LCOV - code coverage report
Current view: top level - tls - s2n_server_extensions.c (source / functions) Hit Total Coverage
Test: unit_test_coverage.info Lines: 28 28 100.0 %
Date: 2025-08-15 07:28:39 Functions: 2 2 100.0 %
Branches: 23 28 82.1 % 

           Branch data     Line data    Source code
       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include "tls/s2n_server_extensions.h"
      17                 :            : 
      18                 :            : #include "stuffer/s2n_stuffer.h"
      19                 :            : #include "tls/extensions/s2n_extension_list.h"
      20                 :            : #include "tls/extensions/s2n_server_supported_versions.h"
      21                 :            : #include "tls/s2n_connection.h"
      22                 :            : #include "utils/s2n_safety.h"
      23                 :            : 
      24                 :            : /* An empty list will just contain the uint16_t list size */
      25                 :       7272 : #define S2N_EMPTY_EXTENSION_LIST_SIZE sizeof(uint16_t)
      26                 :            : 
      27                 :            : int s2n_server_extensions_send(struct s2n_connection *conn, struct s2n_stuffer *out)
      28                 :       7276 : {
      29                 :       7276 :     uint32_t data_available_before_extensions = s2n_stuffer_data_available(out);
      30                 :            : 
      31         [ +  + ]:       7276 :     if (s2n_is_hello_retry_message(conn)) {
      32         [ -  + ]:        653 :         POSIX_GUARD(s2n_extension_list_send(S2N_EXTENSION_LIST_HELLO_RETRY_REQUEST, conn, out));
      33         [ +  + ]:       6623 :     } else if (conn->actual_protocol_version >= S2N_TLS13) {
      34         [ +  + ]:       4252 :         POSIX_GUARD(s2n_extension_list_send(S2N_EXTENSION_LIST_SERVER_HELLO_TLS13, conn, out));
      35                 :       4252 :     } else {
      36         [ -  + ]:       2371 :         POSIX_GUARD(s2n_extension_list_send(S2N_EXTENSION_LIST_SERVER_HELLO_DEFAULT, conn, out));
      37                 :       2371 :     }
      38                 :            : 
      39                 :            :     /* The ServerHello extension list size (uint16_t) is NOT written if the list is empty.
      40                 :            :      * This is to support older clients written before extensions existed that might fail
      41                 :            :      * on any unexpected bytes at the end of the ServerHello.
      42                 :            :      *
      43                 :            :      * This behavior is outlined in the TLS1.2 RFC: https://tools.ietf.org/html/rfc5246#appendix-A.4.1
      44                 :            :      *
      45                 :            :      * This behavior does not affect TLS1.3, which always requires at least the supported_version extension
      46                 :            :      * so will never produce an empty list.
      47                 :            :      */
      48         [ +  + ]:       7272 :     if (s2n_stuffer_data_available(out) - data_available_before_extensions == S2N_EMPTY_EXTENSION_LIST_SIZE) {
      49         [ -  + ]:         27 :         POSIX_GUARD(s2n_stuffer_wipe_n(out, S2N_EMPTY_EXTENSION_LIST_SIZE));
      50                 :         27 :     }
      51                 :            : 
      52                 :       7272 :     return S2N_SUCCESS;
      53                 :       7272 : }
      54                 :            : 
      55                 :            : int s2n_server_extensions_recv(struct s2n_connection *conn, struct s2n_stuffer *in)
      56                 :       7269 : {
      57                 :       7269 :     s2n_parsed_extensions_list parsed_extension_list = { 0 };
      58         [ -  + ]:       7269 :     POSIX_GUARD(s2n_extension_list_parse(in, &parsed_extension_list));
      59                 :            : 
      60                 :            :     /**
      61                 :            :      * Process supported_versions first so that we know which extensions list to use.
      62                 :            :      * - If the supported_versions extension exists, then it will set server_protocol_version.
      63                 :            :      * - If the supported_versions extension does not exist, then the server_protocol_version will remain
      64                 :            :      *   unknown and we will use the default list of allowed extension types.
      65                 :            :      **/
      66         [ +  + ]:       7269 :     POSIX_GUARD(s2n_extension_process(&s2n_server_supported_versions_extension, conn, &parsed_extension_list));
      67                 :            : 
      68         [ +  + ]:       7268 :     if (s2n_is_hello_retry_message(conn)) {
      69                 :            :         /**
      70                 :            :          *= https://www.rfc-editor.org/rfc/rfc8446#4.1.4
      71                 :            :          *# Otherwise, the client MUST process all extensions in the
      72                 :            :          *# HelloRetryRequest
      73                 :            :          */
      74         [ -  + ]:        650 :         POSIX_GUARD(s2n_extension_list_process(S2N_EXTENSION_LIST_HELLO_RETRY_REQUEST, conn, &parsed_extension_list));
      75         [ +  + ]:       6618 :     } else if (conn->server_protocol_version >= S2N_TLS13) {
      76         [ +  + ]:       4292 :         POSIX_GUARD(s2n_extension_list_process(S2N_EXTENSION_LIST_SERVER_HELLO_TLS13, conn, &parsed_extension_list));
      77                 :       4292 :     } else {
      78         [ +  + ]:       2326 :         POSIX_GUARD(s2n_extension_list_process(S2N_EXTENSION_LIST_SERVER_HELLO_DEFAULT, conn, &parsed_extension_list));
      79                 :       2326 :     }
      80                 :            : 
      81                 :       7266 :     return S2N_SUCCESS;
      82                 :       7268 : }

Generated by: LCOV version 1.14