psa_crypto.c:psa_driver_wrapper_free: 97| 16|{ 98| 16|#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 99| | /* Unregister all secure element drivers, so that we restart from 100| | * a pristine state. */ 101| 16| psa_unregister_all_se_drivers( ); 102| 16|#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 103| | 104| |#if defined(PSA_CRYPTO_DRIVER_TEST) 105| | mbedtls_test_transparent_free( ); 106| | mbedtls_test_opaque_free( ); 107| |#endif 108| 16|} psa_crypto.c:psa_driver_wrapper_init: 73| 16|{ 74| 16| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; ------------------ | | 231| 16|#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151) ------------------ 75| | 76| 16|#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 77| 16| status = psa_init_all_se_drivers( ); 78| 16| if( status != PSA_SUCCESS ) ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (78:9): [True: 0, False: 16] ------------------ 79| 0| return( status ); 80| 16|#endif 81| | 82| |#if defined(PSA_CRYPTO_DRIVER_TEST) 83| | status = mbedtls_test_transparent_init( ); 84| | if( status != PSA_SUCCESS ) 85| | return( status ); 86| | 87| | status = mbedtls_test_opaque_init( ); 88| | if( status != PSA_SUCCESS ) 89| | return( status ); 90| |#endif 91| | 92| 16| (void) status; 93| 16| return( PSA_SUCCESS ); ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 94| 16|} mbedtls_ssl_states_str: 108| 32|{ 109| 32| switch (in) { 110| 16| case MBEDTLS_SSL_HELLO_REQUEST: ------------------ | Branch (110:9): [True: 16, False: 16] ------------------ 111| 16| return "MBEDTLS_SSL_HELLO_REQUEST"; 112| 16| case MBEDTLS_SSL_CLIENT_HELLO: ------------------ | Branch (112:9): [True: 16, False: 16] ------------------ 113| 16| return "MBEDTLS_SSL_CLIENT_HELLO"; 114| 0| case MBEDTLS_SSL_SERVER_HELLO: ------------------ | Branch (114:9): [True: 0, False: 32] ------------------ 115| 0| return "MBEDTLS_SSL_SERVER_HELLO"; 116| 0| case MBEDTLS_SSL_SERVER_CERTIFICATE: ------------------ | Branch (116:9): [True: 0, False: 32] ------------------ 117| 0| return "MBEDTLS_SSL_SERVER_CERTIFICATE"; 118| 0| case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: ------------------ | Branch (118:9): [True: 0, False: 32] ------------------ 119| 0| return "MBEDTLS_SSL_SERVER_KEY_EXCHANGE"; 120| 0| case MBEDTLS_SSL_CERTIFICATE_REQUEST: ------------------ | Branch (120:9): [True: 0, False: 32] ------------------ 121| 0| return "MBEDTLS_SSL_CERTIFICATE_REQUEST"; 122| 0| case MBEDTLS_SSL_SERVER_HELLO_DONE: ------------------ | Branch (122:9): [True: 0, False: 32] ------------------ 123| 0| return "MBEDTLS_SSL_SERVER_HELLO_DONE"; 124| 0| case MBEDTLS_SSL_CLIENT_CERTIFICATE: ------------------ | Branch (124:9): [True: 0, False: 32] ------------------ 125| 0| return "MBEDTLS_SSL_CLIENT_CERTIFICATE"; 126| 0| case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: ------------------ | Branch (126:9): [True: 0, False: 32] ------------------ 127| 0| return "MBEDTLS_SSL_CLIENT_KEY_EXCHANGE"; 128| 0| case MBEDTLS_SSL_CERTIFICATE_VERIFY: ------------------ | Branch (128:9): [True: 0, False: 32] ------------------ 129| 0| return "MBEDTLS_SSL_CERTIFICATE_VERIFY"; 130| 0| case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: ------------------ | Branch (130:9): [True: 0, False: 32] ------------------ 131| 0| return "MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC"; 132| 0| case MBEDTLS_SSL_CLIENT_FINISHED: ------------------ | Branch (132:9): [True: 0, False: 32] ------------------ 133| 0| return "MBEDTLS_SSL_CLIENT_FINISHED"; 134| 0| case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: ------------------ | Branch (134:9): [True: 0, False: 32] ------------------ 135| 0| return "MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC"; 136| 0| case MBEDTLS_SSL_SERVER_FINISHED: ------------------ | Branch (136:9): [True: 0, False: 32] ------------------ 137| 0| return "MBEDTLS_SSL_SERVER_FINISHED"; 138| 0| case MBEDTLS_SSL_FLUSH_BUFFERS: ------------------ | Branch (138:9): [True: 0, False: 32] ------------------ 139| 0| return "MBEDTLS_SSL_FLUSH_BUFFERS"; 140| 0| case MBEDTLS_SSL_HANDSHAKE_WRAPUP: ------------------ | Branch (140:9): [True: 0, False: 32] ------------------ 141| 0| return "MBEDTLS_SSL_HANDSHAKE_WRAPUP"; 142| 0| case MBEDTLS_SSL_NEW_SESSION_TICKET: ------------------ | Branch (142:9): [True: 0, False: 32] ------------------ 143| 0| return "MBEDTLS_SSL_NEW_SESSION_TICKET"; 144| 0| case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: ------------------ | Branch (144:9): [True: 0, False: 32] ------------------ 145| 0| return "MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT"; 146| 0| case MBEDTLS_SSL_HELLO_RETRY_REQUEST: ------------------ | Branch (146:9): [True: 0, False: 32] ------------------ 147| 0| return "MBEDTLS_SSL_HELLO_RETRY_REQUEST"; 148| 0| case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: ------------------ | Branch (148:9): [True: 0, False: 32] ------------------ 149| 0| return "MBEDTLS_SSL_ENCRYPTED_EXTENSIONS"; 150| 0| case MBEDTLS_SSL_END_OF_EARLY_DATA: ------------------ | Branch (150:9): [True: 0, False: 32] ------------------ 151| 0| return "MBEDTLS_SSL_END_OF_EARLY_DATA"; 152| 0| case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: ------------------ | Branch (152:9): [True: 0, False: 32] ------------------ 153| 0| return "MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"; 154| 0| case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: ------------------ | Branch (154:9): [True: 0, False: 32] ------------------ 155| 0| return "MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED"; 156| 0| case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: ------------------ | Branch (156:9): [True: 0, False: 32] ------------------ 157| 0| return "MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO"; 158| 0| case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: ------------------ | Branch (158:9): [True: 0, False: 32] ------------------ 159| 0| return "MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO"; 160| 0| case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: ------------------ | Branch (160:9): [True: 0, False: 32] ------------------ 161| 0| return "MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO"; 162| 0| case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: ------------------ | Branch (162:9): [True: 0, False: 32] ------------------ 163| 0| return "MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST"; 164| 0| case MBEDTLS_SSL_HANDSHAKE_OVER: ------------------ | Branch (164:9): [True: 0, False: 32] ------------------ 165| 0| return "MBEDTLS_SSL_HANDSHAKE_OVER"; 166| 0| case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: ------------------ | Branch (166:9): [True: 0, False: 32] ------------------ 167| 0| return "MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET"; 168| 0| case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: ------------------ | Branch (168:9): [True: 0, False: 32] ------------------ 169| 0| return "MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH"; 170| 0| default: ------------------ | Branch (170:9): [True: 0, False: 32] ------------------ 171| 0| return "UNKNOWN_VALUE"; 172| 32| } 173| 32|} ecp.c:mbedtls_ecp_group_a_is_minus_3: 1023| 1|{ 1024| 1| return grp->A.MBEDTLS_PRIVATE(p) == NULL; ------------------ | | 17| 1|#define MBEDTLS_PRIVATE(member) member ------------------ 1025| 1|} pkparse.c:mbedtls_pk_rsa: 1038| 2|{ 1039| 2| switch (mbedtls_pk_get_type(&pk)) { 1040| 2| case MBEDTLS_PK_RSA: ------------------ | Branch (1040:9): [True: 2, False: 0] ------------------ 1041| 2| return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 2|#define MBEDTLS_PRIVATE(member) member ------------------ 1042| 0| default: ------------------ | Branch (1042:9): [True: 0, False: 2] ------------------ 1043| 0| return NULL; 1044| 2| } 1045| 2|} psa_crypto.c:mbedtls_svc_key_id_is_null: 2475| 16|{ 2476| 16| return key == 0; 2477| 16|} mbedtls_aes_init: 493| 48|{ 494| 48| memset(ctx, 0, sizeof(mbedtls_aes_context)); 495| 48|} mbedtls_aes_free: 498| 48|{ 499| 48| if (ctx == NULL) { ------------------ | Branch (499:9): [True: 0, False: 48] ------------------ 500| 0| return; 501| 0| } 502| | 503| 48| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aes_context)); 504| 48|} mbedtls_aes_setkey_enc: 578| 112|{ 579| 112| uint32_t *RK; 580| | 581| 112| switch (keybits) { 582| 0| case 128: ctx->nr = 10; break; ------------------ | Branch (582:9): [True: 0, False: 112] ------------------ 583| 0|#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) 584| 0| case 192: ctx->nr = 12; break; ------------------ | Branch (584:9): [True: 0, False: 112] ------------------ 585| 112| case 256: ctx->nr = 14; break; ------------------ | Branch (585:9): [True: 112, False: 0] ------------------ 586| 0|#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ 587| 0| default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; ------------------ | | 44| 0|#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 ------------------ | Branch (587:9): [True: 0, False: 112] ------------------ 588| 112| } 589| | 590| |#if !defined(MBEDTLS_AES_ROM_TABLES) 591| | if (aes_init_done == 0) { 592| | aes_gen_tables(); 593| | aes_init_done = 1; 594| | } 595| |#endif 596| | 597| 112| ctx->rk_offset = mbedtls_aes_rk_offset(ctx->buf); 598| 112| RK = ctx->buf + ctx->rk_offset; 599| | 600| 112|#if defined(MBEDTLS_AESNI_HAVE_CODE) 601| 112| if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { ------------------ | | 20| 112|#define MBEDTLS_AESNI_AES 0x02000000u ------------------ | Branch (601:9): [True: 112, False: 0] ------------------ 602| 112| return mbedtls_aesni_setkey_enc((unsigned char *) RK, key, keybits); 603| 112| } 604| 0|#endif 605| | 606| |#if defined(MBEDTLS_AESCE_HAVE_CODE) 607| | if (MBEDTLS_AESCE_HAS_SUPPORT()) { 608| | return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits); 609| | } 610| |#endif 611| | 612| 0|#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) 613| 0| for (unsigned int i = 0; i < (keybits >> 5); i++) { ------------------ | Branch (613:30): [True: 0, False: 0] ------------------ 614| 0| RK[i] = MBEDTLS_GET_UINT32_LE(key, i << 2); ------------------ | | 449| 0| ((MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 0|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (449:6): [Folded - Ignored] | | ------------------ | | 450| 0| ? MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \ | | ------------------ | | | | 298| 0|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 451| 0| : mbedtls_get_unaligned_uint32((data) + (offset)) \ | | 452| 0| ) ------------------ 615| 0| } 616| | 617| 0| switch (ctx->nr) { ------------------ | Branch (617:13): [True: 0, False: 0] ------------------ 618| 0| case 10: ------------------ | Branch (618:9): [True: 0, False: 0] ------------------ 619| | 620| 0| for (unsigned int i = 0; i < 10; i++, RK += 4) { ------------------ | Branch (620:38): [True: 0, False: 0] ------------------ 621| 0| RK[4] = RK[0] ^ round_constants[i] ^ 622| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 623| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 624| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^ ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 625| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[3])] << 24); ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 626| | 627| 0| RK[5] = RK[1] ^ RK[4]; 628| 0| RK[6] = RK[2] ^ RK[5]; 629| 0| RK[7] = RK[3] ^ RK[6]; 630| 0| } 631| 0| break; 632| | 633| 0|#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) 634| 0| case 12: ------------------ | Branch (634:9): [True: 0, False: 0] ------------------ 635| | 636| 0| for (unsigned int i = 0; i < 8; i++, RK += 6) { ------------------ | Branch (636:38): [True: 0, False: 0] ------------------ 637| 0| RK[6] = RK[0] ^ round_constants[i] ^ 638| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 639| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 640| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^ ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 641| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[5])] << 24); ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 642| | 643| 0| RK[7] = RK[1] ^ RK[6]; 644| 0| RK[8] = RK[2] ^ RK[7]; 645| 0| RK[9] = RK[3] ^ RK[8]; 646| 0| RK[10] = RK[4] ^ RK[9]; 647| 0| RK[11] = RK[5] ^ RK[10]; 648| 0| } 649| 0| break; 650| | 651| 0| case 14: ------------------ | Branch (651:9): [True: 0, False: 0] ------------------ 652| | 653| 0| for (unsigned int i = 0; i < 7; i++, RK += 8) { ------------------ | Branch (653:38): [True: 0, False: 0] ------------------ 654| 0| RK[8] = RK[0] ^ round_constants[i] ^ 655| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 656| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 657| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^ ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 658| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[7])] << 24); ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 659| | 660| 0| RK[9] = RK[1] ^ RK[8]; 661| 0| RK[10] = RK[2] ^ RK[9]; 662| 0| RK[11] = RK[3] ^ RK[10]; 663| | 664| 0| RK[12] = RK[4] ^ 665| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[11])]) ^ ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 666| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[11])] << 8) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 667| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[11])] << 16) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 668| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[11])] << 24); ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 669| | 670| 0| RK[13] = RK[5] ^ RK[12]; 671| 0| RK[14] = RK[6] ^ RK[13]; 672| 0| RK[15] = RK[7] ^ RK[14]; 673| 0| } 674| 0| break; 675| 0|#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ 676| 0| } 677| | 678| 0| return 0; 679| 0|#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ 680| 0|} mbedtls_aes_crypt_ecb: 1028| 544|{ 1029| 544| if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) { ------------------ | | 39| 1.08k|#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ ------------------ if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) { ------------------ | | 40| 0|#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ ------------------ | Branch (1029:9): [True: 0, False: 544] | Branch (1029:40): [True: 0, False: 0] ------------------ 1030| 0| return MBEDTLS_ERR_AES_BAD_INPUT_DATA; ------------------ | | 50| 0|#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 ------------------ 1031| 0| } 1032| | 1033| |#if defined(MAY_NEED_TO_ALIGN) 1034| | aes_maybe_realign(ctx); 1035| |#endif 1036| | 1037| 544|#if defined(MBEDTLS_AESNI_HAVE_CODE) 1038| 544| if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { ------------------ | | 20| 544|#define MBEDTLS_AESNI_AES 0x02000000u ------------------ | Branch (1038:9): [True: 544, False: 0] ------------------ 1039| 544| return mbedtls_aesni_crypt_ecb(ctx, mode, input, output); 1040| 544| } 1041| 0|#endif 1042| | 1043| |#if defined(MBEDTLS_AESCE_HAVE_CODE) 1044| | if (MBEDTLS_AESCE_HAS_SUPPORT()) { 1045| | return mbedtls_aesce_crypt_ecb(ctx, mode, input, output); 1046| | } 1047| |#endif 1048| | 1049| |#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) 1050| | if (aes_padlock_ace > 0) { 1051| | return mbedtls_padlock_xcryptecb(ctx, mode, input, output); 1052| | } 1053| |#endif 1054| | 1055| 0|#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) 1056| 0|#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 1057| 0| if (mode == MBEDTLS_AES_DECRYPT) { ------------------ | | 40| 0|#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ ------------------ | Branch (1057:9): [True: 0, False: 0] ------------------ 1058| 0| return mbedtls_internal_aes_decrypt(ctx, input, output); 1059| 0| } else 1060| 0|#endif 1061| 0| { 1062| 0| return mbedtls_internal_aes_encrypt(ctx, input, output); 1063| 0| } 1064| 0|#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ 1065| 0|} aes.c:mbedtls_aes_rk_offset: 536| 112|{ 537| |#if defined(MAY_NEED_TO_ALIGN) 538| | int align_16_bytes = 0; 539| | 540| |#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) 541| | if (aes_padlock_ace == -1) { 542| | aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); 543| | } 544| | if (aes_padlock_ace) { 545| | align_16_bytes = 1; 546| | } 547| |#endif 548| | 549| |#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2 550| | if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { 551| | align_16_bytes = 1; 552| | } 553| |#endif 554| | 555| | if (align_16_bytes) { 556| | /* These implementations needs 16-byte alignment 557| | * for the round key array. */ 558| | unsigned delta = ((uintptr_t) buf & 0x0000000fU) / 4; 559| | if (delta == 0) { 560| | return 0; 561| | } else { 562| | return 4 - delta; // 16 bytes = 4 uint32_t 563| | } 564| | } 565| |#else /* MAY_NEED_TO_ALIGN */ 566| 112| (void) buf; 567| 112|#endif /* MAY_NEED_TO_ALIGN */ 568| | 569| 112| return 0; 570| 112|} mbedtls_aesni_has_support: 50| 656|{ 51| 656| static int done = 0; 52| 656| static unsigned int c = 0; 53| | 54| 656| if (!done) { ------------------ | Branch (54:9): [True: 1, False: 655] ------------------ 55| |#if MBEDTLS_AESNI_HAVE_CODE == 2 56| | static int info[4] = { 0, 0, 0, 0 }; 57| |#if defined(_MSC_VER) 58| | __cpuid(info, 1); 59| |#else 60| | __cpuid(1, info[0], info[1], info[2], info[3]); 61| |#endif 62| | c = info[2]; 63| |#else /* AESNI using asm */ 64| 1| asm ("movl $1, %%eax \n\t" ------------------ | | 321| 1|#define asm __asm__ ------------------ 65| 1| "cpuid \n\t" 66| 1| : "=c" (c) 67| 1| : 68| 1| : "eax", "ebx", "edx"); 69| 1|#endif /* MBEDTLS_AESNI_HAVE_CODE */ 70| 1| done = 1; 71| 1| } 72| | 73| 656| return (c & what) != 0; 74| 656|} mbedtls_aesni_crypt_ecb: 458| 544|{ 459| 544| asm ("movdqu (%3), %%xmm0 \n\t" // load input ------------------ | | 321| 544|#define asm __asm__ ------------------ 460| 544| "movdqu (%1), %%xmm1 \n\t" // load round key 0 461| 544| "pxor %%xmm1, %%xmm0 \n\t" // round 0 462| 544| "add $16, %1 \n\t" // point to next round key 463| 544| "subl $1, %0 \n\t" // normal rounds = nr - 1 464| 544| "test %2, %2 \n\t" // mode? 465| 544| "jz 2f \n\t" // 0 = decrypt 466| | 467| 544| "1: \n\t" // encryption loop 468| 544| "movdqu (%1), %%xmm1 \n\t" // load round key 469| | AESENC(xmm1_xmm0) // do round 470| 544| "add $16, %1 \n\t" // point to next round key 471| 544| "subl $1, %0 \n\t" // loop 472| 544| "jnz 1b \n\t" 473| 544| "movdqu (%1), %%xmm1 \n\t" // load round key 474| | AESENCLAST(xmm1_xmm0) // last round 475| 544|#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 476| 544| "jmp 3f \n\t" 477| | 478| 544| "2: \n\t" // decryption loop 479| 544| "movdqu (%1), %%xmm1 \n\t" 480| | AESDEC(xmm1_xmm0) // do round 481| 544| "add $16, %1 \n\t" 482| 544| "subl $1, %0 \n\t" 483| 544| "jnz 2b \n\t" 484| 544| "movdqu (%1), %%xmm1 \n\t" // load round key 485| | AESDECLAST(xmm1_xmm0) // last round 486| 544|#endif 487| | 488| 544| "3: \n\t" 489| 544| "movdqu %%xmm0, (%4) \n\t" // export output 490| 544| : 491| 544| : "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output) 492| 544| : "memory", "cc", "xmm0", "xmm1", "0", "1"); 493| | 494| | 495| 544| return 0; 496| 544|} mbedtls_aesni_setkey_enc: 820| 112|{ 821| 112| switch (bits) { 822| 0| case 128: aesni_setkey_enc_128(rk, key); break; ------------------ | Branch (822:9): [True: 0, False: 112] ------------------ 823| 0|#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) 824| 0| case 192: aesni_setkey_enc_192(rk, key); break; ------------------ | Branch (824:9): [True: 0, False: 112] ------------------ 825| 112| case 256: aesni_setkey_enc_256(rk, key); break; ------------------ | Branch (825:9): [True: 112, False: 0] ------------------ 826| 0|#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ 827| 0| default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; ------------------ | | 44| 0|#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 ------------------ | Branch (827:9): [True: 0, False: 112] ------------------ 828| 112| } 829| | 830| 112| return 0; 831| 112|} aesni.c:aesni_setkey_enc_256: 750| 112|{ 751| 112| asm ("movdqu (%1), %%xmm0 \n\t" ------------------ | | 321| 112|#define asm __asm__ ------------------ 752| 112| "movdqu %%xmm0, (%0) \n\t" 753| 112| "add $16, %0 \n\t" 754| 112| "movdqu 16(%1), %%xmm1 \n\t" 755| 112| "movdqu %%xmm1, (%0) \n\t" 756| 112| "jmp 2f \n\t" // skip auxiliary routine 757| | 758| | /* 759| | * Finish generating the next two round keys. 760| | * 761| | * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and 762| | * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON 763| | * 764| | * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12 765| | * and those have been written to the output buffer. 766| | */ 767| 112| "1: \n\t" 768| 112| "pshufd $0xff, %%xmm2, %%xmm2 \n\t" 769| 112| "pxor %%xmm0, %%xmm2 \n\t" 770| 112| "pslldq $4, %%xmm0 \n\t" 771| 112| "pxor %%xmm0, %%xmm2 \n\t" 772| 112| "pslldq $4, %%xmm0 \n\t" 773| 112| "pxor %%xmm0, %%xmm2 \n\t" 774| 112| "pslldq $4, %%xmm0 \n\t" 775| 112| "pxor %%xmm2, %%xmm0 \n\t" 776| 112| "add $16, %0 \n\t" 777| 112| "movdqu %%xmm0, (%0) \n\t" 778| | 779| | /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 ) 780| | * and proceed to generate next round key from there */ 781| 112| AESKEYGENA(xmm0_xmm2, "0x00") 782| 112| "pshufd $0xaa, %%xmm2, %%xmm2 \n\t" 783| 112| "pxor %%xmm1, %%xmm2 \n\t" 784| 112| "pslldq $4, %%xmm1 \n\t" 785| 112| "pxor %%xmm1, %%xmm2 \n\t" 786| 112| "pslldq $4, %%xmm1 \n\t" 787| 112| "pxor %%xmm1, %%xmm2 \n\t" 788| 112| "pslldq $4, %%xmm1 \n\t" 789| 112| "pxor %%xmm2, %%xmm1 \n\t" 790| 112| "add $16, %0 \n\t" 791| 112| "movdqu %%xmm1, (%0) \n\t" 792| 112| "ret \n\t" 793| | 794| | /* 795| | * Main "loop" - Generating one more key than necessary, 796| | * see definition of mbedtls_aes_context.buf 797| | */ 798| 112| "2: \n\t" 799| 112| AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t" 800| 112| AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t" 801| 112| AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t" 802| 112| AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t" 803| 112| AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t" 804| 112| AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t" 805| 112| AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t" 806| 112| : 807| 112| : "r" (rk), "r" (key) 808| 112| : "memory", "cc", "xmm0", "xmm1", "xmm2", "0"); 809| 112|} ssl_msg.c:mbedtls_put_unaligned_uint16: 143| 16|{ 144| |#if defined(UINT_UNALIGNED) 145| | mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; 146| | *p16 = x; 147| |#elif defined(UINT_UNALIGNED_STRUCT) 148| | mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; 149| | p16->x = x; 150| |#else 151| 16| memcpy(p, &x, sizeof(x)); 152| 16|#endif 153| 16|} ssl_client.c:mbedtls_put_unaligned_uint16: 143| 2.37k|{ 144| |#if defined(UINT_UNALIGNED) 145| | mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; 146| | *p16 = x; 147| |#elif defined(UINT_UNALIGNED_STRUCT) 148| | mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; 149| | p16->x = x; 150| |#else 151| 2.37k| memcpy(p, &x, sizeof(x)); 152| 2.37k|#endif 153| 2.37k|} ctr_drbg.c:mbedtls_put_unaligned_uint32: 195| 224|{ 196| |#if defined(UINT_UNALIGNED) 197| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 198| | *p32 = x; 199| |#elif defined(UINT_UNALIGNED_STRUCT) 200| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 201| | p32->x = x; 202| |#else 203| 224| memcpy(p, &x, sizeof(x)); 204| 224|#endif 205| 224|} ctr_drbg.c:mbedtls_get_unaligned_uint64: 220| 1.72k|{ 221| 1.72k| uint64_t r; 222| |#if defined(UINT_UNALIGNED) 223| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 224| | r = *p64; 225| |#elif defined(UINT_UNALIGNED_STRUCT) 226| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 227| | r = p64->x; 228| |#else 229| 1.72k| memcpy(&r, p, sizeof(r)); 230| 1.72k|#endif 231| 1.72k| return r; 232| 1.72k|} ctr_drbg.c:mbedtls_put_unaligned_uint64: 247| 864|{ 248| |#if defined(UINT_UNALIGNED) 249| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 250| | *p64 = x; 251| |#elif defined(UINT_UNALIGNED_STRUCT) 252| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 253| | p64->x = x; 254| |#else 255| 864| memcpy(p, &x, sizeof(x)); 256| 864|#endif 257| 864|} ctr_drbg.c:mbedtls_get_unaligned_uint32: 168| 208|{ 169| 208| uint32_t r; 170| |#if defined(UINT_UNALIGNED) 171| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 172| | r = *p32; 173| |#elif defined(UINT_UNALIGNED_STRUCT) 174| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 175| | r = p32->x; 176| |#else 177| 208| memcpy(&r, p, sizeof(r)); 178| 208|#endif 179| 208| return r; 180| 208|} sha512.c:mbedtls_get_unaligned_uint64: 220| 512|{ 221| 512| uint64_t r; 222| |#if defined(UINT_UNALIGNED) 223| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 224| | r = *p64; 225| |#elif defined(UINT_UNALIGNED_STRUCT) 226| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 227| | r = p64->x; 228| |#else 229| 512| memcpy(&r, p, sizeof(r)); 230| 512|#endif 231| 512| return r; 232| 512|} sha512.c:mbedtls_put_unaligned_uint64: 247| 160|{ 248| |#if defined(UINT_UNALIGNED) 249| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 250| | *p64 = x; 251| |#elif defined(UINT_UNALIGNED_STRUCT) 252| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 253| | p64->x = x; 254| |#else 255| 160| memcpy(p, &x, sizeof(x)); 256| 160|#endif 257| 160|} mbedtls_asn1_get_len: 31| 193|{ 32| 193| if ((end - *p) < 1) { ------------------ | Branch (32:9): [True: 0, False: 193] ------------------ 33| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 34| 0| } 35| | 36| 193| if ((**p & 0x80) == 0) { ------------------ | Branch (36:9): [True: 177, False: 16] ------------------ 37| 177| *len = *(*p)++; 38| 177| } else { 39| 16| int n = (**p) & 0x7F; 40| 16| if (n == 0 || n > 4) { ------------------ | Branch (40:13): [True: 0, False: 16] | Branch (40:23): [True: 0, False: 16] ------------------ 41| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 42| 0| } 43| 16| if ((end - *p) <= n) { ------------------ | Branch (43:13): [True: 0, False: 16] ------------------ 44| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 45| 0| } 46| 16| *len = 0; 47| 16| (*p)++; 48| 48| while (n--) { ------------------ | Branch (48:16): [True: 32, False: 16] ------------------ 49| 32| *len = (*len << 8) | **p; 50| 32| (*p)++; 51| 32| } 52| 16| } 53| | 54| 193| if (*len > (size_t) (end - *p)) { ------------------ | Branch (54:9): [True: 0, False: 193] ------------------ 55| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 56| 0| } 57| | 58| 193| return 0; 59| 193|} mbedtls_asn1_get_tag: 64| 171|{ 65| 171| if ((end - *p) < 1) { ------------------ | Branch (65:9): [True: 0, False: 171] ------------------ 66| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 67| 0| } 68| | 69| 171| if (**p != tag) { ------------------ | Branch (69:9): [True: 14, False: 157] ------------------ 70| 14| return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; ------------------ | | 39| 14|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ 71| 14| } 72| | 73| 157| (*p)++; 74| | 75| 157| return mbedtls_asn1_get_len(p, end, len); 76| 171|} mbedtls_asn1_get_bool: 83| 12|{ 84| 12| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 12|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 85| 12| size_t len; 86| | 87| 12| if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) { ------------------ | | 64| 12|#define MBEDTLS_ASN1_BOOLEAN 0x01 ------------------ | Branch (87:9): [True: 8, False: 4] ------------------ 88| 8| return ret; 89| 8| } 90| | 91| 4| if (len != 1) { ------------------ | Branch (91:9): [True: 0, False: 4] ------------------ 92| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 93| 0| } 94| | 95| 4| *val = (**p != 0) ? 1 : 0; ------------------ | Branch (95:12): [True: 4, False: 0] ------------------ 96| 4| (*p)++; 97| | 98| 4| return 0; 99| 4|} mbedtls_asn1_get_int: 151| 3|{ 152| 3| return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val); ------------------ | | 65| 3|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ 153| 3|} mbedtls_asn1_get_bitstring_null: 273| 6|{ 274| 6| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 275| | 276| 6| if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) { ------------------ | | 66| 6|#define MBEDTLS_ASN1_BIT_STRING 0x03 ------------------ | Branch (276:9): [True: 0, False: 6] ------------------ 277| 0| return ret; 278| 0| } 279| | 280| 6| if (*len == 0) { ------------------ | Branch (280:9): [True: 0, False: 6] ------------------ 281| 0| return MBEDTLS_ERR_ASN1_INVALID_DATA; ------------------ | | 45| 0|#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 ------------------ 282| 0| } 283| 6| --(*len); 284| | 285| 6| if (**p != 0) { ------------------ | Branch (285:9): [True: 0, False: 6] ------------------ 286| 0| return MBEDTLS_ERR_ASN1_INVALID_DATA; ------------------ | | 45| 0|#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 ------------------ 287| 0| } 288| 6| ++(*p); 289| | 290| 6| return 0; 291| 6|} mbedtls_asn1_get_alg: 354| 9|{ 355| 9| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 9|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 356| 9| size_t len; 357| | 358| 9| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (358:9): [True: 0, False: 9] ------------------ 359| 9| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 9|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 9|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 360| 0| return ret; 361| 0| } 362| | 363| 9| if ((end - *p) < 1) { ------------------ | Branch (363:9): [True: 0, False: 9] ------------------ 364| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 365| 0| } 366| | 367| 9| alg->tag = **p; 368| 9| end = *p + len; 369| | 370| 9| if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 9|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (370:9): [True: 0, False: 9] ------------------ 371| 0| return ret; 372| 0| } 373| | 374| 9| alg->p = *p; 375| 9| *p += alg->len; 376| | 377| 9| if (*p == end) { ------------------ | Branch (377:9): [True: 0, False: 9] ------------------ 378| 0| mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf)); 379| 0| return 0; 380| 0| } 381| | 382| 9| params->tag = **p; 383| 9| (*p)++; 384| | 385| 9| if ((ret = mbedtls_asn1_get_len(p, end, ¶ms->len)) != 0) { ------------------ | Branch (385:9): [True: 0, False: 9] ------------------ 386| 0| return ret; 387| 0| } 388| | 389| 9| params->p = *p; 390| 9| *p += params->len; 391| | 392| 9| if (*p != end) { ------------------ | Branch (392:9): [True: 0, False: 9] ------------------ 393| 0| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 394| 0| } 395| | 396| 9| return 0; 397| 9|} asn1parse.c:asn1_get_tagged_int: 104| 3|{ 105| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 106| 3| size_t len; 107| | 108| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) { ------------------ | Branch (108:9): [True: 0, False: 3] ------------------ 109| 0| return ret; 110| 0| } 111| | 112| | /* 113| | * len==0 is malformed (0 must be represented as 020100 for INTEGER, 114| | * or 0A0100 for ENUMERATED tags 115| | */ 116| 3| if (len == 0) { ------------------ | Branch (116:9): [True: 0, False: 3] ------------------ 117| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 118| 0| } 119| | /* This is a cryptography library. Reject negative integers. */ 120| 3| if ((**p & 0x80) != 0) { ------------------ | Branch (120:9): [True: 0, False: 3] ------------------ 121| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 122| 0| } 123| | 124| | /* Skip leading zeros. */ 125| 3| while (len > 0 && **p == 0) { ------------------ | Branch (125:12): [True: 3, False: 0] | Branch (125:23): [True: 0, False: 3] ------------------ 126| 0| ++(*p); 127| 0| --len; 128| 0| } 129| | 130| | /* Reject integers that don't fit in an int. This code assumes that 131| | * the int type has no padding bit. */ 132| 3| if (len > sizeof(int)) { ------------------ | Branch (132:9): [True: 0, False: 3] ------------------ 133| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 134| 0| } 135| 3| if (len == sizeof(int) && (**p & 0x80) != 0) { ------------------ | Branch (135:9): [True: 0, False: 3] | Branch (135:31): [True: 0, False: 0] ------------------ 136| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 137| 0| } 138| | 139| 3| *val = 0; 140| 6| while (len-- > 0) { ------------------ | Branch (140:12): [True: 3, False: 3] ------------------ 141| 3| *val = (*val << 8) | **p; 142| 3| (*p)++; 143| 3| } 144| | 145| 3| return 0; 146| 3|} mbedtls_ct_base64_dec_value: 42| 8.79k|{ 43| 8.79k| unsigned char val = 0; 44| | /* For each range of digits, if c is in that range, mask val with 45| | * the corresponding value. Since c can only be in a single range, 46| | * only at most one masking will change val. Set val to one plus 47| | * the desired value so that it stays 0 if c is in none of the ranges. */ 48| 8.79k| val |= mbedtls_ct_uchar_in_range_if('A', 'Z', c, c - 'A' + 0 + 1); 49| 8.79k| val |= mbedtls_ct_uchar_in_range_if('a', 'z', c, c - 'a' + 26 + 1); 50| 8.79k| val |= mbedtls_ct_uchar_in_range_if('0', '9', c, c - '0' + 52 + 1); 51| 8.79k| val |= mbedtls_ct_uchar_in_range_if('+', '+', c, c - '+' + 62 + 1); 52| 8.79k| val |= mbedtls_ct_uchar_in_range_if('/', '/', c, c - '/' + 63 + 1); 53| | /* At this point, val is 0 if c is an invalid digit and v+1 if c is 54| | * a digit with the value v. */ 55| 8.79k| return val - 1; 56| 8.79k|} mbedtls_base64_decode: 130| 6|{ 131| 6| size_t i; /* index in source */ 132| 6| size_t n; /* number of digits or trailing = in source */ 133| 6| uint32_t x; /* value accumulator */ 134| 6| unsigned accumulated_digits = 0; 135| 6| unsigned equals = 0; 136| 6| int spaces_present = 0; 137| 6| unsigned char *p; 138| | 139| | /* First pass: check for validity and get output length */ 140| 6.05k| for (i = n = 0; i < slen; i++) { ------------------ | Branch (140:21): [True: 6.05k, False: 6] ------------------ 141| | /* Skip spaces before checking for EOL */ 142| 6.05k| spaces_present = 0; 143| 6.05k| while (i < slen && src[i] == ' ') { ------------------ | Branch (143:16): [True: 6.05k, False: 0] | Branch (143:28): [True: 0, False: 6.05k] ------------------ 144| 0| ++i; 145| 0| spaces_present = 1; 146| 0| } 147| | 148| | /* Spaces at end of buffer are OK */ 149| 6.05k| if (i == slen) { ------------------ | Branch (149:13): [True: 0, False: 6.05k] ------------------ 150| 0| break; 151| 0| } 152| | 153| 6.05k| if ((slen - i) >= 2 && ------------------ | Branch (153:13): [True: 6.04k, False: 6] ------------------ 154| 6.05k| src[i] == '\r' && src[i + 1] == '\n') { ------------------ | Branch (154:13): [True: 94, False: 5.95k] | Branch (154:31): [True: 94, False: 0] ------------------ 155| 94| continue; 156| 94| } 157| | 158| 5.95k| if (src[i] == '\n') { ------------------ | Branch (158:13): [True: 94, False: 5.86k] ------------------ 159| 94| continue; 160| 94| } 161| | 162| | /* Space inside a line is an error */ 163| 5.86k| if (spaces_present) { ------------------ | Branch (163:13): [True: 0, False: 5.86k] ------------------ 164| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 165| 0| } 166| | 167| 5.86k| if (src[i] > 127) { ------------------ | Branch (167:13): [True: 0, False: 5.86k] ------------------ 168| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 169| 0| } 170| | 171| 5.86k| if (src[i] == '=') { ------------------ | Branch (171:13): [True: 4, False: 5.86k] ------------------ 172| 4| if (++equals > 2) { ------------------ | Branch (172:17): [True: 0, False: 4] ------------------ 173| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 174| 0| } 175| 5.86k| } else { 176| 5.86k| if (equals != 0) { ------------------ | Branch (176:17): [True: 0, False: 5.86k] ------------------ 177| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 178| 0| } 179| 5.86k| if (mbedtls_ct_base64_dec_value(src[i]) < 0) { ------------------ | Branch (179:17): [True: 0, False: 5.86k] ------------------ 180| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 181| 0| } 182| 5.86k| } 183| 5.86k| n++; 184| 5.86k| } 185| | 186| 6| if (n == 0) { ------------------ | Branch (186:9): [True: 0, False: 6] ------------------ 187| 0| *olen = 0; 188| 0| return 0; 189| 0| } 190| | 191| | /* The following expression is to calculate the following formula without 192| | * risk of integer overflow in n: 193| | * n = ( ( n * 6 ) + 7 ) >> 3; 194| | */ 195| 6| n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3); 196| 6| n -= equals; 197| | 198| 6| if (dst == NULL || dlen < n) { ------------------ | Branch (198:9): [True: 3, False: 3] | Branch (198:24): [True: 0, False: 3] ------------------ 199| 3| *olen = n; 200| 3| return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; ------------------ | | 18| 3|#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A ------------------ 201| 3| } 202| | 203| 3| equals = 0; 204| 3.02k| for (x = 0, p = dst; i > 0; i--, src++) { ------------------ | Branch (204:26): [True: 3.02k, False: 3] ------------------ 205| 3.02k| if (*src == '\r' || *src == '\n' || *src == ' ') { ------------------ | Branch (205:13): [True: 47, False: 2.97k] | Branch (205:29): [True: 47, False: 2.93k] | Branch (205:45): [True: 0, False: 2.93k] ------------------ 206| 94| continue; 207| 94| } 208| | 209| 2.93k| x = x << 6; 210| 2.93k| if (*src == '=') { ------------------ | Branch (210:13): [True: 2, False: 2.93k] ------------------ 211| 2| ++equals; 212| 2.93k| } else { 213| 2.93k| x |= mbedtls_ct_base64_dec_value(*src); 214| 2.93k| } 215| | 216| 2.93k| if (++accumulated_digits == 4) { ------------------ | Branch (216:13): [True: 733, False: 2.19k] ------------------ 217| 733| accumulated_digits = 0; 218| 733| *p++ = MBEDTLS_BYTE_2(x); ------------------ | | 270| 733|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 219| 733| if (equals <= 1) { ------------------ | Branch (219:17): [True: 732, False: 1] ------------------ 220| 732| *p++ = MBEDTLS_BYTE_1(x); ------------------ | | 269| 732|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 221| 732| } 222| 733| if (equals <= 0) { ------------------ | Branch (222:17): [True: 732, False: 1] ------------------ 223| 732| *p++ = MBEDTLS_BYTE_0(x); ------------------ | | 268| 732|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 224| 732| } 225| 733| } 226| 2.93k| } 227| | 228| 3| *olen = (size_t) (p - dst); 229| | 230| 3| return 0; 231| 6|} mbedtls_mpi_init: 182| 778|{ 183| 778| X->s = 1; 184| 778| X->n = 0; 185| 778| X->p = NULL; 186| 778|} mbedtls_mpi_free: 192| 965|{ 193| 965| if (X == NULL) { ------------------ | Branch (193:9): [True: 0, False: 965] ------------------ 194| 0| return; 195| 0| } 196| | 197| 965| if (X->p != NULL) { ------------------ | Branch (197:9): [True: 3, False: 962] ------------------ 198| 3| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 3|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 77| 3|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 199| 3| } 200| | 201| 965| X->s = 1; 202| 965| X->n = 0; 203| 965| X->p = NULL; 204| 965|} mbedtls_mpi_grow: 210| 23|{ 211| 23| mbedtls_mpi_uint *p; 212| | 213| 23| if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { ------------------ | | 50| 23|#define MBEDTLS_MPI_MAX_LIMBS 10000 ------------------ | Branch (213:9): [True: 0, False: 23] ------------------ 214| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 215| 0| } 216| | 217| 23| if (X->n < nblimbs) { ------------------ | Branch (217:9): [True: 12, False: 11] ------------------ 218| 12| if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(nblimbs, ciL)) == NULL) { ------------------ | | 77| 12|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ | Branch (218:13): [True: 0, False: 12] ------------------ 219| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 220| 0| } 221| | 222| 12| if (X->p != NULL) { ------------------ | Branch (222:13): [True: 2, False: 10] ------------------ 223| 2| memcpy(p, X->p, X->n * ciL); ------------------ | | 77| 2|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 224| 2| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 2|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 77| 2|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 225| 2| } 226| | 227| | /* nblimbs fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS 228| | * fits, and we've checked that nblimbs <= MBEDTLS_MPI_MAX_LIMBS. */ 229| 12| X->n = (unsigned short) nblimbs; 230| 12| X->p = p; 231| 12| } 232| | 233| 23| return 0; 234| 23|} mbedtls_mpi_copy: 308| 1|{ 309| 1| int ret = 0; 310| 1| size_t i; 311| | 312| 1| if (X == Y) { ------------------ | Branch (312:9): [True: 0, False: 1] ------------------ 313| 0| return 0; 314| 0| } 315| | 316| 1| if (Y->n == 0) { ------------------ | Branch (316:9): [True: 0, False: 1] ------------------ 317| 0| if (X->n != 0) { ------------------ | Branch (317:13): [True: 0, False: 0] ------------------ 318| 0| X->s = 1; 319| 0| memset(X->p, 0, X->n * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 320| 0| } 321| 0| return 0; 322| 0| } 323| | 324| 8| for (i = Y->n - 1; i > 0; i--) { ------------------ | Branch (324:24): [True: 8, False: 0] ------------------ 325| 8| if (Y->p[i] != 0) { ------------------ | Branch (325:13): [True: 1, False: 7] ------------------ 326| 1| break; 327| 1| } 328| 8| } 329| 1| i++; 330| | 331| 1| X->s = Y->s; 332| | 333| 1| if (X->n < i) { ------------------ | Branch (333:9): [True: 1, False: 0] ------------------ 334| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 335| 1| } else { 336| 0| memset(X->p + i, 0, (X->n - i) * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 337| 0| } 338| | 339| 1| memcpy(X->p, Y->p, i * ciL); ------------------ | | 77| 1|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 340| | 341| 1|cleanup: 342| | 343| 1| return ret; 344| 1|} mbedtls_mpi_lset: 378| 4|{ 379| 4| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 4|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 380| | 381| 4| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1)); ------------------ | | 41| 4| do \ | | 42| 4| { \ | | 43| 4| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4] | | ------------------ | | 44| 4| goto cleanup; \ | | 45| 4| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 382| 4| memset(X->p, 0, X->n * ciL); ------------------ | | 77| 4|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 383| | 384| 4| X->p[0] = mpi_sint_abs(z); 385| 4| X->s = TO_SIGN(z); ------------------ | | 372| 4|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 78| 4|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 77| 4|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 386| | 387| 4|cleanup: 388| | 389| 4| return ret; 390| 4|} mbedtls_mpi_get_bit: 396| 6|{ 397| 6| if (X->n * biL <= pos) { ------------------ | | 78| 6|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (397:9): [True: 0, False: 6] ------------------ 398| 0| return 0; 399| 0| } 400| | 401| 6| return (X->p[pos / biL] >> (pos % biL)) & 0x01; ------------------ | | 78| 6|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ return (X->p[pos / biL] >> (pos % biL)) & 0x01; ------------------ | | 78| 6|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 402| 6|} mbedtls_mpi_bitlen: 474| 16|{ 475| 16| return mbedtls_mpi_core_bitlen(X->p, X->n); 476| 16|} mbedtls_mpi_size: 482| 7|{ 483| 7| return (mbedtls_mpi_bitlen(X) + 7) >> 3; 484| 7|} mbedtls_mpi_read_binary: 821| 6|{ 822| 6| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 823| 6| const size_t limbs = CHARS_TO_LIMBS(buflen); ------------------ | | 86| 6|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 824| | 825| | /* Ensure that target MPI has exactly the necessary number of limbs */ 826| 6| MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); ------------------ | | 41| 6| do \ | | 42| 6| { \ | | 43| 6| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 6] | | ------------------ | | 44| 6| goto cleanup; \ | | 45| 6| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 827| | 828| 6| MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_be(X->p, X->n, buf, buflen)); ------------------ | | 41| 6| do \ | | 42| 6| { \ | | 43| 6| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 6] | | ------------------ | | 44| 6| goto cleanup; \ | | 45| 6| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 829| | 830| 6|cleanup: 831| | 832| | /* 833| | * This function is also used to import keys. However, wiping the buffers 834| | * upon failure is not necessary because failure only can happen before any 835| | * input is copied. 836| | */ 837| 6| return ret; 838| 6|} mbedtls_mpi_cmp_abs: 895| 2|{ 896| 2| size_t i, j; 897| | 898| 16| for (i = X->n; i > 0; i--) { ------------------ | Branch (898:20): [True: 16, False: 0] ------------------ 899| 16| if (X->p[i - 1] != 0) { ------------------ | Branch (899:13): [True: 2, False: 14] ------------------ 900| 2| break; 901| 2| } 902| 16| } 903| | 904| 2| for (j = Y->n; j > 0; j--) { ------------------ | Branch (904:20): [True: 2, False: 0] ------------------ 905| 2| if (Y->p[j - 1] != 0) { ------------------ | Branch (905:13): [True: 2, False: 0] ------------------ 906| 2| break; 907| 2| } 908| 2| } 909| | 910| | /* If i == j == 0, i.e. abs(X) == abs(Y), 911| | * we end up returning 0 at the end of the function. */ 912| | 913| 2| if (i > j) { ------------------ | Branch (913:9): [True: 1, False: 1] ------------------ 914| 1| return 1; 915| 1| } 916| 1| if (j > i) { ------------------ | Branch (916:9): [True: 0, False: 1] ------------------ 917| 0| return -1; 918| 0| } 919| | 920| 1| for (; i > 0; i--) { ------------------ | Branch (920:12): [True: 1, False: 0] ------------------ 921| 1| if (X->p[i - 1] > Y->p[i - 1]) { ------------------ | Branch (921:13): [True: 0, False: 1] ------------------ 922| 0| return 1; 923| 0| } 924| 1| if (X->p[i - 1] < Y->p[i - 1]) { ------------------ | Branch (924:13): [True: 1, False: 0] ------------------ 925| 1| return -1; 926| 1| } 927| 1| } 928| | 929| 0| return 0; 930| 1|} mbedtls_mpi_cmp_mpi: 936| 40|{ 937| 40| size_t i, j; 938| | 939| 106| for (i = X->n; i > 0; i--) { ------------------ | Branch (939:20): [True: 94, False: 12] ------------------ 940| 94| if (X->p[i - 1] != 0) { ------------------ | Branch (940:13): [True: 28, False: 66] ------------------ 941| 28| break; 942| 28| } 943| 94| } 944| | 945| 76| for (j = Y->n; j > 0; j--) { ------------------ | Branch (945:20): [True: 49, False: 27] ------------------ 946| 49| if (Y->p[j - 1] != 0) { ------------------ | Branch (946:13): [True: 13, False: 36] ------------------ 947| 13| break; 948| 13| } 949| 49| } 950| | 951| 40| if (i == 0 && j == 0) { ------------------ | Branch (951:9): [True: 12, False: 28] | Branch (951:19): [True: 12, False: 0] ------------------ 952| 12| return 0; 953| 12| } 954| | 955| 28| if (i > j) { ------------------ | Branch (955:9): [True: 18, False: 10] ------------------ 956| 18| return X->s; 957| 18| } 958| 10| if (j > i) { ------------------ | Branch (958:9): [True: 2, False: 8] ------------------ 959| 2| return -Y->s; 960| 2| } 961| | 962| 8| if (X->s > 0 && Y->s < 0) { ------------------ | Branch (962:9): [True: 8, False: 0] | Branch (962:21): [True: 0, False: 8] ------------------ 963| 0| return 1; 964| 0| } 965| 8| if (Y->s > 0 && X->s < 0) { ------------------ | Branch (965:9): [True: 8, False: 0] | Branch (965:21): [True: 0, False: 8] ------------------ 966| 0| return -1; 967| 0| } 968| | 969| 15| for (; i > 0; i--) { ------------------ | Branch (969:12): [True: 13, False: 2] ------------------ 970| 13| if (X->p[i - 1] > Y->p[i - 1]) { ------------------ | Branch (970:13): [True: 0, False: 13] ------------------ 971| 0| return X->s; 972| 0| } 973| 13| if (X->p[i - 1] < Y->p[i - 1]) { ------------------ | Branch (973:13): [True: 6, False: 7] ------------------ 974| 6| return -X->s; 975| 6| } 976| 13| } 977| | 978| 2| return 0; 979| 8|} mbedtls_mpi_cmp_int: 985| 28|{ 986| 28| mbedtls_mpi Y; 987| 28| mbedtls_mpi_uint p[1]; 988| | 989| 28| *p = mpi_sint_abs(z); 990| 28| Y.s = TO_SIGN(z); ------------------ | | 372| 28|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 78| 28|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 77| 28|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 991| 28| Y.n = 1; 992| 28| Y.p = p; 993| | 994| 28| return mbedtls_mpi_cmp_mpi(X, &Y); 995| 28|} mbedtls_mpi_add_abs: 1001| 1|{ 1002| 1| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1003| 1| size_t j; 1004| 1| mbedtls_mpi_uint *p; 1005| 1| mbedtls_mpi_uint c; 1006| | 1007| 1| if (X == B) { ------------------ | Branch (1007:9): [True: 0, False: 1] ------------------ 1008| 0| const mbedtls_mpi *T = A; A = X; B = T; 1009| 0| } 1010| | 1011| 1| if (X != A) { ------------------ | Branch (1011:9): [True: 0, False: 1] ------------------ 1012| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1013| 0| } 1014| | 1015| | /* 1016| | * X must always be positive as a result of unsigned additions. 1017| | */ 1018| 1| X->s = 1; 1019| | 1020| 1| for (j = B->n; j > 0; j--) { ------------------ | Branch (1020:20): [True: 1, False: 0] ------------------ 1021| 1| if (B->p[j - 1] != 0) { ------------------ | Branch (1021:13): [True: 1, False: 0] ------------------ 1022| 1| break; 1023| 1| } 1024| 1| } 1025| | 1026| | /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0 1027| | * and B is 0 (of any size). */ 1028| 1| if (j == 0) { ------------------ | Branch (1028:9): [True: 0, False: 1] ------------------ 1029| 0| return 0; 1030| 0| } 1031| | 1032| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1033| | 1034| | /* j is the number of non-zero limbs of B. Add those to X. */ 1035| | 1036| 1| p = X->p; 1037| | 1038| 1| c = mbedtls_mpi_core_add(p, p, B->p, j); 1039| | 1040| 1| p += j; 1041| | 1042| | /* Now propagate any carry */ 1043| | 1044| 2| while (c != 0) { ------------------ | Branch (1044:12): [True: 1, False: 1] ------------------ 1045| 1| if (j >= X->n) { ------------------ | Branch (1045:13): [True: 0, False: 1] ------------------ 1046| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j + 1)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1047| 0| p = X->p + j; 1048| 0| } 1049| | 1050| 1| *p += c; c = (*p < c); j++; p++; 1051| 1| } 1052| | 1053| 1|cleanup: 1054| | 1055| 1| return ret; 1056| 1|} mbedtls_mpi_sub_abs: 1062| 5|{ 1063| 5| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 5|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1064| 5| size_t n; 1065| 5| mbedtls_mpi_uint carry; 1066| | 1067| 12| for (n = B->n; n > 0; n--) { ------------------ | Branch (1067:20): [True: 12, False: 0] ------------------ 1068| 12| if (B->p[n - 1] != 0) { ------------------ | Branch (1068:13): [True: 5, False: 7] ------------------ 1069| 5| break; 1070| 5| } 1071| 12| } 1072| 5| if (n > A->n) { ------------------ | Branch (1072:9): [True: 0, False: 5] ------------------ 1073| | /* B >= (2^ciL)^n > A */ 1074| 0| ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1075| 0| goto cleanup; 1076| 0| } 1077| | 1078| 5| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, A->n)); ------------------ | | 41| 5| do \ | | 42| 5| { \ | | 43| 5| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 5] | | ------------------ | | 44| 5| goto cleanup; \ | | 45| 5| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1079| | 1080| | /* Set the high limbs of X to match A. Don't touch the lower limbs 1081| | * because X might be aliased to B, and we must not overwrite the 1082| | * significant digits of B. */ 1083| 5| if (A->n > n && A != X) { ------------------ | Branch (1083:9): [True: 4, False: 1] | Branch (1083:21): [True: 0, False: 4] ------------------ 1084| 0| memcpy(X->p + n, A->p + n, (A->n - n) * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 1085| 0| } 1086| 5| if (X->n > A->n) { ------------------ | Branch (1086:9): [True: 1, False: 4] ------------------ 1087| 1| memset(X->p + A->n, 0, (X->n - A->n) * ciL); ------------------ | | 77| 1|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 1088| 1| } 1089| | 1090| 5| carry = mbedtls_mpi_core_sub(X->p, A->p, B->p, n); 1091| 5| if (carry != 0) { ------------------ | Branch (1091:9): [True: 3, False: 2] ------------------ 1092| | /* Propagate the carry through the rest of X. */ 1093| 3| carry = mbedtls_mpi_core_sub_int(X->p + n, X->p + n, carry, X->n - n); 1094| | 1095| | /* If we have further carry/borrow, the result is negative. */ 1096| 3| if (carry != 0) { ------------------ | Branch (1096:13): [True: 0, False: 3] ------------------ 1097| 0| ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1098| 0| goto cleanup; 1099| 0| } 1100| 3| } 1101| | 1102| | /* X should always be positive as a result of unsigned subtractions. */ 1103| 5| X->s = 1; 1104| | 1105| 5|cleanup: 1106| 5| return ret; 1107| 5|} mbedtls_mpi_add_mpi: 1146| 2|{ 1147| 2| return add_sub_mpi(X, A, B, 1); 1148| 2|} mbedtls_mpi_sub_mpi: 1154| 1|{ 1155| 1| return add_sub_mpi(X, A, B, -1); 1156| 1|} mbedtls_mpi_sub_int: 1178| 1|{ 1179| 1| mbedtls_mpi B; 1180| 1| mbedtls_mpi_uint p[1]; 1181| | 1182| 1| p[0] = mpi_sint_abs(b); 1183| 1| B.s = TO_SIGN(b); ------------------ | | 372| 1|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 78| 1|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 77| 1|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 1184| 1| B.n = 1; 1185| 1| B.p = p; 1186| | 1187| 1| return mbedtls_mpi_sub_mpi(X, A, &B); 1188| 1|} mbedtls_mpi_mul_mpi: 1194| 3|{ 1195| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1196| 3| size_t i, j; 1197| 3| mbedtls_mpi TA, TB; 1198| 3| int result_is_zero = 0; 1199| | 1200| 3| mbedtls_mpi_init(&TA); 1201| 3| mbedtls_mpi_init(&TB); 1202| | 1203| 3| if (X == A) { ------------------ | Branch (1203:9): [True: 1, False: 2] ------------------ 1204| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA; ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1205| 1| } 1206| 3| if (X == B) { ------------------ | Branch (1206:9): [True: 0, False: 3] ------------------ 1207| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB; ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1208| 0| } 1209| | 1210| 3| for (i = A->n; i > 0; i--) { ------------------ | Branch (1210:20): [True: 3, False: 0] ------------------ 1211| 3| if (A->p[i - 1] != 0) { ------------------ | Branch (1211:13): [True: 3, False: 0] ------------------ 1212| 3| break; 1213| 3| } 1214| 3| } 1215| 3| if (i == 0) { ------------------ | Branch (1215:9): [True: 0, False: 3] ------------------ 1216| 0| result_is_zero = 1; 1217| 0| } 1218| | 1219| 3| for (j = B->n; j > 0; j--) { ------------------ | Branch (1219:20): [True: 3, False: 0] ------------------ 1220| 3| if (B->p[j - 1] != 0) { ------------------ | Branch (1220:13): [True: 3, False: 0] ------------------ 1221| 3| break; 1222| 3| } 1223| 3| } 1224| 3| if (j == 0) { ------------------ | Branch (1224:9): [True: 0, False: 3] ------------------ 1225| 0| result_is_zero = 1; 1226| 0| } 1227| | 1228| 3| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j)); ------------------ | | 41| 3| do \ | | 42| 3| { \ | | 43| 3| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3] | | ------------------ | | 44| 3| goto cleanup; \ | | 45| 3| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1229| 3| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); ------------------ | | 41| 3| do \ | | 42| 3| { \ | | 43| 3| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3] | | ------------------ | | 44| 3| goto cleanup; \ | | 45| 3| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1230| | 1231| 3| mbedtls_mpi_core_mul(X->p, A->p, i, B->p, j); 1232| | 1233| | /* If the result is 0, we don't shortcut the operation, which reduces 1234| | * but does not eliminate side channels leaking the zero-ness. We do 1235| | * need to take care to set the sign bit properly since the library does 1236| | * not fully support an MPI object with a value of 0 and s == -1. */ 1237| 3| if (result_is_zero) { ------------------ | Branch (1237:9): [True: 0, False: 3] ------------------ 1238| 0| X->s = 1; 1239| 3| } else { 1240| 3| X->s = A->s * B->s; 1241| 3| } 1242| | 1243| 3|cleanup: 1244| | 1245| 3| mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TA); 1246| | 1247| 3| return ret; 1248| 3|} bignum.c:mpi_sint_abs: 359| 33|{ 360| 33| if (z >= 0) { ------------------ | Branch (360:9): [True: 33, False: 0] ------------------ 361| 33| return z; 362| 33| } 363| | /* Take care to handle the most negative value (-2^(biL-1)) correctly. 364| | * A naive -z would have undefined behavior. 365| | * Write this in a way that makes popular compilers happy (GCC, Clang, 366| | * MSVC). */ 367| 0| return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z; 368| 33|} bignum.c:mbedtls_mpi_resize_clear: 285| 6|{ 286| 6| if (limbs == 0) { ------------------ | Branch (286:9): [True: 0, False: 6] ------------------ 287| 0| mbedtls_mpi_free(X); 288| 0| return 0; 289| 6| } else if (X->n == limbs) { ------------------ | Branch (289:16): [True: 0, False: 6] ------------------ 290| 0| memset(X->p, 0, limbs * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 291| 0| X->s = 1; 292| 0| return 0; 293| 6| } else { 294| 6| mbedtls_mpi_free(X); 295| 6| return mbedtls_mpi_grow(X, limbs); 296| 6| } 297| 6|} bignum.c:add_sub_mpi: 1115| 3|{ 1116| 3| int ret, s; 1117| | 1118| 3| s = A->s; 1119| 3| if (A->s * B->s * flip_B < 0) { ------------------ | Branch (1119:9): [True: 2, False: 1] ------------------ 1120| 2| int cmp = mbedtls_mpi_cmp_abs(A, B); 1121| 2| if (cmp >= 0) { ------------------ | Branch (1121:13): [True: 1, False: 1] ------------------ 1122| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1123| | /* If |A| = |B|, the result is 0 and we must set the sign bit 1124| | * to +1 regardless of which of A or B was negative. Otherwise, 1125| | * since |A| > |B|, the sign is the sign of A. */ 1126| 1| X->s = cmp == 0 ? 1 : s; ------------------ | Branch (1126:20): [True: 0, False: 1] ------------------ 1127| 1| } else { 1128| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1129| | /* Since |A| < |B|, the sign is the opposite of A. */ 1130| 1| X->s = -s; 1131| 1| } 1132| 2| } else { 1133| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1134| 1| X->s = s; 1135| 1| } 1136| | 1137| 3|cleanup: 1138| | 1139| 3| return ret; 1140| 3|} mbedtls_mpi_core_clz: 25| 16|{ 26| 16|#if defined(__has_builtin) 27| |#if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_clz) 28| | #define core_clz __builtin_clz 29| |#elif (MBEDTLS_MPI_UINT_MAX == ULONG_MAX) && __has_builtin(__builtin_clzl) 30| | #define core_clz __builtin_clzl 31| |#elif (MBEDTLS_MPI_UINT_MAX == ULLONG_MAX) && __has_builtin(__builtin_clzll) 32| | #define core_clz __builtin_clzll 33| |#endif 34| 16|#endif 35| 16|#if defined(core_clz) 36| 16| return (size_t) core_clz(a); ------------------ | | 30| 16| #define core_clz __builtin_clzl ------------------ 37| |#else 38| | size_t j; 39| | mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); 40| | 41| | for (j = 0; j < biL; j++) { 42| | if (a & mask) { 43| | break; 44| | } 45| | 46| | mask >>= 1; 47| | } 48| | 49| | return j; 50| |#endif 51| 16|} mbedtls_mpi_core_bitlen: 54| 16|{ 55| 16| int i; 56| 16| size_t j; 57| | 58| 25| for (i = ((int) A_limbs) - 1; i >= 0; i--) { ------------------ | Branch (58:35): [True: 25, False: 0] ------------------ 59| 25| if (A[i] != 0) { ------------------ | Branch (59:13): [True: 16, False: 9] ------------------ 60| 16| j = biL - mbedtls_mpi_core_clz(A[i]); ------------------ | | 78| 16|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 16|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 61| 16| return (i * biL) + j; ------------------ | | 78| 16|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 16|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 62| 16| } 63| 25| } 64| | 65| 0| return 0; 66| 16|} mbedtls_mpi_core_bigendian_to_host: 84| 6|{ 85| 6| mbedtls_mpi_uint *cur_limb_left; 86| 6| mbedtls_mpi_uint *cur_limb_right; 87| 6| if (A_limbs == 0) { ------------------ | Branch (87:9): [True: 0, False: 6] ------------------ 88| 0| return; 89| 0| } 90| | 91| | /* 92| | * Traverse limbs and 93| | * - adapt byte-order in each limb 94| | * - swap the limbs themselves. 95| | * For that, simultaneously traverse the limbs from left to right 96| | * and from right to left, as long as the left index is not bigger 97| | * than the right index (it's not a problem if limbs is odd and the 98| | * indices coincide in the last iteration). 99| | */ 100| 6| for (cur_limb_left = A, cur_limb_right = A + (A_limbs - 1); 101| 48| cur_limb_left <= cur_limb_right; ------------------ | Branch (101:10): [True: 42, False: 6] ------------------ 102| 42| cur_limb_left++, cur_limb_right--) { 103| 42| mbedtls_mpi_uint tmp; 104| | /* Note that if cur_limb_left == cur_limb_right, 105| | * this code effectively swaps the bytes only once. */ 106| 42| tmp = mpi_bigendian_to_host(*cur_limb_left); 107| 42| *cur_limb_left = mpi_bigendian_to_host(*cur_limb_right); 108| 42| *cur_limb_right = tmp; 109| 42| } 110| 6|} mbedtls_mpi_core_read_be: 230| 6|{ 231| 6| const size_t limbs = CHARS_TO_LIMBS(input_length); ------------------ | | 86| 6|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 232| | 233| 6| if (X_limbs < limbs) { ------------------ | Branch (233:9): [True: 0, False: 6] ------------------ 234| 0| return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; ------------------ | | 30| 0|#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 ------------------ 235| 0| } 236| | 237| | /* If X_limbs is 0, input_length must also be 0 (from previous test). 238| | * Nothing to do. */ 239| 6| if (X_limbs == 0) { ------------------ | Branch (239:9): [True: 0, False: 6] ------------------ 240| 0| return 0; 241| 0| } 242| | 243| 6| memset(X, 0, X_limbs * ciL); ------------------ | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 244| | 245| | /* memcpy() with (NULL, 0) is undefined behaviour */ 246| 6| if (input_length != 0) { ------------------ | Branch (246:9): [True: 6, False: 0] ------------------ 247| 6| size_t overhead = (X_limbs * ciL) - input_length; ------------------ | | 77| 6|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 248| 6| unsigned char *Xp = (unsigned char *) X; 249| 6| memcpy(Xp + overhead, input, input_length); 250| 6| } 251| | 252| 6| mbedtls_mpi_core_bigendian_to_host(X, X_limbs); 253| | 254| 6| return 0; 255| 6|} mbedtls_mpi_core_add: 409| 1|{ 410| 1| mbedtls_mpi_uint c = 0; 411| | 412| 7| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (412:24): [True: 6, False: 1] ------------------ 413| 6| mbedtls_mpi_uint t = c + A[i]; 414| 6| c = (t < A[i]); 415| 6| t += B[i]; 416| 6| c += (t < B[i]); 417| 6| X[i] = t; 418| 6| } 419| | 420| 1| return c; 421| 1|} mbedtls_mpi_core_sub: 448| 5|{ 449| 5| mbedtls_mpi_uint c = 0; 450| | 451| 30| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (451:24): [True: 25, False: 5] ------------------ 452| 25| mbedtls_mpi_uint z = (A[i] < c); 453| 25| mbedtls_mpi_uint t = A[i] - c; 454| 25| c = (t < B[i]) + z; 455| 25| X[i] = t - B[i]; 456| 25| } 457| | 458| 5| return c; 459| 5|} mbedtls_mpi_core_mla: 464| 18|{ 465| 18| mbedtls_mpi_uint c = 0; /* carry */ 466| | /* 467| | * It is a documented precondition of this function that d_len >= s_len. 468| | * If that's not the case, we swap these round: this turns what would be 469| | * a buffer overflow into an incorrect result. 470| | */ 471| 18| if (d_len < s_len) { ------------------ | Branch (471:9): [True: 0, False: 18] ------------------ 472| 0| s_len = d_len; 473| 0| } 474| 18| size_t excess_len = d_len - s_len; 475| 18| size_t steps_x8 = s_len / 8; 476| 18| size_t steps_x1 = s_len & 7; 477| | 478| 18| while (steps_x8--) { ------------------ | Branch (478:12): [True: 0, False: 18] ------------------ 479| 0| MULADDC_X8_INIT ------------------ | | 1088| 0|#define MULADDC_X8_INIT MULADDC_X4_INIT | | ------------------ | | | | 1082| 0|#define MULADDC_X4_INIT MULADDC_X2_INIT | | | | ------------------ | | | | | | 1076| 0|#define MULADDC_X2_INIT MULADDC_X1_INIT | | | | | | ------------------ | | | | | | | | 216| 0| asm( \ | | | | | | | | ------------------ | | | | | | | | | | 321| 0|#define asm __asm__ | | | | | | | | ------------------ | | | | | | | | 217| 0| "xorq %%r8, %%r8\n" | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 480| 0| MULADDC_X8_CORE 481| 0| MULADDC_X8_STOP ------------------ | | 1089| 0|#define MULADDC_X8_STOP MULADDC_X4_STOP | | ------------------ | | | | 1083| 0|#define MULADDC_X4_STOP MULADDC_X2_STOP | | | | ------------------ | | | | | | 1077| 0|#define MULADDC_X2_STOP MULADDC_X1_STOP | | | | | | ------------------ | | | | | | | | 232| 0| : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ | | | | | | | | 233| 0| : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ | | | | | | | | 234| 0| : "rax", "rdx", "r8" \ | | | | | | | | 235| 0| ); | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 482| 0| } 483| | 484| 126| while (steps_x1--) { ------------------ | Branch (484:12): [True: 108, False: 18] ------------------ 485| 108| MULADDC_X1_INIT ------------------ | | 216| 108| asm( \ | | ------------------ | | | | 321| 108|#define asm __asm__ | | ------------------ | | 217| 108| "xorq %%r8, %%r8\n" ------------------ 486| 108| MULADDC_X1_CORE 487| 108| MULADDC_X1_STOP ------------------ | | 232| 108| : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ | | 233| 108| : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ | | 234| 108| : "rax", "rdx", "r8" \ | | 235| 108| ); ------------------ 488| 108| } 489| | 490| 36| while (excess_len--) { ------------------ | Branch (490:12): [True: 18, False: 18] ------------------ 491| 18| *d += c; 492| 18| c = (*d < c); 493| 18| d++; 494| 18| } 495| | 496| 18| return c; 497| 18|} mbedtls_mpi_core_mul: 502| 3|{ 503| 3| memset(X, 0, (A_limbs + B_limbs) * ciL); ------------------ | | 77| 3|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 504| | 505| 21| for (size_t i = 0; i < B_limbs; i++) { ------------------ | Branch (505:24): [True: 18, False: 3] ------------------ 506| 18| (void) mbedtls_mpi_core_mla(X + i, A_limbs + 1, A, A_limbs, B[i]); 507| 18| } 508| 3|} mbedtls_mpi_core_sub_int: 975| 3|{ 976| 24| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (976:24): [True: 21, False: 3] ------------------ 977| 21| mbedtls_mpi_uint s = A[i]; 978| 21| mbedtls_mpi_uint t = s - c; 979| 21| c = (t > s); 980| 21| X[i] = t; 981| 21| } 982| | 983| 3| return c; 984| 3|} bignum_core.c:mpi_bigendian_to_host: 69| 84|{ 70| 84| if (MBEDTLS_IS_BIG_ENDIAN) { ------------------ | | 398| 84|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (398:31): [Folded - Ignored] | | ------------------ ------------------ 71| | /* Nothing to do on bigendian systems. */ 72| 0| return a; 73| 84| } else { 74| |#if defined(MBEDTLS_HAVE_INT32) 75| | return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a); 76| |#elif defined(MBEDTLS_HAVE_INT64) 77| 84| return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a); ------------------ | | 301| 84|#define MBEDTLS_BSWAP64 __builtin_bswap64 ------------------ 78| 84|#endif 79| 84| } 80| 84|} mbedtls_cipher_init: 202| 32|{ 203| 32| memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); 204| 32|} mbedtls_cipher_free: 207| 32|{ 208| 32| if (ctx == NULL) { ------------------ | Branch (208:9): [True: 0, False: 32] ------------------ 209| 0| return; 210| 0| } 211| | 212| |#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) 213| | if (ctx->psa_enabled == 1) { 214| | if (ctx->cipher_ctx != NULL) { 215| | mbedtls_cipher_context_psa * const cipher_psa = 216| | (mbedtls_cipher_context_psa *) ctx->cipher_ctx; 217| | 218| | if (cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED) { 219| | /* xxx_free() doesn't allow to return failures. */ 220| | (void) psa_destroy_key(cipher_psa->slot); 221| | } 222| | 223| | mbedtls_zeroize_and_free(cipher_psa, sizeof(*cipher_psa)); 224| | } 225| | 226| | mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); 227| | return; 228| | } 229| |#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ 230| | 231| 32|#if defined(MBEDTLS_CMAC_C) 232| 32| if (ctx->cmac_ctx) { ------------------ | Branch (232:9): [True: 0, False: 32] ------------------ 233| 0| mbedtls_zeroize_and_free(ctx->cmac_ctx, 234| 0| sizeof(mbedtls_cmac_context_t)); 235| 0| } 236| 32|#endif 237| | 238| 32| if (ctx->cipher_ctx) { ------------------ | Branch (238:9): [True: 0, False: 32] ------------------ 239| 0| mbedtls_cipher_get_base(ctx->cipher_info)->ctx_free_func(ctx->cipher_ctx); 240| 0| } 241| | 242| 32| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); 243| 32|} ctr_drbg.c:mbedtls_xor: 190| 336|{ 191| 336| size_t i = 0; 192| 336|#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) 193| |#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \ 194| | (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300)) 195| | /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */ 196| | for (; (i + 16) <= n; i += 16) { 197| | uint8x16_t v1 = vld1q_u8(a + i); 198| | uint8x16_t v2 = vld1q_u8(b + i); 199| | uint8x16_t x = veorq_u8(v1, v2); 200| | vst1q_u8(r + i, x); 201| | } 202| |#if defined(__IAR_SYSTEMS_ICC__) 203| | /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case 204| | * where n is a constant multiple of 16. 205| | * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time 206| | * constant, and is a very small perf regression if n is not a compile-time constant. */ 207| | if (n % 16 == 0) { 208| | return; 209| | } 210| |#endif 211| |#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) 212| | /* This codepath probably only makes sense on architectures with 64-bit registers */ 213| 1.20k| for (; (i + 8) <= n; i += 8) { ------------------ | Branch (213:12): [True: 864, False: 336] ------------------ 214| 864| uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); 215| 864| mbedtls_put_unaligned_uint64(r + i, x); 216| 864| } 217| |#if defined(__IAR_SYSTEMS_ICC__) 218| | if (n % 8 == 0) { 219| | return; 220| | } 221| |#endif 222| |#else 223| | for (; (i + 4) <= n; i += 4) { 224| | uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); 225| | mbedtls_put_unaligned_uint32(r + i, x); 226| | } 227| |#if defined(__IAR_SYSTEMS_ICC__) 228| | if (n % 4 == 0) { 229| | return; 230| | } 231| |#endif 232| |#endif 233| 336|#endif 234| 336| for (; i < n; i++) { ------------------ | Branch (234:12): [True: 0, False: 336] ------------------ 235| 0| r[i] = a[i] ^ b[i]; 236| 0| } 237| 336|} base64.c:mbedtls_ct_uchar_in_range_if: 395| 43.9k|{ 396| 43.9k| const unsigned char co = (unsigned char) mbedtls_ct_compiler_opaque(c); 397| 43.9k| const unsigned char to = (unsigned char) mbedtls_ct_compiler_opaque(t); 398| | 399| | /* low_mask is: 0 if low <= c, 0x...ff if low > c */ 400| 43.9k| unsigned low_mask = ((unsigned) co - low) >> 8; 401| | /* high_mask is: 0 if c <= high, 0x...ff if c > high */ 402| 43.9k| unsigned high_mask = ((unsigned) high - co) >> 8; 403| | 404| 43.9k| return (unsigned char) (~(low_mask | high_mask)) & to; 405| 43.9k|} base64.c:mbedtls_ct_compiler_opaque: 86| 87.9k|{ 87| 87.9k|#if defined(MBEDTLS_CT_ASM) 88| 87.9k| asm volatile ("" : [x] "+r" (x) :); ------------------ | | 321| 87.9k|#define asm __asm__ ------------------ 89| 87.9k| return x; 90| |#else 91| | return x ^ mbedtls_ct_zero; 92| |#endif 93| 87.9k|} ctr_drbg.c:mbedtls_ctr_increment_counter: 22| 208|{ 23| | // The 32-bit version seems to perform about the same as a 64-bit version 24| | // on 64-bit architectures, so no need to define a 64-bit version. 25| 208| for (int i = 3;; i--) { 26| 208| uint32_t x = MBEDTLS_GET_UINT32_BE(n, i << 2); ------------------ | | 413| 208| ((MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 208|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (413:6): [Folded - Ignored] | | ------------------ | | 414| 208| ? mbedtls_get_unaligned_uint32((data) + (offset)) \ | | 415| 208| : MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \ | | ------------------ | | | | 298| 208|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 416| 208| ) ------------------ 27| 208| x += 1; 28| 208| MBEDTLS_PUT_UINT32_BE(x, n, i << 2); ------------------ | | 428| 208| { \ | | 429| 208| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 208|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 208| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 208| else \ | | 434| 208| { \ | | 435| 208| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 208|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 208| } \ | | 437| 208| } ------------------ 29| 208| if (x != 0 || i == 0) { ------------------ | Branch (29:13): [True: 208, False: 0] | Branch (29:23): [True: 0, False: 0] ------------------ 30| 208| break; 31| 208| } 32| 208| } 33| 208|} mbedtls_ctr_drbg_init: 74| 32|{ 75| 32| memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); 76| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 77| | ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; 78| | ctx->psa_ctx.operation = psa_cipher_operation_init(); 79| |#else 80| 32| mbedtls_aes_init(&ctx->aes_ctx); 81| 32|#endif 82| | /* Indicate that the entropy nonce length is not set explicitly. 83| | * See mbedtls_ctr_drbg_set_nonce_len(). */ 84| 32| ctx->reseed_counter = -1; 85| | 86| 32| ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL; ------------------ | | 127| 32|#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 ------------------ 87| 32|} mbedtls_ctr_drbg_free: 94| 32|{ 95| 32| if (ctx == NULL) { ------------------ | Branch (95:9): [True: 0, False: 32] ------------------ 96| 0| return; 97| 0| } 98| | 99| 32|#if defined(MBEDTLS_THREADING_C) 100| | /* The mutex is initialized iff f_entropy is set. */ 101| 32| if (ctx->f_entropy != NULL) { ------------------ | Branch (101:9): [True: 32, False: 0] ------------------ 102| 32| mbedtls_mutex_free(&ctx->mutex); 103| 32| } 104| 32|#endif 105| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 106| | ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); 107| |#else 108| 32| mbedtls_aes_free(&ctx->aes_ctx); 109| 32|#endif 110| 32| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context)); 111| 32| ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL; ------------------ | | 127| 32|#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 ------------------ 112| 32| ctx->reseed_counter = -1; 113| 32|} mbedtls_ctr_drbg_seed: 540| 32|{ 541| 32| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 32|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 542| 32| unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; 543| 32| size_t nonce_len; 544| | 545| 32| memset(key, 0, MBEDTLS_CTR_DRBG_KEYSIZE); ------------------ | | 83| 32|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 ------------------ 546| | 547| | /* The mutex is initialized iff f_entropy is set. */ 548| 32|#if defined(MBEDTLS_THREADING_C) 549| 32| mbedtls_mutex_init(&ctx->mutex); 550| 32|#endif 551| | 552| 32| ctx->f_entropy = f_entropy; 553| 32| ctx->p_entropy = p_entropy; 554| | 555| 32| if (ctx->entropy_len == 0) { ------------------ | Branch (555:9): [True: 32, False: 0] ------------------ 556| 32| ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN; ------------------ | | 111| 32|#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 ------------------ 557| 32| } 558| | /* ctx->reseed_counter contains the desired amount of entropy to 559| | * grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()). 560| | * If it's -1, indicating that the entropy nonce length was not set 561| | * explicitly, use a sufficiently large nonce for security. */ 562| 32| nonce_len = (ctx->reseed_counter >= 0 ? ------------------ | Branch (562:18): [True: 0, False: 32] ------------------ 563| 0| (size_t) ctx->reseed_counter : 564| 32| good_nonce_len(ctx->entropy_len)); 565| | 566| | /* Initialize with an empty key. */ 567| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 568| | psa_status_t status; 569| | 570| | status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, key, MBEDTLS_CTR_DRBG_KEYSIZE); 571| | if (status != PSA_SUCCESS) { 572| | ret = psa_generic_status_to_mbedtls(status); 573| | return status; 574| | } 575| |#else 576| 32| if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, ------------------ | Branch (576:9): [True: 0, False: 32] ------------------ 577| 32| MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { ------------------ | | 91| 32|#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */ | | ------------------ | | | | 83| 32|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ ------------------ 578| 0| return ret; 579| 0| } 580| 32|#endif 581| | 582| | /* Do the initial seeding. */ 583| 32| if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len, ------------------ | Branch (583:9): [True: 16, False: 16] ------------------ 584| 32| nonce_len)) != 0) { 585| 16| return ret; 586| 16| } 587| 16| return 0; 588| 32|} mbedtls_ctr_drbg_random_with_add: 612| 32|{ 613| 32| int ret = 0; 614| 32| mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; 615| 32| unsigned char *p = output; 616| 32| struct { 617| 32| unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; 618| 32| unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE]; 619| 32| } locals; 620| 32| size_t use_len; 621| | 622| 32| if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) { ------------------ | | 137| 32|#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 ------------------ | Branch (622:9): [True: 0, False: 32] ------------------ 623| 0| return MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG; ------------------ | | 67| 0|#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 ------------------ 624| 0| } 625| | 626| 32| if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) { ------------------ | | 132| 32|#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 ------------------ | Branch (626:9): [True: 0, False: 32] ------------------ 627| 0| return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; ------------------ | | 69| 0|#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 ------------------ 628| 0| } 629| | 630| 32| memset(locals.add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN); ------------------ | | 92| 32|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 32|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 32|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ 631| | 632| 32| if (ctx->reseed_counter > ctx->reseed_interval || ------------------ | Branch (632:9): [True: 0, False: 32] ------------------ 633| 32| ctx->prediction_resistance) { ------------------ | Branch (633:9): [True: 0, False: 32] ------------------ 634| 0| if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) { ------------------ | Branch (634:13): [True: 0, False: 0] ------------------ 635| 0| return ret; 636| 0| } 637| 0| add_len = 0; 638| 0| } 639| | 640| 32| if (add_len > 0) { ------------------ | Branch (640:9): [True: 0, False: 32] ------------------ 641| 0| if ((ret = block_cipher_df(locals.add_input, additional, add_len)) != 0) { ------------------ | Branch (641:13): [True: 0, False: 0] ------------------ 642| 0| goto exit; 643| 0| } 644| 0| if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) { ------------------ | Branch (644:13): [True: 0, False: 0] ------------------ 645| 0| goto exit; 646| 0| } 647| 0| } 648| | 649| 96| while (output_len > 0) { ------------------ | Branch (649:12): [True: 64, False: 32] ------------------ 650| | /* 651| | * Increase counter (treat it as a 128-bit big-endian integer). 652| | */ 653| 64| mbedtls_ctr_increment_counter(ctx->counter); 654| | 655| | /* 656| | * Crypt counter block 657| | */ 658| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 659| | psa_status_t status; 660| | size_t tmp_len; 661| | 662| | status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), 663| | locals.tmp, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); 664| | if (status != PSA_SUCCESS) { 665| | ret = psa_generic_status_to_mbedtls(status); 666| | goto exit; 667| | } 668| |#else 669| 64| if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ------------------ | | 39| 64|#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ ------------------ | Branch (669:13): [True: 0, False: 64] ------------------ 670| 64| ctx->counter, locals.tmp)) != 0) { 671| 0| goto exit; 672| 0| } 673| 64|#endif 674| | 675| 64| use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE) ------------------ | | 73| 64|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ | Branch (675:19): [True: 32, False: 32] ------------------ 676| 64| ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; ------------------ | | 73| 32|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 677| | /* 678| | * Copy random block to destination 679| | */ 680| 64| memcpy(p, locals.tmp, use_len); 681| 64| p += use_len; 682| 64| output_len -= use_len; 683| 64| } 684| | 685| 32| if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) { ------------------ | Branch (685:9): [True: 0, False: 32] ------------------ 686| 0| goto exit; 687| 0| } 688| | 689| 32| ctx->reseed_counter++; 690| | 691| 32|exit: 692| 32| mbedtls_platform_zeroize(&locals, sizeof(locals)); 693| 32| return ret; 694| 32|} mbedtls_ctr_drbg_random: 698| 32|{ 699| 32| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 32|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 700| 32| mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; 701| | 702| 32|#if defined(MBEDTLS_THREADING_C) 703| 32| if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { ------------------ | Branch (703:9): [True: 0, False: 32] ------------------ 704| 0| return ret; 705| 0| } 706| 32|#endif 707| | 708| 32| ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0); 709| | 710| 32|#if defined(MBEDTLS_THREADING_C) 711| 32| if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { ------------------ | Branch (711:9): [True: 0, False: 32] ------------------ 712| 0| return MBEDTLS_ERR_THREADING_MUTEX_ERROR; ------------------ | | 25| 0|#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E ------------------ 713| 0| } 714| 32|#endif 715| | 716| 32| return ret; 717| 32|} ctr_drbg.c:block_cipher_df: 163| 16|{ 164| 16| unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 165| 16| MBEDTLS_CTR_DRBG_BLOCKSIZE + 16]; 166| 16| unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; 167| 16| unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; 168| 16| unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; 169| 16| unsigned char *p, *iv; 170| 16| int ret = 0; 171| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 172| | psa_status_t status; 173| | size_t tmp_len; 174| | mbedtls_ctr_drbg_psa_context psa_ctx; 175| | 176| | psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; 177| | psa_ctx.operation = psa_cipher_operation_init(); 178| |#else 179| 16| mbedtls_aes_context aes_ctx; 180| 16|#endif 181| | 182| 16| int i, j; 183| 16| size_t buf_len, use_len; 184| | 185| 16| if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) { ------------------ | | 142| 16|#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 ------------------ | Branch (185:9): [True: 0, False: 16] ------------------ 186| 0| return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; ------------------ | | 69| 0|#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 ------------------ 187| 0| } 188| | 189| 16| memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + ------------------ | | 142| 16|#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 ------------------ 190| 16| MBEDTLS_CTR_DRBG_BLOCKSIZE + 16); ------------------ | | 73| 16|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 191| | 192| | /* 193| | * Construct IV (16 bytes) and S in buffer 194| | * IV = Counter (in 32-bits) padded to 16 with zeroes 195| | * S = Length input string (in 32-bits) || Length of output (in 32-bits) || 196| | * data || 0x80 197| | * (Total is padded to a multiple of 16-bytes with zeroes) 198| | */ 199| 16| p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE; ------------------ | | 73| 16|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 200| 16| MBEDTLS_PUT_UINT32_BE(data_len, p, 0); ------------------ | | 428| 16| { \ | | 429| 16| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 16|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 16| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 16| else \ | | 434| 16| { \ | | 435| 16| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 16|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 16| } \ | | 437| 16| } ------------------ 201| 16| p += 4 + 3; 202| 16| *p++ = MBEDTLS_CTR_DRBG_SEEDLEN; ------------------ | | 92| 16|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 16|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 16|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ 203| 16| memcpy(p, data, data_len); 204| 16| p[data_len] = 0x80; 205| | 206| 16| buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1; ------------------ | | 73| 16|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 207| | 208| 528| for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) { ------------------ | | 83| 528|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 ------------------ | Branch (208:17): [True: 512, False: 16] ------------------ 209| 512| key[i] = i; 210| 512| } 211| | 212| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 213| | status = ctr_drbg_setup_psa_context(&psa_ctx, key, sizeof(key)); 214| | if (status != PSA_SUCCESS) { 215| | ret = psa_generic_status_to_mbedtls(status); 216| | goto exit; 217| | } 218| |#else 219| 16| mbedtls_aes_init(&aes_ctx); 220| | 221| 16| if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, ------------------ | Branch (221:9): [True: 0, False: 16] ------------------ 222| 16| MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { ------------------ | | 91| 16|#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */ | | ------------------ | | | | 83| 16|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ ------------------ 223| 0| goto exit; 224| 0| } 225| 16|#endif 226| | 227| | /* 228| | * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data 229| | */ 230| 64| for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { ------------------ | | 92| 64|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 64|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 64|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { ------------------ | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ | Branch (230:17): [True: 48, False: 16] ------------------ 231| 48| p = buf; 232| 48| memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE); ------------------ | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 233| 48| use_len = buf_len; 234| | 235| 336| while (use_len > 0) { ------------------ | Branch (235:16): [True: 288, False: 48] ------------------ 236| 288| mbedtls_xor(chain, chain, p, MBEDTLS_CTR_DRBG_BLOCKSIZE); ------------------ | | 73| 288|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 237| 288| p += MBEDTLS_CTR_DRBG_BLOCKSIZE; ------------------ | | 73| 288|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 238| 288| use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? ------------------ | | 73| 288|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ | Branch (238:24): [True: 240, False: 48] ------------------ 239| 240| MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; ------------------ | | 73| 240|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 240| | 241| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 242| | status = psa_cipher_update(&psa_ctx.operation, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, 243| | chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); 244| | if (status != PSA_SUCCESS) { 245| | ret = psa_generic_status_to_mbedtls(status); 246| | goto exit; 247| | } 248| |#else 249| 288| if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, ------------------ | | 39| 288|#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ ------------------ | Branch (249:17): [True: 0, False: 288] ------------------ 250| 288| chain, chain)) != 0) { 251| 0| goto exit; 252| 0| } 253| 288|#endif 254| 288| } 255| | 256| 48| memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE); ------------------ | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 257| | 258| | /* 259| | * Update IV 260| | */ 261| 48| buf[3]++; 262| 48| } 263| | 264| | /* 265| | * Do final encryption with reduced data 266| | */ 267| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 268| | ctr_drbg_destroy_psa_contex(&psa_ctx); 269| | 270| | status = ctr_drbg_setup_psa_context(&psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); 271| | if (status != PSA_SUCCESS) { 272| | ret = psa_generic_status_to_mbedtls(status); 273| | goto exit; 274| | } 275| |#else 276| 16| if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, ------------------ | Branch (276:9): [True: 0, False: 16] ------------------ 277| 16| MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { ------------------ | | 91| 16|#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */ | | ------------------ | | | | 83| 16|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ ------------------ 278| 0| goto exit; 279| 0| } 280| 16|#endif 281| 16| iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; ------------------ | | 83| 16|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 ------------------ 282| 16| p = output; 283| | 284| 64| for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { ------------------ | | 92| 64|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 64|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 64|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { ------------------ | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ | Branch (284:17): [True: 48, False: 16] ------------------ 285| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 286| | status = psa_cipher_update(&psa_ctx.operation, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, 287| | iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); 288| | if (status != PSA_SUCCESS) { 289| | ret = psa_generic_status_to_mbedtls(status); 290| | goto exit; 291| | } 292| |#else 293| 48| if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, ------------------ | | 39| 48|#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ ------------------ | Branch (293:13): [True: 0, False: 48] ------------------ 294| 48| iv, iv)) != 0) { 295| 0| goto exit; 296| 0| } 297| 48|#endif 298| 48| memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE); ------------------ | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 299| 48| p += MBEDTLS_CTR_DRBG_BLOCKSIZE; ------------------ | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 300| 48| } 301| 16|exit: 302| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 303| | ctr_drbg_destroy_psa_contex(&psa_ctx); 304| |#else 305| 16| mbedtls_aes_free(&aes_ctx); 306| 16|#endif 307| | /* 308| | * tidy up the stack 309| | */ 310| 16| mbedtls_platform_zeroize(buf, sizeof(buf)); 311| 16| mbedtls_platform_zeroize(tmp, sizeof(tmp)); 312| 16| mbedtls_platform_zeroize(key, sizeof(key)); 313| 16| mbedtls_platform_zeroize(chain, sizeof(chain)); 314| 16| if (0 != ret) { ------------------ | Branch (314:9): [True: 0, False: 16] ------------------ 315| | /* 316| | * wipe partial seed from memory 317| | */ 318| 0| mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN); ------------------ | | 92| 0|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 0|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 0|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ 319| 0| } 320| | 321| 16| return ret; 322| 16|} ctr_drbg.c:ctr_drbg_update_internal: 334| 48|{ 335| 48| unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; 336| 48| unsigned char *p = tmp; 337| 48| int j; 338| 48| int ret = 0; 339| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 340| | psa_status_t status; 341| | size_t tmp_len; 342| |#endif 343| | 344| 48| memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN); ------------------ | | 92| 48|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 48|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ 345| | 346| 192| for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { ------------------ | | 92| 192|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 192|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 192|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { ------------------ | | 73| 144|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ | Branch (346:17): [True: 144, False: 48] ------------------ 347| | /* 348| | * Increase counter 349| | */ 350| 144| mbedtls_ctr_increment_counter(ctx->counter); 351| | 352| | /* 353| | * Crypt counter block 354| | */ 355| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 356| | status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), 357| | p, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); 358| | if (status != PSA_SUCCESS) { 359| | ret = psa_generic_status_to_mbedtls(status); 360| | goto exit; 361| | } 362| |#else 363| 144| if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ------------------ | | 39| 144|#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ ------------------ | Branch (363:13): [True: 0, False: 144] ------------------ 364| 144| ctx->counter, p)) != 0) { 365| 0| goto exit; 366| 0| } 367| 144|#endif 368| | 369| 144| p += MBEDTLS_CTR_DRBG_BLOCKSIZE; ------------------ | | 73| 144|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 370| 144| } 371| | 372| 48| mbedtls_xor(tmp, tmp, data, MBEDTLS_CTR_DRBG_SEEDLEN); ------------------ | | 92| 48|#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 83| 48|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ | | #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ | | ------------------ | | | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ | | ------------------ ------------------ 373| | 374| | /* 375| | * Update key and counter 376| | */ 377| |#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 378| | ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); 379| | 380| | status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); 381| | if (status != PSA_SUCCESS) { 382| | ret = psa_generic_status_to_mbedtls(status); 383| | goto exit; 384| | } 385| |#else 386| 48| if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, ------------------ | Branch (386:9): [True: 0, False: 48] ------------------ 387| 48| MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { ------------------ | | 91| 48|#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */ | | ------------------ | | | | 83| 48|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 | | ------------------ ------------------ 388| 0| goto exit; 389| 0| } 390| 48|#endif 391| 48| memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, ------------------ | | 83| 48|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 ------------------ 392| 48| MBEDTLS_CTR_DRBG_BLOCKSIZE); ------------------ | | 73| 48|#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ ------------------ 393| | 394| 48|exit: 395| 48| mbedtls_platform_zeroize(tmp, sizeof(tmp)); 396| 48| return ret; 397| 48|} ctr_drbg.c:mbedtls_ctr_drbg_reseed_internal: 451| 32|{ 452| 32| unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; 453| 32| size_t seedlen = 0; 454| 32| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 32|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 455| | 456| 32| if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) { ------------------ | | 142| 32|#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 ------------------ | Branch (456:9): [True: 0, False: 32] ------------------ 457| 0| return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; ------------------ | | 69| 0|#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 ------------------ 458| 0| } 459| 32| if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) { ------------------ | | 142| 32|#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 ------------------ | Branch (459:9): [True: 0, False: 32] ------------------ 460| 0| return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; ------------------ | | 69| 0|#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 ------------------ 461| 0| } 462| 32| if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) { ------------------ | | 142| 32|#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 ------------------ | Branch (462:9): [True: 0, False: 32] ------------------ 463| 0| return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; ------------------ | | 69| 0|#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 ------------------ 464| 0| } 465| | 466| 32| memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT); ------------------ | | 142| 32|#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 ------------------ 467| | 468| | /* Gather entropy_len bytes of entropy to seed state. */ 469| 32| if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) { ------------------ | Branch (469:9): [True: 16, False: 16] ------------------ 470| 16| return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED; ------------------ | | 65| 16|#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 ------------------ 471| 16| } 472| 16| seedlen += ctx->entropy_len; 473| | 474| | /* Gather entropy for a nonce if requested. */ 475| 16| if (nonce_len != 0) { ------------------ | Branch (475:9): [True: 0, False: 16] ------------------ 476| 0| if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) { ------------------ | Branch (476:13): [True: 0, False: 0] ------------------ 477| 0| return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED; ------------------ | | 65| 0|#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 ------------------ 478| 0| } 479| 0| seedlen += nonce_len; 480| 0| } 481| | 482| | /* Add additional data if provided. */ 483| 16| if (additional != NULL && len != 0) { ------------------ | Branch (483:9): [True: 16, False: 0] | Branch (483:31): [True: 16, False: 0] ------------------ 484| 16| memcpy(seed + seedlen, additional, len); 485| 16| seedlen += len; 486| 16| } 487| | 488| | /* Reduce to 384 bits. */ 489| 16| if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) { ------------------ | Branch (489:9): [True: 0, False: 16] ------------------ 490| 0| goto exit; 491| 0| } 492| | 493| | /* Update state. */ 494| 16| if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) { ------------------ | Branch (494:9): [True: 0, False: 16] ------------------ 495| 0| goto exit; 496| 0| } 497| 16| ctx->reseed_counter = 1; 498| | 499| 16|exit: 500| 16| mbedtls_platform_zeroize(seed, sizeof(seed)); 501| 16| return ret; 502| 16|} ctr_drbg.c:good_nonce_len: 516| 32|{ 517| 32| if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) { ------------------ | | 83| 32|#define MBEDTLS_CTR_DRBG_KEYSIZE 32 ------------------ | Branch (517:9): [True: 32, False: 0] ------------------ 518| 32| return 0; 519| 32| } else { 520| 0| return (entropy_len + 1) / 2; 521| 0| } 522| 32|} mbedtls_debug_print_msg: 56| 2.54k|{ 57| 2.54k| va_list argp; 58| 2.54k| char str[DEBUG_BUF_SIZE]; 59| 2.54k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.54k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 60| | 61| 2.54k| MBEDTLS_STATIC_ASSERT(DEBUG_BUF_SIZE >= 2, "DEBUG_BUF_SIZE too small"); ------------------ | | 367| 2.54k| struct ISO_C_does_not_allow_extra_semicolon_outside_of_a_function ------------------ 62| | 63| 2.54k| if (NULL == ssl || ------------------ | Branch (63:9): [True: 0, False: 2.54k] ------------------ 64| 2.54k| NULL == ssl->conf || ------------------ | Branch (64:9): [True: 0, False: 2.54k] ------------------ 65| 2.54k| NULL == ssl->conf->f_dbg || ------------------ | Branch (65:9): [True: 2.54k, False: 0] ------------------ 66| 2.54k| level > debug_threshold) { ------------------ | Branch (66:9): [True: 0, False: 0] ------------------ 67| 2.54k| return; 68| 2.54k| } 69| | 70| 0| va_start(argp, format); 71| 0| ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp); ------------------ | | 22| 0|#define DEBUG_BUF_SIZE 512 ------------------ 72| 0| va_end(argp); 73| | 74| 0| if (ret < 0) { ------------------ | Branch (74:9): [True: 0, False: 0] ------------------ 75| 0| ret = 0; 76| 0| } else { 77| 0| if (ret >= DEBUG_BUF_SIZE - 1) { ------------------ | | 22| 0|#define DEBUG_BUF_SIZE 512 ------------------ | Branch (77:13): [True: 0, False: 0] ------------------ 78| 0| ret = DEBUG_BUF_SIZE - 2; ------------------ | | 22| 0|#define DEBUG_BUF_SIZE 512 ------------------ 79| 0| } 80| 0| } 81| 0| str[ret] = '\n'; 82| 0| str[ret + 1] = '\0'; 83| | 84| 0| debug_send_line(ssl, level, file, line, str); 85| 0|} mbedtls_debug_print_ret: 90| 16|{ 91| 16| char str[DEBUG_BUF_SIZE]; 92| | 93| 16| if (NULL == ssl || ------------------ | Branch (93:9): [True: 0, False: 16] ------------------ 94| 16| NULL == ssl->conf || ------------------ | Branch (94:9): [True: 0, False: 16] ------------------ 95| 16| NULL == ssl->conf->f_dbg || ------------------ | Branch (95:9): [True: 16, False: 0] ------------------ 96| 16| level > debug_threshold) { ------------------ | Branch (96:9): [True: 0, False: 0] ------------------ 97| 16| return; 98| 16| } 99| | 100| | /* 101| | * With non-blocking I/O and examples that just retry immediately, 102| | * the logs would be quickly flooded with WANT_READ, so ignore that. 103| | * Don't ignore WANT_WRITE however, since it is usually rare. 104| | */ 105| 0| if (ret == MBEDTLS_ERR_SSL_WANT_READ) { ------------------ | | 136| 0|#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 ------------------ | Branch (105:9): [True: 0, False: 0] ------------------ 106| 0| return; 107| 0| } 108| | 109| 0| mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n", 110| 0| text, ret, (unsigned int) -ret); 111| | 112| 0| debug_send_line(ssl, level, file, line, str); 113| 0|} mbedtls_debug_print_buf: 118| 32|{ 119| 32| char str[DEBUG_BUF_SIZE]; 120| 32| char txt[17]; 121| 32| size_t i, idx = 0; 122| | 123| 32| if (NULL == ssl || ------------------ | Branch (123:9): [True: 0, False: 32] ------------------ 124| 32| NULL == ssl->conf || ------------------ | Branch (124:9): [True: 0, False: 32] ------------------ 125| 32| NULL == ssl->conf->f_dbg || ------------------ | Branch (125:9): [True: 32, False: 0] ------------------ 126| 32| level > debug_threshold) { ------------------ | Branch (126:9): [True: 0, False: 0] ------------------ 127| 32| return; 128| 32| } 129| | 130| 0| mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n", 131| 0| text, (unsigned int) len); 132| | 133| 0| debug_send_line(ssl, level, file, line, str); 134| | 135| 0| memset(txt, 0, sizeof(txt)); 136| 0| for (i = 0; i < len; i++) { ------------------ | Branch (136:17): [True: 0, False: 0] ------------------ 137| 0| if (i >= 4096) { ------------------ | Branch (137:13): [True: 0, False: 0] ------------------ 138| 0| break; 139| 0| } 140| | 141| 0| if (i % 16 == 0) { ------------------ | Branch (141:13): [True: 0, False: 0] ------------------ 142| 0| if (i > 0) { ------------------ | Branch (142:17): [True: 0, False: 0] ------------------ 143| 0| mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); 144| 0| debug_send_line(ssl, level, file, line, str); 145| | 146| 0| idx = 0; 147| 0| memset(txt, 0, sizeof(txt)); 148| 0| } 149| | 150| 0| idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ", 151| 0| (unsigned int) i); 152| | 153| 0| } 154| | 155| 0| idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", 156| 0| (unsigned int) buf[i]); 157| 0| txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.'; ------------------ | Branch (157:24): [True: 0, False: 0] | Branch (157:39): [True: 0, False: 0] ------------------ 158| 0| } 159| | 160| 0| if (len > 0) { ------------------ | Branch (160:9): [True: 0, False: 0] ------------------ 161| 0| for (/* i = i */; i % 16 != 0; i++) { ------------------ | Branch (161:27): [True: 0, False: 0] ------------------ 162| 0| idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); 163| 0| } 164| | 165| 0| mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); 166| 0| debug_send_line(ssl, level, file, line, str); 167| 0| } 168| 0|} mbedtls_dhm_init: 99| 16|{ 100| 16| memset(ctx, 0, sizeof(mbedtls_dhm_context)); 101| 16|} mbedtls_dhm_free: 459| 16|{ 460| 16| if (ctx == NULL) { ------------------ | Branch (460:9): [True: 0, False: 16] ------------------ 461| 0| return; 462| 0| } 463| | 464| 16| mbedtls_mpi_free(&ctx->pX); 465| 16| mbedtls_mpi_free(&ctx->Vf); 466| 16| mbedtls_mpi_free(&ctx->Vi); 467| 16| mbedtls_mpi_free(&ctx->RP); 468| 16| mbedtls_mpi_free(&ctx->K); 469| 16| mbedtls_mpi_free(&ctx->GY); 470| 16| mbedtls_mpi_free(&ctx->GX); 471| 16| mbedtls_mpi_free(&ctx->X); 472| 16| mbedtls_mpi_free(&ctx->G); 473| 16| mbedtls_mpi_free(&ctx->P); 474| | 475| 16| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_dhm_context)); 476| 16|} mbedtls_ecdh_init: 160| 16|{ 161| 16|#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) 162| 16| ecdh_init_internal(ctx); 163| 16| mbedtls_ecp_point_init(&ctx->Vi); 164| 16| mbedtls_ecp_point_init(&ctx->Vf); 165| 16| mbedtls_mpi_init(&ctx->_d); 166| |#else 167| | memset(ctx, 0, sizeof(mbedtls_ecdh_context)); 168| | 169| | ctx->var = MBEDTLS_ECDH_VARIANT_NONE; 170| |#endif 171| 16| ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; ------------------ | | 439| 16|#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 ------------------ 172| 16|#if defined(MBEDTLS_ECP_RESTARTABLE) 173| 16| ctx->restart_enabled = 0; 174| 16|#endif 175| 16|} mbedtls_ecdh_free: 243| 16|{ 244| 16| if (ctx == NULL) { ------------------ | Branch (244:9): [True: 0, False: 16] ------------------ 245| 0| return; 246| 0| } 247| | 248| 16|#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) 249| 16| mbedtls_ecp_point_free(&ctx->Vi); 250| 16| mbedtls_ecp_point_free(&ctx->Vf); 251| 16| mbedtls_mpi_free(&ctx->_d); 252| 16| ecdh_free_internal(ctx); 253| |#else 254| | switch (ctx->var) { 255| |#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) 256| | case MBEDTLS_ECDH_VARIANT_EVEREST: 257| | mbedtls_everest_free(&ctx->ctx.everest_ecdh); 258| | break; 259| |#endif 260| | case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: 261| | ecdh_free_internal(&ctx->ctx.mbed_ecdh); 262| | break; 263| | default: 264| | break; 265| | } 266| | 267| | ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; 268| | ctx->var = MBEDTLS_ECDH_VARIANT_NONE; 269| | ctx->grp_id = MBEDTLS_ECP_DP_NONE; 270| |#endif 271| 16|} ecdh.c:ecdh_init_internal: 135| 16|{ 136| 16| mbedtls_ecp_group_init(&ctx->grp); 137| 16| mbedtls_mpi_init(&ctx->d); 138| 16| mbedtls_ecp_point_init(&ctx->Q); 139| 16| mbedtls_ecp_point_init(&ctx->Qp); 140| 16| mbedtls_mpi_init(&ctx->z); 141| | 142| 16|#if defined(MBEDTLS_ECP_RESTARTABLE) 143| 16| mbedtls_ecp_restart_init(&ctx->rs); 144| 16|#endif 145| 16|} ecdh.c:ecdh_free_internal: 217| 16|{ 218| 16| mbedtls_ecp_group_free(&ctx->grp); 219| 16| mbedtls_mpi_free(&ctx->d); 220| 16| mbedtls_ecp_point_free(&ctx->Q); 221| 16| mbedtls_ecp_point_free(&ctx->Qp); 222| 16| mbedtls_mpi_free(&ctx->z); 223| | 224| 16|#if defined(MBEDTLS_ECP_RESTARTABLE) 225| 16| mbedtls_ecp_restart_free(&ctx->rs); 226| 16|#endif 227| 16|} mbedtls_ecjpake_init: 51| 16|{ 52| 16| ctx->md_type = MBEDTLS_MD_NONE; 53| 16| mbedtls_ecp_group_init(&ctx->grp); 54| 16| ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; ------------------ | | 439| 16|#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 ------------------ 55| | 56| 16| mbedtls_ecp_point_init(&ctx->Xm1); 57| 16| mbedtls_ecp_point_init(&ctx->Xm2); 58| 16| mbedtls_ecp_point_init(&ctx->Xp1); 59| 16| mbedtls_ecp_point_init(&ctx->Xp2); 60| 16| mbedtls_ecp_point_init(&ctx->Xp); 61| | 62| 16| mbedtls_mpi_init(&ctx->xm1); 63| 16| mbedtls_mpi_init(&ctx->xm2); 64| 16| mbedtls_mpi_init(&ctx->s); 65| 16|} mbedtls_ecjpake_free: 71| 16|{ 72| 16| if (ctx == NULL) { ------------------ | Branch (72:9): [True: 0, False: 16] ------------------ 73| 0| return; 74| 0| } 75| | 76| 16| ctx->md_type = MBEDTLS_MD_NONE; 77| 16| mbedtls_ecp_group_free(&ctx->grp); 78| | 79| 16| mbedtls_ecp_point_free(&ctx->Xm1); 80| 16| mbedtls_ecp_point_free(&ctx->Xm2); 81| 16| mbedtls_ecp_point_free(&ctx->Xp1); 82| 16| mbedtls_ecp_point_free(&ctx->Xp2); 83| 16| mbedtls_ecp_point_free(&ctx->Xp); 84| | 85| 16| mbedtls_mpi_free(&ctx->xm1); 86| 16| mbedtls_mpi_free(&ctx->xm2); 87| 16| mbedtls_mpi_free(&ctx->s); 88| 16|} mbedtls_ecjpake_check: 143| 16|{ 144| 16| if (ctx->md_type == MBEDTLS_MD_NONE || ------------------ | Branch (144:9): [True: 16, False: 0] ------------------ 145| 16| ctx->grp.id == MBEDTLS_ECP_DP_NONE || ------------------ | Branch (145:9): [True: 0, False: 0] ------------------ 146| 16| ctx->s.p == NULL) { ------------------ | Branch (146:9): [True: 0, False: 0] ------------------ 147| 16| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 16|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 148| 16| } 149| | 150| 0| return 0; 151| 16|} mbedtls_ecp_restart_init: 218| 32|{ 219| 32| ctx->ops_done = 0; 220| 32| ctx->depth = 0; 221| 32| ctx->rsm = NULL; 222| 32| ctx->ma = NULL; 223| 32|} mbedtls_ecp_restart_free: 229| 16|{ 230| 16| if (ctx == NULL) { ------------------ | Branch (230:9): [True: 0, False: 16] ------------------ 231| 0| return; 232| 0| } 233| | 234| 16| ecp_restart_rsm_free(ctx->rsm); 235| 16| mbedtls_free(ctx->rsm); 236| | 237| 16| ecp_restart_ma_free(ctx->ma); 238| 16| mbedtls_free(ctx->ma); 239| | 240| 16| mbedtls_ecp_restart_init(ctx); 241| 16|} mbedtls_ecp_get_type: 487| 4|{ 488| 4| if (grp->G.X.p == NULL) { ------------------ | Branch (488:9): [True: 0, False: 4] ------------------ 489| 0| return MBEDTLS_ECP_TYPE_NONE; 490| 0| } 491| | 492| 4| if (grp->G.Y.p == NULL) { ------------------ | Branch (492:9): [True: 0, False: 4] ------------------ 493| 0| return MBEDTLS_ECP_TYPE_MONTGOMERY; 494| 4| } else { 495| 4| return MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS; 496| 4| } 497| 4|} mbedtls_ecp_point_init: 503| 179|{ 504| 179| mbedtls_mpi_init(&pt->X); 505| 179| mbedtls_mpi_init(&pt->Y); 506| 179| mbedtls_mpi_init(&pt->Z); 507| 179|} mbedtls_ecp_group_init: 513| 34|{ 514| 34| grp->id = MBEDTLS_ECP_DP_NONE; 515| 34| mbedtls_mpi_init(&grp->P); 516| 34| mbedtls_mpi_init(&grp->A); 517| 34| mbedtls_mpi_init(&grp->B); 518| 34| mbedtls_ecp_point_init(&grp->G); 519| 34| mbedtls_mpi_init(&grp->N); 520| 34| grp->pbits = 0; 521| 34| grp->nbits = 0; 522| 34| grp->h = 0; 523| 34| grp->modp = NULL; 524| 34| grp->t_pre = NULL; 525| 34| grp->t_post = NULL; 526| 34| grp->t_data = NULL; 527| 34| grp->T = NULL; 528| 34| grp->T_size = 0; 529| 34|} mbedtls_ecp_keypair_init: 535| 1|{ 536| 1| mbedtls_ecp_group_init(&key->grp); 537| 1| mbedtls_mpi_init(&key->d); 538| 1| mbedtls_ecp_point_init(&key->Q); 539| 1|} mbedtls_ecp_point_free: 545| 177|{ 546| 177| if (pt == NULL) { ------------------ | Branch (546:9): [True: 0, False: 177] ------------------ 547| 0| return; 548| 0| } 549| | 550| 177| mbedtls_mpi_free(&(pt->X)); 551| 177| mbedtls_mpi_free(&(pt->Y)); 552| 177| mbedtls_mpi_free(&(pt->Z)); 553| 177|} mbedtls_ecp_group_free: 572| 33|{ 573| 33| size_t i; 574| | 575| 33| if (grp == NULL) { ------------------ | Branch (575:9): [True: 0, False: 33] ------------------ 576| 0| return; 577| 0| } 578| | 579| 33| if (grp->h != 1) { ------------------ | Branch (579:9): [True: 33, False: 0] ------------------ 580| 33| mbedtls_mpi_free(&grp->A); 581| 33| mbedtls_mpi_free(&grp->B); 582| 33| mbedtls_ecp_point_free(&grp->G); 583| | 584| 33|#if !defined(MBEDTLS_ECP_WITH_MPI_UINT) 585| 33| mbedtls_mpi_free(&grp->N); 586| 33| mbedtls_mpi_free(&grp->P); 587| 33|#endif 588| 33| } 589| | 590| 33| if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { ------------------ | Branch (590:9): [True: 33, False: 0] | Branch (590:49): [True: 0, False: 33] ------------------ 591| 0| for (i = 0; i < grp->T_size; i++) { ------------------ | Branch (591:21): [True: 0, False: 0] ------------------ 592| 0| mbedtls_ecp_point_free(&grp->T[i]); 593| 0| } 594| 0| mbedtls_free(grp->T); 595| 0| } 596| | 597| 33| mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); 598| 33|} mbedtls_ecp_point_read_binary: 772| 1|{ 773| 1| int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 1|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 774| 1| size_t plen; 775| 1| if (ilen < 1) { ------------------ | Branch (775:9): [True: 0, False: 1] ------------------ 776| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 777| 0| } 778| | 779| 1| plen = mbedtls_mpi_size(&grp->P); 780| | 781| 1|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 782| 1| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (782:9): [True: 0, False: 1] ------------------ 783| 0| if (plen != ilen) { ------------------ | Branch (783:13): [True: 0, False: 0] ------------------ 784| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 785| 0| } 786| | 787| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 788| 0| mbedtls_mpi_free(&pt->Y); 789| | 790| 0| if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { ------------------ | Branch (790:13): [True: 0, False: 0] ------------------ 791| | /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ 792| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 793| 0| } 794| | 795| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 796| 0| } 797| 1|#endif 798| 1|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 799| 1| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (799:9): [True: 1, False: 0] ------------------ 800| 1| if (buf[0] == 0x00) { ------------------ | Branch (800:13): [True: 0, False: 1] ------------------ 801| 0| if (ilen == 1) { ------------------ | Branch (801:17): [True: 0, False: 0] ------------------ 802| 0| return mbedtls_ecp_set_zero(pt); 803| 0| } else { 804| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 805| 0| } 806| 0| } 807| | 808| 1| if (ilen < 1 + plen) { ------------------ | Branch (808:13): [True: 0, False: 1] ------------------ 809| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 810| 0| } 811| | 812| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 813| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 814| | 815| 1| if (buf[0] == 0x04) { ------------------ | Branch (815:13): [True: 1, False: 0] ------------------ 816| | /* format == MBEDTLS_ECP_PF_UNCOMPRESSED */ 817| 1| if (ilen != 1 + plen * 2) { ------------------ | Branch (817:17): [True: 0, False: 1] ------------------ 818| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 819| 0| } 820| 1| return mbedtls_mpi_read_binary(&pt->Y, buf + 1 + plen, plen); 821| 1| } else if (buf[0] == 0x02 || buf[0] == 0x03) { ------------------ | Branch (821:20): [True: 0, False: 0] | Branch (821:38): [True: 0, False: 0] ------------------ 822| | /* format == MBEDTLS_ECP_PF_COMPRESSED */ 823| 0| if (ilen != 1 + plen) { ------------------ | Branch (823:17): [True: 0, False: 0] ------------------ 824| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 825| 0| } 826| 0| return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y, 827| 0| (buf[0] & 1)); 828| 0| } else { 829| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 830| 0| } 831| 1| } 832| 0|#endif 833| | 834| 0|cleanup: 835| 0| return ret; 836| 1|} mbedtls_ecp_check_pubkey: 3029| 1|{ 3030| | /* Must use affine coordinates */ 3031| 1| if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) { ------------------ | Branch (3031:9): [True: 0, False: 1] ------------------ 3032| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3033| 0| } 3034| | 3035| 1|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 3036| 1| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (3036:9): [True: 0, False: 1] ------------------ 3037| 0| return ecp_check_pubkey_mx(grp, pt); 3038| 0| } 3039| 1|#endif 3040| 1|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 3041| 1| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (3041:9): [True: 1, False: 0] ------------------ 3042| 1| return ecp_check_pubkey_sw(grp, pt); 3043| 1| } 3044| 0|#endif 3045| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 3046| 1|} ecp.c:ecp_restart_rsm_free: 156| 16|{ 157| 16| unsigned char i; 158| | 159| 16| if (ctx == NULL) { ------------------ | Branch (159:9): [True: 16, False: 0] ------------------ 160| 16| return; 161| 16| } 162| | 163| 0| mbedtls_ecp_point_free(&ctx->R); 164| | 165| 0| if (ctx->T != NULL) { ------------------ | Branch (165:9): [True: 0, False: 0] ------------------ 166| 0| for (i = 0; i < ctx->T_size; i++) { ------------------ | Branch (166:21): [True: 0, False: 0] ------------------ 167| 0| mbedtls_ecp_point_free(ctx->T + i); 168| 0| } 169| 0| mbedtls_free(ctx->T); 170| 0| } 171| | 172| 0| ecp_restart_rsm_init(ctx); 173| 0|} ecp.c:ecp_restart_ma_free: 203| 16|{ 204| 16| if (ctx == NULL) { ------------------ | Branch (204:9): [True: 16, False: 0] ------------------ 205| 16| return; 206| 16| } 207| | 208| 0| mbedtls_ecp_point_free(&ctx->mP); 209| 0| mbedtls_ecp_point_free(&ctx->R); 210| | 211| 0| ecp_restart_ma_init(ctx); 212| 0|} ecp.c:ecp_group_is_static_comb_table: 559| 33|{ 560| 33|#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 561| 33| return grp->T != NULL && grp->T_size == 0; ------------------ | Branch (561:12): [True: 0, False: 33] | Branch (561:30): [True: 0, False: 0] ------------------ 562| |#else 563| | (void) grp; 564| | return 0; 565| |#endif 566| 33|} ecp.c:ecp_sw_rhs: 1228| 1|{ 1229| 1| int ret; 1230| | 1231| | /* Compute X^3 + A X + B as X (X^2 + A) + B */ 1232| 1| MPI_ECP_SQR(rhs, X); ------------------ | | 1170| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 1| do \ | | | | 42| 1| { \ | | | | 43| 1| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1] | | | | ------------------ | | | | 44| 1| goto cleanup; \ | | | | 45| 1| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1233| | 1234| | /* Special case for A = -3 */ 1235| 1| if (mbedtls_ecp_group_a_is_minus_3(grp)) { ------------------ | Branch (1235:9): [True: 1, False: 0] ------------------ 1236| 1| MPI_ECP_SUB_INT(rhs, rhs, 3); ------------------ | | 1140| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c)) | | ------------------ | | | | 41| 1| do \ | | | | 42| 1| { \ | | | | 43| 1| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1] | | | | ------------------ | | | | 44| 1| goto cleanup; \ | | | | 45| 1| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1237| 1| } else { 1238| 0| MPI_ECP_ADD(rhs, rhs, &grp->A); ------------------ | | 1161| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1239| 0| } 1240| | 1241| 1| MPI_ECP_MUL(rhs, rhs, X); ------------------ | | 1167| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 1| do \ | | | | 42| 1| { \ | | | | 43| 1| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1] | | | | ------------------ | | | | 44| 1| goto cleanup; \ | | | | 45| 1| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1242| 1| MPI_ECP_ADD(rhs, rhs, &grp->B); ------------------ | | 1161| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 1| do \ | | | | 42| 1| { \ | | | | 43| 1| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1] | | | | ------------------ | | | | 44| 1| goto cleanup; \ | | | | 45| 1| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1243| | 1244| 1|cleanup: 1245| 1| return ret; 1246| 1|} ecp.c:mbedtls_mpi_mul_mod: 1059| 3|{ 1060| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1061| 3| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B)); ------------------ | | 41| 3| do \ | | 42| 3| { \ | | 43| 3| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3] | | ------------------ | | 44| 3| goto cleanup; \ | | 45| 3| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1062| 3| MOD_MUL(*X); ------------------ | | 1049| 3| do \ | | 1050| 3| { \ | | 1051| 3| MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \ | | ------------------ | | | | 41| 3| do \ | | | | 42| 3| { \ | | | | 43| 3| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 3] | | | | ------------------ | | | | 44| 3| goto cleanup; \ | | | | 45| 3| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1052| 3| INC_MUL_COUNT \ | | ------------------ | | | | 1043| 3|#define INC_MUL_COUNT mul_count++; | | ------------------ | | 1053| 3| } while (0) | | ------------------ | | | Branch (1053:14): [Folded - Ignored] | | ------------------ ------------------ 1063| 3|cleanup: 1064| 3| return ret; 1065| 3|} ecp.c:ecp_modp: 1000| 3|{ 1001| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1002| | 1003| 3| if (grp->modp == NULL) { ------------------ | Branch (1003:9): [True: 0, False: 3] ------------------ 1004| 0| return mbedtls_mpi_mod_mpi(N, N, &grp->P); 1005| 0| } 1006| | 1007| | /* N->s < 0 is a much faster test, which fails only if N is 0 */ 1008| 3| if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) || ------------------ | Branch (1008:10): [True: 0, False: 3] | Branch (1008:22): [True: 0, False: 0] ------------------ 1009| 3| mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { ------------------ | Branch (1009:9): [True: 0, False: 3] ------------------ 1010| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 1011| 0| } 1012| | 1013| 3| MBEDTLS_MPI_CHK(grp->modp(N)); ------------------ | | 41| 3| do \ | | 42| 3| { \ | | 43| 3| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3] | | ------------------ | | 44| 3| goto cleanup; \ | | 45| 3| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1014| | 1015| | /* N->s < 0 is a much faster test, which fails only if N is 0 */ 1016| 4| while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) { ------------------ | Branch (1016:12): [True: 1, False: 3] | Branch (1016:24): [True: 1, False: 0] ------------------ 1017| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1018| 1| } 1019| | 1020| 5| while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { ------------------ | Branch (1020:12): [True: 2, False: 3] ------------------ 1021| | /* we known P, N and the result are positive */ 1022| 2| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); ------------------ | | 41| 2| do \ | | 42| 2| { \ | | 43| 2| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2] | | ------------------ | | 44| 2| goto cleanup; \ | | 45| 2| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1023| 2| } 1024| | 1025| 3|cleanup: 1026| 3| return ret; 1027| 3|} ecp.c:mbedtls_mpi_sub_int_mod: 1130| 1|{ 1131| 1| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1132| | 1133| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(X, A, c)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1134| 1| MOD_SUB(X); ------------------ | | 1072| 1| do { \ | | 1073| 1| while ((N)->s < 0 && mbedtls_mpi_cmp_int((N), 0) != 0) \ | | ------------------ | | | Branch (1073:16): [True: 0, False: 1] | | | Branch (1073:30): [True: 0, False: 0] | | ------------------ | | 1074| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \ | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1075| 1| } while (0) | | ------------------ | | | Branch (1075:14): [Folded - Ignored] | | ------------------ ------------------ 1135| 1|cleanup: 1136| 1| return ret; 1137| 1|} ecp.c:mbedtls_mpi_add_mod: 1103| 1|{ 1104| 1| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1105| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1106| 1| MOD_ADD(X); ------------------ | | 1096| 2| while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \ | | ------------------ | | | Branch (1096:12): [True: 1, False: 1] | | ------------------ | | 1097| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P)) | | ------------------ | | | | 41| 2| do \ | | | | 42| 2| { \ | | | | 43| 1| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1] | | | | ------------------ | | | | 44| 1| goto cleanup; \ | | | | 45| 1| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1107| 1|cleanup: 1108| 1| return ret; 1109| 1|} ecp.c:ecp_check_pubkey_sw: 2726| 1|{ 2727| 1| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2728| 1| mbedtls_mpi YY, RHS; 2729| | 2730| | /* pt coordinates must be normalized for our checks */ 2731| 1| if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 || ------------------ | Branch (2731:9): [True: 0, False: 1] ------------------ 2732| 1| mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 || ------------------ | Branch (2732:9): [True: 0, False: 1] ------------------ 2733| 1| mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || ------------------ | Branch (2733:9): [True: 0, False: 1] ------------------ 2734| 1| mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { ------------------ | Branch (2734:9): [True: 0, False: 1] ------------------ 2735| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2736| 0| } 2737| | 2738| 1| mbedtls_mpi_init(&YY); mbedtls_mpi_init(&RHS); 2739| | 2740| | /* 2741| | * YY = Y^2 2742| | * RHS = X^3 + A X + B 2743| | */ 2744| 1| MPI_ECP_SQR(&YY, &pt->Y); ------------------ | | 1170| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 1| do \ | | | | 42| 1| { \ | | | | 43| 1| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1] | | | | ------------------ | | | | 44| 1| goto cleanup; \ | | | | 45| 1| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 2745| 1| MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2746| | 2747| 1| if (MPI_ECP_CMP(&YY, &RHS) != 0) { ------------------ | | 1191| 1| mbedtls_mpi_cmp_mpi(X, Y) ------------------ | Branch (2747:9): [True: 0, False: 1] ------------------ 2748| 0| ret = MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2749| 0| } 2750| | 2751| 1|cleanup: 2752| | 2753| 1| mbedtls_mpi_free(&YY); mbedtls_mpi_free(&RHS); 2754| | 2755| 1| return ret; 2756| 1|} mbedtls_ecp_group_load: 4718| 1|{ 4719| 1| mbedtls_ecp_group_free(grp); 4720| | 4721| 1| mbedtls_ecp_group_init(grp); 4722| | 4723| 1| grp->id = id; 4724| | 4725| 1| switch (id) { 4726| 0|#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 4727| 0| case MBEDTLS_ECP_DP_SECP192R1: ------------------ | Branch (4727:9): [True: 0, False: 1] ------------------ 4728| 0| NIST_MODP(p192); ------------------ | | 4567| 0|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4729| 0| return LOAD_GROUP(secp192r1); ------------------ | | 4600| 0|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 0| G ## _p, sizeof(G ## _p), \ | | 4602| 0| NULL, 0, \ | | 4603| 0| G ## _b, sizeof(G ## _b), \ | | 4604| 0| G ## _gx, sizeof(G ## _gx), \ | | 4605| 0| G ## _gy, sizeof(G ## _gy), \ | | 4606| 0| G ## _n, sizeof(G ## _n), \ | | 4607| 0| G ## _T \ | | 4608| 0| ) ------------------ 4730| 0|#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ 4731| | 4732| 0|#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 4733| 0| case MBEDTLS_ECP_DP_SECP224R1: ------------------ | Branch (4733:9): [True: 0, False: 1] ------------------ 4734| 0| NIST_MODP(p224); ------------------ | | 4567| 0|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4735| 0| return LOAD_GROUP(secp224r1); ------------------ | | 4600| 0|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 0| G ## _p, sizeof(G ## _p), \ | | 4602| 0| NULL, 0, \ | | 4603| 0| G ## _b, sizeof(G ## _b), \ | | 4604| 0| G ## _gx, sizeof(G ## _gx), \ | | 4605| 0| G ## _gy, sizeof(G ## _gy), \ | | 4606| 0| G ## _n, sizeof(G ## _n), \ | | 4607| 0| G ## _T \ | | 4608| 0| ) ------------------ 4736| 0|#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ 4737| | 4738| 0|#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 4739| 0| case MBEDTLS_ECP_DP_SECP256R1: ------------------ | Branch (4739:9): [True: 0, False: 1] ------------------ 4740| 0| NIST_MODP(p256); ------------------ | | 4567| 0|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4741| 0| return LOAD_GROUP(secp256r1); ------------------ | | 4600| 0|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 0| G ## _p, sizeof(G ## _p), \ | | 4602| 0| NULL, 0, \ | | 4603| 0| G ## _b, sizeof(G ## _b), \ | | 4604| 0| G ## _gx, sizeof(G ## _gx), \ | | 4605| 0| G ## _gy, sizeof(G ## _gy), \ | | 4606| 0| G ## _n, sizeof(G ## _n), \ | | 4607| 0| G ## _T \ | | 4608| 0| ) ------------------ 4742| 0|#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ 4743| | 4744| 0|#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 4745| 1| case MBEDTLS_ECP_DP_SECP384R1: ------------------ | Branch (4745:9): [True: 1, False: 0] ------------------ 4746| 1| NIST_MODP(p384); ------------------ | | 4567| 1|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4747| 1| return LOAD_GROUP(secp384r1); ------------------ | | 4600| 1|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 1| G ## _p, sizeof(G ## _p), \ | | 4602| 1| NULL, 0, \ | | 4603| 1| G ## _b, sizeof(G ## _b), \ | | 4604| 1| G ## _gx, sizeof(G ## _gx), \ | | 4605| 1| G ## _gy, sizeof(G ## _gy), \ | | 4606| 1| G ## _n, sizeof(G ## _n), \ | | 4607| 1| G ## _T \ | | 4608| 1| ) ------------------ 4748| 0|#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ 4749| | 4750| 0|#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 4751| 0| case MBEDTLS_ECP_DP_SECP521R1: ------------------ | Branch (4751:9): [True: 0, False: 1] ------------------ 4752| 0| NIST_MODP(p521); ------------------ | | 4567| 0|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4753| 0| return LOAD_GROUP(secp521r1); ------------------ | | 4600| 0|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 0| G ## _p, sizeof(G ## _p), \ | | 4602| 0| NULL, 0, \ | | 4603| 0| G ## _b, sizeof(G ## _b), \ | | 4604| 0| G ## _gx, sizeof(G ## _gx), \ | | 4605| 0| G ## _gy, sizeof(G ## _gy), \ | | 4606| 0| G ## _n, sizeof(G ## _n), \ | | 4607| 0| G ## _T \ | | 4608| 0| ) ------------------ 4754| 0|#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ 4755| | 4756| 0|#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 4757| 0| case MBEDTLS_ECP_DP_SECP192K1: ------------------ | Branch (4757:9): [True: 0, False: 1] ------------------ 4758| 0| grp->modp = ecp_mod_p192k1; 4759| 0| return LOAD_GROUP_A(secp192k1); ------------------ | | 4590| 0|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 0| G ## _p, sizeof(G ## _p), \ | | 4592| 0| G ## _a, sizeof(G ## _a), \ | | 4593| 0| G ## _b, sizeof(G ## _b), \ | | 4594| 0| G ## _gx, sizeof(G ## _gx), \ | | 4595| 0| G ## _gy, sizeof(G ## _gy), \ | | 4596| 0| G ## _n, sizeof(G ## _n), \ | | 4597| 0| G ## _T \ | | 4598| 0| ) ------------------ 4760| 0|#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ 4761| | 4762| 0|#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 4763| 0| case MBEDTLS_ECP_DP_SECP224K1: ------------------ | Branch (4763:9): [True: 0, False: 1] ------------------ 4764| 0| grp->modp = ecp_mod_p224k1; 4765| 0| return LOAD_GROUP_A(secp224k1); ------------------ | | 4590| 0|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 0| G ## _p, sizeof(G ## _p), \ | | 4592| 0| G ## _a, sizeof(G ## _a), \ | | 4593| 0| G ## _b, sizeof(G ## _b), \ | | 4594| 0| G ## _gx, sizeof(G ## _gx), \ | | 4595| 0| G ## _gy, sizeof(G ## _gy), \ | | 4596| 0| G ## _n, sizeof(G ## _n), \ | | 4597| 0| G ## _T \ | | 4598| 0| ) ------------------ 4766| 0|#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ 4767| | 4768| 0|#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 4769| 0| case MBEDTLS_ECP_DP_SECP256K1: ------------------ | Branch (4769:9): [True: 0, False: 1] ------------------ 4770| 0| grp->modp = ecp_mod_p256k1; 4771| 0| return LOAD_GROUP_A(secp256k1); ------------------ | | 4590| 0|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 0| G ## _p, sizeof(G ## _p), \ | | 4592| 0| G ## _a, sizeof(G ## _a), \ | | 4593| 0| G ## _b, sizeof(G ## _b), \ | | 4594| 0| G ## _gx, sizeof(G ## _gx), \ | | 4595| 0| G ## _gy, sizeof(G ## _gy), \ | | 4596| 0| G ## _n, sizeof(G ## _n), \ | | 4597| 0| G ## _T \ | | 4598| 0| ) ------------------ 4772| 0|#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ 4773| | 4774| 0|#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 4775| 0| case MBEDTLS_ECP_DP_BP256R1: ------------------ | Branch (4775:9): [True: 0, False: 1] ------------------ 4776| 0| return LOAD_GROUP_A(brainpoolP256r1); ------------------ | | 4590| 0|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 0| G ## _p, sizeof(G ## _p), \ | | 4592| 0| G ## _a, sizeof(G ## _a), \ | | 4593| 0| G ## _b, sizeof(G ## _b), \ | | 4594| 0| G ## _gx, sizeof(G ## _gx), \ | | 4595| 0| G ## _gy, sizeof(G ## _gy), \ | | 4596| 0| G ## _n, sizeof(G ## _n), \ | | 4597| 0| G ## _T \ | | 4598| 0| ) ------------------ 4777| 0|#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ 4778| | 4779| 0|#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 4780| 0| case MBEDTLS_ECP_DP_BP384R1: ------------------ | Branch (4780:9): [True: 0, False: 1] ------------------ 4781| 0| return LOAD_GROUP_A(brainpoolP384r1); ------------------ | | 4590| 0|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 0| G ## _p, sizeof(G ## _p), \ | | 4592| 0| G ## _a, sizeof(G ## _a), \ | | 4593| 0| G ## _b, sizeof(G ## _b), \ | | 4594| 0| G ## _gx, sizeof(G ## _gx), \ | | 4595| 0| G ## _gy, sizeof(G ## _gy), \ | | 4596| 0| G ## _n, sizeof(G ## _n), \ | | 4597| 0| G ## _T \ | | 4598| 0| ) ------------------ 4782| 0|#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ 4783| | 4784| 0|#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 4785| 0| case MBEDTLS_ECP_DP_BP512R1: ------------------ | Branch (4785:9): [True: 0, False: 1] ------------------ 4786| 0| return LOAD_GROUP_A(brainpoolP512r1); ------------------ | | 4590| 0|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 0| G ## _p, sizeof(G ## _p), \ | | 4592| 0| G ## _a, sizeof(G ## _a), \ | | 4593| 0| G ## _b, sizeof(G ## _b), \ | | 4594| 0| G ## _gx, sizeof(G ## _gx), \ | | 4595| 0| G ## _gy, sizeof(G ## _gy), \ | | 4596| 0| G ## _n, sizeof(G ## _n), \ | | 4597| 0| G ## _T \ | | 4598| 0| ) ------------------ 4787| 0|#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ 4788| | 4789| 0|#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 4790| 0| case MBEDTLS_ECP_DP_CURVE25519: ------------------ | Branch (4790:9): [True: 0, False: 1] ------------------ 4791| 0| grp->modp = ecp_mod_p255; 4792| 0| return ecp_use_curve25519(grp); 4793| 0|#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ 4794| | 4795| 0|#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 4796| 0| case MBEDTLS_ECP_DP_CURVE448: ------------------ | Branch (4796:9): [True: 0, False: 1] ------------------ 4797| 0| grp->modp = ecp_mod_p448; 4798| 0| return ecp_use_curve448(grp); 4799| 0|#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ 4800| | 4801| 0| default: ------------------ | Branch (4801:9): [True: 0, False: 1] ------------------ 4802| 0| grp->id = MBEDTLS_ECP_DP_NONE; 4803| 0| return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 0|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 4804| 1| } 4805| 1|} ecp_curves.c:ecp_group_load: 4522| 1|{ 4523| 1| ecp_mpi_load(&grp->P, p, plen); 4524| 1| if (a != NULL) { ------------------ | Branch (4524:9): [True: 0, False: 1] ------------------ 4525| 0| ecp_mpi_load(&grp->A, a, alen); 4526| 0| } 4527| 1| ecp_mpi_load(&grp->B, b, blen); 4528| 1| ecp_mpi_load(&grp->N, n, nlen); 4529| | 4530| 1| ecp_mpi_load(&grp->G.X, gx, gxlen); 4531| 1| ecp_mpi_load(&grp->G.Y, gy, gylen); 4532| 1| ecp_mpi_set1(&grp->G.Z); 4533| | 4534| 1| grp->pbits = mbedtls_mpi_bitlen(&grp->P); 4535| 1| grp->nbits = mbedtls_mpi_bitlen(&grp->N); 4536| | 4537| 1| grp->h = 1; 4538| | 4539| 1| grp->T = (mbedtls_ecp_point *) T; 4540| | /* 4541| | * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free. 4542| | */ 4543| 1| grp->T_size = 0; 4544| | 4545| 1| return 0; 4546| 1|} ecp_curves.c:ecp_mpi_load: 4495| 5|{ 4496| 5| X->s = 1; 4497| 5| X->n = (unsigned short) (len / sizeof(mbedtls_mpi_uint)); 4498| 5| X->p = (mbedtls_mpi_uint *) p; 4499| 5|} ecp_curves.c:ecp_mpi_set1: 4505| 1|{ 4506| 1| X->s = 1; 4507| 1| X->n = 1; 4508| 1| X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */ 4509| 1|} ecp_curves.c:sub32: 4942| 55|{ 4943| 55| *carry -= (*dst < src); 4944| 55| *dst -= src; 4945| 55|} ecp_curves.c:add32: 4936| 176|{ 4937| 176| *dst += src; 4938| 176| *carry += (*dst < src); 4939| 176|} ecp_curves.c:mbedtls_ecp_fix_negative: 4982| 1|{ 4983| 1| size_t i; 4984| | 4985| | /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so 4986| | * set the absolute value to 0xfff...fff - N. There is no carry 4987| | * since we're subtracting from all-bits-one. */ 4988| 8| for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) { ------------------ | Branch (4988:17): [True: 7, False: 1] ------------------ 4989| 7| N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i]; 4990| 7| } 4991| | /* Add 1, taking care of the carry. */ 4992| 1| i = 0; 4993| 1| do { 4994| 1| ++N->p[i]; 4995| 1| } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint)); ------------------ | Branch (4995:14): [True: 0, False: 1] | Branch (4995:32): [True: 0, False: 0] ------------------ 4996| | /* Invert the sign. 4997| | * Now N = N0 - 2^bits where N0 is the initial value of N. */ 4998| 1| N->s = -1; 4999| | 5000| | /* Add |c| * 2^bits to the absolute value. Since c and N are 5001| | * negative, this adds c * 2^bits. */ 5002| 1| mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c; 5003| 1|#if defined(MBEDTLS_HAVE_INT64) 5004| 1| if (bits == 224) { ------------------ | Branch (5004:9): [True: 0, False: 1] ------------------ 5005| 0| msw <<= 32; 5006| 0| } 5007| 1|#endif 5008| 1| N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw; 5009| 1|} ecp_curves.c:ecp_mod_p384: 5074| 3|{ 5075| 3| INIT(384); ------------------ | | 4954| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ | | ------------------ | | | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E | | ------------------ | | 4955| 3| signed char c = 0, cc; \ | | 4956| 3| uint32_t cur; \ | | 4957| 3| size_t i = 0, bits = (b); \ | | 4958| 3| /* N is the size of the product of two b-bit numbers, plus one */ \ | | 4959| 3| /* limb for fix_negative */ \ | | 4960| 3| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \ | | ------------------ | | | | 41| 3| do \ | | | | 42| 3| { \ | | | | 43| 3| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 3] | | | | ------------------ | | | | 44| 3| goto cleanup; \ | | | | 45| 3| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 4961| 3| LOAD32; | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 3] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ ------------------ 5076| | 5077| 3| ADD(12); ADD(21); ADD(20); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(21); ADD(20); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(21); ADD(20); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5078| 3| SUB(23); NEXT; // A0 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(23); NEXT; // A0 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 3] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 3| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 3| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 3| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 3, False: 0] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5079| | 5080| 3| ADD(13); ADD(22); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(22); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(22); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5081| 3| SUB(12); SUB(20); NEXT; // A2 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(20); NEXT; // A2 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(20); NEXT; // A2 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 3, False: 0] | | | | ------------------ | | | | 4923| 3| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 3| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 3] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5082| | 5083| 3| ADD(14); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5084| 3| SUB(13); SUB(21); NEXT; // A2 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(21); NEXT; // A2 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(21); NEXT; // A2 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 3] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 3| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 3| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 3| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 3, False: 0] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 1, False: 2] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5085| | 5086| 3| ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5087| 3| SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 3, False: 0] | | | | ------------------ | | | | 4923| 3| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 3| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 3] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5088| | 5089| 3| ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5090| 3| SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 3] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 3| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 3| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 3| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 3, False: 0] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5091| | 5092| 3| ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5093| 3| SUB(16); NEXT; // A5 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(16); NEXT; // A5 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 3, False: 0] | | | | ------------------ | | | | 4923| 3| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 3| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 3] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5094| | 5095| 3| ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5096| 3| SUB(17); NEXT; // A6 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(17); NEXT; // A6 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 3] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 3| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 3| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 3| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 3, False: 0] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5097| | 5098| 3| ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5099| 3| SUB(18); NEXT; // A7 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(18); NEXT; // A7 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 3, False: 0] | | | | ------------------ | | | | 4923| 3| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 3| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 3] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5100| | 5101| 3| ADD(20); ADD(17); ADD(16); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(20); ADD(17); ADD(16); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(20); ADD(17); ADD(16); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5102| 3| SUB(19); NEXT; // A8 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(19); NEXT; // A8 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 3] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 3| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 3| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 3| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 3, False: 0] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5103| | 5104| 3| ADD(21); ADD(18); ADD(17); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(18); ADD(17); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(18); ADD(17); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5105| 3| SUB(20); NEXT; // A9 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(20); NEXT; // A9 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 3, False: 0] | | | | ------------------ | | | | 4923| 3| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 3| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 3] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5106| | 5107| 3| ADD(22); ADD(19); ADD(18); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(19); ADD(18); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(19); ADD(18); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5108| 3| SUB(21); NEXT; // A10 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(21); NEXT; // A10 ------------------ | | 4964| 3| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 3] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 3| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 3| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 3| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 3|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 3, False: 0] | | | | | | ------------------ | | | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 3| cc = c; c = 0; \ | | 4966| 3| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 0, False: 3] | | ------------------ | | 4967| 3| sub32(&cur, -cc, &c); \ | | 4968| 3| else \ | | 4969| 3| add32(&cur, cc, &c); \ ------------------ 5109| | 5110| 3| ADD(23); ADD(20); ADD(19); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(20); ADD(19); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(20); ADD(19); ------------------ | | 4947| 3|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5111| 3| SUB(22); LAST; // A11 ------------------ | | 4948| 3|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 3|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 3| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(22); LAST; // A11 ------------------ | | 4972| 3| STORE32; i++; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 3, False: 0] | | | | ------------------ | | | | 4923| 3| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 3| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | 4973| 3| cur = c > 0 ? c : 0; STORE32; \ | | ------------------ | | | | 4922| 3| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 3] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 3| } else { \ | | | | 4926| 3| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 3| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 3| } | | ------------------ | | | Branch (4973:11): [True: 1, False: 2] | | ------------------ | | 4974| 42| cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4918| 42|#define MAX32 N->n * 2 | | ------------------ | | cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4922| 39| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 21, False: 18] | | | | ------------------ | | | | 4923| 21| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 21| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 21| } else { \ | | | | 4926| 18| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 18| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 18| } | | ------------------ | | | Branch (4974:21): [True: 39, False: 3] | | ------------------ | | 4975| 3| if (c < 0) mbedtls_ecp_fix_negative(N, c, bits); | | ------------------ | | | Branch (4975:9): [True: 1, False: 2] | | ------------------ ------------------ 5112| | 5113| 3|cleanup: 5114| 3| return ret; 5115| 3|} mbedtls_entropy_init: 28| 32|{ 29| 32| ctx->source_count = 0; 30| 32| memset(ctx->source, 0, sizeof(ctx->source)); 31| | 32| 32|#if defined(MBEDTLS_THREADING_C) 33| 32| mbedtls_mutex_init(&ctx->mutex); 34| 32|#endif 35| | 36| 32| ctx->accumulator_started = 0; 37| 32| mbedtls_md_init(&ctx->accumulator); 38| | 39| | /* Reminder: Update ENTROPY_HAVE_STRONG in the test files 40| | * when adding more strong entropy sources here. */ 41| | 42| 32|#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) 43| 32|#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) 44| 32| mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL, 45| 32| MBEDTLS_ENTROPY_MIN_PLATFORM, ------------------ | | 24| 32|#define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */ ------------------ 46| 32| MBEDTLS_ENTROPY_SOURCE_STRONG); ------------------ | | 70| 32|#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */ ------------------ 47| 32|#endif 48| |#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) 49| | mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL, 50| | MBEDTLS_ENTROPY_MIN_HARDWARE, 51| | MBEDTLS_ENTROPY_SOURCE_STRONG); 52| |#endif 53| 32|#if defined(MBEDTLS_ENTROPY_NV_SEED) 54| 32| mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL, 55| 32| MBEDTLS_ENTROPY_BLOCK_SIZE, ------------------ | | 24| 32|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 56| 32| MBEDTLS_ENTROPY_SOURCE_STRONG); ------------------ | | 70| 32|#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */ ------------------ 57| 32| ctx->initial_entropy_run = 0; 58| 32|#endif 59| 32|#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ 60| 32|} mbedtls_entropy_free: 63| 32|{ 64| 32| if (ctx == NULL) { ------------------ | Branch (64:9): [True: 0, False: 32] ------------------ 65| 0| return; 66| 0| } 67| | 68| | /* If the context was already free, don't call free() again. 69| | * This is important for mutexes which don't allow double-free. */ 70| 32| if (ctx->accumulator_started == -1) { ------------------ | Branch (70:9): [True: 0, False: 32] ------------------ 71| 0| return; 72| 0| } 73| | 74| 32|#if defined(MBEDTLS_THREADING_C) 75| 32| mbedtls_mutex_free(&ctx->mutex); 76| 32|#endif 77| 32| mbedtls_md_free(&ctx->accumulator); 78| 32|#if defined(MBEDTLS_ENTROPY_NV_SEED) 79| 32| ctx->initial_entropy_run = 0; 80| 32|#endif 81| 32| ctx->source_count = 0; 82| 32| mbedtls_platform_zeroize(ctx->source, sizeof(ctx->source)); 83| 32| ctx->accumulator_started = -1; 84| 32|} mbedtls_entropy_add_source: 89| 64|{ 90| 64| int idx, ret = 0; 91| | 92| 64|#if defined(MBEDTLS_THREADING_C) 93| 64| if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { ------------------ | Branch (93:9): [True: 0, False: 64] ------------------ 94| 0| return ret; 95| 0| } 96| 64|#endif 97| | 98| 64| idx = ctx->source_count; 99| 64| if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) { ------------------ | | 58| 64|#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ ------------------ | Branch (99:9): [True: 0, False: 64] ------------------ 100| 0| ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES; ------------------ | | 41| 0|#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E ------------------ 101| 0| goto exit; 102| 0| } 103| | 104| 64| ctx->source[idx].f_source = f_source; 105| 64| ctx->source[idx].p_source = p_source; 106| 64| ctx->source[idx].threshold = threshold; 107| 64| ctx->source[idx].strong = strong; 108| | 109| 64| ctx->source_count++; 110| | 111| 64|exit: 112| 64|#if defined(MBEDTLS_THREADING_C) 113| 64| if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { ------------------ | Branch (113:9): [True: 0, False: 64] ------------------ 114| 0| return MBEDTLS_ERR_THREADING_MUTEX_ERROR; ------------------ | | 25| 0|#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E ------------------ 115| 0| } 116| 64|#endif 117| | 118| 64| return ret; 119| 64|} mbedtls_entropy_func: 271| 32|{ 272| 32| int ret, count = 0, i, thresholds_reached; 273| 32| size_t strong_size; 274| 32| mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data; 275| 32| unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; 276| | 277| 32| if (len > MBEDTLS_ENTROPY_BLOCK_SIZE) { ------------------ | | 24| 32|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ | Branch (277:9): [True: 0, False: 32] ------------------ 278| 0| return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ 279| 0| } 280| | 281| 32|#if defined(MBEDTLS_ENTROPY_NV_SEED) 282| | /* Update the NV entropy seed before generating any entropy for outside 283| | * use. 284| | */ 285| 32| if (ctx->initial_entropy_run == 0) { ------------------ | Branch (285:9): [True: 16, False: 16] ------------------ 286| 16| ctx->initial_entropy_run = 1; 287| 16| if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0) { ------------------ | Branch (287:13): [True: 16, False: 0] ------------------ 288| 16| return ret; 289| 16| } 290| 16| } 291| 16|#endif 292| | 293| 16|#if defined(MBEDTLS_THREADING_C) 294| 16| if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { ------------------ | Branch (294:9): [True: 0, False: 16] ------------------ 295| 0| return ret; 296| 0| } 297| 16|#endif 298| | 299| | /* 300| | * Always gather extra entropy before a call 301| | */ 302| 16| do { 303| 16| if (count++ > ENTROPY_MAX_LOOP) { ------------------ | | 25| 16|#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ ------------------ | Branch (303:13): [True: 0, False: 16] ------------------ 304| 0| ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ 305| 0| goto exit; 306| 0| } 307| | 308| 16| if ((ret = entropy_gather_internal(ctx)) != 0) { ------------------ | Branch (308:13): [True: 16, False: 0] ------------------ 309| 16| goto exit; 310| 16| } 311| | 312| 0| thresholds_reached = 1; 313| 0| strong_size = 0; 314| 0| for (i = 0; i < ctx->source_count; i++) { ------------------ | Branch (314:21): [True: 0, False: 0] ------------------ 315| 0| if (ctx->source[i].size < ctx->source[i].threshold) { ------------------ | Branch (315:17): [True: 0, False: 0] ------------------ 316| 0| thresholds_reached = 0; 317| 0| } 318| 0| if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) { ------------------ | | 70| 0|#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */ ------------------ | Branch (318:17): [True: 0, False: 0] ------------------ 319| 0| strong_size += ctx->source[i].size; 320| 0| } 321| 0| } 322| 0| } while (!thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE); ------------------ | | 24| 0|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ | Branch (322:14): [True: 0, False: 0] | Branch (322:37): [True: 0, False: 0] ------------------ 323| | 324| 0| memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); ------------------ | | 24| 0|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 325| | 326| | /* 327| | * Note that at this stage it is assumed that the accumulator was started 328| | * in a previous call to entropy_update(). If this is not guaranteed, the 329| | * code below will fail. 330| | */ 331| 0| if ((ret = mbedtls_md_finish(&ctx->accumulator, buf)) != 0) { ------------------ | Branch (331:9): [True: 0, False: 0] ------------------ 332| 0| goto exit; 333| 0| } 334| | 335| | /* 336| | * Reset accumulator and counters and recycle existing entropy 337| | */ 338| 0| mbedtls_md_free(&ctx->accumulator); 339| 0| mbedtls_md_init(&ctx->accumulator); 340| 0| ret = mbedtls_md_setup(&ctx->accumulator, 341| 0| mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), 0); ------------------ | | 23| 0|#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512 ------------------ 342| 0| if (ret != 0) { ------------------ | Branch (342:9): [True: 0, False: 0] ------------------ 343| 0| goto exit; 344| 0| } 345| 0| ret = mbedtls_md_starts(&ctx->accumulator); 346| 0| if (ret != 0) { ------------------ | Branch (346:9): [True: 0, False: 0] ------------------ 347| 0| goto exit; 348| 0| } 349| 0| if ((ret = mbedtls_md_update(&ctx->accumulator, buf, ------------------ | Branch (349:9): [True: 0, False: 0] ------------------ 350| 0| MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { ------------------ | | 24| 0|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 351| 0| goto exit; 352| 0| } 353| | 354| | /* 355| | * Perform second hashing on entropy 356| | */ 357| 0| if ((ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), ------------------ | | 23| 0|#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512 ------------------ | Branch (357:9): [True: 0, False: 0] ------------------ 358| 0| buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf)) != 0) { ------------------ | | 24| 0|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 359| 0| goto exit; 360| 0| } 361| | 362| 0| for (i = 0; i < ctx->source_count; i++) { ------------------ | Branch (362:17): [True: 0, False: 0] ------------------ 363| 0| ctx->source[i].size = 0; 364| 0| } 365| | 366| 0| memcpy(output, buf, len); 367| | 368| 0| ret = 0; 369| | 370| 16|exit: 371| 16| mbedtls_platform_zeroize(buf, sizeof(buf)); 372| | 373| 16|#if defined(MBEDTLS_THREADING_C) 374| 16| if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { ------------------ | Branch (374:9): [True: 0, False: 16] ------------------ 375| 0| return MBEDTLS_ERR_THREADING_MUTEX_ERROR; ------------------ | | 25| 0|#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E ------------------ 376| 0| } 377| 16|#endif 378| | 379| 16| return ret; 380| 16|} mbedtls_entropy_update_nv_seed: 384| 16|{ 385| 16| int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; ------------------ | | 47| 16|#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F ------------------ 386| 16| unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; 387| | 388| | /* Read new seed and write it to NV */ 389| 16| if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { ------------------ | | 24| 16|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ | Branch (389:9): [True: 16, False: 0] ------------------ 390| 16| return ret; 391| 16| } 392| | 393| 0| if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) { ------------------ | | 24| 0|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ | Branch (393:9): [True: 0, False: 0] ------------------ 394| 0| return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; ------------------ | | 47| 0|#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F ------------------ 395| 0| } 396| | 397| | /* Manually update the remaining stream with a separator value to diverge */ 398| 0| memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); ------------------ | | 24| 0|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 399| 0| ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE); ------------------ | | 24| 0|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 400| | 401| 0| return ret; 402| 0|} entropy.c:entropy_update: 126| 16|{ 127| 16| unsigned char header[2]; 128| 16| unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE]; 129| 16| size_t use_len = len; 130| 16| const unsigned char *p = data; 131| 16| int ret = 0; 132| | 133| 16| if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) { ------------------ | | 24| 16|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ | Branch (133:9): [True: 16, False: 0] ------------------ 134| 16| if ((ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), ------------------ | | 23| 16|#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512 ------------------ | Branch (134:13): [True: 0, False: 16] ------------------ 135| 16| data, len, tmp)) != 0) { 136| 0| goto cleanup; 137| 0| } 138| 16| p = tmp; 139| 16| use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; ------------------ | | 24| 16|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 140| 16| } 141| | 142| 16| header[0] = source_id; 143| 16| header[1] = use_len & 0xFF; 144| | 145| | /* 146| | * Start the accumulator if this has not already happened. Note that 147| | * it is sufficient to start the accumulator here only because all calls to 148| | * gather entropy eventually execute this code. 149| | */ 150| 16| if (ctx->accumulator_started == 0) { ------------------ | Branch (150:9): [True: 16, False: 0] ------------------ 151| 16| ret = mbedtls_md_setup(&ctx->accumulator, 152| 16| mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), 0); ------------------ | | 23| 16|#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512 ------------------ 153| 16| if (ret != 0) { ------------------ | Branch (153:13): [True: 0, False: 16] ------------------ 154| 0| goto cleanup; 155| 0| } 156| 16| ret = mbedtls_md_starts(&ctx->accumulator); 157| 16| if (ret != 0) { ------------------ | Branch (157:13): [True: 0, False: 16] ------------------ 158| 0| goto cleanup; 159| 0| } 160| 16| ctx->accumulator_started = 1; 161| 16| } 162| 16| if ((ret = mbedtls_md_update(&ctx->accumulator, header, 2)) != 0) { ------------------ | Branch (162:9): [True: 0, False: 16] ------------------ 163| 0| goto cleanup; 164| 0| } 165| 16| ret = mbedtls_md_update(&ctx->accumulator, p, use_len); 166| | 167| 16|cleanup: 168| 16| mbedtls_platform_zeroize(tmp, sizeof(tmp)); 169| | 170| 16| return ret; 171| 16|} entropy.c:entropy_gather_internal: 199| 16|{ 200| 16| int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ------------------ | | 39| 16|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ 201| 16| int i; 202| 16| int have_one_strong = 0; 203| 16| unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER]; 204| 16| size_t olen; 205| | 206| 16| if (ctx->source_count == 0) { ------------------ | Branch (206:9): [True: 0, False: 16] ------------------ 207| 0| return MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED; ------------------ | | 43| 0|#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 ------------------ 208| 0| } 209| | 210| | /* 211| | * Run through our entropy sources 212| | */ 213| 32| for (i = 0; i < ctx->source_count; i++) { ------------------ | Branch (213:17): [True: 32, False: 0] ------------------ 214| 32| if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) { ------------------ | | 70| 32|#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */ ------------------ | Branch (214:13): [True: 32, False: 0] ------------------ 215| 32| have_one_strong = 1; 216| 32| } 217| | 218| 32| olen = 0; 219| 32| if ((ret = ctx->source[i].f_source(ctx->source[i].p_source, ------------------ | Branch (219:13): [True: 16, False: 16] ------------------ 220| 32| buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) { ------------------ | | 62| 32|#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ ------------------ 221| 16| goto cleanup; 222| 16| } 223| | 224| | /* 225| | * Add if we actually gathered something 226| | */ 227| 16| if (olen > 0) { ------------------ | Branch (227:13): [True: 16, False: 0] ------------------ 228| 16| if ((ret = entropy_update(ctx, (unsigned char) i, ------------------ | Branch (228:17): [True: 0, False: 16] ------------------ 229| 16| buf, olen)) != 0) { 230| 0| return ret; 231| 0| } 232| 16| ctx->source[i].size += olen; 233| 16| } 234| 16| } 235| | 236| 0| if (have_one_strong == 0) { ------------------ | Branch (236:9): [True: 0, False: 0] ------------------ 237| 0| ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; ------------------ | | 45| 0|#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D ------------------ 238| 0| } 239| | 240| 16|cleanup: 241| 16| mbedtls_platform_zeroize(buf, sizeof(buf)); 242| | 243| 16| return ret; 244| 0|} mbedtls_platform_entropy_poll: 152| 16|{ 153| 16| FILE *file; 154| 16| size_t read_len; 155| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 156| 16| ((void) data); 157| | 158| 16|#if defined(HAVE_GETRANDOM) 159| 16| ret = getrandom_wrapper(output, len, 0); 160| 16| if (ret >= 0) { ------------------ | Branch (160:9): [True: 16, False: 0] ------------------ 161| 16| *olen = (size_t) ret; 162| 16| return 0; 163| 16| } else if (errno != ENOSYS) { ------------------ | Branch (163:16): [True: 0, False: 0] ------------------ 164| 0| return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ 165| 0| } 166| | /* Fall through if the system call isn't known. */ 167| |#else 168| | ((void) ret); 169| |#endif /* HAVE_GETRANDOM */ 170| | 171| |#if defined(HAVE_SYSCTL_ARND) 172| | ((void) file); 173| | ((void) read_len); 174| | if (sysctl_arnd_wrapper(output, len) == -1) { 175| | return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 176| | } 177| | *olen = len; 178| | return 0; 179| |#else 180| | 181| 0| *olen = 0; 182| | 183| 0| file = fopen("/dev/urandom", "rb"); 184| 0| if (file == NULL) { ------------------ | Branch (184:9): [True: 0, False: 0] ------------------ 185| 0| return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ 186| 0| } 187| | 188| | /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ 189| 0| mbedtls_setbuf(file, NULL); 190| | 191| 0| read_len = fread(output, 1, len, file); 192| 0| if (read_len != len) { ------------------ | Branch (192:9): [True: 0, False: 0] ------------------ 193| 0| fclose(file); 194| 0| return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ 195| 0| } 196| | 197| 0| fclose(file); 198| 0| *olen = len; 199| | 200| 0| return 0; 201| 0|#endif /* HAVE_SYSCTL_ARND */ 202| 0|} mbedtls_nv_seed_poll: 209| 16|{ 210| 16| unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; 211| 16| size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; ------------------ | | 24| 16|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 212| 16| ((void) data); 213| | 214| 16| memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); ------------------ | | 24| 16|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ 215| | 216| 16| if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) { ------------------ | | 24| 16|#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ ------------------ | Branch (216:9): [True: 16, False: 0] ------------------ 217| 16| return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ------------------ | | 39| 16|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ 218| 16| } 219| | 220| 0| if (len < use_len) { ------------------ | Branch (220:9): [True: 0, False: 0] ------------------ 221| 0| use_len = len; 222| 0| } 223| | 224| 0| memcpy(output, buf, use_len); 225| 0| *olen = use_len; 226| | 227| 0| return 0; 228| 16|} entropy_poll.c:getrandom_wrapper: 86| 16|{ 87| | /* MemSan cannot understand that the syscall writes to the buffer */ 88| 16|#if defined(__has_feature) 89| |#if __has_feature(memory_sanitizer) 90| | memset(buf, 0, buflen); 91| |#endif 92| 16|#endif 93| 16| return (int) syscall(SYS_getrandom, buf, buflen, flags); 94| 16|} mbedtls_md_info_from_type: 140| 64|{ 141| 64| switch (md_type) { 142| 0|#if defined(MBEDTLS_MD_CAN_MD5) 143| 0| case MBEDTLS_MD_MD5: ------------------ | Branch (143:9): [True: 0, False: 64] ------------------ 144| 0| return &mbedtls_md5_info; 145| 0|#endif 146| 0|#if defined(MBEDTLS_MD_CAN_RIPEMD160) 147| 0| case MBEDTLS_MD_RIPEMD160: ------------------ | Branch (147:9): [True: 0, False: 64] ------------------ 148| 0| return &mbedtls_ripemd160_info; 149| 0|#endif 150| 0|#if defined(MBEDTLS_MD_CAN_SHA1) 151| 0| case MBEDTLS_MD_SHA1: ------------------ | Branch (151:9): [True: 0, False: 64] ------------------ 152| 0| return &mbedtls_sha1_info; 153| 0|#endif 154| 0|#if defined(MBEDTLS_MD_CAN_SHA224) 155| 0| case MBEDTLS_MD_SHA224: ------------------ | Branch (155:9): [True: 0, False: 64] ------------------ 156| 0| return &mbedtls_sha224_info; 157| 0|#endif 158| 0|#if defined(MBEDTLS_MD_CAN_SHA256) 159| 16| case MBEDTLS_MD_SHA256: ------------------ | Branch (159:9): [True: 16, False: 48] ------------------ 160| 16| return &mbedtls_sha256_info; 161| 0|#endif 162| 0|#if defined(MBEDTLS_MD_CAN_SHA384) 163| 16| case MBEDTLS_MD_SHA384: ------------------ | Branch (163:9): [True: 16, False: 48] ------------------ 164| 16| return &mbedtls_sha384_info; 165| 0|#endif 166| 0|#if defined(MBEDTLS_MD_CAN_SHA512) 167| 32| case MBEDTLS_MD_SHA512: ------------------ | Branch (167:9): [True: 32, False: 32] ------------------ 168| 32| return &mbedtls_sha512_info; 169| 0|#endif 170| 0|#if defined(MBEDTLS_MD_CAN_SHA3_224) 171| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (171:9): [True: 0, False: 64] ------------------ 172| 0| return &mbedtls_sha3_224_info; 173| 0|#endif 174| 0|#if defined(MBEDTLS_MD_CAN_SHA3_256) 175| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (175:9): [True: 0, False: 64] ------------------ 176| 0| return &mbedtls_sha3_256_info; 177| 0|#endif 178| 0|#if defined(MBEDTLS_MD_CAN_SHA3_384) 179| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (179:9): [True: 0, False: 64] ------------------ 180| 0| return &mbedtls_sha3_384_info; 181| 0|#endif 182| 0|#if defined(MBEDTLS_MD_CAN_SHA3_512) 183| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (183:9): [True: 0, False: 64] ------------------ 184| 0| return &mbedtls_sha3_512_info; 185| 0|#endif 186| 0| default: ------------------ | Branch (186:9): [True: 0, False: 64] ------------------ 187| 0| return NULL; 188| 64| } 189| 64|} mbedtls_md_init: 256| 128|{ 257| | /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */ 258| 128| memset(ctx, 0, sizeof(mbedtls_md_context_t)); 259| 128|} mbedtls_md_free: 262| 128|{ 263| 128| if (ctx == NULL || ctx->md_info == NULL) { ------------------ | Branch (263:9): [True: 0, False: 128] | Branch (263:24): [True: 80, False: 48] ------------------ 264| 80| return; 265| 80| } 266| | 267| 48| if (ctx->md_ctx != NULL) { ------------------ | Branch (267:9): [True: 48, False: 0] ------------------ 268| |#if defined(MBEDTLS_MD_SOME_PSA) 269| | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 270| | psa_hash_abort(ctx->md_ctx); 271| | } else 272| |#endif 273| 48| switch (ctx->md_info->type) { 274| 0|#if defined(MBEDTLS_MD5_C) 275| 0| case MBEDTLS_MD_MD5: ------------------ | Branch (275:13): [True: 0, False: 48] ------------------ 276| 0| mbedtls_md5_free(ctx->md_ctx); 277| 0| break; 278| 0|#endif 279| 0|#if defined(MBEDTLS_RIPEMD160_C) 280| 0| case MBEDTLS_MD_RIPEMD160: ------------------ | Branch (280:13): [True: 0, False: 48] ------------------ 281| 0| mbedtls_ripemd160_free(ctx->md_ctx); 282| 0| break; 283| 0|#endif 284| 0|#if defined(MBEDTLS_SHA1_C) 285| 0| case MBEDTLS_MD_SHA1: ------------------ | Branch (285:13): [True: 0, False: 48] ------------------ 286| 0| mbedtls_sha1_free(ctx->md_ctx); 287| 0| break; 288| 0|#endif 289| 0|#if defined(MBEDTLS_SHA224_C) 290| 0| case MBEDTLS_MD_SHA224: ------------------ | Branch (290:13): [True: 0, False: 48] ------------------ 291| 0| mbedtls_sha256_free(ctx->md_ctx); 292| 0| break; 293| 0|#endif 294| 0|#if defined(MBEDTLS_SHA256_C) 295| 16| case MBEDTLS_MD_SHA256: ------------------ | Branch (295:13): [True: 16, False: 32] ------------------ 296| 16| mbedtls_sha256_free(ctx->md_ctx); 297| 16| break; 298| 0|#endif 299| 0|#if defined(MBEDTLS_SHA384_C) 300| 16| case MBEDTLS_MD_SHA384: ------------------ | Branch (300:13): [True: 16, False: 32] ------------------ 301| 16| mbedtls_sha512_free(ctx->md_ctx); 302| 16| break; 303| 0|#endif 304| 0|#if defined(MBEDTLS_SHA512_C) 305| 16| case MBEDTLS_MD_SHA512: ------------------ | Branch (305:13): [True: 16, False: 32] ------------------ 306| 16| mbedtls_sha512_free(ctx->md_ctx); 307| 16| break; 308| 0|#endif 309| 0|#if defined(MBEDTLS_SHA3_C) 310| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (310:13): [True: 0, False: 48] ------------------ 311| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (311:13): [True: 0, False: 48] ------------------ 312| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (312:13): [True: 0, False: 48] ------------------ 313| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (313:13): [True: 0, False: 48] ------------------ 314| 0| mbedtls_sha3_free(ctx->md_ctx); 315| 0| break; 316| 0|#endif 317| 0| default: ------------------ | Branch (317:13): [True: 0, False: 48] ------------------ 318| | /* Shouldn't happen */ 319| 0| break; 320| 48| } 321| 48| mbedtls_free(ctx->md_ctx); 322| 48| } 323| | 324| 48|#if defined(MBEDTLS_MD_C) 325| 48| if (ctx->hmac_ctx != NULL) { ------------------ | Branch (325:9): [True: 0, False: 48] ------------------ 326| 0| mbedtls_zeroize_and_free(ctx->hmac_ctx, 327| 0| 2 * ctx->md_info->block_size); 328| 0| } 329| 48|#endif 330| | 331| 48| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); 332| 48|} mbedtls_md_setup: 419| 48|{ 420| 48|#if defined(MBEDTLS_MD_C) 421| 48| if (ctx == NULL) { ------------------ | Branch (421:9): [True: 0, False: 48] ------------------ 422| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 423| 0| } 424| 48|#endif 425| 48| if (md_info == NULL) { ------------------ | Branch (425:9): [True: 0, False: 48] ------------------ 426| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 427| 0| } 428| | 429| 48| ctx->md_info = md_info; 430| 48| ctx->md_ctx = NULL; 431| 48|#if defined(MBEDTLS_MD_C) 432| 48| ctx->hmac_ctx = NULL; 433| |#else 434| | if (hmac != 0) { 435| | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 436| | } 437| |#endif 438| | 439| |#if defined(MBEDTLS_MD_SOME_PSA) 440| | if (md_can_use_psa(ctx->md_info)) { 441| | ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t)); 442| | if (ctx->md_ctx == NULL) { 443| | return MBEDTLS_ERR_MD_ALLOC_FAILED; 444| | } 445| | ctx->engine = MBEDTLS_MD_ENGINE_PSA; 446| | } else 447| |#endif 448| 48| switch (md_info->type) { 449| 0|#if defined(MBEDTLS_MD5_C) 450| 0| case MBEDTLS_MD_MD5: ------------------ | Branch (450:9): [True: 0, False: 48] ------------------ 451| 0| ALLOC(md5); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 452| 0| break; 453| 0|#endif 454| 0|#if defined(MBEDTLS_RIPEMD160_C) 455| 0| case MBEDTLS_MD_RIPEMD160: ------------------ | Branch (455:9): [True: 0, False: 48] ------------------ 456| 0| ALLOC(ripemd160); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 457| 0| break; 458| 0|#endif 459| 0|#if defined(MBEDTLS_SHA1_C) 460| 0| case MBEDTLS_MD_SHA1: ------------------ | Branch (460:9): [True: 0, False: 48] ------------------ 461| 0| ALLOC(sha1); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 462| 0| break; 463| 0|#endif 464| 0|#if defined(MBEDTLS_SHA224_C) 465| 0| case MBEDTLS_MD_SHA224: ------------------ | Branch (465:9): [True: 0, False: 48] ------------------ 466| 0| ALLOC(sha256); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 467| 0| break; 468| 0|#endif 469| 0|#if defined(MBEDTLS_SHA256_C) 470| 16| case MBEDTLS_MD_SHA256: ------------------ | Branch (470:9): [True: 16, False: 32] ------------------ 471| 16| ALLOC(sha256); ------------------ | | 410| 16| do { \ | | 411| 16| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 16| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 16] | | ------------------ | | 413| 16| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 16| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 16| } \ | | 416| 16| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 472| 16| break; 473| 16|#endif 474| 16|#if defined(MBEDTLS_SHA384_C) 475| 16| case MBEDTLS_MD_SHA384: ------------------ | Branch (475:9): [True: 16, False: 32] ------------------ 476| 16| ALLOC(sha512); ------------------ | | 410| 16| do { \ | | 411| 16| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 16| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 16] | | ------------------ | | 413| 16| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 16| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 16| } \ | | 416| 16| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 477| 16| break; 478| 16|#endif 479| 16|#if defined(MBEDTLS_SHA512_C) 480| 16| case MBEDTLS_MD_SHA512: ------------------ | Branch (480:9): [True: 16, False: 32] ------------------ 481| 16| ALLOC(sha512); ------------------ | | 410| 16| do { \ | | 411| 16| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 16| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 16] | | ------------------ | | 413| 16| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 16| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 16| } \ | | 416| 16| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 482| 16| break; 483| 16|#endif 484| 16|#if defined(MBEDTLS_SHA3_C) 485| 16| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (485:9): [True: 0, False: 48] ------------------ 486| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (486:9): [True: 0, False: 48] ------------------ 487| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (487:9): [True: 0, False: 48] ------------------ 488| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (488:9): [True: 0, False: 48] ------------------ 489| 0| ALLOC(sha3); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 490| 0| break; 491| 0|#endif 492| 0| default: ------------------ | Branch (492:9): [True: 0, False: 48] ------------------ 493| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 494| 48| } 495| | 496| 48|#if defined(MBEDTLS_MD_C) 497| 48| if (hmac != 0) { ------------------ | Branch (497:9): [True: 0, False: 48] ------------------ 498| 0| ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); 499| 0| if (ctx->hmac_ctx == NULL) { ------------------ | Branch (499:13): [True: 0, False: 0] ------------------ 500| 0| mbedtls_md_free(ctx); 501| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; ------------------ | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 ------------------ 502| 0| } 503| 0| } 504| 48|#endif 505| | 506| 48| return 0; 507| 48|} mbedtls_md_starts: 511| 48|{ 512| 48|#if defined(MBEDTLS_MD_C) 513| 48| if (ctx == NULL || ctx->md_info == NULL) { ------------------ | Branch (513:9): [True: 0, False: 48] | Branch (513:24): [True: 0, False: 48] ------------------ 514| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 515| 0| } 516| 48|#endif 517| | 518| |#if defined(MBEDTLS_MD_SOME_PSA) 519| | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 520| | psa_algorithm_t alg = psa_alg_of_md(ctx->md_info); 521| | psa_hash_abort(ctx->md_ctx); 522| | psa_status_t status = psa_hash_setup(ctx->md_ctx, alg); 523| | return mbedtls_md_error_from_psa(status); 524| | } 525| |#endif 526| | 527| 48| switch (ctx->md_info->type) { 528| 0|#if defined(MBEDTLS_MD5_C) 529| 0| case MBEDTLS_MD_MD5: ------------------ | Branch (529:9): [True: 0, False: 48] ------------------ 530| 0| return mbedtls_md5_starts(ctx->md_ctx); 531| 0|#endif 532| 0|#if defined(MBEDTLS_RIPEMD160_C) 533| 0| case MBEDTLS_MD_RIPEMD160: ------------------ | Branch (533:9): [True: 0, False: 48] ------------------ 534| 0| return mbedtls_ripemd160_starts(ctx->md_ctx); 535| 0|#endif 536| 0|#if defined(MBEDTLS_SHA1_C) 537| 0| case MBEDTLS_MD_SHA1: ------------------ | Branch (537:9): [True: 0, False: 48] ------------------ 538| 0| return mbedtls_sha1_starts(ctx->md_ctx); 539| 0|#endif 540| 0|#if defined(MBEDTLS_SHA224_C) 541| 0| case MBEDTLS_MD_SHA224: ------------------ | Branch (541:9): [True: 0, False: 48] ------------------ 542| 0| return mbedtls_sha256_starts(ctx->md_ctx, 1); 543| 0|#endif 544| 0|#if defined(MBEDTLS_SHA256_C) 545| 16| case MBEDTLS_MD_SHA256: ------------------ | Branch (545:9): [True: 16, False: 32] ------------------ 546| 16| return mbedtls_sha256_starts(ctx->md_ctx, 0); 547| 0|#endif 548| 0|#if defined(MBEDTLS_SHA384_C) 549| 16| case MBEDTLS_MD_SHA384: ------------------ | Branch (549:9): [True: 16, False: 32] ------------------ 550| 16| return mbedtls_sha512_starts(ctx->md_ctx, 1); 551| 0|#endif 552| 0|#if defined(MBEDTLS_SHA512_C) 553| 16| case MBEDTLS_MD_SHA512: ------------------ | Branch (553:9): [True: 16, False: 32] ------------------ 554| 16| return mbedtls_sha512_starts(ctx->md_ctx, 0); 555| 0|#endif 556| 0|#if defined(MBEDTLS_SHA3_C) 557| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (557:9): [True: 0, False: 48] ------------------ 558| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224); 559| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (559:9): [True: 0, False: 48] ------------------ 560| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256); 561| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (561:9): [True: 0, False: 48] ------------------ 562| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384); 563| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (563:9): [True: 0, False: 48] ------------------ 564| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512); 565| 0|#endif 566| 0| default: ------------------ | Branch (566:9): [True: 0, False: 48] ------------------ 567| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 568| 48| } 569| 48|} mbedtls_md_update: 572| 32|{ 573| 32|#if defined(MBEDTLS_MD_C) 574| 32| if (ctx == NULL || ctx->md_info == NULL) { ------------------ | Branch (574:9): [True: 0, False: 32] | Branch (574:24): [True: 0, False: 32] ------------------ 575| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 576| 0| } 577| 32|#endif 578| | 579| |#if defined(MBEDTLS_MD_SOME_PSA) 580| | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 581| | psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen); 582| | return mbedtls_md_error_from_psa(status); 583| | } 584| |#endif 585| | 586| 32| switch (ctx->md_info->type) { 587| 0|#if defined(MBEDTLS_MD5_C) 588| 0| case MBEDTLS_MD_MD5: ------------------ | Branch (588:9): [True: 0, False: 32] ------------------ 589| 0| return mbedtls_md5_update(ctx->md_ctx, input, ilen); 590| 0|#endif 591| 0|#if defined(MBEDTLS_RIPEMD160_C) 592| 0| case MBEDTLS_MD_RIPEMD160: ------------------ | Branch (592:9): [True: 0, False: 32] ------------------ 593| 0| return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen); 594| 0|#endif 595| 0|#if defined(MBEDTLS_SHA1_C) 596| 0| case MBEDTLS_MD_SHA1: ------------------ | Branch (596:9): [True: 0, False: 32] ------------------ 597| 0| return mbedtls_sha1_update(ctx->md_ctx, input, ilen); 598| 0|#endif 599| 0|#if defined(MBEDTLS_SHA224_C) 600| 0| case MBEDTLS_MD_SHA224: ------------------ | Branch (600:9): [True: 0, False: 32] ------------------ 601| 0| return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 602| 0|#endif 603| 0|#if defined(MBEDTLS_SHA256_C) 604| 0| case MBEDTLS_MD_SHA256: ------------------ | Branch (604:9): [True: 0, False: 32] ------------------ 605| 0| return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 606| 0|#endif 607| 0|#if defined(MBEDTLS_SHA384_C) 608| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (608:9): [True: 0, False: 32] ------------------ 609| 0| return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 610| 0|#endif 611| 0|#if defined(MBEDTLS_SHA512_C) 612| 32| case MBEDTLS_MD_SHA512: ------------------ | Branch (612:9): [True: 32, False: 0] ------------------ 613| 32| return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 614| 0|#endif 615| 0|#if defined(MBEDTLS_SHA3_C) 616| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (616:9): [True: 0, False: 32] ------------------ 617| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (617:9): [True: 0, False: 32] ------------------ 618| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (618:9): [True: 0, False: 32] ------------------ 619| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (619:9): [True: 0, False: 32] ------------------ 620| 0| return mbedtls_sha3_update(ctx->md_ctx, input, ilen); 621| 0|#endif 622| 0| default: ------------------ | Branch (622:9): [True: 0, False: 32] ------------------ 623| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 624| 32| } 625| 32|} mbedtls_md: 687| 16|{ 688| 16| if (md_info == NULL) { ------------------ | Branch (688:9): [True: 0, False: 16] ------------------ 689| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 690| 0| } 691| | 692| |#if defined(MBEDTLS_MD_SOME_PSA) 693| | if (md_can_use_psa(md_info)) { 694| | size_t size = md_info->size; 695| | psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info), 696| | input, ilen, 697| | output, size, &size); 698| | return mbedtls_md_error_from_psa(status); 699| | } 700| |#endif 701| | 702| 16| switch (md_info->type) { 703| 0|#if defined(MBEDTLS_MD5_C) 704| 0| case MBEDTLS_MD_MD5: ------------------ | Branch (704:9): [True: 0, False: 16] ------------------ 705| 0| return mbedtls_md5(input, ilen, output); 706| 0|#endif 707| 0|#if defined(MBEDTLS_RIPEMD160_C) 708| 0| case MBEDTLS_MD_RIPEMD160: ------------------ | Branch (708:9): [True: 0, False: 16] ------------------ 709| 0| return mbedtls_ripemd160(input, ilen, output); 710| 0|#endif 711| 0|#if defined(MBEDTLS_SHA1_C) 712| 0| case MBEDTLS_MD_SHA1: ------------------ | Branch (712:9): [True: 0, False: 16] ------------------ 713| 0| return mbedtls_sha1(input, ilen, output); 714| 0|#endif 715| 0|#if defined(MBEDTLS_SHA224_C) 716| 0| case MBEDTLS_MD_SHA224: ------------------ | Branch (716:9): [True: 0, False: 16] ------------------ 717| 0| return mbedtls_sha256(input, ilen, output, 1); 718| 0|#endif 719| 0|#if defined(MBEDTLS_SHA256_C) 720| 0| case MBEDTLS_MD_SHA256: ------------------ | Branch (720:9): [True: 0, False: 16] ------------------ 721| 0| return mbedtls_sha256(input, ilen, output, 0); 722| 0|#endif 723| 0|#if defined(MBEDTLS_SHA384_C) 724| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (724:9): [True: 0, False: 16] ------------------ 725| 0| return mbedtls_sha512(input, ilen, output, 1); 726| 0|#endif 727| 0|#if defined(MBEDTLS_SHA512_C) 728| 16| case MBEDTLS_MD_SHA512: ------------------ | Branch (728:9): [True: 16, False: 0] ------------------ 729| 16| return mbedtls_sha512(input, ilen, output, 0); 730| 0|#endif 731| 0|#if defined(MBEDTLS_SHA3_C) 732| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (732:9): [True: 0, False: 16] ------------------ 733| 0| return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size); 734| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (734:9): [True: 0, False: 16] ------------------ 735| 0| return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size); 736| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (736:9): [True: 0, False: 16] ------------------ 737| 0| return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size); 738| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (738:9): [True: 0, False: 16] ------------------ 739| 0| return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size); 740| 0|#endif 741| 0| default: ------------------ | Branch (741:9): [True: 0, False: 16] ------------------ 742| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 743| 16| } 744| 16|} mbedtls_oid_get_x509_ext_type: 84| 9| { \ 85| 9| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 9| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 0, False: 9] ------------------ 87| 9| *ATTR1 = data->ATTR1; \ 88| 9| return 0; \ 89| 9| } mbedtls_oid_get_sig_alg: 99| 3| { \ 100| 3| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 101| 3| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (101:13): [True: 0, False: 3] ------------------ 102| 3| *(ATTR1) = data->ATTR1; \ 103| 3| *(ATTR2) = data->ATTR2; \ 104| 3| return 0; \ 105| 3| } mbedtls_oid_get_pk_alg: 84| 3| { \ 85| 3| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 3| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 0, False: 3] ------------------ 87| 3| *ATTR1 = data->ATTR1; \ 88| 3| return 0; \ 89| 3| } mbedtls_oid_get_ec_grp: 84| 1| { \ 85| 1| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 1| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 0, False: 1] ------------------ 87| 1| *ATTR1 = data->ATTR1; \ 88| 1| return 0; \ 89| 1| } oid.c:oid_x509_ext_from_asn1: 47| 9| { \ 48| 9| const TYPE_T *p = (LIST); \ 49| 9| const mbedtls_oid_descriptor_t *cur = \ 50| 9| (const mbedtls_oid_descriptor_t *) p; \ 51| 9| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 9] | Branch (51:26): [True: 0, False: 9] ------------------ 52| 48| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 48, False: 0] ------------------ 53| 48| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 42, False: 6] ------------------ 54| 48| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 9, False: 33] ------------------ 55| 9| return p; \ 56| 9| } \ 57| 48| p++; \ 58| 39| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 39| } \ 60| 9| return NULL; \ 61| 9| } oid.c:oid_sig_alg_from_asn1: 47| 3| { \ 48| 3| const TYPE_T *p = (LIST); \ 49| 3| const mbedtls_oid_descriptor_t *cur = \ 50| 3| (const mbedtls_oid_descriptor_t *) p; \ 51| 3| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 3] | Branch (51:26): [True: 0, False: 3] ------------------ 52| 16| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 16, False: 0] ------------------ 53| 16| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 8, False: 8] ------------------ 54| 16| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 3, False: 5] ------------------ 55| 3| return p; \ 56| 3| } \ 57| 16| p++; \ 58| 13| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 13| } \ 60| 3| return NULL; \ 61| 3| } oid.c:oid_pk_alg_from_asn1: 47| 3| { \ 48| 3| const TYPE_T *p = (LIST); \ 49| 3| const mbedtls_oid_descriptor_t *cur = \ 50| 3| (const mbedtls_oid_descriptor_t *) p; \ 51| 3| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 3] | Branch (51:26): [True: 0, False: 3] ------------------ 52| 4| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 4, False: 0] ------------------ 53| 4| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 3, False: 1] ------------------ 54| 4| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 3, False: 0] ------------------ 55| 3| return p; \ 56| 3| } \ 57| 4| p++; \ 58| 1| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 1| } \ 60| 3| return NULL; \ 61| 3| } oid.c:oid_grp_id_from_asn1: 47| 1| { \ 48| 1| const TYPE_T *p = (LIST); \ 49| 1| const mbedtls_oid_descriptor_t *cur = \ 50| 1| (const mbedtls_oid_descriptor_t *) p; \ 51| 1| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 1] | Branch (51:26): [True: 0, False: 1] ------------------ 52| 4| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 4, False: 0] ------------------ 53| 4| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 2, False: 2] ------------------ 54| 4| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 1, False: 1] ------------------ 55| 1| return p; \ 56| 1| } \ 57| 4| p++; \ 58| 3| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 3| } \ 60| 1| return NULL; \ 61| 1| } mbedtls_pem_init: 39| 3|{ 40| 3| memset(ctx, 0, sizeof(mbedtls_pem_context)); 41| 3|} mbedtls_pem_read_buffer: 271| 3|{ 272| 3| int ret, enc; 273| 3| size_t len; 274| 3| unsigned char *buf; 275| 3| const unsigned char *s1, *s2, *end; 276| 3|#if defined(PEM_RFC1421) 277| 3| unsigned char pem_iv[16]; 278| 3| mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE; 279| |#else 280| | ((void) pwd); 281| | ((void) pwdlen); 282| |#endif /* PEM_RFC1421 */ 283| | 284| 3| if (ctx == NULL) { ------------------ | Branch (284:9): [True: 0, False: 3] ------------------ 285| 0| return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; ------------------ | | 41| 0|#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 ------------------ 286| 0| } 287| | 288| 3| s1 = (unsigned char *) strstr((const char *) data, header); 289| | 290| 3| if (s1 == NULL) { ------------------ | Branch (290:9): [True: 0, False: 3] ------------------ 291| 0| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 292| 0| } 293| | 294| 3| s2 = (unsigned char *) strstr((const char *) data, footer); 295| | 296| 3| if (s2 == NULL || s2 <= s1) { ------------------ | Branch (296:9): [True: 0, False: 3] | Branch (296:23): [True: 0, False: 3] ------------------ 297| 0| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 298| 0| } 299| | 300| 3| s1 += strlen(header); 301| 3| if (*s1 == ' ') { ------------------ | Branch (301:9): [True: 0, False: 3] ------------------ 302| 0| s1++; 303| 0| } 304| 3| if (*s1 == '\r') { ------------------ | Branch (304:9): [True: 3, False: 0] ------------------ 305| 3| s1++; 306| 3| } 307| 3| if (*s1 == '\n') { ------------------ | Branch (307:9): [True: 3, False: 0] ------------------ 308| 3| s1++; 309| 3| } else { 310| 0| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 311| 0| } 312| | 313| 3| end = s2; 314| 3| end += strlen(footer); 315| 3| if (*end == ' ') { ------------------ | Branch (315:9): [True: 0, False: 3] ------------------ 316| 0| end++; 317| 0| } 318| 3| if (*end == '\r') { ------------------ | Branch (318:9): [True: 3, False: 0] ------------------ 319| 3| end++; 320| 3| } 321| 3| if (*end == '\n') { ------------------ | Branch (321:9): [True: 3, False: 0] ------------------ 322| 3| end++; 323| 3| } 324| 3| *use_len = (size_t) (end - data); 325| | 326| 3| enc = 0; 327| | 328| 3| if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) { ------------------ | Branch (328:9): [True: 3, False: 0] | Branch (328:26): [True: 0, False: 3] ------------------ 329| 0|#if defined(PEM_RFC1421) 330| 0| enc++; 331| | 332| 0| s1 += 22; 333| 0| if (*s1 == '\r') { ------------------ | Branch (333:13): [True: 0, False: 0] ------------------ 334| 0| s1++; 335| 0| } 336| 0| if (*s1 == '\n') { ------------------ | Branch (336:13): [True: 0, False: 0] ------------------ 337| 0| s1++; 338| 0| } else { 339| 0| return MBEDTLS_ERR_PEM_INVALID_DATA; ------------------ | | 27| 0|#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 ------------------ 340| 0| } 341| | 342| | 343| 0|#if defined(MBEDTLS_DES_C) 344| 0| if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) { ------------------ | Branch (344:13): [True: 0, False: 0] | Branch (344:30): [True: 0, False: 0] ------------------ 345| 0| enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; 346| | 347| 0| s1 += 23; 348| 0| if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { ------------------ | Branch (348:17): [True: 0, False: 0] | Branch (348:33): [True: 0, False: 0] ------------------ 349| 0| return MBEDTLS_ERR_PEM_INVALID_ENC_IV; ------------------ | | 31| 0|#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 ------------------ 350| 0| } 351| | 352| 0| s1 += 16; 353| 0| } else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) { ------------------ | Branch (353:20): [True: 0, False: 0] | Branch (353:37): [True: 0, False: 0] ------------------ 354| 0| enc_alg = MBEDTLS_CIPHER_DES_CBC; 355| | 356| 0| s1 += 18; 357| 0| if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { ------------------ | Branch (357:17): [True: 0, False: 0] | Branch (357:33): [True: 0, False: 0] ------------------ 358| 0| return MBEDTLS_ERR_PEM_INVALID_ENC_IV; ------------------ | | 31| 0|#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 ------------------ 359| 0| } 360| | 361| 0| s1 += 16; 362| 0| } 363| 0|#endif /* MBEDTLS_DES_C */ 364| | 365| 0|#if defined(MBEDTLS_AES_C) 366| 0| if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) { ------------------ | Branch (366:13): [True: 0, False: 0] | Branch (366:30): [True: 0, False: 0] ------------------ 367| 0| if (s2 - s1 < 22) { ------------------ | Branch (367:17): [True: 0, False: 0] ------------------ 368| 0| return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; ------------------ | | 33| 0|#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 ------------------ 369| 0| } else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0) { ------------------ | Branch (369:24): [True: 0, False: 0] ------------------ 370| 0| enc_alg = MBEDTLS_CIPHER_AES_128_CBC; 371| 0| } else if (memcmp(s1, "DEK-Info: AES-192-CBC,", 22) == 0) { ------------------ | Branch (371:24): [True: 0, False: 0] ------------------ 372| 0| enc_alg = MBEDTLS_CIPHER_AES_192_CBC; 373| 0| } else if (memcmp(s1, "DEK-Info: AES-256-CBC,", 22) == 0) { ------------------ | Branch (373:24): [True: 0, False: 0] ------------------ 374| 0| enc_alg = MBEDTLS_CIPHER_AES_256_CBC; 375| 0| } else { 376| 0| return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; ------------------ | | 33| 0|#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 ------------------ 377| 0| } 378| | 379| 0| s1 += 22; 380| 0| if (s2 - s1 < 32 || pem_get_iv(s1, pem_iv, 16) != 0) { ------------------ | Branch (380:17): [True: 0, False: 0] | Branch (380:33): [True: 0, False: 0] ------------------ 381| 0| return MBEDTLS_ERR_PEM_INVALID_ENC_IV; ------------------ | | 31| 0|#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 ------------------ 382| 0| } 383| | 384| 0| s1 += 32; 385| 0| } 386| 0|#endif /* MBEDTLS_AES_C */ 387| | 388| 0| if (enc_alg == MBEDTLS_CIPHER_NONE) { ------------------ | Branch (388:13): [True: 0, False: 0] ------------------ 389| 0| return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; ------------------ | | 33| 0|#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 ------------------ 390| 0| } 391| | 392| 0| if (*s1 == '\r') { ------------------ | Branch (392:13): [True: 0, False: 0] ------------------ 393| 0| s1++; 394| 0| } 395| 0| if (*s1 == '\n') { ------------------ | Branch (395:13): [True: 0, False: 0] ------------------ 396| 0| s1++; 397| 0| } else { 398| 0| return MBEDTLS_ERR_PEM_INVALID_DATA; ------------------ | | 27| 0|#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 ------------------ 399| 0| } 400| |#else 401| | return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; 402| |#endif /* PEM_RFC1421 */ 403| 0| } 404| | 405| 3| if (s1 >= s2) { ------------------ | Branch (405:9): [True: 0, False: 3] ------------------ 406| 0| return MBEDTLS_ERR_PEM_INVALID_DATA; ------------------ | | 27| 0|#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 ------------------ 407| 0| } 408| | 409| 3| ret = mbedtls_base64_decode(NULL, 0, &len, s1, (size_t) (s2 - s1)); 410| | 411| 3| if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { ------------------ | | 20| 3|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ | Branch (411:9): [True: 0, False: 3] ------------------ 412| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 413| 0| } 414| | 415| 3| if (len == 0) { ------------------ | Branch (415:9): [True: 0, False: 3] ------------------ 416| 0| return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; ------------------ | | 41| 0|#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 ------------------ 417| 0| } 418| | 419| 3| if ((buf = mbedtls_calloc(1, len)) == NULL) { ------------------ | Branch (419:9): [True: 0, False: 3] ------------------ 420| 0| return MBEDTLS_ERR_PEM_ALLOC_FAILED; ------------------ | | 29| 0|#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 ------------------ 421| 0| } 422| | 423| 3| if ((ret = mbedtls_base64_decode(buf, len, &len, s1, (size_t) (s2 - s1))) != 0) { ------------------ | Branch (423:9): [True: 0, False: 3] ------------------ 424| 0| mbedtls_zeroize_and_free(buf, len); 425| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 426| 0| } 427| | 428| 3| if (enc != 0) { ------------------ | Branch (428:9): [True: 0, False: 3] ------------------ 429| 0|#if defined(PEM_RFC1421) 430| 0| if (pwd == NULL) { ------------------ | Branch (430:13): [True: 0, False: 0] ------------------ 431| 0| mbedtls_zeroize_and_free(buf, len); 432| 0| return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED; ------------------ | | 35| 0|#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 ------------------ 433| 0| } 434| | 435| 0| ret = 0; 436| | 437| 0|#if defined(MBEDTLS_DES_C) 438| 0| if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) { ------------------ | Branch (438:13): [True: 0, False: 0] ------------------ 439| 0| ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen); 440| 0| } else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) { ------------------ | Branch (440:20): [True: 0, False: 0] ------------------ 441| 0| ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen); 442| 0| } 443| 0|#endif /* MBEDTLS_DES_C */ 444| | 445| 0|#if defined(MBEDTLS_AES_C) 446| 0| if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) { ------------------ | Branch (446:13): [True: 0, False: 0] ------------------ 447| 0| ret = pem_aes_decrypt(pem_iv, 16, buf, len, pwd, pwdlen); 448| 0| } else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) { ------------------ | Branch (448:20): [True: 0, False: 0] ------------------ 449| 0| ret = pem_aes_decrypt(pem_iv, 24, buf, len, pwd, pwdlen); 450| 0| } else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) { ------------------ | Branch (450:20): [True: 0, False: 0] ------------------ 451| 0| ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen); 452| 0| } 453| 0|#endif /* MBEDTLS_AES_C */ 454| | 455| 0| if (ret != 0) { ------------------ | Branch (455:13): [True: 0, False: 0] ------------------ 456| 0| mbedtls_zeroize_and_free(buf, len); 457| 0| return ret; 458| 0| } 459| | 460| | /* Check PKCS padding and update data length based on padding info. 461| | * This can be used to detect invalid padding data and password 462| | * mismatches. */ 463| 0| size_t unpadded_len; 464| 0| ret = pem_check_pkcs_padding(buf, len, &unpadded_len); 465| 0| if (ret != 0) { ------------------ | Branch (465:13): [True: 0, False: 0] ------------------ 466| 0| mbedtls_zeroize_and_free(buf, len); 467| 0| return ret; 468| 0| } 469| 0| len = unpadded_len; 470| |#else 471| | mbedtls_zeroize_and_free(buf, len); 472| | return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; 473| |#endif /* PEM_RFC1421 */ 474| 0| } 475| | 476| 3| ctx->buf = buf; 477| 3| ctx->buflen = len; 478| | 479| 3| return 0; 480| 3|} mbedtls_pem_free: 483| 3|{ 484| 3| if (ctx == NULL) { ------------------ | Branch (484:9): [True: 0, False: 3] ------------------ 485| 0| return; 486| 0| } 487| | 488| 3| if (ctx->buf != NULL) { ------------------ | Branch (488:9): [True: 3, False: 0] ------------------ 489| 3| mbedtls_zeroize_and_free(ctx->buf, ctx->buflen); 490| 3| } 491| 3| mbedtls_free(ctx->info); 492| | 493| 3| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context)); 494| 3|} mbedtls_pk_restart_init: 85| 32|{ 86| 32| ctx->pk_info = NULL; 87| 32| ctx->rs_ctx = NULL; 88| 32|} mbedtls_pk_restart_free: 94| 16|{ 95| 16| if (ctx == NULL || ctx->pk_info == NULL || ------------------ | Branch (95:9): [True: 0, False: 16] | Branch (95:24): [True: 16, False: 0] ------------------ 96| 16| ctx->pk_info->rs_free_func == NULL) { ------------------ | Branch (96:9): [True: 0, False: 0] ------------------ 97| 16| return; 98| 16| } 99| | 100| 0| ctx->pk_info->rs_free_func(ctx->rs_ctx); 101| | 102| 0| ctx->pk_info = NULL; 103| 0| ctx->rs_ctx = NULL; 104| 0|} mbedtls_pk_info_from_type: 111| 3|{ 112| 3| switch (pk_type) { 113| 0|#if defined(MBEDTLS_RSA_C) 114| 2| case MBEDTLS_PK_RSA: ------------------ | Branch (114:9): [True: 2, False: 1] ------------------ 115| 2| return &mbedtls_rsa_info; 116| 0|#endif /* MBEDTLS_RSA_C */ 117| 0|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 118| 1| case MBEDTLS_PK_ECKEY: ------------------ | Branch (118:9): [True: 1, False: 2] ------------------ 119| 1| return &mbedtls_eckey_info; 120| 0| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (120:9): [True: 0, False: 3] ------------------ 121| 0| return &mbedtls_eckeydh_info; 122| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 123| 0|#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) 124| 0| case MBEDTLS_PK_ECDSA: ------------------ | Branch (124:9): [True: 0, False: 3] ------------------ 125| 0| return &mbedtls_ecdsa_info; 126| 0|#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ 127| | /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 128| 0| default: ------------------ | Branch (128:9): [True: 0, False: 3] ------------------ 129| 0| return NULL; 130| 3| } 131| 3|} mbedtls_pk_setup: 137| 3|{ 138| 3| if (info == NULL || ctx->pk_info != NULL) { ------------------ | Branch (138:9): [True: 0, False: 3] | Branch (138:25): [True: 0, False: 3] ------------------ 139| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 140| 0| } 141| | 142| 3| if ((info->ctx_alloc_func != NULL) && ------------------ | Branch (142:9): [True: 3, False: 0] ------------------ 143| 3| ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) { ------------------ | Branch (143:9): [True: 0, False: 3] ------------------ 144| 0| return MBEDTLS_ERR_PK_ALLOC_FAILED; ------------------ | | 36| 0|#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 ------------------ 145| 0| } 146| | 147| 3| ctx->pk_info = info; 148| | 149| 3| return 0; 150| 3|} mbedtls_pk_get_type: 1495| 4|{ 1496| 4| if (ctx == NULL || ctx->pk_info == NULL) { ------------------ | Branch (1496:9): [True: 0, False: 4] | Branch (1496:24): [True: 0, False: 4] ------------------ 1497| 0| return MBEDTLS_PK_NONE; 1498| 0| } 1499| | 1500| 4| return ctx->pk_info->type; 1501| 4|} mbedtls_pk_ecc_set_group: 18| 1|{ 19| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 20| | size_t ec_bits; 21| | psa_ecc_family_t ec_family = mbedtls_ecc_group_to_psa(grp_id, &ec_bits); 22| | 23| | /* group may already be initialized; if so, make sure IDs match */ 24| | if ((pk->ec_family != 0 && pk->ec_family != ec_family) || 25| | (pk->ec_bits != 0 && pk->ec_bits != ec_bits)) { 26| | return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; 27| | } 28| | 29| | /* set group */ 30| | pk->ec_family = ec_family; 31| | pk->ec_bits = ec_bits; 32| | 33| | return 0; 34| |#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 35| 1| mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); 36| | 37| | /* grp may already be initialized; if so, make sure IDs match */ 38| 1| if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && ------------------ | Branch (38:9): [True: 0, False: 1] ------------------ 39| 1| mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { ------------------ | Branch (39:9): [True: 0, False: 0] ------------------ 40| 0| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 41| 0| } 42| | 43| | /* set group */ 44| 1| return mbedtls_ecp_group_load(&(ecp->grp), grp_id); 45| 1|#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 46| 1|} mbedtls_pk_ecc_set_pubkey: 205| 1|{ 206| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 207| | 208| | /* Load the key */ 209| | if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(pk->ec_family) || *pub == 0x04) { 210| | /* Format directly supported by PSA: 211| | * - non-Weierstrass curves that only have one format; 212| | * - uncompressed format for Weierstrass curves. */ 213| | if (pub_len > sizeof(pk->pub_raw)) { 214| | return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; 215| | } 216| | memcpy(pk->pub_raw, pub, pub_len); 217| | pk->pub_raw_len = pub_len; 218| | } else { 219| | /* Other format, try the fallback */ 220| | int ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len); 221| | if (ret != 0) { 222| | return ret; 223| | } 224| | } 225| | 226| | /* Validate the key by trying to import it */ 227| | mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 228| | psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; 229| | 230| | psa_set_key_usage_flags(&key_attrs, 0); 231| | psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); 232| | psa_set_key_bits(&key_attrs, pk->ec_bits); 233| | 234| | if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, 235| | &key_id) != PSA_SUCCESS) || 236| | (psa_destroy_key(key_id) != PSA_SUCCESS)) { 237| | return MBEDTLS_ERR_PK_INVALID_PUBKEY; 238| | } 239| | 240| | return 0; 241| | 242| |#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 243| | 244| 1| int ret; 245| 1| mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; 246| 1| ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, pub, pub_len); 247| 1| if (ret != 0) { ------------------ | Branch (247:9): [True: 0, False: 1] ------------------ 248| 0| return ret; 249| 0| } 250| 1| return mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); 251| | 252| 1|#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 253| 1|} pk_ecc.c:mbedtls_pk_ec_rw: 73| 1|{ 74| 1| switch (mbedtls_pk_get_type(&pk)) { 75| 1| case MBEDTLS_PK_ECKEY: ------------------ | Branch (75:9): [True: 1, False: 0] ------------------ 76| 1| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (76:9): [True: 0, False: 1] ------------------ 77| 1| case MBEDTLS_PK_ECDSA: ------------------ | Branch (77:9): [True: 0, False: 1] ------------------ 78| 1| return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 1|#define MBEDTLS_PRIVATE(member) member ------------------ 79| 0| default: ------------------ | Branch (79:9): [True: 0, False: 1] ------------------ 80| 0| return NULL; 81| 1| } 82| 1|} pk_ecc.c:mbedtls_pk_ec_ro: 61| 1|{ 62| 1| switch (mbedtls_pk_get_type(&pk)) { 63| 1| case MBEDTLS_PK_ECKEY: ------------------ | Branch (63:9): [True: 1, False: 0] ------------------ 64| 1| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (64:9): [True: 0, False: 1] ------------------ 65| 1| case MBEDTLS_PK_ECDSA: ------------------ | Branch (65:9): [True: 0, False: 1] ------------------ 66| 1| return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 1|#define MBEDTLS_PRIVATE(member) member ------------------ 67| 0| default: ------------------ | Branch (67:9): [True: 0, False: 1] ------------------ 68| 0| return NULL; 69| 1| } 70| 1|} pk_wrap.c:rsa_alloc_wrap: 455| 2|{ 456| 2| void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); 457| | 458| 2| if (ctx != NULL) { ------------------ | Branch (458:9): [True: 2, False: 0] ------------------ 459| 2| mbedtls_rsa_init((mbedtls_rsa_context *) ctx); 460| 2| } 461| | 462| 2| return ctx; 463| 2|} pk_wrap.c:eckey_alloc_wrap: 1082| 1|{ 1083| 1| void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); 1084| | 1085| 1| if (ctx != NULL) { ------------------ | Branch (1085:9): [True: 1, False: 0] ------------------ 1086| 1| mbedtls_ecp_keypair_init(ctx); 1087| 1| } 1088| | 1089| 1| return ctx; 1090| 1|} mbedtls_pk_parse_subpubkey: 519| 3|{ 520| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 521| 3| size_t len; 522| 3| mbedtls_asn1_buf alg_params; 523| 3| mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 524| 3| mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; 525| 3| const mbedtls_pk_info_t *pk_info; 526| | 527| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (527:9): [True: 0, False: 3] ------------------ 528| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 529| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 530| 0| } 531| | 532| 3| end = *p + len; 533| | 534| 3| if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params, &ec_grp_id)) != 0) { ------------------ | Branch (534:9): [True: 0, False: 3] ------------------ 535| 0| return ret; 536| 0| } 537| | 538| 3| if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { ------------------ | Branch (538:9): [True: 0, False: 3] ------------------ 539| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 540| 0| } 541| | 542| 3| if (*p + len != end) { ------------------ | Branch (542:9): [True: 0, False: 3] ------------------ 543| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 544| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 545| 0| } 546| | 547| 3| if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) { ------------------ | Branch (547:9): [True: 0, False: 3] ------------------ 548| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 549| 0| } 550| | 551| 3| if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) { ------------------ | Branch (551:9): [True: 0, False: 3] ------------------ 552| 0| return ret; 553| 0| } 554| | 555| 3|#if defined(MBEDTLS_RSA_C) 556| 3| if (pk_alg == MBEDTLS_PK_RSA) { ------------------ | Branch (556:9): [True: 2, False: 1] ------------------ 557| 2| ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p)); 558| 2| if (ret == 0) { ------------------ | Branch (558:13): [True: 2, False: 0] ------------------ 559| | /* On success all the input has been consumed by the parsing function. */ 560| 2| *p += end - *p; 561| 2| } else if ((ret <= MBEDTLS_ERR_ASN1_OUT_OF_DATA) && ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ | Branch (561:20): [True: 0, False: 0] ------------------ 562| 0| (ret >= MBEDTLS_ERR_ASN1_BUF_TOO_SMALL)) { ------------------ | | 49| 0|#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C ------------------ | Branch (562:20): [True: 0, False: 0] ------------------ 563| | /* In case of ASN1 error codes add MBEDTLS_ERR_PK_INVALID_PUBKEY. */ 564| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 565| 0| } else { 566| 0| ret = MBEDTLS_ERR_PK_INVALID_PUBKEY; ------------------ | | 54| 0|#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 ------------------ 567| 0| } 568| 2| } else 569| 1|#endif /* MBEDTLS_RSA_C */ 570| 1|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 571| 1| if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { ------------------ | Branch (571:9): [True: 0, False: 1] | Branch (571:42): [True: 1, False: 0] ------------------ 572| 1|#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) 573| 1| if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { ------------------ | | 122| 1| ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) | | ------------------ | | | Branch (122:6): [True: 0, False: 1] | | | Branch (122:43): [True: 0, False: 1] | | ------------------ ------------------ 574| 0| ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, pk); 575| 0| } else 576| 1|#endif 577| 1| { 578| 1| ret = pk_use_ecparams(&alg_params, pk); 579| 1| } 580| 1| if (ret == 0) { ------------------ | Branch (580:13): [True: 1, False: 0] ------------------ 581| 1| ret = mbedtls_pk_ecc_set_pubkey(pk, *p, (size_t) (end - *p)); 582| 1| *p += end - *p; 583| 1| } 584| 1| } else 585| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 586| 0| ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 587| | 588| 3| if (ret == 0 && *p != end) { ------------------ | Branch (588:9): [True: 3, False: 0] | Branch (588:21): [True: 0, False: 3] ------------------ 589| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 590| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 591| 0| } 592| | 593| 3| if (ret != 0) { ------------------ | Branch (593:9): [True: 0, False: 3] ------------------ 594| 0| mbedtls_pk_free(pk); 595| 0| } 596| | 597| 3| return ret; 598| 3|} pkparse.c:pk_get_pk_alg: 475| 3|{ 476| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 477| 3| mbedtls_asn1_buf alg_oid; 478| | 479| 3| memset(params, 0, sizeof(mbedtls_asn1_buf)); 480| | 481| 3| if ((ret = mbedtls_asn1_get_alg(p, end, &alg_oid, params)) != 0) { ------------------ | Branch (481:9): [True: 0, False: 3] ------------------ 482| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 483| 0| } 484| | 485| 3| ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); 486| 3|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 487| 3| if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { ------------------ | | 28| 3|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (487:9): [True: 0, False: 3] ------------------ 488| 0| ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); 489| 0| if (ret == 0) { ------------------ | Branch (489:13): [True: 0, False: 0] ------------------ 490| 0| *pk_alg = MBEDTLS_PK_ECKEY; 491| 0| } 492| 0| } 493| |#else 494| | (void) ec_grp_id; 495| |#endif 496| 3| if (ret != 0) { ------------------ | Branch (496:9): [True: 0, False: 3] ------------------ 497| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 498| 0| } 499| | 500| | /* 501| | * No parameters with RSA (only for EC) 502| | */ 503| 3| if (*pk_alg == MBEDTLS_PK_RSA && ------------------ | Branch (503:9): [True: 2, False: 1] ------------------ 504| 3| ((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) || ------------------ | | 68| 4|#define MBEDTLS_ASN1_NULL 0x05 ------------------ | Branch (504:11): [True: 0, False: 2] | Branch (504:47): [True: 0, False: 0] ------------------ 505| 2| params->len != 0)) { ------------------ | Branch (505:10): [True: 0, False: 2] ------------------ 506| 0| return MBEDTLS_ERR_PK_INVALID_ALG; ------------------ | | 56| 0|#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 ------------------ 507| 0| } 508| | 509| 3| return 0; 510| 3|} pkparse.c:pk_use_ecparams: 390| 1|{ 391| 1| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 392| 1| mbedtls_ecp_group_id grp_id; 393| | 394| 1| if (params->tag == MBEDTLS_ASN1_OID) { ------------------ | | 69| 1|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (394:9): [True: 1, False: 0] ------------------ 395| 1| if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0) { ------------------ | Branch (395:13): [True: 0, False: 1] ------------------ 396| 0| return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE; ------------------ | | 58| 0|#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 ------------------ 397| 0| } 398| 1| } else { 399| 0| ret = pk_ecc_group_id_from_specified(params, &grp_id); 400| 0| if (ret != 0) { ------------------ | Branch (400:13): [True: 0, False: 0] ------------------ 401| 0| return ret; 402| 0| } 403| 0| } 404| | 405| 1| return mbedtls_pk_ecc_set_group(pk, grp_id); 406| 1|} mbedtls_calloc: 48| 203|{ 49| 203| return (*mbedtls_calloc_func)(nmemb, size); 50| 203|} mbedtls_free: 53| 365|{ 54| 365| (*mbedtls_free_func)(ptr); 55| 365|} mbedtls_platform_set_time: 280| 1|{ 281| 1| mbedtls_time = time_func; 282| 1| return 0; 283| 1|} mbedtls_platform_std_nv_seed_read: 294| 16|{ 295| 16| FILE *file; 296| 16| size_t n; 297| | 298| 16| if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL) { ------------------ | | 112| 16|#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" ------------------ | Branch (298:9): [True: 16, False: 0] ------------------ 299| 16| return -1; 300| 16| } 301| | 302| | /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ 303| 0| mbedtls_setbuf(file, NULL); 304| | 305| 0| if ((n = fread(buf, 1, buf_len, file)) != buf_len) { ------------------ | Branch (305:9): [True: 0, False: 0] ------------------ 306| 0| fclose(file); 307| 0| mbedtls_platform_zeroize(buf, buf_len); 308| 0| return -1; 309| 0| } 310| | 311| 0| fclose(file); 312| 0| return (int) n; 313| 0|} mbedtls_platform_zeroize: 95| 718|{ 96| 718| if (len > 0) { ------------------ | Branch (96:9): [True: 718, False: 0] ------------------ 97| 718|#if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) 98| 718| explicit_bzero(buf, len); 99| |#if defined(HAVE_MEMORY_SANITIZER) 100| | /* You'd think that Msan would recognize explicit_bzero() as 101| | * equivalent to bzero(), but it actually doesn't on several 102| | * platforms, including Linux (Ubuntu 20.04). 103| | * https://github.com/google/sanitizers/issues/1507 104| | * https://github.com/openssh/openssh-portable/commit/74433a19bb6f4cef607680fa4d1d7d81ca3826aa 105| | */ 106| | __msan_unpoison(buf, len); 107| |#endif 108| |#elif defined(__STDC_LIB_EXT1__) && !defined(__IAR_SYSTEMS_ICC__) 109| | memset_s(buf, len, 0, len); 110| |#elif defined(_WIN32) 111| | SecureZeroMemory(buf, len); 112| |#else 113| | memset_func(buf, 0, len); 114| |#endif 115| | 116| 718|#if defined(__GNUC__) 117| | /* For clang and recent gcc, pretend that we have some assembly that reads the 118| | * zero'd memory as an additional protection against being optimised away. */ 119| 718|#if defined(__clang__) || (__GNUC__ >= 10) 120| 718|#if defined(__clang__) 121| 718|#pragma clang diagnostic push 122| 718|#pragma clang diagnostic ignored "-Wvla" 123| |#elif defined(MBEDTLS_COMPILER_IS_GCC) 124| |#pragma GCC diagnostic push 125| |#pragma GCC diagnostic ignored "-Wvla" 126| |#endif 127| 718| asm volatile ("" : : "m" (*(char (*)[len]) buf) :); ------------------ | | 321| 718|#define asm __asm__ ------------------ 128| 718|#if defined(__clang__) 129| 718|#pragma clang diagnostic pop 130| |#elif defined(MBEDTLS_COMPILER_IS_GCC) 131| |#pragma GCC diagnostic pop 132| |#endif 133| 718|#endif 134| 718|#endif 135| 718| } 136| 718|} mbedtls_zeroize_and_free: 140| 58|{ 141| 58| if (buf != NULL) { ------------------ | Branch (141:9): [True: 58, False: 0] ------------------ 142| 58| mbedtls_platform_zeroize(buf, len); 143| 58| } 144| | 145| 58| mbedtls_free(buf); 146| 58|} mbedtls_to_psa_error: 333| 16|{ 334| | /* Mbed TLS error codes can combine a high-level error code and a 335| | * low-level error code. The low-level error usually reflects the 336| | * root cause better, so dispatch on that preferably. */ 337| 16| int low_level_ret = -(-ret & 0x007f); 338| 16| switch (low_level_ret != 0 ? low_level_ret : ret) { ------------------ | Branch (338:13): [True: 16, False: 0] ------------------ 339| 0| case 0: ------------------ | Branch (339:9): [True: 0, False: 16] ------------------ 340| 0| return PSA_SUCCESS; ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 341| | 342| 0|#if defined(MBEDTLS_AES_C) 343| 0| case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: ------------------ | | 44| 0|#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 ------------------ | Branch (343:9): [True: 0, False: 16] ------------------ 344| 0| case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: ------------------ | | 46| 0|#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 ------------------ | Branch (344:9): [True: 0, False: 16] ------------------ 345| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 346| 0| case MBEDTLS_ERR_AES_BAD_INPUT_DATA: ------------------ | | 50| 0|#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 ------------------ | Branch (346:9): [True: 0, False: 16] ------------------ 347| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 348| 0|#endif 349| | 350| 0|#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_ASN1_WRITE_C) 351| 0| case MBEDTLS_ERR_ASN1_OUT_OF_DATA: ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ | Branch (351:9): [True: 0, False: 16] ------------------ 352| 0| case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (352:9): [True: 0, False: 16] ------------------ 353| 0| case MBEDTLS_ERR_ASN1_INVALID_LENGTH: ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ | Branch (353:9): [True: 0, False: 16] ------------------ 354| 0| case MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ | Branch (354:9): [True: 0, False: 16] ------------------ 355| 0| case MBEDTLS_ERR_ASN1_INVALID_DATA: ------------------ | | 45| 0|#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 ------------------ | Branch (355:9): [True: 0, False: 16] ------------------ 356| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 357| 0| case MBEDTLS_ERR_ASN1_ALLOC_FAILED: ------------------ | | 47| 0|#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A ------------------ | Branch (357:9): [True: 0, False: 16] ------------------ 358| 0| return PSA_ERROR_INSUFFICIENT_MEMORY; ------------------ | | 143| 0|#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) ------------------ 359| 0| case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: ------------------ | | 49| 0|#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C ------------------ | Branch (359:9): [True: 0, False: 16] ------------------ 360| 0| return PSA_ERROR_BUFFER_TOO_SMALL; ------------------ | | 98| 0|#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) ------------------ 361| 0|#endif 362| | 363| 0|#if defined(MBEDTLS_CAMELLIA_C) 364| 0| case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA: ------------------ | | 25| 0|#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 ------------------ | Branch (364:9): [True: 0, False: 16] ------------------ 365| 0| case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH: ------------------ | | 28| 0|#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 ------------------ | Branch (365:9): [True: 0, False: 16] ------------------ 366| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 367| 0|#endif 368| | 369| 0|#if defined(MBEDTLS_CCM_C) 370| 0| case MBEDTLS_ERR_CCM_BAD_INPUT: ------------------ | | 53| 0|#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D ------------------ | Branch (370:9): [True: 0, False: 16] ------------------ 371| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 372| 0| case MBEDTLS_ERR_CCM_AUTH_FAILED: ------------------ | | 55| 0|#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F ------------------ | Branch (372:9): [True: 0, False: 16] ------------------ 373| 0| return PSA_ERROR_INVALID_SIGNATURE; ------------------ | | 260| 0|#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) ------------------ 374| 0|#endif 375| | 376| 0|#if defined(MBEDTLS_CHACHA20_C) 377| 0| case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: ------------------ | | 30| 0|#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051 ------------------ | Branch (377:9): [True: 0, False: 16] ------------------ 378| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 379| 0|#endif 380| | 381| 0|#if defined(MBEDTLS_CHACHAPOLY_C) 382| 0| case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: ------------------ | | 30| 0|#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054 ------------------ | Branch (382:9): [True: 0, False: 16] ------------------ 383| 0| return PSA_ERROR_BAD_STATE; ------------------ | | 126| 0|#define PSA_ERROR_BAD_STATE ((psa_status_t)-137) ------------------ 384| 0| case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: ------------------ | | 32| 0|#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056 ------------------ | Branch (384:9): [True: 0, False: 16] ------------------ 385| 0| return PSA_ERROR_INVALID_SIGNATURE; ------------------ | | 260| 0|#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) ------------------ 386| 0|#endif 387| | 388| 0|#if defined(MBEDTLS_CIPHER_C) 389| 0| case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: ------------------ | | 38| 0|#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 ------------------ | Branch (389:9): [True: 0, False: 16] ------------------ 390| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 391| 0| case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ | Branch (391:9): [True: 0, False: 16] ------------------ 392| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 393| 0| case MBEDTLS_ERR_CIPHER_ALLOC_FAILED: ------------------ | | 42| 0|#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 ------------------ | Branch (393:9): [True: 0, False: 16] ------------------ 394| 0| return PSA_ERROR_INSUFFICIENT_MEMORY; ------------------ | | 143| 0|#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) ------------------ 395| 0| case MBEDTLS_ERR_CIPHER_INVALID_PADDING: ------------------ | | 44| 0|#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 ------------------ | Branch (395:9): [True: 0, False: 16] ------------------ 396| 0| return PSA_ERROR_INVALID_PADDING; ------------------ | | 276| 0|#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150) ------------------ 397| 0| case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: ------------------ | | 46| 0|#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 ------------------ | Branch (397:9): [True: 0, False: 16] ------------------ 398| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 399| 0| case MBEDTLS_ERR_CIPHER_AUTH_FAILED: ------------------ | | 48| 0|#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 ------------------ | Branch (399:9): [True: 0, False: 16] ------------------ 400| 0| return PSA_ERROR_INVALID_SIGNATURE; ------------------ | | 260| 0|#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) ------------------ 401| 0| case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: ------------------ | | 50| 0|#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 ------------------ | Branch (401:9): [True: 0, False: 16] ------------------ 402| 0| return PSA_ERROR_CORRUPTION_DETECTED; ------------------ | | 231| 0|#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151) ------------------ 403| 0|#endif 404| | 405| 0|#if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ 406| 0| defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)) 407| | /* Only check CTR_DRBG error codes if underlying mbedtls_xxx 408| | * functions are passed a CTR_DRBG instance. */ 409| 16| case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: ------------------ | | 65| 16|#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 ------------------ | Branch (409:9): [True: 16, False: 0] ------------------ 410| 16| return PSA_ERROR_INSUFFICIENT_ENTROPY; ------------------ | | 250| 16|#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) ------------------ 411| 0| case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: ------------------ | | 67| 0|#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 ------------------ | Branch (411:9): [True: 0, False: 16] ------------------ 412| 0| case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: ------------------ | | 69| 0|#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 ------------------ | Branch (412:9): [True: 0, False: 16] ------------------ 413| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 414| 0| case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR: ------------------ | | 71| 0|#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A ------------------ | Branch (414:9): [True: 0, False: 16] ------------------ 415| 0| return PSA_ERROR_INSUFFICIENT_ENTROPY; ------------------ | | 250| 0|#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) ------------------ 416| 0|#endif 417| | 418| 0|#if defined(MBEDTLS_DES_C) 419| 0| case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH: ------------------ | | 29| 0|#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 ------------------ | Branch (419:9): [True: 0, False: 16] ------------------ 420| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 421| 0|#endif 422| | 423| 0| case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: ------------------ | | 43| 0|#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 ------------------ | Branch (423:9): [True: 0, False: 16] ------------------ 424| 0| case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: ------------------ | | 45| 0|#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D ------------------ | Branch (424:9): [True: 0, False: 16] ------------------ 425| 0| case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: ------------------ | | 39| 0|#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C ------------------ | Branch (425:9): [True: 0, False: 16] ------------------ 426| 0| return PSA_ERROR_INSUFFICIENT_ENTROPY; ------------------ | | 250| 0|#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) ------------------ 427| | 428| 0|#if defined(MBEDTLS_GCM_C) 429| 0| case MBEDTLS_ERR_GCM_AUTH_FAILED: ------------------ | | 37| 0|#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 ------------------ | Branch (429:9): [True: 0, False: 16] ------------------ 430| 0| return PSA_ERROR_INVALID_SIGNATURE; ------------------ | | 260| 0|#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) ------------------ 431| 0| case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: ------------------ | | 41| 0|#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL -0x0016 ------------------ | Branch (431:9): [True: 0, False: 16] ------------------ 432| 0| return PSA_ERROR_BUFFER_TOO_SMALL; ------------------ | | 98| 0|#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) ------------------ 433| 0| case MBEDTLS_ERR_GCM_BAD_INPUT: ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ | Branch (433:9): [True: 0, False: 16] ------------------ 434| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 435| 0|#endif 436| | 437| |#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ 438| | defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) 439| | /* Only check HMAC_DRBG error codes if underlying mbedtls_xxx 440| | * functions are passed a HMAC_DRBG instance. */ 441| | case MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED: 442| | return PSA_ERROR_INSUFFICIENT_ENTROPY; 443| | case MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG: 444| | case MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG: 445| | return PSA_ERROR_NOT_SUPPORTED; 446| | case MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR: 447| | return PSA_ERROR_INSUFFICIENT_ENTROPY; 448| |#endif 449| | 450| 0|#if defined(MBEDTLS_MD_LIGHT) 451| 0| case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: ------------------ | | 24| 0|#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 ------------------ | Branch (451:9): [True: 0, False: 16] ------------------ 452| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 453| 0| case MBEDTLS_ERR_MD_BAD_INPUT_DATA: ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ | Branch (453:9): [True: 0, False: 16] ------------------ 454| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 455| 0| case MBEDTLS_ERR_MD_ALLOC_FAILED: ------------------ | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 ------------------ | Branch (455:9): [True: 0, False: 16] ------------------ 456| 0| return PSA_ERROR_INSUFFICIENT_MEMORY; ------------------ | | 143| 0|#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) ------------------ 457| 0|#if defined(MBEDTLS_FS_IO) 458| 0| case MBEDTLS_ERR_MD_FILE_IO_ERROR: ------------------ | | 30| 0|#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 ------------------ | Branch (458:9): [True: 0, False: 16] ------------------ 459| 0| return PSA_ERROR_STORAGE_FAILURE; ------------------ | | 194| 0|#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146) ------------------ 460| 0|#endif 461| 0|#endif 462| | 463| 0|#if defined(MBEDTLS_BIGNUM_C) 464| 0|#if defined(MBEDTLS_FS_IO) 465| 0| case MBEDTLS_ERR_MPI_FILE_IO_ERROR: ------------------ | | 24| 0|#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002 ------------------ | Branch (465:9): [True: 0, False: 16] ------------------ 466| 0| return PSA_ERROR_STORAGE_FAILURE; ------------------ | | 194| 0|#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146) ------------------ 467| 0|#endif 468| 0| case MBEDTLS_ERR_MPI_BAD_INPUT_DATA: ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ | Branch (468:9): [True: 0, False: 16] ------------------ 469| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 470| 0| case MBEDTLS_ERR_MPI_INVALID_CHARACTER: ------------------ | | 28| 0|#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006 ------------------ | Branch (470:9): [True: 0, False: 16] ------------------ 471| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 472| 0| case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL: ------------------ | | 30| 0|#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 ------------------ | Branch (472:9): [True: 0, False: 16] ------------------ 473| 0| return PSA_ERROR_BUFFER_TOO_SMALL; ------------------ | | 98| 0|#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) ------------------ 474| 0| case MBEDTLS_ERR_MPI_NEGATIVE_VALUE: ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ | Branch (474:9): [True: 0, False: 16] ------------------ 475| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 476| 0| case MBEDTLS_ERR_MPI_DIVISION_BY_ZERO: ------------------ | | 34| 0|#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C ------------------ | Branch (476:9): [True: 0, False: 16] ------------------ 477| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 478| 0| case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: ------------------ | | 36| 0|#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E ------------------ | Branch (478:9): [True: 0, False: 16] ------------------ 479| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 480| 0| case MBEDTLS_ERR_MPI_ALLOC_FAILED: ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ | Branch (480:9): [True: 0, False: 16] ------------------ 481| 0| return PSA_ERROR_INSUFFICIENT_MEMORY; ------------------ | | 143| 0|#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) ------------------ 482| 0|#endif 483| | 484| 0|#if defined(MBEDTLS_PK_C) 485| 0| case MBEDTLS_ERR_PK_ALLOC_FAILED: ------------------ | | 36| 0|#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 ------------------ | Branch (485:9): [True: 0, False: 16] ------------------ 486| 0| return PSA_ERROR_INSUFFICIENT_MEMORY; ------------------ | | 143| 0|#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) ------------------ 487| 0| case MBEDTLS_ERR_PK_TYPE_MISMATCH: ------------------ | | 38| 0|#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 ------------------ | Branch (487:9): [True: 0, False: 16] ------------------ 488| 0| case MBEDTLS_ERR_PK_BAD_INPUT_DATA: ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ | Branch (488:9): [True: 0, False: 16] ------------------ 489| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 490| 0|#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || defined(MBEDTLS_FS_IO) || \ 491| 0| defined(MBEDTLS_PSA_ITS_FILE_C) 492| 0| case MBEDTLS_ERR_PK_FILE_IO_ERROR: ------------------ | | 42| 0|#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 ------------------ | Branch (492:9): [True: 0, False: 16] ------------------ 493| 0| return PSA_ERROR_STORAGE_FAILURE; ------------------ | | 194| 0|#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146) ------------------ 494| 0|#endif 495| 0| case MBEDTLS_ERR_PK_KEY_INVALID_VERSION: ------------------ | | 44| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 ------------------ | Branch (495:9): [True: 0, False: 16] ------------------ 496| 0| case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: ------------------ | | 46| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ | Branch (496:9): [True: 0, False: 16] ------------------ 497| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 498| 0| case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG: ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ | Branch (498:9): [True: 0, False: 16] ------------------ 499| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 500| 0| case MBEDTLS_ERR_PK_PASSWORD_REQUIRED: ------------------ | | 50| 0|#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 ------------------ | Branch (500:9): [True: 0, False: 16] ------------------ 501| 0| case MBEDTLS_ERR_PK_PASSWORD_MISMATCH: ------------------ | | 52| 0|#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 ------------------ | Branch (501:9): [True: 0, False: 16] ------------------ 502| 0| return PSA_ERROR_NOT_PERMITTED; ------------------ | | 86| 0|#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133) ------------------ 503| 0| case MBEDTLS_ERR_PK_INVALID_PUBKEY: ------------------ | | 54| 0|#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 ------------------ | Branch (503:9): [True: 0, False: 16] ------------------ 504| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 505| 0| case MBEDTLS_ERR_PK_INVALID_ALG: ------------------ | | 56| 0|#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 ------------------ | Branch (505:9): [True: 0, False: 16] ------------------ 506| 0| case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE: ------------------ | | 58| 0|#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 ------------------ | Branch (506:9): [True: 0, False: 16] ------------------ 507| 0| case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE: ------------------ | | 60| 0|#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 ------------------ | Branch (507:9): [True: 0, False: 16] ------------------ 508| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 509| 0| case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH: ------------------ | | 62| 0|#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 ------------------ | Branch (509:9): [True: 0, False: 16] ------------------ 510| 0| return PSA_ERROR_INVALID_SIGNATURE; ------------------ | | 260| 0|#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) ------------------ 511| 0| case MBEDTLS_ERR_PK_BUFFER_TOO_SMALL: ------------------ | | 64| 0|#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880 ------------------ | Branch (511:9): [True: 0, False: 16] ------------------ 512| 0| return PSA_ERROR_BUFFER_TOO_SMALL; ------------------ | | 98| 0|#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) ------------------ 513| 0|#endif 514| | 515| 0| case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED: ------------------ | | 103| 0|#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 ------------------ | Branch (515:9): [True: 0, False: 16] ------------------ 516| 0| return PSA_ERROR_HARDWARE_FAILURE; ------------------ | | 200| 0|#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147) ------------------ 517| 0| case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED: ------------------ | | 105| 0|#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 ------------------ | Branch (517:9): [True: 0, False: 16] ------------------ 518| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 519| | 520| 0|#if defined(MBEDTLS_RSA_C) 521| 0| case MBEDTLS_ERR_RSA_BAD_INPUT_DATA: ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ | Branch (521:9): [True: 0, False: 16] ------------------ 522| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 523| 0| case MBEDTLS_ERR_RSA_INVALID_PADDING: ------------------ | | 35| 0|#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 ------------------ | Branch (523:9): [True: 0, False: 16] ------------------ 524| 0| return PSA_ERROR_INVALID_PADDING; ------------------ | | 276| 0|#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150) ------------------ 525| 0| case MBEDTLS_ERR_RSA_KEY_GEN_FAILED: ------------------ | | 37| 0|#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 ------------------ | Branch (525:9): [True: 0, False: 16] ------------------ 526| 0| return PSA_ERROR_HARDWARE_FAILURE; ------------------ | | 200| 0|#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147) ------------------ 527| 0| case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED: ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ | Branch (527:9): [True: 0, False: 16] ------------------ 528| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 529| 0| case MBEDTLS_ERR_RSA_PUBLIC_FAILED: ------------------ | | 41| 0|#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 ------------------ | Branch (529:9): [True: 0, False: 16] ------------------ 530| 0| case MBEDTLS_ERR_RSA_PRIVATE_FAILED: ------------------ | | 43| 0|#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 ------------------ | Branch (530:9): [True: 0, False: 16] ------------------ 531| 0| return PSA_ERROR_CORRUPTION_DETECTED; ------------------ | | 231| 0|#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151) ------------------ 532| 0| case MBEDTLS_ERR_RSA_VERIFY_FAILED: ------------------ | | 45| 0|#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 ------------------ | Branch (532:9): [True: 0, False: 16] ------------------ 533| 0| return PSA_ERROR_INVALID_SIGNATURE; ------------------ | | 260| 0|#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) ------------------ 534| 0| case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE: ------------------ | | 47| 0|#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 ------------------ | Branch (534:9): [True: 0, False: 16] ------------------ 535| 0| return PSA_ERROR_BUFFER_TOO_SMALL; ------------------ | | 98| 0|#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) ------------------ 536| 0| case MBEDTLS_ERR_RSA_RNG_FAILED: ------------------ | | 49| 0|#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 ------------------ | Branch (536:9): [True: 0, False: 16] ------------------ 537| 0| return PSA_ERROR_INSUFFICIENT_ENTROPY; ------------------ | | 250| 0|#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) ------------------ 538| 0|#endif 539| | 540| 0|#if defined(MBEDTLS_ECP_LIGHT) 541| 0| case MBEDTLS_ERR_ECP_BAD_INPUT_DATA: ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ | Branch (541:9): [True: 0, False: 16] ------------------ 542| 0| case MBEDTLS_ERR_ECP_INVALID_KEY: ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ | Branch (542:9): [True: 0, False: 16] ------------------ 543| 0| return PSA_ERROR_INVALID_ARGUMENT; ------------------ | | 137| 0|#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) ------------------ 544| 0| case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL: ------------------ | | 37| 0|#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 ------------------ | Branch (544:9): [True: 0, False: 16] ------------------ 545| 0| return PSA_ERROR_BUFFER_TOO_SMALL; ------------------ | | 98| 0|#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) ------------------ 546| 0| case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: ------------------ | | 39| 0|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ | Branch (546:9): [True: 0, False: 16] ------------------ 547| 0| return PSA_ERROR_NOT_SUPPORTED; ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ 548| 0| case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH: ------------------ | | 49| 0|#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 ------------------ | Branch (548:9): [True: 0, False: 16] ------------------ 549| 0| case MBEDTLS_ERR_ECP_VERIFY_FAILED: ------------------ | | 41| 0|#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 ------------------ | Branch (549:9): [True: 0, False: 16] ------------------ 550| 0| return PSA_ERROR_INVALID_SIGNATURE; ------------------ | | 260| 0|#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) ------------------ 551| 0| case MBEDTLS_ERR_ECP_ALLOC_FAILED: ------------------ | | 43| 0|#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 ------------------ | Branch (551:9): [True: 0, False: 16] ------------------ 552| 0| return PSA_ERROR_INSUFFICIENT_MEMORY; ------------------ | | 143| 0|#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) ------------------ 553| 0| case MBEDTLS_ERR_ECP_RANDOM_FAILED: ------------------ | | 45| 0|#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 ------------------ | Branch (553:9): [True: 0, False: 16] ------------------ 554| 0| return PSA_ERROR_INSUFFICIENT_ENTROPY; ------------------ | | 250| 0|#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) ------------------ 555| | 556| 0|#if defined(MBEDTLS_ECP_RESTARTABLE) 557| 0| case MBEDTLS_ERR_ECP_IN_PROGRESS: ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (557:9): [True: 0, False: 16] ------------------ 558| 0| return PSA_OPERATION_INCOMPLETE; ------------------ | | 336| 0|#define PSA_OPERATION_INCOMPLETE ((psa_status_t)-248) ------------------ 559| 0|#endif 560| 0|#endif 561| | 562| 0| case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED: ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ | Branch (562:9): [True: 0, False: 16] ------------------ 563| 0| return PSA_ERROR_CORRUPTION_DETECTED; ------------------ | | 231| 0|#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151) ------------------ 564| | 565| 0| default: ------------------ | Branch (565:9): [True: 0, False: 16] ------------------ 566| 0| return PSA_ERROR_GENERIC_ERROR; ------------------ | | 64| 0|#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132) ------------------ 567| 16| } 568| 16|} psa_destroy_key: 1278| 16|{ 1279| 16| psa_key_slot_t *slot; 1280| 16| psa_status_t status; /* status of the last operation */ 1281| 16| psa_status_t overall_status = PSA_SUCCESS; ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 1282| 16|#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 1283| 16| psa_se_drv_table_entry_t *driver; 1284| 16|#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 1285| | 1286| 16| if (mbedtls_svc_key_id_is_null(key)) { ------------------ | Branch (1286:9): [True: 16, False: 0] ------------------ 1287| 16| return PSA_SUCCESS; ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 1288| 16| } 1289| | 1290| | /* 1291| | * Get the description of the key in a key slot, and register to read it. 1292| | * In the case of a persistent key, this will load the key description 1293| | * from persistent memory if not done yet. 1294| | * We cannot avoid this loading as without it we don't know if 1295| | * the key is operated by an SE or not and this information is needed by 1296| | * the current implementation. */ 1297| 0| status = psa_get_and_lock_key_slot(key, &slot); 1298| 0| if (status != PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1298:9): [True: 0, False: 0] ------------------ 1299| 0| return status; 1300| 0| } 1301| | 1302| 0|#if defined(MBEDTLS_THREADING_C) 1303| | /* We cannot unlock between setting the state to PENDING_DELETION 1304| | * and destroying the key in storage, as otherwise another thread 1305| | * could load the key into a new slot and the key will not be 1306| | * fully destroyed. */ 1307| 0| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( ------------------ | | 199| 0| do \ | | 200| 0| { \ | | 201| 0| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 0] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 0| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 1308| 0| &mbedtls_threading_key_slot_mutex)); 1309| | 1310| 0| if (slot->state == PSA_SLOT_PENDING_DELETION) { ------------------ | Branch (1310:9): [True: 0, False: 0] ------------------ 1311| | /* Another thread has destroyed the key between us locking the slot 1312| | * and us gaining the mutex. Unregister from the slot, 1313| | * and report that the key does not exist. */ 1314| 0| status = psa_unregister_read(slot); 1315| | 1316| 0| PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( ------------------ | | 179| 0| do \ | | 180| 0| { \ | | 181| 0| if ((f) != 0) { \ | | ------------------ | | | Branch (181:13): [True: 0, False: 0] | | ------------------ | | 182| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (182:17): [True: 0, False: 0] | | ------------------ | | 183| 0| return PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 184| 0| } \ | | 185| 0| return status; \ | | 186| 0| } \ | | 187| 0| } while (0); | | ------------------ | | | Branch (187:14): [Folded - Ignored] | | ------------------ ------------------ 1317| 0| &mbedtls_threading_key_slot_mutex)); 1318| 0| return (status == PSA_SUCCESS) ? PSA_ERROR_INVALID_HANDLE : status; ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ return (status == PSA_SUCCESS) ? PSA_ERROR_INVALID_HANDLE : status; ------------------ | | 289| 0|#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) ------------------ | Branch (1318:16): [True: 0, False: 0] ------------------ 1319| 0| } 1320| 0|#endif 1321| | /* Set the key slot containing the key description's state to 1322| | * PENDING_DELETION. This stops new operations from registering 1323| | * to read the slot. Current readers can safely continue to access 1324| | * the key within the slot; the last registered reader will 1325| | * automatically wipe the slot when they call psa_unregister_read(). 1326| | * If the key is persistent, we can now delete the copy of the key 1327| | * from memory. If the key is opaque, we require the driver to 1328| | * deal with the deletion. */ 1329| 0| overall_status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, 1330| 0| PSA_SLOT_PENDING_DELETION); 1331| | 1332| 0| if (overall_status != PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1332:9): [True: 0, False: 0] ------------------ 1333| 0| goto exit; 1334| 0| } 1335| | 1336| 0| if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { ------------------ | | 2386| 0| (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ | | ------------------ | | | | 2343| 0| ((psa_key_persistence_t) ((lifetime) & 0x000000ff)) | | ------------------ | | | Branch (2386:5): [True: 0, False: 0] | | ------------------ | | 2387| 0| PSA_KEY_PERSISTENCE_READ_ONLY) | | ------------------ | | | | 2340| 0|#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff) | | ------------------ ------------------ 1337| | /* Refuse the destruction of a read-only key (which may or may not work 1338| | * if we attempt it, depending on whether the key is merely read-only 1339| | * by policy or actually physically read-only). 1340| | * Just do the best we can, which is to wipe the copy in memory 1341| | * (done in this function's cleanup code). */ 1342| 0| overall_status = PSA_ERROR_NOT_PERMITTED; ------------------ | | 86| 0|#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133) ------------------ 1343| 0| goto exit; 1344| 0| } 1345| | 1346| 0|#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 1347| 0| driver = psa_get_se_driver_entry(slot->attr.lifetime); 1348| 0| if (driver != NULL) { ------------------ | Branch (1348:9): [True: 0, False: 0] ------------------ 1349| | /* For a key in a secure element, we need to do three things: 1350| | * remove the key file in internal storage, destroy the 1351| | * key inside the secure element, and update the driver's 1352| | * persistent data. Start a transaction that will encompass these 1353| | * three actions. */ 1354| 0| psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_DESTROY_KEY); ------------------ | | 234| 0|#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ((psa_crypto_transaction_type_t) 0x0002) ------------------ 1355| 0| psa_crypto_transaction.key.lifetime = slot->attr.lifetime; 1356| 0| psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number(slot); 1357| 0| psa_crypto_transaction.key.id = slot->attr.id; 1358| 0| status = psa_crypto_save_transaction(); 1359| 0| if (status != PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1359:13): [True: 0, False: 0] ------------------ 1360| 0| (void) psa_crypto_stop_transaction(); 1361| | /* We should still try to destroy the key in the secure 1362| | * element and the key metadata in storage. This is especially 1363| | * important if the error is that the storage is full. 1364| | * But how to do it exactly without risking an inconsistent 1365| | * state after a reset? 1366| | * https://github.com/ARMmbed/mbed-crypto/issues/215 1367| | */ 1368| 0| overall_status = status; 1369| 0| goto exit; 1370| 0| } 1371| | 1372| 0| status = psa_destroy_se_key(driver, 1373| 0| psa_key_slot_get_slot_number(slot)); 1374| 0| if (overall_status == PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1374:13): [True: 0, False: 0] ------------------ 1375| 0| overall_status = status; 1376| 0| } 1377| 0| } 1378| 0|#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 1379| | 1380| 0|#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) 1381| 0| if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { ------------------ | | 2365| 0| (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ | | ------------------ | | | | 2343| 0| ((psa_key_persistence_t) ((lifetime) & 0x000000ff)) | | ------------------ | | 2366| 0| PSA_KEY_PERSISTENCE_VOLATILE) | | ------------------ | | | | 2328| 0|#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00) | | ------------------ ------------------ | Branch (1381:9): [True: 0, False: 0] ------------------ 1382| | /* Destroy the copy of the persistent key from storage. 1383| | * The slot will still hold a copy of the key until the last reader 1384| | * unregisters. */ 1385| 0| status = psa_destroy_persistent_key(slot->attr.id); 1386| 0| if (overall_status == PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1386:13): [True: 0, False: 0] ------------------ 1387| 0| overall_status = status; 1388| 0| } 1389| 0| } 1390| 0|#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ 1391| | 1392| 0|#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 1393| 0| if (driver != NULL) { ------------------ | Branch (1393:9): [True: 0, False: 0] ------------------ 1394| 0| status = psa_save_se_persistent_data(driver); 1395| 0| if (overall_status == PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1395:13): [True: 0, False: 0] ------------------ 1396| 0| overall_status = status; 1397| 0| } 1398| 0| status = psa_crypto_stop_transaction(); 1399| 0| if (overall_status == PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1399:13): [True: 0, False: 0] ------------------ 1400| 0| overall_status = status; 1401| 0| } 1402| 0| } 1403| 0|#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 1404| | 1405| 0|exit: 1406| | /* Unregister from reading the slot. If we are the last active reader 1407| | * then this will wipe the slot. */ 1408| 0| status = psa_unregister_read(slot); 1409| | /* Prioritize CORRUPTION_DETECTED from unregistering over 1410| | * a storage error. */ 1411| 0| if (status != PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (1411:9): [True: 0, False: 0] ------------------ 1412| 0| overall_status = status; 1413| 0| } 1414| | 1415| 0|#if defined(MBEDTLS_THREADING_C) 1416| | /* Don't overwrite existing errors if the unlock fails. */ 1417| 0| status = overall_status; 1418| 0| PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( ------------------ | | 179| 0| do \ | | 180| 0| { \ | | 181| 0| if ((f) != 0) { \ | | ------------------ | | | Branch (181:13): [True: 0, False: 0] | | ------------------ | | 182| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (182:17): [True: 0, False: 0] | | ------------------ | | 183| 0| return PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 184| 0| } \ | | 185| 0| return status; \ | | 186| 0| } \ | | 187| 0| } while (0); | | ------------------ | | | Branch (187:14): [Folded - Ignored] | | ------------------ ------------------ 1419| 0| &mbedtls_threading_key_slot_mutex)); 1420| 0|#endif 1421| | 1422| 0| return overall_status; 1423| 0|} mbedtls_psa_crypto_free: 8244| 16|{ 8245| | 8246| 16|#if defined(MBEDTLS_THREADING_C) 8247| 16| mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex); 8248| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8249| | 8250| | /* Nothing to do to free transaction. */ 8251| 16| if (global_data.initialized & PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED) { ------------------ | | 108| 16|#define PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED 0x04 ------------------ | Branch (8251:9): [True: 0, False: 16] ------------------ 8252| 0| global_data.initialized &= ~PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED; ------------------ | | 108| 0|#define PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED 0x04 ------------------ 8253| 0| } 8254| | 8255| 16| if (global_data.initialized & PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED) { ------------------ | | 107| 16|#define PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED 0x02 ------------------ | Branch (8255:9): [True: 16, False: 0] ------------------ 8256| 16| psa_wipe_all_key_slots(); 8257| 16| global_data.initialized &= ~PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED; ------------------ | | 107| 16|#define PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED 0x02 ------------------ 8258| 16| } 8259| | 8260| 16|#if defined(MBEDTLS_THREADING_C) 8261| 16| mbedtls_mutex_unlock(&mbedtls_threading_psa_globaldata_mutex); 8262| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8263| | 8264| 16|#if defined(MBEDTLS_THREADING_C) 8265| 16| mbedtls_mutex_lock(&mbedtls_threading_psa_rngdata_mutex); 8266| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8267| | 8268| 16| if (global_data.rng_state != RNG_NOT_INITIALIZED) { ------------------ | | 92| 16|#define RNG_NOT_INITIALIZED 0 ------------------ | Branch (8268:9): [True: 16, False: 0] ------------------ 8269| 16| mbedtls_psa_random_free(&global_data.rng); 8270| 16| } 8271| 16| global_data.rng_state = RNG_NOT_INITIALIZED; ------------------ | | 92| 16|#define RNG_NOT_INITIALIZED 0 ------------------ 8272| 16| mbedtls_platform_zeroize(&global_data.rng, sizeof(global_data.rng)); 8273| | 8274| 16|#if defined(MBEDTLS_THREADING_C) 8275| 16| mbedtls_mutex_unlock(&mbedtls_threading_psa_rngdata_mutex); 8276| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8277| | 8278| 16|#if defined(MBEDTLS_THREADING_C) 8279| 16| mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex); 8280| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8281| | 8282| | /* Terminate drivers */ 8283| 16| if (global_data.initialized & PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED) { ------------------ | | 106| 16|#define PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED 0x01 ------------------ | Branch (8283:9): [True: 16, False: 0] ------------------ 8284| 16| psa_driver_wrapper_free(); 8285| 16| global_data.initialized &= ~PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED; ------------------ | | 106| 16|#define PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED 0x01 ------------------ 8286| 16| } 8287| | 8288| 16|#if defined(MBEDTLS_THREADING_C) 8289| 16| mbedtls_mutex_unlock(&mbedtls_threading_psa_globaldata_mutex); 8290| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8291| | 8292| 16|} psa_crypto_init: 8452| 16|{ 8453| 16| psa_status_t status; 8454| | 8455| | /* Double initialization is explicitly allowed. Early out if everything is 8456| | * done. */ 8457| 16| if (psa_get_initialized()) { ------------------ | Branch (8457:9): [True: 0, False: 16] ------------------ 8458| 0| return PSA_SUCCESS; ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 8459| 0| } 8460| | 8461| 16| status = mbedtls_psa_crypto_init_subsystem(PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS); 8462| 16| if (status != PSA_SUCCESS) { ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (8462:9): [True: 0, False: 16] ------------------ 8463| 0| goto exit; 8464| 0| } 8465| | 8466| 16| status = mbedtls_psa_crypto_init_subsystem(PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS); 8467| 16| if (status != PSA_SUCCESS) { ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (8467:9): [True: 0, False: 16] ------------------ 8468| 0| goto exit; 8469| 0| } 8470| | 8471| 16| status = mbedtls_psa_crypto_init_subsystem(PSA_CRYPTO_SUBSYSTEM_RNG); 8472| 16| if (status != PSA_SUCCESS) { ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (8472:9): [True: 16, False: 0] ------------------ 8473| 16| goto exit; 8474| 16| } 8475| | 8476| 0| status = mbedtls_psa_crypto_init_subsystem(PSA_CRYPTO_SUBSYSTEM_TRANSACTION); 8477| | 8478| 16|exit: 8479| | 8480| 16| if (status != PSA_SUCCESS) { ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (8480:9): [True: 16, False: 0] ------------------ 8481| 16| mbedtls_psa_crypto_free(); 8482| 16| } 8483| | 8484| 16| return status; 8485| 0|} psa_crypto.c:mbedtls_psa_random_free: 7915| 16|{ 7916| |#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 7917| | memset(rng, 0, sizeof(*rng)); 7918| |#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 7919| 16| mbedtls_psa_drbg_free(&rng->drbg); 7920| 16| rng->entropy_free(&rng->entropy); 7921| 16|#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 7922| 16|} psa_crypto.c:psa_get_initialized: 124| 16|{ 125| 16| uint8_t initialized; 126| | 127| 16|#if defined(MBEDTLS_THREADING_C) 128| 16| mbedtls_mutex_lock(&mbedtls_threading_psa_rngdata_mutex); 129| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 130| | 131| 16| initialized = global_data.rng_state == RNG_SEEDED; ------------------ | | 94| 16|#define RNG_SEEDED 2 ------------------ 132| | 133| 16|#if defined(MBEDTLS_THREADING_C) 134| 16| mbedtls_mutex_unlock(&mbedtls_threading_psa_rngdata_mutex); 135| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 136| | 137| 16|#if defined(MBEDTLS_THREADING_C) 138| 16| mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex); 139| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 140| | 141| 16| initialized = 142| 16| (initialized && (global_data.initialized == PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED)); ------------------ | | 110| 0|#define PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED ( \ | | 111| 0| PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED | \ | | ------------------ | | | | 106| 0|#define PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED 0x01 | | ------------------ | | 112| 0| PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED | \ | | ------------------ | | | | 107| 0|#define PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED 0x02 | | ------------------ | | 113| 0| PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED) | | ------------------ | | | | 108| 0|#define PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED 0x04 | | ------------------ ------------------ | Branch (142:10): [True: 0, False: 16] | Branch (142:25): [True: 0, False: 0] ------------------ 143| | 144| 16|#if defined(MBEDTLS_THREADING_C) 145| 16| mbedtls_mutex_unlock(&mbedtls_threading_psa_globaldata_mutex); 146| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 147| | 148| 16| return initialized; 149| 16|} psa_crypto.c:mbedtls_psa_crypto_init_subsystem: 8320| 48|{ 8321| 48| psa_status_t status = PSA_SUCCESS; ------------------ | | 57| 48|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 8322| 48| uint8_t driver_wrappers_initialized = 0; 8323| | 8324| 48| switch (subsystem) { 8325| 16| case PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS: ------------------ | Branch (8325:9): [True: 16, False: 32] ------------------ 8326| | 8327| 16|#if defined(MBEDTLS_THREADING_C) 8328| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex)); ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8329| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8330| | 8331| 16| if (!(global_data.initialized & PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED)) { ------------------ | | 106| 16|#define PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED 0x01 ------------------ | Branch (8331:17): [True: 16, False: 0] ------------------ 8332| | /* Init drivers */ 8333| 16| status = psa_driver_wrapper_init(); 8334| | 8335| | /* Drivers need shutdown regardless of startup errors. */ 8336| 16| global_data.initialized |= PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED; ------------------ | | 106| 16|#define PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED 0x01 ------------------ 8337| | 8338| | 8339| 16| } 8340| 16|#if defined(MBEDTLS_THREADING_C) 8341| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_unlock( ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8342| 16| &mbedtls_threading_psa_globaldata_mutex)); 8343| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8344| | 8345| 16| break; 8346| | 8347| 16| case PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS: ------------------ | Branch (8347:9): [True: 16, False: 32] ------------------ 8348| | 8349| 16|#if defined(MBEDTLS_THREADING_C) 8350| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex)); ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8351| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8352| | 8353| 16| if (!(global_data.initialized & PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED)) { ------------------ | | 107| 16|#define PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED 0x02 ------------------ | Branch (8353:17): [True: 16, False: 0] ------------------ 8354| 16| status = psa_initialize_key_slots(); 8355| | 8356| | /* Need to wipe keys even if initialization fails. */ 8357| 16| global_data.initialized |= PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED; ------------------ | | 107| 16|#define PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED 0x02 ------------------ 8358| | 8359| 16| } 8360| 16|#if defined(MBEDTLS_THREADING_C) 8361| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_unlock( ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8362| 16| &mbedtls_threading_psa_globaldata_mutex)); 8363| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8364| | 8365| 16| break; 8366| | 8367| 16| case PSA_CRYPTO_SUBSYSTEM_RNG: ------------------ | Branch (8367:9): [True: 16, False: 32] ------------------ 8368| | 8369| 16|#if defined(MBEDTLS_THREADING_C) 8370| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex)); ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8371| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8372| | 8373| 16| driver_wrappers_initialized = 8374| 16| (global_data.initialized & PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED); ------------------ | | 106| 16|#define PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED 0x01 ------------------ 8375| | 8376| 16|#if defined(MBEDTLS_THREADING_C) 8377| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_unlock( ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8378| 16| &mbedtls_threading_psa_globaldata_mutex)); 8379| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8380| | 8381| | /* Need to use separate mutex here, as initialisation can require 8382| | * testing of init flags, which requires locking the global data 8383| | * mutex. */ 8384| 16|#if defined(MBEDTLS_THREADING_C) 8385| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock(&mbedtls_threading_psa_rngdata_mutex)); ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8386| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8387| | 8388| | /* Initialize and seed the random generator. */ 8389| 16| if (global_data.rng_state == RNG_NOT_INITIALIZED && driver_wrappers_initialized) { ------------------ | | 92| 32|#define RNG_NOT_INITIALIZED 0 ------------------ | Branch (8389:17): [True: 16, False: 0] | Branch (8389:65): [True: 16, False: 0] ------------------ 8390| 16| mbedtls_psa_random_init(&global_data.rng); 8391| 16| global_data.rng_state = RNG_INITIALIZED; ------------------ | | 93| 16|#define RNG_INITIALIZED 1 ------------------ 8392| | 8393| 16| status = mbedtls_psa_random_seed(&global_data.rng); 8394| 16| if (status == PSA_SUCCESS) { ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (8394:21): [True: 0, False: 16] ------------------ 8395| 0| global_data.rng_state = RNG_SEEDED; ------------------ | | 94| 0|#define RNG_SEEDED 2 ------------------ 8396| 0| } 8397| 16| } 8398| | 8399| 16|#if defined(MBEDTLS_THREADING_C) 8400| 16| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_unlock( ------------------ | | 199| 16| do \ | | 200| 16| { \ | | 201| 16| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 16] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 16| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8401| 16| &mbedtls_threading_psa_rngdata_mutex)); 8402| 16|#endif /* defined(MBEDTLS_THREADING_C) */ 8403| | 8404| 16| break; 8405| | 8406| 0| case PSA_CRYPTO_SUBSYSTEM_TRANSACTION: ------------------ | Branch (8406:9): [True: 0, False: 48] ------------------ 8407| | 8408| 0|#if defined(MBEDTLS_THREADING_C) 8409| 0| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex)); ------------------ | | 199| 0| do \ | | 200| 0| { \ | | 201| 0| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 0] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 0| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8410| 0|#endif /* defined(MBEDTLS_THREADING_C) */ 8411| | 8412| 0| if (!(global_data.initialized & PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED)) { ------------------ | | 108| 0|#define PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED 0x04 ------------------ | Branch (8412:17): [True: 0, False: 0] ------------------ 8413| 0|#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) 8414| 0| status = psa_crypto_load_transaction(); 8415| 0| if (status == PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (8415:21): [True: 0, False: 0] ------------------ 8416| 0| status = psa_crypto_recover_transaction(&psa_crypto_transaction); 8417| 0| if (status == PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (8417:25): [True: 0, False: 0] ------------------ 8418| 0| global_data.initialized |= PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED; ------------------ | | 108| 0|#define PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED 0x04 ------------------ 8419| 0| } 8420| 0| status = psa_crypto_stop_transaction(); 8421| 0| } else if (status == PSA_ERROR_DOES_NOT_EXIST) { ------------------ | | 110| 0|#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140) ------------------ | Branch (8421:28): [True: 0, False: 0] ------------------ 8422| | /* There's no transaction to complete. It's all good. */ 8423| 0| global_data.initialized |= PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED; ------------------ | | 108| 0|#define PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED 0x04 ------------------ 8424| 0| status = PSA_SUCCESS; ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 8425| 0| } 8426| |#else /* defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) */ 8427| | global_data.initialized |= PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED; 8428| | status = PSA_SUCCESS; 8429| |#endif /* defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) */ 8430| 0| } 8431| | 8432| 0|#if defined(MBEDTLS_THREADING_C) 8433| 0| PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_unlock( ------------------ | | 199| 0| do \ | | 200| 0| { \ | | 201| 0| if ((f) != 0) { \ | | ------------------ | | | Branch (201:13): [True: 0, False: 0] | | ------------------ | | 202| 0| if (status == PSA_SUCCESS) { \ | | ------------------ | | | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) | | ------------------ | | | Branch (202:17): [True: 0, False: 0] | | ------------------ | | 203| 0| status = PSA_ERROR_SERVICE_FAILURE; \ | | ------------------ | | | | 285| 0|#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) | | ------------------ | | 204| 0| } \ | | 205| 0| goto exit; \ | | 206| 0| } \ | | 207| 0| } while (0); | | ------------------ | | | Branch (207:14): [Folded - Ignored] | | ------------------ ------------------ 8434| 0| &mbedtls_threading_psa_globaldata_mutex)); 8435| 0|#endif /* defined(MBEDTLS_THREADING_C) */ 8436| | 8437| 0| break; 8438| | 8439| 0| default: ------------------ | Branch (8439:9): [True: 0, False: 48] ------------------ 8440| 0| status = PSA_ERROR_CORRUPTION_DETECTED; ------------------ | | 231| 0|#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151) ------------------ 8441| 48| } 8442| | 8443| | /* Exit label only required when using threading macros. */ 8444| 48|#if defined(MBEDTLS_THREADING_C) 8445| 48|exit: 8446| 48|#endif /* defined(MBEDTLS_THREADING_C) */ 8447| | 8448| 48| return status; 8449| 48|} psa_crypto.c:mbedtls_psa_random_init: 7880| 16|{ 7881| |#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 7882| | memset(rng, 0, sizeof(*rng)); 7883| |#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 7884| | 7885| | /* Set default configuration if 7886| | * mbedtls_psa_crypto_configure_entropy_sources() hasn't been called. */ 7887| 16| if (rng->entropy_init == NULL) { ------------------ | Branch (7887:9): [True: 16, False: 0] ------------------ 7888| 16| rng->entropy_init = mbedtls_entropy_init; 7889| 16| } 7890| 16| if (rng->entropy_free == NULL) { ------------------ | Branch (7890:9): [True: 16, False: 0] ------------------ 7891| 16| rng->entropy_free = mbedtls_entropy_free; 7892| 16| } 7893| | 7894| 16| rng->entropy_init(&rng->entropy); 7895| |#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ 7896| | defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) 7897| | /* The PSA entropy injection feature depends on using NV seed as an entropy 7898| | * source. Add NV seed as an entropy source for PSA entropy injection. */ 7899| | mbedtls_entropy_add_source(&rng->entropy, 7900| | mbedtls_nv_seed_poll, NULL, 7901| | MBEDTLS_ENTROPY_BLOCK_SIZE, 7902| | MBEDTLS_ENTROPY_SOURCE_STRONG); 7903| |#endif 7904| | 7905| 16| mbedtls_psa_drbg_init(&rng->drbg); 7906| 16|#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 7907| 16|} psa_crypto.c:mbedtls_psa_random_seed: 7927| 16|{ 7928| |#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 7929| | /* Do nothing: the external RNG seeds itself. */ 7930| | (void) rng; 7931| | return PSA_SUCCESS; 7932| |#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 7933| 16| const unsigned char drbg_seed[] = "PSA"; 7934| 16| int ret = mbedtls_psa_drbg_seed(&rng->drbg, &rng->entropy, 7935| 16| drbg_seed, sizeof(drbg_seed) - 1); 7936| 16| return mbedtls_to_psa_error(ret); 7937| 16|#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 7938| 16|} psa_crypto.c:mbedtls_psa_drbg_free: 93| 16|{ 94| 16|#if defined(MBEDTLS_CTR_DRBG_C) 95| 16| mbedtls_ctr_drbg_free(p_rng); 96| |#elif defined(MBEDTLS_HMAC_DRBG_C) 97| | mbedtls_hmac_drbg_free(p_rng); 98| |#endif 99| 16|} psa_crypto.c:mbedtls_psa_drbg_init: 80| 16|{ 81| 16|#if defined(MBEDTLS_CTR_DRBG_C) 82| 16| mbedtls_ctr_drbg_init(p_rng); 83| |#elif defined(MBEDTLS_HMAC_DRBG_C) 84| | mbedtls_hmac_drbg_init(p_rng); 85| |#endif 86| 16|} psa_crypto.c:mbedtls_psa_drbg_seed: 115| 16|{ 116| 16|#if defined(MBEDTLS_CTR_DRBG_C) 117| 16| return mbedtls_ctr_drbg_seed(drbg_ctx, mbedtls_entropy_func, entropy, custom, len); 118| |#elif defined(MBEDTLS_HMAC_DRBG_C) 119| | const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE); 120| | return mbedtls_hmac_drbg_seed(drbg_ctx, md_info, mbedtls_entropy_func, entropy, custom, len); 121| |#endif 122| 16|} psa_init_all_se_drivers: 260| 16|{ 261| 16| size_t i; 262| 80| for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { ------------------ | | 48| 80|#define PSA_MAX_SE_DRIVERS 4 ------------------ | Branch (262:17): [True: 64, False: 16] ------------------ 263| 64| psa_se_drv_table_entry_t *driver = &driver_table[i]; 264| 64| if (driver->location == 0) { ------------------ | Branch (264:13): [True: 64, False: 0] ------------------ 265| 64| continue; /* skipping unused entry */ 266| 64| } 267| 0| const psa_drv_se_t *methods = psa_get_se_driver_methods(driver); 268| 0| if (methods->p_init != NULL) { ------------------ | Branch (268:13): [True: 0, False: 0] ------------------ 269| 0| psa_status_t status = methods->p_init( 270| 0| &driver->u.context, 271| 0| driver->u.internal.persistent_data, 272| 0| driver->location); 273| 0| if (status != PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (273:17): [True: 0, False: 0] ------------------ 274| 0| return status; 275| 0| } 276| 0| status = psa_save_se_persistent_data(driver); 277| 0| if (status != PSA_SUCCESS) { ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (277:17): [True: 0, False: 0] ------------------ 278| 0| return status; 279| 0| } 280| 0| } 281| 0| } 282| 16| return PSA_SUCCESS; ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 283| 16|} psa_unregister_all_se_drivers: 357| 16|{ 358| 16| size_t i; 359| 80| for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { ------------------ | | 48| 80|#define PSA_MAX_SE_DRIVERS 4 ------------------ | Branch (359:17): [True: 64, False: 16] ------------------ 360| 64| if (driver_table[i].u.internal.persistent_data != NULL) { ------------------ | Branch (360:13): [True: 0, False: 64] ------------------ 361| 0| mbedtls_free(driver_table[i].u.internal.persistent_data); 362| 0| } 363| 64| } 364| 16| memset(driver_table, 0, sizeof(driver_table)); 365| 16|} psa_initialize_key_slots: 431| 16|{ 432| 16|#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) 433| 16| global_data.key_slices[KEY_SLOT_CACHE_SLICE_INDEX] = ------------------ | | 97| 16|#define KEY_SLOT_CACHE_SLICE_INDEX KEY_SLOT_VOLATILE_SLICE_COUNT | | ------------------ | | | | 95| 16|#define KEY_SLOT_VOLATILE_SLICE_COUNT 22u | | ------------------ ------------------ 434| 16| mbedtls_calloc(PERSISTENT_KEY_CACHE_COUNT, ------------------ | | 81| 16|#define PERSISTENT_KEY_CACHE_COUNT MBEDTLS_PSA_KEY_SLOT_COUNT | | ------------------ | | | | 32| 16|#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 | | ------------------ ------------------ 435| 16| sizeof(*global_data.key_slices[KEY_SLOT_CACHE_SLICE_INDEX])); ------------------ | | 97| 16|#define KEY_SLOT_CACHE_SLICE_INDEX KEY_SLOT_VOLATILE_SLICE_COUNT | | ------------------ | | | | 95| 16|#define KEY_SLOT_VOLATILE_SLICE_COUNT 22u | | ------------------ ------------------ 436| 16| if (global_data.key_slices[KEY_SLOT_CACHE_SLICE_INDEX] == NULL) { ------------------ | | 97| 16|#define KEY_SLOT_CACHE_SLICE_INDEX KEY_SLOT_VOLATILE_SLICE_COUNT | | ------------------ | | | | 95| 16|#define KEY_SLOT_VOLATILE_SLICE_COUNT 22u | | ------------------ ------------------ | Branch (436:9): [True: 0, False: 16] ------------------ 437| 0| return PSA_ERROR_INSUFFICIENT_MEMORY; ------------------ | | 143| 0|#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) ------------------ 438| 0| } 439| |#else /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */ 440| | /* Nothing to do: program startup and psa_wipe_all_key_slots() both 441| | * guarantee that the key slots are initialized to all-zero, which 442| | * means that all the key slots are in a valid, empty state. The global 443| | * data mutex is already held when calling this function, so no need to 444| | * lock it here, to set the flag. */ 445| |#endif /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */ 446| | 447| 16| global_data.key_slots_initialized = 1; 448| 16| return PSA_SUCCESS; ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ 449| 16|} psa_wipe_all_key_slots: 452| 16|{ 453| 384| for (size_t slice_idx = 0; slice_idx < KEY_SLICE_COUNT; slice_idx++) { ------------------ | | 96| 384|#define KEY_SLICE_COUNT (KEY_SLOT_VOLATILE_SLICE_COUNT + 1u) | | ------------------ | | | | 95| 384|#define KEY_SLOT_VOLATILE_SLICE_COUNT 22u | | ------------------ ------------------ | Branch (453:32): [True: 368, False: 16] ------------------ 454| 368|#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) 455| 368| if (global_data.key_slices[slice_idx] == NULL) { ------------------ | Branch (455:13): [True: 352, False: 16] ------------------ 456| 352| continue; 457| 352| } 458| 16|#endif /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */ 459| 528| for (size_t slot_idx = 0; slot_idx < key_slice_length(slice_idx); slot_idx++) { ------------------ | Branch (459:35): [True: 512, False: 16] ------------------ 460| 512| psa_key_slot_t *slot = get_key_slot(slice_idx, slot_idx); 461| 512|#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) 462| | /* When MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled, calling 463| | * psa_wipe_key_slot() on an unused slot is useless, but it 464| | * happens to work (because we flip the state to PENDING_DELETION). 465| | * 466| | * When MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, 467| | * psa_wipe_key_slot() needs to have a valid slice_index 468| | * field, but that value might not be correct in a 469| | * free slot, so we must not call it. 470| | * 471| | * Bypass the call to psa_wipe_key_slot() if the slot is empty, 472| | * but only if MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, to save 473| | * a few bytes of code size otherwise. 474| | */ 475| 512| if (slot->state == PSA_SLOT_EMPTY) { ------------------ | Branch (475:17): [True: 512, False: 0] ------------------ 476| 512| continue; 477| 512| } 478| 0|#endif 479| 0| slot->var.occupied.registered_readers = 1; 480| 0| slot->state = PSA_SLOT_PENDING_DELETION; 481| 0| (void) psa_wipe_key_slot(slot); 482| 0| } 483| 16|#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) 484| 16| mbedtls_free(global_data.key_slices[slice_idx]); 485| 16| global_data.key_slices[slice_idx] = NULL; 486| 16|#endif /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */ 487| 16| } 488| | 489| 16|#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) 490| 368| for (size_t slice_idx = 0; slice_idx < KEY_SLOT_VOLATILE_SLICE_COUNT; slice_idx++) { ------------------ | | 95| 368|#define KEY_SLOT_VOLATILE_SLICE_COUNT 22u ------------------ | Branch (490:32): [True: 352, False: 16] ------------------ 491| 352| global_data.first_free_slot_index[slice_idx] = 0; 492| 352| } 493| 16|#endif /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */ 494| | 495| | /* The global data mutex is already held when calling this function. */ 496| 16| global_data.key_slots_initialized = 0; 497| 16|} psa_crypto_slot_management.c:key_slice_length: 260| 528|{ 261| 528| if (slice_idx == KEY_SLOT_CACHE_SLICE_INDEX) { ------------------ | | 97| 528|#define KEY_SLOT_CACHE_SLICE_INDEX KEY_SLOT_VOLATILE_SLICE_COUNT | | ------------------ | | | | 95| 528|#define KEY_SLOT_VOLATILE_SLICE_COUNT 22u | | ------------------ ------------------ | Branch (261:9): [True: 528, False: 0] ------------------ 262| 528| return PERSISTENT_KEY_CACHE_COUNT; ------------------ | | 81| 528|#define PERSISTENT_KEY_CACHE_COUNT MBEDTLS_PSA_KEY_SLOT_COUNT | | ------------------ | | | | 32| 528|#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 | | ------------------ ------------------ 263| 528| } else { 264| 0|#if defined(MBEDTLS_TEST_HOOKS) 265| 0| if (mbedtls_test_hook_psa_volatile_key_slice_length != NULL) { ------------------ | Branch (265:13): [True: 0, False: 0] ------------------ 266| 0| return mbedtls_test_hook_psa_volatile_key_slice_length(slice_idx); 267| 0| } 268| 0|#endif 269| 0| return KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH << slice_idx; ------------------ | | 94| 0|#define KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH 16u ------------------ 270| 0| } 271| 528|} psa_crypto_slot_management.c:get_key_slot: 296| 512|{ 297| 512| return &global_data.key_slices[slice_idx][slot_idx]; 298| 512|} psa_generic_status_to_mbedtls: 126| 16|{ 127| 16| switch (status) { 128| 0| case PSA_SUCCESS: ------------------ | | 57| 0|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (128:9): [True: 0, False: 16] ------------------ 129| 0| return 0; 130| 0| case PSA_ERROR_NOT_SUPPORTED: ------------------ | | 73| 0|#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) ------------------ | Branch (130:9): [True: 0, False: 16] ------------------ 131| 0| return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; ------------------ | | 105| 0|#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 ------------------ 132| 0| case PSA_ERROR_CORRUPTION_DETECTED: ------------------ | | 231| 0|#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151) ------------------ | Branch (132:9): [True: 0, False: 16] ------------------ 133| 0| return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 134| 0| case PSA_ERROR_COMMUNICATION_FAILURE: ------------------ | | 169| 0|#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145) ------------------ | Branch (134:9): [True: 0, False: 16] ------------------ 135| 0| case PSA_ERROR_HARDWARE_FAILURE: ------------------ | | 200| 0|#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147) ------------------ | Branch (135:9): [True: 0, False: 16] ------------------ 136| 0| return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; ------------------ | | 103| 0|#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 ------------------ 137| 0| case PSA_ERROR_NOT_PERMITTED: ------------------ | | 86| 0|#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133) ------------------ | Branch (137:9): [True: 0, False: 16] ------------------ 138| 16| default: ------------------ | Branch (138:9): [True: 16, False: 0] ------------------ 139| 16| return MBEDTLS_ERR_ERROR_GENERIC_ERROR; ------------------ | | 98| 16|#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 ------------------ 140| 16| } 141| 16|} psa_status_to_mbedtls: 147| 16|{ 148| 128| for (size_t i = 0; i < local_errors_num; i++) { ------------------ | Branch (148:24): [True: 112, False: 16] ------------------ 149| 112| if (status == local_translations[i].psa_status) { ------------------ | Branch (149:13): [True: 0, False: 112] ------------------ 150| 0| return local_translations[i].mbedtls_error; 151| 0| } 152| 112| } 153| 16| return fallback_f(status); 154| 16|} mbedtls_rsa_parse_pubkey: 228| 2|{ 229| 2| unsigned char *p = (unsigned char *) key; 230| 2| unsigned char *end = (unsigned char *) (key + keylen); 231| 2| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 232| 2| size_t len; 233| | 234| | /* 235| | * RSAPublicKey ::= SEQUENCE { 236| | * modulus INTEGER, -- n 237| | * publicExponent INTEGER -- e 238| | * } 239| | */ 240| | 241| 2| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (241:9): [True: 0, False: 2] ------------------ 242| 2| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 2|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 2|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 243| 0| return ret; 244| 0| } 245| | 246| 2| if (end != p + len) { ------------------ | Branch (246:9): [True: 0, False: 2] ------------------ 247| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 248| 0| } 249| | 250| | /* Import N */ 251| 2| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 2|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (251:9): [True: 0, False: 2] ------------------ 252| 0| return ret; 253| 0| } 254| | 255| 2| if ((ret = mbedtls_rsa_import_raw(rsa, p, len, NULL, 0, NULL, 0, ------------------ | Branch (255:9): [True: 0, False: 2] ------------------ 256| 2| NULL, 0, NULL, 0)) != 0) { 257| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 258| 0| } 259| | 260| 2| p += len; 261| | 262| | /* Import E */ 263| 2| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 2|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (263:9): [True: 0, False: 2] ------------------ 264| 0| return ret; 265| 0| } 266| | 267| 2| if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, ------------------ | Branch (267:9): [True: 0, False: 2] ------------------ 268| 2| NULL, 0, p, len)) != 0) { 269| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 270| 0| } 271| | 272| 2| p += len; 273| | 274| 2| if (mbedtls_rsa_complete(rsa) != 0 || ------------------ | Branch (274:9): [True: 0, False: 2] ------------------ 275| 2| mbedtls_rsa_check_pubkey(rsa) != 0) { ------------------ | Branch (275:9): [True: 0, False: 2] ------------------ 276| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 277| 0| } 278| | 279| 2| if (p != end) { ------------------ | Branch (279:9): [True: 0, False: 2] ------------------ 280| 0| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 281| 0| } 282| | 283| 2| return 0; 284| 2|} mbedtls_rsa_import_raw: 600| 4|{ 601| 4| int ret = 0; 602| | 603| 4| if (N != NULL) { ------------------ | Branch (603:9): [True: 2, False: 2] ------------------ 604| 2| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len)); ------------------ | | 41| 2| do \ | | 42| 2| { \ | | 43| 2| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2] | | ------------------ | | 44| 2| goto cleanup; \ | | 45| 2| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 605| 2| ctx->len = mbedtls_mpi_size(&ctx->N); 606| 2| } 607| | 608| 4| if (P != NULL) { ------------------ | Branch (608:9): [True: 0, False: 4] ------------------ 609| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 610| 0| } 611| | 612| 4| if (Q != NULL) { ------------------ | Branch (612:9): [True: 0, False: 4] ------------------ 613| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 614| 0| } 615| | 616| 4| if (D != NULL) { ------------------ | Branch (616:9): [True: 0, False: 4] ------------------ 617| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 618| 0| } 619| | 620| 4| if (E != NULL) { ------------------ | Branch (620:9): [True: 2, False: 2] ------------------ 621| 2| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len)); ------------------ | | 41| 2| do \ | | 42| 2| { \ | | 43| 2| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2] | | ------------------ | | 44| 2| goto cleanup; \ | | 45| 2| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 622| 2| } 623| | 624| 4|cleanup: 625| | 626| 4| if (ret != 0) { ------------------ | Branch (626:9): [True: 0, False: 4] ------------------ 627| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 628| 0| } 629| | 630| 4| return 0; 631| 4|} mbedtls_rsa_complete: 723| 2|{ 724| 2| int ret = 0; 725| 2| int have_N, have_P, have_Q, have_D, have_E; 726| 2|#if !defined(MBEDTLS_RSA_NO_CRT) 727| 2| int have_DP, have_DQ, have_QP; 728| 2|#endif 729| 2| int n_missing, pq_missing, d_missing, is_pub, is_priv; 730| | 731| 2| have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0); 732| 2| have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0); 733| 2| have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0); 734| 2| have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0); 735| 2| have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0); 736| | 737| 2|#if !defined(MBEDTLS_RSA_NO_CRT) 738| 2| have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0); 739| 2| have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0); 740| 2| have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0); 741| 2|#endif 742| | 743| | /* 744| | * Check whether provided parameters are enough 745| | * to deduce all others. The following incomplete 746| | * parameter sets for private keys are supported: 747| | * 748| | * (1) P, Q missing. 749| | * (2) D and potentially N missing. 750| | * 751| | */ 752| | 753| 2| n_missing = have_P && have_Q && have_D && have_E; ------------------ | Branch (753:31): [True: 0, False: 2] | Branch (753:42): [True: 0, False: 0] | Branch (753:53): [True: 0, False: 0] | Branch (753:63): [True: 0, False: 0] ------------------ 754| 2| pq_missing = have_N && !have_P && !have_Q && have_D && have_E; ------------------ | Branch (754:20): [True: 2, False: 0] | Branch (754:30): [True: 2, False: 0] | Branch (754:41): [True: 2, False: 0] | Branch (754:53): [True: 0, False: 2] | Branch (754:63): [True: 0, False: 0] ------------------ 755| 2| d_missing = have_P && have_Q && !have_D && have_E; ------------------ | Branch (755:31): [True: 0, False: 2] | Branch (755:42): [True: 0, False: 0] | Branch (755:52): [True: 0, False: 0] | Branch (755:63): [True: 0, False: 0] ------------------ 756| 2| is_pub = have_N && !have_P && !have_Q && !have_D && have_E; ------------------ | Branch (756:20): [True: 2, False: 0] | Branch (756:30): [True: 2, False: 0] | Branch (756:41): [True: 2, False: 0] | Branch (756:52): [True: 2, False: 0] | Branch (756:63): [True: 2, False: 0] ------------------ 757| | 758| | /* These three alternatives are mutually exclusive */ 759| 2| is_priv = n_missing || pq_missing || d_missing; ------------------ | Branch (759:15): [True: 0, False: 2] | Branch (759:28): [True: 0, False: 2] | Branch (759:42): [True: 0, False: 2] ------------------ 760| | 761| 2| if (!is_priv && !is_pub) { ------------------ | Branch (761:9): [True: 2, False: 0] | Branch (761:21): [True: 0, False: 2] ------------------ 762| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 763| 0| } 764| | 765| | /* 766| | * Step 1: Deduce N if P, Q are provided. 767| | */ 768| | 769| 2| if (!have_N && have_P && have_Q) { ------------------ | Branch (769:9): [True: 0, False: 2] | Branch (769:20): [True: 0, False: 0] | Branch (769:30): [True: 0, False: 0] ------------------ 770| 0| if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, ------------------ | Branch (770:13): [True: 0, False: 0] ------------------ 771| 0| &ctx->Q)) != 0) { 772| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 773| 0| } 774| | 775| 0| ctx->len = mbedtls_mpi_size(&ctx->N); 776| 0| } 777| | 778| | /* 779| | * Step 2: Deduce and verify all remaining core parameters. 780| | */ 781| | 782| 2| if (pq_missing) { ------------------ | Branch (782:9): [True: 0, False: 2] ------------------ 783| 0| ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D, 784| 0| &ctx->P, &ctx->Q); 785| 0| if (ret != 0) { ------------------ | Branch (785:13): [True: 0, False: 0] ------------------ 786| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 787| 0| } 788| | 789| 2| } else if (d_missing) { ------------------ | Branch (789:16): [True: 0, False: 2] ------------------ 790| 0| if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P, ------------------ | Branch (790:13): [True: 0, False: 0] ------------------ 791| 0| &ctx->Q, 792| 0| &ctx->E, 793| 0| &ctx->D)) != 0) { 794| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 795| 0| } 796| 0| } 797| | 798| | /* 799| | * Step 3: Deduce all additional parameters specific 800| | * to our current RSA implementation. 801| | */ 802| | 803| 2|#if !defined(MBEDTLS_RSA_NO_CRT) 804| 2| if (is_priv && !(have_DP && have_DQ && have_QP)) { ------------------ | Branch (804:9): [True: 0, False: 2] | Branch (804:22): [True: 0, False: 0] | Branch (804:33): [True: 0, False: 0] | Branch (804:44): [True: 0, False: 0] ------------------ 805| 0| ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, 806| 0| &ctx->DP, &ctx->DQ, &ctx->QP); 807| 0| if (ret != 0) { ------------------ | Branch (807:13): [True: 0, False: 0] ------------------ 808| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 809| 0| } 810| 0| } 811| 2|#endif /* MBEDTLS_RSA_NO_CRT */ 812| | 813| | /* 814| | * Step 3: Basic sanity checks 815| | */ 816| | 817| 2| return rsa_check_context(ctx, is_priv, 1); 818| 2|} mbedtls_rsa_init: 954| 2|{ 955| 2| memset(ctx, 0, sizeof(mbedtls_rsa_context)); 956| | 957| 2| ctx->padding = MBEDTLS_RSA_PKCS_V15; ------------------ | | 55| 2|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ 958| 2| ctx->hash_id = MBEDTLS_MD_NONE; 959| | 960| 2|#if defined(MBEDTLS_THREADING_C) 961| | /* Set ctx->ver to nonzero to indicate that the mutex has been 962| | * initialized and will need to be freed. */ 963| 2| ctx->ver = 1; 964| 2| mbedtls_mutex_init(&ctx->mutex); 965| 2|#endif 966| 2|} mbedtls_rsa_check_pubkey: 1170| 2|{ 1171| 2| if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) { ------------------ | Branch (1171:9): [True: 0, False: 2] ------------------ 1172| 0| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1173| 0| } 1174| | 1175| 2| if (mbedtls_mpi_bitlen(&ctx->N) < 128) { ------------------ | Branch (1175:9): [True: 0, False: 2] ------------------ 1176| 0| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1177| 0| } 1178| | 1179| 2| if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 || ------------------ | Branch (1179:9): [True: 0, False: 2] ------------------ 1180| 2| mbedtls_mpi_bitlen(&ctx->E) < 2 || ------------------ | Branch (1180:9): [True: 0, False: 2] ------------------ 1181| 2| mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) { ------------------ | Branch (1181:9): [True: 0, False: 2] ------------------ 1182| 0| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1183| 0| } 1184| | 1185| 2| return 0; 1186| 2|} rsa.c:rsa_check_context: 640| 4|{ 641| 4|#if !defined(MBEDTLS_RSA_NO_CRT) 642| | /* blinding_needed is only used for NO_CRT to decide whether 643| | * P,Q need to be present or not. */ 644| 4| ((void) blinding_needed); 645| 4|#endif 646| | 647| 4| if (ctx->len != mbedtls_mpi_size(&ctx->N) || ------------------ | Branch (647:9): [True: 0, False: 4] ------------------ 648| 4| ctx->len > MBEDTLS_MPI_MAX_SIZE) { ------------------ | | 73| 4|#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ ------------------ | Branch (648:9): [True: 0, False: 4] ------------------ 649| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 650| 0| } 651| | 652| | /* 653| | * 1. Modular exponentiation needs positive, odd moduli. 654| | */ 655| | 656| | /* Modular exponentiation wrt. N is always used for 657| | * RSA public key operations. */ 658| 4| if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 || ------------------ | Branch (658:9): [True: 0, False: 4] ------------------ 659| 4| mbedtls_mpi_get_bit(&ctx->N, 0) == 0) { ------------------ | Branch (659:9): [True: 0, False: 4] ------------------ 660| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 661| 0| } 662| | 663| 4|#if !defined(MBEDTLS_RSA_NO_CRT) 664| | /* Modular exponentiation for P and Q is only 665| | * used for private key operations and if CRT 666| | * is used. */ 667| 4| if (is_priv && ------------------ | Branch (667:9): [True: 0, False: 4] ------------------ 668| 4| (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || ------------------ | Branch (668:10): [True: 0, False: 0] ------------------ 669| 0| mbedtls_mpi_get_bit(&ctx->P, 0) == 0 || ------------------ | Branch (669:10): [True: 0, False: 0] ------------------ 670| 0| mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 || ------------------ | Branch (670:10): [True: 0, False: 0] ------------------ 671| 0| mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) { ------------------ | Branch (671:10): [True: 0, False: 0] ------------------ 672| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 673| 0| } 674| 4|#endif /* !MBEDTLS_RSA_NO_CRT */ 675| | 676| | /* 677| | * 2. Exponents must be positive 678| | */ 679| | 680| | /* Always need E for public key operations */ 681| 4| if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) { ------------------ | Branch (681:9): [True: 0, False: 4] ------------------ 682| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 683| 0| } 684| | 685| |#if defined(MBEDTLS_RSA_NO_CRT) 686| | /* For private key operations, use D or DP & DQ 687| | * as (unblinded) exponents. */ 688| | if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) { 689| | return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; 690| | } 691| |#else 692| 4| if (is_priv && ------------------ | Branch (692:9): [True: 0, False: 4] ------------------ 693| 4| (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 || ------------------ | Branch (693:10): [True: 0, False: 0] ------------------ 694| 0| mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) { ------------------ | Branch (694:10): [True: 0, False: 0] ------------------ 695| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 696| 0| } 697| 4|#endif /* MBEDTLS_RSA_NO_CRT */ 698| | 699| | /* Blinding shouldn't make exponents negative either, 700| | * so check that P, Q >= 1 if that hasn't yet been 701| | * done as part of 1. */ 702| |#if defined(MBEDTLS_RSA_NO_CRT) 703| | if (is_priv && blinding_needed && 704| | (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || 705| | mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) { 706| | return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; 707| | } 708| |#endif 709| | 710| | /* It wouldn't lead to an error if it wasn't satisfied, 711| | * but check for QP >= 1 nonetheless. */ 712| 4|#if !defined(MBEDTLS_RSA_NO_CRT) 713| 4| if (is_priv && ------------------ | Branch (713:9): [True: 0, False: 4] ------------------ 714| 4| mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) { ------------------ | Branch (714:9): [True: 0, False: 0] ------------------ 715| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 716| 0| } 717| 4|#endif 718| | 719| 4| return 0; 720| 4|} mbedtls_sha256_init: 226| 16|{ 227| 16| memset(ctx, 0, sizeof(mbedtls_sha256_context)); 228| 16|} mbedtls_sha256_free: 231| 16|{ 232| 16| if (ctx == NULL) { ------------------ | Branch (232:9): [True: 0, False: 16] ------------------ 233| 0| return; 234| 0| } 235| | 236| 16| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context)); 237| 16|} mbedtls_sha256_starts: 249| 16|{ 250| 16|#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C) 251| 16| if (is224 != 0 && is224 != 1) { ------------------ | Branch (251:9): [True: 0, False: 16] | Branch (251:23): [True: 0, False: 0] ------------------ 252| 0| return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; ------------------ | | 23| 0|#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 ------------------ 253| 0| } 254| |#elif defined(MBEDTLS_SHA256_C) 255| | if (is224 != 0) { 256| | return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; 257| | } 258| |#else /* defined MBEDTLS_SHA224_C only */ 259| | if (is224 == 0) { 260| | return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; 261| | } 262| |#endif 263| | 264| 16| ctx->total[0] = 0; 265| 16| ctx->total[1] = 0; 266| | 267| 16| if (is224 == 0) { ------------------ | Branch (267:9): [True: 16, False: 0] ------------------ 268| 16|#if defined(MBEDTLS_SHA256_C) 269| 16| ctx->state[0] = 0x6A09E667; 270| 16| ctx->state[1] = 0xBB67AE85; 271| 16| ctx->state[2] = 0x3C6EF372; 272| 16| ctx->state[3] = 0xA54FF53A; 273| 16| ctx->state[4] = 0x510E527F; 274| 16| ctx->state[5] = 0x9B05688C; 275| 16| ctx->state[6] = 0x1F83D9AB; 276| 16| ctx->state[7] = 0x5BE0CD19; 277| 16|#endif 278| 16| } else { 279| 0|#if defined(MBEDTLS_SHA224_C) 280| 0| ctx->state[0] = 0xC1059ED8; 281| 0| ctx->state[1] = 0x367CD507; 282| 0| ctx->state[2] = 0x3070DD17; 283| 0| ctx->state[3] = 0xF70E5939; 284| 0| ctx->state[4] = 0xFFC00B31; 285| 0| ctx->state[5] = 0x68581511; 286| 0| ctx->state[6] = 0x64F98FA7; 287| 0| ctx->state[7] = 0xBEFA4FA4; 288| 0|#endif 289| 0| } 290| | 291| 16|#if defined(MBEDTLS_SHA224_C) 292| 16| ctx->is224 = is224; 293| 16|#endif 294| | 295| 16| return 0; 296| 16|} mbedtls_sha512_init: 222| 48|{ 223| 48| memset(ctx, 0, sizeof(mbedtls_sha512_context)); 224| 48|} mbedtls_sha512_free: 227| 64|{ 228| 64| if (ctx == NULL) { ------------------ | Branch (228:9): [True: 0, False: 64] ------------------ 229| 0| return; 230| 0| } 231| | 232| 64| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context)); 233| 64|} mbedtls_sha512_starts: 245| 48|{ 246| 48|#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C) 247| 48| if (is384 != 0 && is384 != 1) { ------------------ | Branch (247:9): [True: 16, False: 32] | Branch (247:23): [True: 0, False: 16] ------------------ 248| 0| return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; ------------------ | | 22| 0|#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 ------------------ 249| 0| } 250| |#elif defined(MBEDTLS_SHA512_C) 251| | if (is384 != 0) { 252| | return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; 253| | } 254| |#else /* defined MBEDTLS_SHA384_C only */ 255| | if (is384 == 0) { 256| | return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; 257| | } 258| |#endif 259| | 260| 48| ctx->total[0] = 0; 261| 48| ctx->total[1] = 0; 262| | 263| 48| if (is384 == 0) { ------------------ | Branch (263:9): [True: 32, False: 16] ------------------ 264| 32|#if defined(MBEDTLS_SHA512_C) 265| 32| ctx->state[0] = UL64(0x6A09E667F3BCC908); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 266| 32| ctx->state[1] = UL64(0xBB67AE8584CAA73B); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 267| 32| ctx->state[2] = UL64(0x3C6EF372FE94F82B); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 268| 32| ctx->state[3] = UL64(0xA54FF53A5F1D36F1); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 269| 32| ctx->state[4] = UL64(0x510E527FADE682D1); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 270| 32| ctx->state[5] = UL64(0x9B05688C2B3E6C1F); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 271| 32| ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 272| 32| ctx->state[7] = UL64(0x5BE0CD19137E2179); ------------------ | | 40| 32| #define UL64(x) x##ULL ------------------ 273| 32|#endif /* MBEDTLS_SHA512_C */ 274| 32| } else { 275| 16|#if defined(MBEDTLS_SHA384_C) 276| 16| ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 277| 16| ctx->state[1] = UL64(0x629A292A367CD507); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 278| 16| ctx->state[2] = UL64(0x9159015A3070DD17); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 279| 16| ctx->state[3] = UL64(0x152FECD8F70E5939); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 280| 16| ctx->state[4] = UL64(0x67332667FFC00B31); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 281| 16| ctx->state[5] = UL64(0x8EB44A8768581511); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 282| 16| ctx->state[6] = UL64(0xDB0C2E0D64F98FA7); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 283| 16| ctx->state[7] = UL64(0x47B5481DBEFA4FA4); ------------------ | | 40| 16| #define UL64(x) x##ULL ------------------ 284| 16|#endif /* MBEDTLS_SHA384_C */ 285| 16| } 286| | 287| 48|#if defined(MBEDTLS_SHA384_C) 288| 48| ctx->is384 = is384; 289| 48|#endif 290| | 291| 48| return 0; 292| 48|} mbedtls_internal_sha512_process: 603| 32|{ 604| 32| int i; 605| 32| struct { 606| 32| uint64_t temp1, temp2, W[80]; 607| 32| uint64_t A[8]; 608| 32| } local; 609| | 610| 32|#define SHR(x, n) ((x) >> (n)) 611| 32|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) 612| | 613| 32|#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) 614| 32|#define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) 615| | 616| 32|#define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) 617| 32|#define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) 618| | 619| 32|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) 620| 32|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) 621| | 622| 32|#define P(a, b, c, d, e, f, g, h, x, K) \ 623| 32| do \ 624| 32| { \ 625| 32| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ 626| 32| local.temp2 = S2(a) + F0((a), (b), (c)); \ 627| 32| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ 628| 32| } while (0) 629| | 630| 288| for (i = 0; i < 8; i++) { ------------------ | Branch (630:17): [True: 256, False: 32] ------------------ 631| 256| local.A[i] = ctx->state[i]; 632| 256| } 633| | 634| 32|#if defined(MBEDTLS_SHA512_SMALLER) 635| 2.59k| for (i = 0; i < 80; i++) { ------------------ | Branch (635:17): [True: 2.56k, False: 32] ------------------ 636| 2.56k| if (i < 16) { ------------------ | Branch (636:13): [True: 512, False: 2.04k] ------------------ 637| 512| local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3); ------------------ | | 622| 512| ((MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 512|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (622:6): [Folded - Ignored] | | ------------------ | | 623| 512| ? mbedtls_get_unaligned_uint64((data) + (offset)) \ | | 624| 512| : MBEDTLS_BSWAP64(mbedtls_get_unaligned_uint64((data) + (offset))) \ | | ------------------ | | | | 301| 512|#define MBEDTLS_BSWAP64 __builtin_bswap64 | | ------------------ | | 625| 512| ) ------------------ 638| 2.04k| } else { 639| 2.04k| local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + ------------------ | | 614| 2.04k|#define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) | | ------------------ | | | | 611| 2.04k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | ------------------ | | | | | | 610| 2.04k|#define SHR(x, n) ((x) >> (n)) | | | | ------------------ | | ------------------ | | #define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) | | ------------------ | | | | 611| 2.04k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | ------------------ | | | | | | 610| 2.04k|#define SHR(x, n) ((x) >> (n)) | | | | ------------------ | | ------------------ | | #define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) | | ------------------ | | | | 610| 2.04k|#define SHR(x, n) ((x) >> (n)) | | ------------------ ------------------ 640| 2.04k| S0(local.W[i - 15]) + local.W[i - 16]; ------------------ | | 613| 2.04k|#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) | | ------------------ | | | | 611| 2.04k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | ------------------ | | | | | | 610| 2.04k|#define SHR(x, n) ((x) >> (n)) | | | | ------------------ | | ------------------ | | #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) | | ------------------ | | | | 611| 2.04k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | ------------------ | | | | | | 610| 2.04k|#define SHR(x, n) ((x) >> (n)) | | | | ------------------ | | ------------------ | | #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) | | ------------------ | | | | 610| 2.04k|#define SHR(x, n) ((x) >> (n)) | | ------------------ ------------------ 641| 2.04k| } 642| | 643| 2.56k| P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], ------------------ | | 623| 2.56k| do \ | | 624| 2.56k| { \ | | 625| 2.56k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 617| 2.56k|#define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) | | | | ------------------ | | | | | | 611| 2.56k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | | | ------------------ | | | | | | | | 610| 2.56k|#define SHR(x, n) ((x) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) | | | | ------------------ | | | | | | 611| 2.56k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | | | ------------------ | | | | | | | | 610| 2.56k|#define SHR(x, n) ((x) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) | | | | ------------------ | | | | | | 611| 2.56k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | | | ------------------ | | | | | | | | 610| 2.56k|#define SHR(x, n) ((x) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 620| 2.56k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 626| 2.56k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 616| 2.56k|#define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) | | | | ------------------ | | | | | | 611| 2.56k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | | | ------------------ | | | | | | | | 610| 2.56k|#define SHR(x, n) ((x) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) | | | | ------------------ | | | | | | 611| 2.56k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | | | ------------------ | | | | | | | | 610| 2.56k|#define SHR(x, n) ((x) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) | | | | ------------------ | | | | | | 611| 2.56k|#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) | | | | | | ------------------ | | | | | | | | 610| 2.56k|#define SHR(x, n) ((x) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 619| 2.56k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 627| 2.56k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 628| 2.56k| } while (0) | | ------------------ | | | Branch (628:14): [Folded - Ignored] | | ------------------ ------------------ 644| 2.56k| local.A[5], local.A[6], local.A[7], local.W[i], K[i]); 645| | 646| 2.56k| local.temp1 = local.A[7]; local.A[7] = local.A[6]; 647| 2.56k| local.A[6] = local.A[5]; local.A[5] = local.A[4]; 648| 2.56k| local.A[4] = local.A[3]; local.A[3] = local.A[2]; 649| 2.56k| local.A[2] = local.A[1]; local.A[1] = local.A[0]; 650| 2.56k| local.A[0] = local.temp1; 651| 2.56k| } 652| |#else /* MBEDTLS_SHA512_SMALLER */ 653| | for (i = 0; i < 16; i++) { 654| | local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3); 655| | } 656| | 657| | for (; i < 80; i++) { 658| | local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + 659| | S0(local.W[i - 15]) + local.W[i - 16]; 660| | } 661| | 662| | i = 0; 663| | do { 664| | P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], 665| | local.A[5], local.A[6], local.A[7], local.W[i], K[i]); i++; 666| | P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], 667| | local.A[4], local.A[5], local.A[6], local.W[i], K[i]); i++; 668| | P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], 669| | local.A[3], local.A[4], local.A[5], local.W[i], K[i]); i++; 670| | P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], 671| | local.A[2], local.A[3], local.A[4], local.W[i], K[i]); i++; 672| | P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], 673| | local.A[1], local.A[2], local.A[3], local.W[i], K[i]); i++; 674| | P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], 675| | local.A[0], local.A[1], local.A[2], local.W[i], K[i]); i++; 676| | P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], 677| | local.A[7], local.A[0], local.A[1], local.W[i], K[i]); i++; 678| | P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], 679| | local.A[6], local.A[7], local.A[0], local.W[i], K[i]); i++; 680| | } while (i < 80); 681| |#endif /* MBEDTLS_SHA512_SMALLER */ 682| | 683| 288| for (i = 0; i < 8; i++) { ------------------ | Branch (683:17): [True: 256, False: 32] ------------------ 684| 256| ctx->state[i] += local.A[i]; 685| 256| } 686| | 687| | /* Zeroise buffers and variables to clear sensitive data from memory. */ 688| 32| mbedtls_platform_zeroize(&local, sizeof(local)); 689| | 690| 32| return 0; 691| 32|} mbedtls_sha512_update: 763| 48|{ 764| 48| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 48|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 765| 48| size_t fill; 766| 48| unsigned int left; 767| | 768| 48| if (ilen == 0) { ------------------ | Branch (768:9): [True: 0, False: 48] ------------------ 769| 0| return 0; 770| 0| } 771| | 772| 48| left = (unsigned int) (ctx->total[0] & 0x7F); 773| 48| fill = SHA512_BLOCK_SIZE - left; ------------------ | | 210| 48|#define SHA512_BLOCK_SIZE 128 ------------------ 774| | 775| 48| ctx->total[0] += (uint64_t) ilen; 776| | 777| 48| if (ctx->total[0] < (uint64_t) ilen) { ------------------ | Branch (777:9): [True: 0, False: 48] ------------------ 778| 0| ctx->total[1]++; 779| 0| } 780| | 781| 48| if (left && ilen >= fill) { ------------------ | Branch (781:9): [True: 16, False: 32] | Branch (781:17): [True: 0, False: 16] ------------------ 782| 0| memcpy((void *) (ctx->buffer + left), input, fill); 783| | 784| 0| if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { ------------------ | Branch (784:13): [True: 0, False: 0] ------------------ 785| 0| return ret; 786| 0| } 787| | 788| 0| input += fill; 789| 0| ilen -= fill; 790| 0| left = 0; 791| 0| } 792| | 793| 64| while (ilen >= SHA512_BLOCK_SIZE) { ------------------ | | 210| 64|#define SHA512_BLOCK_SIZE 128 ------------------ | Branch (793:12): [True: 16, False: 48] ------------------ 794| 16| size_t processed = 795| 16| mbedtls_internal_sha512_process_many(ctx, input, ilen); 796| 16| if (processed < SHA512_BLOCK_SIZE) { ------------------ | | 210| 16|#define SHA512_BLOCK_SIZE 128 ------------------ | Branch (796:13): [True: 0, False: 16] ------------------ 797| 0| return MBEDTLS_ERR_ERROR_GENERIC_ERROR; ------------------ | | 98| 0|#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 ------------------ 798| 0| } 799| | 800| 16| input += processed; 801| 16| ilen -= processed; 802| 16| } 803| | 804| 48| if (ilen > 0) { ------------------ | Branch (804:9): [True: 32, False: 16] ------------------ 805| 32| memcpy((void *) (ctx->buffer + left), input, ilen); 806| 32| } 807| | 808| 48| return 0; 809| 48|} mbedtls_sha512_finish: 816| 16|{ 817| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 818| 16| unsigned used; 819| 16| uint64_t high, low; 820| 16| int truncated = 0; 821| | 822| | /* 823| | * Add padding: 0x80 then 0x00 until 16 bytes remain for the length 824| | */ 825| 16| used = ctx->total[0] & 0x7F; 826| | 827| 16| ctx->buffer[used++] = 0x80; 828| | 829| 16| if (used <= 112) { ------------------ | Branch (829:9): [True: 16, False: 0] ------------------ 830| | /* Enough room for padding + length in current block */ 831| 16| memset(ctx->buffer + used, 0, 112 - used); 832| 16| } else { 833| | /* We'll need an extra block */ 834| 0| memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used); ------------------ | | 210| 0|#define SHA512_BLOCK_SIZE 128 ------------------ 835| | 836| 0| if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { ------------------ | Branch (836:13): [True: 0, False: 0] ------------------ 837| 0| goto exit; 838| 0| } 839| | 840| 0| memset(ctx->buffer, 0, 112); 841| 0| } 842| | 843| | /* 844| | * Add message length 845| | */ 846| 16| high = (ctx->total[0] >> 61) 847| 16| | (ctx->total[1] << 3); 848| 16| low = (ctx->total[0] << 3); 849| | 850| 16| sha512_put_uint64_be(high, ctx->buffer, 112); 851| 16| sha512_put_uint64_be(low, ctx->buffer, 120); 852| | 853| 16| if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { ------------------ | Branch (853:9): [True: 0, False: 16] ------------------ 854| 0| goto exit; 855| 0| } 856| | 857| | /* 858| | * Output final state 859| | */ 860| 16| sha512_put_uint64_be(ctx->state[0], output, 0); 861| 16| sha512_put_uint64_be(ctx->state[1], output, 8); 862| 16| sha512_put_uint64_be(ctx->state[2], output, 16); 863| 16| sha512_put_uint64_be(ctx->state[3], output, 24); 864| 16| sha512_put_uint64_be(ctx->state[4], output, 32); 865| 16| sha512_put_uint64_be(ctx->state[5], output, 40); 866| | 867| 16|#if defined(MBEDTLS_SHA384_C) 868| 16| truncated = ctx->is384; 869| 16|#endif 870| 16| if (!truncated) { ------------------ | Branch (870:9): [True: 16, False: 0] ------------------ 871| 16| sha512_put_uint64_be(ctx->state[6], output, 48); 872| 16| sha512_put_uint64_be(ctx->state[7], output, 56); 873| 16| } 874| | 875| 16| ret = 0; 876| | 877| 16|exit: 878| 16| mbedtls_sha512_free(ctx); 879| 16| return ret; 880| 16|} mbedtls_sha512: 891| 16|{ 892| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 893| 16| mbedtls_sha512_context ctx; 894| | 895| 16|#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C) 896| 16| if (is384 != 0 && is384 != 1) { ------------------ | Branch (896:9): [True: 0, False: 16] | Branch (896:23): [True: 0, False: 0] ------------------ 897| 0| return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; ------------------ | | 22| 0|#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 ------------------ 898| 0| } 899| |#elif defined(MBEDTLS_SHA512_C) 900| | if (is384 != 0) { 901| | return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; 902| | } 903| |#else /* defined MBEDTLS_SHA384_C only */ 904| | if (is384 == 0) { 905| | return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; 906| | } 907| |#endif 908| | 909| 16| mbedtls_sha512_init(&ctx); 910| | 911| 16| if ((ret = mbedtls_sha512_starts(&ctx, is384)) != 0) { ------------------ | Branch (911:9): [True: 0, False: 16] ------------------ 912| 0| goto exit; 913| 0| } 914| | 915| 16| if ((ret = mbedtls_sha512_update(&ctx, input, ilen)) != 0) { ------------------ | Branch (915:9): [True: 0, False: 16] ------------------ 916| 0| goto exit; 917| 0| } 918| | 919| 16| if ((ret = mbedtls_sha512_finish(&ctx, output)) != 0) { ------------------ | Branch (919:9): [True: 0, False: 16] ------------------ 920| 0| goto exit; 921| 0| } 922| | 923| 16|exit: 924| 16| mbedtls_sha512_free(&ctx); 925| | 926| 16| return ret; 927| 16|} sha512.c:mbedtls_internal_sha512_process_many: 700| 16|{ 701| 16| size_t processed = 0; 702| | 703| 32| while (len >= SHA512_BLOCK_SIZE) { ------------------ | | 210| 32|#define SHA512_BLOCK_SIZE 128 ------------------ | Branch (703:12): [True: 16, False: 16] ------------------ 704| 16| if (mbedtls_internal_sha512_process_c(ctx, data) != 0) { ------------------ | | 588| 16|#define mbedtls_internal_sha512_process_c mbedtls_internal_sha512_process ------------------ | Branch (704:13): [True: 0, False: 16] ------------------ 705| 0| return 0; 706| 0| } 707| | 708| 16| data += SHA512_BLOCK_SIZE; ------------------ | | 210| 16|#define SHA512_BLOCK_SIZE 128 ------------------ 709| 16| len -= SHA512_BLOCK_SIZE; ------------------ | | 210| 16|#define SHA512_BLOCK_SIZE 128 ------------------ 710| | 711| 16| processed += SHA512_BLOCK_SIZE; ------------------ | | 210| 16|#define SHA512_BLOCK_SIZE 128 ------------------ 712| 16| } 713| | 714| 16| return processed; 715| 16|} sha512.c:sha512_put_uint64_be: 214| 160|{ 215| 160| MBEDTLS_PUT_UINT64_BE(n, b, i); ------------------ | | 637| 160| { \ | | 638| 160| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 160|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 639| 160| { \ | | 640| 0| mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ | | 641| 0| } \ | | 642| 160| else \ | | 643| 160| { \ | | 644| 160| mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \ | | ------------------ | | | | 301| 160|#define MBEDTLS_BSWAP64 __builtin_bswap64 | | ------------------ | | 645| 160| } \ | | 646| 160| } ------------------ 216| 160|} mbedtls_ssl_list_ciphersuites: 1815| 16|{ 1816| | /* 1817| | * On initial call filter out all ciphersuites not supported by current 1818| | * build based on presence in the ciphersuite_definitions. 1819| | */ 1820| 16| if (supported_init == 0) { ------------------ | Branch (1820:9): [True: 1, False: 15] ------------------ 1821| 1| const int *p; 1822| 1| int *q; 1823| | 1824| 1| for (p = ciphersuite_preference, q = supported_ciphersuites; 1825| 191| *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; ------------------ | | 1801| 190|#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ | | 1802| 190| sizeof(ciphersuite_definitions[0]) ------------------ | Branch (1825:14): [True: 190, False: 1] | Branch (1825:25): [True: 190, False: 0] ------------------ 1826| 190| p++) { 1827| 190| const mbedtls_ssl_ciphersuite_t *cs_info; 1828| 190| if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && ------------------ | Branch (1828:17): [True: 190, False: 0] ------------------ 1829| 190| !ciphersuite_is_removed(cs_info)) { ------------------ | Branch (1829:17): [True: 190, False: 0] ------------------ 1830| 190| *(q++) = *p; 1831| 190| } 1832| 190| } 1833| 1| *q = 0; 1834| | 1835| 1| supported_init = 1; 1836| 1| } 1837| | 1838| 16| return supported_ciphersuites; 1839| 16|} mbedtls_ssl_ciphersuite_from_id: 1863| 3.23k|{ 1864| 3.23k| const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1865| | 1866| 308k| while (cur->id != 0) { ------------------ | Branch (1866:12): [True: 308k, False: 0] ------------------ 1867| 308k| if (cur->id == ciphersuite) { ------------------ | Branch (1867:13): [True: 3.23k, False: 305k] ------------------ 1868| 3.23k| return cur; 1869| 3.23k| } 1870| | 1871| 305k| cur++; 1872| 305k| } 1873| | 1874| 0| return NULL; 1875| 3.23k|} mbedtls_ssl_ciphersuite_uses_ec: 2016| 2.28k|{ 2017| 2.28k| switch (info->key_exchange) { 2018| 256| case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: ------------------ | Branch (2018:9): [True: 256, False: 2.02k] ------------------ 2019| 576| case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: ------------------ | Branch (2019:9): [True: 320, False: 1.96k] ------------------ 2020| 648| case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: ------------------ | Branch (2020:9): [True: 72, False: 2.21k] ------------------ 2021| 888| case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: ------------------ | Branch (2021:9): [True: 240, False: 2.04k] ------------------ 2022| 1.12k| case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: ------------------ | Branch (2022:9): [True: 240, False: 2.04k] ------------------ 2023| 1.12k| case MBEDTLS_KEY_EXCHANGE_ECJPAKE: ------------------ | Branch (2023:9): [True: 0, False: 2.28k] ------------------ 2024| 1.12k| return 1; 2025| | 2026| 1.15k| default: ------------------ | Branch (2026:9): [True: 1.15k, False: 1.12k] ------------------ 2027| 1.15k| return 0; 2028| 2.28k| } 2029| 2.28k|} mbedtls_ssl_ciphersuite_uses_psk: 2036| 3.02k|{ 2037| 3.02k| switch (info->key_exchange) { 2038| 352| case MBEDTLS_KEY_EXCHANGE_PSK: ------------------ | Branch (2038:9): [True: 352, False: 2.67k] ------------------ 2039| 640| case MBEDTLS_KEY_EXCHANGE_RSA_PSK: ------------------ | Branch (2039:9): [True: 288, False: 2.73k] ------------------ 2040| 992| case MBEDTLS_KEY_EXCHANGE_DHE_PSK: ------------------ | Branch (2040:9): [True: 352, False: 2.67k] ------------------ 2041| 1.18k| case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: ------------------ | Branch (2041:9): [True: 192, False: 2.83k] ------------------ 2042| 1.18k| return 1; 2043| | 2044| 1.84k| default: ------------------ | Branch (2044:9): [True: 1.84k, False: 1.18k] ------------------ 2045| 1.84k| return 0; 2046| 3.02k| } 2047| 3.02k|} ssl_ciphersuites.c:ciphersuite_is_removed: 1808| 190|{ 1809| 190| (void) cs_info; 1810| | 1811| 190| return 0; 1812| 190|} mbedtls_ssl_write_client_hello: 914| 16|{ 915| 16| int ret = 0; 916| 16| unsigned char *buf; 917| 16| size_t buf_len, msg_len, binders_len; 918| | 919| 16| MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client hello")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 920| | 921| 16| MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl)); ------------------ | | 218| 16| do { \ | | 219| 16| ret = (f); \ | | 220| 16| if (ret != 0) \ | | ------------------ | | | Branch (220:13): [True: 0, False: 16] | | ------------------ | | 221| 16| { \ | | 222| 0| goto cleanup; \ | | 223| 0| } \ | | 224| 16| } while (0) | | ------------------ | | | Branch (224:14): [Folded - Ignored] | | ------------------ ------------------ 922| | 923| 16| MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( ------------------ | | 218| 16| do { \ | | 219| 16| ret = (f); \ | | 220| 16| if (ret != 0) \ | | ------------------ | | | Branch (220:13): [True: 0, False: 16] | | ------------------ | | 221| 16| { \ | | 222| 0| goto cleanup; \ | | 223| 0| } \ | | 224| 16| } while (0) | | ------------------ | | | Branch (224:14): [Folded - Ignored] | | ------------------ ------------------ 924| 16| ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, 925| 16| &buf, &buf_len)); 926| | 927| 16| MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf, ------------------ | | 218| 16| do { \ | | 219| 16| ret = (f); \ | | 220| 16| if (ret != 0) \ | | ------------------ | | | Branch (220:13): [True: 16, False: 0] | | ------------------ | | 221| 16| { \ | | 222| 16| goto cleanup; \ | | 223| 16| } \ | | 224| 16| } while (0) | | ------------------ | | | Branch (224:14): [Folded - Ignored] | | ------------------ ------------------ 928| 16| buf + buf_len, 929| 16| &msg_len, 930| 16| &binders_len)); 931| | 932| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS) 933| 0| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 0|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (933:9): [True: 0, False: 0] ------------------ 934| 0| ssl->out_msglen = msg_len + 4; 935| 0| mbedtls_ssl_send_flight_completed(ssl); 936| | 937| | /* 938| | * The two functions below may try to send data on the network and 939| | * can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they 940| | * fail to do so and the transmission has to be retried later. In that 941| | * case as in fatal error cases, we return immediately. But we must have 942| | * set the handshake state to the next state at that point to ensure 943| | * that we will not write and send again a ClientHello when we 944| | * eventually succeed in sending the pending data. 945| | */ 946| 0| mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); 947| | 948| 0| if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { ------------------ | Branch (948:13): [True: 0, False: 0] ------------------ 949| 0| MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 950| 0| return ret; 951| 0| } 952| | 953| 0| if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { ------------------ | Branch (953:13): [True: 0, False: 0] ------------------ 954| 0| MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 955| 0| return ret; 956| 0| } 957| 0| } else 958| 0|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ 959| 0| { 960| | 961| 0| ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, 962| 0| MBEDTLS_SSL_HS_CLIENT_HELLO, ------------------ | | 565| 0|#define MBEDTLS_SSL_HS_CLIENT_HELLO 1 ------------------ 963| 0| msg_len); 964| 0| if (ret != 0) { ------------------ | Branch (964:13): [True: 0, False: 0] ------------------ 965| 0| MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_add_hs_hdr_to_checksum", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 966| 0| return ret; 967| 0| } 968| 0| ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); 969| 0| if (ret != 0) { ------------------ | Branch (969:13): [True: 0, False: 0] ------------------ 970| 0| MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 971| 0| return ret; 972| 0| } 973| 0|#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) 974| 0| if (binders_len > 0) { ------------------ | Branch (974:13): [True: 0, False: 0] ------------------ 975| 0| MBEDTLS_SSL_PROC_CHK( ------------------ | | 218| 0| do { \ | | 219| 0| ret = (f); \ | | 220| 0| if (ret != 0) \ | | ------------------ | | | Branch (220:13): [True: 0, False: 0] | | ------------------ | | 221| 0| { \ | | 222| 0| goto cleanup; \ | | 223| 0| } \ | | 224| 0| } while (0) | | ------------------ | | | Branch (224:14): [Folded - Ignored] | | ------------------ ------------------ 976| 0| mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( 977| 0| ssl, buf + msg_len - binders_len, buf + msg_len)); 978| 0| ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, 979| 0| binders_len); 980| 0| if (ret != 0) { ------------------ | Branch (980:17): [True: 0, False: 0] ------------------ 981| 0| MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 982| 0| return ret; 983| 0| } 984| 0| } 985| 0|#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ 986| | 987| 0| MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, ------------------ | | 218| 0| do { \ | | 219| 0| ret = (f); \ | | 220| 0| if (ret != 0) \ | | ------------------ | | | Branch (220:13): [True: 0, False: 0] | | ------------------ | | 221| 0| { \ | | 222| 0| goto cleanup; \ | | 223| 0| } \ | | 224| 0| } while (0) | | ------------------ | | | Branch (224:14): [Folded - Ignored] | | ------------------ ------------------ 988| 0| buf_len, 989| 0| msg_len)); 990| | 991| | /* 992| | * Set next state. Note that if TLS 1.3 is proposed, this may be 993| | * overwritten by mbedtls_ssl_tls13_finalize_client_hello(). 994| | */ 995| 0| mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); 996| | 997| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 998| 0| if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && ------------------ | Branch (998:13): [True: 0, False: 0] ------------------ 999| 0| MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version) { ------------------ | Branch (999:13): [True: 0, False: 0] ------------------ 1000| 0| ret = mbedtls_ssl_tls13_finalize_client_hello(ssl); 1001| 0| } 1002| 0|#endif 1003| 0| } 1004| | 1005| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 1006| 0| MBEDTLS_SSL_PRINT_EXTS( ------------------ | | 58| 0| mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__, \ | | 59| 0| hs_msg_type, extensions_mask, NULL) ------------------ 1007| 0| 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions); 1008| 0|#endif 1009| | 1010| 16|cleanup: 1011| | 1012| 16| MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1013| 16| return ret; 1014| 0|} ssl_client.c:ssl_prepare_client_hello: 737| 16|{ 738| 16| int ret; 739| 16| size_t session_id_len; 740| 16| mbedtls_ssl_session *session_negotiate = ssl->session_negotiate; 741| | 742| 16| if (session_negotiate == NULL) { ------------------ | Branch (742:9): [True: 0, False: 16] ------------------ 743| 0| return MBEDTLS_ERR_SSL_INTERNAL_ERROR; ------------------ | | 125| 0|#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 ------------------ 744| 0| } 745| | 746| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ 747| 16| defined(MBEDTLS_SSL_SESSION_TICKETS) && \ 748| 16| defined(MBEDTLS_HAVE_TIME) 749| | 750| | /* Check if a tls13 ticket has been configured. */ 751| 16| if (ssl->handshake->resume != 0 && ------------------ | Branch (751:9): [True: 0, False: 16] ------------------ 752| 16| session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && ------------------ | Branch (752:9): [True: 0, False: 0] ------------------ 753| 16| session_negotiate->ticket != NULL) { ------------------ | Branch (753:9): [True: 0, False: 0] ------------------ 754| 0| mbedtls_ms_time_t now = mbedtls_ms_time(); 755| 0| mbedtls_ms_time_t age = now - session_negotiate->ticket_reception_time; 756| 0| if (age < 0 || ------------------ | Branch (756:13): [True: 0, False: 0] ------------------ 757| 0| age > (mbedtls_ms_time_t) session_negotiate->ticket_lifetime * 1000) { ------------------ | Branch (757:13): [True: 0, False: 0] ------------------ 758| | /* Without valid ticket, disable session resumption.*/ 759| 0| MBEDTLS_SSL_DEBUG_MSG( ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 760| 0| 3, ("Ticket expired, disable session resumption")); 761| 0| ssl->handshake->resume = 0; 762| 0| } 763| 0| } 764| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && 765| | MBEDTLS_SSL_SESSION_TICKETS && 766| | MBEDTLS_HAVE_TIME */ 767| | 768| | /* Bet on the highest configured version if we are not in a TLS 1.2 769| | * renegotiation or session resumption. 770| | */ 771| 16|#if defined(MBEDTLS_SSL_RENEGOTIATION) 772| 16| if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { ------------------ | | 61| 16|#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 ------------------ | Branch (772:9): [True: 0, False: 16] ------------------ 773| 0| ssl->handshake->min_tls_version = ssl->tls_version; 774| 0| } else 775| 16|#endif 776| 16| { 777| 16| if (ssl->handshake->resume) { ------------------ | Branch (777:13): [True: 0, False: 16] ------------------ 778| 0| ssl->tls_version = session_negotiate->tls_version; 779| 0| ssl->handshake->min_tls_version = ssl->tls_version; 780| 16| } else { 781| 16| ssl->handshake->min_tls_version = ssl->conf->min_tls_version; 782| 16| } 783| 16| } 784| | 785| | /* 786| | * Generate the random bytes, except when responding to a verify request 787| | * where we MUST reuse the previously generated random bytes 788| | * (RFC 6347 4.2.1). 789| | */ 790| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 791| 16| if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (791:9): [True: 16, False: 0] ------------------ 792| 16| (ssl->handshake->cookie == NULL)) ------------------ | Branch (792:9): [True: 0, False: 0] ------------------ 793| 16|#endif 794| 16| { 795| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 796| 16| if (!ssl->handshake->hello_retry_request_flag) ------------------ | Branch (796:13): [True: 16, False: 0] ------------------ 797| 16|#endif 798| 16| { 799| 16| ret = ssl_generate_random(ssl); 800| 16| if (ret != 0) { ------------------ | Branch (800:17): [True: 0, False: 16] ------------------ 801| 0| MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 802| 0| return ret; 803| 0| } 804| 16| } 805| 16| } 806| | 807| | /* 808| | * Prepare session identifier. At that point, the length of the session 809| | * identifier in the SSL context `ssl->session_negotiate->id_len` is equal 810| | * to zero, except in the case of a TLS 1.2 session renegotiation or 811| | * session resumption. 812| | */ 813| 16| session_id_len = session_negotiate->id_len; 814| | 815| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 816| 16| if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { ------------------ | Branch (816:9): [True: 0, False: 16] ------------------ 817| 0| if (session_id_len < 16 || session_id_len > 32 || ------------------ | Branch (817:13): [True: 0, False: 0] | Branch (817:36): [True: 0, False: 0] ------------------ 818| 0|#if defined(MBEDTLS_SSL_RENEGOTIATION) 819| 0| ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || ------------------ | | 61| 0|#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 ------------------ | Branch (819:13): [True: 0, False: 0] ------------------ 820| 0|#endif 821| 0| ssl->handshake->resume == 0) { ------------------ | Branch (821:13): [True: 0, False: 0] ------------------ 822| 0| session_id_len = 0; 823| 0| } 824| | 825| 0|#if defined(MBEDTLS_SSL_SESSION_TICKETS) 826| | /* 827| | * RFC 5077 section 3.4: "When presenting a ticket, the client MAY 828| | * generate and include a Session ID in the TLS ClientHello." 829| | */ 830| 0| int renegotiating = 0; 831| 0|#if defined(MBEDTLS_SSL_RENEGOTIATION) 832| 0| if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { ------------------ | | 61| 0|#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 ------------------ | Branch (832:13): [True: 0, False: 0] ------------------ 833| 0| renegotiating = 1; 834| 0| } 835| 0|#endif 836| 0| if (!renegotiating) { ------------------ | Branch (836:13): [True: 0, False: 0] ------------------ 837| 0| if ((session_negotiate->ticket != NULL) && ------------------ | Branch (837:17): [True: 0, False: 0] ------------------ 838| 0| (session_negotiate->ticket_len != 0)) { ------------------ | Branch (838:17): [True: 0, False: 0] ------------------ 839| 0| session_id_len = 32; 840| 0| } 841| 0| } 842| 0|#endif /* MBEDTLS_SSL_SESSION_TICKETS */ 843| 0| } 844| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 845| | 846| 16|#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) 847| 16| if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { ------------------ | Branch (847:9): [True: 16, False: 0] ------------------ 848| | /* 849| | * Create a legacy session identifier for the purpose of middlebox 850| | * compatibility only if one has not been created already, which is 851| | * the case if we are here for the TLS 1.3 second ClientHello. 852| | * 853| | * Versions of TLS before TLS 1.3 supported a "session resumption" 854| | * feature which has been merged with pre-shared keys in TLS 1.3 855| | * version. A client which has a cached session ID set by a pre-TLS 1.3 856| | * server SHOULD set this field to that value. In compatibility mode, 857| | * this field MUST be non-empty, so a client not offering a pre-TLS 1.3 858| | * session MUST generate a new 32-byte value. This value need not be 859| | * random but SHOULD be unpredictable to avoid implementations fixating 860| | * on a specific value (also known as ossification). Otherwise, it MUST 861| | * be set as a zero-length vector ( i.e., a zero-valued single byte 862| | * length field ). 863| | */ 864| 16| session_id_len = 32; 865| 16| } 866| 16|#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ 867| | 868| 16| if (session_id_len != session_negotiate->id_len) { ------------------ | Branch (868:9): [True: 16, False: 0] ------------------ 869| 16| session_negotiate->id_len = session_id_len; 870| 16| if (session_id_len > 0) { ------------------ | Branch (870:13): [True: 16, False: 0] ------------------ 871| 16| ret = ssl->conf->f_rng(ssl->conf->p_rng, 872| 16| session_negotiate->id, 873| 16| session_id_len); 874| 16| if (ret != 0) { ------------------ | Branch (874:17): [True: 0, False: 16] ------------------ 875| 0| MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 876| 0| return ret; 877| 0| } 878| 16| } 879| 16| } 880| | 881| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ 882| 16| defined(MBEDTLS_SSL_SESSION_TICKETS) && \ 883| 16| defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 884| 16| if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && ------------------ | Branch (884:9): [True: 16, False: 0] ------------------ 885| 16| ssl->handshake->resume) { ------------------ | Branch (885:9): [True: 0, False: 16] ------------------ 886| 0| int hostname_mismatch = ssl->hostname != NULL || ------------------ | Branch (886:33): [True: 0, False: 0] ------------------ 887| 0| session_negotiate->hostname != NULL; ------------------ | Branch (887:33): [True: 0, False: 0] ------------------ 888| 0| if (ssl->hostname != NULL && session_negotiate->hostname != NULL) { ------------------ | Branch (888:13): [True: 0, False: 0] | Branch (888:38): [True: 0, False: 0] ------------------ 889| 0| hostname_mismatch = strcmp( 890| 0| ssl->hostname, session_negotiate->hostname) != 0; 891| 0| } 892| | 893| 0| if (hostname_mismatch) { ------------------ | Branch (893:13): [True: 0, False: 0] ------------------ 894| 0| MBEDTLS_SSL_DEBUG_MSG( ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 895| 0| 1, ("Hostname mismatch the session ticket, " 896| 0| "disable session resumption.")); 897| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 898| 0| } 899| 16| } else { 900| 16| return mbedtls_ssl_session_set_hostname(session_negotiate, 901| 16| ssl->hostname); 902| 16| } 903| 0|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && 904| | MBEDTLS_SSL_SESSION_TICKETS && 905| | MBEDTLS_SSL_SERVER_NAME_INDICATION */ 906| | 907| 0| return 0; 908| 16|} ssl_client.c:ssl_generate_random: 700| 16|{ 701| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 702| 16| unsigned char *randbytes = ssl->handshake->randbytes; 703| 16| size_t gmt_unix_time_len = 0; 704| | 705| | /* 706| | * Generate the random bytes 707| | * 708| | * TLS 1.2 case: 709| | * struct { 710| | * uint32 gmt_unix_time; 711| | * opaque random_bytes[28]; 712| | * } Random; 713| | * 714| | * TLS 1.3 case: 715| | * opaque Random[32]; 716| | */ 717| 16| if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { ------------------ | Branch (717:9): [True: 0, False: 16] ------------------ 718| 0|#if defined(MBEDTLS_HAVE_TIME) 719| 0| mbedtls_time_t gmt_unix_time = mbedtls_time(NULL); 720| 0| MBEDTLS_PUT_UINT32_BE(gmt_unix_time, randbytes, 0); ------------------ | | 428| 0| { \ | | 429| 0| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 0|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 0| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 0| else \ | | 434| 0| { \ | | 435| 0| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 0|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 0| } \ | | 437| 0| } ------------------ 721| 0| gmt_unix_time_len = 4; 722| | 723| 0| MBEDTLS_SSL_DEBUG_MSG(3, ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 724| 0| ("client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, 725| 0| (long long) gmt_unix_time)); 726| 0|#endif /* MBEDTLS_HAVE_TIME */ 727| 0| } 728| | 729| 16| ret = ssl->conf->f_rng(ssl->conf->p_rng, 730| 16| randbytes + gmt_unix_time_len, 731| 16| MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); ------------------ | | 409| 16|#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 ------------------ 732| 16| return ret; 733| 16|} ssl_client.c:ssl_write_client_hello_body: 441| 16|{ 442| 16| int ret; 443| 16| mbedtls_ssl_handshake_params *handshake = ssl->handshake; 444| 16| unsigned char *p = buf; 445| 16| unsigned char *p_extensions_len; /* Pointer to extensions length */ 446| 16| size_t output_len; /* Length of buffer used by function */ 447| 16| size_t extensions_len; /* Length of the list of extensions*/ 448| 16| int tls12_uses_ec = 0; 449| | 450| 16| *out_len = 0; 451| 16| *binders_len = 0; 452| | 453| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 454| 16| unsigned char propose_tls12 = 455| 16| (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) ------------------ | Branch (455:9): [True: 16, False: 0] ------------------ 456| 16| && 457| 16| (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version); ------------------ | Branch (457:9): [True: 16, False: 0] ------------------ 458| 16|#endif 459| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 460| 16| unsigned char propose_tls13 = 461| 16| (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3) ------------------ | Branch (461:9): [True: 16, False: 0] ------------------ 462| 16| && 463| 16| (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version); ------------------ | Branch (463:9): [True: 16, False: 0] ------------------ 464| 16|#endif 465| | 466| | /* 467| | * Write client_version (TLS 1.2) or legacy_version (TLS 1.3) 468| | * 469| | * In all cases this is the TLS 1.2 version. 470| | */ 471| 16| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); ------------------ | | 545| 16| do { \ | | 546| 16| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 16] | | ------------------ | | 547| 16| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 16| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 472| 16| mbedtls_ssl_write_version(p, ssl->conf->transport, 473| 16| MBEDTLS_SSL_VERSION_TLS1_2); 474| 16| p += 2; 475| | 476| | /* ... 477| | * Random random; 478| | * ... 479| | * 480| | * The random bytes have been prepared by ssl_prepare_client_hello() into 481| | * the handshake->randbytes buffer and are copied here into the output 482| | * buffer. 483| | */ 484| 16| MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); ------------------ | | 545| 16| do { \ | | 546| 16| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 16] | | ------------------ | | 547| 16| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 16| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 485| 16| memcpy(p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); ------------------ | | 409| 16|#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 ------------------ 486| 16| MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", ------------------ | | 33| 16| mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) ------------------ 487| 16| p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); 488| 16| p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; ------------------ | | 409| 16|#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 ------------------ 489| | 490| | /* TLS 1.2: 491| | * ... 492| | * SessionID session_id; 493| | * ... 494| | * with 495| | * opaque SessionID<0..32>; 496| | * 497| | * TLS 1.3: 498| | * ... 499| | * opaque legacy_session_id<0..32>; 500| | * ... 501| | * 502| | * The (legacy) session identifier bytes have been prepared by 503| | * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer 504| | * and are copied here into the output buffer. 505| | */ 506| 16| MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1); ------------------ | | 545| 16| do { \ | | 546| 16| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 16] | | ------------------ | | 547| 16| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 16| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 507| 16| *p++ = (unsigned char) ssl->session_negotiate->id_len; 508| 16| memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); 509| 16| p += ssl->session_negotiate->id_len; 510| | 511| 16| MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, ------------------ | | 33| 16| mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) ------------------ 512| 16| ssl->session_negotiate->id_len); 513| | 514| | /* DTLS 1.2 ONLY 515| | * ... 516| | * opaque cookie<0..2^8-1>; 517| | * ... 518| | */ 519| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS) 520| 16| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (520:9): [True: 0, False: 16] ------------------ 521| |#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) 522| | uint8_t cookie_len = 0; 523| |#else 524| 0| uint16_t cookie_len = 0; 525| 0|#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */ 526| | 527| 0| if (handshake->cookie != NULL) { ------------------ | Branch (527:13): [True: 0, False: 0] ------------------ 528| 0| MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", ------------------ | | 33| 0| mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) ------------------ 529| 0| handshake->cookie, 530| 0| handshake->cookie_len); 531| 0| cookie_len = handshake->cookie_len; 532| 0| } 533| | 534| 0| MBEDTLS_SSL_CHK_BUF_PTR(p, end, cookie_len + 1); ------------------ | | 545| 0| do { \ | | 546| 0| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 0] | | ------------------ | | 547| 0| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 0| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 535| 0| *p++ = (unsigned char) cookie_len; 536| 0| if (cookie_len > 0) { ------------------ | Branch (536:13): [True: 0, False: 0] ------------------ 537| 0| memcpy(p, handshake->cookie, cookie_len); 538| 0| p += cookie_len; 539| 0| } 540| 0| } 541| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ 542| | 543| | /* Write cipher_suites */ 544| 16| ret = ssl_write_client_hello_cipher_suites(ssl, p, end, 545| 16| &tls12_uses_ec, 546| 16| &output_len); 547| 16| if (ret != 0) { ------------------ | Branch (547:9): [True: 0, False: 16] ------------------ 548| 0| return ret; 549| 0| } 550| 16| p += output_len; 551| | 552| | /* Write legacy_compression_methods (TLS 1.3) or 553| | * compression_methods (TLS 1.2) 554| | * 555| | * For every TLS 1.3 ClientHello, this vector MUST contain exactly 556| | * one byte set to zero, which corresponds to the 'null' compression 557| | * method in prior versions of TLS. 558| | * 559| | * For TLS 1.2 ClientHello, for security reasons we do not support 560| | * compression anymore, thus also just the 'null' compression method. 561| | */ 562| 16| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); ------------------ | | 545| 16| do { \ | | 546| 16| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 16] | | ------------------ | | 547| 16| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 16| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 563| 16| *p++ = 1; 564| 16| *p++ = MBEDTLS_SSL_COMPRESS_NULL; ------------------ | | 294| 16|#define MBEDTLS_SSL_COMPRESS_NULL 0 ------------------ 565| | 566| | /* Write extensions */ 567| | 568| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 569| | /* Keeping track of the included extensions */ 570| 16| handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; ------------------ | | 110| 16|#define MBEDTLS_SSL_EXT_MASK_NONE 0 ------------------ 571| 16|#endif 572| | 573| | /* First write extensions, then the total length */ 574| 16| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); ------------------ | | 545| 16| do { \ | | 546| 16| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 16] | | ------------------ | | 547| 16| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 16| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 575| 16| p_extensions_len = p; 576| 16| p += 2; 577| | 578| 16|#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 579| | /* Write server name extension */ 580| 16| ret = ssl_write_hostname_ext(ssl, p, end, &output_len); 581| 16| if (ret != 0) { ------------------ | Branch (581:9): [True: 0, False: 16] ------------------ 582| 0| return ret; 583| 0| } 584| 16| p += output_len; 585| 16|#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ 586| | 587| 16|#if defined(MBEDTLS_SSL_ALPN) 588| 16| ret = ssl_write_alpn_ext(ssl, p, end, &output_len); 589| 16| if (ret != 0) { ------------------ | Branch (589:9): [True: 0, False: 16] ------------------ 590| 0| return ret; 591| 0| } 592| 16| p += output_len; 593| 16|#endif /* MBEDTLS_SSL_ALPN */ 594| | 595| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 596| 16| if (propose_tls13) { ------------------ | Branch (596:9): [True: 16, False: 0] ------------------ 597| 16| ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end, 598| 16| &output_len); 599| 16| if (ret != 0) { ------------------ | Branch (599:13): [True: 16, False: 0] ------------------ 600| 16| return ret; 601| 16| } 602| 0| p += output_len; 603| 0| } 604| 0|#endif 605| | 606| 0|#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) || \ 607| 0| defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) 608| 0| { 609| 0| int ssl_write_supported_groups_ext_flags = 0; 610| | 611| 0|#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) 612| 0| if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { ------------------ | Branch (612:13): [True: 0, False: 0] | Branch (612:30): [True: 0, False: 0] ------------------ 613| 0| ssl_write_supported_groups_ext_flags |= 614| 0| SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG; ------------------ | | 214| 0|#define SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG 2 ------------------ 615| 0| } 616| 0|#endif 617| 0|#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) 618| 0| if (propose_tls12 && tls12_uses_ec) { ------------------ | Branch (618:13): [True: 0, False: 0] | Branch (618:30): [True: 0, False: 0] ------------------ 619| 0| ssl_write_supported_groups_ext_flags |= 620| 0| SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG; ------------------ | | 213| 0|#define SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG 1 ------------------ 621| 0| } 622| 0|#endif 623| 0| if (ssl_write_supported_groups_ext_flags != 0) { ------------------ | Branch (623:13): [True: 0, False: 0] ------------------ 624| 0| ret = ssl_write_supported_groups_ext(ssl, p, end, 625| 0| ssl_write_supported_groups_ext_flags, 626| 0| &output_len); 627| 0| if (ret != 0) { ------------------ | Branch (627:17): [True: 0, False: 0] ------------------ 628| 0| return ret; 629| 0| } 630| 0| p += output_len; 631| 0| } 632| 0| } 633| 0|#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC || 634| | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ 635| | 636| 0|#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 637| 0| int write_sig_alg_ext = 0; 638| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 639| 0| write_sig_alg_ext = write_sig_alg_ext || ------------------ | Branch (639:25): [True: 0, False: 0] ------------------ 640| 0| (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl)); ------------------ | Branch (640:26): [True: 0, False: 0] | Branch (640:43): [True: 0, False: 0] ------------------ 641| 0|#endif 642| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 643| 0| write_sig_alg_ext = write_sig_alg_ext || propose_tls12; ------------------ | Branch (643:25): [True: 0, False: 0] | Branch (643:46): [True: 0, False: 0] ------------------ 644| 0|#endif 645| | 646| 0| if (write_sig_alg_ext) { ------------------ | Branch (646:9): [True: 0, False: 0] ------------------ 647| 0| ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); 648| 0| if (ret != 0) { ------------------ | Branch (648:13): [True: 0, False: 0] ------------------ 649| 0| return ret; 650| 0| } 651| 0| p += output_len; 652| 0| } 653| 0|#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 654| | 655| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 656| 0| if (propose_tls12) { ------------------ | Branch (656:9): [True: 0, False: 0] ------------------ 657| 0| ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end, 658| 0| tls12_uses_ec, 659| 0| &output_len); 660| 0| if (ret != 0) { ------------------ | Branch (660:13): [True: 0, False: 0] ------------------ 661| 0| return ret; 662| 0| } 663| 0| p += output_len; 664| 0| } 665| 0|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 666| | 667| 0|#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) 668| | /* The "pre_shared_key" extension (RFC 8446 Section 4.2.11) 669| | * MUST be the last extension in the ClientHello. 670| | */ 671| 0| if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { ------------------ | Branch (671:9): [True: 0, False: 0] | Branch (671:26): [True: 0, False: 0] ------------------ 672| 0| ret = mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( 673| 0| ssl, p, end, &output_len, binders_len); 674| 0| if (ret != 0) { ------------------ | Branch (674:13): [True: 0, False: 0] ------------------ 675| 0| return ret; 676| 0| } 677| 0| p += output_len; 678| 0| } 679| 0|#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ 680| | 681| | /* Write the length of the list of extensions. */ 682| 0| extensions_len = (size_t) (p - p_extensions_len) - 2; 683| | 684| 0| if (extensions_len == 0) { ------------------ | Branch (684:9): [True: 0, False: 0] ------------------ 685| 0| p = p_extensions_len; 686| 0| } else { 687| 0| MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); ------------------ | | 537| 0| { \ | | 538| 0| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 0|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 0| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 0| else \ | | 543| 0| { \ | | 544| 0| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 0|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 0| } \ | | 546| 0| } ------------------ 688| 0| MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, total extension length: %" \ ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 689| 0| MBEDTLS_PRINTF_SIZET, extensions_len)); 690| 0| MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ------------------ | | 33| 0| mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) ------------------ 691| 0| p_extensions_len, extensions_len); 692| 0| } 693| | 694| 0| *out_len = (size_t) (p - buf); 695| 0| return 0; 696| 0|} ssl_client.c:ssl_write_client_hello_cipher_suites: 323| 16|{ 324| 16| unsigned char *p = buf; 325| 16| const int *ciphersuite_list; 326| 16| unsigned char *cipher_suites; /* Start of the cipher_suites list */ 327| 16| size_t cipher_suites_len; 328| | 329| 16| *tls12_uses_ec = 0; 330| 16| *out_len = 0; 331| | 332| | /* 333| | * Ciphersuite list 334| | * 335| | * This is a list of the symmetric cipher options supported by 336| | * the client, specifically the record protection algorithm 337| | * ( including secret key length ) and a hash to be used with 338| | * HKDF, in descending order of client preference. 339| | */ 340| 16| ciphersuite_list = ssl->conf->ciphersuite_list; 341| | 342| | /* Check there is space for the cipher suite list length (2 bytes). */ 343| 16| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); ------------------ | | 545| 16| do { \ | | 546| 16| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 16] | | ------------------ | | 547| 16| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 16| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 344| 16| p += 2; 345| | 346| | /* Write cipher_suites 347| | * CipherSuite cipher_suites<2..2^16-2>; 348| | */ 349| 16| cipher_suites = p; 350| 3.05k| for (size_t i = 0; ciphersuite_list[i] != 0; i++) { ------------------ | Branch (350:24): [True: 3.04k, False: 16] ------------------ 351| 3.04k| int cipher_suite = ciphersuite_list[i]; 352| 3.04k| const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 353| | 354| 3.04k| ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite); 355| | 356| 3.04k| if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, ------------------ | Branch (356:13): [True: 756, False: 2.28k] ------------------ 357| 3.04k| ssl->handshake->min_tls_version, 358| 3.04k| ssl->tls_version) != 0) { 359| 756| continue; 360| 756| } 361| | 362| 2.28k|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 363| 2.28k| (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ 364| 2.28k| defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ 365| 2.28k| defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) 366| 2.28k| *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); 367| 2.28k|#endif 368| | 369| 2.28k| MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, add ciphersuite: %04x, %s", ------------------ | | 26| 2.28k| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 2.28k| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 2.28k|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 370| 2.28k| (unsigned int) cipher_suite, 371| 2.28k| ciphersuite_info->name)); 372| | 373| | /* Check there is space for the cipher suite identifier (2 bytes). */ 374| 2.28k| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); ------------------ | | 545| 2.28k| do { \ | | 546| 2.28k| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 2.28k] | | ------------------ | | 547| 2.28k| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 2.28k| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 375| 2.28k| MBEDTLS_PUT_UINT16_BE(cipher_suite, p, 0); ------------------ | | 537| 2.28k| { \ | | 538| 2.28k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.28k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 2.28k| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 2.28k| else \ | | 543| 2.28k| { \ | | 544| 2.28k| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 2.28k|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 2.28k| } \ | | 546| 2.28k| } ------------------ 376| 2.28k| p += 2; 377| 2.28k| } 378| | 379| | /* 380| | * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV 381| | */ 382| 16| int renegotiating = 0; 383| 16|#if defined(MBEDTLS_SSL_RENEGOTIATION) 384| 16| renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); ------------------ | | 61| 16|#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 ------------------ 385| 16|#endif 386| 16| if (!renegotiating) { ------------------ | Branch (386:9): [True: 16, False: 0] ------------------ 387| 16| MBEDTLS_SSL_DEBUG_MSG(3, ("adding EMPTY_RENEGOTIATION_INFO_SCSV")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 388| 16| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); ------------------ | | 545| 16| do { \ | | 546| 16| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 16] | | ------------------ | | 547| 16| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 16| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 389| 16| MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0); ------------------ | | 537| 16| { \ | | 538| 16| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 16|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 16| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 16| else \ | | 543| 16| { \ | | 544| 16| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 16|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 16| } \ | | 546| 16| } ------------------ 390| 16| p += 2; 391| 16| } 392| | 393| | /* Write the cipher_suites length in number of bytes */ 394| 16| cipher_suites_len = (size_t) (p - cipher_suites); 395| 16| MBEDTLS_PUT_UINT16_BE(cipher_suites_len, buf, 0); ------------------ | | 537| 16| { \ | | 538| 16| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 16|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 16| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 16| else \ | | 543| 16| { \ | | 544| 16| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 16|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 16| } \ | | 546| 16| } ------------------ 396| 16| MBEDTLS_SSL_DEBUG_MSG(3, ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 397| 16| ("client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", 398| 16| cipher_suites_len/2)); 399| | 400| | /* Output the total length of cipher_suites field. */ 401| 16| *out_len = (size_t) (p - buf); 402| | 403| 16| return 0; 404| 16|} ssl_client.c:ssl_write_hostname_ext: 30| 16|{ 31| 16| unsigned char *p = buf; 32| 16| size_t hostname_len; 33| | 34| 16| *olen = 0; 35| | 36| 16| if (ssl->hostname == NULL) { ------------------ | Branch (36:9): [True: 10, False: 6] ------------------ 37| 10| return 0; 38| 10| } 39| | 40| 6| MBEDTLS_SSL_DEBUG_MSG(3, ------------------ | | 26| 6| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 6| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 6|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 41| 6| ("client hello, adding server name extension: %s", 42| 6| ssl->hostname)); 43| | 44| 6| hostname_len = strlen(ssl->hostname); 45| | 46| 6| MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9); ------------------ | | 545| 6| do { \ | | 546| 6| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 6] | | ------------------ | | 547| 6| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 6| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 47| | 48| | /* 49| | * Sect. 3, RFC 6066 (TLS Extensions Definitions) 50| | * 51| | * In order to provide any of the server names, clients MAY include an 52| | * extension of type "server_name" in the (extended) client hello. The 53| | * "extension_data" field of this extension SHALL contain 54| | * "ServerNameList" where: 55| | * 56| | * struct { 57| | * NameType name_type; 58| | * select (name_type) { 59| | * case host_name: HostName; 60| | * } name; 61| | * } ServerName; 62| | * 63| | * enum { 64| | * host_name(0), (255) 65| | * } NameType; 66| | * 67| | * opaque HostName<1..2^16-1>; 68| | * 69| | * struct { 70| | * ServerName server_name_list<1..2^16-1> 71| | * } ServerNameList; 72| | * 73| | */ 74| 6| MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SERVERNAME, p, 0); ------------------ | | 537| 6| { \ | | 538| 6| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 6|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 6| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 6| else \ | | 543| 6| { \ | | 544| 6| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 6|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 6| } \ | | 546| 6| } ------------------ 75| 6| p += 2; 76| | 77| 6| MBEDTLS_PUT_UINT16_BE(hostname_len + 5, p, 0); ------------------ | | 537| 6| { \ | | 538| 6| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 6|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 6| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 6| else \ | | 543| 6| { \ | | 544| 6| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 6|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 6| } \ | | 546| 6| } ------------------ 78| 6| p += 2; 79| | 80| 6| MBEDTLS_PUT_UINT16_BE(hostname_len + 3, p, 0); ------------------ | | 537| 6| { \ | | 538| 6| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 6|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 6| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 6| else \ | | 543| 6| { \ | | 544| 6| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 6|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 6| } \ | | 546| 6| } ------------------ 81| 6| p += 2; 82| | 83| 6| *p++ = MBEDTLS_BYTE_0(MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME); ------------------ | | 268| 6|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 84| | 85| 6| MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); ------------------ | | 537| 6| { \ | | 538| 6| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 6|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 6| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 6| else \ | | 543| 6| { \ | | 544| 6| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 6|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 6| } \ | | 546| 6| } ------------------ 86| 6| p += 2; 87| | 88| 6| memcpy(p, ssl->hostname, hostname_len); 89| | 90| 6| *olen = hostname_len + 9; 91| | 92| 6|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 93| 6| mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME); ------------------ | | 583| 6|#define MBEDTLS_TLS_EXT_SERVERNAME 0 ------------------ 94| 6|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 95| 6| return 0; 96| 6|} ssl_client.c:ssl_write_alpn_ext: 118| 16|{ 119| 16| unsigned char *p = buf; 120| | 121| 16| *out_len = 0; 122| | 123| 16| if (ssl->conf->alpn_list == NULL) { ------------------ | Branch (123:9): [True: 4, False: 12] ------------------ 124| 4| return 0; 125| 4| } 126| | 127| 12| MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding alpn extension")); ------------------ | | 26| 12| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 12| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 12|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 128| | 129| | 130| | /* Check we have enough space for the extension type (2 bytes), the 131| | * extension length (2 bytes) and the protocol_name_list length (2 bytes). 132| | */ 133| 12| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); ------------------ | | 545| 12| do { \ | | 546| 12| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 12] | | ------------------ | | 547| 12| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 12| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 134| 12| MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0); ------------------ | | 537| 12| { \ | | 538| 12| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 12|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 12| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 12| else \ | | 543| 12| { \ | | 544| 12| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 12|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 12| } \ | | 546| 12| } ------------------ 135| | /* Skip writing extension and list length for now */ 136| 12| p += 6; 137| | 138| | /* 139| | * opaque ProtocolName<1..2^8-1>; 140| | * 141| | * struct { 142| | * ProtocolName protocol_name_list<2..2^16-1> 143| | * } ProtocolNameList; 144| | */ 145| 36| for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { ------------------ | Branch (145:51): [True: 24, False: 12] ------------------ 146| | /* 147| | * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of 148| | * protocol names is less than 255. 149| | */ 150| 24| size_t protocol_name_len = strlen(*cur); 151| | 152| 24| MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + protocol_name_len); ------------------ | | 545| 24| do { \ | | 546| 24| if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ | | ------------------ | | | Branch (546:13): [True: 0, False: 24] | | ------------------ | | 547| 24| { \ | | 548| 0| return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ | | ------------------ | | | | 133| 0|#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 | | ------------------ | | 549| 0| } \ | | 550| 24| } while (0) | | ------------------ | | | Branch (550:14): [Folded - Ignored] | | ------------------ ------------------ 153| 24| *p++ = (unsigned char) protocol_name_len; 154| 24| memcpy(p, *cur, protocol_name_len); 155| 24| p += protocol_name_len; 156| 24| } 157| | 158| 12| *out_len = (size_t) (p - buf); 159| | 160| | /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ 161| 12| MBEDTLS_PUT_UINT16_BE(*out_len - 6, buf, 4); ------------------ | | 537| 12| { \ | | 538| 12| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 12|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 12| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 12| else \ | | 543| 12| { \ | | 544| 12| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 12|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 12| } \ | | 546| 12| } ------------------ 162| | 163| | /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */ 164| 12| MBEDTLS_PUT_UINT16_BE(*out_len - 4, buf, 2); ------------------ | | 537| 12| { \ | | 538| 12| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 12|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 12| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 12| else \ | | 543| 12| { \ | | 544| 12| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 12|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 12| } \ | | 546| 12| } ------------------ 165| | 166| 12|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 167| 12| mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); ------------------ | | 598| 12|#define MBEDTLS_TLS_EXT_ALPN 16 ------------------ 168| 12|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 169| 12| return 0; 170| 12|} ssl_tls.c:mbedtls_ssl_conf_is_tls13_only: 1883| 16|{ 1884| 16| return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && ------------------ | Branch (1884:12): [True: 0, False: 16] ------------------ 1885| 16| conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3; ------------------ | Branch (1885:12): [True: 0, False: 0] ------------------ 1886| 16|} ssl_tls.c:mbedtls_ssl_conf_is_hybrid_tls12_tls13: 1923| 16|{ 1924| 16| return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && ------------------ | Branch (1924:12): [True: 16, False: 0] ------------------ 1925| 16| conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3; ------------------ | Branch (1925:12): [True: 16, False: 0] ------------------ 1926| 16|} ssl_tls.c:mbedtls_ssl_get_input_buflen: 472| 16|{ 473| 16|#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 474| 16| return mbedtls_ssl_get_input_max_frag_len(ctx) 475| 16| + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD ------------------ | | 389| 16|#define MBEDTLS_SSL_HEADER_LEN 13 ------------------ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD ------------------ | | 316| 16|#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ | | ------------------ | | | | 220| 16|#define MBEDTLS_MAX_IV_LENGTH 16 | | ------------------ | | 317| 16| MBEDTLS_SSL_MAC_ADD + \ | | ------------------ | | | | 293| 16|#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ | | ------------------ | | 318| 16| MBEDTLS_SSL_PADDING_ADD + \ | | ------------------ | | | | 305| 16|#define MBEDTLS_SSL_PADDING_ADD 256 | | ------------------ | | 319| 16| MBEDTLS_SSL_MAX_CID_EXPANSION \ | | ------------------ | | | | 311| 16|#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY | | | | ------------------ | | | | | | 423| 16|#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 | | | | ------------------ | | ------------------ | | 320| 16| ) ------------------ 476| 16| + MBEDTLS_SSL_CID_IN_LEN_MAX; ------------------ | | 415| 16|#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 ------------------ 477| |#else 478| | return mbedtls_ssl_get_input_max_frag_len(ctx) 479| | + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; 480| |#endif 481| 16|} ssl_tls.c:mbedtls_ssl_get_output_buflen: 460| 16|{ 461| 16|#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 462| 16| return mbedtls_ssl_get_output_max_frag_len(ctx) 463| 16| + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD ------------------ | | 389| 16|#define MBEDTLS_SSL_HEADER_LEN 13 ------------------ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD ------------------ | | 316| 16|#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ | | ------------------ | | | | 220| 16|#define MBEDTLS_MAX_IV_LENGTH 16 | | ------------------ | | 317| 16| MBEDTLS_SSL_MAC_ADD + \ | | ------------------ | | | | 293| 16|#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ | | ------------------ | | 318| 16| MBEDTLS_SSL_PADDING_ADD + \ | | ------------------ | | | | 305| 16|#define MBEDTLS_SSL_PADDING_ADD 256 | | ------------------ | | 319| 16| MBEDTLS_SSL_MAX_CID_EXPANSION \ | | ------------------ | | | | 311| 16|#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY | | | | ------------------ | | | | | | 423| 16|#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 | | | | ------------------ | | ------------------ | | 320| 16| ) ------------------ 464| 16| + MBEDTLS_SSL_CID_OUT_LEN_MAX; ------------------ | | 419| 16|#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 ------------------ 465| |#else 466| | return mbedtls_ssl_get_output_max_frag_len(ctx) 467| | + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; 468| |#endif 469| 16|} ssl_tls.c:mbedtls_ssl_conf_is_tls12_only: 1892| 48|{ 1893| 48| return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && ------------------ | Branch (1893:12): [True: 48, False: 0] ------------------ 1894| 48| conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2; ------------------ | Branch (1894:12): [True: 0, False: 48] ------------------ 1895| 48|} ssl_client.c:mbedtls_ssl_chk_buf_ptr: 525| 2.43k|{ 526| 2.43k| if ((cur > end) || (need > (size_t) (end - cur))) { ------------------ | Branch (526:9): [True: 0, False: 2.43k] | Branch (526:24): [True: 0, False: 2.43k] ------------------ 527| 0| mbedtls_ssl_set_chk_buf_ptr_fail_args(cur, end, need); 528| 0| return 1; 529| 0| } 530| 2.43k| return 0; 531| 2.43k|} ssl_client.c:mbedtls_ssl_tls13_set_hs_sent_ext_mask: 2093| 18|{ 2094| 18| ssl->handshake->sent_extensions |= 2095| 18| mbedtls_ssl_get_extension_mask(extension_type); 2096| 18|} mbedtls_ssl_flush_output: 2349| 32|{ 2350| 32| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 32|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2351| 32| unsigned char *buf; 2352| | 2353| 32| MBEDTLS_SSL_DEBUG_MSG(2, ("=> flush output")); ------------------ | | 26| 32| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 32| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 32|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 2354| | 2355| 32| if (ssl->f_send == NULL) { ------------------ | Branch (2355:9): [True: 0, False: 32] ------------------ 2356| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() ")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 2357| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 2358| 0| } 2359| | 2360| | /* Avoid incrementing counter if data is flushed */ 2361| 32| if (ssl->out_left == 0) { ------------------ | Branch (2361:9): [True: 32, False: 0] ------------------ 2362| 32| MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); ------------------ | | 26| 32| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 32| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 32|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 2363| 32| return 0; 2364| 32| } 2365| | 2366| 0| while (ssl->out_left > 0) { ------------------ | Branch (2366:12): [True: 0, False: 0] ------------------ 2367| 0| MBEDTLS_SSL_DEBUG_MSG(2, ("message length: %" MBEDTLS_PRINTF_SIZET ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 2368| 0| ", out_left: %" MBEDTLS_PRINTF_SIZET, 2369| 0| mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left)); 2370| | 2371| 0| buf = ssl->out_hdr - ssl->out_left; 2372| 0| ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left); 2373| | 2374| 0| MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 2375| | 2376| 0| if (ret <= 0) { ------------------ | Branch (2376:13): [True: 0, False: 0] ------------------ 2377| 0| return ret; 2378| 0| } 2379| | 2380| 0| if ((size_t) ret > ssl->out_left) { ------------------ | Branch (2380:13): [True: 0, False: 0] ------------------ 2381| 0| MBEDTLS_SSL_DEBUG_MSG(1, ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 2382| 0| ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET 2383| 0| " bytes were sent", 2384| 0| ret, ssl->out_left)); 2385| 0| return MBEDTLS_ERR_SSL_INTERNAL_ERROR; ------------------ | | 125| 0|#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 ------------------ 2386| 0| } 2387| | 2388| 0| ssl->out_left -= ret; 2389| 0| } 2390| | 2391| 0|#if defined(MBEDTLS_SSL_PROTO_DTLS) 2392| 0| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 0|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (2392:9): [True: 0, False: 0] ------------------ 2393| 0| ssl->out_hdr = ssl->out_buf; 2394| 0| } else 2395| 0|#endif 2396| 0| { 2397| 0| ssl->out_hdr = ssl->out_buf + 8; 2398| 0| } 2399| 0| mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); 2400| | 2401| 0| MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 2402| | 2403| 0| return 0; 2404| 0|} mbedtls_ssl_flight_free: 2460| 16|{ 2461| 16| mbedtls_ssl_flight_item *cur = flight; 2462| 16| mbedtls_ssl_flight_item *next; 2463| | 2464| 16| while (cur != NULL) { ------------------ | Branch (2464:12): [True: 0, False: 16] ------------------ 2465| 0| next = cur->next; 2466| | 2467| 0| mbedtls_free(cur->p); 2468| 0| mbedtls_free(cur); 2469| | 2470| 0| cur = next; 2471| 0| } 2472| 16|} mbedtls_ssl_start_handshake_msg: 2736| 16|{ 2737| | /* 2738| | * Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 ) 2739| | * ... 2740| | * HandshakeType msg_type; 2741| | * uint24 length; 2742| | * ... 2743| | */ 2744| 16| *buf = ssl->out_msg + 4; 2745| 16| *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; ------------------ | | 400| 16|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 ------------------ 2746| | 2747| 16| ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ------------------ | | 525| 16|#define MBEDTLS_SSL_MSG_HANDSHAKE 22 ------------------ 2748| 16| ssl->out_msg[0] = hs_type; 2749| | 2750| 16| return 0; 2751| 16|} mbedtls_ssl_update_out_pointers: 5274| 16|{ 5275| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 5276| 16| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (5276:9): [True: 0, False: 16] ------------------ 5277| 0| ssl->out_ctr = ssl->out_hdr + 3; 5278| 0|#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 5279| 0| ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; ------------------ | | 694| 0|#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 ------------------ 5280| 0| ssl->out_len = ssl->out_cid; 5281| 0| if (transform != NULL) { ------------------ | Branch (5281:13): [True: 0, False: 0] ------------------ 5282| 0| ssl->out_len += transform->out_cid_len; 5283| 0| } 5284| |#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 5285| | ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; 5286| |#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 5287| 0| ssl->out_iv = ssl->out_len + 2; 5288| 0| } else 5289| 16|#endif 5290| 16| { 5291| 16| ssl->out_len = ssl->out_hdr + 3; 5292| 16|#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 5293| 16| ssl->out_cid = ssl->out_len; 5294| 16|#endif 5295| 16| ssl->out_iv = ssl->out_hdr + 5; 5296| 16| } 5297| | 5298| 16| ssl->out_msg = ssl->out_iv; 5299| | /* Adjust out_msg to make space for explicit IV, if used. */ 5300| 16| if (transform != NULL) { ------------------ | Branch (5300:9): [True: 0, False: 16] ------------------ 5301| 0| ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); 5302| 0| } 5303| 16|} mbedtls_ssl_update_in_pointers: 5314| 16|{ 5315| | /* This function sets the pointers to match the case 5316| | * of unprotected TLS/DTLS records, with both ssl->in_iv 5317| | * and ssl->in_msg pointing to the beginning of the record 5318| | * content. 5319| | * 5320| | * When decrypting a protected record, ssl->in_msg 5321| | * will be shifted to point to the beginning of the 5322| | * record plaintext. 5323| | */ 5324| | 5325| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 5326| 16| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (5326:9): [True: 0, False: 16] ------------------ 5327| | /* This sets the header pointers to match records 5328| | * without CID. When we receive a record containing 5329| | * a CID, the fields are shifted accordingly in 5330| | * ssl_parse_record_header(). */ 5331| 0| ssl->in_ctr = ssl->in_hdr + 3; 5332| 0|#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 5333| 0| ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; ------------------ | | 694| 0|#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 ------------------ 5334| 0| ssl->in_len = ssl->in_cid; /* Default: no CID */ 5335| |#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 5336| | ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; 5337| |#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 5338| 0| ssl->in_iv = ssl->in_len + 2; 5339| 0| } else 5340| 16|#endif 5341| 16| { 5342| 16| ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; ------------------ | | 694| 16|#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 ------------------ 5343| 16| ssl->in_len = ssl->in_hdr + 3; 5344| 16|#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 5345| 16| ssl->in_cid = ssl->in_len; 5346| 16|#endif 5347| 16| ssl->in_iv = ssl->in_hdr + 5; 5348| 16| } 5349| | 5350| | /* This will be adjusted at record decryption time. */ 5351| 16| ssl->in_msg = ssl->in_iv; 5352| 16|} mbedtls_ssl_reset_in_out_pointers: 5359| 16|{ 5360| | /* Set the incoming and outgoing record pointers. */ 5361| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 5362| 16| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (5362:9): [True: 0, False: 16] ------------------ 5363| 0| ssl->out_hdr = ssl->out_buf; 5364| 0| ssl->in_hdr = ssl->in_buf; 5365| 0| } else 5366| 16|#endif /* MBEDTLS_SSL_PROTO_DTLS */ 5367| 16| { 5368| 16| ssl->out_ctr = ssl->out_buf; 5369| 16| ssl->out_hdr = ssl->out_buf + 8; 5370| 16| ssl->in_hdr = ssl->in_buf + 8; 5371| 16| } 5372| | 5373| | /* Derive other internal pointers. */ 5374| 16| mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); 5375| 16| mbedtls_ssl_update_in_pointers(ssl); 5376| 16|} mbedtls_ssl_transform_free: 6207| 64|{ 6208| 64| if (transform == NULL) { ------------------ | Branch (6208:9): [True: 48, False: 16] ------------------ 6209| 48| return; 6210| 48| } 6211| | 6212| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 6213| | psa_destroy_key(transform->psa_key_enc); 6214| | psa_destroy_key(transform->psa_key_dec); 6215| |#else 6216| 16| mbedtls_cipher_free(&transform->cipher_ctx_enc); 6217| 16| mbedtls_cipher_free(&transform->cipher_ctx_dec); 6218| 16|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 6219| | 6220| 16|#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 6221| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 6222| | psa_destroy_key(transform->psa_mac_enc); 6223| | psa_destroy_key(transform->psa_mac_dec); 6224| |#else 6225| 16| mbedtls_md_free(&transform->md_ctx_enc); 6226| 16| mbedtls_md_free(&transform->md_ctx_dec); 6227| 16|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 6228| 16|#endif 6229| | 6230| 16| mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); 6231| 16|} mbedtls_ssl_buffering_free: 6250| 16|{ 6251| 16| unsigned offset; 6252| 16| mbedtls_ssl_handshake_params * const hs = ssl->handshake; 6253| | 6254| 16| if (hs == NULL) { ------------------ | Branch (6254:9): [True: 0, False: 16] ------------------ 6255| 0| return; 6256| 0| } 6257| | 6258| 16| ssl_free_buffered_record(ssl); 6259| | 6260| 80| for (offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { ------------------ | | 329| 80|#define MBEDTLS_SSL_MAX_BUFFERED_HS 4 ------------------ | Branch (6260:22): [True: 64, False: 16] ------------------ 6261| 64| ssl_buffering_free_slot(ssl, offset); 6262| 64| } 6263| 16|} mbedtls_ssl_write_version: 6295| 16|{ 6296| 16| uint16_t tls_version_formatted; 6297| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 6298| 16| if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (6298:9): [True: 0, False: 16] ------------------ 6299| 0| tls_version_formatted = 6300| 0| ~(tls_version - (tls_version == 0x0302 ? 0x0202 : 0x0201)); ------------------ | Branch (6300:30): [True: 0, False: 0] ------------------ 6301| 0| } else 6302| |#else 6303| | ((void) transport); 6304| |#endif 6305| 16| { 6306| 16| tls_version_formatted = (uint16_t) tls_version; 6307| 16| } 6308| 16| MBEDTLS_PUT_UINT16_BE(tls_version_formatted, version, 0); ------------------ | | 537| 16| { \ | | 538| 16| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 16|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 539| 16| { \ | | 540| 0| mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ | | 541| 0| } \ | | 542| 16| else \ | | 543| 16| { \ | | 544| 16| mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ | | ------------------ | | | | 295| 16|#define MBEDTLS_BSWAP16 __builtin_bswap16 | | ------------------ | | 545| 16| } \ | | 546| 16| } ------------------ 6309| 16|} mbedtls_ssl_handle_pending_alert: 6333| 32|{ 6334| 32| int ret; 6335| | 6336| | /* No pending alert, return success*/ 6337| 32| if (ssl->send_alert == 0) { ------------------ | Branch (6337:9): [True: 32, False: 0] ------------------ 6338| 32| return 0; 6339| 32| } 6340| | 6341| 0| ret = mbedtls_ssl_send_alert_message(ssl, 6342| 0| MBEDTLS_SSL_ALERT_LEVEL_FATAL, ------------------ | | 530| 0|#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2 ------------------ 6343| 0| ssl->alert_type); 6344| | 6345| | /* If mbedtls_ssl_send_alert_message() returned with MBEDTLS_ERR_SSL_WANT_WRITE, 6346| | * do not clear the alert to be able to send it later. 6347| | */ 6348| 0| if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) { ------------------ | | 138| 0|#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 ------------------ | Branch (6348:9): [True: 0, False: 0] ------------------ 6349| 0| ssl->send_alert = 0; 6350| 0| } 6351| | 6352| 0| if (ret != 0) { ------------------ | Branch (6352:9): [True: 0, False: 0] ------------------ 6353| 0| return ret; 6354| 0| } 6355| | 6356| 0| return ssl->alert_reason; 6357| 0|} ssl_msg.c:ssl_free_buffered_record: 4702| 16|{ 4703| 16| mbedtls_ssl_handshake_params * const hs = ssl->handshake; 4704| 16| if (hs == NULL) { ------------------ | Branch (4704:9): [True: 0, False: 16] ------------------ 4705| 0| return; 4706| 0| } 4707| | 4708| 16| if (hs->buffering.future_record.data != NULL) { ------------------ | Branch (4708:9): [True: 0, False: 16] ------------------ 4709| 0| hs->buffering.total_bytes_buffered -= 4710| 0| hs->buffering.future_record.len; 4711| | 4712| 0| mbedtls_free(hs->buffering.future_record.data); 4713| 0| hs->buffering.future_record.data = NULL; 4714| 0| } 4715| 16|} ssl_msg.c:ssl_buffering_free_slot: 6267| 64|{ 6268| 64| mbedtls_ssl_handshake_params * const hs = ssl->handshake; 6269| 64| mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot]; 6270| | 6271| 64| if (slot >= MBEDTLS_SSL_MAX_BUFFERED_HS) { ------------------ | | 329| 64|#define MBEDTLS_SSL_MAX_BUFFERED_HS 4 ------------------ | Branch (6271:9): [True: 0, False: 64] ------------------ 6272| 0| return; 6273| 0| } 6274| | 6275| 64| if (hs_buf->is_valid == 1) { ------------------ | Branch (6275:9): [True: 0, False: 64] ------------------ 6276| 0| hs->buffering.total_bytes_buffered -= hs_buf->data_len; 6277| 0| mbedtls_zeroize_and_free(hs_buf->data, hs_buf->data_len); 6278| 0| memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); 6279| 0| } 6280| 64|} mbedtls_ssl_get_extension_id: 516| 18|{ 517| 18| switch (extension_type) { ------------------ | Branch (517:13): [True: 0, False: 18] ------------------ 518| 6| case MBEDTLS_TLS_EXT_SERVERNAME: ------------------ | | 583| 6|#define MBEDTLS_TLS_EXT_SERVERNAME 0 ------------------ | Branch (518:9): [True: 6, False: 12] ------------------ 519| 6| return MBEDTLS_SSL_EXT_ID_SERVERNAME; ------------------ | | 73| 6|#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1 ------------------ 520| | 521| 0| case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: ------------------ | | 586| 0|#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 ------------------ | Branch (521:9): [True: 0, False: 18] ------------------ 522| 0| return MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH; ------------------ | | 75| 0|#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2 ------------------ 523| | 524| 0| case MBEDTLS_TLS_EXT_STATUS_REQUEST: ------------------ | | 589| 0|#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.2 and 1.3 */ ------------------ | Branch (524:9): [True: 0, False: 18] ------------------ 525| 0| return MBEDTLS_SSL_EXT_ID_STATUS_REQUEST; ------------------ | | 76| 0|#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3 ------------------ 526| | 527| 0| case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: ------------------ | | 592| 0|#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.2 and 1.3 */ ------------------ | Branch (527:9): [True: 0, False: 18] ------------------ 528| 0| return MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS; ------------------ | | 77| 0|#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4 ------------------ 529| | 530| 0| case MBEDTLS_TLS_EXT_SIG_ALG: ------------------ | | 595| 0|#define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (530:9): [True: 0, False: 18] ------------------ 531| 0| return MBEDTLS_SSL_EXT_ID_SIG_ALG; ------------------ | | 79| 0|#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5 ------------------ 532| | 533| 0| case MBEDTLS_TLS_EXT_USE_SRTP: ------------------ | | 596| 0|#define MBEDTLS_TLS_EXT_USE_SRTP 14 ------------------ | Branch (533:9): [True: 0, False: 18] ------------------ 534| 0| return MBEDTLS_SSL_EXT_ID_USE_SRTP; ------------------ | | 80| 0|#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6 ------------------ 535| | 536| 0| case MBEDTLS_TLS_EXT_HEARTBEAT: ------------------ | | 597| 0|#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.2 and 1.3 */ ------------------ | Branch (536:9): [True: 0, False: 18] ------------------ 537| 0| return MBEDTLS_SSL_EXT_ID_HEARTBEAT; ------------------ | | 81| 0|#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7 ------------------ 538| | 539| 12| case MBEDTLS_TLS_EXT_ALPN: ------------------ | | 598| 12|#define MBEDTLS_TLS_EXT_ALPN 16 ------------------ | Branch (539:9): [True: 12, False: 6] ------------------ 540| 12| return MBEDTLS_SSL_EXT_ID_ALPN; ------------------ | | 82| 12|#define MBEDTLS_SSL_EXT_ID_ALPN 8 ------------------ 541| | 542| 0| case MBEDTLS_TLS_EXT_SCT: ------------------ | | 600| 0|#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */ ------------------ | Branch (542:9): [True: 0, False: 18] ------------------ 543| 0| return MBEDTLS_SSL_EXT_ID_SCT; ------------------ | | 83| 0|#define MBEDTLS_SSL_EXT_ID_SCT 9 ------------------ 544| | 545| 0| case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: ------------------ | | 601| 0|#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.2 and 1.3 */ ------------------ | Branch (545:9): [True: 0, False: 18] ------------------ 546| 0| return MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE; ------------------ | | 84| 0|#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10 ------------------ 547| | 548| 0| case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: ------------------ | | 602| 0|#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.2 and 1.3 */ ------------------ | Branch (548:9): [True: 0, False: 18] ------------------ 549| 0| return MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE; ------------------ | | 85| 0|#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11 ------------------ 550| | 551| 0| case MBEDTLS_TLS_EXT_PADDING: ------------------ | | 603| 0|#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.2 and 1.3 */ ------------------ | Branch (551:9): [True: 0, False: 18] ------------------ 552| 0| return MBEDTLS_SSL_EXT_ID_PADDING; ------------------ | | 86| 0|#define MBEDTLS_SSL_EXT_ID_PADDING 12 ------------------ 553| | 554| 0| case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: ------------------ | | 611| 0|#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (554:9): [True: 0, False: 18] ------------------ 555| 0| return MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY; ------------------ | | 87| 0|#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13 ------------------ 556| | 557| 0| case MBEDTLS_TLS_EXT_EARLY_DATA: ------------------ | | 612| 0|#define MBEDTLS_TLS_EXT_EARLY_DATA 42 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (557:9): [True: 0, False: 18] ------------------ 558| 0| return MBEDTLS_SSL_EXT_ID_EARLY_DATA; ------------------ | | 88| 0|#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14 ------------------ 559| | 560| 0| case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: ------------------ | | 613| 0|#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (560:9): [True: 0, False: 18] ------------------ 561| 0| return MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS; ------------------ | | 89| 0|#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15 ------------------ 562| | 563| 0| case MBEDTLS_TLS_EXT_COOKIE: ------------------ | | 614| 0|#define MBEDTLS_TLS_EXT_COOKIE 44 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (563:9): [True: 0, False: 18] ------------------ 564| 0| return MBEDTLS_SSL_EXT_ID_COOKIE; ------------------ | | 90| 0|#define MBEDTLS_SSL_EXT_ID_COOKIE 16 ------------------ 565| | 566| 0| case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: ------------------ | | 615| 0|#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (566:9): [True: 0, False: 18] ------------------ 567| 0| return MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES; ------------------ | | 91| 0|#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17 ------------------ 568| | 569| 0| case MBEDTLS_TLS_EXT_CERT_AUTH: ------------------ | | 617| 0|#define MBEDTLS_TLS_EXT_CERT_AUTH 47 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (569:9): [True: 0, False: 18] ------------------ 570| 0| return MBEDTLS_SSL_EXT_ID_CERT_AUTH; ------------------ | | 92| 0|#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18 ------------------ 571| | 572| 0| case MBEDTLS_TLS_EXT_OID_FILTERS: ------------------ | | 618| 0|#define MBEDTLS_TLS_EXT_OID_FILTERS 48 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (572:9): [True: 0, False: 18] ------------------ 573| 0| return MBEDTLS_SSL_EXT_ID_OID_FILTERS; ------------------ | | 93| 0|#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19 ------------------ 574| | 575| 0| case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: ------------------ | | 619| 0|#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH 49 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (575:9): [True: 0, False: 18] ------------------ 576| 0| return MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH; ------------------ | | 94| 0|#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20 ------------------ 577| | 578| 0| case MBEDTLS_TLS_EXT_SIG_ALG_CERT: ------------------ | | 620| 0|#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (578:9): [True: 0, False: 18] ------------------ 579| 0| return MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT; ------------------ | | 95| 0|#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21 ------------------ 580| | 581| 0| case MBEDTLS_TLS_EXT_KEY_SHARE: ------------------ | | 621| 0|#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ ------------------ | Branch (581:9): [True: 0, False: 18] ------------------ 582| 0| return MBEDTLS_SSL_EXT_ID_KEY_SHARE; ------------------ | | 96| 0|#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22 ------------------ 583| | 584| 0| case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: ------------------ | | 588| 0|#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 ------------------ | Branch (584:9): [True: 0, False: 18] ------------------ 585| 0| return MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC; ------------------ | | 97| 0|#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23 ------------------ 586| | 587| 0| case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: ------------------ | | 593| 0|#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 ------------------ | Branch (587:9): [True: 0, False: 18] ------------------ 588| 0| return MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS; ------------------ | | 98| 0|#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24 ------------------ 589| | 590| 0| case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: ------------------ | | 604| 0|#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ ------------------ | Branch (590:9): [True: 0, False: 18] ------------------ 591| 0| return MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC; ------------------ | | 99| 0|#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25 ------------------ 592| | 593| 0| case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: ------------------ | | 605| 0|#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ ------------------ | Branch (593:9): [True: 0, False: 18] ------------------ 594| 0| return MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET; ------------------ | | 100| 0|#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26 ------------------ 595| | 596| 0| case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: ------------------ | | 607| 0|#define MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT 28 /* RFC 8449 (implemented for TLS 1.3 only) */ ------------------ | Branch (596:9): [True: 0, False: 18] ------------------ 597| 0| return MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT; ------------------ | | 102| 0|#define MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT 28 ------------------ 598| | 599| 0| case MBEDTLS_TLS_EXT_SESSION_TICKET: ------------------ | | 609| 0|#define MBEDTLS_TLS_EXT_SESSION_TICKET 35 ------------------ | Branch (599:9): [True: 0, False: 18] ------------------ 600| 0| return MBEDTLS_SSL_EXT_ID_SESSION_TICKET; ------------------ | | 101| 0|#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27 ------------------ 601| | 602| 18| } 603| | 604| 0| return MBEDTLS_SSL_EXT_ID_UNRECOGNIZED; ------------------ | | 72| 0|#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0 ------------------ 605| 18|} mbedtls_ssl_get_extension_mask: 608| 18|{ 609| 18| return 1 << mbedtls_ssl_get_extension_id(extension_type); 610| 18|} mbedtls_ssl_reset_checksum: 832| 16|{ 833| 16|#if defined(MBEDTLS_MD_CAN_SHA256) || \ 834| 16| defined(MBEDTLS_MD_CAN_SHA384) 835| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 836| | psa_status_t status; 837| |#else 838| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 839| 16|#endif 840| |#else /* SHA-256 or SHA-384 */ 841| | ((void) ssl); 842| |#endif /* SHA-256 or SHA-384 */ 843| 16|#if defined(MBEDTLS_MD_CAN_SHA256) 844| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 845| | status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); 846| | if (status != PSA_SUCCESS) { 847| | return mbedtls_md_error_from_psa(status); 848| | } 849| | status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); 850| | if (status != PSA_SUCCESS) { 851| | return mbedtls_md_error_from_psa(status); 852| | } 853| |#else 854| 16| mbedtls_md_free(&ssl->handshake->fin_sha256); 855| 16| mbedtls_md_init(&ssl->handshake->fin_sha256); 856| 16| ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, 857| 16| mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 858| 16| 0); 859| 16| if (ret != 0) { ------------------ | Branch (859:9): [True: 0, False: 16] ------------------ 860| 0| return ret; 861| 0| } 862| 16| ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); 863| 16| if (ret != 0) { ------------------ | Branch (863:9): [True: 0, False: 16] ------------------ 864| 0| return ret; 865| 0| } 866| 16|#endif 867| 16|#endif 868| 16|#if defined(MBEDTLS_MD_CAN_SHA384) 869| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 870| | status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); 871| | if (status != PSA_SUCCESS) { 872| | return mbedtls_md_error_from_psa(status); 873| | } 874| | status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); 875| | if (status != PSA_SUCCESS) { 876| | return mbedtls_md_error_from_psa(status); 877| | } 878| |#else 879| 16| mbedtls_md_free(&ssl->handshake->fin_sha384); 880| 16| mbedtls_md_init(&ssl->handshake->fin_sha384); 881| 16| ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, 882| 16| mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); 883| 16| if (ret != 0) { ------------------ | Branch (883:9): [True: 0, False: 16] ------------------ 884| 0| return ret; 885| 0| } 886| 16| ret = mbedtls_md_starts(&ssl->handshake->fin_sha384); 887| 16| if (ret != 0) { ------------------ | Branch (887:9): [True: 0, False: 16] ------------------ 888| 0| return ret; 889| 0| } 890| 16|#endif 891| 16|#endif 892| 16| return 0; 893| 16|} mbedtls_ssl_transform_init: 1021| 16|{ 1022| 16| memset(transform, 0, sizeof(mbedtls_ssl_transform)); 1023| | 1024| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 1025| | transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT; 1026| | transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT; 1027| |#else 1028| 16| mbedtls_cipher_init(&transform->cipher_ctx_enc); 1029| 16| mbedtls_cipher_init(&transform->cipher_ctx_dec); 1030| 16|#endif 1031| | 1032| 16|#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 1033| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 1034| | transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; 1035| | transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; 1036| |#else 1037| 16| mbedtls_md_init(&transform->md_ctx_enc); 1038| 16| mbedtls_md_init(&transform->md_ctx_dec); 1039| 16|#endif 1040| 16|#endif 1041| 16|} mbedtls_ssl_session_init: 1044| 16|{ 1045| 16| memset(session, 0, sizeof(mbedtls_ssl_session)); 1046| 16|} mbedtls_ssl_init: 1304| 16|{ 1305| 16| memset(ssl, 0, sizeof(mbedtls_ssl_context)); 1306| 16|} mbedtls_ssl_setup: 1373| 16|{ 1374| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1375| 16| size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; ------------------ | | 396| 16| ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \ | | ------------------ | | | | 389| 16|#define MBEDTLS_SSL_HEADER_LEN 13 | | ------------------ | | ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \ | | ------------------ | | | | 322| 16|#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ | | | | ------------------ | | | | | | 316| 16|#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ | | | | | | ------------------ | | | | | | | | 220| 16|#define MBEDTLS_MAX_IV_LENGTH 16 | | | | | | ------------------ | | | | | | 317| 16| MBEDTLS_SSL_MAC_ADD + \ | | | | | | ------------------ | | | | | | | | 293| 16|#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ | | | | | | ------------------ | | | | | | 318| 16| MBEDTLS_SSL_PADDING_ADD + \ | | | | | | ------------------ | | | | | | | | 305| 16|#define MBEDTLS_SSL_PADDING_ADD 256 | | | | | | ------------------ | | | | | | 319| 16| MBEDTLS_SSL_MAX_CID_EXPANSION \ | | | | | | ------------------ | | | | | | | | 311| 16|#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY | | | | | | | | ------------------ | | | | | | | | | | 423| 16|#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 320| 16| ) | | | | ------------------ | | | | 323| 16| (MBEDTLS_SSL_IN_CONTENT_LEN)) | | | | ------------------ | | | | | | 396| 16|#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 | | | | ------------------ | | ------------------ | | 397| 16| + (MBEDTLS_SSL_CID_IN_LEN_MAX)) | | ------------------ | | | | 415| 16|#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 | | ------------------ ------------------ 1376| 16| size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; ------------------ | | 405| 16| ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \ | | ------------------ | | | | 389| 16|#define MBEDTLS_SSL_HEADER_LEN 13 | | ------------------ | | ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \ | | ------------------ | | | | 325| 16|#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ | | | | ------------------ | | | | | | 316| 16|#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ | | | | | | ------------------ | | | | | | | | 220| 16|#define MBEDTLS_MAX_IV_LENGTH 16 | | | | | | ------------------ | | | | | | 317| 16| MBEDTLS_SSL_MAC_ADD + \ | | | | | | ------------------ | | | | | | | | 293| 16|#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ | | | | | | ------------------ | | | | | | 318| 16| MBEDTLS_SSL_PADDING_ADD + \ | | | | | | ------------------ | | | | | | | | 305| 16|#define MBEDTLS_SSL_PADDING_ADD 256 | | | | | | ------------------ | | | | | | 319| 16| MBEDTLS_SSL_MAX_CID_EXPANSION \ | | | | | | ------------------ | | | | | | | | 311| 16|#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY | | | | | | | | ------------------ | | | | | | | | | | 423| 16|#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 320| 16| ) | | | | ------------------ | | | | 326| 16| (MBEDTLS_SSL_OUT_CONTENT_LEN)) | | | | ------------------ | | | | | | 400| 16|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 | | | | ------------------ | | ------------------ | | 406| 16| + (MBEDTLS_SSL_CID_OUT_LEN_MAX)) | | ------------------ | | | | 419| 16|#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 | | ------------------ ------------------ 1377| | 1378| 16| ssl->conf = conf; 1379| | 1380| 16| if ((ret = ssl_conf_check(ssl)) != 0) { ------------------ | Branch (1380:9): [True: 0, False: 16] ------------------ 1381| 0| return ret; 1382| 0| } 1383| 16| ssl->tls_version = ssl->conf->max_tls_version; 1384| | 1385| | /* 1386| | * Prepare base structures 1387| | */ 1388| | 1389| | /* Set to NULL in case of an error condition */ 1390| 16| ssl->out_buf = NULL; 1391| | 1392| 16|#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 1393| 16| ssl->in_buf_len = in_buf_len; 1394| 16|#endif 1395| 16| ssl->in_buf = mbedtls_calloc(1, in_buf_len); 1396| 16| if (ssl->in_buf == NULL) { ------------------ | Branch (1396:9): [True: 0, False: 16] ------------------ 1397| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len)); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1398| 0| ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 1399| 0| goto error; 1400| 0| } 1401| | 1402| 16|#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 1403| 16| ssl->out_buf_len = out_buf_len; 1404| 16|#endif 1405| 16| ssl->out_buf = mbedtls_calloc(1, out_buf_len); 1406| 16| if (ssl->out_buf == NULL) { ------------------ | Branch (1406:9): [True: 0, False: 16] ------------------ 1407| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len)); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1408| 0| ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 1409| 0| goto error; 1410| 0| } 1411| | 1412| 16| mbedtls_ssl_reset_in_out_pointers(ssl); 1413| | 1414| 16|#if defined(MBEDTLS_SSL_DTLS_SRTP) 1415| 16| memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); 1416| 16|#endif 1417| | 1418| 16| if ((ret = ssl_handshake_init(ssl)) != 0) { ------------------ | Branch (1418:9): [True: 0, False: 16] ------------------ 1419| 0| goto error; 1420| 0| } 1421| | 1422| 16| return 0; 1423| | 1424| 0|error: 1425| 0| mbedtls_free(ssl->in_buf); 1426| 0| mbedtls_free(ssl->out_buf); 1427| | 1428| 0| ssl->conf = NULL; 1429| | 1430| 0|#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 1431| 0| ssl->in_buf_len = 0; 1432| 0| ssl->out_buf_len = 0; 1433| 0|#endif 1434| 0| ssl->in_buf = NULL; 1435| 0| ssl->out_buf = NULL; 1436| | 1437| 0| ssl->in_hdr = NULL; 1438| 0| ssl->in_ctr = NULL; 1439| 0| ssl->in_len = NULL; 1440| 0| ssl->in_iv = NULL; 1441| 0| ssl->in_msg = NULL; 1442| | 1443| 0| ssl->out_hdr = NULL; 1444| 0| ssl->out_ctr = NULL; 1445| 0| ssl->out_len = NULL; 1446| 0| ssl->out_iv = NULL; 1447| 0| ssl->out_msg = NULL; 1448| | 1449| 0| return ret; 1450| 16|} mbedtls_ssl_conf_endpoint: 1605| 16|{ 1606| 16| conf->endpoint = endpoint; 1607| 16|} mbedtls_ssl_conf_transport: 1610| 16|{ 1611| 16| conf->transport = transport; 1612| 16|} mbedtls_ssl_conf_authmode: 1643| 16|{ 1644| 16| conf->authmode = authmode; 1645| 16|} mbedtls_ssl_conf_rng: 1660| 16|{ 1661| 16| conf->f_rng = f_rng; 1662| 16| conf->p_rng = p_rng; 1663| 16|} mbedtls_ssl_set_bio: 1678| 16|{ 1679| 16| ssl->p_bio = p_bio; 1680| 16| ssl->f_send = f_send; 1681| 16| ssl->f_recv = f_recv; 1682| 16| ssl->f_recv_timeout = f_recv_timeout; 1683| 16|} mbedtls_ssl_conf_early_data: 1789| 16|{ 1790| 16| conf->early_data_enabled = early_data_enabled; 1791| 16|} mbedtls_ssl_conf_max_early_data_size: 1796| 16|{ 1797| 16| conf->max_early_data_size = max_early_data_size; 1798| 16|} mbedtls_ssl_conf_ca_chain: 1870| 8|{ 1871| 8| conf->ca_chain = ca_chain; 1872| 8| conf->ca_crl = ca_crl; 1873| | 1874| 8|#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 1875| | /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb() 1876| | * cannot be used together. */ 1877| 8| conf->f_ca_cb = NULL; 1878| 8| conf->p_ca_cb = NULL; 1879| 8|#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 1880| 8|} mbedtls_ssl_conf_has_static_psk: 2098| 1.19k|{ 2099| 1.19k| if (conf->psk_identity == NULL || ------------------ | Branch (2099:9): [True: 746, False: 444] ------------------ 2100| 1.19k| conf->psk_identity_len == 0) { ------------------ | Branch (2100:9): [True: 0, False: 444] ------------------ 2101| 746| return 0; 2102| 746| } 2103| | 2104| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 2105| | if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { 2106| | return 1; 2107| | } 2108| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 2109| | 2110| 444| if (conf->psk != NULL && conf->psk_len != 0) { ------------------ | Branch (2110:9): [True: 444, False: 0] | Branch (2110:30): [True: 444, False: 0] ------------------ 2111| 444| return 1; 2112| 444| } 2113| | 2114| 0| return 0; 2115| 444|} mbedtls_ssl_conf_psk: 2172| 6|{ 2173| 6| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2174| | 2175| | /* We currently only support one PSK, raw or opaque. */ 2176| 6| if (mbedtls_ssl_conf_has_static_psk(conf)) { ------------------ | Branch (2176:9): [True: 0, False: 6] ------------------ 2177| 0| return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; ------------------ | | 49| 0|#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 ------------------ 2178| 0| } 2179| | 2180| | /* Check and set raw PSK */ 2181| 6| if (psk == NULL) { ------------------ | Branch (2181:9): [True: 0, False: 6] ------------------ 2182| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 2183| 0| } 2184| 6| if (psk_len == 0) { ------------------ | Branch (2184:9): [True: 0, False: 6] ------------------ 2185| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 2186| 0| } 2187| 6| if (psk_len > MBEDTLS_PSK_MAX_LEN) { ------------------ | | 648| 6|#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ ------------------ | Branch (2187:9): [True: 0, False: 6] ------------------ 2188| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 2189| 0| } 2190| | 2191| 6| if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) { ------------------ | Branch (2191:9): [True: 0, False: 6] ------------------ 2192| 0| return MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 2193| 0| } 2194| 6| conf->psk_len = psk_len; 2195| 6| memcpy(conf->psk, psk, conf->psk_len); 2196| | 2197| | /* Check and set PSK Identity */ 2198| 6| ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len); 2199| 6| if (ret != 0) { ------------------ | Branch (2199:9): [True: 0, False: 6] ------------------ 2200| 0| ssl_conf_remove_psk(conf); 2201| 0| } 2202| | 2203| 6| return ret; 2204| 6|} mbedtls_ssl_set_hostname: 2761| 6|{ 2762| | /* Initialize to suppress unnecessary compiler warning */ 2763| 6| size_t hostname_len = 0; 2764| | 2765| | /* Check if new hostname is valid before 2766| | * making any change to current one */ 2767| 6| if (hostname != NULL) { ------------------ | Branch (2767:9): [True: 6, False: 0] ------------------ 2768| 6| hostname_len = strlen(hostname); 2769| | 2770| 6| if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) { ------------------ | | 268| 6|#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ ------------------ | Branch (2770:13): [True: 0, False: 6] ------------------ 2771| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 2772| 0| } 2773| 6| } 2774| | 2775| | /* Now it's clear that we will overwrite the old hostname, 2776| | * so we can free it safely */ 2777| | 2778| 6| if (ssl->hostname != NULL) { ------------------ | Branch (2778:9): [True: 0, False: 6] ------------------ 2779| 0| mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); 2780| 0| } 2781| | 2782| | /* Passing NULL as hostname shall clear the old one */ 2783| | 2784| 6| if (hostname == NULL) { ------------------ | Branch (2784:9): [True: 0, False: 6] ------------------ 2785| 0| ssl->hostname = NULL; 2786| 6| } else { 2787| 6| ssl->hostname = mbedtls_calloc(1, hostname_len + 1); 2788| 6| if (ssl->hostname == NULL) { ------------------ | Branch (2788:13): [True: 0, False: 6] ------------------ 2789| 0| return MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 2790| 0| } 2791| | 2792| 6| memcpy(ssl->hostname, hostname, hostname_len); 2793| | 2794| 6| ssl->hostname[hostname_len] = '\0'; 2795| 6| } 2796| | 2797| 6| return 0; 2798| 6|} mbedtls_ssl_conf_alpn_protocols: 2814| 12|{ 2815| 12| size_t cur_len, tot_len; 2816| 12| const char **p; 2817| | 2818| | /* 2819| | * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings 2820| | * MUST NOT be truncated." 2821| | * We check lengths now rather than later. 2822| | */ 2823| 12| tot_len = 0; 2824| 36| for (p = protos; *p != NULL; p++) { ------------------ | Branch (2824:22): [True: 24, False: 12] ------------------ 2825| 24| cur_len = strlen(*p); 2826| 24| tot_len += cur_len; 2827| | 2828| 24| if ((cur_len == 0) || ------------------ | Branch (2828:13): [True: 0, False: 24] ------------------ 2829| 24| (cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) || ------------------ | | 269| 24|#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */ ------------------ | Branch (2829:13): [True: 0, False: 24] ------------------ 2830| 24| (tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN)) { ------------------ | | 271| 24|#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */ ------------------ | Branch (2830:13): [True: 0, False: 24] ------------------ 2831| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 2832| 0| } 2833| 24| } 2834| | 2835| 12| conf->alpn_list = protos; 2836| | 2837| 12| return 0; 2838| 12|} mbedtls_ssl_conf_encrypt_then_mac: 2938| 16|{ 2939| 16| conf->encrypt_then_mac = etm; 2940| 16|} mbedtls_ssl_conf_extended_master_secret: 2945| 16|{ 2946| 16| conf->extended_ms = ems; 2947| 16|} mbedtls_ssl_conf_renegotiation: 2971| 16|{ 2972| 16| conf->disable_renegotiation = renegotiation; 2973| 16|} mbedtls_ssl_conf_session_tickets: 2991| 32|{ 2992| 32| conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK; ------------------ | | 2981| 32| (1 << MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT) | | ------------------ | | | | 2977| 32|#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT 0 | | ------------------ ------------------ 2993| 32| conf->session_tickets |= (use_tickets != 0) << 2994| 32| MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT; ------------------ | | 2977| 32|#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT 0 ------------------ 2995| 32|} mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets: 3000| 16|{ 3001| 16| conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK; ------------------ | | 2983| 16| (1 << MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT) | | ------------------ | | | | 2978| 16|#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT 1 | | ------------------ ------------------ 3002| 16| conf->session_tickets |= (signal_new_session_tickets != 0) << 3003| 16| MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT; ------------------ | | 2978| 16|#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT 1 ------------------ 3004| 16|} mbedtls_ssl_conf_new_session_tickets: 3013| 16|{ 3014| 16| conf->new_session_tickets_count = num_tickets; 3015| 16|} mbedtls_ssl_get_input_max_frag_len: 3161| 16|{ 3162| 16| size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN; ------------------ | | 396| 16|#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 ------------------ 3163| 16| size_t read_mfl; 3164| | 3165| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 3166| | /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ 3167| 16| if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && ------------------ | | 282| 32|#define MBEDTLS_SSL_IS_CLIENT 0 ------------------ | Branch (3167:9): [True: 16, False: 0] ------------------ 3168| 16| ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) { ------------------ | Branch (3168:9): [True: 0, False: 16] ------------------ 3169| 0| return ssl_mfl_code_to_length(ssl->conf->mfl_code); 3170| 0| } 3171| 16|#endif 3172| | 3173| | /* Check if a smaller max length was negotiated */ 3174| 16| if (ssl->session_out != NULL) { ------------------ | Branch (3174:9): [True: 0, False: 16] ------------------ 3175| 0| read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code); 3176| 0| if (read_mfl < max_len) { ------------------ | Branch (3176:13): [True: 0, False: 0] ------------------ 3177| 0| max_len = read_mfl; 3178| 0| } 3179| 0| } 3180| | 3181| | /* During a handshake, use the value being negotiated */ 3182| 16| if (ssl->session_negotiate != NULL) { ------------------ | Branch (3182:9): [True: 16, False: 0] ------------------ 3183| 16| read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); 3184| 16| if (read_mfl < max_len) { ------------------ | Branch (3184:13): [True: 0, False: 16] ------------------ 3185| 0| max_len = read_mfl; 3186| 0| } 3187| 16| } 3188| | 3189| 16| return max_len; 3190| 16|} mbedtls_ssl_get_output_max_frag_len: 3193| 16|{ 3194| 16| size_t max_len; 3195| | 3196| | /* 3197| | * Assume mfl_code is correct since it was checked when set 3198| | */ 3199| 16| max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); 3200| | 3201| | /* Check if a smaller max length was negotiated */ 3202| 16| if (ssl->session_out != NULL && ------------------ | Branch (3202:9): [True: 0, False: 16] ------------------ 3203| 16| ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) { ------------------ | Branch (3203:9): [True: 0, False: 0] ------------------ 3204| 0| max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code); 3205| 0| } 3206| | 3207| | /* During a handshake, use the value being negotiated */ 3208| 16| if (ssl->session_negotiate != NULL && ------------------ | Branch (3208:9): [True: 16, False: 0] ------------------ 3209| 16| ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) { ------------------ | Branch (3209:9): [True: 0, False: 16] ------------------ 3210| 0| max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); 3211| 0| } 3212| | 3213| 16| return max_len; 3214| 16|} mbedtls_ssl_handshake_step: 4499| 32|{ 4500| 32| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 32|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 4501| | 4502| 32| if (ssl == NULL || ------------------ | Branch (4502:9): [True: 0, False: 32] ------------------ 4503| 32| ssl->conf == NULL || ------------------ | Branch (4503:9): [True: 0, False: 32] ------------------ 4504| 32| ssl->handshake == NULL || ------------------ | Branch (4504:9): [True: 0, False: 32] ------------------ 4505| 32| ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { ------------------ | Branch (4505:9): [True: 0, False: 32] ------------------ 4506| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 4507| 0| } 4508| | 4509| 32| ret = ssl_prepare_handshake_step(ssl); 4510| 32| if (ret != 0) { ------------------ | Branch (4510:9): [True: 0, False: 32] ------------------ 4511| 0| return ret; 4512| 0| } 4513| | 4514| 32| ret = mbedtls_ssl_handle_pending_alert(ssl); 4515| 32| if (ret != 0) { ------------------ | Branch (4515:9): [True: 0, False: 32] ------------------ 4516| 0| goto cleanup; 4517| 0| } 4518| | 4519| | /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or 4520| | * MBEDTLS_SSL_IS_SERVER, this is the return code we give */ 4521| 32| ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 32|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 4522| | 4523| 32|#if defined(MBEDTLS_SSL_CLI_C) 4524| 32| if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ------------------ | | 282| 32|#define MBEDTLS_SSL_IS_CLIENT 0 ------------------ | Branch (4524:9): [True: 32, False: 0] ------------------ 4525| 32| MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %s", ------------------ | | 26| 32| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 32| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 32|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 4526| 32| mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state))); 4527| | 4528| 32| switch (ssl->state) { 4529| 16| case MBEDTLS_SSL_HELLO_REQUEST: ------------------ | Branch (4529:13): [True: 16, False: 16] ------------------ 4530| 16| ssl->state = MBEDTLS_SSL_CLIENT_HELLO; 4531| 16| ret = 0; 4532| 16| break; 4533| | 4534| 16| case MBEDTLS_SSL_CLIENT_HELLO: ------------------ | Branch (4534:13): [True: 16, False: 16] ------------------ 4535| 16| ret = mbedtls_ssl_write_client_hello(ssl); 4536| 16| break; 4537| | 4538| 0| default: ------------------ | Branch (4538:13): [True: 0, False: 32] ------------------ 4539| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) 4540| 0| if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { ------------------ | Branch (4540:21): [True: 0, False: 0] ------------------ 4541| 0| ret = mbedtls_ssl_tls13_handshake_client_step(ssl); 4542| 0| } else { 4543| 0| ret = mbedtls_ssl_handshake_client_step(ssl); 4544| 0| } 4545| |#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) 4546| | ret = mbedtls_ssl_handshake_client_step(ssl); 4547| |#else 4548| | ret = mbedtls_ssl_tls13_handshake_client_step(ssl); 4549| |#endif 4550| 32| } 4551| 32| } 4552| 32|#endif /* MBEDTLS_SSL_CLI_C */ 4553| | 4554| 32|#if defined(MBEDTLS_SSL_SRV_C) 4555| 32| if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { ------------------ | | 283| 32|#define MBEDTLS_SSL_IS_SERVER 1 ------------------ | Branch (4555:9): [True: 0, False: 32] ------------------ 4556| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) 4557| 0| if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { ------------------ | Branch (4557:13): [True: 0, False: 0] ------------------ 4558| 0| ret = mbedtls_ssl_tls13_handshake_server_step(ssl); 4559| 0| } else { 4560| 0| ret = mbedtls_ssl_handshake_server_step(ssl); 4561| 0| } 4562| |#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) 4563| | ret = mbedtls_ssl_handshake_server_step(ssl); 4564| |#else 4565| | ret = mbedtls_ssl_tls13_handshake_server_step(ssl); 4566| |#endif 4567| 0| } 4568| 32|#endif /* MBEDTLS_SSL_SRV_C */ 4569| | 4570| 32| if (ret != 0) { ------------------ | Branch (4570:9): [True: 16, False: 16] ------------------ 4571| | /* handshake_step return error. And it is same 4572| | * with alert_reason. 4573| | */ 4574| 16| if (ssl->send_alert) { ------------------ | Branch (4574:13): [True: 0, False: 16] ------------------ 4575| 0| ret = mbedtls_ssl_handle_pending_alert(ssl); 4576| 0| goto cleanup; 4577| 0| } 4578| 16| } 4579| | 4580| 32|cleanup: 4581| 32| return ret; 4582| 32|} mbedtls_ssl_handshake: 4588| 16|{ 4589| 16| int ret = 0; 4590| | 4591| | /* Sanity checks */ 4592| | 4593| 16| if (ssl == NULL || ssl->conf == NULL) { ------------------ | Branch (4593:9): [True: 0, False: 16] | Branch (4593:24): [True: 0, False: 16] ------------------ 4594| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 4595| 0| } 4596| | 4597| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 4598| 16| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ------------------ | | 266| 32|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (4598:9): [True: 0, False: 16] ------------------ 4599| 16| (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) { ------------------ | Branch (4599:10): [True: 0, False: 0] | Branch (4599:38): [True: 0, False: 0] ------------------ 4600| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("You must use " ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 4601| 0| "mbedtls_ssl_set_timer_cb() for DTLS")); 4602| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 4603| 0| } 4604| 16|#endif /* MBEDTLS_SSL_PROTO_DTLS */ 4605| | 4606| 16| MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 4607| | 4608| | /* Main handshake loop */ 4609| 32| while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { ------------------ | Branch (4609:12): [True: 32, False: 0] ------------------ 4610| 32| ret = mbedtls_ssl_handshake_step(ssl); 4611| | 4612| 32| if (ret != 0) { ------------------ | Branch (4612:13): [True: 16, False: 16] ------------------ 4613| 16| break; 4614| 16| } 4615| 32| } 4616| | 4617| 16| MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 4618| | 4619| 16| return ret; 4620| 16|} mbedtls_ssl_handshake_free: 4751| 16|{ 4752| 16| mbedtls_ssl_handshake_params *handshake = ssl->handshake; 4753| | 4754| 16| if (handshake == NULL) { ------------------ | Branch (4754:9): [True: 0, False: 16] ------------------ 4755| 0| return; 4756| 0| } 4757| | 4758| 16|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 4759| 16|#if !defined(MBEDTLS_DEPRECATED_REMOVED) 4760| 16| if (ssl->handshake->group_list_heap_allocated) { ------------------ | Branch (4760:9): [True: 0, False: 16] ------------------ 4761| 0| mbedtls_free((void *) handshake->group_list); 4762| 0| } 4763| 16| handshake->group_list = NULL; 4764| 16|#endif /* MBEDTLS_DEPRECATED_REMOVED */ 4765| 16|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 4766| | 4767| 16|#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 4768| 16|#if !defined(MBEDTLS_DEPRECATED_REMOVED) 4769| 16| if (ssl->handshake->sig_algs_heap_allocated) { ------------------ | Branch (4769:9): [True: 0, False: 16] ------------------ 4770| 0| mbedtls_free((void *) handshake->sig_algs); 4771| 0| } 4772| 16| handshake->sig_algs = NULL; 4773| 16|#endif /* MBEDTLS_DEPRECATED_REMOVED */ 4774| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 4775| 16| if (ssl->handshake->certificate_request_context) { ------------------ | Branch (4775:9): [True: 0, False: 16] ------------------ 4776| 0| mbedtls_free((void *) handshake->certificate_request_context); 4777| 0| } 4778| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 4779| 16|#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 4780| | 4781| 16|#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) 4782| 16| if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ------------------ | Branch (4782:9): [True: 0, False: 16] | Branch (4782:46): [True: 0, False: 0] ------------------ 4783| 0| ssl->conf->f_async_cancel(ssl); 4784| 0| handshake->async_in_progress = 0; 4785| 0| } 4786| 16|#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ 4787| | 4788| 16|#if defined(MBEDTLS_MD_CAN_SHA256) 4789| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 4790| | psa_hash_abort(&handshake->fin_sha256_psa); 4791| |#else 4792| 16| mbedtls_md_free(&handshake->fin_sha256); 4793| 16|#endif 4794| 16|#endif 4795| 16|#if defined(MBEDTLS_MD_CAN_SHA384) 4796| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 4797| | psa_hash_abort(&handshake->fin_sha384_psa); 4798| |#else 4799| 16| mbedtls_md_free(&handshake->fin_sha384); 4800| 16|#endif 4801| 16|#endif 4802| | 4803| 16|#if defined(MBEDTLS_DHM_C) 4804| 16| mbedtls_dhm_free(&handshake->dhm_ctx); 4805| 16|#endif 4806| 16|#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 4807| 16| defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) 4808| 16| mbedtls_ecdh_free(&handshake->ecdh_ctx); 4809| 16|#endif 4810| | 4811| 16|#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 4812| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 4813| | psa_pake_abort(&handshake->psa_pake_ctx); 4814| | /* 4815| | * Opaque keys are not stored in the handshake's data and it's the user 4816| | * responsibility to destroy them. Clear ones, instead, are created by 4817| | * the TLS library and should be destroyed at the same level 4818| | */ 4819| | if (!mbedtls_svc_key_id_is_null(handshake->psa_pake_password)) { 4820| | psa_destroy_key(handshake->psa_pake_password); 4821| | } 4822| | handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; 4823| |#else 4824| 16| mbedtls_ecjpake_free(&handshake->ecjpake_ctx); 4825| 16|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 4826| 16|#if defined(MBEDTLS_SSL_CLI_C) 4827| 16| mbedtls_free(handshake->ecjpake_cache); 4828| 16| handshake->ecjpake_cache = NULL; 4829| 16| handshake->ecjpake_cache_len = 0; 4830| 16|#endif 4831| 16|#endif 4832| | 4833| 16|#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ 4834| 16| defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \ 4835| 16| defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 4836| | /* explicit void pointer cast for buggy MS compiler */ 4837| 16| mbedtls_free((void *) handshake->curves_tls_id); 4838| 16|#endif 4839| | 4840| 16|#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) 4841| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 4842| | if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { 4843| | /* The maintenance of the external PSK key slot is the 4844| | * user's responsibility. */ 4845| | if (ssl->handshake->psk_opaque_is_internal) { 4846| | psa_destroy_key(ssl->handshake->psk_opaque); 4847| | ssl->handshake->psk_opaque_is_internal = 0; 4848| | } 4849| | ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; 4850| | } 4851| |#else 4852| 16| if (handshake->psk != NULL) { ------------------ | Branch (4852:9): [True: 0, False: 16] ------------------ 4853| 0| mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len); 4854| 0| } 4855| 16|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 4856| 16|#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ 4857| | 4858| 16|#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ 4859| 16| defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 4860| | /* 4861| | * Free only the linked list wrapper, not the keys themselves 4862| | * since the belong to the SNI callback 4863| | */ 4864| 16| ssl_key_cert_free(handshake->sni_key_cert); 4865| 16|#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ 4866| | 4867| 16|#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) 4868| 16| mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx); 4869| 16| if (handshake->ecrs_peer_cert != NULL) { ------------------ | Branch (4869:9): [True: 0, False: 16] ------------------ 4870| 0| mbedtls_x509_crt_free(handshake->ecrs_peer_cert); 4871| 0| mbedtls_free(handshake->ecrs_peer_cert); 4872| 0| } 4873| 16|#endif 4874| | 4875| |#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ 4876| | !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) 4877| | mbedtls_pk_free(&handshake->peer_pubkey); 4878| |#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 4879| | 4880| 16|#if defined(MBEDTLS_SSL_CLI_C) && \ 4881| 16| (defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) 4882| 16| mbedtls_free(handshake->cookie); 4883| 16|#endif /* MBEDTLS_SSL_CLI_C && 4884| | ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */ 4885| | 4886| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 4887| 16| mbedtls_ssl_flight_free(handshake->flight); 4888| 16| mbedtls_ssl_buffering_free(ssl); 4889| 16|#endif /* MBEDTLS_SSL_PROTO_DTLS */ 4890| | 4891| 16|#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) 4892| 16| if (handshake->xxdh_psa_privkey_is_external == 0) { ------------------ | Branch (4892:9): [True: 16, False: 0] ------------------ 4893| 16| psa_destroy_key(handshake->xxdh_psa_privkey); 4894| 16| } 4895| 16|#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ 4896| | 4897| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 4898| 16| mbedtls_ssl_transform_free(handshake->transform_handshake); 4899| 16| mbedtls_free(handshake->transform_handshake); 4900| 16|#if defined(MBEDTLS_SSL_EARLY_DATA) 4901| 16| mbedtls_ssl_transform_free(handshake->transform_earlydata); 4902| 16| mbedtls_free(handshake->transform_earlydata); 4903| 16|#endif 4904| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 4905| | 4906| | 4907| 16|#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 4908| | /* If the buffers are too big - reallocate. Because of the way Mbed TLS 4909| | * processes datagrams and the fact that a datagram is allowed to have 4910| | * several records in it, it is possible that the I/O buffers are not 4911| | * empty at this stage */ 4912| 16| handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl), 4913| 16| mbedtls_ssl_get_output_buflen(ssl)); 4914| 16|#endif 4915| | 4916| | /* mbedtls_platform_zeroize MUST be last one in this function */ 4917| 16| mbedtls_platform_zeroize(handshake, 4918| 16| sizeof(mbedtls_ssl_handshake_params)); 4919| 16|} mbedtls_ssl_session_free: 4922| 16|{ 4923| 16| if (session == NULL) { ------------------ | Branch (4923:9): [True: 0, False: 16] ------------------ 4924| 0| return; 4925| 0| } 4926| | 4927| 16|#if defined(MBEDTLS_X509_CRT_PARSE_C) 4928| 16| ssl_clear_peer_cert(session); 4929| 16|#endif 4930| | 4931| 16|#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) 4932| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ 4933| 16| defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 4934| 16| mbedtls_free(session->hostname); 4935| 16|#endif 4936| 16| mbedtls_free(session->ticket); 4937| 16|#endif 4938| | 4939| 16|#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && \ 4940| 16| defined(MBEDTLS_SSL_SRV_C) 4941| 16| mbedtls_free(session->ticket_alpn); 4942| 16|#endif 4943| | 4944| 16| mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); 4945| 16|} mbedtls_ssl_free: 5516| 16|{ 5517| 16| if (ssl == NULL) { ------------------ | Branch (5517:9): [True: 0, False: 16] ------------------ 5518| 0| return; 5519| 0| } 5520| | 5521| 16| MBEDTLS_SSL_DEBUG_MSG(2, ("=> free")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 5522| | 5523| 16| if (ssl->out_buf != NULL) { ------------------ | Branch (5523:9): [True: 16, False: 0] ------------------ 5524| 16|#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 5525| 16| size_t out_buf_len = ssl->out_buf_len; 5526| |#else 5527| | size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; 5528| |#endif 5529| | 5530| 16| mbedtls_zeroize_and_free(ssl->out_buf, out_buf_len); 5531| 16| ssl->out_buf = NULL; 5532| 16| } 5533| | 5534| 16| if (ssl->in_buf != NULL) { ------------------ | Branch (5534:9): [True: 16, False: 0] ------------------ 5535| 16|#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 5536| 16| size_t in_buf_len = ssl->in_buf_len; 5537| |#else 5538| | size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; 5539| |#endif 5540| | 5541| 16| mbedtls_zeroize_and_free(ssl->in_buf, in_buf_len); 5542| 16| ssl->in_buf = NULL; 5543| 16| } 5544| | 5545| 16| if (ssl->transform) { ------------------ | Branch (5545:9): [True: 0, False: 16] ------------------ 5546| 0| mbedtls_ssl_transform_free(ssl->transform); 5547| 0| mbedtls_free(ssl->transform); 5548| 0| } 5549| | 5550| 16| if (ssl->handshake) { ------------------ | Branch (5550:9): [True: 16, False: 0] ------------------ 5551| 16| mbedtls_ssl_handshake_free(ssl); 5552| 16| mbedtls_free(ssl->handshake); 5553| | 5554| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 5555| 16| mbedtls_ssl_transform_free(ssl->transform_negotiate); 5556| 16| mbedtls_free(ssl->transform_negotiate); 5557| 16|#endif 5558| | 5559| 16| mbedtls_ssl_session_free(ssl->session_negotiate); 5560| 16| mbedtls_free(ssl->session_negotiate); 5561| 16| } 5562| | 5563| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 5564| 16| mbedtls_ssl_transform_free(ssl->transform_application); 5565| 16| mbedtls_free(ssl->transform_application); 5566| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 5567| | 5568| 16| if (ssl->session) { ------------------ | Branch (5568:9): [True: 0, False: 16] ------------------ 5569| 0| mbedtls_ssl_session_free(ssl->session); 5570| 0| mbedtls_free(ssl->session); 5571| 0| } 5572| | 5573| 16|#if defined(MBEDTLS_X509_CRT_PARSE_C) 5574| 16| if (ssl->hostname != NULL) { ------------------ | Branch (5574:9): [True: 6, False: 10] ------------------ 5575| 6| mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); 5576| 6| } 5577| 16|#endif 5578| | 5579| 16|#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) 5580| 16| mbedtls_free(ssl->cli_id); 5581| 16|#endif 5582| | 5583| 16| MBEDTLS_SSL_DEBUG_MSG(2, ("<= free")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 5584| | 5585| | /* Actually clear after last debug message */ 5586| 16| mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context)); 5587| 16|} mbedtls_ssl_config_init: 5593| 16|{ 5594| 16| memset(conf, 0, sizeof(mbedtls_ssl_config)); 5595| 16|} mbedtls_ssl_config_defaults: 5830| 16|{ 5831| 16|#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) 5832| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 5833| 16|#endif 5834| | 5835| 16|#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 5836| 16| if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) { ------------------ | Branch (5836:9): [True: 0, False: 16] ------------------ 5837| 0| mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n"); 5838| 0| return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 5839| 0| } 5840| | 5841| 16| if (ssl_check_no_sig_alg_duplication(ssl_preset_default_sig_algs)) { ------------------ | Branch (5841:9): [True: 0, False: 16] ------------------ 5842| 0| mbedtls_printf("ssl_preset_default_sig_algs has duplicated entries\n"); 5843| 0| return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 5844| 0| } 5845| | 5846| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 5847| 16| if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_suiteb_sig_algs)) { ------------------ | Branch (5847:9): [True: 0, False: 16] ------------------ 5848| 0| mbedtls_printf("ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n"); 5849| 0| return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 5850| 0| } 5851| | 5852| 16| if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_default_sig_algs)) { ------------------ | Branch (5852:9): [True: 0, False: 16] ------------------ 5853| 0| mbedtls_printf("ssl_tls12_preset_default_sig_algs has duplicated entries\n"); 5854| 0| return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 5855| 0| } 5856| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 5857| 16|#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 5858| | 5859| | /* Use the functions here so that they are covered in tests, 5860| | * but otherwise access member directly for efficiency */ 5861| 16| mbedtls_ssl_conf_endpoint(conf, endpoint); 5862| 16| mbedtls_ssl_conf_transport(conf, transport); 5863| | 5864| | /* 5865| | * Things that are common to all presets 5866| | */ 5867| 16|#if defined(MBEDTLS_SSL_CLI_C) 5868| 16| if (endpoint == MBEDTLS_SSL_IS_CLIENT) { ------------------ | | 282| 16|#define MBEDTLS_SSL_IS_CLIENT 0 ------------------ | Branch (5868:9): [True: 16, False: 0] ------------------ 5869| 16| conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; ------------------ | | 298| 16|#define MBEDTLS_SSL_VERIFY_REQUIRED 2 ------------------ 5870| 16|#if defined(MBEDTLS_SSL_SESSION_TICKETS) 5871| 16| mbedtls_ssl_conf_session_tickets(conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED); ------------------ | | 322| 16|#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 ------------------ 5872| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 5873| | /* Contrary to TLS 1.2 tickets, TLS 1.3 NewSessionTicket message 5874| | * handling is disabled by default in Mbed TLS 3.6.x for backward 5875| | * compatibility with client applications developed using Mbed TLS 3.5 5876| | * or earlier with the default configuration. 5877| | * 5878| | * Up to Mbed TLS 3.5, in the default configuration TLS 1.3 was 5879| | * disabled, and a Mbed TLS client with the default configuration would 5880| | * establish a TLS 1.2 connection with a TLS 1.2 and TLS 1.3 capable 5881| | * server. 5882| | * 5883| | * Starting with Mbed TLS 3.6.0, TLS 1.3 is enabled by default, and thus 5884| | * an Mbed TLS client with the default configuration establishes a 5885| | * TLS 1.3 connection with a TLS 1.2 and TLS 1.3 capable server. If 5886| | * following the handshake the TLS 1.3 server sends NewSessionTicket 5887| | * messages and the Mbed TLS client processes them, this results in 5888| | * Mbed TLS high level APIs (mbedtls_ssl_read(), 5889| | * mbedtls_ssl_handshake(), ...) to eventually return an 5890| | * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET non fatal error code 5891| | * (see the documentation of mbedtls_ssl_read() for more information on 5892| | * that error code). Applications unaware of that TLS 1.3 specific non 5893| | * fatal error code are then failing. 5894| | */ 5895| 16| mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( 5896| 16| conf, MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED); ------------------ | | 324| 16|#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED 0 ------------------ 5897| 16|#endif 5898| 16|#endif 5899| 16| } 5900| 16|#endif 5901| | 5902| 16|#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 5903| 16| conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; ------------------ | | 292| 16|#define MBEDTLS_SSL_ETM_ENABLED 1 ------------------ 5904| 16|#endif 5905| | 5906| 16|#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 5907| 16| conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; ------------------ | | 286| 16|#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 ------------------ 5908| 16|#endif 5909| | 5910| 16|#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) 5911| 16| conf->f_cookie_write = ssl_cookie_write_dummy; 5912| 16| conf->f_cookie_check = ssl_cookie_check_dummy; 5913| 16|#endif 5914| | 5915| 16|#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 5916| 16| conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; ------------------ | | 308| 16|#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1 ------------------ 5917| 16|#endif 5918| | 5919| 16|#if defined(MBEDTLS_SSL_SRV_C) 5920| 16| conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; ------------------ | | 330| 16|#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 ------------------ 5921| 16| conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER; ------------------ | | 340| 16|#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0 ------------------ 5922| 16|#endif 5923| | 5924| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 5925| 16| conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; ------------------ | | 353| 16|#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 ------------------ 5926| 16| conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; ------------------ | | 354| 16|#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 ------------------ 5927| 16|#endif 5928| | 5929| 16|#if defined(MBEDTLS_SSL_RENEGOTIATION) 5930| 16| conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; ------------------ | | 311| 16|#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16 ------------------ 5931| 16| memset(conf->renego_period, 0x00, 2); 5932| 16| memset(conf->renego_period + 2, 0xFF, 6); 5933| 16|#endif 5934| | 5935| 16|#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) 5936| 16| if (endpoint == MBEDTLS_SSL_IS_SERVER) { ------------------ | | 283| 16|#define MBEDTLS_SSL_IS_SERVER 1 ------------------ | Branch (5936:9): [True: 0, False: 16] ------------------ 5937| 0| const unsigned char dhm_p[] = 5938| 0| MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; ------------------ | | 428| 0|#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \ | | 429| 0| 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ | | 430| 0| 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ | | 431| 0| 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ | | 432| 0| 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ | | 433| 0| 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ | | 434| 0| 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ | | 435| 0| 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ | | 436| 0| 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ | | 437| 0| 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ | | 438| 0| 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ | | 439| 0| 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ | | 440| 0| 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ | | 441| 0| 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ | | 442| 0| 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ | | 443| 0| 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ | | 444| 0| 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ | | 445| 0| 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ | | 446| 0| 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ | | 447| 0| 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ | | 448| 0| 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ | | 449| 0| 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ | | 450| 0| 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ | | 451| 0| 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ | | 452| 0| 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ | | 453| 0| 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ | | 454| 0| 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ | | 455| 0| 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ | | 456| 0| 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ | | 457| 0| 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ | | 458| 0| 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ | | 459| 0| 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \ | | 460| 0| 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } ------------------ 5939| 0| const unsigned char dhm_g[] = 5940| 0| MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; ------------------ | | 462| 0|#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 } ------------------ 5941| | 5942| 0| if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, ------------------ | Branch (5942:13): [True: 0, False: 0] ------------------ 5943| 0| dhm_p, sizeof(dhm_p), 5944| 0| dhm_g, sizeof(dhm_g))) != 0) { 5945| 0| return ret; 5946| 0| } 5947| 0| } 5948| 16|#endif 5949| | 5950| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 5951| | 5952| 16|#if defined(MBEDTLS_SSL_EARLY_DATA) 5953| 16| mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); ------------------ | | 333| 16|#define MBEDTLS_SSL_EARLY_DATA_DISABLED 0 ------------------ 5954| 16|#if defined(MBEDTLS_SSL_SRV_C) 5955| 16| mbedtls_ssl_conf_max_early_data_size(conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); ------------------ | | 427| 16|#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 ------------------ 5956| 16|#endif 5957| 16|#endif /* MBEDTLS_SSL_EARLY_DATA */ 5958| | 5959| 16|#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) 5960| 16| mbedtls_ssl_conf_new_session_tickets( 5961| 16| conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS); ------------------ | | 439| 16|#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 ------------------ 5962| 16|#endif 5963| | /* 5964| | * Allow all TLS 1.3 key exchange modes by default. 5965| | */ 5966| 16| conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; ------------------ | | 239| 16| (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \ | | ------------------ | | | | 227| 16|#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK (1u << 0) /*!< Pure-PSK TLS 1.3 key exchange, | | ------------------ | | 240| 16| MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \ | | ------------------ | | | | 233| 16|#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL (1u << 2) /*!< PSK-Ephemeral TLS 1.3 key exchanges, | | ------------------ | | 241| 16| MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) /*!< All TLS 1.3 key exchanges */ | | ------------------ | | | | 230| 16|#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL (1u << 1) /*!< Pure-Ephemeral TLS 1.3 key exchanges, | | ------------------ ------------------ 5967| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 5968| | 5969| 16| if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (5969:9): [True: 0, False: 16] ------------------ 5970| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 5971| 0| conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; 5972| 0| conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; 5973| |#else 5974| | return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; 5975| |#endif 5976| 16| } else { 5977| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) 5978| 16| conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; 5979| 16| conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; 5980| |#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) 5981| | conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; 5982| | conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; 5983| |#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) 5984| | conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; 5985| | conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; 5986| |#else 5987| | return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; 5988| |#endif 5989| 16| } 5990| | 5991| | /* 5992| | * Preset-specific defaults 5993| | */ 5994| 16| switch (preset) { 5995| | /* 5996| | * NSA Suite B 5997| | */ 5998| 0| case MBEDTLS_SSL_PRESET_SUITEB: ------------------ | | 328| 0|#define MBEDTLS_SSL_PRESET_SUITEB 2 ------------------ | Branch (5998:9): [True: 0, False: 16] ------------------ 5999| | 6000| 0| conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; 6001| | 6002| 0|#if defined(MBEDTLS_X509_CRT_PARSE_C) 6003| 0| conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; 6004| 0|#endif 6005| | 6006| 0|#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 6007| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 6008| 0| if (mbedtls_ssl_conf_is_tls12_only(conf)) { ------------------ | Branch (6008:17): [True: 0, False: 0] ------------------ 6009| 0| conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; 6010| 0| } else 6011| 0|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 6012| 0| conf->sig_algs = ssl_preset_suiteb_sig_algs; 6013| 0|#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 6014| | 6015| 0|#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) 6016| 0| conf->curve_list = NULL; 6017| 0|#endif 6018| 0| conf->group_list = ssl_preset_suiteb_groups; 6019| 0| break; 6020| | 6021| | /* 6022| | * Default 6023| | */ 6024| 16| default: ------------------ | Branch (6024:9): [True: 16, False: 0] ------------------ 6025| | 6026| 16| conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); 6027| | 6028| 16|#if defined(MBEDTLS_X509_CRT_PARSE_C) 6029| 16| conf->cert_profile = &mbedtls_x509_crt_profile_default; 6030| 16|#endif 6031| | 6032| 16|#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 6033| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 6034| 16| if (mbedtls_ssl_conf_is_tls12_only(conf)) { ------------------ | Branch (6034:17): [True: 0, False: 16] ------------------ 6035| 0| conf->sig_algs = ssl_tls12_preset_default_sig_algs; 6036| 0| } else 6037| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 6038| 16| conf->sig_algs = ssl_preset_default_sig_algs; 6039| 16|#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 6040| | 6041| 16|#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) 6042| 16| conf->curve_list = NULL; 6043| 16|#endif 6044| 16| conf->group_list = ssl_preset_default_groups; 6045| | 6046| 16|#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) 6047| 16| conf->dhm_min_bitlen = 1024; 6048| 16|#endif 6049| 16| } 6050| | 6051| 16| return 0; 6052| 16|} mbedtls_ssl_config_free: 6058| 16|{ 6059| 16| if (conf == NULL) { ------------------ | Branch (6059:9): [True: 0, False: 16] ------------------ 6060| 0| return; 6061| 0| } 6062| | 6063| 16|#if defined(MBEDTLS_DHM_C) 6064| 16| mbedtls_mpi_free(&conf->dhm_P); 6065| 16| mbedtls_mpi_free(&conf->dhm_G); 6066| 16|#endif 6067| | 6068| 16|#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) 6069| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 6070| | if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { 6071| | conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; 6072| | } 6073| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 6074| 16| if (conf->psk != NULL) { ------------------ | Branch (6074:9): [True: 6, False: 10] ------------------ 6075| 6| mbedtls_zeroize_and_free(conf->psk, conf->psk_len); 6076| 6| conf->psk = NULL; 6077| 6| conf->psk_len = 0; 6078| 6| } 6079| | 6080| 16| if (conf->psk_identity != NULL) { ------------------ | Branch (6080:9): [True: 6, False: 10] ------------------ 6081| 6| mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len); 6082| 6| conf->psk_identity = NULL; 6083| 6| conf->psk_identity_len = 0; 6084| 6| } 6085| 16|#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ 6086| | 6087| 16|#if defined(MBEDTLS_X509_CRT_PARSE_C) 6088| 16| ssl_key_cert_free(conf->key_cert); 6089| 16|#endif 6090| | 6091| 16| mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config)); 6092| 16|} mbedtls_ssl_validate_ciphersuite: 9281| 3.04k|{ 9282| 3.04k| (void) ssl; 9283| | 9284| 3.04k| if (suite_info == NULL) { ------------------ | Branch (9284:9): [True: 0, False: 3.04k] ------------------ 9285| 0| return -1; 9286| 0| } 9287| | 9288| 3.04k| if ((suite_info->min_tls_version > max_tls_version) || ------------------ | Branch (9288:9): [True: 0, False: 3.04k] ------------------ 9289| 3.04k| (suite_info->max_tls_version < min_tls_version)) { ------------------ | Branch (9289:9): [True: 0, False: 3.04k] ------------------ 9290| 0| return -1; 9291| 0| } 9292| | 9293| 3.04k|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C) 9294| 3.04k|#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 9295| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 9296| | if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && 9297| | ssl->handshake->psa_pake_ctx_is_ok != 1) 9298| |#else 9299| 3.04k| if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && ------------------ | Branch (9299:9): [True: 16, False: 3.02k] ------------------ 9300| 3.04k| mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) ------------------ | Branch (9300:9): [True: 16, False: 0] ------------------ 9301| 16|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 9302| 16| { 9303| 16| return -1; 9304| 16| } 9305| 3.02k|#endif 9306| | 9307| | /* Don't suggest PSK-based ciphersuite if no PSK is available. */ 9308| 3.02k|#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) 9309| 3.02k| if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && ------------------ | Branch (9309:9): [True: 1.18k, False: 1.84k] ------------------ 9310| 3.02k| mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { ------------------ | Branch (9310:9): [True: 740, False: 444] ------------------ 9311| 740| return -1; 9312| 740| } 9313| 2.28k|#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ 9314| 2.28k|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 9315| | 9316| 2.28k| return 0; 9317| 3.02k|} mbedtls_ssl_session_set_hostname: 9627| 16|{ 9628| | /* Initialize to suppress unnecessary compiler warning */ 9629| 16| size_t hostname_len = 0; 9630| | 9631| | /* Check if new hostname is valid before 9632| | * making any change to current one */ 9633| 16| if (hostname != NULL) { ------------------ | Branch (9633:9): [True: 6, False: 10] ------------------ 9634| 6| hostname_len = strlen(hostname); 9635| | 9636| 6| if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) { ------------------ | | 268| 6|#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ ------------------ | Branch (9636:13): [True: 0, False: 6] ------------------ 9637| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 9638| 0| } 9639| 6| } 9640| | 9641| | /* Now it's clear that we will overwrite the old hostname, 9642| | * so we can free it safely */ 9643| 16| if (session->hostname != NULL) { ------------------ | Branch (9643:9): [True: 0, False: 16] ------------------ 9644| 0| mbedtls_zeroize_and_free(session->hostname, 9645| 0| strlen(session->hostname)); 9646| 0| } 9647| | 9648| | /* Passing NULL as hostname shall clear the old one */ 9649| 16| if (hostname == NULL) { ------------------ | Branch (9649:9): [True: 10, False: 6] ------------------ 9650| 10| session->hostname = NULL; 9651| 10| } else { 9652| 6| session->hostname = mbedtls_calloc(1, hostname_len + 1); 9653| 6| if (session->hostname == NULL) { ------------------ | Branch (9653:13): [True: 0, False: 6] ------------------ 9654| 0| return MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 9655| 0| } 9656| | 9657| 6| memcpy(session->hostname, hostname, hostname_len); 9658| 6| } 9659| | 9660| 16| return 0; 9661| 16|} ssl_tls.c:ssl_conf_check: 1350| 16|{ 1351| 16| int ret; 1352| 16| ret = ssl_conf_version_check(ssl); 1353| 16| if (ret != 0) { ------------------ | Branch (1353:9): [True: 0, False: 16] ------------------ 1354| 0| return ret; 1355| 0| } 1356| | 1357| 16| if (ssl->conf->f_rng == NULL) { ------------------ | Branch (1357:9): [True: 0, False: 16] ------------------ 1358| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1359| 0| return MBEDTLS_ERR_SSL_NO_RNG; ------------------ | | 62| 0|#define MBEDTLS_ERR_SSL_NO_RNG -0x7400 ------------------ 1360| 0| } 1361| | 1362| | /* Space for further checks */ 1363| | 1364| 16| return 0; 1365| 16|} ssl_tls.c:ssl_conf_version_check: 1310| 16|{ 1311| 16| const mbedtls_ssl_config *conf = ssl->conf; 1312| | 1313| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 1314| 16| if (mbedtls_ssl_conf_is_tls13_only(conf)) { ------------------ | Branch (1314:9): [True: 0, False: 16] ------------------ 1315| 0| if (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 0|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (1315:13): [True: 0, False: 0] ------------------ 1316| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS 1.3 is not yet supported.")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1317| 0| return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; ------------------ | | 49| 0|#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 ------------------ 1318| 0| } 1319| | 1320| 0| MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls13 only.")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1321| 0| return 0; 1322| 0| } 1323| 16|#endif 1324| | 1325| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1326| 16| if (mbedtls_ssl_conf_is_tls12_only(conf)) { ------------------ | Branch (1326:9): [True: 0, False: 16] ------------------ 1327| 0| MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls12 only.")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1328| 0| return 0; 1329| 0| } 1330| 16|#endif 1331| | 1332| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) 1333| 16| if (mbedtls_ssl_conf_is_hybrid_tls12_tls13(conf)) { ------------------ | Branch (1333:9): [True: 16, False: 0] ------------------ 1334| 16| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (1334:13): [True: 0, False: 16] ------------------ 1335| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1336| 0| return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; ------------------ | | 49| 0|#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 ------------------ 1337| 0| } 1338| | 1339| 16| MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is TLS 1.3 or TLS 1.2.")); ------------------ | | 26| 16| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 16| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 16|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1340| 16| return 0; 1341| 16| } 1342| 0|#endif 1343| | 1344| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("The SSL configuration is invalid.")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1345| 0| return MBEDTLS_ERR_SSL_BAD_CONFIG; ------------------ | | 168| 0|#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 ------------------ 1346| 16|} ssl_tls.c:ssl_handshake_init: 1050| 16|{ 1051| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1052| | 1053| | /* Clear old handshake information if present */ 1054| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1055| 16| if (ssl->transform_negotiate) { ------------------ | Branch (1055:9): [True: 0, False: 16] ------------------ 1056| 0| mbedtls_ssl_transform_free(ssl->transform_negotiate); 1057| 0| } 1058| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 1059| 16| if (ssl->session_negotiate) { ------------------ | Branch (1059:9): [True: 0, False: 16] ------------------ 1060| 0| mbedtls_ssl_session_free(ssl->session_negotiate); 1061| 0| } 1062| 16| if (ssl->handshake) { ------------------ | Branch (1062:9): [True: 0, False: 16] ------------------ 1063| 0| mbedtls_ssl_handshake_free(ssl); 1064| 0| } 1065| | 1066| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1067| | /* 1068| | * Either the pointers are now NULL or cleared properly and can be freed. 1069| | * Now allocate missing structures. 1070| | */ 1071| 16| if (ssl->transform_negotiate == NULL) { ------------------ | Branch (1071:9): [True: 16, False: 0] ------------------ 1072| 16| ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); 1073| 16| } 1074| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 1075| | 1076| 16| if (ssl->session_negotiate == NULL) { ------------------ | Branch (1076:9): [True: 16, False: 0] ------------------ 1077| 16| ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session)); 1078| 16| } 1079| | 1080| 16| if (ssl->handshake == NULL) { ------------------ | Branch (1080:9): [True: 16, False: 0] ------------------ 1081| 16| ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params)); 1082| 16| } 1083| 16|#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) 1084| | /* If the buffers are too small - reallocate */ 1085| | 1086| 16| handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN, ------------------ | | 396| 16| ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \ | | ------------------ | | | | 389| 16|#define MBEDTLS_SSL_HEADER_LEN 13 | | ------------------ | | ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \ | | ------------------ | | | | 322| 16|#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ | | | | ------------------ | | | | | | 316| 16|#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ | | | | | | ------------------ | | | | | | | | 220| 16|#define MBEDTLS_MAX_IV_LENGTH 16 | | | | | | ------------------ | | | | | | 317| 16| MBEDTLS_SSL_MAC_ADD + \ | | | | | | ------------------ | | | | | | | | 293| 16|#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ | | | | | | ------------------ | | | | | | 318| 16| MBEDTLS_SSL_PADDING_ADD + \ | | | | | | ------------------ | | | | | | | | 305| 16|#define MBEDTLS_SSL_PADDING_ADD 256 | | | | | | ------------------ | | | | | | 319| 16| MBEDTLS_SSL_MAX_CID_EXPANSION \ | | | | | | ------------------ | | | | | | | | 311| 16|#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY | | | | | | | | ------------------ | | | | | | | | | | 423| 16|#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 320| 16| ) | | | | ------------------ | | | | 323| 16| (MBEDTLS_SSL_IN_CONTENT_LEN)) | | | | ------------------ | | | | | | 396| 16|#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 | | | | ------------------ | | ------------------ | | 397| 16| + (MBEDTLS_SSL_CID_IN_LEN_MAX)) | | ------------------ | | | | 415| 16|#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 | | ------------------ ------------------ 1087| 16| MBEDTLS_SSL_OUT_BUFFER_LEN); ------------------ | | 405| 16| ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \ | | ------------------ | | | | 389| 16|#define MBEDTLS_SSL_HEADER_LEN 13 | | ------------------ | | ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \ | | ------------------ | | | | 325| 16|#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ | | | | ------------------ | | | | | | 316| 16|#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ | | | | | | ------------------ | | | | | | | | 220| 16|#define MBEDTLS_MAX_IV_LENGTH 16 | | | | | | ------------------ | | | | | | 317| 16| MBEDTLS_SSL_MAC_ADD + \ | | | | | | ------------------ | | | | | | | | 293| 16|#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ | | | | | | ------------------ | | | | | | 318| 16| MBEDTLS_SSL_PADDING_ADD + \ | | | | | | ------------------ | | | | | | | | 305| 16|#define MBEDTLS_SSL_PADDING_ADD 256 | | | | | | ------------------ | | | | | | 319| 16| MBEDTLS_SSL_MAX_CID_EXPANSION \ | | | | | | ------------------ | | | | | | | | 311| 16|#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY | | | | | | | | ------------------ | | | | | | | | | | 423| 16|#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 320| 16| ) | | | | ------------------ | | | | 326| 16| (MBEDTLS_SSL_OUT_CONTENT_LEN)) | | | | ------------------ | | | | | | 400| 16|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 | | | | ------------------ | | ------------------ | | 406| 16| + (MBEDTLS_SSL_CID_OUT_LEN_MAX)) | | ------------------ | | | | 419| 16|#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 | | ------------------ ------------------ 1088| 16|#endif 1089| | 1090| | /* All pointers should exist and can be directly freed without issue */ 1091| 16| if (ssl->handshake == NULL || ------------------ | Branch (1091:9): [True: 0, False: 16] ------------------ 1092| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1093| 16| ssl->transform_negotiate == NULL || ------------------ | Branch (1093:9): [True: 0, False: 16] ------------------ 1094| 16|#endif 1095| 16| ssl->session_negotiate == NULL) { ------------------ | Branch (1095:9): [True: 0, False: 16] ------------------ 1096| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 1097| | 1098| 0| mbedtls_free(ssl->handshake); 1099| 0| ssl->handshake = NULL; 1100| | 1101| 0|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1102| 0| mbedtls_free(ssl->transform_negotiate); 1103| 0| ssl->transform_negotiate = NULL; 1104| 0|#endif 1105| | 1106| 0| mbedtls_free(ssl->session_negotiate); 1107| 0| ssl->session_negotiate = NULL; 1108| | 1109| 0| return MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 1110| 0| } 1111| | 1112| 16|#if defined(MBEDTLS_SSL_EARLY_DATA) 1113| 16|#if defined(MBEDTLS_SSL_CLI_C) 1114| 16| ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IDLE; 1115| 16|#endif 1116| 16|#if defined(MBEDTLS_SSL_SRV_C) 1117| 16| ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; ------------------ | | 372| 16|#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD 0 ------------------ 1118| 16|#endif 1119| 16| ssl->total_early_data_size = 0; 1120| 16|#endif /* MBEDTLS_SSL_EARLY_DATA */ 1121| | 1122| | /* Initialize structures */ 1123| 16| mbedtls_ssl_session_init(ssl->session_negotiate); 1124| 16| ssl_handshake_params_init(ssl->handshake); 1125| | 1126| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1127| 16| mbedtls_ssl_transform_init(ssl->transform_negotiate); 1128| 16|#endif 1129| | 1130| | /* Setup handshake checksums */ 1131| 16| ret = mbedtls_ssl_reset_checksum(ssl); 1132| 16| if (ret != 0) { ------------------ | Branch (1132:9): [True: 0, False: 16] ------------------ 1133| 0| MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret); ------------------ | | 30| 0| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 1134| 0| return ret; 1135| 0| } 1136| | 1137| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ 1138| 16| defined(MBEDTLS_SSL_SRV_C) && \ 1139| 16| defined(MBEDTLS_SSL_SESSION_TICKETS) 1140| 16| ssl->handshake->new_session_tickets_count = 1141| 16| ssl->conf->new_session_tickets_count; 1142| 16|#endif 1143| | 1144| 16|#if defined(MBEDTLS_SSL_PROTO_DTLS) 1145| 16| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ------------------ | | 266| 16|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (1145:9): [True: 0, False: 16] ------------------ 1146| 0| ssl->handshake->alt_transform_out = ssl->transform_out; 1147| | 1148| 0| if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ------------------ | | 282| 0|#define MBEDTLS_SSL_IS_CLIENT 0 ------------------ | Branch (1148:13): [True: 0, False: 0] ------------------ 1149| 0| ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; ------------------ | | 245| 0|#define MBEDTLS_SSL_RETRANS_PREPARING 0 ------------------ 1150| 0| } else { 1151| 0| ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; ------------------ | | 247| 0|#define MBEDTLS_SSL_RETRANS_WAITING 2 ------------------ 1152| 0| } 1153| | 1154| 0| mbedtls_ssl_set_timer(ssl, 0); 1155| 0| } 1156| 16|#endif 1157| | 1158| |/* 1159| | * curve_list is translated to IANA TLS group identifiers here because 1160| | * mbedtls_ssl_conf_curves returns void and so can't return 1161| | * any error codes. 1162| | */ 1163| 16|#if defined(MBEDTLS_ECP_C) 1164| 16|#if !defined(MBEDTLS_DEPRECATED_REMOVED) 1165| | /* Heap allocate and translate curve_list from internal to IANA group ids */ 1166| 16| if (ssl->conf->curve_list != NULL) { ------------------ | Branch (1166:9): [True: 0, False: 16] ------------------ 1167| 0| size_t length; 1168| 0| const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; 1169| | 1170| 0| for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) { ------------------ | Branch (1170:27): [True: 0, False: 0] ------------------ 1171| 0| } 1172| | 1173| | /* Leave room for zero termination */ 1174| 0| uint16_t *group_list = mbedtls_calloc(length + 1, sizeof(uint16_t)); 1175| 0| if (group_list == NULL) { ------------------ | Branch (1175:13): [True: 0, False: 0] ------------------ 1176| 0| return MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 1177| 0| } 1178| | 1179| 0| for (size_t i = 0; i < length; i++) { ------------------ | Branch (1179:28): [True: 0, False: 0] ------------------ 1180| 0| uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( 1181| 0| curve_list[i]); 1182| 0| if (tls_id == 0) { ------------------ | Branch (1182:17): [True: 0, False: 0] ------------------ 1183| 0| mbedtls_free(group_list); 1184| 0| return MBEDTLS_ERR_SSL_BAD_CONFIG; ------------------ | | 168| 0|#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 ------------------ 1185| 0| } 1186| 0| group_list[i] = tls_id; 1187| 0| } 1188| | 1189| 0| group_list[length] = 0; 1190| | 1191| 0| ssl->handshake->group_list = group_list; 1192| 0| ssl->handshake->group_list_heap_allocated = 1; 1193| 16| } else { 1194| 16| ssl->handshake->group_list = ssl->conf->group_list; 1195| 16| ssl->handshake->group_list_heap_allocated = 0; 1196| 16| } 1197| 16|#endif /* MBEDTLS_DEPRECATED_REMOVED */ 1198| 16|#endif /* MBEDTLS_ECP_C */ 1199| | 1200| 16|#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 1201| 16|#if !defined(MBEDTLS_DEPRECATED_REMOVED) 1202| 16|#if defined(MBEDTLS_SSL_PROTO_TLS1_2) 1203| | /* Heap allocate and translate sig_hashes from internal hash identifiers to 1204| | signature algorithms IANA identifiers. */ 1205| 16| if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && ------------------ | Branch (1205:9): [True: 0, False: 16] ------------------ 1206| 16| ssl->conf->sig_hashes != NULL) { ------------------ | Branch (1206:9): [True: 0, False: 0] ------------------ 1207| 0| const int *md; 1208| 0| const int *sig_hashes = ssl->conf->sig_hashes; 1209| 0| size_t sig_algs_len = 0; 1210| 0| uint16_t *p; 1211| | 1212| 0| MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN ------------------ | | 367| 0| struct ISO_C_does_not_allow_extra_semicolon_outside_of_a_function ------------------ 1213| 0| <= (SIZE_MAX - (2 * sizeof(uint16_t))), 1214| 0| "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big"); 1215| | 1216| 0| for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { ------------------ | Branch (1216:31): [True: 0, False: 0] ------------------ 1217| 0| if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { ------------------ | | 466| 0|#define MBEDTLS_SSL_HASH_NONE 0 ------------------ | Branch (1217:17): [True: 0, False: 0] ------------------ 1218| 0| continue; 1219| 0| } 1220| 0|#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) 1221| 0| sig_algs_len += sizeof(uint16_t); 1222| 0|#endif 1223| | 1224| 0|#if defined(MBEDTLS_RSA_C) 1225| 0| sig_algs_len += sizeof(uint16_t); 1226| 0|#endif 1227| 0| if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) { ------------------ | | 342| 0|#define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534 ------------------ | Branch (1227:17): [True: 0, False: 0] ------------------ 1228| 0| return MBEDTLS_ERR_SSL_BAD_CONFIG; ------------------ | | 168| 0|#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 ------------------ 1229| 0| } 1230| 0| } 1231| | 1232| 0| if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) { ------------------ | | 345| 0|#define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2 ------------------ | Branch (1232:13): [True: 0, False: 0] ------------------ 1233| 0| return MBEDTLS_ERR_SSL_BAD_CONFIG; ------------------ | | 168| 0|#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 ------------------ 1234| 0| } 1235| | 1236| 0| ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len + 1237| 0| sizeof(uint16_t)); 1238| 0| if (ssl->handshake->sig_algs == NULL) { ------------------ | Branch (1238:13): [True: 0, False: 0] ------------------ 1239| 0| return MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 1240| 0| } 1241| | 1242| 0| p = (uint16_t *) ssl->handshake->sig_algs; 1243| 0| for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { ------------------ | Branch (1243:31): [True: 0, False: 0] ------------------ 1244| 0| unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md); 1245| 0| if (hash == MBEDTLS_SSL_HASH_NONE) { ------------------ | | 466| 0|#define MBEDTLS_SSL_HASH_NONE 0 ------------------ | Branch (1245:17): [True: 0, False: 0] ------------------ 1246| 0| continue; 1247| 0| } 1248| 0|#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) 1249| 0| *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); ------------------ | | 476| 0|#define MBEDTLS_SSL_SIG_ECDSA 3 ------------------ 1250| 0| p++; 1251| 0|#endif 1252| 0|#if defined(MBEDTLS_RSA_C) 1253| 0| *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA); ------------------ | | 475| 0|#define MBEDTLS_SSL_SIG_RSA 1 ------------------ 1254| 0| p++; 1255| 0|#endif 1256| 0| } 1257| 0| *p = MBEDTLS_TLS_SIG_NONE; ------------------ | | 354| 0|#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE | | ------------------ | | | | 511| 0|#define MBEDTLS_TLS1_3_SIG_NONE 0x0 | | ------------------ ------------------ 1258| 0| ssl->handshake->sig_algs_heap_allocated = 1; 1259| 0| } else 1260| 16|#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 1261| 16| { 1262| 16| ssl->handshake->sig_algs_heap_allocated = 0; 1263| 16| } 1264| 16|#endif /* !MBEDTLS_DEPRECATED_REMOVED */ 1265| 16|#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 1266| 16| return 0; 1267| 16|} ssl_tls.c:ssl_handshake_params_init: 966| 16|{ 967| 16| memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params)); 968| | 969| 16|#if defined(MBEDTLS_MD_CAN_SHA256) 970| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 971| | handshake->fin_sha256_psa = psa_hash_operation_init(); 972| |#else 973| 16| mbedtls_md_init(&handshake->fin_sha256); 974| 16|#endif 975| 16|#endif 976| 16|#if defined(MBEDTLS_MD_CAN_SHA384) 977| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 978| | handshake->fin_sha384_psa = psa_hash_operation_init(); 979| |#else 980| 16| mbedtls_md_init(&handshake->fin_sha384); 981| 16|#endif 982| 16|#endif 983| | 984| 16| handshake->update_checksum = ssl_update_checksum_start; 985| | 986| 16|#if defined(MBEDTLS_DHM_C) 987| 16| mbedtls_dhm_init(&handshake->dhm_ctx); 988| 16|#endif 989| 16|#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 990| 16| defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) 991| 16| mbedtls_ecdh_init(&handshake->ecdh_ctx); 992| 16|#endif 993| 16|#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 994| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 995| | handshake->psa_pake_ctx = psa_pake_operation_init(); 996| | handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; 997| |#else 998| 16| mbedtls_ecjpake_init(&handshake->ecjpake_ctx); 999| 16|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1000| 16|#if defined(MBEDTLS_SSL_CLI_C) 1001| 16| handshake->ecjpake_cache = NULL; 1002| 16| handshake->ecjpake_cache_len = 0; 1003| 16|#endif 1004| 16|#endif 1005| | 1006| 16|#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) 1007| 16| mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx); 1008| 16|#endif 1009| | 1010| 16|#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 1011| 16| handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; ------------------ | | 299| 16|#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */ ------------------ 1012| 16|#endif 1013| | 1014| |#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ 1015| | !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) 1016| | mbedtls_pk_init(&handshake->peer_pubkey); 1017| |#endif 1018| 16|} ssl_tls.c:ssl_conf_set_psk_identity: 2149| 6|{ 2150| | /* Identity len will be encoded on two bytes */ 2151| 6| if (psk_identity == NULL || ------------------ | Branch (2151:9): [True: 0, False: 6] ------------------ 2152| 6| psk_identity_len == 0 || ------------------ | Branch (2152:9): [True: 0, False: 6] ------------------ 2153| 6| (psk_identity_len >> 16) != 0 || ------------------ | Branch (2153:9): [True: 0, False: 6] ------------------ 2154| 6| psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { ------------------ | | 400| 6|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 ------------------ | Branch (2154:9): [True: 0, False: 6] ------------------ 2155| 0| return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; ------------------ | | 51| 0|#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 ------------------ 2156| 0| } 2157| | 2158| 6| conf->psk_identity = mbedtls_calloc(1, psk_identity_len); 2159| 6| if (conf->psk_identity == NULL) { ------------------ | Branch (2159:9): [True: 0, False: 6] ------------------ 2160| 0| return MBEDTLS_ERR_SSL_ALLOC_FAILED; ------------------ | | 109| 0|#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 ------------------ 2161| 0| } 2162| | 2163| 6| conf->psk_identity_len = psk_identity_len; 2164| 6| memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); 2165| | 2166| 6| return 0; 2167| 6|} ssl_tls.c:ssl_mfl_code_to_length: 210| 48|{ 211| 48| switch (mfl) { 212| 48| case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: ------------------ | | 275| 48|#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ ------------------ | Branch (212:9): [True: 48, False: 0] ------------------ 213| 48| return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; ------------------ | | 335| 48|#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \ | | 336| 48| (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ | | ------------------ | | | | 396| 48|#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 | | ------------------ | | (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ | | ------------------ | | | | 400| 48|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 | | ------------------ | | | Branch (336:9): [Folded - Ignored] | | ------------------ | | 337| 48| ? (MBEDTLS_SSL_OUT_CONTENT_LEN) \ | | ------------------ | | | | 400| 0|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 | | ------------------ | | 338| 48| : (MBEDTLS_SSL_IN_CONTENT_LEN) \ | | ------------------ | | | | 396| 48|#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 | | ------------------ | | 339| 48| ) ------------------ 214| 0| case MBEDTLS_SSL_MAX_FRAG_LEN_512: ------------------ | | 276| 0|#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ ------------------ | Branch (214:9): [True: 0, False: 48] ------------------ 215| 0| return 512; 216| 0| case MBEDTLS_SSL_MAX_FRAG_LEN_1024: ------------------ | | 277| 0|#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ ------------------ | Branch (216:9): [True: 0, False: 48] ------------------ 217| 0| return 1024; 218| 0| case MBEDTLS_SSL_MAX_FRAG_LEN_2048: ------------------ | | 278| 0|#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ ------------------ | Branch (218:9): [True: 0, False: 48] ------------------ 219| 0| return 2048; 220| 0| case MBEDTLS_SSL_MAX_FRAG_LEN_4096: ------------------ | | 279| 0|#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ ------------------ | Branch (220:9): [True: 0, False: 48] ------------------ 221| 0| return 4096; 222| 0| default: ------------------ | Branch (222:9): [True: 0, False: 48] ------------------ 223| 0| return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; ------------------ | | 335| 0|#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \ | | 336| 0| (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ | | ------------------ | | | | 396| 0|#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 | | ------------------ | | (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ | | ------------------ | | | | 400| 0|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 | | ------------------ | | | Branch (336:9): [Folded - Ignored] | | ------------------ | | 337| 0| ? (MBEDTLS_SSL_OUT_CONTENT_LEN) \ | | ------------------ | | | | 400| 0|#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 | | ------------------ | | 338| 0| : (MBEDTLS_SSL_IN_CONTENT_LEN) \ | | ------------------ | | | | 396| 0|#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 | | ------------------ | | 339| 0| ) ------------------ 224| 48| } 225| 48|} ssl_tls.c:ssl_prepare_handshake_step: 4464| 32|{ 4465| 32| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 32|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 4466| | 4467| | /* 4468| | * We may have not been able to send to the peer all the handshake data 4469| | * that were written into the output buffer by the previous handshake step, 4470| | * if the write to the network callback returned with the 4471| | * #MBEDTLS_ERR_SSL_WANT_WRITE error code. 4472| | * We proceed to the next handshake step only when all data from the 4473| | * previous one have been sent to the peer, thus we make sure that this is 4474| | * the case here by calling `mbedtls_ssl_flush_output()`. The function may 4475| | * return with the #MBEDTLS_ERR_SSL_WANT_WRITE error code in which case 4476| | * we have to wait before to go ahead. 4477| | * In the case of TLS 1.3, handshake step handlers do not send data to the 4478| | * peer. Data are only sent here and through 4479| | * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an 4480| | * alert occurred. 4481| | */ 4482| 32| if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { ------------------ | Branch (4482:9): [True: 0, False: 32] ------------------ 4483| 0| return ret; 4484| 0| } 4485| | 4486| 32|#if defined(MBEDTLS_SSL_PROTO_DTLS) 4487| 32| if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ------------------ | | 266| 64|#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ ------------------ | Branch (4487:9): [True: 0, False: 32] ------------------ 4488| 32| ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { ------------------ | | 246| 0|#define MBEDTLS_SSL_RETRANS_SENDING 1 ------------------ | Branch (4488:9): [True: 0, False: 0] ------------------ 4489| 0| if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { ------------------ | Branch (4489:13): [True: 0, False: 0] ------------------ 4490| 0| return ret; 4491| 0| } 4492| 0| } 4493| 32|#endif /* MBEDTLS_SSL_PROTO_DTLS */ 4494| | 4495| 32| return ret; 4496| 32|} ssl_tls.c:ssl_key_cert_free: 1812| 32|{ 1813| 32| mbedtls_ssl_key_cert *cur = key_cert, *next; 1814| | 1815| 32| while (cur != NULL) { ------------------ | Branch (1815:12): [True: 0, False: 32] ------------------ 1816| 0| next = cur->next; 1817| 0| mbedtls_free(cur); 1818| 0| cur = next; 1819| 0| } 1820| 32|} ssl_tls.c:handle_buffer_resizing: 345| 32|{ 346| 32| int modified = 0; 347| 32| size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; 348| 32| size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; 349| 32| if (ssl->in_buf != NULL) { ------------------ | Branch (349:9): [True: 16, False: 16] ------------------ 350| 16| written_in = ssl->in_msg - ssl->in_buf; 351| 16| iv_offset_in = ssl->in_iv - ssl->in_buf; 352| 16| len_offset_in = ssl->in_len - ssl->in_buf; 353| 16| if (downsizing ? ------------------ | Branch (353:13): [True: 0, False: 16] | Branch (353:13): [True: 0, False: 16] ------------------ 354| 0| ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : ------------------ | Branch (354:13): [True: 0, False: 0] | Branch (354:49): [True: 0, False: 0] ------------------ 355| 16| ssl->in_buf_len < in_buf_new_len) { 356| 0| if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) { ------------------ | Branch (356:17): [True: 0, False: 0] ------------------ 357| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 358| 0| } else { 359| 0| MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 360| 0| in_buf_new_len)); 361| 0| modified = 1; 362| 0| } 363| 0| } 364| 16| } 365| | 366| 32| if (ssl->out_buf != NULL) { ------------------ | Branch (366:9): [True: 16, False: 16] ------------------ 367| 16| written_out = ssl->out_msg - ssl->out_buf; 368| 16| iv_offset_out = ssl->out_iv - ssl->out_buf; 369| 16| len_offset_out = ssl->out_len - ssl->out_buf; 370| 16| if (downsizing ? ------------------ | Branch (370:13): [True: 0, False: 16] | Branch (370:13): [True: 0, False: 16] ------------------ 371| 0| ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len : ------------------ | Branch (371:13): [True: 0, False: 0] | Branch (371:51): [True: 0, False: 0] ------------------ 372| 16| ssl->out_buf_len < out_buf_new_len) { 373| 0| if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) { ------------------ | Branch (373:17): [True: 0, False: 0] ------------------ 374| 0| MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory")); ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 375| 0| } else { 376| 0| MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, ------------------ | | 26| 0| mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ | | 27| 0| MBEDTLS_DEBUG_STRIP_PARENS args) | | ------------------ | | | | 23| 0|#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ | | ------------------ ------------------ 377| 0| out_buf_new_len)); 378| 0| modified = 1; 379| 0| } 380| 0| } 381| 16| } 382| 32| if (modified) { ------------------ | Branch (382:9): [True: 0, False: 32] ------------------ 383| | /* Update pointers here to avoid doing it twice. */ 384| 0| mbedtls_ssl_reset_in_out_pointers(ssl); 385| | /* Fields below might not be properly updated with record 386| | * splitting or with CID, so they are manually updated here. */ 387| 0| ssl->out_msg = ssl->out_buf + written_out; 388| 0| ssl->out_len = ssl->out_buf + len_offset_out; 389| 0| ssl->out_iv = ssl->out_buf + iv_offset_out; 390| | 391| 0| ssl->in_msg = ssl->in_buf + written_in; 392| 0| ssl->in_len = ssl->in_buf + len_offset_in; 393| 0| ssl->in_iv = ssl->in_buf + iv_offset_in; 394| 0| } 395| 32|} ssl_tls.c:ssl_clear_peer_cert: 496| 16|{ 497| 16|#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) 498| 16| if (session->peer_cert != NULL) { ------------------ | Branch (498:9): [True: 0, False: 16] ------------------ 499| 0| mbedtls_x509_crt_free(session->peer_cert); 500| 0| mbedtls_free(session->peer_cert); 501| 0| session->peer_cert = NULL; 502| 0| } 503| |#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 504| | if (session->peer_cert_digest != NULL) { 505| | /* Zeroization is not necessary. */ 506| | mbedtls_free(session->peer_cert_digest); 507| | session->peer_cert_digest = NULL; 508| | session->peer_cert_digest_type = MBEDTLS_MD_NONE; 509| | session->peer_cert_digest_len = 0; 510| | } 511| |#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 512| 16|} ssl_tls.c:ssl_check_no_sig_alg_duplication: 5805| 64|{ 5806| 64| size_t i, j; 5807| 64| int ret = 0; 5808| | 5809| 416| for (i = 0; sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++) { ------------------ | | 354| 416|#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE | | ------------------ | | | | 511| 416|#define MBEDTLS_TLS1_3_SIG_NONE 0x0 | | ------------------ ------------------ | Branch (5809:17): [True: 352, False: 64] ------------------ 5810| 1.53k| for (j = 0; j < i; j++) { ------------------ | Branch (5810:21): [True: 1.18k, False: 352] ------------------ 5811| 1.18k| if (sig_algs[i] != sig_algs[j]) { ------------------ | Branch (5811:17): [True: 1.18k, False: 0] ------------------ 5812| 1.18k| continue; 5813| 1.18k| } 5814| 0| mbedtls_printf(" entry(%04x,%" MBEDTLS_PRINTF_SIZET 5815| 0| ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", 5816| 0| sig_algs[i], j, i); 5817| 0| ret = -1; 5818| 0| } 5819| 352| } 5820| 64| return ret; 5821| 64|} mbedtls_ssl_tls13_write_client_hello_exts: 1138| 16|{ 1139| 16| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 16|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1140| 16| unsigned char *p = buf; 1141| 16| size_t ext_len; 1142| | 1143| 16| *out_len = 0; 1144| | 1145| 16| ret = mbedtls_ssl_tls13_crypto_init(ssl); 1146| 16| if (ret != 0) { ------------------ | Branch (1146:9): [True: 16, False: 0] ------------------ 1147| 16| return ret; 1148| 16| } 1149| | 1150| | /* Write supported_versions extension 1151| | * 1152| | * Supported Versions Extension is mandatory with TLS 1.3. 1153| | */ 1154| 0| ret = ssl_tls13_write_supported_versions_ext(ssl, p, end, &ext_len); 1155| 0| if (ret != 0) { ------------------ | Branch (1155:9): [True: 0, False: 0] ------------------ 1156| 0| return ret; 1157| 0| } 1158| 0| p += ext_len; 1159| | 1160| | /* Echo the cookie if the server provided one in its preceding 1161| | * HelloRetryRequest message. 1162| | */ 1163| 0| ret = ssl_tls13_write_cookie_ext(ssl, p, end, &ext_len); 1164| 0| if (ret != 0) { ------------------ | Branch (1164:9): [True: 0, False: 0] ------------------ 1165| 0| return ret; 1166| 0| } 1167| 0| p += ext_len; 1168| | 1169| 0|#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) 1170| 0| ret = mbedtls_ssl_tls13_write_record_size_limit_ext( 1171| 0| ssl, p, end, &ext_len); 1172| 0| if (ret != 0) { ------------------ | Branch (1172:9): [True: 0, False: 0] ------------------ 1173| 0| return ret; 1174| 0| } 1175| 0| p += ext_len; 1176| 0|#endif 1177| | 1178| 0|#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) 1179| 0| if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { ------------------ | Branch (1179:9): [True: 0, False: 0] ------------------ 1180| 0| ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len); 1181| 0| if (ret != 0) { ------------------ | Branch (1181:13): [True: 0, False: 0] ------------------ 1182| 0| return ret; 1183| 0| } 1184| 0| p += ext_len; 1185| 0| } 1186| 0|#endif 1187| | 1188| 0|#if defined(MBEDTLS_SSL_EARLY_DATA) 1189| | /* In the first ClientHello, write the early data indication extension if 1190| | * necessary and update the early data state. 1191| | * If an HRR has been received and thus we are currently writing the 1192| | * second ClientHello, the second ClientHello must not contain an early 1193| | * data extension and the early data state must stay as it is: 1194| | * MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT or 1195| | * MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED. 1196| | */ 1197| 0| if (!ssl->handshake->hello_retry_request_flag) { ------------------ | Branch (1197:9): [True: 0, False: 0] ------------------ 1198| 0| if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && ------------------ | Branch (1198:13): [True: 0, False: 0] ------------------ 1199| 0| ssl_tls13_early_data_has_valid_ticket(ssl) && ------------------ | Branch (1199:13): [True: 0, False: 0] ------------------ 1200| 0| ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { ------------------ | | 334| 0|#define MBEDTLS_SSL_EARLY_DATA_ENABLED 1 ------------------ | Branch (1200:13): [True: 0, False: 0] ------------------ 1201| 0| ret = mbedtls_ssl_tls13_write_early_data_ext( 1202| 0| ssl, 0, p, end, &ext_len); 1203| 0| if (ret != 0) { ------------------ | Branch (1203:17): [True: 0, False: 0] ------------------ 1204| 0| return ret; 1205| 0| } 1206| 0| p += ext_len; 1207| | 1208| 0| ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT; 1209| 0| } else { 1210| 0| ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT; 1211| 0| } 1212| 0| } 1213| 0|#endif /* MBEDTLS_SSL_EARLY_DATA */ 1214| | 1215| 0|#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) 1216| | /* For PSK-based key exchange we need the pre_shared_key extension 1217| | * and the psk_key_exchange_modes extension. 1218| | * 1219| | * The pre_shared_key extension MUST be the last extension in the 1220| | * ClientHello. Servers MUST check that it is the last extension and 1221| | * otherwise fail the handshake with an "illegal_parameter" alert. 1222| | * 1223| | * Add the psk_key_exchange_modes extension. 1224| | */ 1225| 0| ret = ssl_tls13_write_psk_key_exchange_modes_ext(ssl, p, end, &ext_len); 1226| 0| if (ret != 0) { ------------------ | Branch (1226:9): [True: 0, False: 0] ------------------ 1227| 0| return ret; 1228| 0| } 1229| 0| p += ext_len; 1230| 0|#endif 1231| | 1232| 0| *out_len = p - buf; 1233| | 1234| 0| return 0; 1235| 0|} mbedtls_ssl_tls13_crypto_init: 41| 16|{ 42| 16| psa_status_t status = psa_crypto_init(); 43| 16| if (status != PSA_SUCCESS) { ------------------ | | 57| 16|#define PSA_SUCCESS ((psa_status_t)0) ------------------ | Branch (43:9): [True: 16, False: 0] ------------------ 44| 16| (void) ssl; // unused when debugging is disabled 45| 16| MBEDTLS_SSL_DEBUG_RET(1, "psa_crypto_init", status); ------------------ | | 30| 16| mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) ------------------ 46| 16| } 47| 16| return PSA_TO_MBEDTLS_ERR(status); ------------------ | | 38| 16|#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) ------------------ 48| 16|} ssl_tls13_generic.c:local_err_translation: 33| 16|{ 34| 16| return psa_status_to_mbedtls(status, psa_to_ssl_errors, 35| 16| ARRAY_LENGTH(psa_to_ssl_errors), ------------------ | | 94| 16| (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ | | ------------------ | | | | 91| 16| (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) | | | | ------------------ | | | | | | 85| 16| (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) | | | | | | ------------------ | | | | | | | Branch (85:6): [Folded - Ignored] | | | | | | | Branch (85:11): [Folded - Ignored] | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 95| 16| ARRAY_LENGTH_UNSAFE(array))) ------------------ 36| 16| psa_generic_status_to_mbedtls); 37| 16|} threading.c:threading_mutex_init_pthread: 54| 66|{ 55| 66| if (mutex == NULL) { ------------------ | Branch (55:9): [True: 0, False: 66] ------------------ 56| 0| return; 57| 0| } 58| | 59| | /* One problem here is that calling lock on a pthread mutex without first 60| | * having initialised it is undefined behaviour. Obviously we cannot check 61| | * this here in a thread safe manner without a significant performance 62| | * hit, so state transitions are checked in tests only via the state 63| | * variable. Please make sure any new mutex that gets added is exercised in 64| | * tests; see framework/tests/src/threading_helpers.c for more details. */ 65| 66| (void) pthread_mutex_init(&mutex->mutex, NULL); 66| 66|} threading.c:threading_mutex_free_pthread: 69| 64|{ 70| 64| if (mutex == NULL) { ------------------ | Branch (70:9): [True: 0, False: 64] ------------------ 71| 0| return; 72| 0| } 73| | 74| 64| (void) pthread_mutex_destroy(&mutex->mutex); 75| 64|} threading.c:threading_mutex_lock_pthread: 78| 256|{ 79| 256| if (mutex == NULL) { ------------------ | Branch (79:9): [True: 0, False: 256] ------------------ 80| 0| return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; ------------------ | | 23| 0|#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C ------------------ 81| 0| } 82| | 83| 256| if (pthread_mutex_lock(&mutex->mutex) != 0) { ------------------ | Branch (83:9): [True: 0, False: 256] ------------------ 84| 0| return MBEDTLS_ERR_THREADING_MUTEX_ERROR; ------------------ | | 25| 0|#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E ------------------ 85| 0| } 86| | 87| 256| return 0; 88| 256|} threading.c:threading_mutex_unlock_pthread: 91| 256|{ 92| 256| if (mutex == NULL) { ------------------ | Branch (92:9): [True: 0, False: 256] ------------------ 93| 0| return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; ------------------ | | 23| 0|#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C ------------------ 94| 0| } 95| | 96| 256| if (pthread_mutex_unlock(&mutex->mutex) != 0) { ------------------ | Branch (96:9): [True: 0, False: 256] ------------------ 97| 0| return MBEDTLS_ERR_THREADING_MUTEX_ERROR; ------------------ | | 25| 0|#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E ------------------ 98| 0| } 99| | 100| 256| return 0; 101| 256|} mbedtls_x509_get_serial: 65| 3|{ 66| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 67| | 68| 3| if ((end - *p) < 1) { ------------------ | Branch (68:9): [True: 0, False: 3] ------------------ 69| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 70| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 71| 0| } 72| | 73| 3| if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && ------------------ | | 83| 3|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && ------------------ | | 81| 3|#define MBEDTLS_ASN1_PRIMITIVE 0x00 ------------------ | Branch (73:9): [True: 3, False: 0] ------------------ 74| 3| **p != MBEDTLS_ASN1_INTEGER) { ------------------ | | 65| 3|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (74:9): [True: 0, False: 3] ------------------ 75| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 76| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 77| 0| } 78| | 79| 3| serial->tag = *(*p)++; 80| | 81| 3| if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) { ------------------ | Branch (81:9): [True: 0, False: 3] ------------------ 82| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 83| 0| } 84| | 85| 3| serial->p = *p; 86| 3| *p += serial->len; 87| | 88| 3| return 0; 89| 3|} mbedtls_x509_get_alg: 114| 6|{ 115| 6| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 116| | 117| 6| if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) { ------------------ | Branch (117:9): [True: 0, False: 6] ------------------ 118| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 119| 0| } 120| | 121| 6| return 0; 122| 6|} mbedtls_x509_get_name: 500| 6|{ 501| 6| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 502| 6| size_t set_len; 503| 6| const unsigned char *end_set; 504| 6| mbedtls_x509_name *head = cur; 505| | 506| | /* don't use recursion, we'd risk stack overflow if not optimized */ 507| 18| while (1) { ------------------ | Branch (507:12): [Folded - Ignored] ------------------ 508| | /* 509| | * parse SET 510| | */ 511| 18| if ((ret = mbedtls_asn1_get_tag(p, end, &set_len, ------------------ | Branch (511:13): [True: 0, False: 18] ------------------ 512| 18| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { ------------------ | | 82| 18|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { ------------------ | | 73| 18|#define MBEDTLS_ASN1_SET 0x11 ------------------ 513| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 514| 0| goto error; 515| 0| } 516| | 517| 18| end_set = *p + set_len; 518| | 519| 18| while (1) { ------------------ | Branch (519:16): [Folded - Ignored] ------------------ 520| 18| if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) { ------------------ | Branch (520:17): [True: 0, False: 18] ------------------ 521| 0| goto error; 522| 0| } 523| | 524| 18| if (*p == end_set) { ------------------ | Branch (524:17): [True: 18, False: 0] ------------------ 525| 18| break; 526| 18| } 527| | 528| | /* Mark this item as being no the only one in a set */ 529| 0| cur->next_merged = 1; 530| | 531| 0| cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); 532| | 533| 0| if (cur->next == NULL) { ------------------ | Branch (533:17): [True: 0, False: 0] ------------------ 534| 0| ret = MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 535| 0| goto error; 536| 0| } 537| | 538| 0| cur = cur->next; 539| 0| } 540| | 541| | /* 542| | * continue until end of SEQUENCE is reached 543| | */ 544| 18| if (*p == end) { ------------------ | Branch (544:13): [True: 6, False: 12] ------------------ 545| 6| return 0; 546| 6| } 547| | 548| 12| cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); 549| | 550| 12| if (cur->next == NULL) { ------------------ | Branch (550:13): [True: 0, False: 12] ------------------ 551| 0| ret = MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 552| 0| goto error; 553| 0| } 554| | 555| 12| cur = cur->next; 556| 12| } 557| | 558| 0|error: 559| | /* Skip the first element as we did not allocate it */ 560| 0| mbedtls_asn1_free_named_data_list_shallow(head->next); 561| 0| head->next = NULL; 562| | 563| 0| return ret; 564| 6|} mbedtls_x509_get_time: 651| 6|{ 652| 6| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 653| 6| size_t len, year_len; 654| 6| unsigned char tag; 655| | 656| 6| if ((end - *p) < 1) { ------------------ | Branch (656:9): [True: 0, False: 6] ------------------ 657| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 658| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 659| 0| } 660| | 661| 6| tag = **p; 662| | 663| 6| if (tag == MBEDTLS_ASN1_UTC_TIME) { ------------------ | | 77| 6|#define MBEDTLS_ASN1_UTC_TIME 0x17 ------------------ | Branch (663:9): [True: 6, False: 0] ------------------ 664| 6| year_len = 2; 665| 6| } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) { ------------------ | | 78| 0|#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18 ------------------ | Branch (665:16): [True: 0, False: 0] ------------------ 666| 0| year_len = 4; 667| 0| } else { 668| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 669| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 670| 0| } 671| | 672| 6| (*p)++; 673| 6| ret = mbedtls_asn1_get_len(p, end, &len); 674| | 675| 6| if (ret != 0) { ------------------ | Branch (675:9): [True: 0, False: 6] ------------------ 676| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 677| 0| } 678| | 679| | /* len is 12 or 14 depending on year_len, plus optional trailing 'Z' */ 680| 6| if (len != year_len + 10 && ------------------ | Branch (680:9): [True: 6, False: 0] ------------------ 681| 6| !(len == year_len + 11 && (*p)[(len - 1)] == 'Z')) { ------------------ | Branch (681:11): [True: 6, False: 0] | Branch (681:35): [True: 6, False: 0] ------------------ 682| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 683| 0| } 684| | 685| 6| (*p) += len; 686| 6| return x509_parse_time(*p - len, tm, year_len); 687| 6|} mbedtls_x509_get_sig: 690| 3|{ 691| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 692| 3| size_t len; 693| 3| int tag_type; 694| | 695| 3| if ((end - *p) < 1) { ------------------ | Branch (695:9): [True: 0, False: 3] ------------------ 696| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 697| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 698| 0| } 699| | 700| 3| tag_type = **p; 701| | 702| 3| if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { ------------------ | Branch (702:9): [True: 0, False: 3] ------------------ 703| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 704| 0| } 705| | 706| 3| sig->tag = tag_type; 707| 3| sig->len = len; 708| 3| sig->p = *p; 709| | 710| 3| *p += len; 711| | 712| 3| return 0; 713| 3|} mbedtls_x509_get_sig_alg: 721| 3|{ 722| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 723| | 724| 3| if (*sig_opts != NULL) { ------------------ | Branch (724:9): [True: 0, False: 3] ------------------ 725| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 726| 0| } 727| | 728| 3| if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { ------------------ | Branch (728:9): [True: 0, False: 3] ------------------ 729| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 730| 0| } 731| | 732| 3|#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 733| 3| if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { ------------------ | Branch (733:9): [True: 0, False: 3] ------------------ 734| 0| mbedtls_pk_rsassa_pss_options *pss_opts; 735| | 736| 0| pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); 737| 0| if (pss_opts == NULL) { ------------------ | Branch (737:13): [True: 0, False: 0] ------------------ 738| 0| return MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 739| 0| } 740| | 741| 0| ret = mbedtls_x509_get_rsassa_pss_params(sig_params, 742| 0| md_alg, 743| 0| &pss_opts->mgf1_hash_id, 744| 0| &pss_opts->expected_salt_len); 745| 0| if (ret != 0) { ------------------ | Branch (745:13): [True: 0, False: 0] ------------------ 746| 0| mbedtls_free(pss_opts); 747| 0| return ret; 748| 0| } 749| | 750| 0| *sig_opts = (void *) pss_opts; 751| 0| } else 752| 3|#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 753| 3| { 754| | /* Make sure parameters are absent or NULL */ 755| 3| if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) || ------------------ | | 68| 6|#define MBEDTLS_ASN1_NULL 0x05 ------------------ | Branch (755:14): [True: 0, False: 3] | Branch (755:54): [True: 0, False: 0] ------------------ 756| 3| sig_params->len != 0) { ------------------ | Branch (756:13): [True: 0, False: 3] ------------------ 757| 0| return MBEDTLS_ERR_X509_INVALID_ALG; ------------------ | | 55| 0|#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 ------------------ 758| 0| } 759| 3| } 760| | 761| 3| return 0; 762| 3|} mbedtls_x509_get_ext: 770| 3|{ 771| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 772| 3| size_t len; 773| | 774| | /* Extension structure use EXPLICIT tagging. That is, the actual 775| | * `Extensions` structure is wrapped by a tag-length pair using 776| | * the respective context-specific tag. */ 777| 3| ret = mbedtls_asn1_get_tag(p, end, &ext->len, 778| 3| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); ------------------ | | 83| 3|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 779| 3| if (ret != 0) { ------------------ | Branch (779:9): [True: 0, False: 3] ------------------ 780| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 781| 0| } 782| | 783| 3| ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ------------------ | | 83| 3|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 784| 3| ext->p = *p; 785| 3| end = *p + ext->len; 786| | 787| | /* 788| | * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 789| | */ 790| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (790:9): [True: 0, False: 3] ------------------ 791| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 792| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 793| 0| } 794| | 795| 3| if (end != *p + len) { ------------------ | Branch (795:9): [True: 0, False: 3] ------------------ 796| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 797| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 798| 0| } 799| | 800| 3| return 0; 801| 3|} x509.c:x509_get_attr_type_value: 409| 18|{ 410| 18| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 18|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 411| 18| size_t len; 412| 18| mbedtls_x509_buf *oid; 413| 18| mbedtls_x509_buf *val; 414| | 415| 18| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (415:9): [True: 0, False: 18] ------------------ 416| 18| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 18|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 18|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 417| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 418| 0| } 419| | 420| 18| end = *p + len; 421| | 422| 18| if ((end - *p) < 1) { ------------------ | Branch (422:9): [True: 0, False: 18] ------------------ 423| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 424| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 425| 0| } 426| | 427| 18| oid = &cur->oid; 428| 18| oid->tag = **p; 429| | 430| 18| if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 18|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (430:9): [True: 0, False: 18] ------------------ 431| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 432| 0| } 433| | 434| 18| oid->p = *p; 435| 18| *p += oid->len; 436| | 437| 18| if ((end - *p) < 1) { ------------------ | Branch (437:9): [True: 0, False: 18] ------------------ 438| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 439| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 440| 0| } 441| | 442| 18| if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && ------------------ | | 80| 36|#define MBEDTLS_ASN1_BMP_STRING 0x1E ------------------ if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && ------------------ | | 71| 36|#define MBEDTLS_ASN1_UTF8_STRING 0x0C ------------------ | Branch (442:9): [True: 18, False: 0] | Branch (442:43): [True: 6, False: 12] ------------------ 443| 18| **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && ------------------ | | 75| 24|#define MBEDTLS_ASN1_T61_STRING 0x14 ------------------ **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && ------------------ | | 74| 24|#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13 ------------------ | Branch (443:9): [True: 6, False: 0] | Branch (443:43): [True: 0, False: 6] ------------------ 444| 18| **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && ------------------ | | 76| 18|#define MBEDTLS_ASN1_IA5_STRING 0x16 ------------------ **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && ------------------ | | 79| 18|#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C ------------------ | Branch (444:9): [True: 0, False: 0] | Branch (444:43): [True: 0, False: 0] ------------------ 445| 18| **p != MBEDTLS_ASN1_BIT_STRING) { ------------------ | | 66| 0|#define MBEDTLS_ASN1_BIT_STRING 0x03 ------------------ | Branch (445:9): [True: 0, False: 0] ------------------ 446| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 447| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 448| 0| } 449| | 450| 18| val = &cur->val; 451| 18| val->tag = *(*p)++; 452| | 453| 18| if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) { ------------------ | Branch (453:9): [True: 0, False: 18] ------------------ 454| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 455| 0| } 456| | 457| 18| val->p = *p; 458| 18| *p += val->len; 459| | 460| 18| if (*p != end) { ------------------ | Branch (460:9): [True: 0, False: 18] ------------------ 461| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 462| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 463| 0| } 464| | 465| 18| cur->next = NULL; 466| | 467| 18| return 0; 468| 18|} x509.c:x509_parse_time: 612| 6|{ 613| 6| int x; 614| | 615| | /* 616| | * Parse year, month, day, hour, minute, second 617| | */ 618| 6| tm->year = x509_parse2_int(p); 619| 6| if (tm->year < 0) { ------------------ | Branch (619:9): [True: 0, False: 6] ------------------ 620| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 621| 0| } 622| | 623| 6| if (4 == yearlen) { ------------------ | Branch (623:9): [True: 0, False: 6] ------------------ 624| 0| x = tm->year * 100; 625| 0| p += 2; 626| 0| tm->year = x509_parse2_int(p); 627| 0| if (tm->year < 0) { ------------------ | Branch (627:13): [True: 0, False: 0] ------------------ 628| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 629| 0| } 630| 6| } else { 631| 6| x = (tm->year < 50) ? 2000 : 1900; ------------------ | Branch (631:13): [True: 6, False: 0] ------------------ 632| 6| } 633| 6| tm->year += x; 634| | 635| 6| tm->mon = x509_parse2_int(p + 2); 636| 6| tm->day = x509_parse2_int(p + 4); 637| 6| tm->hour = x509_parse2_int(p + 6); 638| 6| tm->min = x509_parse2_int(p + 8); 639| 6| tm->sec = x509_parse2_int(p + 10); 640| | 641| 6| return x509_date_is_valid(tm); 642| 6|} x509.c:x509_parse2_int: 600| 36|{ 601| 36| uint32_t d1 = p[0] - '0'; 602| 36| uint32_t d2 = p[1] - '0'; 603| 36| return (d1 < 10 && d2 < 10) ? (int) (d1 * 10 + d2) : -1; ------------------ | Branch (603:13): [True: 36, False: 0] | Branch (603:24): [True: 36, False: 0] ------------------ 604| 36|} x509.c:x509_date_is_valid: 567| 6|{ 568| 6| unsigned int month_days; 569| 6| unsigned int year; 570| 6| switch (t->mon) { 571| 0| case 1: case 3: case 5: case 7: case 8: case 10: case 12: ------------------ | Branch (571:9): [True: 0, False: 6] | Branch (571:17): [True: 0, False: 6] | Branch (571:25): [True: 0, False: 6] | Branch (571:33): [True: 0, False: 6] | Branch (571:41): [True: 0, False: 6] | Branch (571:49): [True: 0, False: 6] | Branch (571:58): [True: 0, False: 6] ------------------ 572| 0| month_days = 31; 573| 0| break; 574| 0| case 4: case 6: case 9: case 11: ------------------ | Branch (574:9): [True: 0, False: 6] | Branch (574:17): [True: 0, False: 6] | Branch (574:25): [True: 0, False: 6] | Branch (574:33): [True: 0, False: 6] ------------------ 575| 0| month_days = 30; 576| 0| break; 577| 6| case 2: ------------------ | Branch (577:9): [True: 6, False: 0] ------------------ 578| 6| year = (unsigned int) t->year; 579| 6| month_days = ((year & 3) || (!(year % 100) ------------------ | Branch (579:27): [True: 6, False: 0] | Branch (579:42): [True: 0, False: 0] ------------------ 580| 0| && (year % 400))) ------------------ | Branch (580:45): [True: 0, False: 0] ------------------ 581| 6| ? 28 : 29; 582| 6| break; 583| 0| default: ------------------ | Branch (583:9): [True: 0, False: 6] ------------------ 584| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 585| 6| } 586| | 587| 6| if ((unsigned int) (t->day - 1) >= month_days || /* (1 - days in month) */ ------------------ | Branch (587:9): [True: 0, False: 6] ------------------ 588| | /* (unsigned int) (t->mon - 1) >= 12 || */ /* (1 - 12) checked above */ 589| 6| (unsigned int) t->year > 9999 || /* (0 - 9999) */ ------------------ | Branch (589:9): [True: 0, False: 6] ------------------ 590| 6| (unsigned int) t->hour > 23 || /* (0 - 23) */ ------------------ | Branch (590:9): [True: 0, False: 6] ------------------ 591| 6| (unsigned int) t->min > 59 || /* (0 - 59) */ ------------------ | Branch (591:9): [True: 0, False: 6] ------------------ 592| 6| (unsigned int) t->sec > 59) { /* (0 - 59) */ ------------------ | Branch (592:9): [True: 0, False: 6] ------------------ 593| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 594| 0| } 595| | 596| 6| return 0; 597| 6|} mbedtls_x509_crt_parse_der: 1386| 3|{ 1387| 3| return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); 1388| 3|} mbedtls_x509_crt_parse: 1397| 1|{ 1398| 1|#if defined(MBEDTLS_PEM_PARSE_C) 1399| 1| int success = 0, first_error = 0, total_failed = 0; 1400| 1| int buf_format = MBEDTLS_X509_FORMAT_DER; ------------------ | | 195| 1|#define MBEDTLS_X509_FORMAT_DER 1 ------------------ 1401| 1|#endif 1402| | 1403| | /* 1404| | * Check for valid input 1405| | */ 1406| 1| if (chain == NULL || buf == NULL) { ------------------ | Branch (1406:9): [True: 0, False: 1] | Branch (1406:26): [True: 0, False: 1] ------------------ 1407| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1408| 0| } 1409| | 1410| | /* 1411| | * Determine buffer content. Buffer contains either one DER certificate or 1412| | * one or more PEM certificates. 1413| | */ 1414| 1|#if defined(MBEDTLS_PEM_PARSE_C) 1415| 1| if (buflen != 0 && buf[buflen - 1] == '\0' && ------------------ | Branch (1415:9): [True: 1, False: 0] | Branch (1415:24): [True: 1, False: 0] ------------------ 1416| 1| strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { ------------------ | Branch (1416:9): [True: 1, False: 0] ------------------ 1417| 1| buf_format = MBEDTLS_X509_FORMAT_PEM; ------------------ | | 196| 1|#define MBEDTLS_X509_FORMAT_PEM 2 ------------------ 1418| 1| } 1419| | 1420| 1| if (buf_format == MBEDTLS_X509_FORMAT_DER) { ------------------ | | 195| 1|#define MBEDTLS_X509_FORMAT_DER 1 ------------------ | Branch (1420:9): [True: 0, False: 1] ------------------ 1421| 0| return mbedtls_x509_crt_parse_der(chain, buf, buflen); 1422| 0| } 1423| |#else 1424| | return mbedtls_x509_crt_parse_der(chain, buf, buflen); 1425| |#endif 1426| | 1427| 1|#if defined(MBEDTLS_PEM_PARSE_C) 1428| 1| if (buf_format == MBEDTLS_X509_FORMAT_PEM) { ------------------ | | 196| 1|#define MBEDTLS_X509_FORMAT_PEM 2 ------------------ | Branch (1428:9): [True: 1, False: 0] ------------------ 1429| 1| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1430| 1| mbedtls_pem_context pem; 1431| | 1432| | /* 1 rather than 0 since the terminating NULL byte is counted in */ 1433| 4| while (buflen > 1) { ------------------ | Branch (1433:16): [True: 3, False: 1] ------------------ 1434| 3| size_t use_len; 1435| 3| mbedtls_pem_init(&pem); 1436| | 1437| | /* If we get there, we know the string is null-terminated */ 1438| 3| ret = mbedtls_pem_read_buffer(&pem, 1439| 3| "-----BEGIN CERTIFICATE-----", 1440| 3| "-----END CERTIFICATE-----", 1441| 3| buf, NULL, 0, &use_len); 1442| | 1443| 3| if (ret == 0) { ------------------ | Branch (1443:17): [True: 3, False: 0] ------------------ 1444| | /* 1445| | * Was PEM encoded 1446| | */ 1447| 3| buflen -= use_len; 1448| 3| buf += use_len; 1449| 3| } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { ------------------ | | 41| 0|#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 ------------------ | Branch (1449:24): [True: 0, False: 0] ------------------ 1450| 0| return ret; 1451| 0| } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ | Branch (1451:24): [True: 0, False: 0] ------------------ 1452| 0| mbedtls_pem_free(&pem); 1453| | 1454| | /* 1455| | * PEM header and footer were found 1456| | */ 1457| 0| buflen -= use_len; 1458| 0| buf += use_len; 1459| | 1460| 0| if (first_error == 0) { ------------------ | Branch (1460:21): [True: 0, False: 0] ------------------ 1461| 0| first_error = ret; 1462| 0| } 1463| | 1464| 0| total_failed++; 1465| 0| continue; 1466| 0| } else { 1467| 0| break; 1468| 0| } 1469| | 1470| 3| ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); 1471| | 1472| 3| mbedtls_pem_free(&pem); 1473| | 1474| 3| if (ret != 0) { ------------------ | Branch (1474:17): [True: 0, False: 3] ------------------ 1475| | /* 1476| | * Quit parsing on a memory error 1477| | */ 1478| 0| if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) { ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ | Branch (1478:21): [True: 0, False: 0] ------------------ 1479| 0| return ret; 1480| 0| } 1481| | 1482| 0| if (first_error == 0) { ------------------ | Branch (1482:21): [True: 0, False: 0] ------------------ 1483| 0| first_error = ret; 1484| 0| } 1485| | 1486| 0| total_failed++; 1487| 0| continue; 1488| 0| } 1489| | 1490| 3| success = 1; 1491| 3| } 1492| 1| } 1493| | 1494| 1| if (success) { ------------------ | Branch (1494:9): [True: 1, False: 0] ------------------ 1495| 1| return total_failed; 1496| 1| } else if (first_error) { ------------------ | Branch (1496:16): [True: 0, False: 0] ------------------ 1497| 0| return first_error; 1498| 0| } else { 1499| 0| return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT; ------------------ | | 73| 0|#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 ------------------ 1500| 0| } 1501| 1|#endif /* MBEDTLS_PEM_PARSE_C */ 1502| 1|} mbedtls_x509_crt_init: 3222| 3|{ 3223| 3| memset(crt, 0, sizeof(mbedtls_x509_crt)); 3224| 3|} mbedtls_x509_crt_restart_init: 3267| 32|{ 3268| 32| mbedtls_pk_restart_init(&ctx->pk); 3269| | 3270| 32| ctx->parent = NULL; 3271| 32| ctx->fallback_parent = NULL; 3272| 32| ctx->fallback_signature_is_good = 0; 3273| | 3274| 32| ctx->parent_is_trusted = -1; 3275| | 3276| 32| ctx->in_progress = x509_crt_rs_none; 3277| 32| ctx->self_cnt = 0; 3278| 32| x509_crt_verify_chain_reset(&ctx->ver_chain); 3279| 32|} mbedtls_x509_crt_restart_free: 3285| 16|{ 3286| 16| if (ctx == NULL) { ------------------ | Branch (3286:9): [True: 0, False: 16] ------------------ 3287| 0| return; 3288| 0| } 3289| | 3290| 16| mbedtls_pk_restart_free(&ctx->pk); 3291| 16| mbedtls_x509_crt_restart_init(ctx); 3292| 16|} x509_crt.c:mbedtls_x509_crt_parse_der_internal: 1319| 3|{ 1320| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1321| 3| mbedtls_x509_crt *crt = chain, *prev = NULL; 1322| | 1323| | /* 1324| | * Check for valid input 1325| | */ 1326| 3| if (crt == NULL || buf == NULL) { ------------------ | Branch (1326:9): [True: 0, False: 3] | Branch (1326:24): [True: 0, False: 3] ------------------ 1327| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1328| 0| } 1329| | 1330| 4| while (crt->version != 0 && crt->next != NULL) { ------------------ | Branch (1330:12): [True: 3, False: 1] | Branch (1330:33): [True: 1, False: 2] ------------------ 1331| 1| prev = crt; 1332| 1| crt = crt->next; 1333| 1| } 1334| | 1335| | /* 1336| | * Add new certificate on the end of the chain if needed. 1337| | */ 1338| 3| if (crt->version != 0 && crt->next == NULL) { ------------------ | Branch (1338:9): [True: 2, False: 1] | Branch (1338:30): [True: 2, False: 0] ------------------ 1339| 2| crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); 1340| | 1341| 2| if (crt->next == NULL) { ------------------ | Branch (1341:13): [True: 0, False: 2] ------------------ 1342| 0| return MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 1343| 0| } 1344| | 1345| 2| prev = crt; 1346| 2| mbedtls_x509_crt_init(crt->next); 1347| 2| crt = crt->next; 1348| 2| } 1349| | 1350| 3| ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); 1351| 3| if (ret != 0) { ------------------ | Branch (1351:9): [True: 0, False: 3] ------------------ 1352| 0| if (prev) { ------------------ | Branch (1352:13): [True: 0, False: 0] ------------------ 1353| 0| prev->next = NULL; 1354| 0| } 1355| | 1356| 0| if (crt != chain) { ------------------ | Branch (1356:13): [True: 0, False: 0] ------------------ 1357| 0| mbedtls_free(crt); 1358| 0| } 1359| | 1360| 0| return ret; 1361| 0| } 1362| | 1363| 3| return 0; 1364| 3|} x509_crt.c:x509_crt_parse_der_core: 1079| 3|{ 1080| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1081| 3| size_t len; 1082| 3| unsigned char *p, *end, *crt_end; 1083| 3| mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 1084| | 1085| 3| memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); 1086| 3| memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); 1087| 3| memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); 1088| | 1089| | /* 1090| | * Check for valid input 1091| | */ 1092| 3| if (crt == NULL || buf == NULL) { ------------------ | Branch (1092:9): [True: 0, False: 3] | Branch (1092:24): [True: 0, False: 3] ------------------ 1093| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1094| 0| } 1095| | 1096| | /* Use the original buffer until we figure out actual length. */ 1097| 3| p = (unsigned char *) buf; 1098| 3| len = buflen; 1099| 3| end = p + len; 1100| | 1101| | /* 1102| | * Certificate ::= SEQUENCE { 1103| | * tbsCertificate TBSCertificate, 1104| | * signatureAlgorithm AlgorithmIdentifier, 1105| | * signatureValue BIT STRING } 1106| | */ 1107| 3| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1107:9): [True: 0, False: 3] ------------------ 1108| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1109| 0| mbedtls_x509_crt_free(crt); 1110| 0| return MBEDTLS_ERR_X509_INVALID_FORMAT; ------------------ | | 49| 0|#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 ------------------ 1111| 0| } 1112| | 1113| 3| end = crt_end = p + len; 1114| 3| crt->raw.len = (size_t) (crt_end - buf); 1115| 3| if (make_copy != 0) { ------------------ | Branch (1115:9): [True: 3, False: 0] ------------------ 1116| | /* Create and populate a new buffer for the raw field. */ 1117| 3| crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); 1118| 3| if (crt->raw.p == NULL) { ------------------ | Branch (1118:13): [True: 0, False: 3] ------------------ 1119| 0| return MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 1120| 0| } 1121| | 1122| 3| memcpy(crt->raw.p, buf, crt->raw.len); 1123| 3| crt->own_buffer = 1; 1124| | 1125| 3| p += crt->raw.len - len; 1126| 3| end = crt_end = p + len; 1127| 3| } else { 1128| 0| crt->raw.p = (unsigned char *) buf; 1129| 0| crt->own_buffer = 0; 1130| 0| } 1131| | 1132| | /* 1133| | * TBSCertificate ::= SEQUENCE { 1134| | */ 1135| 3| crt->tbs.p = p; 1136| | 1137| 3| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1137:9): [True: 0, False: 3] ------------------ 1138| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1139| 0| mbedtls_x509_crt_free(crt); 1140| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1141| 0| } 1142| | 1143| 3| end = p + len; 1144| 3| crt->tbs.len = (size_t) (end - crt->tbs.p); 1145| | 1146| | /* 1147| | * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1148| | * 1149| | * CertificateSerialNumber ::= INTEGER 1150| | * 1151| | * signature AlgorithmIdentifier 1152| | */ 1153| 3| if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || ------------------ | Branch (1153:9): [True: 0, False: 3] ------------------ 1154| 3| (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || ------------------ | Branch (1154:9): [True: 0, False: 3] ------------------ 1155| 3| (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, ------------------ | Branch (1155:9): [True: 0, False: 3] ------------------ 1156| 3| &sig_params1)) != 0) { 1157| 0| mbedtls_x509_crt_free(crt); 1158| 0| return ret; 1159| 0| } 1160| | 1161| 3| if (crt->version < 0 || crt->version > 2) { ------------------ | Branch (1161:9): [True: 0, False: 3] | Branch (1161:29): [True: 0, False: 3] ------------------ 1162| 0| mbedtls_x509_crt_free(crt); 1163| 0| return MBEDTLS_ERR_X509_UNKNOWN_VERSION; ------------------ | | 65| 0|#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 ------------------ 1164| 0| } 1165| | 1166| 3| crt->version++; 1167| | 1168| 3| if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, ------------------ | Branch (1168:9): [True: 0, False: 3] ------------------ 1169| 3| &crt->sig_md, &crt->sig_pk, 1170| 3| &crt->sig_opts)) != 0) { 1171| 0| mbedtls_x509_crt_free(crt); 1172| 0| return ret; 1173| 0| } 1174| | 1175| | /* 1176| | * issuer Name 1177| | */ 1178| 3| crt->issuer_raw.p = p; 1179| | 1180| 3| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1180:9): [True: 0, False: 3] ------------------ 1181| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1182| 0| mbedtls_x509_crt_free(crt); 1183| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1184| 0| } 1185| | 1186| 3| if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { ------------------ | Branch (1186:9): [True: 0, False: 3] ------------------ 1187| 0| mbedtls_x509_crt_free(crt); 1188| 0| return ret; 1189| 0| } 1190| | 1191| 3| crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); 1192| | 1193| | /* 1194| | * Validity ::= SEQUENCE { 1195| | * notBefore Time, 1196| | * notAfter Time } 1197| | * 1198| | */ 1199| 3| if ((ret = x509_get_dates(&p, end, &crt->valid_from, ------------------ | Branch (1199:9): [True: 0, False: 3] ------------------ 1200| 3| &crt->valid_to)) != 0) { 1201| 0| mbedtls_x509_crt_free(crt); 1202| 0| return ret; 1203| 0| } 1204| | 1205| | /* 1206| | * subject Name 1207| | */ 1208| 3| crt->subject_raw.p = p; 1209| | 1210| 3| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1210:9): [True: 0, False: 3] ------------------ 1211| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1212| 0| mbedtls_x509_crt_free(crt); 1213| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1214| 0| } 1215| | 1216| 3| if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { ------------------ | Branch (1216:9): [True: 3, False: 0] | Branch (1216:16): [True: 0, False: 3] ------------------ 1217| 0| mbedtls_x509_crt_free(crt); 1218| 0| return ret; 1219| 0| } 1220| | 1221| 3| crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); 1222| | 1223| | /* 1224| | * SubjectPublicKeyInfo 1225| | */ 1226| 3| crt->pk_raw.p = p; 1227| 3| if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { ------------------ | Branch (1227:9): [True: 0, False: 3] ------------------ 1228| 0| mbedtls_x509_crt_free(crt); 1229| 0| return ret; 1230| 0| } 1231| 3| crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); 1232| | 1233| | /* 1234| | * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 1235| | * -- If present, version shall be v2 or v3 1236| | * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 1237| | * -- If present, version shall be v2 or v3 1238| | * extensions [3] EXPLICIT Extensions OPTIONAL 1239| | * -- If present, version shall be v3 1240| | */ 1241| 3| if (crt->version == 2 || crt->version == 3) { ------------------ | Branch (1241:9): [True: 0, False: 3] | Branch (1241:30): [True: 3, False: 0] ------------------ 1242| 3| ret = x509_get_uid(&p, end, &crt->issuer_id, 1); 1243| 3| if (ret != 0) { ------------------ | Branch (1243:13): [True: 0, False: 3] ------------------ 1244| 0| mbedtls_x509_crt_free(crt); 1245| 0| return ret; 1246| 0| } 1247| 3| } 1248| | 1249| 3| if (crt->version == 2 || crt->version == 3) { ------------------ | Branch (1249:9): [True: 0, False: 3] | Branch (1249:30): [True: 3, False: 0] ------------------ 1250| 3| ret = x509_get_uid(&p, end, &crt->subject_id, 2); 1251| 3| if (ret != 0) { ------------------ | Branch (1251:13): [True: 0, False: 3] ------------------ 1252| 0| mbedtls_x509_crt_free(crt); 1253| 0| return ret; 1254| 0| } 1255| 3| } 1256| | 1257| 3| if (crt->version == 3) { ------------------ | Branch (1257:9): [True: 3, False: 0] ------------------ 1258| 3| ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); 1259| 3| if (ret != 0) { ------------------ | Branch (1259:13): [True: 0, False: 3] ------------------ 1260| 0| mbedtls_x509_crt_free(crt); 1261| 0| return ret; 1262| 0| } 1263| 3| } 1264| | 1265| 3| if (p != end) { ------------------ | Branch (1265:9): [True: 0, False: 3] ------------------ 1266| 0| mbedtls_x509_crt_free(crt); 1267| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1268| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1269| 0| } 1270| | 1271| 3| end = crt_end; 1272| | 1273| | /* 1274| | * } 1275| | * -- end of TBSCertificate 1276| | * 1277| | * signatureAlgorithm AlgorithmIdentifier, 1278| | * signatureValue BIT STRING 1279| | */ 1280| 3| if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { ------------------ | Branch (1280:9): [True: 0, False: 3] ------------------ 1281| 0| mbedtls_x509_crt_free(crt); 1282| 0| return ret; 1283| 0| } 1284| | 1285| 3| if (crt->sig_oid.len != sig_oid2.len || ------------------ | Branch (1285:9): [True: 0, False: 3] ------------------ 1286| 3| memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || ------------------ | Branch (1286:9): [True: 0, False: 3] ------------------ 1287| 3| sig_params1.tag != sig_params2.tag || ------------------ | Branch (1287:9): [True: 0, False: 3] ------------------ 1288| 3| sig_params1.len != sig_params2.len || ------------------ | Branch (1288:9): [True: 0, False: 3] ------------------ 1289| 3| (sig_params1.len != 0 && ------------------ | Branch (1289:10): [True: 0, False: 3] ------------------ 1290| 3| memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { ------------------ | Branch (1290:10): [True: 0, False: 0] ------------------ 1291| 0| mbedtls_x509_crt_free(crt); 1292| 0| return MBEDTLS_ERR_X509_SIG_MISMATCH; ------------------ | | 69| 0|#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 ------------------ 1293| 0| } 1294| | 1295| 3| if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { ------------------ | Branch (1295:9): [True: 0, False: 3] ------------------ 1296| 0| mbedtls_x509_crt_free(crt); 1297| 0| return ret; 1298| 0| } 1299| | 1300| 3| if (p != end) { ------------------ | Branch (1300:9): [True: 0, False: 3] ------------------ 1301| 0| mbedtls_x509_crt_free(crt); 1302| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1303| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1304| 0| } 1305| | 1306| 3| return 0; 1307| 3|} x509_crt.c:x509_get_version: 398| 3|{ 399| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 400| 3| size_t len; 401| | 402| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (402:9): [True: 0, False: 3] ------------------ 403| 3| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 83| 3|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 404| 3| 0)) != 0) { 405| 0| if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (405:13): [True: 0, False: 0] ------------------ 406| 0| *ver = 0; 407| 0| return 0; 408| 0| } 409| | 410| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 411| 0| } 412| | 413| 3| end = *p + len; 414| | 415| 3| if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { ------------------ | Branch (415:9): [True: 0, False: 3] ------------------ 416| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 417| 0| } 418| | 419| 3| if (*p != end) { ------------------ | Branch (419:9): [True: 0, False: 3] ------------------ 420| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 421| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 422| 0| } 423| | 424| 3| return 0; 425| 3|} x509_crt.c:x509_get_dates: 436| 3|{ 437| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 438| 3| size_t len; 439| | 440| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (440:9): [True: 0, False: 3] ------------------ 441| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 442| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 443| 0| } 444| | 445| 3| end = *p + len; 446| | 447| 3| if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { ------------------ | Branch (447:9): [True: 0, False: 3] ------------------ 448| 0| return ret; 449| 0| } 450| | 451| 3| if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { ------------------ | Branch (451:9): [True: 0, False: 3] ------------------ 452| 0| return ret; 453| 0| } 454| | 455| 3| if (*p != end) { ------------------ | Branch (455:9): [True: 0, False: 3] ------------------ 456| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 457| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 458| 0| } 459| | 460| 3| return 0; 461| 3|} x509_crt.c:x509_get_uid: 469| 6|{ 470| 6| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 471| | 472| 6| if (*p == end) { ------------------ | Branch (472:9): [True: 0, False: 6] ------------------ 473| 0| return 0; 474| 0| } 475| | 476| 6| uid->tag = **p; 477| | 478| 6| if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, ------------------ | Branch (478:9): [True: 6, False: 0] ------------------ 479| 6| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 83| 6|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 6|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 480| 6| n)) != 0) { 481| 6| if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 6|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (481:13): [True: 6, False: 0] ------------------ 482| 6| return 0; 483| 6| } 484| | 485| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 486| 6| } 487| | 488| 0| uid->p = *p; 489| 0| *p += uid->len; 490| | 491| 0| return 0; 492| 6|} x509_crt.c:x509_get_crt_ext: 867| 3|{ 868| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 869| 3| size_t len; 870| 3| unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; 871| | 872| 3| if (*p == end) { ------------------ | Branch (872:9): [True: 0, False: 3] ------------------ 873| 0| return 0; 874| 0| } 875| | 876| 3| if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { ------------------ | Branch (876:9): [True: 0, False: 3] ------------------ 877| 0| return ret; 878| 0| } 879| | 880| 3| end = crt->v3_ext.p + crt->v3_ext.len; 881| 12| while (*p < end) { ------------------ | Branch (881:12): [True: 9, False: 3] ------------------ 882| | /* 883| | * Extension ::= SEQUENCE { 884| | * extnID OBJECT IDENTIFIER, 885| | * critical BOOLEAN DEFAULT FALSE, 886| | * extnValue OCTET STRING } 887| | */ 888| 9| mbedtls_x509_buf extn_oid = { 0, 0, NULL }; 889| 9| int is_critical = 0; /* DEFAULT FALSE */ 890| 9| int ext_type = 0; 891| | 892| 9| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (892:13): [True: 0, False: 9] ------------------ 893| 9| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 9|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 9|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 894| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 895| 0| } 896| | 897| 9| end_ext_data = *p + len; 898| | 899| | /* Get extension ID */ 900| 9| if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, ------------------ | Branch (900:13): [True: 0, False: 9] ------------------ 901| 9| MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 9|#define MBEDTLS_ASN1_OID 0x06 ------------------ 902| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 903| 0| } 904| | 905| 9| extn_oid.tag = MBEDTLS_ASN1_OID; ------------------ | | 69| 9|#define MBEDTLS_ASN1_OID 0x06 ------------------ 906| 9| extn_oid.p = *p; 907| 9| *p += extn_oid.len; 908| | 909| | /* Get optional critical */ 910| 9| if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && ------------------ | Branch (910:13): [True: 8, False: 1] ------------------ 911| 9| (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { ------------------ | | 39| 8|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (911:13): [True: 0, False: 8] ------------------ 912| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 913| 0| } 914| | 915| | /* Data should be octet string type */ 916| 9| if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, ------------------ | Branch (916:13): [True: 0, False: 9] ------------------ 917| 9| MBEDTLS_ASN1_OCTET_STRING)) != 0) { ------------------ | | 67| 9|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 918| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 919| 0| } 920| | 921| 9| start_ext_octet = *p; 922| 9| end_ext_octet = *p + len; 923| | 924| 9| if (end_ext_octet != end_ext_data) { ------------------ | Branch (924:13): [True: 0, False: 9] ------------------ 925| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 926| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 927| 0| } 928| | 929| | /* 930| | * Detect supported extensions 931| | */ 932| 9| ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); 933| | 934| 9| if (ret != 0) { ------------------ | Branch (934:13): [True: 0, False: 9] ------------------ 935| | /* Give the callback (if any) a chance to handle the extension */ 936| 0| if (cb != NULL) { ------------------ | Branch (936:17): [True: 0, False: 0] ------------------ 937| 0| ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); 938| 0| if (ret != 0 && is_critical) { ------------------ | Branch (938:21): [True: 0, False: 0] | Branch (938:33): [True: 0, False: 0] ------------------ 939| 0| return ret; 940| 0| } 941| 0| *p = end_ext_octet; 942| 0| continue; 943| 0| } 944| | 945| | /* No parser found, skip extension */ 946| 0| *p = end_ext_octet; 947| | 948| 0| if (is_critical) { ------------------ | Branch (948:17): [True: 0, False: 0] ------------------ 949| | /* Data is marked as critical: fail */ 950| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 951| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 952| 0| } 953| 0| continue; 954| 0| } 955| | 956| | /* Forbid repeated extensions */ 957| 9| if ((crt->ext_types & ext_type) != 0) { ------------------ | Branch (957:13): [True: 0, False: 9] ------------------ 958| 0| return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; ------------------ | | 63| 0|#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 ------------------ 959| 0| } 960| | 961| 9| crt->ext_types |= ext_type; 962| | 963| 9| switch (ext_type) { 964| 3| case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: ------------------ | | 182| 3|#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ | | ------------------ | | | | 45| 3|#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8) | | ------------------ ------------------ | Branch (964:13): [True: 3, False: 6] ------------------ 965| | /* Parse basic constraints */ 966| 3| if ((ret = x509_get_basic_constraints(p, end_ext_octet, ------------------ | Branch (966:21): [True: 0, False: 3] ------------------ 967| 3| &crt->ca_istrue, &crt->max_pathlen)) != 0) { 968| 0| return ret; 969| 0| } 970| 3| break; 971| | 972| 3| case MBEDTLS_X509_EXT_KEY_USAGE: ------------------ | | 176| 0|#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE | | ------------------ | | | | 39| 0|#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) | | ------------------ ------------------ | Branch (972:13): [True: 0, False: 9] ------------------ 973| | /* Parse key usage */ 974| 0| if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet, ------------------ | Branch (974:21): [True: 0, False: 0] ------------------ 975| 0| &crt->key_usage)) != 0) { 976| 0| return ret; 977| 0| } 978| 0| break; 979| | 980| 0| case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: ------------------ | | 185| 0|#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE | | ------------------ | | | | 48| 0|#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) | | ------------------ ------------------ | Branch (980:13): [True: 0, False: 9] ------------------ 981| | /* Parse extended key usage */ 982| 0| if ((ret = x509_get_ext_key_usage(p, end_ext_octet, ------------------ | Branch (982:21): [True: 0, False: 0] ------------------ 983| 0| &crt->ext_key_usage)) != 0) { 984| 0| return ret; 985| 0| } 986| 0| break; 987| | 988| 3| case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: ------------------ | | 175| 3|#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER | | ------------------ | | | | 38| 3|#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) | | ------------------ ------------------ | Branch (988:13): [True: 3, False: 6] ------------------ 989| | /* Parse subject key identifier */ 990| 3| if ((ret = x509_get_subject_key_id(p, end_ext_data, ------------------ | Branch (990:21): [True: 0, False: 3] ------------------ 991| 3| &crt->subject_key_id)) != 0) { 992| 0| return ret; 993| 0| } 994| 3| break; 995| | 996| 3| case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: ------------------ | | 174| 3|#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER | | ------------------ | | | | 37| 3|#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) | | ------------------ ------------------ | Branch (996:13): [True: 3, False: 6] ------------------ 997| | /* Parse authority key identifier */ 998| 3| if ((ret = x509_get_authority_key_id(p, end_ext_octet, ------------------ | Branch (998:21): [True: 0, False: 3] ------------------ 999| 3| &crt->authority_key_id)) != 0) { 1000| 0| return ret; 1001| 0| } 1002| 3| break; 1003| 3| case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: ------------------ | | 179| 0|#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ | | ------------------ | | | | 42| 0|#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5) | | ------------------ ------------------ | Branch (1003:13): [True: 0, False: 9] ------------------ 1004| | /* Parse subject alt name 1005| | * SubjectAltName ::= GeneralNames 1006| | */ 1007| 0| if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, ------------------ | Branch (1007:21): [True: 0, False: 0] ------------------ 1008| 0| &crt->subject_alt_names)) != 0) { 1009| 0| return ret; 1010| 0| } 1011| 0| break; 1012| | 1013| 0| case MBEDTLS_X509_EXT_NS_CERT_TYPE: ------------------ | | 189| 0|#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE | | ------------------ | | | | 52| 0|#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) | | ------------------ ------------------ | Branch (1013:13): [True: 0, False: 9] ------------------ 1014| | /* Parse netscape certificate type */ 1015| 0| if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet, ------------------ | Branch (1015:21): [True: 0, False: 0] ------------------ 1016| 0| &crt->ns_cert_type)) != 0) { 1017| 0| return ret; 1018| 0| } 1019| 0| break; 1020| | 1021| 0| case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: ------------------ | | 40| 0|#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3) ------------------ | Branch (1021:13): [True: 0, False: 9] ------------------ 1022| | /* Parse certificate policies type */ 1023| 0| if ((ret = x509_get_certificate_policies(p, end_ext_octet, ------------------ | Branch (1023:21): [True: 0, False: 0] ------------------ 1024| 0| &crt->certificate_policies)) != 0) { 1025| | /* Give the callback (if any) a chance to handle the extension 1026| | * if it contains unsupported policies */ 1027| 0| if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && ------------------ | | 45| 0|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ | Branch (1027:25): [True: 0, False: 0] | Branch (1027:72): [True: 0, False: 0] ------------------ 1028| 0| cb(p_ctx, crt, &extn_oid, is_critical, ------------------ | Branch (1028:25): [True: 0, False: 0] ------------------ 1029| 0| start_ext_octet, end_ext_octet) == 0) { 1030| 0| break; 1031| 0| } 1032| | 1033| 0| if (is_critical) { ------------------ | Branch (1033:25): [True: 0, False: 0] ------------------ 1034| 0| return ret; 1035| 0| } else 1036| | /* 1037| | * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we 1038| | * cannot interpret or enforce the policy. However, it is up to 1039| | * the user to choose how to enforce the policies, 1040| | * unless the extension is critical. 1041| | */ 1042| 0| if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { ------------------ | | 45| 0|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ | Branch (1042:25): [True: 0, False: 0] ------------------ 1043| 0| return ret; 1044| 0| } 1045| 0| } 1046| 0| break; 1047| | 1048| 0| default: ------------------ | Branch (1048:13): [True: 0, False: 9] ------------------ 1049| | /* 1050| | * If this is a non-critical extension, which the oid layer 1051| | * supports, but there isn't an x509 parser for it, 1052| | * skip the extension. 1053| | */ 1054| 0| if (is_critical) { ------------------ | Branch (1054:21): [True: 0, False: 0] ------------------ 1055| 0| return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; ------------------ | | 45| 0|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ 1056| 0| } else { 1057| 0| *p = end_ext_octet; 1058| 0| } 1059| 9| } 1060| 9| } 1061| | 1062| 3| if (*p != end) { ------------------ | Branch (1062:9): [True: 0, False: 3] ------------------ 1063| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1064| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1065| 0| } 1066| | 1067| 3| return 0; 1068| 3|} x509_crt.c:x509_get_basic_constraints: 498| 3|{ 499| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 500| 3| size_t len; 501| | 502| | /* 503| | * BasicConstraints ::= SEQUENCE { 504| | * cA BOOLEAN DEFAULT FALSE, 505| | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 506| | */ 507| 3| *ca_istrue = 0; /* DEFAULT FALSE */ 508| 3| *max_pathlen = 0; /* endless */ 509| | 510| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (510:9): [True: 0, False: 3] ------------------ 511| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 512| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 513| 0| } 514| | 515| 3| if (*p == end) { ------------------ | Branch (515:9): [True: 0, False: 3] ------------------ 516| 0| return 0; 517| 0| } 518| | 519| 3| if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { ------------------ | Branch (519:9): [True: 0, False: 3] ------------------ 520| 0| if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (520:13): [True: 0, False: 0] ------------------ 521| 0| ret = mbedtls_asn1_get_int(p, end, ca_istrue); 522| 0| } 523| | 524| 0| if (ret != 0) { ------------------ | Branch (524:13): [True: 0, False: 0] ------------------ 525| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 526| 0| } 527| | 528| 0| if (*ca_istrue != 0) { ------------------ | Branch (528:13): [True: 0, False: 0] ------------------ 529| 0| *ca_istrue = 1; 530| 0| } 531| 0| } 532| | 533| 3| if (*p == end) { ------------------ | Branch (533:9): [True: 3, False: 0] ------------------ 534| 3| return 0; 535| 3| } 536| | 537| 0| if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { ------------------ | Branch (537:9): [True: 0, False: 0] ------------------ 538| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 539| 0| } 540| | 541| 0| if (*p != end) { ------------------ | Branch (541:9): [True: 0, False: 0] ------------------ 542| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 543| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 544| 0| } 545| | 546| | /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer 547| | * overflow, which is an undefined behavior. */ 548| 0| if (*max_pathlen == INT_MAX) { ------------------ | Branch (548:9): [True: 0, False: 0] ------------------ 549| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 550| 0| MBEDTLS_ERR_ASN1_INVALID_LENGTH); 551| 0| } 552| | 553| 0| (*max_pathlen)++; 554| | 555| 0| return 0; 556| 0|} x509_crt.c:x509_get_subject_key_id: 590| 3|{ 591| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 592| 3| size_t len = 0u; 593| | 594| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (594:9): [True: 0, False: 3] ------------------ 595| 3| MBEDTLS_ASN1_OCTET_STRING)) != 0) { ------------------ | | 67| 3|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 596| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 597| 0| } 598| | 599| 3| subject_key_id->len = len; 600| 3| subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; ------------------ | | 67| 3|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 601| 3| subject_key_id->p = *p; 602| 3| *p += len; 603| | 604| 3| if (*p != end) { ------------------ | Branch (604:9): [True: 0, False: 3] ------------------ 605| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 606| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 607| 0| } 608| | 609| 3| return 0; 610| 3|} x509_crt.c:x509_get_authority_key_id: 623| 3|{ 624| 3| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 625| 3| size_t len = 0u; 626| | 627| 3| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (627:9): [True: 0, False: 3] ------------------ 628| 3| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 629| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 630| 0| } 631| | 632| 3| if (*p + len != end) { ------------------ | Branch (632:9): [True: 0, False: 3] ------------------ 633| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 634| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 635| 0| } 636| | 637| 3| ret = mbedtls_asn1_get_tag(p, end, &len, 638| 3| MBEDTLS_ASN1_CONTEXT_SPECIFIC); ------------------ | | 83| 3|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ 639| | 640| | /* KeyIdentifier is an OPTIONAL field */ 641| 3| if (ret == 0) { ------------------ | Branch (641:9): [True: 3, False: 0] ------------------ 642| 3| authority_key_id->keyIdentifier.len = len; 643| 3| authority_key_id->keyIdentifier.p = *p; 644| | /* Setting tag of the keyIdentfier intentionally to 0x04. 645| | * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), 646| | * its tag with the content is the payload of on OCTET STRING primitive */ 647| 3| authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; ------------------ | | 67| 3|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 648| | 649| 3| *p += len; 650| 3| } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (650:16): [True: 0, False: 0] ------------------ 651| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 652| 0| } 653| | 654| 3| if (*p < end) { ------------------ | Branch (654:9): [True: 0, False: 3] ------------------ 655| | /* Getting authorityCertIssuer using the required specific class tag [1] */ 656| 0| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (656:13): [True: 0, False: 0] ------------------ 657| 0| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 0|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 658| 0| 1)) != 0) { 659| | /* authorityCertIssuer and authorityCertSerialNumber MUST both 660| | be present or both be absent. At this point we expect to have both. */ 661| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 662| 0| } 663| | /* "end" also includes the CertSerialNumber field so "len" shall be used */ 664| 0| ret = mbedtls_x509_get_subject_alt_name_ext(p, 665| 0| (*p+len), 666| 0| &authority_key_id->authorityCertIssuer); 667| 0| if (ret != 0) { ------------------ | Branch (667:13): [True: 0, False: 0] ------------------ 668| 0| return ret; 669| 0| } 670| | 671| | /* Getting authorityCertSerialNumber using the required specific class tag [2] */ 672| 0| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (672:13): [True: 0, False: 0] ------------------ 673| 0| MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ 674| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 675| 0| } 676| 0| authority_key_id->authorityCertSerialNumber.len = len; 677| 0| authority_key_id->authorityCertSerialNumber.p = *p; 678| 0| authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; ------------------ | | 65| 0|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ 679| 0| *p += len; 680| 0| } 681| | 682| 3| if (*p != end) { ------------------ | Branch (682:9): [True: 0, False: 3] ------------------ 683| 0| return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ------------------ | | 63| 0|#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 ------------------ 684| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 685| 0| } 686| | 687| 3| return 0; 688| 3|} x509_crt.c:x509_crt_verify_chain_reset: 377| 32|{ 378| 32| size_t i; 379| | 380| 352| for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { ------------------ | | 258| 352|#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) | | ------------------ | | | | 37| 352|#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 | | ------------------ ------------------ | Branch (380:17): [True: 320, False: 32] ------------------ 381| 320| ver_chain->items[i].crt = NULL; 382| 320| ver_chain->items[i].flags = (uint32_t) -1; 383| 320| } 384| | 385| 32| ver_chain->len = 0; 386| | 387| 32|#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 388| 32| ver_chain->trust_ca_cb_result = NULL; 389| 32|#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 390| 32|} dummy_init: 17| 1|{ 18| 1|#if defined(MBEDTLS_PLATFORM_TIME_ALT) 19| 1| mbedtls_platform_set_time(dummy_constant_time); 20| |#else 21| | fprintf(stderr, "Warning: fuzzing without constant time\n"); 22| |#endif 23| 1|} dummy_random: 60| 32|{ 61| 32| int ret; 62| 32| size_t i; 63| | 64| 32|#if defined(MBEDTLS_CTR_DRBG_C) 65| | //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng 66| 32| if (p_rng != NULL) { ------------------ | Branch (66:9): [True: 32, False: 0] ------------------ 67| | //use mbedtls_ctr_drbg_random to find bugs in it 68| 32| ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); 69| 32| } else { 70| | //fall through to pseudo-random 71| 0| ret = 0; 72| 0| } 73| |#else 74| | (void) p_rng; 75| | ret = 0; 76| |#endif 77| 1.05k| for (i = 0; i < output_len; i++) { ------------------ | Branch (77:17): [True: 1.02k, False: 32] ------------------ 78| | //replace result with pseudo random 79| 1.02k| output[i] = (unsigned char) rand(); 80| 1.02k| } 81| 32| return ret; 82| 32|} dummy_entropy: 85| 16|{ 86| 16| size_t i; 87| 16| (void) data; 88| | 89| | //use mbedtls_entropy_func to find bugs in it 90| | //test performance impact of entropy 91| | //ret = mbedtls_entropy_func(data, output, len); 92| 784| for (i = 0; i < len; i++) { ------------------ | Branch (92:17): [True: 768, False: 16] ------------------ 93| | //replace result with pseudo random 94| 768| output[i] = (unsigned char) rand(); 95| 768| } 96| 16| return 0; 97| 16|} LLVMFuzzerTestOneInput: 34| 18|{ 35| 18|#if defined(MBEDTLS_SSL_CLI_C) && \ 36| 18| defined(MBEDTLS_ENTROPY_C) && \ 37| 18| defined(MBEDTLS_CTR_DRBG_C) 38| 18| int ret; 39| 18| size_t len; 40| 18| mbedtls_ssl_context ssl; 41| 18| mbedtls_ssl_config conf; 42| 18| mbedtls_ctr_drbg_context ctr_drbg; 43| 18| mbedtls_entropy_context entropy; 44| 18| unsigned char buf[4096]; 45| 18| fuzzBufferOffset_t biomemfuzz; 46| 18| uint16_t options; 47| | 48| 18| if (initialized == 0) { ------------------ | Branch (48:9): [True: 1, False: 17] ------------------ 49| 1|#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) 50| 1| mbedtls_x509_crt_init(&cacert); 51| 1| if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, ------------------ | Branch (51:13): [True: 0, False: 1] ------------------ 52| 1| mbedtls_test_cas_pem_len) != 0) { 53| 0| return 1; 54| 0| } 55| 1|#endif 56| | 57| 1| alpn_list[0] = "HTTP"; 58| 1| alpn_list[1] = "fuzzalpn"; 59| 1| alpn_list[2] = NULL; 60| | 61| 1| dummy_init(); 62| | 63| 1| initialized = 1; 64| 1| } 65| | 66| | //we take 1 byte as options input 67| 18| if (Size < 2) { ------------------ | Branch (67:9): [True: 2, False: 16] ------------------ 68| 2| return 0; 69| 2| } 70| 16| options = (Data[Size - 2] << 8) | Data[Size - 1]; 71| | //Avoid warnings if compile options imply no options 72| 16| (void) options; 73| | 74| 16| mbedtls_ssl_init(&ssl); 75| 16| mbedtls_ssl_config_init(&conf); 76| 16| mbedtls_ctr_drbg_init(&ctr_drbg); 77| 16| mbedtls_entropy_init(&entropy); 78| | 79| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 80| | psa_status_t status = psa_crypto_init(); 81| | if (status != PSA_SUCCESS) { 82| | goto exit; 83| | } 84| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 85| | 86| 16| if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, ------------------ | Branch (86:9): [True: 0, False: 16] ------------------ 87| 16| (const unsigned char *) pers, strlen(pers)) != 0) { 88| 0| goto exit; 89| 0| } 90| | 91| 16| if (mbedtls_ssl_config_defaults(&conf, ------------------ | Branch (91:9): [True: 0, False: 16] ------------------ 92| 16| MBEDTLS_SSL_IS_CLIENT, ------------------ | | 282| 16|#define MBEDTLS_SSL_IS_CLIENT 0 ------------------ 93| 16| MBEDTLS_SSL_TRANSPORT_STREAM, ------------------ | | 265| 16|#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ ------------------ 94| 16| MBEDTLS_SSL_PRESET_DEFAULT) != 0) { ------------------ | | 327| 16|#define MBEDTLS_SSL_PRESET_DEFAULT 0 ------------------ 95| 0| goto exit; 96| 0| } 97| | 98| 16|#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) 99| 16| if (options & 2) { ------------------ | Branch (99:9): [True: 6, False: 10] ------------------ 100| 6| mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), 101| 6| (const unsigned char *) psk_id, sizeof(psk_id) - 1); 102| 6| } 103| 16|#endif 104| | 105| 16|#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) 106| 16| if (options & 4) { ------------------ | Branch (106:9): [True: 8, False: 8] ------------------ 107| 8| mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); 108| 8| mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); ------------------ | | 298| 8|#define MBEDTLS_SSL_VERIFY_REQUIRED 2 ------------------ 109| 8| } else 110| 8|#endif 111| 8| { 112| 8| mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); ------------------ | | 296| 8|#define MBEDTLS_SSL_VERIFY_NONE 0 ------------------ 113| 8| } 114| 16|#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 115| 16| mbedtls_ssl_conf_extended_master_secret(&conf, 116| 16| (options & ------------------ | Branch (116:45): [True: 6, False: 10] ------------------ 117| 16| 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); ------------------ | | 285| 6|#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 ------------------ 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); ------------------ | | 286| 26|#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 ------------------ 118| 16|#endif 119| 16|#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 120| 16| mbedtls_ssl_conf_encrypt_then_mac(&conf, 121| 16| (options & ------------------ | Branch (121:39): [True: 6, False: 10] ------------------ 122| 16| 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED); ------------------ | | 291| 6|#define MBEDTLS_SSL_ETM_DISABLED 0 ------------------ 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED); ------------------ | | 292| 26|#define MBEDTLS_SSL_ETM_ENABLED 1 ------------------ 123| 16|#endif 124| 16|#if defined(MBEDTLS_SSL_RENEGOTIATION) 125| 16| mbedtls_ssl_conf_renegotiation(&conf, 126| 16| (options & ------------------ | Branch (126:36): [True: 8, False: 8] ------------------ 127| 16| 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); ------------------ | | 305| 8|#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1 ------------------ 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); ------------------ | | 304| 8|#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0 ------------------ 128| 16|#endif 129| 16|#if defined(MBEDTLS_SSL_SESSION_TICKETS) 130| 16| mbedtls_ssl_conf_session_tickets(&conf, 131| 16| (options & ------------------ | Branch (131:38): [True: 4, False: 12] ------------------ 132| 16| 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED); ------------------ | | 321| 4|#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 ------------------ 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED); ------------------ | | 322| 12|#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 ------------------ 133| 16|#endif 134| 16|#if defined(MBEDTLS_SSL_ALPN) 135| 16| if (options & 0x200) { ------------------ | Branch (135:9): [True: 12, False: 4] ------------------ 136| 12| mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); 137| 12| } 138| 16|#endif 139| | //There may be other options to add : 140| | // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes 141| | 142| 16| srand(1); 143| 16| mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); 144| | 145| 16| if (mbedtls_ssl_setup(&ssl, &conf) != 0) { ------------------ | Branch (145:9): [True: 0, False: 16] ------------------ 146| 0| goto exit; 147| 0| } 148| | 149| 16|#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) 150| 16| if ((options & 1) == 0) { ------------------ | Branch (150:9): [True: 6, False: 10] ------------------ 151| 6| if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { ------------------ | Branch (151:13): [True: 0, False: 6] ------------------ 152| 0| goto exit; 153| 0| } 154| 6| } 155| 16|#endif 156| | 157| 16| biomemfuzz.Data = Data; 158| 16| biomemfuzz.Size = Size-2; 159| 16| biomemfuzz.Offset = 0; 160| 16| mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); 161| | 162| 16| ret = mbedtls_ssl_handshake(&ssl); 163| 16| if (ret == 0) { ------------------ | Branch (163:9): [True: 0, False: 16] ------------------ 164| | //keep reading data from server until the end 165| 0| do { 166| 0| len = sizeof(buf) - 1; 167| 0| ret = mbedtls_ssl_read(&ssl, buf, len); 168| | 169| 0| if (ret == MBEDTLS_ERR_SSL_WANT_READ) { ------------------ | | 136| 0|#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 ------------------ | Branch (169:17): [True: 0, False: 0] ------------------ 170| 0| continue; 171| 0| } else if (ret <= 0) { ------------------ | Branch (171:24): [True: 0, False: 0] ------------------ 172| | //EOF or error 173| 0| break; 174| 0| } 175| 0| } while (1); ------------------ | Branch (175:18): [Folded - Ignored] ------------------ 176| 0| } 177| | 178| 16|exit: 179| 16| mbedtls_entropy_free(&entropy); 180| 16| mbedtls_ctr_drbg_free(&ctr_drbg); 181| 16| mbedtls_ssl_config_free(&conf); 182| 16| mbedtls_ssl_free(&ssl); 183| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 184| | mbedtls_psa_crypto_free(); 185| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 186| | 187| |#else 188| | (void) Data; 189| | (void) Size; 190| |#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ 191| | 192| 16| return 0; 193| 16|}