25147314492

Committed 30 Apr 2026 04:17AM UTC coverage: 89.359% (-0.01%) from 89.37%

Build # 25147314492

Build Type

push

github

Committed by

randombit

Commit Message

Avoid using BOTAN_ASSERT for input validation

Coverage Stats

107055 of 119803 relevant lines covered (89.36%)

11298138.36 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

86.96

/src/lib/tls/msg_cert_verify.cpp

/*
* Certificate Verify Message
* (C) 2004,2006,2011,2012 Jack Lloyd
*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
*     2021 Elektrobit Automotive GmbH
*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_messages.h>

#include <botan/internal/tls_reader.h>

namespace Botan::TLS {

/*
* Deserialize a Certificate Verify message
*/
Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf) {
   TLS_Data_Reader reader("CertificateVerify", buf);

   m_scheme = Signature_Scheme(reader.get_uint16_t());
   // Somewhat oddly, the signature really is allowed to be empty in a CertificateVerify
   m_signature = reader.get_range<uint8_t>(2, 0, 65535);
   reader.assert_done();

   if(!m_scheme.is_set()) {
      throw Decoding_Error("Counterparty did not send hash/sig IDS");
   }
}

/*
* Serialize a Certificate Verify message
*/
std::vector<uint8_t> Certificate_Verify::serialize() const {
   BOTAN_ASSERT_NOMSG(m_scheme.is_set());
   std::vector<uint8_t> buf;
   buf.reserve(2 + 2 + m_signature.size());  // work around GCC warning

   const auto code = m_scheme.wire_code();
   buf.push_back(get_byte<0>(code));
   buf.push_back(get_byte<1>(code));

   if(m_signature.size() > 0xFFFF) {
      throw Encoding_Error("Certificate_Verify signature too long to encode");
   }

   const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
   buf.push_back(get_byte<0>(sig_len));
   buf.push_back(get_byte<1>(sig_len));
   buf += m_signature;

   return buf;
}

}  // namespace Botan::TLS

1	/*
2	* Certificate Verify Message
3	* (C) 2004,2006,2011,2012 Jack Lloyd
4	* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5	* 2021 Elektrobit Automotive GmbH
6	* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
7	*
8	* Botan is released under the Simplified BSD License (see license.txt)
9	*/
10
11	#include <botan/tls_messages.h>
12
13	#include <botan/internal/tls_reader.h>
14
15	namespace Botan::TLS {
16
17	/*
18	* Deserialize a Certificate Verify message
19	*/
20	Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf) {	569✔
21	TLS_Data_Reader reader("CertificateVerify", buf);	569✔
22
23	m_scheme = Signature_Scheme(reader.get_uint16_t());	569✔
24	// Somewhat oddly, the signature really is allowed to be empty in a CertificateVerify
25	m_signature = reader.get_range<uint8_t>(2, 0, 65535);	568✔
26	reader.assert_done();	567✔
27
28	if(!m_scheme.is_set()) {	562✔
29	throw Decoding_Error("Counterparty did not send hash/sig IDS");	×
30	}
31	}	569✔
32
33	/*
34	* Serialize a Certificate Verify message
35	*/
36	std::vector<uint8_t> Certificate_Verify::serialize() const {	407✔
37	BOTAN_ASSERT_NOMSG(m_scheme.is_set());	407✔
38	std::vector<uint8_t> buf;	407✔
39	buf.reserve(2 + 2 + m_signature.size()); // work around GCC warning	407✔
40
41	const auto code = m_scheme.wire_code();	407✔
42	buf.push_back(get_byte<0>(code));	407✔
43	buf.push_back(get_byte<1>(code));	407✔
44
45	if(m_signature.size() > 0xFFFF) {	407✔
46	throw Encoding_Error("Certificate_Verify signature too long to encode");	×
47	}
48
49	const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());	407✔
50	buf.push_back(get_byte<0>(sig_len));	407✔
51	buf.push_back(get_byte<1>(sig_len));	407✔
52	buf += m_signature;	407✔
53
54	return buf;	407✔
55	}	×
56
57	} // namespace Botan::TLS

randombit / botan / 25147314492

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous