OpenCoverage

bn_prime.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/bn/bn_prime.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* -

3 * -

4 * Licensed under the OpenSSL license (the "License"). You may not use -

5 * this file except in compliance with the License. You can obtain a copy -

6 * in the file LICENSE in the source distribution or at -

7 * https://www.openssl.org/source/license.html -

8 */ -

9 -

10 #include <stdio.h> -

11 #include <time.h> -

12 #include "internal/cryptlib.h" -

13 #include "bn_lcl.h" -

14 -

15 /* -

16 * The quick sieve algorithm approach to weeding out primes is Philip -

17 * Zimmermann's, as implemented in PGP. I have had a read of his comments -

18 * and implemented my own version. -

19 */ -

20 #include "bn_prime.h" -

21 -

22 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, -

23 const BIGNUM *a1_odd, int k, BN_CTX *ctx, -

24 BN_MONT_CTX *mont); -

25 static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); -

26 static int probable_prime_dh_safe(BIGNUM *rnd, int bits, -

27 const BIGNUM *add, const BIGNUM *rem, -

28 BN_CTX *ctx); -

29 -

30 int BN_GENCB_call(BN_GENCB *cb, int a, int b) -

31 { -

32 /* No callback means continue */ -

if (!cb)

!cb	Description
TRUE	evaluated 646 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 4096 times by 1 test Evaluated by: libcrypto.so.1.1

646-4096

return 1;

executed 646 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

646

35 switch (cb->ver) { -

case 1:

never executed: case 1:

37 /* Deprecated-style callbacks */ -

if (!cb->cb.cb_1)

!cb->cb.cb_1	Description
TRUE	never evaluated
FALSE	never evaluated

return 1;

never executed: return 1;

40 cb->cb.cb_1(a, b, cb->arg); -

return 1;

never executed: return 1;

case 2:

executed 4096 times by 1 test: case 2:

Executed by:

libcrypto.so.1.1

4096

43 /* New-style callbacks */ -

return cb->cb.cb_2(a, b, cb);

executed 4096 times by 1 test: return cb->cb.cb_2(a, b, cb);

Executed by:

libcrypto.so.1.1

4096

default:

never executed: default:

break;

never executed: break;

47 } -

48 /* Unrecognised callback type */ -

return 0;

never executed: return 0;

50 } -

51 -

52 int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, -

53 const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) -

54 { -

55 BIGNUM *t; -

56 int found = 0; -

57 int i, j, c1 = 0; -

58 BN_CTX *ctx = NULL; -

59 prime_t *mods = NULL; -

int checks = BN_prime_checks_for_size(bits);

(bits) >= 3747	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 1 test Evaluated by: libcrypto.so.1.1

(bits) >= 1345	Description
TRUE	evaluated 20 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 47 times by 1 test Evaluated by: libcrypto.so.1.1

(bits) >= 476	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libcrypto.so.1.1

(bits) >= 400	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libcrypto.so.1.1

(bits) >= 347	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libcrypto.so.1.1

(bits) >= 308	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libcrypto.so.1.1

(bits) >= 55	Description
TRUE	evaluated 7 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1

0-67

61 -

if (bits < 2) {

bits < 2	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 1 test Evaluated by: libcrypto.so.1.1

0-67

63 /* There are no prime numbers this small. */ -

64 BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); -

return 0;

never executed: return 0;

} else if (bits == 2 && safe) {

bits == 2	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 1 test Evaluated by: libcrypto.so.1.1

safe	Description
TRUE	never evaluated
FALSE	never evaluated

0-67

67 /* The smallest safe prime (7) is three bits. */ -

68 BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); -

return 0;

never executed: return 0;

70 } -

71 -

72 mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES); -

if (mods == NULL)

mods == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 1 test Evaluated by: libcrypto.so.1.1

0-67

goto err;

never executed: goto err;

75 -

76 ctx = BN_CTX_new(); -

if (ctx == NULL)

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 1 test Evaluated by: libcrypto.so.1.1

0-67

goto err;

never executed: goto err;

79 BN_CTX_start(ctx); -

80 t = BN_CTX_get(ctx); -

if (t == NULL)

t == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 1 test Evaluated by: libcrypto.so.1.1

0-67

goto err;

never executed: goto err;

loop:

code before this statement executed 67 times by 1 test: loop:

Executed by:

libcrypto.so.1.1

84 /* make a random number and set the top and bottom bits */ -

if (add == NULL) {

add == ((void *)0)	Description
TRUE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

14-3382

if (!probable_prime(ret, bits, mods))

!probable_prim...t, bits, mods)	Description
TRUE	never evaluated
FALSE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1

0-3382

goto err;

never executed: goto err;

} else {

executed 3382 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

3382

if (safe) {

safe	Description
TRUE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-14

if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))

!probable_prim...add, rem, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

goto err;

never executed: goto err;

} else {

executed 14 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

if (!bn_probable_prime_dh(ret, bits, add, rem, ctx))

!bn_probable_p...add, rem, ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

goto err;

never executed: goto err;

}

never executed: end of block

96 } -

97 -

if (!BN_GENCB_call(cb, 0, c1++))

!BN_GENCB_call(cb, 0, c1++)	Description
TRUE	never evaluated
FALSE	evaluated 3396 times by 1 test Evaluated by: libcrypto.so.1.1

0-3396

99 /* aborted */ -

100

goto err;

never executed: goto err;

101 -

102

if (!safe) {

!safe	Description
TRUE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

14-3382

103 i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb); -

104

if (i == -1)

i == -1	Description
TRUE	never evaluated
FALSE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1

0-3382

105

goto err;

never executed: goto err;

106

if (i == 0)

i == 0	Description
TRUE	evaluated 3316 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 66 times by 1 test Evaluated by: libcrypto.so.1.1

66-3316

107

goto loop;

executed 3316 times by 1 test: goto loop;

Executed by:

libcrypto.so.1.1

3316

108

} else {

executed 66 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

109 /* -

110 * for "safe prime" generation, check that (p-1)/2 is prime. Since a -

111 * prime is odd, We just need to divide by 2 -

112 */ -

113

if (!BN_rshift1(t, ret))

!BN_rshift1(t, ret)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

114

goto err;

never executed: goto err;

115 -

116

for (i = 0; i < checks; i++) {

i < checks	Description
TRUE	evaluated 40 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1

1-40

117 j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb); -

118

if (j == -1)

j == -1	Description
TRUE	never evaluated
FALSE	evaluated 40 times by 1 test Evaluated by: libcrypto.so.1.1

0-40

119

goto err;

never executed: goto err;

120

if (j == 0)

j == 0	Description
TRUE	evaluated 9 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 31 times by 1 test Evaluated by: libcrypto.so.1.1

9-31

121

goto loop;

executed 9 times by 1 test: goto loop;

Executed by:

libcrypto.so.1.1

122 -

123 j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb); -

124

if (j == -1)

j == -1	Description
TRUE	never evaluated
FALSE	evaluated 31 times by 1 test Evaluated by: libcrypto.so.1.1

0-31

125

goto err;

never executed: goto err;

126

if (j == 0)

j == 0	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 27 times by 1 test Evaluated by: libcrypto.so.1.1

4-27

127

goto loop;

executed 4 times by 1 test: goto loop;

Executed by:

libcrypto.so.1.1

128 -

129

if (!BN_GENCB_call(cb, 2, c1 - 1))

!BN_GENCB_call(cb, 2, c1 - 1)	Description
TRUE	never evaluated
FALSE	evaluated 27 times by 1 test Evaluated by: libcrypto.so.1.1

0-27

130

goto err;

never executed: goto err;

131 /* We have a safe prime test pass */ -

132

}

executed 27 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

133

}

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

134 /* we have a prime :-) */ -

135 found = 1; -

136

err:

code before this statement executed 67 times by 1 test: err:

Executed by:

libcrypto.so.1.1

137 OPENSSL_free(mods); -

138

if (ctx != NULL)

ctx != ((void *)0)	Description
TRUE	evaluated 67 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-67

139

BN_CTX_end(ctx);

executed 67 times by 1 test: BN_CTX_end(ctx);

Executed by:

libcrypto.so.1.1

140 BN_CTX_free(ctx); -

141 bn_check_top(ret); -

142

return found;

executed 67 times by 1 test: return found;

Executed by:

libcrypto.so.1.1

143 } -

144 -

145 int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, -

146 BN_GENCB *cb) -

147 { -

148

return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);

executed 45 times by 1 test: return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);

Executed by:

libcrypto.so.1.1

149 } -

150 -

151 int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, -

152 int do_trial_division, BN_GENCB *cb) -

153 { -

154 int i, j, ret = -1; -

155 int k; -

156 BN_CTX *ctx = NULL; -

157 BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */ -

158 BN_MONT_CTX *mont = NULL; -

159 -

160 /* Take care of the really small primes 2 & 3 */ -

161

if (BN_is_word(a, 2) || BN_is_word(a, 3))

BN_is_word(a, 2)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3621 times by 1 test Evaluated by: libcrypto.so.1.1

BN_is_word(a, 3)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3619 times by 1 test Evaluated by: libcrypto.so.1.1

2-3621

162

return 1;

executed 4 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

163 -

164 /* Check odd and bigger than 1 */ -

165

if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0)

!BN_is_odd(a)	Description
TRUE	evaluated 6 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3613 times by 1 test Evaluated by: libcrypto.so.1.1

BN_cmp(a, BN_value_one()) <= 0	Description
TRUE	evaluated 2 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3611 times by 1 test Evaluated by: libcrypto.so.1.1

2-3613

166

return 0;

executed 8 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

167 -

168

if (checks == BN_prime_checks)

checks == 0	Description
TRUE	evaluated 44 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3567 times by 1 test Evaluated by: libcrypto.so.1.1

44-3567

169

checks = BN_prime_checks_for_size(BN_num_bits(a));

executed 44 times by 1 test:

checks = ((BN_num_bits(a)) >= 3747 ? 3 : (BN_num_bits(a)) >= 1345 ? 4 : (BN_num_bits(a)) >= 476 ? 5 : (BN_num_bits(a)) >= 400 ? 6 : (BN_num_bits(a)) >= 347 ? 7 : (BN_num_bits(a)) >= 308 ? 8 : (BN_num_bits(a)) >= 55 ? 27 : 34);

Executed by:

libcrypto.so.1.1

(BN_num_bits(a)) >= 3747	Description
TRUE	never evaluated
FALSE	evaluated 44 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_num_bits(a)) >= 1345	Description
TRUE	evaluated 10 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 34 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_num_bits(a)) >= 476	Description
TRUE	evaluated 21 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 13 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_num_bits(a)) >= 400	Description
TRUE	never evaluated
FALSE	evaluated 13 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_num_bits(a)) >= 347	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 12 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_num_bits(a)) >= 308	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_num_bits(a)) >= 55	Description
TRUE	evaluated 12 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-44

170 -

171 /* first look for small factors */ -

172

if (do_trial_division) {

do_trial_division	Description
TRUE	evaluated 110 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3501 times by 1 test Evaluated by: libcrypto.so.1.1

110-3501

173

for (i = 1; i < NUMPRIMES; i++) {

i < 2048	Description
TRUE	evaluated 22032 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 8 times by 1 test Evaluated by: libcrypto.so.1.1

8-22032

174 BN_ULONG mod = BN_mod_word(a, primes[i]); -

175

if (mod == (BN_ULONG)-1)

mod == (unsigned long)-1	Description
TRUE	never evaluated
FALSE	evaluated 22032 times by 1 test Evaluated by: libcrypto.so.1.1

0-22032

176

goto err;

never executed: goto err;

177

if (mod == 0)

mod == 0	Description
TRUE	evaluated 102 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 21930 times by 1 test Evaluated by: libcrypto.so.1.1

102-21930

178

return BN_is_word(a, primes[i]);

executed 102 times by 1 test: return BN_is_word(a, primes[i]);

Executed by:

libcrypto.so.1.1

102

179

}

executed 21930 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

21930

180

if (!BN_GENCB_call(cb, 1, -1))

!BN_GENCB_call(cb, 1, -1)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: libcrypto.so.1.1

0-8

181

goto err;

never executed: goto err;

182

}

executed 8 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

183 -

184

if (ctx_passed != NULL)

ctx_passed != ((void *)0)	Description
TRUE	evaluated 3473 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 36 times by 1 test Evaluated by: libcrypto.so.1.1

36-3473

185

ctx = ctx_passed;

executed 3473 times by 1 test: ctx = ctx_passed;

Executed by:

libcrypto.so.1.1

3473

186

else if ((ctx = BN_CTX_new()) == NULL)

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 36 times by 1 test Evaluated by: libcrypto.so.1.1

0-36

187

goto err;

never executed: goto err;

188 BN_CTX_start(ctx); -

189 -

190 A1 = BN_CTX_get(ctx); -

191 A3 = BN_CTX_get(ctx); -

192 A1_odd = BN_CTX_get(ctx); -

193 check = BN_CTX_get(ctx); -

194

if (check == NULL)

check == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

0-3509

195

goto err;

never executed: goto err;

196 -

197 /* compute A1 := a - 1 */ -

198

if (!BN_copy(A1, a) || !BN_sub_word(A1, 1))

!BN_copy(A1, a)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

!BN_sub_word(A1, 1)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

0-3509

199

goto err;

never executed: goto err;

200 /* compute A3 := a - 3 */ -

201

if (!BN_copy(A3, a) || !BN_sub_word(A3, 3))

!BN_copy(A3, a)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

!BN_sub_word(A3, 3)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

0-3509

202

goto err;

never executed: goto err;

203 -

204 /* write A1 as A1_odd * 2^k */ -

205 k = 1; -

206

while (!BN_is_bit_set(A1, k))

!BN_is_bit_set(A1, k)	Description
TRUE	evaluated 3591 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

3509-3591

207

k++;

executed 3591 times by 1 test: k++;

Executed by:

libcrypto.so.1.1

3591

208

if (!BN_rshift(A1_odd, A1, k))

!BN_rshift(A1_odd, A1, k)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

0-3509

209

goto err;

never executed: goto err;

210 -

211 /* Montgomery setup for computations mod a */ -

212 mont = BN_MONT_CTX_new(); -

213

if (mont == NULL)

mont == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

0-3509

214

goto err;

never executed: goto err;

215

if (!BN_MONT_CTX_set(mont, a, ctx))

!BN_MONT_CTX_set(mont, a, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1

0-3509

216

goto err;

never executed: goto err;

217 -

218

for (i = 0; i < checks; i++) {

i < checks	Description
TRUE	evaluated 4472 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 173 times by 1 test Evaluated by: libcrypto.so.1.1

173-4472

219 /* 1 < check < a-1 */ -

220

if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2))

!BN_priv_rand_range(check, A3)	Description
TRUE	never evaluated
FALSE	evaluated 4472 times by 1 test Evaluated by: libcrypto.so.1.1

!BN_add_word(check, 2)	Description
TRUE	never evaluated
FALSE	evaluated 4472 times by 1 test Evaluated by: libcrypto.so.1.1

0-4472

221

goto err;

never executed: goto err;

222 -

223 j = witness(check, a, A1, A1_odd, k, ctx, mont); -

224

if (j == -1)

j == -1	Description
TRUE	never evaluated
FALSE	evaluated 4472 times by 1 test Evaluated by: libcrypto.so.1.1

0-4472

225

goto err;

never executed: goto err;

226

if (j) {

j	Description
TRUE	evaluated 3336 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1136 times by 1 test Evaluated by: libcrypto.so.1.1

1136-3336

227 ret = 0; -

228

goto err;

executed 3336 times by 1 test: goto err;

Executed by:

libcrypto.so.1.1

3336

229 } -

230

if (!BN_GENCB_call(cb, 1, i))

!BN_GENCB_call(cb, 1, i)	Description
TRUE	never evaluated
FALSE	evaluated 1136 times by 1 test Evaluated by: libcrypto.so.1.1

0-1136

231

goto err;

never executed: goto err;

232

}

executed 1136 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

1136

233 ret = 1; -

234

err:

code before this statement executed 173 times by 1 test: err:

Executed by:

libcrypto.so.1.1

173

235

if (ctx != NULL) {

ctx != ((void *)0)	Description
TRUE	evaluated 3509 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-3509

236 BN_CTX_end(ctx); -

237

if (ctx_passed == NULL)

ctx_passed == ((void *)0)	Description
TRUE	evaluated 36 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3473 times by 1 test Evaluated by: libcrypto.so.1.1

36-3473

238

BN_CTX_free(ctx);

executed 36 times by 1 test: BN_CTX_free(ctx);

Executed by:

libcrypto.so.1.1

239

}

executed 3509 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

3509

240 BN_MONT_CTX_free(mont); -

241 -

242

return ret;

executed 3509 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

3509

243 } -

244 -

245 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, -

246 const BIGNUM *a1_odd, int k, BN_CTX *ctx, -

247 BN_MONT_CTX *mont) -

248 { -

249

if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */

!BN_mod_exp_mo... a, ctx, mont)	Description
TRUE	never evaluated
FALSE	evaluated 4472 times by 1 test Evaluated by: libcrypto.so.1.1

0-4472

250

return -1;

never executed: return -1;

251

if (BN_is_one(w))

BN_is_one(w)	Description
TRUE	evaluated 401 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 4071 times by 1 test Evaluated by: libcrypto.so.1.1

401-4071

252

return 0; /* probably prime */

executed 401 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

401

253

if (BN_cmp(w, a1) == 0)

BN_cmp(w, a1) == 0	Description
TRUE	evaluated 379 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3692 times by 1 test Evaluated by: libcrypto.so.1.1

379-3692

254

return 0; /* w == -1 (mod a), 'a' is probably prime */

executed 379 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

379

255

while (--k) {

--k	Description
TRUE	evaluated 6484 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3336 times by 1 test Evaluated by: libcrypto.so.1.1

3336-6484

256

if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */

!BN_mod_mul(w, w, w, a, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 6484 times by 1 test Evaluated by: libcrypto.so.1.1

0-6484

257

return -1;

never executed: return -1;

258

if (BN_is_one(w))

BN_is_one(w)	Description
TRUE	never evaluated
FALSE	evaluated 6484 times by 1 test Evaluated by: libcrypto.so.1.1

0-6484

259

return 1; /* 'a' is composite, otherwise a previous 'w'

never executed: return 1;

260 * would have been == -1 (mod 'a') */ -

261

if (BN_cmp(w, a1) == 0)

BN_cmp(w, a1) == 0	Description
TRUE	evaluated 356 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 6128 times by 1 test Evaluated by: libcrypto.so.1.1

356-6128

262

return 0; /* w == -1 (mod a), 'a' is probably prime */

executed 356 times by 1 test: return 0;

Executed by:

libcrypto.so.1.1

356

263

}

executed 6128 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

6128

264 /* -

265 * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and -

266 * it is neither -1 nor +1 -- so 'a' cannot be prime -

267 */ -

268 bn_check_top(w); -

269

return 1;

executed 3336 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

3336

270 } -

271 -

272 static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) -

273 { -

274 int i; -

275 BN_ULONG delta; -

276 BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; -

277 char is_single_word = bits <= BN_BITS2; -

278 -

279

again:

code before this statement executed 3382 times by 1 test: again:

Executed by:

libcrypto.so.1.1

3382

280 /* TODO: Not all primes are private */ -

281

if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))

!BN_priv_rand(rnd, bits, 1, 1)	Description
TRUE	never evaluated
FALSE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1

0-3382

282

return 0;

never executed: return 0;

283 /* we now have a random number 'rnd' to test. */ -

284

for (i = 1; i < NUMPRIMES; i++) {

i < 2048	Description
TRUE	evaluated 6922954 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1

3382-6922954

285 BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); -

286

if (mod == (BN_ULONG)-1)

mod == (unsigned long)-1	Description
TRUE	never evaluated
FALSE	evaluated 6922954 times by 1 test Evaluated by: libcrypto.so.1.1

0-6922954

287

return 0;

never executed: return 0;

288 mods[i] = (prime_t) mod; -

289

}

executed 6922954 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

6922954

290 /* -

291 * If bits is so small that it fits into a single word then we -

292 * additionally don't want to exceed that many bits. -

293 */ -

294

if (is_single_word) {

is_single_word	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3381 times by 1 test Evaluated by: libcrypto.so.1.1

1-3381

295 BN_ULONG size_limit; -

296 -

297

if (bits == BN_BITS2) {

bits == (8 * 8)	Description
TRUE	never evaluated
FALSE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1

0-1

298 /* -

299 * Shifting by this much has undefined behaviour so we do it a -

300 * different way -

301 */ -

302 size_limit = ~((BN_ULONG)0) - BN_get_word(rnd); -

303

} else {

never executed: end of block

304 size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; -

305

}

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

306

if (size_limit < maxdelta)

size_limit < maxdelta	Description
TRUE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-1

307

maxdelta = size_limit;

executed 1 time by 1 test: maxdelta = size_limit;

Executed by:

libcrypto.so.1.1

308

}

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

309 delta = 0; -

310

loop:

code before this statement executed 3382 times by 1 test: loop:

Executed by:

libcrypto.so.1.1

3382

311

if (is_single_word) {

is_single_word	Description
TRUE	evaluated 4 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 370074 times by 1 test Evaluated by: libcrypto.so.1.1

4-370074

312 BN_ULONG rnd_word = BN_get_word(rnd); -

313 -

314 /*- -

315 * In the case that the candidate prime is a single word then -

316 * we check that: -

317 * 1) It's greater than primes[i] because we shouldn't reject -

318 * 3 as being a prime number because it's a multiple of -

319 * three. -

320 * 2) That it's not a multiple of a known prime. We don't -

321 * check that rnd-1 is also coprime to all the known -

322 * primes because there aren't many small primes where -

323 * that's true. -

324 */ -

325

for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {

i < 2048	Description
TRUE	evaluated 175 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

primes[i] < rnd_word	Description
TRUE	evaluated 174 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1 time by 1 test Evaluated by: libcrypto.so.1.1

0-175

326

if ((mods[i] + delta) % primes[i] == 0) {

(mods[i] + del...primes[i] == 0	Description
TRUE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 171 times by 1 test Evaluated by: libcrypto.so.1.1

3-171

327 delta += 2; -

328

if (delta > maxdelta)

delta > maxdelta	Description
TRUE	never evaluated
FALSE	evaluated 3 times by 1 test Evaluated by: libcrypto.so.1.1

0-3

329

goto again;

never executed: goto again;

330

goto loop;

executed 3 times by 1 test: goto loop;

Executed by:

libcrypto.so.1.1

331 } -

332

}

executed 171 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

171

333

} else {

executed 1 time by 1 test: end of block

Executed by:

libcrypto.so.1.1

334

for (i = 1; i < NUMPRIMES; i++) {

i < 2048	Description
TRUE	evaluated 10173323 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3381 times by 1 test Evaluated by: libcrypto.so.1.1

3381-10173323

335 /* -

336 * check that rnd is not a prime and also that gcd(rnd-1,primes) -

337 * == 1 (except for 2) -

338 */ -

339

if (((mods[i] + delta) % primes[i]) <= 1) {

((mods[i] + de...rimes[i]) <= 1	Description
TRUE	evaluated 366693 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 9806630 times by 1 test Evaluated by: libcrypto.so.1.1

366693-9806630

340 delta += 2; -

341

if (delta > maxdelta)

delta > maxdelta	Description
TRUE	never evaluated
FALSE	evaluated 366693 times by 1 test Evaluated by: libcrypto.so.1.1

0-366693

342

goto again;

never executed: goto again;

343

goto loop;

executed 366693 times by 1 test: goto loop;

Executed by:

libcrypto.so.1.1

366693

344 } -

345

}

executed 9806630 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

9806630

346

}

executed 3381 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

3381

347

if (!BN_add_word(rnd, delta))

!BN_add_word(rnd, delta)	Description
TRUE	never evaluated
FALSE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1

0-3382

348

return 0;

never executed: return 0;

349

if (BN_num_bits(rnd) != bits)

BN_num_bits(rnd) != bits	Description
TRUE	never evaluated
FALSE	evaluated 3382 times by 1 test Evaluated by: libcrypto.so.1.1

0-3382

350

goto again;

never executed: goto again;

351 bn_check_top(rnd); -

352

return 1;

executed 3382 times by 1 test: return 1;

Executed by:

libcrypto.so.1.1

3382

353 } -

354 -

355 int bn_probable_prime_dh(BIGNUM *rnd, int bits, -

356 const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) -

357 { -

358 int i, ret = 0; -

359 BIGNUM *t1; -

360 -

361 BN_CTX_start(ctx); -

362

if ((t1 = BN_CTX_get(ctx)) == NULL)

(t1 = BN_CTX_g...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

363

goto err;

never executed: goto err;

364 -

365

if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))

!BN_rand(rnd, bits, 0, 1)	Description
TRUE	never evaluated
FALSE	never evaluated

366

goto err;

never executed: goto err;

367 -

368 /* we need ((rnd-rem) % add) == 0 */ -

369 -

370

if (!BN_mod(t1, rnd, add, ctx))

!BN_div( ((voi...),(add),(ctx))	Description
TRUE	never evaluated
FALSE	never evaluated

371

goto err;

never executed: goto err;

372

if (!BN_sub(rnd, rnd, t1))

!BN_sub(rnd, rnd, t1)	Description
TRUE	never evaluated
FALSE	never evaluated

373

goto err;

never executed: goto err;

374

if (rem == NULL) {

rem == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

375

if (!BN_add_word(rnd, 1))

!BN_add_word(rnd, 1)	Description
TRUE	never evaluated
FALSE	never evaluated

376

goto err;

never executed: goto err;

377

} else {

never executed: end of block

378

if (!BN_add(rnd, rnd, rem))

!BN_add(rnd, rnd, rem)	Description
TRUE	never evaluated
FALSE	never evaluated

379

goto err;

never executed: goto err;

380

}

never executed: end of block

381 -

382 /* we now have a random number 'rand' to test. */ -

383 -

384

loop:

code before this statement never executed: loop:

385

for (i = 1; i < NUMPRIMES; i++) {

i < 2048	Description
TRUE	never evaluated
FALSE	never evaluated

386 /* check that rnd is a prime */ -

387 BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); -

388

if (mod == (BN_ULONG)-1)

mod == (unsigned long)-1	Description
TRUE	never evaluated
FALSE	never evaluated

389

goto err;

never executed: goto err;

390

if (mod <= 1) {

mod <= 1	Description
TRUE	never evaluated
FALSE	never evaluated

391

if (!BN_add(rnd, rnd, add))

!BN_add(rnd, rnd, add)	Description
TRUE	never evaluated
FALSE	never evaluated

392

goto err;

never executed: goto err;

393

goto loop;

never executed: goto loop;

394 } -

395

}

never executed: end of block

396 ret = 1; -

397 -

398

err:

code before this statement never executed: err:

399 BN_CTX_end(ctx); -

400 bn_check_top(rnd); -

401

return ret;

never executed: return ret;

402 } -

403 -

404 static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, -

405 const BIGNUM *rem, BN_CTX *ctx) -

406 { -

407 int i, ret = 0; -

408 BIGNUM *t1, *qadd, *q; -

409 -

410 bits--; -

411 BN_CTX_start(ctx); -

412 t1 = BN_CTX_get(ctx); -

413 q = BN_CTX_get(ctx); -

414 qadd = BN_CTX_get(ctx); -

415

if (qadd == NULL)

qadd == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

416

goto err;

never executed: goto err;

417 -

418

if (!BN_rshift1(qadd, padd))

!BN_rshift1(qadd, padd)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

419

goto err;

never executed: goto err;

420 -

421

if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))

!BN_rand(q, bits, 0, 1)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

422

goto err;

never executed: goto err;

423 -

424 /* we need ((rnd-rem) % add) == 0 */ -

425

if (!BN_mod(t1, q, qadd, ctx))

!BN_div( ((voi...,(qadd),(ctx))	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

426

goto err;

never executed: goto err;

427

if (!BN_sub(q, q, t1))

!BN_sub(q, q, t1)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

428

goto err;

never executed: goto err;

429

if (rem == NULL) {

rem == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

430

if (!BN_add_word(q, 1))

!BN_add_word(q, 1)	Description
TRUE	never evaluated
FALSE	never evaluated

431

goto err;

never executed: goto err;

432

} else {

never executed: end of block

433

if (!BN_rshift1(t1, rem))

!BN_rshift1(t1, rem)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

434

goto err;

never executed: goto err;

435

if (!BN_add(q, q, t1))

!BN_add(q, q, t1)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

436

goto err;

never executed: goto err;

437

}

executed 14 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

438 -

439 /* we now have a random number 'rand' to test. */ -

440

if (!BN_lshift1(p, q))

!BN_lshift1(p, q)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

441

goto err;

never executed: goto err;

442

if (!BN_add_word(p, 1))

!BN_add_word(p, 1)	Description
TRUE	never evaluated
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

0-14

443

goto err;

never executed: goto err;

444 -

445

loop:

code before this statement executed 14 times by 1 test: loop:

Executed by:

libcrypto.so.1.1

446

for (i = 1; i < NUMPRIMES; i++) {

i < 2048	Description
TRUE	evaluated 38758 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 14 times by 1 test Evaluated by: libcrypto.so.1.1

14-38758

447 /* check that p and q are prime */ -

448 /* -

449 * check that for p and q gcd(p-1,primes) == 1 (except for 2) -

450 */ -

451 BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]); -

452 BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]); -

453

if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)

pmod == (unsigned long)-1	Description
TRUE	never evaluated
FALSE	evaluated 38758 times by 1 test Evaluated by: libcrypto.so.1.1

qmod == (unsigned long)-1	Description
TRUE	never evaluated
FALSE	evaluated 38758 times by 1 test Evaluated by: libcrypto.so.1.1

0-38758

454

goto err;

never executed: goto err;

455

if (pmod == 0 || qmod == 0) {

pmod == 0	Description
TRUE	evaluated 471 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 38287 times by 1 test Evaluated by: libcrypto.so.1.1

qmod == 0	Description
TRUE	evaluated 494 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 37793 times by 1 test Evaluated by: libcrypto.so.1.1

471-38287

456

if (!BN_add(p, p, padd))

!BN_add(p, p, padd)	Description
TRUE	never evaluated
FALSE	evaluated 965 times by 1 test Evaluated by: libcrypto.so.1.1

0-965

457

goto err;

never executed: goto err;

458

if (!BN_add(q, q, qadd))

!BN_add(q, q, qadd)	Description
TRUE	never evaluated
FALSE	evaluated 965 times by 1 test Evaluated by: libcrypto.so.1.1

0-965

459

goto err;

never executed: goto err;

460

goto loop;

executed 965 times by 1 test: goto loop;

Executed by:

libcrypto.so.1.1

965

461 } -

462

}

executed 37793 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

37793

463 ret = 1; -

464 -

465

err:

code before this statement executed 14 times by 1 test: err:

Executed by:

libcrypto.so.1.1

466 BN_CTX_end(ctx); -

467 bn_check_top(p); -

468

return ret;

executed 14 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

469 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2