OpenCoverage

p5_crpt2.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/evp/p5_crpt2.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ -

2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -

3 * project 1999. -

4 */ -

5 /* ==================================================================== -

7 * -

8 * Redistribution and use in source and binary forms, with or without -

9 * modification, are permitted provided that the following conditions -

10 * are met: -

11 * -

12 * 1. Redistributions of source code must retain the above copyright -

13 * notice, this list of conditions and the following disclaimer. -

14 * -

15 * 2. Redistributions in binary form must reproduce the above copyright -

16 * notice, this list of conditions and the following disclaimer in -

17 * the documentation and/or other materials provided with the -

18 * distribution. -

19 * -

20 * 3. All advertising materials mentioning features or use of this -

21 * software must display the following acknowledgment: -

22 * "This product includes software developed by the OpenSSL Project -

23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -

24 * -

25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -

26 * endorse or promote products derived from this software without -

27 * prior written permission. For written permission, please contact -

28 * licensing@OpenSSL.org. -

29 * -

30 * 5. Products derived from this software may not be called "OpenSSL" -

31 * nor may "OpenSSL" appear in their names without prior written -

32 * permission of the OpenSSL Project. -

33 * -

34 * 6. Redistributions of any form whatsoever must retain the following -

35 * acknowledgment: -

36 * "This product includes software developed by the OpenSSL Project -

37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -

38 * -

39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -

40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -

41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -

42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -

43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -

44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -

46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -

47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -

48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -

49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -

50 * OF THE POSSIBILITY OF SUCH DAMAGE. -

51 * ==================================================================== -

52 * -

53 * This product includes cryptographic software written by Eric Young -

54 * (eay@cryptsoft.com). This product includes software written by Tim -

55 * Hudson (tjh@cryptsoft.com). -

56 * -

57 */ -

58 -

59 #include <stdio.h> -

60 #include <stdlib.h> -

61 #include <string.h> -

62 -

63 #include <openssl/opensslconf.h> -

64 -

65 #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) -

66 -

67 #include <openssl/err.h> -

68 #include <openssl/evp.h> -

69 #include <openssl/hmac.h> -

70 #include <openssl/x509.h> -

71 -

72 #include "evp_locl.h" -

73 -

74 /* This is an implementation of PKCS#5 v2.0 password based encryption key -

75 * derivation function PBKDF2. -

76 * SHA1 version verified against test vectors posted by Peter Gutmann -

77 * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list. -

78 */ -

79 -

80 int -

81 PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, -

82 int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) -

83 { -

84 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; -

85 int cplen, j, k, tkeylen, mdlen; -

86 unsigned long i = 1; -

87 HMAC_CTX hctx_tpl, hctx; -

88 -

89 mdlen = EVP_MD_size(digest); -

if (mdlen < 0)

mdlen < 0	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: pbkdf2

0-15

return 0;

never executed: return 0;

92 -

93 HMAC_CTX_init(&hctx_tpl); -

94 p = out; -

95 tkeylen = keylen; -

if (!pass)

!pass	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: pbkdf2

0-15

passlen = 0;

never executed: passlen = 0;

else if (passlen == -1)

passlen == -1	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: pbkdf2

0-15

passlen = strlen(pass);

never executed: passlen = strlen(pass);

100

if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {

!HMAC_Init_ex(... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 15 times by 1 test Evaluated by: pbkdf2

0-15

101 HMAC_CTX_cleanup(&hctx_tpl); -

102

return 0;

never executed: return 0;

103 } -

104

while (tkeylen) {

tkeylen	Description
TRUE	evaluated 17 times by 1 test Evaluated by: pbkdf2
FALSE	evaluated 15 times by 1 test Evaluated by: pbkdf2

15-17

105

if (tkeylen > mdlen)

tkeylen > mdlen	Description
TRUE	evaluated 2 times by 1 test Evaluated by: pbkdf2
FALSE	evaluated 15 times by 1 test Evaluated by: pbkdf2

2-15

106

cplen = mdlen;

executed 2 times by 1 test: cplen = mdlen;

Executed by:

pbkdf2

107 else -

108

cplen = tkeylen;

executed 15 times by 1 test: cplen = tkeylen;

Executed by:

pbkdf2

109 /* We are unlikely to ever use more than 256 blocks (5120 bits!) -

110 * but just in case... -

111 */ -

112 itmp[0] = (unsigned char)((i >> 24) & 0xff); -

113 itmp[1] = (unsigned char)((i >> 16) & 0xff); -

114 itmp[2] = (unsigned char)((i >> 8) & 0xff); -

115 itmp[3] = (unsigned char)(i & 0xff); -

116

if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {

!HMAC_CTX_copy...tx, &hctx_tpl)	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: pbkdf2

0-17

117 HMAC_CTX_cleanup(&hctx_tpl); -

118

return 0;

never executed: return 0;

119 } -

120

if (!HMAC_Update(&hctx, salt, saltlen) ||

!HMAC_Update(&...salt, saltlen)	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: pbkdf2

0-17

121

!HMAC_Update(&hctx, itmp, 4) ||

!HMAC_Update(&hctx, itmp, 4)	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: pbkdf2

0-17

122

!HMAC_Final(&hctx, digtmp, NULL)) {

!HMAC_Final(&h... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 17 times by 1 test Evaluated by: pbkdf2

0-17

123 HMAC_CTX_cleanup(&hctx_tpl); -

124 HMAC_CTX_cleanup(&hctx); -

125

return 0;

never executed: return 0;

126 } -

127 HMAC_CTX_cleanup(&hctx); -

128 memcpy(p, digtmp, cplen); -

129

for (j = 1; j < iter; j++) {

j < iter	Description
TRUE	evaluated 45048 times by 1 test Evaluated by: pbkdf2
FALSE	evaluated 17 times by 1 test Evaluated by: pbkdf2

17-45048

130

if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {

!HMAC_CTX_copy...tx, &hctx_tpl)	Description
TRUE	never evaluated
FALSE	evaluated 45048 times by 1 test Evaluated by: pbkdf2

0-45048

131 HMAC_CTX_cleanup(&hctx_tpl); -

132

return 0;

never executed: return 0;

133 } -

134

if (!HMAC_Update(&hctx, digtmp, mdlen) ||

!HMAC_Update(&...digtmp, mdlen)	Description
TRUE	never evaluated
FALSE	evaluated 45048 times by 1 test Evaluated by: pbkdf2

0-45048

135

!HMAC_Final(&hctx, digtmp, NULL)) {

!HMAC_Final(&h... ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 45048 times by 1 test Evaluated by: pbkdf2

0-45048

136 HMAC_CTX_cleanup(&hctx_tpl); -

137 HMAC_CTX_cleanup(&hctx); -

138

return 0;

never executed: return 0;

139 } -

140 HMAC_CTX_cleanup(&hctx); -

141

for (k = 0; k < cplen; k++)

k < cplen	Description
TRUE	evaluated 1199951 times by 1 test Evaluated by: pbkdf2
FALSE	evaluated 45048 times by 1 test Evaluated by: pbkdf2

45048-1199951

142

p[k] ^= digtmp[k];

executed 1199951 times by 1 test: p[k] ^= digtmp[k];

Executed by:

pbkdf2

1199951

143

}

executed 45048 times by 1 test: end of block

Executed by:

pbkdf2

45048

144 tkeylen -= cplen; -

145 i++; -

146 p += cplen; -

147

}

executed 17 times by 1 test: end of block

Executed by:

pbkdf2

148 HMAC_CTX_cleanup(&hctx_tpl); -

149

return 1;

executed 15 times by 1 test: return 1;

Executed by:

pbkdf2

150 } -

151 -

152 int -

153 PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, -

154 int saltlen, int iter, int keylen, unsigned char *out) -

155 { -

156

return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,

never executed: return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(), keylen, out);

157

EVP_sha1(), keylen, out);

never executed: return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(), keylen, out);

158 } -

159 -

160 /* Now the key derivation function itself. This is a bit evil because -

161 * it has to check the ASN1 parameters are valid: and there are quite a -

162 * few of them... -

163 */ -

164 -

165 int -

166 PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -

167 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) -

168 { -

169 const unsigned char *pbuf; -

170 int plen; -

171 PBE2PARAM *pbe2 = NULL; -

172 const EVP_CIPHER *cipher; -

173 -

174 int rv = 0; -

175 -

176

if (param == NULL || param->type != V_ASN1_SEQUENCE ||

param == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

param->type != 16	Description
TRUE	never evaluated
FALSE	never evaluated

177

param->value.sequence == NULL) {

param->value.s...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

178 EVPerror(EVP_R_DECODE_ERROR); -

179

goto err;

never executed: goto err;

180 } -

181 -

182 pbuf = param->value.sequence->data; -

183 plen = param->value.sequence->length; -

184

if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {

!(pbe2 = d2i_P... &pbuf, plen))	Description
TRUE	never evaluated
FALSE	never evaluated

185 EVPerror(EVP_R_DECODE_ERROR); -

186

goto err;

never executed: goto err;

187 } -

188 -

189 /* See if we recognise the key derivation function */ -

190 -

191

if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {

OBJ_obj2nid(pb...gorithm) != 69	Description
TRUE	never evaluated
FALSE	never evaluated

192 EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); -

193

goto err;

never executed: goto err;

194 } -

195 -

196 /* lets see if we recognise the encryption algorithm. -

197 */ -

198 -

199 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); -

200 -

201

if (!cipher) {

!cipher	Description
TRUE	never evaluated
FALSE	never evaluated

202 EVPerror(EVP_R_UNSUPPORTED_CIPHER); -

203

goto err;

never executed: goto err;

204 } -

205 -

206 /* Fixup cipher based on AlgorithmIdentifier */ -

207

if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))

!EVP_CipherIni... *)0) , en_de)	Description
TRUE	never evaluated
FALSE	never evaluated

208

goto err;

never executed: goto err;

209

if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {

EVP_CIPHER_asn...parameter) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

210 EVPerror(EVP_R_CIPHER_PARAMETER_ERROR); -

211

goto err;

never executed: goto err;

212 } -

213 rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, -

214 pbe2->keyfunc->parameter, c, md, en_de); -

215 -

216

err:

code before this statement never executed: err:

217 PBE2PARAM_free(pbe2); -

218

return rv;

never executed: return rv;

219 } -

220 -

221 int -

222 PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -

223 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) -

224 { -

225 unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; -

226 const unsigned char *pbuf; -

227 int saltlen, iter, plen; -

228 int rv = 0; -

229 unsigned int keylen = 0; -

230 int prf_nid, hmac_md_nid; -

231 PBKDF2PARAM *kdf = NULL; -

232 const EVP_MD *prfmd; -

233 -

234

if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {

EVP_CIPHER_CTX...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

235 EVPerror(EVP_R_NO_CIPHER_SET); -

236

return 0;

never executed: return 0;

237 } -

238 keylen = EVP_CIPHER_CTX_key_length(ctx); -

239

if (keylen > sizeof key) {

keylen > sizeof key	Description
TRUE	never evaluated
FALSE	never evaluated

240 EVPerror(EVP_R_BAD_KEY_LENGTH); -

241

return 0;

never executed: return 0;

242 } -

243 -

244 /* Decode parameter */ -

245 -

246

if (!param || (param->type != V_ASN1_SEQUENCE)) {

!param	Description
TRUE	never evaluated
FALSE	never evaluated

(param->type != 16)	Description
TRUE	never evaluated
FALSE	never evaluated

247 EVPerror(EVP_R_DECODE_ERROR); -

248

return 0;

never executed: return 0;

249 } -

250 -

251 pbuf = param->value.sequence->data; -

252 plen = param->value.sequence->length; -

253 -

254

if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {

!(kdf = d2i_PB... &pbuf, plen))	Description
TRUE	never evaluated
FALSE	never evaluated

255 EVPerror(EVP_R_DECODE_ERROR); -

256

return 0;

never executed: return 0;

257 } -

258 -

259 /* Now check the parameters of the kdf */ -

260 -

261

if (kdf->keylength &&

kdf->keylength	Description
TRUE	never evaluated
FALSE	never evaluated

262

(ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){

(ASN1_INTEGER_...= (int)keylen)	Description
TRUE	never evaluated
FALSE	never evaluated

263 EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH); -

264

goto err;

never executed: goto err;

265 } -

266 -

267

if (kdf->prf)

kdf->prf	Description
TRUE	never evaluated
FALSE	never evaluated

268

prf_nid = OBJ_obj2nid(kdf->prf->algorithm);

never executed: prf_nid = OBJ_obj2nid(kdf->prf->algorithm);

269 else -

270

prf_nid = NID_hmacWithSHA1;

never executed: prf_nid = 163;

271 -

272

if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {

!EVP_PBE_find(...mac_md_nid, 0)	Description
TRUE	never evaluated
FALSE	never evaluated

273 EVPerror(EVP_R_UNSUPPORTED_PRF); -

274

goto err;

never executed: goto err;

275 } -

276 -

277 prfmd = EVP_get_digestbynid(hmac_md_nid); -

278

if (prfmd == NULL) {

prfmd == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

279 EVPerror(EVP_R_UNSUPPORTED_PRF); -

280

goto err;

never executed: goto err;

281 } -

282 -

283

if (kdf->salt->type != V_ASN1_OCTET_STRING) {

kdf->salt->type != 4	Description
TRUE	never evaluated
FALSE	never evaluated

284 EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE); -

285

goto err;

never executed: goto err;

286 } -

287 -

288 /* it seems that its all OK */ -

289 salt = kdf->salt->value.octet_string->data; -

290 saltlen = kdf->salt->value.octet_string->length; -

291

if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {

(iter = ASN1_I...f->iter)) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

292 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); -

293

goto err;

never executed: goto err;

294 } -

295

if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,

!PKCS5_PBKDF2_..., keylen, key)	Description
TRUE	never evaluated
FALSE	never evaluated

296

keylen, key))

!PKCS5_PBKDF2_..., keylen, key)	Description
TRUE	never evaluated
FALSE	never evaluated

297

goto err;

never executed: goto err;

298 rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); -

299 -

300

err:

code before this statement never executed: err:

301 explicit_bzero(key, keylen); -

302 PBKDF2PARAM_free(kdf); -

303

return rv;

never executed: return rv;

304 } -

305 -

306 #endif -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2