OpenCoverage

rsa_sign.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/rsa/rsa_sign.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <stdio.h> -

11 #include "internal/cryptlib.h" -

12 #include <openssl/bn.h> -

13 #include <openssl/rsa.h> -

14 #include <openssl/objects.h> -

15 #include <openssl/x509.h> -

16 #include "internal/x509_int.h" -

17 #include "rsa_locl.h" -

18 -

19 /* Size of an SSL signature: MD5+SHA1 */ -

20 #define SSL_SIG_LENGTH 36 -

21 -

22 /* -

23 * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as -

24 * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This -

25 * encodes the DigestInfo (T and tLen) but does not add the padding. -

26 * -

27 * On success, it returns one and sets |*out| to a newly allocated buffer -

28 * containing the result and |*out_len| to its length. The caller must free -

29 * |*out| with |OPENSSL_free|. Otherwise, it returns zero. -

30 */ -

31 static int encode_pkcs1(unsigned char **out, int *out_len, int type, -

32 const unsigned char *m, unsigned int m_len) -

33 { -

34 X509_SIG sig; -

35 X509_ALGOR algor; -

36 ASN1_TYPE parameter; -

37 ASN1_OCTET_STRING digest; -

38 uint8_t *der = NULL; -

39 int len; -

40 -

41 sig.algor = &algor; -

42 sig.algor->algorithm = OBJ_nid2obj(type); -

if (sig.algor->algorithm == NULL) {

sig.algor->alg...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1567 times by 1 test Evaluated by: libcrypto.so.1.1

0-1567

44 RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE); -

return 0;

never executed: return 0;

46 } -

if (OBJ_length(sig.algor->algorithm) == 0) {

OBJ_length(sig...lgorithm) == 0	Description
TRUE	never evaluated
FALSE	evaluated 1567 times by 1 test Evaluated by: libcrypto.so.1.1

0-1567

48 RSAerr(RSA_F_ENCODE_PKCS1, -

49 RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -

return 0;

never executed: return 0;

51 } -

52 parameter.type = V_ASN1_NULL; -

53 parameter.value.ptr = NULL; -

54 sig.algor->parameter = &parameter; -

55 -

56 sig.digest = &digest; -

57 sig.digest->data = (unsigned char *)m; -

58 sig.digest->length = m_len; -

59 -

60 len = i2d_X509_SIG(&sig, &der); -

if (len < 0)

len < 0	Description
TRUE	never evaluated
FALSE	evaluated 1567 times by 1 test Evaluated by: libcrypto.so.1.1

0-1567

return 0;

never executed: return 0;

63 -

64 *out = der; -

65 *out_len = len; -

return 1;

executed 1567 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

1567

67 } -

68 -

69 int RSA_sign(int type, const unsigned char *m, unsigned int m_len, -

70 unsigned char *sigret, unsigned int *siglen, RSA *rsa) -

71 { -

72 int encrypt_len, encoded_len = 0, ret = 0; -

73 unsigned char *tmps = NULL; -

74 const unsigned char *encoded = NULL; -

75 -

if (rsa->meth->rsa_sign) {

rsa->meth->rsa_sign	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 1 test Evaluated by: libcrypto.so.1.1

0-559

return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);

never executed: return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);

78 } -

79 -

80 /* Compute the encoded digest. */ -

if (type == NID_md5_sha1) {

type == 114	Description
TRUE	evaluated 381 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 178 times by 1 test Evaluated by: libcrypto.so.1.1

178-381

82 /* -

83 * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and -

84 * earlier. It has no DigestInfo wrapper but otherwise is -

85 * RSASSA-PKCS1-v1_5. -

86 */ -

if (m_len != SSL_SIG_LENGTH) {

m_len != 36	Description
TRUE	never evaluated
FALSE	evaluated 381 times by 1 test Evaluated by: libcrypto.so.1.1

0-381

88 RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH); -

return 0;

never executed: return 0;

90 } -

91 encoded_len = SSL_SIG_LENGTH; -

92 encoded = m; -

} else {

executed 381 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

381

if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len))

!encode_pkcs1(...ype, m, m_len)	Description
TRUE	never evaluated
FALSE	evaluated 178 times by 1 test Evaluated by: libcrypto.so.1.1

0-178

goto err;

never executed: goto err;

96 encoded = tmps; -

}

executed 178 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

178

98 -

if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) {

encoded_len > ...size(rsa) - 11	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 1 test Evaluated by: libcrypto.so.1.1

0-559

100 RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); -

101

goto err;

never executed: goto err;

102 } -

103 encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa, -

104 RSA_PKCS1_PADDING); -

105

if (encrypt_len <= 0)

encrypt_len <= 0	Description
TRUE	never evaluated
FALSE	evaluated 559 times by 1 test Evaluated by: libcrypto.so.1.1

0-559

106

goto err;

never executed: goto err;

107 -

108 *siglen = encrypt_len; -

109 ret = 1; -

110 -

111

err:

code before this statement executed 559 times by 1 test: err:

Executed by:

libcrypto.so.1.1

559

112 OPENSSL_clear_free(tmps, (size_t)encoded_len); -

113

return ret;

executed 559 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

559

114 } -

115 -

116 /* -

117 * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be -

118 * called in two modes. If |rm| is NULL, it verifies the signature for digest -

119 * |m|. Otherwise, it recovers the digest from the signature, writing the digest -

120 * to |rm| and the length to |*prm_len|. |type| is the NID of the digest -

121 * algorithm to use. It returns one on successful verification and zero -

122 * otherwise. -

123 */ -

124 int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, -

125 unsigned char *rm, size_t *prm_len, -

126 const unsigned char *sigbuf, size_t siglen, RSA *rsa) -

127 { -

128 int decrypt_len, ret = 0, encoded_len = 0; -

129 unsigned char *decrypt_buf = NULL, *encoded = NULL; -

130 -

131

if (siglen != (size_t)RSA_size(rsa)) {

siglen != (siz...)RSA_size(rsa)	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1766 times by 1 test Evaluated by: libcrypto.so.1.1

3-1766

132 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); -

133

return 0;

executed 3 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

134 } -

135 -

136 /* Recover the encoded digest. */ -

137 decrypt_buf = OPENSSL_malloc(siglen); -

138

if (decrypt_buf == NULL) {

decrypt_buf == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1766 times by 1 test Evaluated by: libcrypto.so.1.1

0-1766

139 RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE); -

140

goto err;

never executed: goto err;

141 } -

142 -

143 decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa, -

144 RSA_PKCS1_PADDING); -

145

if (decrypt_len <= 0)

decrypt_len <= 0	Description
TRUE	evaluated 23 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1743 times by 1 test Evaluated by: libcrypto.so.1.1

23-1743

146

goto err;

executed 23 times by 1 test: goto err;

Executed by:

libcrypto.so.1.1

147 -

148

if (type == NID_md5_sha1) {

type == 114	Description
TRUE	evaluated 350 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1393 times by 1 test Evaluated by: libcrypto.so.1.1

350-1393

149 /* -

150 * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and -

151 * earlier. It has no DigestInfo wrapper but otherwise is -

152 * RSASSA-PKCS1-v1_5. -

153 */ -

154

if (decrypt_len != SSL_SIG_LENGTH) {

decrypt_len != 36	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 347 times by 1 test Evaluated by: libcrypto.so.1.1

3-347

155 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -

156

goto err;

executed 3 times by 1 test: goto err;

Executed by:

libcrypto.so.1.1

157 } -

158 -

159

if (rm != NULL) {

rm != ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 346 times by 1 test Evaluated by: libcrypto.so.1.1

1-346

160 memcpy(rm, decrypt_buf, SSL_SIG_LENGTH); -

161 *prm_len = SSL_SIG_LENGTH; -

162

} else {

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

163

if (m_len != SSL_SIG_LENGTH) {

m_len != 36	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 345 times by 1 test Evaluated by: libcrypto.so.1.1

1-345

164 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); -

165

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libcrypto.so.1.1

166 } -

167 -

168

if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) {

memcmp(decrypt...f, m, 36) != 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 343 times by 1 test Evaluated by: libcrypto.so.1.1

2-343

169 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -

170

goto err;

executed 2 times by 1 test: goto err;

Executed by:

libcrypto.so.1.1

171 } -

172

}

executed 343 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

343

173

} else if (type == NID_mdc2 && decrypt_len == 2 + 16

type == 95	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1384 times by 1 test Evaluated by: libcrypto.so.1.1

decrypt_len == 2 + 16	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 5 times by 1 test Evaluated by: libcrypto.so.1.1

4-1384

174

&& decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) {

decrypt_buf[0] == 0x04	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

decrypt_buf[1] == 0x10	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-4

175 /* -

176 * Oddball MDC2 case: signature can be OCTET STRING. check for correct -

177 * tag and length octets. -

178 */ -

179

if (rm != NULL) {

rm != ((void *)0)	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1

1-3

180 memcpy(rm, decrypt_buf + 2, 16); -

181 *prm_len = 16; -

182

} else {

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

183

if (m_len != 16) {

m_len != 16	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

1-2

184 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); -

185

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libcrypto.so.1.1

186 } -

187 -

188

if (memcmp(m, decrypt_buf + 2, 16) != 0) {

memcmp(m, decr... + 2, 16) != 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1

189 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -

190

goto err;

executed 1 time by 1 test: goto err;

Executed by:

libcrypto.so.1.1

191 } -

192

}

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

193 } else { -

194 /* -

195 * If recovering the digest, extract a digest-sized output from the end -

196 * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption -

197 * output as in a standard verification. -

198 */ -

199

if (rm != NULL) {

rm != ((void *)0)	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1382 times by 1 test Evaluated by: libcrypto.so.1.1

7-1382

200 const EVP_MD *md = EVP_get_digestbynid(type); -

201

if (md == NULL) {

md == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libcrypto.so.1.1

0-7

202 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE); -

203

goto err;

never executed: goto err;

204 } -

205 -

206 m_len = EVP_MD_size(md); -

207

if (m_len > (size_t)decrypt_len) {

m_len > (size_t)decrypt_len	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: libcrypto.so.1.1

0-7

208 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); -

209

goto err;

never executed: goto err;

210 } -

211 m = decrypt_buf + decrypt_len - m_len; -

212

}

executed 7 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

213 -

214 /* Construct the encoded digest and ensure it matches. */ -

215

if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len))

!encode_pkcs1(...ype, m, m_len)	Description
TRUE	never evaluated
FALSE	evaluated 1389 times by 1 test Evaluated by: libcrypto.so.1.1

0-1389

216

goto err;

never executed: goto err;

217 -

218

if (encoded_len != decrypt_len

encoded_len != decrypt_len	Description
TRUE	evaluated 11 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1378 times by 1 test Evaluated by: libcrypto.so.1.1

11-1378

219

|| memcmp(encoded, decrypt_buf, encoded_len) != 0) {

memcmp(encoded...oded_len) != 0	Description
TRUE	evaluated 18 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1360 times by 1 test Evaluated by: libcrypto.so.1.1

18-1360

220 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -

221

goto err;

executed 29 times by 1 test: goto err;

Executed by:

libcrypto.so.1.1

222 } -

223 -

224 /* Output the recovered digest. */ -

225

if (rm != NULL) {

rm != ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1358 times by 1 test Evaluated by: libcrypto.so.1.1

2-1358

226 memcpy(rm, m, m_len); -

227 *prm_len = m_len; -

228

}

executed 2 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

229

}

executed 1360 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

1360

230 -

231 ret = 1; -

232 -

233

err:

code before this statement executed 1706 times by 1 test: err:

Executed by:

libcrypto.so.1.1

1706

234 OPENSSL_clear_free(encoded, (size_t)encoded_len); -

235 OPENSSL_clear_free(decrypt_buf, siglen); -

236

return ret;

executed 1766 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

1766

237 } -

238 -

239 int RSA_verify(int type, const unsigned char *m, unsigned int m_len, -

240 const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) -

241 { -

242 -

243

if (rsa->meth->rsa_verify) {

rsa->meth->rsa_verify	Description
TRUE	never evaluated
FALSE	evaluated 1758 times by 1 test Evaluated by: libcrypto.so.1.1

0-1758

244

return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);

never executed: return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);

245 } -

246 -

247

return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);

executed 1758 times by 1 test: return int_rsa_verify(type, m, m_len, ((void *)0) , ((void *)0) , sigbuf, siglen, rsa);

Executed by:

libcrypto.so.1.1

1758

248 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2