OpenCoverage

rand_lib.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/rand/rand_lib.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <stdio.h> -

11 #include <time.h> -

12 #include "internal/cryptlib.h" -

13 #include <openssl/opensslconf.h> -

14 #include "internal/rand_int.h" -

15 #include <openssl/engine.h> -

16 #include "internal/thread_once.h" -

17 #include "rand_lcl.h" -

18 #include "e_os.h" -

19 -

20 #ifndef OPENSSL_NO_ENGINE -

21 /* non-NULL if default_RAND_meth is ENGINE-provided */ -

22 static ENGINE *funct_ref; -

23 static CRYPTO_RWLOCK *rand_engine_lock; -

24 #endif -

25 static CRYPTO_RWLOCK *rand_meth_lock; -

26 static const RAND_METHOD *default_RAND_meth; -

27 static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; -

28 -

29 int rand_fork_count; -

30 -

31 static CRYPTO_RWLOCK *rand_nonce_lock; -

32 static int rand_nonce_count; -

33 -

34 static int rand_cleaning_up = 0; -

35 -

36 #ifdef OPENSSL_RAND_SEED_RDTSC -

37 /* -

38 * IMPORTANT NOTE: It is not currently possible to use this code -

39 * because we are not sure about the amount of randomness it provides. -

40 * Some SP900 tests have been run, but there is internal skepticism. -

41 * So for now this code is not used. -

42 */ -

43 # error "RDTSC enabled? Should not be possible!" -

44 -

45 /* -

46 * Acquire entropy from high-speed clock -

47 * -

48 * Since we get some randomness from the low-order bits of the -

49 * high-speed clock, it can help. -

50 * -

51 * Returns the total entropy count, if it exceeds the requested -

52 * entropy count. Otherwise, returns an entropy count of 0. -

53 */ -

54 size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool) -

55 { -

56 unsigned char c; -

57 int i; -

58 -

59 if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) { -

60 for (i = 0; i < TSC_READ_COUNT; i++) { -

61 c = (unsigned char)(OPENSSL_rdtsc() & 0xFF); -

62 rand_pool_add(pool, &c, 1, 4); -

63 } -

64 } -

65 return rand_pool_entropy_available(pool); -

66 } -

67 #endif -

68 -

69 #ifdef OPENSSL_RAND_SEED_RDCPU -

70 size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); -

71 size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); -

72 -

73 extern unsigned int OPENSSL_ia32cap_P[]; -

74 -

75 /* -

76 * Acquire entropy using Intel-specific cpu instructions -

77 * -

78 * Uses the RDSEED instruction if available, otherwise uses -

79 * RDRAND if available. -

80 * -

81 * For the differences between RDSEED and RDRAND, and why RDSEED -

82 * is the preferred choice, see https://goo.gl/oK3KcN -

83 * -

84 * Returns the total entropy count, if it exceeds the requested -

85 * entropy count. Otherwise, returns an entropy count of 0. -

86 */ -

87 size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) -

88 { -

89 size_t bytes_needed; -

90 unsigned char *buffer; -

91 -

92 bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); -

93 if (bytes_needed > 0) { -

94 buffer = rand_pool_add_begin(pool, bytes_needed); -

95 -

96 if (buffer != NULL) { -

97 /* Whichever comes first, use RDSEED, RDRAND or nothing */ -

98 if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) { -

99 if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed) -

100 == bytes_needed) { -

101 rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); -

102 } -

103 } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) { -

104 if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed) -

105 == bytes_needed) { -

106 rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); -

107 } -

108 } else { -

109 rand_pool_add_end(pool, 0, 0); -

110 } -

111 } -

112 } -

113 -

114 return rand_pool_entropy_available(pool); -

115 } -

116 #endif -

117 -

118 -

119 /* -

120 * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks()) -

121 * -

122 * If the DRBG has a parent, then the required amount of entropy input -

123 * is fetched using the parent's RAND_DRBG_generate(). -

124 * -

125 * Otherwise, the entropy is polled from the system entropy sources -

126 * using rand_pool_acquire_entropy(). -

127 * -

128 * If a random pool has been added to the DRBG using RAND_add(), then -

129 * its entropy will be used up first. -

130 */ -

131 size_t rand_drbg_get_entropy(RAND_DRBG *drbg, -

132 unsigned char **pout, -

133 int entropy, size_t min_len, size_t max_len, -

134 int prediction_resistance) -

135 { -

136 size_t ret = 0; -

137 size_t entropy_available = 0; -

138 RAND_POOL *pool; -

139 -

140

if (drbg->parent && drbg->strength > drbg->parent->strength) {

drbg->parent	Description
TRUE	evaluated 1057 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 799 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

drbg->strength...rent->strength	Description
TRUE	never evaluated
FALSE	evaluated 1056 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1057

141 /* -

142 * We currently don't support the algorithm from NIST SP 800-90C -

143 * 10.1.2 to use a weaker DRBG as source -

144 */ -

145 RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK); -

146

return 0;

never executed: return 0;

147 } -

148 -

149 pool = rand_pool_new(entropy, min_len, max_len); -

150

if (pool == NULL)

pool == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1856 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1856

151

return 0;

never executed: return 0;

152 -

153

if (drbg->pool) {

drbg->pool	Description
TRUE	evaluated 19 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1837 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

19-1837

154 rand_pool_add(pool, -

155 rand_pool_buffer(drbg->pool), -

156 rand_pool_length(drbg->pool), -

157 rand_pool_entropy(drbg->pool)); -

158 rand_pool_free(drbg->pool); -

159 drbg->pool = NULL; -

160

}

executed 19 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

161 -

162

if (drbg->parent) {

drbg->parent	Description
TRUE	evaluated 1057 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 799 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

799-1057

163 size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); -

164 unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed); -

165 -

166

if (buffer != NULL) {

buffer != ((void *)0)	Description
TRUE	evaluated 1057 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	never evaluated

0-1057

167 size_t bytes = 0; -

168 -

169 /* -

170 * Get random from parent, include our state as additional input. -

171 * Our lock is already held, but we need to lock our parent before -

172 * generating bits from it. (Note: taking the lock will be a no-op -

173 * if locking if drbg->parent->lock == NULL.) -

174 */ -

175 rand_drbg_lock(drbg->parent); -

176

if (RAND_DRBG_generate(drbg->parent,

RAND_DRBG_gene...*)0) , 0) != 0	Description
TRUE	evaluated 1055 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

2-1055

177

buffer, bytes_needed,

RAND_DRBG_gene...*)0) , 0) != 0	Description
TRUE	evaluated 1055 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

2-1055

178

prediction_resistance,

RAND_DRBG_gene...*)0) , 0) != 0	Description
TRUE	evaluated 1055 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

2-1055

179

NULL, 0) != 0)

RAND_DRBG_gene...*)0) , 0) != 0	Description
TRUE	evaluated 1055 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

2-1055

180

bytes = bytes_needed;

executed 1055 times by 2 tests: bytes = bytes_needed;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1055

181 rand_drbg_unlock(drbg->parent); -

182 -

183 rand_pool_add_end(pool, bytes, 8 * bytes); -

184 entropy_available = rand_pool_entropy_available(pool); -

185

}

executed 1057 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1057

186 -

187

} else {

executed 1057 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1057

188

if (prediction_resistance) {

prediction_resistance	Description
TRUE	never evaluated
FALSE	evaluated 799 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-799

189 /* -

190 * We don't have any entropy sources that comply with the NIST -

191 * standard to provide prediction resistance (see NIST SP 800-90C, -

192 * Section 5.4). -

193 */ -

194 RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, -

195 RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED); -

196

goto err;

never executed: goto err;

197 } -

198 -

199 /* Get entropy by polling system entropy sources. */ -

200 entropy_available = rand_pool_acquire_entropy(pool); -

201

}

executed 799 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

799

202 -

203

if (entropy_available > 0) {

entropy_available > 0	Description
TRUE	evaluated 1854 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

2-1854

204 ret = rand_pool_length(pool); -

205 *pout = rand_pool_detach(pool); -

206

}

executed 1854 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1854

207 -

208

err:

code before this statement executed 1856 times by 2 tests: err:

Executed by:

libcrypto.so.1.1
sm2_internal_test

1856

209 rand_pool_free(pool); -

210

return ret;

executed 1856 times by 2 tests: return ret;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1856

211 } -

212 -

213 /* -

214 * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks()) -

215 * -

216 */ -

217 void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, -

218 unsigned char *out, size_t outlen) -

219 { -

220 OPENSSL_secure_clear_free(out, outlen); -

221

}

executed 1854 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1854

222 -

223 -

224 /* -

225 * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks()) -

226 * -

227 */ -

228 size_t rand_drbg_get_nonce(RAND_DRBG *drbg, -

229 unsigned char **pout, -

230 int entropy, size_t min_len, size_t max_len) -

231 { -

232 size_t ret = 0; -

233 RAND_POOL *pool; -

234 -

235 struct { -

236 void * instance; -

237 int count; -

238 } data = { 0 }; -

239 -

240 pool = rand_pool_new(0, min_len, max_len); -

241

if (pool == NULL)

pool == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 781 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-781

242

return 0;

never executed: return 0;

243 -

244

if (rand_pool_add_nonce_data(pool) == 0)

rand_pool_add_...ata(pool) == 0	Description
TRUE	never evaluated
FALSE	evaluated 781 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-781

245

goto err;

never executed: goto err;

246 -

247 data.instance = drbg; -

248 CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock); -

249 -

250

if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)

rand_pool_add(...data), 0) == 0	Description
TRUE	never evaluated
FALSE	evaluated 781 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-781

251

goto err;

never executed: goto err;

252 -

253 ret = rand_pool_length(pool); -

254 *pout = rand_pool_detach(pool); -

255 -

256

err:

code before this statement executed 781 times by 2 tests: err:

Executed by:

libcrypto.so.1.1
sm2_internal_test

781

257 rand_pool_free(pool); -

258 -

259

return ret;

executed 781 times by 2 tests: return ret;

Executed by:

libcrypto.so.1.1
sm2_internal_test

781

260 } -

261 -

262 /* -

263 * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks()) -

264 * -

265 */ -

266 void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, -

267 unsigned char *out, size_t outlen) -

268 { -

269 OPENSSL_secure_clear_free(out, outlen); -

270

}

executed 781 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

781

271 -

272 /* -

273 * Generate additional data that can be used for the drbg. The data does -

274 * not need to contain entropy, but it's useful if it contains at least -

275 * some bits that are unpredictable. -

276 * -

277 * Returns 0 on failure. -

278 * -

279 * On success it allocates a buffer at |*pout| and returns the length of -

280 * the data. The buffer should get freed using OPENSSL_secure_clear_free(). -

281 */ -

282 size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len) -

283 { -

284 size_t ret = 0; -

285 RAND_POOL *pool; -

286 -

287 pool = rand_pool_new(0, 0, max_len); -

288

if (pool == NULL)

pool == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1047778 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1047778

289

return 0;

never executed: return 0;

290 -

291

if (rand_pool_add_additional_data(pool) == 0)

rand_pool_add_...ata(pool) == 0	Description
TRUE	never evaluated
FALSE	evaluated 1050211 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1050211

292

goto err;

never executed: goto err;

293 -

294 ret = rand_pool_length(pool); -

295 *pout = rand_pool_detach(pool); -

296 -

297

err:

code before this statement executed 1048880 times by 2 tests: err:

Executed by:

libcrypto.so.1.1
sm2_internal_test

1048880

298 rand_pool_free(pool); -

299 -

300

return ret;

executed 1042930 times by 2 tests: return ret;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1042930

301 } -

302 -

303 void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen) -

304 { -

305 OPENSSL_secure_clear_free(out, outlen); -

306

}

never executed: end of block

307 -

308 void rand_fork(void) -

309 { -

310 rand_fork_count++; -

311

}

never executed: end of block

312 -

313

DEFINE_RUN_ONCE_STATIC(do_rand_init)

executed 2076 times by 12 tests: end of block

Executed by:

asn1_internal_test
chacha_internal_test
ctype_internal_test
curve448_internal_test
libcrypto.so.1.1
modes_internal_test
poly1305_internal_test
rdrand_sanitytest
siphash_internal_test
sm2_internal_test
sm4_internal_test
x509_internal_test

2076

314 { -

315 #ifndef OPENSSL_NO_ENGINE -

316 rand_engine_lock = CRYPTO_THREAD_lock_new(); -

317

if (rand_engine_lock == NULL)

rand_engine_lo...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2076 times by 12 tests Evaluated by: asn1_internal_test chacha_internal_test ctype_internal_test curve448_internal_test libcrypto.so.1.1 modes_internal_test poly1305_internal_test rdrand_sanitytest siphash_internal_test sm2_internal_test sm4_internal_test x509_internal_test

0-2076

318

return 0;

never executed: return 0;

319 #endif -

320 -

321 rand_meth_lock = CRYPTO_THREAD_lock_new(); -

322

if (rand_meth_lock == NULL)

rand_meth_lock == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2076 times by 12 tests Evaluated by: asn1_internal_test chacha_internal_test ctype_internal_test curve448_internal_test libcrypto.so.1.1 modes_internal_test poly1305_internal_test rdrand_sanitytest siphash_internal_test sm2_internal_test sm4_internal_test x509_internal_test

0-2076

323

goto err1;

never executed: goto err1;

324 -

325 rand_nonce_lock = CRYPTO_THREAD_lock_new(); -

326

if (rand_nonce_lock == NULL)

rand_nonce_lock == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 2076 times by 12 tests Evaluated by: asn1_internal_test chacha_internal_test ctype_internal_test curve448_internal_test libcrypto.so.1.1 modes_internal_test poly1305_internal_test rdrand_sanitytest siphash_internal_test sm2_internal_test sm4_internal_test x509_internal_test

0-2076

327

goto err2;

never executed: goto err2;

328 -

329

if (!rand_cleaning_up && !rand_pool_init())

!rand_cleaning_up	Description
TRUE	evaluated 1150 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 926 times by 11 tests Evaluated by: asn1_internal_test chacha_internal_test ctype_internal_test curve448_internal_test libcrypto.so.1.1 modes_internal_test poly1305_internal_test rdrand_sanitytest siphash_internal_test sm4_internal_test x509_internal_test

!rand_pool_init()	Description
TRUE	never evaluated
FALSE	evaluated 1150 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1150

330

goto err3;

never executed: goto err3;

331 -

332

return 1;

executed 2076 times by 12 tests: return 1;

Executed by:

asn1_internal_test
chacha_internal_test
ctype_internal_test
curve448_internal_test
libcrypto.so.1.1
modes_internal_test
poly1305_internal_test
rdrand_sanitytest
siphash_internal_test
sm2_internal_test
sm4_internal_test
x509_internal_test

2076

333 -

334 err3: -

335 rand_pool_cleanup(); -

336

err2:

code before this statement never executed: err2:

337 CRYPTO_THREAD_lock_free(rand_meth_lock); -

338 rand_meth_lock = NULL; -

339

err1:

code before this statement never executed: err1:

340 #ifndef OPENSSL_NO_ENGINE -

341 CRYPTO_THREAD_lock_free(rand_engine_lock); -

342 rand_engine_lock = NULL; -

343 #endif -

344

return 0;

never executed: return 0;

345 } -

346 -

347 void rand_cleanup_int(void) -

348 { -

349 const RAND_METHOD *meth = default_RAND_meth; -

350 -

351 rand_cleaning_up = 1; -

352 -

353

if (meth != NULL && meth->cleanup != NULL)

meth != ((void *)0)	Description
TRUE	evaluated 1150 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 926 times by 11 tests Evaluated by: asn1_internal_test chacha_internal_test ctype_internal_test curve448_internal_test libcrypto.so.1.1 modes_internal_test poly1305_internal_test rdrand_sanitytest siphash_internal_test sm4_internal_test x509_internal_test

meth->cleanup != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1150 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1150

354

meth->cleanup();

never executed: meth->cleanup();

355 RAND_set_rand_method(NULL); -

356 rand_pool_cleanup(); -

357 #ifndef OPENSSL_NO_ENGINE -

358 CRYPTO_THREAD_lock_free(rand_engine_lock); -

359 rand_engine_lock = NULL; -

360 #endif -

361 CRYPTO_THREAD_lock_free(rand_meth_lock); -

362 rand_meth_lock = NULL; -

363 CRYPTO_THREAD_lock_free(rand_nonce_lock); -

364 rand_nonce_lock = NULL; -

365

}

executed 2076 times by 12 tests: end of block

Executed by:

asn1_internal_test
chacha_internal_test
ctype_internal_test
curve448_internal_test
libcrypto.so.1.1
modes_internal_test
poly1305_internal_test
rdrand_sanitytest
siphash_internal_test
sm2_internal_test
sm4_internal_test
x509_internal_test

2076

366 -

367 /* -

368 * RAND_close_seed_files() ensures that any seed file decriptors are -

369 * closed after use. -

370 */ -

371 void RAND_keep_random_devices_open(int keep) -

372 { -

373 rand_pool_keep_random_devices_open(keep); -

374

}

never executed: end of block

375 -

376 /* -

377 * RAND_poll() reseeds the default RNG using random input -

378 * -

379 * The random input is obtained from polling various entropy -

380 * sources which depend on the operating system and are -

381 * configurable via the --with-rand-seed configure option. -

382 */ -

383 int RAND_poll(void) -

384 { -

385 int ret = 0; -

386 -

387 RAND_POOL *pool = NULL; -

388 -

389 const RAND_METHOD *meth = RAND_get_rand_method(); -

390 -

391

if (meth == RAND_OpenSSL()) {

meth == RAND_OpenSSL()	Description
TRUE	never evaluated
FALSE	never evaluated

392 /* fill random pool and seed the master DRBG */ -

393 RAND_DRBG *drbg = RAND_DRBG_get0_master(); -

394 -

395

if (drbg == NULL)

drbg == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

396

return 0;

never executed: return 0;

397 -

398 rand_drbg_lock(drbg); -

399 ret = rand_drbg_restart(drbg, NULL, 0, 0); -

400 rand_drbg_unlock(drbg); -

401 -

402

return ret;

never executed: return ret;

403 -

404 } else { -

405 /* fill random pool and seed the current legacy RNG */ -

406 pool = rand_pool_new(RAND_DRBG_STRENGTH, -

407 RAND_DRBG_STRENGTH / 8, -

408 DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8)); -

409

if (pool == NULL)

pool == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

410

return 0;

never executed: return 0;

411 -

412

if (rand_pool_acquire_entropy(pool) == 0)

rand_pool_acqu...opy(pool) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

413

goto err;

never executed: goto err;

414 -

415

if (meth->add == NULL

meth->add == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

416

|| meth->add(rand_pool_buffer(pool),

meth->add(rand...) / 8.0)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

417

rand_pool_length(pool),

meth->add(rand...) / 8.0)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

418

(rand_pool_entropy(pool) / 8.0)) == 0)

meth->add(rand...) / 8.0)) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

419

goto err;

never executed: goto err;

420 -

421 ret = 1; -

422

}

never executed: end of block

423 -

424

err:

code before this statement never executed: err:

425 rand_pool_free(pool); -

426

return ret;

never executed: return ret;

427 } -

428 -

429 /* -

430 * Allocate memory and initialize a new random pool -

431 */ -

432 -

433 RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len) -

434 { -

435 RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); -

436 -

437

if (pool == NULL) {

pool == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1061406 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1061406

438 RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); -

439

goto err;

never executed: goto err;

440 } -

441 -

442 pool->min_len = min_len; -

443 pool->max_len = max_len; -

444 -

445 pool->buffer = OPENSSL_secure_zalloc(pool->max_len); -

446

if (pool->buffer == NULL) {

pool->buffer == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1054013 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1054013

447 RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); -

448

goto err;

never executed: goto err;

449 } -

450 -

451 pool->requested_entropy = entropy; -

452 -

453

return pool;

executed 1052595 times by 2 tests: return pool;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1052595

454 -

455 err: -

456 OPENSSL_free(pool); -

457

return NULL;

never executed: return ((void *)0) ;

458 } -

459 -

460 /* -

461 * Free |pool|, securely erasing its buffer. -

462 */ -

463 void rand_pool_free(RAND_POOL *pool) -

464 { -

465

if (pool == NULL)

pool == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 1051506 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1051506

466

return;

never executed: return;

467 -

468 OPENSSL_secure_clear_free(pool->buffer, pool->max_len); -

469 OPENSSL_free(pool); -

470

}

executed 1046152 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1046152

471 -

472 /* -

473 * Return the |pool|'s buffer to the caller (readonly). -

474 */ -

475 const unsigned char *rand_pool_buffer(RAND_POOL *pool) -

476 { -

477

return pool->buffer;

executed 19 times by 1 test: return pool->buffer;

Executed by:

libcrypto.so.1.1

478 } -

479 -

480 /* -

481 * Return the |pool|'s entropy to the caller. -

482 */ -

483 size_t rand_pool_entropy(RAND_POOL *pool) -

484 { -

485

return pool->entropy;

executed 19 times by 1 test: return pool->entropy;

Executed by:

libcrypto.so.1.1

486 } -

487 -

488 /* -

489 * Return the |pool|'s buffer length to the caller. -

490 */ -

491 size_t rand_pool_length(RAND_POOL *pool) -

492 { -

493

return pool->len;

executed 1052292 times by 2 tests: return pool->len;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1052292

494 } -

495 -

496 /* -

497 * Detach the |pool| buffer and return it to the caller. -

498 * It's the responsibility of the caller to free the buffer -

499 * using OPENSSL_secure_clear_free(). -

500 */ -

501 unsigned char *rand_pool_detach(RAND_POOL *pool) -

502 { -

503 unsigned char *ret = pool->buffer; -

504 pool->buffer = NULL; -

505

return ret;

executed 1063882 times by 2 tests: return ret;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1063882

506 } -

507 -

508 -

509 /* -

510 * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one -

511 * need to obtain at least |bits| bits of entropy? -

512 */ -

513 #define ENTROPY_TO_BYTES(bits, entropy_factor) \ -

514 (((bits) * (entropy_factor) + 7) / 8) -

515 -

516 -

517 /* -

518 * Checks whether the |pool|'s entropy is available to the caller. -

519 * This is the case when entropy count and buffer length are high enough. -

520 * Returns -

521 * -

522 * |entropy| if the entropy count and buffer size is large enough -

523 * 0 otherwise -

524 */ -

525 size_t rand_pool_entropy_available(RAND_POOL *pool) -

526 { -

527

if (pool->entropy < pool->requested_entropy)

pool->entropy ...uested_entropy	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1854 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

2-1854

528

return 0;

executed 2 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

529 -

530

if (pool->len < pool->min_len)

pool->len < pool->min_len	Description
TRUE	never evaluated
FALSE	evaluated 1854 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1854

531

return 0;

never executed: return 0;

532 -

533

return pool->entropy;

executed 1854 times by 2 tests: return pool->entropy;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1854

534 } -

535 -

536 /* -

537 * Returns the (remaining) amount of entropy needed to fill -

538 * the random pool. -

539 */ -

540 -

541 size_t rand_pool_entropy_needed(RAND_POOL *pool) -

542 { -

543

if (pool->entropy < pool->requested_entropy)

pool->entropy ...uested_entropy	Description
TRUE	evaluated 1837 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 19 times by 1 test Evaluated by: libcrypto.so.1.1

19-1837

544

return pool->requested_entropy - pool->entropy;

executed 1837 times by 2 tests: return pool->requested_entropy - pool->entropy;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1837

545 -

546

return 0;

executed 19 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

547 } -

548 -

549 /* -

550 * Returns the number of bytes needed to fill the pool, assuming -

551 * the input has 1 / |entropy_factor| entropy bits per data bit. -

552 * In case of an error, 0 is returned. -

553 */ -

554 -

555 size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor) -

556 { -

557 size_t bytes_needed; -

558 size_t entropy_needed = rand_pool_entropy_needed(pool); -

559 -

560

if (entropy_factor < 1) {

entropy_factor < 1	Description
TRUE	never evaluated
FALSE	evaluated 1856 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1856

561 RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE); -

562

return 0;

never executed: return 0;

563 } -

564 -

565 bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor); -

566 -

567

if (bytes_needed > pool->max_len - pool->len) {

bytes_needed >...en - pool->len	Description
TRUE	never evaluated
FALSE	evaluated 1856 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1856

568 /* not enough space left */ -

569 RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW); -

570

return 0;

never executed: return 0;

571 } -

572 -

573

if (pool->len < pool->min_len &&

pool->len < pool->min_len	Description
TRUE	evaluated 1837 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 19 times by 1 test Evaluated by: libcrypto.so.1.1

19-1837

574

bytes_needed < pool->min_len - pool->len)

bytes_needed <...en - pool->len	Description
TRUE	never evaluated
FALSE	evaluated 1837 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1837

575 /* to meet the min_len requirement */ -

576

bytes_needed = pool->min_len - pool->len;

never executed: bytes_needed = pool->min_len - pool->len;

577 -

578

return bytes_needed;

executed 1856 times by 2 tests: return bytes_needed;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1856

579 } -

580 -

581 /* Returns the remaining number of bytes available */ -

582 size_t rand_pool_bytes_remaining(RAND_POOL *pool) -

583 { -

584

return pool->max_len - pool->len;

never executed: return pool->max_len - pool->len;

585 } -

586 -

587 /* -

588 * Add random bytes to the random pool. -

589 * -

590 * It is expected that the |buffer| contains |len| bytes of -

591 * random input which contains at least |entropy| bits of -

592 * randomness. -

593 * -

594 * Returns 1 if the added amount is adequate, otherwise 0 -

595 */ -

596 int rand_pool_add(RAND_POOL *pool, -

597 const unsigned char *buffer, size_t len, size_t entropy) -

598 { -

599

if (len > pool->max_len - pool->len) {

len > pool->ma...en - pool->len	Description
TRUE	never evaluated
FALSE	evaluated 1049181 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1049181

600 RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG); -

601

return 0;

never executed: return 0;

602 } -

603 -

604

if (len > 0) {

len > 0	Description
TRUE	evaluated 1055166 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	never evaluated

0-1055166

605 memcpy(pool->buffer + pool->len, buffer, len); -

606 pool->len += len; -

607 pool->entropy += entropy; -

608

}

executed 1053685 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1053685

609 -

610

return 1;

executed 1056282 times by 2 tests: return 1;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1056282

611 } -

612 -

613 /* -

614 * Start to add random bytes to the random pool in-place. -

615 * -

616 * Reserves the next |len| bytes for adding random bytes in-place -

617 * and returns a pointer to the buffer. -

618 * The caller is allowed to copy up to |len| bytes into the buffer. -

619 * If |len| == 0 this is considered a no-op and a NULL pointer -

620 * is returned without producing an error message. -

621 * -

622 * After updating the buffer, rand_pool_add_end() needs to be called -

623 * to finish the udpate operation (see next comment). -

624 */ -

625 unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) -

626 { -

627

if (len == 0)

len == 0	Description
TRUE	never evaluated
FALSE	evaluated 1837 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1837

628

return NULL;

never executed: return ((void *)0) ;

629 -

630

if (len > pool->max_len - pool->len) {

len > pool->ma...en - pool->len	Description
TRUE	never evaluated
FALSE	evaluated 1837 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1837

631 RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW); -

632

return NULL;

never executed: return ((void *)0) ;

633 } -

634 -

635

return pool->buffer + pool->len;

executed 1837 times by 2 tests: return pool->buffer + pool->len;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1837

636 } -

637 -

638 /* -

639 * Finish to add random bytes to the random pool in-place. -

640 * -

641 * Finishes an in-place update of the random pool started by -

642 * rand_pool_add_begin() (see previous comment). -

643 * It is expected that |len| bytes of random input have been added -

644 * to the buffer which contain at least |entropy| bits of randomness. -

645 * It is allowed to add less bytes than originally reserved. -

646 */ -

647 int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) -

648 { -

649

if (len > pool->max_len - pool->len) {

len > pool->ma...en - pool->len	Description
TRUE	never evaluated
FALSE	evaluated 1837 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1837

650 RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); -

651

return 0;

never executed: return 0;

652 } -

653 -

654

if (len > 0) {

len > 0	Description
TRUE	evaluated 1835 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1

2-1835

655 pool->len += len; -

656 pool->entropy += entropy; -

657

}

executed 1835 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1835

658 -

659

return 1;

executed 1837 times by 2 tests: return 1;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1837

660 } -

661 -

662 int RAND_set_rand_method(const RAND_METHOD *meth) -

663 { -

664

if (!RUN_ONCE(&rand_init, do_rand_init))

!(CRYPTO_THREA...ossl_ret_ : 0)	Description
TRUE	never evaluated
FALSE	evaluated 2088 times by 12 tests Evaluated by: asn1_internal_test chacha_internal_test ctype_internal_test curve448_internal_test libcrypto.so.1.1 modes_internal_test poly1305_internal_test rdrand_sanitytest siphash_internal_test sm2_internal_test sm4_internal_test x509_internal_test

CRYPTO_THREAD_...nd_init_ossl_)	Description
TRUE	evaluated 2088 times by 12 tests Evaluated by: asn1_internal_test chacha_internal_test ctype_internal_test curve448_internal_test libcrypto.so.1.1 modes_internal_test poly1305_internal_test rdrand_sanitytest siphash_internal_test sm2_internal_test sm4_internal_test x509_internal_test
FALSE	never evaluated

0-2088

665

return 0;

never executed: return 0;

666 -

667 CRYPTO_THREAD_write_lock(rand_meth_lock); -

668 #ifndef OPENSSL_NO_ENGINE -

669 ENGINE_finish(funct_ref); -

670 funct_ref = NULL; -

671 #endif -

672 default_RAND_meth = meth; -

673 CRYPTO_THREAD_unlock(rand_meth_lock); -

674

return 1;

executed 2088 times by 12 tests: return 1;

Executed by:

asn1_internal_test
chacha_internal_test
ctype_internal_test
curve448_internal_test
libcrypto.so.1.1
modes_internal_test
poly1305_internal_test
rdrand_sanitytest
siphash_internal_test
sm2_internal_test
sm4_internal_test
x509_internal_test

2088

675 } -

676 -

677 const RAND_METHOD *RAND_get_rand_method(void) -

678 { -

679 const RAND_METHOD *tmp_meth = NULL; -

680 -

681

if (!RUN_ONCE(&rand_init, do_rand_init))

!(CRYPTO_THREA...ossl_ret_ : 0)	Description
TRUE	never evaluated
FALSE	evaluated 1198387 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

CRYPTO_THREAD_...nd_init_ossl_)	Description
TRUE	evaluated 1199521 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	never evaluated

0-1199521

682

return NULL;

never executed: return ((void *)0) ;

683 -

684 CRYPTO_THREAD_write_lock(rand_meth_lock); -

685

if (default_RAND_meth == NULL) {

default_RAND_m...== ((void *)0)	Description
TRUE	evaluated 1146 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 1212204 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

1146-1212204

686 #ifndef OPENSSL_NO_ENGINE -

687 ENGINE *e; -

688 -

689 /* If we have an engine that can do RAND, use it. */ -

690

if ((e = ENGINE_get_default_RAND()) != NULL

(e = ENGINE_ge...!= ((void *)0)	Description
TRUE	evaluated 367 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 779 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

367-779

691

&& (tmp_meth = ENGINE_get_RAND(e)) != NULL) {

(tmp_meth = EN...!= ((void *)0)	Description
TRUE	evaluated 367 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-367

692 funct_ref = e; -

693 default_RAND_meth = tmp_meth; -

694

} else {

executed 367 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

367

695 ENGINE_finish(e); -

696 default_RAND_meth = &rand_meth; -

697

}

executed 779 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

779

698 #else -

699 default_RAND_meth = &rand_meth; -

700 #endif -

701 } -

702 tmp_meth = default_RAND_meth; -

703 CRYPTO_THREAD_unlock(rand_meth_lock); -

704

return tmp_meth;

executed 1212036 times by 2 tests: return tmp_meth;

Executed by:

libcrypto.so.1.1
sm2_internal_test

1212036

705 } -

706 -

707 #ifndef OPENSSL_NO_ENGINE -

708 int RAND_set_rand_engine(ENGINE *engine) -

709 { -

710 const RAND_METHOD *tmp_meth = NULL; -

711 -

712

if (!RUN_ONCE(&rand_init, do_rand_init))

!(CRYPTO_THREA...ossl_ret_ : 0)	Description
TRUE	never evaluated
FALSE	never evaluated

CRYPTO_THREAD_...nd_init_ossl_)	Description
TRUE	never evaluated
FALSE	never evaluated

713

return 0;

never executed: return 0;

714 -

715

if (engine != NULL) {

engine != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

716

if (!ENGINE_init(engine))

!ENGINE_init(engine)	Description
TRUE	never evaluated
FALSE	never evaluated

717

return 0;

never executed: return 0;

718 tmp_meth = ENGINE_get_RAND(engine); -

719

if (tmp_meth == NULL) {

tmp_meth == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

720 ENGINE_finish(engine); -

721

return 0;

never executed: return 0;

722 } -

723

}

never executed: end of block

724 CRYPTO_THREAD_write_lock(rand_engine_lock); -

725 /* This function releases any prior ENGINE so call it first */ -

726 RAND_set_rand_method(tmp_meth); -

727 funct_ref = engine; -

728 CRYPTO_THREAD_unlock(rand_engine_lock); -

729

return 1;

never executed: return 1;

730 } -

731 #endif -

732 -

733 void RAND_seed(const void *buf, int num) -

734 { -

735 const RAND_METHOD *meth = RAND_get_rand_method(); -

736 -

737

if (meth->seed != NULL)

meth->seed != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

738

meth->seed(buf, num);

never executed: meth->seed(buf, num);

739

}

never executed: end of block

740 -

741 void RAND_add(const void *buf, int num, double randomness) -

742 { -

743 const RAND_METHOD *meth = RAND_get_rand_method(); -

744 -

745

if (meth->add != NULL)

meth->add != ((void *)0)	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-21

746

meth->add(buf, num, randomness);

executed 21 times by 1 test: meth->add(buf, num, randomness);

Executed by:

libcrypto.so.1.1

747

}

executed 21 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

748 -

749 /* -

750 * This function is not part of RAND_METHOD, so if we're not using -

751 * the default method, then just call RAND_bytes(). Otherwise make -

752 * sure we're instantiated and use the private DRBG. -

753 */ -

754 int RAND_priv_bytes(unsigned char *buf, int num) -

755 { -

756 const RAND_METHOD *meth = RAND_get_rand_method(); -

757 RAND_DRBG *drbg; -

758 int ret; -

759 -

760

if (meth != RAND_OpenSSL())

meth != RAND_OpenSSL()	Description
TRUE	evaluated 67542 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 498426 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

67542-498426