OpenCoverage

rsa_chk.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/rsa/rsa_chk.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: rsa_chk.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */-
2/* ====================================================================-
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.-
4 *-
5 * Redistribution and use in source and binary forms, with or without-
6 * modification, are permitted provided that the following conditions-
7 * are met:-
8 *-
9 * 1. Redistributions of source code must retain the above copyright-
10 * notice, this list of conditions and the following disclaimer.-
11 *-
12 * 2. Redistributions in binary form must reproduce the above copyright-
13 * notice, this list of conditions and the following disclaimer in-
14 * the documentation and/or other materials provided with the-
15 * distribution.-
16 *-
17 * 3. All advertising materials mentioning features or use of this-
18 * software must display the following acknowledgment:-
19 * "This product includes software developed by the OpenSSL Project-
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
21 *-
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
23 * endorse or promote products derived from this software without-
24 * prior written permission. For written permission, please contact-
25 * openssl-core@OpenSSL.org.-
26 *-
27 * 5. Products derived from this software may not be called "OpenSSL"-
28 * nor may "OpenSSL" appear in their names without prior written-
29 * permission of the OpenSSL Project.-
30 *-
31 * 6. Redistributions of any form whatsoever must retain the following-
32 * acknowledgment:-
33 * "This product includes software developed by the OpenSSL Project-
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
35 *-
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
47 * OF THE POSSIBILITY OF SUCH DAMAGE.-
48 * ====================================================================-
49 */-
50-
51#include <openssl/bn.h>-
52#include <openssl/err.h>-
53#include <openssl/rsa.h>-
54-
55#include "bn_lcl.h"-
56-
57int-
58RSA_check_key(const RSA *key)-
59{-
60 BIGNUM *i, *j, *k, *l, *m;-
61 BN_CTX *ctx;-
62 int r;-
63 int ret = 1;-
64-
65 if (!key->p || !key->q || !key->n || !key->e || !key->d) {
!key->pDescription
TRUEnever evaluated
FALSEnever evaluated
!key->qDescription
TRUEnever evaluated
FALSEnever evaluated
!key->nDescription
TRUEnever evaluated
FALSEnever evaluated
!key->eDescription
TRUEnever evaluated
FALSEnever evaluated
!key->dDescription
TRUEnever evaluated
FALSEnever evaluated
0
66 RSAerror(RSA_R_VALUE_MISSING);-
67 return 0;
never executed: return 0;
0
68 }-
69-
70 i = BN_new();-
71 j = BN_new();-
72 k = BN_new();-
73 l = BN_new();-
74 m = BN_new();-
75 ctx = BN_CTX_new();-
76 if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL ||
i == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
j == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
k == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
l == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
m == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
77 ctx == NULL) {
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
78 ret = -1;-
79 RSAerror(ERR_R_MALLOC_FAILURE);-
80 goto err;
never executed: goto err;
0
81 }-
82-
83 /* p prime? */-
84 r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);-
85 if (r != 1) {
r != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
86 ret = r;-
87 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
88 goto err;
never executed: goto err;
0
89 RSAerror(RSA_R_P_NOT_PRIME);-
90 }
never executed: end of block
0
91-
92 /* q prime? */-
93 r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);-
94 if (r != 1) {
r != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
95 ret = r;-
96 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
97 goto err;
never executed: goto err;
0
98 RSAerror(RSA_R_Q_NOT_PRIME);-
99 }
never executed: end of block
0
100-
101 /* n = p*q? */-
102 r = BN_mul(i, key->p, key->q, ctx);-
103 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
104 ret = -1;-
105 goto err;
never executed: goto err;
0
106 }-
107-
108 if (BN_cmp(i, key->n) != 0) {
BN_cmp(i, key->n) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
109 ret = 0;-
110 RSAerror(RSA_R_N_DOES_NOT_EQUAL_P_Q);-
111 }
never executed: end of block
0
112-
113 /* d*e = 1 mod lcm(p-1,q-1)? */-
114-
115 r = BN_sub(i, key->p, BN_value_one());-
116 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
117 ret = -1;-
118 goto err;
never executed: goto err;
0
119 }-
120 r = BN_sub(j, key->q, BN_value_one());-
121 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
122 ret = -1;-
123 goto err;
never executed: goto err;
0
124 }-
125-
126 /* now compute k = lcm(i,j) */-
127 r = BN_mul(l, i, j, ctx);-
128 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
129 ret = -1;-
130 goto err;
never executed: goto err;
0
131 }-
132 r = BN_gcd_ct(m, i, j, ctx);-
133 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
134 ret = -1;-
135 goto err;
never executed: goto err;
0
136 }-
137 r = BN_div_ct(k, NULL, l, m, ctx); /* remainder is 0 */-
138 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
139 ret = -1;-
140 goto err;
never executed: goto err;
0
141 }-
142-
143 r = BN_mod_mul(i, key->d, key->e, k, ctx);-
144 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
145 ret = -1;-
146 goto err;
never executed: goto err;
0
147 }-
148-
149 if (!BN_is_one(i)) {
(((i))->top == 1)Description
TRUEnever evaluated
FALSEnever evaluated
(((i))->d[0] =...gned long)(1))Description
TRUEnever evaluated
FALSEnever evaluated
((1) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
(((i))->top == 0)Description
TRUEnever evaluated
FALSEnever evaluated
!(i)->negDescription
TRUEnever evaluated
FALSEnever evaluated
0
150 ret = 0;-
151 RSAerror(RSA_R_D_E_NOT_CONGRUENT_TO_1);-
152 }
never executed: end of block
0
153-
154 if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
key->dmp1 != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
key->dmq1 != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
key->iqmp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
155 /* dmp1 = d mod (p-1)? */-
156 r = BN_sub(i, key->p, BN_value_one());-
157 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
158 ret = -1;-
159 goto err;
never executed: goto err;
0
160 }-
161-
162 r = BN_mod_ct(j, key->d, i, ctx);-
163 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
164 ret = -1;-
165 goto err;
never executed: goto err;
0
166 }-
167-
168 if (BN_cmp(j, key->dmp1) != 0) {
BN_cmp(j, key->dmp1) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
169 ret = 0;-
170 RSAerror(RSA_R_DMP1_NOT_CONGRUENT_TO_D);-
171 }
never executed: end of block
0
172-
173 /* dmq1 = d mod (q-1)? */-
174 r = BN_sub(i, key->q, BN_value_one());-
175 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
176 ret = -1;-
177 goto err;
never executed: goto err;
0
178 }-
179-
180 r = BN_mod_ct(j, key->d, i, ctx);-
181 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
182 ret = -1;-
183 goto err;
never executed: goto err;
0
184 }-
185-
186 if (BN_cmp(j, key->dmq1) != 0) {
BN_cmp(j, key->dmq1) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
187 ret = 0;-
188 RSAerror(RSA_R_DMQ1_NOT_CONGRUENT_TO_D);-
189 }
never executed: end of block
0
190-
191 /* iqmp = q^-1 mod p? */-
192 if (!BN_mod_inverse_ct(i, key->q, key->p, ctx)) {
!BN_mod_invers..., key->p, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
193 ret = -1;-
194 goto err;
never executed: goto err;
0
195 }-
196-
197 if (BN_cmp(i, key->iqmp) != 0) {
BN_cmp(i, key->iqmp) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
198 ret = 0;-
199 RSAerror(RSA_R_IQMP_NOT_INVERSE_OF_Q);-
200 }
never executed: end of block
0
201 }
never executed: end of block
0
202-
203err:
code before this statement never executed: err:
0
204 BN_free(i);-
205 BN_free(j);-
206 BN_free(k);-
207 BN_free(l);-
208 BN_free(m);-
209 BN_CTX_free(ctx);-
210-
211 return (ret);
never executed: return (ret);
0
212}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2