1 files changed, 56 insertions, 0 deletions
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
index 28cd3339da..685007d330 100644
--- a/src/lib/libcrypto/bn/bntest.c
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -86,6 +86,7 @@ int test_mont(BIO *bp,BN_CTX *ctx);
 int test_mod(BIO *bp,BN_CTX *ctx);
 int test_mod_mul(BIO *bp,BN_CTX *ctx);
 int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
 int test_exp(BIO *bp,BN_CTX *ctx);
 int test_kron(BIO *bp,BN_CTX *ctx);
 int test_sqrt(BIO *bp,BN_CTX *ctx);
@@ -213,6 +214,10 @@ int main(int argc, char *argv[])
        if (!test_mod_exp(out,ctx)) goto err;
        BIO_flush(out);
+        message(out,"BN_mod_exp_mont_consttime");
+        if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+        BIO_flush(out);
        message(out,"BN_exp");
        if (!test_exp(out,ctx)) goto err;
        BIO_flush(out);
@@ -813,6 +818,57 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
        return(1);
        }
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+        for (i=0; i<num2; i++)
+                {
+                BN_bntest_rand(a,20+i*5,0,0); /**/
+                BN_bntest_rand(b,2+i,0,0); /**/
+                if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+                        return(00);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_exp(e,a,b,ctx);
+                BN_sub(e,e,d);
+                BN_div(a,b,e,c,ctx);
+                if(!BN_is_zero(b))
+                    {
+                    fprintf(stderr,"Modulo exponentiation test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
 int test_exp(BIO *bp, BN_CTX *ctx)
        {
        BIGNUM *a,*b,*d,*e,*one;

diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c index 28cd3339da..685007d330 100644 --- a/src/lib/libcrypto/bn/bntest.c +++ b/src/lib/libcrypto/bn/bntest.c
@@ -86,6 +86,7 @@ int test_mont(BIO bp,BN_CTX ctx);
86	int test_mod(BIO bp,BN_CTX ctx);	86	int test_mod(BIO bp,BN_CTX ctx);
87	int test_mod_mul(BIO bp,BN_CTX ctx);	87	int test_mod_mul(BIO bp,BN_CTX ctx);
88	int test_mod_exp(BIO bp,BN_CTX ctx);	88	int test_mod_exp(BIO bp,BN_CTX ctx);
		89	int test_mod_exp_mont_consttime(BIO bp,BN_CTX ctx);
89	int test_exp(BIO bp,BN_CTX ctx);	90	int test_exp(BIO bp,BN_CTX ctx);
90	int test_kron(BIO bp,BN_CTX ctx);	91	int test_kron(BIO bp,BN_CTX ctx);
91	int test_sqrt(BIO bp,BN_CTX ctx);	92	int test_sqrt(BIO bp,BN_CTX ctx);
@@ -213,6 +214,10 @@ int main(int argc, char *argv[])
213	if (!test_mod_exp(out,ctx)) goto err;	214	if (!test_mod_exp(out,ctx)) goto err;
214	BIO_flush(out);	215	BIO_flush(out);
215		216
		217	message(out,"BN_mod_exp_mont_consttime");
		218	if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
		219	BIO_flush(out);
		220
216	message(out,"BN_exp");	221	message(out,"BN_exp");
217	if (!test_exp(out,ctx)) goto err;	222	if (!test_exp(out,ctx)) goto err;
218	BIO_flush(out);	223	BIO_flush(out);
@@ -813,6 +818,57 @@ int test_mod_exp(BIO bp, BN_CTX ctx)
813	return(1);	818	return(1);
814	}	819	}
815		820
		821	int test_mod_exp_mont_consttime(BIO bp, BN_CTX ctx)
		822	{
		823	BIGNUM a,b,c,d,*e;
		824	int i;
		825
		826	a=BN_new();
		827	b=BN_new();
		828	c=BN_new();
		829	d=BN_new();
		830	e=BN_new();
		831
		832	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
		833	for (i=0; i<num2; i++)
		834	{
		835	BN_bntest_rand(a,20+i5,0,0); /*/
		836	BN_bntest_rand(b,2+i,0,0); /**/
		837
		838	if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
		839	return(00);
		840
		841	if (bp != NULL)
		842	{
		843	if (!results)
		844	{
		845	BN_print(bp,a);
		846	BIO_puts(bp," ^ ");
		847	BN_print(bp,b);
		848	BIO_puts(bp," % ");
		849	BN_print(bp,c);
		850	BIO_puts(bp," - ");
		851	}
		852	BN_print(bp,d);
		853	BIO_puts(bp,"\n");
		854	}
		855	BN_exp(e,a,b,ctx);
		856	BN_sub(e,e,d);
		857	BN_div(a,b,e,c,ctx);
		858	if(!BN_is_zero(b))
		859	{
		860	fprintf(stderr,"Modulo exponentiation test failed!\n");
		861	return 0;
		862	}
		863	}
		864	BN_free(a);
		865	BN_free(b);
		866	BN_free(c);
		867	BN_free(d);
		868	BN_free(e);
		869	return(1);
		870	}
		871
816	int test_exp(BIO bp, BN_CTX ctx)	872	int test_exp(BIO bp, BN_CTX ctx)
817	{	873	{
818	BIGNUM a,b,d,e,*one;	874	BIGNUM a,b,d,e,*one;