bn_gcd.c

noinv	Description
TRUE	evaluated 455 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 79056 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

455-79056

131

BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);

executed 455 times by 1 test: ERR_put_error(3,(110),(108),__FILE__,131);

Executed by:

libcrypto.so.1.1

455

132

return rv;

executed 79511 times by 2 tests: return rv;

Executed by:

libcrypto.so.1.1
sm2_internal_test

79511

133

}

-

134

-

135

BIGNUM *int_bn_mod_inverse(BIGNUM *in,

-

136

const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,

-

137

int *pnoinv)

-

138

{

-

139

BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;

-

140

BIGNUM *ret = NULL;

-

141

int sign;

-

142

-

143

/* This is invalid input so we don't worry about constant time here */

-

144

if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {

BN_abs_is_word(n, 1)	Description
TRUE	never evaluated
FALSE	evaluated 81259 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

BN_is_zero(n)	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 81220 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-81259

145

if (pnoinv != NULL)

pnoinv != ((void *)0)	Description
TRUE	evaluated 39 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-39

146

*pnoinv = 1;

executed 39 times by 1 test: *pnoinv = 1;

Executed by:

libcrypto.so.1.1

39

147

return NULL;

executed 39 times by 1 test: return ((void *)0) ;

Executed by:

libcrypto.so.1.1

39

148

}

-

149

-

150

if (pnoinv != NULL)

pnoinv != ((void *)0)	Description
TRUE	evaluated 81220 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	never evaluated

0-81220

151

*pnoinv = 0;

executed 81220 times by 2 tests: *pnoinv = 0;

Executed by:

libcrypto.so.1.1
sm2_internal_test

81220

152

-

153

if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)

(BN_get_flags(a, 0x04) != 0)	Description
TRUE	evaluated 211 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 81009 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

211-81009

154

|| (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {

(BN_get_flags(n, 0x04) != 0)	Description
TRUE	evaluated 10315 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 70694 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

10315-70694

155

return BN_mod_inverse_no_branch(in, a, n, ctx);

executed 10526 times by 1 test: return BN_mod_inverse_no_branch(in, a, n, ctx);

Executed by:

libcrypto.so.1.1

10526

156

}

-

157

-

158

bn_check_top(a);

-

159

bn_check_top(n);

-

160

-

161

BN_CTX_start(ctx);

-

162

A = BN_CTX_get(ctx);

-

163

B = BN_CTX_get(ctx);

-

164

X = BN_CTX_get(ctx);

-

165

D = BN_CTX_get(ctx);

-

166

M = BN_CTX_get(ctx);

-

167

Y = BN_CTX_get(ctx);

-

168

T = BN_CTX_get(ctx);

-

169

if (T == NULL)

T == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 70694 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-70694

170

goto err;

never executed: goto err;

0

171

-

172

if (in == NULL)

in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 70694 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-70694

173

R = BN_new();

never executed: R = BN_new();

0

174

else

-

175

R = in;

executed 70694 times by 2 tests: R = in;

Executed by:

libcrypto.so.1.1
sm2_internal_test

70694

176

if (R == NULL)

R == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 70694 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-70694

177

goto err;

never executed: goto err;

0

178

-

179

BN_one(X);

-

180

BN_zero(Y);

-

181

if (BN_copy(B, a) == NULL)

BN_copy(B, a) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 70694 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-70694

182

goto err;

never executed: goto err;

0

183

if (BN_copy(A, n) == NULL)

BN_copy(A, n) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 70694 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-70694

184

goto err;

never executed: goto err;

0

185

A->neg = 0;

-

186

if (B->neg || (BN_ucmp(B, A) >= 0)) {

B->neg	Description
TRUE	never evaluated
FALSE	evaluated 70694 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

(BN_ucmp(B, A) >= 0)	Description
TRUE	evaluated 68387 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 2307 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-70694

187

if (!BN_nnmod(B, B, A, ctx))

!BN_nnmod(B, B, A, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 68387 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-68387

188

goto err;

never executed: goto err;

0

189

}

executed 68387 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

68387

190

sign = -1;

-

191

/*-

-

192

* From B = a mod |n|, A = |n| it follows that

-

193

*

-

194

* 0 <= B < A,

-

195

* -sign*X*a == B (mod |n|),

-

196

* sign*Y*a == A (mod |n|).

-

197

*/

-

198

-

199

if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) {

BN_is_odd(n)	Description
TRUE	evaluated 70143 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 551 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_num_bits(n) <= 2048)	Description
TRUE	evaluated 70143 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	never evaluated

0-70143

200

/*

-

201

* Binary inversion algorithm; requires odd modulus. This is faster

-

202

* than the general algorithm if the modulus is sufficiently small

-

203

* (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit

-

204

* systems)

-

205

*/

-

206

int shift;

-

207

-

208

while (!BN_is_zero(B)) {

!BN_is_zero(B)	Description
TRUE	evaluated 4775524 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 70143 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

70143-4775524

209

/*-

-

210

* 0 < B < |n|,

-

211

* 0 < A <= |n|,

-

212

* (1) -sign*X*a == B (mod |n|),

-

213

* (2) sign*Y*a == A (mod |n|)

-

214

*/

-

215

-

216

/*

-

217

* Now divide B by the maximum possible power of two in the

-

218

* integers, and divide X by the same value mod |n|. When we're

-

219

* done, (1) still holds.

-

220

*/

-

221

shift = 0;

-

222

while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */

!BN_is_bit_set(B, shift)	Description
TRUE	evaluated 1833163 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 4775524 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

1833163-4775524

223

shift++;

-

224

-

225

if (BN_is_odd(X)) {

BN_is_odd(X)	Description
TRUE	evaluated 870111 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 963052 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

870111-963052

226

if (!BN_uadd(X, X, n))

!BN_uadd(X, X, n)	Description
TRUE	never evaluated
FALSE	evaluated 870111 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-870111

227

goto err;

never executed: goto err;

0

228

}

executed 870111 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

870111

229

/*

-

230

* now X is even, so we can easily divide it by two

-

231

*/

-

232

if (!BN_rshift1(X, X))

!BN_rshift1(X, X)	Description
TRUE	never evaluated
FALSE	evaluated 1833163 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1833163

233

goto err;

never executed: goto err;

0

234

}

executed 1833163 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1833163

235

if (shift > 0) {

shift > 0	Description
TRUE	evaluated 1554190 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 3221334 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

1554190-3221334

236

if (!BN_rshift(B, B, shift))

!BN_rshift(B, B, shift)	Description
TRUE	never evaluated
FALSE	evaluated 1554190 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1554190

237

goto err;

never executed: goto err;

0

238

}

executed 1554190 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1554190

239

-

240

/*

-

241

* Same for A and Y. Afterwards, (2) still holds.

-

242

*/

-

243

shift = 0;

-

244

while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */

!BN_is_bit_set(A, shift)	Description
TRUE	evaluated 3437183 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 4775524 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

3437183-4775524

245

shift++;

-

246

-

247

if (BN_is_odd(Y)) {

BN_is_odd(Y)	Description
TRUE	evaluated 2340830 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 1096353 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

1096353-2340830

248

if (!BN_uadd(Y, Y, n))

!BN_uadd(Y, Y, n)	Description
TRUE	never evaluated
FALSE	evaluated 2340830 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-2340830

249

goto err;

never executed: goto err;

0

250

}

executed 2340830 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

2340830

251

/* now Y is even */

-

252

if (!BN_rshift1(Y, Y))

!BN_rshift1(Y, Y)	Description
TRUE	never evaluated
FALSE	evaluated 3437183 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-3437183

253

goto err;

never executed: goto err;

0

254

}

executed 3437183 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

3437183

255

if (shift > 0) {

shift > 0	Description
TRUE	evaluated 3161741 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 1613783 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

1613783-3161741

256

if (!BN_rshift(A, A, shift))

!BN_rshift(A, A, shift)	Description
TRUE	never evaluated
FALSE	evaluated 3161741 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-3161741

257

goto err;

never executed: goto err;

0

258

}

executed 3161741 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

3161741

259

-

260

/*-

-

261

* We still have (1) and (2).

-

262

* Both A and B are odd.

-

263

* The following computations ensure that

-

264

*

-

265

* 0 <= B < |n|,

-

266

* 0 < A < |n|,

-

267

* (1) -sign*X*a == B (mod |n|),

-

268

* (2) sign*Y*a == A (mod |n|),

-

269

*

-

270

* and that either A or B is even in the next iteration.

-

271

*/

-

272

if (BN_ucmp(B, A) >= 0) {

BN_ucmp(B, A) >= 0	Description
TRUE	evaluated 1613783 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 3161741 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

1613783-3161741

273

/* -sign*(X + Y)*a == B - A (mod |n|) */

-

274

if (!BN_uadd(X, X, Y))

!BN_uadd(X, X, Y)	Description
TRUE	never evaluated
FALSE	evaluated 1613783 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1613783

275

goto err;

never executed: goto err;

0

276

/*

-

277

* NB: we could use BN_mod_add_quick(X, X, Y, n), but that

-

278

* actually makes the algorithm slower

-

279

*/

-

280

if (!BN_usub(B, B, A))

!BN_usub(B, B, A)	Description
TRUE	never evaluated
FALSE	evaluated 1613783 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-1613783

281

goto err;

never executed: goto err;

0

282

} else {

executed 1613783 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

1613783

283

/* sign*(X + Y)*a == A - B (mod |n|) */

-

284

if (!BN_uadd(Y, Y, X))

!BN_uadd(Y, Y, X)	Description
TRUE	never evaluated
FALSE	evaluated 3161741 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-3161741

285

goto err;

never executed: goto err;

0

286

/*

-

287

* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down

-

288

*/

-

289

if (!BN_usub(A, A, B))

!BN_usub(A, A, B)	Description
TRUE	never evaluated
FALSE	evaluated 3161741 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-3161741

290

goto err;

never executed: goto err;

0

291

}

executed 3161741 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

3161741

292

}

-

293

} else {

executed 70143 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

70143

294

/* general inversion algorithm */

-

295

-

296

while (!BN_is_zero(B)) {

!BN_is_zero(B)	Description
TRUE	evaluated 23007 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 551 times by 1 test Evaluated by: libcrypto.so.1.1

551-23007

297

BIGNUM *tmp;

-

298

-

299

/*-

-

300

* 0 < B < A,

-

301

* (*) -sign*X*a == B (mod |n|),

-

302

* sign*Y*a == A (mod |n|)

-

303

*/

-

304

-

305

/* (D, M) := (A/B, A%B) ... */

-

306

if (BN_num_bits(A) == BN_num_bits(B)) {

BN_num_bits(A)...BN_num_bits(B)	Description
TRUE	evaluated 4676 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 18331 times by 1 test Evaluated by: libcrypto.so.1.1

4676-18331

307

if (!BN_one(D))

!(BN_set_word((D),1))	Description
TRUE	never evaluated
FALSE	evaluated 4676 times by 1 test Evaluated by: libcrypto.so.1.1

0-4676

308

goto err;

never executed: goto err;

0

309

if (!BN_sub(M, A, B))

!BN_sub(M, A, B)	Description
TRUE	never evaluated
FALSE	evaluated 4676 times by 1 test Evaluated by: libcrypto.so.1.1

0-4676

310

goto err;

never executed: goto err;

0

311

} else if (BN_num_bits(A) == BN_num_bits(B) + 1) {

executed 4676 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

BN_num_bits(A)...um_bits(B) + 1	Description
TRUE	evaluated 8470 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 9861 times by 1 test Evaluated by: libcrypto.so.1.1

4676-9861

312

/* A/B is 1, 2, or 3 */

-

313

if (!BN_lshift1(T, B))

!BN_lshift1(T, B)	Description
TRUE	never evaluated
FALSE	evaluated 8470 times by 1 test Evaluated by: libcrypto.so.1.1

0-8470

314

goto err;

never executed: goto err;

0

315

if (BN_ucmp(A, T) < 0) {

BN_ucmp(A, T) < 0	Description
TRUE	evaluated 4760 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3710 times by 1 test Evaluated by: libcrypto.so.1.1

3710-4760

316

/* A < 2*B, so D=1 */

-

317

if (!BN_one(D))

!(BN_set_word((D),1))	Description
TRUE	never evaluated
FALSE	evaluated 4760 times by 1 test Evaluated by: libcrypto.so.1.1

0-4760

318

goto err;

never executed: goto err;

0

319

if (!BN_sub(M, A, B))

!BN_sub(M, A, B)	Description
TRUE	never evaluated
FALSE	evaluated 4760 times by 1 test Evaluated by: libcrypto.so.1.1

0-4760

320

goto err;

never executed: goto err;

0

321

} else {

executed 4760 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

4760

322

/* A >= 2*B, so D=2 or D=3 */

-

323

if (!BN_sub(M, A, T))

!BN_sub(M, A, T)	Description
TRUE	never evaluated
FALSE	evaluated 3710 times by 1 test Evaluated by: libcrypto.so.1.1

0-3710

324

goto err;

never executed: goto err;

0

325

if (!BN_add(D, T, B))

!BN_add(D, T, B)	Description
TRUE	never evaluated
FALSE	evaluated 3710 times by 1 test Evaluated by: libcrypto.so.1.1

0-3710

326

goto err; /* use D (:= 3*B) as temp */

never executed: goto err;

0

327

if (BN_ucmp(A, D) < 0) {

BN_ucmp(A, D) < 0	Description
TRUE	evaluated 3078 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 632 times by 1 test Evaluated by: libcrypto.so.1.1

632-3078

328

/* A < 3*B, so D=2 */

-

329

if (!BN_set_word(D, 2))

!BN_set_word(D, 2)	Description
TRUE	never evaluated
FALSE	evaluated 3078 times by 1 test Evaluated by: libcrypto.so.1.1

0-3078

330

goto err;

never executed: goto err;

0

331

/*

-

332

* M (= A - 2*B) already has the correct value

-

333

*/

-

334

} else {

executed 3078 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

3078

335

/* only D=3 remains */

-

336

if (!BN_set_word(D, 3))

!BN_set_word(D, 3)	Description
TRUE	never evaluated
FALSE	evaluated 632 times by 1 test Evaluated by: libcrypto.so.1.1

0-632

337

goto err;

never executed: goto err;

0

338

/*

-

339

* currently M = A - 2*B, but we need M = A - 3*B

-

340

*/

-

341

if (!BN_sub(M, M, B))

!BN_sub(M, M, B)	Description
TRUE	never evaluated
FALSE	evaluated 632 times by 1 test Evaluated by: libcrypto.so.1.1

0-632

342

goto err;

never executed: goto err;

0

343

}

executed 632 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

632

344

}

-

345

} else {

-

346

if (!BN_div(D, M, A, B, ctx))

!BN_div(D, M, A, B, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 9861 times by 1 test Evaluated by: libcrypto.so.1.1

0-9861

347

goto err;

never executed: goto err;

0

348

}

executed 9861 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

9861

349

-

350

/*-

-

351

* Now

-

352

* A = D*B + M;

-

353

* thus we have

-

354

* (**) sign*Y*a == D*B + M (mod |n|).

-

355

*/

-

356

-

357

tmp = A; /* keep the BIGNUM object, the value does not matter */

-

358

-

359

/* (A, B) := (B, A mod B) ... */

-

360

A = B;

-

361

B = M;

-

362

/* ... so we have 0 <= B < A again */

-

363

-

364

/*-

-

365

* Since the former M is now B and the former B is now A,

-

366

* (**) translates into

-

367

* sign*Y*a == D*A + B (mod |n|),

-

368

* i.e.

-

369

* sign*Y*a - D*A == B (mod |n|).

-

370

* Similarly, (*) translates into

-

371

* -sign*X*a == A (mod |n|).

-

372

*

-

373

* Thus,

-

374

* sign*Y*a + D*sign*X*a == B (mod |n|),

-

375

* i.e.

-

376

* sign*(Y + D*X)*a == B (mod |n|).

-

377

*

-

378

* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at

-

379

* -sign*X*a == B (mod |n|),

-

380

* sign*Y*a == A (mod |n|).

-

381

* Note that X and Y stay non-negative all the time.

-

382

*/

-

383

-

384

/*

-

385

* most of the time D is very small, so we can optimize tmp := D*X+Y

-

386

*/

-

387

if (BN_is_one(D)) {

BN_is_one(D)	Description
TRUE	evaluated 9436 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 13571 times by 1 test Evaluated by: libcrypto.so.1.1

9436-13571

388

if (!BN_add(tmp, X, Y))

!BN_add(tmp, X, Y)	Description
TRUE	never evaluated
FALSE	evaluated 9436 times by 1 test Evaluated by: libcrypto.so.1.1

0-9436

389

goto err;

never executed: goto err;

0

390

} else {

executed 9436 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

9436

391

if (BN_is_word(D, 2)) {

BN_is_word(D, 2)	Description
TRUE	evaluated 4135 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 9436 times by 1 test Evaluated by: libcrypto.so.1.1

4135-9436

392

if (!BN_lshift1(tmp, X))

!BN_lshift1(tmp, X)	Description
TRUE	never evaluated
FALSE	evaluated 4135 times by 1 test Evaluated by: libcrypto.so.1.1

0-4135

393

goto err;

never executed: goto err;

0

394

} else if (BN_is_word(D, 4)) {

executed 4135 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

BN_is_word(D, 4)	Description
TRUE	evaluated 1560 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 7876 times by 1 test Evaluated by: libcrypto.so.1.1

1560-7876

395

if (!BN_lshift(tmp, X, 2))

!BN_lshift(tmp, X, 2)	Description
TRUE	never evaluated
FALSE	evaluated 1560 times by 1 test Evaluated by: libcrypto.so.1.1

0-1560

396

goto err;

never executed: goto err;

0

397

} else if (D->top == 1) {

executed 1560 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

D->top == 1	Description
TRUE	evaluated 7870 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 6 times by 1 test Evaluated by: libcrypto.so.1.1

6-7870

398

if (!BN_copy(tmp, X))

!BN_copy(tmp, X)	Description
TRUE	never evaluated
FALSE	evaluated 7870 times by 1 test Evaluated by: libcrypto.so.1.1

0-7870

399

goto err;

never executed: goto err;

0

400

if (!BN_mul_word(tmp, D->d[0]))

!BN_mul_word(tmp, D->d[0])	Description
TRUE	never evaluated
FALSE	evaluated 7870 times by 1 test Evaluated by: libcrypto.so.1.1

0-7870

401

goto err;

never executed: goto err;

0

402

} else {

executed 7870 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

7870

403

if (!BN_mul(tmp, D, X, ctx))

!BN_mul(tmp, D, X, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 1 test Evaluated by: libcrypto.so.1.1

0-6

404

goto err;

never executed: goto err;

0

405

}

executed 6 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

6

406

if (!BN_add(tmp, tmp, Y))

!BN_add(tmp, tmp, Y)	Description
TRUE	never evaluated
FALSE	evaluated 13571 times by 1 test Evaluated by: libcrypto.so.1.1

0-13571

407

goto err;

never executed: goto err;

0

408

}

executed 13571 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

13571

409

-

410

M = Y; /* keep the BIGNUM object, the value does not matter */

-

411

Y = X;

-

412

X = tmp;

-

413

sign = -sign;

-

414

}

executed 23007 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

23007

415

}

executed 551 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

551

416

-

417

/*-

-

418

* The while loop (Euclid's algorithm) ends when

-

419

* A == gcd(a,n);

-

420

* we have

-

421

* sign*Y*a == A (mod |n|),

-

422

* where Y is non-negative.

-

423

*/

-

424

-

425

if (sign < 0) {

sign < 0	Description
TRUE	evaluated 70525 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 169 times by 1 test Evaluated by: libcrypto.so.1.1

169-70525

426

if (!BN_sub(Y, n, Y))

!BN_sub(Y, n, Y)	Description
TRUE	never evaluated
FALSE	evaluated 70525 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-70525

427

goto err;

never executed: goto err;

0

428

}

executed 70525 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

70525

429

/* Now Y*a == A (mod |n|). */

-

430

-

431

if (BN_is_one(A)) {

BN_is_one(A)	Description
TRUE	evaluated 70278 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 416 times by 1 test Evaluated by: libcrypto.so.1.1

416-70278

432

/* Y*a == 1 (mod |n|) */

-

433

if (!Y->neg && BN_ucmp(Y, n) < 0) {

!Y->neg	Description
TRUE	evaluated 24941 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	evaluated 45337 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

BN_ucmp(Y, n) < 0	Description
TRUE	evaluated 24941 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test
FALSE	never evaluated

0-45337

434

if (!BN_copy(R, Y))

!BN_copy(R, Y)	Description
TRUE	never evaluated
FALSE	evaluated 24941 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-24941

435

goto err;

never executed: goto err;

0

436

} else {

executed 24941 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

24941

437

if (!BN_nnmod(R, Y, n, ctx))

!BN_nnmod(R, Y, n, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 45337 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

0-45337

438

goto err;

never executed: goto err;

0

439

}

executed 45337 times by 2 tests: end of block

Executed by:

libcrypto.so.1.1
sm2_internal_test

45337

440

} else {

-

441

if (pnoinv)

pnoinv	Description
TRUE	evaluated 416 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-416

442

*pnoinv = 1;

executed 416 times by 1 test: *pnoinv = 1;

Executed by:

libcrypto.so.1.1

416

443

goto err;

executed 416 times by 1 test: goto err;

Executed by:

libcrypto.so.1.1

416

444

}

-

445

ret = R;

-

446

err:

code before this statement executed 70278 times by 2 tests: err:

Executed by:

libcrypto.so.1.1
sm2_internal_test

70278

447

if ((ret == NULL) && (in == NULL))

(ret == ((void *)0) )	Description
TRUE	evaluated 416 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 70278 times by 2 tests Evaluated by: libcrypto.so.1.1 sm2_internal_test

(in == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 416 times by 1 test Evaluated by: libcrypto.so.1.1

0-70278

448

BN_free(R);

never executed: BN_free(R);

0

449

BN_CTX_end(ctx);

-

450

bn_check_top(ret);

-

451

return ret;

executed 70694 times by 2 tests: return ret;

Executed by:

libcrypto.so.1.1
sm2_internal_test

70694

452

}

-

453

-

454

/*

-

455

* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does

-

456

* not contain branches that may leak sensitive information.

-

457

*/

-

458

static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,

-

459

const BIGNUM *a, const BIGNUM *n,

-

460

BN_CTX *ctx)

-

461

{

-

462

BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;

-

463

BIGNUM *ret = NULL;

-

464

int sign;

-

465

-

466

bn_check_top(a);

-

467

bn_check_top(n);

-

468

-

469

BN_CTX_start(ctx);

-

470

A = BN_CTX_get(ctx);

-

471

B = BN_CTX_get(ctx);

-

472

X = BN_CTX_get(ctx);

-

473

D = BN_CTX_get(ctx);

-

474

M = BN_CTX_get(ctx);

-

475

Y = BN_CTX_get(ctx);

-

476

T = BN_CTX_get(ctx);

-

477

if (T == NULL)

T == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

0-10526

478

goto err;

never executed: goto err;

0

479

-

480

if (in == NULL)

in == ((void *)0)	Description
TRUE	evaluated 64 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 10462 times by 1 test Evaluated by: libcrypto.so.1.1

64-10462

481

R = BN_new();

executed 64 times by 1 test: R = BN_new();

Executed by:

libcrypto.so.1.1

64

482

else

-

483

R = in;

executed 10462 times by 1 test: R = in;

Executed by:

libcrypto.so.1.1

10462

484

if (R == NULL)

R == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

0-10526

485

goto err;

never executed: goto err;

0

486

-

487

BN_one(X);

-

488

BN_zero(Y);

-

489

if (BN_copy(B, a) == NULL)

BN_copy(B, a) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

0-10526

490

goto err;

never executed: goto err;

0

491

if (BN_copy(A, n) == NULL)

BN_copy(A, n) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

0-10526

492

goto err;

never executed: goto err;

0

493

A->neg = 0;

-

494

-

495

if (B->neg || (BN_ucmp(B, A) >= 0)) {

B->neg	Description
TRUE	never evaluated
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

(BN_ucmp(B, A) >= 0)	Description
TRUE	evaluated 8676 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 1850 times by 1 test Evaluated by: libcrypto.so.1.1

0-10526

496

/*

-

497

* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,

-

498

* BN_div_no_branch will be called eventually.

-

499

*/

-

500

{

-

501

BIGNUM local_B;

-

502

bn_init(&local_B);

-

503

BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);

-

504

if (!BN_nnmod(B, &local_B, A, ctx))

!BN_nnmod(B, &local_B, A, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 8676 times by 1 test Evaluated by: libcrypto.so.1.1

0-8676

505

goto err;

never executed: goto err;

0

506

/* Ensure local_B goes out of scope before any further use of B */

-

507

}

-

508

}

executed 8676 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

8676

509

sign = -1;

-

510

/*-

-

511

* From B = a mod |n|, A = |n| it follows that

-

512

*

-

513

* 0 <= B < A,

-

514

* -sign*X*a == B (mod |n|),

-

515

* sign*Y*a == A (mod |n|).

-

516

*/

-

517

-

518

while (!BN_is_zero(B)) {

!BN_is_zero(B)	Description
TRUE	evaluated 2412196 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

10526-2412196

519

BIGNUM *tmp;

-

520

-

521

/*-

-

522

* 0 < B < A,

-

523

* (*) -sign*X*a == B (mod |n|),

-

524

* sign*Y*a == A (mod |n|)

-

525

*/

-

526

-

527

/*

-

528

* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,

-

529

* BN_div_no_branch will be called eventually.

-

530

*/

-

531

{

-

532

BIGNUM local_A;

-

533

bn_init(&local_A);

-

534

BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);

-

535

-

536

/* (D, M) := (A/B, A%B) ... */

-

537

if (!BN_div(D, M, &local_A, B, ctx))

!BN_div(D, M, ...cal_A, B, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 2412196 times by 1 test Evaluated by: libcrypto.so.1.1

0-2412196

538

goto err;

never executed: goto err;

0

539

/* Ensure local_A goes out of scope before any further use of A */

-

540

}

-

541

-

542

/*-

-

543

* Now

-

544

* A = D*B + M;

-

545

* thus we have

-

546

* (**) sign*Y*a == D*B + M (mod |n|).

-

547

*/

-

548

-

549

tmp = A; /* keep the BIGNUM object, the value does not

-

550

* matter */

-

551

-

552

/* (A, B) := (B, A mod B) ... */

-

553

A = B;

-

554

B = M;

-

555

/* ... so we have 0 <= B < A again */

-

556

-

557

/*-

-

558

* Since the former M is now B and the former B is now A,

-

559

* (**) translates into

-

560

* sign*Y*a == D*A + B (mod |n|),

-

561

* i.e.

-

562

* sign*Y*a - D*A == B (mod |n|).

-

563

* Similarly, (*) translates into

-

564

* -sign*X*a == A (mod |n|).

-

565

*

-

566

* Thus,

-

567

* sign*Y*a + D*sign*X*a == B (mod |n|),

-

568

* i.e.

-

569

* sign*(Y + D*X)*a == B (mod |n|).

-

570

*

-

571

* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at

-

572

* -sign*X*a == B (mod |n|),

-

573

* sign*Y*a == A (mod |n|).

-

574

* Note that X and Y stay non-negative all the time.

-

575

*/

-

576

-

577

if (!BN_mul(tmp, D, X, ctx))

!BN_mul(tmp, D, X, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 2412196 times by 1 test Evaluated by: libcrypto.so.1.1

0-2412196

578

goto err;

never executed: goto err;

0

579

if (!BN_add(tmp, tmp, Y))

!BN_add(tmp, tmp, Y)	Description
TRUE	never evaluated
FALSE	evaluated 2412196 times by 1 test Evaluated by: libcrypto.so.1.1

0-2412196

580

goto err;

never executed: goto err;

0

581

-

582

M = Y; /* keep the BIGNUM object, the value does not

-

583

* matter */

-

584

Y = X;

-

585

X = tmp;

-

586

sign = -sign;

-

587

}

executed 2412196 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

2412196

588

-

589

/*-

-

590

* The while loop (Euclid's algorithm) ends when

-

591

* A == gcd(a,n);

-

592

* we have

-

593

* sign*Y*a == A (mod |n|),

-

594

* where Y is non-negative.

-

595

*/

-

596

-

597

if (sign < 0) {

sign < 0	Description
TRUE	evaluated 7140 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 3386 times by 1 test Evaluated by: libcrypto.so.1.1

3386-7140

598

if (!BN_sub(Y, n, Y))

!BN_sub(Y, n, Y)	Description
TRUE	never evaluated
FALSE	evaluated 7140 times by 1 test Evaluated by: libcrypto.so.1.1

0-7140

599

goto err;

never executed: goto err;

0

600

}

executed 7140 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

7140

601

/* Now Y*a == A (mod |n|). */

-

602

-

603

if (BN_is_one(A)) {

BN_is_one(A)	Description
TRUE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-10526

604

/* Y*a == 1 (mod |n|) */

-

605

if (!Y->neg && BN_ucmp(Y, n) < 0) {

!Y->neg	Description
TRUE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

BN_ucmp(Y, n) < 0	Description
TRUE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	never evaluated

0-10526

606

if (!BN_copy(R, Y))

!BN_copy(R, Y)	Description
TRUE	never evaluated
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

0-10526

607

goto err;

never executed: goto err;

0

608

} else {

executed 10526 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

10526

609

if (!BN_nnmod(R, Y, n, ctx))

!BN_nnmod(R, Y, n, ctx)	Description
TRUE	never evaluated
FALSE	never evaluated

0

610

goto err;

never executed: goto err;

0

611

}

never executed: end of block

0

612

} else {

-

613

BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);

-

614

goto err;

never executed: goto err;

0

615

}

-

616

ret = R;

-

617

err:

code before this statement executed 10526 times by 1 test: err:

Executed by:

libcrypto.so.1.1

10526

618

if ((ret == NULL) && (in == NULL))

(ret == ((void *)0) )	Description
TRUE	never evaluated
FALSE	evaluated 10526 times by 1 test Evaluated by: libcrypto.so.1.1

(in == ((void *)0) )	Description
TRUE	never evaluated
FALSE	never evaluated

0-10526

619

BN_free(R);

never executed: BN_free(R);

0

620

BN_CTX_end(ctx);

-

621

bn_check_top(ret);

-

622

return ret;

executed 10526 times by 1 test: return ret;

Executed by:

libcrypto.so.1.1

10526

623

}

-