } -

215 -

216 switch (st->hand_state) { -

217

default:

never executed: default:

218

break;

never executed: break;

219 -

220

case TLS_ST_CW_CLNT_HELLO:

executed 4600 times by 1 test: case TLS_ST_CW_CLNT_HELLO:

Executed by:

libssl.so.1.1

4600

221

if (mt == SSL3_MT_SERVER_HELLO) {

mt == 2	Description
TRUE	evaluated 4588 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

12-4588

222 st->hand_state = TLS_ST_CR_SRVR_HELLO; -

223

return 1;

executed 4588 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4588

224 } -

225 -

226

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

2-10

227

if (mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {

mt == 3	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

228 st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; -

229

return 1;

executed 1 time by 1 test: return 1;

Executed by:

libssl.so.1.1

230 } -

231

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

232

break;

executed 11 times by 1 test: break;

Executed by:

libssl.so.1.1

233 -

234

case TLS_ST_EARLY_DATA:

executed 44 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

235 /* -

236 * We've not actually selected TLSv1.3 yet, but we have sent early -

237 * data. The only thing allowed now is a ServerHello or a -

238 * HelloRetryRequest. -

239 */ -

240

if (mt == SSL3_MT_SERVER_HELLO) {

mt == 2	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-44

241 st->hand_state = TLS_ST_CR_SRVR_HELLO; -

242

return 1;

executed 44 times by 1 test: return 1;

Executed by:

libssl.so.1.1

243 } -

244

break;

never executed: break;

245 -

246

case TLS_ST_CR_SRVR_HELLO:

executed 2781 times by 1 test: case TLS_ST_CR_SRVR_HELLO:

Executed by:

libssl.so.1.1

2781

247

if (s->hit) {

s->hit	Description
TRUE	evaluated 63 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2718 times by 1 test Evaluated by: libssl.so.1.1

63-2718

248

if (s->ext.ticket_expected) {

s->ext.ticket_expected	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

4-59

249

if (mt == SSL3_MT_NEWSESSION_TICKET) {

mt == 4	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4

250 st->hand_state = TLS_ST_CR_SESSION_TICKET; -

251

return 1;

executed 4 times by 1 test: return 1;

Executed by:

libssl.so.1.1

252 } -

253

} else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

never executed: end of block

mt == 0x0101	Description
TRUE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-59

254 st->hand_state = TLS_ST_CR_CHANGE; -

255

return 1;

executed 59 times by 1 test: return 1;

Executed by:

libssl.so.1.1

256 } -

257

} else {

never executed: end of block

258

if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 166 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2552 times by 1 test Evaluated by: libssl.so.1.1

mt == 3	Description
TRUE	never evaluated
FALSE	evaluated 166 times by 1 test Evaluated by: libssl.so.1.1

0-2552

259 st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; -

260

return 1;

never executed: return 1;

261

} else if (s->version >= TLS1_VERSION

s->version >= 0x0301	Description
TRUE	evaluated 2718 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2718

262

&& s->ext.session_secret_cb != NULL

s->ext.session...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2718 times by 1 test Evaluated by: libssl.so.1.1

0-2718

263

&& s->session->ext.tick != NULL

s->session->ex...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

264

&& mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

mt == 0x0101	Description
TRUE	never evaluated
FALSE	never evaluated

265 /* -

266 * Normally, we can tell if the server is resuming the session -

267 * from the session ID. EAP-FAST (RFC 4851), however, relies on -

268 * the next server message after the ServerHello to determine if -

269 * the server is resuming. -

270 */ -

271 s->hit = 1; -

272 st->hand_state = TLS_ST_CR_CHANGE; -

273

return 1;

never executed: return 1;

274

} else if (!(s->s3->tmp.new_cipher->algorithm_auth

!(s->s3->tmp.n... 0x00000010U))	Description
TRUE	evaluated 2547 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 171 times by 1 test Evaluated by: libssl.so.1.1

171-2547

275

& (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {

!(s->s3->tmp.n... 0x00000010U))	Description
TRUE	evaluated 2547 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 171 times by 1 test Evaluated by: libssl.so.1.1

171-2547

276

if (mt == SSL3_MT_CERTIFICATE) {

mt == 11	Description
TRUE	evaluated 2546 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-2546

277 st->hand_state = TLS_ST_CR_CERT; -

278

return 1;

executed 2546 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2546

279 } -

280

} else {

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

281 ske_expected = key_exchange_expected(s); -

282 /* SKE is optional for some PSK ciphersuites */ -

283

if (ske_expected

ske_expected	Description
TRUE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

27-144

284

|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)

(s->s3->tmp.ne... 0x00000100U))	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-27

285

&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {

mt == 12	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

286

if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {

mt == 12	Description
TRUE	evaluated 143 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-143

287 st->hand_state = TLS_ST_CR_KEY_EXCH; -

288

return 1;

executed 143 times by 1 test: return 1;

Executed by:

libssl.so.1.1

143

289 } -

290

} else if (mt == SSL3_MT_CERTIFICATE_REQUEST

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

mt == 13	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

291

&& cert_req_allowed(s)) {

cert_req_allowed(s)	Description
TRUE	never evaluated
FALSE	never evaluated

292 st->hand_state = TLS_ST_CR_CERT_REQ; -

293

return 1;

never executed: return 1;

294

} else if (mt == SSL3_MT_SERVER_DONE) {

mt == 14	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-27

295 st->hand_state = TLS_ST_CR_SRVR_DONE; -

296

return 1;

executed 27 times by 1 test: return 1;

Executed by:

libssl.so.1.1

297 } -

298

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

299 } -

300

break;

executed 2 times by 1 test: break;

Executed by:

libssl.so.1.1

301 -

302

case TLS_ST_CR_CERT:

executed 1783 times by 1 test: case TLS_ST_CR_CERT:

Executed by:

libssl.so.1.1

1783

303 /* -

304 * The CertificateStatus message is optional even if -

305 * |ext.status_expected| is set -

306 */ -

307

if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {

s->ext.status_expected	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1777 times by 1 test Evaluated by: libssl.so.1.1

mt == 22	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-1777

308 st->hand_state = TLS_ST_CR_CERT_STATUS; -

309

return 1;

executed 5 times by 1 test: return 1;

Executed by:

libssl.so.1.1

310 } -

311 /* Fall through */ -

312 -

313

case TLS_ST_CR_CERT_STATUS:

code before this statement executed 1778 times by 1 test: case TLS_ST_CR_CERT_STATUS:

Executed by:

libssl.so.1.1

executed 5 times by 1 test: case TLS_ST_CR_CERT_STATUS:

Executed by:

libssl.so.1.1

5-1778

314 ske_expected = key_exchange_expected(s); -

315 /* SKE is optional for some PSK ciphersuites */ -

316

if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)

ske_expected	Description
TRUE	evaluated 1277 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 506 times by 1 test Evaluated by: libssl.so.1.1

(s->s3->tmp.ne... 0x00000100U))	Description
TRUE	never evaluated
FALSE	evaluated 506 times by 1 test Evaluated by: libssl.so.1.1

0-1277

317

&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {

mt == 12	Description
TRUE	never evaluated
FALSE	never evaluated

318

if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {

mt == 12	Description
TRUE	evaluated 1247 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 30 times by 1 test Evaluated by: libssl.so.1.1

30-1247

319 st->hand_state = TLS_ST_CR_KEY_EXCH; -

320

return 1;

executed 1247 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1247

321 } -

322

goto err;

executed 30 times by 1 test: goto err;

Executed by:

libssl.so.1.1

323 } -

324 /* Fall through */ -

325 -

326

case TLS_ST_CR_KEY_EXCH:

code before this statement executed 506 times by 1 test: case TLS_ST_CR_KEY_EXCH:

Executed by:

libssl.so.1.1

executed 958 times by 1 test: case TLS_ST_CR_KEY_EXCH:

Executed by:

libssl.so.1.1

506-958

327

if (mt == SSL3_MT_CERTIFICATE_REQUEST) {

mt == 13	Description
TRUE	evaluated 98 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1366 times by 1 test Evaluated by: libssl.so.1.1

98-1366

328

if (cert_req_allowed(s)) {

cert_req_allowed(s)	Description
TRUE	evaluated 98 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-98

329 st->hand_state = TLS_ST_CR_CERT_REQ; -

330

return 1;

executed 98 times by 1 test: return 1;

Executed by:

libssl.so.1.1

331 } -

332

goto err;

never executed: goto err;

333 } -

334 /* Fall through */ -

335 -

336

case TLS_ST_CR_CERT_REQ:

code before this statement executed 1366 times by 1 test: case TLS_ST_CR_CERT_REQ:

Executed by:

libssl.so.1.1

executed 40 times by 1 test: case TLS_ST_CR_CERT_REQ:

Executed by:

libssl.so.1.1

40-1366

337

if (mt == SSL3_MT_SERVER_DONE) {

mt == 14	Description
TRUE	evaluated 1401 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-1401

338 st->hand_state = TLS_ST_CR_SRVR_DONE; -

339

return 1;

executed 1401 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1401

340 } -

341

break;

executed 5 times by 1 test: break;

Executed by:

libssl.so.1.1

342 -

343

case TLS_ST_CW_FINISHED:

executed 1200 times by 1 test: case TLS_ST_CW_FINISHED:

Executed by:

libssl.so.1.1

1200

344

if (s->ext.ticket_expected) {

s->ext.ticket_expected	Description
TRUE	evaluated 926 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 274 times by 1 test Evaluated by: libssl.so.1.1

274-926

345

if (mt == SSL3_MT_NEWSESSION_TICKET) {

mt == 4	Description
TRUE	evaluated 922 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

4-922

346 st->hand_state = TLS_ST_CR_SESSION_TICKET; -

347

return 1;

executed 922 times by 1 test: return 1;

Executed by:

libssl.so.1.1

922

348 } -

349

} else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

executed 4 times by 1 test: end of block

Executed by:

libssl.so.1.1

mt == 0x0101	Description
TRUE	evaluated 273 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-273

350 st->hand_state = TLS_ST_CR_CHANGE; -

351

return 1;

executed 273 times by 1 test: return 1;

Executed by:

libssl.so.1.1

273

352 } -

353

break;

executed 5 times by 1 test: break;

Executed by:

libssl.so.1.1

354 -

355

case TLS_ST_CR_SESSION_TICKET:

executed 921 times by 1 test: case TLS_ST_CR_SESSION_TICKET:

Executed by:

libssl.so.1.1

921

356

if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

mt == 0x0101	Description
TRUE	evaluated 920 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-920

357 st->hand_state = TLS_ST_CR_CHANGE; -

358

return 1;

executed 920 times by 1 test: return 1;

Executed by:

libssl.so.1.1

920

359 } -

360

break;

executed 1 time by 1 test: break;

Executed by:

libssl.so.1.1

361 -

362

case TLS_ST_CR_CHANGE:

executed 1056 times by 1 test: case TLS_ST_CR_CHANGE:

Executed by:

libssl.so.1.1

1056

363

if (mt == SSL3_MT_FINISHED) {

mt == 20	Description
TRUE	evaluated 1050 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1

6-1050

364 st->hand_state = TLS_ST_CR_FINISHED; -

365

return 1;

executed 1050 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1050

366 } -

367

break;

executed 6 times by 1 test: break;

Executed by:

libssl.so.1.1

368 -

369

case TLS_ST_OK:

executed 8 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

370

if (mt == SSL3_MT_HELLO_REQUEST) {

mt == 0	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-8

371 st->hand_state = TLS_ST_CR_HELLO_REQ; -

372

return 1;

executed 8 times by 1 test: return 1;

Executed by:

libssl.so.1.1

373 } -

374

break;

never executed: break;

375 } -

376 -

377

err:

code before this statement executed 30 times by 1 test: err:

Executed by:

libssl.so.1.1

378 /* No valid transition found */ -

379

if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 59 times by 1 test Evaluated by: libssl.so.1.1

mt == 0x0101	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-59

380 BIO *rbio; -

381 -

382 /* -

383 * CCS messages don't have a message sequence number so this is probably -

384 * because of an out-of-order CCS. We'll just drop it. -

385 */ -

386 s->init_num = 0; -

387 s->rwstate = SSL_READING; -

388 rbio = SSL_get_rbio(s); -

389 BIO_clear_retry_flags(rbio); -

390 BIO_set_retry_read(rbio); -

391

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

392 } -

393 SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE, -

394 SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, -

395 SSL_R_UNEXPECTED_MESSAGE); -

396

return 0;

executed 59 times by 1 test: return 0;

Executed by:

libssl.so.1.1

397 } -

398 -

399 /* -

400 * ossl_statem_client13_write_transition() works out what handshake state to -

401 * move to next when the TLSv1.3 client is writing messages to be sent to the -

402 * server. -

403 */ -

404 static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) -

405 { -

406 OSSL_STATEM *st = &s->statem; -

407 -

408 /* -

409 * Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated -

410 * TLSv1.3 yet at that point. They are handled by -

411 * ossl_statem_client_write_transition(). -

412 */ -

413 switch (st->hand_state) { -

414

default:

never executed: default:

415 /* Shouldn't happen */ -

416 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

417 SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, -

418 ERR_R_INTERNAL_ERROR); -

419

return WRITE_TRAN_ERROR;

never executed: return WRITE_TRAN_ERROR;

420 -

421

case TLS_ST_CR_CERT_REQ:

executed 25 times by 1 test: case TLS_ST_CR_CERT_REQ:

Executed by:

libssl.so.1.1

422

if (s->post_handshake_auth == SSL_PHA_REQUESTED) {

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-25

423 st->hand_state = TLS_ST_CW_CERT; -

424

return WRITE_TRAN_CONTINUE;

executed 25 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

425 } -

426 /* -

427 * We should only get here if we received a CertificateRequest after -

428 * we already sent close_notify -

429 */ -

430

if (!ossl_assert((s->shutdown & SSL_SENT_SHUTDOWN) != 0)) {

!(((s->shutdow...1) != 0) != 0)	Description
TRUE	never evaluated
FALSE	never evaluated

431 /* Shouldn't happen - same as default case */ -

432 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

433 SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, -

434 ERR_R_INTERNAL_ERROR); -

435

return WRITE_TRAN_ERROR;

never executed: return WRITE_TRAN_ERROR;

436 } -

437 st->hand_state = TLS_ST_OK; -

438

return WRITE_TRAN_CONTINUE;

never executed: return WRITE_TRAN_CONTINUE;

439 -

440

case TLS_ST_CR_FINISHED:

executed 573 times by 1 test: case TLS_ST_CR_FINISHED:

Executed by:

libssl.so.1.1

573

441

if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY

s->early_data_...TA_WRITE_RETRY	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 570 times by 1 test Evaluated by: libssl.so.1.1

3-570

442

|| s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING)

s->early_data_...NISHED_WRITING	Description
TRUE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 533 times by 1 test Evaluated by: libssl.so.1.1

37-533

443

st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;

executed 40 times by 1 test: st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;

Executed by:

libssl.so.1.1

444

else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0

(s->options & ...0100000U) != 0	Description
TRUE	evaluated 528 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

5-528

445

&& s->hello_retry_request == SSL_HRR_NONE)

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 511 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1

17-511

446

st->hand_state = TLS_ST_CW_CHANGE;

executed 511 times by 1 test: st->hand_state = TLS_ST_CW_CHANGE;

Executed by:

libssl.so.1.1

511

447 else -

448

st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT

executed 22 times by 1 test: st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT : TLS_ST_CW_FINISHED;

Executed by:

libssl.so.1.1

(s->s3->tmp.cert_req != 0)	Description
TRUE	never evaluated
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

0-22

449

: TLS_ST_CW_FINISHED;

executed 22 times by 1 test: st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT : TLS_ST_CW_FINISHED;

Executed by:

libssl.so.1.1

450

return WRITE_TRAN_CONTINUE;

executed 573 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

573

451 -

452

case TLS_ST_PENDING_EARLY_DATA_END:

executed 40 times by 1 test: case TLS_ST_PENDING_EARLY_DATA_END:

Executed by:

libssl.so.1.1

453

if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {

s->ext.early_data == 2	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1

18-22

454 st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA; -

455

return WRITE_TRAN_CONTINUE;

executed 18 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

456 } -

457 /* Fall through */ -

458 -

459

case TLS_ST_CW_END_OF_EARLY_DATA:

code before this statement executed 22 times by 1 test: case TLS_ST_CW_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

executed 18 times by 1 test: case TLS_ST_CW_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

18-22

460

case TLS_ST_CW_CHANGE:

executed 511 times by 1 test: case TLS_ST_CW_CHANGE:

Executed by:

libssl.so.1.1

511

461

st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT

(s->s3->tmp.cert_req != 0)	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 532 times by 1 test Evaluated by: libssl.so.1.1

19-532

462 : TLS_ST_CW_FINISHED; -

463

return WRITE_TRAN_CONTINUE;

executed 551 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

551

464 -

465

case TLS_ST_CW_CERT:

executed 44 times by 1 test: case TLS_ST_CW_CERT:

Executed by:

libssl.so.1.1

466 /* If a non-empty Certificate we also send CertificateVerify */ -

467

st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY

(s->s3->tmp.cert_req == 1)	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

18-26

468 : TLS_ST_CW_FINISHED; -

469

return WRITE_TRAN_CONTINUE;

executed 44 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

470 -

471

case TLS_ST_CW_CERT_VRFY:

executed 18 times by 1 test: case TLS_ST_CW_CERT_VRFY:

Executed by:

libssl.so.1.1

472 st->hand_state = TLS_ST_CW_FINISHED; -

473

return WRITE_TRAN_CONTINUE;

executed 18 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

474 -

475

case TLS_ST_CR_KEY_UPDATE:

executed 4 times by 1 test: case TLS_ST_CR_KEY_UPDATE:

Executed by:

libssl.so.1.1

476

if (s->key_update != SSL_KEY_UPDATE_NONE) {

s->key_update != -1	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

1-3

477 st->hand_state = TLS_ST_CW_KEY_UPDATE; -

478

return WRITE_TRAN_CONTINUE;

executed 1 time by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

479 } -

480 /* Fall through */ -

481 -

482

case TLS_ST_CW_KEY_UPDATE:

code before this statement executed 3 times by 1 test: case TLS_ST_CW_KEY_UPDATE:

Executed by:

libssl.so.1.1

executed 4 times by 1 test: case TLS_ST_CW_KEY_UPDATE:

Executed by:

libssl.so.1.1

3-4

483

case TLS_ST_CR_SESSION_TICKET:

executed 947 times by 1 test: case TLS_ST_CR_SESSION_TICKET:

Executed by:

libssl.so.1.1

947

484

case TLS_ST_CW_FINISHED:

executed 598 times by 1 test: case TLS_ST_CW_FINISHED:

Executed by:

libssl.so.1.1

598

485 st->hand_state = TLS_ST_OK; -

486

return WRITE_TRAN_CONTINUE;

executed 1552 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1552

487 -

488

case TLS_ST_OK:

executed 981 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

981

489

if (s->key_update != SSL_KEY_UPDATE_NONE) {

s->key_update != -1	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 978 times by 1 test Evaluated by: libssl.so.1.1

3-978

490 st->hand_state = TLS_ST_CW_KEY_UPDATE; -

491

return WRITE_TRAN_CONTINUE;

executed 3 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

492 } -

493 -

494 /* Try to read from the server instead */ -

495

return WRITE_TRAN_FINISHED;

executed 978 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

978

496 } -

497 } -

498 -

499 /* -

500 * ossl_statem_client_write_transition() works out what handshake state to -

501 * move to next when the client is writing messages to be sent to the server. -

502 */ -

503 WRITE_TRAN ossl_statem_client_write_transition(SSL *s) -

504 { -

505 OSSL_STATEM *st = &s->statem; -

506 -

507 /* -

508 * Note that immediately before/after a ClientHello we don't know what -

509 * version we are going to negotiate yet, so we don't take this branch until -

510 * later -

511 */ -

512

if (SSL_IS_TLS13(s))

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 20040 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1281 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 14036 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6004 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 3763 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10273 times by 1 test Evaluated by: libssl.so.1.1

1281-20040

513

return ossl_statem_client13_write_transition(s);

executed 3763 times by 1 test: return ossl_statem_client13_write_transition(s);

Executed by:

libssl.so.1.1

3763

514 -

515 switch (st->hand_state) { -

516

default:

never executed: default:

517 /* Shouldn't happen */ -

518 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

519 SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION, -

520 ERR_R_INTERNAL_ERROR); -

521

return WRITE_TRAN_ERROR;

never executed: return WRITE_TRAN_ERROR;

522 -

523

case TLS_ST_OK:

executed 25 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

524

if (!s->renegotiate) {

!s->renegotiate	Description
TRUE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1

8-17

525 /* -

526 * We haven't requested a renegotiation ourselves so we must have -

527 * received a message from the server. Better read it. -

528 */ -

529

return WRITE_TRAN_FINISHED;

executed 8 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

530 } -

531 /* Renegotiation */ -

532 /* fall thru */ -

533

case TLS_ST_BEFORE:

code before this statement executed 17 times by 1 test: case TLS_ST_BEFORE:

Executed by:

libssl.so.1.1

executed 4289 times by 1 test: case TLS_ST_BEFORE:

Executed by:

libssl.so.1.1

17-4289

534 st->hand_state = TLS_ST_CW_CLNT_HELLO; -

535

return WRITE_TRAN_CONTINUE;

executed 4306 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

4306

536 -

537

case TLS_ST_CW_CLNT_HELLO:

executed 4936 times by 1 test: case TLS_ST_CW_CLNT_HELLO:

Executed by:

libssl.so.1.1

4936

538

if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {

s->early_data_...ATA_CONNECTING	Description
TRUE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4886 times by 1 test Evaluated by: libssl.so.1.1

50-4886

539 /* -

540 * We are assuming this is a TLSv1.3 connection, although we haven't -

541 * actually selected a version yet. -

542 */ -

543

if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)

(s->options & ...0100000U) != 0	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

2-48

544

st->hand_state = TLS_ST_CW_CHANGE;

executed 48 times by 1 test: st->hand_state = TLS_ST_CW_CHANGE;

Executed by:

libssl.so.1.1

545 else -

546

st->hand_state = TLS_ST_EARLY_DATA;

executed 2 times by 1 test: st->hand_state = TLS_ST_EARLY_DATA;

Executed by:

libssl.so.1.1

547

return WRITE_TRAN_CONTINUE;

executed 50 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

548 } -

549 /* -

550 * No transition at the end of writing because we don't know what -

551 * we will be sent -

552 */ -

553

return WRITE_TRAN_FINISHED;

executed 4886 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

4886

554 -

555

case TLS_ST_CR_SRVR_HELLO:

executed 678 times by 1 test: case TLS_ST_CR_SRVR_HELLO:

Executed by:

libssl.so.1.1

678

556 /* -

557 * We only get here in TLSv1.3. We just received an HRR, so issue a -

558 * CCS unless middlebox compat mode is off, or we already issued one -

559 * because we did early data. -

560 */ -

561

if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0

(s->options & ...0100000U) != 0	Description
TRUE	evaluated 675 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-675

562

&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)

s->early_data_...NISHED_WRITING	Description
TRUE	evaluated 667 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

8-667

563

st->hand_state = TLS_ST_CW_CHANGE;

executed 667 times by 1 test: st->hand_state = TLS_ST_CW_CHANGE;

Executed by:

libssl.so.1.1

667

564 else -

565

st->hand_state = TLS_ST_CW_CLNT_HELLO;

executed 11 times by 1 test: st->hand_state = TLS_ST_CW_CLNT_HELLO;

Executed by:

libssl.so.1.1

566

return WRITE_TRAN_CONTINUE;

executed 678 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

678

567 -

568

case TLS_ST_EARLY_DATA:

executed 44 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

569

return WRITE_TRAN_FINISHED;

executed 44 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

570 -

571

case DTLS_ST_CR_HELLO_VERIFY_REQUEST:

executed 1 time by 1 test: case DTLS_ST_CR_HELLO_VERIFY_REQUEST:

Executed by:

libssl.so.1.1

572 st->hand_state = TLS_ST_CW_CLNT_HELLO; -

573

return WRITE_TRAN_CONTINUE;

executed 1 time by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

574 -

575

case TLS_ST_CR_SRVR_DONE:

executed 1426 times by 1 test: case TLS_ST_CR_SRVR_DONE:

Executed by:

libssl.so.1.1

1426

576

if (s->s3->tmp.cert_req)

s->s3->tmp.cert_req	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1387 times by 1 test Evaluated by: libssl.so.1.1

39-1387

577

st->hand_state = TLS_ST_CW_CERT;

executed 39 times by 1 test: st->hand_state = TLS_ST_CW_CERT;

Executed by:

libssl.so.1.1

578 else -

579

st->hand_state = TLS_ST_CW_KEY_EXCH;

executed 1387 times by 1 test: st->hand_state = TLS_ST_CW_KEY_EXCH;

Executed by:

libssl.so.1.1

1387

580

return WRITE_TRAN_CONTINUE;

executed 1426 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1426

581 -

582

case TLS_ST_CW_CERT:

executed 39 times by 1 test: case TLS_ST_CW_CERT:

Executed by:

libssl.so.1.1

583 st->hand_state = TLS_ST_CW_KEY_EXCH; -

584

return WRITE_TRAN_CONTINUE;

executed 39 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

585 -

586

case TLS_ST_CW_KEY_EXCH:

executed 1393 times by 1 test: case TLS_ST_CW_KEY_EXCH:

Executed by:

libssl.so.1.1

1393

587 /* -

588 * For TLS, cert_req is set to 2, so a cert chain of nothing is -

589 * sent, but no verify packet is sent -

590 */ -

591 /* -

592 * XXX: For now, we do not support client authentication in ECDH -

593 * cipher suites with ECDH (rather than ECDSA) certificates. We -

594 * need to skip the certificate verify message when client's -

595 * ECDH public key is sent inside the client certificate. -

596 */ -

597

if (s->s3->tmp.cert_req == 1) {

s->s3->tmp.cert_req == 1	Description
TRUE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1368 times by 1 test Evaluated by: libssl.so.1.1

25-1368

598 st->hand_state = TLS_ST_CW_CERT_VRFY; -

599

} else {

executed 25 times by 1 test: end of block

Executed by:

libssl.so.1.1

600 st->hand_state = TLS_ST_CW_CHANGE; -

601

}

executed 1368 times by 1 test: end of block

Executed by:

libssl.so.1.1

1368

602

if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {

s->s3->flags & 0x0010	Description
TRUE	never evaluated
FALSE	evaluated 1393 times by 1 test Evaluated by: libssl.so.1.1

0-1393

603 st->hand_state = TLS_ST_CW_CHANGE; -

604

}

never executed: end of block

605

return WRITE_TRAN_CONTINUE;

executed 1393 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

1393

606 -

607

case TLS_ST_CW_CERT_VRFY:

executed 25 times by 1 test: case TLS_ST_CW_CERT_VRFY:

Executed by:

libssl.so.1.1

608 st->hand_state = TLS_ST_CW_CHANGE; -

609

return WRITE_TRAN_CONTINUE;

executed 25 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

610 -

611

case TLS_ST_CW_CHANGE:

executed 2171 times by 1 test: case TLS_ST_CW_CHANGE:

Executed by:

libssl.so.1.1

2171

612

if (s->hello_retry_request == SSL_HRR_PENDING) {

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 667 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1504 times by 1 test Evaluated by: libssl.so.1.1

667-1504

613 st->hand_state = TLS_ST_CW_CLNT_HELLO; -

614

} else if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {

executed 667 times by 1 test: end of block

Executed by:

libssl.so.1.1

s->early_data_...ATA_CONNECTING	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1456 times by 1 test Evaluated by: libssl.so.1.1

48-1456

615 st->hand_state = TLS_ST_EARLY_DATA; -

616

} else {

executed 48 times by 1 test: end of block

Executed by:

libssl.so.1.1

617 #if defined(OPENSSL_NO_NEXTPROTONEG) -

618 st->hand_state = TLS_ST_CW_FINISHED; -

619 #else -

620

if (!SSL_IS_DTLS(s) && s->s3->npn_seen)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1274 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 182 times by 1 test Evaluated by: libssl.so.1.1

s->s3->npn_seen	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1253 times by 1 test Evaluated by: libssl.so.1.1

21-1274

621

st->hand_state = TLS_ST_CW_NEXT_PROTO;

executed 21 times by 1 test: st->hand_state = TLS_ST_CW_NEXT_PROTO;

Executed by:

libssl.so.1.1

622 else -

623

st->hand_state = TLS_ST_CW_FINISHED;

executed 1435 times by 1 test: st->hand_state = TLS_ST_CW_FINISHED;

Executed by:

libssl.so.1.1

1435

624 #endif -

625 } -

626

return WRITE_TRAN_CONTINUE;

executed 2171 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

2171

627 -

628 #if !defined(OPENSSL_NO_NEXTPROTONEG) -

629

case TLS_ST_CW_NEXT_PROTO:

executed 21 times by 1 test: case TLS_ST_CW_NEXT_PROTO:

Executed by:

libssl.so.1.1

630 st->hand_state = TLS_ST_CW_FINISHED; -

631

return WRITE_TRAN_CONTINUE;

executed 21 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

632 #endif -

633 -

634

case TLS_ST_CW_FINISHED:

executed 1456 times by 1 test: case TLS_ST_CW_FINISHED:

Executed by:

libssl.so.1.1

1456

635

if (s->hit) {

s->hit	Description
TRUE	evaluated 63 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1393 times by 1 test Evaluated by: libssl.so.1.1

63-1393

636 st->hand_state = TLS_ST_OK; -

637

return WRITE_TRAN_CONTINUE;

executed 63 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

638 } else { -

639

return WRITE_TRAN_FINISHED;

executed 1393 times by 1 test: return WRITE_TRAN_FINISHED;

Executed by:

libssl.so.1.1

1393

640 } -

641 -

642

case TLS_ST_CR_FINISHED:

executed 1046 times by 1 test: case TLS_ST_CR_FINISHED:

Executed by:

libssl.so.1.1

1046

643

if (s->hit) {

s->hit	Description
TRUE	evaluated 63 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 983 times by 1 test Evaluated by: libssl.so.1.1

63-983

644 st->hand_state = TLS_ST_CW_CHANGE; -

645

return WRITE_TRAN_CONTINUE;

executed 63 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

646 } else { -

647 st->hand_state = TLS_ST_OK; -

648

return WRITE_TRAN_CONTINUE;

executed 983 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

983

649 } -

650 -

651

case TLS_ST_CR_HELLO_REQ:

executed 8 times by 1 test: case TLS_ST_CR_HELLO_REQ:

Executed by:

libssl.so.1.1

652 /* -

653 * If we can renegotiate now then do so, otherwise wait for a more -

654 * convenient time. -

655 */ -

656

if (ssl3_renegotiate_check(s, 1)) {

ssl3_renegotiate_check(s, 1)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-7

657

if (!tls_setup_handshake(s)) {

!tls_setup_handshake(s)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

0-7

658 /* SSLfatal() already called */ -

659

return WRITE_TRAN_ERROR;

never executed: return WRITE_TRAN_ERROR;

660 } -

661 st->hand_state = TLS_ST_CW_CLNT_HELLO; -

662

return WRITE_TRAN_CONTINUE;

executed 7 times by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

663 } -

664 st->hand_state = TLS_ST_OK; -

665

return WRITE_TRAN_CONTINUE;

executed 1 time by 1 test: return WRITE_TRAN_CONTINUE;

Executed by:

libssl.so.1.1

666 } -

667 } -

668 -

669 /* -

670 * Perform any pre work that needs to be done prior to sending a message from -

671 * the client to the server. -

672 */ -

673 WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) -

674 { -

675 OSSL_STATEM *st = &s->statem; -

676 -

677 switch (st->hand_state) { -

678

default:

executed 3649 times by 1 test: default:

Executed by:

libssl.so.1.1

3649

679 /* No pre work to be done */ -

680

break;

executed 3649 times by 1 test: break;

Executed by:

libssl.so.1.1

3649

681 -

682

case TLS_ST_CW_CLNT_HELLO:

executed 4992 times by 1 test: case TLS_ST_CW_CLNT_HELLO:

Executed by:

libssl.so.1.1

4992

683 s->shutdown = 0; -

684

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4800 times by 1 test Evaluated by: libssl.so.1.1

192-4800

685 /* every DTLS ClientHello resets Finished MAC */ -

686

if (!ssl3_init_finished_mac(s)) {

!ssl3_init_finished_mac(s)	Description
TRUE	never evaluated
FALSE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1

0-192

687 /* SSLfatal() already called */ -

688

return WORK_ERROR;

never executed: return WORK_ERROR;

689 } -

690

}

executed 192 times by 1 test: end of block

Executed by:

libssl.so.1.1

192

691

break;

executed 4992 times by 1 test: break;

Executed by:

libssl.so.1.1

4992

692 -

693

case TLS_ST_CW_CHANGE:

executed 2682 times by 1 test: case TLS_ST_CW_CHANGE:

Executed by:

libssl.so.1.1

2682

694

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 182 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2500 times by 1 test Evaluated by: libssl.so.1.1

182-2500

695

if (s->hit) {

s->hit	Description
TRUE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 165 times by 1 test Evaluated by: libssl.so.1.1

17-165

696 /* -

697 * We're into the last flight so we don't retransmit these -

698 * messages unless we need to. -

699 */ -

700 st->use_timer = 0; -

701

}

executed 17 times by 1 test: end of block

Executed by:

libssl.so.1.1

702 #ifndef OPENSSL_NO_SCTP -

703 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { -

704 /* Calls SSLfatal() as required */ -

705 return dtls_wait_for_dry(s); -

706 } -

707 #endif -

708

}

executed 182 times by 1 test: end of block

Executed by:

libssl.so.1.1

182

709

break;

executed 2682 times by 1 test: break;

Executed by:

libssl.so.1.1

2682

710 -

711

case TLS_ST_PENDING_EARLY_DATA_END:

executed 40 times by 1 test: case TLS_ST_PENDING_EARLY_DATA_END:

Executed by:

libssl.so.1.1

712 /* -

713 * If we've been called by SSL_do_handshake()/SSL_write(), or we did not -

714 * attempt to write early data before calling SSL_read() then we press -

715 * on with the handshake. Otherwise we pause here. -

716 */ -

717

if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING

s->early_data_...NISHED_WRITING	Description
TRUE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

3-37

718

|| s->early_data_state == SSL_EARLY_DATA_NONE)

s->early_data_...ARLY_DATA_NONE	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

0-3

719

return WORK_FINISHED_CONTINUE;

executed 37 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

720 /* Fall through */ -

721 -

722

case TLS_ST_EARLY_DATA:

code before this statement executed 3 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

executed 50 times by 1 test: case TLS_ST_EARLY_DATA:

Executed by:

libssl.so.1.1

3-50

723

return tls_finish_handshake(s, wst, 0, 1);

executed 53 times by 1 test: return tls_finish_handshake(s, wst, 0, 1);

Executed by:

libssl.so.1.1

724 -

725

case TLS_ST_OK:

executed 2599 times by 1 test: case TLS_ST_OK:

Executed by:

libssl.so.1.1

2599

726 /* Calls SSLfatal() as required */ -

727

return tls_finish_handshake(s, wst, 1, 1);

executed 2599 times by 1 test: return tls_finish_handshake(s, wst, 1, 1);

Executed by:

libssl.so.1.1

2599

728 } -

729 -

730

return WORK_FINISHED_CONTINUE;

executed 11323 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

11323

731 } -

732 -

733 /* -

734 * Perform any work that needs to be done after sending a message from the -

735 * client to the server. -

736 */ -

737 WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) -

738 { -

739 OSSL_STATEM *st = &s->statem; -

740 -

741 s->init_num = 0; -

742 -

743 switch (st->hand_state) { -

744

default:

executed 184 times by 1 test: default:

Executed by:

libssl.so.1.1

184

745 /* No post work to be done */ -

746

break;

executed 184 times by 1 test: break;

Executed by:

libssl.so.1.1

184

747 -

748

case TLS_ST_CW_CLNT_HELLO:

executed 4980 times by 1 test: case TLS_ST_CW_CLNT_HELLO:

Executed by:

libssl.so.1.1

4980

749

if (s->early_data_state == SSL_EARLY_DATA_CONNECTING

s->early_data_...ATA_CONNECTING	Description
TRUE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4930 times by 1 test Evaluated by: libssl.so.1.1

50-4930

750

&& s->max_early_data > 0) {

s->max_early_data > 0	Description
TRUE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-50

751 /* -

752 * We haven't selected TLSv1.3 yet so we don't call the change -

753 * cipher state function associated with the SSL_METHOD. Instead -

754 * we call tls13_change_cipher_state() directly. -

755 */ -

756

if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) {

(s->options & ...0100000U) == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1

2-48

757

if (!tls13_change_cipher_state(s,

!tls13_change_...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

758

SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {

!tls13_change_...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

759 /* SSLfatal() already called */ -

760

return WORK_ERROR;

never executed: return WORK_ERROR;

761 } -

762

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

763 /* else we're in compat mode so we delay flushing until after CCS */ -

764

} else if (!statem_flush(s)) {

executed 50 times by 1 test: end of block

Executed by:

libssl.so.1.1

!statem_flush(s)	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4886 times by 1 test Evaluated by: libssl.so.1.1

44-4886

765

return WORK_MORE_A;

executed 44 times by 1 test: return WORK_MORE_A;

Executed by:

libssl.so.1.1

766 } -

767 -

768

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4744 times by 1 test Evaluated by: libssl.so.1.1

192-4744

769 /* Treat the next message as the first packet */ -

770 s->first_packet = 1; -

771

}

executed 192 times by 1 test: end of block

Executed by:

libssl.so.1.1

192

772

break;

executed 4936 times by 1 test: break;

Executed by:

libssl.so.1.1

4936

773 -

774

case TLS_ST_CW_END_OF_EARLY_DATA:

executed 18 times by 1 test: case TLS_ST_CW_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

775 /* -

776 * We set the enc_write_ctx back to NULL because we may end up writing -

777 * in cleartext again if we get a HelloRetryRequest from the server. -

778 */ -

779 EVP_CIPHER_CTX_free(s->enc_write_ctx); -

780 s->enc_write_ctx = NULL; -

781

break;

executed 18 times by 1 test: break;

Executed by:

libssl.so.1.1

782 -

783

case TLS_ST_CW_KEY_EXCH:

executed 1393 times by 1 test: case TLS_ST_CW_KEY_EXCH:

Executed by:

libssl.so.1.1

1393

784

if (tls_client_key_exchange_post_work(s) == 0) {

tls_client_key...t_work(s) == 0	Description
TRUE	never evaluated
FALSE	evaluated 1393 times by 1 test Evaluated by: libssl.so.1.1

0-1393

785 /* SSLfatal() already called */ -

786

return WORK_ERROR;

never executed: return WORK_ERROR;

787 } -

788

break;

executed 1393 times by 1 test: break;

Executed by:

libssl.so.1.1

1393

789 -

790

case TLS_ST_CW_CHANGE:

executed 2682 times by 1 test: case TLS_ST_CW_CHANGE:

Executed by:

libssl.so.1.1

2682

791

if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2500 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 182 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1226 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1274 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 511 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 715 times by 1 test Evaluated by: libssl.so.1.1

s->hello_retry...SL_HRR_PENDING	Description
TRUE	evaluated 667 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1504 times by 1 test Evaluated by: libssl.so.1.1

182-2500

792

break;

executed 1178 times by 1 test: break;

Executed by:

libssl.so.1.1

1178

793

if (s->early_data_state == SSL_EARLY_DATA_CONNECTING

s->early_data_...ATA_CONNECTING	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1456 times by 1 test Evaluated by: libssl.so.1.1

48-1456

794

&& s->max_early_data > 0) {

s->max_early_data > 0	Description
TRUE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-48

795 /* -

796 * We haven't selected TLSv1.3 yet so we don't call the change -

797 * cipher state function associated with the SSL_METHOD. Instead -

798 * we call tls13_change_cipher_state() directly. -

799 */ -

800

if (!tls13_change_cipher_state(s,

!tls13_change_...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1

0-48

801

SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE))

!tls13_change_...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 48 times by 1 test Evaluated by: libssl.so.1.1

0-48

802

return WORK_ERROR;

never executed: return WORK_ERROR;

803

break;

executed 48 times by 1 test: break;

Executed by:

libssl.so.1.1

804 } -

805 s->session->cipher = s->s3->tmp.new_cipher; -

806 #ifdef OPENSSL_NO_COMP -

807 s->session->compress_meth = 0; -

808 #else -

809

if (s->s3->tmp.new_compression == NULL)

s->s3->tmp.new...== ((void *)0)	Description
TRUE	evaluated 1456 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1456

810

s->session->compress_meth = 0;

executed 1456 times by 1 test: s->session->compress_meth = 0;

Executed by:

libssl.so.1.1

1456

811 else -

812

s->session->compress_meth = s->s3->tmp.new_compression->id;

never executed: s->session->compress_meth = s->s3->tmp.new_compression->id;

813 #endif -

814

if (!s->method->ssl3_enc->setup_key_block(s)) {

!s->method->ss...p_key_block(s)	Description
TRUE	never evaluated
FALSE	evaluated 1456 times by 1 test Evaluated by: libssl.so.1.1

0-1456

815 /* SSLfatal() already called */ -

816

return WORK_ERROR;

never executed: return WORK_ERROR;

817 } -

818 -

819

if (!s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 1456 times by 1 test Evaluated by: libssl.so.1.1

0-1456

820

SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {

!s->method->ss...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 1456 times by 1 test Evaluated by: libssl.so.1.1

0-1456

821 /* SSLfatal() already called */ -

822

return WORK_ERROR;

never executed: return WORK_ERROR;

823 } -

824 -

825

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 182 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1274 times by 1 test Evaluated by: libssl.so.1.1

182-1274

826 #ifndef OPENSSL_NO_SCTP -

827 if (s->hit) { -

828 /* -

829 * Change to new shared key of SCTP-Auth, will be ignored if -

830 * no SCTP used. -

831 */ -

832 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, -

833 0, NULL); -

834 } -

835 #endif -

836 -

837 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); -

838

}

executed 182 times by 1 test: end of block

Executed by:

libssl.so.1.1

182

839

break;

executed 1456 times by 1 test: break;

Executed by:

libssl.so.1.1

1456

840 -

841

case TLS_ST_CW_FINISHED:

executed 2158 times by 1 test: case TLS_ST_CW_FINISHED:

Executed by:

libssl.so.1.1

2158

842 #ifndef OPENSSL_NO_SCTP -

843 if (wst == WORK_MORE_A && SSL_IS_DTLS(s) && s->hit == 0) { -

844 /* -

845 * Change to new shared key of SCTP-Auth, will be ignored if -

846 * no SCTP used. -

847 */ -

848 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, -

849 0, NULL); -

850 } -

851 #endif -

852

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	evaluated 104 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2054 times by 1 test Evaluated by: libssl.so.1.1

104-2054

853

return WORK_MORE_B;

executed 104 times by 1 test: return WORK_MORE_B;

Executed by:

libssl.so.1.1

104

854 -

855

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1872 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 182 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 598 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1274 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 598 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1872

856

if (!tls13_save_handshake_digest_for_pha(s)) {

!tls13_save_ha...est_for_pha(s)	Description
TRUE	never evaluated
FALSE	evaluated 598 times by 1 test Evaluated by: libssl.so.1.1

0-598

857 /* SSLfatal() already called */ -

858

return WORK_ERROR;

never executed: return WORK_ERROR;

859 } -

860

if (s->post_handshake_auth != SSL_PHA_REQUESTED) {

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 573 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

25-573

861

if (!s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 573 times by 1 test Evaluated by: libssl.so.1.1

0-573

862

SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {

!s->method->ss...(0x010\|0x002))	Description
TRUE	never evaluated
FALSE	evaluated 573 times by 1 test Evaluated by: libssl.so.1.1

0-573

863 /* SSLfatal() already called */ -

864

return WORK_ERROR;

never executed: return WORK_ERROR;

865 } -

866

}

executed 573 times by 1 test: end of block

Executed by:

libssl.so.1.1

573

867

}

executed 598 times by 1 test: end of block

Executed by:

libssl.so.1.1

598

868

break;

executed 2054 times by 1 test: break;

Executed by:

libssl.so.1.1

2054

869 -

870

case TLS_ST_CW_KEY_UPDATE:

executed 4 times by 1 test: case TLS_ST_CW_KEY_UPDATE:

Executed by:

libssl.so.1.1

871

if (statem_flush(s) != 1)

statem_flush(s) != 1	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

872

return WORK_MORE_A;

never executed: return WORK_MORE_A;

873

if (!tls13_update_key(s, 1)) {

!tls13_update_key(s, 1)	Description
TRUE	never evaluated
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

0-4

874 /* SSLfatal() already called */ -

875

return WORK_ERROR;

never executed: return WORK_ERROR;

876 } -

877

break;

executed 4 times by 1 test: break;

Executed by:

libssl.so.1.1

878 } -

879 -

880

return WORK_FINISHED_CONTINUE;

executed 11271 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

11271

881 } -

882 -

883 /* -

884 * Get the message construction function and message type for sending from the -

885 * client -

886 * -

887 * Valid return values are: -

888 * 1: Success -

889 * 0: Error -

890 */ -

891 int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, -

892 confunc_f *confunc, int *mt) -

893 { -

894 OSSL_STATEM *st = &s->statem; -

895 -

896 switch (st->hand_state) { -

897

default:

never executed: default:

898 /* Shouldn't happen */ -

899 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

900 SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE, -

901 SSL_R_BAD_HANDSHAKE_STATE); -

902

return 0;

never executed: return 0;

903 -

904

case TLS_ST_CW_CHANGE:

executed 2682 times by 1 test: case TLS_ST_CW_CHANGE:

Executed by:

libssl.so.1.1

2682

905

if (SSL_IS_DTLS(s))

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 182 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2500 times by 1 test Evaluated by: libssl.so.1.1

182-2500

906

*confunc = dtls_construct_change_cipher_spec;

executed 182 times by 1 test: *confunc = dtls_construct_change_cipher_spec;

Executed by:

libssl.so.1.1

182

907 else -

908

*confunc = tls_construct_change_cipher_spec;

executed 2500 times by 1 test: *confunc = tls_construct_change_cipher_spec;

Executed by:

libssl.so.1.1

2500

909 *mt = SSL3_MT_CHANGE_CIPHER_SPEC; -

910

break;

executed 2682 times by 1 test: break;

Executed by:

libssl.so.1.1

2682

911 -

912

case TLS_ST_CW_CLNT_HELLO:

executed 4992 times by 1 test: case TLS_ST_CW_CLNT_HELLO:

Executed by:

libssl.so.1.1

4992

913 *confunc = tls_construct_client_hello; -

914 *mt = SSL3_MT_CLIENT_HELLO; -

915

break;

executed 4992 times by 1 test: break;

Executed by:

libssl.so.1.1

4992

916 -

917

case TLS_ST_CW_END_OF_EARLY_DATA:

executed 18 times by 1 test: case TLS_ST_CW_END_OF_EARLY_DATA:

Executed by:

libssl.so.1.1

918 *confunc = tls_construct_end_of_early_data; -

919 *mt = SSL3_MT_END_OF_EARLY_DATA; -

920

break;

executed 18 times by 1 test: break;

Executed by:

libssl.so.1.1

921 -

922

case TLS_ST_PENDING_EARLY_DATA_END:

executed 37 times by 1 test: case TLS_ST_PENDING_EARLY_DATA_END:

Executed by:

libssl.so.1.1

923 *confunc = NULL; -

924 *mt = SSL3_MT_DUMMY; -

925

break;

executed 37 times by 1 test: break;

Executed by:

libssl.so.1.1

926 -

927

case TLS_ST_CW_CERT:

executed 83 times by 1 test: case TLS_ST_CW_CERT:

Executed by:

libssl.so.1.1

928 *confunc = tls_construct_client_certificate; -

929 *mt = SSL3_MT_CERTIFICATE; -

930

break;

executed 83 times by 1 test: break;

Executed by:

libssl.so.1.1

931 -

932

case TLS_ST_CW_KEY_EXCH:

executed 1426 times by 1 test: case TLS_ST_CW_KEY_EXCH:

Executed by:

libssl.so.1.1

1426

933 *confunc = tls_construct_client_key_exchange; -

934 *mt = SSL3_MT_CLIENT_KEY_EXCHANGE; -

935

break;

executed 1426 times by 1 test: break;

Executed by:

libssl.so.1.1

1426

936 -

937

case TLS_ST_CW_CERT_VRFY:

executed 43 times by 1 test: case TLS_ST_CW_CERT_VRFY:

Executed by:

libssl.so.1.1

938 *confunc = tls_construct_cert_verify; -

939 *mt = SSL3_MT_CERTIFICATE_VERIFY; -

940

break;

executed 43 times by 1 test: break;

Executed by:

libssl.so.1.1

941 -

942 #if !defined(OPENSSL_NO_NEXTPROTONEG) -

943

case TLS_ST_CW_NEXT_PROTO:

executed 21 times by 1 test: case TLS_ST_CW_NEXT_PROTO:

Executed by:

libssl.so.1.1

944 *confunc = tls_construct_next_proto; -

945 *mt = SSL3_MT_NEXT_PROTO; -

946

break;

executed 21 times by 1 test: break;

Executed by:

libssl.so.1.1

947 #endif -

948

case TLS_ST_CW_FINISHED:

executed 2054 times by 1 test: case TLS_ST_CW_FINISHED:

Executed by:

libssl.so.1.1

2054

949 *confunc = tls_construct_finished; -

950 *mt = SSL3_MT_FINISHED; -

951

break;

executed 2054 times by 1 test: break;

Executed by:

libssl.so.1.1

2054

952 -

953

case TLS_ST_CW_KEY_UPDATE:

executed 4 times by 1 test: case TLS_ST_CW_KEY_UPDATE:

Executed by:

libssl.so.1.1

954 *confunc = tls_construct_key_update; -

955 *mt = SSL3_MT_KEY_UPDATE; -

956

break;

executed 4 times by 1 test: break;

Executed by:

libssl.so.1.1

957 } -

958 -

959

return 1;

executed 11360 times by 1 test: return 1;

Executed by:

libssl.so.1.1

11360

960 } -

961 -

962 /* -

963 * Returns the maximum allowed length for the current message that we are -

964 * reading. Excludes the message header. -

965 */ -

966 size_t ossl_statem_client_max_message_size(SSL *s) -

967 { -

968 OSSL_STATEM *st = &s->statem; -

969 -

970 switch (st->hand_state) { -

971

default:

executed 8 times by 1 test: default:

Executed by:

libssl.so.1.1

972 /* Shouldn't happen */ -

973

return 0;

executed 8 times by 1 test: return 0;

Executed by:

libssl.so.1.1

974 -

975

case TLS_ST_CR_SRVR_HELLO:

executed 4632 times by 1 test: case TLS_ST_CR_SRVR_HELLO:

Executed by:

libssl.so.1.1

4632

976

return SERVER_HELLO_MAX_LENGTH;

executed 4632 times by 1 test: return 20000;

Executed by:

libssl.so.1.1

4632

977 -

978

case DTLS_ST_CR_HELLO_VERIFY_REQUEST:

executed 1 time by 1 test: case DTLS_ST_CR_HELLO_VERIFY_REQUEST:

Executed by:

libssl.so.1.1

979

return HELLO_VERIFY_REQUEST_MAX_LENGTH;

executed 1 time by 1 test: return 258;

Executed by:

libssl.so.1.1

980 -

981

case TLS_ST_CR_CERT:

executed 3024 times by 1 test: case TLS_ST_CR_CERT:

Executed by:

libssl.so.1.1

3024

982

return s->max_cert_list;

executed 3024 times by 1 test: return s->max_cert_list;

Executed by:

libssl.so.1.1

3024

983 -

984

case TLS_ST_CR_CERT_VRFY:

executed 474 times by 1 test: case TLS_ST_CR_CERT_VRFY:

Executed by:

libssl.so.1.1

474

985

return SSL3_RT_MAX_PLAIN_LENGTH;

executed 474 times by 1 test: return 16384;

Executed by:

libssl.so.1.1

474

986 -

987

case TLS_ST_CR_CERT_STATUS:

executed 5 times by 1 test: case TLS_ST_CR_CERT_STATUS:

Executed by:

libssl.so.1.1

988

return SSL3_RT_MAX_PLAIN_LENGTH;

executed 5 times by 1 test: return 16384;

Executed by:

libssl.so.1.1

989 -

990

case TLS_ST_CR_KEY_EXCH:

executed 1390 times by 1 test: case TLS_ST_CR_KEY_EXCH:

Executed by:

libssl.so.1.1

1390

991

return SERVER_KEY_EXCH_MAX_LENGTH;

executed 1390 times by 1 test: return 102400;

Executed by:

libssl.so.1.1

1390

992 -

993

case TLS_ST_CR_CERT_REQ:

executed 142 times by 1 test: case TLS_ST_CR_CERT_REQ:

Executed by:

libssl.so.1.1

142

994 /* -

995 * Set to s->max_cert_list for compatibility with previous releases. In -

996 * practice these messages can get quite long if servers are configured -

997 * to provide a long list of acceptable CAs -

998 */ -

999

return s->max_cert_list;

executed 142 times by 1 test: return s->max_cert_list;

Executed by:

libssl.so.1.1

142

1000 -

1001

case TLS_ST_CR_SRVR_DONE:

executed 1428 times by 1 test: case TLS_ST_CR_SRVR_DONE:

Executed by:

libssl.so.1.1

1428

1002

return SERVER_HELLO_DONE_MAX_LENGTH;

executed 1428 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1428

1003 -

1004

case TLS_ST_CR_CHANGE:

executed 1252 times by 1 test: case TLS_ST_CR_CHANGE:

Executed by:

libssl.so.1.1

1252

1005

if (s->version == DTLS1_BAD_VER)

s->version == 0x0100	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1251 times by 1 test Evaluated by: libssl.so.1.1

1-1251

1006

return 3;

executed 1 time by 1 test: return 3;

Executed by:

libssl.so.1.1

1007

return CCS_MAX_LENGTH;

executed 1251 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1251

1008 -

1009

case TLS_ST_CR_SESSION_TICKET:

executed 1873 times by 1 test: case TLS_ST_CR_SESSION_TICKET:

Executed by:

libssl.so.1.1

1873

1010

return SSL3_RT_MAX_PLAIN_LENGTH;

executed 1873 times by 1 test: return 16384;

Executed by:

libssl.so.1.1

1873

1011 -

1012

case TLS_ST_CR_FINISHED:

executed 1626 times by 1 test: case TLS_ST_CR_FINISHED:

Executed by:

libssl.so.1.1

1626

1013

return FINISHED_MAX_LENGTH;

executed 1626 times by 1 test: return 64;

Executed by:

libssl.so.1.1

1626

1014 -

1015

case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

executed 586 times by 1 test: case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

Executed by:

libssl.so.1.1

586

1016

return ENCRYPTED_EXTENSIONS_MAX_LENGTH;

executed 586 times by 1 test: return 20000;

Executed by:

libssl.so.1.1

586

1017 -

1018

case TLS_ST_CR_KEY_UPDATE:

executed 5 times by 1 test: case TLS_ST_CR_KEY_UPDATE:

Executed by:

libssl.so.1.1

1019

return KEY_UPDATE_MAX_LENGTH;

executed 5 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1020 } -

1021 } -

1022 -

1023 /* -

1024 * Process a message that the client has been received from the server. -

1025 */ -

1026 MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) -

1027 { -

1028 OSSL_STATEM *st = &s->statem; -

1029 -

1030 switch (st->hand_state) { -

1031

default:

never executed: default:

1032 /* Shouldn't happen */ -

1033 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1034 SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE, -

1035 ERR_R_INTERNAL_ERROR); -

1036

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

1037 -

1038

case TLS_ST_CR_SRVR_HELLO:

executed 4600 times by 1 test: case TLS_ST_CR_SRVR_HELLO:

Executed by:

libssl.so.1.1

4600

1039

return tls_process_server_hello(s, pkt);

executed 4600 times by 1 test: return tls_process_server_hello(s, pkt);

Executed by:

libssl.so.1.1

4600

1040 -

1041

case DTLS_ST_CR_HELLO_VERIFY_REQUEST:

executed 1 time by 1 test: case DTLS_ST_CR_HELLO_VERIFY_REQUEST:

Executed by:

libssl.so.1.1

1042

return dtls_process_hello_verify(s, pkt);

executed 1 time by 1 test: return dtls_process_hello_verify(s, pkt);

Executed by:

libssl.so.1.1

1043 -

1044

case TLS_ST_CR_CERT:

executed 3020 times by 1 test: case TLS_ST_CR_CERT:

Executed by:

libssl.so.1.1

3020

1045

return tls_process_server_certificate(s, pkt);

executed 3020 times by 1 test: return tls_process_server_certificate(s, pkt);

Executed by:

libssl.so.1.1

3020

1046 -

1047

case TLS_ST_CR_CERT_VRFY:

executed 474 times by 1 test: case TLS_ST_CR_CERT_VRFY:

Executed by:

libssl.so.1.1

474

1048

return tls_process_cert_verify(s, pkt);

executed 474 times by 1 test: return tls_process_cert_verify(s, pkt);

Executed by:

libssl.so.1.1

474

1049 -

1050

case TLS_ST_CR_CERT_STATUS:

executed 5 times by 1 test: case TLS_ST_CR_CERT_STATUS:

Executed by:

libssl.so.1.1

1051

return tls_process_cert_status(s, pkt);

executed 5 times by 1 test: return tls_process_cert_status(s, pkt);

Executed by:

libssl.so.1.1

1052 -

1053

case TLS_ST_CR_KEY_EXCH:

executed 1390 times by 1 test: case TLS_ST_CR_KEY_EXCH:

Executed by:

libssl.so.1.1

1390

1054

return tls_process_key_exchange(s, pkt);

executed 1390 times by 1 test: return tls_process_key_exchange(s, pkt);

Executed by:

libssl.so.1.1

1390

1055 -

1056

case TLS_ST_CR_CERT_REQ:

executed 142 times by 1 test: case TLS_ST_CR_CERT_REQ:

Executed by:

libssl.so.1.1

142

1057

return tls_process_certificate_request(s, pkt);

executed 142 times by 1 test: return tls_process_certificate_request(s, pkt);

Executed by:

libssl.so.1.1

142

1058 -

1059

case TLS_ST_CR_SRVR_DONE:

executed 1428 times by 1 test: case TLS_ST_CR_SRVR_DONE:

Executed by:

libssl.so.1.1

1428

1060

return tls_process_server_done(s, pkt);

executed 1428 times by 1 test: return tls_process_server_done(s, pkt);

Executed by:

libssl.so.1.1

1428

1061 -

1062

case TLS_ST_CR_CHANGE:

executed 1252 times by 1 test: case TLS_ST_CR_CHANGE:

Executed by:

libssl.so.1.1

1252

1063

return tls_process_change_cipher_spec(s, pkt);

executed 1252 times by 1 test: return tls_process_change_cipher_spec(s, pkt);

Executed by:

libssl.so.1.1

1252

1064 -

1065

case TLS_ST_CR_SESSION_TICKET:

executed 1873 times by 1 test: case TLS_ST_CR_SESSION_TICKET:

Executed by:

libssl.so.1.1

1873

1066

return tls_process_new_session_ticket(s, pkt);

executed 1873 times by 1 test: return tls_process_new_session_ticket(s, pkt);

Executed by:

libssl.so.1.1

1873

1067 -

1068

case TLS_ST_CR_FINISHED:

executed 1626 times by 1 test: case TLS_ST_CR_FINISHED:

Executed by:

libssl.so.1.1

1626

1069

return tls_process_finished(s, pkt);

executed 1626 times by 1 test: return tls_process_finished(s, pkt);

Executed by:

libssl.so.1.1

1626

1070 -

1071

case TLS_ST_CR_HELLO_REQ:

executed 8 times by 1 test: case TLS_ST_CR_HELLO_REQ:

Executed by:

libssl.so.1.1

1072

return tls_process_hello_req(s, pkt);

executed 8 times by 1 test: return tls_process_hello_req(s, pkt);

Executed by:

libssl.so.1.1

1073 -

1074

case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

executed 586 times by 1 test: case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

Executed by:

libssl.so.1.1

586

1075

return tls_process_encrypted_extensions(s, pkt);

executed 586 times by 1 test: return tls_process_encrypted_extensions(s, pkt);

Executed by:

libssl.so.1.1

586

1076 -

1077

case TLS_ST_CR_KEY_UPDATE:

executed 5 times by 1 test: case TLS_ST_CR_KEY_UPDATE:

Executed by:

libssl.so.1.1

1078

return tls_process_key_update(s, pkt);

executed 5 times by 1 test: return tls_process_key_update(s, pkt);

Executed by:

libssl.so.1.1

1079 } -

1080 } -

1081 -

1082 /* -

1083 * Perform any further processing required following the receipt of a message -

1084 * from the server -

1085 */ -

1086 WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) -

1087 { -

1088 OSSL_STATEM *st = &s->statem; -

1089 -

1090 switch (st->hand_state) { -

1091

default:

never executed: default:

1092 /* Shouldn't happen */ -

1093 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1094 SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE, -

1095 ERR_R_INTERNAL_ERROR); -

1096

return WORK_ERROR;

never executed: return WORK_ERROR;

1097 -

1098

case TLS_ST_CR_CERT_REQ:

executed 83 times by 1 test: case TLS_ST_CR_CERT_REQ:

Executed by:

libssl.so.1.1

1099

return tls_prepare_client_certificate(s, wst);

executed 83 times by 1 test: return tls_prepare_client_certificate(s, wst);

Executed by:

libssl.so.1.1

1100 } -

1101 } -

1102 -

1103 int tls_construct_client_hello(SSL *s, WPACKET *pkt) -

1104 { -

1105 unsigned char *p; -

1106 size_t sess_id_len; -

1107 int i, protverr; -

1108 #ifndef OPENSSL_NO_COMP -

1109 SSL_COMP *comp; -

1110 #endif -

1111 SSL_SESSION *sess = s->session; -

1112 unsigned char *session_id; -

1113 -

1114

if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {

!WPACKET_set_m...ze(pkt, 16384)	Description
TRUE	never evaluated
FALSE	evaluated 4992 times by 1 test Evaluated by: libssl.so.1.1

0-4992

1115 /* Should not happen */ -

1116 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1117 SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); -

1118

return 0;

never executed: return 0;

1119 } -

1120 -

1121 /* Work out what SSL/TLS/DTLS version to use */ -

1122 protverr = ssl_set_client_hello_version(s); -

1123

if (protverr != 0) {

protverr != 0	Description
TRUE	evaluated 52 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

52-4940

1124 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1125 protverr); -

1126

return 0;

executed 52 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1127 } -

1128 -

1129

if (sess == NULL

sess == ((void *)0)	Description
TRUE	evaluated 3988 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 952 times by 1 test Evaluated by: libssl.so.1.1

952-3988

1130

|| !ssl_version_supported(s, sess->ssl_version, NULL)

!ssl_version_s... ((void *)0) )	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 938 times by 1 test Evaluated by: libssl.so.1.1

14-938

1131

|| !SSL_SESSION_is_resumable(sess)) {

!SSL_SESSION_i...esumable(sess)	Description
TRUE	evaluated 665 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 273 times by 1 test Evaluated by: libssl.so.1.1

273-665

1132

if (s->hello_retry_request == SSL_HRR_NONE

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 4002 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 665 times by 1 test Evaluated by: libssl.so.1.1

665-4002

1133

&& !ssl_get_new_session(s, 0)) {

!ssl_get_new_session(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 4002 times by 1 test Evaluated by: libssl.so.1.1

0-4002

1134 /* SSLfatal() already called */ -

1135

return 0;

never executed: return 0;

1136 } -

1137

}

executed 4667 times by 1 test: end of block

Executed by:

libssl.so.1.1

4667

1138 /* else use the pre-loaded session */ -

1139 -

1140 p = s->s3->client_random; -

1141 -

1142 /* -

1143 * for DTLS if client_random is initialized, reuse it, we are -

1144 * required to use same upon reply to HelloVerify -

1145 */ -

1146

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4748 times by 1 test Evaluated by: libssl.so.1.1

192-4748

1147 size_t idx; -

1148 i = 1; -

1149

for (idx = 0; idx < sizeof(s->s3->client_random); idx++) {

idx < sizeof(s...client_random)	Description
TRUE	evaluated 6113 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 191 times by 1 test Evaluated by: libssl.so.1.1

191-6113

1150

if (p[idx]) {

p[idx]	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 6112 times by 1 test Evaluated by: libssl.so.1.1

1-6112

1151 i = 0; -

1152

break;

executed 1 time by 1 test: break;

Executed by:

libssl.so.1.1

1153 } -

1154

}

executed 6112 times by 1 test: end of block

Executed by:

libssl.so.1.1

6112

1155

} else {

executed 192 times by 1 test: end of block

Executed by:

libssl.so.1.1

192

1156 i = (s->hello_retry_request == SSL_HRR_NONE); -

1157

}

executed 4748 times by 1 test: end of block

Executed by:

libssl.so.1.1

4748

1158 -

1159

if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random),

i	Description
TRUE	evaluated 4261 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 679 times by 1 test Evaluated by: libssl.so.1.1

ssl_fill_hello...ADE_NONE) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 4261 times by 1 test Evaluated by: libssl.so.1.1

0-4261

1160

DOWNGRADE_NONE) <= 0) {

ssl_fill_hello...ADE_NONE) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 4261 times by 1 test Evaluated by: libssl.so.1.1

0-4261

1161 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1162 ERR_R_INTERNAL_ERROR); -

1163

return 0;

never executed: return 0;

1164 } -

1165 -

1166 /*- -

1167 * version indicates the negotiated version: for example from -

1168 * an SSLv2/v3 compatible client hello). The client_version -

1169 * field is the maximum version we permit and it is also -

1170 * used in RSA encrypted premaster secrets. Some servers can -

1171 * choke if we initially report a higher version then -

1172 * renegotiate to a lower one in the premaster secret. This -

1173 * didn't happen with TLS 1.0 as most servers supported it -

1174 * but it can with TLS 1.1 or later if the server only supports -

1175 * 1.0. -

1176 * -

1177 * Possible scenario with previous logic: -

1178 * 1. Client hello indicates TLS 1.2 -

1179 * 2. Server hello says TLS 1.0 -

1180 * 3. RSA encrypted premaster secret uses 1.2. -

1181 * 4. Handshake proceeds using TLS 1.0. -

1182 * 5. Server sends hello request to renegotiate. -

1183 * 6. Client hello indicates TLS v1.0 as we now -

1184 * know that is maximum server supports. -

1185 * 7. Server chokes on RSA encrypted premaster secret -

1186 * containing version 1.0. -

1187 * -

1188 * For interoperability it should be OK to always use the -

1189 * maximum version we support in client hello and then rely -

1190 * on the checking of version to ensure the servers isn't -

1191 * being inconsistent: for example initially negotiating with -

1192 * TLS 1.0 and renegotiating with TLS 1.2. We do this by using -

1193 * client_version in client hello and not resetting it to -

1194 * the negotiated version. -

1195 * -

1196 * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the -

1197 * supported_versions extension for the real supported versions. -

1198 */ -

1199

if (!WPACKET_put_bytes_u16(pkt, s->client_version)

!WPACKET_put_b...t_version), 2)	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

0-4940

1200

|| !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {

!WPACKET_memcp...nt_random, 32)	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

0-4940

1201 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1202 ERR_R_INTERNAL_ERROR); -

1203

return 0;

never executed: return 0;

1204 } -

1205 -

1206 /* Session ID */ -

1207 session_id = s->session->session_id; -

1208

if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) {

s->new_session	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4925 times by 1 test Evaluated by: libssl.so.1.1

s->session->ss...sion == 0x0304	Description
TRUE	evaluated 3889 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1036 times by 1 test Evaluated by: libssl.so.1.1

15-4925

1209

if (s->version == TLS1_3_VERSION

s->version == 0x0304	Description
TRUE	evaluated 3889 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

15-3889

1210

&& (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {

(s->options & ...0100000U) != 0	Description
TRUE	evaluated 3874 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1

15-3874

1211 sess_id_len = sizeof(s->tmp_session_id); -

1212 s->tmp_session_id_len = sess_id_len; -

1213 session_id = s->tmp_session_id; -

1214

if (s->hello_retry_request == SSL_HRR_NONE

s->hello_retry...= SSL_HRR_NONE	Description
TRUE	evaluated 3199 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 675 times by 1 test Evaluated by: libssl.so.1.1

675-3199

1215

&& RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) {

RAND_bytes(s->...s_id_len) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 3199 times by 1 test Evaluated by: libssl.so.1.1

0-3199

1216 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1217 SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1218 ERR_R_INTERNAL_ERROR); -

1219

return 0;

never executed: return 0;

1220 } -

1221

} else {

executed 3874 times by 1 test: end of block

Executed by:

libssl.so.1.1

3874

1222 sess_id_len = 0; -

1223

}

executed 30 times by 1 test: end of block

Executed by:

libssl.so.1.1

1224 } else { -

1225 assert(s->session->session_id_length <= sizeof(s->session->session_id)); -

1226 sess_id_len = s->session->session_id_length; -

1227

if (s->version == TLS1_3_VERSION) {

s->version == 0x0304	Description
TRUE	evaluated 30 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1006 times by 1 test Evaluated by: libssl.so.1.1

30-1006

1228 s->tmp_session_id_len = sess_id_len; -

1229 memcpy(s->tmp_session_id, s->session->session_id, sess_id_len); -

1230

}

executed 30 times by 1 test: end of block

Executed by:

libssl.so.1.1

1231

}

executed 1036 times by 1 test: end of block

Executed by:

libssl.so.1.1

1036

1232

if (!WPACKET_start_sub_packet_u8(pkt)

!WPACKET_start...en__((pkt), 1)	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

0-4940

1233

|| (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id,

sess_id_len != 0	Description
TRUE	evaluated 3989 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 951 times by 1 test Evaluated by: libssl.so.1.1

!WPACKET_memcp..., sess_id_len)	Description
TRUE	never evaluated
FALSE	evaluated 3989 times by 1 test Evaluated by: libssl.so.1.1

0-3989

1234

sess_id_len))

!WPACKET_memcp..., sess_id_len)	Description
TRUE	never evaluated
FALSE	evaluated 3989 times by 1 test Evaluated by: libssl.so.1.1

0-3989

1235

|| !WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

0-4940

1236 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1237 ERR_R_INTERNAL_ERROR); -

1238

return 0;

never executed: return 0;

1239 } -

1240 -

1241 /* cookie stuff for DTLS */ -

1242

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4748 times by 1 test Evaluated by: libssl.so.1.1

192-4748

1243

if (s->d1->cookie_len > sizeof(s->d1->cookie)

s->d1->cookie_...s->d1->cookie)	Description
TRUE	never evaluated
FALSE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1

0-192

1244

|| !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,

!WPACKET_sub_m...ookie_len), 1)	Description
TRUE	never evaluated
FALSE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1

0-192

1245 s->d1->cookie_len)) { -

1246 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1247 ERR_R_INTERNAL_ERROR); -

1248

return 0;

never executed: return 0;

1249 } -

1250

}

executed 192 times by 1 test: end of block

Executed by:

libssl.so.1.1

192

1251 -

1252 /* Ciphers supported */ -

1253

if (!WPACKET_start_sub_packet_u16(pkt)) {

!WPACKET_start...en__((pkt), 2)	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

0-4940

1254 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1255 ERR_R_INTERNAL_ERROR); -

1256

return 0;

never executed: return 0;

1257 } -

1258 -

1259

if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) {

!ssl_cipher_li...phers(s), pkt)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

1-4939

1260 /* SSLfatal() already called */ -

1261

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1262 } -

1263

if (!WPACKET_close(pkt)) {

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

0-4939

1264 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1265 ERR_R_INTERNAL_ERROR); -

1266

return 0;

never executed: return 0;

1267 } -

1268 -

1269 /* COMPRESSION */ -

1270

if (!WPACKET_start_sub_packet_u8(pkt)) {

!WPACKET_start...en__((pkt), 1)	Description
TRUE	never evaluated
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

0-4939

1271 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1272 ERR_R_INTERNAL_ERROR); -

1273

return 0;

never executed: return 0;

1274 } -

1275 #ifndef OPENSSL_NO_COMP -

1276

if (ssl_allow_compression(s)

ssl_allow_compression(s)	Description
TRUE	never evaluated
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

0-4939

1277

&& s->ctx->comp_methods

s->ctx->comp_methods	Description
TRUE	never evaluated
FALSE	never evaluated

1278

&& (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	never evaluated
FALSE	never evaluated

s->s3->tmp.max_ver < 0x0304	Description
TRUE	never evaluated
FALSE	never evaluated

1279 int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); -

1280

for (i = 0; i < compnum; i++) {

i < compnum	Description
TRUE	never evaluated
FALSE	never evaluated

1281 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); -

1282

if (!WPACKET_put_bytes_u8(pkt, comp->id)) {

!WPACKET_put_b...(comp->id), 1)	Description
TRUE	never evaluated
FALSE	never evaluated

1283 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1284 SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1285 ERR_R_INTERNAL_ERROR); -

1286

return 0;

never executed: return 0;

1287 } -

1288

}

never executed: end of block

1289

}

never executed: end of block

1290 #endif -

1291 /* Add the NULL method */ -

1292

if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {

!WPACKET_put_b...(pkt), (0), 1)	Description
TRUE	never evaluated
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

0-4939

1293 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, -

1294 ERR_R_INTERNAL_ERROR); -

1295

return 0;

never executed: return 0;

1296 } -

1297 -

1298 /* TLS extensions */ -

1299

if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {

!tls_construct...void *)0) , 0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4936 times by 1 test Evaluated by: libssl.so.1.1

3-4936

1300 /* SSLfatal() already called */ -

1301

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1302 } -

1303 -

1304

return 1;

executed 4936 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4936

1305 } -

1306 -

1307 MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) -

1308 { -

1309 size_t cookie_len; -

1310 PACKET cookiepkt; -

1311 -

1312

if (!PACKET_forward(pkt, 2)

!PACKET_forward(pkt, 2)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

1313

|| !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {

!PACKET_get_le...t, &cookiepkt)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

1314 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY, -

1315 SSL_R_LENGTH_MISMATCH); -

1316

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

1317 } -

1318 -

1319 cookie_len = PACKET_remaining(&cookiepkt); -

1320

if (cookie_len > sizeof(s->d1->cookie)) {

cookie_len > s...s->d1->cookie)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

1321 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS_PROCESS_HELLO_VERIFY, -

1322 SSL_R_LENGTH_TOO_LONG); -

1323

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

1324 } -

1325 -

1326

if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {

!PACKET_copy_b...e, cookie_len)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

1327 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY, -

1328 SSL_R_LENGTH_MISMATCH); -

1329

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

1330 } -

1331 s->d1->cookie_len = cookie_len; -

1332 -

1333

return MSG_PROCESS_FINISHED_READING;

executed 1 time by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

1334 } -

1335 -

1336 static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) -

1337 { -

1338 STACK_OF(SSL_CIPHER) *sk; -

1339 const SSL_CIPHER *c; -

1340 int i; -

1341 -

1342 c = ssl_get_cipher_by_char(s, cipherchars, 0); -

1343

if (c == NULL) {

c == ((void *)0)	Description
TRUE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4123 times by 1 test Evaluated by: libssl.so.1.1

83-4123

1344 /* unknown cipher */ -

1345 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, -

1346 SSL_R_UNKNOWN_CIPHER_RETURNED); -

1347

return 0;

executed 83 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1348 } -

1349 /* -

1350 * If it is a disabled cipher we either didn't send it in client hello, -

1351 * or it's not allowed for the selected protocol. So we return an error. -

1352 */ -

1353

if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) {

ssl_cipher_dis...(1 << 16)), 1)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4121 times by 1 test Evaluated by: libssl.so.1.1

2-4121

1354 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, -

1355 SSL_R_WRONG_CIPHER_RETURNED); -

1356

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1357 } -

1358 -

1359 sk = ssl_get_ciphers_by_id(s); -

1360 i = sk_SSL_CIPHER_find(sk, c); -

1361

if (i < 0) {

i < 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4120 times by 1 test Evaluated by: libssl.so.1.1

1-4120

1362 /* we did not say we would use this cipher */ -

1363 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, -

1364 SSL_R_WRONG_CIPHER_RETURNED); -

1365

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1366 } -

1367 -

1368

if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3937 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1322 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2615 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 632 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 690 times by 1 test Evaluated by: libssl.so.1.1

s->s3->tmp.new...!= ((void *)0)	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 603 times by 1 test Evaluated by: libssl.so.1.1

29-3937

1369

&& s->s3->tmp.new_cipher->id != c->id) {

s->s3->tmp.new...r->id != c->id	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

2-27

1370 /* ServerHello selected a different ciphersuite to that in the HRR */ -

1371 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, -

1372 SSL_R_WRONG_CIPHER_RETURNED); -

1373

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

1374 } -

1375 -

1376 /* -

1377 * Depending on the session caching (internal/external), the cipher -

1378 * and/or cipher_id values may not be set. Make sure that cipher_id is -

1379 * set and use it for comparison. -

1380 */ -

1381

if (s->session->cipher != NULL)

s->session->ci...!= ((void *)0)	Description
TRUE	evaluated 185 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3933 times by 1 test Evaluated by: libssl.so.1.1

185-3933

1382

s->session->cipher_id = s->session->cipher->id;

executed 185 times by 1 test: s->session->cipher_id = s->session->cipher->id;

Executed by:

libssl.so.1.1

185

1383

if (s->hit && (s->session->cipher_id != c->id)) {

s->hit	Description
TRUE	evaluated 172 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3946 times by 1 test Evaluated by: libssl.so.1.1

(s->session->c...r_id != c->id)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 168 times by 1 test Evaluated by: libssl.so.1.1

4-3946

1384

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4

1385 /* -

1386 * In TLSv1.3 it is valid for the server to select a different -

1387 * ciphersuite as long as the hash is the same. -

1388 */ -

1389

if (ssl_md(c->algorithm2)

ssl_md(c->algo...r->algorithm2)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

1-3

1390

!= ssl_md(s->session->cipher->algorithm2)) {

ssl_md(c->algo...r->algorithm2)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1

1-3

1391 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1392 SSL_F_SET_CLIENT_CIPHERSUITE, -

1393 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); -

1394

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

1395 } -

1396

} else {

executed 3 times by 1 test: end of block

Executed by:

libssl.so.1.1

1397 /* -

1398 * Prior to TLSv1.3 resuming a session always meant using the same -

1399 * ciphersuite. -

1400 */ -

1401 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, -

1402 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); -

1403

return 0;

never executed: return 0;

1404 } -

1405 } -

1406 s->s3->tmp.new_cipher = c; -

1407 -

1408

return 1;

executed 4117 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4117

1409 } -

1410 -

1411 MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) -

1412 { -

1413 PACKET session_id, extpkt; -

1414 size_t session_id_len; -

1415 const unsigned char *cipherchars; -

1416 int hrr = 0; -

1417 unsigned int compression; -

1418 unsigned int sversion; -

1419 unsigned int context; -

1420 RAW_EXTENSION *extensions = NULL; -

1421 #ifndef OPENSSL_NO_COMP -

1422 SSL_COMP *comp; -

1423 #endif -

1424 -

1425

if (!PACKET_get_net_2(pkt, &sversion)) {

!PACKET_get_ne...kt, &sversion)	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4596 times by 1 test Evaluated by: libssl.so.1.1

4-4596

1426 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1427 SSL_R_LENGTH_MISMATCH); -

1428

goto err;

executed 4 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1429 } -

1430 -

1431 /* load the server random */ -

1432

if (s->version == TLS1_3_VERSION

s->version == 0x0304	Description
TRUE	evaluated 3686 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 910 times by 1 test Evaluated by: libssl.so.1.1

910-3686

1433

&& sversion == TLS1_2_VERSION

sversion == 0x0303	Description
TRUE	evaluated 2954 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 732 times by 1 test Evaluated by: libssl.so.1.1

732-2954

1434

&& PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE

PACKET_remaining(pkt) >= 32	Description
TRUE	evaluated 2953 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-2953

1435

&& memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {

memcmp(hrrrand...pkt), 32) == 0	Description
TRUE	evaluated 732 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2221 times by 1 test Evaluated by: libssl.so.1.1

732-2221

1436 s->hello_retry_request = SSL_HRR_PENDING; -

1437 hrr = 1; -

1438

if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {

!PACKET_forward(pkt, 32)	Description
TRUE	never evaluated
FALSE	evaluated 732 times by 1 test Evaluated by: libssl.so.1.1

0-732

1439 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1440 SSL_R_LENGTH_MISMATCH); -

1441

goto err;

never executed: goto err;

1442 } -

1443

} else {

executed 732 times by 1 test: end of block

Executed by:

libssl.so.1.1

732

1444

if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {

!PACKET_copy_b...er_random, 32)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3862 times by 1 test Evaluated by: libssl.so.1.1

2-3862

1445 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1446 SSL_R_LENGTH_MISMATCH); -

1447

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1448 } -

1449

}

executed 3862 times by 1 test: end of block

Executed by:

libssl.so.1.1

3862

1450 -

1451 /* Get the session-id. */ -

1452

if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {

!PACKET_get_le..., &session_id)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4588 times by 1 test Evaluated by: libssl.so.1.1

6-4588

1453 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1454 SSL_R_LENGTH_MISMATCH); -

1455

goto err;

executed 6 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1456 } -

1457 session_id_len = PACKET_remaining(&session_id); -

1458

if (session_id_len > sizeof(s->session->session_id)

session_id_len...n->session_id)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4587 times by 1 test Evaluated by: libssl.so.1.1

1-4587

1459

|| session_id_len > SSL3_SESSION_ID_SIZE) {

session_id_len > 32	Description
TRUE	never evaluated
FALSE	evaluated 4587 times by 1 test Evaluated by: libssl.so.1.1

0-4587

1460 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1461 SSL_R_SSL3_SESSION_ID_TOO_LONG); -

1462

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1463 } -

1464 -

1465

if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {

!PACKET_get_by...ipherchars, 2)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4586 times by 1 test Evaluated by: libssl.so.1.1

1-4586

1466 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1467 SSL_R_LENGTH_MISMATCH); -

1468

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1469 } -

1470 -

1471

if (!PACKET_get_1(pkt, &compression)) {

!PACKET_get_1(... &compression)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4585 times by 1 test Evaluated by: libssl.so.1.1

1-4585

1472 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1473 SSL_R_LENGTH_MISMATCH); -

1474

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1475 } -

1476 -

1477 /* TLS extensions */ -

1478

if (PACKET_remaining(pkt) == 0 && !hrr) {

PACKET_remaining(pkt) == 0	Description
TRUE	evaluated 76 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4509 times by 1 test Evaluated by: libssl.so.1.1

!hrr	Description
TRUE	evaluated 75 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-4509

1479 PACKET_null_init(&extpkt); -

1480

} else if (!PACKET_as_length_prefixed_2(pkt, &extpkt)

executed 75 times by 1 test: end of block

Executed by:

libssl.so.1.1

!PACKET_as_len...(pkt, &extpkt)	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4492 times by 1 test Evaluated by: libssl.so.1.1

18-4492

1481

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	never evaluated
FALSE	evaluated 4492 times by 1 test Evaluated by: libssl.so.1.1

0-4492

1482 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1483 SSL_R_BAD_LENGTH); -

1484

goto err;

executed 18 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1485 } -

1486 -

1487

if (!hrr) {

!hrr	Description
TRUE	evaluated 3847 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 720 times by 1 test Evaluated by: libssl.so.1.1

720-3847

1488

if (!tls_collect_extensions(s, &extpkt,

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3816 times by 1 test Evaluated by: libssl.so.1.1

31-3816

1489

SSL_EXT_TLS1_2_SERVER_HELLO

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3816 times by 1 test Evaluated by: libssl.so.1.1

31-3816

1490

| SSL_EXT_TLS1_3_SERVER_HELLO,

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3816 times by 1 test Evaluated by: libssl.so.1.1

31-3816

1491

&extensions, NULL, 1)) {

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3816 times by 1 test Evaluated by: libssl.so.1.1

31-3816

1492 /* SSLfatal() already called */ -

1493

goto err;

executed 31 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1494 } -

1495 -

1496

if (!ssl_choose_client_version(s, sversion, extensions)) {

!ssl_choose_cl...n, extensions)	Description
TRUE	evaluated 321 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3495 times by 1 test Evaluated by: libssl.so.1.1

321-3495

1497 /* SSLfatal() already called */ -

1498

goto err;

executed 321 times by 1 test: goto err;

Executed by:

libssl.so.1.1

321

1499 } -

1500

}

executed 3495 times by 1 test: end of block

Executed by:

libssl.so.1.1

3495

1501 -

1502

if (SSL_IS_TLS13(s) || hrr) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 4032 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 1359 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2673 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 639 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 720 times by 1 test Evaluated by: libssl.so.1.1

hrr	Description
TRUE	evaluated 720 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2856 times by 1 test Evaluated by: libssl.so.1.1

183-4032

1503

if (compression != 0) {

compression != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1358 times by 1 test Evaluated by: libssl.so.1.1

1-1358

1504 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1505 SSL_F_TLS_PROCESS_SERVER_HELLO, -

1506 SSL_R_INVALID_COMPRESSION_ALGORITHM); -

1507

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1508 } -

1509 -

1510

if (session_id_len != s->tmp_session_id_len

session_id_len...session_id_len	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1357 times by 1 test Evaluated by: libssl.so.1.1

1-1357

1511

|| memcmp(PACKET_data(&session_id), s->tmp_session_id,

memcmp(PACKET_...n_id_len) != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1354 times by 1 test Evaluated by: libssl.so.1.1

3-1354

1512

session_id_len) != 0) {

memcmp(PACKET_...n_id_len) != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1354 times by 1 test Evaluated by: libssl.so.1.1

3-1354

1513 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1514 SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INVALID_SESSION_ID); -

1515

goto err;

executed 4 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1516 } -

1517

}

executed 1354 times by 1 test: end of block

Executed by:

libssl.so.1.1

1354

1518 -

1519

if (hrr) {

hrr	Description
TRUE	evaluated 718 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3492 times by 1 test Evaluated by: libssl.so.1.1

718-3492

1520

if (!set_client_ciphersuite(s, cipherchars)) {

!set_client_ci..., cipherchars)	Description
TRUE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 690 times by 1 test Evaluated by: libssl.so.1.1

28-690

1521 /* SSLfatal() already called */ -

1522

goto err;

executed 28 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1523 } -

1524 -

1525

return tls_process_as_hello_retry_request(s, &extpkt);

executed 690 times by 1 test: return tls_process_as_hello_retry_request(s, &extpkt);

Executed by:

libssl.so.1.1

690

1526 } -

1527 -

1528 /* -

1529 * Now we have chosen the version we need to check again that the extensions -

1530 * are appropriate for this version. -

1531 */ -

1532

context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3309 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 636 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2673 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 636 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3309

1533 : SSL_EXT_TLS1_2_SERVER_HELLO; -

1534

if (!tls_validate_all_contexts(s, context, extensions)) {

!tls_validate_...t, extensions)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3489 times by 1 test Evaluated by: libssl.so.1.1

3-3489

1535 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1536 SSL_R_BAD_EXTENSION); -

1537

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1538 } -

1539 -

1540 s->hit = 0; -

1541 -

1542

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3306 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 633 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2673 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 633 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3306

1543 /* -

1544 * In TLSv1.3 a ServerHello message signals a key change so the end of -

1545 * the message must be on a record boundary. -

1546 */ -

1547

if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {

RECORD_LAYER_p...ng(&s->rlayer)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 632 times by 1 test Evaluated by: libssl.so.1.1

1-632

1548 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, -

1549 SSL_F_TLS_PROCESS_SERVER_HELLO, -

1550 SSL_R_NOT_ON_RECORD_BOUNDARY); -

1551

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

1552 } -

1553 -

1554 /* This will set s->hit if we are resuming */ -

1555

if (!tls_parse_extension(s, TLSEXT_IDX_psk,

!tls_parse_ext...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 632 times by 1 test Evaluated by: libssl.so.1.1

0-632

1556

SSL_EXT_TLS1_3_SERVER_HELLO,

!tls_parse_ext...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 632 times by 1 test Evaluated by: libssl.so.1.1

0-632

1557

extensions, NULL, 0)) {

!tls_parse_ext...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 632 times by 1 test Evaluated by: libssl.so.1.1

0-632

1558 /* SSLfatal() already called */ -

1559

goto err;

never executed: goto err;

1560 } -

1561

} else {

executed 632 times by 1 test: end of block

Executed by:

libssl.so.1.1

632

1562 /* -

1563 * Check if we can resume the session based on external pre-shared -

1564 * secret. EAP-FAST (RFC 4851) supports two types of session resumption. -

1565 * Resumption based on server-side state works with session IDs. -

1566 * Resumption based on pre-shared Protected Access Credentials (PACs) -

1567 * works by overriding the SessionTicket extension at the application -

1568 * layer, and does not send a session ID. (We do not know whether -

1569 * EAP-FAST servers would honour the session ID.) Therefore, the session -

1570 * ID alone is not a reliable indicator of session resumption, so we -

1571 * first check if we can resume, and later peek at the next handshake -

1572 * message to see if the server wants to resume. -

1573 */ -

1574

if (s->version >= TLS1_VERSION

s->version >= 0x0301	Description
TRUE	evaluated 2855 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-2855

1575

&& s->ext.session_secret_cb != NULL && s->session->ext.tick) {

s->ext.session...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2855 times by 1 test Evaluated by: libssl.so.1.1

s->session->ext.tick	Description
TRUE	never evaluated
FALSE	never evaluated

0-2855

1576 const SSL_CIPHER *pref_cipher = NULL; -

1577 /* -

1578 * s->session->master_key_length is a size_t, but this is an int for -

1579 * backwards compat reasons -

1580 */ -

1581 int master_key_length; -

1582 master_key_length = sizeof(s->session->master_key); -

1583

if (s->ext.session_secret_cb(s, s->session->master_key,

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

1584

&master_key_length,

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

1585

NULL, &pref_cipher,

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

1586

s->ext.session_secret_cb_arg)

s->ext.session...secret_cb_arg)	Description
TRUE	never evaluated
FALSE	never evaluated

1587

&& master_key_length > 0) {

master_key_length > 0	Description
TRUE	never evaluated
FALSE	never evaluated

1588 s->session->master_key_length = master_key_length; -

1589

s->session->cipher = pref_cipher ?

pref_cipher	Description
TRUE	never evaluated
FALSE	never evaluated

1590 pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); -

1591

} else {

never executed: end of block

1592 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1593 SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR); -

1594

goto err;

never executed: goto err;

1595 } -

1596 } -

1597 -

1598

if (session_id_len != 0

session_id_len != 0	Description
TRUE	evaluated 1016 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1840 times by 1 test Evaluated by: libssl.so.1.1

1016-1840

1599

&& session_id_len == s->session->session_id_length

session_id_len...sion_id_length	Description
TRUE	evaluated 93 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 923 times by 1 test Evaluated by: libssl.so.1.1

93-923

1600

&& memcmp(PACKET_data(&session_id), s->session->session_id,

memcmp(PACKET_...n_id_len) == 0	Description
TRUE	evaluated 65 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1

28-65

1601

session_id_len) == 0)

memcmp(PACKET_...n_id_len) == 0	Description
TRUE	evaluated 65 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 28 times by 1 test Evaluated by: libssl.so.1.1

28-65

1602

s->hit = 1;

executed 65 times by 1 test: s->hit = 1;

Executed by:

libssl.so.1.1

1603

}

executed 2856 times by 1 test: end of block

Executed by:

libssl.so.1.1

2856

1604 -

1605

if (s->hit) {

s->hit	Description
TRUE	evaluated 172 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3316 times by 1 test Evaluated by: libssl.so.1.1

172-3316

1606

if (s->sid_ctx_length != s->session->sid_ctx_length

s->sid_ctx_len...sid_ctx_length	Description
TRUE	never evaluated
FALSE	evaluated 172 times by 1 test Evaluated by: libssl.so.1.1

0-172

1607

|| memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {

memcmp(s->sess...id_ctx_length)	Description
TRUE	never evaluated
FALSE	evaluated 172 times by 1 test Evaluated by: libssl.so.1.1

0-172

1608 /* actually a client application bug */ -

1609 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1610 SSL_F_TLS_PROCESS_SERVER_HELLO, -

1611 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); -

1612

goto err;

never executed: goto err;

1613 } -

1614

} else {

executed 172 times by 1 test: end of block

Executed by:

libssl.so.1.1

172

1615 /* -

1616 * If we were trying for session-id reuse but the server -

1617 * didn't resume, make a new SSL_SESSION. -

1618 * In the case of EAP-FAST and PAC, we do not send a session ID, -

1619 * so the PAC-based session secret is always preserved. It'll be -

1620 * overwritten if the server refuses resumption. -

1621 */ -

1622

if (s->session->session_id_length > 0

s->session->se..._id_length > 0	Description
TRUE	evaluated 84 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3232 times by 1 test Evaluated by: libssl.so.1.1

84-3232

1623

|| (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3080 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 152 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2587 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3080

1624

&& s->session->ext.tick_identity

s->session->ex...identity != -1	Description
TRUE	never evaluated
FALSE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1

0-493

1625

!= TLSEXT_PSK_BAD_IDENTITY)) {

s->session->ex...identity != -1	Description
TRUE	never evaluated
FALSE	evaluated 493 times by 1 test Evaluated by: libssl.so.1.1

0-493

1626 tsan_counter(&s->session_ctx->stats.sess_miss); -

1627

if (!ssl_get_new_session(s, 0)) {

!ssl_get_new_session(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 84 times by 1 test Evaluated by: libssl.so.1.1

0-84

1628 /* SSLfatal() already called */ -

1629

goto err;

never executed: goto err;

1630 } -

1631

}

executed 84 times by 1 test: end of block

Executed by:

libssl.so.1.1

1632 -

1633 s->session->ssl_version = s->version; -

1634 /* -

1635 * In TLSv1.2 and below we save the session id we were sent so we can -

1636 * resume it later. In TLSv1.3 the session id we were sent is just an -

1637 * echo of what we originally sent in the ClientHello and should not be -

1638 * used for resumption. -

1639 */ -

1640

if (!SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3150 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 166 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 525 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2625 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 525 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3150

1641 s->session->session_id_length = session_id_len; -

1642 /* session_id_len could be 0 */ -

1643

if (session_id_len > 0)

session_id_len > 0	Description
TRUE	evaluated 951 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1840 times by 1 test Evaluated by: libssl.so.1.1

951-1840

1644

memcpy(s->session->session_id, PACKET_data(&session_id),

executed 951 times by 1 test: memcpy(s->session->session_id, PACKET_data(&session_id), session_id_len);

Executed by:

libssl.so.1.1

951

1645

session_id_len);

executed 951 times by 1 test: memcpy(s->session->session_id, PACKET_data(&session_id), session_id_len);

Executed by:

libssl.so.1.1

951

1646

}

executed 2791 times by 1 test: end of block

Executed by:

libssl.so.1.1

2791

1647

}

executed 3316 times by 1 test: end of block

Executed by:

libssl.so.1.1

3316

1648 -

1649 /* Session version and negotiated protocol version should match */ -

1650

if (s->version != s->session->ssl_version) {

s->version != ...n->ssl_version	Description
TRUE	never evaluated
FALSE	evaluated 3488 times by 1 test Evaluated by: libssl.so.1.1

0-3488

1651 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1652 SSL_R_SSL_SESSION_VERSION_MISMATCH); -

1653

goto err;

never executed: goto err;

1654 } -

1655 /* -

1656 * Now that we know the version, update the check to see if it's an allowed -

1657 * version. -

1658 */ -

1659 s->s3->tmp.min_ver = s->version; -

1660 s->s3->tmp.max_ver = s->version; -

1661 -

1662

if (!set_client_ciphersuite(s, cipherchars)) {

!set_client_ci..., cipherchars)	Description
TRUE	evaluated 61 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3427 times by 1 test Evaluated by: libssl.so.1.1

61-3427

1663 /* SSLfatal() already called */ -

1664

goto err;

executed 61 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1665 } -

1666 -

1667 #ifdef OPENSSL_NO_COMP -

1668 if (compression != 0) { -

1669 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1670 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); -

1671 goto err; -

1672 } -

1673 /* -

1674 * If compression is disabled we'd better not try to resume a session -

1675 * using compression. -

1676 */ -

1677 if (s->session->compress_meth != 0) { -

1678 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1679 SSL_R_INCONSISTENT_COMPRESSION); -

1680 goto err; -

1681 } -

1682 #else -

1683

if (s->hit && compression != s->session->compress_meth) {

s->hit	Description
TRUE	evaluated 171 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3256 times by 1 test Evaluated by: libssl.so.1.1

compression !=...>compress_meth	Description
TRUE	never evaluated
FALSE	evaluated 171 times by 1 test Evaluated by: libssl.so.1.1

0-3256

1684 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1685 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); -

1686

goto err;

never executed: goto err;

1687 } -

1688

if (compression == 0)

compression == 0	Description
TRUE	evaluated 3427 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3427

1689

comp = NULL;

executed 3427 times by 1 test: comp = ((void *)0) ;

Executed by:

libssl.so.1.1

3427

1690

else if (!ssl_allow_compression(s)) {

!ssl_allow_compression(s)	Description
TRUE	never evaluated
FALSE	never evaluated

1691 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1692 SSL_R_COMPRESSION_DISABLED); -

1693

goto err;

never executed: goto err;

1694 } else { -

1695 comp = ssl3_comp_find(s->ctx->comp_methods, compression); -

1696

}

never executed: end of block

1697 -

1698

if (compression != 0 && comp == NULL) {

compression != 0	Description
TRUE	never evaluated
FALSE	evaluated 3427 times by 1 test Evaluated by: libssl.so.1.1

comp == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-3427

1699 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1700 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); -

1701

goto err;

never executed: goto err;

1702 } else { -

1703 s->s3->tmp.new_compression = comp; -

1704

}

executed 3427 times by 1 test: end of block

Executed by:

libssl.so.1.1

3427

1705 #endif -

1706 -

1707

if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, 1)) {

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3402 times by 1 test Evaluated by: libssl.so.1.1

25-3402

1708 /* SSLfatal() already called */ -

1709

goto err;

executed 25 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1710 } -

1711 -

1712 #ifndef OPENSSL_NO_SCTP -

1713 if (SSL_IS_DTLS(s) && s->hit) { -

1714 unsigned char sctpauthkey[64]; -

1715 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; -

1716 -

1717 /* -

1718 * Add new shared key for SCTP-Auth, will be ignored if -

1719 * no SCTP used. -

1720 */ -

1721 memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, -

1722 sizeof(DTLS1_SCTP_AUTH_LABEL)); -

1723 -

1724 if (SSL_export_keying_material(s, sctpauthkey, -

1725 sizeof(sctpauthkey), -

1726 labelbuffer, -

1727 sizeof(labelbuffer), NULL, 0, 0) <= 0) { -

1728 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, -

1729 ERR_R_INTERNAL_ERROR); -

1730 goto err; -

1731 } -

1732 -

1733 BIO_ctrl(SSL_get_wbio(s), -

1734 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, -

1735 sizeof(sctpauthkey), sctpauthkey); -

1736 } -

1737 #endif -

1738 -

1739 /* -

1740 * In TLSv1.3 we have some post-processing to change cipher state, otherwise -

1741 * we're done with this message -

1742 */ -

1743

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3219 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 183 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 617 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2602 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 617 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3219

1744

&& (!s->method->ssl3_enc->setup_key_block(s)

!s->method->ss...p_key_block(s)	Description
TRUE	never evaluated
FALSE	evaluated 617 times by 1 test Evaluated by: libssl.so.1.1

0-617

1745

|| !s->method->ssl3_enc->change_cipher_state(s,

!s->method->ss...(0x010\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 617 times by 1 test Evaluated by: libssl.so.1.1

0-617

1746

SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) {

!s->method->ss...(0x010\|0x001))	Description
TRUE	never evaluated
FALSE	evaluated 617 times by 1 test Evaluated by: libssl.so.1.1

0-617

1747 /* SSLfatal() already called */ -

1748

goto err;

never executed: goto err;

1749 } -

1750 -

1751 OPENSSL_free(extensions); -

1752

return MSG_PROCESS_CONTINUE_READING;

executed 3402 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

3402

1753 err: -

1754 OPENSSL_free(extensions); -

1755

return MSG_PROCESS_ERROR;

executed 508 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

508

1756 } -

1757 -

1758 static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, -

1759 PACKET *extpkt) -

1760 { -

1761 RAW_EXTENSION *extensions = NULL; -

1762 -

1763 /* -

1764 * If we were sending early_data then the enc_write_ctx is now invalid and -

1765 * should not be used. -

1766 */ -

1767 EVP_CIPHER_CTX_free(s->enc_write_ctx); -

1768 s->enc_write_ctx = NULL; -

1769 -

1770

if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 689 times by 1 test Evaluated by: libssl.so.1.1

1-689

1771

&extensions, NULL, 1)

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 689 times by 1 test Evaluated by: libssl.so.1.1

1-689

1772

|| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 680 times by 1 test Evaluated by: libssl.so.1.1

9-680

1773

extensions, NULL, 0, 1)) {

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 680 times by 1 test Evaluated by: libssl.so.1.1

9-680

1774 /* SSLfatal() already called */ -

1775

goto err;

executed 10 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1776 } -

1777 -

1778 OPENSSL_free(extensions); -

1779 extensions = NULL; -

1780 -

1781

if (s->ext.tls13_cookie_len == 0

s->ext.tls13_cookie_len == 0	Description
TRUE	evaluated 540 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 140 times by 1 test Evaluated by: libssl.so.1.1

140-540

1782 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) -

1783

&& s->s3->tmp.pkey != NULL

s->s3->tmp.pkey != ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 538 times by 1 test Evaluated by: libssl.so.1.1

2-538

1784 #endif -

1785 ) { -

1786 /* -

1787 * We didn't receive a cookie or a new key_share so the next -

1788 * ClientHello will not change -

1789 */ -

1790 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1791 SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST, -

1792 SSL_R_NO_CHANGE_FOLLOWING_HRR); -

1793

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1794 } -

1795 -

1796 /* -

1797 * Re-initialise the Transcript Hash. We're going to prepopulate it with -

1798 * a synthetic message_hash in place of ClientHello1. -

1799 */ -

1800

if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {

!create_synthe...void *)0) , 0)	Description
TRUE	never evaluated
FALSE	evaluated 678 times by 1 test Evaluated by: libssl.so.1.1

0-678

1801 /* SSLfatal() already called */ -

1802

goto err;

never executed: goto err;

1803 } -

1804 -

1805 /* -

1806 * Add this message to the Transcript Hash. Normally this is done -

1807 * automatically prior to the message processing stage. However due to the -

1808 * need to create the synthetic message hash, we defer that step until now -

1809 * for HRR messages. -

1810 */ -

1811

if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,

!ssl3_finish_m...>init_num + 4)	Description
TRUE	never evaluated
FALSE	evaluated 678 times by 1 test Evaluated by: libssl.so.1.1

0-678

1812

s->init_num + SSL3_HM_HEADER_LENGTH)) {

!ssl3_finish_m...>init_num + 4)	Description
TRUE	never evaluated
FALSE	evaluated 678 times by 1 test Evaluated by: libssl.so.1.1

0-678

1813 /* SSLfatal() already called */ -

1814

goto err;

never executed: goto err;

1815 } -

1816 -

1817

return MSG_PROCESS_FINISHED_READING;

executed 678 times by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

678

1818 err: -

1819 OPENSSL_free(extensions); -

1820

return MSG_PROCESS_ERROR;

executed 12 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

1821 } -

1822 -

1823 MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) -

1824 { -

1825 int i; -

1826 MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; -

1827 unsigned long cert_list_len, cert_len; -

1828 X509 *x = NULL; -

1829 const unsigned char *certstart, *certbytes; -

1830 STACK_OF(X509) *sk = NULL; -

1831 EVP_PKEY *pkey = NULL; -

1832 size_t chainidx, certidx; -

1833 unsigned int context = 0; -

1834 const SSL_CERT_LOOKUP *clu; -

1835 -

1836

if ((sk = sk_X509_new_null()) == NULL) {

(sk = sk_X509_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3020 times by 1 test Evaluated by: libssl.so.1.1

0-3020

1837 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1838 ERR_R_MALLOC_FAILURE); -

1839

goto err;

never executed: goto err;

1840 } -

1841 -

1842

if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context))

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2881 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 478 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2403 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 478 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!PACKET_get_1(pkt, &context)	Description
TRUE	never evaluated
FALSE	evaluated 478 times by 1 test Evaluated by: libssl.so.1.1

0-2881

1843

|| context != 0

context != 0	Description
TRUE	never evaluated
FALSE	evaluated 3020 times by 1 test Evaluated by: libssl.so.1.1

0-3020

1844

|| !PACKET_get_net_3(pkt, &cert_list_len)

!PACKET_get_ne...cert_list_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3019 times by 1 test Evaluated by: libssl.so.1.1

1-3019

1845

|| PACKET_remaining(pkt) != cert_list_len

PACKET_remaini... cert_list_len	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3018 times by 1 test Evaluated by: libssl.so.1.1

1-3018

1846

|| PACKET_remaining(pkt) == 0) {

PACKET_remaining(pkt) == 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3017 times by 1 test Evaluated by: libssl.so.1.1

1-3017

1847 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1848 SSL_R_LENGTH_MISMATCH); -

1849

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1850 } -

1851

for (chainidx = 0; PACKET_remaining(pkt); chainidx++) {

PACKET_remaining(pkt)	Description
TRUE	evaluated 3806 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2568 times by 1 test Evaluated by: libssl.so.1.1

2568-3806

1852

if (!PACKET_get_net_3(pkt, &cert_len)

!PACKET_get_ne...kt, &cert_len)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3805 times by 1 test Evaluated by: libssl.so.1.1

1-3805

1853

|| !PACKET_get_bytes(pkt, &certbytes, cert_len)) {

!PACKET_get_by...tes, cert_len)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3794 times by 1 test Evaluated by: libssl.so.1.1

11-3794

1854 SSLfatal(s, SSL_AD_DECODE_ERROR, -

1855 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1856 SSL_R_CERT_LENGTH_MISMATCH); -

1857

goto err;

executed 12 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1858 } -

1859 -

1860 certstart = certbytes; -

1861 x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len); -

1862

if (x == NULL) {

x == ((void *)0)	Description
TRUE	evaluated 437 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 3357 times by 1 test Evaluated by: libssl.so.1.1

437-3357

1863 SSLfatal(s, SSL_AD_BAD_CERTIFICATE, -

1864 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); -

1865

goto err;

executed 437 times by 1 test: goto err;

Executed by:

libssl.so.1.1

437

1866 } -

1867

if (certbytes != (certstart + cert_len)) {

certbytes != (...rt + cert_len)	Description
TRUE	never evaluated
FALSE	evaluated 3357 times by 1 test Evaluated by: libssl.so.1.1

0-3357

1868 SSLfatal(s, SSL_AD_DECODE_ERROR, -

1869 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1870 SSL_R_CERT_LENGTH_MISMATCH); -

1871

goto err;

never executed: goto err;

1872 } -

1873 -

1874

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 3178 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 179 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2616 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-3178

1875 RAW_EXTENSION *rawexts = NULL; -

1876 PACKET extensions; -

1877 -

1878

if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {

!PACKET_get_le..., &extensions)	Description
TRUE	never evaluated
FALSE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1

0-562

1879 SSLfatal(s, SSL_AD_DECODE_ERROR, -

1880 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1881 SSL_R_BAD_LENGTH); -

1882

goto err;

never executed: goto err;

1883 } -

1884

if (!tls_collect_extensions(s, &extensions,

!tls_collect_e...chainidx == 0)	Description
TRUE	never evaluated
FALSE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1

0-562

1885

SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,

!tls_collect_e...chainidx == 0)	Description
TRUE	never evaluated
FALSE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1

0-562

1886

NULL, chainidx == 0)

!tls_collect_e...chainidx == 0)	Description
TRUE	never evaluated
FALSE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1

0-562

1887

|| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,

!tls_parse_all...ing(pkt) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1

0-562

1888

rawexts, x, chainidx,

!tls_parse_all...ing(pkt) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1

0-562

1889

PACKET_remaining(pkt) == 0)) {

!tls_parse_all...ing(pkt) == 0)	Description
TRUE	never evaluated
FALSE	evaluated 562 times by 1 test Evaluated by: libssl.so.1.1

0-562

1890 OPENSSL_free(rawexts); -

1891 /* SSLfatal already called */ -

1892

goto err;

never executed: goto err;

1893 } -

1894 OPENSSL_free(rawexts); -

1895

}

executed 562 times by 1 test: end of block

Executed by:

libssl.so.1.1

562

1896 -

1897

if (!sk_X509_push(sk, x)) {

!sk_X509_push(sk, x)	Description
TRUE	never evaluated
FALSE	evaluated 3357 times by 1 test Evaluated by: libssl.so.1.1

0-3357

1898 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

1899 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1900 ERR_R_MALLOC_FAILURE); -

1901

goto err;

never executed: goto err;

1902 } -

1903 x = NULL; -

1904

}

executed 3357 times by 1 test: end of block

Executed by:

libssl.so.1.1

3357

1905 -

1906 i = ssl_verify_cert_chain(s, sk); -

1907 /* -

1908 * The documented interface is that SSL_VERIFY_PEER should be set in order -

1909 * for client side verification of the server certificate to take place. -

1910 * However, historically the code has only checked that *any* flag is set -

1911 * to cause server verification to take place. Use of the other flags makes -

1912 * no sense in client mode. An attempt to clean up the semantics was -

1913 * reverted because at least one application *only* set -

1914 * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused -

1915 * server verification to take place, after the clean up it silently did -

1916 * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags -

1917 * sent to them because they are void functions. Therefore, we now use the -

1918 * (less clean) historic behaviour of performing validation if any flag is -

1919 * set. The *documented* interface remains the same. -

1920 */ -

1921

if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {

s->verify_mode != 0x00	Description
TRUE	evaluated 941 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1627 times by 1 test Evaluated by: libssl.so.1.1

i <= 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 937 times by 1 test Evaluated by: libssl.so.1.1

4-1627

1922 SSLfatal(s, ssl_x509err2alert(s->verify_result), -

1923 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1924 SSL_R_CERTIFICATE_VERIFY_FAILED); -

1925

goto err;

executed 4 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1926 } -

1927 ERR_clear_error(); /* but we keep s->verify_result */ -

1928

if (i > 1) {

i > 1	Description
TRUE	never evaluated
FALSE	evaluated 2564 times by 1 test Evaluated by: libssl.so.1.1

0-2564

1929 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -

1930 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i); -

1931

goto err;

never executed: goto err;

1932 } -

1933 -

1934 s->session->peer_chain = sk; -

1935 /* -

1936 * Inconsistency alert: cert_chain does include the peer's certificate, -

1937 * which we don't include in statem_srvr.c -

1938 */ -

1939 x = sk_X509_value(sk, 0); -

1940 sk = NULL; -

1941 -

1942 pkey = X509_get0_pubkey(x); -

1943 -

1944

if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {

pkey == ((void *)0)	Description
TRUE	evaluated 154 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2410 times by 1 test Evaluated by: libssl.so.1.1

EVP_PKEY_missi...rameters(pkey)	Description
TRUE	never evaluated
FALSE	evaluated 2410 times by 1 test Evaluated by: libssl.so.1.1

0-2410

1945 x = NULL; -

1946 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1947 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); -

1948

goto err;

executed 154 times by 1 test: goto err;

Executed by:

libssl.so.1.1

154

1949 } -

1950 -

1951

if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {

(clu = ssl_cer...== ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2407 times by 1 test Evaluated by: libssl.so.1.1

3-2407

1952 x = NULL; -

1953 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1954 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1955 SSL_R_UNKNOWN_CERTIFICATE_TYPE); -

1956

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1957 } -

1958 /* -

1959 * Check certificate type is consistent with ciphersuite. For TLS 1.3 -

1960 * skip check since TLS 1.3 ciphersuites can be used with any certificate -

1961 * type. -

1962 */ -

1963

if (!SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2268 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1794 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2268

1964

if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) {

(clu->amask & ...thm_auth) == 0	Description
TRUE	evaluated 16 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1917 times by 1 test Evaluated by: libssl.so.1.1

16-1917

1965 x = NULL; -

1966 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, -

1967 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, -

1968 SSL_R_WRONG_CERTIFICATE_TYPE); -

1969

goto err;

executed 16 times by 1 test: goto err;

Executed by:

libssl.so.1.1

1970 } -

1971

}

executed 1917 times by 1 test: end of block

Executed by:

libssl.so.1.1

1917

1972 s->session->peer_type = certidx; -

1973 -

1974 X509_free(s->session->peer); -

1975 X509_up_ref(x); -

1976 s->session->peer = x; -

1977 s->session->verify_result = s->verify_result; -

1978 x = NULL; -

1979 -

1980 /* Save the current hash state for when we receive the CertificateVerify */ -

1981

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 2252 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1778 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-2252

1982

&& !ssl_handshake_hash(s, s->cert_verify_hash,

!ssl_handshake...rify_hash_len)	Description
TRUE	never evaluated
FALSE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1

0-474

1983

sizeof(s->cert_verify_hash),

!ssl_handshake...rify_hash_len)	Description
TRUE	never evaluated
FALSE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1

0-474

1984

&s->cert_verify_hash_len)) {

!ssl_handshake...rify_hash_len)	Description
TRUE	never evaluated
FALSE	evaluated 474 times by 1 test Evaluated by: libssl.so.1.1

0-474

1985 /* SSLfatal() already called */; -

1986

goto err;

never executed: goto err;

1987 } -

1988 -

1989 ret = MSG_PROCESS_CONTINUE_READING; -

1990 -

1991

err:

code before this statement executed 2391 times by 1 test: err:

Executed by:

libssl.so.1.1

2391

1992 X509_free(x); -

1993 sk_X509_pop_free(sk, X509_free); -

1994

return ret;

executed 3020 times by 1 test: return ret;

Executed by:

libssl.so.1.1

3020

1995 } -

1996 -

1997 static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt) -

1998 { -

1999 #ifndef OPENSSL_NO_PSK -

2000 PACKET psk_identity_hint; -

2001 -

2002 /* PSK ciphersuites are preceded by an identity hint */ -

2003 -

2004

if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {

!PACKET_get_le...identity_hint)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2005 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, -

2006 SSL_R_LENGTH_MISMATCH); -

2007

return 0;

never executed: return 0;

2008 } -

2009 -

2010 /* -

2011 * Store PSK identity hint for later use, hint is used in -

2012 * tls_construct_client_key_exchange. Assume that the maximum length of -

2013 * a PSK identity hint can be as long as the maximum length of a PSK -

2014 * identity. -

2015 */ -

2016

if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {

PACKET_remaini...ty_hint) > 128	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2017 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -

2018 SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, -

2019 SSL_R_DATA_LENGTH_TOO_LONG); -

2020

return 0;

never executed: return 0;

2021 } -

2022 -

2023

if (PACKET_remaining(&psk_identity_hint) == 0) {

PACKET_remaini...ity_hint) == 0	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2024 OPENSSL_free(s->session->psk_identity_hint); -

2025 s->session->psk_identity_hint = NULL; -

2026

} else if (!PACKET_strndup(&psk_identity_hint,

never executed: end of block

!PACKET_strndu...identity_hint)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2027

&s->session->psk_identity_hint)) {

!PACKET_strndu...identity_hint)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2028 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, -

2029 ERR_R_INTERNAL_ERROR); -

2030

return 0;

never executed: return 0;

2031 } -

2032 -

2033

return 1;

executed 2 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2034 #else -

2035 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, -

2036 ERR_R_INTERNAL_ERROR); -

2037 return 0; -

2038 #endif -

2039 } -

2040 -

2041 static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) -

2042 { -

2043 #ifndef OPENSSL_NO_SRP -

2044 PACKET prime, generator, salt, server_pub; -

2045 -

2046

if (!PACKET_get_length_prefixed_2(pkt, &prime)

!PACKET_get_le...2(pkt, &prime)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2047

|| !PACKET_get_length_prefixed_2(pkt, &generator)

!PACKET_get_le...t, &generator)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2048

|| !PACKET_get_length_prefixed_1(pkt, &salt)

!PACKET_get_le..._1(pkt, &salt)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2049

|| !PACKET_get_length_prefixed_2(pkt, &server_pub)) {

!PACKET_get_le..., &server_pub)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2050 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_SRP, -

2051 SSL_R_LENGTH_MISMATCH); -

2052

return 0;

never executed: return 0;

2053 } -

2054 -

2055 /* TODO(size_t): Convert BN_bin2bn() calls */ -

2056

if ((s->srp_ctx.N =

(s->srp_ctx.N ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2057

BN_bin2bn(PACKET_data(&prime),

(s->srp_ctx.N ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2058

(int)PACKET_remaining(&prime), NULL)) == NULL

(s->srp_ctx.N ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2059

|| (s->srp_ctx.g =

(s->srp_ctx.g ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2060

BN_bin2bn(PACKET_data(&generator),

(s->srp_ctx.g ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2061

(int)PACKET_remaining(&generator), NULL)) == NULL

(s->srp_ctx.g ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2062

|| (s->srp_ctx.s =

(s->srp_ctx.s ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2063

BN_bin2bn(PACKET_data(&salt),

(s->srp_ctx.s ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2064

(int)PACKET_remaining(&salt), NULL)) == NULL

(s->srp_ctx.s ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2065

|| (s->srp_ctx.B =

(s->srp_ctx.B ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2066

BN_bin2bn(PACKET_data(&server_pub),

(s->srp_ctx.B ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2067

(int)PACKET_remaining(&server_pub), NULL)) == NULL) {

(s->srp_ctx.B ...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2068 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP, -

2069 ERR_R_BN_LIB); -

2070

return 0;

never executed: return 0;

2071 } -

2072 -

2073

if (!srp_verify_server_param(s)) {

!srp_verify_server_param(s)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2074 /* SSLfatal() already called */ -

2075

return 0;

never executed: return 0;

2076 } -

2077 -

2078 /* We must check if there is a certificate */ -

2079

if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))

s->s3->tmp.new...\| 0x00000002U)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

2-8

2080

*pkey = X509_get0_pubkey(s->session->peer);

executed 2 times by 1 test: *pkey = X509_get0_pubkey(s->session->peer);

Executed by:

libssl.so.1.1

2081 -

2082

return 1;

executed 10 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2083 #else -

2084 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP, -

2085 ERR_R_INTERNAL_ERROR); -

2086 return 0; -

2087 #endif -

2088 } -

2089 -

2090 static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) -

2091 { -

2092 #ifndef OPENSSL_NO_DH -

2093 PACKET prime, generator, pub_key; -

2094 EVP_PKEY *peer_tmp = NULL; -

2095 -

2096 DH *dh = NULL; -

2097 BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL; -

2098 -

2099 int check_bits = 0; -

2100 -

2101

if (!PACKET_get_length_prefixed_2(pkt, &prime)

!PACKET_get_le...2(pkt, &prime)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 388 times by 1 test Evaluated by: libssl.so.1.1

2-388

2102

|| !PACKET_get_length_prefixed_2(pkt, &generator)

!PACKET_get_le...t, &generator)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 387 times by 1 test Evaluated by: libssl.so.1.1

1-387

2103

|| !PACKET_get_length_prefixed_2(pkt, &pub_key)) {

!PACKET_get_le...pkt, &pub_key)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

2-385

2104 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, -

2105 SSL_R_LENGTH_MISMATCH); -

2106

return 0;

executed 5 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2107 } -

2108 -

2109 peer_tmp = EVP_PKEY_new(); -

2110 dh = DH_new(); -

2111 -

2112

if (peer_tmp == NULL || dh == NULL) {

peer_tmp == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

dh == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

0-385

2113 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, -

2114 ERR_R_MALLOC_FAILURE); -

2115

goto err;

never executed: goto err;

2116 } -

2117 -

2118 /* TODO(size_t): Convert these calls */ -

2119 p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); -

2120 g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), -

2121 NULL); -

2122 bnpub_key = BN_bin2bn(PACKET_data(&pub_key), -

2123 (int)PACKET_remaining(&pub_key), NULL); -

2124

if (p == NULL || g == NULL || bnpub_key == NULL) {

p == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

g == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

bnpub_key == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

0-385

2125 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, -

2126 ERR_R_BN_LIB); -

2127

goto err;

never executed: goto err;

2128 } -

2129 -

2130 /* test non-zero pubkey */ -

2131

if (BN_is_zero(bnpub_key)) {

BN_is_zero(bnpub_key)	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

0-385

2132 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE, -

2133 SSL_R_BAD_DH_VALUE); -

2134

goto err;

never executed: goto err;

2135 } -

2136 -

2137

if (!DH_set0_pqg(dh, p, NULL, g)) {

!DH_set0_pqg(d...void *)0) , g)	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

0-385

2138 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, -

2139 ERR_R_BN_LIB); -

2140

goto err;

never executed: goto err;

2141 } -

2142 p = g = NULL; -

2143 -

2144

if (DH_check_params(dh, &check_bits) == 0 || check_bits != 0) {

DH_check_param...eck_bits) == 0	Description
TRUE	never evaluated
FALSE	evaluated 385 times by 1 test Evaluated by: libssl.so.1.1

check_bits != 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 376 times by 1 test Evaluated by: libssl.so.1.1

0-385

2145 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE, -

2146 SSL_R_BAD_DH_VALUE); -

2147

goto err;

executed 9 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2148 } -

2149 -

2150

if (!DH_set0_key(dh, bnpub_key, NULL)) {

!DH_set0_key(d... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 376 times by 1 test Evaluated by: libssl.so.1.1

0-376

2151 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, -

2152 ERR_R_BN_LIB); -

2153

goto err;

never executed: goto err;

2154 } -

2155 bnpub_key = NULL; -

2156 -

2157

if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {

!ssl_security(...ts(dh), 0, dh)	Description
TRUE	never evaluated
FALSE	evaluated 376 times by 1 test Evaluated by: libssl.so.1.1

0-376

2158 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, -

2159 SSL_R_DH_KEY_TOO_SMALL); -

2160

goto err;

never executed: goto err;

2161 } -

2162 -

2163

if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {

EVP_PKEY_assig...r *)(dh)) == 0	Description
TRUE	never evaluated
FALSE	evaluated 376 times by 1 test Evaluated by: libssl.so.1.1

0-376

2164 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, -

2165 ERR_R_EVP_LIB); -

2166

goto err;

never executed: goto err;

2167 } -

2168 -

2169 s->s3->peer_tmp = peer_tmp; -

2170 -

2171 /* -

2172 * FIXME: This makes assumptions about which ciphersuites come with -

2173 * public keys. We should have a less ad-hoc way of doing this -

2174 */ -

2175

if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))

s->s3->tmp.new...\| 0x00000002U)	Description
TRUE	evaluated 272 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 104 times by 1 test Evaluated by: libssl.so.1.1

104-272

2176

*pkey = X509_get0_pubkey(s->session->peer);

executed 272 times by 1 test: *pkey = X509_get0_pubkey(s->session->peer);

Executed by:

libssl.so.1.1

272

2177 /* else anonymous DH, so no certificate or pkey. */ -

2178 -

2179

return 1;

executed 376 times by 1 test: return 1;

Executed by:

libssl.so.1.1

376

2180 -

2181 err: -

2182 BN_free(p); -

2183 BN_free(g); -

2184 BN_free(bnpub_key); -

2185 DH_free(dh); -

2186 EVP_PKEY_free(peer_tmp); -

2187 -

2188

return 0;

executed 9 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2189 #else -

2190 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, -

2191 ERR_R_INTERNAL_ERROR); -

2192 return 0; -

2193 #endif -

2194 } -

2195 -

2196 static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) -

2197 { -

2198 #ifndef OPENSSL_NO_EC -

2199 PACKET encoded_pt; -

2200 unsigned int curve_type, curve_id; -

2201 -

2202 /* -

2203 * Extract elliptic curve parameters and the server's ephemeral ECDH -

2204 * public key. We only support named (not generic) curves and -

2205 * ECParameters in this case is just three bytes. -

2206 */ -

2207

if (!PACKET_get_1(pkt, &curve_type) || !PACKET_get_net_2(pkt, &curve_id)) {

!PACKET_get_1(..., &curve_type)	Description
TRUE	never evaluated
FALSE	evaluated 990 times by 1 test Evaluated by: libssl.so.1.1

!PACKET_get_ne...kt, &curve_id)	Description
TRUE	never evaluated
FALSE	evaluated 990 times by 1 test Evaluated by: libssl.so.1.1

0-990

2208 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, -

2209 SSL_R_LENGTH_TOO_SHORT); -

2210

return 0;

never executed: return 0;

2211 } -

2212 /* -

2213 * Check curve is named curve type and one of our preferences, if not -

2214 * server has sent an invalid curve. -

2215 */ -

2216

if (curve_type != NAMED_CURVE_TYPE

curve_type != 3	Description
TRUE	never evaluated
FALSE	evaluated 990 times by 1 test Evaluated by: libssl.so.1.1

0-990

2217

|| !tls1_check_group_id(s, curve_id, 1)) {

!tls1_check_gr..., curve_id, 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 989 times by 1 test Evaluated by: libssl.so.1.1

1-989

2218 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE, -

2219 SSL_R_WRONG_CURVE); -

2220

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

2221 } -

2222 -

2223

if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {

(s->s3->peer_t...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 989 times by 1 test Evaluated by: libssl.so.1.1

0-989

2224 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, -

2225 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); -

2226

return 0;

never executed: return 0;

2227 } -

2228 -

2229

if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {

!PACKET_get_le..., &encoded_pt)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 987 times by 1 test Evaluated by: libssl.so.1.1

2-987

2230 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, -

2231 SSL_R_LENGTH_MISMATCH); -

2232

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2233 } -

2234 -

2235

if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,

!EVP_PKEY_set1...(&encoded_pt))	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 984 times by 1 test Evaluated by: libssl.so.1.1

3-984

2236

PACKET_data(&encoded_pt),

!EVP_PKEY_set1...(&encoded_pt))	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 984 times by 1 test Evaluated by: libssl.so.1.1

3-984

2237

PACKET_remaining(&encoded_pt))) {

!EVP_PKEY_set1...(&encoded_pt))	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 984 times by 1 test Evaluated by: libssl.so.1.1

3-984

2238 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE, -

2239 SSL_R_BAD_ECPOINT); -

2240

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2241 } -

2242 -

2243 /* -

2244 * The ECC/TLS specification does not mention the use of DSA to sign -

2245 * ECParameters in the server key exchange message. We do support RSA -

2246 * and ECDSA. -

2247 */ -

2248

if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)

s->s3->tmp.new... & 0x00000008U	Description
TRUE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 794 times by 1 test Evaluated by: libssl.so.1.1

190-794

2249

*pkey = X509_get0_pubkey(s->session->peer);

executed 190 times by 1 test: *pkey = X509_get0_pubkey(s->session->peer);

Executed by:

libssl.so.1.1

190

2250

else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)

s->s3->tmp.new... & 0x00000001U	Description
TRUE	evaluated 782 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 12 times by 1 test Evaluated by: libssl.so.1.1

12-782

2251

*pkey = X509_get0_pubkey(s->session->peer);

executed 782 times by 1 test: *pkey = X509_get0_pubkey(s->session->peer);

Executed by:

libssl.so.1.1

782

2252 /* else anonymous ECDH, so no certificate or pkey. */ -

2253 -

2254

return 1;

executed 984 times by 1 test: return 1;

Executed by:

libssl.so.1.1

984

2255 #else -

2256 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, -

2257 ERR_R_INTERNAL_ERROR); -

2258 return 0; -

2259 #endif -

2260 } -

2261 -

2262 MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) -

2263 { -

2264 long alg_k; -

2265 EVP_PKEY *pkey = NULL; -

2266 EVP_MD_CTX *md_ctx = NULL; -

2267 EVP_PKEY_CTX *pctx = NULL; -

2268 PACKET save_param_start, signature; -

2269 -

2270 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -

2271 -

2272 save_param_start = *pkt; -

2273 -

2274 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) -

2275 EVP_PKEY_free(s->s3->peer_tmp); -

2276 s->s3->peer_tmp = NULL; -

2277 #endif -

2278 -

2279

if (alg_k & SSL_PSK) {

alg_k & (0x000...\| 0x00000100U)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1388 times by 1 test Evaluated by: libssl.so.1.1

2-1388

2280

if (!tls_process_ske_psk_preamble(s, pkt)) {

!tls_process_s...eamble(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2281 /* SSLfatal() already called */ -

2282

goto err;

never executed: goto err;

2283 } -

2284

}

executed 2 times by 1 test: end of block

Executed by:

libssl.so.1.1

2285 -

2286 /* Nothing else to do for plain PSK or RSAPSK */ -

2287

if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {

alg_k & (0x000...\| 0x00000040U)	Description
TRUE	never evaluated
FALSE	evaluated 1390 times by 1 test Evaluated by: libssl.so.1.1

0-1390

2288

} else if (alg_k & SSL_kSRP) {

never executed: end of block

alg_k & 0x00000020U	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1380 times by 1 test Evaluated by: libssl.so.1.1

0-1380

2289

if (!tls_process_ske_srp(s, pkt, &pkey)) {

!tls_process_s...s, pkt, &pkey)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2290 /* SSLfatal() already called */ -

2291

goto err;

never executed: goto err;

2292 } -

2293

} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & (0x000...\| 0x00000100U)	Description
TRUE	evaluated 390 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 990 times by 1 test Evaluated by: libssl.so.1.1

10-990

2294

if (!tls_process_ske_dhe(s, pkt, &pkey)) {

!tls_process_s...s, pkt, &pkey)	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 376 times by 1 test Evaluated by: libssl.so.1.1

14-376

2295 /* SSLfatal() already called */ -

2296

goto err;

executed 14 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2297 } -

2298

} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {

executed 376 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & (0x000...\| 0x00000080U)	Description
TRUE	evaluated 990 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-990

2299

if (!tls_process_ske_ecdhe(s, pkt, &pkey)) {

!tls_process_s...s, pkt, &pkey)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 984 times by 1 test Evaluated by: libssl.so.1.1

6-984

2300 /* SSLfatal() already called */ -

2301

goto err;

executed 6 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2302 } -

2303

} else if (alg_k) {

executed 984 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k	Description
TRUE	never evaluated
FALSE	never evaluated

0-984

2304 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2305 SSL_R_UNEXPECTED_MESSAGE); -

2306

goto err;

never executed: goto err;

2307 } -

2308 -

2309 /* if it was signed, check the signature */ -

2310

if (pkey != NULL) {

pkey != ((void *)0)	Description
TRUE	evaluated 1246 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 124 times by 1 test Evaluated by: libssl.so.1.1

124-1246

2311 PACKET params; -

2312 int maxsig; -

2313 const EVP_MD *md = NULL; -

2314 unsigned char *tbs; -

2315 size_t tbslen; -

2316 int rv; -

2317 -

2318 /* -

2319 * |pkt| now points to the beginning of the signature, so the difference -

2320 * equals the length of the parameters. -

2321 */ -

2322

if (!PACKET_get_sub_packet(&save_param_start, &params,

!PACKET_get_su...emaining(pkt))	Description
TRUE	never evaluated
FALSE	evaluated 1246 times by 1 test Evaluated by: libssl.so.1.1

0-1246

2323

PACKET_remaining(&save_param_start) -

!PACKET_get_su...emaining(pkt))	Description
TRUE	never evaluated
FALSE	evaluated 1246 times by 1 test Evaluated by: libssl.so.1.1

0-1246

2324

PACKET_remaining(pkt))) {

!PACKET_get_su...emaining(pkt))	Description
TRUE	never evaluated
FALSE	evaluated 1246 times by 1 test Evaluated by: libssl.so.1.1

0-1246

2325 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2326 ERR_R_INTERNAL_ERROR); -

2327

goto err;

never executed: goto err;

2328 } -

2329 -

2330

if (SSL_USE_SIGALGS(s)) {

(s->method->ss...c_flags & 0x2)	Description
TRUE	evaluated 887 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 359 times by 1 test Evaluated by: libssl.so.1.1

359-887

2331 unsigned int sigalg; -

2332 -

2333

if (!PACKET_get_net_2(pkt, &sigalg)) {

!PACKET_get_ne...(pkt, &sigalg)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 886 times by 1 test Evaluated by: libssl.so.1.1

1-886

2334 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2335 SSL_R_LENGTH_TOO_SHORT); -

2336

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

2337 } -

2338

if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) {

tls12_check_pe...alg, pkey) <=0	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 875 times by 1 test Evaluated by: libssl.so.1.1

11-875

2339 /* SSLfatal() already called */ -

2340

goto err;

executed 11 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2341 } -

2342

} else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {

executed 875 times by 1 test: end of block

Executed by:

libssl.so.1.1

!tls1_set_peer...igalg(s, pkey)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 358 times by 1 test Evaluated by: libssl.so.1.1

1-875

2343 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2344 ERR_R_INTERNAL_ERROR); -

2345

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

2346 } -

2347 -

2348

if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {

!tls1_lookup_m...r_sigalg, &md)	Description
TRUE	never evaluated
FALSE	evaluated 1233 times by 1 test Evaluated by: libssl.so.1.1

0-1233

2349 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2350 ERR_R_INTERNAL_ERROR); -

2351

goto err;

never executed: goto err;

2352 } -

2353 #ifdef SSL_DEBUG -

2354 if (SSL_USE_SIGALGS(s)) -

2355 fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); -

2356 #endif -

2357 -

2358

if (!PACKET_get_length_prefixed_2(pkt, &signature)

!PACKET_get_le...t, &signature)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1232 times by 1 test Evaluated by: libssl.so.1.1

1-1232

2359

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1231 times by 1 test Evaluated by: libssl.so.1.1

1-1231

2360 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2361 SSL_R_LENGTH_MISMATCH); -

2362

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2363 } -

2364 maxsig = EVP_PKEY_size(pkey); -

2365

if (maxsig < 0) {

maxsig < 0	Description
TRUE	never evaluated
FALSE	evaluated 1231 times by 1 test Evaluated by: libssl.so.1.1

0-1231

2366 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2367 ERR_R_INTERNAL_ERROR); -

2368

goto err;

never executed: goto err;

2369 } -

2370 -

2371 /* -

2372 * Check signature length -

2373 */ -

2374

if (PACKET_remaining(&signature) > (size_t)maxsig) {

PACKET_remaini...(size_t)maxsig	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1230 times by 1 test Evaluated by: libssl.so.1.1

1-1230

2375 /* wrong packet length */ -

2376 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2377 SSL_R_WRONG_SIGNATURE_LENGTH); -

2378

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

2379 } -

2380 -

2381 md_ctx = EVP_MD_CTX_new(); -

2382

if (md_ctx == NULL) {

md_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1230 times by 1 test Evaluated by: libssl.so.1.1

0-1230

2383 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2384 ERR_R_MALLOC_FAILURE); -

2385

goto err;

never executed: goto err;

2386 } -

2387 -

2388

if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {

EVP_DigestVeri...) , pkey) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 1230 times by 1 test Evaluated by: libssl.so.1.1

0-1230

2389 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2390 ERR_R_EVP_LIB); -

2391

goto err;

never executed: goto err;

2392 } -

2393

if (SSL_USE_PSS(s)) {

s->s3->tmp.pee...!= ((void *)0)	Description
TRUE	evaluated 1230 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->s3->tmp.pee...lg->sig == 912	Description
TRUE	evaluated 447 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 783 times by 1 test Evaluated by: libssl.so.1.1

0-1230

2394

if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 447 times by 1 test Evaluated by: libssl.so.1.1

0-447

2395

|| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 447 times by 1 test Evaluated by: libssl.so.1.1

0-447

2396

RSA_PSS_SALTLEN_DIGEST) <= 0) {

RSA_pkey_ctx_c...id *)0) ) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 447 times by 1 test Evaluated by: libssl.so.1.1

0-447

2397 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2398 SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); -

2399

goto err;

never executed: goto err;

2400 } -

2401

}

executed 447 times by 1 test: end of block

Executed by:

libssl.so.1.1

447

2402 tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(&params), -

2403 PACKET_remaining(&params)); -

2404

if (tbslen == 0) {

tbslen == 0	Description
TRUE	never evaluated
FALSE	evaluated 1230 times by 1 test Evaluated by: libssl.so.1.1

0-1230

2405 /* SSLfatal() already called */ -

2406

goto err;

never executed: goto err;

2407 } -

2408 -

2409 rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature), -

2410 PACKET_remaining(&signature), tbs, tbslen); -

2411 OPENSSL_free(tbs); -

2412

if (rv <= 0) {

rv <= 0	Description
TRUE	evaluated 395 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 835 times by 1 test Evaluated by: libssl.so.1.1

395-835

2413 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2414 SSL_R_BAD_SIGNATURE); -

2415

goto err;

executed 395 times by 1 test: goto err;

Executed by:

libssl.so.1.1

395

2416 } -

2417 EVP_MD_CTX_free(md_ctx); -

2418 md_ctx = NULL; -

2419

} else {

executed 835 times by 1 test: end of block

Executed by:

libssl.so.1.1

835

2420 /* aNULL, aSRP or PSK do not need public keys */ -

2421

if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))

!(s->s3->tmp.n... 0x00000040U))	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 122 times by 1 test Evaluated by: libssl.so.1.1

2-122

2422

&& !(alg_k & SSL_PSK)) {

!(alg_k & (0x0... 0x00000100U))	Description
TRUE	never evaluated
FALSE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1

0-2

2423 /* Might be wrong key type, check it */ -

2424

if (ssl3_check_cert_and_algorithm(s)) {

ssl3_check_cer...d_algorithm(s)	Description
TRUE	never evaluated
FALSE	never evaluated

2425 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2426 SSL_R_BAD_DATA); -

2427

}

never executed: end of block

2428 /* else this shouldn't happen, SSLfatal() already called */ -

2429

goto err;

never executed: goto err;

2430 } -

2431 /* still data left over */ -

2432

if (PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 123 times by 1 test Evaluated by: libssl.so.1.1

1-123

2433 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, -

2434 SSL_R_EXTRA_DATA_IN_MESSAGE); -

2435

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

2436 } -

2437

}

executed 123 times by 1 test: end of block

Executed by:

libssl.so.1.1

123

2438 -

2439

return MSG_PROCESS_CONTINUE_READING;

executed 958 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

958

2440 err: -

2441 EVP_MD_CTX_free(md_ctx); -

2442

return MSG_PROCESS_ERROR;

executed 432 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

432

2443 } -

2444 -

2445 MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) -

2446 { -

2447 size_t i; -

2448 -

2449 /* Clear certificate validity flags */ -

2450

for (i = 0; i < SSL_PKEY_NUM; i++)

i < 9	Description
TRUE	evaluated 1278 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 142 times by 1 test Evaluated by: libssl.so.1.1

142-1278

2451

s->s3->tmp.valid_flags[i] = 0;

executed 1278 times by 1 test: s->s3->tmp.valid_flags[i] = 0;

Executed by:

libssl.so.1.1

1278

2452 -

2453

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 129 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 85 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-129

2454 PACKET reqctx, extensions; -

2455 RAW_EXTENSION *rawexts = NULL; -

2456 -

2457

if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {

(s->shutdown & 1) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

1-43

2458 /* -

2459 * We already sent close_notify. This can only happen in TLSv1.3 -

2460 * post-handshake messages. We can't reasonably respond to this, so -

2461 * we just ignore it -

2462 */ -

2463

return MSG_PROCESS_FINISHED_READING;

executed 1 time by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

2464 } -

2465 -

2466 /* Free and zero certificate types: it is not present in TLS 1.3 */ -

2467 OPENSSL_free(s->s3->tmp.ctype); -

2468 s->s3->tmp.ctype = NULL; -

2469 s->s3->tmp.ctype_len = 0; -

2470 OPENSSL_free(s->pha_context); -

2471 s->pha_context = NULL; -

2472 -

2473

if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||

!PACKET_get_le...(pkt, &reqctx)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2474

!PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {

!PACKET_memdup...a_context_len)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2475 SSLfatal(s, SSL_AD_DECODE_ERROR, -

2476 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2477 SSL_R_LENGTH_MISMATCH); -

2478

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2479 } -

2480 -

2481

if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {

!PACKET_get_le..., &extensions)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2482 SSLfatal(s, SSL_AD_DECODE_ERROR, -

2483 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2484 SSL_R_BAD_LENGTH); -

2485

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2486 } -

2487

if (!tls_collect_extensions(s, &extensions,

!tls_collect_e...void *)0) , 1)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2488

SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,

!tls_collect_e...void *)0) , 1)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2489

&rawexts, NULL, 1)

!tls_collect_e...void *)0) , 1)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2490

|| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2491

rawexts, NULL, 0, 1)) {

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2492 /* SSLfatal() already called */ -

2493 OPENSSL_free(rawexts); -

2494

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2495 } -

2496 OPENSSL_free(rawexts); -

2497

if (!tls1_process_sigalgs(s)) {

!tls1_process_sigalgs(s)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

2498 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2499 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2500 SSL_R_BAD_LENGTH); -

2501

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2502 } -

2503

} else {

executed 43 times by 1 test: end of block

Executed by:

libssl.so.1.1

2504 PACKET ctypes; -

2505 -

2506 /* get the certificate types */ -

2507

if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {

!PACKET_get_le...(pkt, &ctypes)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 97 times by 1 test Evaluated by: libssl.so.1.1

1-97

2508 SSLfatal(s, SSL_AD_DECODE_ERROR, -

2509 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2510 SSL_R_LENGTH_MISMATCH); -

2511

return MSG_PROCESS_ERROR;

executed 1 time by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

2512 } -

2513 -

2514

if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) {

!PACKET_memdup...tmp.ctype_len)	Description
TRUE	never evaluated
FALSE	evaluated 97 times by 1 test Evaluated by: libssl.so.1.1

0-97

2515 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2516 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2517 ERR_R_INTERNAL_ERROR); -

2518

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2519 } -

2520 -

2521

if (SSL_USE_SIGALGS(s)) {

(s->method->ss...c_flags & 0x2)	Description
TRUE	evaluated 80 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1

17-80

2522 PACKET sigalgs; -

2523 -

2524

if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) {

!PACKET_get_le...pkt, &sigalgs)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 78 times by 1 test Evaluated by: libssl.so.1.1

2-78

2525 SSLfatal(s, SSL_AD_DECODE_ERROR, -

2526 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2527 SSL_R_LENGTH_MISMATCH); -

2528

return MSG_PROCESS_ERROR;

executed 2 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

2529 } -

2530 -

2531 /* -

2532 * Despite this being for certificates, preserve compatibility -

2533 * with pre-TLS 1.3 and use the regular sigalgs field. -

2534 */ -

2535

if (!tls1_save_sigalgs(s, &sigalgs, 0)) {

!tls1_save_sig..., &sigalgs, 0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 76 times by 1 test Evaluated by: libssl.so.1.1

2-76

2536 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2537 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2538 SSL_R_SIGNATURE_ALGORITHMS_ERROR); -

2539

return MSG_PROCESS_ERROR;

executed 2 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

2540 } -

2541

if (!tls1_process_sigalgs(s)) {

!tls1_process_sigalgs(s)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: libssl.so.1.1

0-76

2542 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2543 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2544 ERR_R_MALLOC_FAILURE); -

2545

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2546 } -

2547

}

executed 76 times by 1 test: end of block

Executed by:

libssl.so.1.1

2548 -

2549 /* get the CA RDNs */ -

2550

if (!parse_ca_names(s, pkt)) {

!parse_ca_names(s, pkt)	Description
TRUE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

43-50

2551 /* SSLfatal() already called */ -

2552

return MSG_PROCESS_ERROR;

executed 50 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

2553 } -

2554

}

executed 43 times by 1 test: end of block

Executed by:

libssl.so.1.1

2555 -

2556

if (PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1

3-83

2557 SSLfatal(s, SSL_AD_DECODE_ERROR, -

2558 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, -

2559 SSL_R_LENGTH_MISMATCH); -

2560

return MSG_PROCESS_ERROR;

executed 3 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

2561 } -

2562 -

2563 /* we should setup a certificate to return.... */ -

2564 s->s3->tmp.cert_req = 1; -

2565 -

2566

return MSG_PROCESS_CONTINUE_PROCESSING;

executed 83 times by 1 test: return MSG_PROCESS_CONTINUE_PROCESSING;

Executed by:

libssl.so.1.1

2567 } -

2568 -

2569 MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) -

2570 { -

2571 unsigned int ticklen; -

2572 unsigned long ticket_lifetime_hint, age_add = 0; -

2573 unsigned int sess_len; -

2574 RAW_EXTENSION *exts = NULL; -

2575 PACKET nonce; -

2576 -

2577 PACKET_null_init(&nonce); -

2578 -

2579

if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)

!PACKET_get_ne...lifetime_hint)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1872 times by 1 test Evaluated by: libssl.so.1.1

1-1872

2580

|| (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1728 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 781 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1728

2581

&& (!PACKET_get_net_4(pkt, &age_add)

!PACKET_get_ne...pkt, &age_add)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2582

|| !PACKET_get_length_prefixed_1(pkt, &nonce)))

!PACKET_get_le...1(pkt, &nonce)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2583

|| !PACKET_get_net_2(pkt, &ticklen)

!PACKET_get_ne...pkt, &ticklen)	Description
TRUE	never evaluated
FALSE	evaluated 1872 times by 1 test Evaluated by: libssl.so.1.1

0-1872

2584

|| (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen)

((!(s->method-...t) != ticklen)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1871 times by 1 test Evaluated by: libssl.so.1.1

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1728 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 781 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

ticklen == 0	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

PACKET_remaini...pkt) < ticklen	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-1871

2585

: PACKET_remaining(pkt) != ticklen)) {

((!(s->method-...t) != ticklen)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1871 times by 1 test Evaluated by: libssl.so.1.1

1-1871

2586 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, -

2587 SSL_R_LENGTH_MISMATCH); -

2588

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

2589 } -

2590 -

2591 /* -

2592 * Server is allowed to change its mind (in <=TLSv1.2) and send an empty -

2593 * ticket. We already checked this TLSv1.3 case above, so it should never -

2594 * be 0 here in that instance -

2595 */ -

2596

if (ticklen == 0)

ticklen == 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1867 times by 1 test Evaluated by: libssl.so.1.1

4-1867

2597

return MSG_PROCESS_CONTINUE_READING;

executed 4 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

2598 -

2599 /* -

2600 * Sessions must be immutable once they go into the session cache. Otherwise -

2601 * we can get multi-thread problems. Therefore we don't "update" sessions, -

2602 * we replace them with a duplicate. In TLSv1.3 we need to do this every -

2603 * time a NewSessionTicket arrives because those messages arrive -

2604 * post-handshake and the session may have already gone into the session -

2605 * cache. -

2606 */ -

2607

if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1723 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 776 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

s->session->se..._id_length > 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 917 times by 1 test Evaluated by: libssl.so.1.1

0-1723

2608 SSL_SESSION *new_sess; -

2609 -

2610 /* -

2611 * We reused an existing session, so we need to replace it with a new -

2612 * one -

2613 */ -

2614

if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {

(new_sess = ss...sion, 0)) == 0	Description
TRUE	never evaluated
FALSE	evaluated 950 times by 1 test Evaluated by: libssl.so.1.1

0-950

2615 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2616 SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, -

2617 ERR_R_MALLOC_FAILURE); -

2618

goto err;

never executed: goto err;

2619 } -

2620 -

2621

if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0

(s->session_ct...& 0x0001) != 0	Description
TRUE	evaluated 100 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 850 times by 1 test Evaluated by: libssl.so.1.1

100-850

2622

&& !SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 100 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

(s)->method->version >= 0x0304	Description
TRUE	evaluated 99 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 99 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-100

2623 /* -

2624 * In TLSv1.2 and below the arrival of a new tickets signals that -

2625 * any old ticket we were using is now out of date, so we remove the -

2626 * old session from the cache. We carry on if this fails -

2627 */ -

2628 SSL_CTX_remove_session(s->session_ctx, s->session); -

2629

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

2630 -

2631 SSL_SESSION_free(s->session); -

2632 s->session = new_sess; -

2633

}

executed 950 times by 1 test: end of block

Executed by:

libssl.so.1.1

950

2634 -

2635 /* -

2636 * Technically the cast to long here is not guaranteed by the C standard - -

2637 * but we use it elsewhere, so this should be ok. -

2638 */ -

2639 s->session->time = (long)time(NULL); -

2640 -

2641 OPENSSL_free(s->session->ext.tick); -

2642 s->session->ext.tick = NULL; -

2643 s->session->ext.ticklen = 0; -

2644 -

2645 s->session->ext.tick = OPENSSL_malloc(ticklen); -

2646

if (s->session->ext.tick == NULL) {

s->session->ex...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1867 times by 1 test Evaluated by: libssl.so.1.1

0-1867

2647 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, -

2648 ERR_R_MALLOC_FAILURE); -

2649

goto err;

never executed: goto err;

2650 } -

2651

if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) {

!PACKET_copy_b...tick, ticklen)	Description
TRUE	never evaluated
FALSE	evaluated 1867 times by 1 test Evaluated by: libssl.so.1.1

0-1867

2652 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, -

2653 SSL_R_LENGTH_MISMATCH); -

2654

goto err;

never executed: goto err;

2655 } -

2656 -

2657 s->session->ext.tick_lifetime_hint = ticket_lifetime_hint; -

2658 s->session->ext.tick_age_add = age_add; -

2659 s->session->ext.ticklen = ticklen; -

2660 -

2661

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1723 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 776 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1723

2662 PACKET extpkt; -

2663 -

2664

if (!PACKET_as_length_prefixed_2(pkt, &extpkt)

!PACKET_as_len...(pkt, &extpkt)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2665

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2666 SSLfatal(s, SSL_AD_DECODE_ERROR, -

2667 SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, -

2668 SSL_R_LENGTH_MISMATCH); -

2669

goto err;

never executed: goto err;

2670 } -

2671 -

2672

if (!tls_collect_extensions(s, &extpkt,

!tls_collect_e...void *)0) , 1)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2673

SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,

!tls_collect_e...void *)0) , 1)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2674

NULL, 1)

!tls_collect_e...void *)0) , 1)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2675

|| !tls_parse_all_extensions(s,

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2676

SSL_EXT_TLS1_3_NEW_SESSION_TICKET,

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2677

exts, NULL, 0, 1)) {

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2678 /* SSLfatal() already called */ -

2679

goto err;

never executed: goto err;

2680 } -

2681

}

executed 947 times by 1 test: end of block

Executed by:

libssl.so.1.1

947

2682 -

2683 /* -

2684 * There are two ways to detect a resumed ticket session. One is to set -

2685 * an appropriate session ID and then the server must return a match in -

2686 * ServerHello. This allows the normal client session ID matching to work -

2687 * and we know much earlier that the ticket has been accepted. The -

2688 * other way is to set zero length session ID when the ticket is -

2689 * presented and rely on the handshake to determine session resumption. -

2690 * We choose the former approach because this fits in with assumptions -

2691 * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is -

2692 * SHA256 is disabled) hash of the ticket. -

2693 */ -

2694 /* -

2695 * TODO(size_t): we use sess_len here because EVP_Digest expects an int -

2696 * but s->session->session_id_length is a size_t -

2697 */ -

2698

if (!EVP_Digest(s->session->ext.tick, ticklen,

!EVP_Digest(s-... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 1867 times by 1 test Evaluated by: libssl.so.1.1

0-1867

2699

s->session->session_id, &sess_len,

!EVP_Digest(s-... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 1867 times by 1 test Evaluated by: libssl.so.1.1

0-1867

2700

EVP_sha256(), NULL)) {

!EVP_Digest(s-... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 1867 times by 1 test Evaluated by: libssl.so.1.1

0-1867

2701 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, -

2702 ERR_R_EVP_LIB); -

2703

goto err;

never executed: goto err;

2704 } -

2705 s->session->session_id_length = sess_len; -

2706 s->session->not_resumable = 0; -

2707 -

2708 /* This is a standalone message in TLSv1.3, so there is no more to read */ -

2709

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 1723 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 144 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 776 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1723

2710 const EVP_MD *md = ssl_handshake_md(s); -

2711 int hashleni = EVP_MD_size(md); -

2712 size_t hashlen; -

2713 static const unsigned char nonce_label[] = "resumption"; -

2714 -

2715 /* Ensure cast to size_t is safe */ -

2716

if (!ossl_assert(hashleni >= 0)) {

!((hashleni >= 0) != 0)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2717 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2718 SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, -

2719 ERR_R_INTERNAL_ERROR); -

2720

goto err;

never executed: goto err;

2721 } -

2722 hashlen = (size_t)hashleni; -

2723 -

2724

if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2725

nonce_label,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2726

sizeof(nonce_label) - 1,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2727

PACKET_data(&nonce),

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2728

PACKET_remaining(&nonce),

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2729

s->session->master_key,

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2730

hashlen)) {

!tls13_hkdf_ex..._key, hashlen)	Description
TRUE	never evaluated
FALSE	evaluated 947 times by 1 test Evaluated by: libssl.so.1.1

0-947

2731 /* SSLfatal() already called */ -

2732

goto err;

never executed: goto err;

2733 } -

2734 s->session->master_key_length = hashlen; -

2735 -

2736 OPENSSL_free(exts); -

2737 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); -

2738

return MSG_PROCESS_FINISHED_READING;

executed 947 times by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

947

2739 } -

2740 -

2741

return MSG_PROCESS_CONTINUE_READING;

executed 920 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

920

2742 err: -

2743 OPENSSL_free(exts); -

2744

return MSG_PROCESS_ERROR;

executed 2 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

2745 } -

2746 -

2747 /* -

2748 * In TLSv1.3 this is called from the extensions code, otherwise it is used to -

2749 * parse a separate message. Returns 1 on success or 0 on failure -

2750 */ -

2751 int tls_process_cert_status_body(SSL *s, PACKET *pkt) -

2752 { -

2753 size_t resplen; -

2754 unsigned int type; -

2755 -

2756

if (!PACKET_get_1(pkt, &type)

!PACKET_get_1(pkt, &type)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

2757

|| type != TLSEXT_STATUSTYPE_ocsp) {

type != 1	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

2758 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, -

2759 SSL_R_UNSUPPORTED_STATUS_TYPE); -

2760

return 0;

never executed: return 0;

2761 } -

2762

if (!PACKET_get_net_3_len(pkt, &resplen)

!PACKET_get_ne...pkt, &resplen)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

2763

|| PACKET_remaining(pkt) != resplen) {

PACKET_remaini...kt) != resplen	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

2764 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, -

2765 SSL_R_LENGTH_MISMATCH); -

2766

return 0;

never executed: return 0;

2767 } -

2768 s->ext.ocsp.resp = OPENSSL_malloc(resplen); -

2769

if (s->ext.ocsp.resp == NULL) {

s->ext.ocsp.re...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

2770 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, -

2771 ERR_R_MALLOC_FAILURE); -

2772

return 0;

never executed: return 0;

2773 } -

2774

if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {

!PACKET_copy_b...resp, resplen)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

0-11

2775 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, -

2776 SSL_R_LENGTH_MISMATCH); -

2777

return 0;

never executed: return 0;

2778 } -

2779 s->ext.ocsp.resp_len = resplen; -

2780 -

2781

return 1;

executed 11 times by 1 test: return 1;

Executed by:

libssl.so.1.1

2782 } -

2783 -

2784 -

2785 MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) -

2786 { -

2787

if (!tls_process_cert_status_body(s, pkt)) {

!tls_process_c...s_body(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 5 times by 1 test Evaluated by: libssl.so.1.1

0-5

2788 /* SSLfatal() already called */ -

2789

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2790 } -

2791 -

2792

return MSG_PROCESS_CONTINUE_READING;

executed 5 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

2793 } -

2794 -

2795 /* -

2796 * Perform miscellaneous checks and processing after we have received the -

2797 * server's initial flight. In TLS1.3 this is after the Server Finished message. -

2798 * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0 -

2799 * on failure. -

2800 */ -

2801 int tls_process_initial_server_flight(SSL *s) -

2802 { -

2803 /* -

2804 * at this point we check that we have the required stuff from -

2805 * the server -

2806 */ -

2807

if (!ssl3_check_cert_and_algorithm(s)) {

!ssl3_check_ce...d_algorithm(s)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 2002 times by 1 test Evaluated by: libssl.so.1.1

1-2002

2808 /* SSLfatal() already called */ -

2809

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

2810 } -

2811 -

2812 /* -

2813 * Call the ocsp status callback if needed. The |ext.ocsp.resp| and -

2814 * |ext.ocsp.resp_len| values will be set if we actually received a status -

2815 * message, or NULL and -1 otherwise -

2816 */ -

2817

if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing

s->ext.status_type != -1	Description
TRUE	evaluated 22 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1980 times by 1 test Evaluated by: libssl.so.1.1

22-1980

2818

&& s->ctx->ext.status_cb != NULL) {

s->ctx->ext.st...!= ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1

2819 int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); -

2820 -

2821

if (ret == 0) {

ret == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

2-9

2822 SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE, -

2823 SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, -

2824 SSL_R_INVALID_STATUS_RESPONSE); -

2825

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libssl.so.1.1

2826 } -

2827

if (ret < 0) {

ret < 0	Description
TRUE	never evaluated
FALSE	evaluated 9 times by 1 test Evaluated by: libssl.so.1.1

0-9

2828 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

2829 SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, -

2830 ERR_R_MALLOC_FAILURE); -

2831

return 0;

never executed: return 0;

2832 } -

2833

}

executed 9 times by 1 test: end of block

Executed by:

libssl.so.1.1

2834 #ifndef OPENSSL_NO_CT -

2835

if (s->ct_validation_callback != NULL) {

s->ct_validati...!= ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1989 times by 1 test Evaluated by: libssl.so.1.1

11-1989

2836 /* Note we validate the SCTs whether or not we abort on error */ -

2837

if (!ssl_validate_ct(s) && (s->verify_mode & SSL_VERIFY_PEER)) {

!ssl_validate_ct(s)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

(s->verify_mode & 0x01)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-10

2838 /* SSLfatal() already called */ -

2839

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

2840 } -

2841

}

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

2842 #endif -

2843 -

2844

return 1;

executed 1999 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1999

2845 } -

2846 -

2847 MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt) -

2848 { -

2849

if (PACKET_remaining(pkt) > 0) {

PACKET_remaining(pkt) > 0	Description
TRUE	never evaluated
FALSE	evaluated 1428 times by 1 test Evaluated by: libssl.so.1.1

0-1428

2850 /* should contain no data */ -

2851 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE, -

2852 SSL_R_LENGTH_MISMATCH); -

2853

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2854 } -

2855 #ifndef OPENSSL_NO_SRP -

2856

if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {

s->s3->tmp.new... & 0x00000020U	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1418 times by 1 test Evaluated by: libssl.so.1.1

10-1418

2857

if (SRP_Calc_A_param(s) <= 0) {

SRP_Calc_A_param(s) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

2858 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE, -

2859 SSL_R_SRP_A_CALC); -

2860

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

2861 } -

2862

}

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

2863 #endif -

2864 -

2865

if (!tls_process_initial_server_flight(s)) {

!tls_process_i...rver_flight(s)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1426 times by 1 test Evaluated by: libssl.so.1.1

2-1426

2866 /* SSLfatal() already called */ -

2867

return MSG_PROCESS_ERROR;

executed 2 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

2868 } -

2869 -

2870

return MSG_PROCESS_FINISHED_READING;

executed 1426 times by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

1426

2871 } -

2872 -

2873 static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) -

2874 { -

2875 #ifndef OPENSSL_NO_PSK -

2876 int ret = 0; -

2877 /* -

2878 * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a -

2879 * \0-terminated identity. The last byte is for us for simulating -

2880 * strnlen. -

2881 */ -

2882 char identity[PSK_MAX_IDENTITY_LEN + 1]; -

2883 size_t identitylen = 0; -

2884 unsigned char psk[PSK_MAX_PSK_LEN]; -

2885 unsigned char *tmppsk = NULL; -

2886 char *tmpidentity = NULL; -

2887 size_t psklen = 0; -

2888 -

2889

if (s->psk_client_callback == NULL) {

s->psk_client_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2890 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, -

2891 SSL_R_PSK_NO_CLIENT_CB); -

2892

goto err;

never executed: goto err;

2893 } -

2894 -

2895 memset(identity, 0, sizeof(identity)); -

2896 -

2897 psklen = s->psk_client_callback(s, s->session->psk_identity_hint, -

2898 identity, sizeof(identity) - 1, -

2899 psk, sizeof(psk)); -

2900 -

2901

if (psklen > PSK_MAX_PSK_LEN) {

psklen > 256	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2902 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -

2903 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); -

2904

goto err;

never executed: goto err;

2905

} else if (psklen == 0) {

psklen == 0	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2906 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -

2907 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, -

2908 SSL_R_PSK_IDENTITY_NOT_FOUND); -

2909

goto err;

never executed: goto err;

2910 } -

2911 -

2912 identitylen = strlen(identity); -

2913

if (identitylen > PSK_MAX_IDENTITY_LEN) {

identitylen > 128	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2914 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, -

2915 ERR_R_INTERNAL_ERROR); -

2916

goto err;

never executed: goto err;

2917 } -

2918 -

2919 tmppsk = OPENSSL_memdup(psk, psklen); -

2920 tmpidentity = OPENSSL_strdup(identity); -

2921

if (tmppsk == NULL || tmpidentity == NULL) {

tmppsk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

tmpidentity == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2922 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, -

2923 ERR_R_MALLOC_FAILURE); -

2924

goto err;

never executed: goto err;

2925 } -

2926 -

2927 OPENSSL_free(s->s3->tmp.psk); -

2928 s->s3->tmp.psk = tmppsk; -

2929 s->s3->tmp.psklen = psklen; -

2930 tmppsk = NULL; -

2931 OPENSSL_free(s->session->psk_identity); -

2932 s->session->psk_identity = tmpidentity; -

2933 tmpidentity = NULL; -

2934 -

2935

if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) {

!WPACKET_sub_m...entitylen), 2)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

2936 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, -

2937 ERR_R_INTERNAL_ERROR); -

2938

goto err;

never executed: goto err;

2939 } -

2940 -

2941 ret = 1; -

2942 -

2943

err:

code before this statement executed 29 times by 1 test: err:

Executed by:

libssl.so.1.1

2944 OPENSSL_cleanse(psk, psklen); -

2945 OPENSSL_cleanse(identity, sizeof(identity)); -

2946 OPENSSL_clear_free(tmppsk, psklen); -

2947 OPENSSL_clear_free(tmpidentity, identitylen); -

2948 -

2949

return ret;

executed 29 times by 1 test: return ret;

Executed by:

libssl.so.1.1

2950 #else -

2951 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, -

2952 ERR_R_INTERNAL_ERROR); -

2953 return 0; -

2954 #endif -

2955 } -

2956 -

2957 static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) -

2958 { -

2959 #ifndef OPENSSL_NO_RSA -

2960 unsigned char *encdata = NULL; -

2961 EVP_PKEY *pkey = NULL; -

2962 EVP_PKEY_CTX *pctx = NULL; -

2963 size_t enclen; -

2964 unsigned char *pms = NULL; -

2965 size_t pmslen = 0; -

2966 -

2967

if (s->session->peer == NULL) {

s->session->pe...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

0-442

2968 /* -

2969 * We should always have a server certificate with SSL_kRSA. -

2970 */ -

2971 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

2972 ERR_R_INTERNAL_ERROR); -

2973

return 0;

never executed: return 0;

2974 } -

2975 -

2976 pkey = X509_get0_pubkey(s->session->peer); -

2977

if (EVP_PKEY_get0_RSA(pkey) == NULL) {

EVP_PKEY_get0_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

0-442

2978 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

2979 ERR_R_INTERNAL_ERROR); -

2980

return 0;

never executed: return 0;

2981 } -

2982 -

2983 pmslen = SSL_MAX_MASTER_KEY_LENGTH; -

2984 pms = OPENSSL_malloc(pmslen); -

2985

if (pms == NULL) {

pms == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

0-442

2986 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

2987 ERR_R_MALLOC_FAILURE); -

2988

return 0;

never executed: return 0;

2989 } -

2990 -

2991 pms[0] = s->client_version >> 8; -

2992 pms[1] = s->client_version & 0xff; -

2993 /* TODO(size_t): Convert this function */ -

2994

if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {

RAND_bytes(pms...len - 2)) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

0-442

2995 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

2996 ERR_R_MALLOC_FAILURE); -

2997

goto err;

never executed: goto err;

2998 } -

2999 -

3000 /* Fix buf for TLS and beyond */ -

3001

if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {

s->version > 0x0300	Description
TRUE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!WPACKET_start...en__((pkt), 2)	Description
TRUE	never evaluated
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

0-442

3002 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

3003 ERR_R_INTERNAL_ERROR); -

3004

goto err;

never executed: goto err;

3005 } -

3006 pctx = EVP_PKEY_CTX_new(pkey, NULL); -

3007

if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0

pctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

EVP_PKEY_encry...nit(pctx) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

0-442

3008

|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {

EVP_PKEY_encry..., pmslen) <= 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 441 times by 1 test Evaluated by: libssl.so.1.1

1-441

3009 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

3010 ERR_R_EVP_LIB); -

3011

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libssl.so.1.1

3012 } -

3013

if (!WPACKET_allocate_bytes(pkt, enclen, &encdata)

!WPACKET_alloc...len, &encdata)	Description
TRUE	never evaluated
FALSE	evaluated 441 times by 1 test Evaluated by: libssl.so.1.1

0-441

3014

|| EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) {

EVP_PKEY_encry..., pmslen) <= 0	Description
TRUE	evaluated 17 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 424 times by 1 test Evaluated by: libssl.so.1.1

17-424

3015 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

3016 SSL_R_BAD_RSA_ENCRYPT); -

3017

goto err;

executed 17 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3018 } -

3019 EVP_PKEY_CTX_free(pctx); -

3020 pctx = NULL; -

3021 -

3022 /* Fix buf for TLS and beyond */ -

3023

if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {

s->version > 0x0300	Description
TRUE	evaluated 424 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

!WPACKET_close(pkt)	Description
TRUE	never evaluated
FALSE	evaluated 424 times by 1 test Evaluated by: libssl.so.1.1

0-424

3024 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

3025 ERR_R_INTERNAL_ERROR); -

3026

goto err;

never executed: goto err;

3027 } -

3028 -

3029 /* Log the premaster secret, if logging is enabled. */ -

3030

if (!ssl_log_rsa_client_key_exchange(s, encdata, enclen, pms, pmslen)) {

!ssl_log_rsa_c..., pms, pmslen)	Description
TRUE	never evaluated
FALSE	evaluated 424 times by 1 test Evaluated by: libssl.so.1.1

0-424

3031 /* SSLfatal() already called */ -

3032

goto err;

never executed: goto err;

3033 } -

3034 -

3035 s->s3->tmp.pms = pms; -

3036 s->s3->tmp.pmslen = pmslen; -

3037 -

3038

return 1;

executed 424 times by 1 test: return 1;

Executed by:

libssl.so.1.1

424

3039 err: -

3040 OPENSSL_clear_free(pms, pmslen); -

3041 EVP_PKEY_CTX_free(pctx); -

3042 -

3043

return 0;

executed 18 times by 1 test: return 0;

Executed by:

libssl.so.1.1

3044 #else -

3045 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, -

3046 ERR_R_INTERNAL_ERROR); -

3047 return 0; -

3048 #endif -

3049 } -

3050 -

3051 static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) -

3052 { -

3053 #ifndef OPENSSL_NO_DH -

3054 DH *dh_clnt = NULL; -

3055 const BIGNUM *pub_key; -

3056 EVP_PKEY *ckey = NULL, *skey = NULL; -

3057 unsigned char *keybytes = NULL; -

3058 -

3059 skey = s->s3->peer_tmp; -

3060

if (skey == NULL) {

skey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 154 times by 1 test Evaluated by: libssl.so.1.1

0-154

3061 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, -

3062 ERR_R_INTERNAL_ERROR); -

3063

goto err;

never executed: goto err;

3064 } -

3065 -

3066 ckey = ssl_generate_pkey(skey); -

3067

if (ckey == NULL) {

ckey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 154 times by 1 test Evaluated by: libssl.so.1.1

0-154

3068 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, -

3069 ERR_R_INTERNAL_ERROR); -

3070

goto err;

never executed: goto err;

3071 } -

3072 -

3073 dh_clnt = EVP_PKEY_get0_DH(ckey); -

3074 -

3075

if (dh_clnt == NULL) {

dh_clnt == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 154 times by 1 test Evaluated by: libssl.so.1.1

0-154

3076 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, -

3077 ERR_R_INTERNAL_ERROR); -

3078

goto err;

never executed: goto err;

3079 } -

3080 -

3081

if (ssl_derive(s, ckey, skey, 0) == 0) {

ssl_derive(s, ... skey, 0) == 0	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1

15-139

3082 /* SSLfatal() already called */ -

3083

goto err;

executed 15 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3084 } -

3085 -

3086 /* send off the data */ -

3087 DH_get0_key(dh_clnt, &pub_key, NULL); -

3088

if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),

!WPACKET_sub_a...&keybytes), 2)	Description
TRUE	never evaluated
FALSE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1

0-139

3089 &keybytes)) { -

3090 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, -

3091 ERR_R_INTERNAL_ERROR); -

3092

goto err;

never executed: goto err;

3093 } -

3094 -

3095 BN_bn2bin(pub_key, keybytes); -

3096 EVP_PKEY_free(ckey); -

3097 -

3098

return 1;

executed 139 times by 1 test: return 1;

Executed by:

libssl.so.1.1

139

3099 err: -

3100 EVP_PKEY_free(ckey); -

3101

return 0;

executed 15 times by 1 test: return 0;

Executed by:

libssl.so.1.1

3102 #else -

3103 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, -

3104 ERR_R_INTERNAL_ERROR); -

3105 return 0; -

3106 #endif -

3107 } -

3108 -

3109 static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) -

3110 { -

3111 #ifndef OPENSSL_NO_EC -

3112 unsigned char *encodedPoint = NULL; -

3113 size_t encoded_pt_len = 0; -

3114 EVP_PKEY *ckey = NULL, *skey = NULL; -

3115 int ret = 0; -

3116 -

3117 skey = s->s3->peer_tmp; -

3118

if (skey == NULL) {

skey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

3119 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, -

3120 ERR_R_INTERNAL_ERROR); -

3121

return 0;

never executed: return 0;

3122 } -

3123 -

3124 ckey = ssl_generate_pkey(skey); -

3125

if (ckey == NULL) {

ckey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

3126 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, -

3127 ERR_R_MALLOC_FAILURE); -

3128

goto err;

never executed: goto err;

3129 } -

3130 -

3131

if (ssl_derive(s, ckey, skey, 0) == 0) {

ssl_derive(s, ... skey, 0) == 0	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

3132 /* SSLfatal() already called */ -

3133

goto err;

never executed: goto err;

3134 } -

3135 -

3136 /* Generate encoding of client key */ -

3137 encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint); -

3138 -

3139

if (encoded_pt_len == 0) {

encoded_pt_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

3140 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, -

3141 ERR_R_EC_LIB); -

3142

goto err;

never executed: goto err;

3143 } -

3144 -

3145

if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) {

!WPACKET_sub_m...ed_pt_len), 1)	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

3146 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, -

3147 ERR_R_INTERNAL_ERROR); -

3148

goto err;

never executed: goto err;

3149 } -

3150 -

3151 ret = 1; -

3152

err:

code before this statement executed 793 times by 1 test: err:

Executed by:

libssl.so.1.1

793

3153 OPENSSL_free(encodedPoint); -

3154 EVP_PKEY_free(ckey); -

3155

return ret;

executed 793 times by 1 test: return ret;

Executed by:

libssl.so.1.1

793

3156 #else -

3157 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, -

3158 ERR_R_INTERNAL_ERROR); -

3159 return 0; -

3160 #endif -

3161 } -

3162 -

3163 static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) -

3164 { -

3165 #ifndef OPENSSL_NO_GOST -

3166 /* GOST key exchange message creation */ -

3167 EVP_PKEY_CTX *pkey_ctx = NULL; -

3168 X509 *peer_cert; -

3169 size_t msglen; -

3170 unsigned int md_len; -

3171 unsigned char shared_ukm[32], tmp[256]; -

3172 EVP_MD_CTX *ukm_hash = NULL; -

3173 int dgst_nid = NID_id_GostR3411_94; -

3174 unsigned char *pms = NULL; -

3175 size_t pmslen = 0; -

3176 -

3177

if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)

(s->s3->tmp.ne...0000080U) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3178

dgst_nid = NID_id_GostR3411_2012_256;

never executed: dgst_nid = 982;

3179 -

3180 /* -

3181 * Get server certificate PKEY and create ctx from it -

3182 */ -

3183 peer_cert = s->session->peer; -

3184

if (!peer_cert) {

!peer_cert	Description
TRUE	never evaluated
FALSE	never evaluated

3185 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3186 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); -

3187

return 0;

never executed: return 0;

3188 } -

3189 -

3190 pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); -

3191

if (pkey_ctx == NULL) {

pkey_ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3192 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3193 ERR_R_MALLOC_FAILURE); -

3194

return 0;

never executed: return 0;

3195 } -

3196 /* -

3197 * If we have send a certificate, and certificate key -

3198 * parameters match those of server certificate, use -

3199 * certificate key for key exchange -

3200 */ -

3201 -

3202 /* Otherwise, generate ephemeral key pair */ -

3203 pmslen = 32; -

3204 pms = OPENSSL_malloc(pmslen); -

3205

if (pms == NULL) {

pms == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3206 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3207 ERR_R_MALLOC_FAILURE); -

3208

goto err;

never executed: goto err;

3209 } -

3210 -

3211

if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0

EVP_PKEY_encry...pkey_ctx) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3212 /* Generate session key -

3213 * TODO(size_t): Convert this function -

3214 */ -

3215

|| RAND_bytes(pms, (int)pmslen) <= 0) {

RAND_bytes(pms...t)pmslen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3216 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3217 ERR_R_INTERNAL_ERROR); -

3218

goto err;

never executed: goto err;

3219 }; -

3220 /* -

3221 * Compute shared IV and store it in algorithm-specific context -

3222 * data -

3223 */ -

3224 ukm_hash = EVP_MD_CTX_new(); -

3225

if (ukm_hash == NULL

ukm_hash == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

3226

|| EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0

EVP_DigestInit...st_nid))) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3227

|| EVP_DigestUpdate(ukm_hash, s->s3->client_random,

EVP_DigestUpda...ndom, 32) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3228

SSL3_RANDOM_SIZE) <= 0

EVP_DigestUpda...ndom, 32) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3229

|| EVP_DigestUpdate(ukm_hash, s->s3->server_random,

EVP_DigestUpda...ndom, 32) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3230

SSL3_RANDOM_SIZE) <= 0

EVP_DigestUpda...ndom, 32) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3231

|| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {

EVP_DigestFina... &md_len) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3232 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3233 ERR_R_INTERNAL_ERROR); -

3234

goto err;

never executed: goto err;

3235 } -

3236 EVP_MD_CTX_free(ukm_hash); -

3237 ukm_hash = NULL; -

3238

if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,

EVP_PKEY_CTX_c...hared_ukm) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

3239

EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {

EVP_PKEY_CTX_c...hared_ukm) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

3240 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3241 SSL_R_LIBRARY_BUG); -

3242

goto err;

never executed: goto err;

3243 } -

3244 /* Make GOST keytransport blob message */ -

3245 /* -

3246 * Encapsulate it into sequence -

3247 */ -

3248 msglen = 255; -

3249

if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {

EVP_PKEY_encry..., pmslen) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

3250 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3251 SSL_R_LIBRARY_BUG); -

3252

goto err;

never executed: goto err;

3253 } -

3254 -

3255

if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)

!WPACKET_put_b...16 \| 0x20), 1)	Description
TRUE	never evaluated
FALSE	never evaluated

3256

|| (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))

msglen >= 0x80	Description
TRUE	never evaluated
FALSE	never evaluated

!WPACKET_put_b...t), (0x81), 1)	Description
TRUE	never evaluated
FALSE	never evaluated

3257

|| !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {

!WPACKET_sub_m..., (msglen), 1)	Description
TRUE	never evaluated
FALSE	never evaluated

3258 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3259 ERR_R_INTERNAL_ERROR); -

3260

goto err;

never executed: goto err;

3261 } -

3262 -

3263 EVP_PKEY_CTX_free(pkey_ctx); -

3264 s->s3->tmp.pms = pms; -

3265 s->s3->tmp.pmslen = pmslen; -

3266 -

3267

return 1;

never executed: return 1;

3268 err: -

3269 EVP_PKEY_CTX_free(pkey_ctx); -

3270 OPENSSL_clear_free(pms, pmslen); -

3271 EVP_MD_CTX_free(ukm_hash); -

3272

return 0;

never executed: return 0;

3273 #else -

3274 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, -

3275 ERR_R_INTERNAL_ERROR); -

3276 return 0; -

3277 #endif -

3278 } -

3279 -

3280 static int tls_construct_cke_srp(SSL *s, WPACKET *pkt) -

3281 { -

3282 #ifndef OPENSSL_NO_SRP -

3283 unsigned char *abytes = NULL; -

3284 -

3285

if (s->srp_ctx.A == NULL

s->srp_ctx.A == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3286

|| !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A),

!WPACKET_sub_a... (&abytes), 2)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3287 &abytes)) { -

3288 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP, -

3289 ERR_R_INTERNAL_ERROR); -

3290

return 0;

never executed: return 0;

3291 } -

3292 BN_bn2bin(s->srp_ctx.A, abytes); -

3293 -

3294 OPENSSL_free(s->session->srp_username); -

3295 s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); -

3296

if (s->session->srp_username == NULL) {

s->session->sr...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3297 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP, -

3298 ERR_R_MALLOC_FAILURE); -

3299

return 0;

never executed: return 0;

3300 } -

3301 -

3302

return 1;

executed 10 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3303 #else -

3304 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP, -

3305 ERR_R_INTERNAL_ERROR); -

3306 return 0; -

3307 #endif -

3308 } -

3309 -

3310 int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) -

3311 { -

3312 unsigned long alg_k; -

3313 -

3314 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -

3315 -

3316 /* -

3317 * All of the construct functions below call SSLfatal() if necessary so -

3318 * no need to do so here. -

3319 */ -

3320

if ((alg_k & SSL_PSK)

(alg_k & (0x00... 0x00000100U))	Description
TRUE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1397 times by 1 test Evaluated by: libssl.so.1.1

29-1397

3321

&& !tls_construct_cke_psk_preamble(s, pkt))

!tls_construct...eamble(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 29 times by 1 test Evaluated by: libssl.so.1.1

0-29

3322

goto err;

never executed: goto err;

3323 -

3324

if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {

alg_k & (0x000...\| 0x00000040U)	Description
TRUE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 984 times by 1 test Evaluated by: libssl.so.1.1

442-984

3325

if (!tls_construct_cke_rsa(s, pkt))

!tls_construct_cke_rsa(s, pkt)	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 424 times by 1 test Evaluated by: libssl.so.1.1

18-424

3326

goto err;

executed 18 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3327

} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {

executed 424 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & (0x000...\| 0x00000100U)	Description
TRUE	evaluated 154 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 830 times by 1 test Evaluated by: libssl.so.1.1

154-830

3328

if (!tls_construct_cke_dhe(s, pkt))

!tls_construct_cke_dhe(s, pkt)	Description
TRUE	evaluated 15 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 139 times by 1 test Evaluated by: libssl.so.1.1

15-139

3329

goto err;

executed 15 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3330

} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {

executed 139 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & (0x000...\| 0x00000080U)	Description
TRUE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1

37-793

3331

if (!tls_construct_cke_ecdhe(s, pkt))

!tls_construct..._ecdhe(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 793 times by 1 test Evaluated by: libssl.so.1.1

0-793

3332

goto err;

never executed: goto err;

3333

} else if (alg_k & SSL_kGOST) {

executed 793 times by 1 test: end of block

Executed by:

libssl.so.1.1

alg_k & 0x00000010U	Description
TRUE	never evaluated
FALSE	evaluated 37 times by 1 test Evaluated by: libssl.so.1.1

0-793

3334

if (!tls_construct_cke_gost(s, pkt))

!tls_construct...e_gost(s, pkt)	Description
TRUE	never evaluated
FALSE	never evaluated

3335

goto err;

never executed: goto err;

3336

} else if (alg_k & SSL_kSRP) {

never executed: end of block

alg_k & 0x00000020U	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

3337

if (!tls_construct_cke_srp(s, pkt))

!tls_construct_cke_srp(s, pkt)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3338

goto err;

never executed: goto err;

3339

} else if (!(alg_k & SSL_kPSK)) {

executed 10 times by 1 test: end of block

Executed by:

libssl.so.1.1

!(alg_k & 0x00000008U)	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-27

3340 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3341 SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -

3342

goto err;

never executed: goto err;

3343 } -

3344 -

3345

return 1;

executed 1393 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1393

3346 err: -

3347 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); -

3348 s->s3->tmp.pms = NULL; -

3349 #ifndef OPENSSL_NO_PSK -

3350 OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); -

3351 s->s3->tmp.psk = NULL; -

3352 #endif -

3353

return 0;

executed 33 times by 1 test: return 0;

Executed by:

libssl.so.1.1

3354 } -

3355 -

3356 int tls_client_key_exchange_post_work(SSL *s) -

3357 { -

3358 unsigned char *pms = NULL; -

3359 size_t pmslen = 0; -

3360 -

3361 pms = s->s3->tmp.pms; -

3362 pmslen = s->s3->tmp.pmslen; -

3363 -

3364 #ifndef OPENSSL_NO_SRP -

3365 /* Check for SRP */ -

3366

if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {

s->s3->tmp.new... & 0x00000020U	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1383 times by 1 test Evaluated by: libssl.so.1.1

10-1383

3367

if (!srp_generate_client_master_secret(s)) {

!srp_generate_...ster_secret(s)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: libssl.so.1.1

0-10

3368 /* SSLfatal() already called */ -

3369

goto err;

never executed: goto err;

3370 } -

3371

return 1;

executed 10 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3372 } -

3373 #endif -

3374 -

3375

if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {

pms == ((void *)0)	Description
TRUE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1356 times by 1 test Evaluated by: libssl.so.1.1

!(s->s3->tmp.n...& 0x00000008U)	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libssl.so.1.1

0-1356

3376 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3377 SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE); -

3378

goto err;

never executed: goto err;

3379 } -

3380

if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {

!ssl_generate_...ms, pmslen, 1)	Description
TRUE	never evaluated
FALSE	evaluated 1383 times by 1 test Evaluated by: libssl.so.1.1

0-1383

3381 /* SSLfatal() already called */ -

3382 /* ssl_generate_master_secret frees the pms even on error */ -

3383 pms = NULL; -

3384 pmslen = 0; -

3385

goto err;

never executed: goto err;

3386 } -

3387 pms = NULL; -

3388 pmslen = 0; -

3389 -

3390 #ifndef OPENSSL_NO_SCTP -

3391 if (SSL_IS_DTLS(s)) { -

3392 unsigned char sctpauthkey[64]; -

3393 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; -

3394 -

3395 /* -

3396 * Add new shared key for SCTP-Auth, will be ignored if no SCTP -

3397 * used. -

3398 */ -

3399 memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, -

3400 sizeof(DTLS1_SCTP_AUTH_LABEL)); -

3401 -

3402 if (SSL_export_keying_material(s, sctpauthkey, -

3403 sizeof(sctpauthkey), labelbuffer, -

3404 sizeof(labelbuffer), NULL, 0, 0) <= 0) { -

3405 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3406 SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, -

3407 ERR_R_INTERNAL_ERROR); -

3408 goto err; -

3409 } -

3410 -

3411 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, -

3412 sizeof(sctpauthkey), sctpauthkey); -

3413 } -

3414 #endif -

3415 -

3416

return 1;

executed 1383 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1383

3417 err: -

3418 OPENSSL_clear_free(pms, pmslen); -

3419 s->s3->tmp.pms = NULL; -

3420

return 0;

never executed: return 0;

3421 } -

3422 -

3423 /* -

3424 * Check a certificate can be used for client authentication. Currently check -

3425 * cert exists, if we have a suitable digest for TLS 1.2 if static DH client -

3426 * certificates can be used and optionally checks suitability for Suite B. -

3427 */ -

3428 static int ssl3_check_client_certificate(SSL *s) -

3429 { -

3430 /* If no suitable signature algorithm can't use certificate */ -

3431

if (!tls_choose_sigalg(s, 0) || s->s3->tmp.sigalg == NULL)

!tls_choose_sigalg(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1

s->s3->tmp.sig...== ((void *)0)	Description
TRUE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-83

3432

return 0;

executed 40 times by 1 test: return 0;

Executed by:

libssl.so.1.1

3433 /* -

3434 * If strict mode check suitability of chain before using it. This also -

3435 * adjusts suite B digest if necessary. -

3436 */ -

3437

if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&

s->cert->cert_...0\|0x00000001U)	Description
TRUE	never evaluated
FALSE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1

0-43

3438

!tls1_check_chain(s, NULL, NULL, NULL, -2))

!tls1_check_ch...oid *)0) , -2)	Description
TRUE	never evaluated
FALSE	never evaluated

3439

return 0;

never executed: return 0;

3440

return 1;

executed 43 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3441 } -

3442 -

3443 WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) -

3444 { -

3445 X509 *x509 = NULL; -

3446 EVP_PKEY *pkey = NULL; -

3447 int i; -

3448 -

3449

if (wst == WORK_MORE_A) {

wst == WORK_MORE_A	Description
TRUE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-83

3450 /* Let cert callback update client certificates if required */ -

3451

if (s->cert->cert_cb) {

s->cert->cert_cb	Description
TRUE	never evaluated
FALSE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1

0-83

3452 i = s->cert->cert_cb(s, s->cert->cert_cb_arg); -

3453

if (i < 0) {

i < 0	Description
TRUE	never evaluated
FALSE	never evaluated

3454 s->rwstate = SSL_X509_LOOKUP; -

3455

return WORK_MORE_A;

never executed: return WORK_MORE_A;

3456 } -

3457

if (i == 0) {

i == 0	Description
TRUE	never evaluated
FALSE	never evaluated

3458 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3459 SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, -

3460 SSL_R_CALLBACK_FAILED); -

3461

return WORK_ERROR;

never executed: return WORK_ERROR;

3462 } -

3463 s->rwstate = SSL_NOTHING; -

3464

}

never executed: end of block

3465

if (ssl3_check_client_certificate(s)) {

ssl3_check_cli...certificate(s)	Description
TRUE	evaluated 43 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

40-43

3466

if (s->post_handshake_auth == SSL_PHA_REQUESTED) {

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

3-40

3467

return WORK_FINISHED_STOP;

executed 3 times by 1 test: return WORK_FINISHED_STOP;

Executed by:

libssl.so.1.1

3468 } -

3469

return WORK_FINISHED_CONTINUE;

executed 40 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

3470 } -

3471 -

3472 /* Fall through to WORK_MORE_B */ -

3473 wst = WORK_MORE_B; -

3474

}

executed 40 times by 1 test: end of block

Executed by:

libssl.so.1.1

3475 -

3476 /* We need to get a client cert */ -

3477

if (wst == WORK_MORE_B) {

wst == WORK_MORE_B	Description
TRUE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-40

3478 /* -

3479 * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP; -

3480 * return(-1); We then get retied later -

3481 */ -

3482 i = ssl_do_client_cert_cb(s, &x509, &pkey); -

3483

if (i < 0) {

i < 0	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

3484 s->rwstate = SSL_X509_LOOKUP; -

3485

return WORK_MORE_B;

never executed: return WORK_MORE_B;

3486 } -

3487 s->rwstate = SSL_NOTHING; -

3488

if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {

(i == 1)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

(pkey != ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

(x509 != ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

0-40

3489

if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))

!SSL_use_certificate(s, x509)	Description
TRUE	never evaluated
FALSE	never evaluated

!SSL_use_PrivateKey(s, pkey)	Description
TRUE	never evaluated
FALSE	never evaluated

3490

i = 0;

never executed: i = 0;

3491

} else if (i == 1) {

never executed: end of block

i == 1	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

3492 i = 0; -

3493 SSLerr(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, -

3494 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); -

3495

}

never executed: end of block

3496 -

3497 X509_free(x509); -

3498 EVP_PKEY_free(pkey); -

3499

if (i && !ssl3_check_client_certificate(s))

i	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

!ssl3_check_cl...certificate(s)	Description
TRUE	never evaluated
FALSE	never evaluated

0-40

3500

i = 0;

never executed: i = 0;

3501

if (i == 0) {

i == 0	Description
TRUE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-40

3502

if (s->version == SSL3_VERSION) {

s->version == 0x0300	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

3503 s->s3->tmp.cert_req = 0; -

3504 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); -

3505

return WORK_FINISHED_CONTINUE;

never executed: return WORK_FINISHED_CONTINUE;

3506 } else { -

3507 s->s3->tmp.cert_req = 2; -

3508

if (!ssl3_digest_cached_records(s, 0)) {

!ssl3_digest_c..._records(s, 0)	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

3509 /* SSLfatal() already called */ -

3510

return WORK_ERROR;

never executed: return WORK_ERROR;

3511 } -

3512

}

executed 40 times by 1 test: end of block

Executed by:

libssl.so.1.1

3513 } -

3514 -

3515

if (s->post_handshake_auth == SSL_PHA_REQUESTED)

s->post_handsh..._PHA_REQUESTED	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1

19-21

3516

return WORK_FINISHED_STOP;

executed 21 times by 1 test: return WORK_FINISHED_STOP;

Executed by:

libssl.so.1.1

3517

return WORK_FINISHED_CONTINUE;

executed 19 times by 1 test: return WORK_FINISHED_CONTINUE;

Executed by:

libssl.so.1.1

3518 } -

3519 -

3520 /* Shouldn't ever get here */ -

3521 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, -

3522 ERR_R_INTERNAL_ERROR); -

3523

return WORK_ERROR;

never executed: return WORK_ERROR;

3524 } -

3525 -

3526 int tls_construct_client_certificate(SSL *s, WPACKET *pkt) -

3527 { -

3528

if (SSL_IS_TLS13(s)) {

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 70 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-70

3529

if (s->pha_context == NULL) {

s->pha_context == ((void *)0)	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

20-24

3530 /* no context available, add 0-length context */ -

3531

if (!WPACKET_put_bytes_u8(pkt, 0)) {

!WPACKET_put_b...(pkt), (0), 1)	Description
TRUE	never evaluated
FALSE	evaluated 20 times by 1 test Evaluated by: libssl.so.1.1

0-20

3532 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3533 SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); -

3534

return 0;

never executed: return 0;

3535 } -

3536

} else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {

executed 20 times by 1 test: end of block

Executed by:

libssl.so.1.1

!WPACKET_sub_m...ntext_len), 1)	Description
TRUE	never evaluated
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

0-24

3537 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3538 SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); -

3539

return 0;

never executed: return 0;

3540 } -

3541

}

executed 44 times by 1 test: end of block

Executed by:

libssl.so.1.1

3542

if (!ssl3_output_cert_chain(s, pkt,

!ssl3_output_c... s->cert->key)	Description
TRUE	never evaluated
FALSE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1

0-83

3543

(s->s3->tmp.cert_req == 2) ? NULL

!ssl3_output_c... s->cert->key)	Description
TRUE	never evaluated
FALSE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1

0-83

3544

: s->cert->key)) {

!ssl3_output_c... s->cert->key)	Description
TRUE	never evaluated
FALSE	evaluated 83 times by 1 test Evaluated by: libssl.so.1.1

0-83

3545 /* SSLfatal() already called */ -

3546

return 0;

never executed: return 0;

3547 } -

3548 -

3549

if (SSL_IS_TLS13(s)

!(s->method->s...c_flags & 0x8)	Description
TRUE	evaluated 70 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 13 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->version >= 0x0304	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 26 times by 1 test Evaluated by: libssl.so.1.1

(s)->method->v...ion != 0x10000	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-70

3550

&& SSL_IS_FIRST_HANDSHAKE(s)

(s)->s3->tmp.f...sh_md_len == 0	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

(s)->s3->tmp.p...sh_md_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 25 times by 1 test Evaluated by: libssl.so.1.1

0-25

3551

&& (!s->method->ssl3_enc->change_cipher_state(s,

(!s->method->s...0x010\|0x002)))	Description
TRUE	never evaluated
FALSE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1

0-19

3552

SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {

(!s->method->s...0x010\|0x002)))	Description
TRUE	never evaluated
FALSE	evaluated 19 times by 1 test Evaluated by: libssl.so.1.1

0-19

3553 /* -

3554 * This is a fatal error, which leaves enc_write_ctx in an inconsistent -

3555 * state and thus ssl3_send_alert may crash. -

3556 */ -

3557 SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, -

3558 SSL_R_CANNOT_CHANGE_CIPHER); -

3559

return 0;

never executed: return 0;

3560 } -

3561 -

3562

return 1;

executed 83 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3563 } -

3564 -

3565 int ssl3_check_cert_and_algorithm(SSL *s) -

3566 { -

3567 const SSL_CERT_LOOKUP *clu; -

3568 size_t idx; -

3569 long alg_k, alg_a; -

3570 -

3571 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -

3572 alg_a = s->s3->tmp.new_cipher->algorithm_auth; -

3573 -

3574 /* we don't have a certificate */ -

3575

if (!(alg_a & SSL_aCERT))

!(alg_a & (0x0... 0x00000080U))	Description
TRUE	evaluated 725 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1278 times by 1 test Evaluated by: libssl.so.1.1

725-1278

3576

return 1;

executed 725 times by 1 test: return 1;

Executed by:

libssl.so.1.1

725

3577 -

3578 /* This is the passed certificate */ -

3579 clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx); -

3580 -

3581 /* Check certificate is recognised and suitable for cipher */ -

3582

if (clu == NULL || (alg_a & clu->amask) == 0) {

clu == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1278 times by 1 test Evaluated by: libssl.so.1.1

(alg_a & clu->amask) == 0	Description
TRUE	never evaluated
FALSE	evaluated 1278 times by 1 test Evaluated by: libssl.so.1.1

0-1278

3583 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -

3584 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, -

3585 SSL_R_MISSING_SIGNING_CERT); -

3586

return 0;

never executed: return 0;

3587 } -

3588 -

3589 #ifndef OPENSSL_NO_EC -

3590

if (clu->amask & SSL_aECDSA) {

clu->amask & 0x00000008U	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1247 times by 1 test Evaluated by: libssl.so.1.1

31-1247

3591

if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s))

ssl_check_srvr...sion->peer, s)	Description
TRUE	evaluated 31 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-31

3592

return 1;

executed 31 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3593 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -

3594 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); -

3595

return 0;

never executed: return 0;

3596 } -

3597 #endif -

3598 #ifndef OPENSSL_NO_RSA -

3599

if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {

alg_k & (0x000...\| 0x00000040U)	Description
TRUE	evaluated 443 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 804 times by 1 test Evaluated by: libssl.so.1.1

idx != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 442 times by 1 test Evaluated by: libssl.so.1.1

1-804

3600 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -

3601 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, -

3602 SSL_R_MISSING_RSA_ENCRYPTING_CERT); -

3603

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

3604 } -

3605 #endif -

3606 #ifndef OPENSSL_NO_DH -

3607

if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {

(alg_k & 0x00000002U)	Description
TRUE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1196 times by 1 test Evaluated by: libssl.so.1.1

(s->s3->peer_t... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 50 times by 1 test Evaluated by: libssl.so.1.1

0-1196

3608 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, -

3609 ERR_R_INTERNAL_ERROR); -

3610

return 0;

never executed: return 0;

3611 } -

3612 #endif -

3613 -

3614

return 1;

executed 1246 times by 1 test: return 1;

Executed by:

libssl.so.1.1

1246

3615 } -

3616 -

3617 #ifndef OPENSSL_NO_NEXTPROTONEG -

3618 int tls_construct_next_proto(SSL *s, WPACKET *pkt) -

3619 { -

3620 size_t len, padding_len; -

3621 unsigned char *padding = NULL; -

3622 -

3623 len = s->ext.npn_len; -

3624 padding_len = 32 - ((len + 2) % 32); -

3625 -

3626

if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)

!WPACKET_sub_m...pn), (len), 1)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

3627

|| !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {

!WPACKET_sub_a...(&padding), 1)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 1 test Evaluated by: libssl.so.1.1

0-21

3628 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEXT_PROTO, -

3629 ERR_R_INTERNAL_ERROR); -

3630

return 0;

never executed: return 0;

3631 } -

3632 -

3633 memset(padding, 0, padding_len); -

3634 -

3635

return 1;

executed 21 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3636 } -

3637 #endif -

3638 -

3639 MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt) -

3640 { -

3641

if (PACKET_remaining(pkt) > 0) {

PACKET_remaining(pkt) > 0	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libssl.so.1.1

0-8

3642 /* should contain no data */ -

3643 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_HELLO_REQ, -

3644 SSL_R_LENGTH_MISMATCH); -

3645

return MSG_PROCESS_ERROR;

never executed: return MSG_PROCESS_ERROR;

3646 } -

3647 -

3648

if ((s->options & SSL_OP_NO_RENEGOTIATION)) {

(s->options & 0x40000000U)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 7 times by 1 test Evaluated by: libssl.so.1.1

1-7

3649 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); -

3650

return MSG_PROCESS_FINISHED_READING;

executed 1 time by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

3651 } -

3652 -

3653 /* -

3654 * This is a historical discrepancy (not in the RFC) maintained for -

3655 * compatibility reasons. If a TLS client receives a HelloRequest it will -

3656 * attempt an abbreviated handshake. However if a DTLS client receives a -

3657 * HelloRequest it will do a full handshake. Either behaviour is reasonable -

3658 * but doing one for TLS and another for DTLS is odd. -

3659 */ -

3660

if (SSL_IS_DTLS(s))

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4 times by 1 test Evaluated by: libssl.so.1.1

3-4

3661

SSL_renegotiate(s);

executed 3 times by 1 test: SSL_renegotiate(s);

Executed by:

libssl.so.1.1

3662 else -

3663

SSL_renegotiate_abbreviated(s);

executed 4 times by 1 test: SSL_renegotiate_abbreviated(s);

Executed by:

libssl.so.1.1

3664 -

3665

return MSG_PROCESS_FINISHED_READING;

executed 7 times by 1 test: return MSG_PROCESS_FINISHED_READING;

Executed by:

libssl.so.1.1

3666 } -

3667 -

3668 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) -

3669 { -

3670 PACKET extensions; -

3671 RAW_EXTENSION *rawexts = NULL; -

3672 -

3673

if (!PACKET_as_length_prefixed_2(pkt, &extensions)

!PACKET_as_len..., &extensions)	Description
TRUE	never evaluated
FALSE	evaluated 586 times by 1 test Evaluated by: libssl.so.1.1

0-586

3674

|| PACKET_remaining(pkt) != 0) {

PACKET_remaining(pkt) != 0	Description
TRUE	never evaluated
FALSE	evaluated 586 times by 1 test Evaluated by: libssl.so.1.1

0-586

3675 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, -

3676 SSL_R_LENGTH_MISMATCH); -

3677

goto err;

never executed: goto err;

3678 } -

3679 -

3680

if (!tls_collect_extensions(s, &extensions,

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 585 times by 1 test Evaluated by: libssl.so.1.1

1-585

3681

SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts,

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 585 times by 1 test Evaluated by: libssl.so.1.1

1-585

3682

NULL, 1)

!tls_collect_e...void *)0) , 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 585 times by 1 test Evaluated by: libssl.so.1.1

1-585

3683

|| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 584 times by 1 test Evaluated by: libssl.so.1.1

1-584

3684

rawexts, NULL, 0, 1)) {

!tls_parse_all...d *)0) , 0, 1)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 584 times by 1 test Evaluated by: libssl.so.1.1

1-584

3685 /* SSLfatal() already called */ -

3686

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libssl.so.1.1

3687 } -

3688 -

3689 OPENSSL_free(rawexts); -

3690

return MSG_PROCESS_CONTINUE_READING;

executed 584 times by 1 test: return MSG_PROCESS_CONTINUE_READING;

Executed by:

libssl.so.1.1

584

3691 -

3692 err: -

3693 OPENSSL_free(rawexts); -

3694

return MSG_PROCESS_ERROR;

executed 2 times by 1 test: return MSG_PROCESS_ERROR;

Executed by:

libssl.so.1.1

3695 } -

3696 -

3697 int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) -

3698 { -

3699 int i = 0; -

3700 #ifndef OPENSSL_NO_ENGINE -

3701

if (s->ctx->client_cert_engine) {

s->ctx->client_cert_engine	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

3702 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, -

3703 SSL_get_client_CA_list(s), -

3704 px509, ppkey, NULL, NULL, NULL); -

3705

if (i != 0)

i != 0	Description
TRUE	never evaluated
FALSE	never evaluated

3706

return i;

never executed: return i;

3707

}

never executed: end of block

3708 #endif -

3709

if (s->ctx->client_cert_cb)

s->ctx->client_cert_cb	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libssl.so.1.1

0-40

3710

i = s->ctx->client_cert_cb(s, px509, ppkey);

never executed: i = s->ctx->client_cert_cb(s, px509, ppkey);

3711

return i;

executed 40 times by 1 test: return i;

Executed by:

libssl.so.1.1

3712 } -

3713 -

3714 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) -

3715 { -

3716 int i; -

3717 size_t totlen = 0, len, maxlen, maxverok = 0; -

3718 int empty_reneg_info_scsv = !s->renegotiate; -

3719 -

3720 /* Set disabled masks for this session */ -

3721

if (!ssl_set_client_disabled(s)) {

!ssl_set_client_disabled(s)	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

0-4940

3722 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, -

3723 SSL_R_NO_PROTOCOLS_AVAILABLE); -

3724

return 0;

never executed: return 0;

3725 } -

3726 -

3727

if (sk == NULL) {

sk == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

0-4940

3728 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, -

3729 ERR_R_INTERNAL_ERROR); -

3730

return 0;

never executed: return 0;

3731 } -

3732 -

3733 #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH -

3734 # if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 -

3735 # error Max cipher length too short -

3736 # endif -

3737 /* -

3738 * Some servers hang if client hello > 256 bytes as hack workaround -

3739 * chop number of supported ciphers to keep it well below this if we -

3740 * use TLS v1.2 -

3741 */ -

3742 if (TLS1_get_version(s) >= TLS1_2_VERSION) -

3743 maxlen = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; -

3744 else -

3745 #endif -

3746 /* Maximum length that can be stored in 2 bytes. Length must be even */ -

3747 maxlen = 0xfffe; -

3748 -

3749

if (empty_reneg_info_scsv)

empty_reneg_info_scsv	Description
TRUE	evaluated 4916 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

24-4916

3750

maxlen -= 2;

executed 4916 times by 1 test: maxlen -= 2;

Executed by:

libssl.so.1.1

4916

3751

if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)

s->mode & 0x00000080U	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

1-4939

3752

maxlen -= 2;

executed 1 time by 1 test: maxlen -= 2;

Executed by:

libssl.so.1.1

3753 -

3754

for (i = 0; i < sk_SSL_CIPHER_num(sk) && totlen < maxlen; i++) {

i < sk_SSL_CIPHER_num(sk)	Description
TRUE	evaluated 587346 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

totlen < maxlen	Description
TRUE	evaluated 587346 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-587346

3755 const SSL_CIPHER *c; -

3756 -

3757 c = sk_SSL_CIPHER_value(sk, i); -

3758 /* Skip disabled ciphers */ -

3759

if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))

ssl_cipher_dis...(1 << 16)), 0)	Description
TRUE	evaluated 258263 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 329083 times by 1 test Evaluated by: libssl.so.1.1

258263-329083

3760

continue;

executed 258263 times by 1 test: continue;

Executed by:

libssl.so.1.1

258263

3761 -

3762

if (!s->method->put_cipher_by_char(c, pkt, &len)) {

!s->method->pu...(c, pkt, &len)	Description
TRUE	never evaluated
FALSE	evaluated 329083 times by 1 test Evaluated by: libssl.so.1.1

0-329083

3763 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, -

3764 ERR_R_INTERNAL_ERROR); -

3765

return 0;

never executed: return 0;

3766 } -

3767 -

3768 /* Sanity check that the maximum version we offer has ciphers enabled */ -

3769

if (!maxverok) {

!maxverok	Description
TRUE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 324143 times by 1 test Evaluated by: libssl.so.1.1

4940-324143

3770

if (SSL_IS_DTLS(s)) {

(s->method->ss...c_flags & 0x8)	Description
TRUE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4748 times by 1 test Evaluated by: libssl.so.1.1

192-4748

3771

if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver)

((c->max_dtls) == 0x0100)	Description
TRUE	never evaluated
FALSE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1

((s->s3->tmp.m...er) == 0x0100)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

((((c->max_dtl...tmp.max_ver)))	Description
TRUE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-192

3772

&& DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver))

((c->min_dtls) == 0x0100)	Description
TRUE	evaluated 56 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 136 times by 1 test Evaluated by: libssl.so.1.1

((s->s3->tmp.m...er) == 0x0100)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 190 times by 1 test Evaluated by: libssl.so.1.1

((((c->min_dtl...tmp.max_ver)))	Description
TRUE	evaluated 192 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-192

3773

maxverok = 1;

executed 192 times by 1 test: maxverok = 1;

Executed by:

libssl.so.1.1

192

3774

} else {

executed 192 times by 1 test: end of block

Executed by:

libssl.so.1.1

192

3775

if (c->max_tls >= s->s3->tmp.max_ver

c->max_tls >= ...3->tmp.max_ver	Description
TRUE	evaluated 4747 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

1-4747

3776

&& c->min_tls <= s->s3->tmp.max_ver)

c->min_tls <= ...3->tmp.max_ver	Description
TRUE	evaluated 4747 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4747

3777

maxverok = 1;

executed 4747 times by 1 test: maxverok = 1;

Executed by:

libssl.so.1.1

4747

3778

}

executed 4748 times by 1 test: end of block

Executed by:

libssl.so.1.1

4748

3779 } -

3780 -

3781 totlen += len; -

3782

}

executed 329083 times by 1 test: end of block

Executed by:

libssl.so.1.1

329083

3783 -

3784

if (totlen == 0 || !maxverok) {

totlen == 0	Description
TRUE	never evaluated
FALSE	evaluated 4940 times by 1 test Evaluated by: libssl.so.1.1

!maxverok	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1

0-4940

3785 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, -

3786 SSL_R_NO_CIPHERS_AVAILABLE); -

3787 -

3788

if (!maxverok)

!maxverok	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-1

3789

ERR_add_error_data(1, "No ciphers enabled for max supported "

executed 1 time by 1 test: ERR_add_error_data(1, "No ciphers enabled for max supported " "SSL/TLS version");

Executed by:

libssl.so.1.1

3790

"SSL/TLS version");

executed 1 time by 1 test: ERR_add_error_data(1, "No ciphers enabled for max supported " "SSL/TLS version");

Executed by:

libssl.so.1.1

3791 -

3792

return 0;

executed 1 time by 1 test: return 0;

Executed by:

libssl.so.1.1

3793 } -

3794 -

3795

if (totlen != 0) {

totlen != 0	Description
TRUE	evaluated 4939 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-4939

3796

if (empty_reneg_info_scsv) {

empty_reneg_info_scsv	Description
TRUE	evaluated 4915 times by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 24 times by 1 test Evaluated by: libssl.so.1.1

24-4915

3797 static SSL_CIPHER scsv = { -

3798 0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 -

3799 }; -

3800

if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {

!s->method->pu...sv, pkt, &len)	Description
TRUE	never evaluated
FALSE	evaluated 4915 times by 1 test Evaluated by: libssl.so.1.1

0-4915

3801 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3802 SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR); -

3803

return 0;

never executed: return 0;

3804 } -

3805

}

executed 4915 times by 1 test: end of block

Executed by:

libssl.so.1.1

4915

3806

if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {

s->mode & 0x00000080U	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1
FALSE	evaluated 4938 times by 1 test Evaluated by: libssl.so.1.1

1-4938

3807 static SSL_CIPHER scsv = { -

3808 0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 -

3809 }; -

3810

if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {

!s->method->pu...sv, pkt, &len)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libssl.so.1.1

0-1

3811 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3812 SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR); -

3813

return 0;

never executed: return 0;

3814 } -

3815

}

executed 1 time by 1 test: end of block

Executed by:

libssl.so.1.1

3816

}

executed 4939 times by 1 test: end of block

Executed by:

libssl.so.1.1

4939

3817 -

3818

return 1;

executed 4939 times by 1 test: return 1;

Executed by:

libssl.so.1.1

4939

3819 } -

3820 -

3821 int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt) -

3822 { -

3823

if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY

s->early_data_...TA_WRITE_RETRY	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1
FALSE	never evaluated

0-18

3824

&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {

s->early_data_...NISHED_WRITING	Description
TRUE	never evaluated
FALSE	evaluated 18 times by 1 test Evaluated by: libssl.so.1.1

0-18

3825 SSLfatal(s, SSL_AD_INTERNAL_ERROR, -

3826 SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA, -

3827 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -

3828

return 0;

never executed: return 0;

3829 } -

3830 -

3831 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; -

3832

return 1;

executed 18 times by 1 test: return 1;

Executed by:

libssl.so.1.1

3833 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2