1 files changed, 27 insertions, 161 deletions
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
index 4d305c983e..401c013a6c 100644
--- a/src/regress/lib/libcrypto/ec/ectest.c
+++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ectest.c,v 1.7 2018/07/15 06:03:31 tb Exp $   */
+/*      $OpenBSD: ectest.c,v 1.8 2018/07/15 18:22:57 tb Exp $   */
 /* crypto/ec/ectest.c */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
@@ -662,101 +662,29 @@ prime_field_tests(void)
        /* more tests using the last curve */
+        fprintf(stdout, "infinity tests ...");
+        fflush(stdout);
        if (!EC_POINT_copy(Q, P))
                ABORT;
        if (EC_POINT_is_at_infinity(group, Q))
                ABORT;
+        /* P := 2P */
        if (!EC_POINT_dbl(group, P, P, ctx))
                ABORT;
        if (!EC_POINT_is_on_curve(group, P, ctx))
                ABORT;
-        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+        /* Q := -P */
+        if (!EC_POINT_invert(group, Q, ctx))
-                if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
-                        ABORT;
+        /* R := 2P - P = P */
+        if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
+        /* R := R + Q = P - P = infty */
        if (!EC_POINT_add(group, R, R, Q, ctx))
                ABORT;
-        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+        if (!EC_POINT_is_at_infinity(group, R))
+                ABORT;
-        {
+        fprintf(stdout, " ok\n\n");
-                const EC_POINT *points[4];
-                const BIGNUM *scalars[4];
-                BIGNUM scalar3;
-                if (EC_POINT_is_at_infinity(group, Q))
-                        ABORT;
-                points[0] = Q;
-                points[1] = Q;
-                points[2] = Q;
-                points[3] = Q;
-                if (!EC_GROUP_get_order(group, z, ctx))
-                        ABORT;
-                if (!BN_add(y, z, BN_value_one()))
-                        ABORT;
-                if (BN_is_odd(y))
-                        ABORT;
-                if (!BN_rshift1(y, y))
-                        ABORT;
-                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
-                scalars[1] = y;
-                fprintf(stdout, "combined multiplication ...");
-                fflush(stdout);
-                /* z is still the group order */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, P, R, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, R, Q, ctx))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-                        ABORT;
-                if (!BN_add(z, z, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = y;
-                scalars[1] = z; /* z = -(order + y) */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-                        ABORT;
-                if (!BN_add(z, x, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = x;
-                scalars[1] = y;
-                scalars[2] = z; /* z = -(x+y) */
-                BN_init(&scalar3);
-                BN_zero(&scalar3);
-                scalars[3] = &scalar3;
-                if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, " ok\n\n");
-                BN_free(&scalar3);
-        }
        if (ctx)
                BN_CTX_free(ctx);
@@ -1186,91 +1114,29 @@ prime_field_tests(void)
        );
        /* more tests using the last curve */
+        fprintf(stdout, "infinity tests ...");
+        fflush(stdout);
        if (!EC_POINT_copy(Q, P))
                ABORT;
        if (EC_POINT_is_at_infinity(group, Q))
                ABORT;
+        /* P := 2P */
        if (!EC_POINT_dbl(group, P, P, ctx))
                ABORT;
        if (!EC_POINT_is_on_curve(group, P, ctx))
                ABORT;
-        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+        /* Q := -P */
+        if (!EC_POINT_invert(group, Q, ctx))
-                if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
-                        ABORT;
+        /* R := 2P - P = P */
+        if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
+        /* R := R + Q = P - P = infty */
        if (!EC_POINT_add(group, R, R, Q, ctx))
                ABORT;
-        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+        if (!EC_POINT_is_at_infinity(group, R))
+                ABORT;
-        {
+        fprintf(stdout, " ok\n\n");
-                const EC_POINT *points[3];
-                const BIGNUM *scalars[3];
-                if (EC_POINT_is_at_infinity(group, Q))
-                        ABORT;
-                points[0] = Q;
-                points[1] = Q;
-                points[2] = Q;
-                if (!BN_add(y, z, BN_value_one()))
-                        ABORT;
-                if (BN_is_odd(y))
-                        ABORT;
-                if (!BN_rshift1(y, y))
-                        ABORT;
-                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
-                scalars[1] = y;
-                fprintf(stdout, "combined multiplication ...");
-                fflush(stdout);
-                /* z is still the group order */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, P, R, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, R, Q, ctx))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-                        ABORT;
-                if (!BN_add(z, z, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = y;
-                scalars[1] = z; /* z = -(order + y) */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-                        ABORT;
-                if (!BN_add(z, x, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = x;
-                scalars[1] = y;
-                scalars[2] = z; /* z = -(x+y) */
-                if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, " ok\n\n");
-        }
        if (ctx)
                BN_CTX_free(ctx);

diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c index 4d305c983e..401c013a6c 100644 --- a/src/regress/lib/libcrypto/ec/ectest.c +++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ectest.c,v 1.7 2018/07/15 06:03:31 tb Exp $ */	1	/* $OpenBSD: ectest.c,v 1.8 2018/07/15 18:22:57 tb Exp $ */
2	/* crypto/ec/ectest.c */	2	/* crypto/ec/ectest.c */
3	/*	3	/*
4	* Originally written by Bodo Moeller for the OpenSSL project.	4	* Originally written by Bodo Moeller for the OpenSSL project.
@@ -662,101 +662,29 @@ prime_field_tests(void)
662		662
663		663
664	/* more tests using the last curve */	664	/* more tests using the last curve */
665		665	fprintf(stdout, "infinity tests ...");
		666	fflush(stdout);
666	if (!EC_POINT_copy(Q, P))	667	if (!EC_POINT_copy(Q, P))
667	ABORT;	668	ABORT;
668	if (EC_POINT_is_at_infinity(group, Q))	669	if (EC_POINT_is_at_infinity(group, Q))
669	ABORT;	670	ABORT;
		671	/* P := 2P */
670	if (!EC_POINT_dbl(group, P, P, ctx))	672	if (!EC_POINT_dbl(group, P, P, ctx))
671	ABORT;	673	ABORT;
672	if (!EC_POINT_is_on_curve(group, P, ctx))	674	if (!EC_POINT_is_on_curve(group, P, ctx))
673	ABORT;	675	ABORT;
674	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */	676	/* Q := -P */
675		677	if (!EC_POINT_invert(group, Q, ctx))
676	if (!EC_POINT_add(group, R, P, Q, ctx))	678	ABORT;
677	ABORT;	679	/* R := 2P - P = P */
		680	if (!EC_POINT_add(group, R, P, Q, ctx))
		681	ABORT;
		682	/* R := R + Q = P - P = infty */
678	if (!EC_POINT_add(group, R, R, Q, ctx))	683	if (!EC_POINT_add(group, R, R, Q, ctx))
679	ABORT;	684	ABORT;
680	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */	685	if (!EC_POINT_is_at_infinity(group, R))
681		686	ABORT;
682	{	687	fprintf(stdout, " ok\n\n");
683	const EC_POINT *points[4];
684	const BIGNUM *scalars[4];
685	BIGNUM scalar3;
686
687	if (EC_POINT_is_at_infinity(group, Q))
688	ABORT;
689	points[0] = Q;
690	points[1] = Q;
691	points[2] = Q;
692	points[3] = Q;
693
694	if (!EC_GROUP_get_order(group, z, ctx))
695	ABORT;
696	if (!BN_add(y, z, BN_value_one()))
697	ABORT;
698	if (BN_is_odd(y))
699	ABORT;
700	if (!BN_rshift1(y, y))
701	ABORT;
702	scalars[0] = y; /* (group order + 1)/2, so yQ + yQ = Q */
703	scalars[1] = y;
704
705	fprintf(stdout, "combined multiplication ...");
706	fflush(stdout);
707
708	/* z is still the group order */
709	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
710	ABORT;
711	if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
712	ABORT;
713	if (0 != EC_POINT_cmp(group, P, R, ctx))
714	ABORT;
715	if (0 != EC_POINT_cmp(group, R, Q, ctx))
716	ABORT;
717
718	fprintf(stdout, ".");
719	fflush(stdout);
720
721	if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
722	ABORT;
723	if (!BN_add(z, z, y))
724	ABORT;
725	BN_set_negative(z, 1);
726	scalars[0] = y;
727	scalars[1] = z; /* z = -(order + y) */
728
729	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
730	ABORT;
731	if (!EC_POINT_is_at_infinity(group, P))
732	ABORT;
733
734	fprintf(stdout, ".");
735	fflush(stdout);
736
737	if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
738	ABORT;
739	if (!BN_add(z, x, y))
740	ABORT;
741	BN_set_negative(z, 1);
742	scalars[0] = x;
743	scalars[1] = y;
744	scalars[2] = z; /* z = -(x+y) */
745
746	BN_init(&scalar3);
747	BN_zero(&scalar3);
748	scalars[3] = &scalar3;
749
750	if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
751	ABORT;
752	if (!EC_POINT_is_at_infinity(group, P))
753	ABORT;
754
755	fprintf(stdout, " ok\n\n");
756
757	BN_free(&scalar3);
758	}
759
760		688
761	if (ctx)	689	if (ctx)
762	BN_CTX_free(ctx);	690	BN_CTX_free(ctx);
@@ -1186,91 +1114,29 @@ prime_field_tests(void)
1186	);	1114	);
1187		1115
1188	/* more tests using the last curve */	1116	/* more tests using the last curve */
1189		1117	fprintf(stdout, "infinity tests ...");
		1118	fflush(stdout);
1190	if (!EC_POINT_copy(Q, P))	1119	if (!EC_POINT_copy(Q, P))
1191	ABORT;	1120	ABORT;
1192	if (EC_POINT_is_at_infinity(group, Q))	1121	if (EC_POINT_is_at_infinity(group, Q))
1193	ABORT;	1122	ABORT;
		1123	/* P := 2P */
1194	if (!EC_POINT_dbl(group, P, P, ctx))	1124	if (!EC_POINT_dbl(group, P, P, ctx))
1195	ABORT;	1125	ABORT;
1196	if (!EC_POINT_is_on_curve(group, P, ctx))	1126	if (!EC_POINT_is_on_curve(group, P, ctx))
1197	ABORT;	1127	ABORT;
1198	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */	1128	/* Q := -P */
1199		1129	if (!EC_POINT_invert(group, Q, ctx))
1200	if (!EC_POINT_add(group, R, P, Q, ctx))	1130	ABORT;
1201	ABORT;	1131	/* R := 2P - P = P */
		1132	if (!EC_POINT_add(group, R, P, Q, ctx))
		1133	ABORT;
		1134	/* R := R + Q = P - P = infty */
1202	if (!EC_POINT_add(group, R, R, Q, ctx))	1135	if (!EC_POINT_add(group, R, R, Q, ctx))
1203	ABORT;	1136	ABORT;
1204	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */	1137	if (!EC_POINT_is_at_infinity(group, R))
1205		1138	ABORT;
1206	{	1139	fprintf(stdout, " ok\n\n");
1207	const EC_POINT *points[3];
1208	const BIGNUM *scalars[3];
1209
1210	if (EC_POINT_is_at_infinity(group, Q))
1211	ABORT;
1212	points[0] = Q;
1213	points[1] = Q;
1214	points[2] = Q;
1215
1216	if (!BN_add(y, z, BN_value_one()))
1217	ABORT;
1218	if (BN_is_odd(y))
1219	ABORT;
1220	if (!BN_rshift1(y, y))
1221	ABORT;
1222	scalars[0] = y; /* (group order + 1)/2, so yQ + yQ = Q */
1223	scalars[1] = y;
1224
1225	fprintf(stdout, "combined multiplication ...");
1226	fflush(stdout);
1227
1228	/* z is still the group order */
1229	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
1230	ABORT;
1231	if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
1232	ABORT;
1233	if (0 != EC_POINT_cmp(group, P, R, ctx))
1234	ABORT;
1235	if (0 != EC_POINT_cmp(group, R, Q, ctx))
1236	ABORT;
1237
1238	fprintf(stdout, ".");
1239	fflush(stdout);
1240
1241	if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
1242	ABORT;
1243	if (!BN_add(z, z, y))
1244	ABORT;
1245	BN_set_negative(z, 1);
1246	scalars[0] = y;
1247	scalars[1] = z; /* z = -(order + y) */
1248
1249	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
1250	ABORT;
1251	if (!EC_POINT_is_at_infinity(group, P))
1252	ABORT;
1253
1254	fprintf(stdout, ".");
1255	fflush(stdout);
1256
1257	if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
1258	ABORT;
1259	if (!BN_add(z, x, y))
1260	ABORT;
1261	BN_set_negative(z, 1);
1262	scalars[0] = x;
1263	scalars[1] = y;
1264	scalars[2] = z; /* z = -(x+y) */
1265
1266	if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
1267	ABORT;
1268	if (!EC_POINT_is_at_infinity(group, P))
1269	ABORT;
1270
1271	fprintf(stdout, " ok\n\n");
1272	}
1273
1274		1140
1275	if (ctx)	1141	if (ctx)
1276	BN_CTX_free(ctx);	1142	BN_CTX_free(ctx);