Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | | - |
60 | | - |
61 | | - |
62 | | - |
63 | | - |
64 | | - |
65 | #include <stdio.h> | - |
66 | #include <time.h> | - |
67 | | - |
68 | #include <openssl/bn.h> | - |
69 | #include <openssl/err.h> | - |
70 | #include <openssl/rsa.h> | - |
71 | | - |
72 | #include "bn_lcl.h" | - |
73 | | - |
74 | static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); | - |
75 | | - |
76 | | - |
77 | | - |
78 | | - |
79 | | - |
80 | | - |
81 | | - |
82 | | - |
83 | int | - |
84 | RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) | - |
85 | { | - |
86 | if (rsa->meth->rsa_keygen)TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
87 | return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); never executed: return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); | 0 |
88 | return rsa_builtin_keygen(rsa, bits, e_value, cb);executed 1 time by 1 test: return rsa_builtin_keygen(rsa, bits, e_value, cb); | 1 |
89 | } | - |
90 | | - |
91 | static int | - |
92 | rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) | - |
93 | { | - |
94 | BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; | - |
95 | BIGNUM pr0, d, p; | - |
96 | int bitsp, bitsq, ok = -1, n = 0; | - |
97 | BN_CTX *ctx = NULL; | - |
98 | | - |
99 | ctx = BN_CTX_new(); | - |
100 | if (ctx == NULL)TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
101 | goto err; never executed: goto err; | 0 |
102 | BN_CTX_start(ctx); | - |
103 | if ((r0 = BN_CTX_get(ctx)) == NULL)TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
104 | goto err; never executed: goto err; | 0 |
105 | if ((r1 = BN_CTX_get(ctx)) == NULL)TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
106 | goto err; never executed: goto err; | 0 |
107 | if ((r2 = BN_CTX_get(ctx)) == NULL)TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
108 | goto err; never executed: goto err; | 0 |
109 | if ((r3 = BN_CTX_get(ctx)) == NULL)TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
110 | goto err; never executed: goto err; | 0 |
111 | | - |
112 | bitsp = (bits + 1) / 2; | - |
113 | bitsq = bits - bitsp; | - |
114 | | - |
115 | | - |
116 | if (!rsa->n && ((rsa->n = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
117 | goto err; never executed: goto err; | 0 |
118 | if (!rsa->d && ((rsa->d = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
119 | goto err; never executed: goto err; | 0 |
120 | if (!rsa->e && ((rsa->e = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
121 | goto err; never executed: goto err; | 0 |
122 | if (!rsa->p && ((rsa->p = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
123 | goto err; never executed: goto err; | 0 |
124 | if (!rsa->q && ((rsa->q = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
125 | goto err; never executed: goto err; | 0 |
126 | if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
127 | goto err; never executed: goto err; | 0 |
128 | if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
129 | goto err; never executed: goto err; | 0 |
130 | if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
131 | goto err; never executed: goto err; | 0 |
132 | | - |
133 | BN_copy(rsa->e, e_value); | - |
134 | | - |
135 | | - |
136 | for (;;) { | - |
137 | if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
138 | goto err; never executed: goto err; | 0 |
139 | if (!BN_sub(r2, rsa->p, BN_value_one()))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
140 | goto err; never executed: goto err; | 0 |
141 | if (!BN_gcd_ct(r1, r2, rsa->e, ctx))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
142 | goto err; never executed: goto err; | 0 |
143 | if (BN_is_one(r1))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
| 0-1 |
144 | break;executed 1 time by 1 test: break; | 1 |
145 | if (!BN_GENCB_call(cb, 2, n++))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
146 | goto err; never executed: goto err; | 0 |
147 | } never executed: end of block | 0 |
148 | if (!BN_GENCB_call(cb, 3, 0))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
149 | goto err; never executed: goto err; | 0 |
150 | for (;;) { | - |
151 | | - |
152 | | - |
153 | | - |
154 | | - |
155 | | - |
156 | unsigned int degenerate = 0; | - |
157 | do { | - |
158 | if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL,TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
159 | cb))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
160 | goto err; never executed: goto err; | 0 |
161 | } while (BN_cmp(rsa->p, rsa->q) == 0 &&executed 1 time by 1 test: end of block TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
162 | ++degenerate < 3);TRUE | never evaluated | FALSE | never evaluated |
| 0 |
163 | if (degenerate == 3) {TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
164 | ok = 0; | - |
165 | RSAerror(RSA_R_KEY_SIZE_TOO_SMALL); | - |
166 | goto err; never executed: goto err; | 0 |
167 | } | - |
168 | if (!BN_sub(r2, rsa->q, BN_value_one()))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
169 | goto err; never executed: goto err; | 0 |
170 | if (!BN_gcd_ct(r1, r2, rsa->e, ctx))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
171 | goto err; never executed: goto err; | 0 |
172 | if (BN_is_one(r1))TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
| 0-1 |
173 | break;executed 1 time by 1 test: break; | 1 |
174 | if (!BN_GENCB_call(cb, 2, n++))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
175 | goto err; never executed: goto err; | 0 |
176 | } never executed: end of block | 0 |
177 | if (!BN_GENCB_call(cb, 3, 1))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
178 | goto err; never executed: goto err; | 0 |
179 | if (BN_cmp(rsa->p, rsa->q) < 0) {TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
| 0-1 |
180 | tmp = rsa->p; | - |
181 | rsa->p = rsa->q; | - |
182 | rsa->q = tmp; | - |
183 | }executed 1 time by 1 test: end of block | 1 |
184 | | - |
185 | | - |
186 | if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
187 | goto err; never executed: goto err; | 0 |
188 | | - |
189 | | - |
190 | if (!BN_sub(r1, rsa->p, BN_value_one())) TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
191 | goto err; never executed: goto err; | 0 |
192 | if (!BN_sub(r2, rsa->q, BN_value_one())) TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
193 | goto err; never executed: goto err; | 0 |
194 | if (!BN_mul(r0, r1, r2, ctx)) TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
195 | goto err; never executed: goto err; | 0 |
196 | | - |
197 | BN_with_flags(&pr0, r0, BN_FLG_CONSTTIME); | - |
198 | | - |
199 | if (!BN_mod_inverse_ct(rsa->d, rsa->e, &pr0, ctx)) TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
200 | goto err; never executed: goto err; | 0 |
201 | | - |
202 | | - |
203 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | - |
204 | | - |
205 | | - |
206 | if (!BN_mod_ct(rsa->dmp1, &d, r1, ctx))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
207 | goto err; never executed: goto err; | 0 |
208 | | - |
209 | | - |
210 | if (!BN_mod_ct(rsa->dmq1, &d, r2, ctx))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
211 | goto err; never executed: goto err; | 0 |
212 | | - |
213 | | - |
214 | BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); | - |
215 | if (!BN_mod_inverse_ct(rsa->iqmp, rsa->q, &p, ctx))TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
216 | goto err; never executed: goto err; | 0 |
217 | | - |
218 | ok = 1; | - |
219 | err:code before this statement executed 1 time by 1 test: err: | 1 |
220 | if (ok == -1) {TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
| 0-1 |
221 | RSAerror(ERR_LIB_BN); | - |
222 | ok = 0; | - |
223 | } never executed: end of block | 0 |
224 | if (ctx != NULL) {TRUE | evaluated 1 time by 1 test | FALSE | never evaluated |
| 0-1 |
225 | BN_CTX_end(ctx); | - |
226 | BN_CTX_free(ctx); | - |
227 | }executed 1 time by 1 test: end of block | 1 |
228 | | - |
229 | return ok;executed 1 time by 1 test: return ok; | 1 |
230 | } | - |
| | |