OpenCoverage

ecp_nistz256.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ec/ecp_nistz256.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2typedef unsigned short u16;-
3-
4typedef struct {-
5 unsigned long X[(256/(8 * 8))];-
6 unsigned long Y[(256/(8 * 8))];-
7 unsigned long Z[(256/(8 * 8))];-
8} P256_POINT;-
9-
10typedef struct {-
11 unsigned long X[(256/(8 * 8))];-
12 unsigned long Y[(256/(8 * 8))];-
13} P256_POINT_AFFINE;-
14-
15typedef P256_POINT_AFFINE PRECOMP256_ROW[64];-
16-
17-
18struct nistz256_pre_comp_st {-
19 const EC_GROUP *group;-
20 size_t w;-
21-
22-
23-
24-
25-
26 PRECOMP256_ROW *precomp;-
27 void *precomp_storage;-
28 CRYPTO_REF_COUNT references;-
29 CRYPTO_RWLOCK *lock;-
30};-
31void ecp_nistz256_add(unsigned long res[(256/(8 * 8))],-
32 const unsigned long a[(256/(8 * 8))],-
33 const unsigned long b[(256/(8 * 8))]);-
34-
35void ecp_nistz256_mul_by_2(unsigned long res[(256/(8 * 8))],-
36 const unsigned long a[(256/(8 * 8))]);-
37-
38void ecp_nistz256_mul_by_3(unsigned long res[(256/(8 * 8))],-
39 const unsigned long a[(256/(8 * 8))]);-
40-
41-
42void ecp_nistz256_div_by_2(unsigned long res[(256/(8 * 8))],-
43 const unsigned long a[(256/(8 * 8))]);-
44-
45void ecp_nistz256_sub(unsigned long res[(256/(8 * 8))],-
46 const unsigned long a[(256/(8 * 8))],-
47 const unsigned long b[(256/(8 * 8))]);-
48-
49void ecp_nistz256_neg(unsigned long res[(256/(8 * 8))], const unsigned long a[(256/(8 * 8))]);-
50-
51void ecp_nistz256_mul_mont(unsigned long res[(256/(8 * 8))],-
52 const unsigned long a[(256/(8 * 8))],-
53 const unsigned long b[(256/(8 * 8))]);-
54-
55void ecp_nistz256_sqr_mont(unsigned long res[(256/(8 * 8))],-
56 const unsigned long a[(256/(8 * 8))]);-
57-
58void ecp_nistz256_from_mont(unsigned long res[(256/(8 * 8))],-
59 const unsigned long in[(256/(8 * 8))]);-
60-
61void ecp_nistz256_to_mont(unsigned long res[(256/(8 * 8))],-
62 const unsigned long in[(256/(8 * 8))]);-
63-
64void ecp_nistz256_scatter_w5(P256_POINT *val,-
65 const P256_POINT *in_t, int idx);-
66void ecp_nistz256_gather_w5(P256_POINT *val,-
67 const P256_POINT *in_t, int idx);-
68void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val,-
69 const P256_POINT_AFFINE *in_t, int idx);-
70void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val,-
71 const P256_POINT_AFFINE *in_t, int idx);-
72-
73-
74static const unsigned long ONE[(256/(8 * 8))] = {-
75 ((unsigned long)0x00000000<<32|0x00000001), ((unsigned long)0xffffffff<<32|0x00000000),-
76 ((unsigned long)0xffffffff<<32|0xffffffff), ((unsigned long)0x00000000<<32|0xfffffffe)-
77};-
78-
79static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);-
80-
81-
82extern const PRECOMP256_ROW ecp_nistz256_precomputed[37];-
83-
84-
85static unsigned int _booth_recode_w5(unsigned int in)-
86{-
87 unsigned int s, d;-
88-
89 s = ~((in >> 5) - 1);-
90 d = (1 << 6) - in - 1;-
91 d = (d & s) | (in & ~s);-
92 d = (d >> 1) + (d & 1);-
93-
94 return
executed 15808 times by 1 test: return (d << 1) + (s & 1);
Executed by:
  • libcrypto.so.1.1
 (d << 1) + (s & 1);
executed 15808 times by 1 test: return (d << 1) + (s & 1);
Executed by:
  • libcrypto.so.1.1
15808
95}-
96-
97static unsigned int _booth_recode_w7(unsigned int in)-
98{-
99 unsigned int s, d;-
100-
101 s = ~((in >> 7) - 1);-
102 d = (1 << 8) - in - 1;-
103 d = (d & s) | (in & ~s);-
104 d = (d >> 1) + (d & 1);-
105-
106 return
executed 31302 times by 1 test: return (d << 1) + (s & 1);
Executed by:
  • libcrypto.so.1.1
 (d << 1) + (s & 1);
executed 31302 times by 1 test: return (d << 1) + (s & 1);
Executed by:
  • libcrypto.so.1.1
31302
107}-
108-
109static void copy_conditional(unsigned long dst[(256/(8 * 8))],-
110 const unsigned long src[(256/(8 * 8))], unsigned long move)-
111{-
112 unsigned long mask1 = 0-move;-
113 unsigned long mask2 = ~mask1;-
114-
115 dst[0] = (src[0] & mask1) ^ (dst[0] & mask2);-
116 dst[1] = (src[1] & mask1) ^ (dst[1] & mask2);-
117 dst[2] = (src[2] & mask1) ^ (dst[2] & mask2);-
118 dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);-
119 if ((
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 46818 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
256/(8 * 8)) == 8
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 46818 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-46818
120 dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);-
121 dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);-
122 dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);-
123 dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);-
124 }
never executed: end of block
0
125}
executed 46818 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
46818
126-
127static unsigned long is_zero(unsigned long in)-
128{-
129 in |= (0 - in);-
130 in = ~in;-
131 in >>= (8 * 8) - 1;-
132 return
executed 4392 times by 1 test: return in;
Executed by:
  • libcrypto.so.1.1
 in;
executed 4392 times by 1 test: return in;
Executed by:
  • libcrypto.so.1.1
4392
133}-
134-
135static unsigned long is_equal(const unsigned long a[(256/(8 * 8))],-
136 const unsigned long b[(256/(8 * 8))])-
137{-
138 unsigned long res;-
139-
140 res = a[0] ^ b[0];-
141 res |= a[1] ^ b[1];-
142 res |= a[2] ^ b[2];-
143 res |= a[3] ^ b[3];-
144 if ((
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 1694 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
256/(8 * 8)) == 8
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 1694 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-1694
145 res |= a[4] ^ b[4];-
146 res |= a[5] ^ b[5];-
147 res |= a[6] ^ b[6];-
148 res |= a[7] ^ b[7];-
149 }
never executed: end of block
0
150-
151 return
executed 1694 times by 1 test: return is_zero(res);
Executed by:
  • libcrypto.so.1.1
 is_zero(res);
executed 1694 times by 1 test: return is_zero(res);
Executed by:
  • libcrypto.so.1.1
1694
152}-
153-
154static unsigned long is_one(const BIGNUM *z)-
155{-
156 unsigned long res = 0;-
157 unsigned long *a = bn_get_words(z);-
158-
159 if (bn_get_top(z) == ((256/(8 * 8)) - (256/(8 * 8)) / 8)
bn_get_top(z) .../(8 * 8)) / 8)Description
TRUEevaluated 1852 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 15 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		15-1852
160 res = a[0] ^ ONE[0];-
161 res |= a[1] ^ ONE[1];-
162 res |= a[2] ^ ONE[2];-
163 res |= a[3] ^ ONE[3];-
164 if ((
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 1852 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
256/(8 * 8)) == 8
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 1852 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-1852
165 res |= a[4] ^ ONE[4];-
166 res |= a[5] ^ ONE[5];-
167 res |= a[6] ^ ONE[6];-
168-
169-
170-
171-
172 }
never executed: end of block
0
173 res = is_zero(res);-
174 }
executed 1852 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1852
175-
176 return
executed 1867 times by 1 test: return res;
Executed by:
  • libcrypto.so.1.1
 res;
executed 1867 times by 1 test: return res;
Executed by:
  • libcrypto.so.1.1
1867
177}-
178void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);-
179void ecp_nistz256_point_add(P256_POINT *r,-
180 const P256_POINT *a, const P256_POINT *b);-
181void ecp_nistz256_point_add_affine(P256_POINT *r,-
182 const P256_POINT *a,-
183 const P256_POINT_AFFINE *b);-
184static void ecp_nistz256_mod_inverse(unsigned long r[(256/(8 * 8))],-
185 const unsigned long in[(256/(8 * 8))])-
186{-
187-
188-
189-
190-
191 unsigned long p2[(256/(8 * 8))];-
192 unsigned long p4[(256/(8 * 8))];-
193 unsigned long p8[(256/(8 * 8))];-
194 unsigned long p16[(256/(8 * 8))];-
195 unsigned long p32[(256/(8 * 8))];-
196 unsigned long res[(256/(8 * 8))];-
197 int i;-
198-
199 ecp_nistz256_sqr_mont(res, in);-
200 ecp_nistz256_mul_mont(p2, res, in);-
201-
202 ecp_nistz256_sqr_mont(res, p2);-
203 ecp_nistz256_sqr_mont(res, res);-
204 ecp_nistz256_mul_mont(p4, res, p2);-
205-
206 ecp_nistz256_sqr_mont(res, p4);-
207 ecp_nistz256_sqr_mont(res, res);-
208 ecp_nistz256_sqr_mont(res, res);-
209 ecp_nistz256_sqr_mont(res, res);-
210 ecp_nistz256_mul_mont(p8, res, p4);-
211-
212 ecp_nistz256_sqr_mont(res, p8);-
213 for (i = 0; i < 7
i < 7Description
TRUEevaluated 98581 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		14083-98581
214 ecp_nistz256_sqr_mont(res, res);
executed 98581 times by 1 test: ecp_nistz256_sqr_mont(res, res);
Executed by:
  • libcrypto.so.1.1
98581
215 ecp_nistz256_mul_mont(p16, res, p8);-
216-
217 ecp_nistz256_sqr_mont(res, p16);-
218 for (i = 0; i < 15
i < 15Description
TRUEevaluated 211245 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		14083-211245
219 ecp_nistz256_sqr_mont(res, res);
executed 211245 times by 1 test: ecp_nistz256_sqr_mont(res, res);
Executed by:
  • libcrypto.so.1.1
211245
220 ecp_nistz256_mul_mont(p32, res, p16);-
221-
222 ecp_nistz256_sqr_mont(res, p32);-
223 for (i = 0; i < 31
i < 31Description
TRUEevaluated 436573 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		14083-436573
224 ecp_nistz256_sqr_mont(res, res);
executed 436573 times by 1 test: ecp_nistz256_sqr_mont(res, res);
Executed by:
  • libcrypto.so.1.1
436573
225 ecp_nistz256_mul_mont(res, res, in);-
226-
227 for (i = 0; i < 32 * 4
i < 32 * 4Description
TRUEevaluated 1802624 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		14083-1802624
228 ecp_nistz256_sqr_mont(res, res);
executed 1802624 times by 1 test: ecp_nistz256_sqr_mont(res, res);
Executed by:
  • libcrypto.so.1.1
1802624
229 ecp_nistz256_mul_mont(res, res, p32);-
230-
231 for (i = 0; i < 32
i < 32Description
TRUEevaluated 450656 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		14083-450656
232 ecp_nistz256_sqr_mont(res, res);
executed 450656 times by 1 test: ecp_nistz256_sqr_mont(res, res);
Executed by:
  • libcrypto.so.1.1
450656
233 ecp_nistz256_mul_mont(res, res, p32);-
234-
235 for (i = 0; i < 16
i < 16Description
TRUEevaluated 225328 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		14083-225328
236 ecp_nistz256_sqr_mont(res, res);
executed 225328 times by 1 test: ecp_nistz256_sqr_mont(res, res);
Executed by:
  • libcrypto.so.1.1
225328
237 ecp_nistz256_mul_mont(res, res, p16);-
238-
239 for (i = 0; i < 8
i < 8Description
TRUEevaluated 112664 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		14083-112664
240 ecp_nistz256_sqr_mont(res, res);
executed 112664 times by 1 test: ecp_nistz256_sqr_mont(res, res);
Executed by:
  • libcrypto.so.1.1
112664
241 ecp_nistz256_mul_mont(res, res, p8);-
242-
243 ecp_nistz256_sqr_mont(res, res);-
244 ecp_nistz256_sqr_mont(res, res);-
245 ecp_nistz256_sqr_mont(res, res);-
246 ecp_nistz256_sqr_mont(res, res);-
247 ecp_nistz256_mul_mont(res, res, p4);-
248-
249 ecp_nistz256_sqr_mont(res, res);-
250 ecp_nistz256_sqr_mont(res, res);-
251 ecp_nistz256_mul_mont(res, res, p2);-
252-
253 ecp_nistz256_sqr_mont(res, res);-
254 ecp_nistz256_sqr_mont(res, res);-
255 ecp_nistz256_mul_mont(res, res, in);-
256-
257 memcpy(r, res, sizeof(res));-
258}
executed 14083 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
14083
259-
260-
261-
262-
263-
264 static int ecp_nistz256_bignum_to_field_elem(unsigned long out[(256/(8 * 8))],-
265 const BIGNUM *in)-
266{-
267 return
executed 43574 times by 1 test: return bn_copy_words(out, in, (256/(8 * 8)));
Executed by:
  • libcrypto.so.1.1
 bn_copy_words(out, in, (256/(8 * 8)));
executed 43574 times by 1 test: return bn_copy_words(out, in, (256/(8 * 8)));
Executed by:
  • libcrypto.so.1.1
43574
268}-
269-
270-
271 static int ecp_nistz256_windowed_mul(const EC_GROUP *group,-
272 P256_POINT *r,-
273 const BIGNUM **scalar,-
274 const EC_POINT **point,-
275 size_t num, BN_CTX *ctx)-
276{-
277 size_t i;-
278 int j, ret = 0;-
279 unsigned int idx;-
280 unsigned char (*p_str)[33] = -
281 ((void *)0)-
282 ;-
283 const unsigned int window_size = 5;-
284 const unsigned int mask = (1 << (window_size + 1)) - 1;-
285 unsigned int wvalue;-
286 P256_POINT *temp;-
287 const BIGNUM **scalars = -
288 ((void *)0)-
289 ;-
290 P256_POINT (*table)[16] = -
291 ((void *)0)-
292 ;-
293 void *table_storage = -
294 ((void *)0)-
295 ;-
296-
297 if ((
(num * 16 + 6)...f(P256_POINT))Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
num * 16 + 6) > (((1U<<(sizeof(int)*8-1))-1)/sizeof(P256_POINT))
(num * 16 + 6)...f(P256_POINT))Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
298 || (
(table_storage...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
table_storage =
(table_storage...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
299 CRYPTO_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64, __FILE__, 599)) ==
(table_storage...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
300 ((void *)0)
(table_storage...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
301 -
302 || (
(p_str = CRYPT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
p_str =
(p_str = CRYPT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
303 CRYPTO_malloc(num * 33 * sizeof(unsigned char), __FILE__, 601)) ==
(p_str = CRYPT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
304 ((void *)0)
(p_str = CRYPT...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
305 -
306 || (
(scalars = CRY...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
scalars = CRYPTO_malloc(num * sizeof(BIGNUM *), __FILE__, 602)) ==
(scalars = CRY...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
307 ((void *)0)
(scalars = CRY...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-292
308 ) {-
309 ERR_put_error(16,(242),((1|64)),__FILE__,603);-
310 goto
never executed: goto err;
 err;
never executed: goto err;
0
311 }-
312-
313 table = (void *)((unsigned char *)table_storage+64 -(size_t)table_storage%64);-
314 temp = (P256_POINT *)(table + num);-
315-
316 for (i = 0; i < num
i < numDescription
TRUEevaluated 304 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		292-304
317 P256_POINT *row = table[i];-
318-
319-
320 if ((
(BN_num_bits(scalar[i]) > 256)Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 294 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_num_bits(scalar[i]) > 256)
(BN_num_bits(scalar[i]) > 256)Description
TRUEevaluated 10 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 294 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 || BN_is_negative(scalar[i])
BN_is_negative(scalar[i])Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 286 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		8-294
321 BIGNUM *mod;-
322-
323 if ((
(mod = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 18 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
mod = BN_CTX_get(ctx)) ==
(mod = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 18 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-18
324 ((void *)0)
(mod = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 18 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-18
325 )-
326 goto
never executed: goto err;
 err;
never executed: goto err;
0
327 if (!BN_nnmod(mod, scalar[i], group->order, ctx)
!BN_nnmod(mod,...p->order, ctx)Description
TRUEnever evaluated
FALSEevaluated 18 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-18
328 ERR_put_error(16,(242),(3),__FILE__,620);-
329 goto
never executed: goto err;
 err;
never executed: goto err;
0
330 }-
331 scalars[i] = mod;-
332 }
executed 18 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
 else		18
333 scalars[i] = scalar[i];
executed 286 times by 1 test: scalars[i] = scalar[i];
Executed by:
  • libcrypto.so.1.1
286
334-
335 for (j = 0; j < bn_get_top(scalars[i]) * 8
j < bn_get_top(scalars[i]) * 8Description
TRUEevaluated 1163 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 304 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; j += 8) {		304-1163
336 unsigned long d = bn_get_words(scalars[i])[j / 8];-
337-
338 p_str[i][j + 0] = (unsigned char)d;-
339 p_str[i][j + 1] = (unsigned char)(d >> 8);-
340 p_str[i][j + 2] = (unsigned char)(d >> 16);-
341 p_str[i][j + 3] = (unsigned char)(d >>= 24);-
342 if (8 == 8
8 == 8Description
TRUEevaluated 1163 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-1163
343 d >>= 8;-
344 p_str[i][j + 4] = (unsigned char)d;-
345 p_str[i][j + 5] = (unsigned char)(d >> 8);-
346 p_str[i][j + 6] = (unsigned char)(d >> 16);-
347 p_str[i][j + 7] = (unsigned char)(d >> 24);-
348 }
executed 1163 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1163
349 }
executed 1163 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1163
350 for (; j < 33
j < 33Description
TRUEevaluated 728 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 304 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; j++)		304-728
351 p_str[i][j] = 0;
executed 728 times by 1 test: p_str[i][j] = 0;
Executed by:
  • libcrypto.so.1.1
728
352-
353 if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X)
!ecp_nistz256_..., point[i]->X)Description
TRUEnever evaluated
FALSEevaluated 304 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-304
354 || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y)
!ecp_nistz256_..., point[i]->Y)Description
TRUEnever evaluated
FALSEevaluated 304 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-304
355 || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)
!ecp_nistz256_..., point[i]->Z)Description
TRUEnever evaluated
FALSEevaluated 304 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-304
356 ERR_put_error(16,(242),(146),__FILE__,649)-
357 ;-
358 goto
never executed: goto err;
 err;
never executed: goto err;
0
359 }-
360-
361-
362-
363-
364-
365-
366-
367 ecp_nistz256_scatter_w5 (row, &temp[0], 1);-
368 ecp_nistz256_point_double(&temp[1], &temp[0]);-
369 ecp_nistz256_scatter_w5 (row, &temp[1], 2);-
370 ecp_nistz256_point_add (&temp[2], &temp[1], &temp[0]);-
371 ecp_nistz256_scatter_w5 (row, &temp[2], 3);-
372 ecp_nistz256_point_double(&temp[1], &temp[1]);-
373 ecp_nistz256_scatter_w5 (row, &temp[1], 4);-
374 ecp_nistz256_point_double(&temp[2], &temp[2]);-
375 ecp_nistz256_scatter_w5 (row, &temp[2], 6);-
376 ecp_nistz256_point_add (&temp[3], &temp[1], &temp[0]);-
377 ecp_nistz256_scatter_w5 (row, &temp[3], 5);-
378 ecp_nistz256_point_add (&temp[4], &temp[2], &temp[0]);-
379 ecp_nistz256_scatter_w5 (row, &temp[4], 7);-
380 ecp_nistz256_point_double(&temp[1], &temp[1]);-
381 ecp_nistz256_scatter_w5 (row, &temp[1], 8);-
382 ecp_nistz256_point_double(&temp[2], &temp[2]);-
383 ecp_nistz256_scatter_w5 (row, &temp[2], 12);-
384 ecp_nistz256_point_double(&temp[3], &temp[3]);-
385 ecp_nistz256_scatter_w5 (row, &temp[3], 10);-
386 ecp_nistz256_point_double(&temp[4], &temp[4]);-
387 ecp_nistz256_scatter_w5 (row, &temp[4], 14);-
388 ecp_nistz256_point_add (&temp[2], &temp[2], &temp[0]);-
389 ecp_nistz256_scatter_w5 (row, &temp[2], 13);-
390 ecp_nistz256_point_add (&temp[3], &temp[3], &temp[0]);-
391 ecp_nistz256_scatter_w5 (row, &temp[3], 11);-
392 ecp_nistz256_point_add (&temp[4], &temp[4], &temp[0]);-
393 ecp_nistz256_scatter_w5 (row, &temp[4], 15);-
394 ecp_nistz256_point_add (&temp[2], &temp[1], &temp[0]);-
395 ecp_nistz256_scatter_w5 (row, &temp[2], 9);-
396 ecp_nistz256_point_double(&temp[1], &temp[1]);-
397 ecp_nistz256_scatter_w5 (row, &temp[1], 16);-
398 }
executed 304 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
304
399-
400 idx = 255;-
401-
402 wvalue = p_str[0][(idx - 1) / 8];-
403 wvalue = (wvalue >> ((idx - 1) % 8)) & mask;-
404-
405-
406-
407-
408-
409 ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1);-
410 memcpy(r, &temp[0], sizeof(temp[0]));-
411-
412 while (idx >= 5
idx >= 5Description
TRUEevaluated 14892 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		292-14892
413 for (i = (idx == 255 ? 1 : 0); i < num
i < numDescription
TRUEevaluated 15212 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 14892 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		14892-15212
414 unsigned int off = (idx - 1) / 8;-
415-
416 wvalue = p_str[i][off] | p_str[i][off + 1] << 8;-
417 wvalue = (wvalue >> ((idx - 1) % 8)) & mask;-
418-
419 wvalue = _booth_recode_w5(wvalue);-
420-
421 ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);-
422-
423 ecp_nistz256_neg(temp[1].Y, temp[0].Y);-
424 copy_conditional(temp[0].Y, temp[1].Y, (wvalue & 1));-
425-
426 ecp_nistz256_point_add(r, r, &temp[0]);-
427 }
executed 15212 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
15212
428-
429 idx -= window_size;-
430-
431 ecp_nistz256_point_double(r, r);-
432 ecp_nistz256_point_double(r, r);-
433 ecp_nistz256_point_double(r, r);-
434 ecp_nistz256_point_double(r, r);-
435 ecp_nistz256_point_double(r, r);-
436 }
executed 14892 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
14892
437-
438-
439 for (i = 0; i < num
i < numDescription
TRUEevaluated 304 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		292-304
440 wvalue = p_str[i][0];-
441 wvalue = (wvalue << 1) & mask;-
442-
443 wvalue = _booth_recode_w5(wvalue);-
444-
445 ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);-
446-
447 ecp_nistz256_neg(temp[1].Y, temp[0].Y);-
448 copy_conditional(temp[0].Y, temp[1].Y, wvalue & 1);-
449-
450 ecp_nistz256_point_add(r, r, &temp[0]);-
451 }
executed 304 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
304
452-
453 ret = 1;-
454 err:
code before this statement executed 292 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
292
455 CRYPTO_free(table_storage, __FILE__, 747);-
456 CRYPTO_free(p_str, __FILE__, 748);-
457 CRYPTO_free(scalars, __FILE__, 749);-
458 return
executed 292 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
 ret;
executed 292 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
292
459}-
460-
461-
462static const unsigned long def_xG[(256/(8 * 8))] = {-
463 ((unsigned long)0x79e730d4<<32|0x18a9143c), ((unsigned long)0x75ba95fc<<32|0x5fedb601),-
464 ((unsigned long)0x79fb732b<<32|0x77622510), ((unsigned long)0x18905f76<<32|0xa53755c6)-
465};-
466-
467static const unsigned long def_yG[(256/(8 * 8))] = {-
468 ((unsigned long)0xddf25357<<32|0xce95560a), ((unsigned long)0x8b4ab8e4<<32|0xba19e45c),-
469 ((unsigned long)0xd2e88688<<32|0xdd21f325), ((unsigned long)0x8571ff18<<32|0x25885d85)-
470};-
471-
472-
473-
474-
475-
476static int ecp_nistz256_is_affine_G(const EC_POINT *generator)-
477{-
478 return
executed 847 times by 1 test: return (bn_get_top(generator->X) == (256/(8 * 8))) && (bn_get_top(generator->Y) == (256/(8 * 8))) && is_equal(bn_get_words(generator->X), def_xG) && is_equal(bn_get_words(generator->Y), def_yG) && is_one(generator->Z);
Executed by:
  • libcrypto.so.1.1
 (
(bn_get_top(ge...(256/(8 * 8)))Description
TRUEevaluated 847 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
bn_get_top(generator->X) == (256/(8 * 8)))
(bn_get_top(ge...(256/(8 * 8)))Description
TRUEevaluated 847 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
 &&
executed 847 times by 1 test: return (bn_get_top(generator->X) == (256/(8 * 8))) && (bn_get_top(generator->Y) == (256/(8 * 8))) && is_equal(bn_get_words(generator->X), def_xG) && is_equal(bn_get_words(generator->Y), def_yG) && is_one(generator->Z);
Executed by:
  • libcrypto.so.1.1
0-847
479 (
(bn_get_top(ge...(256/(8 * 8)))Description
TRUEevaluated 847 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
bn_get_top(generator->Y) == (256/(8 * 8)))
(bn_get_top(ge...(256/(8 * 8)))Description
TRUEevaluated 847 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
 &&
executed 847 times by 1 test: return (bn_get_top(generator->X) == (256/(8 * 8))) && (bn_get_top(generator->Y) == (256/(8 * 8))) && is_equal(bn_get_words(generator->X), def_xG) && is_equal(bn_get_words(generator->Y), def_yG) && is_one(generator->Z);
Executed by:
  • libcrypto.so.1.1
0-847
480 is_equal(bn_get_words(generator->X), def_xG)
is_equal(bn_ge...r->X), def_xG)Description
TRUEevaluated 847 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
 &&
executed 847 times by 1 test: return (bn_get_top(generator->X) == (256/(8 * 8))) && (bn_get_top(generator->Y) == (256/(8 * 8))) && is_equal(bn_get_words(generator->X), def_xG) && is_equal(bn_get_words(generator->Y), def_yG) && is_one(generator->Z);
Executed by:
  • libcrypto.so.1.1
0-847
481 is_equal(bn_get_words(generator->Y), def_yG)
is_equal(bn_ge...r->Y), def_yG)Description
TRUEevaluated 847 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
 &&
executed 847 times by 1 test: return (bn_get_top(generator->X) == (256/(8 * 8))) && (bn_get_top(generator->Y) == (256/(8 * 8))) && is_equal(bn_get_words(generator->X), def_xG) && is_equal(bn_get_words(generator->Y), def_yG) && is_one(generator->Z);
Executed by:
  • libcrypto.so.1.1
0-847
482 is_one(generator->Z)
is_one(generator->Z)Description
TRUEevaluated 847 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
;
executed 847 times by 1 test: return (bn_get_top(generator->X) == (256/(8 * 8))) && (bn_get_top(generator->Y) == (256/(8 * 8))) && is_equal(bn_get_words(generator->X), def_xG) && is_equal(bn_get_words(generator->Y), def_yG) && is_one(generator->Z);
Executed by:
  • libcrypto.so.1.1
0-847
483}-
484-
485 static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)-
486{-
487-
488-
489-
490-
491-
492-
493 const BIGNUM *order;-
494 EC_POINT *P = -
495 ((void *)0)-
496 , *T = -
497 ((void *)0)-
498 ;-
499 const EC_POINT *generator;-
500 NISTZ256_PRE_COMP *pre_comp;-
501 BN_CTX *new_ctx = -
502 ((void *)0)-
503 ;-
504 int i, j, k, ret = 0;-
505 size_t w;-
506-
507 PRECOMP256_ROW *preComputedTable = -
508 ((void *)0)-
509 ;-
510 unsigned char *precomp_storage = -
511 ((void *)0)-
512 ;-
513-
514-
515 EC_pre_comp_free(group);-
516 generator = EC_GROUP_get0_generator(group);-
517 if (generator ==
generator == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
518 ((void *)0)
generator == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
519 ) {-
520 ERR_put_error(16,(243),(113),__FILE__,800);-
521 return
never executed: return 0;
 0;
never executed: return 0;
0
522 }-
523-
524 if (ecp_nistz256_is_affine_G(generator)
ecp_nistz256_i...e_G(generator)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-1
525-
526-
527-
528-
529 return
executed 1 time by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
 1;
executed 1 time by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
1
530 }-
531-
532 if ((
(pre_comp = ec...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
pre_comp = ecp_nistz256_pre_comp_new(group)) ==
(pre_comp = ec...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
533 ((void *)0)
(pre_comp = ec...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
534 )-
535 return
never executed: return 0;
 0;
never executed: return 0;
0
536-
537 if (ctx ==
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
538 ((void *)0)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
539 ) {-
540 ctx = new_ctx = BN_CTX_new();-
541 if (ctx ==
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
542 ((void *)0)
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
543 )-
544 goto
never executed: goto err;
 err;
never executed: goto err;
0
545 }
never executed: end of block
0
546-
547 BN_CTX_start(ctx);-
548-
549 order = EC_GROUP_get0_order(group);-
550 if (order ==
order == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
551 ((void *)0)
order == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
552 )-
553 goto
never executed: goto err;
 err;
never executed: goto err;
0
554-
555 if (BN_is_zero(order)
BN_is_zero(order)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
556 ERR_put_error(16,(243),(114),__FILE__,828);-
557 goto
never executed: goto err;
 err;
never executed: goto err;
0
558 }-
559-
560 w = 7;-
561-
562 if ((
(precomp_stora...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
precomp_storage =
(precomp_stora...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
563 CRYPTO_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64, __FILE__, 835)) ==
(precomp_stora...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
564 ((void *)0)
(precomp_stora...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
565 ) {-
566 ERR_put_error(16,(243),((1|64)),__FILE__,836);-
567 goto
never executed: goto err;
 err;
never executed: goto err;
0
568 }-
569-
570 preComputedTable = (void *)((unsigned char *)precomp_storage+64 -(size_t)precomp_storage%64);-
571-
572 P = EC_POINT_new(group);-
573 T = EC_POINT_new(group);-
574 if (P ==
P == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
575 ((void *)0)
P == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
576 || T ==
T == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
577 ((void *)0)
T == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
578 )-
579 goto
never executed: goto err;
 err;
never executed: goto err;
0
580-
581-
582-
583-
584-
585 if (!EC_POINT_copy(T, generator)
!EC_POINT_copy(T, generator)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
586 goto
never executed: goto err;
 err;
never executed: goto err;
0
587-
588 for (k = 0; k < 64
k < 64Description
TRUEnever evaluated
FALSEnever evaluated
; k++) {		0
589 if (!EC_POINT_copy(P, T)
!EC_POINT_copy(P, T)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
590 goto
never executed: goto err;
 err;
never executed: goto err;
0
591 for (j = 0; j < 37
j < 37Description
TRUEnever evaluated
FALSEnever evaluated
; j++) {		0
592 P256_POINT_AFFINE temp;-
593-
594-
595-
596-
597 if (!EC_POINT_make_affine(group, P, ctx)
!EC_POINT_make...group, P, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
598 goto
never executed: goto err;
 err;
never executed: goto err;
0
599 if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X)
!ecp_nistz256_...(temp.X, P->X)Description
TRUEnever evaluated
FALSEnever evaluated
 ||		0
600 !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)
!ecp_nistz256_...(temp.Y, P->Y)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
601 ERR_put_error(16,(243),(146),__FILE__,868)-
602 ;-
603 goto
never executed: goto err;
 err;
never executed: goto err;
0
604 }-
605 ecp_nistz256_scatter_w7(preComputedTable[j], &temp, k);-
606 for (i = 0; i < 7
i < 7Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
607 if (!EC_POINT_dbl(group, P, P, ctx)
!EC_POINT_dbl(...up, P, P, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
608 goto
never executed: goto err;
 err;
never executed: goto err;
0
609 }
never executed: end of block
0
610 }
never executed: end of block
0
611 if (!EC_POINT_add(group, T, T, generator, ctx)
!EC_POINT_add(...enerator, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
612 goto
never executed: goto err;
 err;
never executed: goto err;
0
613 }
never executed: end of block
0
614-
615 pre_comp->group = group;-
616 pre_comp->w = w;-
617 pre_comp->precomp = preComputedTable;-
618 pre_comp->precomp_storage = precomp_storage;-
619 precomp_storage = -
620 ((void *)0)-
621 ;-
622 group->pre_comp_type = PCT_nistz256, group->pre_comp.nistz256 = pre_comp;-
623 pre_comp = -
624 ((void *)0)-
625 ;-
626 ret = 1;-
627-
628 err:
code before this statement never executed: err:
0
629 if (ctx !=
ctx != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
630 ((void *)0)
ctx != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
631 )-
632 BN_CTX_end(ctx);
never executed: BN_CTX_end(ctx);
0
633 BN_CTX_free(new_ctx);-
634-
635 EC_nistz256_pre_comp_free(pre_comp);-
636 CRYPTO_free(precomp_storage, __FILE__, 896);-
637 EC_POINT_free(P);-
638 EC_POINT_free(T);-
639 return
never executed: return ret;
 ret;
never executed: return ret;
0
640}-
641 static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,-
642 const P256_POINT_AFFINE *in,-
643 BN_CTX *ctx)-
644{-
645 int ret = 0;-
646-
647 if ((
(ret = bn_set_...256/(8 * 8))))Description
TRUEnever evaluated
FALSEnever evaluated
ret = bn_set_words(out->X, in->X, (256/(8 * 8))))
(ret = bn_set_...256/(8 * 8))))Description
TRUEnever evaluated
FALSEnever evaluated
0
648 && (
(ret = bn_set_...256/(8 * 8))))Description
TRUEnever evaluated
FALSEnever evaluated
ret = bn_set_words(out->Y, in->Y, (256/(8 * 8))))
(ret = bn_set_...256/(8 * 8))))Description
TRUEnever evaluated
FALSEnever evaluated
0
649 && (
(ret = bn_set_...256/(8 * 8))))Description
TRUEnever evaluated
FALSEnever evaluated
ret = bn_set_words(out->Z, ONE, (256/(8 * 8))))
(ret = bn_set_...256/(8 * 8))))Description
TRUEnever evaluated
FALSEnever evaluated
)		0
650 out->Z_is_one = 1;
never executed: out->Z_is_one = 1;
0
651-
652 return
never executed: return ret;
 ret;
never executed: return ret;
0
653}-
654-
655-
656 static int ecp_nistz256_points_mul(const EC_GROUP *group,-
657 EC_POINT *r,-
658 const BIGNUM *scalar,-
659 size_t num,-
660 const EC_POINT *points[],-
661 const BIGNUM *scalars[], BN_CTX *ctx)-
662{-
663 int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0;-
664 unsigned char p_str[33] = { 0 };-
665 const PRECOMP256_ROW *preComputedTable = -
666 ((void *)0)-
667 ;-
668 const NISTZ256_PRE_COMP *pre_comp = -
669 ((void *)0)-
670 ;-
671 const EC_POINT *generator = -
672 ((void *)0)-
673 ;-
674 const BIGNUM **new_scalars = -
675 ((void *)0)-
676 ;-
677 const EC_POINT **new_points = -
678 ((void *)0)-
679 ;-
680 unsigned int idx = 0;-
681 const unsigned int window_size = 7;-
682 const unsigned int mask = (1 << (window_size + 1)) - 1;-
683 unsigned int wvalue;-
684 __attribute((aligned(32))) union {-
685 P256_POINT p;-
686 P256_POINT_AFFINE a;-
687 } t, p;-
688 BIGNUM *tmp_scalar;-
689-
690 if ((
(num + 1) == 0Description
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
num + 1) == 0
(num + 1) == 0Description
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 || (
(num + 1) > ((...izeof(void *))Description
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
num + 1) > (((1U<<(sizeof(int)*8-1))-1)/sizeof(void *))
(num + 1) > ((...izeof(void *))Description
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-1020
691 ERR_put_error(16,(241),((1|64)),__FILE__,1143);-
692 return
never executed: return 0;
 0;
never executed: return 0;
0
693 }-
694-
695 BN_CTX_start(ctx);-
696-
697 if (scalar
scalarDescription
TRUEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 174 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		174-846
698 generator = EC_GROUP_get0_generator(group);-
699 if (generator ==
generator == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-846
700 ((void *)0)
generator == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-846
701 ) {-
702 ERR_put_error(16,(241),(113),__FILE__,1152);-
703 goto
never executed: goto err;
 err;
never executed: goto err;
0
704 }-
705-
706-
707 pre_comp = group->pre_comp.nistz256;-
708-
709 if (pre_comp
pre_compDescription
TRUEnever evaluated
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-846
710-
711-
712-
713-
714 EC_POINT *pre_comp_generator = EC_POINT_new(group);-
715 if (pre_comp_generator ==
pre_comp_gener...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
716 ((void *)0)
pre_comp_gener...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
717 )-
718 goto
never executed: goto err;
 err;
never executed: goto err;
0
719-
720 ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1);-
721 if (!ecp_nistz256_set_from_affine(pre_comp_generator,
!ecp_nistz256_...up, &p.a, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
722 group, &p.a, ctx)
!ecp_nistz256_...up, &p.a, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
723 EC_POINT_free(pre_comp_generator);-
724 goto
never executed: goto err;
 err;
never executed: goto err;
0
725 }-
726-
727 if (0 == EC_POINT_cmp(group, generator, pre_comp_generator, ctx)
0 == EC_POINT_...enerator, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
728 preComputedTable = (const PRECOMP256_ROW *)pre_comp->precomp;
never executed: preComputedTable = (const PRECOMP256_ROW *)pre_comp->precomp;
0
729-
730 EC_POINT_free(pre_comp_generator);-
731 }
never executed: end of block
0
732-
733 if (preComputedTable ==
preComputedTab...== ((void *)0)Description
TRUEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-846
734 ((void *)0)
preComputedTab...== ((void *)0)Description
TRUEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
 		0-846
735 && ecp_nistz256_is_affine_G(generator)
ecp_nistz256_i...e_G(generator)Description
TRUEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-846
736-
737-
738-
739-
740-
741-
742 preComputedTable = ecp_nistz256_precomputed;-
743 }
executed 846 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
846
744-
745 if (preComputedTable
preComputedTableDescription
TRUEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-846
746 if ((
(BN_num_bits(scalar) > 256)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 845 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_num_bits(scalar) > 256)
(BN_num_bits(scalar) > 256)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 845 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-845
747 || BN_is_negative(scalar)
BN_is_negative(scalar)Description
TRUEnever evaluated
FALSEevaluated 845 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-845
748 if ((
(tmp_scalar = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
tmp_scalar = BN_CTX_get(ctx)) ==
(tmp_scalar = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
749 ((void *)0)
(tmp_scalar = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
750 )-
751 goto
never executed: goto err;
 err;
never executed: goto err;
0
752-
753 if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)
!BN_nnmod(tmp_...p->order, ctx)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-1
754 ERR_put_error(16,(241),(3),__FILE__,1198);-
755 goto
never executed: goto err;
 err;
never executed: goto err;
0
756 }-
757 scalar = tmp_scalar;-
758 }
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
759-
760 for (i = 0; i < bn_get_top(scalar) * 8
i < bn_get_top(scalar) * 8Description
TRUEevaluated 3359 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i += 8) {		846-3359
761 unsigned long d = bn_get_words(scalar)[i / 8];-
762-
763 p_str[i + 0] = (unsigned char)d;-
764 p_str[i + 1] = (unsigned char)(d >> 8);-
765 p_str[i + 2] = (unsigned char)(d >> 16);-
766 p_str[i + 3] = (unsigned char)(d >>= 24);-
767 if (8 == 8
8 == 8Description
TRUEevaluated 3359 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
) {		0-3359
768 d >>= 8;-
769 p_str[i + 4] = (unsigned char)d;-
770 p_str[i + 5] = (unsigned char)(d >> 8);-
771 p_str[i + 6] = (unsigned char)(d >> 16);-
772 p_str[i + 7] = (unsigned char)(d >> 24);-
773 }
executed 3359 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
3359
774 }
executed 3359 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
3359
775-
776 for (; i < 33
i < 33Description
TRUEevaluated 1046 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++)		846-1046
777 p_str[i] = 0;
executed 1046 times by 1 test: p_str[i] = 0;
Executed by:
  • libcrypto.so.1.1
1046
778-
779-
780-
781-
782-
783-
784 {-
785 unsigned long infty;-
786-
787-
788 wvalue = (p_str[0] << 1) & mask;-
789 idx += window_size;-
790-
791 wvalue = _booth_recode_w7(wvalue);-
792-
793 ecp_nistz256_gather_w7(&p.a, preComputedTable[0],-
794 wvalue >> 1);-
795-
796 ecp_nistz256_neg(p.p.Z, p.p.Y);-
797 copy_conditional(p.p.Y, p.p.Z, wvalue & 1);-
798-
799-
800-
801-
802-
803-
804 infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |-
805 p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);-
806 if ((
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
256/(8 * 8)) == 8
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-846
807 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
never executed: infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
0
808 p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
never executed: infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
0
809-
810 infty = 0 - is_zero(infty);-
811 infty = ~infty;-
812-
813 p.p.Z[0] = ONE[0] & infty;-
814 p.p.Z[1] = ONE[1] & infty;-
815 p.p.Z[2] = ONE[2] & infty;-
816 p.p.Z[3] = ONE[3] & infty;-
817 if ((
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
256/(8 * 8)) == 8
(256/(8 * 8)) == 8Description
TRUEnever evaluated
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-846
818 p.p.Z[4] = ONE[4] & infty;-
819 p.p.Z[5] = ONE[5] & infty;-
820 p.p.Z[6] = ONE[6] & infty;-
821 p.p.Z[7] = ONE[7] & infty;-
822 }
never executed: end of block
0
823-
824 for (i = 1; i < 37
i < 37Description
TRUEevaluated 30456 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 846 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		846-30456
825 unsigned int off = (idx - 1) / 8;-
826 wvalue = p_str[off] | p_str[off + 1] << 8;-
827 wvalue = (wvalue >> ((idx - 1) % 8)) & mask;-
828 idx += window_size;-
829-
830 wvalue = _booth_recode_w7(wvalue);-
831-
832 ecp_nistz256_gather_w7(&t.a,-
833 preComputedTable[i], wvalue >> 1);-
834-
835 ecp_nistz256_neg(t.p.Z, t.a.Y);-
836 copy_conditional(t.a.Y, t.p.Z, wvalue & 1);-
837-
838 ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a);-
839 }
executed 30456 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
30456
840 }-
841 }
executed 846 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
 else {		846
842 p_is_infinity = 1;-
843 no_precomp_for_generator = 1;-
844 }
never executed: end of block
0
845 } else-
846 p_is_infinity = 1;
executed 174 times by 1 test: p_is_infinity = 1;
Executed by:
  • libcrypto.so.1.1
174
847-
848 if (no_precomp_for_generator
no_precomp_for_generatorDescription
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-1020
849-
850-
851-
852-
853 new_scalars = CRYPTO_malloc((num + 1) * sizeof(BIGNUM *), __FILE__, 1297);-
854 if (new_scalars ==
new_scalars == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
855 ((void *)0)
new_scalars == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
856 ) {-
857 ERR_put_error(16,(241),((1|64)),__FILE__,1299);-
858 goto
never executed: goto err;
 err;
never executed: goto err;
0
859 }-
860-
861 new_points = CRYPTO_malloc((num + 1) * sizeof(EC_POINT *), __FILE__, 1303);-
862 if (new_points ==
new_points == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
863 ((void *)0)
new_points == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
864 ) {-
865 ERR_put_error(16,(241),((1|64)),__FILE__,1305);-
866 goto
never executed: goto err;
 err;
never executed: goto err;
0
867 }-
868-
869 memcpy(new_scalars, scalars, num * sizeof(BIGNUM *));-
870 new_scalars[num] = scalar;-
871 memcpy(new_points, points, num * sizeof(EC_POINT *));-
872 new_points[num] = generator;-
873-
874 scalars = new_scalars;-
875 points = new_points;-
876 num++;-
877 }
never executed: end of block
0
878-
879 if (num
numDescription
TRUEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 728 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		292-728
880 P256_POINT *out = &t.p;-
881 if (p_is_infinity
p_is_infinityDescription
TRUEevaluated 174 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 118 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		118-174
882 out = &p.p;
executed 174 times by 1 test: out = &p.p;
Executed by:
  • libcrypto.so.1.1
174
883-
884 if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx)
!ecp_nistz256_...nts, num, ctx)Description
TRUEnever evaluated
FALSEevaluated 292 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-292
885 goto
never executed: goto err;
 err;
never executed: goto err;
0
886-
887 if (!p_is_infinity
!p_is_infinityDescription
TRUEevaluated 118 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 174 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		118-174
888 ecp_nistz256_point_add(&p.p, &p.p, out);
executed 118 times by 1 test: ecp_nistz256_point_add(&p.p, &p.p, out);
Executed by:
  • libcrypto.so.1.1
118
889 }
executed 292 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
292
890-
891-
892 if (!bn_set_words(r->X, p.p.X, (256/(8 * 8)))
!bn_set_words(...(256/(8 * 8)))Description
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 ||		0-1020
893 !bn_set_words(r->Y, p.p.Y, (256/(8 * 8)))
!bn_set_words(...(256/(8 * 8)))Description
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 ||		0-1020
894 !bn_set_words(r->Z, p.p.Z, (256/(8 * 8)))
!bn_set_words(...(256/(8 * 8)))Description
TRUEnever evaluated
FALSEevaluated 1020 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-1020
895 goto
never executed: goto err;
 err;
never executed: goto err;
0
896 }-
897 r->Z_is_one = is_one(r->Z) & 1;-
898-
899 ret = 1;-
900-
901err:
code before this statement executed 1020 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
1020
902 BN_CTX_end(ctx);-
903 CRYPTO_free(new_points, __FILE__, 1343);-
904 CRYPTO_free(new_scalars, __FILE__, 1344);-
905 return
executed 1020 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
 ret;
executed 1020 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
1020
906}-
907-
908 static int ecp_nistz256_get_affine(const EC_GROUP *group,-
909 const EC_POINT *point,-
910 BIGNUM *x, BIGNUM *y, BN_CTX *ctx)-
911{-
912 unsigned long z_inv2[(256/(8 * 8))];-
913 unsigned long z_inv3[(256/(8 * 8))];-
914 unsigned long x_aff[(256/(8 * 8))];-
915 unsigned long y_aff[(256/(8 * 8))];-
916 unsigned long point_x[(256/(8 * 8))], point_y[(256/(8 * 8))], point_z[(256/(8 * 8))];-
917 unsigned long x_ret[(256/(8 * 8))], y_ret[(256/(8 * 8))];-
918-
919 if (EC_POINT_is_at_infinity(group, point)
EC_POINT_is_at...(group, point)Description
TRUEnever evaluated
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-14083
920 ERR_put_error(16,(240),(106),__FILE__,1360);-
921 return
never executed: return 0;
 0;
never executed: return 0;
0
922 }-
923-
924 if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X)
!ecp_nistz256_...t_x, point->X)Description
TRUEnever evaluated
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 ||		0-14083
925 !ecp_nistz256_bignum_to_field_elem(point_y, point->Y)
!ecp_nistz256_...t_y, point->Y)Description
TRUEnever evaluated
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 ||		0-14083
926 !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)
!ecp_nistz256_...t_z, point->Z)Description
TRUEnever evaluated
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-14083
927 ERR_put_error(16,(240),(146),__FILE__,1367);-
928 return
never executed: return 0;
 0;
never executed: return 0;
0
929 }-
930-
931 ecp_nistz256_mod_inverse(z_inv3, point_z);-
932 ecp_nistz256_sqr_mont(z_inv2, z_inv3);-
933 ecp_nistz256_mul_mont(x_aff, z_inv2, point_x);-
934-
935 if (x !=
x != ((void *)0)Description
TRUEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-14083
936 ((void *)0)
x != ((void *)0)Description
TRUEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-14083
937 ) {-
938 ecp_nistz256_from_mont(x_ret, x_aff);-
939 if (!bn_set_words(x, x_ret, (256/(8 * 8)))
!bn_set_words(...(256/(8 * 8)))Description
TRUEnever evaluated
FALSEevaluated 14083 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-14083
940 return
never executed: return 0;
 0;
never executed: return 0;
0
941 }
executed 14083 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
14083
942-
943 if (y !=
y != ((void *)0)Description
TRUEevaluated 13513 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 570 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
570-13513
944 ((void *)0)
y != ((void *)0)Description
TRUEevaluated 13513 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 570 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
570-13513
945 ) {-
946 ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2);-
947 ecp_nistz256_mul_mont(y_aff, z_inv3, point_y);-
948 ecp_nistz256_from_mont(y_ret, y_aff);-
949 if (!bn_set_words(y, y_ret, (256/(8 * 8)))
!bn_set_words(...(256/(8 * 8)))Description
TRUEnever evaluated
FALSEevaluated 13513 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-13513
950 return
never executed: return 0;
 0;
never executed: return 0;
0
951 }
executed 13513 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
13513
952-
953 return
executed 14083 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
 1;
executed 14083 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
14083
954}-
955-
956static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)-
957{-
958 NISTZ256_PRE_COMP *ret = -
959 ((void *)0)-
960 ;-
961-
962 if (!group
!groupDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
963 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
964 ((void *)0)
never executed: return ((void *)0) ;
0
965 ;
never executed: return ((void *)0) ;
0
966-
967 ret = CRYPTO_zalloc(sizeof(*ret), __FILE__, 1399);-
968-
969 if (ret ==
ret == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
970 ((void *)0)
ret == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
971 ) {-
972 ERR_put_error(16,(244),((1|64)),__FILE__,1402);-
973 return
never executed: return ret;
 ret;
never executed: return ret;
0
974 }-
975-
976 ret->group = group;-
977 ret->w = 6;-
978 ret->references = 1;-
979-
980 ret->lock = CRYPTO_THREAD_lock_new();-
981 if (ret->lock ==
ret->lock == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
982 ((void *)0)
ret->lock == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
983 ) {-
984 ERR_put_error(16,(244),((1|64)),__FILE__,1412);-
985 CRYPTO_free(ret, __FILE__, 1413);-
986 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
987 ((void *)0)
never executed: return ((void *)0) ;
0
988 ;
never executed: return ((void *)0) ;
0
989 }-
990 return
never executed: return ret;
 ret;
never executed: return ret;
0
991}-
992-
993NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)-
994{-
995 int i;-
996 if (p !=
p != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
997 ((void *)0)
p != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
998 )-
999 CRYPTO_UP_REF(&p->references, &i, p->lock);
never executed: CRYPTO_UP_REF(&p->references, &i, p->lock);
0
1000 return
never executed: return p;
 p;
never executed: return p;
0
1001}-
1002-
1003void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)-
1004{-
1005 int i;-
1006-
1007 if (pre ==
pre == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1008 ((void *)0)
pre == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1009 )-
1010 return;
never executed: return;
0
1011-
1012 CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);-
1013 ;-
1014 if (i > 0
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
1015 return;
never executed: return;
0
1016 ;-
1017-
1018 CRYPTO_free(pre->precomp_storage, __FILE__, 1440);-
1019 CRYPTO_THREAD_lock_free(pre->lock);-
1020 CRYPTO_free(pre, __FILE__, 1442);-
1021}
never executed: end of block
0
1022-
1023-
1024static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group)-
1025{-
1026-
1027 const EC_POINT *generator = EC_GROUP_get0_generator(group);-
1028-
1029 if (generator !=
generator != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1030 ((void *)0)
generator != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
1031 && ecp_nistz256_is_affine_G(generator)
ecp_nistz256_i...e_G(generator)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
1032-
1033 return
never executed: return 1;
 1;
never executed: return 1;
0
1034 }-
1035-
1036 return
never executed: return group->pre_comp_type == PCT_nistz256 && group->pre_comp.nistz256 != ((void *)0) ;
 group->pre_comp_type == PCT_nistz256
group->pre_com...= PCT_nistz256Description
TRUEnever evaluated
FALSEnever evaluated
 && group->pre_comp.nistz256 !=
group->pre_com...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
never executed: return group->pre_comp_type == PCT_nistz256 && group->pre_comp.nistz256 != ((void *)0) ;
0
1037 ((void *)0)
group->pre_com...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
never executed: return group->pre_comp_type == PCT_nistz256 && group->pre_comp.nistz256 != ((void *)0) ;
0
1038 ;
never executed: return group->pre_comp_type == PCT_nistz256 && group->pre_comp.nistz256 != ((void *)0) ;
0
1039}-
1040void ecp_nistz256_ord_mul_mont(unsigned long res[(256/(8 * 8))],-
1041 const unsigned long a[(256/(8 * 8))],-
1042 const unsigned long b[(256/(8 * 8))]);-
1043void ecp_nistz256_ord_sqr_mont(unsigned long res[(256/(8 * 8))],-
1044 const unsigned long a[(256/(8 * 8))],-
1045 int rep);-
1046-
1047static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,-
1048 const BIGNUM *x, BN_CTX *ctx)-
1049{-
1050-
1051 static const unsigned long RR[(256/(8 * 8))] = {-
1052 ((unsigned long)0x83244c95<<32|0xbe79eea2), ((unsigned long)0x4699799c<<32|0x49bd6fa6),-
1053 ((unsigned long)0x2845b239<<32|0x2b6bec59), ((unsigned long)0x66e12d94<<32|0xf3d95620)-
1054 };-
1055-
1056 static const unsigned long one[(256/(8 * 8))] = {-
1057 ((unsigned long)0<<32|1), ((unsigned long)0<<32|0), ((unsigned long)0<<32|0), ((unsigned long)0<<32|0)-
1058 };-
1059-
1060-
1061-
1062-
1063 unsigned long table[15][(256/(8 * 8))];-
1064 unsigned long out[(256/(8 * 8))], t[(256/(8 * 8))];-
1065 int i, ret = 0;-
1066 enum {-
1067 i_1 = 0, i_10, i_11, i_101, i_111, i_1010, i_1111,-
1068 i_10101, i_101010, i_101111, i_x6, i_x8, i_x16, i_x32-
1069 };-
1070-
1071-
1072-
1073-
1074 if (bn_wexpand(r, (256/(8 * 8))) ==
bn_wexpand(r, ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-413
1075 ((void *)0)
bn_wexpand(r, ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-413
1076 ) {-
1077 ERR_put_error(16,(275),(3),__FILE__,1501);-
1078 goto
never executed: goto err;
 err;
never executed: goto err;
0
1079 }-
1080-
1081 if ((
(BN_num_bits(x) > 256)Description
TRUEnever evaluated
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_num_bits(x) > 256)
(BN_num_bits(x) > 256)Description
TRUEnever evaluated
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
 || BN_is_negative(x)
BN_is_negative(x)Description
TRUEnever evaluated
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-413
1082 BIGNUM *tmp;-
1083-
1084 if ((
(tmp = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
tmp = BN_CTX_get(ctx)) ==
(tmp = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1085 ((void *)0)
(tmp = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1086 -
1087 || !BN_nnmod(tmp, x, group->order, ctx)
!BN_nnmod(tmp,...p->order, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
1088 ERR_put_error(16,(275),(3),__FILE__,1510);-
1089 goto
never executed: goto err;
 err;
never executed: goto err;
0
1090 }-
1091 x = tmp;-
1092 }
never executed: end of block
0
1093-
1094 if (!ecp_nistz256_bignum_to_field_elem(t, x)
!ecp_nistz256_...eld_elem(t, x)Description
TRUEnever evaluated
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
) {		0-413
1095 ERR_put_error(16,(275),(146),__FILE__,1517);-
1096 goto
never executed: goto err;
 err;
never executed: goto err;
0
1097 }-
1098-
1099 ecp_nistz256_ord_mul_mont(table[0], t, RR);-
1100 ecp_nistz256_ord_sqr_mont(table[i_10], table[i_1], 1);-
1101-
1102 ecp_nistz256_ord_mul_mont(table[i_11], table[i_1], table[i_10]);-
1103-
1104 ecp_nistz256_ord_mul_mont(table[i_101], table[i_11], table[i_10]);-
1105-
1106 ecp_nistz256_ord_mul_mont(table[i_111], table[i_101], table[i_10]);-
1107-
1108 ecp_nistz256_ord_sqr_mont(table[i_1010], table[i_101], 1);-
1109-
1110 ecp_nistz256_ord_mul_mont(table[i_1111], table[i_1010], table[i_101]);-
1111-
1112 ecp_nistz256_ord_sqr_mont(table[i_10101], table[i_1010], 1);-
1113 ecp_nistz256_ord_mul_mont(table[i_10101], table[i_10101], table[i_1]);-
1114-
1115 ecp_nistz256_ord_sqr_mont(table[i_101010], table[i_10101], 1);-
1116-
1117 ecp_nistz256_ord_mul_mont(table[i_101111], table[i_101010], table[i_101]);-
1118-
1119 ecp_nistz256_ord_mul_mont(table[i_x6], table[i_101010], table[i_10101]);-
1120-
1121 ecp_nistz256_ord_sqr_mont(table[i_x8], table[i_x6], 2);-
1122 ecp_nistz256_ord_mul_mont(table[i_x8], table[i_x8], table[i_11]);-
1123-
1124 ecp_nistz256_ord_sqr_mont(table[i_x16], table[i_x8], 8);-
1125 ecp_nistz256_ord_mul_mont(table[i_x16], table[i_x16], table[i_x8]);-
1126-
1127 ecp_nistz256_ord_sqr_mont(table[i_x32], table[i_x16], 16);-
1128 ecp_nistz256_ord_mul_mont(table[i_x32], table[i_x32], table[i_x16]);-
1129-
1130-
1131 ecp_nistz256_ord_sqr_mont(out, table[i_x32], 64);-
1132 ecp_nistz256_ord_mul_mont(out, out, table[i_x32]);-
1133-
1134 for (i = 0; i < 27
i < 27Description
TRUEevaluated 11151 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
; i++) {		413-11151
1135 static const struct { unsigned char p, i; } chain[27] = {-
1136 { 32, i_x32 }, { 6, i_101111 }, { 5, i_111 },-
1137 { 4, i_11 }, { 5, i_1111 }, { 5, i_10101 },-
1138 { 4, i_101 }, { 3, i_101 }, { 3, i_101 },-
1139 { 5, i_111 }, { 9, i_101111 }, { 6, i_1111 },-
1140 { 2, i_1 }, { 5, i_1 }, { 6, i_1111 },-
1141 { 5, i_111 }, { 4, i_111 }, { 5, i_111 },-
1142 { 5, i_101 }, { 3, i_11 }, { 10, i_101111 },-
1143 { 2, i_11 }, { 5, i_11 }, { 5, i_11 },-
1144 { 3, i_1 }, { 7, i_10101 }, { 6, i_1111 }-
1145 };-
1146-
1147 ecp_nistz256_ord_sqr_mont(out, out, chain[i].p);-
1148 ecp_nistz256_ord_mul_mont(out, out, table[chain[i].i]);-
1149 }
executed 11151 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
11151
1150-
1151 ecp_nistz256_ord_mul_mont(out, out, one);-
1152-
1153-
1154-
1155-
1156 if (!bn_set_words(r, out, (256/(8 * 8)))
!bn_set_words(...(256/(8 * 8)))Description
TRUEnever evaluated
FALSEevaluated 413 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
)		0-413
1157 goto
never executed: goto err;
 err;
never executed: goto err;
0
1158-
1159 ret = 1;-
1160err:
code before this statement executed 413 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
413
1161 return
executed 413 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
 ret;
executed 413 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
413
1162}-
1163-
1164-
1165-
1166-
1167const EC_METHOD *EC_GFp_nistz256_method(void)-
1168{-
1169 static const EC_METHOD ret = {-
1170 0x1,-
1171 406,-
1172 ec_GFp_mont_group_init,-
1173 ec_GFp_mont_group_finish,-
1174 ec_GFp_mont_group_clear_finish,-
1175 ec_GFp_mont_group_copy,-
1176 ec_GFp_mont_group_set_curve,-
1177 ec_GFp_simple_group_get_curve,-
1178 ec_GFp_simple_group_get_degree,-
1179 ec_group_simple_order_bits,-
1180 ec_GFp_simple_group_check_discriminant,-
1181 ec_GFp_simple_point_init,-
1182 ec_GFp_simple_point_finish,-
1183 ec_GFp_simple_point_clear_finish,-
1184 ec_GFp_simple_point_copy,-
1185 ec_GFp_simple_point_set_to_infinity,-
1186 ec_GFp_simple_set_Jprojective_coordinates_GFp,-
1187 ec_GFp_simple_get_Jprojective_coordinates_GFp,-
1188 ec_GFp_simple_point_set_affine_coordinates,-
1189 ecp_nistz256_get_affine,-
1190 0, 0, 0,-
1191 ec_GFp_simple_add,-
1192 ec_GFp_simple_dbl,-
1193 ec_GFp_simple_invert,-
1194 ec_GFp_simple_is_at_infinity,-
1195 ec_GFp_simple_is_on_curve,-
1196 ec_GFp_simple_cmp,-
1197 ec_GFp_simple_make_affine,-
1198 ec_GFp_simple_points_make_affine,-
1199 ecp_nistz256_points_mul,-
1200 ecp_nistz256_mult_precompute,-
1201 ecp_nistz256_window_have_precompute_mult,-
1202 ec_GFp_mont_field_mul,-
1203 ec_GFp_mont_field_sqr,-
1204 0,-
1205 ec_GFp_mont_field_encode,-
1206 ec_GFp_mont_field_decode,-
1207 ec_GFp_mont_field_set_to_one,-
1208 ec_key_simple_priv2oct,-
1209 ec_key_simple_oct2priv,-
1210 0,-
1211 ec_key_simple_generate_key,-
1212 ec_key_simple_check_key,-
1213 ec_key_simple_generate_public_key,-
1214 0,-
1215 0,-
1216 ecdh_simple_compute_key,-
1217 ecp_nistz256_inv_mod_ord,-
1218 0,-
1219 0,-
1220 0,-
1221 0-
1222 };-
1223-
1224 return
executed 18080 times by 1 test: return &ret;
Executed by:
  • libcrypto.so.1.1
 &ret;
executed 18080 times by 1 test: return &ret;
Executed by:
  • libcrypto.so.1.1
18080
1225}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2