OpenCoverage

rsa_eay.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/rsa/rsa_eay.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: rsa_eay.c,v 1.50 2017/08/28 17:41:59 jsing Exp $ */ -

4 * -

5 * This package is an SSL implementation written -

6 * by Eric Young (eay@cryptsoft.com). -

7 * The implementation was written so as to conform with Netscapes SSL. -

8 * -

9 * This library is free for commercial and non-commercial use as long as -

10 * the following conditions are aheared to. The following conditions -

11 * apply to all code found in this distribution, be it the RC4, RSA, -

12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation -

13 * included with this distribution is covered by the same copyright terms -

14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). -

15 * -

16 * Copyright remains Eric Young's, and as such any Copyright notices in -

17 * the code are not to be removed. -

18 * If this package is used in a product, Eric Young should be given attribution -

19 * as the author of the parts of the library used. -

20 * This can be in the form of a textual message at program startup or -

21 * in documentation (online or textual) provided with the package. -

22 * -

23 * Redistribution and use in source and binary forms, with or without -

24 * modification, are permitted provided that the following conditions -

25 * are met: -

26 * 1. Redistributions of source code must retain the copyright -

27 * notice, this list of conditions and the following disclaimer. -

28 * 2. Redistributions in binary form must reproduce the above copyright -

29 * notice, this list of conditions and the following disclaimer in the -

30 * documentation and/or other materials provided with the distribution. -

31 * 3. All advertising materials mentioning features or use of this software -

32 * must display the following acknowledgement: -

33 * "This product includes cryptographic software written by -

34 * Eric Young (eay@cryptsoft.com)" -

35 * The word 'cryptographic' can be left out if the rouines from the library -

36 * being used are not cryptographic related :-). -

37 * 4. If you include any Windows specific code (or a derivative thereof) from -

38 * the apps directory (application code) you must include an acknowledgement: -

39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -

40 * -

41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -

42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -

43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -

44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -

45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -

46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -

47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -

48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -

49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -

50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -

51 * SUCH DAMAGE. -

52 * -

53 * The licence and distribution terms for any publically available version or -

54 * derivative of this code cannot be changed. i.e. this code cannot simply be -

55 * copied and put under another distribution licence -

56 * [including the GNU Public Licence.] -

57 */ -

58 /* ==================================================================== -

60 * -

61 * Redistribution and use in source and binary forms, with or without -

62 * modification, are permitted provided that the following conditions -

63 * are met: -

64 * -

65 * 1. Redistributions of source code must retain the above copyright -

66 * notice, this list of conditions and the following disclaimer. -

67 * -

68 * 2. Redistributions in binary form must reproduce the above copyright -

69 * notice, this list of conditions and the following disclaimer in -

70 * the documentation and/or other materials provided with the -

71 * distribution. -

72 * -

73 * 3. All advertising materials mentioning features or use of this -

74 * software must display the following acknowledgment: -

75 * "This product includes software developed by the OpenSSL Project -

76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -

77 * -

78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -

79 * endorse or promote products derived from this software without -

80 * prior written permission. For written permission, please contact -

81 * openssl-core@openssl.org. -

82 * -

83 * 5. Products derived from this software may not be called "OpenSSL" -

84 * nor may "OpenSSL" appear in their names without prior written -

85 * permission of the OpenSSL Project. -

86 * -

87 * 6. Redistributions of any form whatsoever must retain the following -

88 * acknowledgment: -

89 * "This product includes software developed by the OpenSSL Project -

90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -

91 * -

92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -

93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -

94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -

95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -

96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -

97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -

99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -

100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -

101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -

102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -

103 * OF THE POSSIBILITY OF SUCH DAMAGE. -

104 * ==================================================================== -

105 * -

106 * This product includes cryptographic software written by Eric Young -

107 * (eay@cryptsoft.com). This product includes software written by Tim -

108 * Hudson (tjh@cryptsoft.com). -

109 * -

110 */ -

111 -

112 #include <stdio.h> -

113 #include <string.h> -

114 -

115 #include <openssl/opensslconf.h> -

116 -

117 #include <openssl/bn.h> -

118 #include <openssl/err.h> -

119 #include <openssl/rsa.h> -

120 -

121 #include "bn_lcl.h" -

122 -

123 static int RSA_eay_public_encrypt(int flen, const unsigned char *from, -

124 unsigned char *to, RSA *rsa, int padding); -

125 static int RSA_eay_private_encrypt(int flen, const unsigned char *from, -

126 unsigned char *to, RSA *rsa, int padding); -

127 static int RSA_eay_public_decrypt(int flen, const unsigned char *from, -

128 unsigned char *to, RSA *rsa, int padding); -

129 static int RSA_eay_private_decrypt(int flen, const unsigned char *from, -

130 unsigned char *to, RSA *rsa, int padding); -

131 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); -

132 static int RSA_eay_init(RSA *rsa); -

133 static int RSA_eay_finish(RSA *rsa); -

134 -

135 static RSA_METHOD rsa_pkcs1_eay_meth = { -

136 .name = "Eric Young's PKCS#1 RSA", -

137 .rsa_pub_enc = RSA_eay_public_encrypt, -

138 .rsa_pub_dec = RSA_eay_public_decrypt, /* signature verification */ -

139 .rsa_priv_enc = RSA_eay_private_encrypt, /* signing */ -

140 .rsa_priv_dec = RSA_eay_private_decrypt, -

141 .rsa_mod_exp = RSA_eay_mod_exp, -

142 .bn_mod_exp = BN_mod_exp_mont_ct, /* XXX probably we should not use Montgomery if e == 3 */ -

143 .init = RSA_eay_init, -

144 .finish = RSA_eay_finish, -

145 }; -

146 -

147 const RSA_METHOD * -

148 RSA_PKCS1_SSLeay(void) -

149 { -

150

return &rsa_pkcs1_eay_meth;

executed 58 times by 6 tests: return &rsa_pkcs1_eay_meth;

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

151 } -

152 -

153 static int -

154 RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, -

155 RSA *rsa, int padding) -

156 { -

157 BIGNUM *f, *ret; -

158 int i, j, k, num = 0, r = -1; -

159 unsigned char *buf = NULL; -

160 BN_CTX *ctx = NULL; -

161 -

162

if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {

BN_num_bits(rsa->n) > 16384	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

163 RSAerror(RSA_R_MODULUS_TOO_LARGE); -

164

return -1;

never executed: return -1;

165 } -

166 -

167

if (BN_ucmp(rsa->n, rsa->e) <= 0) {

BN_ucmp(rsa->n, rsa->e) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

168 RSAerror(RSA_R_BAD_E_VALUE); -

169

return -1;

never executed: return -1;

170 } -

171 -

172 /* for large moduli, enforce exponent limit */ -

173

if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {

BN_num_bits(rsa->n) > 3072	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

174

if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {

BN_num_bits(rsa->e) > 64	Description
TRUE	never evaluated
FALSE	never evaluated

175 RSAerror(RSA_R_BAD_E_VALUE); -

176

return -1;

never executed: return -1;

177 } -

178

}

never executed: end of block

179 -

180

if ((ctx = BN_CTX_new()) == NULL)

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

181

goto err;

never executed: goto err;

182 -

183 BN_CTX_start(ctx); -

184 f = BN_CTX_get(ctx); -

185 ret = BN_CTX_get(ctx); -

186 num = BN_num_bytes(rsa->n); -

187 buf = malloc(num); -

188 -

189

if (f == NULL || ret == NULL || buf == NULL) {

f == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

buf == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

190 RSAerror(ERR_R_MALLOC_FAILURE); -

191

goto err;

never executed: goto err;

192 } -

193 -

194 switch (padding) { -

195

case RSA_PKCS1_PADDING:

executed 18 times by 3 tests: case 1:

Executed by:

pkcs7test
rsa_test
ssltest

196 i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); -

197

break;

executed 18 times by 3 tests: break;

Executed by:

pkcs7test
rsa_test
ssltest

198 #ifndef OPENSSL_NO_SHA -

199

case RSA_PKCS1_OAEP_PADDING:

executed 3 times by 1 test: case 4:

Executed by:

rsa_test

200 i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); -

201

break;

executed 3 times by 1 test: break;

Executed by:

rsa_test

202 #endif -

203

case RSA_NO_PADDING:

never executed: case 3:

204 i = RSA_padding_add_none(buf, num, from, flen); -

205

break;

never executed: break;

206

default:

never executed: default:

207 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); -

208

goto err;

never executed: goto err;

209 } -

210

if (i <= 0)

i <= 0	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

211

goto err;

never executed: goto err;

212 -

213

if (BN_bin2bn(buf, num, f) == NULL)

BN_bin2bn(buf,...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

214

goto err;

never executed: goto err;

215 -

216

if (BN_ucmp(f, rsa->n) >= 0) {

BN_ucmp(f, rsa->n) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

217 /* usually the padding functions would catch this */ -

218 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -

219

goto err;

never executed: goto err;

220 } -

221 -

222

if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)

rsa->flags & 0x0002	Description
TRUE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-21

223

if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

224

CRYPTO_LOCK_RSA, rsa->n, ctx))

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

225

goto err;

never executed: goto err;

226 -

227

if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

228

rsa->_method_mod_n))

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

229

goto err;

never executed: goto err;

230 -

231 /* put in leading 0 bytes if the number is less than the -

232 * length of the modulus */ -

233 j = BN_num_bytes(ret); -

234 i = BN_bn2bin(ret, &(to[num - j])); -

235

for (k = 0; k < num - i; k++)

k < num - i	Description
TRUE	never evaluated
FALSE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-21

236

to[k] = 0;

never executed: to[k] = 0;

237 -

238 r = num; -

239

err:

code before this statement executed 21 times by 3 tests: err:

Executed by:

pkcs7test
rsa_test
ssltest

240

if (ctx != NULL) {

ctx != ((void *)0)	Description
TRUE	evaluated 21 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-21

241 BN_CTX_end(ctx); -

242 BN_CTX_free(ctx); -

243

}

executed 21 times by 3 tests: end of block

Executed by:

pkcs7test
rsa_test
ssltest

244 freezero(buf, num); -

245

return r;

executed 21 times by 3 tests: return r;

Executed by:

pkcs7test
rsa_test
ssltest

246 } -

247 -

248 static BN_BLINDING * -

249 rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) -

250 { -

251 BN_BLINDING *ret; -

252 int got_write_lock = 0; -

253 CRYPTO_THREADID cur; -

254 -

255 CRYPTO_r_lock(CRYPTO_LOCK_RSA); -

256 -

257

if (rsa->blinding == NULL) {

rsa->blinding == ((void *)0)	Description
TRUE	evaluated 67 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	evaluated 492 times by 2 tests Evaluated by: pkcs7test rsa_test

67-492

258 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -

259 CRYPTO_w_lock(CRYPTO_LOCK_RSA); -

260 got_write_lock = 1; -

261 -

262

if (rsa->blinding == NULL)

rsa->blinding == ((void *)0)	Description
TRUE	evaluated 67 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	never evaluated

0-67

263

rsa->blinding = RSA_setup_blinding(rsa, ctx);

executed 67 times by 6 tests: rsa->blinding = RSA_setup_blinding(rsa, ctx);

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

264

}

executed 67 times by 6 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

265 -

266 ret = rsa->blinding; -

267

if (ret == NULL)

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

268

goto err;

never executed: goto err;

269 -

270 CRYPTO_THREADID_current(&cur); -

271

if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) {

!CRYPTO_THREAD...hread_id(ret))	Description
TRUE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	never evaluated

0-559

272 /* rsa->blinding is ours! */ -

273 *local = 1; -

274

} else {

executed 559 times by 6 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

275 /* resort to rsa->mt_blinding instead */ -

276 /* -

277 * Instruct rsa_blinding_convert(), rsa_blinding_invert() -

278 * that the BN_BLINDING is shared, meaning that accesses -

279 * require locks, and that the blinding factor must be -

280 * stored outside the BN_BLINDING -

281 */ -

282 *local = 0; -

283 -

284

if (rsa->mt_blinding == NULL) {

rsa->mt_blindi...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

285

if (!got_write_lock) {

!got_write_lock	Description
TRUE	never evaluated
FALSE	never evaluated

286 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -

287 CRYPTO_w_lock(CRYPTO_LOCK_RSA); -

288 got_write_lock = 1; -

289

}

never executed: end of block

290 -

291

if (rsa->mt_blinding == NULL)

rsa->mt_blindi...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

292

rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);

never executed: rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);

293

}

never executed: end of block

294 ret = rsa->mt_blinding; -

295

}

never executed: end of block

296 -

297

err:

code before this statement executed 559 times by 6 tests: err:

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

298

if (got_write_lock)

got_write_lock	Description
TRUE	evaluated 67 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	evaluated 492 times by 2 tests Evaluated by: pkcs7test rsa_test

67-492

299

CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

executed 67 times by 6 tests: CRYPTO_lock(2|8,9,__FILE__,299);

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

300 else -

301

CRYPTO_r_unlock(CRYPTO_LOCK_RSA);

executed 492 times by 2 tests: CRYPTO_lock(2|4,9,__FILE__,301);

Executed by:

pkcs7test
rsa_test

492

302

return ret;

executed 559 times by 6 tests: return ret;

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

303 } -

304 -

305 static int -

306 rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx) -

307 { -

308

if (unblind == NULL)

unblind == ((void *)0)	Description
TRUE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	never evaluated

0-559

309 /* -

310 * Local blinding: store the unblinding factor -

311 * in BN_BLINDING. -

312 */ -

313

return BN_BLINDING_convert_ex(f, NULL, b, ctx);

executed 559 times by 6 tests: return BN_BLINDING_convert_ex(f, ((void *)0) , b, ctx);

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

314 else { -

315 /* -

316 * Shared blinding: store the unblinding factor -

317 * outside BN_BLINDING. -

318 */ -

319 int ret; -

320 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); -

321 ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); -

322 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); -

323

return ret;

never executed: return ret;

324 } -

325 } -

326 -

327 static int -

328 rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx) -

329 { -

330 /* -

331 * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex -

332 * will use the unblinding factor stored in BN_BLINDING. -

333 * If BN_BLINDING is shared between threads, unblind must be non-null: -

334 * BN_BLINDING_invert_ex will then use the local unblinding factor, -

335 * and will only read the modulus from BN_BLINDING. -

336 * In both cases it's safe to access the blinding without a lock. -

337 */ -

338

return BN_BLINDING_invert_ex(f, unblind, b, ctx);

executed 559 times by 6 tests: return BN_BLINDING_invert_ex(f, unblind, b, ctx);

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

339 } -

340 -

341 /* signing */ -

342 static int -

343 RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, -

344 RSA *rsa, int padding) -

345 { -

346 BIGNUM *f, *ret, *res; -

347 int i, j, k, num = 0, r = -1; -

348 unsigned char *buf = NULL; -

349 BN_CTX *ctx = NULL; -

350 int local_blinding = 0; -

351 /* -

352 * Used only if the blinding structure is shared. A non-NULL unblind -

353 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -

354 * the unblinding factor outside the blinding structure. -

355 */ -

356 BIGNUM *unblind = NULL; -

357 BN_BLINDING *blinding = NULL; -

358 -

359

if ((ctx = BN_CTX_new()) == NULL)

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

360

goto err;

never executed: goto err;

361 -

362 BN_CTX_start(ctx); -

363 f = BN_CTX_get(ctx); -

364 ret = BN_CTX_get(ctx); -

365 num = BN_num_bytes(rsa->n); -

366 buf = malloc(num); -

367 -

368

if (f == NULL || ret == NULL || buf == NULL) {

f == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

ret == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

buf == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

369 RSAerror(ERR_R_MALLOC_FAILURE); -

370

goto err;

never executed: goto err;

371 } -

372 -

373 switch (padding) { -

374

case RSA_PKCS1_PADDING:

executed 51 times by 5 tests: case 1:

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

375 i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); -

376

break;

executed 51 times by 5 tests: break;

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

377

case RSA_X931_PADDING:

never executed: case 5:

378 i = RSA_padding_add_X931(buf, num, from, flen); -

379

break;

never executed: break;

380

case RSA_NO_PADDING:

never executed: case 3:

381 i = RSA_padding_add_none(buf, num, from, flen); -

382

break;

never executed: break;

383

default:

never executed: default:

384 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); -

385

goto err;

never executed: goto err;

386 } -

387

if (i <= 0)

i <= 0	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

388

goto err;

never executed: goto err;

389 -

390

if (BN_bin2bn(buf, num, f) == NULL)

BN_bin2bn(buf,...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

391

goto err;

never executed: goto err;

392 -

393

if (BN_ucmp(f, rsa->n) >= 0) {

BN_ucmp(f, rsa->n) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

394 /* usually the padding functions would catch this */ -

395 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -

396

goto err;

never executed: goto err;

397 } -

398 -

399

if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {

!(rsa->flags & 0x0080)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

0-51

400 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -

401

if (blinding == NULL) {

blinding == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

402 RSAerror(ERR_R_INTERNAL_ERROR); -

403

goto err;

never executed: goto err;

404 } -

405

}

executed 51 times by 5 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

406 -

407

if (blinding != NULL) {

blinding != ((void *)0)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

0-51

408

if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {

!local_blinding	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

((unblind = BN... ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

0-51

409 RSAerror(ERR_R_MALLOC_FAILURE); -

410

goto err;

never executed: goto err;

411 } -

412

if (!rsa_blinding_convert(blinding, f, unblind, ctx))

!rsa_blinding_... unblind, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

413

goto err;

never executed: goto err;

414

}

executed 51 times by 5 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

415 -

416

if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||

(rsa->flags & 0x0020)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

417

(rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&

rsa->p != ((void *)0)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

rsa->q != ((void *)0)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

rsa->dmp1 != ((void *)0)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

0-51

418

rsa->dmq1 != NULL && rsa->iqmp != NULL)) {

rsa->dmq1 != ((void *)0)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

rsa->iqmp != ((void *)0)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

0-51

419

if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))

!rsa->meth->rs..., f, rsa, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

420

goto err;

never executed: goto err;

421

} else {

executed 51 times by 5 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

422 BIGNUM d; -

423 -

424 BN_init(&d); -

425 BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); -

426 -

427

if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)

rsa->flags & 0x0002	Description
TRUE	never evaluated
FALSE	never evaluated

428

if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

429

CRYPTO_LOCK_RSA, rsa->n, ctx))

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

430

goto err;

never executed: goto err;

431 -

432

if (!rsa->meth->bn_mod_exp(ret, f, &d, rsa->n, ctx,

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	never evaluated

433

rsa->_method_mod_n)) {

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	never evaluated

434

goto err;

never executed: goto err;

435 } -

436

}

never executed: end of block

437 -

438

if (blinding)

blinding	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

0-51

439

if (!rsa_blinding_invert(blinding, ret, unblind, ctx))

!rsa_blinding_... unblind, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

440

goto err;

never executed: goto err;

441 -

442

if (padding == RSA_X931_PADDING) {

padding == 5	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

443 BN_sub(f, rsa->n, ret); -

444

if (BN_cmp(ret, f) > 0)

BN_cmp(ret, f) > 0	Description
TRUE	never evaluated
FALSE	never evaluated

445

res = f;

never executed: res = f;

446 else -

447

res = ret;

never executed: res = ret;

448 } else -

449

res = ret;

executed 51 times by 5 tests: res = ret;

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

450 -

451 /* put in leading 0 bytes if the number is less than the -

452 * length of the modulus */ -

453 j = BN_num_bytes(res); -

454 i = BN_bn2bin(res, &(to[num - j])); -

455

for (k = 0; k < num - i; k++)

k < num - i	Description
TRUE	never evaluated
FALSE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest

0-51

456

to[k] = 0;

never executed: to[k] = 0;

457 -

458 r = num; -

459

err:

code before this statement executed 51 times by 5 tests: err:

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

460

if (ctx != NULL) {

ctx != ((void *)0)	Description
TRUE	evaluated 51 times by 5 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test servertest ssltest tlstest
FALSE	never evaluated

0-51

461 BN_CTX_end(ctx); -

462 BN_CTX_free(ctx); -

463

}

executed 51 times by 5 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

464 freezero(buf, num); -

465

return r;

executed 51 times by 5 tests: return r;

Executed by:

libcrypto.so.44.0.1
pkcs7test
servertest
ssltest
tlstest

466 } -

467 -

468 static int -

469 RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, -

470 RSA *rsa, int padding) -

471 { -

472 BIGNUM *f, *ret; -

473 int j, num = 0, r = -1; -

474 unsigned char *p; -

475 unsigned char *buf = NULL; -

476 BN_CTX *ctx = NULL; -

477 int local_blinding = 0; -

478 /* -

479 * Used only if the blinding structure is shared. A non-NULL unblind -

480 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -

481 * the unblinding factor outside the blinding structure. -

482 */ -

483 BIGNUM *unblind = NULL; -

484 BN_BLINDING *blinding = NULL; -

485 -

486

if ((ctx = BN_CTX_new()) == NULL)

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 511 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-511

487

goto err;

never executed: goto err;

488 -

489 BN_CTX_start(ctx); -

490 f = BN_CTX_get(ctx); -

491 ret = BN_CTX_get(ctx); -

492 num = BN_num_bytes(rsa->n); -

493 buf = malloc(num); -

494 -

495

if (!f || !ret || !buf) {

!f	Description
TRUE	never evaluated
FALSE	evaluated 511 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

!ret	Description
TRUE	never evaluated
FALSE	evaluated 511 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

!buf	Description
TRUE	never evaluated
FALSE	evaluated 511 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-511

496 RSAerror(ERR_R_MALLOC_FAILURE); -

497

goto err;

never executed: goto err;

498 } -

499 -

500 /* This check was for equality but PGP does evil things -

501 * and chops off the top '0' bytes */ -

502

if (flen > num) {

flen > num	Description
TRUE	never evaluated
FALSE	evaluated 511 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-511

503 RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN); -

504

goto err;

never executed: goto err;

505 } -

506 -

507 /* make data into a big number */ -

508

if (BN_bin2bn(from, (int)flen, f) == NULL)

BN_bin2bn(from...== ((void *)0)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: rsa_test
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

3-508

509

goto err;

executed 3 times by 1 test: goto err;

Executed by:

rsa_test

510 -

511

if (BN_ucmp(f, rsa->n) >= 0) {

BN_ucmp(f, rsa->n) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-508

512 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -

513

goto err;

never executed: goto err;

514 } -

515 -

516

if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {

!(rsa->flags & 0x0080)	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-508

517 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -

518

if (blinding == NULL) {

blinding == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-508

519 RSAerror(ERR_R_INTERNAL_ERROR); -

520

goto err;

never executed: goto err;

521 } -

522

}

executed 508 times by 3 tests: end of block

Executed by:

pkcs7test
rsa_test
ssltest

508

523 -

524

if (blinding != NULL) {

blinding != ((void *)0)	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-508

525

if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {

!local_blinding	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

((unblind = BN... ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

0-508

526 RSAerror(ERR_R_MALLOC_FAILURE); -

527

goto err;

never executed: goto err;

528 } -

529

if (!rsa_blinding_convert(blinding, f, unblind, ctx))

!rsa_blinding_... unblind, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-508

530

goto err;

never executed: goto err;

531

}

executed 508 times by 3 tests: end of block

Executed by:

pkcs7test
rsa_test
ssltest

508

532 -

533 /* do the decrypt */ -

534

if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||

(rsa->flags & 0x0020)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-508

535

(rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&

rsa->p != ((void *)0)	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

rsa->q != ((void *)0)	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

rsa->dmp1 != ((void *)0)	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-508

536

rsa->dmq1 != NULL && rsa->iqmp != NULL)) {

rsa->dmq1 != ((void *)0)	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

rsa->iqmp != ((void *)0)	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-508

537

if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))

!rsa->meth->rs..., f, rsa, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-508

538

goto err;

never executed: goto err;

539

} else {

executed 508 times by 3 tests: end of block

Executed by:

pkcs7test
rsa_test
ssltest

508

540 BIGNUM d; -

541 -

542 BN_init(&d); -

543 BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); -

544 -

545

if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)

rsa->flags & 0x0002	Description
TRUE	never evaluated
FALSE	never evaluated

546

if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

547

CRYPTO_LOCK_RSA, rsa->n, ctx))

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

548

goto err;

never executed: goto err;

549 -

550

if (!rsa->meth->bn_mod_exp(ret, f, &d, rsa->n, ctx,

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	never evaluated

551

rsa->_method_mod_n)) {

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	never evaluated

552

goto err;

never executed: goto err;

553 } -

554

}

never executed: end of block

555 -

556

if (blinding)

blinding	Description
TRUE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-508

557

if (!rsa_blinding_invert(blinding, ret, unblind, ctx))

!rsa_blinding_... unblind, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 508 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-508

558

goto err;

never executed: goto err;

559 -

560 p = buf; -

561 j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ -

562 -

563 switch (padding) { -

564

case RSA_PKCS1_PADDING:

executed 18 times by 3 tests: case 1:

Executed by:

pkcs7test
rsa_test
ssltest

565 r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); -

566

break;

executed 18 times by 3 tests: break;

Executed by:

pkcs7test
rsa_test
ssltest

567 #ifndef OPENSSL_NO_SHA -

568

case RSA_PKCS1_OAEP_PADDING:

executed 490 times by 1 test: case 4:

Executed by:

rsa_test

490

569 r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); -

570

break;

executed 490 times by 1 test: break;

Executed by:

rsa_test

490

571 #endif -

572

case RSA_NO_PADDING:

never executed: case 3:

573 r = RSA_padding_check_none(to, num, buf, j, num); -

574

break;

never executed: break;

575

default:

never executed: default:

576 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); -

577

goto err;

never executed: goto err;

578 } -

579

if (r < 0)

r < 0	Description
TRUE	evaluated 484 times by 1 test Evaluated by: rsa_test
FALSE	evaluated 24 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

24-484

580

RSAerror(RSA_R_PADDING_CHECK_FAILED);

executed 484 times by 1 test: ERR_put_error(4,(0xfff),(114),__FILE__,580);

Executed by:

rsa_test

484

581 -

582

err:

code before this statement executed 508 times by 3 tests: err:

Executed by:

pkcs7test
rsa_test
ssltest

508

583

if (ctx != NULL) {

ctx != ((void *)0)	Description
TRUE	evaluated 511 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	never evaluated

0-511

584 BN_CTX_end(ctx); -

585 BN_CTX_free(ctx); -

586

}

executed 511 times by 3 tests: end of block

Executed by:

pkcs7test
rsa_test
ssltest

511

587 freezero(buf, num); -

588

return r;

executed 511 times by 3 tests: return r;

Executed by:

pkcs7test
rsa_test
ssltest

511

589 } -

590 -

591 /* signature verification */ -

592 static int -

593 RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, -

594 RSA *rsa, int padding) -

595 { -

596 BIGNUM *f, *ret; -

597 int i, num = 0, r = -1; -

598 unsigned char *p; -

599 unsigned char *buf = NULL; -

600 BN_CTX *ctx = NULL; -

601 -

602

if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {

BN_num_bits(rsa->n) > 16384	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

603 RSAerror(RSA_R_MODULUS_TOO_LARGE); -

604

return -1;

never executed: return -1;

605 } -

606 -

607

if (BN_ucmp(rsa->n, rsa->e) <= 0) {

BN_ucmp(rsa->n, rsa->e) <= 0	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

608 RSAerror(RSA_R_BAD_E_VALUE); -

609

return -1;

never executed: return -1;

610 } -

611 -

612 /* for large moduli, enforce exponent limit */ -

613

if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {

BN_num_bits(rsa->n) > 3072	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

614

if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {

BN_num_bits(rsa->e) > 64	Description
TRUE	never evaluated
FALSE	never evaluated

615 RSAerror(RSA_R_BAD_E_VALUE); -

616

return -1;

never executed: return -1;

617 } -

618

}

never executed: end of block

619 -

620

if ((ctx = BN_CTX_new()) == NULL)

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

621

goto err;

never executed: goto err;

622 -

623 BN_CTX_start(ctx); -

624 f = BN_CTX_get(ctx); -

625 ret = BN_CTX_get(ctx); -

626 num = BN_num_bytes(rsa->n); -

627 buf = malloc(num); -

628 -

629

if (!f || !ret || !buf) {

!f	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

!ret	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

!buf	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

630 RSAerror(ERR_R_MALLOC_FAILURE); -

631

goto err;

never executed: goto err;

632 } -

633 -

634 /* This check was for equality but PGP does evil things -

635 * and chops off the top '0' bytes */ -

636

if (flen > num) {

flen > num	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

637 RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN); -

638

goto err;

never executed: goto err;

639 } -

640 -

641

if (BN_bin2bn(from, flen, f) == NULL)

BN_bin2bn(from...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

642

goto err;

never executed: goto err;

643 -

644

if (BN_ucmp(f, rsa->n) >= 0) {

BN_ucmp(f, rsa->n) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

645 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -

646

goto err;

never executed: goto err;

647 } -

648 -

649

if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)

rsa->flags & 0x0002	Description
TRUE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest
FALSE	never evaluated

0-120

650

if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

651

CRYPTO_LOCK_RSA, rsa->n, ctx))

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

652

goto err;

never executed: goto err;

653 -

654

if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

655

rsa->_method_mod_n))

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

656

goto err;

never executed: goto err;

657 -

658

if (padding == RSA_X931_PADDING && (ret->d[0] & 0xf) != 12)

padding == 5	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

(ret->d[0] & 0xf) != 12	Description
TRUE	never evaluated
FALSE	never evaluated

0-120

659

if (!BN_sub(ret, rsa->n, ret))

!BN_sub(ret, rsa->n, ret)	Description
TRUE	never evaluated
FALSE	never evaluated

660

goto err;

never executed: goto err;

661 -

662 p = buf; -

663 i = BN_bn2bin(ret, p); -

664 -

665 switch (padding) { -

666

case RSA_PKCS1_PADDING:

executed 120 times by 3 tests: case 1:

Executed by:

pkcs7test
ssltest
tlstest

120

667 r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); -

668

break;

executed 120 times by 3 tests: break;

Executed by:

pkcs7test
ssltest
tlstest

120

669

case RSA_X931_PADDING:

never executed: case 5:

670 r = RSA_padding_check_X931(to, num, buf, i, num); -

671

break;

never executed: break;

672

case RSA_NO_PADDING:

never executed: case 3:

673 r = RSA_padding_check_none(to, num, buf, i, num); -

674

break;

never executed: break;

675

default:

never executed: default:

676 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); -

677

goto err;

never executed: goto err;

678 } -

679

if (r < 0)

r < 0	Description
TRUE	never evaluated
FALSE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest

0-120

680

RSAerror(RSA_R_PADDING_CHECK_FAILED);

never executed: ERR_put_error(4,(0xfff),(114),__FILE__,680);

681 -

682

err:

code before this statement executed 120 times by 3 tests: err:

Executed by:

pkcs7test
ssltest
tlstest

120

683

if (ctx != NULL) {

ctx != ((void *)0)	Description
TRUE	evaluated 120 times by 3 tests Evaluated by: pkcs7test ssltest tlstest
FALSE	never evaluated

0-120

684 BN_CTX_end(ctx); -

685 BN_CTX_free(ctx); -

686

}

executed 120 times by 3 tests: end of block

Executed by:

pkcs7test
ssltest
tlstest

120

687 freezero(buf, num); -

688

return r;

executed 120 times by 3 tests: return r;

Executed by:

pkcs7test
ssltest
tlstest

120

689 } -

690 -

691 static int -

692 RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -

693 { -

694 BIGNUM *r1, *m1, *vrfy; -

695 BIGNUM dmp1, dmq1, c, pr1; -

696 int ret = 0; -

697 -

698 BN_CTX_start(ctx); -

699 r1 = BN_CTX_get(ctx); -

700 m1 = BN_CTX_get(ctx); -

701 vrfy = BN_CTX_get(ctx); -

702

if (r1 == NULL || m1 == NULL || vrfy == NULL) {

r1 == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

m1 == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

vrfy == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

703 RSAerror(ERR_R_MALLOC_FAILURE); -

704

goto err;

never executed: goto err;

705 } -

706 -

707 { -

708 BIGNUM p, q; -

709 -

710 /* -

711 * Make sure BN_mod_inverse in Montgomery intialization uses the -

712 * BN_FLG_CONSTTIME flag -

713 */ -

714 BN_init(&p); -

715 BN_init(&q); -

716 BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); -

717 BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME); -

718 -

719

if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {

rsa->flags & 0x0004	Description
TRUE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	never evaluated

0-559

720

if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,

!BN_MONT_CTX_s...p, 9, &p, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

721

CRYPTO_LOCK_RSA, &p, ctx) ||

!BN_MONT_CTX_s...p, 9, &p, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

722

!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,

!BN_MONT_CTX_s...q, 9, &q, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

723

CRYPTO_LOCK_RSA, &q, ctx)) {

!BN_MONT_CTX_s...q, 9, &q, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

724

goto err;

never executed: goto err;

725 } -

726

}

executed 559 times by 6 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

727 } -

728 -

729

if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)

rsa->flags & 0x0002	Description
TRUE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	never evaluated

0-559

730

if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

731

CRYPTO_LOCK_RSA, rsa->n, ctx))

!BN_MONT_CTX_s..., rsa->n, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

732

goto err;

never executed: goto err;

733 -

734 /* compute I mod q */ -

735 BN_init(&c); -

736 BN_with_flags(&c, I, BN_FLG_CONSTTIME); -

737 -

738

if (!BN_mod_ct(r1, &c, rsa->q, ctx))

!BN_div_ct( ((...rsa->q),(ctx))	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

739

goto err;

never executed: goto err;

740 -

741 /* compute r1^dmq1 mod q */ -

742 BN_init(&dmq1); -

743 BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME); -

744 -

745

if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx,

!rsa->meth->bn..._method_mod_q)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

746

rsa->_method_mod_q))

!rsa->meth->bn..._method_mod_q)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

747

goto err;

never executed: goto err;

748 -

749 /* compute I mod p */ -

750 BN_with_flags(&c, I, BN_FLG_CONSTTIME); -

751 -

752

if (!BN_mod_ct(r1, &c, rsa->p, ctx))

!BN_div_ct( ((...rsa->p),(ctx))	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

753

goto err;

never executed: goto err;

754 -

755 /* compute r1^dmp1 mod p */ -

756 BN_init(&dmp1); -

757 BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME); -

758 -

759

if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx,

!rsa->meth->bn..._method_mod_p)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

760

rsa->_method_mod_p))

!rsa->meth->bn..._method_mod_p)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

761

goto err;

never executed: goto err;

762 -

763

if (!BN_sub(r0, r0, m1))

!BN_sub(r0, r0, m1)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

764

goto err;

never executed: goto err;

765 -

766 /* -

767 * This will help stop the size of r0 increasing, which does -

768 * affect the multiply if it optimised for a power of 2 size -

769 */ -

770

if (BN_is_negative(r0))

((r0)->neg != 0)	Description
TRUE	evaluated 253 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest
FALSE	evaluated 306 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

253-306

771

if (!BN_add(r0, r0, rsa->p))

!BN_add(r0, r0, rsa->p)	Description
TRUE	never evaluated
FALSE	evaluated 253 times by 3 tests Evaluated by: pkcs7test rsa_test ssltest

0-253

772

goto err;

never executed: goto err;

773 -

774

if (!BN_mul(r1, r0, rsa->iqmp, ctx))

!BN_mul(r1, r0...sa->iqmp, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

775

goto err;

never executed: goto err;

776 -

777 /* Turn BN_FLG_CONSTTIME flag on before division operation */ -

778 BN_init(&pr1); -

779 BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); -

780 -

781

if (!BN_mod_ct(r0, &pr1, rsa->p, ctx))

!BN_div_ct( ((...rsa->p),(ctx))	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

782

goto err;

never executed: goto err;

783 -

784 /* -

785 * If p < q it is occasionally possible for the correction of -

786 * adding 'p' if r0 is negative above to leave the result still -

787 * negative. This can break the private key operations: the following -

788 * second correction should *always* correct this rare occurrence. -

789 * This will *never* happen with OpenSSL generated keys because -

790 * they ensure p > q [steve] -

791 */ -

792

if (BN_is_negative(r0))

((r0)->neg != 0)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

793

if (!BN_add(r0, r0, rsa->p))

!BN_add(r0, r0, rsa->p)	Description
TRUE	never evaluated
FALSE	never evaluated

794

goto err;

never executed: goto err;

795

if (!BN_mul(r1, r0, rsa->q, ctx))

!BN_mul(r1, r0, rsa->q, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

796

goto err;

never executed: goto err;

797

if (!BN_add(r0, r1, m1))

!BN_add(r0, r1, m1)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

798

goto err;

never executed: goto err;

799 -

800

if (rsa->e && rsa->n) {

rsa->e	Description
TRUE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	never evaluated

rsa->n	Description
TRUE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest
FALSE	never evaluated

0-559

801

if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

802

rsa->_method_mod_n))

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

803

goto err;

never executed: goto err;

804 /* -

805 * If 'I' was greater than (or equal to) rsa->n, the operation -

806 * will be equivalent to using 'I mod n'. However, the result of -

807 * the verify will *always* be less than 'n' so we don't check -

808 * for absolute equality, just congruency. -

809 */ -

810

if (!BN_sub(vrfy, vrfy, I))

!BN_sub(vrfy, vrfy, I)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

811

goto err;

never executed: goto err;

812

if (!BN_mod_ct(vrfy, vrfy, rsa->n, ctx))

!BN_div_ct( ((...rsa->n),(ctx))	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

813

goto err;

never executed: goto err;

814

if (BN_is_negative(vrfy))

((vrfy)->neg != 0)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

815

if (!BN_add(vrfy, vrfy, rsa->n))

!BN_add(vrfy, vrfy, rsa->n)	Description
TRUE	never evaluated
FALSE	never evaluated

816

goto err;

never executed: goto err;

817

if (!BN_is_zero(vrfy)) {

!((vrfy)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 6 tests Evaluated by: libcrypto.so.44.0.1 pkcs7test rsa_test servertest ssltest tlstest

0-559

818 /* -

819 * 'I' and 'vrfy' aren't congruent mod n. Don't leak -

820 * miscalculated CRT output, just do a raw (slower) -

821 * mod_exp and return that instead. -

822 */ -

823 BIGNUM d; -

824 -

825 BN_init(&d); -

826 BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); -

827 -

828

if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx,

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	never evaluated

829

rsa->_method_mod_n)) {

!rsa->meth->bn..._method_mod_n)	Description
TRUE	never evaluated
FALSE	never evaluated

830

goto err;

never executed: goto err;

831 } -

832

}

never executed: end of block

833

}

executed 559 times by 6 tests: end of block

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

834 ret = 1; -

835

err:

code before this statement executed 559 times by 6 tests: err:

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

836 BN_CTX_end(ctx); -

837

return ret;

executed 559 times by 6 tests: return ret;

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

559

838 } -

839 -

840 static int -

841 RSA_eay_init(RSA *rsa) -

842 { -

843 rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; -

844

return 1;

executed 256 times by 6 tests: return 1;

Executed by:

libcrypto.so.44.0.1
pkcs7test
rsa_test
servertest
ssltest
tlstest

256

845 } -

846 -

847 static int -

848 RSA_eay_finish(RSA *rsa) -

849 { -

850 BN_MONT_CTX_free(rsa->_method_mod_n); -

851 BN_MONT_CTX_free(rsa->_method_mod_p); -

852 BN_MONT_CTX_free(rsa->_method_mod_q); -

853 -

854

return 1;

executed 254 times by 5 tests: return 1;

Executed by:

libcrypto.so.44.0.1
rsa_test
servertest
ssltest
tlstest

254

855 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2