OpenCoverage

bn_rand.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/bn/bn_rand.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <stdio.h> -

11 #include <time.h> -

12 #include "internal/cryptlib.h" -

13 #include "bn_lcl.h" -

14 #include <openssl/rand.h> -

15 #include <openssl/sha.h> -

16 -

17 typedef enum bnrand_flag_e { -

18 NORMAL, TESTING, PRIVATE -

19 } BNRAND_FLAG; -

20 -

21 static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) -

22 { -

23 unsigned char *buf = NULL; -

24 int b, ret = 0, bit, bytes, mask; -

25 -

if (bits == 0) {

bits == 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 137416 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

2-137416

if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)

top != -1	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

bottom != 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-2

goto toosmall;

executed 2 times by 1 test: goto toosmall;

Executed by:

libcrypto.so.1.1

29 BN_zero(rnd); -

return 1;

never executed: return 1;

31 } -

if (bits < 0 || (bits == 1 && top > 0))

bits < 0	Description
TRUE	never evaluated
FALSE	evaluated 137416 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

bits == 1	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 137413 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

top > 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

0-137416

goto toosmall;

executed 1 time by 1 test: goto toosmall;

Executed by:

libcrypto.so.1.1

34 -

35 bytes = (bits + 7) / 8; -

36 bit = (bits - 1) % 8; -

37 mask = 0xff << (bit + 1); -

38 -

39 buf = OPENSSL_malloc(bytes); -

if (buf == NULL) {

buf == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 137415 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-137415

41 BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); -

goto err;

never executed: goto err;

43 } -

44 -

45 /* make a random number and set the top and bottom bits */ -

b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes);

flag == NORMAL	Description
TRUE	evaluated 734 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 136681 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

734-136681

if (b <= 0)

b <= 0	Description
TRUE	never evaluated
FALSE	evaluated 137415 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-137415

goto err;

never executed: goto err;

49 -

if (flag == TESTING) {

flag == TESTING	Description
TRUE	evaluated 1807 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 135608 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

1807-135608

51 /* -

52 * generate patterns that are more likely to trigger BN library bugs -

53 */ -

54 int i; -

55 unsigned char c; -

56 -

for (i = 0; i < bytes; i++) {

i < bytes	Description
TRUE	evaluated 148234 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1807 times by 1 test Evaluated by: libcrypto.so.1.1

1807-148234

if (RAND_bytes(&c, 1) <= 0)

RAND_bytes(&c, 1) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 148234 times by 1 test Evaluated by: libcrypto.so.1.1

0-148234

goto err;

never executed: goto err;

if (c >= 128 && i > 0)

c >= 128	Description
TRUE	evaluated 74246 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 73988 times by 1 test Evaluated by: libcrypto.so.1.1

i > 0	Description
TRUE	evaluated 73382 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 864 times by 1 test Evaluated by: libcrypto.so.1.1

864-74246

buf[i] = buf[i - 1];

executed 73382 times by 1 test: buf[i] = buf[i - 1];

Executed by:

libcrypto.so.1.1

73382

else if (c < 42)

c < 42	Description
TRUE	evaluated 24287 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 50565 times by 1 test Evaluated by: libcrypto.so.1.1

24287-50565

buf[i] = 0;

executed 24287 times by 1 test: buf[i] = 0;

Executed by:

libcrypto.so.1.1

24287

else if (c < 84)

c < 84	Description
TRUE	evaluated 24281 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 26284 times by 1 test Evaluated by: libcrypto.so.1.1

24281-26284

buf[i] = 255;

executed 24281 times by 1 test: buf[i] = 255;

Executed by:

libcrypto.so.1.1

24281

}

executed 148234 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

148234

}

executed 1807 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

1807

68 -

if (top >= 0) {

top >= 0	Description
TRUE	evaluated 49342 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 88073 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

49342-88073

if (top) {

top	Description
TRUE	evaluated 3385 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 45957 times by 1 test Evaluated by: libcrypto.so.1.1

3385-45957

if (bit == 0) {

bit == 0	Description
TRUE	never evaluated
FALSE	evaluated 3385 times by 1 test Evaluated by: libcrypto.so.1.1

0-3385

72 buf[0] = 1; -

73 buf[1] |= 0x80; -

} else {

never executed: end of block

75 buf[0] |= (3 << (bit - 1)); -

}

executed 3385 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

3385

77 } else { -

78 buf[0] |= (1 << bit); -

}

executed 45957 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

45957

80 } -

81 buf[0] &= ~mask; -

if (bottom) /* set bottom bit if requested */

bottom	Description
TRUE	evaluated 3598 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 133817 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

3598-133817

buf[bytes - 1] |= 1;

executed 3598 times by 1 test: buf[bytes - 1] |= 1;

Executed by:

libcrypto.so.1.1

3598

if (!BN_bin2bn(buf, bytes, rnd))

!BN_bin2bn(buf, bytes, rnd)	Description
TRUE	never evaluated
FALSE	evaluated 137415 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-137415

goto err;

never executed: goto err;

86 ret = 1; -

err:

code before this statement executed 137415 times by 2 tests: err:

Executed by:

libcrypto.so.1.1
sm2_internal_test

137415

88 OPENSSL_clear_free(buf, bytes); -

89 bn_check_top(rnd); -

return ret;

executed 137415 times by 2 tests: return ret;

Executed by:

libcrypto.so.1.1
sm2_internal_test

137415

91 -

92 toosmall: -

93 BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); -

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

95 } -

96 -

97 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) -

98 { -

return bnrand(NORMAL, rnd, bits, top, bottom);

executed 737 times by 1 test: return bnrand(NORMAL, rnd, bits, top, bottom);

Executed by:

libcrypto.so.1.1

737

100 } -

101 -

102 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) -

103 { -

104

return bnrand(TESTING, rnd, bits, top, bottom);

executed 1807 times by 1 test: return bnrand(TESTING, rnd, bits, top, bottom);

Executed by:

libcrypto.so.1.1

1807

105 } -

106 -

107 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom) -

108 { -

109

return bnrand(PRIVATE, rnd, bits, top, bottom);

executed 124517 times by 1 test: return bnrand(PRIVATE, rnd, bits, top, bottom);

Executed by:

libcrypto.so.1.1

124517

110 } -

111 -

112 /* random number r: 0 <= r < range */ -

113 static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) -

114 { -

115 int n; -

116 int count = 100; -

117 -

118

if (range->neg || BN_is_zero(range)) {

range->neg	Description
TRUE	never evaluated
FALSE	evaluated 9242 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

BN_is_zero(range)	Description
TRUE	never evaluated
FALSE	evaluated 9242 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-9242

119 BNerr(BN_F_BNRAND_RANGE, BN_R_INVALID_RANGE); -

120

return 0;

never executed: return 0;

121 } -

122 -

123 n = BN_num_bits(range); /* n > 0 */ -

124 -

125 /* BN_is_bit_set(range, n - 1) always holds */ -

126 -

127

if (n == 1)

n == 1	Description
TRUE	never evaluated
FALSE	evaluated 9242 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-9242

128

BN_zero(r);

never executed: (BN_set_word((r),0));

129

else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {

!BN_is_bit_set(range, n - 2)	Description
TRUE	evaluated 591 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 8651 times by 1 test Evaluated by: libcrypto.so.1.1

!BN_is_bit_set(range, n - 3)	Description
TRUE	evaluated 248 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 343 times by 1 test Evaluated by: libcrypto.so.1.1

248-8651

130 /* -

131 * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer -

132 * than range -

133 */ -

134 do { -

135

if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))

!bnrand(flag, r, n + 1, -1, 0)	Description
TRUE	never evaluated
FALSE	evaluated 320 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-320

136

return 0;

never executed: return 0;

137 -

138 /* -

139 * If r < 3*range, use r := r MOD range (which is either r, r - -

140 * range, or r - 2*range). Otherwise, iterate once more. Since -

141 * 3*range = 11..._2, each iteration succeeds with probability >= -

142 * .75. -

143 */ -

144

if (BN_cmp(r, range) >= 0) {

BN_cmp(r, range) >= 0	Description
TRUE	evaluated 237 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 83 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

83-237

145

if (!BN_sub(r, r, range))

!BN_sub(r, r, range)	Description
TRUE	never evaluated
FALSE	evaluated 237 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-237

146

return 0;

never executed: return 0;

147

if (BN_cmp(r, range) >= 0)

BN_cmp(r, range) >= 0	Description
TRUE	evaluated 140 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 97 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

97-140

148

if (!BN_sub(r, r, range))

!BN_sub(r, r, range)	Description
TRUE	never evaluated
FALSE	evaluated 140 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-140

149

return 0;

never executed: return 0;

150

}

executed 237 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

237

151 -

152

if (!--count) {

!--count	Description
TRUE	never evaluated
FALSE	evaluated 320 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-320

153 BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS); -

154

return 0;

never executed: return 0;

155 } -

156 -

157

}

executed 320 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

320

158

while (BN_cmp(r, range) >= 0);

BN_cmp(r, range) >= 0	Description
TRUE	evaluated 72 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 248 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

72-248

159

} else {

executed 248 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

248

160 do { -

161 /* range = 11..._2 or range = 101..._2 */ -

162

if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))

!bnrand(flag, r, n, -1, 0)	Description
TRUE	never evaluated
FALSE	evaluated 10037 times by 1 test Evaluated by: libcrypto.so.1.1

0-10037

163

return 0;

never executed: return 0;

164 -

165

if (!--count) {

!--count	Description
TRUE	never evaluated
FALSE	evaluated 10037 times by 1 test Evaluated by: libcrypto.so.1.1

0-10037

166 BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS); -

167

return 0;

never executed: return 0;

168 } -

169

}

executed 10037 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

10037

170

while (BN_cmp(r, range) >= 0);

BN_cmp(r, range) >= 0	Description
TRUE	evaluated 1043 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 8994 times by 1 test Evaluated by: libcrypto.so.1.1

1043-8994

171

}

executed 8994 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

8994

172 -

173 bn_check_top(r); -

174

return 1;

executed 9242 times by 2 tests: return 1;

Executed by:

libcrypto.so.1.1
sm2_internal_test

9242

175 } -

176 -

177 int BN_rand_range(BIGNUM *r, const BIGNUM *range) -

178 { -

179

return bnrand_range(NORMAL, r, range);

never executed: return bnrand_range(NORMAL, r, range);

180 } -

181 -

182 int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range) -

183 { -

184

return bnrand_range(PRIVATE, r, range);

executed 9242 times by 2 tests: return bnrand_range(PRIVATE, r, range);

Executed by:

libcrypto.so.1.1
sm2_internal_test

9242

185 } -

186 -

187 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) -

188 { -

189

return BN_rand(rnd, bits, top, bottom);

never executed: return BN_rand(rnd, bits, top, bottom);

190 } -

191 -

192 int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) -

193 { -

194

return BN_rand_range(r, range);

never executed: return BN_rand_range(r, range);

195 } -

196 -

197 /* -

198 * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike -

199 * BN_rand_range, it also includes the contents of |priv| and |message| in -

200 * the generation so that an RNG failure isn't fatal as long as |priv| -

201 * remains secret. This is intended for use in DSA and ECDSA where an RNG -

202 * weakness leads directly to private key exposure unless this function is -

203 * used. -

204 */ -

205 int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, -

206 const BIGNUM *priv, const unsigned char *message, -

207 size_t message_len, BN_CTX *ctx) -

208 { -

209 SHA512_CTX sha; -

210 /* -

211 * We use 512 bits of random data per iteration to ensure that we have at -

212 * least |range| bits of randomness. -

213 */ -

214 unsigned char random_bytes[64]; -

215 unsigned char digest[SHA512_DIGEST_LENGTH]; -

216 unsigned done, todo; -

217 /* We generate |range|+8 bytes of random output. */ -

218 const unsigned num_k_bytes = BN_num_bytes(range) + 8; -

219 unsigned char private_bytes[96]; -

220 unsigned char *k_bytes; -

221 int ret = 0; -

222 -

223 k_bytes = OPENSSL_malloc(num_k_bytes); -

224

if (k_bytes == NULL)

k_bytes == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 427 times by 1 test Evaluated by: libcrypto.so.1.1

0-427

225

goto err;

never executed: goto err;

226 -

227 /* We copy |priv| into a local buffer to avoid exposing its length. */ -

228 todo = sizeof(priv->d[0]) * priv->top; -

229

if (todo > sizeof(private_bytes)) {

todo > sizeof(private_bytes)	Description
TRUE	never evaluated
FALSE	evaluated 427 times by 1 test Evaluated by: libcrypto.so.1.1

0-427

230 /* -

231 * No reasonable DSA or ECDSA key should have a private key this -

232 * large and we don't handle this case in order to avoid leaking the -

233 * length of the private key. -

234 */ -

235 BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); -

236

goto err;

never executed: goto err;

237 } -

238 memcpy(private_bytes, priv->d, todo); -

239 memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); -

240 -

241

for (done = 0; done < num_k_bytes;) {

done < num_k_bytes	Description
TRUE	evaluated 432 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 427 times by 1 test Evaluated by: libcrypto.so.1.1

427-432

242

if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)

RAND_priv_byte...m_bytes)) != 1	Description
TRUE	never evaluated
FALSE	evaluated 432 times by 1 test Evaluated by: libcrypto.so.1.1

0-432

243

goto err;

never executed: goto err;

244 SHA512_Init(&sha); -

245 SHA512_Update(&sha, &done, sizeof(done)); -

246 SHA512_Update(&sha, private_bytes, sizeof(private_bytes)); -

247 SHA512_Update(&sha, message, message_len); -

248 SHA512_Update(&sha, random_bytes, sizeof(random_bytes)); -

249 SHA512_Final(digest, &sha); -

250 -

251 todo = num_k_bytes - done; -

252

if (todo > SHA512_DIGEST_LENGTH)

todo > 64	Description
TRUE	evaluated 5 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 427 times by 1 test Evaluated by: libcrypto.so.1.1

5-427

253

todo = SHA512_DIGEST_LENGTH;

executed 5 times by 1 test: todo = 64;

Executed by:

libcrypto.so.1.1

254 memcpy(k_bytes + done, digest, todo); -

255 done += todo; -

256

}

executed 432 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

432

257 -

258

if (!BN_bin2bn(k_bytes, num_k_bytes, out))

!BN_bin2bn(k_b..._k_bytes, out)	Description
TRUE	never evaluated
FALSE	evaluated 427 times by 1 test Evaluated by: libcrypto.so.1.1

0-427

259

goto err;

never executed: goto err;

260

if (BN_mod(out, out, range, ctx) != 1)

BN_div( ((void...e),(ctx)) != 1	Description
TRUE	never evaluated
FALSE	evaluated 427 times by 1 test Evaluated by: libcrypto.so.1.1

0-427

261

goto err;

never executed: goto err;

262 ret = 1; -

263 -

264

err:

code before this statement executed 427 times by 1 test: err:

Executed by:

libcrypto.so.1.1

427

265 OPENSSL_free(k_bytes); -

266 OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); -

267

return ret;

executed 427 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

427

268 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2