OpenCoverage

e_rc4_hmac_md5.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/evp/e_rc4_hmac_md5.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: e_rc4_hmac_md5.c,v 1.8 2017/01/31 13:17:21 inoguchi Exp $ */-
2/* ====================================================================-
3 * Copyright (c) 2011 The OpenSSL Project. All rights reserved.-
4 *-
5 * Redistribution and use in source and binary forms, with or without-
6 * modification, are permitted provided that the following conditions-
7 * are met:-
8 *-
9 * 1. Redistributions of source code must retain the above copyright-
10 * notice, this list of conditions and the following disclaimer.-
11 *-
12 * 2. Redistributions in binary form must reproduce the above copyright-
13 * notice, this list of conditions and the following disclaimer in-
14 * the documentation and/or other materials provided with the-
15 * distribution.-
16 *-
17 * 3. All advertising materials mentioning features or use of this-
18 * software must display the following acknowledgment:-
19 * "This product includes software developed by the OpenSSL Project-
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
21 *-
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
23 * endorse or promote products derived from this software without-
24 * prior written permission. For written permission, please contact-
25 * licensing@OpenSSL.org.-
26 *-
27 * 5. Products derived from this software may not be called "OpenSSL"-
28 * nor may "OpenSSL" appear in their names without prior written-
29 * permission of the OpenSSL Project.-
30 *-
31 * 6. Redistributions of any form whatsoever must retain the following-
32 * acknowledgment:-
33 * "This product includes software developed by the OpenSSL Project-
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
35 *-
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
47 * OF THE POSSIBILITY OF SUCH DAMAGE.-
48 * ====================================================================-
49 */-
50-
51#include <stdio.h>-
52#include <string.h>-
53-
54#include <openssl/opensslconf.h>-
55-
56#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)-
57-
58#include <openssl/evp.h>-
59#include <openssl/objects.h>-
60#include <openssl/rc4.h>-
61#include <openssl/md5.h>-
62-
63/* FIXME: surely this is available elsewhere? */-
64#define EVP_RC4_KEY_SIZE 16-
65-
66typedef struct {-
67 RC4_KEY ks;-
68 MD5_CTX head, tail, md;-
69 size_t payload_length;-
70} EVP_RC4_HMAC_MD5;-
71-
72#define NO_PAYLOAD_LENGTH ((size_t)-1)-
73-
74void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,-
75 MD5_CTX *ctx, const void *inp, size_t blocks);-
76-
77#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)-
78-
79static int-
80rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey,-
81 const unsigned char *iv, int enc)-
82{-
83 EVP_RC4_HMAC_MD5 *key = data(ctx);-
84-
85 RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);-
86-
87 MD5_Init(&key->head); /* handy when benchmarking */-
88 key->tail = key->head;-
89 key->md = key->head;-
90-
91 key->payload_length = NO_PAYLOAD_LENGTH;-
92-
93 return 1;
never executed: return 1;
0
94}-
95-
96#if !defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) && ( \-
97 defined(__x86_64) || defined(__x86_64__) || \-
98 defined(_M_AMD64) || defined(_M_X64) || \-
99 defined(__INTEL__) ) && \-
100 !(defined(__APPLE__) && defined(__MACH__))-
101#define STITCHED_CALL-
102#include "x86_arch.h"-
103#endif-
104-
105#if !defined(STITCHED_CALL)-
106#define rc4_off 0-
107#define md5_off 0-
108#endif-
109-
110static int-
111rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
112 const unsigned char *in, size_t len)-
113{-
114 EVP_RC4_HMAC_MD5 *key = data(ctx);-
115#if defined(STITCHED_CALL)-
116 size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */-
117 md5_off = MD5_CBLOCK - key->md.num,-
118 blocks;-
119 unsigned int l;-
120#endif-
121 size_t plen = key->payload_length;-
122-
123 if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
plen != ((size_t)-1)Description
TRUEnever evaluated
FALSEnever evaluated
len != (plen + 16)Description
TRUEnever evaluated
FALSEnever evaluated
0
124 return 0;
never executed: return 0;
0
125-
126 if (ctx->encrypt) {
ctx->encryptDescription
TRUEnever evaluated
FALSEnever evaluated
0
127 if (plen == NO_PAYLOAD_LENGTH)
plen == ((size_t)-1)Description
TRUEnever evaluated
FALSEnever evaluated
0
128 plen = len;
never executed: plen = len;
0
129#if defined(STITCHED_CALL)-
130 /* cipher has to "fall behind" */-
131 if (rc4_off > md5_off)-
132 md5_off += MD5_CBLOCK;-
133-
134 if (plen > md5_off &&-
135 (blocks = (plen - md5_off) / MD5_CBLOCK) &&-
136 (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {-
137 MD5_Update(&key->md, in, md5_off);-
138 RC4(&key->ks, rc4_off, in, out);-
139-
140 rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,-
141 &key->md, in + md5_off, blocks);-
142 blocks *= MD5_CBLOCK;-
143 rc4_off += blocks;-
144 md5_off += blocks;-
145 key->md.Nh += blocks >> 29;-
146 key->md.Nl += blocks <<= 3;-
147 if (key->md.Nl < (unsigned int)blocks)-
148 key->md.Nh++;-
149 } else {-
150 rc4_off = 0;-
151 md5_off = 0;-
152 }-
153#endif-
154 MD5_Update(&key->md, in + md5_off, plen - md5_off);-
155-
156 if (plen!=len) { /* "TLS" mode of operation */
plen!=lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
157 if (in != out)
in != outDescription
TRUEnever evaluated
FALSEnever evaluated
0
158 memcpy(out + rc4_off, in + rc4_off,
never executed: memcpy(out + 0, in + 0, plen - 0);
0
159 plen - rc4_off);
never executed: memcpy(out + 0, in + 0, plen - 0);
0
160-
161 /* calculate HMAC and append it to payload */-
162 MD5_Final(out + plen, &key->md);-
163 key->md = key->tail;-
164 MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH);-
165 MD5_Final(out + plen, &key->md);-
166-
167 /* encrypt HMAC at once */-
168 RC4(&key->ks, len - rc4_off, out + rc4_off,-
169 out + rc4_off);-
170 } else {
never executed: end of block
0
171 RC4(&key->ks, len - rc4_off, in + rc4_off,-
172 out + rc4_off);-
173 }
never executed: end of block
0
174 } else {-
175 unsigned char mac[MD5_DIGEST_LENGTH];-
176#if defined(STITCHED_CALL)-
177 /* digest has to "fall behind" */-
178 if (md5_off > rc4_off)-
179 rc4_off += 2*MD5_CBLOCK;-
180 else-
181 rc4_off += MD5_CBLOCK;-
182-
183 if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&-
184 (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {-
185 RC4(&key->ks, rc4_off, in, out);-
186 MD5_Update(&key->md, out, md5_off);-
187-
188 rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,-
189 &key->md, out + md5_off, blocks);-
190 blocks *= MD5_CBLOCK;-
191 rc4_off += blocks;-
192 md5_off += blocks;-
193 l = (key->md.Nl + (blocks << 3)) & 0xffffffffU;-
194 if (l < key->md.Nl)-
195 key->md.Nh++;-
196 key->md.Nl = l;-
197 key->md.Nh += blocks >> 29;-
198 } else {-
199 md5_off = 0;-
200 rc4_off = 0;-
201 }-
202#endif-
203 /* decrypt HMAC at once */-
204 RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);-
205 if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
plen!=((size_t)-1)Description
TRUEnever evaluated
FALSEnever evaluated
0
206 MD5_Update(&key->md, out + md5_off, plen - md5_off);-
207-
208 /* calculate HMAC and verify it */-
209 MD5_Final(mac, &key->md);-
210 key->md = key->tail;-
211 MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);-
212 MD5_Final(mac, &key->md);-
213-
214 if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
memcmp(out + plen, mac, 16)Description
TRUEnever evaluated
FALSEnever evaluated
0
215 return 0;
never executed: return 0;
0
216 } else {
never executed: end of block
0
217 MD5_Update(&key->md, out + md5_off, len - md5_off);-
218 }
never executed: end of block
0
219 }-
220-
221 key->payload_length = NO_PAYLOAD_LENGTH;-
222-
223 return 1;
never executed: return 1;
0
224}-
225-
226static int-
227rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)-
228{-
229 EVP_RC4_HMAC_MD5 *key = data(ctx);-
230-
231 switch (type) {-
232 case EVP_CTRL_AEAD_SET_MAC_KEY:
never executed: case 0x17:
0
233 {-
234 unsigned int i;-
235 unsigned char hmac_key[64];-
236-
237 memset (hmac_key, 0, sizeof(hmac_key));-
238-
239 if (arg > (int)sizeof(hmac_key)) {
arg > (int)sizeof(hmac_key)Description
TRUEnever evaluated
FALSEnever evaluated
0
240 MD5_Init(&key->head);-
241 MD5_Update(&key->head, ptr, arg);-
242 MD5_Final(hmac_key, &key->head);-
243 } else {
never executed: end of block
0
244 memcpy(hmac_key, ptr, arg);-
245 }
never executed: end of block
0
246-
247 for (i = 0; i < sizeof(hmac_key); i++)
i < sizeof(hmac_key)Description
TRUEnever evaluated
FALSEnever evaluated
0
248 hmac_key[i] ^= 0x36; /* ipad */
never executed: hmac_key[i] ^= 0x36;
0
249 MD5_Init(&key->head);-
250 MD5_Update(&key->head, hmac_key, sizeof(hmac_key));-
251-
252 for (i = 0; i < sizeof(hmac_key); i++)
i < sizeof(hmac_key)Description
TRUEnever evaluated
FALSEnever evaluated
0
253 hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
never executed: hmac_key[i] ^= 0x36 ^ 0x5c;
0
254 MD5_Init(&key->tail);-
255 MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));-
256-
257 return 1;
never executed: return 1;
0
258 }-
259 case EVP_CTRL_AEAD_TLS1_AAD:
never executed: case 0x16:
0
260 {-
261 unsigned char *p = ptr;-
262 unsigned int len = p[arg - 2] << 8 | p[arg - 1];-
263-
264 if (!ctx->encrypt) {
!ctx->encryptDescription
TRUEnever evaluated
FALSEnever evaluated
0
265 if (len < MD5_DIGEST_LENGTH)
len < 16Description
TRUEnever evaluated
FALSEnever evaluated
0
266 return -1;
never executed: return -1;
0
267 len -= MD5_DIGEST_LENGTH;-
268 p[arg - 2] = len >> 8;-
269 p[arg - 1] = len;-
270 }
never executed: end of block
0
271 key->payload_length = len;-
272 key->md = key->head;-
273 MD5_Update(&key->md, p, arg);-
274-
275 return MD5_DIGEST_LENGTH;
never executed: return 16;
0
276 }-
277 default:
never executed: default:
0
278 return -1;
never executed: return -1;
0
279 }-
280}-
281-
282static EVP_CIPHER r4_hmac_md5_cipher = {-
283#ifdef NID_rc4_hmac_md5-
284 NID_rc4_hmac_md5,-
285#else-
286 NID_undef,-
287#endif-
288 1, EVP_RC4_KEY_SIZE, 0,-
289 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,-
290 rc4_hmac_md5_init_key,-
291 rc4_hmac_md5_cipher,-
292 NULL,-
293 sizeof(EVP_RC4_HMAC_MD5),-
294 NULL,-
295 NULL,-
296 rc4_hmac_md5_ctrl,-
297 NULL-
298};-
299-
300const EVP_CIPHER *-
301EVP_rc4_hmac_md5(void)-
302{-
303 return (&r4_hmac_md5_cipher);
executed 625 times by 33 tests: return (&r4_hmac_md5_cipher);
Executed by:
  • asn1test
  • base64test
  • bnaddsub
  • bntest
  • cipher_list
  • cipherstest
  • clienttest
  • configtest
  • dhtest
  • dsatest
  • ecdhtest
  • ecdsatest
  • ectest
  • enginetest
  • evptest
  • exptest
  • gost2814789t
  • hkdftest
  • keypairtest
  • libcrypto.so.44.0.1
  • mont
  • pbkdf2
  • pkcs7test
  • rc4test
  • rsa_test
  • ...
625
304}-
305#endif-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2