OpenCoverage

rsa_gen.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/rsa/rsa_gen.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10/*-
11 * NB: these functions have been "upgraded", the deprecated versions (which-
12 * are compatibility wrappers using these functions) are in rsa_depr.c. --
13 * Geoff-
14 */-
15-
16#include <stdio.h>-
17#include <time.h>-
18#include "internal/cryptlib.h"-
19#include <openssl/bn.h>-
20#include "rsa_locl.h"-
21-
22static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,-
23 BN_GENCB *cb);-
24-
25/*-
26 * NB: this wrapper would normally be placed in rsa_lib.c and the static-
27 * implementation would probably be in rsa_eay.c. Nonetheless, is kept here-
28 * so that we don't introduce a new linker dependency. Eg. any application-
29 * that wasn't previously linking object code related to key-generation won't-
30 * have to now just because key-generation is part of RSA_METHOD.-
31 */-
32int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)-
33{-
34 if (rsa->meth->rsa_keygen != NULL)
rsa->meth->rsa...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
35 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
never executed: return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
0
36-
37 return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM,
never executed: return RSA_generate_multi_prime_key(rsa, bits, 2, e_value, cb);
0
38 e_value, cb);
never executed: return RSA_generate_multi_prime_key(rsa, bits, 2, e_value, cb);
0
39}-
40-
41int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,-
42 BIGNUM *e_value, BN_GENCB *cb)-
43{-
44 /* multi-prime is only supported with the builtin key generation */-
45 if (rsa->meth->rsa_multi_prime_keygen != NULL) {
rsa->meth->rsa...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 22 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-22
46 return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
never executed: return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, e_value, cb);
0
47 e_value, cb);
never executed: return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, e_value, cb);
0
48 } else if (rsa->meth->rsa_keygen != NULL) {
rsa->meth->rsa...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 22 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-22
49 /*-
50 * However, if rsa->meth implements only rsa_keygen, then we-
51 * have to honour it in 2-prime case and assume that it wouldn't-
52 * know what to do with multi-prime key generated by builtin-
53 * subroutine...-
54 */-
55 if (primes == 2)
primes == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
56 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
never executed: return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
0
57 else-
58 return 0;
never executed: return 0;
0
59 }-
60-
61 return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
executed 22 times by 1 test: return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
Executed by:
  • libcrypto.so.1.1
22
62}-
63-
64static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,-
65 BN_GENCB *cb)-
66{-
67 BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime;-
68 int ok = -1, n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0;-
69 int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0;-
70 RSA_PRIME_INFO *pinfo = NULL;-
71 STACK_OF(RSA_PRIME_INFO) *prime_infos = NULL;-
72 BN_CTX *ctx = NULL;-
73 BN_ULONG bitst = 0;-
74 unsigned long error = 0;-
75-
76 if (bits < RSA_MIN_MODULUS_BITS) {
bits < 512Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
3-19
77 ok = 0; /* we set our own err */-
78 RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);-
79 goto err;
executed 3 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
3
80 }-
81-
82 if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) {
primes < 2Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
primes > rsa_multip_cap(bits)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
83 ok = 0; /* we set our own err */-
84 RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_PRIME_NUM_INVALID);-
85 goto err;
never executed: goto err;
0
86 }-
87-
88 ctx = BN_CTX_new();-
89 if (ctx == NULL)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
90 goto err;
never executed: goto err;
0
91 BN_CTX_start(ctx);-
92 r0 = BN_CTX_get(ctx);-
93 r1 = BN_CTX_get(ctx);-
94 r2 = BN_CTX_get(ctx);-
95 if (r2 == NULL)
r2 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
96 goto err;
never executed: goto err;
0
97-
98 /* divide bits into 'primes' pieces evenly */-
99 quo = bits / primes;-
100 rmd = bits % primes;-
101-
102 for (i = 0; i < primes; i++)
i < primesDescription
TRUEevaluated 50 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
19-50
103 bitsr[i] = (i < rmd) ? quo + 1 : quo;
executed 50 times by 1 test: bitsr[i] = (i < rmd) ? quo + 1 : quo;
Executed by:
  • libcrypto.so.1.1
(i < rmd)Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 42 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
8-50
104-
105 /* We need the RSA components non-NULL */-
106 if (!rsa->n && ((rsa->n = BN_new()) == NULL))
!rsa->nDescription
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->n = BN_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
107 goto err;
never executed: goto err;
0
108 if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
!rsa->dDescription
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->d = BN_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
109 goto err;
never executed: goto err;
0
110 if (!rsa->e && ((rsa->e = BN_new()) == NULL))
!rsa->eDescription
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->e = BN_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
111 goto err;
never executed: goto err;
0
112 if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
!rsa->pDescription
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->p = BN_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
113 goto err;
never executed: goto err;
0
114 if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
!rsa->qDescription
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->q = BN_... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
115 goto err;
never executed: goto err;
0
116 if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
!rsa->dmp1Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->dmp1 = ... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
117 goto err;
never executed: goto err;
0
118 if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
!rsa->dmq1Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->dmq1 = ... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
119 goto err;
never executed: goto err;
0
120 if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
!rsa->iqmpDescription
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
((rsa->iqmp = ... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
121 goto err;
never executed: goto err;
0
122-
123 /* initialize multi-prime components */-
124 if (primes > RSA_DEFAULT_PRIME_NUM) {
primes > 2Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
6-13
125 rsa->version = RSA_ASN1_VERSION_MULTI;-
126 prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, primes - 2);-
127 if (prime_infos == NULL)
prime_infos == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
128 goto err;
never executed: goto err;
0
129 if (rsa->prime_infos != NULL) {
rsa->prime_inf...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
130 /* could this happen? */-
131 sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free);-
132 }
never executed: end of block
0
133 rsa->prime_infos = prime_infos;-
134-
135 /* prime_info from 2 to |primes| -1 */-
136 for (i = 2; i < primes; i++) {
i < primesDescription
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
6-12
137 pinfo = rsa_multip_info_new();-
138 if (pinfo == NULL)
pinfo == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12
139 goto err;
never executed: goto err;
0
140 (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);-
141 }
executed 12 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
12
142 }
executed 6 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
6
143-
144 if (BN_copy(rsa->e, e_value) == NULL)
BN_copy(rsa->e...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
145 goto err;
never executed: goto err;
0
146-
147 /* generate p, q and other primes (if any) */-
148 for (i = 0; i < primes; i++) {
i < primesDescription
TRUEevaluated 50 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
19-50
149 adj = 0;-
150 retries = 0;-
151-
152 if (i == 0) {
i == 0Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 31 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
19-31
153 prime = rsa->p;-
154 } else if (i == 1) {
executed 19 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
i == 1Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
12-19
155 prime = rsa->q;-
156 } else {
executed 19 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
19
157 pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);-
158 prime = pinfo->r;-
159 }
executed 12 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
12
160 BN_set_flags(prime, BN_FLG_CONSTTIME);-
161-
162 for (;;) {-
163 redo:-
164 if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb))
!BN_generate_p...oid *)0) , cb)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
165 goto err;
never executed: goto err;
0
166 /*-
167 * prime should not be equal to p, q, r_3...-
168 * (those primes prior to this one)-
169 */-
170 {-
171 int j;-
172-
173 for (j = 0; j < i; j++) {
j < iDescription
TRUEevaluated 92 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
64-92
174 BIGNUM *prev_prime;-
175-
176 if (j == 0)
j == 0Description
TRUEevaluated 45 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 47 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
45-47
177 prev_prime = rsa->p;
executed 45 times by 1 test: prev_prime = rsa->p;
Executed by:
  • libcrypto.so.1.1
45
178 else if (j == 1)
j == 1Description
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 21 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
21-26
179 prev_prime = rsa->q;
executed 26 times by 1 test: prev_prime = rsa->q;
Executed by:
  • libcrypto.so.1.1
26
180 else-
181 prev_prime = sk_RSA_PRIME_INFO_value(prime_infos,
executed 21 times by 1 test: prev_prime = sk_RSA_PRIME_INFO_value(prime_infos, j - 2)->r;
Executed by:
  • libcrypto.so.1.1
21
182 j - 2)->r;
executed 21 times by 1 test: prev_prime = sk_RSA_PRIME_INFO_value(prime_infos, j - 2)->r;
Executed by:
  • libcrypto.so.1.1
21
183-
184 if (!BN_cmp(prime, prev_prime)) {
!BN_cmp(prime, prev_prime)Description
TRUEnever evaluated
FALSEevaluated 92 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-92
185 goto redo;
never executed: goto redo;
0
186 }-
187 }
executed 92 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
92
188 }-
189 if (!BN_sub(r2, prime, BN_value_one()))
!BN_sub(r2, pr...N_value_one())Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
190 goto err;
never executed: goto err;
0
191 ERR_set_mark();-
192 BN_set_flags(r2, BN_FLG_CONSTTIME);-
193 if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
BN_mod_inverse...!= ((void *)0)Description
TRUEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-64
194 /* GCD == 1 since inverse exists */-
195 break;
executed 64 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
64
196 }-
197 error = ERR_peek_last_error();-
198 if (ERR_GET_LIB(error) == ERR_LIB_BN
(int)(((error)...& 0x0FFL) == 3Description
TRUEnever evaluated
FALSEnever evaluated
0
199 && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
(int)( (error)...0xFFFL) == 108Description
TRUEnever evaluated
FALSEnever evaluated
0
200 /* GCD != 1 */-
201 ERR_pop_to_mark();-
202 } else {
never executed: end of block
0
203 goto err;
never executed: goto err;
0
204 }-
205 if (!BN_GENCB_call(cb, 2, n++))
!BN_GENCB_call(cb, 2, n++)Description
TRUEnever evaluated
FALSEnever evaluated
0
206 goto err;
never executed: goto err;
0
207 }
never executed: end of block
0
208-
209 bitse += bitsr[i];-
210-
211 /* calculate n immediately to see if it's sufficient */-
212 if (i == 1) {
i == 1Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 45 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
19-45
213 /* we get at least 2 primes */-
214 if (!BN_mul(r1, rsa->p, rsa->q, ctx))
!BN_mul(r1, rs..., rsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
215 goto err;
never executed: goto err;
0
216 } else if (i != 0) {
executed 19 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
i != 0Description
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
19-26
217 /* modulus n = p * q * r_3 * r_4 ... */-
218 if (!BN_mul(r1, rsa->n, prime, ctx))
!BN_mul(r1, rs...n, prime, ctx)Description
TRUEnever evaluated
FALSEevaluated 26 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-26
219 goto err;
never executed: goto err;
0
220 } else {
executed 26 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
26
221 /* i == 0, do nothing */-
222 if (!BN_GENCB_call(cb, 3, i))
!BN_GENCB_call(cb, 3, i)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
223 goto err;
never executed: goto err;
0
224 continue;
executed 19 times by 1 test: continue;
Executed by:
  • libcrypto.so.1.1
19
225 }-
226 /*-
227 * if |r1|, product of factors so far, is not as long as expected-
228 * (by checking the first 4 bits are less than 0x9 or greater than-
229 * 0xF). If so, re-generate the last prime.-
230 *-
231 * NOTE: This actually can't happen in two-prime case, because of-
232 * the way factors are generated.-
233 *-
234 * Besides, another consideration is, for multi-prime case, even the-
235 * length modulus is as long as expected, the modulus could start at-
236 * 0x8, which could be utilized to distinguish a multi-prime private-
237 * key by using the modulus in a certificate. This is also covered-
238 * by checking the length should not be less than 0x9.-
239 */-
240 if (!BN_rshift(r2, r1, bitse - 4))
!BN_rshift(r2, r1, bitse - 4)Description
TRUEnever evaluated
FALSEevaluated 45 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-45
241 goto err;
never executed: goto err;
0
242 bitst = BN_get_word(r2);-
243-
244 if (bitst < 0x9 || bitst > 0xF) {
bitst < 0x9Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
bitst > 0xFDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 31 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
4-35
245 /*-
246 * For keys with more than 4 primes, we attempt longer factor to-
247 * meet length requirement.-
248 *-
249 * Otherwise, we just re-generate the prime with the same length.-
250 *-
251 * This strategy has the following goals:-
252 *-
253 * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key-
254 * 2. stay the same logic with normal 2-prime key-
255 */-
256 bitse -= bitsr[i];-
257 if (!BN_GENCB_call(cb, 2, n++))
!BN_GENCB_call(cb, 2, n++)Description
TRUEnever evaluated
FALSEevaluated 14 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-14
258 goto err;
never executed: goto err;
0
259 if (primes > 4) {
primes > 4Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
4-10
260 if (bitst < 0x9)
bitst < 0x9Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
4-6
261 adj++;
executed 6 times by 1 test: adj++;
Executed by:
  • libcrypto.so.1.1
6
262 else-
263 adj--;
executed 4 times by 1 test: adj--;
Executed by:
  • libcrypto.so.1.1
4
264 } else if (retries == 4) {
retries == 4Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4
265 /*-
266 * re-generate all primes from scratch, mainly used-
267 * in 4 prime case to avoid long loop. Max retry times-
268 * is set to 4.-
269 */-
270 i = -1;-
271 bitse = 0;-
272 continue;
never executed: continue;
0
273 }-
274 retries++;-
275 goto redo;
executed 14 times by 1 test: goto redo;
Executed by:
  • libcrypto.so.1.1
14
276 }-
277 /* save product of primes for further use, for multi-prime only */-
278 if (i > 1 && BN_copy(pinfo->pp, rsa->n) == NULL)
i > 1Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_copy(pinfo-...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
279 goto err;
never executed: goto err;
0
280 if (BN_copy(rsa->n, r1) == NULL)
BN_copy(rsa->n...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 31 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-31
281 goto err;
never executed: goto err;
0
282 if (!BN_GENCB_call(cb, 3, i))
!BN_GENCB_call(cb, 3, i)Description
TRUEnever evaluated
FALSEevaluated 31 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-31
283 goto err;
never executed: goto err;
0
284 }
executed 31 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
31
285-
286 if (BN_cmp(rsa->p, rsa->q) < 0) {
BN_cmp(rsa->p, rsa->q) < 0Description
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
9-10
287 tmp = rsa->p;-
288 rsa->p = rsa->q;-
289 rsa->q = tmp;-
290 }
executed 9 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
9
291-
292 /* calculate d */-
293-
294 /* p - 1 */-
295 if (!BN_sub(r1, rsa->p, BN_value_one()))
!BN_sub(r1, rs...N_value_one())Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
296 goto err;
never executed: goto err;
0
297 /* q - 1 */-
298 if (!BN_sub(r2, rsa->q, BN_value_one()))
!BN_sub(r2, rs...N_value_one())Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
299 goto err;
never executed: goto err;
0
300 /* (p - 1)(q - 1) */-
301 if (!BN_mul(r0, r1, r2, ctx))
!BN_mul(r0, r1, r2, ctx)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
302 goto err;
never executed: goto err;
0
303 /* multi-prime */-
304 for (i = 2; i < primes; i++) {
i < primesDescription
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
12-19
305 pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);-
306 /* save r_i - 1 to pinfo->d temporarily */-
307 if (!BN_sub(pinfo->d, pinfo->r, BN_value_one()))
!BN_sub(pinfo-...N_value_one())Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12
308 goto err;
never executed: goto err;
0
309 if (!BN_mul(r0, r0, pinfo->d, ctx))
!BN_mul(r0, r0, pinfo->d, ctx)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12
310 goto err;
never executed: goto err;
0
311 }
executed 12 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
12
312-
313 {-
314 BIGNUM *pr0 = BN_new();-
315-
316 if (pr0 == NULL)
pr0 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
317 goto err;
never executed: goto err;
0
318-
319 BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);-
320 if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
!BN_mod_invers...->e, pr0, ctx)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
321 BN_free(pr0);-
322 goto err; /* d */
never executed: goto err;
0
323 }-
324 /* We MUST free pr0 before any further use of r0 */-
325 BN_free(pr0);-
326 }-
327-
328 {-
329 BIGNUM *d = BN_new();-
330-
331 if (d == NULL)
d == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
332 goto err;
never executed: goto err;
0
333-
334 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);-
335-
336 /* calculate d mod (p-1) and d mod (q - 1) */-
337 if (!BN_mod(rsa->dmp1, d, r1, ctx)
!BN_div( ((voi...d),(r1),(ctx))Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
338 || !BN_mod(rsa->dmq1, d, r2, ctx)) {
!BN_div( ((voi...d),(r2),(ctx))Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
339 BN_free(d);-
340 goto err;
never executed: goto err;
0
341 }-
342-
343 /* calculate CRT exponents */-
344 for (i = 2; i < primes; i++) {
i < primesDescription
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
12-19
345 pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);-
346 /* pinfo->d == r_i - 1 */-
347 if (!BN_mod(pinfo->d, d, pinfo->d, ctx)) {
!BN_div( ((voi...nfo->d),(ctx))Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12
348 BN_free(d);-
349 goto err;
never executed: goto err;
0
350 }-
351 }
executed 12 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
12
352-
353 /* We MUST free d before any further use of rsa->d */-
354 BN_free(d);-
355 }-
356-
357 {-
358 BIGNUM *p = BN_new();-
359-
360 if (p == NULL)
p == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
361 goto err;
never executed: goto err;
0
362 BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);-
363-
364 /* calculate inverse of q mod p */-
365 if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
!BN_mod_invers...sa->q, p, ctx)Description
TRUEnever evaluated
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-19
366 BN_free(p);-
367 goto err;
never executed: goto err;
0
368 }-
369-
370 /* calculate CRT coefficient for other primes */-
371 for (i = 2; i < primes; i++) {
i < primesDescription
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
12-19
372 pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);-
373 BN_with_flags(p, pinfo->r, BN_FLG_CONSTTIME);-
374 if (!BN_mod_inverse(pinfo->t, pinfo->pp, p, ctx)) {
!BN_mod_invers...o->pp, p, ctx)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12
375 BN_free(p);-
376 goto err;
never executed: goto err;
0
377 }-
378 }
executed 12 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
12
379-
380 /* We MUST free p before any further use of rsa->p */-
381 BN_free(p);-
382 }-
383-
384 ok = 1;-
385 err:
code before this statement executed 19 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
19
386 if (ok == -1) {
ok == -1Description
TRUEnever evaluated
FALSEevaluated 22 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-22
387 RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);-
388 ok = 0;-
389 }
never executed: end of block
0
390 if (ctx != NULL)
ctx != ((void *)0)Description
TRUEevaluated 19 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
3-19
391 BN_CTX_end(ctx);
executed 19 times by 1 test: BN_CTX_end(ctx);
Executed by:
  • libcrypto.so.1.1
19
392 BN_CTX_free(ctx);-
393 return ok;
executed 22 times by 1 test: return ok;
Executed by:
  • libcrypto.so.1.1
22
394}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2