OpenCoverage

ec_mult.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/ec/ec_mult.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: ec_mult.c,v 1.24 2018/07/15 16:27:39 tb Exp $ */ -

2 /* -

3 * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. -

4 */ -

5 /* ==================================================================== -

7 * -

8 * Redistribution and use in source and binary forms, with or without -

9 * modification, are permitted provided that the following conditions -

10 * are met: -

11 * -

12 * 1. Redistributions of source code must retain the above copyright -

13 * notice, this list of conditions and the following disclaimer. -

14 * -

15 * 2. Redistributions in binary form must reproduce the above copyright -

16 * notice, this list of conditions and the following disclaimer in -

17 * the documentation and/or other materials provided with the -

18 * distribution. -

19 * -

20 * 3. All advertising materials mentioning features or use of this -

21 * software must display the following acknowledgment: -

22 * "This product includes software developed by the OpenSSL Project -

23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -

24 * -

25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -

26 * endorse or promote products derived from this software without -

27 * prior written permission. For written permission, please contact -

28 * openssl-core@openssl.org. -

29 * -

30 * 5. Products derived from this software may not be called "OpenSSL" -

31 * nor may "OpenSSL" appear in their names without prior written -

32 * permission of the OpenSSL Project. -

33 * -

34 * 6. Redistributions of any form whatsoever must retain the following -

35 * acknowledgment: -

36 * "This product includes software developed by the OpenSSL Project -

37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -

38 * -

39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -

40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -

41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -

42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -

43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -

44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -

46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -

47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -

48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -

49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -

50 * OF THE POSSIBILITY OF SUCH DAMAGE. -

51 * ==================================================================== -

52 * -

53 * This product includes cryptographic software written by Eric Young -

54 * (eay@cryptsoft.com). This product includes software written by Tim -

55 * Hudson (tjh@cryptsoft.com). -

56 * -

57 */ -

58 /* ==================================================================== -

60 * Portions of this software developed by SUN MICROSYSTEMS, INC., -

61 * and contributed to the OpenSSL project. -

62 */ -

63 -

64 #include <string.h> -

65 -

66 #include <openssl/err.h> -

67 -

68 #include "ec_lcl.h" -

69 -

70 -

71 /* -

72 * This file implements the wNAF-based interleaving multi-exponentation method -

73 * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>); -

74 * for multiplication with precomputation, we use wNAF splitting -

75 * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>). -

76 */ -

77 -

78 -

79 -

80 -

81 /* structure for precomputed multiples of the generator */ -

82 typedef struct ec_pre_comp_st { -

83 const EC_GROUP *group; /* parent EC_GROUP object */ -

84 size_t blocksize; /* block size for wNAF splitting */ -

85 size_t numblocks; /* max. number of blocks for which we have -

86 * precomputation */ -

87 size_t w; /* window size */ -

88 EC_POINT **points; /* array with pre-calculated multiples of -

89 * generator: 'num' pointers to EC_POINT -

90 * objects followed by a NULL */ -

91 size_t num; /* numblocks * 2^(w-1) */ -

92 int references; -

93 } EC_PRE_COMP; -

94 -

95 /* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ -

96 static void *ec_pre_comp_dup(void *); -

97 static void ec_pre_comp_free(void *); -

98 static void ec_pre_comp_clear_free(void *); -

99 -

100 static EC_PRE_COMP * -

101 ec_pre_comp_new(const EC_GROUP * group) -

102 { -

103 EC_PRE_COMP *ret = NULL; -

104 -

105

if (!group)

!group	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

106

return NULL;

never executed: return ((void *)0) ;

107 -

108 ret = malloc(sizeof(EC_PRE_COMP)); -

109

if (!ret) {

!ret	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

110 ECerror(ERR_R_MALLOC_FAILURE); -

111

return ret;

never executed: return ret;

112 } -

113 ret->group = group; -

114 ret->blocksize = 8; /* default */ -

115 ret->numblocks = 0; -

116 ret->w = 4; /* default */ -

117 ret->points = NULL; -

118 ret->num = 0; -

119 ret->references = 1; -

120

return ret;

executed 10 times by 1 test: return ret;

Executed by:

ectest

121 } -

122 -

123 static void * -

124 ec_pre_comp_dup(void *src_) -

125 { -

126 EC_PRE_COMP *src = src_; -

127 -

128 /* no need to actually copy, these objects never change! */ -

129 -

130 CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); -

131 -

132

return src_;

executed 10 times by 1 test: return src_;

Executed by:

ectest

133 } -

134 -

135 static void -

136 ec_pre_comp_free(void *pre_) -

137 { -

138 int i; -

139 EC_PRE_COMP *pre = pre_; -

140 -

141

if (!pre)

!pre	Description
TRUE	evaluated 10 times by 1 test Evaluated by: ectest
FALSE	evaluated 20 times by 1 test Evaluated by: ectest

10-20

142

return;

executed 10 times by 1 test: return;

Executed by:

ectest

143 -

144 i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); -

145

if (i > 0)

i > 0	Description
TRUE	evaluated 10 times by 1 test Evaluated by: ectest
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

146

return;

executed 10 times by 1 test: return;

Executed by:

ectest

147 -

148

if (pre->points) {

pre->points	Description
TRUE	evaluated 10 times by 1 test Evaluated by: ectest
FALSE	never evaluated

0-10

149 EC_POINT **p; -

150 -

151

for (p = pre->points; *p != NULL; p++)

p != ((void )0)	Description
TRUE	evaluated 3360 times by 1 test Evaluated by: ectest
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

10-3360

152

EC_POINT_free(*p);

executed 3360 times by 1 test: EC_POINT_free(*p);

Executed by:

ectest

3360

153 free(pre->points); -

154

}

executed 10 times by 1 test: end of block

Executed by:

ectest

155 free(pre); -

156

}

executed 10 times by 1 test: end of block

Executed by:

ectest

157 -

158 static void -

159 ec_pre_comp_clear_free(void *pre_) -

160 { -

161 int i; -

162 EC_PRE_COMP *pre = pre_; -

163 -

164

if (!pre)

!pre	Description
TRUE	never evaluated
FALSE	never evaluated

165

return;

never executed: return;

166 -

167 i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); -

168

if (i > 0)

i > 0	Description
TRUE	never evaluated
FALSE	never evaluated

169

return;

never executed: return;

170 -

171

if (pre->points) {

pre->points	Description
TRUE	never evaluated
FALSE	never evaluated

172 EC_POINT **p; -

173 -

174

for (p = pre->points; *p != NULL; p++) {

p != ((void )0)	Description
TRUE	never evaluated
FALSE	never evaluated

175 EC_POINT_clear_free(*p); -

176 explicit_bzero(p, sizeof *p); -

177

}

never executed: end of block

178 free(pre->points); -

179

}

never executed: end of block

180 freezero(pre, sizeof *pre); -

181

}

never executed: end of block

182 -

183 -

184 -

185 -

186 /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. -

187 * This is an array r[] of values that are either zero or odd with an -

188 * absolute value less than 2^w satisfying -

189 * scalar = \sum_j r[j]*2^j -

190 * where at most one of any w+1 consecutive digits is non-zero -

191 * with the exception that the most significant digit may be only -

192 * w-1 zeros away from that next non-zero digit. -

193 */ -

194 static signed char * -

195 compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len) -

196 { -

197 int window_val; -

198 int ok = 0; -

199 signed char *r = NULL; -

200 int sign = 1; -

201 int bit, next_bit, mask; -

202 size_t len = 0, j; -

203 -

204

if (BN_is_zero(scalar)) {

((scalar)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

205 r = malloc(1); -

206

if (!r) {

!r	Description
TRUE	never evaluated
FALSE	never evaluated

207 ECerror(ERR_R_MALLOC_FAILURE); -

208

goto err;

never executed: goto err;

209 } -

210 r[0] = 0; -

211 *ret_len = 1; -

212

return r;

never executed: return r;

213 } -

214

if (w <= 0 || w > 7) {

w <= 0	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

w > 7	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

215 /* 'signed char' can represent integers with -

216 * absolute values less than 2^7 */ -

217 ECerror(ERR_R_INTERNAL_ERROR); -

218

goto err;

never executed: goto err;

219 } -

220 bit = 1 << w; /* at most 128 */ -

221 next_bit = bit << 1; /* at most 256 */ -

222 mask = next_bit - 1; /* at most 255 */ -

223 -

224

if (BN_is_negative(scalar)) {

((scalar)->neg != 0)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

225 sign = -1; -

226

}

never executed: end of block

227

if (scalar->d == NULL || scalar->top == 0) {

scalar->d == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

scalar->top == 0	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

228 ECerror(ERR_R_INTERNAL_ERROR); -

229

goto err;

never executed: goto err;

230 } -

231 len = BN_num_bits(scalar); -

232 r = malloc(len + 1); /* modified wNAF may be one digit longer than -

233 * binary representation (*ret_len will be -

234 * set to the actual length, i.e. at most -

235 * BN_num_bits(scalar) + 1) */ -

236

if (r == NULL) {

r == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

237 ECerror(ERR_R_MALLOC_FAILURE); -

238

goto err;

never executed: goto err;

239 } -

240 window_val = scalar->d[0] & mask; -

241 j = 0; -

242

while ((window_val != 0) || (j + w + 1 < len)) {

(window_val != 0)	Description
TRUE	evaluated 179936 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 18874 times by 1 test Evaluated by: ecdsatest

(j + w + 1 < len)	Description
TRUE	evaluated 18116 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

758-179936

243 /* if j+w+1 >= len, window_val will not increase */ -

244 int digit = 0; -

245 -

246 /* 0 <= window_val <= 2^(w+1) */ -

247

if (window_val & 1) {

window_val & 1	Description
TRUE	evaluated 37782 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 160270 times by 1 test Evaluated by: ecdsatest

37782-160270

248 /* 0 < window_val < 2^(w+1) */ -

249

if (window_val & bit) {

window_val & bit	Description
TRUE	evaluated 18642 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 19140 times by 1 test Evaluated by: ecdsatest

18642-19140

250 digit = window_val - next_bit; /* -2^w < digit < 0 */ -

251 -

252 #if 1 /* modified wNAF */ -

253

if (j + w + 1 >= len) {

j + w + 1 >= len	Description
TRUE	evaluated 166 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 18476 times by 1 test Evaluated by: ecdsatest

166-18476

254 /* -

255 * special case for generating -

256 * modified wNAFs: no new bits will -

257 * be added into window_val, so using -

258 * a positive digit here will -

259 * decrease the total length of the -

260 * representation -

261 */ -

262 -

263 digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ -

264

}

executed 166 times by 1 test: end of block

Executed by:

ecdsatest

166

265 #endif -

266

} else {

executed 18642 times by 1 test: end of block

Executed by:

ecdsatest

18642

267 digit = window_val; /* 0 < digit < 2^w */ -

268

}

executed 19140 times by 1 test: end of block

Executed by:

ecdsatest

19140

269 -

270

if (digit <= -bit || digit >= bit || !(digit & 1)) {

digit <= -bit	Description
TRUE	never evaluated
FALSE	evaluated 37782 times by 1 test Evaluated by: ecdsatest

digit >= bit	Description
TRUE	never evaluated
FALSE	evaluated 37782 times by 1 test Evaluated by: ecdsatest

!(digit & 1)	Description
TRUE	never evaluated
FALSE	evaluated 37782 times by 1 test Evaluated by: ecdsatest

0-37782

271 ECerror(ERR_R_INTERNAL_ERROR); -

272

goto err;

never executed: goto err;

273 } -

274 window_val -= digit; -

275 -

276 /* -

277 * now window_val is 0 or 2^(w+1) in standard wNAF -

278 * generation; for modified window NAFs, it may also -

279 * be 2^w -

280 */ -

281

if (window_val != 0 && window_val != next_bit && window_val != bit) {

window_val != 0	Description
TRUE	evaluated 18642 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 19140 times by 1 test Evaluated by: ecdsatest

window_val != next_bit	Description
TRUE	evaluated 166 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 18476 times by 1 test Evaluated by: ecdsatest

window_val != bit	Description
TRUE	never evaluated
FALSE	evaluated 166 times by 1 test Evaluated by: ecdsatest

0-19140

282 ECerror(ERR_R_INTERNAL_ERROR); -

283

goto err;

never executed: goto err;

284 } -

285

}

executed 37782 times by 1 test: end of block

Executed by:

ecdsatest

37782

286 r[j++] = sign * digit; -

287 -

288 window_val >>= 1; -

289 window_val += bit * BN_is_bit_set(scalar, j + w); -

290 -

291

if (window_val > next_bit) {

window_val > next_bit	Description
TRUE	never evaluated
FALSE	evaluated 198052 times by 1 test Evaluated by: ecdsatest

0-198052

292 ECerror(ERR_R_INTERNAL_ERROR); -

293

goto err;

never executed: goto err;

294 } -

295

}

executed 198052 times by 1 test: end of block

Executed by:

ecdsatest

198052

296 -

297

if (j > len + 1) {

j > len + 1	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

298 ECerror(ERR_R_INTERNAL_ERROR); -

299

goto err;

never executed: goto err;

300 } -

301 len = j; -

302 ok = 1; -

303 -

304

err:

code before this statement executed 758 times by 1 test: err:

Executed by:

ecdsatest

758

305

if (!ok) {

!ok	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

306 free(r); -

307 r = NULL; -

308

}

never executed: end of block

309

if (ok)

ok	Description
TRUE	evaluated 758 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-758

310

*ret_len = len;

executed 758 times by 1 test: *ret_len = len;

Executed by:

ecdsatest

758

311

return r;

executed 758 times by 1 test: return r;

Executed by:

ecdsatest

758

312 } -

313 -

314 -

315 /* TODO: table should be optimised for the wNAF-based implementation, -

316 * sometimes smaller windows will give better performance -

317 * (thus the boundaries should be increased) -

318 */ -

319 #define EC_window_bits_for_scalar_size(b) \ -

320 ((size_t) \ -

321 ((b) >= 2000 ? 6 : \ -

322 (b) >= 800 ? 5 : \ -

323 (b) >= 300 ? 4 : \ -

324 (b) >= 70 ? 3 : \ -

325 (b) >= 20 ? 2 : \ -

326 1)) -

327 -

328 /* Compute -

329 * \sum scalars[i]*points[i], -

330 * also including -

331 * scalar*generator -

332 * in the addition if scalar != NULL -

333 */ -

334 int -

335 ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar, -

336 size_t num, const EC_POINT * points[], const BIGNUM * scalars[], BN_CTX * ctx) -

337 { -

338 BN_CTX *new_ctx = NULL; -

339 const EC_POINT *generator = NULL; -

340 EC_POINT *tmp = NULL; -

341 size_t totalnum; -

342 size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ -

343 size_t pre_points_per_block = 0; -

344 size_t i, j; -

345 int k; -

346 int r_is_inverted = 0; -

347 int r_is_at_infinity = 1; -

348 size_t *wsize = NULL; /* individual window sizes */ -

349 signed char **wNAF = NULL; /* individual wNAFs */ -

350 signed char *tmp_wNAF = NULL; -

351 size_t *wNAF_len = NULL; -

352 size_t max_len = 0; -

353 size_t num_val; -

354 EC_POINT **val = NULL; /* precomputation */ -

355 EC_POINT **v; -

356 EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or -

357 * 'pre_comp->points' */ -

358 const EC_PRE_COMP *pre_comp = NULL; -

359 int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be -

360 * treated like other scalars, i.e. -

361 * precomputation is not available */ -

362 int ret = 0; -

363 -

364

if (group->meth != r->meth) {

group->meth != r->meth	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

365 ECerror(EC_R_INCOMPATIBLE_OBJECTS); -

366

return 0;

never executed: return 0;

367 } -

368

if ((scalar == NULL) && (num == 0)) {

(scalar == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

(num == 0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-379

369

return EC_POINT_set_to_infinity(group, r);

never executed: return EC_POINT_set_to_infinity(group, r);

370 } -

371

for (i = 0; i < num; i++) {

i < num	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379

372

if (group->meth != points[i]->meth) {

group->meth != points[i]->meth	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

373 ECerror(EC_R_INCOMPATIBLE_OBJECTS); -

374

return 0;

never executed: return 0;

375 } -

376

}

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

377 -

378

if (ctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

379 ctx = new_ctx = BN_CTX_new(); -

380

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

381

goto err;

never executed: goto err;

382

}

never executed: end of block

383

if (scalar != NULL) {

scalar != ((void *)0)	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-379

384 generator = EC_GROUP_get0_generator(group); -

385

if (generator == NULL) {

generator == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

386 ECerror(EC_R_UNDEFINED_GENERATOR); -

387

goto err;

never executed: goto err;

388 } -

389 /* look if we can use precomputed multiples of generator */ -

390 -

391 pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); -

392 -

393

if (pre_comp && pre_comp->numblocks &&

pre_comp	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

pre_comp->numblocks	Description
TRUE	never evaluated
FALSE	never evaluated

0-379

394

(EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) {

(EC_POINT_cmp(...0], ctx) == 0)	Description
TRUE	never evaluated
FALSE	never evaluated

395 blocksize = pre_comp->blocksize; -

396 -

397 /* -

398 * determine maximum number of blocks that wNAF -

399 * splitting may yield (NB: maximum wNAF length is -

400 * bit length plus one) -

401 */ -

402 numblocks = (BN_num_bits(scalar) / blocksize) + 1; -

403 -

404 /* -

405 * we cannot use more blocks than we have -

406 * precomputation for -

407 */ -

408

if (numblocks > pre_comp->numblocks)

numblocks > pr...omp->numblocks	Description
TRUE	never evaluated
FALSE	never evaluated

409

numblocks = pre_comp->numblocks;

never executed: numblocks = pre_comp->numblocks;

410 -

411 pre_points_per_block = (size_t) 1 << (pre_comp->w - 1); -

412 -

413 /* check that pre_comp looks sane */ -

414

if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {

pre_comp->num ...nts_per_block)	Description
TRUE	never evaluated
FALSE	never evaluated

415 ECerror(ERR_R_INTERNAL_ERROR); -

416

goto err;

never executed: goto err;

417 } -

418

} else {

never executed: end of block

419 /* can't use precomputation */ -

420 pre_comp = NULL; -

421 numblocks = 1; -

422 num_scalar = 1; /* treat 'scalar' like 'num'-th -

423 * element of 'scalars' */ -

424

}

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

425 } -

426 totalnum = num + numblocks; -

427 -

428 /* includes space for pivot */ -

429 wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]); -

430

if (wNAF == NULL) {

wNAF == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

431 ECerror(ERR_R_MALLOC_FAILURE); -

432

goto err;

never executed: goto err;

433 } -

434 -

435 wNAF[0] = NULL; /* preliminary pivot */ -

436 -

437 wsize = reallocarray(NULL, totalnum, sizeof wsize[0]); -

438 wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]); -

439 val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]); -

440 -

441

if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) {

wsize == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

wNAF_len == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

val_sub == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

442 ECerror(ERR_R_MALLOC_FAILURE); -

443

goto err;

never executed: goto err;

444 } -

445 -

446 /* num_val will be the total number of temporarily precomputed points */ -

447 num_val = 0; -

448 -

449

for (i = 0; i < num + num_scalar; i++) {

i < num + num_scalar	Description
TRUE	evaluated 758 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379-758

450 size_t bits; -

451 -

452

bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);

i < num	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379

453

wsize[i] = EC_window_bits_for_scalar_size(bits);

(bits) >= 2000	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

(bits) >= 800	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

(bits) >= 300	Description
TRUE	evaluated 170 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 588 times by 1 test Evaluated by: ecdsatest

(bits) >= 70	Description
TRUE	evaluated 588 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

(bits) >= 20	Description
TRUE	never evaluated
FALSE	never evaluated

0-758

454 num_val += (size_t) 1 << (wsize[i] - 1); -

455 wNAF[i + 1] = NULL; /* make sure we always have a pivot */ -

456 wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); -

457

if (wNAF[i] == NULL)

wNAF[i] == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

458

goto err;

never executed: goto err;

459

if (wNAF_len[i] > max_len)

wNAF_len[i] > max_len	Description
TRUE	evaluated 511 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 247 times by 1 test Evaluated by: ecdsatest

247-511

460

max_len = wNAF_len[i];

executed 511 times by 1 test: max_len = wNAF_len[i];

Executed by:

ecdsatest

511

461

}

executed 758 times by 1 test: end of block

Executed by:

ecdsatest

758

462 -

463

if (numblocks) {

numblocks	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-379

464 /* we go here iff scalar != NULL */ -

465 -

466

if (pre_comp == NULL) {

pre_comp == ((void *)0)	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-379

467

if (num_scalar != 1) {

num_scalar != 1	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

468 ECerror(ERR_R_INTERNAL_ERROR); -

469

goto err;

never executed: goto err;

470 } -

471 /* we have already generated a wNAF for 'scalar' */ -

472

} else {

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

473 size_t tmp_len = 0; -

474 -

475

if (num_scalar != 0) {

num_scalar != 0	Description
TRUE	never evaluated
FALSE	never evaluated

476 ECerror(ERR_R_INTERNAL_ERROR); -

477

goto err;

never executed: goto err;

478 } -

479 /* -

480 * use the window size for which we have -

481 * precomputation -

482 */ -

483 wsize[num] = pre_comp->w; -

484 tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); -

485

if (tmp_wNAF == NULL)

tmp_wNAF == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

486

goto err;

never executed: goto err;

487 -

488

if (tmp_len <= max_len) {

tmp_len <= max_len	Description
TRUE	never evaluated
FALSE	never evaluated

489 /* -

490 * One of the other wNAFs is at least as long -

491 * as the wNAF belonging to the generator, so -

492 * wNAF splitting will not buy us anything. -

493 */ -

494 -

495 numblocks = 1; -

496 totalnum = num + 1; /* don't use wNAF -

497 * splitting */ -

498 wNAF[num] = tmp_wNAF; -

499 tmp_wNAF = NULL; -

500 wNAF[num + 1] = NULL; -

501 wNAF_len[num] = tmp_len; -

502

if (tmp_len > max_len)

tmp_len > max_len	Description
TRUE	never evaluated
FALSE	never evaluated

503

max_len = tmp_len;

never executed: max_len = tmp_len;

504 /* -

505 * pre_comp->points starts with the points -

506 * that we need here: -

507 */ -

508 val_sub[num] = pre_comp->points; -

509

} else {

never executed: end of block

510 /* -

511 * don't include tmp_wNAF directly into wNAF -

512 * array - use wNAF splitting and include the -

513 * blocks -

514 */ -

515 -

516 signed char *pp; -

517 EC_POINT **tmp_points; -

518 -

519

if (tmp_len < numblocks * blocksize) {

tmp_len < numb...ks * blocksize	Description
TRUE	never evaluated
FALSE	never evaluated

520 /* -

521 * possibly we can do with fewer -

522 * blocks than estimated -

523 */ -

524 numblocks = (tmp_len + blocksize - 1) / blocksize; -

525

if (numblocks > pre_comp->numblocks) {

numblocks > pr...omp->numblocks	Description
TRUE	never evaluated
FALSE	never evaluated

526 ECerror(ERR_R_INTERNAL_ERROR); -

527

goto err;

never executed: goto err;

528 } -

529 totalnum = num + numblocks; -

530

}

never executed: end of block

531 /* split wNAF in 'numblocks' parts */ -

532 pp = tmp_wNAF; -

533 tmp_points = pre_comp->points; -

534 -

535

for (i = num; i < totalnum; i++) {

i < totalnum	Description
TRUE	never evaluated
FALSE	never evaluated

536

if (i < totalnum - 1) {

i < totalnum - 1	Description
TRUE	never evaluated
FALSE	never evaluated

537 wNAF_len[i] = blocksize; -

538

if (tmp_len < blocksize) {

tmp_len < blocksize	Description
TRUE	never evaluated
FALSE	never evaluated

539 ECerror(ERR_R_INTERNAL_ERROR); -

540

goto err;

never executed: goto err;

541 } -

542 tmp_len -= blocksize; -

543

} else

never executed: end of block

544 /* -

545 * last block gets whatever -

546 * is left (this could be -

547 * more or less than -

548 * 'blocksize'!) -

549 */ -

550

wNAF_len[i] = tmp_len;

never executed: wNAF_len[i] = tmp_len;

551 -

552 wNAF[i + 1] = NULL; -

553 wNAF[i] = malloc(wNAF_len[i]); -

554

if (wNAF[i] == NULL) {

wNAF[i] == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

555 ECerror(ERR_R_MALLOC_FAILURE); -

556

goto err;

never executed: goto err;

557 } -

558 memcpy(wNAF[i], pp, wNAF_len[i]); -

559

if (wNAF_len[i] > max_len)

wNAF_len[i] > max_len	Description
TRUE	never evaluated
FALSE	never evaluated

560

max_len = wNAF_len[i];

never executed: max_len = wNAF_len[i];

561 -

562

if (*tmp_points == NULL) {

tmp_points == ((void )0)	Description
TRUE	never evaluated
FALSE	never evaluated

563 ECerror(ERR_R_INTERNAL_ERROR); -

564

goto err;

never executed: goto err;

565 } -

566 val_sub[i] = tmp_points; -

567 tmp_points += pre_points_per_block; -

568 pp += blocksize; -

569

}

never executed: end of block

570

}

never executed: end of block

571 } -

572 } -

573 /* -

574 * All points we precompute now go into a single array 'val'. -

575 * 'val_sub[i]' is a pointer to the subarray for the i-th point, or -

576 * to a subarray of 'pre_comp->points' if we already have -

577 * precomputation. -

578 */ -

579 val = reallocarray(NULL, (num_val + 1), sizeof val[0]); -

580

if (val == NULL) {

val == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

581 ECerror(ERR_R_MALLOC_FAILURE); -

582

goto err;

never executed: goto err;

583 } -

584 val[num_val] = NULL; /* pivot element */ -

585 -

586 /* allocate points for precomputation */ -

587 v = val; -

588

for (i = 0; i < num + num_scalar; i++) {

i < num + num_scalar	Description
TRUE	evaluated 758 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379-758

589 val_sub[i] = v; -

590

for (j = 0; j < ((size_t) 1 << (wsize[i] - 1)); j++) {

j < ((size_t) ...wsize[i] - 1))	Description
TRUE	evaluated 3712 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

758-3712

591 *v = EC_POINT_new(group); -

592

if (*v == NULL)

v == ((void )0)	Description
TRUE	never evaluated
FALSE	evaluated 3712 times by 1 test Evaluated by: ecdsatest

0-3712

593

goto err;

never executed: goto err;

594 v++; -

595

}

executed 3712 times by 1 test: end of block

Executed by:

ecdsatest

3712

596

}

executed 758 times by 1 test: end of block

Executed by:

ecdsatest

758

597

if (!(v == val + num_val)) {

!(v == val + num_val)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

598 ECerror(ERR_R_INTERNAL_ERROR); -

599

goto err;

never executed: goto err;

600 } -

601

if (!(tmp = EC_POINT_new(group)))

!(tmp = EC_POINT_new(group))	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

602

goto err;

never executed: goto err;

603 -

604 /* -

605 * prepare precomputed values: val_sub[i][0] := points[i] -

606 * val_sub[i][1] := 3 * points[i] val_sub[i][2] := 5 * points[i] ... -

607 */ -

608

for (i = 0; i < num + num_scalar; i++) {

i < num + num_scalar	Description
TRUE	evaluated 758 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379-758

609

if (i < num) {

i < num	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379

610

if (!EC_POINT_copy(val_sub[i][0], points[i]))

!EC_POINT_copy...0], points[i])	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

611

goto err;

never executed: goto err;

612

} else {

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

613

if (!EC_POINT_copy(val_sub[i][0], generator))

!EC_POINT_copy...0], generator)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

614

goto err;

never executed: goto err;

615

}

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

616 -

617

if (wsize[i] > 1) {

wsize[i] > 1	Description
TRUE	evaluated 758 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-758

618

if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx))

!EC_POINT_dbl(...ub[i][0], ctx)	Description
TRUE	never evaluated
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

0-758

619

goto err;

never executed: goto err;

620

for (j = 1; j < ((size_t) 1 << (wsize[i] - 1)); j++) {

j < ((size_t) ...wsize[i] - 1))	Description
TRUE	evaluated 2954 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 758 times by 1 test Evaluated by: ecdsatest

758-2954

621

if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx))

!EC_POINT_add(... 1], tmp, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 2954 times by 1 test Evaluated by: ecdsatest

0-2954

622

goto err;

never executed: goto err;

623

}

executed 2954 times by 1 test: end of block

Executed by:

ecdsatest

2954

624

}

executed 758 times by 1 test: end of block

Executed by:

ecdsatest

758

625

}

executed 758 times by 1 test: end of block

Executed by:

ecdsatest

758

626 -

627

if (!EC_POINTs_make_affine(group, num_val, val, ctx))

!EC_POINTs_mak...val, val, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

628

goto err;

never executed: goto err;

629 -

630 r_is_at_infinity = 1; -

631 -

632

for (k = max_len - 1; k >= 0; k--) {

k >= 0	Description
TRUE	evaluated 99325 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379-99325

633

if (!r_is_at_infinity) {

!r_is_at_infinity	Description
TRUE	evaluated 98946 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379-98946

634

if (!EC_POINT_dbl(group, r, r, ctx))

!EC_POINT_dbl(...up, r, r, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 98946 times by 1 test Evaluated by: ecdsatest

0-98946

635

goto err;

never executed: goto err;

636

}

executed 98946 times by 1 test: end of block

Executed by:

ecdsatest

98946

637

for (i = 0; i < totalnum; i++) {

i < totalnum	Description
TRUE	evaluated 198650 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 99325 times by 1 test Evaluated by: ecdsatest

99325-198650

638

if (wNAF_len[i] > (size_t) k) {

wNAF_len[i] > (size_t) k	Description
TRUE	evaluated 198052 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 598 times by 1 test Evaluated by: ecdsatest

598-198052

639 int digit = wNAF[i][k]; -

640 int is_neg; -

641 -

642

if (digit) {

digit	Description
TRUE	evaluated 37782 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 160270 times by 1 test Evaluated by: ecdsatest

37782-160270

643 is_neg = digit < 0; -

644 -

645

if (is_neg)

is_neg	Description
TRUE	evaluated 18476 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 19306 times by 1 test Evaluated by: ecdsatest

18476-19306

646

digit = -digit;

executed 18476 times by 1 test: digit = -digit;

Executed by:

ecdsatest

18476

647 -

648

if (is_neg != r_is_inverted) {

is_neg != r_is_inverted	Description
TRUE	evaluated 18360 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 19422 times by 1 test Evaluated by: ecdsatest

18360-19422

649

if (!r_is_at_infinity) {

!r_is_at_infinity	Description
TRUE	evaluated 18360 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-18360

650

if (!EC_POINT_invert(group, r, ctx))

!EC_POINT_inve...group, r, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 18360 times by 1 test Evaluated by: ecdsatest

0-18360

651

goto err;

never executed: goto err;

652

}

executed 18360 times by 1 test: end of block

Executed by:

ecdsatest

18360

653 r_is_inverted = !r_is_inverted; -

654

}

executed 18360 times by 1 test: end of block

Executed by:

ecdsatest

18360

655 /* digit > 0 */ -

656 -

657

if (r_is_at_infinity) {

r_is_at_infinity	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 37403 times by 1 test Evaluated by: ecdsatest

379-37403

658

if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))

!EC_POINT_copy...][digit >> 1])	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

659

goto err;

never executed: goto err;

660 r_is_at_infinity = 0; -

661

} else {

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

662

if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx))

!EC_POINT_add(...it >> 1], ctx)	Description
TRUE	never evaluated
FALSE	evaluated 37403 times by 1 test Evaluated by: ecdsatest

0-37403

663

goto err;

never executed: goto err;

664

}

executed 37403 times by 1 test: end of block

Executed by:

ecdsatest

37403

665 } -

666

}

executed 198052 times by 1 test: end of block

Executed by:

ecdsatest

198052

667

}

executed 198650 times by 1 test: end of block

Executed by:

ecdsatest

198650

668

}

executed 99325 times by 1 test: end of block

Executed by:

ecdsatest

99325

669 -

670

if (r_is_at_infinity) {

r_is_at_infinity	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

671

if (!EC_POINT_set_to_infinity(group, r))

!EC_POINT_set_...nity(group, r)	Description
TRUE	never evaluated
FALSE	never evaluated

672

goto err;

never executed: goto err;

673

} else {

never executed: end of block

674

if (r_is_inverted)

r_is_inverted	Description
TRUE	evaluated 204 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 175 times by 1 test Evaluated by: ecdsatest

175-204

675

if (!EC_POINT_invert(group, r, ctx))

!EC_POINT_inve...group, r, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 204 times by 1 test Evaluated by: ecdsatest

0-204

676

goto err;

never executed: goto err;

677

}

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

678 -

679 ret = 1; -

680 -

681

err:

code before this statement executed 379 times by 1 test: err:

Executed by:

ecdsatest

379

682 BN_CTX_free(new_ctx); -

683 EC_POINT_free(tmp); -

684 free(wsize); -

685 free(wNAF_len); -

686 free(tmp_wNAF); -

687

if (wNAF != NULL) {

wNAF != ((void *)0)	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-379

688 signed char **w; -

689 -

690

for (w = wNAF; *w != NULL; w++)

w != ((void )0)	Description
TRUE	evaluated 758 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379-758

691

free(*w);

executed 758 times by 1 test: free(*w);

Executed by:

ecdsatest

758

692 -

693 free(wNAF); -

694

}

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

695

if (val != NULL) {

val != ((void *)0)	Description
TRUE	evaluated 379 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

0-379

696

for (v = val; *v != NULL; v++)

v != ((void )0)	Description
TRUE	evaluated 3712 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

379-3712

697

EC_POINT_clear_free(*v);

executed 3712 times by 1 test: EC_POINT_clear_free(*v);

Executed by:

ecdsatest

3712

698 free(val); -

699

}

executed 379 times by 1 test: end of block

Executed by:

ecdsatest

379

700 free(val_sub); -

701

return ret;

executed 379 times by 1 test: return ret;

Executed by:

ecdsatest

379

702 } -

703 -

704 -

705 /* ec_wNAF_precompute_mult() -

706 * creates an EC_PRE_COMP object with preprecomputed multiples of the generator -

707 * for use with wNAF splitting as implemented in ec_wNAF_mul(). -

708 * -

709 * 'pre_comp->points' is an array of multiples of the generator -

710 * of the following form: -

711 * points[0] = generator; -

712 * points[1] = 3 * generator; -

713 * ... -

714 * points[2^(w-1)-1] = (2^(w-1)-1) * generator; -

715 * points[2^(w-1)] = 2^blocksize * generator; -

716 * points[2^(w-1)+1] = 3 * 2^blocksize * generator; -

717 * ... -

718 * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator -

719 * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator -

720 * ... -

721 * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator -

722 * points[2^(w-1)*numblocks] = NULL -

723 */ -

724 int -

725 ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx) -

726 { -

727 const EC_POINT *generator; -

728 EC_POINT *tmp_point = NULL, *base = NULL, **var; -

729 BN_CTX *new_ctx = NULL; -

730 BIGNUM *order; -

731 size_t i, bits, w, pre_points_per_block, blocksize, numblocks, -

732 num; -

733 EC_POINT **points = NULL; -

734 EC_PRE_COMP *pre_comp; -

735 int ret = 0; -

736 -

737 /* if there is an old EC_PRE_COMP object, throw it away */ -

738 EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); -

739 -

740

if ((pre_comp = ec_pre_comp_new(group)) == NULL)

(pre_comp = ec...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

741

return 0;

never executed: return 0;

742 -

743 generator = EC_GROUP_get0_generator(group); -

744

if (generator == NULL) {

generator == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

745 ECerror(EC_R_UNDEFINED_GENERATOR); -

746

goto err;

never executed: goto err;

747 } -

748

if (ctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

749 ctx = new_ctx = BN_CTX_new(); -

750

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

751

goto err;

never executed: goto err;

752

}

never executed: end of block

753 BN_CTX_start(ctx); -

754

if ((order = BN_CTX_get(ctx)) == NULL)

(order = BN_CT...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

755

goto err;

never executed: goto err;

756 -

757

if (!EC_GROUP_get_order(group, order, ctx))

!EC_GROUP_get_...p, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

758

goto err;

never executed: goto err;

759

if (BN_is_zero(order)) {

((order)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

760 ECerror(EC_R_UNKNOWN_ORDER); -

761

goto err;

never executed: goto err;

762 } -

763 bits = BN_num_bits(order); -

764 /* -

765 * The following parameters mean we precompute (approximately) one -

766 * point per bit. -

767 * -

768 * TBD: The combination 8, 4 is perfect for 160 bits; for other bit -

769 * lengths, other parameter combinations might provide better -

770 * efficiency. -

771 */ -

772 blocksize = 8; -

773 w = 4; -

774

if (EC_window_bits_for_scalar_size(bits) > w) {

((size_t) ((bi... ? 2 : 1)) > w	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

(bits) >= 2000	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

(bits) >= 800	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

(bits) >= 300	Description
TRUE	evaluated 4 times by 1 test Evaluated by: ectest
FALSE	evaluated 6 times by 1 test Evaluated by: ectest

(bits) >= 70	Description
TRUE	evaluated 6 times by 1 test Evaluated by: ectest
FALSE	never evaluated

(bits) >= 20	Description
TRUE	never evaluated
FALSE	never evaluated

0-10

775 /* let's not make the window too small ... */ -

776

w = EC_window_bits_for_scalar_size(bits);

(bits) >= 2000	Description
TRUE	never evaluated
FALSE	never evaluated

(bits) >= 800	Description
TRUE	never evaluated
FALSE	never evaluated

(bits) >= 300	Description
TRUE	never evaluated
FALSE	never evaluated

(bits) >= 70	Description
TRUE	never evaluated
FALSE	never evaluated

(bits) >= 20	Description
TRUE	never evaluated
FALSE	never evaluated

777

}

never executed: end of block

778 numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks -

779 * to use for wNAF -

780 * splitting */ -

781 -

782 pre_points_per_block = (size_t) 1 << (w - 1); -

783 num = pre_points_per_block * numblocks; /* number of points to -

784 * compute and store */ -

785 -

786 points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *)); -

787

if (!points) {

!points	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

788 ECerror(ERR_R_MALLOC_FAILURE); -

789

goto err;

never executed: goto err;

790 } -

791 var = points; -

792 var[num] = NULL; /* pivot */ -

793

for (i = 0; i < num; i++) {

i < num	Description
TRUE	evaluated 3360 times by 1 test Evaluated by: ectest
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

10-3360

794

if ((var[i] = EC_POINT_new(group)) == NULL) {

(var[i] = EC_P...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3360 times by 1 test Evaluated by: ectest

0-3360

795 ECerror(ERR_R_MALLOC_FAILURE); -

796

goto err;

never executed: goto err;

797 } -

798

}

executed 3360 times by 1 test: end of block

Executed by:

ectest

3360

799 -

800

if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {

!(tmp_point = ...NT_new(group))	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

!(base = EC_POINT_new(group))	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

801 ECerror(ERR_R_MALLOC_FAILURE); -

802

goto err;

never executed: goto err;

803 } -

804

if (!EC_POINT_copy(base, generator))

!EC_POINT_copy...se, generator)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

805

goto err;

never executed: goto err;

806 -

807 /* do the precomputation */ -

808

for (i = 0; i < numblocks; i++) {

i < numblocks	Description
TRUE	evaluated 420 times by 1 test Evaluated by: ectest
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

10-420

809 size_t j; -

810 -

811

if (!EC_POINT_dbl(group, tmp_point, base, ctx))

!EC_POINT_dbl(...nt, base, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 420 times by 1 test Evaluated by: ectest

0-420

812

goto err;

never executed: goto err;

813 -

814

if (!EC_POINT_copy(*var++, base))

!EC_POINT_copy(*var++, base)	Description
TRUE	never evaluated
FALSE	evaluated 420 times by 1 test Evaluated by: ectest

0-420

815

goto err;

never executed: goto err;

816 -

817

for (j = 1; j < pre_points_per_block; j++, var++) {

j < pre_points_per_block	Description
TRUE	evaluated 2940 times by 1 test Evaluated by: ectest
FALSE	evaluated 420 times by 1 test Evaluated by: ectest

420-2940

818 /* calculate odd multiples of the current base point */ -

819

if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))

!EC_POINT_add(...var - 1), ctx)	Description
TRUE	never evaluated
FALSE	evaluated 2940 times by 1 test Evaluated by: ectest

0-2940

820

goto err;

never executed: goto err;

821

}

executed 2940 times by 1 test: end of block

Executed by:

ectest

2940

822 -

823

if (i < numblocks - 1) {

i < numblocks - 1	Description
TRUE	evaluated 410 times by 1 test Evaluated by: ectest
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

10-410

824 /* -

825 * get the next base (multiply current one by -

826 * 2^blocksize) -

827 */ -

828 size_t k; -

829 -

830

if (blocksize <= 2) {

blocksize <= 2	Description
TRUE	never evaluated
FALSE	evaluated 410 times by 1 test Evaluated by: ectest

0-410

831 ECerror(ERR_R_INTERNAL_ERROR); -

832

goto err;

never executed: goto err;

833 } -

834

if (!EC_POINT_dbl(group, base, tmp_point, ctx))

!EC_POINT_dbl(...mp_point, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 410 times by 1 test Evaluated by: ectest

0-410

835

goto err;

never executed: goto err;

836

for (k = 2; k < blocksize; k++) {

k < blocksize	Description
TRUE	evaluated 2460 times by 1 test Evaluated by: ectest
FALSE	evaluated 410 times by 1 test Evaluated by: ectest

410-2460

837

if (!EC_POINT_dbl(group, base, base, ctx))

!EC_POINT_dbl(...se, base, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 2460 times by 1 test Evaluated by: ectest

0-2460

838

goto err;

never executed: goto err;

839

}

executed 2460 times by 1 test: end of block

Executed by:

ectest

2460

840

}

executed 410 times by 1 test: end of block

Executed by:

ectest

410

841

}

executed 420 times by 1 test: end of block

Executed by:

ectest

420

842 -

843

if (!EC_POINTs_make_affine(group, num, points, ctx))

!EC_POINTs_mak..., points, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

844

goto err;

never executed: goto err;

845 -

846 pre_comp->group = group; -

847 pre_comp->blocksize = blocksize; -

848 pre_comp->numblocks = numblocks; -

849 pre_comp->w = w; -

850 pre_comp->points = points; -

851 points = NULL; -

852 pre_comp->num = num; -

853 -

854

if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,

!EC_EX_DATA_se...mp_clear_free)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

855

ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free))

!EC_EX_DATA_se...mp_clear_free)	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

856

goto err;

never executed: goto err;

857 pre_comp = NULL; -

858 -

859 ret = 1; -

860

err:

code before this statement executed 10 times by 1 test: err:

Executed by:

ectest

861

if (ctx != NULL)

ctx != ((void *)0)	Description
TRUE	evaluated 10 times by 1 test Evaluated by: ectest
FALSE	never evaluated

0-10

862

BN_CTX_end(ctx);

executed 10 times by 1 test: BN_CTX_end(ctx);

Executed by:

ectest

863 BN_CTX_free(new_ctx); -

864 ec_pre_comp_free(pre_comp); -

865

if (points) {

points	Description
TRUE	never evaluated
FALSE	evaluated 10 times by 1 test Evaluated by: ectest

0-10

866 EC_POINT **p; -

867 -

868

for (p = points; *p != NULL; p++)

p != ((void )0)	Description
TRUE	never evaluated
FALSE	never evaluated

869

EC_POINT_free(*p);

never executed: EC_POINT_free(*p);

870 free(points); -

871

}

never executed: end of block

872 EC_POINT_free(tmp_point); -

873 EC_POINT_free(base); -

874

return ret;

executed 10 times by 1 test: return ret;

Executed by:

ectest

875 } -

876 -

877 -

878 int -

879 ec_wNAF_have_precompute_mult(const EC_GROUP * group) -

880 { -

881

if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)

EC_EX_DATA_get...!= ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

882

return 1;

never executed: return 1;

883 else -

884

return 0;

never executed: return 0;

885 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2