ecp.c:mbedtls_ecp_group_a_is_minus_3: 1023| 3.54k|{ 1024| 3.54k| return grp->A.MBEDTLS_PRIVATE(p) == NULL; ------------------ | | 17| 3.54k|#define MBEDTLS_PRIVATE(member) member ------------------ 1025| 3.54k|} pkparse.c:mbedtls_error_add: 144| 712|{ 145| 712|#if defined(MBEDTLS_TEST_HOOKS) 146| 712| if (*mbedtls_test_hook_error_add != NULL) { ------------------ | Branch (146:9): [True: 0, False: 712] ------------------ 147| 0| (*mbedtls_test_hook_error_add)(high, low, file, line); 148| 0| } 149| 712|#endif 150| 712| (void) file; 151| 712| (void) line; 152| | 153| 712| return high + low; 154| 712|} pem.c:mbedtls_error_add: 144| 87|{ 145| 87|#if defined(MBEDTLS_TEST_HOOKS) 146| 87| if (*mbedtls_test_hook_error_add != NULL) { ------------------ | Branch (146:9): [True: 0, False: 87] ------------------ 147| 0| (*mbedtls_test_hook_error_add)(high, low, file, line); 148| 0| } 149| 87|#endif 150| 87| (void) file; 151| 87| (void) line; 152| | 153| 87| return high + low; 154| 87|} fuzz_pubkey.c:mbedtls_pk_rsa: 1038| 274|{ 1039| 274| switch (mbedtls_pk_get_type(&pk)) { 1040| 274| case MBEDTLS_PK_RSA: ------------------ | Branch (1040:9): [True: 274, False: 0] ------------------ 1041| 274| return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 15| 274|#define MBEDTLS_PRIVATE(member) private_##member ------------------ 1042| 0| default: ------------------ | Branch (1042:9): [True: 0, False: 274] ------------------ 1043| 0| return NULL; 1044| 274| } 1045| 274|} fuzz_pubkey.c:mbedtls_pk_ec: 1061| 944|{ 1062| 944| switch (mbedtls_pk_get_type(&pk)) { 1063| 944| case MBEDTLS_PK_ECKEY: ------------------ | Branch (1063:9): [True: 944, False: 0] ------------------ 1064| 944| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (1064:9): [True: 0, False: 944] ------------------ 1065| 944| case MBEDTLS_PK_ECDSA: ------------------ | Branch (1065:9): [True: 0, False: 944] ------------------ 1066| 944| return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 15| 944|#define MBEDTLS_PRIVATE(member) private_##member ------------------ 1067| 0| default: ------------------ | Branch (1067:9): [True: 0, False: 944] ------------------ 1068| 0| return NULL; 1069| 944| } 1070| 944|} pkparse.c:mbedtls_pk_rsa: 1038| 3.38k|{ 1039| 3.38k| switch (mbedtls_pk_get_type(&pk)) { 1040| 3.38k| case MBEDTLS_PK_RSA: ------------------ | Branch (1040:9): [True: 3.38k, False: 0] ------------------ 1041| 3.38k| return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 3.38k|#define MBEDTLS_PRIVATE(member) member ------------------ 1042| 0| default: ------------------ | Branch (1042:9): [True: 0, False: 3.38k] ------------------ 1043| 0| return NULL; 1044| 3.38k| } 1045| 3.38k|} constant_time.c:mbedtls_get_unaligned_uint64: 220| 7.02M|{ 221| 7.02M| uint64_t r; 222| |#if defined(UINT_UNALIGNED) 223| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 224| | r = *p64; 225| |#elif defined(UINT_UNALIGNED_STRUCT) 226| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 227| | r = p64->x; 228| |#else 229| 7.02M| memcpy(&r, p, sizeof(r)); 230| 7.02M|#endif 231| 7.02M| return r; 232| 7.02M|} constant_time.c:mbedtls_put_unaligned_uint64: 247| 3.51M|{ 248| |#if defined(UINT_UNALIGNED) 249| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 250| | *p64 = x; 251| |#elif defined(UINT_UNALIGNED_STRUCT) 252| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 253| | p64->x = x; 254| |#else 255| 3.51M| memcpy(p, &x, sizeof(x)); 256| 3.51M|#endif 257| 3.51M|} mbedtls_asn1_get_len: 31| 20.2k|{ 32| 20.2k| if ((end - *p) < 1) { ------------------ | Branch (32:9): [True: 16, False: 20.1k] ------------------ 33| 16| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 16|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 34| 16| } 35| | 36| 20.1k| if ((**p & 0x80) == 0) { ------------------ | Branch (36:9): [True: 19.3k, False: 881] ------------------ 37| 19.3k| *len = *(*p)++; 38| 19.3k| } else { 39| 881| int n = (**p) & 0x7F; 40| 881| if (n == 0 || n > 4) { ------------------ | Branch (40:13): [True: 8, False: 873] | Branch (40:23): [True: 80, False: 793] ------------------ 41| 88| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 88|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 42| 88| } 43| 793| if ((end - *p) <= n) { ------------------ | Branch (43:13): [True: 26, False: 767] ------------------ 44| 26| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 26|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 45| 26| } 46| 767| *len = 0; 47| 767| (*p)++; 48| 2.55k| while (n--) { ------------------ | Branch (48:16): [True: 1.79k, False: 767] ------------------ 49| 1.79k| *len = (*len << 8) | **p; 50| 1.79k| (*p)++; 51| 1.79k| } 52| 767| } 53| | 54| 20.0k| if (*len > (size_t) (end - *p)) { ------------------ | Branch (54:9): [True: 419, False: 19.6k] ------------------ 55| 419| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 419|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 56| 419| } 57| | 58| 19.6k| return 0; 59| 20.0k|} mbedtls_asn1_get_tag: 64| 20.6k|{ 65| 20.6k| if ((end - *p) < 1) { ------------------ | Branch (65:9): [True: 112, False: 20.5k] ------------------ 66| 112| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 112|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 67| 112| } 68| | 69| 20.5k| if (**p != tag) { ------------------ | Branch (69:9): [True: 2.96k, False: 17.5k] ------------------ 70| 2.96k| return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; ------------------ | | 39| 2.96k|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ 71| 2.96k| } 72| | 73| 17.5k| (*p)++; 74| | 75| 17.5k| return mbedtls_asn1_get_len(p, end, len); 76| 20.5k|} mbedtls_asn1_get_int: 151| 287|{ 152| 287| return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val); ------------------ | | 65| 287|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ 153| 287|} mbedtls_asn1_get_mpi: 166| 144|{ 167| 144| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 144|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 168| 144| size_t len; 169| | 170| 144| if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 144|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (170:9): [True: 73, False: 71] ------------------ 171| 73| return ret; 172| 73| } 173| | 174| 71| ret = mbedtls_mpi_read_binary(X, *p, len); 175| | 176| 71| *p += len; 177| | 178| 71| return ret; 179| 144|} mbedtls_asn1_get_bitstring_null: 273| 2.85k|{ 274| 2.85k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.85k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 275| | 276| 2.85k| if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) { ------------------ | | 66| 2.85k|#define MBEDTLS_ASN1_BIT_STRING 0x03 ------------------ | Branch (276:9): [True: 94, False: 2.76k] ------------------ 277| 94| return ret; 278| 94| } 279| | 280| 2.76k| if (*len == 0) { ------------------ | Branch (280:9): [True: 4, False: 2.75k] ------------------ 281| 4| return MBEDTLS_ERR_ASN1_INVALID_DATA; ------------------ | | 45| 4|#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 ------------------ 282| 4| } 283| 2.75k| --(*len); 284| | 285| 2.75k| if (**p != 0) { ------------------ | Branch (285:9): [True: 16, False: 2.74k] ------------------ 286| 16| return MBEDTLS_ERR_ASN1_INVALID_DATA; ------------------ | | 45| 16|#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 ------------------ 287| 16| } 288| 2.74k| ++(*p); 289| | 290| 2.74k| return 0; 291| 2.75k|} mbedtls_asn1_get_alg: 354| 3.25k|{ 355| 3.25k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3.25k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 356| 3.25k| size_t len; 357| | 358| 3.25k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (358:9): [True: 96, False: 3.15k] ------------------ 359| 3.25k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3.25k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3.25k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 360| 96| return ret; 361| 96| } 362| | 363| 3.15k| if ((end - *p) < 1) { ------------------ | Branch (363:9): [True: 1, False: 3.15k] ------------------ 364| 1| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 1|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 365| 1| } 366| | 367| 3.15k| alg->tag = **p; 368| 3.15k| end = *p + len; 369| | 370| 3.15k| if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 3.15k|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (370:9): [True: 101, False: 3.05k] ------------------ 371| 101| return ret; 372| 101| } 373| | 374| 3.05k| alg->p = *p; 375| 3.05k| *p += alg->len; 376| | 377| 3.05k| if (*p == end) { ------------------ | Branch (377:9): [True: 439, False: 2.61k] ------------------ 378| 439| mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf)); 379| 439| return 0; 380| 439| } 381| | 382| 2.61k| params->tag = **p; 383| 2.61k| (*p)++; 384| | 385| 2.61k| if ((ret = mbedtls_asn1_get_len(p, end, ¶ms->len)) != 0) { ------------------ | Branch (385:9): [True: 78, False: 2.54k] ------------------ 386| 78| return ret; 387| 78| } 388| | 389| 2.54k| params->p = *p; 390| 2.54k| *p += params->len; 391| | 392| 2.54k| if (*p != end) { ------------------ | Branch (392:9): [True: 10, False: 2.53k] ------------------ 393| 10| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 10|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 394| 10| } 395| | 396| 2.53k| return 0; 397| 2.54k|} asn1parse.c:asn1_get_tagged_int: 104| 287|{ 105| 287| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 287|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 106| 287| size_t len; 107| | 108| 287| if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) { ------------------ | Branch (108:9): [True: 73, False: 214] ------------------ 109| 73| return ret; 110| 73| } 111| | 112| | /* 113| | * len==0 is malformed (0 must be represented as 020100 for INTEGER, 114| | * or 0A0100 for ENUMERATED tags 115| | */ 116| 214| if (len == 0) { ------------------ | Branch (116:9): [True: 3, False: 211] ------------------ 117| 3| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 3|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 118| 3| } 119| | /* This is a cryptography library. Reject negative integers. */ 120| 211| if ((**p & 0x80) != 0) { ------------------ | Branch (120:9): [True: 7, False: 204] ------------------ 121| 7| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 7|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 122| 7| } 123| | 124| | /* Skip leading zeros. */ 125| 589| while (len > 0 && **p == 0) { ------------------ | Branch (125:12): [True: 585, False: 4] | Branch (125:23): [True: 385, False: 200] ------------------ 126| 385| ++(*p); 127| 385| --len; 128| 385| } 129| | 130| | /* Reject integers that don't fit in an int. This code assumes that 131| | * the int type has no padding bit. */ 132| 204| if (len > sizeof(int)) { ------------------ | Branch (132:9): [True: 10, False: 194] ------------------ 133| 10| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 10|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 134| 10| } 135| 194| if (len == sizeof(int) && (**p & 0x80) != 0) { ------------------ | Branch (135:9): [True: 36, False: 158] | Branch (135:31): [True: 8, False: 28] ------------------ 136| 8| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 8|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 137| 8| } 138| | 139| 186| *val = 0; 140| 469| while (len-- > 0) { ------------------ | Branch (140:12): [True: 283, False: 186] ------------------ 141| 283| *val = (*val << 8) | **p; 142| 283| (*p)++; 143| 283| } 144| | 145| 186| return 0; 146| 194|} mbedtls_ct_base64_dec_value: 42| 631k|{ 43| 631k| unsigned char val = 0; 44| | /* For each range of digits, if c is in that range, mask val with 45| | * the corresponding value. Since c can only be in a single range, 46| | * only at most one masking will change val. Set val to one plus 47| | * the desired value so that it stays 0 if c is in none of the ranges. */ 48| 631k| val |= mbedtls_ct_uchar_in_range_if('A', 'Z', c, c - 'A' + 0 + 1); 49| 631k| val |= mbedtls_ct_uchar_in_range_if('a', 'z', c, c - 'a' + 26 + 1); 50| 631k| val |= mbedtls_ct_uchar_in_range_if('0', '9', c, c - '0' + 52 + 1); 51| 631k| val |= mbedtls_ct_uchar_in_range_if('+', '+', c, c - '+' + 62 + 1); 52| 631k| val |= mbedtls_ct_uchar_in_range_if('/', '/', c, c - '/' + 63 + 1); 53| | /* At this point, val is 0 if c is an invalid digit and v+1 if c is 54| | * a digit with the value v. */ 55| 631k| return val - 1; 56| 631k|} mbedtls_base64_decode: 130| 1.19k|{ 131| 1.19k| size_t i; /* index in source */ 132| 1.19k| size_t n; /* number of digits or trailing = in source */ 133| 1.19k| uint32_t x; /* value accumulator */ 134| 1.19k| unsigned accumulated_digits = 0; 135| 1.19k| unsigned equals = 0; 136| 1.19k| int spaces_present = 0; 137| 1.19k| unsigned char *p; 138| | 139| | /* First pass: check for validity and get output length */ 140| 469k| for (i = n = 0; i < slen; i++) { ------------------ | Branch (140:21): [True: 468k, False: 1.09k] ------------------ 141| | /* Skip spaces before checking for EOL */ 142| 468k| spaces_present = 0; 143| 469k| while (i < slen && src[i] == ' ') { ------------------ | Branch (143:16): [True: 469k, False: 22] | Branch (143:28): [True: 799, False: 468k] ------------------ 144| 799| ++i; 145| 799| spaces_present = 1; 146| 799| } 147| | 148| | /* Spaces at end of buffer are OK */ 149| 468k| if (i == slen) { ------------------ | Branch (149:13): [True: 22, False: 468k] ------------------ 150| 22| break; 151| 22| } 152| | 153| 468k| if ((slen - i) >= 2 && ------------------ | Branch (153:13): [True: 467k, False: 1.11k] ------------------ 154| 468k| src[i] == '\r' && src[i + 1] == '\n') { ------------------ | Branch (154:13): [True: 1.10k, False: 466k] | Branch (154:31): [True: 1.10k, False: 7] ------------------ 155| 1.10k| continue; 156| 1.10k| } 157| | 158| 467k| if (src[i] == '\n') { ------------------ | Branch (158:13): [True: 45.6k, False: 421k] ------------------ 159| 45.6k| continue; 160| 45.6k| } 161| | 162| | /* Space inside a line is an error */ 163| 421k| if (spaces_present) { ------------------ | Branch (163:13): [True: 2, False: 421k] ------------------ 164| 2| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 2|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 165| 2| } 166| | 167| 421k| if (src[i] > 127) { ------------------ | Branch (167:13): [True: 14, False: 421k] ------------------ 168| 14| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 14|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 169| 14| } 170| | 171| 421k| if (src[i] == '=') { ------------------ | Branch (171:13): [True: 29, False: 421k] ------------------ 172| 29| if (++equals > 2) { ------------------ | Branch (172:17): [True: 1, False: 28] ------------------ 173| 1| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 1|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 174| 1| } 175| 421k| } else { 176| 421k| if (equals != 0) { ------------------ | Branch (176:17): [True: 1, False: 421k] ------------------ 177| 1| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 1|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 178| 1| } 179| 421k| if (mbedtls_ct_base64_dec_value(src[i]) < 0) { ------------------ | Branch (179:17): [True: 69, False: 421k] ------------------ 180| 69| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 69|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 181| 69| } 182| 421k| } 183| 421k| n++; 184| 421k| } 185| | 186| 1.11k| if (n == 0) { ------------------ | Branch (186:9): [True: 7, False: 1.10k] ------------------ 187| 7| *olen = 0; 188| 7| return 0; 189| 7| } 190| | 191| | /* The following expression is to calculate the following formula without 192| | * risk of integer overflow in n: 193| | * n = ( ( n * 6 ) + 7 ) >> 3; 194| | */ 195| 1.10k| n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3); 196| 1.10k| n -= equals; 197| | 198| 1.10k| if (dst == NULL || dlen < n) { ------------------ | Branch (198:9): [True: 553, False: 552] | Branch (198:24): [True: 0, False: 552] ------------------ 199| 553| *olen = n; 200| 553| return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; ------------------ | | 18| 553|#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A ------------------ 201| 553| } 202| | 203| 552| equals = 0; 204| 233k| for (x = 0, p = dst; i > 0; i--, src++) { ------------------ | Branch (204:26): [True: 233k, False: 552] ------------------ 205| 233k| if (*src == '\r' || *src == '\n' || *src == ' ') { ------------------ | Branch (205:13): [True: 548, False: 232k] | Branch (205:29): [True: 22.8k, False: 210k] | Branch (205:45): [True: 396, False: 209k] ------------------ 206| 23.7k| continue; 207| 23.7k| } 208| | 209| 209k| x = x << 6; 210| 209k| if (*src == '=') { ------------------ | Branch (210:13): [True: 12, False: 209k] ------------------ 211| 12| ++equals; 212| 209k| } else { 213| 209k| x |= mbedtls_ct_base64_dec_value(*src); 214| 209k| } 215| | 216| 209k| if (++accumulated_digits == 4) { ------------------ | Branch (216:13): [True: 52.3k, False: 157k] ------------------ 217| 52.3k| accumulated_digits = 0; 218| 52.3k| *p++ = MBEDTLS_BYTE_2(x); ------------------ | | 270| 52.3k|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 219| 52.3k| if (equals <= 1) { ------------------ | Branch (219:17): [True: 52.3k, False: 2] ------------------ 220| 52.3k| *p++ = MBEDTLS_BYTE_1(x); ------------------ | | 269| 52.3k|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 221| 52.3k| } 222| 52.3k| if (equals <= 0) { ------------------ | Branch (222:17): [True: 52.3k, False: 7] ------------------ 223| 52.3k| *p++ = MBEDTLS_BYTE_0(x); ------------------ | | 268| 52.3k|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 224| 52.3k| } 225| 52.3k| } 226| 209k| } 227| | 228| 552| *olen = (size_t) (p - dst); 229| | 230| 552| return 0; 231| 1.10k|} mbedtls_mpi_init: 182| 94.7k|{ 183| 94.7k| X->s = 1; 184| 94.7k| X->n = 0; 185| 94.7k| X->p = NULL; 186| 94.7k|} mbedtls_mpi_free: 192| 127k|{ 193| 127k| if (X == NULL) { ------------------ | Branch (193:9): [True: 0, False: 127k] ------------------ 194| 0| return; 195| 0| } 196| | 197| 127k| if (X->p != NULL) { ------------------ | Branch (197:9): [True: 32.8k, False: 94.8k] ------------------ 198| 32.8k| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 32.8k|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 77| 32.8k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 199| 32.8k| } 200| | 201| 127k| X->s = 1; 202| 127k| X->n = 0; 203| 127k| X->p = NULL; 204| 127k|} mbedtls_mpi_grow: 210| 140k|{ 211| 140k| mbedtls_mpi_uint *p; 212| | 213| 140k| if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { ------------------ | | 50| 140k|#define MBEDTLS_MPI_MAX_LIMBS 10000 ------------------ | Branch (213:9): [True: 0, False: 140k] ------------------ 214| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 215| 0| } 216| | 217| 140k| if (X->n < nblimbs) { ------------------ | Branch (217:9): [True: 43.9k, False: 96.2k] ------------------ 218| 43.9k| if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(nblimbs, ciL)) == NULL) { ------------------ | | 77| 43.9k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ | Branch (218:13): [True: 0, False: 43.9k] ------------------ 219| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 220| 0| } 221| | 222| 43.9k| if (X->p != NULL) { ------------------ | Branch (222:13): [True: 11.1k, False: 32.8k] ------------------ 223| 11.1k| memcpy(p, X->p, X->n * ciL); ------------------ | | 77| 11.1k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 224| 11.1k| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 11.1k|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 77| 11.1k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 225| 11.1k| } 226| | 227| | /* nblimbs fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS 228| | * fits, and we've checked that nblimbs <= MBEDTLS_MPI_MAX_LIMBS. */ 229| 43.9k| X->n = (unsigned short) nblimbs; 230| 43.9k| X->p = p; 231| 43.9k| } 232| | 233| 140k| return 0; 234| 140k|} mbedtls_mpi_shrink: 241| 1.49k|{ 242| 1.49k| mbedtls_mpi_uint *p; 243| 1.49k| size_t i; 244| | 245| 1.49k| if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { ------------------ | | 50| 1.49k|#define MBEDTLS_MPI_MAX_LIMBS 10000 ------------------ | Branch (245:9): [True: 0, False: 1.49k] ------------------ 246| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 247| 0| } 248| | 249| | /* Actually resize up if there are currently fewer than nblimbs limbs. */ 250| 1.49k| if (X->n <= nblimbs) { ------------------ | Branch (250:9): [True: 0, False: 1.49k] ------------------ 251| 0| return mbedtls_mpi_grow(X, nblimbs); 252| 0| } 253| | /* After this point, then X->n > nblimbs and in particular X->n > 0. */ 254| | 255| 11.5k| for (i = X->n - 1; i > 0; i--) { ------------------ | Branch (255:24): [True: 11.5k, False: 0] ------------------ 256| 11.5k| if (X->p[i] != 0) { ------------------ | Branch (256:13): [True: 1.49k, False: 10.0k] ------------------ 257| 1.49k| break; 258| 1.49k| } 259| 11.5k| } 260| 1.49k| i++; 261| | 262| 1.49k| if (i < nblimbs) { ------------------ | Branch (262:9): [True: 923, False: 575] ------------------ 263| 923| i = nblimbs; 264| 923| } 265| | 266| 1.49k| if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(i, ciL)) == NULL) { ------------------ | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ | Branch (266:9): [True: 0, False: 1.49k] ------------------ 267| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 268| 0| } 269| | 270| 1.49k| if (X->p != NULL) { ------------------ | Branch (270:9): [True: 1.49k, False: 0] ------------------ 271| 1.49k| memcpy(p, X->p, i * ciL); ------------------ | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 272| 1.49k| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 1.49k|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 273| 1.49k| } 274| | 275| | /* i fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS 276| | * fits, and we've checked that i <= nblimbs <= MBEDTLS_MPI_MAX_LIMBS. */ 277| 1.49k| X->n = (unsigned short) i; 278| 1.49k| X->p = p; 279| | 280| 1.49k| return 0; 281| 1.49k|} mbedtls_mpi_copy: 308| 38.5k|{ 309| 38.5k| int ret = 0; 310| 38.5k| size_t i; 311| | 312| 38.5k| if (X == Y) { ------------------ | Branch (312:9): [True: 14.2k, False: 24.3k] ------------------ 313| 14.2k| return 0; 314| 14.2k| } 315| | 316| 24.3k| if (Y->n == 0) { ------------------ | Branch (316:9): [True: 944, False: 23.4k] ------------------ 317| 944| if (X->n != 0) { ------------------ | Branch (317:13): [True: 0, False: 944] ------------------ 318| 0| X->s = 1; 319| 0| memset(X->p, 0, X->n * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 320| 0| } 321| 944| return 0; 322| 944| } 323| | 324| 102k| for (i = Y->n - 1; i > 0; i--) { ------------------ | Branch (324:24): [True: 100k, False: 2.11k] ------------------ 325| 100k| if (Y->p[i] != 0) { ------------------ | Branch (325:13): [True: 21.3k, False: 79.2k] ------------------ 326| 21.3k| break; 327| 21.3k| } 328| 100k| } 329| 23.4k| i++; 330| | 331| 23.4k| X->s = Y->s; 332| | 333| 23.4k| if (X->n < i) { ------------------ | Branch (333:9): [True: 13.3k, False: 10.1k] ------------------ 334| 13.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i)); ------------------ | | 41| 13.3k| do \ | | 42| 13.3k| { \ | | 43| 13.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 13.3k] | | ------------------ | | 44| 13.3k| goto cleanup; \ | | 45| 13.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 335| 13.3k| } else { 336| 10.1k| memset(X->p + i, 0, (X->n - i) * ciL); ------------------ | | 77| 10.1k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 337| 10.1k| } 338| | 339| 23.4k| memcpy(X->p, Y->p, i * ciL); ------------------ | | 77| 23.4k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 340| | 341| 23.4k|cleanup: 342| | 343| 23.4k| return ret; 344| 23.4k|} mbedtls_mpi_lset: 378| 39.6k|{ 379| 39.6k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 39.6k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 380| | 381| 39.6k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1)); ------------------ | | 41| 39.6k| do \ | | 42| 39.6k| { \ | | 43| 39.6k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 39.6k] | | ------------------ | | 44| 39.6k| goto cleanup; \ | | 45| 39.6k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 382| 39.6k| memset(X->p, 0, X->n * ciL); ------------------ | | 77| 39.6k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 383| | 384| 39.6k| X->p[0] = mpi_sint_abs(z); 385| 39.6k| X->s = TO_SIGN(z); ------------------ | | 372| 39.6k|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 78| 39.6k|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 77| 39.6k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 386| | 387| 39.6k|cleanup: 388| | 389| 39.6k| return ret; 390| 39.6k|} mbedtls_mpi_get_bit: 396| 5.66k|{ 397| 5.66k| if (X->n * biL <= pos) { ------------------ | | 78| 5.66k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 5.66k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (397:9): [True: 0, False: 5.66k] ------------------ 398| 0| return 0; 399| 0| } 400| | 401| 5.66k| return (X->p[pos / biL] >> (pos % biL)) & 0x01; ------------------ | | 78| 5.66k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 5.66k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ return (X->p[pos / biL] >> (pos % biL)) & 0x01; ------------------ | | 78| 5.66k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 5.66k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 402| 5.66k|} mbedtls_mpi_set_bit: 408| 508|{ 409| 508| int ret = 0; 410| 508| size_t off = pos / biL; ------------------ | | 78| 508|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 508|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 411| 508| size_t idx = pos % biL; ------------------ | | 78| 508|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 508|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 412| | 413| 508| if (val != 0 && val != 1) { ------------------ | Branch (413:9): [True: 271, False: 237] | Branch (413:21): [True: 0, False: 271] ------------------ 414| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 415| 0| } 416| | 417| 508| if (X->n * biL <= pos) { ------------------ | | 78| 508|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 508|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (417:9): [True: 271, False: 237] ------------------ 418| 271| if (val == 0) { ------------------ | Branch (418:13): [True: 0, False: 271] ------------------ 419| 0| return 0; 420| 0| } 421| | 422| 271| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, off + 1)); ------------------ | | 41| 271| do \ | | 42| 271| { \ | | 43| 271| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 271] | | ------------------ | | 44| 271| goto cleanup; \ | | 45| 271| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 423| 271| } 424| | 425| 508| X->p[off] &= ~((mbedtls_mpi_uint) 0x01 << idx); 426| 508| X->p[off] |= (mbedtls_mpi_uint) val << idx; 427| | 428| 508|cleanup: 429| | 430| 508| return ret; 431| 508|} mbedtls_mpi_bitlen: 474| 42.2k|{ 475| 42.2k| return mbedtls_mpi_core_bitlen(X->p, X->n); 476| 42.2k|} mbedtls_mpi_size: 482| 3.98k|{ 483| 3.98k| return (mbedtls_mpi_bitlen(X) + 7) >> 3; 484| 3.98k|} mbedtls_mpi_read_binary_le: 795| 241|{ 796| 241| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 241|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 797| 241| const size_t limbs = CHARS_TO_LIMBS(buflen); ------------------ | | 86| 241|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 241|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 241|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 798| | 799| | /* Ensure that target MPI has exactly the necessary number of limbs */ 800| 241| MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); ------------------ | | 41| 241| do \ | | 42| 241| { \ | | 43| 241| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 241] | | ------------------ | | 44| 241| goto cleanup; \ | | 45| 241| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 801| | 802| 241| MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_le(X->p, X->n, buf, buflen)); ------------------ | | 41| 241| do \ | | 42| 241| { \ | | 43| 241| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 241] | | ------------------ | | 44| 241| goto cleanup; \ | | 45| 241| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 803| | 804| 241|cleanup: 805| | 806| | /* 807| | * This function is also used to import keys. However, wiping the buffers 808| | * upon failure is not necessary because failure only can happen before any 809| | * input is copied. 810| | */ 811| 241| return ret; 812| 241|} mbedtls_mpi_read_binary: 821| 4.12k|{ 822| 4.12k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 4.12k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 823| 4.12k| const size_t limbs = CHARS_TO_LIMBS(buflen); ------------------ | | 86| 4.12k|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 4.12k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 4.12k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 824| | 825| | /* Ensure that target MPI has exactly the necessary number of limbs */ 826| 4.12k| MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); ------------------ | | 41| 4.12k| do \ | | 42| 4.12k| { \ | | 43| 4.12k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.12k] | | ------------------ | | 44| 4.12k| goto cleanup; \ | | 45| 4.12k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 827| | 828| 4.12k| MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_be(X->p, X->n, buf, buflen)); ------------------ | | 41| 4.12k| do \ | | 42| 4.12k| { \ | | 43| 4.12k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.12k] | | ------------------ | | 44| 4.12k| goto cleanup; \ | | 45| 4.12k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 829| | 830| 4.12k|cleanup: 831| | 832| | /* 833| | * This function is also used to import keys. However, wiping the buffers 834| | * upon failure is not necessary because failure only can happen before any 835| | * input is copied. 836| | */ 837| 4.12k| return ret; 838| 4.12k|} mbedtls_mpi_shift_l: 862| 19.1k|{ 863| 19.1k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 19.1k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 864| 19.1k| size_t i; 865| | 866| 19.1k| i = mbedtls_mpi_bitlen(X) + count; 867| | 868| 19.1k| if (X->n * biL < i) { ------------------ | | 78| 19.1k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 19.1k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (868:9): [True: 7.08k, False: 12.0k] ------------------ 869| 7.08k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, BITS_TO_LIMBS(i))); ------------------ | | 41| 7.08k| do \ | | 42| 7.08k| { \ | | 43| 7.08k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 7.08k] | | ------------------ | | 44| 7.08k| goto cleanup; \ | | 45| 7.08k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 870| 7.08k| } 871| | 872| 19.1k| ret = 0; 873| | 874| 19.1k| mbedtls_mpi_core_shift_l(X->p, X->n, count); 875| 19.1k|cleanup: 876| | 877| 19.1k| return ret; 878| 19.1k|} mbedtls_mpi_shift_r: 884| 6.32k|{ 885| 6.32k| if (X->n != 0) { ------------------ | Branch (885:9): [True: 6.32k, False: 0] ------------------ 886| 6.32k| mbedtls_mpi_core_shift_r(X->p, X->n, count); 887| 6.32k| } 888| 6.32k| return 0; 889| 6.32k|} mbedtls_mpi_cmp_abs: 895| 20.3k|{ 896| 20.3k| size_t i, j; 897| | 898| 77.2k| for (i = X->n; i > 0; i--) { ------------------ | Branch (898:20): [True: 77.1k, False: 26] ------------------ 899| 77.1k| if (X->p[i - 1] != 0) { ------------------ | Branch (899:13): [True: 20.3k, False: 56.8k] ------------------ 900| 20.3k| break; 901| 20.3k| } 902| 77.1k| } 903| | 904| 95.0k| for (j = Y->n; j > 0; j--) { ------------------ | Branch (904:20): [True: 92.4k, False: 2.61k] ------------------ 905| 92.4k| if (Y->p[j - 1] != 0) { ------------------ | Branch (905:13): [True: 17.7k, False: 74.6k] ------------------ 906| 17.7k| break; 907| 17.7k| } 908| 92.4k| } 909| | 910| | /* If i == j == 0, i.e. abs(X) == abs(Y), 911| | * we end up returning 0 at the end of the function. */ 912| | 913| 20.3k| if (i > j) { ------------------ | Branch (913:9): [True: 8.11k, False: 12.2k] ------------------ 914| 8.11k| return 1; 915| 8.11k| } 916| 12.2k| if (j > i) { ------------------ | Branch (916:9): [True: 302, False: 11.9k] ------------------ 917| 302| return -1; 918| 302| } 919| | 920| 18.5k| for (; i > 0; i--) { ------------------ | Branch (920:12): [True: 18.5k, False: 1] ------------------ 921| 18.5k| if (X->p[i - 1] > Y->p[i - 1]) { ------------------ | Branch (921:13): [True: 10.4k, False: 8.09k] ------------------ 922| 10.4k| return 1; 923| 10.4k| } 924| 8.09k| if (X->p[i - 1] < Y->p[i - 1]) { ------------------ | Branch (924:13): [True: 1.55k, False: 6.54k] ------------------ 925| 1.55k| return -1; 926| 1.55k| } 927| 8.09k| } 928| | 929| 1| return 0; 930| 11.9k|} mbedtls_mpi_cmp_mpi: 936| 88.2k|{ 937| 88.2k| size_t i, j; 938| | 939| 484k| for (i = X->n; i > 0; i--) { ------------------ | Branch (939:20): [True: 477k, False: 7.12k] ------------------ 940| 477k| if (X->p[i - 1] != 0) { ------------------ | Branch (940:13): [True: 81.0k, False: 396k] ------------------ 941| 81.0k| break; 942| 81.0k| } 943| 477k| } 944| | 945| 142k| for (j = Y->n; j > 0; j--) { ------------------ | Branch (945:20): [True: 103k, False: 38.9k] ------------------ 946| 103k| if (Y->p[j - 1] != 0) { ------------------ | Branch (946:13): [True: 49.2k, False: 54.0k] ------------------ 947| 49.2k| break; 948| 49.2k| } 949| 103k| } 950| | 951| 88.2k| if (i == 0 && j == 0) { ------------------ | Branch (951:9): [True: 7.12k, False: 81.0k] | Branch (951:19): [True: 5.73k, False: 1.38k] ------------------ 952| 5.73k| return 0; 953| 5.73k| } 954| | 955| 82.4k| if (i > j) { ------------------ | Branch (955:9): [True: 37.3k, False: 45.1k] ------------------ 956| 37.3k| return X->s; 957| 37.3k| } 958| 45.1k| if (j > i) { ------------------ | Branch (958:9): [True: 6.13k, False: 38.9k] ------------------ 959| 6.13k| return -Y->s; 960| 6.13k| } 961| | 962| 38.9k| if (X->s > 0 && Y->s < 0) { ------------------ | Branch (962:9): [True: 38.9k, False: 0] | Branch (962:21): [True: 0, False: 38.9k] ------------------ 963| 0| return 1; 964| 0| } 965| 38.9k| if (Y->s > 0 && X->s < 0) { ------------------ | Branch (965:9): [True: 38.9k, False: 0] | Branch (965:21): [True: 0, False: 38.9k] ------------------ 966| 0| return -1; 967| 0| } 968| | 969| 57.0k| for (; i > 0; i--) { ------------------ | Branch (969:12): [True: 53.9k, False: 3.09k] ------------------ 970| 53.9k| if (X->p[i - 1] > Y->p[i - 1]) { ------------------ | Branch (970:13): [True: 8.07k, False: 45.8k] ------------------ 971| 8.07k| return X->s; 972| 8.07k| } 973| 45.8k| if (X->p[i - 1] < Y->p[i - 1]) { ------------------ | Branch (973:13): [True: 27.8k, False: 18.0k] ------------------ 974| 27.8k| return -X->s; 975| 27.8k| } 976| 45.8k| } 977| | 978| 3.09k| return 0; 979| 38.9k|} mbedtls_mpi_cmp_int: 985| 40.1k|{ 986| 40.1k| mbedtls_mpi Y; 987| 40.1k| mbedtls_mpi_uint p[1]; 988| | 989| 40.1k| *p = mpi_sint_abs(z); 990| 40.1k| Y.s = TO_SIGN(z); ------------------ | | 372| 40.1k|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 78| 40.1k|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 77| 40.1k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 991| 40.1k| Y.n = 1; 992| 40.1k| Y.p = p; 993| | 994| 40.1k| return mbedtls_mpi_cmp_mpi(X, &Y); 995| 40.1k|} mbedtls_mpi_add_abs: 1001| 9.30k|{ 1002| 9.30k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 9.30k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1003| 9.30k| size_t j; 1004| 9.30k| mbedtls_mpi_uint *p; 1005| 9.30k| mbedtls_mpi_uint c; 1006| | 1007| 9.30k| if (X == B) { ------------------ | Branch (1007:9): [True: 0, False: 9.30k] ------------------ 1008| 0| const mbedtls_mpi *T = A; A = X; B = T; 1009| 0| } 1010| | 1011| 9.30k| if (X != A) { ------------------ | Branch (1011:9): [True: 1.49k, False: 7.80k] ------------------ 1012| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1013| 1.49k| } 1014| | 1015| | /* 1016| | * X must always be positive as a result of unsigned additions. 1017| | */ 1018| 9.30k| X->s = 1; 1019| | 1020| 14.6k| for (j = B->n; j > 0; j--) { ------------------ | Branch (1020:20): [True: 13.6k, False: 993] ------------------ 1021| 13.6k| if (B->p[j - 1] != 0) { ------------------ | Branch (1021:13): [True: 8.30k, False: 5.36k] ------------------ 1022| 8.30k| break; 1023| 8.30k| } 1024| 13.6k| } 1025| | 1026| | /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0 1027| | * and B is 0 (of any size). */ 1028| 9.30k| if (j == 0) { ------------------ | Branch (1028:9): [True: 993, False: 8.30k] ------------------ 1029| 993| return 0; 1030| 993| } 1031| | 1032| 8.30k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); ------------------ | | 41| 8.30k| do \ | | 42| 8.30k| { \ | | 43| 8.30k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 8.30k] | | ------------------ | | 44| 8.30k| goto cleanup; \ | | 45| 8.30k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1033| | 1034| | /* j is the number of non-zero limbs of B. Add those to X. */ 1035| | 1036| 8.30k| p = X->p; 1037| | 1038| 8.30k| c = mbedtls_mpi_core_add(p, p, B->p, j); 1039| | 1040| 8.30k| p += j; 1041| | 1042| | /* Now propagate any carry */ 1043| | 1044| 11.2k| while (c != 0) { ------------------ | Branch (1044:12): [True: 2.97k, False: 8.30k] ------------------ 1045| 2.97k| if (j >= X->n) { ------------------ | Branch (1045:13): [True: 34, False: 2.94k] ------------------ 1046| 34| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j + 1)); ------------------ | | 41| 34| do \ | | 42| 34| { \ | | 43| 34| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 34] | | ------------------ | | 44| 34| goto cleanup; \ | | 45| 34| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1047| 34| p = X->p + j; 1048| 34| } 1049| | 1050| 2.97k| *p += c; c = (*p < c); j++; p++; 1051| 2.97k| } 1052| | 1053| 8.30k|cleanup: 1054| | 1055| 8.30k| return ret; 1056| 8.30k|} mbedtls_mpi_sub_abs: 1062| 22.5k|{ 1063| 22.5k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 22.5k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1064| 22.5k| size_t n; 1065| 22.5k| mbedtls_mpi_uint carry; 1066| | 1067| 105k| for (n = B->n; n > 0; n--) { ------------------ | Branch (1067:20): [True: 103k, False: 2.63k] ------------------ 1068| 103k| if (B->p[n - 1] != 0) { ------------------ | Branch (1068:13): [True: 19.9k, False: 83.3k] ------------------ 1069| 19.9k| break; 1070| 19.9k| } 1071| 103k| } 1072| 22.5k| if (n > A->n) { ------------------ | Branch (1072:9): [True: 0, False: 22.5k] ------------------ 1073| | /* B >= (2^ciL)^n > A */ 1074| 0| ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1075| 0| goto cleanup; 1076| 0| } 1077| | 1078| 22.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, A->n)); ------------------ | | 41| 22.5k| do \ | | 42| 22.5k| { \ | | 43| 22.5k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 22.5k] | | ------------------ | | 44| 22.5k| goto cleanup; \ | | 45| 22.5k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1079| | 1080| | /* Set the high limbs of X to match A. Don't touch the lower limbs 1081| | * because X might be aliased to B, and we must not overwrite the 1082| | * significant digits of B. */ 1083| 22.5k| if (A->n > n && A != X) { ------------------ | Branch (1083:9): [True: 17.3k, False: 5.25k] | Branch (1083:21): [True: 163, False: 17.1k] ------------------ 1084| 163| memcpy(X->p + n, A->p + n, (A->n - n) * ciL); ------------------ | | 77| 163|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 1085| 163| } 1086| 22.5k| if (X->n > A->n) { ------------------ | Branch (1086:9): [True: 2.37k, False: 20.2k] ------------------ 1087| 2.37k| memset(X->p + A->n, 0, (X->n - A->n) * ciL); ------------------ | | 77| 2.37k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 1088| 2.37k| } 1089| | 1090| 22.5k| carry = mbedtls_mpi_core_sub(X->p, A->p, B->p, n); 1091| 22.5k| if (carry != 0) { ------------------ | Branch (1091:9): [True: 5.10k, False: 17.4k] ------------------ 1092| | /* Propagate the carry through the rest of X. */ 1093| 5.10k| carry = mbedtls_mpi_core_sub_int(X->p + n, X->p + n, carry, X->n - n); 1094| | 1095| | /* If we have further carry/borrow, the result is negative. */ 1096| 5.10k| if (carry != 0) { ------------------ | Branch (1096:13): [True: 0, False: 5.10k] ------------------ 1097| 0| ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1098| 0| goto cleanup; 1099| 0| } 1100| 5.10k| } 1101| | 1102| | /* X should always be positive as a result of unsigned subtractions. */ 1103| 22.5k| X->s = 1; 1104| | 1105| 22.5k|cleanup: 1106| 22.5k| return ret; 1107| 22.5k|} mbedtls_mpi_add_mpi: 1146| 8.47k|{ 1147| 8.47k| return add_sub_mpi(X, A, B, 1); 1148| 8.47k|} mbedtls_mpi_sub_mpi: 1154| 15.6k|{ 1155| 15.6k| return add_sub_mpi(X, A, B, -1); 1156| 15.6k|} mbedtls_mpi_add_int: 1162| 1.73k|{ 1163| 1.73k| mbedtls_mpi B; 1164| 1.73k| mbedtls_mpi_uint p[1]; 1165| | 1166| 1.73k| p[0] = mpi_sint_abs(b); 1167| 1.73k| B.s = TO_SIGN(b); ------------------ | | 372| 1.73k|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 78| 1.73k|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 77| 1.73k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 1168| 1.73k| B.n = 1; 1169| 1.73k| B.p = p; 1170| | 1171| 1.73k| return mbedtls_mpi_add_mpi(X, A, &B); 1172| 1.73k|} mbedtls_mpi_sub_int: 1178| 2.80k|{ 1179| 2.80k| mbedtls_mpi B; 1180| 2.80k| mbedtls_mpi_uint p[1]; 1181| | 1182| 2.80k| p[0] = mpi_sint_abs(b); 1183| 2.80k| B.s = TO_SIGN(b); ------------------ | | 372| 2.80k|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 78| 2.80k|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 77| 2.80k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 1184| 2.80k| B.n = 1; 1185| 2.80k| B.p = p; 1186| | 1187| 2.80k| return mbedtls_mpi_sub_mpi(X, A, &B); 1188| 2.80k|} mbedtls_mpi_mul_mpi: 1194| 11.9k|{ 1195| 11.9k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 11.9k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1196| 11.9k| size_t i, j; 1197| 11.9k| mbedtls_mpi TA, TB; 1198| 11.9k| int result_is_zero = 0; 1199| | 1200| 11.9k| mbedtls_mpi_init(&TA); 1201| 11.9k| mbedtls_mpi_init(&TB); 1202| | 1203| 11.9k| if (X == A) { ------------------ | Branch (1203:9): [True: 6.37k, False: 5.58k] ------------------ 1204| 6.37k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA; ------------------ | | 41| 6.37k| do \ | | 42| 6.37k| { \ | | 43| 6.37k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 6.37k] | | ------------------ | | 44| 6.37k| goto cleanup; \ | | 45| 6.37k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1205| 6.37k| } 1206| 11.9k| if (X == B) { ------------------ | Branch (1206:9): [True: 0, False: 11.9k] ------------------ 1207| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB; ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1208| 0| } 1209| | 1210| 22.5k| for (i = A->n; i > 0; i--) { ------------------ | Branch (1210:20): [True: 22.1k, False: 384] ------------------ 1211| 22.1k| if (A->p[i - 1] != 0) { ------------------ | Branch (1211:13): [True: 11.5k, False: 10.5k] ------------------ 1212| 11.5k| break; 1213| 11.5k| } 1214| 22.1k| } 1215| 11.9k| if (i == 0) { ------------------ | Branch (1215:9): [True: 384, False: 11.5k] ------------------ 1216| 384| result_is_zero = 1; 1217| 384| } 1218| | 1219| 24.6k| for (j = B->n; j > 0; j--) { ------------------ | Branch (1219:20): [True: 24.5k, False: 52] ------------------ 1220| 24.5k| if (B->p[j - 1] != 0) { ------------------ | Branch (1220:13): [True: 11.9k, False: 12.6k] ------------------ 1221| 11.9k| break; 1222| 11.9k| } 1223| 24.5k| } 1224| 11.9k| if (j == 0) { ------------------ | Branch (1224:9): [True: 52, False: 11.9k] ------------------ 1225| 52| result_is_zero = 1; 1226| 52| } 1227| | 1228| 11.9k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j)); ------------------ | | 41| 11.9k| do \ | | 42| 11.9k| { \ | | 43| 11.9k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 11.9k] | | ------------------ | | 44| 11.9k| goto cleanup; \ | | 45| 11.9k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1229| 11.9k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); ------------------ | | 41| 11.9k| do \ | | 42| 11.9k| { \ | | 43| 11.9k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 11.9k] | | ------------------ | | 44| 11.9k| goto cleanup; \ | | 45| 11.9k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1230| | 1231| 11.9k| mbedtls_mpi_core_mul(X->p, A->p, i, B->p, j); 1232| | 1233| | /* If the result is 0, we don't shortcut the operation, which reduces 1234| | * but does not eliminate side channels leaking the zero-ness. We do 1235| | * need to take care to set the sign bit properly since the library does 1236| | * not fully support an MPI object with a value of 0 and s == -1. */ 1237| 11.9k| if (result_is_zero) { ------------------ | Branch (1237:9): [True: 400, False: 11.5k] ------------------ 1238| 400| X->s = 1; 1239| 11.5k| } else { 1240| 11.5k| X->s = A->s * B->s; 1241| 11.5k| } 1242| | 1243| 11.9k|cleanup: 1244| | 1245| 11.9k| mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TA); 1246| | 1247| 11.9k| return ret; 1248| 11.9k|} mbedtls_mpi_mul_int: 1254| 25.5k|{ 1255| 25.5k| size_t n = A->n; 1256| 269k| while (n > 0 && A->p[n - 1] == 0) { ------------------ | Branch (1256:12): [True: 269k, False: 0] | Branch (1256:21): [True: 244k, False: 25.5k] ------------------ 1257| 244k| --n; 1258| 244k| } 1259| | 1260| | /* The general method below doesn't work if b==0. */ 1261| 25.5k| if (b == 0 || n == 0) { ------------------ | Branch (1261:9): [True: 5.23k, False: 20.3k] | Branch (1261:19): [True: 0, False: 20.3k] ------------------ 1262| 5.23k| return mbedtls_mpi_lset(X, 0); 1263| 5.23k| } 1264| | 1265| | /* Calculate A*b as A + A*(b-1) to take advantage of mbedtls_mpi_core_mla */ 1266| 20.3k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 20.3k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1267| | /* In general, A * b requires 1 limb more than b. If 1268| | * A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same 1269| | * number of limbs as A and the call to grow() is not required since 1270| | * copy() will take care of the growth if needed. However, experimentally, 1271| | * making the call to grow() unconditional causes slightly fewer 1272| | * calls to calloc() in ECP code, presumably because it reuses the 1273| | * same mpi for a while and this way the mpi is more likely to directly 1274| | * grow to its final size. 1275| | * 1276| | * Note that calculating A*b as 0 + A*b doesn't work as-is because 1277| | * A,X can be the same. */ 1278| 20.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n + 1)); ------------------ | | 41| 20.3k| do \ | | 42| 20.3k| { \ | | 43| 20.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 20.3k] | | ------------------ | | 44| 20.3k| goto cleanup; \ | | 45| 20.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1279| 20.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); ------------------ | | 41| 20.3k| do \ | | 42| 20.3k| { \ | | 43| 20.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 20.3k] | | ------------------ | | 44| 20.3k| goto cleanup; \ | | 45| 20.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1280| 20.3k| mbedtls_mpi_core_mla(X->p, X->n, A->p, n, b - 1); 1281| | 1282| 20.3k|cleanup: 1283| 20.3k| return ret; 1284| 20.3k|} mbedtls_mpi_div_mpi: 1395| 2.53k|{ 1396| 2.53k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.53k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1397| 2.53k| size_t i, n, t, k; 1398| 2.53k| mbedtls_mpi X, Y, Z, T1, T2; 1399| 2.53k| mbedtls_mpi_uint TP2[3]; 1400| | 1401| 2.53k| if (mbedtls_mpi_cmp_int(B, 0) == 0) { ------------------ | Branch (1401:9): [True: 0, False: 2.53k] ------------------ 1402| 0| return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; ------------------ | | 34| 0|#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C ------------------ 1403| 0| } 1404| | 1405| 2.53k| mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); 1406| 2.53k| mbedtls_mpi_init(&T1); 1407| | /* 1408| | * Avoid dynamic memory allocations for constant-size T2. 1409| | * 1410| | * T2 is used for comparison only and the 3 limbs are assigned explicitly, 1411| | * so nobody increase the size of the MPI and we're safe to use an on-stack 1412| | * buffer. 1413| | */ 1414| 2.53k| T2.s = 1; 1415| 2.53k| T2.n = sizeof(TP2) / sizeof(*TP2); 1416| 2.53k| T2.p = TP2; 1417| | 1418| 2.53k| if (mbedtls_mpi_cmp_abs(A, B) < 0) { ------------------ | Branch (1418:9): [True: 216, False: 2.31k] ------------------ 1419| 216| if (Q != NULL) { ------------------ | Branch (1419:13): [True: 0, False: 216] ------------------ 1420| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(Q, 0)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1421| 0| } 1422| 216| if (R != NULL) { ------------------ | Branch (1422:13): [True: 216, False: 0] ------------------ 1423| 216| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, A)); ------------------ | | 41| 216| do \ | | 42| 216| { \ | | 43| 216| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 216] | | ------------------ | | 44| 216| goto cleanup; \ | | 45| 216| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1424| 216| } 1425| 216| return 0; 1426| 216| } 1427| | 1428| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&X, A)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1429| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, B)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1430| 2.31k| X.s = Y.s = 1; 1431| | 1432| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1433| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Z, 0)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1434| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, A->n + 2)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1435| | 1436| 2.31k| k = mbedtls_mpi_bitlen(&Y) % biL; ------------------ | | 78| 2.31k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 2.31k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1437| 2.31k| if (k < biL - 1) { ------------------ | | 78| 2.31k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 2.31k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (1437:9): [True: 2.31k, False: 0] ------------------ 1438| 2.31k| k = biL - 1 - k; ------------------ | | 78| 2.31k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 2.31k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1439| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&X, k)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1440| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, k)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1441| 2.31k| } else { 1442| 0| k = 0; 1443| 0| } 1444| | 1445| 2.31k| n = X.n - 1; 1446| 2.31k| t = Y.n - 1; 1447| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1448| | 1449| 3.94k| while (mbedtls_mpi_cmp_mpi(&X, &Y) >= 0) { ------------------ | Branch (1449:12): [True: 1.62k, False: 2.31k] ------------------ 1450| 1.62k| Z.p[n - t]++; 1451| 1.62k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &Y)); ------------------ | | 41| 1.62k| do \ | | 42| 1.62k| { \ | | 43| 1.62k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.62k] | | ------------------ | | 44| 1.62k| goto cleanup; \ | | 45| 1.62k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1452| 1.62k| } 1453| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t))); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1454| | 1455| 12.7k| for (i = n; i > t; i--) { ------------------ | Branch (1455:17): [True: 10.4k, False: 2.31k] ------------------ 1456| 10.4k| if (X.p[i] >= Y.p[t]) { ------------------ | Branch (1456:13): [True: 7, False: 10.4k] ------------------ 1457| 7| Z.p[i - t - 1] = ~(mbedtls_mpi_uint) 0u; 1458| 10.4k| } else { 1459| 10.4k| Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1], 1460| 10.4k| Y.p[t], NULL); 1461| 10.4k| } 1462| | 1463| 10.4k| T2.p[0] = (i < 2) ? 0 : X.p[i - 2]; ------------------ | Branch (1463:19): [True: 0, False: 10.4k] ------------------ 1464| 10.4k| T2.p[1] = (i < 1) ? 0 : X.p[i - 1]; ------------------ | Branch (1464:19): [True: 0, False: 10.4k] ------------------ 1465| 10.4k| T2.p[2] = X.p[i]; 1466| | 1467| 10.4k| Z.p[i - t - 1]++; 1468| 15.1k| do { 1469| 15.1k| Z.p[i - t - 1]--; 1470| | 1471| 15.1k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&T1, 0)); ------------------ | | 41| 15.1k| do \ | | 42| 15.1k| { \ | | 43| 15.1k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 15.1k] | | ------------------ | | 44| 15.1k| goto cleanup; \ | | 45| 15.1k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1472| 15.1k| T1.p[0] = (t < 1) ? 0 : Y.p[t - 1]; ------------------ | Branch (1472:23): [True: 0, False: 15.1k] ------------------ 1473| 15.1k| T1.p[1] = Y.p[t]; 1474| 15.1k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &T1, Z.p[i - t - 1])); ------------------ | | 41| 15.1k| do \ | | 42| 15.1k| { \ | | 43| 15.1k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 15.1k] | | ------------------ | | 44| 15.1k| goto cleanup; \ | | 45| 15.1k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1475| 15.1k| } while (mbedtls_mpi_cmp_mpi(&T1, &T2) > 0); ------------------ | Branch (1475:18): [True: 4.73k, False: 10.4k] ------------------ 1476| | 1477| 10.4k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &Y, Z.p[i - t - 1])); ------------------ | | 41| 10.4k| do \ | | 42| 10.4k| { \ | | 43| 10.4k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10.4k] | | ------------------ | | 44| 10.4k| goto cleanup; \ | | 45| 10.4k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1478| 10.4k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); ------------------ | | 41| 10.4k| do \ | | 42| 10.4k| { \ | | 43| 10.4k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10.4k] | | ------------------ | | 44| 10.4k| goto cleanup; \ | | 45| 10.4k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1479| 10.4k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &T1)); ------------------ | | 41| 10.4k| do \ | | 42| 10.4k| { \ | | 43| 10.4k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10.4k] | | ------------------ | | 44| 10.4k| goto cleanup; \ | | 45| 10.4k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1480| | 1481| 10.4k| if (mbedtls_mpi_cmp_int(&X, 0) < 0) { ------------------ | Branch (1481:13): [True: 10, False: 10.3k] ------------------ 1482| 10| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &Y)); ------------------ | | 41| 10| do \ | | 42| 10| { \ | | 43| 10| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10] | | ------------------ | | 44| 10| goto cleanup; \ | | 45| 10| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1483| 10| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); ------------------ | | 41| 10| do \ | | 42| 10| { \ | | 43| 10| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10] | | ------------------ | | 44| 10| goto cleanup; \ | | 45| 10| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1484| 10| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&X, &X, &T1)); ------------------ | | 41| 10| do \ | | 42| 10| { \ | | 43| 10| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10] | | ------------------ | | 44| 10| goto cleanup; \ | | 45| 10| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1485| 10| Z.p[i - t - 1]--; 1486| 10| } 1487| 10.4k| } 1488| | 1489| 2.31k| if (Q != NULL) { ------------------ | Branch (1489:9): [True: 0, False: 2.31k] ------------------ 1490| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(Q, &Z)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1491| 0| Q->s = A->s * B->s; 1492| 0| } 1493| | 1494| 2.31k| if (R != NULL) { ------------------ | Branch (1494:9): [True: 2.31k, False: 0] ------------------ 1495| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&X, k)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1496| 2.31k| X.s = A->s; 1497| 2.31k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, &X)); ------------------ | | 41| 2.31k| do \ | | 42| 2.31k| { \ | | 43| 2.31k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.31k] | | ------------------ | | 44| 2.31k| goto cleanup; \ | | 45| 2.31k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1498| | 1499| 2.31k| if (mbedtls_mpi_cmp_int(R, 0) == 0) { ------------------ | Branch (1499:13): [True: 0, False: 2.31k] ------------------ 1500| 0| R->s = 1; 1501| 0| } 1502| 2.31k| } 1503| | 1504| 2.31k|cleanup: 1505| | 1506| 2.31k| mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); 1507| 2.31k| mbedtls_mpi_free(&T1); 1508| 2.31k| mbedtls_platform_zeroize(TP2, sizeof(TP2)); 1509| | 1510| 2.31k| return ret; 1511| 2.31k|} mbedtls_mpi_mod_mpi: 1535| 2.53k|{ 1536| 2.53k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.53k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1537| | 1538| 2.53k| if (mbedtls_mpi_cmp_int(B, 0) < 0) { ------------------ | Branch (1538:9): [True: 0, False: 2.53k] ------------------ 1539| 0| return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1540| 0| } 1541| | 1542| 2.53k| MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(NULL, R, A, B)); ------------------ | | 41| 2.53k| do \ | | 42| 2.53k| { \ | | 43| 2.53k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.53k] | | ------------------ | | 44| 2.53k| goto cleanup; \ | | 45| 2.53k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1543| | 1544| 2.53k| while (mbedtls_mpi_cmp_int(R, 0) < 0) { ------------------ | Branch (1544:12): [True: 0, False: 2.53k] ------------------ 1545| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(R, R, B)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1546| 0| } 1547| | 1548| 2.53k| while (mbedtls_mpi_cmp_mpi(R, B) >= 0) { ------------------ | Branch (1548:12): [True: 0, False: 2.53k] ------------------ 1549| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(R, R, B)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1550| 0| } 1551| | 1552| 2.53k|cleanup: 1553| | 1554| 2.53k| return ret; 1555| 2.53k|} mbedtls_mpi_exp_mod: 1735| 1.49k|{ 1736| 1.49k| return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_SECRET, N, prec_RR); ------------------ | | 113| 1.49k|#define MBEDTLS_MPI_IS_SECRET 0 ------------------ 1737| 1.49k|} bignum.c:mpi_sint_abs: 359| 84.4k|{ 360| 84.4k| if (z >= 0) { ------------------ | Branch (360:9): [True: 84.4k, False: 0] ------------------ 361| 84.4k| return z; 362| 84.4k| } 363| | /* Take care to handle the most negative value (-2^(biL-1)) correctly. 364| | * A naive -z would have undefined behavior. 365| | * Write this in a way that makes popular compilers happy (GCC, Clang, 366| | * MSVC). */ 367| 0| return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z; 368| 84.4k|} bignum.c:mbedtls_mpi_resize_clear: 285| 4.36k|{ 286| 4.36k| if (limbs == 0) { ------------------ | Branch (286:9): [True: 113, False: 4.24k] ------------------ 287| 113| mbedtls_mpi_free(X); 288| 113| return 0; 289| 4.24k| } else if (X->n == limbs) { ------------------ | Branch (289:16): [True: 0, False: 4.24k] ------------------ 290| 0| memset(X->p, 0, limbs * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 291| 0| X->s = 1; 292| 0| return 0; 293| 4.24k| } else { 294| 4.24k| mbedtls_mpi_free(X); 295| 4.24k| return mbedtls_mpi_grow(X, limbs); 296| 4.24k| } 297| 4.36k|} bignum.c:add_sub_mpi: 1115| 24.1k|{ 1116| 24.1k| int ret, s; 1117| | 1118| 24.1k| s = A->s; 1119| 24.1k| if (A->s * B->s * flip_B < 0) { ------------------ | Branch (1119:9): [True: 17.8k, False: 6.29k] ------------------ 1120| 17.8k| int cmp = mbedtls_mpi_cmp_abs(A, B); 1121| 17.8k| if (cmp >= 0) { ------------------ | Branch (1121:13): [True: 16.2k, False: 1.63k] ------------------ 1122| 16.2k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B)); ------------------ | | 41| 16.2k| do \ | | 42| 16.2k| { \ | | 43| 16.2k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 16.2k] | | ------------------ | | 44| 16.2k| goto cleanup; \ | | 45| 16.2k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1123| | /* If |A| = |B|, the result is 0 and we must set the sign bit 1124| | * to +1 regardless of which of A or B was negative. Otherwise, 1125| | * since |A| > |B|, the sign is the sign of A. */ 1126| 16.2k| X->s = cmp == 0 ? 1 : s; ------------------ | Branch (1126:20): [True: 1, False: 16.2k] ------------------ 1127| 16.2k| } else { 1128| 1.63k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A)); ------------------ | | 41| 1.63k| do \ | | 42| 1.63k| { \ | | 43| 1.63k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.63k] | | ------------------ | | 44| 1.63k| goto cleanup; \ | | 45| 1.63k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1129| | /* Since |A| < |B|, the sign is the opposite of A. */ 1130| 1.63k| X->s = -s; 1131| 1.63k| } 1132| 17.8k| } else { 1133| 6.29k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); ------------------ | | 41| 6.29k| do \ | | 42| 6.29k| { \ | | 43| 6.29k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 6.29k] | | ------------------ | | 44| 6.29k| goto cleanup; \ | | 45| 6.29k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1134| 6.29k| X->s = s; 1135| 6.29k| } 1136| | 1137| 24.1k|cleanup: 1138| | 1139| 24.1k| return ret; 1140| 24.1k|} bignum.c:mbedtls_int_div_int: 1294| 10.4k|{ 1295| 10.4k|#if defined(MBEDTLS_HAVE_UDBL) 1296| 10.4k| mbedtls_t_udbl dividend, quotient; 1297| |#else 1298| | const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH; 1299| | const mbedtls_mpi_uint uint_halfword_mask = ((mbedtls_mpi_uint) 1 << biH) - 1; 1300| | mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient; 1301| | mbedtls_mpi_uint u0_msw, u0_lsw; 1302| | size_t s; 1303| |#endif 1304| | 1305| | /* 1306| | * Check for overflow 1307| | */ 1308| 10.4k| if (0 == d || u1 >= d) { ------------------ | Branch (1308:9): [True: 0, False: 10.4k] | Branch (1308:19): [True: 0, False: 10.4k] ------------------ 1309| 0| if (r != NULL) { ------------------ | Branch (1309:13): [True: 0, False: 0] ------------------ 1310| 0| *r = ~(mbedtls_mpi_uint) 0u; 1311| 0| } 1312| | 1313| 0| return ~(mbedtls_mpi_uint) 0u; 1314| 0| } 1315| | 1316| 10.4k|#if defined(MBEDTLS_HAVE_UDBL) 1317| 10.4k| dividend = (mbedtls_t_udbl) u1 << biL; ------------------ | | 78| 10.4k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 10.4k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1318| 10.4k| dividend |= (mbedtls_t_udbl) u0; 1319| 10.4k| quotient = dividend / d; 1320| 10.4k| if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) { ------------------ | | 78| 10.4k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 10.4k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (1320:9): [True: 0, False: 10.4k] ------------------ 1321| 0| quotient = ((mbedtls_t_udbl) 1 << biL) - 1; ------------------ | | 78| 0|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1322| 0| } 1323| | 1324| 10.4k| if (r != NULL) { ------------------ | Branch (1324:9): [True: 0, False: 10.4k] ------------------ 1325| 0| *r = (mbedtls_mpi_uint) (dividend - (quotient * d)); 1326| 0| } 1327| | 1328| 10.4k| return (mbedtls_mpi_uint) quotient; 1329| |#else 1330| | 1331| | /* 1332| | * Algorithm D, Section 4.3.1 - The Art of Computer Programming 1333| | * Vol. 2 - Seminumerical Algorithms, Knuth 1334| | */ 1335| | 1336| | /* 1337| | * Normalize the divisor, d, and dividend, u0, u1 1338| | */ 1339| | s = mbedtls_mpi_core_clz(d); 1340| | d = d << s; 1341| | 1342| | u1 = u1 << s; 1343| | u1 |= (u0 >> (biL - s)) & (-(mbedtls_mpi_sint) s >> (biL - 1)); 1344| | u0 = u0 << s; 1345| | 1346| | d1 = d >> biH; 1347| | d0 = d & uint_halfword_mask; 1348| | 1349| | u0_msw = u0 >> biH; 1350| | u0_lsw = u0 & uint_halfword_mask; 1351| | 1352| | /* 1353| | * Find the first quotient and remainder 1354| | */ 1355| | q1 = u1 / d1; 1356| | r0 = u1 - d1 * q1; 1357| | 1358| | while (q1 >= radix || (q1 * d0 > radix * r0 + u0_msw)) { 1359| | q1 -= 1; 1360| | r0 += d1; 1361| | 1362| | if (r0 >= radix) { 1363| | break; 1364| | } 1365| | } 1366| | 1367| | rAX = (u1 * radix) + (u0_msw - q1 * d); 1368| | q0 = rAX / d1; 1369| | r0 = rAX - q0 * d1; 1370| | 1371| | while (q0 >= radix || (q0 * d0 > radix * r0 + u0_lsw)) { 1372| | q0 -= 1; 1373| | r0 += d1; 1374| | 1375| | if (r0 >= radix) { 1376| | break; 1377| | } 1378| | } 1379| | 1380| | if (r != NULL) { 1381| | *r = (rAX * radix + u0_lsw - q0 * d) >> s; 1382| | } 1383| | 1384| | quotient = q1 * radix + q0; 1385| | 1386| | return quotient; 1387| |#endif 1388| 10.4k|} bignum.c:mbedtls_mpi_exp_mod_optionally_safe: 1621| 1.49k|{ 1622| 1.49k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.49k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1623| | 1624| 1.49k| if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) { ------------------ | Branch (1624:9): [True: 0, False: 1.49k] | Branch (1624:43): [True: 0, False: 1.49k] ------------------ 1625| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1626| 0| } 1627| | 1628| 1.49k| if (mbedtls_mpi_cmp_int(E, 0) < 0) { ------------------ | Branch (1628:9): [True: 0, False: 1.49k] ------------------ 1629| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1630| 0| } 1631| | 1632| 1.49k| if (mbedtls_mpi_bitlen(E) > MBEDTLS_MPI_MAX_BITS || ------------------ | | 76| 2.99k|#define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */ | | ------------------ | | | | 73| 1.49k|#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ | | ------------------ ------------------ | Branch (1632:9): [True: 0, False: 1.49k] ------------------ 1633| 1.49k| mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) { ------------------ | | 76| 1.49k|#define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */ | | ------------------ | | | | 73| 1.49k|#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ | | ------------------ ------------------ | Branch (1633:9): [True: 0, False: 1.49k] ------------------ 1634| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1635| 0| } 1636| | 1637| | /* 1638| | * Ensure that the exponent that we are passing to the core is not NULL. 1639| | */ 1640| 1.49k| if (E->n == 0) { ------------------ | Branch (1640:9): [True: 0, False: 1.49k] ------------------ 1641| 0| ret = mbedtls_mpi_lset(X, 1); 1642| 0| return ret; 1643| 0| } 1644| | 1645| | /* 1646| | * Allocate working memory for mbedtls_mpi_core_exp_mod() 1647| | */ 1648| 1.49k| size_t T_limbs = mbedtls_mpi_core_exp_mod_working_limbs(N->n, E->n); 1649| 1.49k| mbedtls_mpi_uint *T = (mbedtls_mpi_uint *) mbedtls_calloc(T_limbs, sizeof(mbedtls_mpi_uint)); 1650| 1.49k| if (T == NULL) { ------------------ | Branch (1650:9): [True: 0, False: 1.49k] ------------------ 1651| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 1652| 0| } 1653| | 1654| 1.49k| mbedtls_mpi RR; 1655| 1.49k| mbedtls_mpi_init(&RR); 1656| | 1657| | /* 1658| | * If 1st call, pre-compute R^2 mod N 1659| | */ 1660| 1.49k| if (prec_RR == NULL || prec_RR->p == NULL) { ------------------ | Branch (1660:9): [True: 1.49k, False: 0] | Branch (1660:28): [True: 0, False: 0] ------------------ 1661| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, N)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1662| | 1663| 1.49k| if (prec_RR != NULL) { ------------------ | Branch (1663:13): [True: 0, False: 1.49k] ------------------ 1664| 0| *prec_RR = RR; 1665| 0| } 1666| 1.49k| } else { 1667| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(prec_RR, N->n)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1668| 0| RR = *prec_RR; 1669| 0| } 1670| | 1671| | /* 1672| | * To preserve constness we need to make a copy of A. Using X for this to 1673| | * save memory. 1674| | */ 1675| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1676| | 1677| | /* 1678| | * Compensate for negative A (and correct at the end). 1679| | */ 1680| 1.49k| X->s = 1; 1681| | 1682| | /* 1683| | * Make sure that X is in a form that is safe for consumption by 1684| | * the core functions. 1685| | * 1686| | * - The core functions will not touch the limbs of X above N->n. The 1687| | * result will be correct if those limbs are 0, which the mod call 1688| | * ensures. 1689| | * - Also, X must have at least as many limbs as N for the calls to the 1690| | * core functions. 1691| | */ 1692| 1.49k| if (mbedtls_mpi_cmp_mpi(X, N) >= 0) { ------------------ | Branch (1692:9): [True: 0, False: 1.49k] ------------------ 1693| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1694| 0| } 1695| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, N->n)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1696| | 1697| | /* 1698| | * Convert to and from Montgomery around mbedtls_mpi_core_exp_mod(). 1699| | */ 1700| 1.49k| { 1701| 1.49k| mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); 1702| 1.49k| mbedtls_mpi_core_to_mont_rep(X->p, X->p, N->p, N->n, mm, RR.p, T); 1703| 1.49k| if (E_public == MBEDTLS_MPI_IS_PUBLIC) { ------------------ | | 112| 1.49k|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ | Branch (1703:13): [True: 0, False: 1.49k] ------------------ 1704| 0| mbedtls_mpi_core_exp_mod_unsafe(X->p, X->p, N->p, N->n, E->p, E->n, RR.p, T); 1705| 1.49k| } else { 1706| 1.49k| mbedtls_mpi_core_exp_mod(X->p, X->p, N->p, N->n, E->p, E->n, RR.p, T); 1707| 1.49k| } 1708| 1.49k| mbedtls_mpi_core_from_mont_rep(X->p, X->p, N->p, N->n, mm, T); 1709| 1.49k| } 1710| | 1711| | /* 1712| | * Correct for negative A. 1713| | */ 1714| 1.49k| if (A->s == -1 && (E->p[0] & 1) != 0) { ------------------ | Branch (1714:9): [True: 0, False: 1.49k] | Branch (1714:23): [True: 0, False: 0] ------------------ 1715| 0| mbedtls_ct_condition_t is_x_non_zero = mbedtls_mpi_core_check_zero_ct(X->p, X->n); 1716| 0| X->s = mbedtls_ct_mpi_sign_if(is_x_non_zero, -1, 1); 1717| | 1718| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, N, X)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1719| 0| } 1720| | 1721| 1.49k|cleanup: 1722| | 1723| 1.49k| mbedtls_mpi_zeroize_and_free(T, T_limbs); ------------------ | | 176| 1.49k|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1724| | 1725| 1.49k| if (prec_RR == NULL || prec_RR->p == NULL) { ------------------ | Branch (1725:9): [True: 1.49k, False: 0] | Branch (1725:28): [True: 0, False: 0] ------------------ 1726| 1.49k| mbedtls_mpi_free(&RR); 1727| 1.49k| } 1728| | 1729| 1.49k| return ret; 1730| 1.49k|} mbedtls_mpi_core_clz: 25| 39.5k|{ 26| 39.5k|#if defined(__has_builtin) 27| |#if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_clz) 28| | #define core_clz __builtin_clz 29| |#elif (MBEDTLS_MPI_UINT_MAX == ULONG_MAX) && __has_builtin(__builtin_clzl) 30| | #define core_clz __builtin_clzl 31| |#elif (MBEDTLS_MPI_UINT_MAX == ULLONG_MAX) && __has_builtin(__builtin_clzll) 32| | #define core_clz __builtin_clzll 33| |#endif 34| 39.5k|#endif 35| 39.5k|#if defined(core_clz) 36| 39.5k| return (size_t) core_clz(a); ------------------ | | 30| 39.5k| #define core_clz __builtin_clzl ------------------ 37| |#else 38| | size_t j; 39| | mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); 40| | 41| | for (j = 0; j < biL; j++) { 42| | if (a & mask) { 43| | break; 44| | } 45| | 46| | mask >>= 1; 47| | } 48| | 49| | return j; 50| |#endif 51| 39.5k|} mbedtls_mpi_core_bitlen: 54| 42.2k|{ 55| 42.2k| int i; 56| 42.2k| size_t j; 57| | 58| 133k| for (i = ((int) A_limbs) - 1; i >= 0; i--) { ------------------ | Branch (58:35): [True: 131k, False: 2.73k] ------------------ 59| 131k| if (A[i] != 0) { ------------------ | Branch (59:13): [True: 39.5k, False: 91.6k] ------------------ 60| 39.5k| j = biL - mbedtls_mpi_core_clz(A[i]); ------------------ | | 78| 39.5k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 39.5k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 61| 39.5k| return (i * biL) + j; ------------------ | | 78| 39.5k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 39.5k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 62| 39.5k| } 63| 131k| } 64| | 65| 2.73k| return 0; 66| 42.2k|} mbedtls_mpi_core_bigendian_to_host: 84| 4.00k|{ 85| 4.00k| mbedtls_mpi_uint *cur_limb_left; 86| 4.00k| mbedtls_mpi_uint *cur_limb_right; 87| 4.00k| if (A_limbs == 0) { ------------------ | Branch (87:9): [True: 0, False: 4.00k] ------------------ 88| 0| return; 89| 0| } 90| | 91| | /* 92| | * Traverse limbs and 93| | * - adapt byte-order in each limb 94| | * - swap the limbs themselves. 95| | * For that, simultaneously traverse the limbs from left to right 96| | * and from right to left, as long as the left index is not bigger 97| | * than the right index (it's not a problem if limbs is odd and the 98| | * indices coincide in the last iteration). 99| | */ 100| 4.00k| for (cur_limb_left = A, cur_limb_right = A + (A_limbs - 1); 101| 50.7k| cur_limb_left <= cur_limb_right; ------------------ | Branch (101:10): [True: 46.7k, False: 4.00k] ------------------ 102| 46.7k| cur_limb_left++, cur_limb_right--) { 103| 46.7k| mbedtls_mpi_uint tmp; 104| | /* Note that if cur_limb_left == cur_limb_right, 105| | * this code effectively swaps the bytes only once. */ 106| 46.7k| tmp = mpi_bigendian_to_host(*cur_limb_left); 107| 46.7k| *cur_limb_left = mpi_bigendian_to_host(*cur_limb_right); 108| 46.7k| *cur_limb_right = tmp; 109| 46.7k| } 110| 4.00k|} mbedtls_mpi_core_cond_assign: 172| 1.26M|{ 173| 1.26M| if (X == A) { ------------------ | Branch (173:9): [True: 0, False: 1.26M] ------------------ 174| 0| return; 175| 0| } 176| | 177| | /* This function is very performance-sensitive for RSA. For this reason 178| | * we have the loop below, instead of calling mbedtls_ct_memcpy_if 179| | * (this is more optimal since here we don't have to handle the case where 180| | * we copy awkwardly sized data). 181| | */ 182| 8.16M| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (182:24): [True: 6.89M, False: 1.26M] ------------------ 183| 6.89M| X[i] = mbedtls_ct_mpi_uint_if(assign, A[i], X[i]); 184| 6.89M| } 185| 1.26M|} mbedtls_mpi_core_read_le: 207| 241|{ 208| 241| const size_t limbs = CHARS_TO_LIMBS(input_length); ------------------ | | 86| 241|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 241|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 241|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 209| | 210| 241| if (X_limbs < limbs) { ------------------ | Branch (210:9): [True: 0, False: 241] ------------------ 211| 0| return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; ------------------ | | 30| 0|#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 ------------------ 212| 0| } 213| | 214| 241| if (X != NULL) { ------------------ | Branch (214:9): [True: 241, False: 0] ------------------ 215| 241| memset(X, 0, X_limbs * ciL); ------------------ | | 77| 241|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 216| | 217| 8.04k| for (size_t i = 0; i < input_length; i++) { ------------------ | Branch (217:28): [True: 7.80k, False: 241] ------------------ 218| 7.80k| size_t offset = ((i % ciL) << 3); ------------------ | | 77| 7.80k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 219| 7.80k| X[i / ciL] |= ((mbedtls_mpi_uint) input[i]) << offset; ------------------ | | 77| 7.80k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 220| 7.80k| } 221| 241| } 222| | 223| 241| return 0; 224| 241|} mbedtls_mpi_core_read_be: 230| 4.12k|{ 231| 4.12k| const size_t limbs = CHARS_TO_LIMBS(input_length); ------------------ | | 86| 4.12k|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 4.12k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 77| 4.12k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 232| | 233| 4.12k| if (X_limbs < limbs) { ------------------ | Branch (233:9): [True: 0, False: 4.12k] ------------------ 234| 0| return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; ------------------ | | 30| 0|#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 ------------------ 235| 0| } 236| | 237| | /* If X_limbs is 0, input_length must also be 0 (from previous test). 238| | * Nothing to do. */ 239| 4.12k| if (X_limbs == 0) { ------------------ | Branch (239:9): [True: 113, False: 4.00k] ------------------ 240| 113| return 0; 241| 113| } 242| | 243| 4.00k| memset(X, 0, X_limbs * ciL); ------------------ | | 77| 4.00k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 244| | 245| | /* memcpy() with (NULL, 0) is undefined behaviour */ 246| 4.00k| if (input_length != 0) { ------------------ | Branch (246:9): [True: 4.00k, False: 0] ------------------ 247| 4.00k| size_t overhead = (X_limbs * ciL) - input_length; ------------------ | | 77| 4.00k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 248| 4.00k| unsigned char *Xp = (unsigned char *) X; 249| 4.00k| memcpy(Xp + overhead, input, input_length); 250| 4.00k| } 251| | 252| 4.00k| mbedtls_mpi_core_bigendian_to_host(X, X_limbs); 253| | 254| 4.00k| return 0; 255| 4.12k|} mbedtls_mpi_core_shift_r: 332| 6.32k|{ 333| 6.32k| size_t i, v0, v1; 334| 6.32k| mbedtls_mpi_uint r0 = 0, r1; 335| | 336| 6.32k| v0 = count / biL; ------------------ | | 78| 6.32k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 6.32k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 337| 6.32k| v1 = count & (biL - 1); ------------------ | | 78| 6.32k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 6.32k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 338| | 339| 6.32k| if (v0 > limbs || (v0 == limbs && v1 > 0)) { ------------------ | Branch (339:9): [True: 0, False: 6.32k] | Branch (339:24): [True: 0, False: 6.32k] | Branch (339:39): [True: 0, False: 0] ------------------ 340| 0| memset(X, 0, limbs * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 341| 0| return; 342| 0| } 343| | 344| | /* 345| | * shift by count / limb_size 346| | */ 347| 6.32k| if (v0 > 0) { ------------------ | Branch (347:9): [True: 2.22k, False: 4.10k] ------------------ 348| 16.2k| for (i = 0; i < limbs - v0; i++) { ------------------ | Branch (348:21): [True: 14.0k, False: 2.22k] ------------------ 349| 14.0k| X[i] = X[i + v0]; 350| 14.0k| } 351| | 352| 12.6k| for (; i < limbs; i++) { ------------------ | Branch (352:16): [True: 10.4k, False: 2.22k] ------------------ 353| 10.4k| X[i] = 0; 354| 10.4k| } 355| 2.22k| } 356| | 357| | /* 358| | * shift by count % limb_size 359| | */ 360| 6.32k| if (v1 > 0) { ------------------ | Branch (360:9): [True: 4.00k, False: 2.31k] ------------------ 361| 37.7k| for (i = limbs; i > 0; i--) { ------------------ | Branch (361:25): [True: 33.7k, False: 4.00k] ------------------ 362| 33.7k| r1 = X[i - 1] << (biL - v1); ------------------ | | 78| 33.7k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 33.7k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 363| 33.7k| X[i - 1] >>= v1; 364| 33.7k| X[i - 1] |= r0; 365| 33.7k| r0 = r1; 366| 33.7k| } 367| 4.00k| } 368| 6.32k|} mbedtls_mpi_core_shift_l: 372| 19.1k|{ 373| 19.1k| size_t i, v0, v1; 374| 19.1k| mbedtls_mpi_uint r0 = 0, r1; 375| | 376| 19.1k| v0 = count / (biL); ------------------ | | 78| 19.1k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 19.1k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 377| 19.1k| v1 = count & (biL - 1); ------------------ | | 78| 19.1k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 19.1k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 378| | 379| | /* 380| | * shift by count / limb_size 381| | */ 382| 19.1k| if (v0 > 0) { ------------------ | Branch (382:9): [True: 12.2k, False: 6.95k] ------------------ 383| 122k| for (i = limbs; i > v0; i--) { ------------------ | Branch (383:25): [True: 110k, False: 12.2k] ------------------ 384| 110k| X[i - 1] = X[i - v0 - 1]; 385| 110k| } 386| | 387| 61.5k| for (; i > 0; i--) { ------------------ | Branch (387:16): [True: 49.3k, False: 12.2k] ------------------ 388| 49.3k| X[i - 1] = 0; 389| 49.3k| } 390| 12.2k| } 391| | 392| | /* 393| | * shift by count % limb_size 394| | */ 395| 19.1k| if (v1 > 0) { ------------------ | Branch (395:9): [True: 4.92k, False: 14.2k] ------------------ 396| 44.9k| for (i = v0; i < limbs; i++) { ------------------ | Branch (396:22): [True: 40.0k, False: 4.92k] ------------------ 397| 40.0k| r1 = X[i] >> (biL - v1); ------------------ | | 78| 40.0k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 40.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 398| 40.0k| X[i] <<= v1; 399| 40.0k| X[i] |= r0; 400| 40.0k| r0 = r1; 401| 40.0k| } 402| 4.92k| } 403| 19.1k|} mbedtls_mpi_core_add: 409| 8.30k|{ 410| 8.30k| mbedtls_mpi_uint c = 0; 411| | 412| 35.4k| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (412:24): [True: 27.1k, False: 8.30k] ------------------ 413| 27.1k| mbedtls_mpi_uint t = c + A[i]; 414| 27.1k| c = (t < A[i]); 415| 27.1k| t += B[i]; 416| 27.1k| c += (t < B[i]); 417| 27.1k| X[i] = t; 418| 27.1k| } 419| | 420| 8.30k| return c; 421| 8.30k|} mbedtls_mpi_core_sub: 448| 667k|{ 449| 667k| mbedtls_mpi_uint c = 0; 450| | 451| 4.31M| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (451:24): [True: 3.64M, False: 667k] ------------------ 452| 3.64M| mbedtls_mpi_uint z = (A[i] < c); 453| 3.64M| mbedtls_mpi_uint t = A[i] - c; 454| 3.64M| c = (t < B[i]) + z; 455| 3.64M| X[i] = t - B[i]; 456| 3.64M| } 457| | 458| 667k| return c; 459| 667k|} mbedtls_mpi_core_mla: 464| 7.08M|{ 465| 7.08M| mbedtls_mpi_uint c = 0; /* carry */ 466| | /* 467| | * It is a documented precondition of this function that d_len >= s_len. 468| | * If that's not the case, we swap these round: this turns what would be 469| | * a buffer overflow into an incorrect result. 470| | */ 471| 7.08M| if (d_len < s_len) { ------------------ | Branch (471:9): [True: 0, False: 7.08M] ------------------ 472| 0| s_len = d_len; 473| 0| } 474| 7.08M| size_t excess_len = d_len - s_len; 475| 7.08M| size_t steps_x8 = s_len / 8; 476| 7.08M| size_t steps_x1 = s_len & 7; 477| | 478| 8.74M| while (steps_x8--) { ------------------ | Branch (478:12): [True: 1.66M, False: 7.08M] ------------------ 479| 1.66M| MULADDC_X8_INIT ------------------ | | 1088| 1.66M|#define MULADDC_X8_INIT MULADDC_X4_INIT | | ------------------ | | | | 1082| 1.66M|#define MULADDC_X4_INIT MULADDC_X2_INIT | | | | ------------------ | | | | | | 1076| 1.66M|#define MULADDC_X2_INIT MULADDC_X1_INIT | | | | | | ------------------ | | | | | | | | 216| 1.66M| asm( \ | | | | | | | | ------------------ | | | | | | | | | | 321| 1.66M|#define asm __asm__ | | | | | | | | ------------------ | | | | | | | | 217| 1.66M| "xorq %%r8, %%r8\n" | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 480| 1.66M| MULADDC_X8_CORE 481| 1.66M| MULADDC_X8_STOP ------------------ | | 1089| 1.66M|#define MULADDC_X8_STOP MULADDC_X4_STOP | | ------------------ | | | | 1083| 1.66M|#define MULADDC_X4_STOP MULADDC_X2_STOP | | | | ------------------ | | | | | | 1077| 1.66M|#define MULADDC_X2_STOP MULADDC_X1_STOP | | | | | | ------------------ | | | | | | | | 232| 1.66M| : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ | | | | | | | | 233| 1.66M| : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ | | | | | | | | 234| 1.66M| : "rax", "rdx", "r8" \ | | | | | | | | 235| 1.66M| ); | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 482| 1.66M| } 483| | 484| 35.7M| while (steps_x1--) { ------------------ | Branch (484:12): [True: 28.6M, False: 7.08M] ------------------ 485| 28.6M| MULADDC_X1_INIT ------------------ | | 216| 28.6M| asm( \ | | ------------------ | | | | 321| 28.6M|#define asm __asm__ | | ------------------ | | 217| 28.6M| "xorq %%r8, %%r8\n" ------------------ 486| 28.6M| MULADDC_X1_CORE 487| 28.6M| MULADDC_X1_STOP ------------------ | | 232| 28.6M| : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ | | 233| 28.6M| : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ | | 234| 28.6M| : "rax", "rdx", "r8" \ | | 235| 28.6M| ); ------------------ 488| 28.6M| } 489| | 490| 21.4M| while (excess_len--) { ------------------ | Branch (490:12): [True: 14.3M, False: 7.08M] ------------------ 491| 14.3M| *d += c; 492| 14.3M| c = (*d < c); 493| 14.3M| d++; 494| 14.3M| } 495| | 496| 7.08M| return c; 497| 7.08M|} mbedtls_mpi_core_mul: 502| 11.9k|{ 503| 11.9k| memset(X, 0, (A_limbs + B_limbs) * ciL); ------------------ | | 77| 11.9k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 504| | 505| 52.7k| for (size_t i = 0; i < B_limbs; i++) { ------------------ | Branch (505:24): [True: 40.8k, False: 11.9k] ------------------ 506| 40.8k| (void) mbedtls_mpi_core_mla(X + i, A_limbs + 1, A, A_limbs, B[i]); 507| 40.8k| } 508| 11.9k|} mbedtls_mpi_core_montmul_init: 514| 2.99k|{ 515| 2.99k| mbedtls_mpi_uint x = N[0]; 516| | 517| 2.99k| x += ((N[0] + 2) & 4) << 1; 518| | 519| 14.9k| for (unsigned int i = biL; i >= 8; i /= 2) { ------------------ | | 78| 2.99k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 2.99k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (519:32): [True: 11.9k, False: 2.99k] ------------------ 520| 11.9k| x *= (2 - (N[0] * x)); 521| 11.9k| } 522| | 523| 2.99k| return ~x + 1; 524| 2.99k|} mbedtls_mpi_core_montmul: 534| 644k|{ 535| 644k| memset(T, 0, (2 * AN_limbs + 1) * ciL); ------------------ | | 77| 644k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 536| | 537| 4.15M| for (size_t i = 0; i < AN_limbs; i++) { ------------------ | Branch (537:24): [True: 3.51M, False: 644k] ------------------ 538| | /* T = (T + u0*B + u1*N) / 2^biL */ 539| 3.51M| mbedtls_mpi_uint u0 = A[i]; 540| 3.51M| mbedtls_mpi_uint u1 = (T[0] + u0 * B[0]) * mm; 541| | 542| 3.51M| (void) mbedtls_mpi_core_mla(T, AN_limbs + 2, B, B_limbs, u0); 543| 3.51M| (void) mbedtls_mpi_core_mla(T, AN_limbs + 2, N, AN_limbs, u1); 544| | 545| 3.51M| T++; 546| 3.51M| } 547| | 548| | /* 549| | * The result we want is (T >= N) ? T - N : T. 550| | * 551| | * For better constant-time properties in this function, we always do the 552| | * subtraction, with the result in X. 553| | * 554| | * We also look to see if there was any carry in the final additions in the 555| | * loop above. 556| | */ 557| | 558| 644k| mbedtls_mpi_uint carry = T[AN_limbs]; 559| 644k| mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, T, N, AN_limbs); 560| | 561| | /* 562| | * Using R as the Montgomery radix (auxiliary modulus) i.e. 2^(biL*AN_limbs): 563| | * 564| | * T can be in one of 3 ranges: 565| | * 566| | * 1) T < N : (carry, borrow) = (0, 1): we want T 567| | * 2) N <= T < R : (carry, borrow) = (0, 0): we want X 568| | * 3) T >= R : (carry, borrow) = (1, 1): we want X 569| | * 570| | * and (carry, borrow) = (1, 0) can't happen. 571| | * 572| | * So the correct return value is already in X if (carry ^ borrow) = 0, 573| | * but is in (the lower AN_limbs limbs of) T if (carry ^ borrow) = 1. 574| | */ 575| 644k| mbedtls_ct_memcpy_if(mbedtls_ct_bool(carry ^ borrow), 576| 644k| (unsigned char *) X, 577| 644k| (unsigned char *) T, 578| 644k| NULL, 579| 644k| AN_limbs * sizeof(mbedtls_mpi_uint)); 580| 644k|} mbedtls_mpi_core_get_mont_r2_unsafe: 584| 1.49k|{ 585| 1.49k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.49k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 586| | 587| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 1)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 588| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, N->n * 2 * biL)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 589| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 590| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(X, N->n)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 591| | 592| 1.49k|cleanup: 593| 1.49k| return ret; 594| 1.49k|} mbedtls_mpi_core_ct_uint_table_lookup: 602| 158k|{ 603| 1.42M| for (size_t i = 0; i < count; i++, table += limbs) { ------------------ | Branch (603:24): [True: 1.26M, False: 158k] ------------------ 604| 1.26M| mbedtls_ct_condition_t assign = mbedtls_ct_uint_eq(i, index); 605| 1.26M| mbedtls_mpi_core_cond_assign(dest, table, limbs, assign); 606| 1.26M| } 607| 158k|} mbedtls_mpi_core_exp_mod_working_limbs: 710| 1.49k|{ 711| 1.49k| const size_t wsize = exp_mod_get_window_size(E_limbs * biL); ------------------ | | 78| 1.49k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 712| 1.49k| const size_t welem = ((size_t) 1) << wsize; 713| | 714| | /* How big does each part of the working memory pool need to be? */ 715| 1.49k| const size_t table_limbs = welem * AN_limbs; 716| 1.49k| const size_t select_limbs = AN_limbs; 717| 1.49k| const size_t temp_limbs = 2 * AN_limbs + 1; 718| | 719| 1.49k| return table_limbs + select_limbs + temp_limbs; 720| 1.49k|} mbedtls_mpi_core_exp_mod: 941| 1.49k|{ 942| 1.49k| mbedtls_mpi_core_exp_mod_optionally_safe(X, 943| 1.49k| A, 944| 1.49k| N, 945| 1.49k| AN_limbs, 946| 1.49k| E, 947| 1.49k| E_limbs, 948| 1.49k| MBEDTLS_MPI_IS_SECRET, ------------------ | | 113| 1.49k|#define MBEDTLS_MPI_IS_SECRET 0 ------------------ 949| 1.49k| RR, 950| 1.49k| T); 951| 1.49k|} mbedtls_mpi_core_sub_int: 975| 5.10k|{ 976| 34.1k| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (976:24): [True: 29.0k, False: 5.10k] ------------------ 977| 29.0k| mbedtls_mpi_uint s = A[i]; 978| 29.0k| mbedtls_mpi_uint t = s - c; 979| 29.0k| c = (t > s); 980| 29.0k| X[i] = t; 981| 29.0k| } 982| | 983| 5.10k| return c; 984| 5.10k|} mbedtls_mpi_core_to_mont_rep: 1006| 1.49k|{ 1007| 1.49k| mbedtls_mpi_core_montmul(X, A, rr, AN_limbs, N, AN_limbs, mm, T); 1008| 1.49k|} mbedtls_mpi_core_from_mont_rep: 1016| 1.49k|{ 1017| 1.49k| const mbedtls_mpi_uint Rinv = 1; /* 1/R in Mont. rep => 1 */ 1018| | 1019| 1.49k| mbedtls_mpi_core_montmul(X, A, &Rinv, 1, N, AN_limbs, mm, T); 1020| 1.49k|} bignum_core.c:mpi_bigendian_to_host: 69| 93.4k|{ 70| 93.4k| if (MBEDTLS_IS_BIG_ENDIAN) { ------------------ | | 398| 93.4k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (398:31): [Folded - Ignored] | | ------------------ ------------------ 71| | /* Nothing to do on bigendian systems. */ 72| 0| return a; 73| 93.4k| } else { 74| |#if defined(MBEDTLS_HAVE_INT32) 75| | return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a); 76| |#elif defined(MBEDTLS_HAVE_INT64) 77| 93.4k| return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a); ------------------ | | 301| 93.4k|#define MBEDTLS_BSWAP64 __builtin_bswap64 ------------------ 78| 93.4k|#endif 79| 93.4k| } 80| 93.4k|} bignum_core.c:exp_mod_get_window_size: 696| 2.99k|{ 697| |#if MBEDTLS_MPI_WINDOW_SIZE >= 6 698| | return (Ebits > 671) ? 6 : (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1; 699| |#elif MBEDTLS_MPI_WINDOW_SIZE == 5 700| | return (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1; 701| |#elif MBEDTLS_MPI_WINDOW_SIZE > 1 702| 2.99k| return (Ebits > 79) ? MBEDTLS_MPI_WINDOW_SIZE : 1; ------------------ | | 62| 2.99k|#define MBEDTLS_MPI_WINDOW_SIZE 3 /**< Maximum window size used. */ ------------------ | Branch (702:12): [True: 2.99k, False: 0] ------------------ 703| |#else 704| | (void) Ebits; 705| | return 1; 706| |#endif 707| 2.99k|} bignum_core.c:mbedtls_mpi_core_exp_mod_optionally_safe: 858| 1.49k|{ 859| | /* We'll process the bits of E from most significant 860| | * (limb_index=E_limbs-1, E_bit_index=biL-1) to least significant 861| | * (limb_index=0, E_bit_index=0). */ 862| 1.49k| size_t E_limb_index = E_limbs; 863| 1.49k| size_t E_bit_index = 0; 864| 1.49k| exp_mod_calc_first_bit_optionally_safe(E, E_limbs, E_public, 865| 1.49k| &E_limb_index, &E_bit_index); 866| | 867| 1.49k| const size_t wsize = exp_mod_get_window_size(E_limb_index * biL); ------------------ | | 78| 1.49k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 868| 1.49k| const size_t welem = ((size_t) 1) << wsize; 869| | 870| | /* This is how we will use the temporary storage T, which must have space 871| | * for table_limbs, select_limbs and (2 * AN_limbs + 1) for montmul. */ 872| 1.49k| const size_t table_limbs = welem * AN_limbs; 873| 1.49k| const size_t select_limbs = AN_limbs; 874| | 875| | /* Pointers to specific parts of the temporary working memory pool */ 876| 1.49k| mbedtls_mpi_uint *const Wtable = T; 877| 1.49k| mbedtls_mpi_uint *const Wselect = Wtable + table_limbs; 878| 1.49k| mbedtls_mpi_uint *const temp = Wselect + select_limbs; 879| | 880| | /* 881| | * Window precomputation 882| | */ 883| | 884| 1.49k| const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N); 885| | 886| | /* Set Wtable[i] = A^i (in Montgomery representation) */ 887| 1.49k| exp_mod_precompute_window(A, N, AN_limbs, 888| 1.49k| mm, RR, 889| 1.49k| welem, Wtable, temp); 890| | 891| | /* 892| | * Fixed window exponentiation 893| | */ 894| | 895| | /* X = 1 (in Montgomery presentation) initially */ 896| 1.49k| memcpy(X, Wtable, AN_limbs * ciL); ------------------ | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 897| | 898| | /* At any given time, window contains window_bits bits from E. 899| | * window_bits can go up to wsize. */ 900| 1.49k| size_t window_bits = 0; 901| 1.49k| mbedtls_mpi_uint window = 0; 902| | 903| 473k| do { 904| | /* Square */ 905| 473k| mbedtls_mpi_core_montmul(X, X, X, AN_limbs, N, AN_limbs, mm, temp); 906| | 907| | /* Move to the next bit of the exponent */ 908| 473k| if (E_bit_index == 0) { ------------------ | Branch (908:13): [True: 7.39k, False: 465k] ------------------ 909| 7.39k| --E_limb_index; 910| 7.39k| E_bit_index = biL - 1; ------------------ | | 78| 7.39k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 7.39k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 911| 465k| } else { 912| 465k| --E_bit_index; 913| 465k| } 914| | /* Insert next exponent bit into window */ 915| 473k| ++window_bits; 916| 473k| window <<= 1; 917| 473k| window |= (E[E_limb_index] >> E_bit_index) & 1; 918| | 919| | /* Clear window if it's full. Also clear the window at the end, 920| | * when we've finished processing the exponent. */ 921| 473k| if (window_bits == wsize || ------------------ | Branch (921:13): [True: 157k, False: 315k] ------------------ 922| 473k| (E_bit_index == 0 && E_limb_index == 0)) { ------------------ | Branch (922:14): [True: 5.15k, False: 310k] | Branch (922:34): [True: 575, False: 4.58k] ------------------ 923| | 924| 158k| exp_mod_table_lookup_optionally_safe(Wselect, Wtable, AN_limbs, welem, 925| 158k| window, E_public); 926| | /* Multiply X by the selected element. */ 927| 158k| mbedtls_mpi_core_montmul(X, X, Wselect, AN_limbs, N, AN_limbs, mm, 928| 158k| temp); 929| 158k| window = 0; 930| 158k| window_bits = 0; 931| 158k| } 932| 473k| } while (!(E_bit_index == 0 && E_limb_index == 0)); ------------------ | Branch (932:16): [True: 7.39k, False: 465k] | Branch (932:36): [True: 1.49k, False: 5.89k] ------------------ 933| 1.49k|} bignum_core.c:exp_mod_calc_first_bit_optionally_safe: 766| 1.49k|{ 767| 1.49k| if (E_public == MBEDTLS_MPI_IS_PUBLIC) { ------------------ | | 112| 1.49k|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ | Branch (767:9): [True: 0, False: 1.49k] ------------------ 768| | /* 769| | * Skip leading zero bits. 770| | */ 771| 0| size_t E_bits = mbedtls_mpi_core_bitlen(E, E_limbs); 772| 0| if (E_bits == 0) { ------------------ | Branch (772:13): [True: 0, False: 0] ------------------ 773| | /* 774| | * If E is 0 mbedtls_mpi_core_bitlen() returns 0. Even if that is the case, we will want 775| | * to represent it as a single 0 bit and as such the bitlength will be 1. 776| | */ 777| 0| E_bits = 1; 778| 0| } 779| | 780| 0| *E_limb_index = E_bits / biL; ------------------ | | 78| 0|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 781| 0| *E_bit_index = E_bits % biL; ------------------ | | 78| 0|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 782| | 783| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 784| | if (mbedtls_unsafe_codepath_hook != NULL) { 785| | mbedtls_unsafe_codepath_hook(); 786| | } 787| |#endif 788| 1.49k| } else { 789| | /* 790| | * Here we need to be constant time with respect to E and can't do anything better than 791| | * start at the first allocated bit. 792| | */ 793| 1.49k| *E_limb_index = E_limbs; 794| 1.49k| *E_bit_index = 0; 795| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 796| | if (mbedtls_safe_codepath_hook != NULL) { 797| | mbedtls_safe_codepath_hook(); 798| | } 799| |#endif 800| 1.49k| } 801| 1.49k|} bignum_core.c:exp_mod_precompute_window: 730| 1.49k|{ 731| | /* W[0] = 1 (in Montgomery presentation) */ 732| 1.49k| memset(Wtable, 0, AN_limbs * ciL); ------------------ | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 733| 1.49k| Wtable[0] = 1; 734| 1.49k| mbedtls_mpi_core_montmul(Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp); 735| | 736| | /* W[1] = A (already in Montgomery presentation) */ 737| 1.49k| mbedtls_mpi_uint *W1 = Wtable + AN_limbs; 738| 1.49k| memcpy(W1, A, AN_limbs * ciL); ------------------ | | 77| 1.49k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 739| | 740| | /* W[i+1] = W[i] * W[1], i >= 2 */ 741| 1.49k| mbedtls_mpi_uint *Wprev = W1; 742| 10.4k| for (size_t i = 2; i < welem; i++) { ------------------ | Branch (742:24): [True: 8.98k, False: 1.49k] ------------------ 743| 8.98k| mbedtls_mpi_uint *Wcur = Wprev + AN_limbs; 744| 8.98k| mbedtls_mpi_core_montmul(Wcur, Wprev, W1, AN_limbs, N, AN_limbs, mm, temp); 745| 8.98k| Wprev = Wcur; 746| 8.98k| } 747| 1.49k|} bignum_core.c:exp_mod_table_lookup_optionally_safe: 813| 158k|{ 814| 158k| if (window_public == MBEDTLS_MPI_IS_PUBLIC) { ------------------ | | 112| 158k|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ | Branch (814:9): [True: 0, False: 158k] ------------------ 815| 0| memcpy(Wselect, Wtable + window * AN_limbs, AN_limbs * ciL); ------------------ | | 77| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 816| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 817| | if (mbedtls_unsafe_codepath_hook != NULL) { 818| | mbedtls_unsafe_codepath_hook(); 819| | } 820| |#endif 821| 158k| } else { 822| | /* Select Wtable[window] without leaking window through 823| | * memory access patterns. */ 824| 158k| mbedtls_mpi_core_ct_uint_table_lookup(Wselect, Wtable, 825| 158k| AN_limbs, welem, window); 826| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 827| | if (mbedtls_safe_codepath_hook != NULL) { 828| | mbedtls_safe_codepath_hook(); 829| | } 830| |#endif 831| 158k| } 832| 158k|} mbedtls_ct_memcpy_if: 175| 644k|{ 176| 644k|#if defined(MBEDTLS_CT_SIZE_64) 177| 644k| const uint64_t mask = (uint64_t) condition; 178| 644k| const uint64_t not_mask = (uint64_t) ~mbedtls_ct_compiler_opaque(condition); 179| |#else 180| | const uint32_t mask = (uint32_t) condition; 181| | const uint32_t not_mask = (uint32_t) ~mbedtls_ct_compiler_opaque(condition); 182| |#endif 183| | 184| | /* If src2 is NULL, setup src2 so that we read from the destination address. 185| | * 186| | * This means that if src2 == NULL && condition is false, the result will be a 187| | * no-op because we read from dest and write the same data back into dest. 188| | */ 189| 644k| if (src2 == NULL) { ------------------ | Branch (189:9): [True: 644k, False: 0] ------------------ 190| 644k| src2 = dest; 191| 644k| } 192| | 193| | /* dest[i] = c1 == c2 ? src[i] : dest[i] */ 194| 644k| size_t i = 0; 195| 644k|#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) 196| 644k|#if defined(MBEDTLS_CT_SIZE_64) 197| 4.15M| for (; (i + 8) <= len; i += 8) { ------------------ | Branch (197:12): [True: 3.51M, False: 644k] ------------------ 198| 3.51M| uint64_t a = mbedtls_get_unaligned_uint64(src1 + i) & mask; 199| 3.51M| uint64_t b = mbedtls_get_unaligned_uint64(src2 + i) & not_mask; 200| 3.51M| mbedtls_put_unaligned_uint64(dest + i, a | b); 201| 3.51M| } 202| |#else 203| | for (; (i + 4) <= len; i += 4) { 204| | uint32_t a = mbedtls_get_unaligned_uint32(src1 + i) & mask; 205| | uint32_t b = mbedtls_get_unaligned_uint32(src2 + i) & not_mask; 206| | mbedtls_put_unaligned_uint32(dest + i, a | b); 207| | } 208| |#endif /* defined(MBEDTLS_CT_SIZE_64) */ 209| 644k|#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */ 210| 644k| for (; i < len; i++) { ------------------ | Branch (210:12): [True: 0, False: 644k] ------------------ 211| 0| dest[i] = (src1[i] & mask) | (src2[i] & not_mask); 212| 0| } 213| 644k|} bignum_core.c:mbedtls_ct_compiler_opaque: 86| 2.53M|{ 87| 2.53M|#if defined(MBEDTLS_CT_ASM) 88| 2.53M| asm volatile ("" : [x] "+r" (x) :); ------------------ | | 321| 2.53M|#define asm __asm__ ------------------ 89| 2.53M| return x; 90| |#else 91| | return x ^ mbedtls_ct_zero; 92| |#endif 93| 2.53M|} bignum_core.c:mbedtls_ct_bool: 121| 1.90M|{ 122| | /* 123| | * Define mask-generation code that, as far as possible, will not use branches or conditional instructions. 124| | * 125| | * For some platforms / type sizes, we define assembly to assure this. 126| | * 127| | * Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into 128| | * conditional instructions or branches by trunk clang, gcc, or MSVC v19. 129| | */ 130| |#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 131| | mbedtls_ct_uint_t s; 132| | asm volatile ("neg %x[s], %x[x] \n\t" 133| | "orr %x[x], %x[s], %x[x] \n\t" 134| | "asr %x[x], %x[x], 63 \n\t" 135| | : 136| | [s] "=&r" (s), 137| | [x] "+&r" (x) 138| | : 139| | : 140| | ); 141| | return (mbedtls_ct_condition_t) x; 142| |#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) 143| | uint32_t s; 144| | asm volatile (".syntax unified \n\t" 145| | "negs %[s], %[x] \n\t" 146| | "orrs %[x], %[x], %[s] \n\t" 147| | "asrs %[x], %[x], #31 \n\t" 148| | RESTORE_ASM_SYNTAX 149| | : 150| | [s] "=&l" (s), 151| | [x] "+&l" (x) 152| | : 153| | : 154| | "cc" /* clobbers flag bits */ 155| | ); 156| | return (mbedtls_ct_condition_t) x; 157| |#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 158| | uint64_t s; 159| 1.90M| asm volatile ("mov %[x], %[s] \n\t" ------------------ | | 321| 1.90M|#define asm __asm__ ------------------ 160| 1.90M| "neg %[s] \n\t" 161| 1.90M| "or %[x], %[s] \n\t" 162| 1.90M| "sar $63, %[s] \n\t" 163| 1.90M| : 164| 1.90M| [s] "=&a" (s) 165| 1.90M| : 166| 1.90M| [x] "D" (x) 167| 1.90M| : 168| 1.90M| ); 169| 1.90M| return (mbedtls_ct_condition_t) s; 170| |#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) 171| | uint32_t s; 172| | asm volatile ("mov %[x], %[s] \n\t" 173| | "neg %[s] \n\t" 174| | "or %[s], %[x] \n\t" 175| | "sar $31, %[x] \n\t" 176| | : 177| | [s] "=&c" (s), 178| | [x] "+&a" (x) 179| | : 180| | : 181| | ); 182| | return (mbedtls_ct_condition_t) x; 183| |#else 184| | const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); 185| |#if defined(_MSC_VER) 186| | /* MSVC has a warning about unary minus on unsigned, but this is 187| | * well-defined and precisely what we want to do here */ 188| |#pragma warning( push ) 189| |#pragma warning( disable : 4146 ) 190| |#endif 191| | // y is negative (i.e., top bit set) iff x is non-zero 192| | mbedtls_ct_int_t y = (-xo) | -(xo >> 1); 193| | 194| | // extract only the sign bit of y so that y == 1 (if x is non-zero) or 0 (if x is zero) 195| | y = (((mbedtls_ct_uint_t) y) >> (MBEDTLS_CT_SIZE - 1)); 196| | 197| | // -y has all bits set (if x is non-zero), or all bits clear (if x is zero) 198| | return (mbedtls_ct_condition_t) (-y); 199| |#if defined(_MSC_VER) 200| |#pragma warning( pop ) 201| |#endif 202| |#endif 203| 1.90M|} bignum_core.c:mbedtls_ct_mpi_uint_if: 438| 6.89M|{ 439| 6.89M| return (mbedtls_mpi_uint) mbedtls_ct_if(condition, 440| 6.89M| (mbedtls_ct_uint_t) if1, 441| 6.89M| (mbedtls_ct_uint_t) if0); 442| 6.89M|} bignum_core.c:mbedtls_ct_if: 208| 6.89M|{ 209| |#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 210| | asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t" 211| | "mvn %x[condition], %x[condition] \n\t" 212| | "and %x[condition], %x[condition], %x[if0] \n\t" 213| | "orr %x[condition], %x[if1], %x[condition]" 214| | : 215| | [condition] "+&r" (condition), 216| | [if1] "+&r" (if1) 217| | : 218| | [if0] "r" (if0) 219| | : 220| | ); 221| | return (mbedtls_ct_uint_t) condition; 222| |#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) 223| | asm volatile (".syntax unified \n\t" 224| | "ands %[if1], %[if1], %[condition] \n\t" 225| | "mvns %[condition], %[condition] \n\t" 226| | "ands %[condition], %[condition], %[if0] \n\t" 227| | "orrs %[condition], %[if1], %[condition] \n\t" 228| | RESTORE_ASM_SYNTAX 229| | : 230| | [condition] "+&l" (condition), 231| | [if1] "+&l" (if1) 232| | : 233| | [if0] "l" (if0) 234| | : 235| | "cc" 236| | ); 237| | return (mbedtls_ct_uint_t) condition; 238| |#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 239| 6.89M| asm volatile ("and %[condition], %[if1] \n\t" ------------------ | | 321| 6.89M|#define asm __asm__ ------------------ 240| 6.89M| "not %[condition] \n\t" 241| 6.89M| "and %[condition], %[if0] \n\t" 242| 6.89M| "or %[if1], %[if0] \n\t" 243| 6.89M| : 244| 6.89M| [condition] "+&D" (condition), 245| 6.89M| [if1] "+&S" (if1), 246| 6.89M| [if0] "+&a" (if0) 247| 6.89M| : 248| 6.89M| : 249| 6.89M| ); 250| 6.89M| return if0; 251| |#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) 252| | asm volatile ("and %[condition], %[if1] \n\t" 253| | "not %[condition] \n\t" 254| | "and %[if0], %[condition] \n\t" 255| | "or %[condition], %[if1] \n\t" 256| | : 257| | [condition] "+&c" (condition), 258| | [if1] "+&a" (if1) 259| | : 260| | [if0] "b" (if0) 261| | : 262| | ); 263| | return if1; 264| |#else 265| | mbedtls_ct_condition_t not_cond = 266| | (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); 267| | return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0)); 268| |#endif 269| 6.89M|} bignum_core.c:mbedtls_ct_uint_eq: 491| 1.26M|{ 492| 1.26M| return ~mbedtls_ct_uint_ne(x, y); 493| 1.26M|} bignum_core.c:mbedtls_ct_uint_ne: 383| 1.26M|{ 384| | /* diff = 0 if x == y, non-zero otherwise */ 385| 1.26M| const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y); 386| | 387| | /* all ones if x != y, 0 otherwise */ 388| 1.26M| return mbedtls_ct_bool(diff); 389| 1.26M|} constant_time.c:mbedtls_ct_compiler_opaque: 86| 644k|{ 87| 644k|#if defined(MBEDTLS_CT_ASM) 88| 644k| asm volatile ("" : [x] "+r" (x) :); ------------------ | | 321| 644k|#define asm __asm__ ------------------ 89| 644k| return x; 90| |#else 91| | return x ^ mbedtls_ct_zero; 92| |#endif 93| 644k|} base64.c:mbedtls_ct_uchar_in_range_if: 395| 3.15M|{ 396| 3.15M| const unsigned char co = (unsigned char) mbedtls_ct_compiler_opaque(c); 397| 3.15M| const unsigned char to = (unsigned char) mbedtls_ct_compiler_opaque(t); 398| | 399| | /* low_mask is: 0 if low <= c, 0x...ff if low > c */ 400| 3.15M| unsigned low_mask = ((unsigned) co - low) >> 8; 401| | /* high_mask is: 0 if c <= high, 0x...ff if c > high */ 402| 3.15M| unsigned high_mask = ((unsigned) high - co) >> 8; 403| | 404| 3.15M| return (unsigned char) (~(low_mask | high_mask)) & to; 405| 3.15M|} base64.c:mbedtls_ct_compiler_opaque: 86| 6.31M|{ 87| 6.31M|#if defined(MBEDTLS_CT_ASM) 88| 6.31M| asm volatile ("" : [x] "+r" (x) :); ------------------ | | 321| 6.31M|#define asm __asm__ ------------------ 89| 6.31M| return x; 90| |#else 91| | return x ^ mbedtls_ct_zero; 92| |#endif 93| 6.31M|} mbedtls_ecp_curve_list: 397| 945|{ 398| 945| return ecp_supported_curves; 399| 945|} mbedtls_ecp_grp_id_list: 405| 12|{ 406| 12| static int init_done = 0; 407| | 408| 12| if (!init_done) { ------------------ | Branch (408:9): [True: 1, False: 11] ------------------ 409| 1| size_t i = 0; 410| 1| const mbedtls_ecp_curve_info *curve_info; 411| | 412| 1| for (curve_info = mbedtls_ecp_curve_list(); 413| 14| curve_info->grp_id != MBEDTLS_ECP_DP_NONE; ------------------ | Branch (413:14): [True: 13, False: 1] ------------------ 414| 13| curve_info++) { 415| 13| ecp_supported_grp_id[i++] = curve_info->grp_id; 416| 13| } 417| 1| ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE; 418| | 419| 1| init_done = 1; 420| 1| } 421| | 422| 12| return ecp_supported_grp_id; 423| 12|} mbedtls_ecp_curve_info_from_grp_id: 429| 944|{ 430| 944| const mbedtls_ecp_curve_info *curve_info; 431| | 432| 944| for (curve_info = mbedtls_ecp_curve_list(); 433| 6.50k| curve_info->grp_id != MBEDTLS_ECP_DP_NONE; ------------------ | Branch (433:10): [True: 6.50k, False: 0] ------------------ 434| 6.50k| curve_info++) { 435| 6.50k| if (curve_info->grp_id == grp_id) { ------------------ | Branch (435:13): [True: 944, False: 5.56k] ------------------ 436| 944| return curve_info; 437| 944| } 438| 6.50k| } 439| | 440| 0| return NULL; 441| 944|} mbedtls_ecp_get_type: 487| 9.38k|{ 488| 9.38k| if (grp->G.X.p == NULL) { ------------------ | Branch (488:9): [True: 74, False: 9.31k] ------------------ 489| 74| return MBEDTLS_ECP_TYPE_NONE; 490| 74| } 491| | 492| 9.31k| if (grp->G.Y.p == NULL) { ------------------ | Branch (492:9): [True: 727, False: 8.58k] ------------------ 493| 727| return MBEDTLS_ECP_TYPE_MONTGOMERY; 494| 8.58k| } else { 495| 8.58k| return MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS; 496| 8.58k| } 497| 9.31k|} mbedtls_ecp_point_init: 503| 8.33k|{ 504| 8.33k| mbedtls_mpi_init(&pt->X); 505| 8.33k| mbedtls_mpi_init(&pt->Y); 506| 8.33k| mbedtls_mpi_init(&pt->Z); 507| 8.33k|} mbedtls_ecp_group_init: 513| 5.60k|{ 514| 5.60k| grp->id = MBEDTLS_ECP_DP_NONE; 515| 5.60k| mbedtls_mpi_init(&grp->P); 516| 5.60k| mbedtls_mpi_init(&grp->A); 517| 5.60k| mbedtls_mpi_init(&grp->B); 518| 5.60k| mbedtls_ecp_point_init(&grp->G); 519| 5.60k| mbedtls_mpi_init(&grp->N); 520| 5.60k| grp->pbits = 0; 521| 5.60k| grp->nbits = 0; 522| 5.60k| grp->h = 0; 523| 5.60k| grp->modp = NULL; 524| 5.60k| grp->t_pre = NULL; 525| 5.60k| grp->t_post = NULL; 526| 5.60k| grp->t_data = NULL; 527| 5.60k| grp->T = NULL; 528| 5.60k| grp->T_size = 0; 529| 5.60k|} mbedtls_ecp_keypair_init: 535| 2.73k|{ 536| 2.73k| mbedtls_ecp_group_init(&key->grp); 537| 2.73k| mbedtls_mpi_init(&key->d); 538| 2.73k| mbedtls_ecp_point_init(&key->Q); 539| 2.73k|} mbedtls_ecp_point_free: 545| 6.18k|{ 546| 6.18k| if (pt == NULL) { ------------------ | Branch (546:9): [True: 0, False: 6.18k] ------------------ 547| 0| return; 548| 0| } 549| | 550| 6.18k| mbedtls_mpi_free(&(pt->X)); 551| 6.18k| mbedtls_mpi_free(&(pt->Y)); 552| 6.18k| mbedtls_mpi_free(&(pt->Z)); 553| 6.18k|} mbedtls_ecp_group_free: 572| 5.47k|{ 573| 5.47k| size_t i; 574| | 575| 5.47k| if (grp == NULL) { ------------------ | Branch (575:9): [True: 0, False: 5.47k] ------------------ 576| 0| return; 577| 0| } 578| | 579| 5.47k| if (grp->h != 1) { ------------------ | Branch (579:9): [True: 3.16k, False: 2.30k] ------------------ 580| 3.16k| mbedtls_mpi_free(&grp->A); 581| 3.16k| mbedtls_mpi_free(&grp->B); 582| 3.16k| mbedtls_ecp_point_free(&grp->G); 583| | 584| 3.16k|#if !defined(MBEDTLS_ECP_WITH_MPI_UINT) 585| 3.16k| mbedtls_mpi_free(&grp->N); 586| 3.16k| mbedtls_mpi_free(&grp->P); 587| 3.16k|#endif 588| 3.16k| } 589| | 590| 5.47k| if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { ------------------ | Branch (590:9): [True: 3.16k, False: 2.30k] | Branch (590:49): [True: 0, False: 3.16k] ------------------ 591| 0| for (i = 0; i < grp->T_size; i++) { ------------------ | Branch (591:21): [True: 0, False: 0] ------------------ 592| 0| mbedtls_ecp_point_free(&grp->T[i]); 593| 0| } 594| 0| mbedtls_free(grp->T); 595| 0| } 596| | 597| 5.47k| mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); 598| 5.47k|} mbedtls_ecp_keypair_free: 604| 2.73k|{ 605| 2.73k| if (key == NULL) { ------------------ | Branch (605:9): [True: 0, False: 2.73k] ------------------ 606| 0| return; 607| 0| } 608| | 609| 2.73k| mbedtls_ecp_group_free(&key->grp); 610| 2.73k| mbedtls_mpi_free(&key->d); 611| 2.73k| mbedtls_ecp_point_free(&key->Q); 612| 2.73k|} mbedtls_ecp_set_zero: 640| 2|{ 641| 2| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 642| 2| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->X, 1)); ------------------ | | 41| 2| do \ | | 42| 2| { \ | | 43| 2| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2] | | ------------------ | | 44| 2| goto cleanup; \ | | 45| 2| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 643| 2| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Y, 1)); ------------------ | | 41| 2| do \ | | 42| 2| { \ | | 43| 2| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2] | | ------------------ | | 44| 2| goto cleanup; \ | | 45| 2| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 644| 2| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 0)); ------------------ | | 41| 2| do \ | | 42| 2| { \ | | 43| 2| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2] | | ------------------ | | 44| 2| goto cleanup; \ | | 45| 2| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 645| | 646| 2|cleanup: 647| 2| return ret; 648| 2|} mbedtls_ecp_point_read_binary: 772| 2.46k|{ 773| 2.46k| int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 2.46k|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 774| 2.46k| size_t plen; 775| 2.46k| if (ilen < 1) { ------------------ | Branch (775:9): [True: 9, False: 2.45k] ------------------ 776| 9| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 9|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 777| 9| } 778| | 779| 2.45k| plen = mbedtls_mpi_size(&grp->P); 780| | 781| 2.45k|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 782| 2.45k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (782:9): [True: 245, False: 2.20k] ------------------ 783| 245| if (plen != ilen) { ------------------ | Branch (783:13): [True: 4, False: 241] ------------------ 784| 4| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 4|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 785| 4| } 786| | 787| 241| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen)); ------------------ | | 41| 241| do \ | | 42| 241| { \ | | 43| 241| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 241] | | ------------------ | | 44| 241| goto cleanup; \ | | 45| 241| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 788| 241| mbedtls_mpi_free(&pt->Y); 789| | 790| 241| if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { ------------------ | Branch (790:13): [True: 237, False: 4] ------------------ 791| | /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ 792| 237| MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0)); ------------------ | | 41| 237| do \ | | 42| 237| { \ | | 43| 237| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 237] | | ------------------ | | 44| 237| goto cleanup; \ | | 45| 237| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 793| 237| } 794| | 795| 241| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); ------------------ | | 41| 241| do \ | | 42| 241| { \ | | 43| 241| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 241] | | ------------------ | | 44| 241| goto cleanup; \ | | 45| 241| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 796| 241| } 797| 2.44k|#endif 798| 2.44k|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 799| 2.44k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (799:9): [True: 2.16k, False: 278] ------------------ 800| 2.16k| if (buf[0] == 0x00) { ------------------ | Branch (800:13): [True: 6, False: 2.16k] ------------------ 801| 6| if (ilen == 1) { ------------------ | Branch (801:17): [True: 2, False: 4] ------------------ 802| 2| return mbedtls_ecp_set_zero(pt); 803| 4| } else { 804| 4| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 4|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 805| 4| } 806| 6| } 807| | 808| 2.16k| if (ilen < 1 + plen) { ------------------ | Branch (808:13): [True: 9, False: 2.15k] ------------------ 809| 9| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 9|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 810| 9| } 811| | 812| 2.15k| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen)); ------------------ | | 41| 2.15k| do \ | | 42| 2.15k| { \ | | 43| 2.15k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.15k] | | ------------------ | | 44| 2.15k| goto cleanup; \ | | 45| 2.15k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 813| 2.15k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); ------------------ | | 41| 2.15k| do \ | | 42| 2.15k| { \ | | 43| 2.15k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.15k] | | ------------------ | | 44| 2.15k| goto cleanup; \ | | 45| 2.15k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 814| | 815| 2.15k| if (buf[0] == 0x04) { ------------------ | Branch (815:13): [True: 639, False: 1.51k] ------------------ 816| | /* format == MBEDTLS_ECP_PF_UNCOMPRESSED */ 817| 639| if (ilen != 1 + plen * 2) { ------------------ | Branch (817:17): [True: 14, False: 625] ------------------ 818| 14| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 14|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 819| 14| } 820| 625| return mbedtls_mpi_read_binary(&pt->Y, buf + 1 + plen, plen); 821| 1.51k| } else if (buf[0] == 0x02 || buf[0] == 0x03) { ------------------ | Branch (821:20): [True: 957, False: 558] | Branch (821:38): [True: 548, False: 10] ------------------ 822| | /* format == MBEDTLS_ECP_PF_COMPRESSED */ 823| 1.50k| if (ilen != 1 + plen) { ------------------ | Branch (823:17): [True: 2, False: 1.50k] ------------------ 824| 2| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 2|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 825| 2| } 826| 1.50k| return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y, 827| 1.50k| (buf[0] & 1)); 828| 1.50k| } else { 829| 10| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 10|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 830| 10| } 831| 2.15k| } 832| 278|#endif 833| | 834| 278|cleanup: 835| 278| return ret; 836| 2.44k|} mbedtls_ecp_check_pubkey: 3029| 2.36k|{ 3030| | /* Must use affine coordinates */ 3031| 2.36k| if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) { ------------------ | Branch (3031:9): [True: 2, False: 2.36k] ------------------ 3032| 2| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 2|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3033| 2| } 3034| | 3035| 2.36k|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 3036| 2.36k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (3036:9): [True: 241, False: 2.12k] ------------------ 3037| 241| return ecp_check_pubkey_mx(grp, pt); 3038| 241| } 3039| 2.12k|#endif 3040| 2.12k|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 3041| 2.12k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (3041:9): [True: 2.12k, False: 0] ------------------ 3042| 2.12k| return ecp_check_pubkey_sw(grp, pt); 3043| 2.12k| } 3044| 0|#endif 3045| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 3046| 2.12k|} mbedtls_ecp_keypair_get_group_id: 3435| 944|{ 3436| 944| return key->grp.id; 3437| 944|} mbedtls_ecp_export: 3444| 944|{ 3445| 944| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 944|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 3446| | 3447| 944| if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { ------------------ | Branch (3447:9): [True: 0, False: 944] | Branch (3447:24): [True: 0, False: 0] ------------------ 3448| 0| return ret; 3449| 0| } 3450| | 3451| 944| if (d != NULL && (ret = mbedtls_mpi_copy(d, &key->d)) != 0) { ------------------ | Branch (3451:9): [True: 944, False: 0] | Branch (3451:22): [True: 0, False: 944] ------------------ 3452| 0| return ret; 3453| 0| } 3454| | 3455| 944| if (Q != NULL && (ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { ------------------ | Branch (3455:9): [True: 0, False: 944] | Branch (3455:22): [True: 0, False: 0] ------------------ 3456| 0| return ret; 3457| 0| } 3458| | 3459| 944| return 0; 3460| 944|} ecp.c:ecp_group_is_static_comb_table: 559| 5.47k|{ 560| 5.47k|#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 561| 5.47k| return grp->T != NULL && grp->T_size == 0; ------------------ | Branch (561:12): [True: 2.30k, False: 3.16k] | Branch (561:30): [True: 2.30k, False: 0] ------------------ 562| |#else 563| | (void) grp; 564| | return 0; 565| |#endif 566| 5.47k|} ecp.c:mbedtls_ecp_sw_derive_y: 1255| 1.50k|{ 1256| | /* w = y^2 = x^3 + ax + b 1257| | * y = sqrt(w) = w^((p+1)/4) mod p (for prime p where p = 3 mod 4) 1258| | * 1259| | * Note: this method for extracting square root does not validate that w 1260| | * was indeed a square so this function will return garbage in Y if X 1261| | * does not correspond to a point on the curve. 1262| | */ 1263| | 1264| | /* Check prerequisite p = 3 mod 4 */ 1265| 1.50k| if (mbedtls_mpi_get_bit(&grp->P, 0) != 1 || ------------------ | Branch (1265:9): [True: 0, False: 1.50k] ------------------ 1266| 1.50k| mbedtls_mpi_get_bit(&grp->P, 1) != 1) { ------------------ | Branch (1266:9): [True: 1, False: 1.50k] ------------------ 1267| 1| return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 1|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 1268| 1| } 1269| | 1270| 1.50k| int ret; 1271| 1.50k| mbedtls_mpi exp; 1272| 1.50k| mbedtls_mpi_init(&exp); 1273| | 1274| | /* use Y to store intermediate result, actually w above */ 1275| 1.50k| MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, Y, X)); ------------------ | | 41| 1.50k| do \ | | 42| 1.50k| { \ | | 43| 1.50k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 4, False: 1.49k] | | ------------------ | | 44| 1.50k| goto cleanup; \ | | 45| 1.50k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1276| | 1277| | /* w = y^2 */ /* Y contains y^2 intermediate result */ 1278| | /* exp = ((p+1)/4) */ 1279| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&exp, &grp->P, 1)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1280| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&exp, 2)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1281| | /* sqrt(w) = w^((p+1)/4) mod p (for prime p where p = 3 mod 4) */ 1282| 1.49k| MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(Y, Y /*y^2*/, &exp, &grp->P, NULL)); ------------------ | | 41| 1.49k| do \ | | 42| 1.49k| { \ | | 43| 1.49k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.49k] | | ------------------ | | 44| 1.49k| goto cleanup; \ | | 45| 1.49k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1283| | 1284| | /* check parity bit match or else invert Y */ 1285| | /* This quick inversion implementation is valid because Y != 0 for all 1286| | * Short Weierstrass curves supported by mbedtls, as each supported curve 1287| | * has an order that is a large prime, so each supported curve does not 1288| | * have any point of order 2, and a point with Y == 0 would be of order 2 */ 1289| 1.49k| if (mbedtls_mpi_get_bit(Y, 0) != parity_bit) { ------------------ | Branch (1289:9): [True: 795, False: 703] ------------------ 1290| 795| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(Y, &grp->P, Y)); ------------------ | | 41| 795| do \ | | 42| 795| { \ | | 43| 795| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 795] | | ------------------ | | 44| 795| goto cleanup; \ | | 45| 795| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1291| 795| } 1292| | 1293| 1.50k|cleanup: 1294| | 1295| 1.50k| mbedtls_mpi_free(&exp); 1296| 1.50k| return ret; 1297| 1.49k|} ecp.c:ecp_sw_rhs: 1228| 3.54k|{ 1229| 3.54k| int ret; 1230| | 1231| | /* Compute X^3 + A X + B as X (X^2 + A) + B */ 1232| 3.54k| MPI_ECP_SQR(rhs, X); ------------------ | | 1170| 3.54k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 3.54k| do \ | | | | 42| 3.54k| { \ | | | | 43| 3.54k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 4, False: 3.54k] | | | | ------------------ | | | | 44| 3.54k| goto cleanup; \ | | | | 45| 3.54k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1233| | 1234| | /* Special case for A = -3 */ 1235| 3.54k| if (mbedtls_ecp_group_a_is_minus_3(grp)) { ------------------ | Branch (1235:9): [True: 2.51k, False: 1.02k] ------------------ 1236| 2.51k| MPI_ECP_SUB_INT(rhs, rhs, 3); ------------------ | | 1140| 2.51k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c)) | | ------------------ | | | | 41| 2.51k| do \ | | | | 42| 2.51k| { \ | | | | 43| 2.51k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.51k] | | | | ------------------ | | | | 44| 2.51k| goto cleanup; \ | | | | 45| 2.51k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1237| 2.51k| } else { 1238| 1.02k| MPI_ECP_ADD(rhs, rhs, &grp->A); ------------------ | | 1161| 1.02k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 1.02k| do \ | | | | 42| 1.02k| { \ | | | | 43| 1.02k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1.02k] | | | | ------------------ | | | | 44| 1.02k| goto cleanup; \ | | | | 45| 1.02k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1239| 1.02k| } 1240| | 1241| 3.54k| MPI_ECP_MUL(rhs, rhs, X); ------------------ | | 1167| 3.54k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 3.54k| do \ | | | | 42| 3.54k| { \ | | | | 43| 3.54k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 3.54k] | | | | ------------------ | | | | 44| 3.54k| goto cleanup; \ | | | | 45| 3.54k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1242| 3.54k| MPI_ECP_ADD(rhs, rhs, &grp->B); ------------------ | | 1161| 3.54k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 3.54k| do \ | | | | 42| 3.54k| { \ | | | | 43| 3.54k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 3.54k] | | | | ------------------ | | | | 44| 3.54k| goto cleanup; \ | | | | 45| 3.54k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1243| | 1244| 3.54k|cleanup: 1245| 3.54k| return ret; 1246| 3.54k|} ecp.c:mbedtls_mpi_mul_mod: 1059| 9.12k|{ 1060| 9.12k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 9.12k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1061| 9.12k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B)); ------------------ | | 41| 9.12k| do \ | | 42| 9.12k| { \ | | 43| 9.12k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 9.12k] | | ------------------ | | 44| 9.12k| goto cleanup; \ | | 45| 9.12k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1062| 9.12k| MOD_MUL(*X); ------------------ | | 1049| 9.12k| do \ | | 1050| 9.12k| { \ | | 1051| 9.12k| MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \ | | ------------------ | | | | 41| 9.12k| do \ | | | | 42| 9.12k| { \ | | | | 43| 9.12k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 4, False: 9.12k] | | | | ------------------ | | | | 44| 9.12k| goto cleanup; \ | | | | 45| 9.12k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1052| 9.12k| INC_MUL_COUNT \ | | ------------------ | | | | 1043| 9.12k|#define INC_MUL_COUNT mul_count++; | | ------------------ | | 1053| 9.12k| } while (0) | | ------------------ | | | Branch (1053:14): [Folded - Ignored] | | ------------------ ------------------ 1063| 9.12k|cleanup: 1064| 9.12k| return ret; 1065| 9.12k|} ecp.c:ecp_modp: 1000| 9.12k|{ 1001| 9.12k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 9.12k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1002| | 1003| 9.12k| if (grp->modp == NULL) { ------------------ | Branch (1003:9): [True: 1.03k, False: 8.09k] ------------------ 1004| 1.03k| return mbedtls_mpi_mod_mpi(N, N, &grp->P); 1005| 1.03k| } 1006| | 1007| | /* N->s < 0 is a much faster test, which fails only if N is 0 */ 1008| 8.09k| if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) || ------------------ | Branch (1008:10): [True: 0, False: 8.09k] | Branch (1008:22): [True: 0, False: 0] ------------------ 1009| 8.09k| mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { ------------------ | Branch (1009:9): [True: 4, False: 8.08k] ------------------ 1010| 4| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 4|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 1011| 4| } 1012| | 1013| 8.08k| MBEDTLS_MPI_CHK(grp->modp(N)); ------------------ | | 41| 8.08k| do \ | | 42| 8.08k| { \ | | 43| 8.08k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 8.08k] | | ------------------ | | 44| 8.08k| goto cleanup; \ | | 45| 8.08k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1014| | 1015| | /* N->s < 0 is a much faster test, which fails only if N is 0 */ 1016| 10.2k| while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) { ------------------ | Branch (1016:12): [True: 2.14k, False: 8.08k] | Branch (1016:24): [True: 2.14k, False: 0] ------------------ 1017| 2.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); ------------------ | | 41| 2.14k| do \ | | 42| 2.14k| { \ | | 43| 2.14k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.14k] | | ------------------ | | 44| 2.14k| goto cleanup; \ | | 45| 2.14k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1018| 2.14k| } 1019| | 1020| 11.1k| while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { ------------------ | Branch (1020:12): [True: 3.08k, False: 8.08k] ------------------ 1021| | /* we known P, N and the result are positive */ 1022| 3.08k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); ------------------ | | 41| 3.08k| do \ | | 42| 3.08k| { \ | | 43| 3.08k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3.08k] | | ------------------ | | 44| 3.08k| goto cleanup; \ | | 45| 3.08k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1023| 3.08k| } 1024| | 1025| 8.08k|cleanup: 1026| 8.08k| return ret; 1027| 8.08k|} ecp.c:mbedtls_mpi_sub_int_mod: 1130| 2.51k|{ 1131| 2.51k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.51k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1132| | 1133| 2.51k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(X, A, c)); ------------------ | | 41| 2.51k| do \ | | 42| 2.51k| { \ | | 43| 2.51k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.51k] | | ------------------ | | 44| 2.51k| goto cleanup; \ | | 45| 2.51k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1134| 2.51k| MOD_SUB(X); ------------------ | | 1072| 2.51k| do { \ | | 1073| 2.54k| while ((N)->s < 0 && mbedtls_mpi_cmp_int((N), 0) != 0) \ | | ------------------ | | | Branch (1073:16): [True: 23, False: 2.51k] | | | Branch (1073:30): [True: 23, False: 0] | | ------------------ | | 1074| 2.51k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \ | | ------------------ | | | | 41| 23| do \ | | | | 42| 23| { \ | | | | 43| 23| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 23] | | | | ------------------ | | | | 44| 23| goto cleanup; \ | | | | 45| 23| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1075| 2.51k| } while (0) | | ------------------ | | | Branch (1075:14): [Folded - Ignored] | | ------------------ ------------------ 1135| 2.51k|cleanup: 1136| 2.51k| return ret; 1137| 2.51k|} ecp.c:mbedtls_mpi_add_mod: 1103| 4.56k|{ 1104| 4.56k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 4.56k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1105| 4.56k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B)); ------------------ | | 41| 4.56k| do \ | | 42| 4.56k| { \ | | 43| 4.56k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.56k] | | ------------------ | | 44| 4.56k| goto cleanup; \ | | 45| 4.56k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1106| 4.56k| MOD_ADD(X); ------------------ | | 1096| 6.21k| while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \ | | ------------------ | | | Branch (1096:12): [True: 1.65k, False: 4.56k] | | ------------------ | | 1097| 4.56k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P)) | | ------------------ | | | | 41| 6.21k| do \ | | | | 42| 6.21k| { \ | | | | 43| 1.65k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1.65k] | | | | ------------------ | | | | 44| 1.65k| goto cleanup; \ | | | | 45| 1.65k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1107| 4.56k|cleanup: 1108| 4.56k| return ret; 1109| 4.56k|} ecp.c:ecp_check_pubkey_mx: 3005| 241|{ 3006| | /* [Curve25519 p. 5] Just check X is the correct number of bytes */ 3007| | /* Allow any public value, if it's too big then we'll just reduce it mod p 3008| | * (RFC 7748 sec. 5 para. 3). */ 3009| 241| if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) { ------------------ | Branch (3009:9): [True: 0, False: 241] ------------------ 3010| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3011| 0| } 3012| | 3013| | /* Implicit in all standards (as they don't consider negative numbers): 3014| | * X must be non-negative. This is normally ensured by the way it's 3015| | * encoded for transmission, but let's be extra sure. */ 3016| 241| if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0) { ------------------ | Branch (3016:9): [True: 0, False: 241] ------------------ 3017| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3018| 0| } 3019| | 3020| 241| return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id); 3021| 241|} ecp.c:ecp_check_bad_points_mx: 2949| 241|{ 2950| 241| int ret; 2951| 241| mbedtls_mpi XmP; 2952| | 2953| 241| mbedtls_mpi_init(&XmP); 2954| | 2955| | /* Reduce X mod P so that we only need to check values less than P. 2956| | * We know X < 2^256 so we can proceed by subtraction. */ 2957| 241| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&XmP, X)); ------------------ | | 41| 241| do \ | | 42| 241| { \ | | 43| 241| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 241] | | ------------------ | | 44| 241| goto cleanup; \ | | 45| 241| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2958| 252| while (mbedtls_mpi_cmp_mpi(&XmP, P) >= 0) { ------------------ | Branch (2958:12): [True: 11, False: 241] ------------------ 2959| 11| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&XmP, &XmP, P)); ------------------ | | 41| 11| do \ | | 42| 11| { \ | | 43| 11| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 11] | | ------------------ | | 44| 11| goto cleanup; \ | | 45| 11| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2960| 11| } 2961| | 2962| | /* Check against the known bad values that are less than P. For Curve448 2963| | * these are 0, 1 and -1. For Curve25519 we check the values less than P 2964| | * from the following list: https://cr.yp.to/ecdh.html#validate */ 2965| 241| if (mbedtls_mpi_cmp_int(&XmP, 1) <= 0) { /* takes care of 0 and 1 */ ------------------ | Branch (2965:9): [True: 4, False: 237] ------------------ 2966| 4| ret = MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 4|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2967| 4| goto cleanup; 2968| 4| } 2969| | 2970| 237|#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 2971| 237| if (grp_id == MBEDTLS_ECP_DP_CURVE25519) { ------------------ | Branch (2971:9): [True: 233, False: 4] ------------------ 2972| 233| if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_1) == 0) { ------------------ | Branch (2972:13): [True: 0, False: 233] ------------------ 2973| 0| ret = MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2974| 0| goto cleanup; 2975| 0| } 2976| | 2977| 233| if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_2) == 0) { ------------------ | Branch (2977:13): [True: 0, False: 233] ------------------ 2978| 0| ret = MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2979| 0| goto cleanup; 2980| 0| } 2981| 233| } 2982| |#else 2983| | (void) grp_id; 2984| |#endif 2985| | 2986| | /* Final check: check if XmP + 1 is P (final because it changes XmP!) */ 2987| 237| MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&XmP, &XmP, 1)); ------------------ | | 41| 237| do \ | | 42| 237| { \ | | 43| 237| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 237] | | ------------------ | | 44| 237| goto cleanup; \ | | 45| 237| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2988| 237| if (mbedtls_mpi_cmp_mpi(&XmP, P) == 0) { ------------------ | Branch (2988:9): [True: 1, False: 236] ------------------ 2989| 1| ret = MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 1|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2990| 1| goto cleanup; 2991| 1| } 2992| | 2993| 236| ret = 0; 2994| | 2995| 241|cleanup: 2996| 241| mbedtls_mpi_free(&XmP); 2997| | 2998| 241| return ret; 2999| 236|} ecp.c:ecp_check_pubkey_sw: 2726| 2.12k|{ 2727| 2.12k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.12k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2728| 2.12k| mbedtls_mpi YY, RHS; 2729| | 2730| | /* pt coordinates must be normalized for our checks */ 2731| 2.12k| if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 || ------------------ | Branch (2731:9): [True: 0, False: 2.12k] ------------------ 2732| 2.12k| mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 || ------------------ | Branch (2732:9): [True: 0, False: 2.12k] ------------------ 2733| 2.12k| mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || ------------------ | Branch (2733:9): [True: 80, False: 2.04k] ------------------ 2734| 2.12k| mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { ------------------ | Branch (2734:9): [True: 1, False: 2.04k] ------------------ 2735| 81| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 81|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2736| 81| } 2737| | 2738| 2.04k| mbedtls_mpi_init(&YY); mbedtls_mpi_init(&RHS); 2739| | 2740| | /* 2741| | * YY = Y^2 2742| | * RHS = X^3 + A X + B 2743| | */ 2744| 2.04k| MPI_ECP_SQR(&YY, &pt->Y); ------------------ | | 1170| 2.04k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 2.04k| do \ | | | | 42| 2.04k| { \ | | | | 43| 2.04k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.04k] | | | | ------------------ | | | | 44| 2.04k| goto cleanup; \ | | | | 45| 2.04k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 2745| 2.04k| MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X)); ------------------ | | 41| 2.04k| do \ | | 42| 2.04k| { \ | | 43| 2.04k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.04k] | | ------------------ | | 44| 2.04k| goto cleanup; \ | | 45| 2.04k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2746| | 2747| 2.04k| if (MPI_ECP_CMP(&YY, &RHS) != 0) { ------------------ | | 1191| 2.04k| mbedtls_mpi_cmp_mpi(X, Y) ------------------ | Branch (2747:9): [True: 1.33k, False: 708] ------------------ 2748| 1.33k| ret = MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 1.33k|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2749| 1.33k| } 2750| | 2751| 2.04k|cleanup: 2752| | 2753| 2.04k| mbedtls_mpi_free(&YY); mbedtls_mpi_free(&RHS); 2754| | 2755| 2.04k| return ret; 2756| 2.04k|} mbedtls_ecp_group_load: 4718| 2.57k|{ 4719| 2.57k| mbedtls_ecp_group_free(grp); 4720| | 4721| 2.57k| mbedtls_ecp_group_init(grp); 4722| | 4723| 2.57k| grp->id = id; 4724| | 4725| 2.57k| switch (id) { 4726| 0|#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 4727| 180| case MBEDTLS_ECP_DP_SECP192R1: ------------------ | Branch (4727:9): [True: 180, False: 2.39k] ------------------ 4728| 180| NIST_MODP(p192); ------------------ | | 4567| 180|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4729| 180| return LOAD_GROUP(secp192r1); ------------------ | | 4600| 180|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 180| G ## _p, sizeof(G ## _p), \ | | 4602| 180| NULL, 0, \ | | 4603| 180| G ## _b, sizeof(G ## _b), \ | | 4604| 180| G ## _gx, sizeof(G ## _gx), \ | | 4605| 180| G ## _gy, sizeof(G ## _gy), \ | | 4606| 180| G ## _n, sizeof(G ## _n), \ | | 4607| 180| G ## _T \ | | 4608| 180| ) ------------------ 4730| 0|#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ 4731| | 4732| 0|#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 4733| 263| case MBEDTLS_ECP_DP_SECP224R1: ------------------ | Branch (4733:9): [True: 263, False: 2.31k] ------------------ 4734| 263| NIST_MODP(p224); ------------------ | | 4567| 263|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4735| 263| return LOAD_GROUP(secp224r1); ------------------ | | 4600| 263|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 263| G ## _p, sizeof(G ## _p), \ | | 4602| 263| NULL, 0, \ | | 4603| 263| G ## _b, sizeof(G ## _b), \ | | 4604| 263| G ## _gx, sizeof(G ## _gx), \ | | 4605| 263| G ## _gy, sizeof(G ## _gy), \ | | 4606| 263| G ## _n, sizeof(G ## _n), \ | | 4607| 263| G ## _T \ | | 4608| 263| ) ------------------ 4736| 0|#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ 4737| | 4738| 0|#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 4739| 484| case MBEDTLS_ECP_DP_SECP256R1: ------------------ | Branch (4739:9): [True: 484, False: 2.09k] ------------------ 4740| 484| NIST_MODP(p256); ------------------ | | 4567| 484|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4741| 484| return LOAD_GROUP(secp256r1); ------------------ | | 4600| 484|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 484| G ## _p, sizeof(G ## _p), \ | | 4602| 484| NULL, 0, \ | | 4603| 484| G ## _b, sizeof(G ## _b), \ | | 4604| 484| G ## _gx, sizeof(G ## _gx), \ | | 4605| 484| G ## _gy, sizeof(G ## _gy), \ | | 4606| 484| G ## _n, sizeof(G ## _n), \ | | 4607| 484| G ## _T \ | | 4608| 484| ) ------------------ 4742| 0|#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ 4743| | 4744| 0|#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 4745| 585| case MBEDTLS_ECP_DP_SECP384R1: ------------------ | Branch (4745:9): [True: 585, False: 1.99k] ------------------ 4746| 585| NIST_MODP(p384); ------------------ | | 4567| 585|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4747| 585| return LOAD_GROUP(secp384r1); ------------------ | | 4600| 585|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 585| G ## _p, sizeof(G ## _p), \ | | 4602| 585| NULL, 0, \ | | 4603| 585| G ## _b, sizeof(G ## _b), \ | | 4604| 585| G ## _gx, sizeof(G ## _gx), \ | | 4605| 585| G ## _gy, sizeof(G ## _gy), \ | | 4606| 585| G ## _n, sizeof(G ## _n), \ | | 4607| 585| G ## _T \ | | 4608| 585| ) ------------------ 4748| 0|#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ 4749| | 4750| 0|#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 4751| 61| case MBEDTLS_ECP_DP_SECP521R1: ------------------ | Branch (4751:9): [True: 61, False: 2.51k] ------------------ 4752| 61| NIST_MODP(p521); ------------------ | | 4567| 61|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4753| 61| return LOAD_GROUP(secp521r1); ------------------ | | 4600| 61|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 61| G ## _p, sizeof(G ## _p), \ | | 4602| 61| NULL, 0, \ | | 4603| 61| G ## _b, sizeof(G ## _b), \ | | 4604| 61| G ## _gx, sizeof(G ## _gx), \ | | 4605| 61| G ## _gy, sizeof(G ## _gy), \ | | 4606| 61| G ## _n, sizeof(G ## _n), \ | | 4607| 61| G ## _T \ | | 4608| 61| ) ------------------ 4754| 0|#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ 4755| | 4756| 0|#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 4757| 369| case MBEDTLS_ECP_DP_SECP192K1: ------------------ | Branch (4757:9): [True: 369, False: 2.20k] ------------------ 4758| 369| grp->modp = ecp_mod_p192k1; 4759| 369| return LOAD_GROUP_A(secp192k1); ------------------ | | 4590| 369|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 369| G ## _p, sizeof(G ## _p), \ | | 4592| 369| G ## _a, sizeof(G ## _a), \ | | 4593| 369| G ## _b, sizeof(G ## _b), \ | | 4594| 369| G ## _gx, sizeof(G ## _gx), \ | | 4595| 369| G ## _gy, sizeof(G ## _gy), \ | | 4596| 369| G ## _n, sizeof(G ## _n), \ | | 4597| 369| G ## _T \ | | 4598| 369| ) ------------------ 4760| 0|#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ 4761| | 4762| 0|#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 4763| 27| case MBEDTLS_ECP_DP_SECP224K1: ------------------ | Branch (4763:9): [True: 27, False: 2.55k] ------------------ 4764| 27| grp->modp = ecp_mod_p224k1; 4765| 27| return LOAD_GROUP_A(secp224k1); ------------------ | | 4590| 27|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 27| G ## _p, sizeof(G ## _p), \ | | 4592| 27| G ## _a, sizeof(G ## _a), \ | | 4593| 27| G ## _b, sizeof(G ## _b), \ | | 4594| 27| G ## _gx, sizeof(G ## _gx), \ | | 4595| 27| G ## _gy, sizeof(G ## _gy), \ | | 4596| 27| G ## _n, sizeof(G ## _n), \ | | 4597| 27| G ## _T \ | | 4598| 27| ) ------------------ 4766| 0|#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ 4767| | 4768| 0|#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 4769| 20| case MBEDTLS_ECP_DP_SECP256K1: ------------------ | Branch (4769:9): [True: 20, False: 2.55k] ------------------ 4770| 20| grp->modp = ecp_mod_p256k1; 4771| 20| return LOAD_GROUP_A(secp256k1); ------------------ | | 4590| 20|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 20| G ## _p, sizeof(G ## _p), \ | | 4592| 20| G ## _a, sizeof(G ## _a), \ | | 4593| 20| G ## _b, sizeof(G ## _b), \ | | 4594| 20| G ## _gx, sizeof(G ## _gx), \ | | 4595| 20| G ## _gy, sizeof(G ## _gy), \ | | 4596| 20| G ## _n, sizeof(G ## _n), \ | | 4597| 20| G ## _T \ | | 4598| 20| ) ------------------ 4772| 0|#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ 4773| | 4774| 0|#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 4775| 171| case MBEDTLS_ECP_DP_BP256R1: ------------------ | Branch (4775:9): [True: 171, False: 2.40k] ------------------ 4776| 171| return LOAD_GROUP_A(brainpoolP256r1); ------------------ | | 4590| 171|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 171| G ## _p, sizeof(G ## _p), \ | | 4592| 171| G ## _a, sizeof(G ## _a), \ | | 4593| 171| G ## _b, sizeof(G ## _b), \ | | 4594| 171| G ## _gx, sizeof(G ## _gx), \ | | 4595| 171| G ## _gy, sizeof(G ## _gy), \ | | 4596| 171| G ## _n, sizeof(G ## _n), \ | | 4597| 171| G ## _T \ | | 4598| 171| ) ------------------ 4777| 0|#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ 4778| | 4779| 0|#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 4780| 17| case MBEDTLS_ECP_DP_BP384R1: ------------------ | Branch (4780:9): [True: 17, False: 2.56k] ------------------ 4781| 17| return LOAD_GROUP_A(brainpoolP384r1); ------------------ | | 4590| 17|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 17| G ## _p, sizeof(G ## _p), \ | | 4592| 17| G ## _a, sizeof(G ## _a), \ | | 4593| 17| G ## _b, sizeof(G ## _b), \ | | 4594| 17| G ## _gx, sizeof(G ## _gx), \ | | 4595| 17| G ## _gy, sizeof(G ## _gy), \ | | 4596| 17| G ## _n, sizeof(G ## _n), \ | | 4597| 17| G ## _T \ | | 4598| 17| ) ------------------ 4782| 0|#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ 4783| | 4784| 0|#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 4785| 130| case MBEDTLS_ECP_DP_BP512R1: ------------------ | Branch (4785:9): [True: 130, False: 2.44k] ------------------ 4786| 130| return LOAD_GROUP_A(brainpoolP512r1); ------------------ | | 4590| 130|#define LOAD_GROUP_A(G) ecp_group_load(grp, \ | | 4591| 130| G ## _p, sizeof(G ## _p), \ | | 4592| 130| G ## _a, sizeof(G ## _a), \ | | 4593| 130| G ## _b, sizeof(G ## _b), \ | | 4594| 130| G ## _gx, sizeof(G ## _gx), \ | | 4595| 130| G ## _gy, sizeof(G ## _gy), \ | | 4596| 130| G ## _n, sizeof(G ## _n), \ | | 4597| 130| G ## _T \ | | 4598| 130| ) ------------------ 4787| 0|#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ 4788| | 4789| 0|#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 4790| 252| case MBEDTLS_ECP_DP_CURVE25519: ------------------ | Branch (4790:9): [True: 252, False: 2.32k] ------------------ 4791| 252| grp->modp = ecp_mod_p255; 4792| 252| return ecp_use_curve25519(grp); 4793| 0|#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ 4794| | 4795| 0|#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 4796| 19| case MBEDTLS_ECP_DP_CURVE448: ------------------ | Branch (4796:9): [True: 19, False: 2.55k] ------------------ 4797| 19| grp->modp = ecp_mod_p448; 4798| 19| return ecp_use_curve448(grp); 4799| 0|#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ 4800| | 4801| 0| default: ------------------ | Branch (4801:9): [True: 0, False: 2.57k] ------------------ 4802| 0| grp->id = MBEDTLS_ECP_DP_NONE; 4803| 0| return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 0|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 4804| 2.57k| } 4805| 2.57k|} ecp_curves.c:ecp_group_load: 4522| 2.30k|{ 4523| 2.30k| ecp_mpi_load(&grp->P, p, plen); 4524| 2.30k| if (a != NULL) { ------------------ | Branch (4524:9): [True: 734, False: 1.57k] ------------------ 4525| 734| ecp_mpi_load(&grp->A, a, alen); 4526| 734| } 4527| 2.30k| ecp_mpi_load(&grp->B, b, blen); 4528| 2.30k| ecp_mpi_load(&grp->N, n, nlen); 4529| | 4530| 2.30k| ecp_mpi_load(&grp->G.X, gx, gxlen); 4531| 2.30k| ecp_mpi_load(&grp->G.Y, gy, gylen); 4532| 2.30k| ecp_mpi_set1(&grp->G.Z); 4533| | 4534| 2.30k| grp->pbits = mbedtls_mpi_bitlen(&grp->P); 4535| 2.30k| grp->nbits = mbedtls_mpi_bitlen(&grp->N); 4536| | 4537| 2.30k| grp->h = 1; 4538| | 4539| 2.30k| grp->T = (mbedtls_ecp_point *) T; 4540| | /* 4541| | * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free. 4542| | */ 4543| 2.30k| grp->T_size = 0; 4544| | 4545| 2.30k| return 0; 4546| 2.30k|} ecp_curves.c:ecp_mpi_load: 4495| 12.2k|{ 4496| 12.2k| X->s = 1; 4497| 12.2k| X->n = (unsigned short) (len / sizeof(mbedtls_mpi_uint)); 4498| 12.2k| X->p = (mbedtls_mpi_uint *) p; 4499| 12.2k|} ecp_curves.c:ecp_mpi_set1: 4505| 2.30k|{ 4506| 2.30k| X->s = 1; 4507| 2.30k| X->n = 1; 4508| 2.30k| X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */ 4509| 2.30k|} ecp_curves.c:ecp_use_curve25519: 4623| 252|{ 4624| 252| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 252|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 4625| | 4626| | /* Actually ( A + 2 ) / 4 */ 4627| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24)); ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4628| | 4629| | /* P = 2^255 - 19 */ 4630| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4631| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255)); ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4632| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19)); ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4633| 252| grp->pbits = mbedtls_mpi_bitlen(&grp->P); 4634| | 4635| | /* N = 2^252 + 27742317777372353535851937790883648493 */ 4636| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N, ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4637| 252| curve25519_part_of_n, sizeof(curve25519_part_of_n))); 4638| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1)); ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4639| | 4640| | /* Y intentionally not set, since we use x/z coordinates. 4641| | * This is used as a marker to identify Montgomery curves! */ 4642| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9)); ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4643| 252| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); ------------------ | | 41| 252| do \ | | 42| 252| { \ | | 43| 252| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 252] | | ------------------ | | 44| 252| goto cleanup; \ | | 45| 252| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4644| 252| mbedtls_mpi_free(&grp->G.Y); 4645| | 4646| | /* Actually, the required msb for private keys */ 4647| 252| grp->nbits = 254; 4648| | 4649| 252|cleanup: 4650| 252| if (ret != 0) { ------------------ | Branch (4650:9): [True: 0, False: 252] ------------------ 4651| 0| mbedtls_ecp_group_free(grp); 4652| 0| } 4653| | 4654| 252| return ret; 4655| 252|} ecp_curves.c:ecp_use_curve448: 4672| 19|{ 4673| 19| mbedtls_mpi Ns; 4674| 19| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 19|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 4675| | 4676| 19| mbedtls_mpi_init(&Ns); 4677| | 4678| | /* Actually ( A + 2 ) / 4 */ 4679| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4680| | 4681| | /* P = 2^448 - 2^224 - 1 */ 4682| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4683| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4684| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4685| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4686| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4687| 19| grp->pbits = mbedtls_mpi_bitlen(&grp->P); 4688| | 4689| | /* Y intentionally not set, since we use x/z coordinates. 4690| | * This is used as a marker to identify Montgomery curves! */ 4691| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4692| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4693| 19| mbedtls_mpi_free(&grp->G.Y); 4694| | 4695| | /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ 4696| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4697| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns, ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4698| 19| curve448_part_of_n, sizeof(curve448_part_of_n))); 4699| 19| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns)); ------------------ | | 41| 19| do \ | | 42| 19| { \ | | 43| 19| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19] | | ------------------ | | 44| 19| goto cleanup; \ | | 45| 19| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4700| | 4701| | /* Actually, the required msb for private keys */ 4702| 19| grp->nbits = 447; 4703| | 4704| 19|cleanup: 4705| 19| mbedtls_mpi_free(&Ns); 4706| 19| if (ret != 0) { ------------------ | Branch (4706:9): [True: 0, False: 19] ------------------ 4707| 0| mbedtls_ecp_group_free(grp); 4708| 0| } 4709| | 4710| 19| return ret; 4711| 19|} ecp_curves.c:ecp_mod_p192: 4863| 501|{ 4864| 501| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 501|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 4865| 501| mbedtls_mpi_uint c = 0; 4866| 501| mbedtls_mpi_uint *p, *end; 4867| | 4868| | /* Make sure we have enough blocks so that A(5) is legal */ 4869| 501| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH)); ------------------ | | 41| 501| do \ | | 42| 501| { \ | | 43| 501| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 501] | | ------------------ | | 44| 501| goto cleanup; \ | | 45| 501| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 4870| | 4871| 501| p = N->p; 4872| 501| end = p + N->n; 4873| | 4874| 501| ADD(3); ADD(5); NEXT; // A0 += A3 + A5 ------------------ | | 4855| 501|#define ADD(i) add64(p, A(i), &c) | | ------------------ | | | | 4854| 501|#define A(i) N->p + (i) * WIDTH | | | | ------------------ | | | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | | | ------------------ | | ------------------ ------------------ ADD(3); ADD(5); NEXT; // A0 += A3 + A5 ------------------ | | 4855| 501|#define ADD(i) add64(p, A(i), &c) | | ------------------ | | | | 4854| 501|#define A(i) N->p + (i) * WIDTH | | | | ------------------ | | | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | | | ------------------ | | ------------------ ------------------ ADD(3); ADD(5); NEXT; // A0 += A3 + A5 ------------------ | | 4856| 501|#define NEXT p += WIDTH; carry64(p, &c) | | ------------------ | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | ------------------ ------------------ 4875| 501| ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 ------------------ | | 4855| 501|#define ADD(i) add64(p, A(i), &c) | | ------------------ | | | | 4854| 501|#define A(i) N->p + (i) * WIDTH | | | | ------------------ | | | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | | | ------------------ | | ------------------ ------------------ ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 ------------------ | | 4855| 501|#define ADD(i) add64(p, A(i), &c) | | ------------------ | | | | 4854| 501|#define A(i) N->p + (i) * WIDTH | | | | ------------------ | | | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | | | ------------------ | | ------------------ ------------------ ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 ------------------ | | 4855| 501|#define ADD(i) add64(p, A(i), &c) | | ------------------ | | | | 4854| 501|#define A(i) N->p + (i) * WIDTH | | | | ------------------ | | | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | | | ------------------ | | ------------------ ------------------ ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 ------------------ | | 4856| 501|#define NEXT p += WIDTH; carry64(p, &c) | | ------------------ | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | ------------------ ------------------ 4876| 501| ADD(4); ADD(5); LAST; // A2 += A4 + A5 ------------------ | | 4855| 501|#define ADD(i) add64(p, A(i), &c) | | ------------------ | | | | 4854| 501|#define A(i) N->p + (i) * WIDTH | | | | ------------------ | | | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | | | ------------------ | | ------------------ ------------------ ADD(4); ADD(5); LAST; // A2 += A4 + A5 ------------------ | | 4855| 501|#define ADD(i) add64(p, A(i), &c) | | ------------------ | | | | 4854| 501|#define A(i) N->p + (i) * WIDTH | | | | ------------------ | | | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | | | ------------------ | | ------------------ ------------------ ADD(4); ADD(5); LAST; // A2 += A4 + A5 ------------------ | | 4857| 1.50k|#define LAST p += WIDTH; *p = c; while (++p < end) *p = 0 | | ------------------ | | | | 4853| 501|#define WIDTH 8 / sizeof(mbedtls_mpi_uint) | | ------------------ | | | Branch (4857:48): [True: 1.00k, False: 501] | | ------------------ ------------------ 4877| | 4878| 501|cleanup: 4879| 501| return ret; 4880| 501|} ecp_curves.c:add64: 4833| 3.50k|{ 4834| 3.50k| unsigned char i; 4835| 3.50k| mbedtls_mpi_uint c = 0; 4836| 7.01k| for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) { ------------------ | Branch (4836:17): [True: 3.50k, False: 3.50k] ------------------ 4837| 3.50k| *dst += c; c = (*dst < c); 4838| 3.50k| *dst += *src; c += (*dst < *src); 4839| 3.50k| } 4840| 3.50k| *carry += c; 4841| 3.50k|} ecp_curves.c:carry64: 4845| 1.00k|{ 4846| 1.00k| unsigned char i; 4847| 2.00k| for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) { ------------------ | Branch (4847:17): [True: 1.00k, False: 1.00k] ------------------ 4848| 1.00k| *dst += *carry; 4849| 1.00k| *carry = (*dst < *carry); 4850| 1.00k| } 4851| 1.00k|} ecp_curves.c:ecp_mod_p224: 5016| 744|{ 5017| 744| INIT(224); ------------------ | | 4954| 744| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ | | ------------------ | | | | 100| 744|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E | | ------------------ | | 4955| 744| signed char c = 0, cc; \ | | 4956| 744| uint32_t cur; \ | | 4957| 744| size_t i = 0, bits = (b); \ | | 4958| 744| /* N is the size of the product of two b-bit numbers, plus one */ \ | | 4959| 744| /* limb for fix_negative */ \ | | 4960| 744| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \ | | ------------------ | | | | 41| 744| do \ | | | | 42| 744| { \ | | | | 43| 744| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 744] | | | | ------------------ | | | | 44| 744| goto cleanup; \ | | | | 45| 744| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 4961| 744| LOAD32; | | ------------------ | | | | 4908| 744|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 744] | | | | | | ------------------ | | | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ ------------------ 5018| | 5019| 744| SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 ------------------ | | 4964| 744| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 744] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 744| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 744| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 744| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 744|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 744, False: 0] | | | | | | ------------------ | | | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 744| cc = c; c = 0; \ | | 4966| 744| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 542, False: 202] | | ------------------ | | 4967| 744| sub32(&cur, -cc, &c); \ | | 4968| 744| else \ | | 4969| 744| add32(&cur, cc, &c); \ ------------------ 5020| 744| SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 ------------------ | | 4964| 744| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 744, False: 0] | | | | ------------------ | | | | 4923| 744| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 744| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 744|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 744] | | | | | | ------------------ | | | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 744| cc = c; c = 0; \ | | 4966| 744| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 517, False: 227] | | ------------------ | | 4967| 744| sub32(&cur, -cc, &c); \ | | 4968| 744| else \ | | 4969| 744| add32(&cur, cc, &c); \ ------------------ 5021| 744| SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 ------------------ | | 4964| 744| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 744] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 744| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 744| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 744| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 744|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 744, False: 0] | | | | | | ------------------ | | | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 744| cc = c; c = 0; \ | | 4966| 744| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 459, False: 285] | | ------------------ | | 4967| 744| sub32(&cur, -cc, &c); \ | | 4968| 744| else \ | | 4969| 744| add32(&cur, cc, &c); \ ------------------ 5022| 744| SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 ------------------ | | 4947| 744|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 ------------------ | | 4947| 744|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 ------------------ | | 4964| 744| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 744, False: 0] | | | | ------------------ | | | | 4923| 744| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 744| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 744|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 744] | | | | | | ------------------ | | | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 744| cc = c; c = 0; \ | | 4966| 744| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 113, False: 631] | | ------------------ | | 4967| 744| sub32(&cur, -cc, &c); \ | | 4968| 744| else \ | | 4969| 744| add32(&cur, cc, &c); \ ------------------ 5023| 744| SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 ------------------ | | 4947| 744|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 ------------------ | | 4947| 744|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 ------------------ | | 4964| 744| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 744] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 744| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 744| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 744| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 744|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 744, False: 0] | | | | | | ------------------ | | | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 744| cc = c; c = 0; \ | | 4966| 744| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 91, False: 653] | | ------------------ | | 4967| 744| sub32(&cur, -cc, &c); \ | | 4968| 744| else \ | | 4969| 744| add32(&cur, cc, &c); \ ------------------ 5024| 744| SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 ------------------ | | 4947| 744|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 ------------------ | | 4947| 744|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 ------------------ | | 4964| 744| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 744, False: 0] | | | | ------------------ | | | | 4923| 744| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 744| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 744|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 744] | | | | | | ------------------ | | | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 744| cc = c; c = 0; \ | | 4966| 744| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 125, False: 619] | | ------------------ | | 4967| 744| sub32(&cur, -cc, &c); \ | | 4968| 744| else \ | | 4969| 744| add32(&cur, cc, &c); \ ------------------ 5025| 744| SUB(13); ADD(10); LAST; // A6 += -A13 + A10 ------------------ | | 4948| 744|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); ADD(10); LAST; // A6 += -A13 + A10 ------------------ | | 4947| 744|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 744|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 744| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); ADD(10); LAST; // A6 += -A13 + A10 ------------------ | | 4972| 744| STORE32; i++; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 744] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 744| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 744| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 744| } | | ------------------ | | 4973| 744| cur = c > 0 ? c : 0; STORE32; \ | | ------------------ | | | | 4922| 744| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 744, False: 0] | | | | ------------------ | | | | 4923| 744| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 744| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 744| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | | Branch (4973:11): [True: 169, False: 575] | | ------------------ | | 4974| 6.69k| cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4918| 6.69k|#define MAX32 N->n * 2 | | ------------------ | | cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4922| 5.95k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.97k, False: 2.97k] | | | | ------------------ | | | | 4923| 2.97k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.97k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.97k| } else { \ | | | | 4926| 2.97k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.97k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.97k| } | | ------------------ | | | Branch (4974:21): [True: 5.95k, False: 744] | | ------------------ | | 4975| 744| if (c < 0) mbedtls_ecp_fix_negative(N, c, bits); | | ------------------ | | | Branch (4975:9): [True: 181, False: 563] | | ------------------ ------------------ 5026| | 5027| 744|cleanup: 5028| 744| return ret; 5029| 744|} ecp_curves.c:sub32: 4942| 122k|{ 4943| 122k| *carry -= (*dst < src); 4944| 122k| *dst -= src; 4945| 122k|} ecp_curves.c:add32: 4936| 249k|{ 4937| 249k| *dst += src; 4938| 249k| *carry += (*dst < src); 4939| 249k|} ecp_curves.c:mbedtls_ecp_fix_negative: 4982| 1.57k|{ 4983| 1.57k| size_t i; 4984| | 4985| | /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so 4986| | * set the absolute value to 0xfff...fff - N. There is no carry 4987| | * since we're subtracting from all-bits-one. */ 4988| 9.74k| for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) { ------------------ | Branch (4988:17): [True: 8.17k, False: 1.57k] ------------------ 4989| 8.17k| N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i]; 4990| 8.17k| } 4991| | /* Add 1, taking care of the carry. */ 4992| 1.57k| i = 0; 4993| 1.62k| do { 4994| 1.62k| ++N->p[i]; 4995| 1.62k| } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint)); ------------------ | Branch (4995:14): [True: 49, False: 1.57k] | Branch (4995:32): [True: 49, False: 0] ------------------ 4996| | /* Invert the sign. 4997| | * Now N = N0 - 2^bits where N0 is the initial value of N. */ 4998| 1.57k| N->s = -1; 4999| | 5000| | /* Add |c| * 2^bits to the absolute value. Since c and N are 5001| | * negative, this adds c * 2^bits. */ 5002| 1.57k| mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c; 5003| 1.57k|#if defined(MBEDTLS_HAVE_INT64) 5004| 1.57k| if (bits == 224) { ------------------ | Branch (5004:9): [True: 181, False: 1.39k] ------------------ 5005| 181| msw <<= 32; 5006| 181| } 5007| 1.57k|#endif 5008| 1.57k| N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw; 5009| 1.57k|} ecp_curves.c:ecp_mod_p256: 5037| 2.24k|{ 5038| 2.24k| INIT(256); ------------------ | | 4954| 2.24k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ | | ------------------ | | | | 100| 2.24k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E | | ------------------ | | 4955| 2.24k| signed char c = 0, cc; \ | | 4956| 2.24k| uint32_t cur; \ | | 4957| 2.24k| size_t i = 0, bits = (b); \ | | 4958| 2.24k| /* N is the size of the product of two b-bit numbers, plus one */ \ | | 4959| 2.24k| /* limb for fix_negative */ \ | | 4960| 2.24k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \ | | ------------------ | | | | 41| 2.24k| do \ | | | | 42| 2.24k| { \ | | | | 43| 2.24k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.24k] | | | | ------------------ | | | | 44| 2.24k| goto cleanup; \ | | | | 45| 2.24k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 4961| 2.24k| LOAD32; | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.24k] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ ------------------ 5039| | 5040| 2.24k| ADD(8); ADD(9); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(8); ADD(9); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5041| 2.24k| SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4964| 2.24k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.24k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 2.24k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.24k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.24k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.24k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.24k| cc = c; c = 0; \ | | 4966| 2.24k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 1.13k, False: 1.10k] | | ------------------ | | 4967| 2.24k| sub32(&cur, -cc, &c); \ | | 4968| 2.24k| else \ | | 4969| 2.24k| add32(&cur, cc, &c); \ ------------------ 5042| | 5043| 2.24k| ADD(9); ADD(10); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(9); ADD(10); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5044| 2.24k| SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4964| 2.24k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.24k, False: 0] | | | | ------------------ | | | | 4923| 2.24k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.24k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.24k] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.24k| cc = c; c = 0; \ | | 4966| 2.24k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 908, False: 1.33k] | | ------------------ | | 4967| 2.24k| sub32(&cur, -cc, &c); \ | | 4968| 2.24k| else \ | | 4969| 2.24k| add32(&cur, cc, &c); \ ------------------ 5045| | 5046| 2.24k| ADD(10); ADD(11); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(10); ADD(11); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5047| 2.24k| SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4964| 2.24k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.24k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 2.24k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.24k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.24k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.24k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.24k| cc = c; c = 0; \ | | 4966| 2.24k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 587, False: 1.65k] | | ------------------ | | 4967| 2.24k| sub32(&cur, -cc, &c); \ | | 4968| 2.24k| else \ | | 4969| 2.24k| add32(&cur, cc, &c); \ ------------------ 5048| | 5049| 2.24k| ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5050| 2.24k| SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4964| 2.24k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.24k, False: 0] | | | | ------------------ | | | | 4923| 2.24k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.24k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.24k] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.24k| cc = c; c = 0; \ | | 4966| 2.24k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 462, False: 1.78k] | | ------------------ | | 4967| 2.24k| sub32(&cur, -cc, &c); \ | | 4968| 2.24k| else \ | | 4969| 2.24k| add32(&cur, cc, &c); \ ------------------ 5051| | 5052| 2.24k| ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5053| 2.24k| SUB(9); SUB(10); NEXT; // A4 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(9); SUB(10); NEXT; // A4 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(9); SUB(10); NEXT; // A4 ------------------ | | 4964| 2.24k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.24k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 2.24k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.24k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.24k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.24k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.24k| cc = c; c = 0; \ | | 4966| 2.24k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 448, False: 1.79k] | | ------------------ | | 4967| 2.24k| sub32(&cur, -cc, &c); \ | | 4968| 2.24k| else \ | | 4969| 2.24k| add32(&cur, cc, &c); \ ------------------ 5054| | 5055| 2.24k| ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5056| 2.24k| SUB(10); SUB(11); NEXT; // A5 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); NEXT; // A5 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); NEXT; // A5 ------------------ | | 4964| 2.24k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.24k, False: 0] | | | | ------------------ | | | | 4923| 2.24k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.24k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.24k] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.24k| cc = c; c = 0; \ | | 4966| 2.24k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 571, False: 1.67k] | | ------------------ | | 4967| 2.24k| sub32(&cur, -cc, &c); \ | | 4968| 2.24k| else \ | | 4969| 2.24k| add32(&cur, cc, &c); \ ------------------ 5057| | 5058| 2.24k| ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5059| 2.24k| SUB(8); SUB(9); NEXT; // A6 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(8); SUB(9); NEXT; // A6 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(8); SUB(9); NEXT; // A6 ------------------ | | 4964| 2.24k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.24k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 2.24k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.24k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.24k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.24k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.24k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.24k| cc = c; c = 0; \ | | 4966| 2.24k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 693, False: 1.55k] | | ------------------ | | 4967| 2.24k| sub32(&cur, -cc, &c); \ | | 4968| 2.24k| else \ | | 4969| 2.24k| add32(&cur, cc, &c); \ ------------------ 5060| | 5061| 2.24k| ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.24k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5062| 2.24k| SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.24k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.24k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.24k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4972| 2.24k| STORE32; i++; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.24k, False: 0] | | | | ------------------ | | | | 4923| 2.24k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.24k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | 4973| 2.24k| cur = c > 0 ? c : 0; STORE32; \ | | ------------------ | | | | 4922| 2.24k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.24k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.24k| } else { \ | | | | 4926| 2.24k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.24k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.24k| } | | ------------------ | | | Branch (4973:11): [True: 415, False: 1.82k] | | ------------------ | | 4974| 22.4k| cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4918| 22.4k|#define MAX32 N->n * 2 | | ------------------ | | cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4922| 20.1k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 11.2k, False: 8.97k] | | | | ------------------ | | | | 4923| 11.2k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 11.2k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 11.2k| } else { \ | | | | 4926| 8.97k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 8.97k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 8.97k| } | | ------------------ | | | Branch (4974:21): [True: 20.1k, False: 2.24k] | | ------------------ | | 4975| 2.24k| if (c < 0) mbedtls_ecp_fix_negative(N, c, bits); | | ------------------ | | | Branch (4975:9): [True: 1.14k, False: 1.10k] | | ------------------ ------------------ 5063| | 5064| 2.24k|cleanup: 5065| 2.24k| return ret; 5066| 2.24k|} ecp_curves.c:ecp_mod_p384: 5074| 2.81k|{ 5075| 2.81k| INIT(384); ------------------ | | 4954| 2.81k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ | | ------------------ | | | | 100| 2.81k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E | | ------------------ | | 4955| 2.81k| signed char c = 0, cc; \ | | 4956| 2.81k| uint32_t cur; \ | | 4957| 2.81k| size_t i = 0, bits = (b); \ | | 4958| 2.81k| /* N is the size of the product of two b-bit numbers, plus one */ \ | | 4959| 2.81k| /* limb for fix_negative */ \ | | 4960| 2.81k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \ | | ------------------ | | | | 41| 2.81k| do \ | | | | 42| 2.81k| { \ | | | | 43| 2.81k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.81k] | | | | ------------------ | | | | 44| 2.81k| goto cleanup; \ | | | | 45| 2.81k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 4961| 2.81k| LOAD32; | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.81k] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ ------------------ 5076| | 5077| 2.81k| ADD(12); ADD(21); ADD(20); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(21); ADD(20); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(21); ADD(20); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5078| 2.81k| SUB(23); NEXT; // A0 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(23); NEXT; // A0 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.81k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 2.81k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.81k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.81k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.81k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 168, False: 2.64k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5079| | 5080| 2.81k| ADD(13); ADD(22); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(22); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(22); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5081| 2.81k| SUB(12); SUB(20); NEXT; // A2 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(20); NEXT; // A2 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(20); NEXT; // A2 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.81k, False: 0] | | | | ------------------ | | | | 4923| 2.81k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.81k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.81k] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 861, False: 1.94k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5082| | 5083| 2.81k| ADD(14); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5084| 2.81k| SUB(13); SUB(21); NEXT; // A2 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(21); NEXT; // A2 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(21); NEXT; // A2 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.81k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 2.81k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.81k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.81k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.81k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 1.10k, False: 1.70k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5085| | 5086| 2.81k| ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(12); ADD(20); ADD(21); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5087| 2.81k| SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(14); SUB(22); SUB(23); NEXT; // A3 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.81k, False: 0] | | | | ------------------ | | | | 4923| 2.81k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.81k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.81k] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 477, False: 2.33k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5088| | 5089| 2.81k| ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5090| 2.81k| SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(23); SUB(23); NEXT; // A4 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.81k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 2.81k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.81k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.81k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.81k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 224, False: 2.58k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5091| | 5092| 2.81k| ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5093| 2.81k| SUB(16); NEXT; // A5 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(16); NEXT; // A5 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.81k, False: 0] | | | | ------------------ | | | | 4923| 2.81k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.81k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.81k] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 197, False: 2.61k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5094| | 5095| 2.81k| ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5096| 2.81k| SUB(17); NEXT; // A6 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(17); NEXT; // A6 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.81k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 2.81k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.81k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.81k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.81k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 201, False: 2.60k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5097| | 5098| 2.81k| ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(19); ADD(16); ADD(15); ADD(23); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5099| 2.81k| SUB(18); NEXT; // A7 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(18); NEXT; // A7 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.81k, False: 0] | | | | ------------------ | | | | 4923| 2.81k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.81k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.81k] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 186, False: 2.62k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5100| | 5101| 2.81k| ADD(20); ADD(17); ADD(16); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(20); ADD(17); ADD(16); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(20); ADD(17); ADD(16); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5102| 2.81k| SUB(19); NEXT; // A8 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(19); NEXT; // A8 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.81k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 2.81k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.81k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.81k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.81k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 197, False: 2.61k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5103| | 5104| 2.81k| ADD(21); ADD(18); ADD(17); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(18); ADD(17); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(21); ADD(18); ADD(17); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5105| 2.81k| SUB(20); NEXT; // A9 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(20); NEXT; // A9 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.81k, False: 0] | | | | ------------------ | | | | 4923| 2.81k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.81k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.81k] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 218, False: 2.59k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5106| | 5107| 2.81k| ADD(22); ADD(19); ADD(18); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(19); ADD(18); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(22); ADD(19); ADD(18); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5108| 2.81k| SUB(21); NEXT; // A10 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(21); NEXT; // A10 ------------------ | | 4964| 2.81k| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.81k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 2.81k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.81k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.81k| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.81k|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.81k, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.81k| cc = c; c = 0; \ | | 4966| 2.81k| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 270, False: 2.54k] | | ------------------ | | 4967| 2.81k| sub32(&cur, -cc, &c); \ | | 4968| 2.81k| else \ | | 4969| 2.81k| add32(&cur, cc, &c); \ ------------------ 5109| | 5110| 2.81k| ADD(23); ADD(20); ADD(19); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(20); ADD(19); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(23); ADD(20); ADD(19); ------------------ | | 4947| 2.81k|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5111| 2.81k| SUB(22); LAST; // A11 ------------------ | | 4948| 2.81k|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.81k|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.81k| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(22); LAST; // A11 ------------------ | | 4972| 2.81k| STORE32; i++; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.81k, False: 0] | | | | ------------------ | | | | 4923| 2.81k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.81k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | 4973| 2.81k| cur = c > 0 ? c : 0; STORE32; \ | | ------------------ | | | | 4922| 2.81k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.81k] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.81k| } else { \ | | | | 4926| 2.81k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.81k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.81k| } | | ------------------ | | | Branch (4973:11): [True: 1.29k, False: 1.51k] | | ------------------ | | 4974| 39.3k| cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4918| 39.3k|#define MAX32 N->n * 2 | | ------------------ | | cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4922| 36.5k| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 19.6k, False: 16.8k] | | | | ------------------ | | | | 4923| 19.6k| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 19.6k| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 19.6k| } else { \ | | | | 4926| 16.8k| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 16.8k| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 16.8k| } | | ------------------ | | | Branch (4974:21): [True: 36.5k, False: 2.81k] | | ------------------ | | 4975| 2.81k| if (c < 0) mbedtls_ecp_fix_negative(N, c, bits); | | ------------------ | | | Branch (4975:9): [True: 248, False: 2.56k] | | ------------------ ------------------ 5112| | 5113| 2.81k|cleanup: 5114| 2.81k| return ret; 5115| 2.81k|} ecp_curves.c:ecp_mod_p521: 5147| 188|{ 5148| 188| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 188|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 5149| 188| size_t i; 5150| 188| mbedtls_mpi M; 5151| 188| mbedtls_mpi_uint Mp[P521_WIDTH + 1]; 5152| | /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits: 5153| | * we need to hold bits 513 to 1056, which is 34 limbs, that is 5154| | * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */ 5155| | 5156| 188| if (N->n < P521_WIDTH) { ------------------ | | 5137| 188|#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) ------------------ | Branch (5156:9): [True: 21, False: 167] ------------------ 5157| 21| return 0; 5158| 21| } 5159| | 5160| | /* M = A1 */ 5161| 167| M.s = 1; 5162| 167| M.n = N->n - (P521_WIDTH - 1); ------------------ | | 5137| 167|#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) ------------------ 5163| 167| if (M.n > P521_WIDTH + 1) { ------------------ | | 5137| 167|#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) ------------------ | Branch (5163:9): [True: 0, False: 167] ------------------ 5164| 0| M.n = P521_WIDTH + 1; ------------------ | | 5137| 0|#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) ------------------ 5165| 0| } 5166| 167| M.p = Mp; 5167| 167| memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); ------------------ | | 5137| 167|#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) ------------------ 5168| 167| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint)))); ------------------ | | 41| 167| do \ | | 42| 167| { \ | | 43| 167| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 167] | | ------------------ | | 44| 167| goto cleanup; \ | | 45| 167| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5169| | 5170| | /* N = A0 */ 5171| 167| N->p[P521_WIDTH - 1] &= P521_MASK; ------------------ | | 5137| 167|#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) ------------------ N->p[P521_WIDTH - 1] &= P521_MASK; ------------------ | | 5140| 167|#define P521_MASK 0x01FF ------------------ 5172| 1.23k| for (i = P521_WIDTH; i < N->n; i++) { ------------------ | | 5137| 167|#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) ------------------ | Branch (5172:26): [True: 1.06k, False: 167] ------------------ 5173| 1.06k| N->p[i] = 0; 5174| 1.06k| } 5175| | 5176| | /* N = A0 + A1 */ 5177| 167| MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); ------------------ | | 41| 167| do \ | | 42| 167| { \ | | 43| 167| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 167] | | ------------------ | | 44| 167| goto cleanup; \ | | 45| 167| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5178| | 5179| 167|cleanup: 5180| 167| return ret; 5181| 167|} ecp_curves.c:ecp_mod_p192k1: 5398| 1.57k|{ 5399| 1.57k| static const mbedtls_mpi_uint Rp[] = { 5400| 1.57k| MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, ------------------ | | 54| 1.57k| ((mbedtls_mpi_uint) (a) << 0) | \ | | 55| 1.57k| ((mbedtls_mpi_uint) (b) << 8) | \ | | 56| 1.57k| ((mbedtls_mpi_uint) (c) << 16) | \ | | 57| 1.57k| ((mbedtls_mpi_uint) (d) << 24) | \ | | 58| 1.57k| ((mbedtls_mpi_uint) (e) << 32) | \ | | 59| 1.57k| ((mbedtls_mpi_uint) (f) << 40) | \ | | 60| 1.57k| ((mbedtls_mpi_uint) (g) << 48) | \ | | 61| 1.57k| ((mbedtls_mpi_uint) (h) << 56) ------------------ 5401| 1.57k| 0x00) 5402| 1.57k| }; 5403| | 5404| 1.57k| return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 5405| 1.57k| 0); 5406| 1.57k|} ecp_curves.c:ecp_mod_koblitz: 5316| 1.59k|{ 5317| 1.59k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.59k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 5318| 1.59k| size_t i; 5319| 1.59k| mbedtls_mpi M, R; 5320| 1.59k| mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; 5321| | 5322| 1.59k| if (N->n < p_limbs) { ------------------ | Branch (5322:9): [True: 180, False: 1.41k] ------------------ 5323| 180| return 0; 5324| 180| } 5325| | 5326| | /* Init R */ 5327| 1.41k| R.s = 1; 5328| 1.41k| R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */ 5329| 1.41k| R.n = P_KOBLITZ_R; ------------------ | | 5313| 1.41k|#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R ------------------ 5330| | 5331| | /* Common setup for M */ 5332| 1.41k| M.s = 1; 5333| 1.41k| M.p = Mp; 5334| | 5335| | /* M = A1 */ 5336| 1.41k| M.n = (unsigned short) (N->n - (p_limbs - adjust)); 5337| 1.41k| if (M.n > p_limbs + adjust) { ------------------ | Branch (5337:9): [True: 0, False: 1.41k] ------------------ 5338| 0| M.n = (unsigned short) (p_limbs + adjust); 5339| 0| } 5340| 1.41k| memset(Mp, 0, sizeof(Mp)); 5341| 1.41k| memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); 5342| 1.41k| if (shift != 0) { ------------------ | Branch (5342:9): [True: 10, False: 1.40k] ------------------ 5343| 10| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); ------------------ | | 41| 10| do \ | | 42| 10| { \ | | 43| 10| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10] | | ------------------ | | 44| 10| goto cleanup; \ | | 45| 10| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5344| 10| } 5345| 1.41k| M.n += R.n; /* Make room for multiplication by R */ 5346| | 5347| | /* N = A0 */ 5348| 1.41k| if (mask != 0) { ------------------ | Branch (5348:9): [True: 10, False: 1.40k] ------------------ 5349| 10| N->p[p_limbs - 1] &= mask; 5350| 10| } 5351| 5.46k| for (i = p_limbs; i < N->n; i++) { ------------------ | Branch (5351:23): [True: 4.04k, False: 1.41k] ------------------ 5352| 4.04k| N->p[i] = 0; 5353| 4.04k| } 5354| | 5355| | /* N = A0 + R * A1 */ 5356| 1.41k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); ------------------ | | 41| 1.41k| do \ | | 42| 1.41k| { \ | | 43| 1.41k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.41k] | | ------------------ | | 44| 1.41k| goto cleanup; \ | | 45| 1.41k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5357| 1.41k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); ------------------ | | 41| 1.41k| do \ | | 42| 1.41k| { \ | | 43| 1.41k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.41k] | | ------------------ | | 44| 1.41k| goto cleanup; \ | | 45| 1.41k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5358| | 5359| | /* Second pass */ 5360| | 5361| | /* M = A1 */ 5362| 1.41k| M.n = (unsigned short) (N->n - (p_limbs - adjust)); 5363| 1.41k| if (M.n > p_limbs + adjust) { ------------------ | Branch (5363:9): [True: 0, False: 1.41k] ------------------ 5364| 0| M.n = (unsigned short) (p_limbs + adjust); 5365| 0| } 5366| 1.41k| memset(Mp, 0, sizeof(Mp)); 5367| 1.41k| memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); 5368| 1.41k| if (shift != 0) { ------------------ | Branch (5368:9): [True: 10, False: 1.40k] ------------------ 5369| 10| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); ------------------ | | 41| 10| do \ | | 42| 10| { \ | | 43| 10| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 10] | | ------------------ | | 44| 10| goto cleanup; \ | | 45| 10| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5370| 10| } 5371| 1.41k| M.n += R.n; /* Make room for multiplication by R */ 5372| | 5373| | /* N = A0 */ 5374| 1.41k| if (mask != 0) { ------------------ | Branch (5374:9): [True: 10, False: 1.40k] ------------------ 5375| 10| N->p[p_limbs - 1] &= mask; 5376| 10| } 5377| 5.46k| for (i = p_limbs; i < N->n; i++) { ------------------ | Branch (5377:23): [True: 4.04k, False: 1.41k] ------------------ 5378| 4.04k| N->p[i] = 0; 5379| 4.04k| } 5380| | 5381| | /* N = A0 + R * A1 */ 5382| 1.41k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); ------------------ | | 41| 1.41k| do \ | | 42| 1.41k| { \ | | 43| 1.41k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.41k] | | ------------------ | | 44| 1.41k| goto cleanup; \ | | 45| 1.41k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5383| 1.41k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); ------------------ | | 41| 1.41k| do \ | | 42| 1.41k| { \ | | 43| 1.41k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.41k] | | ------------------ | | 44| 1.41k| goto cleanup; \ | | 45| 1.41k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 5384| | 5385| 1.41k|cleanup: 5386| 1.41k| return ret; 5387| 1.41k|} ecp_curves.c:ecp_mod_p224k1: 5415| 18|{ 5416| 18| static const mbedtls_mpi_uint Rp[] = { 5417| 18| MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, ------------------ | | 54| 18| ((mbedtls_mpi_uint) (a) << 0) | \ | | 55| 18| ((mbedtls_mpi_uint) (b) << 8) | \ | | 56| 18| ((mbedtls_mpi_uint) (c) << 16) | \ | | 57| 18| ((mbedtls_mpi_uint) (d) << 24) | \ | | 58| 18| ((mbedtls_mpi_uint) (e) << 32) | \ | | 59| 18| ((mbedtls_mpi_uint) (f) << 40) | \ | | 60| 18| ((mbedtls_mpi_uint) (g) << 48) | \ | | 61| 18| ((mbedtls_mpi_uint) (h) << 56) ------------------ 5418| 18| 0x00) 5419| 18| }; 5420| | 5421| 18|#if defined(MBEDTLS_HAVE_INT64) 5422| 18| return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF); 5423| |#else 5424| | return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 5425| | 0); 5426| |#endif 5427| 18|} ecp_curves.c:ecp_mod_p256k1: 5437| 6|{ 5438| 6| static const mbedtls_mpi_uint Rp[] = { 5439| 6| MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, ------------------ | | 54| 6| ((mbedtls_mpi_uint) (a) << 0) | \ | | 55| 6| ((mbedtls_mpi_uint) (b) << 8) | \ | | 56| 6| ((mbedtls_mpi_uint) (c) << 16) | \ | | 57| 6| ((mbedtls_mpi_uint) (d) << 24) | \ | | 58| 6| ((mbedtls_mpi_uint) (e) << 32) | \ | | 59| 6| ((mbedtls_mpi_uint) (f) << 40) | \ | | 60| 6| ((mbedtls_mpi_uint) (g) << 48) | \ | | 61| 6| ((mbedtls_mpi_uint) (h) << 56) ------------------ 5440| 6| 0x00) 5441| 6| }; 5442| 6| return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 5443| 6| 0); 5444| 6|} mbedtls_oid_get_pk_alg: 84| 2.96k| { \ 85| 2.96k| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 2.96k| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 451|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 451, False: 2.51k] ------------------ 87| 2.96k| *ATTR1 = data->ATTR1; \ 88| 2.51k| return 0; \ 89| 2.96k| } mbedtls_oid_get_ec_grp: 84| 2.18k| { \ 85| 2.18k| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 2.18k| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 10|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 10, False: 2.17k] ------------------ 87| 2.18k| *ATTR1 = data->ATTR1; \ 88| 2.17k| return 0; \ 89| 2.18k| } mbedtls_oid_get_ec_grp_algid: 84| 451| { \ 85| 451| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 451| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 102|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 102, False: 349] ------------------ 87| 451| *ATTR1 = data->ATTR1; \ 88| 349| return 0; \ 89| 451| } oid.c:oid_pk_alg_from_asn1: 47| 2.96k| { \ 48| 2.96k| const TYPE_T *p = (LIST); \ 49| 2.96k| const mbedtls_oid_descriptor_t *cur = \ 50| 2.96k| (const mbedtls_oid_descriptor_t *) p; \ 51| 2.96k| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 2.96k] | Branch (51:26): [True: 0, False: 2.96k] ------------------ 52| 6.96k| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 6.51k, False: 451] ------------------ 53| 6.51k| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 2.57k, False: 3.93k] ------------------ 54| 6.51k| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 2.51k, False: 57] ------------------ 55| 2.51k| return p; \ 56| 2.51k| } \ 57| 6.51k| p++; \ 58| 3.99k| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 3.99k| } \ 60| 2.96k| return NULL; \ 61| 2.96k| } oid.c:oid_grp_id_from_asn1: 47| 2.18k| { \ 48| 2.18k| const TYPE_T *p = (LIST); \ 49| 2.18k| const mbedtls_oid_descriptor_t *cur = \ 50| 2.18k| (const mbedtls_oid_descriptor_t *) p; \ 51| 2.18k| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 2.18k] | Branch (51:26): [True: 0, False: 2.18k] ------------------ 52| 9.83k| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 9.82k, False: 10] ------------------ 53| 9.82k| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 4.74k, False: 5.07k] ------------------ 54| 9.82k| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 2.17k, False: 2.57k] ------------------ 55| 2.17k| return p; \ 56| 2.17k| } \ 57| 9.82k| p++; \ 58| 7.64k| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 7.64k| } \ 60| 2.18k| return NULL; \ 61| 2.18k| } oid.c:oid_grp_id_algid_from_asn1: 47| 451| { \ 48| 451| const TYPE_T *p = (LIST); \ 49| 451| const mbedtls_oid_descriptor_t *cur = \ 50| 451| (const mbedtls_oid_descriptor_t *) p; \ 51| 451| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 451] | Branch (51:26): [True: 0, False: 451] ------------------ 52| 716| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 614, False: 102] ------------------ 53| 614| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 480, False: 134] ------------------ 54| 614| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 349, False: 131] ------------------ 55| 349| return p; \ 56| 349| } \ 57| 614| p++; \ 58| 265| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 265| } \ 60| 451| return NULL; \ 61| 451| } mbedtls_pem_init: 39| 4.19k|{ 40| 4.19k| memset(ctx, 0, sizeof(mbedtls_pem_context)); 41| 4.19k|} mbedtls_pem_read_buffer: 271| 4.51k|{ 272| 4.51k| int ret, enc; 273| 4.51k| size_t len; 274| 4.51k| unsigned char *buf; 275| 4.51k| const unsigned char *s1, *s2, *end; 276| 4.51k|#if defined(PEM_RFC1421) 277| 4.51k| unsigned char pem_iv[16]; 278| 4.51k| mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE; 279| |#else 280| | ((void) pwd); 281| | ((void) pwdlen); 282| |#endif /* PEM_RFC1421 */ 283| | 284| 4.51k| if (ctx == NULL) { ------------------ | Branch (284:9): [True: 0, False: 4.51k] ------------------ 285| 0| return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; ------------------ | | 41| 0|#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 ------------------ 286| 0| } 287| | 288| 4.51k| s1 = (unsigned char *) strstr((const char *) data, header); 289| | 290| 4.51k| if (s1 == NULL) { ------------------ | Branch (290:9): [True: 3.66k, False: 847] ------------------ 291| 3.66k| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 3.66k|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 292| 3.66k| } 293| | 294| 847| s2 = (unsigned char *) strstr((const char *) data, footer); 295| | 296| 847| if (s2 == NULL || s2 <= s1) { ------------------ | Branch (296:9): [True: 3, False: 844] | Branch (296:23): [True: 3, False: 841] ------------------ 297| 6| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 6|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 298| 6| } 299| | 300| 841| s1 += strlen(header); 301| 841| if (*s1 == ' ') { ------------------ | Branch (301:9): [True: 3, False: 838] ------------------ 302| 3| s1++; 303| 3| } 304| 841| if (*s1 == '\r') { ------------------ | Branch (304:9): [True: 3, False: 838] ------------------ 305| 3| s1++; 306| 3| } 307| 841| if (*s1 == '\n') { ------------------ | Branch (307:9): [True: 818, False: 23] ------------------ 308| 818| s1++; 309| 818| } else { 310| 23| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 23|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 311| 23| } 312| | 313| 818| end = s2; 314| 818| end += strlen(footer); 315| 818| if (*end == ' ') { ------------------ | Branch (315:9): [True: 1, False: 817] ------------------ 316| 1| end++; 317| 1| } 318| 818| if (*end == '\r') { ------------------ | Branch (318:9): [True: 1, False: 817] ------------------ 319| 1| end++; 320| 1| } 321| 818| if (*end == '\n') { ------------------ | Branch (321:9): [True: 1, False: 817] ------------------ 322| 1| end++; 323| 1| } 324| 818| *use_len = (size_t) (end - data); 325| | 326| 818| enc = 0; 327| | 328| 818| if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) { ------------------ | Branch (328:9): [True: 704, False: 114] | Branch (328:26): [True: 152, False: 552] ------------------ 329| 152|#if defined(PEM_RFC1421) 330| 152| enc++; 331| | 332| 152| s1 += 22; 333| 152| if (*s1 == '\r') { ------------------ | Branch (333:13): [True: 1, False: 151] ------------------ 334| 1| s1++; 335| 1| } 336| 152| if (*s1 == '\n') { ------------------ | Branch (336:13): [True: 142, False: 10] ------------------ 337| 142| s1++; 338| 142| } else { 339| 10| return MBEDTLS_ERR_PEM_INVALID_DATA; ------------------ | | 27| 10|#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 ------------------ 340| 10| } 341| | 342| | 343| 142|#if defined(MBEDTLS_DES_C) 344| 142| if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) { ------------------ | Branch (344:13): [True: 89, False: 53] | Branch (344:30): [True: 20, False: 69] ------------------ 345| 20| enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; 346| | 347| 20| s1 += 23; 348| 20| if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { ------------------ | Branch (348:17): [True: 7, False: 13] | Branch (348:33): [True: 11, False: 2] ------------------ 349| 18| return MBEDTLS_ERR_PEM_INVALID_ENC_IV; ------------------ | | 31| 18|#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 ------------------ 350| 18| } 351| | 352| 2| s1 += 16; 353| 122| } else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) { ------------------ | Branch (353:20): [True: 101, False: 21] | Branch (353:37): [True: 46, False: 55] ------------------ 354| 46| enc_alg = MBEDTLS_CIPHER_DES_CBC; 355| | 356| 46| s1 += 18; 357| 46| if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { ------------------ | Branch (357:17): [True: 8, False: 38] | Branch (357:33): [True: 19, False: 19] ------------------ 358| 27| return MBEDTLS_ERR_PEM_INVALID_ENC_IV; ------------------ | | 31| 27|#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 ------------------ 359| 27| } 360| | 361| 19| s1 += 16; 362| 19| } 363| 97|#endif /* MBEDTLS_DES_C */ 364| | 365| 97|#if defined(MBEDTLS_AES_C) 366| 97| if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) { ------------------ | Branch (366:13): [True: 78, False: 19] | Branch (366:30): [True: 23, False: 55] ------------------ 367| 23| if (s2 - s1 < 22) { ------------------ | Branch (367:17): [True: 2, False: 21] ------------------ 368| 2| return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; ------------------ | | 33| 2|#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 ------------------ 369| 21| } else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0) { ------------------ | Branch (369:24): [True: 4, False: 17] ------------------ 370| 4| enc_alg = MBEDTLS_CIPHER_AES_128_CBC; 371| 17| } else if (memcmp(s1, "DEK-Info: AES-192-CBC,", 22) == 0) { ------------------ | Branch (371:24): [True: 3, False: 14] ------------------ 372| 3| enc_alg = MBEDTLS_CIPHER_AES_192_CBC; 373| 14| } else if (memcmp(s1, "DEK-Info: AES-256-CBC,", 22) == 0) { ------------------ | Branch (373:24): [True: 4, False: 10] ------------------ 374| 4| enc_alg = MBEDTLS_CIPHER_AES_256_CBC; 375| 10| } else { 376| 10| return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; ------------------ | | 33| 10|#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 ------------------ 377| 10| } 378| | 379| 11| s1 += 22; 380| 11| if (s2 - s1 < 32 || pem_get_iv(s1, pem_iv, 16) != 0) { ------------------ | Branch (380:17): [True: 3, False: 8] | Branch (380:33): [True: 3, False: 5] ------------------ 381| 6| return MBEDTLS_ERR_PEM_INVALID_ENC_IV; ------------------ | | 31| 6|#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 ------------------ 382| 6| } 383| | 384| 5| s1 += 32; 385| 5| } 386| 79|#endif /* MBEDTLS_AES_C */ 387| | 388| 79| if (enc_alg == MBEDTLS_CIPHER_NONE) { ------------------ | Branch (388:13): [True: 55, False: 24] ------------------ 389| 55| return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; ------------------ | | 33| 55|#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 ------------------ 390| 55| } 391| | 392| 24| if (*s1 == '\r') { ------------------ | Branch (392:13): [True: 1, False: 23] ------------------ 393| 1| s1++; 394| 1| } 395| 24| if (*s1 == '\n') { ------------------ | Branch (395:13): [True: 2, False: 22] ------------------ 396| 2| s1++; 397| 22| } else { 398| 22| return MBEDTLS_ERR_PEM_INVALID_DATA; ------------------ | | 27| 22|#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 ------------------ 399| 22| } 400| |#else 401| | return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; 402| |#endif /* PEM_RFC1421 */ 403| 24| } 404| | 405| 668| if (s1 >= s2) { ------------------ | Branch (405:9): [True: 21, False: 647] ------------------ 406| 21| return MBEDTLS_ERR_PEM_INVALID_DATA; ------------------ | | 27| 21|#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 ------------------ 407| 21| } 408| | 409| 647| ret = mbedtls_base64_decode(NULL, 0, &len, s1, (size_t) (s2 - s1)); 410| | 411| 647| if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { ------------------ | | 20| 647|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ | Branch (411:9): [True: 87, False: 560] ------------------ 412| 87| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); ------------------ | | 114| 87| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 413| 87| } 414| | 415| 560| if (len == 0) { ------------------ | Branch (415:9): [True: 8, False: 552] ------------------ 416| 8| return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; ------------------ | | 41| 8|#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 ------------------ 417| 8| } 418| | 419| 552| if ((buf = mbedtls_calloc(1, len)) == NULL) { ------------------ | Branch (419:9): [True: 0, False: 552] ------------------ 420| 0| return MBEDTLS_ERR_PEM_ALLOC_FAILED; ------------------ | | 29| 0|#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 ------------------ 421| 0| } 422| | 423| 552| if ((ret = mbedtls_base64_decode(buf, len, &len, s1, (size_t) (s2 - s1))) != 0) { ------------------ | Branch (423:9): [True: 0, False: 552] ------------------ 424| 0| mbedtls_zeroize_and_free(buf, len); 425| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 426| 0| } 427| | 428| 552| if (enc != 0) { ------------------ | Branch (428:9): [True: 1, False: 551] ------------------ 429| 1|#if defined(PEM_RFC1421) 430| 1| if (pwd == NULL) { ------------------ | Branch (430:13): [True: 1, False: 0] ------------------ 431| 1| mbedtls_zeroize_and_free(buf, len); 432| 1| return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED; ------------------ | | 35| 1|#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 ------------------ 433| 1| } 434| | 435| 0| ret = 0; 436| | 437| 0|#if defined(MBEDTLS_DES_C) 438| 0| if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) { ------------------ | Branch (438:13): [True: 0, False: 0] ------------------ 439| 0| ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen); 440| 0| } else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) { ------------------ | Branch (440:20): [True: 0, False: 0] ------------------ 441| 0| ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen); 442| 0| } 443| 0|#endif /* MBEDTLS_DES_C */ 444| | 445| 0|#if defined(MBEDTLS_AES_C) 446| 0| if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) { ------------------ | Branch (446:13): [True: 0, False: 0] ------------------ 447| 0| ret = pem_aes_decrypt(pem_iv, 16, buf, len, pwd, pwdlen); 448| 0| } else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) { ------------------ | Branch (448:20): [True: 0, False: 0] ------------------ 449| 0| ret = pem_aes_decrypt(pem_iv, 24, buf, len, pwd, pwdlen); 450| 0| } else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) { ------------------ | Branch (450:20): [True: 0, False: 0] ------------------ 451| 0| ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen); 452| 0| } 453| 0|#endif /* MBEDTLS_AES_C */ 454| | 455| 0| if (ret != 0) { ------------------ | Branch (455:13): [True: 0, False: 0] ------------------ 456| 0| mbedtls_zeroize_and_free(buf, len); 457| 0| return ret; 458| 0| } 459| | 460| | /* Check PKCS padding and update data length based on padding info. 461| | * This can be used to detect invalid padding data and password 462| | * mismatches. */ 463| 0| size_t unpadded_len; 464| 0| ret = pem_check_pkcs_padding(buf, len, &unpadded_len); 465| 0| if (ret != 0) { ------------------ | Branch (465:13): [True: 0, False: 0] ------------------ 466| 0| mbedtls_zeroize_and_free(buf, len); 467| 0| return ret; 468| 0| } 469| 0| len = unpadded_len; 470| |#else 471| | mbedtls_zeroize_and_free(buf, len); 472| | return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; 473| |#endif /* PEM_RFC1421 */ 474| 0| } 475| | 476| 551| ctx->buf = buf; 477| 551| ctx->buflen = len; 478| | 479| 551| return 0; 480| 552|} mbedtls_pem_free: 483| 4.19k|{ 484| 4.19k| if (ctx == NULL) { ------------------ | Branch (484:9): [True: 0, False: 4.19k] ------------------ 485| 0| return; 486| 0| } 487| | 488| 4.19k| if (ctx->buf != NULL) { ------------------ | Branch (488:9): [True: 551, False: 3.64k] ------------------ 489| 551| mbedtls_zeroize_and_free(ctx->buf, ctx->buflen); 490| 551| } 491| 4.19k| mbedtls_free(ctx->info); 492| | 493| 4.19k| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context)); 494| 4.19k|} pem.c:pem_get_iv: 49| 59|{ 50| 59| size_t i, j, k; 51| | 52| 59| memset(iv, 0, iv_len); 53| | 54| 692| for (i = 0; i < iv_len * 2; i++, s++) { ------------------ | Branch (54:17): [True: 666, False: 26] ------------------ 55| 666| if (*s >= '0' && *s <= '9') { ------------------ | Branch (55:13): [True: 659, False: 7] | Branch (55:26): [True: 180, False: 479] ------------------ 56| 180| j = *s - '0'; 57| 180| } else 58| 486| if (*s >= 'A' && *s <= 'F') { ------------------ | Branch (58:13): [True: 473, False: 13] | Branch (58:26): [True: 222, False: 251] ------------------ 59| 222| j = *s - '7'; 60| 222| } else 61| 264| if (*s >= 'a' && *s <= 'f') { ------------------ | Branch (61:13): [True: 241, False: 23] | Branch (61:26): [True: 231, False: 10] ------------------ 62| 231| j = *s - 'W'; 63| 231| } else { 64| 33| return MBEDTLS_ERR_PEM_INVALID_ENC_IV; ------------------ | | 31| 33|#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 ------------------ 65| 33| } 66| | 67| 633| k = ((i & 1) != 0) ? j : j << 4; ------------------ | Branch (67:13): [True: 311, False: 322] ------------------ 68| | 69| 633| iv[i >> 1] = (unsigned char) (iv[i >> 1] | k); 70| 633| } 71| | 72| 26| return 0; 73| 59|} mbedtls_pk_init: 42| 4.19k|{ 43| 4.19k| ctx->pk_info = NULL; 44| 4.19k| ctx->pk_ctx = NULL; 45| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 46| | ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT; 47| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 48| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 49| | memset(ctx->pub_raw, 0, sizeof(ctx->pub_raw)); 50| | ctx->pub_raw_len = 0; 51| | ctx->ec_family = 0; 52| | ctx->ec_bits = 0; 53| |#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 54| 4.19k|} mbedtls_pk_free: 60| 9.09k|{ 61| 9.09k| if (ctx == NULL) { ------------------ | Branch (61:9): [True: 0, False: 9.09k] ------------------ 62| 0| return; 63| 0| } 64| | 65| 9.09k| if ((ctx->pk_info != NULL) && (ctx->pk_info->ctx_free_func != NULL)) { ------------------ | Branch (65:9): [True: 6.11k, False: 2.97k] | Branch (65:35): [True: 6.11k, False: 0] ------------------ 66| 6.11k| ctx->pk_info->ctx_free_func(ctx->pk_ctx); 67| 6.11k| } 68| | 69| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 70| | /* The ownership of the priv_id key for opaque keys is external of the PK 71| | * module. It's the user responsibility to clear it after use. */ 72| | if ((ctx->pk_info != NULL) && (ctx->pk_info->type != MBEDTLS_PK_OPAQUE)) { 73| | psa_destroy_key(ctx->priv_id); 74| | } 75| |#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 76| | 77| 9.09k| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context)); 78| 9.09k|} mbedtls_pk_info_from_type: 111| 6.11k|{ 112| 6.11k| switch (pk_type) { 113| 0|#if defined(MBEDTLS_RSA_C) 114| 3.38k| case MBEDTLS_PK_RSA: ------------------ | Branch (114:9): [True: 3.38k, False: 2.73k] ------------------ 115| 3.38k| return &mbedtls_rsa_info; 116| 0|#endif /* MBEDTLS_RSA_C */ 117| 0|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 118| 2.59k| case MBEDTLS_PK_ECKEY: ------------------ | Branch (118:9): [True: 2.59k, False: 3.52k] ------------------ 119| 2.59k| return &mbedtls_eckey_info; 120| 139| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (120:9): [True: 139, False: 5.97k] ------------------ 121| 139| return &mbedtls_eckeydh_info; 122| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 123| 0|#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) 124| 0| case MBEDTLS_PK_ECDSA: ------------------ | Branch (124:9): [True: 0, False: 6.11k] ------------------ 125| 0| return &mbedtls_ecdsa_info; 126| 0|#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ 127| | /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 128| 0| default: ------------------ | Branch (128:9): [True: 0, False: 6.11k] ------------------ 129| 0| return NULL; 130| 6.11k| } 131| 6.11k|} mbedtls_pk_setup: 137| 6.11k|{ 138| 6.11k| if (info == NULL || ctx->pk_info != NULL) { ------------------ | Branch (138:9): [True: 0, False: 6.11k] | Branch (138:25): [True: 0, False: 6.11k] ------------------ 139| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 140| 0| } 141| | 142| 6.11k| if ((info->ctx_alloc_func != NULL) && ------------------ | Branch (142:9): [True: 6.11k, False: 0] ------------------ 143| 6.11k| ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) { ------------------ | Branch (143:9): [True: 0, False: 6.11k] ------------------ 144| 0| return MBEDTLS_ERR_PK_ALLOC_FAILED; ------------------ | | 36| 0|#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 ------------------ 145| 0| } 146| | 147| 6.11k| ctx->pk_info = info; 148| | 149| 6.11k| return 0; 150| 6.11k|} mbedtls_pk_get_type: 1495| 11.6k|{ 1496| 11.6k| if (ctx == NULL || ctx->pk_info == NULL) { ------------------ | Branch (1496:9): [True: 0, False: 11.6k] | Branch (1496:24): [True: 0, False: 11.6k] ------------------ 1497| 0| return MBEDTLS_PK_NONE; 1498| 0| } 1499| | 1500| 11.6k| return ctx->pk_info->type; 1501| 11.6k|} mbedtls_pk_ecc_set_group: 18| 2.42k|{ 19| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 20| | size_t ec_bits; 21| | psa_ecc_family_t ec_family = mbedtls_ecc_group_to_psa(grp_id, &ec_bits); 22| | 23| | /* group may already be initialized; if so, make sure IDs match */ 24| | if ((pk->ec_family != 0 && pk->ec_family != ec_family) || 25| | (pk->ec_bits != 0 && pk->ec_bits != ec_bits)) { 26| | return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; 27| | } 28| | 29| | /* set group */ 30| | pk->ec_family = ec_family; 31| | pk->ec_bits = ec_bits; 32| | 33| | return 0; 34| |#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 35| 2.42k| mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); 36| | 37| | /* grp may already be initialized; if so, make sure IDs match */ 38| 2.42k| if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && ------------------ | Branch (38:9): [True: 0, False: 2.42k] ------------------ 39| 2.42k| mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { ------------------ | Branch (39:9): [True: 0, False: 0] ------------------ 40| 0| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 41| 0| } 42| | 43| | /* set group */ 44| 2.42k| return mbedtls_ecp_group_load(&(ecp->grp), grp_id); 45| 2.42k|#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 46| 2.42k|} mbedtls_pk_ecc_set_pubkey: 205| 2.42k|{ 206| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 207| | 208| | /* Load the key */ 209| | if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(pk->ec_family) || *pub == 0x04) { 210| | /* Format directly supported by PSA: 211| | * - non-Weierstrass curves that only have one format; 212| | * - uncompressed format for Weierstrass curves. */ 213| | if (pub_len > sizeof(pk->pub_raw)) { 214| | return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; 215| | } 216| | memcpy(pk->pub_raw, pub, pub_len); 217| | pk->pub_raw_len = pub_len; 218| | } else { 219| | /* Other format, try the fallback */ 220| | int ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len); 221| | if (ret != 0) { 222| | return ret; 223| | } 224| | } 225| | 226| | /* Validate the key by trying to import it */ 227| | mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 228| | psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; 229| | 230| | psa_set_key_usage_flags(&key_attrs, 0); 231| | psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); 232| | psa_set_key_bits(&key_attrs, pk->ec_bits); 233| | 234| | if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, 235| | &key_id) != PSA_SUCCESS) || 236| | (psa_destroy_key(key_id) != PSA_SUCCESS)) { 237| | return MBEDTLS_ERR_PK_INVALID_PUBKEY; 238| | } 239| | 240| | return 0; 241| | 242| |#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 243| | 244| 2.42k| int ret; 245| 2.42k| mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; 246| 2.42k| ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, pub, pub_len); 247| 2.42k| if (ret != 0) { ------------------ | Branch (247:9): [True: 56, False: 2.36k] ------------------ 248| 56| return ret; 249| 56| } 250| 2.36k| return mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); 251| | 252| 2.42k|#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 253| 2.42k|} pk_ecc.c:mbedtls_pk_ec_rw: 73| 2.42k|{ 74| 2.42k| switch (mbedtls_pk_get_type(&pk)) { 75| 2.42k| case MBEDTLS_PK_ECKEY: ------------------ | Branch (75:9): [True: 2.42k, False: 0] ------------------ 76| 2.42k| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (76:9): [True: 0, False: 2.42k] ------------------ 77| 2.42k| case MBEDTLS_PK_ECDSA: ------------------ | Branch (77:9): [True: 0, False: 2.42k] ------------------ 78| 2.42k| return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 2.42k|#define MBEDTLS_PRIVATE(member) member ------------------ 79| 0| default: ------------------ | Branch (79:9): [True: 0, False: 2.42k] ------------------ 80| 0| return NULL; 81| 2.42k| } 82| 2.42k|} pk_ecc.c:mbedtls_pk_ec_ro: 61| 2.42k|{ 62| 2.42k| switch (mbedtls_pk_get_type(&pk)) { 63| 2.42k| case MBEDTLS_PK_ECKEY: ------------------ | Branch (63:9): [True: 2.42k, False: 0] ------------------ 64| 2.42k| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (64:9): [True: 0, False: 2.42k] ------------------ 65| 2.42k| case MBEDTLS_PK_ECDSA: ------------------ | Branch (65:9): [True: 0, False: 2.42k] ------------------ 66| 2.42k| return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 2.42k|#define MBEDTLS_PRIVATE(member) member ------------------ 67| 0| default: ------------------ | Branch (67:9): [True: 0, False: 2.42k] ------------------ 68| 0| return NULL; 69| 2.42k| } 70| 2.42k|} pk_wrap.c:rsa_alloc_wrap: 455| 3.38k|{ 456| 3.38k| void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); 457| | 458| 3.38k| if (ctx != NULL) { ------------------ | Branch (458:9): [True: 3.38k, False: 0] ------------------ 459| 3.38k| mbedtls_rsa_init((mbedtls_rsa_context *) ctx); 460| 3.38k| } 461| | 462| 3.38k| return ctx; 463| 3.38k|} pk_wrap.c:rsa_free_wrap: 466| 3.38k|{ 467| 3.38k| mbedtls_rsa_free((mbedtls_rsa_context *) ctx); 468| 3.38k| mbedtls_free(ctx); 469| 3.38k|} pk_wrap.c:eckey_alloc_wrap: 1082| 2.73k|{ 1083| 2.73k| void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); 1084| | 1085| 2.73k| if (ctx != NULL) { ------------------ | Branch (1085:9): [True: 2.73k, False: 0] ------------------ 1086| 2.73k| mbedtls_ecp_keypair_init(ctx); 1087| 2.73k| } 1088| | 1089| 2.73k| return ctx; 1090| 2.73k|} pk_wrap.c:eckey_free_wrap: 1093| 2.73k|{ 1094| 2.73k| mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx); 1095| 2.73k| mbedtls_free(ctx); 1096| 2.73k|} mbedtls_pk_parse_subpubkey: 519| 3.36k|{ 520| 3.36k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3.36k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 521| 3.36k| size_t len; 522| 3.36k| mbedtls_asn1_buf alg_params; 523| 3.36k| mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 524| 3.36k| mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; 525| 3.36k| const mbedtls_pk_info_t *pk_info; 526| | 527| 3.36k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (527:9): [True: 110, False: 3.25k] ------------------ 528| 3.36k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3.36k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3.36k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 529| 110| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 110| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 530| 110| } 531| | 532| 3.25k| end = *p + len; 533| | 534| 3.25k| if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params, &ec_grp_id)) != 0) { ------------------ | Branch (534:9): [True: 398, False: 2.85k] ------------------ 535| 398| return ret; 536| 398| } 537| | 538| 2.85k| if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { ------------------ | Branch (538:9): [True: 114, False: 2.74k] ------------------ 539| 114| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); ------------------ | | 114| 114| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 540| 114| } 541| | 542| 2.74k| if (*p + len != end) { ------------------ | Branch (542:9): [True: 6, False: 2.73k] ------------------ 543| 6| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ------------------ | | 114| 6| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 544| 6| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 545| 6| } 546| | 547| 2.73k| if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) { ------------------ | Branch (547:9): [True: 0, False: 2.73k] ------------------ 548| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 549| 0| } 550| | 551| 2.73k| if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) { ------------------ | Branch (551:9): [True: 0, False: 2.73k] ------------------ 552| 0| return ret; 553| 0| } 554| | 555| 2.73k|#if defined(MBEDTLS_RSA_C) 556| 2.73k| if (pk_alg == MBEDTLS_PK_RSA) { ------------------ | Branch (556:9): [True: 7, False: 2.73k] ------------------ 557| 7| ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p)); 558| 7| if (ret == 0) { ------------------ | Branch (558:13): [True: 1, False: 6] ------------------ 559| | /* On success all the input has been consumed by the parsing function. */ 560| 1| *p += end - *p; 561| 6| } else if ((ret <= MBEDTLS_ERR_ASN1_OUT_OF_DATA) && ------------------ | | 37| 6|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ | Branch (561:20): [True: 6, False: 0] ------------------ 562| 6| (ret >= MBEDTLS_ERR_ASN1_BUF_TOO_SMALL)) { ------------------ | | 49| 6|#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C ------------------ | Branch (562:20): [True: 5, False: 1] ------------------ 563| | /* In case of ASN1 error codes add MBEDTLS_ERR_PK_INVALID_PUBKEY. */ 564| 5| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); ------------------ | | 114| 5| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 565| 5| } else { 566| 1| ret = MBEDTLS_ERR_PK_INVALID_PUBKEY; ------------------ | | 54| 1|#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 ------------------ 567| 1| } 568| 7| } else 569| 2.73k|#endif /* MBEDTLS_RSA_C */ 570| 2.73k|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 571| 2.73k| if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { ------------------ | Branch (571:9): [True: 139, False: 2.59k] | Branch (571:42): [True: 2.59k, False: 0] ------------------ 572| 2.73k|#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) 573| 2.73k| if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { ------------------ | | 122| 2.73k| ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) | | ------------------ | | | Branch (122:6): [True: 244, False: 2.48k] | | | Branch (122:43): [True: 14, False: 2.47k] | | ------------------ ------------------ 574| 258| ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, pk); 575| 258| } else 576| 2.47k|#endif 577| 2.47k| { 578| 2.47k| ret = pk_use_ecparams(&alg_params, pk); 579| 2.47k| } 580| 2.73k| if (ret == 0) { ------------------ | Branch (580:13): [True: 2.42k, False: 308] ------------------ 581| 2.42k| ret = mbedtls_pk_ecc_set_pubkey(pk, *p, (size_t) (end - *p)); 582| 2.42k| *p += end - *p; 583| 2.42k| } 584| 2.73k| } else 585| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 586| 0| ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 587| | 588| 2.73k| if (ret == 0 && *p != end) { ------------------ | Branch (588:9): [True: 945, False: 1.79k] | Branch (588:21): [True: 0, False: 945] ------------------ 589| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 590| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 591| 0| } 592| | 593| 2.73k| if (ret != 0) { ------------------ | Branch (593:9): [True: 1.79k, False: 945] ------------------ 594| 1.79k| mbedtls_pk_free(pk); 595| 1.79k| } 596| | 597| 2.73k| return ret; 598| 2.73k|} mbedtls_pk_parse_public_key: 1182| 4.19k|{ 1183| 4.19k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 4.19k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1184| 4.19k| unsigned char *p; 1185| 4.19k|#if defined(MBEDTLS_RSA_C) 1186| 4.19k| const mbedtls_pk_info_t *pk_info; 1187| 4.19k|#endif 1188| 4.19k|#if defined(MBEDTLS_PEM_PARSE_C) 1189| 4.19k| size_t len; 1190| 4.19k| mbedtls_pem_context pem; 1191| 4.19k|#endif 1192| | 1193| 4.19k| if (keylen == 0) { ------------------ | Branch (1193:9): [True: 0, False: 4.19k] ------------------ 1194| 0| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 1195| 0| } 1196| | 1197| 4.19k|#if defined(MBEDTLS_PEM_PARSE_C) 1198| 4.19k| mbedtls_pem_init(&pem); 1199| 4.19k|#if defined(MBEDTLS_RSA_C) 1200| | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1201| 4.19k| if (key[keylen - 1] != '\0') { ------------------ | Branch (1201:9): [True: 1.93k, False: 2.26k] ------------------ 1202| 1.93k| ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 1.93k|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 1203| 2.26k| } else { 1204| 2.26k| ret = mbedtls_pem_read_buffer(&pem, 1205| 2.26k| PEM_BEGIN_PUBLIC_KEY_RSA, PEM_END_PUBLIC_KEY_RSA, ------------------ | | 38| 2.26k|#define PEM_BEGIN_PUBLIC_KEY_RSA "-----BEGIN RSA PUBLIC KEY-----" ------------------ PEM_BEGIN_PUBLIC_KEY_RSA, PEM_END_PUBLIC_KEY_RSA, ------------------ | | 39| 2.26k|#define PEM_END_PUBLIC_KEY_RSA "-----END RSA PUBLIC KEY-----" ------------------ 1206| 2.26k| key, NULL, 0, &len); 1207| 2.26k| } 1208| | 1209| 4.19k| if (ret == 0) { ------------------ | Branch (1209:9): [True: 6, False: 4.18k] ------------------ 1210| 6| p = pem.buf; 1211| 6| if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) { ------------------ | Branch (1211:13): [True: 0, False: 6] ------------------ 1212| 0| mbedtls_pem_free(&pem); 1213| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 1214| 0| } 1215| | 1216| 6| if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) { ------------------ | Branch (1216:13): [True: 0, False: 6] ------------------ 1217| 0| mbedtls_pem_free(&pem); 1218| 0| return ret; 1219| 0| } 1220| | 1221| 6| if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, pem.buflen)) != 0) { ------------------ | Branch (1221:13): [True: 5, False: 1] ------------------ 1222| 5| mbedtls_pk_free(ctx); 1223| 5| } 1224| | 1225| 6| mbedtls_pem_free(&pem); 1226| 6| return ret; 1227| 4.18k| } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { ------------------ | | 25| 4.18k|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ | Branch (1227:16): [True: 5, False: 4.18k] ------------------ 1228| 5| mbedtls_pem_free(&pem); 1229| 5| return ret; 1230| 5| } 1231| 4.18k|#endif /* MBEDTLS_RSA_C */ 1232| | 1233| | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1234| 4.18k| if (key[keylen - 1] != '\0') { ------------------ | Branch (1234:9): [True: 1.93k, False: 2.25k] ------------------ 1235| 1.93k| ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 1.93k|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 1236| 2.25k| } else { 1237| 2.25k| ret = mbedtls_pem_read_buffer(&pem, 1238| 2.25k| PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, ------------------ | | 34| 2.25k|#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" ------------------ PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, ------------------ | | 35| 2.25k|#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----" ------------------ 1239| 2.25k| key, NULL, 0, &len); 1240| 2.25k| } 1241| | 1242| 4.18k| if (ret == 0) { ------------------ | Branch (1242:9): [True: 545, False: 3.63k] ------------------ 1243| | /* 1244| | * Was PEM encoded 1245| | */ 1246| 545| p = pem.buf; 1247| | 1248| 545| ret = mbedtls_pk_parse_subpubkey(&p, p + pem.buflen, ctx); 1249| 545| mbedtls_pem_free(&pem); 1250| 545| return ret; 1251| 3.63k| } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { ------------------ | | 25| 3.63k|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ | Branch (1251:16): [True: 262, False: 3.37k] ------------------ 1252| 262| mbedtls_pem_free(&pem); 1253| 262| return ret; 1254| 262| } 1255| 3.37k| mbedtls_pem_free(&pem); 1256| 3.37k|#endif /* MBEDTLS_PEM_PARSE_C */ 1257| | 1258| 3.37k|#if defined(MBEDTLS_RSA_C) 1259| 3.37k| if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) { ------------------ | Branch (1259:9): [True: 0, False: 3.37k] ------------------ 1260| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 1261| 0| } 1262| | 1263| 3.37k| if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) { ------------------ | Branch (1263:9): [True: 0, False: 3.37k] ------------------ 1264| 0| return ret; 1265| 0| } 1266| | 1267| 3.37k| p = (unsigned char *) key; 1268| 3.37k| ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, keylen); 1269| 3.37k| if (ret == 0) { ------------------ | Branch (1269:9): [True: 272, False: 3.10k] ------------------ 1270| 272| return ret; 1271| 272| } 1272| 3.10k| mbedtls_pk_free(ctx); 1273| 3.10k| if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 3.10k|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (1273:9): [True: 282, False: 2.82k] ------------------ 1274| 282| return ret; 1275| 282| } 1276| 2.82k|#endif /* MBEDTLS_RSA_C */ 1277| 2.82k| p = (unsigned char *) key; 1278| | 1279| 2.82k| ret = mbedtls_pk_parse_subpubkey(&p, p + keylen, ctx); 1280| | 1281| 2.82k| return ret; 1282| 3.10k|} pkparse.c:pk_get_pk_alg: 475| 3.25k|{ 476| 3.25k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3.25k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 477| 3.25k| mbedtls_asn1_buf alg_oid; 478| | 479| 3.25k| memset(params, 0, sizeof(mbedtls_asn1_buf)); 480| | 481| 3.25k| if ((ret = mbedtls_asn1_get_alg(p, end, &alg_oid, params)) != 0) { ------------------ | Branch (481:9): [True: 286, False: 2.96k] ------------------ 482| 286| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, ret); ------------------ | | 114| 286| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 483| 286| } 484| | 485| 2.96k| ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); 486| 2.96k|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 487| 2.96k| if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { ------------------ | | 28| 2.96k|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (487:9): [True: 451, False: 2.51k] ------------------ 488| 451| ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); 489| 451| if (ret == 0) { ------------------ | Branch (489:13): [True: 349, False: 102] ------------------ 490| 349| *pk_alg = MBEDTLS_PK_ECKEY; 491| 349| } 492| 451| } 493| |#else 494| | (void) ec_grp_id; 495| |#endif 496| 2.96k| if (ret != 0) { ------------------ | Branch (496:9): [True: 102, False: 2.86k] ------------------ 497| 102| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 102|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 498| 102| } 499| | 500| | /* 501| | * No parameters with RSA (only for EC) 502| | */ 503| 2.86k| if (*pk_alg == MBEDTLS_PK_RSA && ------------------ | Branch (503:9): [True: 19, False: 2.84k] ------------------ 504| 2.86k| ((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) || ------------------ | | 68| 38|#define MBEDTLS_ASN1_NULL 0x05 ------------------ | Branch (504:11): [True: 17, False: 2] | Branch (504:47): [True: 9, False: 8] ------------------ 505| 19| params->len != 0)) { ------------------ | Branch (505:10): [True: 1, False: 9] ------------------ 506| 10| return MBEDTLS_ERR_PK_INVALID_ALG; ------------------ | | 56| 10|#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 ------------------ 507| 10| } 508| | 509| 2.85k| return 0; 510| 2.86k|} pkparse.c:pk_use_ecparams_rfc8410: 416| 258|{ 417| 258| if (params->tag != 0 || params->len != 0) { ------------------ | Branch (417:9): [True: 8, False: 250] | Branch (417:29): [True: 3, False: 247] ------------------ 418| 11| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 11|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 419| 11| } 420| | 421| 247| return mbedtls_pk_ecc_set_group(pk, grp_id); 422| 258|} pkparse.c:pk_use_ecparams: 390| 2.47k|{ 391| 2.47k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.47k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 392| 2.47k| mbedtls_ecp_group_id grp_id; 393| | 394| 2.47k| if (params->tag == MBEDTLS_ASN1_OID) { ------------------ | | 69| 2.47k|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (394:9): [True: 2.18k, False: 287] ------------------ 395| 2.18k| if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0) { ------------------ | Branch (395:13): [True: 10, False: 2.17k] ------------------ 396| 10| return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE; ------------------ | | 58| 10|#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 ------------------ 397| 10| } 398| 2.18k| } else { 399| 287| ret = pk_ecc_group_id_from_specified(params, &grp_id); 400| 287| if (ret != 0) { ------------------ | Branch (400:13): [True: 287, False: 0] ------------------ 401| 287| return ret; 402| 287| } 403| 287| } 404| | 405| 2.17k| return mbedtls_pk_ecc_set_group(pk, grp_id); 406| 2.47k|} pkparse.c:pk_ecc_group_id_from_specified: 304| 287|{ 305| 287| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 287|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 306| 287| mbedtls_ecp_group grp; 307| | 308| 287| mbedtls_ecp_group_init(&grp); 309| | 310| 287| if ((ret = pk_group_from_specified(params, &grp)) != 0) { ------------------ | Branch (310:9): [True: 275, False: 12] ------------------ 311| 275| goto cleanup; 312| 275| } 313| | 314| 12| ret = pk_group_id_from_group(&grp, grp_id); 315| | 316| 287|cleanup: 317| | /* The API respecting lifecycle for mbedtls_ecp_group struct is 318| | * _init(), _load() and _free(). In pk_ecc_group_id_from_specified() the 319| | * temporary grp breaks that flow and it's members are populated 320| | * by pk_group_id_from_group(). As such mbedtls_ecp_group_free() 321| | * which is assuming a group populated by _setup() may not clean-up 322| | * properly -> Manually free it's members. 323| | */ 324| 287| mbedtls_mpi_free(&grp.N); 325| 287| mbedtls_mpi_free(&grp.P); 326| 287| mbedtls_mpi_free(&grp.A); 327| 287| mbedtls_mpi_free(&grp.B); 328| 287| mbedtls_ecp_point_free(&grp.G); 329| | 330| 287| return ret; 331| 12|} pkparse.c:pk_group_from_specified: 110| 287|{ 111| 287| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 287|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 112| 287| unsigned char *p = params->p; 113| 287| const unsigned char *const end = params->p + params->len; 114| 287| const unsigned char *end_field, *end_curve; 115| 287| size_t len; 116| 287| int ver; 117| | 118| | /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ 119| 287| if ((ret = mbedtls_asn1_get_int(&p, end, &ver)) != 0) { ------------------ | Branch (119:9): [True: 101, False: 186] ------------------ 120| 101| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 101| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 121| 101| } 122| | 123| 186| if (ver < 1 || ver > 3) { ------------------ | Branch (123:9): [True: 4, False: 182] | Branch (123:20): [True: 40, False: 142] ------------------ 124| 44| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 44|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 125| 44| } 126| | 127| | /* 128| | * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field 129| | * fieldType FIELD-ID.&id({IOSet}), 130| | * parameters FIELD-ID.&Type({IOSet}{@fieldType}) 131| | * } 132| | */ 133| 142| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (133:9): [True: 3, False: 139] ------------------ 134| 142| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 142|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 142|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 135| 3| return ret; 136| 3| } 137| | 138| 139| end_field = p + len; 139| | 140| | /* 141| | * FIELD-ID ::= TYPE-IDENTIFIER 142| | * FieldTypes FIELD-ID ::= { 143| | * { Prime-p IDENTIFIED BY prime-field } | 144| | * { Characteristic-two IDENTIFIED BY characteristic-two-field } 145| | * } 146| | * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } 147| | */ 148| 139| if ((ret = mbedtls_asn1_get_tag(&p, end_field, &len, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 139|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (148:9): [True: 4, False: 135] ------------------ 149| 4| return ret; 150| 4| } 151| | 152| 135| if (len != MBEDTLS_OID_SIZE(MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD) || ------------------ | | 113| 270|#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1) ------------------ | Branch (152:9): [True: 6, False: 129] ------------------ 153| 135| memcmp(p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len) != 0) { ------------------ | | 428| 129|#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01" | | ------------------ | | | | 427| 129|#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01" | | | | ------------------ | | | | | | 75| 129|#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ | | | | | | ------------------ | | | | | | | | 62| 129|#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ | | | | | | ------------------ | | | | | | 76| 129| MBEDTLS_OID_ORG_ANSI_X9_62 | | | | ------------------ | | ------------------ ------------------ | Branch (153:9): [True: 2, False: 127] ------------------ 154| 8| return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; ------------------ | | 60| 8|#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 ------------------ 155| 8| } 156| | 157| 127| p += len; 158| | 159| | /* Prime-p ::= INTEGER -- Field of size p. */ 160| 127| if ((ret = mbedtls_asn1_get_mpi(&p, end_field, &grp->P)) != 0) { ------------------ | Branch (160:9): [True: 68, False: 59] ------------------ 161| 68| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 68| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 162| 68| } 163| | 164| 59| grp->pbits = mbedtls_mpi_bitlen(&grp->P); 165| | 166| 59| if (p != end_field) { ------------------ | Branch (166:9): [True: 2, False: 57] ------------------ 167| 2| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ------------------ | | 114| 2| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 168| 2| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 169| 2| } 170| | 171| | /* 172| | * Curve ::= SEQUENCE { 173| | * a FieldElement, 174| | * b FieldElement, 175| | * seed BIT STRING OPTIONAL 176| | * -- Shall be present if used in SpecifiedECDomain 177| | * -- with version equal to ecdpVer2 or ecdpVer3 178| | * } 179| | */ 180| 57| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (180:9): [True: 4, False: 53] ------------------ 181| 57| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 57|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 57|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 182| 4| return ret; 183| 4| } 184| | 185| 53| end_curve = p + len; 186| | 187| | /* 188| | * FieldElement ::= OCTET STRING 189| | * containing an integer in the case of a prime field 190| | */ 191| 53| if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 || ------------------ | | 67| 53|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ | Branch (191:9): [True: 3, False: 50] ------------------ 192| 53| (ret = mbedtls_mpi_read_binary(&grp->A, p, len)) != 0) { ------------------ | Branch (192:9): [True: 0, False: 50] ------------------ 193| 3| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 3| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 194| 3| } 195| | 196| 50| p += len; 197| | 198| 50| if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 || ------------------ | | 67| 50|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ | Branch (198:9): [True: 3, False: 47] ------------------ 199| 50| (ret = mbedtls_mpi_read_binary(&grp->B, p, len)) != 0) { ------------------ | Branch (199:9): [True: 0, False: 47] ------------------ 200| 3| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 3| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 201| 3| } 202| | 203| 47| p += len; 204| | 205| | /* Ignore seed BIT STRING OPTIONAL */ 206| 47| if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING)) == 0) { ------------------ | | 66| 47|#define MBEDTLS_ASN1_BIT_STRING 0x03 ------------------ | Branch (206:9): [True: 13, False: 34] ------------------ 207| 13| p += len; 208| 13| } 209| | 210| 47| if (p != end_curve) { ------------------ | Branch (210:9): [True: 3, False: 44] ------------------ 211| 3| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ------------------ | | 114| 3| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 212| 3| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 213| 3| } 214| | 215| | /* 216| | * ECPoint ::= OCTET STRING 217| | */ 218| 44| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { ------------------ | | 67| 44|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ | Branch (218:9): [True: 6, False: 38] ------------------ 219| 6| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 6| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 220| 6| } 221| | 222| 38| if ((ret = mbedtls_ecp_point_read_binary(grp, &grp->G, ------------------ | Branch (222:9): [True: 38, False: 0] ------------------ 223| 38| (const unsigned char *) p, len)) != 0) { 224| | /* 225| | * If we can't read the point because it's compressed, cheat by 226| | * reading only the X coordinate and the parity bit of Y. 227| | */ 228| 38| if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || ------------------ | | 39| 76|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ | Branch (228:13): [True: 1, False: 37] ------------------ 229| 38| (p[0] != 0x02 && p[0] != 0x03) || ------------------ | Branch (229:14): [True: 21, False: 16] | Branch (229:30): [True: 10, False: 11] ------------------ 230| 38| len != mbedtls_mpi_size(&grp->P) + 1 || ------------------ | Branch (230:13): [True: 10, False: 17] ------------------ 231| 38| mbedtls_mpi_read_binary(&grp->G.X, p + 1, len - 1) != 0 || ------------------ | Branch (231:13): [True: 0, False: 17] ------------------ 232| 38| mbedtls_mpi_lset(&grp->G.Y, p[0] - 2) != 0 || ------------------ | Branch (232:13): [True: 0, False: 17] ------------------ 233| 38| mbedtls_mpi_lset(&grp->G.Z, 1) != 0) { ------------------ | Branch (233:13): [True: 0, False: 17] ------------------ 234| 21| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 21|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 235| 21| } 236| 38| } 237| | 238| 17| p += len; 239| | 240| | /* 241| | * order INTEGER 242| | */ 243| 17| if ((ret = mbedtls_asn1_get_mpi(&p, end, &grp->N)) != 0) { ------------------ | Branch (243:9): [True: 5, False: 12] ------------------ 244| 5| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 5| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 245| 5| } 246| | 247| 12| grp->nbits = mbedtls_mpi_bitlen(&grp->N); 248| | 249| | /* 250| | * Allow optional elements by purposefully not enforcing p == end here. 251| | */ 252| | 253| 12| return 0; 254| 17|} pkparse.c:pk_group_id_from_group: 261| 12|{ 262| 12| int ret = 0; 263| 12| mbedtls_ecp_group ref; 264| 12| const mbedtls_ecp_group_id *id; 265| | 266| 12| mbedtls_ecp_group_init(&ref); 267| | 268| 168| for (id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++) { ------------------ | Branch (268:42): [True: 156, False: 12] ------------------ 269| | /* Load the group associated to that id */ 270| 156| mbedtls_ecp_group_free(&ref); 271| 156| MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ref, *id)); ------------------ | | 41| 156| do \ | | 42| 156| { \ | | 43| 156| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 156] | | ------------------ | | 44| 156| goto cleanup; \ | | 45| 156| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 272| | 273| | /* Compare to the group we were given, starting with easy tests */ 274| 156| if (grp->pbits == ref.pbits && grp->nbits == ref.nbits && ------------------ | Branch (274:13): [True: 10, False: 146] | Branch (274:40): [True: 4, False: 6] ------------------ 275| 156| mbedtls_mpi_cmp_mpi(&grp->P, &ref.P) == 0 && ------------------ | Branch (275:13): [True: 3, False: 1] ------------------ 276| 156| mbedtls_mpi_cmp_mpi(&grp->A, &ref.A) == 0 && ------------------ | Branch (276:13): [True: 2, False: 1] ------------------ 277| 156| mbedtls_mpi_cmp_mpi(&grp->B, &ref.B) == 0 && ------------------ | Branch (277:13): [True: 1, False: 1] ------------------ 278| 156| mbedtls_mpi_cmp_mpi(&grp->N, &ref.N) == 0 && ------------------ | Branch (278:13): [True: 0, False: 1] ------------------ 279| 156| mbedtls_mpi_cmp_mpi(&grp->G.X, &ref.G.X) == 0 && ------------------ | Branch (279:13): [True: 0, False: 0] ------------------ 280| 156| mbedtls_mpi_cmp_mpi(&grp->G.Z, &ref.G.Z) == 0 && ------------------ | Branch (280:13): [True: 0, False: 0] ------------------ 281| | /* For Y we may only know the parity bit, so compare only that */ 282| 156| mbedtls_mpi_get_bit(&grp->G.Y, 0) == mbedtls_mpi_get_bit(&ref.G.Y, 0)) { ------------------ | Branch (282:13): [True: 0, False: 0] ------------------ 283| 0| break; 284| 0| } 285| 156| } 286| | 287| 12|cleanup: 288| 12| mbedtls_ecp_group_free(&ref); 289| | 290| 12| *grp_id = *id; 291| | 292| 12| if (ret == 0 && *id == MBEDTLS_ECP_DP_NONE) { ------------------ | Branch (292:9): [True: 12, False: 0] | Branch (292:21): [True: 12, False: 0] ------------------ 293| 12| ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 12|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 294| 12| } 295| | 296| 12| return ret; 297| 12|} mbedtls_calloc: 48| 53.6k|{ 49| 53.6k| return (*mbedtls_calloc_func)(nmemb, size); 50| 53.6k|} mbedtls_free: 53| 57.7k|{ 54| 57.7k| (*mbedtls_free_func)(ptr); 55| 57.7k|} mbedtls_platform_zeroize: 95| 69.0k|{ 96| 69.0k| if (len > 0) { ------------------ | Branch (96:9): [True: 68.9k, False: 46] ------------------ 97| 68.9k|#if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) 98| 68.9k| explicit_bzero(buf, len); 99| |#if defined(HAVE_MEMORY_SANITIZER) 100| | /* You'd think that Msan would recognize explicit_bzero() as 101| | * equivalent to bzero(), but it actually doesn't on several 102| | * platforms, including Linux (Ubuntu 20.04). 103| | * https://github.com/google/sanitizers/issues/1507 104| | * https://github.com/openssh/openssh-portable/commit/74433a19bb6f4cef607680fa4d1d7d81ca3826aa 105| | */ 106| | __msan_unpoison(buf, len); 107| |#endif 108| |#elif defined(__STDC_LIB_EXT1__) && !defined(__IAR_SYSTEMS_ICC__) 109| | memset_s(buf, len, 0, len); 110| |#elif defined(_WIN32) 111| | SecureZeroMemory(buf, len); 112| |#else 113| | memset_func(buf, 0, len); 114| |#endif 115| | 116| 68.9k|#if defined(__GNUC__) 117| | /* For clang and recent gcc, pretend that we have some assembly that reads the 118| | * zero'd memory as an additional protection against being optimised away. */ 119| 68.9k|#if defined(__clang__) || (__GNUC__ >= 10) 120| 68.9k|#if defined(__clang__) 121| 68.9k|#pragma clang diagnostic push 122| 68.9k|#pragma clang diagnostic ignored "-Wvla" 123| |#elif defined(MBEDTLS_COMPILER_IS_GCC) 124| |#pragma GCC diagnostic push 125| |#pragma GCC diagnostic ignored "-Wvla" 126| |#endif 127| 68.9k| asm volatile ("" : : "m" (*(char (*)[len]) buf) :); ------------------ | | 321| 68.9k|#define asm __asm__ ------------------ 128| 68.9k|#if defined(__clang__) 129| 68.9k|#pragma clang diagnostic pop 130| |#elif defined(MBEDTLS_COMPILER_IS_GCC) 131| |#pragma GCC diagnostic pop 132| |#endif 133| 68.9k|#endif 134| 68.9k|#endif 135| 68.9k| } 136| 69.0k|} mbedtls_zeroize_and_free: 140| 47.4k|{ 141| 47.4k| if (buf != NULL) { ------------------ | Branch (141:9): [True: 47.4k, False: 0] ------------------ 142| 47.4k| mbedtls_platform_zeroize(buf, len); 143| 47.4k| } 144| | 145| 47.4k| mbedtls_free(buf); 146| 47.4k|} mbedtls_rsa_parse_pubkey: 228| 3.38k|{ 229| 3.38k| unsigned char *p = (unsigned char *) key; 230| 3.38k| unsigned char *end = (unsigned char *) (key + keylen); 231| 3.38k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3.38k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 232| 3.38k| size_t len; 233| | 234| | /* 235| | * RSAPublicKey ::= SEQUENCE { 236| | * modulus INTEGER, -- n 237| | * publicExponent INTEGER -- e 238| | * } 239| | */ 240| | 241| 3.38k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (241:9): [True: 140, False: 3.24k] ------------------ 242| 3.38k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 3.38k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 3.38k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 243| 140| return ret; 244| 140| } 245| | 246| 3.24k| if (end != p + len) { ------------------ | Branch (246:9): [True: 17, False: 3.23k] ------------------ 247| 17| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 17|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 248| 17| } 249| | 250| | /* Import N */ 251| 3.23k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 3.23k|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (251:9): [True: 2.77k, False: 456] ------------------ 252| 2.77k| return ret; 253| 2.77k| } 254| | 255| 456| if ((ret = mbedtls_rsa_import_raw(rsa, p, len, NULL, 0, NULL, 0, ------------------ | Branch (255:9): [True: 0, False: 456] ------------------ 256| 456| NULL, 0, NULL, 0)) != 0) { 257| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 258| 0| } 259| | 260| 456| p += len; 261| | 262| | /* Import E */ 263| 456| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 456|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (263:9): [True: 27, False: 429] ------------------ 264| 27| return ret; 265| 27| } 266| | 267| 429| if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, ------------------ | Branch (267:9): [True: 0, False: 429] ------------------ 268| 429| NULL, 0, p, len)) != 0) { 269| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 270| 0| } 271| | 272| 429| p += len; 273| | 274| 429| if (mbedtls_rsa_complete(rsa) != 0 || ------------------ | Branch (274:9): [True: 35, False: 394] ------------------ 275| 429| mbedtls_rsa_check_pubkey(rsa) != 0) { ------------------ | Branch (275:9): [True: 92, False: 302] ------------------ 276| 127| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 127|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 277| 127| } 278| | 279| 302| if (p != end) { ------------------ | Branch (279:9): [True: 28, False: 274] ------------------ 280| 28| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 28|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 281| 28| } 282| | 283| 274| return 0; 284| 302|} mbedtls_rsa_import_raw: 600| 885|{ 601| 885| int ret = 0; 602| | 603| 885| if (N != NULL) { ------------------ | Branch (603:9): [True: 456, False: 429] ------------------ 604| 456| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len)); ------------------ | | 41| 456| do \ | | 42| 456| { \ | | 43| 456| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 456] | | ------------------ | | 44| 456| goto cleanup; \ | | 45| 456| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 605| 456| ctx->len = mbedtls_mpi_size(&ctx->N); 606| 456| } 607| | 608| 885| if (P != NULL) { ------------------ | Branch (608:9): [True: 0, False: 885] ------------------ 609| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 610| 0| } 611| | 612| 885| if (Q != NULL) { ------------------ | Branch (612:9): [True: 0, False: 885] ------------------ 613| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 614| 0| } 615| | 616| 885| if (D != NULL) { ------------------ | Branch (616:9): [True: 0, False: 885] ------------------ 617| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 618| 0| } 619| | 620| 885| if (E != NULL) { ------------------ | Branch (620:9): [True: 429, False: 456] ------------------ 621| 429| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len)); ------------------ | | 41| 429| do \ | | 42| 429| { \ | | 43| 429| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 429] | | ------------------ | | 44| 429| goto cleanup; \ | | 45| 429| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 622| 429| } 623| | 624| 885|cleanup: 625| | 626| 885| if (ret != 0) { ------------------ | Branch (626:9): [True: 0, False: 885] ------------------ 627| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 628| 0| } 629| | 630| 885| return 0; 631| 885|} mbedtls_rsa_complete: 723| 429|{ 724| 429| int ret = 0; 725| 429| int have_N, have_P, have_Q, have_D, have_E; 726| 429|#if !defined(MBEDTLS_RSA_NO_CRT) 727| 429| int have_DP, have_DQ, have_QP; 728| 429|#endif 729| 429| int n_missing, pq_missing, d_missing, is_pub, is_priv; 730| | 731| 429| have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0); 732| 429| have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0); 733| 429| have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0); 734| 429| have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0); 735| 429| have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0); 736| | 737| 429|#if !defined(MBEDTLS_RSA_NO_CRT) 738| 429| have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0); 739| 429| have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0); 740| 429| have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0); 741| 429|#endif 742| | 743| | /* 744| | * Check whether provided parameters are enough 745| | * to deduce all others. The following incomplete 746| | * parameter sets for private keys are supported: 747| | * 748| | * (1) P, Q missing. 749| | * (2) D and potentially N missing. 750| | * 751| | */ 752| | 753| 429| n_missing = have_P && have_Q && have_D && have_E; ------------------ | Branch (753:31): [True: 0, False: 429] | Branch (753:42): [True: 0, False: 0] | Branch (753:53): [True: 0, False: 0] | Branch (753:63): [True: 0, False: 0] ------------------ 754| 429| pq_missing = have_N && !have_P && !have_Q && have_D && have_E; ------------------ | Branch (754:20): [True: 419, False: 10] | Branch (754:30): [True: 419, False: 0] | Branch (754:41): [True: 419, False: 0] | Branch (754:53): [True: 0, False: 419] | Branch (754:63): [True: 0, False: 0] ------------------ 755| 429| d_missing = have_P && have_Q && !have_D && have_E; ------------------ | Branch (755:31): [True: 0, False: 429] | Branch (755:42): [True: 0, False: 0] | Branch (755:52): [True: 0, False: 0] | Branch (755:63): [True: 0, False: 0] ------------------ 756| 429| is_pub = have_N && !have_P && !have_Q && !have_D && have_E; ------------------ | Branch (756:20): [True: 419, False: 10] | Branch (756:30): [True: 419, False: 0] | Branch (756:41): [True: 419, False: 0] | Branch (756:52): [True: 419, False: 0] | Branch (756:63): [True: 411, False: 8] ------------------ 757| | 758| | /* These three alternatives are mutually exclusive */ 759| 429| is_priv = n_missing || pq_missing || d_missing; ------------------ | Branch (759:15): [True: 0, False: 429] | Branch (759:28): [True: 0, False: 429] | Branch (759:42): [True: 0, False: 429] ------------------ 760| | 761| 429| if (!is_priv && !is_pub) { ------------------ | Branch (761:9): [True: 429, False: 0] | Branch (761:21): [True: 18, False: 411] ------------------ 762| 18| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 18|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 763| 18| } 764| | 765| | /* 766| | * Step 1: Deduce N if P, Q are provided. 767| | */ 768| | 769| 411| if (!have_N && have_P && have_Q) { ------------------ | Branch (769:9): [True: 0, False: 411] | Branch (769:20): [True: 0, False: 0] | Branch (769:30): [True: 0, False: 0] ------------------ 770| 0| if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, ------------------ | Branch (770:13): [True: 0, False: 0] ------------------ 771| 0| &ctx->Q)) != 0) { 772| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 773| 0| } 774| | 775| 0| ctx->len = mbedtls_mpi_size(&ctx->N); 776| 0| } 777| | 778| | /* 779| | * Step 2: Deduce and verify all remaining core parameters. 780| | */ 781| | 782| 411| if (pq_missing) { ------------------ | Branch (782:9): [True: 0, False: 411] ------------------ 783| 0| ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D, 784| 0| &ctx->P, &ctx->Q); 785| 0| if (ret != 0) { ------------------ | Branch (785:13): [True: 0, False: 0] ------------------ 786| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 787| 0| } 788| | 789| 411| } else if (d_missing) { ------------------ | Branch (789:16): [True: 0, False: 411] ------------------ 790| 0| if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P, ------------------ | Branch (790:13): [True: 0, False: 0] ------------------ 791| 0| &ctx->Q, 792| 0| &ctx->E, 793| 0| &ctx->D)) != 0) { 794| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 795| 0| } 796| 0| } 797| | 798| | /* 799| | * Step 3: Deduce all additional parameters specific 800| | * to our current RSA implementation. 801| | */ 802| | 803| 411|#if !defined(MBEDTLS_RSA_NO_CRT) 804| 411| if (is_priv && !(have_DP && have_DQ && have_QP)) { ------------------ | Branch (804:9): [True: 0, False: 411] | Branch (804:22): [True: 0, False: 0] | Branch (804:33): [True: 0, False: 0] | Branch (804:44): [True: 0, False: 0] ------------------ 805| 0| ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, 806| 0| &ctx->DP, &ctx->DQ, &ctx->QP); 807| 0| if (ret != 0) { ------------------ | Branch (807:13): [True: 0, False: 0] ------------------ 808| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 809| 0| } 810| 0| } 811| 411|#endif /* MBEDTLS_RSA_NO_CRT */ 812| | 813| | /* 814| | * Step 3: Basic sanity checks 815| | */ 816| | 817| 411| return rsa_check_context(ctx, is_priv, 1); 818| 411|} mbedtls_rsa_export: 875| 548|{ 876| 548| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 548|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 877| 548| int is_priv; 878| | 879| | /* Check if key is private or public */ 880| 548| is_priv = 881| 548| mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && ------------------ | Branch (881:9): [True: 548, False: 0] ------------------ 882| 548| mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && ------------------ | Branch (882:9): [True: 0, False: 548] ------------------ 883| 548| mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && ------------------ | Branch (883:9): [True: 0, False: 0] ------------------ 884| 548| mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && ------------------ | Branch (884:9): [True: 0, False: 0] ------------------ 885| 548| mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; ------------------ | Branch (885:9): [True: 0, False: 0] ------------------ 886| | 887| 548| if (!is_priv) { ------------------ | Branch (887:9): [True: 548, False: 0] ------------------ 888| | /* If we're trying to export private parameters for a public key, 889| | * something must be wrong. */ 890| 548| if (P != NULL || Q != NULL || D != NULL) { ------------------ | Branch (890:13): [True: 274, False: 274] | Branch (890:26): [True: 0, False: 274] | Branch (890:39): [True: 0, False: 274] ------------------ 891| 274| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 274|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 892| 274| } 893| | 894| 548| } 895| | 896| | /* Export all requested core parameters. */ 897| | 898| 274| if ((N != NULL && (ret = mbedtls_mpi_copy(N, &ctx->N)) != 0) || ------------------ | Branch (898:10): [True: 274, False: 0] | Branch (898:23): [True: 0, False: 274] ------------------ 899| 274| (P != NULL && (ret = mbedtls_mpi_copy(P, &ctx->P)) != 0) || ------------------ | Branch (899:10): [True: 0, False: 274] | Branch (899:23): [True: 0, False: 0] ------------------ 900| 274| (Q != NULL && (ret = mbedtls_mpi_copy(Q, &ctx->Q)) != 0) || ------------------ | Branch (900:10): [True: 0, False: 274] | Branch (900:23): [True: 0, False: 0] ------------------ 901| 274| (D != NULL && (ret = mbedtls_mpi_copy(D, &ctx->D)) != 0) || ------------------ | Branch (901:10): [True: 0, False: 274] | Branch (901:23): [True: 0, False: 0] ------------------ 902| 274| (E != NULL && (ret = mbedtls_mpi_copy(E, &ctx->E)) != 0)) { ------------------ | Branch (902:10): [True: 274, False: 0] | Branch (902:23): [True: 0, False: 274] ------------------ 903| 0| return ret; 904| 0| } 905| | 906| 274| return 0; 907| 274|} mbedtls_rsa_export_crt: 917| 274|{ 918| 274| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 274|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 919| 274| int is_priv; 920| | 921| | /* Check if key is private or public */ 922| 274| is_priv = 923| 274| mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && ------------------ | Branch (923:9): [True: 274, False: 0] ------------------ 924| 274| mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && ------------------ | Branch (924:9): [True: 0, False: 274] ------------------ 925| 274| mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && ------------------ | Branch (925:9): [True: 0, False: 0] ------------------ 926| 274| mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && ------------------ | Branch (926:9): [True: 0, False: 0] ------------------ 927| 274| mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; ------------------ | Branch (927:9): [True: 0, False: 0] ------------------ 928| | 929| 274| if (!is_priv) { ------------------ | Branch (929:9): [True: 274, False: 0] ------------------ 930| 274| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 274|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 931| 274| } 932| | 933| 0|#if !defined(MBEDTLS_RSA_NO_CRT) 934| | /* Export all requested blinding parameters. */ 935| 0| if ((DP != NULL && (ret = mbedtls_mpi_copy(DP, &ctx->DP)) != 0) || ------------------ | Branch (935:10): [True: 0, False: 0] | Branch (935:24): [True: 0, False: 0] ------------------ 936| 0| (DQ != NULL && (ret = mbedtls_mpi_copy(DQ, &ctx->DQ)) != 0) || ------------------ | Branch (936:10): [True: 0, False: 0] | Branch (936:24): [True: 0, False: 0] ------------------ 937| 0| (QP != NULL && (ret = mbedtls_mpi_copy(QP, &ctx->QP)) != 0)) { ------------------ | Branch (937:10): [True: 0, False: 0] | Branch (937:24): [True: 0, False: 0] ------------------ 938| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 939| 0| } 940| |#else 941| | if ((ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, 942| | DP, DQ, QP)) != 0) { 943| | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); 944| | } 945| |#endif 946| | 947| 0| return 0; 948| 0|} mbedtls_rsa_init: 954| 3.38k|{ 955| 3.38k| memset(ctx, 0, sizeof(mbedtls_rsa_context)); 956| | 957| 3.38k| ctx->padding = MBEDTLS_RSA_PKCS_V15; ------------------ | | 55| 3.38k|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ 958| 3.38k| ctx->hash_id = MBEDTLS_MD_NONE; 959| | 960| 3.38k|#if defined(MBEDTLS_THREADING_C) 961| | /* Set ctx->ver to nonzero to indicate that the mutex has been 962| | * initialized and will need to be freed. */ 963| 3.38k| ctx->ver = 1; 964| 3.38k| mbedtls_mutex_init(&ctx->mutex); 965| 3.38k|#endif 966| 3.38k|} mbedtls_rsa_check_pubkey: 1170| 394|{ 1171| 394| if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) { ------------------ | Branch (1171:9): [True: 0, False: 394] ------------------ 1172| 0| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1173| 0| } 1174| | 1175| 394| if (mbedtls_mpi_bitlen(&ctx->N) < 128) { ------------------ | Branch (1175:9): [True: 34, False: 360] ------------------ 1176| 34| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 34|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1177| 34| } 1178| | 1179| 360| if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 || ------------------ | Branch (1179:9): [True: 4, False: 356] ------------------ 1180| 360| mbedtls_mpi_bitlen(&ctx->E) < 2 || ------------------ | Branch (1180:9): [True: 6, False: 350] ------------------ 1181| 360| mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) { ------------------ | Branch (1181:9): [True: 48, False: 302] ------------------ 1182| 58| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 58|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1183| 58| } 1184| | 1185| 302| return 0; 1186| 360|} mbedtls_rsa_free: 2814| 3.38k|{ 2815| 3.38k| if (ctx == NULL) { ------------------ | Branch (2815:9): [True: 0, False: 3.38k] ------------------ 2816| 0| return; 2817| 0| } 2818| | 2819| 3.38k| mbedtls_mpi_free(&ctx->Vi); 2820| 3.38k| mbedtls_mpi_free(&ctx->Vf); 2821| 3.38k| mbedtls_mpi_free(&ctx->RN); 2822| 3.38k| mbedtls_mpi_free(&ctx->D); 2823| 3.38k| mbedtls_mpi_free(&ctx->Q); 2824| 3.38k| mbedtls_mpi_free(&ctx->P); 2825| 3.38k| mbedtls_mpi_free(&ctx->E); 2826| 3.38k| mbedtls_mpi_free(&ctx->N); 2827| | 2828| 3.38k|#if !defined(MBEDTLS_RSA_NO_CRT) 2829| 3.38k| mbedtls_mpi_free(&ctx->RQ); 2830| 3.38k| mbedtls_mpi_free(&ctx->RP); 2831| 3.38k| mbedtls_mpi_free(&ctx->QP); 2832| 3.38k| mbedtls_mpi_free(&ctx->DQ); 2833| 3.38k| mbedtls_mpi_free(&ctx->DP); 2834| 3.38k|#endif /* MBEDTLS_RSA_NO_CRT */ 2835| | 2836| 3.38k|#if defined(MBEDTLS_THREADING_C) 2837| | /* Free the mutex, but only if it hasn't been freed already. */ 2838| 3.38k| if (ctx->ver != 0) { ------------------ | Branch (2838:9): [True: 3.38k, False: 0] ------------------ 2839| 3.38k| mbedtls_mutex_free(&ctx->mutex); 2840| 3.38k| ctx->ver = 0; 2841| 3.38k| } 2842| 3.38k|#endif 2843| 3.38k|} rsa.c:rsa_check_context: 640| 805|{ 641| 805|#if !defined(MBEDTLS_RSA_NO_CRT) 642| | /* blinding_needed is only used for NO_CRT to decide whether 643| | * P,Q need to be present or not. */ 644| 805| ((void) blinding_needed); 645| 805|#endif 646| | 647| 805| if (ctx->len != mbedtls_mpi_size(&ctx->N) || ------------------ | Branch (647:9): [True: 0, False: 805] ------------------ 648| 805| ctx->len > MBEDTLS_MPI_MAX_SIZE) { ------------------ | | 73| 805|#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ ------------------ | Branch (648:9): [True: 7, False: 798] ------------------ 649| 7| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 7|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 650| 7| } 651| | 652| | /* 653| | * 1. Modular exponentiation needs positive, odd moduli. 654| | */ 655| | 656| | /* Modular exponentiation wrt. N is always used for 657| | * RSA public key operations. */ 658| 798| if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 || ------------------ | Branch (658:9): [True: 0, False: 798] ------------------ 659| 798| mbedtls_mpi_get_bit(&ctx->N, 0) == 0) { ------------------ | Branch (659:9): [True: 10, False: 788] ------------------ 660| 10| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 10|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 661| 10| } 662| | 663| 788|#if !defined(MBEDTLS_RSA_NO_CRT) 664| | /* Modular exponentiation for P and Q is only 665| | * used for private key operations and if CRT 666| | * is used. */ 667| 788| if (is_priv && ------------------ | Branch (667:9): [True: 0, False: 788] ------------------ 668| 788| (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || ------------------ | Branch (668:10): [True: 0, False: 0] ------------------ 669| 0| mbedtls_mpi_get_bit(&ctx->P, 0) == 0 || ------------------ | Branch (669:10): [True: 0, False: 0] ------------------ 670| 0| mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 || ------------------ | Branch (670:10): [True: 0, False: 0] ------------------ 671| 0| mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) { ------------------ | Branch (671:10): [True: 0, False: 0] ------------------ 672| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 673| 0| } 674| 788|#endif /* !MBEDTLS_RSA_NO_CRT */ 675| | 676| | /* 677| | * 2. Exponents must be positive 678| | */ 679| | 680| | /* Always need E for public key operations */ 681| 788| if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) { ------------------ | Branch (681:9): [True: 0, False: 788] ------------------ 682| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 683| 0| } 684| | 685| |#if defined(MBEDTLS_RSA_NO_CRT) 686| | /* For private key operations, use D or DP & DQ 687| | * as (unblinded) exponents. */ 688| | if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) { 689| | return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; 690| | } 691| |#else 692| 788| if (is_priv && ------------------ | Branch (692:9): [True: 0, False: 788] ------------------ 693| 788| (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 || ------------------ | Branch (693:10): [True: 0, False: 0] ------------------ 694| 0| mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) { ------------------ | Branch (694:10): [True: 0, False: 0] ------------------ 695| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 696| 0| } 697| 788|#endif /* MBEDTLS_RSA_NO_CRT */ 698| | 699| | /* Blinding shouldn't make exponents negative either, 700| | * so check that P, Q >= 1 if that hasn't yet been 701| | * done as part of 1. */ 702| |#if defined(MBEDTLS_RSA_NO_CRT) 703| | if (is_priv && blinding_needed && 704| | (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || 705| | mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) { 706| | return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; 707| | } 708| |#endif 709| | 710| | /* It wouldn't lead to an error if it wasn't satisfied, 711| | * but check for QP >= 1 nonetheless. */ 712| 788|#if !defined(MBEDTLS_RSA_NO_CRT) 713| 788| if (is_priv && ------------------ | Branch (713:9): [True: 0, False: 788] ------------------ 714| 788| mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) { ------------------ | Branch (714:9): [True: 0, False: 0] ------------------ 715| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 716| 0| } 717| 788|#endif 718| | 719| 788| return 0; 720| 788|} threading.c:threading_mutex_init_pthread: 54| 3.38k|{ 55| 3.38k| if (mutex == NULL) { ------------------ | Branch (55:9): [True: 0, False: 3.38k] ------------------ 56| 0| return; 57| 0| } 58| | 59| | /* One problem here is that calling lock on a pthread mutex without first 60| | * having initialised it is undefined behaviour. Obviously we cannot check 61| | * this here in a thread safe manner without a significant performance 62| | * hit, so state transitions are checked in tests only via the state 63| | * variable. Please make sure any new mutex that gets added is exercised in 64| | * tests; see framework/tests/src/threading_helpers.c for more details. */ 65| 3.38k| (void) pthread_mutex_init(&mutex->mutex, NULL); 66| 3.38k|} threading.c:threading_mutex_free_pthread: 69| 3.38k|{ 70| 3.38k| if (mutex == NULL) { ------------------ | Branch (70:9): [True: 0, False: 3.38k] ------------------ 71| 0| return; 72| 0| } 73| | 74| 3.38k| (void) pthread_mutex_destroy(&mutex->mutex); 75| 3.38k|} LLVMFuzzerTestOneInput: 7| 4.19k|{ 8| 4.19k|#ifdef MBEDTLS_PK_PARSE_C 9| 4.19k| int ret; 10| 4.19k| mbedtls_pk_context pk; 11| | 12| 4.19k| mbedtls_pk_init(&pk); 13| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 14| | psa_status_t status = psa_crypto_init(); 15| | if (status != PSA_SUCCESS) { 16| | goto exit; 17| | } 18| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 19| 4.19k| ret = mbedtls_pk_parse_public_key(&pk, Data, Size); 20| 4.19k| if (ret == 0) { ------------------ | Branch (20:9): [True: 1.21k, False: 2.97k] ------------------ 21| 1.21k|#if defined(MBEDTLS_RSA_C) 22| 1.21k| if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { ------------------ | Branch (22:13): [True: 274, False: 944] ------------------ 23| 274| mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; 24| 274| mbedtls_rsa_context *rsa; 25| | 26| 274| mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 27| 274| mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); 28| 274| mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); 29| | 30| 274| rsa = mbedtls_pk_rsa(pk); 31| 274| if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) { ------------------ | Branch (31:17): [True: 0, False: 274] ------------------ 32| 0| abort(); 33| 0| } 34| 274| if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { ------------------ | | 33| 274|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ | Branch (34:17): [True: 0, False: 274] ------------------ 35| 0| abort(); 36| 0| } 37| 274| if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { ------------------ | | 33| 274|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ | Branch (37:17): [True: 0, False: 274] ------------------ 38| 0| abort(); 39| 0| } 40| | 41| 274| mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 42| 274| mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); 43| 274| mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); 44| | 45| 274| } else 46| 944|#endif 47| 944|#if defined(MBEDTLS_ECP_C) 48| 944| if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || ------------------ | Branch (48:13): [True: 944, False: 0] ------------------ 49| 944| mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { ------------------ | Branch (49:13): [True: 0, False: 0] ------------------ 50| 944| mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); 51| 944| mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); 52| 944| const mbedtls_ecp_curve_info *curve_info = 53| 944| mbedtls_ecp_curve_info_from_grp_id(grp_id); 54| | 55| | /* If the curve is not supported, the key should not have been 56| | * accepted. */ 57| 944| if (curve_info == NULL) { ------------------ | Branch (57:17): [True: 0, False: 944] ------------------ 58| 0| abort(); 59| 0| } 60| | 61| | /* It's a public key, so the private value should not have 62| | * been changed from its initialization to 0. */ 63| 944| mbedtls_mpi d; 64| 944| mbedtls_mpi_init(&d); 65| 944| if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) { ------------------ | Branch (65:17): [True: 0, False: 944] ------------------ 66| 0| abort(); 67| 0| } 68| 944| if (mbedtls_mpi_cmp_int(&d, 0) != 0) { ------------------ | Branch (68:17): [True: 0, False: 944] ------------------ 69| 0| abort(); 70| 0| } 71| 944| mbedtls_mpi_free(&d); 72| 944| } else 73| 0|#endif 74| 0| { 75| | /* The key is valid but is not of a supported type. 76| | * This should not happen. */ 77| 0| abort(); 78| 0| } 79| 1.21k| } 80| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 81| |exit: 82| | mbedtls_psa_crypto_free(); 83| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 84| 4.19k| mbedtls_pk_free(&pk); 85| |#else 86| | (void) Data; 87| | (void) Size; 88| |#endif //MBEDTLS_PK_PARSE_C 89| | 90| 4.19k| return 0; 91| 4.19k|}