| line |
true |
false |
branch |
|
73
|
0 |
1149 |
if (end - c < 2) |
|
86
|
0 |
1149 |
if (ssl->reqMajVer != 0x03 |
|
101
|
7 |
1142 |
if (ssl->majVer != 0) |
|
105
|
0 |
7 |
if (ssl->reqMinVer < ssl->minVer) |
|
141
|
1149 |
0 |
if (compareMaj >= SSL3_MAJ_VER) |
|
145
|
1149 |
0 |
if (compareMin >= TLS_MIN_VER) |
|
152
|
1149 |
0 |
if (compareMin >= TLS_1_1_MIN_VER) |
|
160
|
1149 |
0 |
if (compareMin == TLS_1_2_MIN_VER) |
|
176
|
0 |
1149 |
if (ssl->minVer == 0) |
|
188
|
0 |
0 |
else if (compareMin == 0) |
|
240
|
1149 |
0 |
if (ssl->rec.majVer > SSL2_MAJ_VER) |
|
244
|
0 |
1149 |
if (end - c < SSL_HS_RANDOM_SIZE + 1) |
|
256
|
2 |
1147 |
if (ssl->sessionIdLen > 0) |
|
258
|
2 |
0 |
if (ssl->sessionIdLen > SSL_MAX_SESSION_ID_SIZE || |
|
|
0 |
2 |
if (ssl->sessionIdLen > SSL_MAX_SESSION_ID_SIZE || |
|
353
|
0 |
1149 |
if (end - c < 2) |
|
365
|
1149 |
0 |
if (suiteLen <= 0 || suiteLen & 1) |
|
|
0 |
1149 |
if (suiteLen <= 0 || suiteLen & 1) |
|
374
|
0 |
1149 |
if (end - c < suiteLen) |
|
392
|
19511 |
1149 |
while (c < suiteEnd) |
|
397
|
19414 |
97 |
if (ssl->myVerifyDataLen == 0) |
|
399
|
1142 |
18272 |
if (cipher == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) |
|
410
|
0 |
19511 |
if (cipher == TLS_FALLBACK_SCSV) |
|
412
|
0 |
0 |
if (ssl->reqMinVer < serverHighestMinor) |
|
422
|
0 |
1149 |
if (end - c < 1) |
|
429
|
0 |
1149 |
if ((uint32) (end - c) < compLen) |
|
437
|
1149 |
0 |
for (i = 0; i < compLen; i++) |
|
439
|
1149 |
0 |
if (c[i] == COMPRESSION_METHOD_NULL) |
|
444
|
0 |
1149 |
if (i == compLen) |
|
499
|
0 |
1149 |
if (rc < 0) |
|
513
|
0 |
1149 |
if (c != end) |
|
527
|
2 |
1147 |
if (ssl->sessionIdLen > 0) |
|
533
|
0 |
2 |
if ((ssl->flags & SSL_FLAGS_RESUMED) && (ssl->sid) && |
|
|
0 |
0 |
if ((ssl->flags & SSL_FLAGS_RESUMED) && (ssl->sid) && |
|
|
0 |
0 |
if ((ssl->flags & SSL_FLAGS_RESUMED) && (ssl->sid) && |
|
540
|
2 |
0 |
if (matrixResumeSession(ssl) >= 0) |
|
557
|
0 |
0 |
if (ssl->sid) |
|
559
|
0 |
0 |
if (ssl->sid->sessionTicketState == SESS_TICKET_STATE_INIT) |
|
594
|
2 |
1147 |
if (ssl->flags & SSL_FLAGS_RESUMED) |
|
600
|
32 |
2 |
while (suiteStart < suiteEnd) |
|
602
|
32 |
0 |
if (ssl->rec.majVer > SSL2_MAJ_VER) |
|
613
|
2 |
30 |
if (cipher == ssl->cipher->ident) |
|
618
|
0 |
2 |
if (resumptionOnTrack == 0) |
|
633
|
0 |
1147 |
if (chooseCipherSuite(ssl, suiteStart, suiteLen) < 0) |
|
637
|
0 |
0 |
if (ssl->err != SSL_ALERT_UNRECOGNIZED_NAME) |
|
643
|
0 |
1147 |
if (ssl->cipher->ident == 0) |
|
655
|
2 |
1147 |
if (ssl->flags & SSL_FLAGS_RESUMED) |
|
665
|
1146 |
1 |
if (ssl->flags & SSL_FLAGS_DHE_KEY_EXCH) |
|
669
|
1146 |
0 |
if (ssl->flags & SSL_FLAGS_ECC_CIPHER) |
|
673
|
0 |
1146 |
if (ssl->ecInfo.ecCurveId == 0 && |
|
|
0 |
0 |
if (ssl->ecInfo.ecCurveId == 0 && |
|
683
|
0 |
1146 |
if (getEccParamById(ssl->ecInfo.ecCurveId, &curve) < 0) |
|
687
|
0 |
1146 |
if (psEccNewKey(ssl->hsPool, &ssl->sec.eccKeyPriv, curve) < 0) |
|
692
|
0 |
1146 |
if ((rc = matrixSslGenEphemeralEcKey(ssl->keys, |
|
713
|
0 |
0 |
if ((ssl->sec.dhKeyPriv = psMalloc(ssl->hsPool, |
|
718
|
0 |
0 |
if ((rc = psDhGenKeyInts(ssl->hsPool, ssl->keys->dhParams.size, |
|
738
|
0 |
1147 |
if (ssl->flags & SSL_FLAGS_CLIENT_AUTH) |
|
747
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_ANON_CIPHER) |
|
799
|
0 |
1057 |
if ((int32) (end - c) < hsLen) |
|
809
|
1057 |
0 |
if (ssl->majVer >= TLS_MAJ_VER && ssl->minVer >= TLS_MIN_VER) |
|
|
1057 |
0 |
if (ssl->majVer >= TLS_MAJ_VER && ssl->minVer >= TLS_MIN_VER) |
|
811
|
0 |
1057 |
if (end - c < 2) |
|
818
|
1056 |
1 |
if (ssl->flags & SSL_FLAGS_ECC_CIPHER) |
|
830
|
0 |
1057 |
if ((int32) (end - c) < pubKeyLen) |
|
840
|
1056 |
1 |
if (ssl->flags & SSL_FLAGS_DHE_KEY_EXCH) |
|
842
|
1056 |
0 |
if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER) |
|
|
0 |
1056 |
if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER) |
|
847
|
0 |
0 |
if (!(ssl->flags & SSL_FLAGS_ECC_CIPHER)) |
|
853
|
0 |
0 |
if (end - c < 2) |
|
861
|
0 |
0 |
if ((int32) (end - c) < pubKeyLen) |
|
876
|
0 |
1056 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
880
|
0 |
0 |
if ((uint32) (end - c) < pubKeyLen) |
|
889
|
0 |
0 |
if (ssl->keys && ssl->keys->pskKeys) |
|
|
0 |
0 |
if (ssl->keys && ssl->keys->pskKeys) |
|
893
|
0 |
0 |
else if (ssl->sec.pskCb) |
|
897
|
0 |
0 |
if (pskKey == NULL) |
|
907
|
0 |
0 |
if ((uint32) (end - c) < pubKeyLen) |
|
917
|
1056 |
0 |
if (ssl->flags & SSL_FLAGS_ECC_CIPHER) |
|
919
|
0 |
1056 |
if (psEccNewKey(ssl->hsPool, &ssl->sec.eccKeyPub, |
|
924
|
0 |
1056 |
if (psEccX963ImportKey(ssl->hsPool, c, pubKeyLen, |
|
941
|
0 |
1056 |
if (ssl->sec.premaster == NULL) |
|
945
|
0 |
1056 |
if ((rc = psEccGenSharedSecret(ssl->hsPool, ssl->sec.eccKeyPriv, |
|
961
|
0 |
0 |
if ((ssl->sec.dhKeyPub = psMalloc(ssl->hsPool, sizeof(psDhKey_t))) == NULL) |
|
965
|
0 |
0 |
if (psDhImportPubKey(ssl->hsPool, c, pubKeyLen, |
|
982
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
994
|
0 |
0 |
if (ssl->sec.premaster == NULL) |
|
998
|
0 |
0 |
if ((rc = psDhGenSharedSecret(ssl->hsPool, ssl->sec.dhKeyPriv, |
|
1016
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
1047
|
0 |
1 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
1050
|
0 |
0 |
if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER) |
|
|
0 |
0 |
if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER) |
|
1059
|
0 |
0 |
if (ssl->keys && ssl->keys->pskKeys) |
|
|
0 |
0 |
if (ssl->keys && ssl->keys->pskKeys) |
|
1064
|
0 |
0 |
else if (ssl->sec.pskCb) |
|
1066
|
0 |
0 |
if ((ssl->sec.pskCb)(ssl, c, pubKeyLen, &pskKey, &pskLen) |
|
1074
|
0 |
0 |
if (pskKey == NULL) |
|
1083
|
0 |
0 |
if (ssl->sec.premaster == NULL) |
|
1099
|
1 |
0 |
if (ssl->cipher->type == CS_ECDH_ECDSA || |
|
|
0 |
1 |
if (ssl->cipher->type == CS_ECDH_ECDSA || |
|
1102
|
0 |
0 |
if (ssl->majVer == SSL3_MAJ_VER && |
|
|
0 |
0 |
if (ssl->majVer == SSL3_MAJ_VER && |
|
1110
|
0 |
0 |
if (ssl->keys == NULL) |
|
1115
|
0 |
0 |
if (psEccNewKey(ssl->hsPool, &ssl->sec.eccKeyPub, |
|
1120
|
0 |
0 |
if (psEccX963ImportKey(ssl->hsPool, c, pubKeyLen, |
|
1140
|
0 |
0 |
if (ssl->sec.premaster == NULL) |
|
1144
|
0 |
0 |
if ((rc = psEccGenSharedSecret(ssl->hsPool, |
|
1161
|
0 |
1 |
if (ssl->keys == NULL) |
|
1171
|
0 |
1 |
if (ssl->sec.premaster == NULL) |
|
1195
|
0 |
1 |
if (psGetPrngLocked(R, sizeof(R), ssl->userPtr) < 0) |
|
1224
|
0 |
1 |
if (rc < 0) |
|
1255
|
1057 |
0 |
if (ssl->extFlags.extended_master_secret == 1) |
|
1257
|
0 |
1057 |
if (tlsExtendedDeriveKeys(ssl) < 0) |
|
1264
|
0 |
0 |
if (sslCreateKeys(ssl) < 0) |
|
1287
|
1057 |
0 |
if (!(ssl->flags & SSL_FLAGS_CLIENT_AUTH)) |
|
1316
|
0 |
1057 |
if (ssl->flags & SSL_FLAGS_CLIENT_AUTH) |
|
1351
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
1355
|
0 |
0 |
if ((uint32) (end - c) < 2) |
|
1365
|
0 |
0 |
if (!(ssl->hashSigAlg & hashSigAlg)) |
|
1417
|
0 |
0 |
if ((uint32) (end - c) < 2) |
|
1425
|
0 |
0 |
if ((uint32) (end - c) < pubKeyLen) |
|
1435
|
0 |
0 |
if (ssl->sec.cert->pubKeyAlgorithm == OID_ECDSA_KEY_ALG) |
|
1440
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
1442
|
0 |
0 |
if ((i = psEccDsaVerify(cvpkiPool, |
|
1455
|
0 |
0 |
if ((i = psEccDsaVerify(cvpkiPool, |
|
1479
|
0 |
0 |
if (rc != 1) |
|
1493
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
1495
|
0 |
0 |
if ((i = pubRsaDecryptSignedElement(cvpkiPool, |
|
1505
|
0 |
0 |
if ((i = psRsaDecryptPub(cvpkiPool, &ssl->sec.cert->publicKey.key.rsa, c, |
|
1521
|
0 |
0 |
if (memcmpct(certVerify, hsMsgHash, certVerifyLen) != 0) |
|
1583
|
0 |
1150 |
if (end - c < 2) |
|
1591
|
0 |
1150 |
if (ssl->reqMajVer != ssl->majVer) |
|
1600
|
0 |
1150 |
if (ssl->reqMinVer != ssl->minVer) |
|
1602
|
0 |
0 |
if (ssl->clientRejectVersionDowngrade) |
|
1611
|
0 |
0 |
if (ssl->reqMinVer == SSL3_MIN_VER && ssl->minVer >= TLS_MIN_VER) |
|
|
0 |
0 |
if (ssl->reqMinVer == SSL3_MIN_VER && ssl->minVer >= TLS_MIN_VER) |
|
1640
|
0 |
0 |
if (ssl->reqMinVer < TLS_1_2_MIN_VER && |
|
|
0 |
0 |
if (ssl->reqMinVer < TLS_1_2_MIN_VER && |
|
1644
|
0 |
0 |
if (ssl->reqMinVer == TLS_1_1_MIN_VER) |
|
1658
|
0 |
0 |
if (ssl->reqMinVer == TLS_MIN_VER && |
|
|
0 |
0 |
if (ssl->reqMinVer == TLS_MIN_VER && |
|
1706
|
0 |
1150 |
if (end - c < SSL_HS_RANDOM_SIZE + 1) |
|
1715
|
1150 |
0 |
if (sessionIdLen > SSL_MAX_SESSION_ID_SIZE || |
|
|
0 |
1150 |
if (sessionIdLen > SSL_MAX_SESSION_ID_SIZE || |
|
1724
|
1150 |
0 |
if (sessionIdLen > 0) |
|
1726
|
2 |
1148 |
if (ssl->sessionIdLen > 0) |
|
1728
|
2 |
0 |
if (memcmp(ssl->sessionId, c, sessionIdLen) == 0) |
|
1771
|
0 |
0 |
if (ssl->sessionIdLen > 0) |
|
1784
|
0 |
1150 |
if (end - c < 2) |
|
1795
|
2 |
1148 |
if (ssl->flags & SSL_FLAGS_RESUMED) |
|
1797
|
0 |
2 |
psAssert(ssl->cipher != NULL); |
|
1798
|
0 |
2 |
if (ssl->cipher->ident != cipher) |
|
1807
|
0 |
1148 |
if ((ssl->cipher = sslGetCipherSpec(ssl, cipher)) == NULL) |
|
1819
|
0 |
1150 |
if (end - c < 1) |
|
1825
|
1150 |
0 |
switch (*c) |
|
1877
|
1150 |
0 |
if (c != end && ((int32) hsLen > (c - extData))) |
|
|
1150 |
0 |
if (c != end && ((int32) hsLen > (c - extData))) |
|
1880
|
0 |
1150 |
if (rc < 0) |
|
1889
|
0 |
1150 |
if (ssl->extFlags.req_status_request == 1) |
|
1891
|
0 |
0 |
if (ssl->extFlags.status_request == 0) |
|
1900
|
1150 |
0 |
if (ssl->maxPtFrag & 0x10000 || ssl->extFlags.req_max_fragment_len) |
|
|
0 |
1150 |
if (ssl->maxPtFrag & 0x10000 || ssl->extFlags.req_max_fragment_len) |
|
1913
|
510 |
640 |
if (ssl->sid && |
|
|
0 |
510 |
if (ssl->sid && |
|
1972
|
2 |
1148 |
if (ssl->flags & SSL_FLAGS_RESUMED) |
|
1974
|
0 |
2 |
if (sslCreateKeys(ssl) < 0) |
|
1986
|
0 |
1148 |
if (ssl->flags & SSL_FLAGS_ANON_CIPHER) |
|
1993
|
0 |
1148 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
2040
|
1057 |
0 |
if (ssl->flags & SSL_FLAGS_DHE_KEY_EXCH) |
|
2044
|
0 |
1057 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
2054
|
0 |
0 |
if ((end - c) < 2) |
|
2062
|
0 |
0 |
if (ssl->sec.hintLen > 0) |
|
2064
|
0 |
0 |
if ((unsigned short) (end - c) < ssl->sec.hintLen) |
|
2071
|
0 |
0 |
if (ssl->sec.hint == NULL) |
|
2082
|
1057 |
0 |
if (ssl->flags & SSL_FLAGS_ECC_CIPHER) |
|
2086
|
0 |
1057 |
if ((end - c) < 4) /* ECCurveType, NamedCurve, ECPoint len */ |
|
2098
|
0 |
1057 |
if ((int32) * c != 3) |
|
2112
|
0 |
1057 |
if (getEccParamById(i, &curve) < 0) |
|
2132
|
0 |
1057 |
if ((end - c) < i) |
|
2138
|
0 |
1057 |
if (psEccNewKey(ssl->hsPool, &ssl->sec.eccKeyPub, curve) < 0) |
|
2142
|
0 |
1057 |
if (psEccX963ImportKey(ssl->hsPool, c, i, |
|
2157
|
0 |
0 |
if ((end - c) < 2) |
|
2168
|
0 |
0 |
if ((uint32) (end - c) < ssl->sec.dhPLen) |
|
2175
|
0 |
0 |
if (ssl->sec.dhP == NULL) |
|
2184
|
0 |
0 |
if ((uint32) (end - c) < ssl->sec.dhGLen) |
|
2191
|
0 |
0 |
if (ssl->sec.dhG == NULL) |
|
2201
|
0 |
0 |
if ((uint32) (end - c) < pubDhLen) |
|
2211
|
0 |
0 |
if ((ssl->sec.dhKeyPub = psMalloc(ssl->hsPool, sizeof(psDhKey_t))) == NULL) |
|
2215
|
0 |
0 |
if (psDhImportPubKey(ssl->hsPool, c, pubDhLen, |
|
2234
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
2246
|
0 |
0 |
if (ssl->sec.premaster == NULL) |
|
2251
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_ANON_CIPHER) |
|
2271
|
0 |
1057 |
if ((end - c) < 2) |
|
2280
|
1057 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
2284
|
1057 |
0 |
if ((skeHashSigAlg >> 8) == 0x4) |
|
2288
|
0 |
0 |
else if ((skeHashSigAlg >> 8) == 0x5) |
|
2292
|
0 |
0 |
else if ((skeHashSigAlg >> 8) == 0x6) |
|
2296
|
0 |
0 |
else if ((skeHashSigAlg >> 8) == 0x2) |
|
2311
|
0 |
1057 |
if ((uint32) (end - c) < pubDhLen) |
|
2319
|
1057 |
0 |
if (ssl->flags & SSL_FLAGS_DHE_WITH_RSA) |
|
2329
|
1057 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
2331
|
1057 |
0 |
if (hashSize == SHA256_HASH_SIZE) |
|
2344
|
0 |
0 |
else if (hashSize == SHA384_HASH_SIZE) |
|
2358
|
0 |
0 |
else if (hashSize == SHA512_HASH_SIZE) |
|
2372
|
0 |
0 |
else if (hashSize == SHA1_HASH_SIZE) |
|
2431
|
1057 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
2438
|
0 |
1057 |
if ((i = pubRsaDecryptSignedElement(skepkiPool, |
|
2453
|
0 |
0 |
if ((i = psRsaDecryptPub(skepkiPool, |
|
2476
|
0 |
1057 |
if (memcmpct(sigOut, hsMsgHash, hashSize) != 0) |
|
2485
|
0 |
1057 |
if (ssl->flags & SSL_FLAGS_DHE_WITH_DSA) |
|
2491
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2 && |
|
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2 && |
|
2505
|
0 |
0 |
else if (ssl->flags & SSL_FLAGS_TLS_1_2 && |
|
|
0 |
0 |
else if (ssl->flags & SSL_FLAGS_TLS_1_2 && |
|
2520
|
0 |
0 |
else if (hashSize == SHA512_HASH_SIZE) |
|
2534
|
0 |
0 |
else if (ssl->minVer < TLS_1_2_MIN_VER || |
|
|
0 |
0 |
else if (ssl->minVer < TLS_1_2_MIN_VER || |
|
2538
|
0 |
0 |
((ssl->flags & SSL_FLAGS_TLS_1_2) && |
|
2571
|
0 |
0 |
if ((res = psEccDsaVerify(skepkiPool, |
|
2585
|
0 |
0 |
if (i != 1) |
|
2603
|
0 |
1057 |
if (ssl->flags & SSL_FLAGS_PSK_CIPHER) |
|
2605
|
0 |
0 |
if ((end - c) < 2) |
|
2613
|
0 |
0 |
if ((uint32) (end - c) < ssl->sec.hintLen) |
|
2619
|
0 |
0 |
if (ssl->sec.hintLen > 0) |
|
2622
|
0 |
0 |
if (ssl->sec.hint == NULL) |
|
2662
|
0 |
0 |
if ((end - c) < 4) |
|
2669
|
0 |
0 |
if (*c != 0x1) |
|
2681
|
0 |
0 |
if (responseLen > (end - c)) |
|
2688
|
0 |
0 |
if ((rc = psOcspParseResponse(ssl->hsPool, responseLen, &c, end, &response)) |
|
2703
|
0 |
0 |
if ((rc = psOcspResponseValidateOld(ssl->hsPool, ssl->keys->CAcerts, |
|
2717
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_DHE_KEY_EXCH) |
|
2743
|
0 |
1058 |
if (hsLen != 0) |
|
2751
|
1057 |
1 |
if (ssl->flags & SSL_FLAGS_DHE_KEY_EXCH) |
|
2755
|
1057 |
0 |
if (ssl->flags & SSL_FLAGS_ECC_CIPHER) |
|
2759
|
0 |
1057 |
if (psEccNewKey(ssl->sec.eccDhKeyPool, &ssl->sec.eccKeyPriv, |
|
2764
|
0 |
1057 |
if ((rc = matrixSslGenEphemeralEcKey(ssl->keys, |
|
2782
|
0 |
0 |
if ((ssl->sec.dhKeyPriv = psMalloc(ssl->sec.dhKeyPool, |
|
2787
|
0 |
0 |
if ((rc = psDhGenKey(ssl->sec.dhKeyPool, ssl->sec.dhPLen, |
|
2834
|
0 |
0 |
if (hsLen < 4) |
|
2844
|
0 |
0 |
if (end - c < certTypeLen) |
|
2853
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
2860
|
0 |
0 |
if (end - c < 2) |
|
2868
|
0 |
0 |
if (end - c < certChainLen) |
|
2886
|
0 |
0 |
while (certChainLen >= 2) |
|
2891
|
0 |
0 |
if (ssl->hashSigAlg & i) |
|
2906
|
0 |
0 |
if (ssl->keys == NULL || ssl->keys->cert == NULL) |
|
|
0 |
0 |
if (ssl->keys == NULL || ssl->keys->cert == NULL) |
|
2913
|
0 |
0 |
while (cert) |
|
2915
|
0 |
0 |
if (cert->pubKeyAlgorithm == OID_RSA_KEY_ALG) |
|
2917
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA1_RSA_MASK) && |
|
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA1_RSA_MASK) && |
|
2919
|
0 |
0 |
!(hashSigAlg & HASH_SIG_SHA384_RSA_MASK) && |
|
2921
|
0 |
0 |
!(hashSigAlg & HASH_SIG_SHA256_RSA_MASK) && |
|
2927
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA1_RSA_SIG || |
|
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA1_RSA_SIG || |
|
2930
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA1_RSA_MASK)) |
|
2935
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA256_RSA_SIG) |
|
2937
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA256_RSA_MASK)) |
|
2943
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA384_RSA_SIG) |
|
2945
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA384_RSA_MASK)) |
|
2952
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA512_RSA_SIG) |
|
2954
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA512_RSA_MASK)) |
|
2961
|
0 |
0 |
if (cert->pubKeyAlgorithm == OID_ECDSA_KEY_ALG) |
|
2963
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA1_ECDSA_MASK) && |
|
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA1_ECDSA_MASK) && |
|
2965
|
0 |
0 |
!(hashSigAlg & HASH_SIG_SHA384_ECDSA_MASK) && |
|
2968
|
0 |
0 |
!(hashSigAlg & HASH_SIG_SHA512_ECDSA_MASK) && |
|
2970
|
0 |
0 |
!(hashSigAlg & HASH_SIG_SHA256_ECDSA_MASK) && |
|
2976
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA1_ECDSA_SIG) |
|
2978
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA1_ECDSA_MASK)) |
|
2983
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA256_ECDSA_SIG) |
|
2985
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA256_ECDSA_MASK)) |
|
2991
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA384_ECDSA_SIG) |
|
2993
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA384_ECDSA_MASK)) |
|
3000
|
0 |
0 |
if (cert->sigAlgorithm == OID_SHA512_ECDSA_SIG) |
|
3002
|
0 |
0 |
if (!(hashSigAlg & HASH_SIG_SHA512_ECDSA_MASK)) |
|
3018
|
0 |
0 |
if (end - c >= 2) |
|
3022
|
0 |
0 |
if (end - c < certChainLen) |
|
3038
|
0 |
0 |
if (ssl->keys != NULL && ssl->keys->cert) |
|
|
0 |
0 |
if (ssl->keys != NULL && ssl->keys->cert) |
|
3043
|
0 |
0 |
while (certChainLen > 2) |
|
3047
|
0 |
0 |
if ((uint32) (end - c) < certLen || certLen <= 0 || |
|
|
0 |
0 |
if ((uint32) (end - c) < certLen || certLen <= 0 || |
|
|
0 |
0 |
if ((uint32) (end - c) < certLen || certLen <= 0 || |
|
3059
|
0 |
0 |
if (ssl->keys != NULL && ssl->keys->cert) |
|
|
0 |
0 |
if (ssl->keys != NULL && ssl->keys->cert) |
|
3062
|
0 |
0 |
if (ssl->keys->cert->issuer.dnencLen == certLen) |
|
3064
|
0 |
0 |
if (memcmp(ssl->keys->cert->issuer.dnenc, c, certLen) == 0) |
|
3075
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_TLS_1_2) |
|
3080
|
0 |
0 |
if (sigAlgMatch == 0) |
|
3108
|
0 |
2119 |
psAssert(hsLen <= SHA384_HASH_SIZE); |
|
3116
|
0 |
2119 |
if (!(ssl->flags & SSL_FLAGS_READ_SECURE)) |
|
3128
|
2119 |
0 |
if (ssl->flags & SSL_FLAGS_TLS) |
|
3130
|
0 |
2119 |
if (hsLen != TLS_HS_FINISHED_SIZE) |
|
3140
|
0 |
0 |
if (hsLen != MD5_HASH_SIZE + SHA1_HASH_SIZE) |
|
3149
|
0 |
2119 |
if ((int32) (end - c) < hsLen) |
|
3155
|
0 |
2119 |
if (memcmpct(c, hsMsgHash, hsLen) != 0) |
|
3172
|
1059 |
1060 |
if (ssl->flags & SSL_FLAGS_SERVER) |
|
3174
|
1057 |
2 |
if (!(ssl->flags & SSL_FLAGS_RESUMED)) |
|
3191
|
510 |
550 |
if (ssl->sid && ssl->sid->sessionTicketLen > 0) |
|
|
0 |
510 |
if (ssl->sid && ssl->sid->sessionTicketLen > 0) |
|
3196
|
2 |
1058 |
if (ssl->flags & SSL_FLAGS_RESUMED) |
|
3214
|
2119 |
0 |
if (!(ssl->bFlags & BFLAG_KEEP_PEER_CERTS)) |
|
3216
|
0 |
2119 |
if (ssl->sec.cert) |
|
3308
|
0 |
1148 |
if (end - c < 3) |
|
3317
|
0 |
1148 |
if (certChainLen == 0) |
|
3320
|
0 |
0 |
if (ssl->flags & SSL_FLAGS_SERVER) |
|
3327
|
0 |
0 |
if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER) |
|
|
0 |
0 |
if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER) |
|
3338
|
0 |
1148 |
if (end - c < 3) |
|
3393
|
1149 |
1148 |
while (certChainLen >= 3) |
|
3402
|
1149 |
0 |
if ((uint32) (end - c) < certLen || (int32) certLen > certChainLen) |
|
|
0 |
1149 |
if ((uint32) (end - c) < certLen || (int32) certLen > certChainLen) |
|
3408
|
0 |
1149 |
if (ssl->bFlags & BFLAG_KEEP_PEER_CERT_DER) |
|
3415
|
0 |
1149 |
if ((parseLen = psX509ParseCert(ssl->hsPool, c, certLen, &cert, certFlags)) |
|
3420
|
0 |
0 |
if (parseLen == PS_MEM_FAIL) |
|
3445
|
1148 |
1 |
if (i++ == 0) |
|
3467
|
1148 |
0 |
if (!(ssl->flags & SSL_FLAGS_SERVER)) |
|
3469
|
0 |
1148 |
if (csCheckCertAgainstCipherSuite(ssl->sec.cert->publicKey.type, |
|
3485
|
1148 |
0 |
rc = matrixValidateCertsExt(ssl->hsPool, ssl->sec.cert, |
|
3489
|
0 |
1148 |
if (rc == PS_MEM_FAIL) |
|
3500
|
1149 |
1148 |
while (cert) |
|
3503
|
0 |
1149 |
if (ssl->validateCertsOpts.max_verify_depth > 0) |
|
3510
|
0 |
0 |
if (pathLen > (ssl->validateCertsOpts.max_verify_depth)) |
|
3514
|
0 |
0 |
else if (pathLen == (ssl->validateCertsOpts.max_verify_depth)) |
|
3523
|
0 |
0 |
if (memcmpct(&cert->subject, &cert->issuer, |
|
3530
|
0 |
0 |
if (exceeded) |
|
3539
|
0 |
1149 |
if (ssl->err != SSL_ALERT_NONE) |
|
3558
|
0 |
1146 |
if (cert->authFailFlags & PS_CERT_AUTH_FAIL_DATE_FLAG) |
|
3562
|
0 |
1146 |
else if (cert->authFailFlags & PS_CERT_AUTH_FAIL_SUBJECT_FLAG) |
|
3568
|
0 |
1146 |
else if (cert->next != NULL) |
|
3589
|
0 |
1 |
if (cert->next != NULL) |
|
3614
|
1 |
1147 |
if (ssl->err == SSL_ALERT_NONE && |
|
|
1 |
0 |
if (ssl->err == SSL_ALERT_NONE && |
|
3615
|
0 |
1 |
(ssl->keys == NULL || ssl->keys->CAcerts == NULL)) |
|
3622
|
1 |
1147 |
if (rc < 0) |
|
3627
|
0 |
1 |
if (ssl->sec.validateCert == NULL) |
|
3631
|
0 |
0 |
if (ssl->err == SSL_ALERT_NONE) |
|
3649
|
11 |
1137 |
if (rc == SSL_ALLOW_ANON_CONNECTION) |
|
3653
|
70 |
1067 |
else if (rc > 0) |
|
3661
|
20 |
1047 |
else if (rc < 0) |
|
3670
|
1057 |
1 |
if (ssl->err != SSL_ALERT_NONE) |
|
3680
|
0 |
1058 |
if (ssl->flags & SSL_FLAGS_SERVER) |
|
3688
|
1057 |
1 |
if (ssl->flags & SSL_FLAGS_DHE_KEY_EXCH) |
|
3696
|
1058 |
0 |
if (ssl->extFlags.status_request || ssl->extFlags.status_request_v2) |
|
|
0 |
1058 |
if (ssl->extFlags.status_request || ssl->extFlags.status_request_v2) |