OpenCoverage

e_aes_cbc_hmac_sha1.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c

Switch to Source code

Preprocessed file

Line Source Count

1 -

2 -

3 -

4 -

5 typedef struct { -

6 AES_KEY ks; -

7 SHA_CTX head, tail, md; -

8 size_t payload_length; -

9 union { -

10 unsigned int tls_ver; -

11 unsigned char tls_aad[16]; -

12 } aux; -

13 } EVP_AES_HMAC_SHA1; -

14 -

15 -

16 -

17 -

18 -

19 -

20 -

21 extern unsigned int OPENSSL_ia32cap_P[]; -

22 -

23 -

24 int aesni_set_encrypt_key(const unsigned char *userKey, int bits, -

25 AES_KEY *key); -

26 int aesni_set_decrypt_key(const unsigned char *userKey, int bits, -

27 AES_KEY *key); -

28 -

29 void aesni_cbc_encrypt(const unsigned char *in, -

30 unsigned char *out, -

31 size_t length, -

32 const AES_KEY *key, unsigned char *ivec, int enc); -

33 -

34 void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks, -

35 const AES_KEY *key, unsigned char iv[16], -

36 SHA_CTX *ctx, const void *in0); -

37 -

38 void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, -

39 const AES_KEY *key, unsigned char iv[16], -

40 SHA_CTX *ctx, const void *in0); -

41 -

42 -

43 -

44 static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, -

45 const unsigned char *inkey, -

46 const unsigned char *iv, int enc) -

47 { -

48 EVP_AES_HMAC_SHA1 *key = ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)); -

49 int ret; -

50 -

if (enc

enc	Description
TRUE	never evaluated
FALSE	never evaluated

)

ret = aesni_set_encrypt_key(inkey,

never executed: ret = aesni_set_encrypt_key(inkey, EVP_CIPHER_CTX_key_length(ctx) * 8, &key->ks);

EVP_CIPHER_CTX_key_length(ctx) * 8,

never executed: ret = aesni_set_encrypt_key(inkey, EVP_CIPHER_CTX_key_length(ctx) * 8, &key->ks);

&key->ks);

never executed: ret = aesni_set_encrypt_key(inkey, EVP_CIPHER_CTX_key_length(ctx) * 8, &key->ks);

55 else -

ret = aesni_set_decrypt_key(inkey,

never executed: ret = aesni_set_decrypt_key(inkey, EVP_CIPHER_CTX_key_length(ctx) * 8, &key->ks);

EVP_CIPHER_CTX_key_length(ctx) * 8,

never executed: ret = aesni_set_decrypt_key(inkey, EVP_CIPHER_CTX_key_length(ctx) * 8, &key->ks);

&key->ks);

never executed: ret = aesni_set_decrypt_key(inkey, EVP_CIPHER_CTX_key_length(ctx) * 8, &key->ks);

59 -

60 SHA1_Init(&key->head); -

61 key->tail = key->head; -

62 key->md = key->head; -

63 -

64 key->payload_length = ((size_t)-1); -

65 -

return

never executed: return ret < 0 ? 0 : 1;

ret < 0

ret < 0	Description
TRUE	never evaluated
FALSE	never evaluated

? 0 : 1;

never executed: return ret < 0 ? 0 : 1;

67 } -

68 void sha1_block_data_order(void *c, const void *p, size_t len); -

69 -

70 static void sha1_update(SHA_CTX *c, const void *data, size_t len) -

71 { -

72 const unsigned char *ptr = data; -

73 size_t res; -

74 -

if ((

(res = c->num)	Description
TRUE	never evaluated
FALSE	never evaluated

res = c->num)

(res = c->num)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

76 res = (16*4) - res; -

if (len < res

len < res	Description
TRUE	never evaluated
FALSE	never evaluated

)

res = len;

never executed: res = len;

79 SHA1_Update(c, ptr, res); -

80 ptr += res; -

81 len -= res; -

}

never executed: end of block

83 -

84 res = len % (16*4); -

85 len -= res; -

86 -

if (len

len	Description
TRUE	never evaluated
FALSE	never evaluated

) {

88 sha1_block_data_order(c, ptr, len / (16*4)); -

89 -

90 ptr += len; -

91 c->Nh += len >> 29; -

92 c->Nl += len <<= 3; -

if (c->Nl < (unsigned int)len

c->Nl < (unsigned int)len	Description
TRUE	never evaluated
FALSE	never evaluated

)

c->Nh++;

never executed: c->Nh++;

}

never executed: end of block

96 -

if (res

res	Description
TRUE	never evaluated
FALSE	never evaluated

)

SHA1_Update(c, ptr, res);

never executed: SHA1_Update(c, ptr, res);

}

never executed: end of block

100 typedef struct { -

101 unsigned int A[8], B[8], C[8], D[8], E[8]; -

102 } SHA1_MB_CTX; -

103 typedef struct { -

104 const unsigned char *ptr; -

105 int blocks; -

106 } HASH_DESC; -

107 -

108 void sha1_multi_block(SHA1_MB_CTX *, const HASH_DESC *, int); -

109 -

110 typedef struct { -

111 const unsigned char *inp; -

112 unsigned char *out; -

113 int blocks; -

114 u64 iv[2]; -

115 } CIPH_DESC; -

116 -

117 void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); -

118 -

119 static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, -

120 unsigned char *out, -

121 const unsigned char *inp, -

122 size_t inp_len, int n4x) -

123 { -

124 HASH_DESC hash_d[8], edges[8]; -

125 CIPH_DESC ciph_d[8]; -

126 unsigned char storage[sizeof(SHA1_MB_CTX) + 32]; -

127 union { -

128 u64 q[16]; -

129 u32 d[32]; -

130 u8 c[128]; -

131 } blocks[8]; -

132 SHA1_MB_CTX *ctx; -

133 unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = -

134 0; -

135 size_t ret = 0; -

136 u8 *IVs; -

137 -

138 u64 seqnum; -

139 -

140 -

141 -

142

if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0

RAND_bytes((IV... 16 * x4) <= 0	Description
TRUE	never evaluated
FALSE	never evaluated

)

143

return

never executed: return 0;

144 -

145 ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); -

146 -

147 frag = (unsigned int)inp_len >> (1 + n4x); -

148 last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); -

149

if (last > frag

last > frag	Description
TRUE	never evaluated
FALSE	never evaluated

&& ((

((last + 13 + ...64) < (x4 - 1)	Description
TRUE	never evaluated
FALSE	never evaluated

last + 13 + 9) % 64) < (x4 - 1)

((last + 13 + ...64) < (x4 - 1)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

150 frag++; -

151 last -= x4 - 1; -

152

}

never executed: end of block

153 -

154 packlen = 5 + 16 + ((frag + 20 + 16) & -16); -

155 -

156 -

157 hash_d[0].ptr = inp; -

158 ciph_d[0].inp = inp; -

159 -

160 ciph_d[0].out = out + 5 + 16; -

161 memcpy(ciph_d[0].out - 16, IVs, 16); -

162 memcpy(ciph_d[0].iv, IVs, 16); -

163 IVs += 16; -

164 -

165

for (i = 1; i < x4

i < x4	Description
TRUE	never evaluated
FALSE	never evaluated

; i++) {

166 ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag; -

167 ciph_d[i].out = ciph_d[i - 1].out + packlen; -

168 memcpy(ciph_d[i].out - 16, IVs, 16); -

169 memcpy(ciph_d[i].iv, IVs, 16); -

170 IVs += 16; -

171

}

never executed: end of block

172 -

173 -

174 memcpy(blocks[0].c, key->md.data, 8); -

175 seqnum = ({ u64 ret_=(blocks[0].q[0]); asm ("bswapq %0" : "+r"(ret_)); ret_; }); -

176 -

177

for (i = 0; i < x4

i < x4	Description
TRUE	never evaluated
FALSE	never evaluated

; i++) {

178

unsigned int len = (i == (x4 - 1)

i == (x4 - 1)	Description
TRUE	never evaluated
FALSE	never evaluated

? last : frag);

179 -

180 -

181 -

182 -

183 ctx->A[i] = key->md.h0; -

184 ctx->B[i] = key->md.h1; -

185 ctx->C[i] = key->md.h2; -

186 ctx->D[i] = key->md.h3; -

187 ctx->E[i] = key->md.h4; -

188 -

189 -

190 -

191 blocks[i].q[0] = ({ u64 ret_=(seqnum + i); asm ("bswapq %0" : "+r"(ret_)); ret_; }); -

192 -

193 -

194 -

195 -

196 -

197 -

198 blocks[i].c[8] = ((u8 *)key->md.data)[8]; -

199 blocks[i].c[9] = ((u8 *)key->md.data)[9]; -

200 blocks[i].c[10] = ((u8 *)key->md.data)[10]; -

201 -

202 blocks[i].c[11] = (u8)(len >> 8); -

203 blocks[i].c[12] = (u8)(len); -

204 -

205 memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13); -

206 hash_d[i].ptr += 64 - 13; -

207 hash_d[i].blocks = (len - (64 - 13)) / 64; -

208 -

209 edges[i].ptr = blocks[i].c; -

210 edges[i].blocks = 1; -

211

}

never executed: end of block

212 -

213 -

214 sha1_multi_block(ctx, edges, n4x); -

215

minblocks = ((frag <= last

frag <= last	Description
TRUE	never evaluated
FALSE	never evaluated

? frag : last) - (64 - 13)) / 64;

216

if (minblocks > 2048 / 64

minblocks > 2048 / 64	Description
TRUE	never evaluated
FALSE	never evaluated

) {

217

for (i = 0; i < x4

i < x4	Description
TRUE	never evaluated
FALSE	never evaluated

; i++) {

218 edges[i].ptr = hash_d[i].ptr; -

219 edges[i].blocks = 2048 / 64; -

220 ciph_d[i].blocks = 2048 / 16; -

221

}

never executed: end of block

222 do { -

223 sha1_multi_block(ctx, edges, n4x); -

224 aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); -

225 -

226

for (i = 0; i < x4

i < x4	Description
TRUE	never evaluated
FALSE	never evaluated

; i++) {

227 edges[i].ptr = hash_d[i].ptr += 2048; -

228 hash_d[i].blocks -= 2048 / 64; -

229 edges[i].blocks = 2048 / 64; -

230 ciph_d[i].inp += 2048; -

231 ciph_d[i].out += 2048; -

232 ciph_d[i].blocks = 2048 / 16; -

233 memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16); -

234

}

never executed: end of block

235 processed += 2048; -

236 minblocks -= 2048 / 64; -

237

}

never executed: end of block

while (minblocks > 2048 / 64

minblocks > 2048 / 64	Description
TRUE	never evaluated
FALSE	never evaluated

);

238

}

never executed: end of block

239 -

240 -

241 sha1_multi_block(ctx, hash_d, n4x); -

242 -

243 memset(blocks, 0, sizeof(blocks)); -

244

for (i = 0; i < x4

i < x4	Description
TRUE	never evaluated
FALSE	never evaluated

; i++) {

245

unsigned int len = (i == (x4 - 1)

i == (x4 - 1)	Description
TRUE	never evaluated
FALSE	never evaluated

? last : frag),

246 off = hash_d[i].blocks * 64; -

247 const unsigned char *ptr = hash_d[i].ptr + off; -

248 -

249 off = (len - processed) - (64 - 13) - off; -

250 memcpy(blocks[i].c, ptr, off); -

251 blocks[i].c[off] = 0x80; -

252 len += 64 + 13; -

253 len *= 8; -

254

if (off < (64 - 8)

off < (64 - 8)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

255 -

256 blocks[i].d[15] = ({ u32 ret_=(len); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

257 -

258 -

259 -

260 edges[i].blocks = 1; -

261

}

never executed: end of block

else {

262 -

263 blocks[i].d[31] = ({ u32 ret_=(len); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

264 -

265 -

266 -

267 edges[i].blocks = 2; -

268

}

never executed: end of block

269 edges[i].ptr = blocks[i].c; -

270

}

never executed: end of block

271 -

272 -

273 sha1_multi_block(ctx, edges, n4x); -

274 -

275 memset(blocks, 0, sizeof(blocks)); -

276

for (i = 0; i < x4

i < x4	Description
TRUE	never evaluated
FALSE	never evaluated

; i++) {

277 -

278 blocks[i].d[0] = ({ u32 ret_=(ctx->A[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

279 ctx->A[i] = key->tail.h0; -

280 blocks[i].d[1] = ({ u32 ret_=(ctx->B[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

281 ctx->B[i] = key->tail.h1; -

282 blocks[i].d[2] = ({ u32 ret_=(ctx->C[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

283 ctx->C[i] = key->tail.h2; -

284 blocks[i].d[3] = ({ u32 ret_=(ctx->D[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

285 ctx->D[i] = key->tail.h3; -

286 blocks[i].d[4] = ({ u32 ret_=(ctx->E[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

287 ctx->E[i] = key->tail.h4; -

288 blocks[i].c[20] = 0x80; -

289 blocks[i].d[15] = ({ u32 ret_=((64 + 20) * 8); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

290 edges[i].ptr = blocks[i].c; -

291 edges[i].blocks = 1; -

292

}

never executed: end of block

293 -

294 -

295 sha1_multi_block(ctx, edges, n4x); -

296 -

297

for (i = 0; i < x4

i < x4	Description
TRUE	never evaluated
FALSE	never evaluated

; i++) {

298

unsigned int len = (i == (x4 - 1)

i == (x4 - 1)	Description
TRUE	never evaluated
FALSE	never evaluated

? last : frag), pad, j;

299 unsigned char *out0 = out; -

300 -

301 memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed); -

302 ciph_d[i].inp = ciph_d[i].out; -

303 -

304 out += 5 + 16 + len; -

305 -

306 -

307 *(u32 *)(out + 0) = ({ u32 ret_=(ctx->A[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

308 *(u32 *)(out + 4) = ({ u32 ret_=(ctx->B[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

309 *(u32 *)(out + 8) = ({ u32 ret_=(ctx->C[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

310 *(u32 *)(out + 12) = ({ u32 ret_=(ctx->D[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

311 *(u32 *)(out + 16) = ({ u32 ret_=(ctx->E[i]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

312 out += 20; -

313 len += 20; -

314 -

315 -

316 pad = 15 - len % 16; -

317

for (j = 0; j <= pad

j <= pad	Description
TRUE	never evaluated
FALSE	never evaluated

; j++)

318

never executed: *(out++) = pad;

out++) = pad;

never executed: *(out++) = pad;

319 len += pad + 1; -

320 -

321 ciph_d[i].blocks = (len - processed) / 16; -

322 len += 16; -

323 -

324 -

325 out0[0] = ((u8 *)key->md.data)[8]; -

326 out0[1] = ((u8 *)key->md.data)[9]; -

327 out0[2] = ((u8 *)key->md.data)[10]; -

328 out0[3] = (u8)(len >> 8); -

329 out0[4] = (u8)(len); -

330 -

331 ret += len + 5; -

332 inp += frag; -

333

}

never executed: end of block

334 -

335 aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); -

336 -

337 OPENSSL_cleanse(blocks, sizeof(blocks)); -

338 OPENSSL_cleanse(ctx, sizeof(*ctx)); -

339 -

340

return

never executed: return ret;

ret;

never executed: return ret;

341 } -

342 -

343 -

344 static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -

345 const unsigned char *in, size_t len) -

346 { -

347 EVP_AES_HMAC_SHA1 *key = ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)); -

348 unsigned int l; -

349 size_t plen = key->payload_length, iv = 0, -

350 -

351 sha_off = 0; -

352 -

353 size_t aes_off = 0, blocks; -

354 -

355 sha_off = (16*4) - key->md.num; -

356 -

357 -

358 key->payload_length = ((size_t)-1); -

359 -

360

if (len % 16

len % 16	Description
TRUE	never evaluated
FALSE	never evaluated

)

361

return

never executed: return 0;

362 -

363

if (EVP_CIPHER_CTX_encrypting(ctx)

EVP_CIPHER_CTX_encrypting(ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

364

if (plen == ((size_t)-1)

plen == ((size_t)-1)	Description
TRUE	never evaluated
FALSE	never evaluated

)

365

plen = len;

never executed: plen = len;

366

else if (len !=

len != ((plen ...0 + 16) & -16)	Description
TRUE	never evaluated
FALSE	never evaluated

367

((plen + 20 +

len != ((plen ...0 + 16) & -16)	Description
TRUE	never evaluated
FALSE	never evaluated

368

16) & -16)

len != ((plen ...0 + 16) & -16)	Description
TRUE	never evaluated
FALSE	never evaluated

)

369

return

never executed: return 0;

370

else if (key->aux.tls_ver >= 0x0302

key->aux.tls_ver >= 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

)

371

iv = 16;

never executed: iv = 16;

372 -

373 -

374

if (plen > (sha_off + iv)

plen > (sha_off + iv)	Description
TRUE	never evaluated
FALSE	never evaluated

375

&& (

(blocks = (ple...iv)) / (16*4))	Description
TRUE	never evaluated
FALSE	never evaluated

blocks = (plen - (sha_off + iv)) / (16*4))

(blocks = (ple...iv)) / (16*4))	Description
TRUE	never evaluated
FALSE	never evaluated

) {

376 sha1_update(&key->md, in + iv, sha_off); -

377 -

378 aesni_cbc_sha1_enc(in, out, blocks, &key->ks, -

379 EVP_CIPHER_CTX_iv_noconst(ctx), -

380 &key->md, in + iv + sha_off); -

381 blocks *= (16*4); -

382 aes_off += blocks; -

383 sha_off += blocks; -

384 key->md.Nh += blocks >> 29; -

385 key->md.Nl += blocks <<= 3; -

386

if (key->md.Nl < (unsigned int)blocks

key->md.Nl < (...ned int)blocks	Description
TRUE	never evaluated
FALSE	never evaluated

)

387

key->md.Nh++;

never executed: key->md.Nh++;

388

}

never executed: end of block

else {

389 sha_off = 0; -

390

}

never executed: end of block

391 -

392 sha_off += iv; -

393 sha1_update(&key->md, in + sha_off, plen - sha_off); -

394 -

395

if (plen != len

plen != len	Description
TRUE	never evaluated
FALSE	never evaluated

) {

396

if (in != out

in != out	Description
TRUE	never evaluated
FALSE	never evaluated

)

397

memcpy(out + aes_off, in + aes_off, plen - aes_off);

never executed: memcpy(out + aes_off, in + aes_off, plen - aes_off);

398 -

399 -

400 SHA1_Final(out + plen, &key->md); -

401 key->md = key->tail; -

402 sha1_update(&key->md, out + plen, 20); -

403 SHA1_Final(out + plen, &key->md); -

404 -

405 -

406 plen += 20; -

407

for (l = len - plen - 1; plen < len

plen < len	Description
TRUE	never evaluated
FALSE	never evaluated

; plen++)

408

out[plen] = l;

never executed: out[plen] = l;

409 -

410 aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, -

411 &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); -

412

}

never executed: end of block

else {

413 aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, -

414 &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); -

415

}

never executed: end of block

416 } else { -

417 union { -

418 unsigned int u[20 / sizeof(unsigned int)]; -

419 unsigned char c[32 + 20]; -

420 } mac, *pmac; -

421 -

422 -

423 pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32)); -

424 -

425

if (plen != ((size_t)-1)

plen != ((size_t)-1)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

426 size_t inp_len, mask, j, i; -

427 unsigned int res, maxpad, pad, bitlen; -

428 int ret = 1; -

429 union { -

430 unsigned int u[16]; -

431 unsigned char c[(16*4)]; -

432 } *data = (void *)key->md.data; -

433 -

434 -

435 -

436 -

437 -

438

if ((

(key->aux.tls_... 3]) >= 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])

(key->aux.tls_... 3]) >= 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

439

>= 0x0302

(key->aux.tls_... 3]) >= 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

) {

440

if (len < (16 + 20 + 1)

len < (16 + 20 + 1)	Description
TRUE	never evaluated
FALSE	never evaluated

)

441

return

never executed: return 0;

442 -

443 -

444 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, 16); -

445 -

446 in += 16; -

447 out += 16; -

448 len -= 16; -

449

}

never executed: end of block

else if (len < (20 + 1)

len < (20 + 1)	Description
TRUE	never evaluated
FALSE	never evaluated

)

450

return

never executed: return 0;

451 aesni_cbc_encrypt(in, out, len, &key->ks, -

452 EVP_CIPHER_CTX_iv_noconst(ctx), 0); -

453 -

454 -

455 pad = out[len - 1]; -

456 maxpad = len - (20 + 1); -

457 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); -

458 maxpad &= 255; -

459 -

460 mask = constant_time_ge(maxpad, pad); -

461 ret &= mask; -

462 -

463 -

464 -

465 -

466 -

467 -

468 pad = constant_time_select(mask, pad, maxpad); -

469 -

470 inp_len = len - (20 + pad + 1); -

471 -

472 key->aux.tls_aad[plen - 2] = inp_len >> 8; -

473 key->aux.tls_aad[plen - 1] = inp_len; -

474 -

475 -

476 key->md = key->head; -

477 sha1_update(&key->md, key->aux.tls_aad, plen); -

478 len -= 20; -

479

if (len >= (256 + (16*4))

len >= (256 + (16*4))	Description
TRUE	never evaluated
FALSE	never evaluated

) {

480 j = (len - (256 + (16*4))) & (0 - (16*4)); -

481 j += (16*4) - key->md.num; -

482 sha1_update(&key->md, out, j); -

483 out += j; -

484 len -= j; -

485 inp_len -= j; -

486

}

never executed: end of block

487 -

488 -

489 bitlen = key->md.Nl + (inp_len << 3); -

490 -

491 bitlen = ({ u32 ret_=(bitlen); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

492 pmac->u[0] = 0; -

493 pmac->u[1] = 0; -

494 pmac->u[2] = 0; -

495 pmac->u[3] = 0; -

496 pmac->u[4] = 0; -

497 -

498

for (res = key->md.num, j = 0; j < len

j < len	Description
TRUE	never evaluated
FALSE	never evaluated

; j++) {

499 size_t c = out[j]; -

500 mask = (j - inp_len) >> (sizeof(j) * 8 - 8); -

501 c &= mask; -

502 c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8)); -

503 data->c[res++] = (unsigned char)c; -

504 -

505

if (res != (16*4)

res != (16*4)	Description
TRUE	never evaluated
FALSE	never evaluated

)

506

continue;

never executed: continue;

507 -

508 -

509 mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1)); -

510 data->u[16 - 1] |= bitlen & mask; -

511 sha1_block_data_order(&key->md, data, 1); -

512 mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1)); -

513 pmac->u[0] |= key->md.h0 & mask; -

514 pmac->u[1] |= key->md.h1 & mask; -

515 pmac->u[2] |= key->md.h2 & mask; -

516 pmac->u[3] |= key->md.h3 & mask; -

517 pmac->u[4] |= key->md.h4 & mask; -

518 res = 0; -

519

}

never executed: end of block

520 -

521

for (i = res; i < (16*4)

i < (16*4)	Description
TRUE	never evaluated
FALSE	never evaluated

; i++, j++)

522

data->c[i] = 0;

never executed: data->c[i] = 0;

523 -

524

if (res > (16*4) - 8

res > (16*4) - 8	Description
TRUE	never evaluated
FALSE	never evaluated

) {

525 mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1)); -

526 data->u[16 - 1] |= bitlen & mask; -

527 sha1_block_data_order(&key->md, data, 1); -

528 mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); -

529 pmac->u[0] |= key->md.h0 & mask; -

530 pmac->u[1] |= key->md.h1 & mask; -

531 pmac->u[2] |= key->md.h2 & mask; -

532 pmac->u[3] |= key->md.h3 & mask; -

533 pmac->u[4] |= key->md.h4 & mask; -

534 -

535 memset(data, 0, (16*4)); -

536 j += 64; -

537

}

never executed: end of block

538 data->u[16 - 1] = bitlen; -

539 sha1_block_data_order(&key->md, data, 1); -

540 mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); -

541 pmac->u[0] |= key->md.h0 & mask; -

542 pmac->u[1] |= key->md.h1 & mask; -

543 pmac->u[2] |= key->md.h2 & mask; -

544 pmac->u[3] |= key->md.h3 & mask; -

545 pmac->u[4] |= key->md.h4 & mask; -

546 -

547 -

548 pmac->u[0] = ({ u32 ret_=(pmac->u[0]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

549 pmac->u[1] = ({ u32 ret_=(pmac->u[1]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

550 pmac->u[2] = ({ u32 ret_=(pmac->u[2]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

551 pmac->u[3] = ({ u32 ret_=(pmac->u[3]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

552 pmac->u[4] = ({ u32 ret_=(pmac->u[4]); asm ("bswapl %0" : "+r"(ret_)); ret_; }); -

553 len += 20; -

554 key->md = key->tail; -

555 sha1_update(&key->md, pmac->c, 20); -

556 SHA1_Final(pmac->c, &key->md); -

557 -

558 -

559 out += inp_len; -

560 len -= inp_len; -

561 -

562 { -

563 unsigned char *p = out + len - 1 - maxpad - 20; -

564 size_t off = out - p; -

565 unsigned int c, cmask; -

566 -

567 maxpad += 20; -

568

for (res = 0, i = 0, j = 0; j < maxpad

j < maxpad	Description
TRUE	never evaluated
FALSE	never evaluated

; j++) {

569 c = p[j]; -

570 cmask = -

571 ((int)(j - off - 20)) >> (sizeof(int) * -

572 8 - 1); -

573 res |= (c ^ pad) & ~cmask; -

574 cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); -

575 res |= (c ^ pmac->c[i]) & cmask; -

576 i += 1 & cmask; -

577

}

never executed: end of block

578 maxpad -= 20; -

579 -

580 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); -

581 ret &= (int)~res; -

582 } -

583

return

never executed: return ret;

ret;

never executed: return ret;

584 } else { -

585 aesni_cbc_encrypt(in, out, len, &key->ks, -

586 EVP_CIPHER_CTX_iv_noconst(ctx), 0); -

587 -

588 sha1_update(&key->md, out, len); -

589

}

never executed: end of block

590 } -

591 -

592

return

never executed: return 1;

593 } -

594 -

595 static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, -

596 void *ptr) -

597 { -

598 EVP_AES_HMAC_SHA1 *key = ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)); -

599 -

600 switch (type) { -

601

case

never executed: case 0x17:

0x17:

never executed: case 0x17:

602 { -

603 unsigned int i; -

604 unsigned char hmac_key[64]; -

605 -

606 memset(hmac_key, 0, sizeof(hmac_key)); -

607 -

608

if (arg > (int)sizeof(hmac_key)

arg > (int)sizeof(hmac_key)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

609 SHA1_Init(&key->head); -

610 sha1_update(&key->head, ptr, arg); -

611 SHA1_Final(hmac_key, &key->head); -

612

}

never executed: end of block

else {

613 memcpy(hmac_key, ptr, arg); -

614

}

never executed: end of block

615 -

616

for (i = 0; i < sizeof(hmac_key)

i < sizeof(hmac_key)	Description
TRUE	never evaluated
FALSE	never evaluated

; i++)

617

hmac_key[i] ^= 0x36;

never executed: hmac_key[i] ^= 0x36;

618 SHA1_Init(&key->head); -

619 sha1_update(&key->head, hmac_key, sizeof(hmac_key)); -

620 -

621

for (i = 0; i < sizeof(hmac_key)

i < sizeof(hmac_key)	Description
TRUE	never evaluated
FALSE	never evaluated

; i++)

622

hmac_key[i] ^= 0x36 ^ 0x5c;

never executed: hmac_key[i] ^= 0x36 ^ 0x5c;

623 SHA1_Init(&key->tail); -

624 sha1_update(&key->tail, hmac_key, sizeof(hmac_key)); -

625 -

626 OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); -

627 -

628

return

never executed: return 1;

629 } -

630

case

never executed: case 0x16:

0x16:

never executed: case 0x16:

631 { -

632 unsigned char *p = ptr; -

633 unsigned int len; -

634 -

635

if (arg != 13

arg != 13	Description
TRUE	never evaluated
FALSE	never evaluated

)

636

return

never executed: return -1;

-1;

never executed: return -1;

637 -

638 len = p[arg - 2] << 8 | p[arg - 1]; -

639 -

640

if (EVP_CIPHER_CTX_encrypting(ctx)

EVP_CIPHER_CTX_encrypting(ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

641 key->payload_length = len; -

642

if ((

(key->aux.tls_... 3]) >= 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

key->aux.tls_ver =

(key->aux.tls_... 3]) >= 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

643

p[arg - 4] << 8 | p[arg - 3]) >= 0x0302

(key->aux.tls_... 3]) >= 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

) {

644

if (len < 16

len < 16	Description
TRUE	never evaluated
FALSE	never evaluated

)

645

return

never executed: return 0;

646 len -= 16; -

647 p[arg - 2] = len >> 8; -

648 p[arg - 1] = len; -

649

}

never executed: end of block

650 key->md = key->head; -

651 sha1_update(&key->md, p, arg); -

652 -

653

return

never executed: return (int)(((len + 20 + 16) & -16) - len);

(int)(((len + 20 +

never executed: return (int)(((len + 20 + 16) & -16) - len);

654

16) & -16)

never executed: return (int)(((len + 20 + 16) & -16) - len);

655

- len);

never executed: return (int)(((len + 20 + 16) & -16) - len);

656 } else { -

657 memcpy(key->aux.tls_aad, ptr, arg); -

658 key->payload_length = arg; -

659 -

660

return

never executed: return 20;

20;

never executed: return 20;

661 } -

662 } -

663 -

664

case

never executed: case 0x1c:

0x1c:

never executed: case 0x1c:

665

return

never executed: return (int)(5 + 16 + ((arg + 20 + 16) & -16));

(int)(5 + 16 + ((arg + 20 + 16) & -16));

never executed: return (int)(5 + 16 + ((arg + 20 + 16) & -16));

666

case

never executed: case 0x19:

0x19:

never executed: case 0x19:

667 { -

668 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = -

669 (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; -

670 unsigned int n4x = 1, x4; -

671 unsigned int frag, last, packlen, inp_len; -

672 -

673

if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)

arg < (int)siz...TIBLOCK_PARAM)	Description
TRUE	never evaluated
FALSE	never evaluated

)

674

return

never executed: return -1;

-1;

never executed: return -1;

675 -

676 inp_len = param->inp[11] << 8 | param->inp[12]; -

677 -

678

if (EVP_CIPHER_CTX_encrypting(ctx)

EVP_CIPHER_CTX_encrypting(ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

) {

679

if ((

(param->inp[9]...[10]) < 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

param->inp[9] << 8 | param->inp[10]) < 0x0302

(param->inp[9]...[10]) < 0x0302	Description
TRUE	never evaluated
FALSE	never evaluated

)

680

return

never executed: return -1;

-1;

never executed: return -1;

681 -

682

if (inp_len

inp_len	Description
TRUE	never evaluated
FALSE	never evaluated

) {

683

if (inp_len < 4096

inp_len < 4096	Description
TRUE	never evaluated
FALSE	never evaluated

)

684

return

never executed: return 0;

685 -

686

if (inp_len >= 8192

inp_len >= 8192	Description
TRUE	never evaluated
FALSE	never evaluated

&& OPENSSL_ia32cap_P[2] & (1 << 5)

OPENSSL_ia32ca...[2] & (1 << 5)	Description
TRUE	never evaluated
FALSE	never evaluated

)

687

n4x = 2;

never executed: n4x = 2;

688

}

never executed: end of block

else if ((

(n4x = param->interleave / 4)	Description
TRUE	never evaluated
FALSE	never evaluated

n4x = param->interleave / 4)

(n4x = param->interleave / 4)	Description
TRUE	never evaluated
FALSE	never evaluated

&& n4x <= 2

n4x <= 2	Description
TRUE	never evaluated
FALSE	never evaluated

)

689

inp_len = param->len;

never executed: inp_len = param->len;

690 else -

691

return

never executed: return -1;

-1;

never executed: return -1;

692 -

693 key->md = key->head; -

694 sha1_update(&key->md, param->inp, 13); -

695 -

696 x4 = 4 * n4x; -

697 n4x += 1; -

698 -

699 frag = inp_len >> n4x; -

700 last = inp_len + frag - (frag << n4x); -

701

if (last > frag

last > frag	Description
TRUE	never evaluated
FALSE	never evaluated

&& ((

((last + 13 + ...64 < (x4 - 1))	Description
TRUE	never evaluated
FALSE	never evaluated

last + 13 + 9) % 64 < (x4 - 1))

((last + 13 + ...64 < (x4 - 1))	Description
TRUE	never evaluated
FALSE	never evaluated

) {

702 frag++; -

703 last -= x4 - 1; -

704

}

never executed: end of block

705 -

706 packlen = 5 + 16 + ((frag + 20 + 16) & -16); -

707 packlen = (packlen << n4x) - packlen; -

708 packlen += 5 + 16 + ((last + 20 + 16) & -16); -

709 -

710 param->interleave = x4; -

711 -

712

return

never executed: return (int)packlen;

(int)packlen;

never executed: return (int)packlen;

713 } else -

714

return

never executed: return -1;

-1;

never executed: return -1;

715 } -

716

case

never executed: case 0x1a:

0x1a:

never executed: case 0x1a:

717 { -

718 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = -

719 (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; -

720 -

721

return

never executed: return (int)tls1_1_multi_block_encrypt(key, param->out, param->inp, param->len, param->interleave / 4);

(int)tls1_1_multi_block_encrypt(key, param->out,

never executed: return (int)tls1_1_multi_block_encrypt(key, param->out, param->inp, param->len, param->interleave / 4);

722

param->inp, param->len,

never executed: return (int)tls1_1_multi_block_encrypt(key, param->out, param->inp, param->len, param->interleave / 4);

723

param->interleave / 4);

never executed: return (int)tls1_1_multi_block_encrypt(key, param->out, param->inp, param->len, param->interleave / 4);

724 } -

725

case

never executed: case 0x1b:

0x1b:

never executed: case 0x1b:

726 -

727

default

never executed: default:

728

return

never executed: return -1;

-1;

never executed: return -1;

729 } -

730 } -

731 -

732 static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { -

733 -

734 916, -

735 -

736 -

737 -

738 16, 16, 16, -

739 0x2 | 0x1000 | -

740 0x200000 | 0x400000, -

741 aesni_cbc_hmac_sha1_init_key, -

742 aesni_cbc_hmac_sha1_cipher, -

743 -

744 ((void *)0) -

745 , -

746 sizeof(EVP_AES_HMAC_SHA1), -

747 0x1000 ? -

748 ((void *)0) -

749 : EVP_CIPHER_set_asn1_iv, -

750 0x1000 ? -

751 ((void *)0) -

752 : EVP_CIPHER_get_asn1_iv, -

753 aesni_cbc_hmac_sha1_ctrl, -

754 -

755 ((void *)0) -

756 -

757 }; -

758 -

759 static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { -

760 -

761 918, -

762 -

763 -

764 -

765 16, 32, 16, -

766 0x2 | 0x1000 | -

767 0x200000 | 0x400000, -

768 aesni_cbc_hmac_sha1_init_key, -

769 aesni_cbc_hmac_sha1_cipher, -

770 -

771 ((void *)0) -

772 , -

773 sizeof(EVP_AES_HMAC_SHA1), -

774 0x1000 ? -

775 ((void *)0) -

776 : EVP_CIPHER_set_asn1_iv, -

777 0x1000 ? -

778 ((void *)0) -

779 : EVP_CIPHER_get_asn1_iv, -

780 aesni_cbc_hmac_sha1_ctrl, -

781 -

782 ((void *)0) -

783 -

784 }; -

785 -

786 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) -

787 { -

788

return

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_128_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

(OPENSSL_ia32cap_P[1] & (1<<(57-32))

OPENSSL_ia32ca...& (1<<(57-32))	Description
TRUE	never evaluated
FALSE	evaluated 3920 times by 1 test Evaluated by: libcrypto.so.1.1

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_128_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

0-3920

789

&aesni_128_cbc_hmac_sha1_cipher :

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_128_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

3920

790

((void *)0)

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_128_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

3920

791

);

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_128_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

3920

792 } -

793 -

794 const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) -

795 { -

796

return

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_256_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

(OPENSSL_ia32cap_P[1] & (1<<(57-32))

OPENSSL_ia32ca...& (1<<(57-32))	Description
TRUE	never evaluated
FALSE	evaluated 3920 times by 1 test Evaluated by: libcrypto.so.1.1

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_256_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

0-3920

797

&aesni_256_cbc_hmac_sha1_cipher :

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_256_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

3920

798

((void *)0)

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_256_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

3920

799

);

executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1] & (1<<(57-32)) ? &aesni_256_cbc_hmac_sha1_cipher : ((void *)0) );

Executed by:

libcrypto.so.1.1

3920

800 } -

Switch to Source code

Preprocessed file

Generated by Squish Coco 4.2.2