OpenCoverage

dsa_gen.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/dsa/dsa_gen.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10/*-
11 * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,-
12 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB-
13 * 180-1)-
14 */-
15#define xxxHASH EVP_sha1()-
16-
17#include <openssl/opensslconf.h>-
18#include <stdio.h>-
19#include "internal/cryptlib.h"-
20#include <openssl/evp.h>-
21#include <openssl/bn.h>-
22#include <openssl/rand.h>-
23#include <openssl/sha.h>-
24#include "dsa_locl.h"-
25-
26int DSA_generate_parameters_ex(DSA *ret, int bits,-
27 const unsigned char *seed_in, int seed_len,-
28 int *counter_ret, unsigned long *h_ret,-
29 BN_GENCB *cb)-
30{-
31 if (ret->meth->dsa_paramgen)
ret->meth->dsa_paramgenDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
32 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
never executed: return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb);
0
33 counter_ret, h_ret, cb);
never executed: return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb);
0
34 else {-
35 const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
bits >= 2048Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
36 size_t qbits = EVP_MD_size(evpmd) * 8;-
37-
38 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
executed 1 time by 1 test: return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len, ((void *)0) , counter_ret, h_ret, cb);
Executed by:
  • libcrypto.so.1.1
1
39 seed_in, seed_len, NULL, counter_ret,
executed 1 time by 1 test: return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len, ((void *)0) , counter_ret, h_ret, cb);
Executed by:
  • libcrypto.so.1.1
1
40 h_ret, cb);
executed 1 time by 1 test: return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len, ((void *)0) , counter_ret, h_ret, cb);
Executed by:
  • libcrypto.so.1.1
1
41 }-
42}-
43-
44int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,-
45 const EVP_MD *evpmd, const unsigned char *seed_in,-
46 size_t seed_len, unsigned char *seed_out,-
47 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)-
48{-
49 int ok = 0;-
50 unsigned char seed[SHA256_DIGEST_LENGTH];-
51 unsigned char md[SHA256_DIGEST_LENGTH];-
52 unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];-
53 BIGNUM *r0, *W, *X, *c, *test;-
54 BIGNUM *g = NULL, *q = NULL, *p = NULL;-
55 BN_MONT_CTX *mont = NULL;-
56 int i, k, n = 0, m = 0, qsize = qbits >> 3;-
57 int counter = 0;-
58 int r = 0;-
59 BN_CTX *ctx = NULL;-
60 unsigned int h = 2;-
61-
62 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
qsize != 20Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
qsize != 28Description
TRUEnever evaluated
FALSEnever evaluated
0-1
63 qsize != SHA256_DIGEST_LENGTH)
qsize != 32Description
TRUEnever evaluated
FALSEnever evaluated
0
64 /* invalid q size */-
65 return 0;
never executed: return 0;
0
66-
67 if (evpmd == NULL) {
evpmd == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
68 if (qsize == SHA_DIGEST_LENGTH)
qsize == 20Description
TRUEnever evaluated
FALSEnever evaluated
0
69 evpmd = EVP_sha1();
never executed: evpmd = EVP_sha1();
0
70 else if (qsize == SHA224_DIGEST_LENGTH)
qsize == 28Description
TRUEnever evaluated
FALSEnever evaluated
0
71 evpmd = EVP_sha224();
never executed: evpmd = EVP_sha224();
0
72 else-
73 evpmd = EVP_sha256();
never executed: evpmd = EVP_sha256();
0
74 } else {-
75 qsize = EVP_MD_size(evpmd);-
76 }
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
77-
78 if (bits < 512)
bits < 512Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
79 bits = 512;
never executed: bits = 512;
0
80-
81 bits = (bits + 63) / 64 * 64;-
82-
83 if (seed_in != NULL) {
seed_in != ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
84 if (seed_len < (size_t)qsize) {
seed_len < (size_t)qsizeDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
85 DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL);-
86 return 0;
never executed: return 0;
0
87 }-
88 if (seed_len > (size_t)qsize) {
seed_len > (size_t)qsizeDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
89 /* Only consume as much seed as is expected. */-
90 seed_len = qsize;-
91 }
never executed: end of block
0
92 memcpy(seed, seed_in, seed_len);-
93 }
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
94-
95 if ((mont = BN_MONT_CTX_new()) == NULL)
(mont = BN_MON...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
96 goto err;
never executed: goto err;
0
97-
98 if ((ctx = BN_CTX_new()) == NULL)
(ctx = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
99 goto err;
never executed: goto err;
0
100-
101 BN_CTX_start(ctx);-
102-
103 r0 = BN_CTX_get(ctx);-
104 g = BN_CTX_get(ctx);-
105 W = BN_CTX_get(ctx);-
106 q = BN_CTX_get(ctx);-
107 X = BN_CTX_get(ctx);-
108 c = BN_CTX_get(ctx);-
109 p = BN_CTX_get(ctx);-
110 test = BN_CTX_get(ctx);-
111-
112 if (test == NULL)
test == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
113 goto err;
never executed: goto err;
0
114-
115 if (!BN_lshift(test, BN_value_one(), bits - 1))
!BN_lshift(tes...e(), bits - 1)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
116 goto err;
never executed: goto err;
0
117-
118 for (;;) {-
119 for (;;) { /* find q */-
120 int use_random_seed = (seed_in == NULL);-
121-
122 /* step 1 */-
123 if (!BN_GENCB_call(cb, 0, m++))
!BN_GENCB_call(cb, 0, m++)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
124 goto err;
never executed: goto err;
0
125-
126 if (use_random_seed) {
use_random_seedDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
127 if (RAND_bytes(seed, qsize) <= 0)
RAND_bytes(seed, qsize) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
128 goto err;
never executed: goto err;
0
129 } else {
never executed: end of block
0
130 /* If we come back through, use random seed next time. */-
131 seed_in = NULL;-
132 }
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
133 memcpy(buf, seed, qsize);-
134 memcpy(buf2, seed, qsize);-
135 /* precompute "SEED + 1" for step 7: */-
136 for (i = qsize - 1; i >= 0; i--) {
i >= 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
137 buf[i]++;-
138 if (buf[i] != 0)
buf[i] != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
139 break;
executed 1 time by 1 test: break;
Executed by:
  • libcrypto.so.1.1
1
140 }
never executed: end of block
0
141-
142 /* step 2 */-
143 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
!EVP_Digest(se... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
144 goto err;
never executed: goto err;
0
145 if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
!EVP_Digest(bu... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
146 goto err;
never executed: goto err;
0
147 for (i = 0; i < qsize; i++)
i < qsizeDescription
TRUEevaluated 20 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-20
148 md[i] ^= buf2[i];
executed 20 times by 1 test: md[i] ^= buf2[i];
Executed by:
  • libcrypto.so.1.1
20
149-
150 /* step 3 */-
151 md[0] |= 0x80;-
152 md[qsize - 1] |= 0x01;-
153 if (!BN_bin2bn(md, qsize, q))
!BN_bin2bn(md, qsize, q)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
154 goto err;
never executed: goto err;
0
155-
156 /* step 4 */-
157 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,-
158 use_random_seed, cb);-
159 if (r > 0)
r > 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
160 break;
executed 1 time by 1 test: break;
Executed by:
  • libcrypto.so.1.1
1
161 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
162 goto err;
never executed: goto err;
0
163-
164 /* do a callback call */-
165 /* step 5 */-
166 }
never executed: end of block
0
167-
168 if (!BN_GENCB_call(cb, 2, 0))
!BN_GENCB_call(cb, 2, 0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
169 goto err;
never executed: goto err;
0
170 if (!BN_GENCB_call(cb, 3, 0))
!BN_GENCB_call(cb, 3, 0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
171 goto err;
never executed: goto err;
0
172-
173 /* step 6 */-
174 counter = 0;-
175 /* "offset = 2" */-
176-
177 n = (bits - 1) / 160;-
178-
179 for (;;) {-
180 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
(counter != 0)Description
TRUEevaluated 105 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
!BN_GENCB_call(cb, 0, counter)Description
TRUEnever evaluated
FALSEevaluated 105 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-105
181 goto err;
never executed: goto err;
0
182-
183 /* step 7 */-
184 BN_zero(W);-
185 /* now 'buf' contains "SEED + offset - 1" */-
186 for (k = 0; k <= n; k++) {
k <= nDescription
TRUEevaluated 424 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
106-424
187 /*-
188 * obtain "SEED + offset + k" by incrementing:-
189 */-
190 for (i = qsize - 1; i >= 0; i--) {
i >= 0Description
TRUEevaluated 426 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-426
191 buf[i]++;-
192 if (buf[i] != 0)
buf[i] != 0Description
TRUEevaluated 424 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2-424
193 break;
executed 424 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
424
194 }
executed 2 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
2
195-
196 if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
!EVP_Digest(bu... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 424 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-424
197 goto err;
never executed: goto err;
0
198-
199 /* step 8 */-
200 if (!BN_bin2bn(md, qsize, r0))
!BN_bin2bn(md, qsize, r0)Description
TRUEnever evaluated
FALSEevaluated 424 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-424
201 goto err;
never executed: goto err;
0
202 if (!BN_lshift(r0, r0, (qsize << 3) * k))
!BN_lshift(r0,...ize << 3) * k)Description
TRUEnever evaluated
FALSEevaluated 424 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-424
203 goto err;
never executed: goto err;
0
204 if (!BN_add(W, W, r0))
!BN_add(W, W, r0)Description
TRUEnever evaluated
FALSEevaluated 424 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-424
205 goto err;
never executed: goto err;
0
206 }
executed 424 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
424
207-
208 /* more of step 8 */-
209 if (!BN_mask_bits(W, bits - 1))
!BN_mask_bits(W, bits - 1)Description
TRUEnever evaluated
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-106
210 goto err;
never executed: goto err;
0
211 if (!BN_copy(X, W))
!BN_copy(X, W)Description
TRUEnever evaluated
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-106
212 goto err;
never executed: goto err;
0
213 if (!BN_add(X, X, test))
!BN_add(X, X, test)Description
TRUEnever evaluated
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-106
214 goto err;
never executed: goto err;
0
215-
216 /* step 9 */-
217 if (!BN_lshift1(r0, q))
!BN_lshift1(r0, q)Description
TRUEnever evaluated
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-106
218 goto err;
never executed: goto err;
0
219 if (!BN_mod(c, X, r0, ctx))
!BN_div( ((voi...X),(r0),(ctx))Description
TRUEnever evaluated
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-106
220 goto err;
never executed: goto err;
0
221 if (!BN_sub(r0, c, BN_value_one()))
!BN_sub(r0, c, BN_value_one())Description
TRUEnever evaluated
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-106
222 goto err;
never executed: goto err;
0
223 if (!BN_sub(p, X, r0))
!BN_sub(p, X, r0)Description
TRUEnever evaluated
FALSEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-106
224 goto err;
never executed: goto err;
0
225-
226 /* step 10 */-
227 if (BN_cmp(p, test) >= 0) {
BN_cmp(p, test) >= 0Description
TRUEevaluated 106 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-106
228 /* step 11 */-
229 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);-
230 if (r > 0)
r > 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 105 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-105
231 goto end; /* found it */
executed 1 time by 1 test: goto end;
Executed by:
  • libcrypto.so.1.1
1
232 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEevaluated 105 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-105
233 goto err;
never executed: goto err;
0
234 }
executed 105 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
105
235-
236 /* step 13 */-
237 counter++;-
238 /* "offset = offset + n + 1" */-
239-
240 /* step 14 */-
241 if (counter >= 4096)
counter >= 4096Description
TRUEnever evaluated
FALSEevaluated 105 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-105
242 break;
never executed: break;
0
243 }
executed 105 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
105
244 }
never executed: end of block
0
245 end:
code before this statement never executed: end:
0
246 if (!BN_GENCB_call(cb, 2, 1))
!BN_GENCB_call(cb, 2, 1)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
247 goto err;
never executed: goto err;
0
248-
249 /* We now need to generate g */-
250 /* Set r0=(p-1)/q */-
251 if (!BN_sub(test, p, BN_value_one()))
!BN_sub(test, ...N_value_one())Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
252 goto err;
never executed: goto err;
0
253 if (!BN_div(r0, NULL, test, q, ctx))
!BN_div(r0, ((... test, q, ctx)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
254 goto err;
never executed: goto err;
0
255-
256 if (!BN_set_word(test, h))
!BN_set_word(test, h)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
257 goto err;
never executed: goto err;
0
258 if (!BN_MONT_CTX_set(mont, p, ctx))
!BN_MONT_CTX_set(mont, p, ctx)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
259 goto err;
never executed: goto err;
0
260-
261 for (;;) {-
262 /* g=test^r0%p */-
263 if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
!BN_mod_exp_mo... p, ctx, mont)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
264 goto err;
never executed: goto err;
0
265 if (!BN_is_one(g))
!BN_is_one(g)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
266 break;
executed 1 time by 1 test: break;
Executed by:
  • libcrypto.so.1.1
1
267 if (!BN_add(test, test, BN_value_one()))
!BN_add(test, ...N_value_one())Description
TRUEnever evaluated
FALSEnever evaluated
0
268 goto err;
never executed: goto err;
0
269 h++;-
270 }
never executed: end of block
0
271-
272 if (!BN_GENCB_call(cb, 3, 1))
!BN_GENCB_call(cb, 3, 1)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
273 goto err;
never executed: goto err;
0
274-
275 ok = 1;-
276 err:
code before this statement executed 1 time by 1 test: err:
Executed by:
  • libcrypto.so.1.1
1
277 if (ok) {
okDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
278 BN_free(ret->p);-
279 BN_free(ret->q);-
280 BN_free(ret->g);-
281 ret->p = BN_dup(p);-
282 ret->q = BN_dup(q);-
283 ret->g = BN_dup(g);-
284 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
ret->p == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
ret->q == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
ret->g == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
285 ok = 0;-
286 goto err;
never executed: goto err;
0
287 }-
288 if (counter_ret != NULL)
counter_ret != ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
289 *counter_ret = counter;
executed 1 time by 1 test: *counter_ret = counter;
Executed by:
  • libcrypto.so.1.1
1
290 if (h_ret != NULL)
h_ret != ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
291 *h_ret = h;
executed 1 time by 1 test: *h_ret = h;
Executed by:
  • libcrypto.so.1.1
1
292 if (seed_out)
seed_outDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
293 memcpy(seed_out, seed, qsize);
never executed: memcpy(seed_out, seed, qsize);
0
294 }
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
295 if (ctx)
ctxDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
296 BN_CTX_end(ctx);
executed 1 time by 1 test: BN_CTX_end(ctx);
Executed by:
  • libcrypto.so.1.1
1
297 BN_CTX_free(ctx);-
298 BN_MONT_CTX_free(mont);-
299 return ok;
executed 1 time by 1 test: return ok;
Executed by:
  • libcrypto.so.1.1
1
300}-
301-
302/*-
303 * This is a parameter generation algorithm for the DSA2 algorithm as-
304 * described in FIPS 186-3.-
305 */-
306-
307int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,-
308 const EVP_MD *evpmd, const unsigned char *seed_in,-
309 size_t seed_len, int idx, unsigned char *seed_out,-
310 int *counter_ret, unsigned long *h_ret,-
311 BN_GENCB *cb)-
312{-
313 int ok = -1;-
314 unsigned char *seed = NULL, *seed_tmp = NULL;-
315 unsigned char md[EVP_MAX_MD_SIZE];-
316 int mdsize;-
317 BIGNUM *r0, *W, *X, *c, *test;-
318 BIGNUM *g = NULL, *q = NULL, *p = NULL;-
319 BN_MONT_CTX *mont = NULL;-
320 int i, k, n = 0, m = 0, qsize = N >> 3;-
321 int counter = 0;-
322 int r = 0;-
323 BN_CTX *ctx = NULL;-
324 EVP_MD_CTX *mctx = EVP_MD_CTX_new();-
325 unsigned int h = 2;-
326-
327 if (mctx == NULL)
mctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
328 goto err;
never executed: goto err;
0
329-
330 if (evpmd == NULL) {
evpmd == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
331 if (N == 160)
N == 160Description
TRUEnever evaluated
FALSEnever evaluated
0
332 evpmd = EVP_sha1();
never executed: evpmd = EVP_sha1();
0
333 else if (N == 224)
N == 224Description
TRUEnever evaluated
FALSEnever evaluated
0
334 evpmd = EVP_sha224();
never executed: evpmd = EVP_sha224();
0
335 else-
336 evpmd = EVP_sha256();
never executed: evpmd = EVP_sha256();
0
337 }-
338-
339 mdsize = EVP_MD_size(evpmd);-
340 /* If unverifiable g generation only don't need seed */-
341 if (!ret->p || !ret->q || idx >= 0) {
!ret->pDescription
TRUEnever evaluated
FALSEnever evaluated
!ret->qDescription
TRUEnever evaluated
FALSEnever evaluated
idx >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
342 if (seed_len == 0)
seed_len == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
343 seed_len = mdsize;
never executed: seed_len = mdsize;
0
344-
345 seed = OPENSSL_malloc(seed_len);-
346-
347 if (seed_out)
seed_outDescription
TRUEnever evaluated
FALSEnever evaluated
0
348 seed_tmp = seed_out;
never executed: seed_tmp = seed_out;
0
349 else-
350 seed_tmp = OPENSSL_malloc(seed_len);
never executed: seed_tmp = CRYPTO_malloc(seed_len, __FILE__, 350);
0
351-
352 if (seed == NULL || seed_tmp == NULL)
seed == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
seed_tmp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
353 goto err;
never executed: goto err;
0
354-
355 if (seed_in)
seed_inDescription
TRUEnever evaluated
FALSEnever evaluated
0
356 memcpy(seed, seed_in, seed_len);
never executed: memcpy(seed, seed_in, seed_len);
0
357-
358 }
never executed: end of block
0
359-
360 if ((ctx = BN_CTX_new()) == NULL)
(ctx = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
361 goto err;
never executed: goto err;
0
362-
363 if ((mont = BN_MONT_CTX_new()) == NULL)
(mont = BN_MON...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
364 goto err;
never executed: goto err;
0
365-
366 BN_CTX_start(ctx);-
367 r0 = BN_CTX_get(ctx);-
368 g = BN_CTX_get(ctx);-
369 W = BN_CTX_get(ctx);-
370 X = BN_CTX_get(ctx);-
371 c = BN_CTX_get(ctx);-
372 test = BN_CTX_get(ctx);-
373 if (test == NULL)
test == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
374 goto err;
never executed: goto err;
0
375-
376 /* if p, q already supplied generate g only */-
377 if (ret->p && ret->q) {
ret->pDescription
TRUEnever evaluated
FALSEnever evaluated
ret->qDescription
TRUEnever evaluated
FALSEnever evaluated
0
378 p = ret->p;-
379 q = ret->q;-
380 if (idx >= 0)
idx >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
381 memcpy(seed_tmp, seed, seed_len);
never executed: memcpy(seed_tmp, seed, seed_len);
0
382 goto g_only;
never executed: goto g_only;
0
383 } else {-
384 p = BN_CTX_get(ctx);-
385 q = BN_CTX_get(ctx);-
386 if (q == NULL)
q == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
387 goto err;
never executed: goto err;
0
388 }
never executed: end of block
0
389-
390 if (!BN_lshift(test, BN_value_one(), L - 1))
!BN_lshift(tes..._one(), L - 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
391 goto err;
never executed: goto err;
0
392 for (;;) {-
393 for (;;) { /* find q */-
394 unsigned char *pmd;-
395 /* step 1 */-
396 if (!BN_GENCB_call(cb, 0, m++))
!BN_GENCB_call(cb, 0, m++)Description
TRUEnever evaluated
FALSEnever evaluated
0
397 goto err;
never executed: goto err;
0
398-
399 if (!seed_in) {
!seed_inDescription
TRUEnever evaluated
FALSEnever evaluated
0
400 if (RAND_bytes(seed, seed_len) <= 0)
RAND_bytes(see...seed_len) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
401 goto err;
never executed: goto err;
0
402 }
never executed: end of block
0
403 /* step 2 */-
404 if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
!EVP_Digest(se... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
405 goto err;
never executed: goto err;
0
406 /* Take least significant bits of md */-
407 if (mdsize > qsize)
mdsize > qsizeDescription
TRUEnever evaluated
FALSEnever evaluated
0
408 pmd = md + mdsize - qsize;
never executed: pmd = md + mdsize - qsize;
0
409 else-
410 pmd = md;
never executed: pmd = md;
0
411-
412 if (mdsize < qsize)
mdsize < qsizeDescription
TRUEnever evaluated
FALSEnever evaluated
0
413 memset(md + mdsize, 0, qsize - mdsize);
never executed: memset(md + mdsize, 0, qsize - mdsize);
0
414-
415 /* step 3 */-
416 pmd[0] |= 0x80;-
417 pmd[qsize - 1] |= 0x01;-
418 if (!BN_bin2bn(pmd, qsize, q))
!BN_bin2bn(pmd, qsize, q)Description
TRUEnever evaluated
FALSEnever evaluated
0
419 goto err;
never executed: goto err;
0
420-
421 /* step 4 */-
422 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,-
423 seed_in ? 1 : 0, cb);-
424 if (r > 0)
r > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
425 break;
never executed: break;
0
426 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
427 goto err;
never executed: goto err;
0
428 /* Provided seed didn't produce a prime: error */-
429 if (seed_in) {
seed_inDescription
TRUEnever evaluated
FALSEnever evaluated
0
430 ok = 0;-
431 DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);-
432 goto err;
never executed: goto err;
0
433 }-
434-
435 /* do a callback call */-
436 /* step 5 */-
437 }
never executed: end of block
0
438 /* Copy seed to seed_out before we mess with it */-
439 if (seed_out)
seed_outDescription
TRUEnever evaluated
FALSEnever evaluated
0
440 memcpy(seed_out, seed, seed_len);
never executed: memcpy(seed_out, seed, seed_len);
0
441-
442 if (!BN_GENCB_call(cb, 2, 0))
!BN_GENCB_call(cb, 2, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
443 goto err;
never executed: goto err;
0
444 if (!BN_GENCB_call(cb, 3, 0))
!BN_GENCB_call(cb, 3, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
445 goto err;
never executed: goto err;
0
446-
447 /* step 6 */-
448 counter = 0;-
449 /* "offset = 1" */-
450-
451 n = (L - 1) / (mdsize << 3);-
452-
453 for (;;) {-
454 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
(counter != 0)Description
TRUEnever evaluated
FALSEnever evaluated
!BN_GENCB_call(cb, 0, counter)Description
TRUEnever evaluated
FALSEnever evaluated
0
455 goto err;
never executed: goto err;
0
456-
457 /* step 7 */-
458 BN_zero(W);-
459 /* now 'buf' contains "SEED + offset - 1" */-
460 for (k = 0; k <= n; k++) {
k <= nDescription
TRUEnever evaluated
FALSEnever evaluated
0
461 /*-
462 * obtain "SEED + offset + k" by incrementing:-
463 */-
464 for (i = seed_len - 1; i >= 0; i--) {
i >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
465 seed[i]++;-
466 if (seed[i] != 0)
seed[i] != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
467 break;
never executed: break;
0
468 }
never executed: end of block
0
469-
470 if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
!EVP_Digest(se... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
471 goto err;
never executed: goto err;
0
472-
473 /* step 8 */-
474 if (!BN_bin2bn(md, mdsize, r0))
!BN_bin2bn(md, mdsize, r0)Description
TRUEnever evaluated
FALSEnever evaluated
0
475 goto err;
never executed: goto err;
0
476 if (!BN_lshift(r0, r0, (mdsize << 3) * k))
!BN_lshift(r0,...ize << 3) * k)Description
TRUEnever evaluated
FALSEnever evaluated
0
477 goto err;
never executed: goto err;
0
478 if (!BN_add(W, W, r0))
!BN_add(W, W, r0)Description
TRUEnever evaluated
FALSEnever evaluated
0
479 goto err;
never executed: goto err;
0
480 }
never executed: end of block
0
481-
482 /* more of step 8 */-
483 if (!BN_mask_bits(W, L - 1))
!BN_mask_bits(W, L - 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
484 goto err;
never executed: goto err;
0
485 if (!BN_copy(X, W))
!BN_copy(X, W)Description
TRUEnever evaluated
FALSEnever evaluated
0
486 goto err;
never executed: goto err;
0
487 if (!BN_add(X, X, test))
!BN_add(X, X, test)Description
TRUEnever evaluated
FALSEnever evaluated
0
488 goto err;
never executed: goto err;
0
489-
490 /* step 9 */-
491 if (!BN_lshift1(r0, q))
!BN_lshift1(r0, q)Description
TRUEnever evaluated
FALSEnever evaluated
0
492 goto err;
never executed: goto err;
0
493 if (!BN_mod(c, X, r0, ctx))
!BN_div( ((voi...X),(r0),(ctx))Description
TRUEnever evaluated
FALSEnever evaluated
0
494 goto err;
never executed: goto err;
0
495 if (!BN_sub(r0, c, BN_value_one()))
!BN_sub(r0, c, BN_value_one())Description
TRUEnever evaluated
FALSEnever evaluated
0
496 goto err;
never executed: goto err;
0
497 if (!BN_sub(p, X, r0))
!BN_sub(p, X, r0)Description
TRUEnever evaluated
FALSEnever evaluated
0
498 goto err;
never executed: goto err;
0
499-
500 /* step 10 */-
501 if (BN_cmp(p, test) >= 0) {
BN_cmp(p, test) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
502 /* step 11 */-
503 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);-
504 if (r > 0)
r > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
505 goto end; /* found it */
never executed: goto end;
0
506 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
507 goto err;
never executed: goto err;
0
508 }
never executed: end of block
0
509-
510 /* step 13 */-
511 counter++;-
512 /* "offset = offset + n + 1" */-
513-
514 /* step 14 */-
515 if (counter >= (int)(4 * L))
counter >= (int)(4 * L)Description
TRUEnever evaluated
FALSEnever evaluated
0
516 break;
never executed: break;
0
517 }
never executed: end of block
0
518 if (seed_in) {
seed_inDescription
TRUEnever evaluated
FALSEnever evaluated
0
519 ok = 0;-
520 DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);-
521 goto err;
never executed: goto err;
0
522 }-
523 }
never executed: end of block
0
524 end:
code before this statement never executed: end:
0
525 if (!BN_GENCB_call(cb, 2, 1))
!BN_GENCB_call(cb, 2, 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
526 goto err;
never executed: goto err;
0
527-
528 g_only:
code before this statement never executed: g_only:
0
529-
530 /* We now need to generate g */-
531 /* Set r0=(p-1)/q */-
532 if (!BN_sub(test, p, BN_value_one()))
!BN_sub(test, ...N_value_one())Description
TRUEnever evaluated
FALSEnever evaluated
0
533 goto err;
never executed: goto err;
0
534 if (!BN_div(r0, NULL, test, q, ctx))
!BN_div(r0, ((... test, q, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
535 goto err;
never executed: goto err;
0
536-
537 if (idx < 0) {
idx < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
538 if (!BN_set_word(test, h))
!BN_set_word(test, h)Description
TRUEnever evaluated
FALSEnever evaluated
0
539 goto err;
never executed: goto err;
0
540 } else
never executed: end of block
0
541 h = 1;
never executed: h = 1;
0
542 if (!BN_MONT_CTX_set(mont, p, ctx))
!BN_MONT_CTX_set(mont, p, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
543 goto err;
never executed: goto err;
0
544-
545 for (;;) {-
546 static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e };-
547 if (idx >= 0) {
idx >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
548 md[0] = idx & 0xff;-
549 md[1] = (h >> 8) & 0xff;-
550 md[2] = h & 0xff;-
551 if (!EVP_DigestInit_ex(mctx, evpmd, NULL))
!EVP_DigestIni... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
552 goto err;
never executed: goto err;
0
553 if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len))
!EVP_DigestUpd...tmp, seed_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
554 goto err;
never executed: goto err;
0
555 if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen)))
!EVP_DigestUpd... sizeof(ggen))Description
TRUEnever evaluated
FALSEnever evaluated
0
556 goto err;
never executed: goto err;
0
557 if (!EVP_DigestUpdate(mctx, md, 3))
!EVP_DigestUpdate(mctx, md, 3)Description
TRUEnever evaluated
FALSEnever evaluated
0
558 goto err;
never executed: goto err;
0
559 if (!EVP_DigestFinal_ex(mctx, md, NULL))
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
560 goto err;
never executed: goto err;
0
561 if (!BN_bin2bn(md, mdsize, test))
!BN_bin2bn(md, mdsize, test)Description
TRUEnever evaluated
FALSEnever evaluated
0
562 goto err;
never executed: goto err;
0
563 }
never executed: end of block
0
564 /* g=test^r0%p */-
565 if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
!BN_mod_exp_mo... p, ctx, mont)Description
TRUEnever evaluated
FALSEnever evaluated
0
566 goto err;
never executed: goto err;
0
567 if (!BN_is_one(g))
!BN_is_one(g)Description
TRUEnever evaluated
FALSEnever evaluated
0
568 break;
never executed: break;
0
569 if (idx < 0 && !BN_add(test, test, BN_value_one()))
idx < 0Description
TRUEnever evaluated
FALSEnever evaluated
!BN_add(test, ...N_value_one())Description
TRUEnever evaluated
FALSEnever evaluated
0
570 goto err;
never executed: goto err;
0
571 h++;-
572 if (idx >= 0 && h > 0xffff)
idx >= 0Description
TRUEnever evaluated
FALSEnever evaluated
h > 0xffffDescription
TRUEnever evaluated
FALSEnever evaluated
0
573 goto err;
never executed: goto err;
0
574 }
never executed: end of block
0
575-
576 if (!BN_GENCB_call(cb, 3, 1))
!BN_GENCB_call(cb, 3, 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
577 goto err;
never executed: goto err;
0
578-
579 ok = 1;-
580 err:
code before this statement never executed: err:
0
581 if (ok == 1) {
ok == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
582 if (p != ret->p) {
p != ret->pDescription
TRUEnever evaluated
FALSEnever evaluated
0
583 BN_free(ret->p);-
584 ret->p = BN_dup(p);-
585 }
never executed: end of block
0
586 if (q != ret->q) {
q != ret->qDescription
TRUEnever evaluated
FALSEnever evaluated
0
587 BN_free(ret->q);-
588 ret->q = BN_dup(q);-
589 }
never executed: end of block
0
590 BN_free(ret->g);-
591 ret->g = BN_dup(g);-
592 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
ret->p == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ret->q == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ret->g == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
593 ok = -1;-
594 goto err;
never executed: goto err;
0
595 }-
596 if (counter_ret != NULL)
counter_ret != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
597 *counter_ret = counter;
never executed: *counter_ret = counter;
0
598 if (h_ret != NULL)
h_ret != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
599 *h_ret = h;
never executed: *h_ret = h;
0
600 }
never executed: end of block
0
601 OPENSSL_free(seed);-
602 if (seed_out != seed_tmp)
seed_out != seed_tmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
603 OPENSSL_free(seed_tmp);
never executed: CRYPTO_free(seed_tmp, __FILE__, 603);
0
604 if (ctx)
ctxDescription
TRUEnever evaluated
FALSEnever evaluated
0
605 BN_CTX_end(ctx);
never executed: BN_CTX_end(ctx);
0
606 BN_CTX_free(ctx);-
607 BN_MONT_CTX_free(mont);-
608 EVP_MD_CTX_free(mctx);-
609 return ok;
never executed: return ok;
0
610}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2