Absolute File Name: | /home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/rand/drbg_lib.c |
Source code | Switch to Preprocessed file |
Line | Source | Count | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | /* | - | ||||||||||||
2 | * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. | - | ||||||||||||
3 | * | - | ||||||||||||
4 | * Licensed under the OpenSSL license (the "License"). You may not use | - | ||||||||||||
5 | * this file except in compliance with the License. You can obtain a copy | - | ||||||||||||
6 | * in the file LICENSE in the source distribution or at | - | ||||||||||||
7 | * https://www.openssl.org/source/license.html | - | ||||||||||||
8 | */ | - | ||||||||||||
9 | - | |||||||||||||
10 | #include <string.h> | - | ||||||||||||
11 | #include <openssl/crypto.h> | - | ||||||||||||
12 | #include <openssl/err.h> | - | ||||||||||||
13 | #include <openssl/rand.h> | - | ||||||||||||
14 | #include "rand_lcl.h" | - | ||||||||||||
15 | #include "internal/thread_once.h" | - | ||||||||||||
16 | #include "internal/rand_int.h" | - | ||||||||||||
17 | #include "internal/cryptlib_int.h" | - | ||||||||||||
18 | - | |||||||||||||
19 | /* | - | ||||||||||||
20 | * Support framework for NIST SP 800-90A DRBG | - | ||||||||||||
21 | * | - | ||||||||||||
22 | * See manual page RAND_DRBG(7) for a general overview. | - | ||||||||||||
23 | * | - | ||||||||||||
24 | * The OpenSSL model is to have new and free functions, and that new | - | ||||||||||||
25 | * does all initialization. That is not the NIST model, which has | - | ||||||||||||
26 | * instantiation and un-instantiate, and re-use within a new/free | - | ||||||||||||
27 | * lifecycle. (No doubt this comes from the desire to support hardware | - | ||||||||||||
28 | * DRBG, where allocation of resources on something like an HSM is | - | ||||||||||||
29 | * a much bigger deal than just re-setting an allocated resource.) | - | ||||||||||||
30 | */ | - | ||||||||||||
31 | - | |||||||||||||
32 | /* | - | ||||||||||||
33 | * The three shared DRBG instances | - | ||||||||||||
34 | * | - | ||||||||||||
35 | * There are three shared DRBG instances: <master>, <public>, and <private>. | - | ||||||||||||
36 | */ | - | ||||||||||||
37 | - | |||||||||||||
38 | /* | - | ||||||||||||
39 | * The <master> DRBG | - | ||||||||||||
40 | * | - | ||||||||||||
41 | * Not used directly by the application, only for reseeding the two other | - | ||||||||||||
42 | * DRBGs. It reseeds itself by pulling either randomness from os entropy | - | ||||||||||||
43 | * sources or by consuming randomness which was added by RAND_add(). | - | ||||||||||||
44 | * | - | ||||||||||||
45 | * The <master> DRBG is a global instance which is accessed concurrently by | - | ||||||||||||
46 | * all threads. The necessary locking is managed automatically by its child | - | ||||||||||||
47 | * DRBG instances during reseeding. | - | ||||||||||||
48 | */ | - | ||||||||||||
49 | static RAND_DRBG *master_drbg; | - | ||||||||||||
50 | /* | - | ||||||||||||
51 | * The <public> DRBG | - | ||||||||||||
52 | * | - | ||||||||||||
53 | * Used by default for generating random bytes using RAND_bytes(). | - | ||||||||||||
54 | * | - | ||||||||||||
55 | * The <public> DRBG is thread-local, i.e., there is one instance per thread. | - | ||||||||||||
56 | */ | - | ||||||||||||
57 | static CRYPTO_THREAD_LOCAL public_drbg; | - | ||||||||||||
58 | /* | - | ||||||||||||
59 | * The <private> DRBG | - | ||||||||||||
60 | * | - | ||||||||||||
61 | * Used by default for generating private keys using RAND_priv_bytes() | - | ||||||||||||
62 | * | - | ||||||||||||
63 | * The <private> DRBG is thread-local, i.e., there is one instance per thread. | - | ||||||||||||
64 | */ | - | ||||||||||||
65 | static CRYPTO_THREAD_LOCAL private_drbg; | - | ||||||||||||
66 | - | |||||||||||||
67 | - | |||||||||||||
68 | - | |||||||||||||
69 | /* NIST SP 800-90A DRBG recommends the use of a personalization string. */ | - | ||||||||||||
70 | static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG"; | - | ||||||||||||
71 | - | |||||||||||||
72 | static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT; | - | ||||||||||||
73 | - | |||||||||||||
74 | - | |||||||||||||
75 | - | |||||||||||||
76 | static int rand_drbg_type = RAND_DRBG_TYPE; | - | ||||||||||||
77 | static unsigned int rand_drbg_flags = RAND_DRBG_FLAGS; | - | ||||||||||||
78 | - | |||||||||||||
79 | static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL; | - | ||||||||||||
80 | static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL; | - | ||||||||||||
81 | - | |||||||||||||
82 | static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL; | - | ||||||||||||
83 | static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL; | - | ||||||||||||
84 | - | |||||||||||||
85 | /* A logical OR of all used DRBG flag bits (currently there is only one) */ | - | ||||||||||||
86 | static const unsigned int rand_drbg_used_flags = | - | ||||||||||||
87 | RAND_DRBG_FLAG_CTR_NO_DF; | - | ||||||||||||
88 | - | |||||||||||||
89 | static RAND_DRBG *drbg_setup(RAND_DRBG *parent); | - | ||||||||||||
90 | - | |||||||||||||
91 | static RAND_DRBG *rand_drbg_new(int secure, | - | ||||||||||||
92 | int type, | - | ||||||||||||
93 | unsigned int flags, | - | ||||||||||||
94 | RAND_DRBG *parent); | - | ||||||||||||
95 | - | |||||||||||||
96 | /* | - | ||||||||||||
97 | * Set/initialize |drbg| to be of type |type|, with optional |flags|. | - | ||||||||||||
98 | * | - | ||||||||||||
99 | * If |type| and |flags| are zero, use the defaults | - | ||||||||||||
100 | * | - | ||||||||||||
101 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
102 | */ | - | ||||||||||||
103 | int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags) | - | ||||||||||||
104 | { | - | ||||||||||||
105 | int ret = 1; | - | ||||||||||||
106 | - | |||||||||||||
107 | if (type == 0 && flags == 0) {
| 0-14791 | ||||||||||||
108 | type = rand_drbg_type; | - | ||||||||||||
109 | flags = rand_drbg_flags; | - | ||||||||||||
110 | } executed 6 times by 1 test: end of block Executed by:
| 6 | ||||||||||||
111 | - | |||||||||||||
112 | drbg->state = DRBG_UNINITIALISED; | - | ||||||||||||
113 | drbg->flags = flags; | - | ||||||||||||
114 | drbg->type = type; | - | ||||||||||||
115 | - | |||||||||||||
116 | switch (type) { | - | ||||||||||||
117 | default: never executed: default: | 0 | ||||||||||||
118 | RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE); | - | ||||||||||||
119 | return 0; never executed: return 0; | 0 | ||||||||||||
120 | case 0: never executed: case 0: | 0 | ||||||||||||
121 | /* Uninitialized; that's okay. */ | - | ||||||||||||
122 | return 1; never executed: return 1; | 0 | ||||||||||||
123 | case NID_aes_128_ctr: executed 4332 times by 1 test: case 904: Executed by:
| 4332 | ||||||||||||
124 | case NID_aes_192_ctr: executed 4332 times by 1 test: case 905: Executed by:
| 4332 | ||||||||||||
125 | case NID_aes_256_ctr: executed 6133 times by 2 tests: case 906: Executed by:
| 6133 | ||||||||||||
126 | ret = drbg_ctr_init(drbg); | - | ||||||||||||
127 | break; executed 14797 times by 2 tests: break; Executed by:
| 14797 | ||||||||||||
128 | } | - | ||||||||||||
129 | - | |||||||||||||
130 | if (ret == 0)
| 0-14797 | ||||||||||||
131 | RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG); never executed: ERR_put_error(36,(104),(107),__FILE__,131); | 0 | ||||||||||||
132 | return ret; executed 14797 times by 2 tests: return ret; Executed by:
| 14797 | ||||||||||||
133 | } | - | ||||||||||||
134 | - | |||||||||||||
135 | /* | - | ||||||||||||
136 | * Set/initialize default |type| and |flag| for new drbg instances. | - | ||||||||||||
137 | * | - | ||||||||||||
138 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
139 | */ | - | ||||||||||||
140 | int RAND_DRBG_set_defaults(int type, unsigned int flags) | - | ||||||||||||
141 | { | - | ||||||||||||
142 | int ret = 1; | - | ||||||||||||
143 | - | |||||||||||||
144 | switch (type) { | - | ||||||||||||
145 | default: never executed: default: | 0 | ||||||||||||
146 | RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_TYPE); | - | ||||||||||||
147 | return 0; never executed: return 0; | 0 | ||||||||||||
148 | case NID_aes_128_ctr: never executed: case 904: | 0 | ||||||||||||
149 | case NID_aes_192_ctr: never executed: case 905: | 0 | ||||||||||||
150 | case NID_aes_256_ctr: never executed: case 906: | 0 | ||||||||||||
151 | break; never executed: break; | 0 | ||||||||||||
152 | } | - | ||||||||||||
153 | - | |||||||||||||
154 | if ((flags & ~rand_drbg_used_flags) != 0) {
| 0 | ||||||||||||
155 | RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS); | - | ||||||||||||
156 | return 0; never executed: return 0; | 0 | ||||||||||||
157 | } | - | ||||||||||||
158 | - | |||||||||||||
159 | rand_drbg_type = type; | - | ||||||||||||
160 | rand_drbg_flags = flags; | - | ||||||||||||
161 | - | |||||||||||||
162 | return ret; never executed: return ret; | 0 | ||||||||||||
163 | } | - | ||||||||||||
164 | - | |||||||||||||
165 | - | |||||||||||||
166 | /* | - | ||||||||||||
167 | * Allocate memory and initialize a new DRBG. The DRBG is allocated on | - | ||||||||||||
168 | * the secure heap if |secure| is nonzero and the secure heap is enabled. | - | ||||||||||||
169 | * The |parent|, if not NULL, will be used as random source for reseeding. | - | ||||||||||||
170 | * | - | ||||||||||||
171 | * Returns a pointer to the new DRBG instance on success, NULL on failure. | - | ||||||||||||
172 | */ | - | ||||||||||||
173 | static RAND_DRBG *rand_drbg_new(int secure, | - | ||||||||||||
174 | int type, | - | ||||||||||||
175 | unsigned int flags, | - | ||||||||||||
176 | RAND_DRBG *parent) | - | ||||||||||||
177 | { | - | ||||||||||||
178 | RAND_DRBG *drbg = secure ?
| 1787-4332 | ||||||||||||
179 | OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg)); | - | ||||||||||||
180 | - | |||||||||||||
181 | if (drbg == NULL) {
| 0-6119 | ||||||||||||
182 | RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE); | - | ||||||||||||
183 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
184 | } | - | ||||||||||||
185 | - | |||||||||||||
186 | drbg->secure = secure && CRYPTO_secure_allocated(drbg);
| 0-4332 | ||||||||||||
187 | drbg->fork_count = rand_fork_count; | - | ||||||||||||
188 | drbg->parent = parent; | - | ||||||||||||
189 | - | |||||||||||||
190 | if (parent == NULL) {
| 1008-5111 | ||||||||||||
191 | drbg->get_entropy = rand_drbg_get_entropy; | - | ||||||||||||
192 | drbg->cleanup_entropy = rand_drbg_cleanup_entropy; | - | ||||||||||||
193 | #ifndef RAND_DRBG_GET_RANDOM_NONCE | - | ||||||||||||
194 | drbg->get_nonce = rand_drbg_get_nonce; | - | ||||||||||||
195 | drbg->cleanup_nonce = rand_drbg_cleanup_nonce; | - | ||||||||||||
196 | #endif | - | ||||||||||||
197 | - | |||||||||||||
198 | drbg->reseed_interval = master_reseed_interval; | - | ||||||||||||
199 | drbg->reseed_time_interval = master_reseed_time_interval; | - | ||||||||||||
200 | } else { executed 5111 times by 2 tests: end of block Executed by:
| 5111 | ||||||||||||
201 | drbg->get_entropy = rand_drbg_get_entropy; | - | ||||||||||||
202 | drbg->cleanup_entropy = rand_drbg_cleanup_entropy; | - | ||||||||||||
203 | /* | - | ||||||||||||
204 | * Do not provide nonce callbacks, the child DRBGs will | - | ||||||||||||
205 | * obtain their nonce using random bits from the parent. | - | ||||||||||||
206 | */ | - | ||||||||||||
207 | - | |||||||||||||
208 | drbg->reseed_interval = slave_reseed_interval; | - | ||||||||||||
209 | drbg->reseed_time_interval = slave_reseed_time_interval; | - | ||||||||||||
210 | } executed 1008 times by 2 tests: end of block Executed by:
| 1008 | ||||||||||||
211 | - | |||||||||||||
212 | if (RAND_DRBG_set(drbg, type, flags) == 0)
| 0-6119 | ||||||||||||
213 | goto err; never executed: goto err; | 0 | ||||||||||||
214 | - | |||||||||||||
215 | if (parent != NULL) {
| 1008-5111 | ||||||||||||
216 | rand_drbg_lock(parent); | - | ||||||||||||
217 | if (drbg->strength > parent->strength) {
| 0-1008 | ||||||||||||
218 | /* | - | ||||||||||||
219 | * We currently don't support the algorithm from NIST SP 800-90C | - | ||||||||||||
220 | * 10.1.2 to use a weaker DRBG as source | - | ||||||||||||
221 | */ | - | ||||||||||||
222 | rand_drbg_unlock(parent); | - | ||||||||||||
223 | RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK); | - | ||||||||||||
224 | goto err; never executed: goto err; | 0 | ||||||||||||
225 | } | - | ||||||||||||
226 | rand_drbg_unlock(parent); | - | ||||||||||||
227 | } executed 1008 times by 2 tests: end of block Executed by:
| 1008 | ||||||||||||
228 | - | |||||||||||||
229 | return drbg; executed 6119 times by 2 tests: return drbg; Executed by:
| 6119 | ||||||||||||
230 | - | |||||||||||||
231 | err: | - | ||||||||||||
232 | if (drbg->secure)
| 0 | ||||||||||||
233 | OPENSSL_secure_free(drbg); never executed: CRYPTO_secure_free(drbg, __FILE__, 233); | 0 | ||||||||||||
234 | else | - | ||||||||||||
235 | OPENSSL_free(drbg); never executed: CRYPTO_free(drbg, __FILE__, 235); | 0 | ||||||||||||
236 | - | |||||||||||||
237 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
238 | } | - | ||||||||||||
239 | - | |||||||||||||
240 | RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) | - | ||||||||||||
241 | { | - | ||||||||||||
242 | return rand_drbg_new(0, type, flags, parent); executed 4332 times by 1 test: return rand_drbg_new(0, type, flags, parent); Executed by:
| 4332 | ||||||||||||
243 | } | - | ||||||||||||
244 | - | |||||||||||||
245 | RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent) | - | ||||||||||||
246 | { | - | ||||||||||||
247 | return rand_drbg_new(1, type, flags, parent); executed 1787 times by 2 tests: return rand_drbg_new(1, type, flags, parent); Executed by:
| 1787 | ||||||||||||
248 | } | - | ||||||||||||
249 | - | |||||||||||||
250 | /* | - | ||||||||||||
251 | * Uninstantiate |drbg| and free all memory. | - | ||||||||||||
252 | */ | - | ||||||||||||
253 | void RAND_DRBG_free(RAND_DRBG *drbg) | - | ||||||||||||
254 | { | - | ||||||||||||
255 | if (drbg == NULL)
| 556-6119 | ||||||||||||
256 | return; executed 556 times by 2 tests: return; Executed by:
| 556 | ||||||||||||
257 | - | |||||||||||||
258 | if (drbg->meth != NULL)
| 0-6119 | ||||||||||||
259 | drbg->meth->uninstantiate(drbg); executed 6119 times by 2 tests: drbg->meth->uninstantiate(drbg); Executed by:
| 6119 | ||||||||||||
260 | CRYPTO_THREAD_lock_free(drbg->lock); | - | ||||||||||||
261 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data); | - | ||||||||||||
262 | - | |||||||||||||
263 | if (drbg->secure)
| 0-6119 | ||||||||||||
264 | OPENSSL_secure_clear_free(drbg, sizeof(*drbg)); never executed: CRYPTO_secure_clear_free(drbg, sizeof(*drbg), __FILE__, 264); | 0 | ||||||||||||
265 | else | - | ||||||||||||
266 | OPENSSL_clear_free(drbg, sizeof(*drbg)); executed 6119 times by 2 tests: CRYPTO_clear_free(drbg, sizeof(*drbg), __FILE__, 266); Executed by:
| 6119 | ||||||||||||
267 | } | - | ||||||||||||
268 | - | |||||||||||||
269 | /* | - | ||||||||||||
270 | * Instantiate |drbg|, after it has been initialized. Use |pers| and | - | ||||||||||||
271 | * |perslen| as prediction-resistance input. | - | ||||||||||||
272 | * | - | ||||||||||||
273 | * Requires that drbg->lock is already locked for write, if non-null. | - | ||||||||||||
274 | * | - | ||||||||||||
275 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
276 | */ | - | ||||||||||||
277 | int RAND_DRBG_instantiate(RAND_DRBG *drbg, | - | ||||||||||||
278 | const unsigned char *pers, size_t perslen) | - | ||||||||||||
279 | { | - | ||||||||||||
280 | unsigned char *nonce = NULL, *entropy = NULL; | - | ||||||||||||
281 | size_t noncelen = 0, entropylen = 0; | - | ||||||||||||
282 | size_t min_entropy = drbg->strength; | - | ||||||||||||
283 | size_t min_entropylen = drbg->min_entropylen; | - | ||||||||||||
284 | size_t max_entropylen = drbg->max_entropylen; | - | ||||||||||||
285 | - | |||||||||||||
286 | if (perslen > drbg->max_perslen) {
| 6-6134 | ||||||||||||
287 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, | - | ||||||||||||
288 | RAND_R_PERSONALISATION_STRING_TOO_LONG); | - | ||||||||||||
289 | goto end; executed 6 times by 1 test: goto end; Executed by:
| 6 | ||||||||||||
290 | } | - | ||||||||||||
291 | - | |||||||||||||
292 | if (drbg->meth == NULL) {
| 0-6134 | ||||||||||||
293 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, | - | ||||||||||||
294 | RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED); | - | ||||||||||||
295 | goto end; never executed: goto end; | 0 | ||||||||||||
296 | } | - | ||||||||||||
297 | - | |||||||||||||
298 | if (drbg->state != DRBG_UNINITIALISED) {
| 1-6133 | ||||||||||||
299 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, | - | ||||||||||||
300 | drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE | - | ||||||||||||
301 | : RAND_R_ALREADY_INSTANTIATED); | - | ||||||||||||
302 | goto end; executed 1 time by 1 test: goto end; Executed by:
| 1 | ||||||||||||
303 | } | - | ||||||||||||
304 | - | |||||||||||||
305 | drbg->state = DRBG_ERROR; | - | ||||||||||||
306 | - | |||||||||||||
307 | /* | - | ||||||||||||
308 | * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy | - | ||||||||||||
309 | * and nonce in 1 call by increasing the entropy with 50% and increasing | - | ||||||||||||
310 | * the minimum length to accomadate the length of the nonce. | - | ||||||||||||
311 | * We do this in case a nonce is require and get_nonce is NULL. | - | ||||||||||||
312 | */ | - | ||||||||||||
313 | if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
| 1012-3964 | ||||||||||||
314 | min_entropy += drbg->strength / 2; | - | ||||||||||||
315 | min_entropylen += drbg->min_noncelen; | - | ||||||||||||
316 | max_entropylen += drbg->max_noncelen; | - | ||||||||||||
317 | } executed 1012 times by 2 tests: end of block Executed by:
| 1012 | ||||||||||||
318 | - | |||||||||||||
319 | if (drbg->get_entropy != NULL)
| 0-6133 | ||||||||||||
320 | entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, executed 6133 times by 2 tests: entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, min_entropylen, max_entropylen, 0); Executed by:
| 6133 | ||||||||||||
321 | min_entropylen, max_entropylen, 0); executed 6133 times by 2 tests: entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, min_entropylen, max_entropylen, 0); Executed by:
| 6133 | ||||||||||||
322 | if (entropylen < min_entropylen
| 8-6125 | ||||||||||||
323 | || entropylen > max_entropylen) {
| 0-6125 | ||||||||||||
324 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY); | - | ||||||||||||
325 | goto end; executed 8 times by 1 test: goto end; Executed by:
| 8 | ||||||||||||
326 | } | - | ||||||||||||
327 | - | |||||||||||||
328 | if (drbg->min_noncelen > 0 && drbg->get_nonce != NULL) {
| 1012-3959 | ||||||||||||
329 | noncelen = drbg->get_nonce(drbg, &nonce, drbg->strength / 2, | - | ||||||||||||
330 | drbg->min_noncelen, drbg->max_noncelen); | - | ||||||||||||
331 | if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) {
| 0-2947 | ||||||||||||
332 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_NONCE); | - | ||||||||||||
333 | goto end; never executed: goto end; | 0 | ||||||||||||
334 | } | - | ||||||||||||
335 | } executed 2947 times by 2 tests: end of block Executed by:
| 2947 | ||||||||||||
336 | - | |||||||||||||
337 | if (!drbg->meth->instantiate(drbg, entropy, entropylen,
| 0-6125 | ||||||||||||
338 | nonce, noncelen, pers, perslen)) {
| 0-6125 | ||||||||||||
339 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_INSTANTIATING_DRBG); | - | ||||||||||||
340 | goto end; never executed: goto end; | 0 | ||||||||||||
341 | } | - | ||||||||||||
342 | - | |||||||||||||
343 | drbg->state = DRBG_READY; | - | ||||||||||||
344 | drbg->generate_counter = 0; | - | ||||||||||||
345 | drbg->reseed_time = time(NULL); | - | ||||||||||||
346 | if (drbg->reseed_counter > 0) {
| 1793-4332 | ||||||||||||
347 | if (drbg->parent == NULL)
| 781-1012 | ||||||||||||
348 | drbg->reseed_counter++; executed 781 times by 2 tests: drbg->reseed_counter++; Executed by:
| 781 | ||||||||||||
349 | else | - | ||||||||||||
350 | drbg->reseed_counter = drbg->parent->reseed_counter; executed 1012 times by 2 tests: drbg->reseed_counter = drbg->parent->reseed_counter; Executed by:
| 1012 | ||||||||||||
351 | } | - | ||||||||||||
352 | - | |||||||||||||
353 | end: code before this statement executed 6125 times by 2 tests: end: Executed by:
| 6125 | ||||||||||||
354 | if (entropy != NULL && drbg->cleanup_entropy != NULL)
| 9-6131 | ||||||||||||
355 | drbg->cleanup_entropy(drbg, entropy, entropylen); executed 1793 times by 2 tests: drbg->cleanup_entropy(drbg, entropy, entropylen); Executed by:
| 1793 | ||||||||||||
356 | if (nonce != NULL && drbg->cleanup_nonce!= NULL )
| 781-3193 | ||||||||||||
357 | drbg->cleanup_nonce(drbg, nonce, noncelen); executed 781 times by 2 tests: drbg->cleanup_nonce(drbg, nonce, noncelen); Executed by:
| 781 | ||||||||||||
358 | if (drbg->pool != NULL) {
| 0-6140 | ||||||||||||
359 | if (drbg->state == DRBG_READY) {
| 0 | ||||||||||||
360 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, | - | ||||||||||||
361 | RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED); | - | ||||||||||||
362 | drbg->state = DRBG_ERROR; | - | ||||||||||||
363 | } never executed: end of block | 0 | ||||||||||||
364 | rand_pool_free(drbg->pool); | - | ||||||||||||
365 | drbg->pool = NULL; | - | ||||||||||||
366 | } never executed: end of block | 0 | ||||||||||||
367 | if (drbg->state == DRBG_READY)
| 14-6126 | ||||||||||||
368 | return 1; executed 6126 times by 2 tests: return 1; Executed by:
| 6126 | ||||||||||||
369 | return 0; executed 14 times by 1 test: return 0; Executed by:
| 14 | ||||||||||||
370 | } | - | ||||||||||||
371 | - | |||||||||||||
372 | /* | - | ||||||||||||
373 | * Uninstantiate |drbg|. Must be instantiated before it can be used. | - | ||||||||||||
374 | * | - | ||||||||||||
375 | * Requires that drbg->lock is already locked for write, if non-null. | - | ||||||||||||
376 | * | - | ||||||||||||
377 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
378 | */ | - | ||||||||||||
379 | int RAND_DRBG_uninstantiate(RAND_DRBG *drbg) | - | ||||||||||||
380 | { | - | ||||||||||||
381 | if (drbg->meth == NULL) {
| 0-8666 | ||||||||||||
382 | RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE, | - | ||||||||||||
383 | RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED); | - | ||||||||||||
384 | return 0; never executed: return 0; | 0 | ||||||||||||
385 | } | - | ||||||||||||
386 | - | |||||||||||||
387 | /* Clear the entire drbg->ctr struct, then reset some important | - | ||||||||||||
388 | * members of the drbg->ctr struct (e.g. keysize, df_ks) to their | - | ||||||||||||
389 | * initial values. | - | ||||||||||||
390 | */ | - | ||||||||||||
391 | drbg->meth->uninstantiate(drbg); | - | ||||||||||||
392 | return RAND_DRBG_set(drbg, drbg->type, drbg->flags); executed 8666 times by 1 test: return RAND_DRBG_set(drbg, drbg->type, drbg->flags); Executed by:
| 8666 | ||||||||||||
393 | } | - | ||||||||||||
394 | - | |||||||||||||
395 | /* | - | ||||||||||||
396 | * Reseed |drbg|, mixing in the specified data | - | ||||||||||||
397 | * | - | ||||||||||||
398 | * Requires that drbg->lock is already locked for write, if non-null. | - | ||||||||||||
399 | * | - | ||||||||||||
400 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
401 | */ | - | ||||||||||||
402 | int RAND_DRBG_reseed(RAND_DRBG *drbg, | - | ||||||||||||
403 | const unsigned char *adin, size_t adinlen, | - | ||||||||||||
404 | int prediction_resistance) | - | ||||||||||||
405 | { | - | ||||||||||||
406 | unsigned char *entropy = NULL; | - | ||||||||||||
407 | size_t entropylen = 0; | - | ||||||||||||
408 | - | |||||||||||||
409 | if (drbg->state == DRBG_ERROR) {
| 0-4402 | ||||||||||||
410 | RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_IN_ERROR_STATE); | - | ||||||||||||
411 | return 0; never executed: return 0; | 0 | ||||||||||||
412 | } | - | ||||||||||||
413 | if (drbg->state == DRBG_UNINITIALISED) {
| 0-4402 | ||||||||||||
414 | RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_NOT_INSTANTIATED); | - | ||||||||||||
415 | return 0; never executed: return 0; | 0 | ||||||||||||
416 | } | - | ||||||||||||
417 | - | |||||||||||||
418 | if (adin == NULL) {
| 20-4382 | ||||||||||||
419 | adinlen = 0; | - | ||||||||||||
420 | } else if (adinlen > drbg->max_adinlen) { executed 20 times by 1 test: end of block Executed by:
| 0-4382 | ||||||||||||
421 | RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG); | - | ||||||||||||
422 | return 0; never executed: return 0; | 0 | ||||||||||||
423 | } | - | ||||||||||||
424 | - | |||||||||||||
425 | drbg->state = DRBG_ERROR; | - | ||||||||||||
426 | if (drbg->get_entropy != NULL)
| 0-4403 | ||||||||||||
427 | entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, executed 4403 times by 1 test: entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, prediction_resistance); Executed by:
| 4403 | ||||||||||||
428 | drbg->min_entropylen, executed 4403 times by 1 test: entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, prediction_resistance); Executed by:
| 4403 | ||||||||||||
429 | drbg->max_entropylen, executed 4403 times by 1 test: entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, prediction_resistance); Executed by:
| 4403 | ||||||||||||
430 | prediction_resistance); executed 4403 times by 1 test: entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, prediction_resistance); Executed by:
| 4403 | ||||||||||||
431 | if (entropylen < drbg->min_entropylen
| 3-4400 | ||||||||||||
432 | || entropylen > drbg->max_entropylen) {
| 0-4400 | ||||||||||||
433 | RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY); | - | ||||||||||||
434 | goto end; executed 3 times by 1 test: goto end; Executed by:
| 3 | ||||||||||||
435 | } | - | ||||||||||||
436 | - | |||||||||||||
437 | if (!drbg->meth->reseed(drbg, entropy, entropylen, adin, adinlen))
| 0-4400 | ||||||||||||
438 | goto end; never executed: goto end; | 0 | ||||||||||||
439 | - | |||||||||||||
440 | drbg->state = DRBG_READY; | - | ||||||||||||
441 | drbg->generate_counter = 0; | - | ||||||||||||
442 | drbg->reseed_time = time(NULL); | - | ||||||||||||
443 | if (drbg->reseed_counter > 0) {
| 62-4338 | ||||||||||||
444 | if (drbg->parent == NULL)
| 19-43 | ||||||||||||
445 | drbg->reseed_counter++; executed 19 times by 1 test: drbg->reseed_counter++; Executed by:
| 19 | ||||||||||||
446 | else | - | ||||||||||||
447 | drbg->reseed_counter = drbg->parent->reseed_counter; executed 43 times by 1 test: drbg->reseed_counter = drbg->parent->reseed_counter; Executed by:
| 43 | ||||||||||||
448 | } | - | ||||||||||||
449 | - | |||||||||||||
450 | end: code before this statement executed 4400 times by 1 test: end: Executed by:
| 4400 | ||||||||||||
451 | if (entropy != NULL && drbg->cleanup_entropy != NULL)
| 3-4400 | ||||||||||||
452 | drbg->cleanup_entropy(drbg, entropy, entropylen); executed 62 times by 1 test: drbg->cleanup_entropy(drbg, entropy, entropylen); Executed by:
| 62 | ||||||||||||
453 | if (drbg->state == DRBG_READY)
| 3-4400 | ||||||||||||
454 | return 1; executed 4400 times by 1 test: return 1; Executed by:
| 4400 | ||||||||||||
455 | return 0; executed 3 times by 1 test: return 0; Executed by:
| 3 | ||||||||||||
456 | } | - | ||||||||||||
457 | - | |||||||||||||
458 | /* | - | ||||||||||||
459 | * Restart |drbg|, using the specified entropy or additional input | - | ||||||||||||
460 | * | - | ||||||||||||
461 | * Tries its best to get the drbg instantiated by all means, | - | ||||||||||||
462 | * regardless of its current state. | - | ||||||||||||
463 | * | - | ||||||||||||
464 | * Optionally, a |buffer| of |len| random bytes can be passed, | - | ||||||||||||
465 | * which is assumed to contain at least |entropy| bits of entropy. | - | ||||||||||||
466 | * | - | ||||||||||||
467 | * If |entropy| > 0, the buffer content is used as entropy input. | - | ||||||||||||
468 | * | - | ||||||||||||
469 | * If |entropy| == 0, the buffer content is used as additional input | - | ||||||||||||
470 | * | - | ||||||||||||
471 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
472 | * | - | ||||||||||||
473 | * This function is used internally only. | - | ||||||||||||
474 | */ | - | ||||||||||||
475 | int rand_drbg_restart(RAND_DRBG *drbg, | - | ||||||||||||
476 | const unsigned char *buffer, size_t len, size_t entropy) | - | ||||||||||||
477 | { | - | ||||||||||||
478 | int reseeded = 0; | - | ||||||||||||
479 | const unsigned char *adin = NULL; | - | ||||||||||||
480 | size_t adinlen = 0; | - | ||||||||||||
481 | - | |||||||||||||
482 | if (drbg->pool != NULL) {
| 0-28 | ||||||||||||
483 | RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); | - | ||||||||||||
484 | rand_pool_free(drbg->pool); | - | ||||||||||||
485 | drbg->pool = NULL; | - | ||||||||||||
486 | } never executed: end of block | 0 | ||||||||||||
487 | - | |||||||||||||
488 | if (buffer != NULL) {
| 7-21 | ||||||||||||
489 | if (entropy > 0) {
| 0-21 | ||||||||||||
490 | if (drbg->max_entropylen < len) {
| 0-21 | ||||||||||||
491 | RANDerr(RAND_F_RAND_DRBG_RESTART, | - | ||||||||||||
492 | RAND_R_ENTROPY_INPUT_TOO_LONG); | - | ||||||||||||
493 | return 0; never executed: return 0; | 0 | ||||||||||||
494 | } | - | ||||||||||||
495 | - | |||||||||||||
496 | if (entropy > 8 * len) {
| 0-21 | ||||||||||||
497 | RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE); | - | ||||||||||||
498 | return 0; never executed: return 0; | 0 | ||||||||||||
499 | } | - | ||||||||||||
500 | - | |||||||||||||
501 | /* will be picked up by the rand_drbg_get_entropy() callback */ | - | ||||||||||||
502 | drbg->pool = rand_pool_new(entropy, len, len); | - | ||||||||||||
503 | if (drbg->pool == NULL)
| 0-21 | ||||||||||||
504 | return 0; never executed: return 0; | 0 | ||||||||||||
505 | - | |||||||||||||
506 | rand_pool_add(drbg->pool, buffer, len, entropy); | - | ||||||||||||
507 | } else { executed 21 times by 1 test: end of block Executed by:
| 21 | ||||||||||||
508 | if (drbg->max_adinlen < len) {
| 0 | ||||||||||||
509 | RANDerr(RAND_F_RAND_DRBG_RESTART, | - | ||||||||||||
510 | RAND_R_ADDITIONAL_INPUT_TOO_LONG); | - | ||||||||||||
511 | return 0; never executed: return 0; | 0 | ||||||||||||
512 | } | - | ||||||||||||
513 | adin = buffer; | - | ||||||||||||
514 | adinlen = len; | - | ||||||||||||
515 | } never executed: end of block | 0 | ||||||||||||
516 | } | - | ||||||||||||
517 | - | |||||||||||||
518 | /* repair error state */ | - | ||||||||||||
519 | if (drbg->state == DRBG_ERROR)
| 4-24 | ||||||||||||
520 | RAND_DRBG_uninstantiate(drbg); executed 4 times by 1 test: RAND_DRBG_uninstantiate(drbg); Executed by:
| 4 | ||||||||||||
521 | - | |||||||||||||
522 | /* repair uninitialized state */ | - | ||||||||||||
523 | if (drbg->state == DRBG_UNINITIALISED) {
| 8-20 | ||||||||||||
524 | /* reinstantiate drbg */ | - | ||||||||||||
525 | RAND_DRBG_instantiate(drbg, | - | ||||||||||||
526 | (const unsigned char *) ossl_pers_string, | - | ||||||||||||
527 | sizeof(ossl_pers_string) - 1); | - | ||||||||||||
528 | /* already reseeded. prevent second reseeding below */ | - | ||||||||||||
529 | reseeded = (drbg->state == DRBG_READY); | - | ||||||||||||
530 | } executed 8 times by 1 test: end of block Executed by:
| 8 | ||||||||||||
531 | - | |||||||||||||
532 | /* refresh current state if entropy or additional input has been provided */ | - | ||||||||||||
533 | if (drbg->state == DRBG_READY) {
| 2-26 | ||||||||||||
534 | if (adin != NULL) {
| 0-26 | ||||||||||||
535 | /* | - | ||||||||||||
536 | * mix in additional input without reseeding | - | ||||||||||||
537 | * | - | ||||||||||||
538 | * Similar to RAND_DRBG_reseed(), but the provided additional | - | ||||||||||||
539 | * data |adin| is mixed into the current state without pulling | - | ||||||||||||
540 | * entropy from the trusted entropy source using get_entropy(). | - | ||||||||||||
541 | * This is not a reseeding in the strict sense of NIST SP 800-90A. | - | ||||||||||||
542 | */ | - | ||||||||||||
543 | drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); | - | ||||||||||||
544 | } else if (reseeded == 0) { never executed: end of block
| 0-20 | ||||||||||||
545 | /* do a full reseeding if it has not been done yet above */ | - | ||||||||||||
546 | RAND_DRBG_reseed(drbg, NULL, 0, 0); | - | ||||||||||||
547 | } executed 20 times by 1 test: end of block Executed by:
| 20 | ||||||||||||
548 | } executed 26 times by 1 test: end of block Executed by:
| 26 | ||||||||||||
549 | - | |||||||||||||
550 | /* check whether a given entropy pool was cleared properly during reseed */ | - | ||||||||||||
551 | if (drbg->pool != NULL) {
| 1-27 | ||||||||||||
552 | drbg->state = DRBG_ERROR; | - | ||||||||||||
553 | RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); | - | ||||||||||||
554 | rand_pool_free(drbg->pool); | - | ||||||||||||
555 | drbg->pool = NULL; | - | ||||||||||||
556 | return 0; executed 1 time by 1 test: return 0; Executed by:
| 1 | ||||||||||||
557 | } | - | ||||||||||||
558 | - | |||||||||||||
559 | return drbg->state == DRBG_READY; executed 27 times by 1 test: return drbg->state == DRBG_READY; Executed by:
| 27 | ||||||||||||
560 | } | - | ||||||||||||
561 | - | |||||||||||||
562 | /* | - | ||||||||||||
563 | * Generate |outlen| bytes into the buffer at |out|. Reseed if we need | - | ||||||||||||
564 | * to or if |prediction_resistance| is set. Additional input can be | - | ||||||||||||
565 | * sent in |adin| and |adinlen|. | - | ||||||||||||
566 | * | - | ||||||||||||
567 | * Requires that drbg->lock is already locked for write, if non-null. | - | ||||||||||||
568 | * | - | ||||||||||||
569 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
570 | * | - | ||||||||||||
571 | */ | - | ||||||||||||
572 | int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, | - | ||||||||||||
573 | int prediction_resistance, | - | ||||||||||||
574 | const unsigned char *adin, size_t adinlen) | - | ||||||||||||
575 | { | - | ||||||||||||
576 | int reseed_required = 0; | - | ||||||||||||
577 | - | |||||||||||||
578 | if (drbg->state != DRBG_READY) {
| 7-1038601 | ||||||||||||
579 | /* try to recover from previous errors */ | - | ||||||||||||
580 | rand_drbg_restart(drbg, NULL, 0, 0); | - | ||||||||||||
581 | - | |||||||||||||
582 | if (drbg->state == DRBG_ERROR) {
| 2-5 | ||||||||||||
583 | RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_IN_ERROR_STATE); | - | ||||||||||||
584 | return 0; executed 2 times by 1 test: return 0; Executed by:
| 2 | ||||||||||||
585 | } | - | ||||||||||||
586 | if (drbg->state == DRBG_UNINITIALISED) {
| 0-5 | ||||||||||||
587 | RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_NOT_INSTANTIATED); | - | ||||||||||||
588 | return 0; never executed: return 0; | 0 | ||||||||||||
589 | } | - | ||||||||||||
590 | } executed 5 times by 1 test: end of block Executed by:
| 5 | ||||||||||||
591 | - | |||||||||||||
592 | if (outlen > drbg->max_request) {
| 0-1036308 | ||||||||||||
593 | RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG); | - | ||||||||||||
594 | return 0; never executed: return 0; | 0 | ||||||||||||
595 | } | - | ||||||||||||
596 | if (adinlen > drbg->max_adinlen) {
| 0-1044845 | ||||||||||||
597 | RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_ADDITIONAL_INPUT_TOO_LONG); | - | ||||||||||||
598 | return 0; never executed: return 0; | 0 | ||||||||||||
599 | } | - | ||||||||||||
600 | - | |||||||||||||
601 | if (drbg->fork_count != rand_fork_count) {
| 0-1049337 | ||||||||||||
602 | drbg->fork_count = rand_fork_count; | - | ||||||||||||
603 | reseed_required = 1; | - | ||||||||||||
604 | } never executed: end of block | 0 | ||||||||||||
605 | - | |||||||||||||
606 | if (drbg->reseed_interval > 0) {
| 0-1056824 | ||||||||||||
607 | if (drbg->generate_counter >= drbg->reseed_interval)
| 3-1071657 | ||||||||||||
608 | reseed_required = 1; executed 3 times by 1 test: reseed_required = 1; Executed by:
| 3 | ||||||||||||
609 | } executed 1064277 times by 2 tests: end of block Executed by:
| 1064277 | ||||||||||||
610 | if (drbg->reseed_time_interval > 0) {
| 0-1063945 | ||||||||||||
611 | time_t now = time(NULL); | - | ||||||||||||
612 | if (now < drbg->reseed_time
| 0-1067482 | ||||||||||||
613 | || now - drbg->reseed_time >= drbg->reseed_time_interval)
| 34-1067256 | ||||||||||||
614 | reseed_required = 1; executed 34 times by 1 test: reseed_required = 1; Executed by:
| 34 | ||||||||||||
615 | } executed 1069303 times by 2 tests: end of block Executed by:
| 1069303 | ||||||||||||
616 | if (drbg->reseed_counter > 0 && drbg->parent != NULL) {
| 1055-1061309 | ||||||||||||
617 | if (drbg->reseed_counter != drbg->parent->reseed_counter)
| 8-1061390 | ||||||||||||
618 | reseed_required = 1; executed 8 times by 1 test: reseed_required = 1; Executed by:
| 8 | ||||||||||||
619 | } executed 1061020 times by 2 tests: end of block Executed by:
| 1061020 | ||||||||||||
620 | - | |||||||||||||
621 | if (reseed_required || prediction_resistance) {
| 45-1070847 | ||||||||||||
622 | if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) {
| 2-2935 | ||||||||||||
623 | RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR); | - | ||||||||||||
624 | return 0; executed 2 times by 1 test: return 0; Executed by:
| 2 | ||||||||||||
625 | } | - | ||||||||||||
626 | adin = NULL; | - | ||||||||||||
627 | adinlen = 0; | - | ||||||||||||
628 | } executed 2935 times by 1 test: end of block Executed by:
| 2935 | ||||||||||||
629 | - | |||||||||||||
630 | if (!drbg->meth->generate(drbg, out, outlen, adin, adinlen)) {
| 0-1034268 | ||||||||||||
631 | drbg->state = DRBG_ERROR; | - | ||||||||||||
632 | RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_GENERATE_ERROR); | - | ||||||||||||
633 | return 0; never executed: return 0; | 0 | ||||||||||||
634 | } | - | ||||||||||||
635 | - | |||||||||||||
636 | drbg->generate_counter++; | - | ||||||||||||
637 | - | |||||||||||||
638 | return 1; executed 1033938 times by 2 tests: return 1; Executed by:
| 1033938 | ||||||||||||
639 | } | - | ||||||||||||
640 | - | |||||||||||||
641 | /* | - | ||||||||||||
642 | * Generates |outlen| random bytes and stores them in |out|. It will | - | ||||||||||||
643 | * using the given |drbg| to generate the bytes. | - | ||||||||||||
644 | * | - | ||||||||||||
645 | * Requires that drbg->lock is already locked for write, if non-null. | - | ||||||||||||
646 | * | - | ||||||||||||
647 | * Returns 1 on success 0 on failure. | - | ||||||||||||
648 | */ | - | ||||||||||||
649 | int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) | - | ||||||||||||
650 | { | - | ||||||||||||
651 | unsigned char *additional = NULL; | - | ||||||||||||
652 | size_t additional_len; | - | ||||||||||||
653 | size_t chunk; | - | ||||||||||||
654 | size_t ret; | - | ||||||||||||
655 | - | |||||||||||||
656 | additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen); | - | ||||||||||||
657 | - | |||||||||||||
658 | for ( ; outlen > 0; outlen -= chunk, out += chunk) {
| 1032809-1043108 | ||||||||||||
659 | chunk = outlen; | - | ||||||||||||
660 | if (chunk > drbg->max_request)
| 0-1041917 | ||||||||||||
661 | chunk = drbg->max_request; never executed: chunk = drbg->max_request; | 0 | ||||||||||||
662 | ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len); | - | ||||||||||||
663 | if (!ret)
| 2-1025801 | ||||||||||||
664 | goto err; executed 2 times by 1 test: goto err; Executed by:
| 2 | ||||||||||||
665 | } executed 1034540 times by 2 tests: end of block Executed by:
| 1034540 | ||||||||||||
666 | ret = 1; | - | ||||||||||||
667 | - | |||||||||||||
668 | err: code before this statement executed 1031170 times by 2 tests: err: Executed by:
| 1031170 | ||||||||||||
669 | if (additional_len != 0)
| 0-1035520 | ||||||||||||
670 | OPENSSL_secure_clear_free(additional, additional_len); executed 1039376 times by 2 tests: CRYPTO_secure_clear_free(additional, additional_len, __FILE__, 670); Executed by:
| 1039376 | ||||||||||||
671 | - | |||||||||||||
672 | return ret; executed 1060959 times by 2 tests: return ret; Executed by:
| 1060959 | ||||||||||||
673 | } | - | ||||||||||||
674 | - | |||||||||||||
675 | /* | - | ||||||||||||
676 | * Set the RAND_DRBG callbacks for obtaining entropy and nonce. | - | ||||||||||||
677 | * | - | ||||||||||||
678 | * Setting the callbacks is allowed only if the drbg has not been | - | ||||||||||||
679 | * initialized yet. Otherwise, the operation will fail. | - | ||||||||||||
680 | * | - | ||||||||||||
681 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
682 | */ | - | ||||||||||||
683 | int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, | - | ||||||||||||
684 | RAND_DRBG_get_entropy_fn get_entropy, | - | ||||||||||||
685 | RAND_DRBG_cleanup_entropy_fn cleanup_entropy, | - | ||||||||||||
686 | RAND_DRBG_get_nonce_fn get_nonce, | - | ||||||||||||
687 | RAND_DRBG_cleanup_nonce_fn cleanup_nonce) | - | ||||||||||||
688 | { | - | ||||||||||||
689 | if (drbg->state != DRBG_UNINITIALISED)
| 0-4338 | ||||||||||||
690 | return 0; never executed: return 0; | 0 | ||||||||||||
691 | drbg->get_entropy = get_entropy; | - | ||||||||||||
692 | drbg->cleanup_entropy = cleanup_entropy; | - | ||||||||||||
693 | drbg->get_nonce = get_nonce; | - | ||||||||||||
694 | drbg->cleanup_nonce = cleanup_nonce; | - | ||||||||||||
695 | return 1; executed 4338 times by 1 test: return 1; Executed by:
| 4338 | ||||||||||||
696 | } | - | ||||||||||||
697 | - | |||||||||||||
698 | /* | - | ||||||||||||
699 | * Set the reseed interval. | - | ||||||||||||
700 | * | - | ||||||||||||
701 | * The drbg will reseed automatically whenever the number of generate | - | ||||||||||||
702 | * requests exceeds the given reseed interval. If the reseed interval | - | ||||||||||||
703 | * is 0, then this feature is disabled. | - | ||||||||||||
704 | * | - | ||||||||||||
705 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
706 | */ | - | ||||||||||||
707 | int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval) | - | ||||||||||||
708 | { | - | ||||||||||||
709 | if (interval > MAX_RESEED_INTERVAL)
| 0 | ||||||||||||
710 | return 0; never executed: return 0; | 0 | ||||||||||||
711 | drbg->reseed_interval = interval; | - | ||||||||||||
712 | return 1; never executed: return 1; | 0 | ||||||||||||
713 | } | - | ||||||||||||
714 | - | |||||||||||||
715 | /* | - | ||||||||||||
716 | * Set the reseed time interval. | - | ||||||||||||
717 | * | - | ||||||||||||
718 | * The drbg will reseed automatically whenever the time elapsed since | - | ||||||||||||
719 | * the last reseeding exceeds the given reseed time interval. For safety, | - | ||||||||||||
720 | * a reseeding will also occur if the clock has been reset to a smaller | - | ||||||||||||
721 | * value. | - | ||||||||||||
722 | * | - | ||||||||||||
723 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
724 | */ | - | ||||||||||||
725 | int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval) | - | ||||||||||||
726 | { | - | ||||||||||||
727 | if (interval > MAX_RESEED_TIME_INTERVAL)
| 0-8 | ||||||||||||
728 | return 0; never executed: return 0; | 0 | ||||||||||||
729 | drbg->reseed_time_interval = interval; | - | ||||||||||||
730 | return 1; executed 8 times by 1 test: return 1; Executed by:
| 8 | ||||||||||||
731 | } | - | ||||||||||||
732 | - | |||||||||||||
733 | /* | - | ||||||||||||
734 | * Set the default values for reseed (time) intervals of new DRBG instances | - | ||||||||||||
735 | * | - | ||||||||||||
736 | * The default values can be set independently for master DRBG instances | - | ||||||||||||
737 | * (without a parent) and slave DRBG instances (with parent). | - | ||||||||||||
738 | * | - | ||||||||||||
739 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
740 | */ | - | ||||||||||||
741 | - | |||||||||||||
742 | int RAND_DRBG_set_reseed_defaults( | - | ||||||||||||
743 | unsigned int _master_reseed_interval, | - | ||||||||||||
744 | unsigned int _slave_reseed_interval, | - | ||||||||||||
745 | time_t _master_reseed_time_interval, | - | ||||||||||||
746 | time_t _slave_reseed_time_interval | - | ||||||||||||
747 | ) | - | ||||||||||||
748 | { | - | ||||||||||||
749 | if (_master_reseed_interval > MAX_RESEED_INTERVAL
| 0 | ||||||||||||
750 | || _slave_reseed_interval > MAX_RESEED_INTERVAL)
| 0 | ||||||||||||
751 | return 0; never executed: return 0; | 0 | ||||||||||||
752 | - | |||||||||||||
753 | if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
| 0 | ||||||||||||
754 | || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
| 0 | ||||||||||||
755 | return 0; never executed: return 0; | 0 | ||||||||||||
756 | - | |||||||||||||
757 | master_reseed_interval = _master_reseed_interval; | - | ||||||||||||
758 | slave_reseed_interval = _slave_reseed_interval; | - | ||||||||||||
759 | - | |||||||||||||
760 | master_reseed_time_interval = _master_reseed_time_interval; | - | ||||||||||||
761 | slave_reseed_time_interval = _slave_reseed_time_interval; | - | ||||||||||||
762 | - | |||||||||||||
763 | return 1; never executed: return 1; | 0 | ||||||||||||
764 | } | - | ||||||||||||
765 | - | |||||||||||||
766 | /* | - | ||||||||||||
767 | * Locks the given drbg. Locking a drbg which does not have locking | - | ||||||||||||
768 | * enabled is considered a successful no-op. | - | ||||||||||||
769 | * | - | ||||||||||||
770 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
771 | */ | - | ||||||||||||
772 | int rand_drbg_lock(RAND_DRBG *drbg) | - | ||||||||||||
773 | { | - | ||||||||||||
774 | if (drbg->lock != NULL)
| 0-2085 | ||||||||||||
775 | return CRYPTO_THREAD_write_lock(drbg->lock); executed 2085 times by 2 tests: return CRYPTO_THREAD_write_lock(drbg->lock); Executed by:
| 2085 | ||||||||||||
776 | - | |||||||||||||
777 | return 1; never executed: return 1; | 0 | ||||||||||||
778 | } | - | ||||||||||||
779 | - | |||||||||||||
780 | /* | - | ||||||||||||
781 | * Unlocks the given drbg. Unlocking a drbg which does not have locking | - | ||||||||||||
782 | * enabled is considered a successful no-op. | - | ||||||||||||
783 | * | - | ||||||||||||
784 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
785 | */ | - | ||||||||||||
786 | int rand_drbg_unlock(RAND_DRBG *drbg) | - | ||||||||||||
787 | { | - | ||||||||||||
788 | if (drbg->lock != NULL)
| 0-2086 | ||||||||||||
789 | return CRYPTO_THREAD_unlock(drbg->lock); executed 2086 times by 2 tests: return CRYPTO_THREAD_unlock(drbg->lock); Executed by:
| 2086 | ||||||||||||
790 | - | |||||||||||||
791 | return 1; never executed: return 1; | 0 | ||||||||||||
792 | } | - | ||||||||||||
793 | - | |||||||||||||
794 | /* | - | ||||||||||||
795 | * Enables locking for the given drbg | - | ||||||||||||
796 | * | - | ||||||||||||
797 | * Locking can only be enabled if the random generator | - | ||||||||||||
798 | * is in the uninitialized state. | - | ||||||||||||
799 | * | - | ||||||||||||
800 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
801 | */ | - | ||||||||||||
802 | int rand_drbg_enable_locking(RAND_DRBG *drbg) | - | ||||||||||||
803 | { | - | ||||||||||||
804 | if (drbg->state != DRBG_UNINITIALISED) {
| 0-779 | ||||||||||||
805 | RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, | - | ||||||||||||
806 | RAND_R_DRBG_ALREADY_INITIALIZED); | - | ||||||||||||
807 | return 0; never executed: return 0; | 0 | ||||||||||||
808 | } | - | ||||||||||||
809 | - | |||||||||||||
810 | if (drbg->lock == NULL) {
| 0-779 | ||||||||||||
811 | if (drbg->parent != NULL && drbg->parent->lock == NULL) {
| 0-779 | ||||||||||||
812 | RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, | - | ||||||||||||
813 | RAND_R_PARENT_LOCKING_NOT_ENABLED); | - | ||||||||||||
814 | return 0; never executed: return 0; | 0 | ||||||||||||
815 | } | - | ||||||||||||
816 | - | |||||||||||||
817 | drbg->lock = CRYPTO_THREAD_lock_new(); | - | ||||||||||||
818 | if (drbg->lock == NULL) {
| 0-779 | ||||||||||||
819 | RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, | - | ||||||||||||
820 | RAND_R_FAILED_TO_CREATE_LOCK); | - | ||||||||||||
821 | return 0; never executed: return 0; | 0 | ||||||||||||
822 | } | - | ||||||||||||
823 | } executed 779 times by 2 tests: end of block Executed by:
| 779 | ||||||||||||
824 | - | |||||||||||||
825 | return 1; executed 779 times by 2 tests: return 1; Executed by:
| 779 | ||||||||||||
826 | } | - | ||||||||||||
827 | - | |||||||||||||
828 | /* | - | ||||||||||||
829 | * Get and set the EXDATA | - | ||||||||||||
830 | */ | - | ||||||||||||
831 | int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg) | - | ||||||||||||
832 | { | - | ||||||||||||
833 | return CRYPTO_set_ex_data(&drbg->ex_data, idx, arg); executed 4341 times by 1 test: return CRYPTO_set_ex_data(&drbg->ex_data, idx, arg); Executed by:
| 4341 | ||||||||||||
834 | } | - | ||||||||||||
835 | - | |||||||||||||
836 | void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx) | - | ||||||||||||
837 | { | - | ||||||||||||
838 | return CRYPTO_get_ex_data(&drbg->ex_data, idx); executed 10860 times by 1 test: return CRYPTO_get_ex_data(&drbg->ex_data, idx); Executed by:
| 10860 | ||||||||||||
839 | } | - | ||||||||||||
840 | - | |||||||||||||
841 | - | |||||||||||||
842 | /* | - | ||||||||||||
843 | * The following functions provide a RAND_METHOD that works on the | - | ||||||||||||
844 | * global DRBG. They lock. | - | ||||||||||||
845 | */ | - | ||||||||||||
846 | - | |||||||||||||
847 | /* | - | ||||||||||||
848 | * Allocates a new global DRBG on the secure heap (if enabled) and | - | ||||||||||||
849 | * initializes it with default settings. | - | ||||||||||||
850 | * | - | ||||||||||||
851 | * Returns a pointer to the new DRBG instance on success, NULL on failure. | - | ||||||||||||
852 | */ | - | ||||||||||||
853 | static RAND_DRBG *drbg_setup(RAND_DRBG *parent) | - | ||||||||||||
854 | { | - | ||||||||||||
855 | RAND_DRBG *drbg; | - | ||||||||||||
856 | - | |||||||||||||
857 | drbg = RAND_DRBG_secure_new(rand_drbg_type, rand_drbg_flags, parent); | - | ||||||||||||
858 | if (drbg == NULL)
| 0-1787 | ||||||||||||
859 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
860 | - | |||||||||||||
861 | /* Only the master DRBG needs to have a lock */ | - | ||||||||||||
862 | if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
| 0-1008 | ||||||||||||
863 | goto err; never executed: goto err; | 0 | ||||||||||||
864 | - | |||||||||||||
865 | /* enable seed propagation */ | - | ||||||||||||
866 | drbg->reseed_counter = 1; | - | ||||||||||||
867 | - | |||||||||||||
868 | /* | - | ||||||||||||
869 | * Ignore instantiation error to support just-in-time instantiation. | - | ||||||||||||
870 | * | - | ||||||||||||
871 | * The state of the drbg will be checked in RAND_DRBG_generate() and | - | ||||||||||||
872 | * an automatic recovery is attempted. | - | ||||||||||||
873 | */ | - | ||||||||||||
874 | (void)RAND_DRBG_instantiate(drbg, | - | ||||||||||||
875 | (const unsigned char *) ossl_pers_string, | - | ||||||||||||
876 | sizeof(ossl_pers_string) - 1); | - | ||||||||||||
877 | return drbg; executed 1787 times by 2 tests: return drbg; Executed by:
| 1787 | ||||||||||||
878 | - | |||||||||||||
879 | err: | - | ||||||||||||
880 | RAND_DRBG_free(drbg); | - | ||||||||||||
881 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
882 | } | - | ||||||||||||
883 | - | |||||||||||||
884 | /* | - | ||||||||||||
885 | * Initialize the global DRBGs on first use. | - | ||||||||||||
886 | * Returns 1 on success, 0 on failure. | - | ||||||||||||
887 | */ | - | ||||||||||||
888 | DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init) executed 779 times by 2 tests: end of block Executed by:
| 779 | ||||||||||||
889 | { | - | ||||||||||||
890 | /* | - | ||||||||||||
891 | * ensure that libcrypto is initialized, otherwise the | - | ||||||||||||
892 | * DRBG locks are not cleaned up properly | - | ||||||||||||
893 | */ | - | ||||||||||||
894 | if (!OPENSSL_init_crypto(0, NULL))
| 0-779 | ||||||||||||
895 | return 0; never executed: return 0; | 0 | ||||||||||||
896 | - | |||||||||||||
897 | if (!CRYPTO_THREAD_init_local(&private_drbg, NULL))
| 0-779 | ||||||||||||
898 | return 0; never executed: return 0; | 0 | ||||||||||||
899 | - | |||||||||||||
900 | if (!CRYPTO_THREAD_init_local(&public_drbg, NULL))
| 0-779 | ||||||||||||
901 | goto err1; never executed: goto err1; | 0 | ||||||||||||
902 | - | |||||||||||||
903 | master_drbg = drbg_setup(NULL); | - | ||||||||||||
904 | if (master_drbg == NULL)
| 0-779 | ||||||||||||
905 | goto err2; never executed: goto err2; | 0 | ||||||||||||
906 | - | |||||||||||||
907 | return 1; executed 779 times by 2 tests: return 1; Executed by:
| 779 | ||||||||||||
908 | - | |||||||||||||
909 | err2: | - | ||||||||||||
910 | CRYPTO_THREAD_cleanup_local(&public_drbg); | - | ||||||||||||
911 | err1: code before this statement never executed: err1: | 0 | ||||||||||||
912 | CRYPTO_THREAD_cleanup_local(&private_drbg); | - | ||||||||||||
913 | return 0; never executed: return 0; | 0 | ||||||||||||
914 | } | - | ||||||||||||
915 | - | |||||||||||||
916 | /* Clean up the global DRBGs before exit */ | - | ||||||||||||
917 | void rand_drbg_cleanup_int(void) | - | ||||||||||||
918 | { | - | ||||||||||||
919 | if (master_drbg != NULL) {
| 779-1297 | ||||||||||||
920 | RAND_DRBG_free(master_drbg); | - | ||||||||||||
921 | master_drbg = NULL; | - | ||||||||||||
922 | - | |||||||||||||
923 | CRYPTO_THREAD_cleanup_local(&private_drbg); | - | ||||||||||||
924 | CRYPTO_THREAD_cleanup_local(&public_drbg); | - | ||||||||||||
925 | } executed 779 times by 2 tests: end of block Executed by:
| 779 | ||||||||||||
926 | } executed 2076 times by 12 tests: end of block Executed by:
| 2076 | ||||||||||||
927 | - | |||||||||||||
928 | void drbg_delete_thread_state(void) | - | ||||||||||||
929 | { | - | ||||||||||||
930 | RAND_DRBG *drbg; | - | ||||||||||||
931 | - | |||||||||||||
932 | drbg = CRYPTO_THREAD_get_local(&public_drbg); | - | ||||||||||||
933 | CRYPTO_THREAD_set_local(&public_drbg, NULL); | - | ||||||||||||
934 | RAND_DRBG_free(drbg); | - | ||||||||||||
935 | - | |||||||||||||
936 | drbg = CRYPTO_THREAD_get_local(&private_drbg); | - | ||||||||||||
937 | CRYPTO_THREAD_set_local(&private_drbg, NULL); | - | ||||||||||||
938 | RAND_DRBG_free(drbg); | - | ||||||||||||
939 | } executed 782 times by 2 tests: end of block Executed by:
| 782 | ||||||||||||
940 | - | |||||||||||||
941 | /* Implements the default OpenSSL RAND_bytes() method */ | - | ||||||||||||
942 | static int drbg_bytes(unsigned char *out, int count) | - | ||||||||||||
943 | { | - | ||||||||||||
944 | int ret; | - | ||||||||||||
945 | RAND_DRBG *drbg = RAND_DRBG_get0_public(); | - | ||||||||||||
946 | - | |||||||||||||
947 | if (drbg == NULL)
| 0-564240 | ||||||||||||
948 | return 0; never executed: return 0; | 0 | ||||||||||||
949 | - | |||||||||||||
950 | ret = RAND_DRBG_bytes(drbg, out, count); | - | ||||||||||||
951 | - | |||||||||||||
952 | return ret; executed 564990 times by 1 test: return ret; Executed by:
| 564990 | ||||||||||||
953 | } | - | ||||||||||||
954 | - | |||||||||||||
955 | /* Implements the default OpenSSL RAND_add() method */ | - | ||||||||||||
956 | static int drbg_add(const void *buf, int num, double randomness) | - | ||||||||||||
957 | { | - | ||||||||||||
958 | int ret = 0; | - | ||||||||||||
959 | RAND_DRBG *drbg = RAND_DRBG_get0_master(); | - | ||||||||||||
960 | - | |||||||||||||
961 | if (drbg == NULL)
| 0-21 | ||||||||||||
962 | return 0; never executed: return 0; | 0 | ||||||||||||
963 | - | |||||||||||||
964 | if (num < 0 || randomness < 0.0)
| 0-21 | ||||||||||||
965 | return 0; never executed: return 0; | 0 | ||||||||||||
966 | - | |||||||||||||
967 | if (randomness > (double)drbg->max_entropylen) {
| 0-21 | ||||||||||||
968 | /* | - | ||||||||||||
969 | * The purpose of this check is to bound |randomness| by a | - | ||||||||||||
970 | * relatively small value in order to prevent an integer | - | ||||||||||||
971 | * overflow when multiplying by 8 in the rand_drbg_restart() | - | ||||||||||||
972 | * call below. | - | ||||||||||||
973 | */ | - | ||||||||||||
974 | return 0; never executed: return 0; | 0 | ||||||||||||
975 | } | - | ||||||||||||
976 | - | |||||||||||||
977 | rand_drbg_lock(drbg); | - | ||||||||||||
978 | ret = rand_drbg_restart(drbg, buf, | - | ||||||||||||
979 | (size_t)(unsigned int)num, | - | ||||||||||||
980 | (size_t)(8*randomness)); | - | ||||||||||||
981 | rand_drbg_unlock(drbg); | - | ||||||||||||
982 | - | |||||||||||||
983 | return ret; executed 21 times by 1 test: return ret; Executed by:
| 21 | ||||||||||||
984 | } | - | ||||||||||||
985 | - | |||||||||||||
986 | /* Implements the default OpenSSL RAND_seed() method */ | - | ||||||||||||
987 | static int drbg_seed(const void *buf, int num) | - | ||||||||||||
988 | { | - | ||||||||||||
989 | return drbg_add(buf, num, num); never executed: return drbg_add(buf, num, num); | 0 | ||||||||||||
990 | } | - | ||||||||||||
991 | - | |||||||||||||
992 | /* Implements the default OpenSSL RAND_status() method */ | - | ||||||||||||
993 | static int drbg_status(void) | - | ||||||||||||
994 | { | - | ||||||||||||
995 | int ret; | - | ||||||||||||
996 | RAND_DRBG *drbg = RAND_DRBG_get0_master(); | - | ||||||||||||
997 | - | |||||||||||||
998 | if (drbg == NULL)
| 0 | ||||||||||||
999 | return 0; never executed: return 0; | 0 | ||||||||||||
1000 | - | |||||||||||||
1001 | rand_drbg_lock(drbg); | - | ||||||||||||
1002 | ret = drbg->state == DRBG_READY ? 1 : 0;
| 0 | ||||||||||||
1003 | rand_drbg_unlock(drbg); | - | ||||||||||||
1004 | return ret; never executed: return ret; | 0 | ||||||||||||
1005 | } | - | ||||||||||||
1006 | - | |||||||||||||
1007 | /* | - | ||||||||||||
1008 | * Get the master DRBG. | - | ||||||||||||
1009 | * Returns pointer to the DRBG on success, NULL on failure. | - | ||||||||||||
1010 | * | - | ||||||||||||
1011 | */ | - | ||||||||||||
1012 | RAND_DRBG *RAND_DRBG_get0_master(void) | - | ||||||||||||
1013 | { | - | ||||||||||||
1014 | if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
| 0-23 | ||||||||||||
1015 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
1016 | - | |||||||||||||
1017 | return master_drbg; executed 23 times by 1 test: return master_drbg; Executed by:
| 23 | ||||||||||||
1018 | } | - | ||||||||||||
1019 | - | |||||||||||||
1020 | /* | - | ||||||||||||
1021 | * Get the public DRBG. | - | ||||||||||||
1022 | * Returns pointer to the DRBG on success, NULL on failure. | - | ||||||||||||
1023 | */ | - | ||||||||||||
1024 | RAND_DRBG *RAND_DRBG_get0_public(void) | - | ||||||||||||
1025 | { | - | ||||||||||||
1026 | RAND_DRBG *drbg; | - | ||||||||||||
1027 | - | |||||||||||||
1028 | if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
| 0-565554 | ||||||||||||
1029 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
1030 | - | |||||||||||||
1031 | drbg = CRYPTO_THREAD_get_local(&public_drbg); | - | ||||||||||||
1032 | if (drbg == NULL) {
| 550-565216 | ||||||||||||
1033 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
| 0-550 | ||||||||||||
1034 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
1035 | drbg = drbg_setup(master_drbg); | - | ||||||||||||
1036 | CRYPTO_THREAD_set_local(&public_drbg, drbg); | - | ||||||||||||
1037 | } executed 550 times by 1 test: end of block Executed by:
| 550 | ||||||||||||
1038 | return drbg; executed 564027 times by 1 test: return drbg; Executed by:
| 564027 | ||||||||||||
1039 | } | - | ||||||||||||
1040 | - | |||||||||||||
1041 | /* | - | ||||||||||||
1042 | * Get the private DRBG. | - | ||||||||||||
1043 | * Returns pointer to the DRBG on success, NULL on failure. | - | ||||||||||||
1044 | */ | - | ||||||||||||
1045 | RAND_DRBG *RAND_DRBG_get0_private(void) | - | ||||||||||||
1046 | { | - | ||||||||||||
1047 | RAND_DRBG *drbg; | - | ||||||||||||
1048 | - | |||||||||||||
1049 | if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
| 0-498118 | ||||||||||||
1050 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
1051 | - | |||||||||||||
1052 | drbg = CRYPTO_THREAD_get_local(&private_drbg); | - | ||||||||||||
1053 | if (drbg == NULL) {
| 458-498110 | ||||||||||||
1054 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
| 0-458 | ||||||||||||
1055 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||||||||
1056 | drbg = drbg_setup(master_drbg); | - | ||||||||||||
1057 | CRYPTO_THREAD_set_local(&private_drbg, drbg); | - | ||||||||||||
1058 | } executed 458 times by 2 tests: end of block Executed by:
| 458 | ||||||||||||
1059 | return drbg; executed 498444 times by 2 tests: return drbg; Executed by:
| 498444 | ||||||||||||
1060 | } | - | ||||||||||||
1061 | - | |||||||||||||
1062 | RAND_METHOD rand_meth = { | - | ||||||||||||
1063 | drbg_seed, | - | ||||||||||||
1064 | drbg_bytes, | - | ||||||||||||
1065 | NULL, | - | ||||||||||||
1066 | drbg_add, | - | ||||||||||||
1067 | drbg_bytes, | - | ||||||||||||
1068 | drbg_status | - | ||||||||||||
1069 | }; | - | ||||||||||||
1070 | - | |||||||||||||
1071 | RAND_METHOD *RAND_OpenSSL(void) | - | ||||||||||||
1072 | { | - | ||||||||||||
1073 | return &rand_meth; executed 566075 times by 2 tests: return &rand_meth; Executed by:
| 566075 | ||||||||||||
1074 | } | - | ||||||||||||
Source code | Switch to Preprocessed file |