summaryrefslogtreecommitdiff
path: root/src/regress/lib/libcrypto/bn/general
diff options
context:
space:
mode:
authorbeck <>2017-01-21 09:38:59 +0000
committerbeck <>2017-01-21 09:38:59 +0000
commitba7dab5b77b1e4dd797dbe7a4c31b5f4cbea0cd7 (patch)
treea68beae7892dad13fd8d76ba1fc45e6570e3360b /src/regress/lib/libcrypto/bn/general
parent0c45e4e4d42eacefe309063241d5a7f6de6674e7 (diff)
downloadopenbsd-ba7dab5b77b1e4dd797dbe7a4c31b5f4cbea0cd7.tar.gz
openbsd-ba7dab5b77b1e4dd797dbe7a4c31b5f4cbea0cd7.tar.bz2
openbsd-ba7dab5b77b1e4dd797dbe7a4c31b5f4cbea0cd7.zip
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that
matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
Diffstat (limited to 'src/regress/lib/libcrypto/bn/general')
-rw-r--r--src/regress/lib/libcrypto/bn/general/Makefile4
-rw-r--r--src/regress/lib/libcrypto/bn/general/bntest.c81
2 files changed, 83 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/bn/general/Makefile b/src/regress/lib/libcrypto/bn/general/Makefile
index 18207ffb01..d578d0fe12 100644
--- a/src/regress/lib/libcrypto/bn/general/Makefile
+++ b/src/regress/lib/libcrypto/bn/general/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.3 2016/12/21 15:51:05 jsing Exp $ 1# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
2 2
3.include "../../Makefile.inc" 3.include "../../Makefile.inc"
4 4
@@ -6,6 +6,6 @@ PROG= bntest
6LDADD= ${CRYPTO_INT} 6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO} 7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes 8WARNINGS= Yes
9CFLAGS+= -DLIBRESSL_INTERNAL -Werror 9CFLAGS+= -Werror
10 10
11.include <bsd.regress.mk> 11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/general/bntest.c b/src/regress/lib/libcrypto/bn/general/bntest.c
index 0247dacaa4..7e5e6ed81b 100644
--- a/src/regress/lib/libcrypto/bn/general/bntest.c
+++ b/src/regress/lib/libcrypto/bn/general/bntest.c
@@ -84,6 +84,15 @@
84#include <openssl/x509.h> 84#include <openssl/x509.h>
85#include <openssl/err.h> 85#include <openssl/err.h>
86 86
87int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
88 const BIGNUM *m, BN_CTX *ctx);
89int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
90 const BIGNUM *m, BN_CTX *ctx);
91int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
92 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
93int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95
87int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); 96int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
88 97
89const int num0 = 100; /* number of tests */ 98const int num0 = 100; /* number of tests */
@@ -1037,6 +1046,14 @@ test_mod_exp(BIO *bp, BN_CTX *ctx)
1037 fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); 1046 fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
1038 return (0); 1047 return (0);
1039 } 1048 }
1049 if (BN_mod_exp_ct(d, a, b, c, ctx)) {
1050 fprintf(stderr, "BN_mod_exp_ct with zero modulus succeeded!\n");
1051 return (0);
1052 }
1053 if (BN_mod_exp_nonct(d, a, b, c, ctx)) {
1054 fprintf(stderr, "BN_mod_exp_nonct with zero modulus succeeded!\n");
1055 return (0);
1056 }
1040 1057
1041 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ 1058 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
1042 for (i = 0; i < num2; i++) { 1059 for (i = 0; i < num2; i++) {
@@ -1069,6 +1086,70 @@ test_mod_exp(BIO *bp, BN_CTX *ctx)
1069 break; 1086 break;
1070 } 1087 }
1071 } 1088 }
1089
1090 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
1091 for (i = 0; i < num2; i++) {
1092 BN_bntest_rand(a, 20 + i * 5, 0, 0);
1093 BN_bntest_rand(b, 2 + i, 0, 0);
1094
1095 if (!BN_mod_exp_ct(d, a, b, c, ctx)) {
1096 rc = 0;
1097 break;
1098 }
1099
1100 if (bp != NULL) {
1101 if (!results) {
1102 BN_print(bp, a);
1103 BIO_puts(bp, " ^ ");
1104 BN_print(bp, b);
1105 BIO_puts(bp, " % ");
1106 BN_print(bp, c);
1107 BIO_puts(bp, " - ");
1108 }
1109 BN_print(bp, d);
1110 BIO_puts(bp, "\n");
1111 }
1112 BN_exp(e, a, b, ctx);
1113 BN_sub(e, e, d);
1114 BN_div(a, b, e, c, ctx);
1115 if (!BN_is_zero(b)) {
1116 fprintf(stderr, "Modulo exponentiation test failed!\n");
1117 rc = 0;
1118 break;
1119 }
1120 }
1121
1122 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
1123 for (i = 0; i < num2; i++) {
1124 BN_bntest_rand(a, 20 + i * 5, 0, 0);
1125 BN_bntest_rand(b, 2 + i, 0, 0);
1126
1127 if (!BN_mod_exp_nonct(d, a, b, c, ctx)) {
1128 rc = 0;
1129 break;
1130 }
1131
1132 if (bp != NULL) {
1133 if (!results) {
1134 BN_print(bp, a);
1135 BIO_puts(bp, " ^ ");
1136 BN_print(bp, b);
1137 BIO_puts(bp, " % ");
1138 BN_print(bp, c);
1139 BIO_puts(bp, " - ");
1140 }
1141 BN_print(bp, d);
1142 BIO_puts(bp, "\n");
1143 }
1144 BN_exp(e, a, b, ctx);
1145 BN_sub(e, e, d);
1146 BN_div(a, b, e, c, ctx);
1147 if (!BN_is_zero(b)) {
1148 fprintf(stderr, "Modulo exponentiation test failed!\n");
1149 rc = 0;
1150 break;
1151 }
1152 }
1072 BN_free(a); 1153 BN_free(a);
1073 BN_free(b); 1154 BN_free(b);
1074 BN_free(c); 1155 BN_free(c);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 09:27:33 +0000