OpenCoverage

cipher.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/cipher.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: cipher.c,v 1.111 2018/02/23 15:58:37 markus Exp $ */-
2/*-
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>-
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland-
5 * All rights reserved-
6 *-
7 * As far as I am concerned, the code I have written for this software-
8 * can be used freely for any purpose. Any derived versions of this-
9 * software must be clearly marked as such, and if the derived work is-
10 * incompatible with the protocol description in the RFC file, it must be-
11 * called by a name other than "ssh" or "Secure Shell".-
12 *-
13 *-
14 * Copyright (c) 1999 Niels Provos. All rights reserved.-
15 * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved.-
16 *-
17 * Redistribution and use in source and binary forms, with or without-
18 * modification, are permitted provided that the following conditions-
19 * are met:-
20 * 1. Redistributions of source code must retain the above copyright-
21 * notice, this list of conditions and the following disclaimer.-
22 * 2. Redistributions in binary form must reproduce the above copyright-
23 * notice, this list of conditions and the following disclaimer in the-
24 * documentation and/or other materials provided with the distribution.-
25 *-
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
36 */-
37-
38#include "includes.h"-
39-
40#include <sys/types.h>-
41-
42#include <string.h>-
43#include <stdarg.h>-
44#include <stdio.h>-
45-
46#include "cipher.h"-
47#include "misc.h"-
48#include "sshbuf.h"-
49#include "ssherr.h"-
50#include "digest.h"-
51-
52#include "openbsd-compat/openssl-compat.h"-
53-
54-
55struct sshcipher_ctx {-
56 int plaintext;-
57 int encrypt;-
58 EVP_CIPHER_CTX *evp;-
59 struct chachapoly_ctx cp_ctx; /* XXX union with evp? */-
60 struct aesctr_ctx ac_ctx; /* XXX union with evp? */-
61 const struct sshcipher *cipher;-
62};-
63-
64struct sshcipher {-
65 char *name;-
66 u_int block_size;-
67 u_int key_len;-
68 u_int iv_len; /* defaults to block_size */-
69 u_int auth_len;-
70 u_int flags;-
71#define CFLAG_CBC (1<<0)-
72#define CFLAG_CHACHAPOLY (1<<1)-
73#define CFLAG_AESCTR (1<<2)-
74#define CFLAG_NONE (1<<3)-
75#define CFLAG_INTERNAL CFLAG_NONE /* Don't use "none" for packets */-
76#ifdef WITH_OPENSSL-
77 const EVP_CIPHER *(*evptype)(void);-
78#else-
79 void *ignored;-
80#endif-
81};-
82-
83static const struct sshcipher ciphers[] = {-
84#ifdef WITH_OPENSSL-
85#ifndef OPENSSL_NO_DES-
86 { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },-
87#endif-
88 { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },-
89 { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },-
90 { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },-
91 { "rijndael-cbc@lysator.liu.se",-
92 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },-
93 { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr },-
94 { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr },-
95 { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr },-
96# ifdef OPENSSL_HAVE_EVPGCM-
97 { "aes128-gcm@openssh.com",-
98 16, 16, 12, 16, 0, EVP_aes_128_gcm },-
99 { "aes256-gcm@openssh.com",-
100 16, 32, 12, 16, 0, EVP_aes_256_gcm },-
101# endif /* OPENSSL_HAVE_EVPGCM */-
102#else-
103 { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL },-
104 { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL },-
105 { "aes256-ctr", 16, 32, 0, 0, CFLAG_AESCTR, NULL },-
106#endif-
107 { "chacha20-poly1305@openssh.com",-
108 8, 64, 0, 16, CFLAG_CHACHAPOLY, NULL },-
109 { "none", 8, 0, 0, 0, CFLAG_NONE, NULL },-
110-
111 { NULL, 0, 0, 0, 0, 0, NULL }-
112};-
113-
114/*--*/-
115-
116/* Returns a comma-separated list of supported ciphers. */-
117char *-
118cipher_alg_list(char sep, int auth_only)-
119{-
120 char *tmp, *ret = NULL;-
121 size_t nlen, rlen = 0;-
122 const struct sshcipher *c;-
123-
124 for (c = ciphers; c->name != NULL; c++) {
c->name != ((void *)0)Description
TRUEevaluated 24 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2-24
125 if ((c->flags & CFLAG_INTERNAL) != 0)
(c->flags & (1<<3)) != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 22 times by 1 test
Evaluated by:
  • sshd
2-22
126 continue;
executed 2 times by 1 test: continue;
Executed by:
  • sshd
2
127 if (auth_only && c->auth_len == 0)
auth_onlyDescription
TRUEnever evaluated
FALSEevaluated 22 times by 1 test
Evaluated by:
  • sshd
c->auth_len == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-22
128 continue;
never executed: continue;
0
129 if (ret != NULL)
ret != ((void *)0)Description
TRUEevaluated 20 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2-20
130 ret[rlen++] = sep;
executed 20 times by 1 test: ret[rlen++] = sep;
Executed by:
  • sshd
20
131 nlen = strlen(c->name);-
132 if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) {
(tmp = realloc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 22 times by 1 test
Evaluated by:
  • sshd
0-22
133 free(ret);-
134 return NULL;
never executed: return ((void *)0) ;
0
135 }-
136 ret = tmp;-
137 memcpy(ret + rlen, c->name, nlen + 1);-
138 rlen += nlen;-
139 }
executed 22 times by 1 test: end of block
Executed by:
  • sshd
22
140 return ret;
executed 2 times by 1 test: return ret;
Executed by:
  • sshd
2
141}-
142-
143u_int-
144cipher_blocksize(const struct sshcipher *c)-
145{-
146 return (c->block_size);
executed 18494 times by 4 tests: return (c->block_size);
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
18494
147}-
148-
149u_int-
150cipher_keylen(const struct sshcipher *c)-
151{-
152 return (c->key_len);
executed 19678 times by 4 tests: return (c->key_len);
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
19678
153}-
154-
155u_int-
156cipher_seclen(const struct sshcipher *c)-
157{-
158 if (strcmp("3des-cbc", c->name) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( "3des-cbc" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( c->name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEevaluated 1280 times by 1 test
Evaluated by:
  • test_kex
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-1280
159 return 14;
never executed: return 14;
0
160 return cipher_keylen(c);
executed 1280 times by 1 test: return cipher_keylen(c);
Executed by:
  • test_kex
1280
161}-
162-
163u_int-
164cipher_authlen(const struct sshcipher *c)-
165{-
166 return (c->auth_len);
executed 22626 times by 4 tests: return (c->auth_len);
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
22626
167}-
168-
169u_int-
170cipher_ivlen(const struct sshcipher *c)-
171{-
172 /*-
173 * Default is cipher block size, except for chacha20+poly1305 that-
174 * needs no IV. XXX make iv_len == -1 default?-
175 */-
176 return (c->iv_len != 0 || (c->flags & CFLAG_CHACHAPOLY) != 0) ?
executed 36500 times by 4 tests: return (c->iv_len != 0 || (c->flags & (1<<1)) != 0) ? c->iv_len : c->block_size;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
c->iv_len != 0Description
TRUEnever evaluated
FALSEevaluated 36500 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
(c->flags & (1<<1)) != 0Description
TRUEevaluated 1344 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 35156 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-36500
177 c->iv_len : c->block_size;
executed 36500 times by 4 tests: return (c->iv_len != 0 || (c->flags & (1<<1)) != 0) ? c->iv_len : c->block_size;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
36500
178}-
179-
180u_int-
181cipher_is_cbc(const struct sshcipher *c)-
182{-
183 return (c->flags & CFLAG_CBC) != 0;
never executed: return (c->flags & (1<<0)) != 0;
0
184}-
185-
186u_int-
187cipher_ctx_is_plaintext(struct sshcipher_ctx *cc)-
188{-
189 return cc->plaintext;
executed 832 times by 1 test: return cc->plaintext;
Executed by:
  • test_kex
832
190}-
191-
192const struct sshcipher *-
193cipher_by_name(const char *name)-
194{-
195 const struct sshcipher *c;-
196 for (c = ciphers; c->name != NULL; c++)
c->name != ((void *)0)Description
TRUEevaluated 234176 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEevaluated 282 times by 1 test
Evaluated by:
  • test_sshkey
282-234176
197 if (strcmp(c->name, name) == 0)
never executed: __result = (((const unsigned char *) (const char *) ( c->name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEevaluated 19294 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEevaluated 214882 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-214882
198 return c;
executed 19294 times by 4 tests: return c;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
19294
199 return NULL;
executed 282 times by 1 test: return ((void *)0) ;
Executed by:
  • test_sshkey
282
200}-
201-
202#define CIPHER_SEP ","-
203int-
204ciphers_valid(const char *names)-
205{-
206 const struct sshcipher *c;-
207 char *cipher_list, *cp;-
208 char *p;-
209-
210 if (names == NULL || strcmp(names, "") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( names ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
names == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
211 return 0;
never executed: return 0;
0
212 if ((cipher_list = cp = strdup(names)) == NULL)
never executed: __retval = (char *) memcpy (__retval, names , __len);
(cipher_list =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__retval != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( names )Description
TRUEnever evaluated
FALSEnever evaluated
((size_t)(cons... names ) == 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
213 return 0;
never executed: return 0;
0
214 for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
pDescription
TRUEnever evaluated
FALSEnever evaluated
*p != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
215 (p = strsep(&cp, CIPHER_SEP))) {-
216 c = cipher_by_name(p);-
217 if (c == NULL || (c->flags & CFLAG_INTERNAL) != 0) {
c == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(c->flags & (1<<3)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
218 free(cipher_list);-
219 return 0;
never executed: return 0;
0
220 }-
221 }
never executed: end of block
0
222 free(cipher_list);-
223 return 1;
never executed: return 1;
0
224}-
225-
226const char *-
227cipher_warning_message(const struct sshcipher_ctx *cc)-
228{-
229 if (cc == NULL || cc->cipher == NULL)
cc == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
cc->cipher == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
230 return NULL;
never executed: return ((void *)0) ;
0
231 /* XXX repurpose for CBC warning */-
232 return NULL;
executed 704 times by 1 test: return ((void *)0) ;
Executed by:
  • test_kex
704
233}-
234-
235int-
236cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,-
237 const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,-
238 int do_encrypt)-
239{-
240 struct sshcipher_ctx *cc = NULL;-
241 int ret = SSH_ERR_INTERNAL_ERROR;-
242#ifdef WITH_OPENSSL-
243 const EVP_CIPHER *type;-
244 int klen;-
245#endif-
246-
247 *ccp = NULL;-
248 if ((cc = calloc(sizeof(*cc), 1)) == NULL)
(cc = calloc(s...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 18294 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-18294
249 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
250-
251 cc->plaintext = (cipher->flags & CFLAG_NONE) != 0;-
252 cc->encrypt = do_encrypt;-
253-
254 if (keylen < cipher->key_len ||
keylen < cipher->key_lenDescription
TRUEnever evaluated
FALSEevaluated 18294 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-18294
255 (iv != NULL && ivlen < cipher_ivlen(cipher))) {
iv != ((void *)0)Description
TRUEevaluated 18102 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEevaluated 192 times by 1 test
Evaluated by:
  • test_kex
ivlen < cipher_ivlen(cipher)Description
TRUEnever evaluated
FALSEevaluated 18102 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
0-18102
256 ret = SSH_ERR_INVALID_ARGUMENT;-
257 goto out;
never executed: goto out;
0
258 }-
259-
260 cc->cipher = cipher;-
261 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
(cc->cipher->f...& (1<<1)) != 0Description
TRUEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 17590 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
704-17590
262 ret = chachapoly_init(&cc->cp_ctx, key, keylen);-
263 goto out;
executed 704 times by 1 test: goto out;
Executed by:
  • test_kex
704
264 }-
265 if ((cc->cipher->flags & CFLAG_NONE) != 0) {
(cc->cipher->f...& (1<<3)) != 0Description
TRUEevaluated 17586 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
4-17586
266 ret = 0;-
267 goto out;
executed 17586 times by 4 tests: goto out;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
17586
268 }-
269#ifndef WITH_OPENSSL-
270 if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {-
271 aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen);-
272 aesctr_ivsetup(&cc->ac_ctx, iv);-
273 ret = 0;-
274 goto out;-
275 }-
276 ret = SSH_ERR_INVALID_ARGUMENT;-
277 goto out;-
278#else /* WITH_OPENSSL */-
279 type = (*cipher->evptype)();-
280 if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
(cc->evp = EVP...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
281 ret = SSH_ERR_ALLOC_FAIL;-
282 goto out;
never executed: goto out;
0
283 }-
284 if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv,
EVP_CipherInit...pt == 1)) == 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
285 (do_encrypt == CIPHER_ENCRYPT)) == 0) {
EVP_CipherInit...pt == 1)) == 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
286 ret = SSH_ERR_LIBCRYPTO_ERROR;-
287 goto out;
never executed: goto out;
0
288 }-
289 if (cipher_authlen(cipher) &&
cipher_authlen(cipher)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
290 !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
!EVP_CIPHER_CT... (u_char *)iv)Description
TRUEnever evaluated
FALSEnever evaluated
0
291 -1, (u_char *)iv)) {
!EVP_CIPHER_CT... (u_char *)iv)Description
TRUEnever evaluated
FALSEnever evaluated
0
292 ret = SSH_ERR_LIBCRYPTO_ERROR;-
293 goto out;
never executed: goto out;
0
294 }-
295 klen = EVP_CIPHER_CTX_key_length(cc->evp);-
296 if (klen > 0 && keylen != (u_int)klen) {
klen > 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
FALSEnever evaluated
keylen != (u_int)klenDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
297 if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
EVP_CIPHER_CTX..., keylen) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
298 ret = SSH_ERR_LIBCRYPTO_ERROR;-
299 goto out;
never executed: goto out;
0
300 }-
301 }
never executed: end of block
0
302 if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
EVP_CipherInit...)0) , -1) == 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
303 ret = SSH_ERR_LIBCRYPTO_ERROR;-
304 goto out;
never executed: goto out;
0
305 }-
306 ret = 0;-
307#endif /* WITH_OPENSSL */-
308 out:
code before this statement executed 4 times by 1 test: out:
Executed by:
  • test_sshkey
4
309 if (ret == 0) {
ret == 0Description
TRUEevaluated 18294 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEnever evaluated
0-18294
310 /* success */-
311 *ccp = cc;-
312 } else {
executed 18294 times by 4 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
18294
313 if (cc != NULL) {
cc != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
314#ifdef WITH_OPENSSL-
315 EVP_CIPHER_CTX_free(cc->evp);-
316#endif /* WITH_OPENSSL */-
317 explicit_bzero(cc, sizeof(*cc));-
318 free(cc);-
319 }
never executed: end of block
0
320 }
never executed: end of block
0
321 return ret;
executed 18294 times by 4 tests: return ret;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
18294
322}-
323-
324/*-
325 * cipher_crypt() operates as following:-
326 * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'.-
327 * Theses bytes are treated as additional authenticated data for-
328 * authenticated encryption modes.-
329 * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'.-
330 * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.-
331 * This tag is written on encryption and verified on decryption.-
332 * Both 'aadlen' and 'authlen' can be set to 0.-
333 */-
334int-
335cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,-
336 const u_char *src, u_int len, u_int aadlen, u_int authlen)-
337{-
338 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
(cc->cipher->f...& (1<<1)) != 0Description
TRUEevaluated 1664 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 18022 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
1664-18022
339 return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src,
executed 1664 times by 1 test: return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt);
Executed by:
  • test_kex
1664
340 len, aadlen, authlen, cc->encrypt);
executed 1664 times by 1 test: return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt);
Executed by:
  • test_kex
1664
341 }-
342 if ((cc->cipher->flags & CFLAG_NONE) != 0) {
(cc->cipher->f...& (1<<3)) != 0Description
TRUEevaluated 18018 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
4-18018
343 memcpy(dest, src, aadlen + len);-
344 return 0;
executed 18018 times by 4 tests: return 0;
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
18018
345 }-
346#ifndef WITH_OPENSSL-
347 if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {-
348 if (aadlen)-
349 memcpy(dest, src, aadlen);-
350 aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen,-
351 dest + aadlen, len);-
352 return 0;-
353 }-
354 return SSH_ERR_INVALID_ARGUMENT;-
355#else-
356 if (authlen) {
authlenDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
357 u_char lastiv[1];-
358-
359 if (authlen != cipher_authlen(cc->cipher))
authlen != cip...en(cc->cipher)Description
TRUEnever evaluated
FALSEnever evaluated
0
360 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
361 /* increment IV */-
362 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
!EVP_CIPHER_CT...3 , 1, lastiv)Description
TRUEnever evaluated
FALSEnever evaluated
0
363 1, lastiv))
!EVP_CIPHER_CT...3 , 1, lastiv)Description
TRUEnever evaluated
FALSEnever evaluated
0
364 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
365 /* set tag on decyption */-
366 if (!cc->encrypt &&
!cc->encryptDescription
TRUEnever evaluated
FALSEnever evaluated
0
367 !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
!EVP_CIPHER_CT... aadlen + len)Description
TRUEnever evaluated
FALSEnever evaluated
0
368 authlen, (u_char *)src + aadlen + len))
!EVP_CIPHER_CT... aadlen + len)Description
TRUEnever evaluated
FALSEnever evaluated
0
369 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
370 }
never executed: end of block
0
371 if (aadlen) {
aadlenDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
372 if (authlen &&
authlenDescription
TRUEnever evaluated
FALSEnever evaluated
0
373 EVP_Cipher(cc->evp, NULL, (u_char *)src, aadlen) < 0)
EVP_Cipher(cc-...c, aadlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
374 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
375 memcpy(dest, src, aadlen);-
376 }
never executed: end of block
0
377 if (len % cc->cipher->block_size)
len % cc->cipher->block_sizeDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
378 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
379 if (EVP_Cipher(cc->evp, dest + aadlen, (u_char *)src + aadlen,
EVP_Cipher(cc-...dlen, len) < 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
380 len) < 0)
EVP_Cipher(cc-...dlen, len) < 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
381 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
382 if (authlen) {
authlenDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • test_sshkey
0-4
383 /* compute tag (on encrypt) or verify tag (on decrypt) */-
384 if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
EVP_Cipher(cc-... *)0) , 0) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
385 return cc->encrypt ?
never executed: return cc->encrypt ? -22 : -30;
cc->encryptDescription
TRUEnever evaluated
FALSEnever evaluated
0
386 SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID;
never executed: return cc->encrypt ? -22 : -30;
0
387 if (cc->encrypt &&
cc->encryptDescription
TRUEnever evaluated
FALSEnever evaluated
0
388 !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG,
!EVP_CIPHER_CT... aadlen + len)Description
TRUEnever evaluated
FALSEnever evaluated
0
389 authlen, dest + aadlen + len))
!EVP_CIPHER_CT... aadlen + len)Description
TRUEnever evaluated
FALSEnever evaluated
0
390 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
391 }
never executed: end of block
0
392 return 0;
executed 4 times by 1 test: return 0;
Executed by:
  • test_sshkey
4
393#endif-
394}-
395-
396/* Extract the packet length, including any decryption necessary beforehand */-
397int-
398cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr,-
399 const u_char *cp, u_int len)-
400{-
401 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
(cc->cipher->f...& (1<<1)) != 0Description
TRUEevaluated 2560 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-2560
402 return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr,
executed 2560 times by 1 test: return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr, cp, len);
Executed by:
  • test_kex
2560
403 cp, len);
executed 2560 times by 1 test: return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr, cp, len);
Executed by:
  • test_kex
2560
404 if (len < 4)
len < 4Description
TRUEnever evaluated
FALSEnever evaluated
0
405 return SSH_ERR_MESSAGE_INCOMPLETE;
never executed: return -3;
0
406 *plenp = PEEK_U32(cp);-
407 return 0;
never executed: return 0;
0
408}-
409-
410void-
411cipher_free(struct sshcipher_ctx *cc)-
412{-
413 if (cc == NULL)
cc == ((void *)0)Description
TRUEevaluated 237559 times by 2 tests
Evaluated by:
  • ssh-keygen
  • test_sshkey
FALSEevaluated 18102 times by 4 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
18102-237559
414 return;
executed 237559 times by 2 tests: return;
Executed by:
  • ssh-keygen
  • test_sshkey
237559
415 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
(cc->cipher->f...& (1<<1)) != 0Description
TRUEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 17398 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
704-17398
416 explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
executed 704 times by 1 test: explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
Executed by:
  • test_kex
704
417 else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
(cc->cipher->f...& (1<<2)) != 0Description
TRUEnever evaluated
FALSEevaluated 17398 times by 3 tests
Evaluated by:
  • ssh-keygen
  • sshd
  • test_sshkey
0-17398
418 explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
never executed: explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
0
419#ifdef WITH_OPENSSL-
420 EVP_CIPHER_CTX_free(cc->evp);-
421 cc->evp = NULL;-
422#endif-
423 explicit_bzero(cc, sizeof(*cc));-
424 free(cc);-
425}
executed 18102 times by 4 tests: end of block
Executed by:
  • ssh-keygen
  • sshd
  • test_kex
  • test_sshkey
18102
426-
427/*-
428 * Exports an IV from the sshcipher_ctx required to export the key-
429 * state back from the unprivileged child to the privileged parent-
430 * process.-
431 */-
432int-
433cipher_get_keyiv_len(const struct sshcipher_ctx *cc)-
434{-
435 const struct sshcipher *c = cc->cipher;-
436-
437 if ((c->flags & CFLAG_CHACHAPOLY) != 0)
(c->flags & (1<<1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
438 return 0;
never executed: return 0;
0
439 else if ((c->flags & CFLAG_AESCTR) != 0)
(c->flags & (1<<2)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
440 return sizeof(cc->ac_ctx.ctr);
never executed: return sizeof(cc->ac_ctx.ctr);
0
441#ifdef WITH_OPENSSL-
442 return EVP_CIPHER_CTX_iv_length(cc->evp);
never executed: return EVP_CIPHER_CTX_iv_length(cc->evp);
0
443#else-
444 return 0;-
445#endif-
446}-
447-
448int-
449cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)-
450{-
451#ifdef WITH_OPENSSL-
452 const struct sshcipher *c = cc->cipher;-
453 int evplen;-
454#endif-
455-
456 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
(cc->cipher->f...& (1<<1)) != 0Description
TRUEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-64
457 if (len != 0)
len != 0Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
0-64
458 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
459 return 0;
executed 64 times by 1 test: return 0;
Executed by:
  • test_kex
64
460 }-
461 if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
(cc->cipher->f...& (1<<2)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
462 if (len != sizeof(cc->ac_ctx.ctr))
len != sizeof(cc->ac_ctx.ctr)Description
TRUEnever evaluated
FALSEnever evaluated
0
463 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
464 memcpy(iv, cc->ac_ctx.ctr, len);-
465 return 0;
never executed: return 0;
0
466 }-
467 if ((cc->cipher->flags & CFLAG_NONE) != 0)
(cc->cipher->f...& (1<<3)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
468 return 0;
never executed: return 0;
0
469-
470#ifdef WITH_OPENSSL-
471 evplen = EVP_CIPHER_CTX_iv_length(cc->evp);-
472 if (evplen == 0)
evplen == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
473 return 0;
never executed: return 0;
0
474 else if (evplen < 0)
evplen < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
475 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
476 if ((size_t)evplen != len)
(size_t)evplen != lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
477 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
478#ifndef OPENSSL_HAVE_EVPCTR-
479 if (c->evptype == evp_aes_128_ctr)-
480 ssh_aes_ctr_iv(cc->evp, 0, iv, len);-
481 else-
482#endif-
483 if (cipher_authlen(c)) {
cipher_authlen(c)Description
TRUEnever evaluated
FALSEnever evaluated
0
484 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
!EVP_CIPHER_CT...x13 , len, iv)Description
TRUEnever evaluated
FALSEnever evaluated
0
485 len, iv))
!EVP_CIPHER_CT...x13 , len, iv)Description
TRUEnever evaluated
FALSEnever evaluated
0
486 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
487 } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
never executed: end of block
!EVP_CIPHER_CT...>evp, iv, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
488 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
489#endif-
490 return 0;
never executed: return 0;
0
491}-
492-
493int-
494cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)-
495{-
496#ifdef WITH_OPENSSL-
497 const struct sshcipher *c = cc->cipher;-
498 int evplen = 0;-
499#endif-
500-
501 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
(cc->cipher->f...& (1<<1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
502 return 0;
never executed: return 0;
0
503 if ((cc->cipher->flags & CFLAG_NONE) != 0)
(cc->cipher->f...& (1<<3)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
504 return 0;
never executed: return 0;
0
505-
506#ifdef WITH_OPENSSL-
507 evplen = EVP_CIPHER_CTX_iv_length(cc->evp);-
508 if (evplen <= 0)
evplen <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
509 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
510 if ((size_t)evplen != len)
(size_t)evplen != lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
511 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
512#ifndef OPENSSL_HAVE_EVPCTR-
513 /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */-
514 if (c->evptype == evp_aes_128_ctr)-
515 ssh_aes_ctr_iv(cc->evp, 1, (u_char *)iv, evplen);-
516 else-
517#endif-
518 if (cipher_authlen(c)) {
cipher_authlen(c)Description
TRUEnever evaluated
FALSEnever evaluated
0
519 /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */-
520 if (!EVP_CIPHER_CTX_ctrl(cc->evp,
!EVP_CIPHER_CT...1, (void *)iv)Description
TRUEnever evaluated
FALSEnever evaluated
0
521 EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
!EVP_CIPHER_CT...1, (void *)iv)Description
TRUEnever evaluated
FALSEnever evaluated
0
522 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
523 } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen))
never executed: end of block
!EVP_CIPHER_CT...p, iv, evplen)Description
TRUEnever evaluated
FALSEnever evaluated
0
524 return SSH_ERR_LIBCRYPTO_ERROR;
never executed: return -22;
0
525#endif-
526 return 0;
never executed: return 0;
0
527}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2