OpenCoverage

cms_kari.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/cms/cms_kari.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include "internal/cryptlib.h"-
11#include <openssl/asn1t.h>-
12#include <openssl/pem.h>-
13#include <openssl/x509v3.h>-
14#include <openssl/err.h>-
15#include <openssl/cms.h>-
16#include <openssl/aes.h>-
17#include "cms_lcl.h"-
18#include "internal/asn1_int.h"-
19-
20/* Key Agreement Recipient Info (KARI) routines */-
21-
22int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,-
23 X509_ALGOR **palg,-
24 ASN1_OCTET_STRING **pukm)-
25{-
26 if (ri->type != CMS_RECIPINFO_AGREE) {
ri->type != 1Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
27 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG,-
28 CMS_R_NOT_KEY_AGREEMENT);-
29 return 0;
never executed: return 0;
0
30 }-
31 if (palg)
palgDescription
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
32 *palg = ri->d.kari->keyEncryptionAlgorithm;
executed 13 times by 1 test: *palg = ri->d.kari->keyEncryptionAlgorithm;
Executed by:
  • libcrypto.so.1.1
13
33 if (pukm)
pukmDescription
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
34 *pukm = ri->d.kari->ukm;
executed 13 times by 1 test: *pukm = ri->d.kari->ukm;
Executed by:
  • libcrypto.so.1.1
13
35 return 1;
executed 13 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
13
36}-
37-
38/* Retrieve recipient encrypted keys from a kari */-
39-
40STACK_OF(CMS_RecipientEncryptedKey)-
41*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)-
42{-
43 if (ri->type != CMS_RECIPINFO_AGREE) {
ri->type != 1Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
44 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS,-
45 CMS_R_NOT_KEY_AGREEMENT);-
46 return NULL;
never executed: return ((void *)0) ;
0
47 }-
48 return ri->d.kari->recipientEncryptedKeys;
executed 6 times by 1 test: return ri->d.kari->recipientEncryptedKeys;
Executed by:
  • libcrypto.so.1.1
6
49}-
50-
51int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,-
52 X509_ALGOR **pubalg,-
53 ASN1_BIT_STRING **pubkey,-
54 ASN1_OCTET_STRING **keyid,-
55 X509_NAME **issuer,-
56 ASN1_INTEGER **sno)-
57{-
58 CMS_OriginatorIdentifierOrKey *oik;-
59 if (ri->type != CMS_RECIPINFO_AGREE) {
ri->type != 1Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
60 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID,-
61 CMS_R_NOT_KEY_AGREEMENT);-
62 return 0;
never executed: return 0;
0
63 }-
64 oik = ri->d.kari->originator;-
65 if (issuer)
issuerDescription
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
66 *issuer = NULL;
never executed: *issuer = ((void *)0) ;
0
67 if (sno)
snoDescription
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
68 *sno = NULL;
never executed: *sno = ((void *)0) ;
0
69 if (keyid)
keyidDescription
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
70 *keyid = NULL;
never executed: *keyid = ((void *)0) ;
0
71 if (pubalg)
pubalgDescription
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
72 *pubalg = NULL;
executed 13 times by 1 test: *pubalg = ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
13
73 if (pubkey)
pubkeyDescription
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
74 *pubkey = NULL;
executed 13 times by 1 test: *pubkey = ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
13
75 if (oik->type == CMS_OIK_ISSUER_SERIAL) {
oik->type == 0Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
76 if (issuer)
issuerDescription
TRUEnever evaluated
FALSEnever evaluated
0
77 *issuer = oik->d.issuerAndSerialNumber->issuer;
never executed: *issuer = oik->d.issuerAndSerialNumber->issuer;
0
78 if (sno)
snoDescription
TRUEnever evaluated
FALSEnever evaluated
0
79 *sno = oik->d.issuerAndSerialNumber->serialNumber;
never executed: *sno = oik->d.issuerAndSerialNumber->serialNumber;
0
80 } else if (oik->type == CMS_OIK_KEYIDENTIFIER) {
never executed: end of block
oik->type == 1Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
81 if (keyid)
keyidDescription
TRUEnever evaluated
FALSEnever evaluated
0
82 *keyid = oik->d.subjectKeyIdentifier;
never executed: *keyid = oik->d.subjectKeyIdentifier;
0
83 } else if (oik->type == CMS_OIK_PUBKEY) {
never executed: end of block
oik->type == 2Description
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
84 if (pubalg)
pubalgDescription
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
85 *pubalg = oik->d.originatorKey->algorithm;
executed 13 times by 1 test: *pubalg = oik->d.originatorKey->algorithm;
Executed by:
  • libcrypto.so.1.1
13
86 if (pubkey)
pubkeyDescription
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
87 *pubkey = oik->d.originatorKey->publicKey;
executed 13 times by 1 test: *pubkey = oik->d.originatorKey->publicKey;
Executed by:
  • libcrypto.so.1.1
13
88 } else
executed 13 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
13
89 return 0;
never executed: return 0;
0
90 return 1;
executed 13 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
13
91}-
92-
93int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)-
94{-
95 CMS_OriginatorIdentifierOrKey *oik;-
96 if (ri->type != CMS_RECIPINFO_AGREE) {
ri->type != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
97 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP,-
98 CMS_R_NOT_KEY_AGREEMENT);-
99 return -2;
never executed: return -2;
0
100 }-
101 oik = ri->d.kari->originator;-
102 if (oik->type == CMS_OIK_ISSUER_SERIAL)
oik->type == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
103 return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
never executed: return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
0
104 else if (oik->type == CMS_OIK_KEYIDENTIFIER)
oik->type == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
105 return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
never executed: return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
0
106 return -1;
never executed: return -1;
0
107}-
108-
109int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,-
110 ASN1_OCTET_STRING **keyid,-
111 ASN1_GENERALIZEDTIME **tm,-
112 CMS_OtherKeyAttribute **other,-
113 X509_NAME **issuer, ASN1_INTEGER **sno)-
114{-
115 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;-
116 if (rid->type == CMS_REK_ISSUER_SERIAL) {
rid->type == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
117 if (issuer)
issuerDescription
TRUEnever evaluated
FALSEnever evaluated
0
118 *issuer = rid->d.issuerAndSerialNumber->issuer;
never executed: *issuer = rid->d.issuerAndSerialNumber->issuer;
0
119 if (sno)
snoDescription
TRUEnever evaluated
FALSEnever evaluated
0
120 *sno = rid->d.issuerAndSerialNumber->serialNumber;
never executed: *sno = rid->d.issuerAndSerialNumber->serialNumber;
0
121 if (keyid)
keyidDescription
TRUEnever evaluated
FALSEnever evaluated
0
122 *keyid = NULL;
never executed: *keyid = ((void *)0) ;
0
123 if (tm)
tmDescription
TRUEnever evaluated
FALSEnever evaluated
0
124 *tm = NULL;
never executed: *tm = ((void *)0) ;
0
125 if (other)
otherDescription
TRUEnever evaluated
FALSEnever evaluated
0
126 *other = NULL;
never executed: *other = ((void *)0) ;
0
127 } else if (rid->type == CMS_REK_KEYIDENTIFIER) {
never executed: end of block
rid->type == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
128 if (keyid)
keyidDescription
TRUEnever evaluated
FALSEnever evaluated
0
129 *keyid = rid->d.rKeyId->subjectKeyIdentifier;
never executed: *keyid = rid->d.rKeyId->subjectKeyIdentifier;
0
130 if (tm)
tmDescription
TRUEnever evaluated
FALSEnever evaluated
0
131 *tm = rid->d.rKeyId->date;
never executed: *tm = rid->d.rKeyId->date;
0
132 if (other)
otherDescription
TRUEnever evaluated
FALSEnever evaluated
0
133 *other = rid->d.rKeyId->other;
never executed: *other = rid->d.rKeyId->other;
0
134 if (issuer)
issuerDescription
TRUEnever evaluated
FALSEnever evaluated
0
135 *issuer = NULL;
never executed: *issuer = ((void *)0) ;
0
136 if (sno)
snoDescription
TRUEnever evaluated
FALSEnever evaluated
0
137 *sno = NULL;
never executed: *sno = ((void *)0) ;
0
138 } else
never executed: end of block
0
139 return 0;
never executed: return 0;
0
140 return 1;
never executed: return 1;
0
141}-
142-
143int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,-
144 X509 *cert)-
145{-
146 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;-
147 if (rid->type == CMS_REK_ISSUER_SERIAL)
rid->type == 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-4
148 return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
executed 4 times by 1 test: return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
Executed by:
  • libcrypto.so.1.1
4
149 else if (rid->type == CMS_REK_KEYIDENTIFIER)
rid->type == 1Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1
150 return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert);
executed 1 time by 1 test: return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert);
Executed by:
  • libcrypto.so.1.1
1
151 else-
152 return -1;
never executed: return -1;
0
153}-
154-
155int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)-
156{-
157 EVP_PKEY_CTX *pctx;-
158 CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;-
159-
160 EVP_PKEY_CTX_free(kari->pctx);-
161 kari->pctx = NULL;-
162 if (!pk)
!pkDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
6
163 return 1;
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
6
164 pctx = EVP_PKEY_CTX_new(pk, NULL);-
165 if (!pctx || !EVP_PKEY_derive_init(pctx))
!pctxDescription
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!EVP_PKEY_derive_init(pctx)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
166 goto err;
never executed: goto err;
0
167 kari->pctx = pctx;-
168 return 1;
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
6
169 err:-
170 EVP_PKEY_CTX_free(pctx);-
171 return 0;
never executed: return 0;
0
172}-
173-
174EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)-
175{-
176 if (ri->type == CMS_RECIPINFO_AGREE)
ri->type == 1Description
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13
177 return ri->d.kari->ctx;
executed 13 times by 1 test: return ri->d.kari->ctx;
Executed by:
  • libcrypto.so.1.1
13
178 return NULL;
never executed: return ((void *)0) ;
0
179}-
180-
181/*-
182 * Derive KEK and decrypt/encrypt with it to produce either the original CEK-
183 * or the encrypted CEK.-
184 */-
185-
186static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,-
187 const unsigned char *in, size_t inlen,-
188 CMS_KeyAgreeRecipientInfo *kari, int enc)-
189{-
190 /* Key encryption key */-
191 unsigned char kek[EVP_MAX_KEY_LENGTH];-
192 size_t keklen;-
193 int rv = 0;-
194 unsigned char *out = NULL;-
195 int outlen;-
196 keklen = EVP_CIPHER_CTX_key_length(kari->ctx);-
197 if (keklen > EVP_MAX_KEY_LENGTH)
keklen > 64Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
198 return 0;
never executed: return 0;
0
199 /* Derive KEK */-
200 if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
EVP_PKEY_deriv... &keklen) <= 0Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
201 goto err;
never executed: goto err;
0
202 /* Set KEK in context */-
203 if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
!EVP_CipherIni...id *)0) , enc)Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
204 goto err;
never executed: goto err;
0
205 /* obtain output length of ciphered key */-
206 if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
!EVP_CipherUpd...en, in, inlen)Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
207 goto err;
never executed: goto err;
0
208 out = OPENSSL_malloc(outlen);-
209 if (out == NULL)
out == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
210 goto err;
never executed: goto err;
0
211 if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
!EVP_CipherUpd...en, in, inlen)Description
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
212 goto err;
never executed: goto err;
0
213 *pout = out;-
214 *poutlen = (size_t)outlen;-
215 rv = 1;-
216-
217 err:
code before this statement executed 13 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
13
218 OPENSSL_cleanse(kek, keklen);-
219 if (!rv)
!rvDescription
TRUEnever evaluated
FALSEevaluated 13 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13
220 OPENSSL_free(out);
never executed: CRYPTO_free(out, __FILE__, 220);
0
221 EVP_CIPHER_CTX_reset(kari->ctx);-
222 /* FIXME: WHY IS kari->pctx freed here? /RL */-
223 EVP_PKEY_CTX_free(kari->pctx);-
224 kari->pctx = NULL;-
225 return rv;
executed 13 times by 1 test: return rv;
Executed by:
  • libcrypto.so.1.1
13
226}-
227-
228int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,-
229 CMS_RecipientInfo *ri,-
230 CMS_RecipientEncryptedKey *rek)-
231{-
232 int rv = 0;-
233 unsigned char *enckey = NULL, *cek = NULL;-
234 size_t enckeylen;-
235 size_t ceklen;-
236 CMS_EncryptedContentInfo *ec;-
237 enckeylen = rek->encryptedKey->length;-
238 enckey = rek->encryptedKey->data;-
239 /* Setup all parameters to derive KEK */-
240 if (!cms_env_asn1_ctrl(ri, 1))
!cms_env_asn1_ctrl(ri, 1)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
241 goto err;
never executed: goto err;
0
242 /* Attempt to decrypt CEK */-
243 if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
!cms_kek_ciphe...ri->d.kari, 0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
244 goto err;
never executed: goto err;
0
245 ec = cms->d.envelopedData->encryptedContentInfo;-
246 OPENSSL_clear_free(ec->key, ec->keylen);-
247 ec->key = cek;-
248 ec->keylen = ceklen;-
249 cek = NULL;-
250 rv = 1;-
251 err:
code before this statement executed 6 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
6
252 OPENSSL_free(cek);-
253 return rv;
executed 6 times by 1 test: return rv;
Executed by:
  • libcrypto.so.1.1
6
254}-
255-
256/* Create ephemeral key and initialise context based on it */-
257static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,-
258 EVP_PKEY *pk)-
259{-
260 EVP_PKEY_CTX *pctx = NULL;-
261 EVP_PKEY *ekey = NULL;-
262 int rv = 0;-
263 pctx = EVP_PKEY_CTX_new(pk, NULL);-
264 if (!pctx)
!pctxDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
265 goto err;
never executed: goto err;
0
266 if (EVP_PKEY_keygen_init(pctx) <= 0)
EVP_PKEY_keyge...nit(pctx) <= 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
267 goto err;
never executed: goto err;
0
268 if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
EVP_PKEY_keyge...x, &ekey) <= 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
269 goto err;
never executed: goto err;
0
270 EVP_PKEY_CTX_free(pctx);-
271 pctx = EVP_PKEY_CTX_new(ekey, NULL);-
272 if (!pctx)
!pctxDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
273 goto err;
never executed: goto err;
0
274 if (EVP_PKEY_derive_init(pctx) <= 0)
EVP_PKEY_deriv...nit(pctx) <= 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
275 goto err;
never executed: goto err;
0
276 kari->pctx = pctx;-
277 rv = 1;-
278 err:
code before this statement executed 7 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
7
279 if (!rv)
!rvDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
280 EVP_PKEY_CTX_free(pctx);
never executed: EVP_PKEY_CTX_free(pctx);
0
281 EVP_PKEY_free(ekey);-
282 return rv;
executed 7 times by 1 test: return rv;
Executed by:
  • libcrypto.so.1.1
7
283}-
284-
285/* Initialise a ktri based on passed certificate and key */-
286-
287int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,-
288 EVP_PKEY *pk, unsigned int flags)-
289{-
290 CMS_KeyAgreeRecipientInfo *kari;-
291 CMS_RecipientEncryptedKey *rek = NULL;-
292-
293 ri->d.kari = M_ASN1_new_of(CMS_KeyAgreeRecipientInfo);-
294 if (!ri->d.kari)
!ri->d.kariDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
295 return 0;
never executed: return 0;
0
296 ri->type = CMS_RECIPINFO_AGREE;-
297-
298 kari = ri->d.kari;-
299 kari->version = 3;-
300-
301 rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);-
302 if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
!sk_CMS_Recipi...ptedKeys, rek)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
303 M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);-
304 return 0;
never executed: return 0;
0
305 }-
306-
307 if (flags & CMS_USE_KEYID) {
flags & 0x10000Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-6
308 rek->rid->type = CMS_REK_KEYIDENTIFIER;-
309 rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier);-
310 if (rek->rid->d.rKeyId == NULL)
rek->rid->d.rK...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
311 return 0;
never executed: return 0;
0
312 if (!cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip))
!cms_set1_keyi...tifier, recip)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1
313 return 0;
never executed: return 0;
0
314 } else {
executed 1 time by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1
315 rek->rid->type = CMS_REK_ISSUER_SERIAL;-
316 if (!cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip))
!cms_set1_ias(...Number, recip)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
317 return 0;
never executed: return 0;
0
318 }
executed 6 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
6
319-
320 /* Create ephemeral key */-
321 if (!cms_kari_create_ephemeral_key(kari, pk))
!cms_kari_crea..._key(kari, pk)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
322 return 0;
never executed: return 0;
0
323-
324 EVP_PKEY_up_ref(pk);-
325 rek->pkey = pk;-
326 return 1;
executed 7 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
7
327}-
328-
329static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,-
330 const EVP_CIPHER *cipher)-
331{-
332 EVP_CIPHER_CTX *ctx = kari->ctx;-
333 const EVP_CIPHER *kekcipher;-
334 int keylen = EVP_CIPHER_key_length(cipher);-
335 /* If a suitable wrap algorithm is already set nothing to do */-
336 kekcipher = EVP_CIPHER_CTX_cipher(ctx);-
337-
338 if (kekcipher) {
kekcipherDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
339 if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
(EVP_CIPHER_fl...07) != 0x10002Description
TRUEnever evaluated
FALSEnever evaluated
0
340 return 0;
never executed: return 0;
0
341 return 1;
never executed: return 1;
0
342 }-
343 /*-
344 * Pick a cipher based on content encryption cipher. If it is DES3 use-
345 * DES3 wrap otherwise use AES wrap similar to key size.-
346 */-
347#ifndef OPENSSL_NO_DES-
348 if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
EVP_CIPHER_type(cipher) == 44Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
3-4
349 kekcipher = EVP_des_ede3_wrap();
executed 4 times by 1 test: kekcipher = EVP_des_ede3_wrap();
Executed by:
  • libcrypto.so.1.1
4
350 else-
351#endif-
352 if (keylen <= 16)
keylen <= 16Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-3
353 kekcipher = EVP_aes_128_wrap();
executed 3 times by 1 test: kekcipher = EVP_aes_128_wrap();
Executed by:
  • libcrypto.so.1.1
3
354 else if (keylen <= 24)
keylen <= 24Description
TRUEnever evaluated
FALSEnever evaluated
0
355 kekcipher = EVP_aes_192_wrap();
never executed: kekcipher = EVP_aes_192_wrap();
0
356 else-
357 kekcipher = EVP_aes_256_wrap();
never executed: kekcipher = EVP_aes_256_wrap();
0
358 return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
executed 7 times by 1 test: return EVP_EncryptInit_ex(ctx, kekcipher, ((void *)0) , ((void *)0) , ((void *)0) );
Executed by:
  • libcrypto.so.1.1
7
359}-
360-
361/* Encrypt content key in key agreement recipient info */-
362-
363int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,-
364 CMS_RecipientInfo *ri)-
365{-
366 CMS_KeyAgreeRecipientInfo *kari;-
367 CMS_EncryptedContentInfo *ec;-
368 CMS_RecipientEncryptedKey *rek;-
369 STACK_OF(CMS_RecipientEncryptedKey) *reks;-
370 int i;-
371-
372 if (ri->type != CMS_RECIPINFO_AGREE) {
ri->type != 1Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
373 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);-
374 return 0;
never executed: return 0;
0
375 }-
376 kari = ri->d.kari;-
377 reks = kari->recipientEncryptedKeys;-
378 ec = cms->d.envelopedData->encryptedContentInfo;-
379 /* Initialise wrap algorithm parameters */-
380 if (!cms_wrap_init(kari, ec->cipher))
!cms_wrap_init...i, ec->cipher)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
381 return 0;
never executed: return 0;
0
382 /*-
383 * If no originator key set up initialise for ephemeral key the public key-
384 * ASN1 structure will set the actual public key value.-
385 */-
386 if (kari->originator->type == -1) {
kari->originator->type == -1Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-7
387 CMS_OriginatorIdentifierOrKey *oik = kari->originator;-
388 oik->type = CMS_OIK_PUBKEY;-
389 oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);-
390 if (!oik->d.originatorKey)
!oik->d.originatorKeyDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
391 return 0;
never executed: return 0;
0
392 }
executed 7 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
7
393 /* Initialise KDF algorithm */-
394 if (!cms_env_asn1_ctrl(ri, 0))
!cms_env_asn1_ctrl(ri, 0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
395 return 0;
never executed: return 0;
0
396 /* For each rek, derive KEK, encrypt CEK */-
397 for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
i < sk_CMS_Rec...dKey_num(reks)Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
7
398 unsigned char *enckey;-
399 size_t enckeylen;-
400 rek = sk_CMS_RecipientEncryptedKey_value(reks, i);-
401 if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0)
EVP_PKEY_deriv...ek->pkey) <= 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
402 return 0;
never executed: return 0;
0
403 if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
!cms_kek_ciphe...ylen, kari, 1)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
404 kari, 1))
!cms_kek_ciphe...ylen, kari, 1)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7
405 return 0;
never executed: return 0;
0
406 ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);-
407 }
executed 7 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
7
408-
409 return 1;
executed 7 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
7
410-
411}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2