OpenCoverage

dsa_ossl.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/dsa/dsa_ossl.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include <stdio.h>-
11#include "internal/cryptlib.h"-
12#include <openssl/bn.h>-
13#include <openssl/sha.h>-
14#include "dsa_locl.h"-
15#include <openssl/asn1.h>-
16-
17static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);-
18static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,-
19 BIGNUM **rp);-
20static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,-
21 BIGNUM **rp, const unsigned char *dgst, int dlen);-
22static int dsa_do_verify(const unsigned char *dgst, int dgst_len,-
23 DSA_SIG *sig, DSA *dsa);-
24static int dsa_init(DSA *dsa);-
25static int dsa_finish(DSA *dsa);-
26-
27static DSA_METHOD openssl_dsa_meth = {-
28 "OpenSSL DSA method",-
29 dsa_do_sign,-
30 dsa_sign_setup_no_digest,-
31 dsa_do_verify,-
32 NULL, /* dsa_mod_exp, */-
33 NULL, /* dsa_bn_mod_exp, */-
34 dsa_init,-
35 dsa_finish,-
36 DSA_FLAG_FIPS_METHOD,-
37 NULL,-
38 NULL,-
39 NULL-
40};-
41-
42static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;-
43-
44void DSA_set_default_method(const DSA_METHOD *meth)-
45{-
46 default_DSA_method = meth;-
47}
never executed: end of block
0
48-
49const DSA_METHOD *DSA_get_default_method(void)-
50{-
51 return default_DSA_method;
executed 15144 times by 1 test: return default_DSA_method;
Executed by:
  • libcrypto.so.1.1
15144
52}-
53-
54const DSA_METHOD *DSA_OpenSSL(void)-
55{-
56 return &openssl_dsa_meth;
never executed: return &openssl_dsa_meth;
0
57}-
58-
59static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)-
60{-
61 BIGNUM *kinv = NULL;-
62 BIGNUM *m, *blind, *blindm, *tmp;-
63 BN_CTX *ctx = NULL;-
64 int reason = ERR_R_BN_LIB;-
65 DSA_SIG *ret = NULL;-
66 int rv = 0;-
67-
68 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
dsa->p == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
dsa->q == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
dsa->g == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
69 reason = DSA_R_MISSING_PARAMETERS;-
70 goto err;
never executed: goto err;
0
71 }-
72-
73 ret = DSA_SIG_new();-
74 if (ret == NULL)
ret == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
75 goto err;
never executed: goto err;
0
76 ret->r = BN_new();-
77 ret->s = BN_new();-
78 if (ret->r == NULL || ret->s == NULL)
ret->r == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
ret->s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
79 goto err;
never executed: goto err;
0
80-
81 ctx = BN_CTX_new();-
82 if (ctx == NULL)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
83 goto err;
never executed: goto err;
0
84 m = BN_CTX_get(ctx);-
85 blind = BN_CTX_get(ctx);-
86 blindm = BN_CTX_get(ctx);-
87 tmp = BN_CTX_get(ctx);-
88 if (tmp == NULL)
tmp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
89 goto err;
never executed: goto err;
0
90-
91 redo:
code before this statement executed 64 times by 1 test: redo:
Executed by:
  • libcrypto.so.1.1
64
92 if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen))
!dsa_sign_setu...r, dgst, dlen)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
93 goto err;
never executed: goto err;
0
94-
95 if (dlen > BN_num_bytes(dsa->q))
dlen > ((BN_nu...(dsa->q)+7)/8)Description
TRUEevaluated 16 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 48 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
16-48
96 /*-
97 * if the digest length is greater than the size of q use the-
98 * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,-
99 * 4.2-
100 */-
101 dlen = BN_num_bytes(dsa->q);
executed 16 times by 1 test: dlen = ((BN_num_bits(dsa->q)+7)/8);
Executed by:
  • libcrypto.so.1.1
16
102 if (BN_bin2bn(dgst, dlen, m) == NULL)
BN_bin2bn(dgst...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
103 goto err;
never executed: goto err;
0
104-
105 /*-
106 * The normal signature calculation is:-
107 *-
108 * s := k^-1 * (m + r * priv_key) mod q-
109 *-
110 * We will blind this to protect against side channel attacks-
111 *-
112 * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q-
113 */-
114-
115 /* Generate a blinding value */-
116 do {-
117 if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1,
!BN_priv_rand(...q) - 1, -1, 0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
118 BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
!BN_priv_rand(...q) - 1, -1, 0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
119 goto err;
never executed: goto err;
0
120 } while (BN_is_zero(blind));
executed 64 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
BN_is_zero(blind)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
121 BN_set_flags(blind, BN_FLG_CONSTTIME);-
122 BN_set_flags(blindm, BN_FLG_CONSTTIME);-
123 BN_set_flags(tmp, BN_FLG_CONSTTIME);-
124-
125 /* tmp := blind * priv_key * r mod q */-
126 if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
!BN_mod_mul(tm..., dsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
127 goto err;
never executed: goto err;
0
128 if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx))
!BN_mod_mul(tm..., dsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
129 goto err;
never executed: goto err;
0
130-
131 /* blindm := blind * m mod q */-
132 if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx))
!BN_mod_mul(bl..., dsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
133 goto err;
never executed: goto err;
0
134-
135 /* s : = (blind * priv_key * r) + (blind * m) mod q */-
136 if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q))
!BN_mod_add_qu...lindm, dsa->q)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
137 goto err;
never executed: goto err;
0
138-
139 /* s := s * k^-1 mod q */-
140 if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx))
!BN_mod_mul(re..., dsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
141 goto err;
never executed: goto err;
0
142-
143 /* s:= s * blind^-1 mod q */-
144 if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
BN_mod_inverse...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
145 goto err;
never executed: goto err;
0
146 if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx))
!BN_mod_mul(re..., dsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
147 goto err;
never executed: goto err;
0
148-
149 /*-
150 * Redo if r or s is zero as required by FIPS 186-3: this is very-
151 * unlikely.-
152 */-
153 if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
BN_is_zero(ret->r)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_is_zero(ret->s)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
154 goto redo;
never executed: goto redo;
0
155-
156 rv = 1;-
157-
158 err:
code before this statement executed 64 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
64
159 if (rv == 0) {
rv == 0Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
160 DSAerr(DSA_F_DSA_DO_SIGN, reason);-
161 DSA_SIG_free(ret);-
162 ret = NULL;-
163 }
never executed: end of block
0
164 BN_CTX_free(ctx);-
165 BN_clear_free(kinv);-
166 return ret;
executed 64 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
64
167}-
168-
169static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,-
170 BIGNUM **kinvp, BIGNUM **rp)-
171{-
172 return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
never executed: return dsa_sign_setup(dsa, ctx_in, kinvp, rp, ((void *)0) , 0);
0
173}-
174-
175static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,-
176 BIGNUM **kinvp, BIGNUM **rp,-
177 const unsigned char *dgst, int dlen)-
178{-
179 BN_CTX *ctx = NULL;-
180 BIGNUM *k, *kinv = NULL, *r = *rp;-
181 BIGNUM *l, *m;-
182 int ret = 0;-
183 int q_bits;-
184-
185 if (!dsa->p || !dsa->q || !dsa->g) {
!dsa->pDescription
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!dsa->qDescription
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!dsa->gDescription
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
186 DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);-
187 return 0;
never executed: return 0;
0
188 }-
189-
190 k = BN_new();-
191 l = BN_new();-
192 m = BN_new();-
193 if (k == NULL || l == NULL || m == NULL)
k == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
l == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
m == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
194 goto err;
never executed: goto err;
0
195-
196 if (ctx_in == NULL) {
ctx_in == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
197 if ((ctx = BN_CTX_new()) == NULL)
(ctx = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
198 goto err;
never executed: goto err;
0
199 } else
never executed: end of block
0
200 ctx = ctx_in;
executed 64 times by 1 test: ctx = ctx_in;
Executed by:
  • libcrypto.so.1.1
64
201-
202 /* Preallocate space */-
203 q_bits = BN_num_bits(dsa->q);-
204 if (!BN_set_bit(k, q_bits)
!BN_set_bit(k, q_bits)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
205 || !BN_set_bit(l, q_bits)
!BN_set_bit(l, q_bits)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
206 || !BN_set_bit(m, q_bits))
!BN_set_bit(m, q_bits)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
207 goto err;
never executed: goto err;
0
208-
209 /* Get random k */-
210 do {-
211 if (dgst != NULL) {
dgst != ((void *)0)Description
TRUEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-64
212 /*-
213 * We calculate k from SHA512(private_key + H(message) + random).-
214 * This protects the private key from a weak PRNG.-
215 */-
216 if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
!BN_generate_d...st, dlen, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
217 dlen, ctx))
!BN_generate_d...st, dlen, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
218 goto err;
never executed: goto err;
0
219 } else if (!BN_priv_rand_range(k, dsa->q))
executed 64 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
!BN_priv_rand_range(k, dsa->q)Description
TRUEnever evaluated
FALSEnever evaluated
0-64
220 goto err;
never executed: goto err;
0
221 } while (BN_is_zero(k));
executed 64 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
BN_is_zero(k)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
222-
223 BN_set_flags(k, BN_FLG_CONSTTIME);-
224-
225 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
dsa->flags & 0x01Description
TRUEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-64
226 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
!BN_MONT_CTX_s..., dsa->p, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
227 dsa->lock, dsa->p, ctx))
!BN_MONT_CTX_s..., dsa->p, ctx)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
228 goto err;
never executed: goto err;
0
229 }
executed 64 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
64
230-
231 /* Compute r = (g^k mod p) mod q */-
232-
233 /*-
234 * We do not want timing information to leak the length of k, so we-
235 * compute G^k using an equivalent scalar of fixed bit-length.-
236 *-
237 * We unconditionally perform both of these additions to prevent a-
238 * small timing information leakage. We then choose the sum that is-
239 * one bit longer than the modulus.-
240 *-
241 * TODO: revisit the BN_copy aiming for a memory access agnostic-
242 * conditional copy.-
243 */-
244 if (!BN_add(l, k, dsa->q)
!BN_add(l, k, dsa->q)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
245 || !BN_add(m, l, dsa->q)
!BN_add(m, l, dsa->q)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
246 || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
!BN_copy(k, BN..._bits ? l : m)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
247 goto err;
never executed: goto err;
0
248-
249 if ((dsa)->meth->bn_mod_exp != NULL) {
(dsa)->meth->b...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
250 if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
!dsa->meth->bn...method_mont_p)Description
TRUEnever evaluated
FALSEnever evaluated
0
251 dsa->method_mont_p))
!dsa->meth->bn...method_mont_p)Description
TRUEnever evaluated
FALSEnever evaluated
0
252 goto err;
never executed: goto err;
0
253 } else {
never executed: end of block
0
254 if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
!BN_mod_exp_mo...method_mont_p)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
255 goto err;
never executed: goto err;
0
256 }
executed 64 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
64
257-
258 if (!BN_mod(r, r, dsa->q, ctx))
!BN_div( ((voi...dsa->q),(ctx))Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
259 goto err;
never executed: goto err;
0
260-
261 /* Compute part of 's = inv(k) (m + xr) mod q' */-
262 if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
(kinv = BN_mod...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
263 goto err;
never executed: goto err;
0
264-
265 BN_clear_free(*kinvp);-
266 *kinvp = kinv;-
267 kinv = NULL;-
268 ret = 1;-
269 err:
code before this statement executed 64 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
64
270 if (!ret)
!retDescription
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
271 DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
never executed: ERR_put_error(10,(107),(3),__FILE__,271);
0
272 if (ctx != ctx_in)
ctx != ctx_inDescription
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-64
273 BN_CTX_free(ctx);
never executed: BN_CTX_free(ctx);
0
274 BN_clear_free(k);-
275 BN_clear_free(l);-
276 BN_clear_free(m);-
277 return ret;
executed 64 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
64
278}-
279-
280static int dsa_do_verify(const unsigned char *dgst, int dgst_len,-
281 DSA_SIG *sig, DSA *dsa)-
282{-
283 BN_CTX *ctx;-
284 BIGNUM *u1, *u2, *t1;-
285 BN_MONT_CTX *mont = NULL;-
286 const BIGNUM *r, *s;-
287 int ret = -1, i;-
288 if (!dsa->p || !dsa->q || !dsa->g) {
!dsa->pDescription
TRUEnever evaluated
FALSEevaluated 301 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!dsa->qDescription
TRUEnever evaluated
FALSEevaluated 301 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!dsa->gDescription
TRUEnever evaluated
FALSEevaluated 301 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-301
289 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);-
290 return -1;
never executed: return -1;
0
291 }-
292-
293 i = BN_num_bits(dsa->q);-
294 /* fips 186-3 allows only different sizes for q */-
295 if (i != 160 && i != 224 && i != 256) {
i != 160Description
TRUEevaluated 276 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
i != 224Description
TRUEevaluated 66 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 210 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
i != 256Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 65 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-276
296 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);-
297 return -1;
executed 1 time by 1 test: return -1;
Executed by:
  • libcrypto.so.1.1
1
298 }-
299-
300 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
BN_num_bits(dsa->p) > 10000Description
TRUEnever evaluated
FALSEevaluated 300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-300
301 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);-
302 return -1;
never executed: return -1;
0
303 }-
304 u1 = BN_new();-
305 u2 = BN_new();-
306 t1 = BN_new();-
307 ctx = BN_CTX_new();-
308 if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
u1 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
u2 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
t1 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-300
309 goto err;
never executed: goto err;
0
310-
311 DSA_SIG_get0(sig, &r, &s);-
312-
313 if (BN_is_zero(r) || BN_is_negative(r) ||
BN_is_zero(r)Description
TRUEnever evaluated
FALSEevaluated 300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_is_negative(r)Description
TRUEnever evaluated
FALSEevaluated 300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-300
314 BN_ucmp(r, dsa->q) >= 0) {
BN_ucmp(r, dsa->q) >= 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 299 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-299
315 ret = 0;-
316 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
1
317 }-
318 if (BN_is_zero(s) || BN_is_negative(s) ||
BN_is_zero(s)Description
TRUEnever evaluated
FALSEevaluated 299 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_is_negative(s)Description
TRUEnever evaluated
FALSEevaluated 299 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-299
319 BN_ucmp(s, dsa->q) >= 0) {
BN_ucmp(s, dsa->q) >= 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 298 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-298
320 ret = 0;-
321 goto err;
executed 1 time by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
1
322 }-
323-
324 /*-
325 * Calculate W = inv(S) mod Q save W in u2-
326 */-
327 if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
(BN_mod_invers...== ((void *)0)Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 288 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
10-288
328 goto err;
executed 10 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
10
329-
330 /* save M in u1 */-
331 if (dgst_len > (i >> 3))
dgst_len > (i >> 3)Description
TRUEevaluated 189 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 99 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
99-189
332 /*-
333 * if the digest length is greater than the size of q use the-
334 * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,-
335 * 4.2-
336 */-
337 dgst_len = (i >> 3);
executed 189 times by 1 test: dgst_len = (i >> 3);
Executed by:
  • libcrypto.so.1.1
189
338 if (BN_bin2bn(dgst, dgst_len, u1) == NULL)
BN_bin2bn(dgst...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 288 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-288
339 goto err;
never executed: goto err;
0
340-
341 /* u1 = M * w mod q */-
342 if (!BN_mod_mul(u1, u1, u2, dsa->q, ctx))
!BN_mod_mul(u1..., dsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 288 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-288
343 goto err;
never executed: goto err;
0
344-
345 /* u2 = r * w mod q */-
346 if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
!BN_mod_mul(u2..., dsa->q, ctx)Description
TRUEnever evaluated
FALSEevaluated 288 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-288
347 goto err;
never executed: goto err;
0
348-
349 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
dsa->flags & 0x01Description
TRUEevaluated 288 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-288
350 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,-
351 dsa->lock, dsa->p, ctx);-
352 if (!mont)
!montDescription
TRUEevaluated 5 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 283 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
5-283
353 goto err;
executed 5 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
5
354 }
executed 283 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
283
355-
356 if (dsa->meth->dsa_mod_exp != NULL) {
dsa->meth->dsa...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 283 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-283
357 if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2,
!dsa->meth->ds...>p, ctx, mont)Description
TRUEnever evaluated
FALSEnever evaluated
0
358 dsa->p, ctx, mont))
!dsa->meth->ds...>p, ctx, mont)Description
TRUEnever evaluated
FALSEnever evaluated
0
359 goto err;
never executed: goto err;
0
360 } else {
never executed: end of block
0
361 if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
!BN_mod_exp2_m...>p, ctx, mont)Description
TRUEnever evaluated
FALSEevaluated 283 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-283
362 mont))
!BN_mod_exp2_m...>p, ctx, mont)Description
TRUEnever evaluated
FALSEevaluated 283 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-283
363 goto err;
never executed: goto err;
0
364 }
executed 283 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
283
365-
366 /* let u1 = u1 mod q */-
367 if (!BN_mod(u1, t1, dsa->q, ctx))
!BN_div( ((voi...dsa->q),(ctx))Description
TRUEnever evaluated
FALSEevaluated 283 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-283
368 goto err;
never executed: goto err;
0
369-
370 /*-
371 * V is now in u1. If the signature is correct, it will be equal to R.-
372 */-
373 ret = (BN_ucmp(u1, r) == 0);-
374-
375 err:
code before this statement executed 283 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
283
376 if (ret < 0)
ret < 0Description
TRUEevaluated 15 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 285 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
15-285
377 DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
executed 15 times by 1 test: ERR_put_error(10,(113),(3),__FILE__,377);
Executed by:
  • libcrypto.so.1.1
15
378 BN_CTX_free(ctx);-
379 BN_free(u1);-
380 BN_free(u2);-
381 BN_free(t1);-
382 return ret;
executed 300 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
300
383}-
384-
385static int dsa_init(DSA *dsa)-
386{-
387 dsa->flags |= DSA_FLAG_CACHE_MONT_P;-
388 return 1;
executed 15144 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
15144
389}-
390-
391static int dsa_finish(DSA *dsa)-
392{-
393 BN_MONT_CTX_free(dsa->method_mont_p);-
394 return 1;
executed 15144 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
15144
395}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2