summaryrefslogtreecommitdiff
path: root/src/regress/lib/libcrypto/bn
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libcrypto/bn')
-rw-r--r--src/regress/lib/libcrypto/bn/Makefile12
-rw-r--r--src/regress/lib/libcrypto/bn/addsub/Makefile11
-rw-r--r--src/regress/lib/libcrypto/bn/addsub/bnaddsub.c236
-rw-r--r--src/regress/lib/libcrypto/bn/general/Makefile11
-rw-r--r--src/regress/lib/libcrypto/bn/general/bntest.c2467
-rw-r--r--src/regress/lib/libcrypto/bn/mont/Makefile9
-rw-r--r--src/regress/lib/libcrypto/bn/mont/mont.c73
-rw-r--r--src/regress/lib/libcrypto/bn/rand/Makefile11
-rw-r--r--src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c113
9 files changed, 0 insertions, 2943 deletions
diff --git a/src/regress/lib/libcrypto/bn/Makefile b/src/regress/lib/libcrypto/bn/Makefile
deleted file mode 100644
index ed9298575b..0000000000
--- a/src/regress/lib/libcrypto/bn/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2018/11/06 06:56:17 tb Exp $
2
3SUBDIR= \
4 addsub \
5 general \
6 mont \
7 rand
8
9
10install:
11
12.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libcrypto/bn/addsub/Makefile b/src/regress/lib/libcrypto/bn/addsub/Makefile
deleted file mode 100644
index c35182db4f..0000000000
--- a/src/regress/lib/libcrypto/bn/addsub/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/07/10 16:57:50 tb Exp $
2
3.include "../../Makefile.inc"
4
5PROG= bnaddsub
6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes
9CFLAGS+= -Werror
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/addsub/bnaddsub.c b/src/regress/lib/libcrypto/bn/addsub/bnaddsub.c
deleted file mode 100644
index e23821ed2b..0000000000
--- a/src/regress/lib/libcrypto/bn/addsub/bnaddsub.c
+++ /dev/null
@@ -1,236 +0,0 @@
1/* $OpenBSD: bnaddsub.c,v 1.3 2018/07/23 17:15:21 tb Exp $ */
2/*
3 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* Test basic functionality of BN_add(), BN_sub(), BN_uadd() and BN_usub() */
19
20#include <err.h>
21#include <stdio.h>
22
23#include <openssl/bio.h>
24#include <openssl/bn.h>
25#include <openssl/err.h>
26
27#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
28
29BIO *bio_err;
30
31struct hexinput_st {
32 const char *a_hex;
33 const char *b_hex;
34 const char *e_hex; /* expected result */
35 const char ret; /* check return value */
36 int compare; /* use BN_cmp() to verify results */
37};
38
39int bn_op_test(int (*)(BIGNUM *, const BIGNUM *, const BIGNUM *),
40 struct hexinput_st[], unsigned int, const char *);
41void print_failure_case(BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, int,
42 const char *);
43
44struct hexinput_st test_bn_add[] = {
45 {
46 "F",
47 "F",
48 "1E",
49 1,
50 1,
51 },
52 {
53 "FFFFFFFFFFFFFFFFFFF",
54 "1",
55 "10000000000000000000",
56 1,
57 1,
58 },
59 {
60 "7878787878787878",
61 "1010101010101010",
62 "8888888888888888",
63 1,
64 1,
65 },
66 {
67 "FFFFFFFFFFFFFFFF0000000000000000",
68 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
69 "1FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
70 1,
71 1,
72 },
73 {
74 "F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0",
75 "10101010101010101010101010101010",
76 "101010101010101010101010101010100",
77 1,
78 1,
79 },
80};
81
82struct hexinput_st test_bn_sub[] = {
83 {
84 "10",
85 "1",
86 "F",
87 1,
88 1,
89 },
90 {
91 "10",
92 "1",
93 "E",
94 1,
95 0,
96 },
97 {
98 "100000000001000000000",
99 "11100000001",
100 "FFFFFFFFFEFEFFFFFFFF",
101 1,
102 1,
103 },
104 {
105 "-FFFFFFFFFFFFFFFFFFFF",
106 "1",
107 "-100000000000000000000",
108 1,
109 1,
110 },
111};
112
113struct hexinput_st test_bn_usub[] = {
114 {
115 "10",
116 "1",
117 "F",
118 1,
119 1,
120 },
121 {
122 "10",
123 "1",
124 "E",
125 1,
126 0,
127 },
128 {
129 "100000000001000000000",
130 "11100000001",
131 "FFFFFFFFFEFEFFFFFFFF",
132 1,
133 1,
134 },
135 {
136 "100000000000000000000",
137 "1",
138 "FFFFFFFFFFFFFFFFFFFF",
139 1,
140 1,
141 },
142 {
143 "0",
144 "1",
145 "0",
146 0,
147 0,
148 },
149};
150
151void
152print_failure_case(BIGNUM *a, BIGNUM *b, BIGNUM *e, BIGNUM *r, int i,
153 const char *testname)
154{
155 BIO_printf(bio_err, "%s #%d failed:", testname, i);
156 BIO_printf(bio_err, "\na = ");
157 BN_print(bio_err, a);
158 BIO_printf(bio_err, "\nb = ");
159 BN_print(bio_err, b);
160 BIO_printf(bio_err, "\nexpected: e = ");
161 BN_print(bio_err, e);
162 BIO_printf(bio_err, "\nobtained: r = ");
163 BN_print(bio_err, r);
164 BIO_printf(bio_err, "\n");
165}
166
167int
168bn_op_test(int (*bn_op)(BIGNUM *, const BIGNUM *, const BIGNUM *),
169 struct hexinput_st tests[], unsigned int ntests, const char *testname)
170{
171 BIGNUM *a = NULL, *b = NULL, *e = NULL, *r = NULL;
172 unsigned int i;
173 int failed = 0;
174
175 if (((a = BN_new()) == NULL) ||
176 ((b = BN_new()) == NULL) ||
177 ((e = BN_new()) == NULL) ||
178 ((r = BN_new()) == NULL)) {
179 failed = 1;
180 ERR_print_errors(bio_err);
181 goto err;
182 }
183
184 for (i = 0; i < ntests; i++) {
185 int print = 0;
186
187 if (!BN_hex2bn(&a, tests[i].a_hex) ||
188 !BN_hex2bn(&b, tests[i].b_hex) ||
189 !BN_hex2bn(&e, tests[i].e_hex)) {
190 print = 1;
191 ERR_print_errors(bio_err);
192 }
193
194 if (tests[i].ret != bn_op(r, a, b))
195 print = 1;
196 if (tests[i].compare == 1 && BN_cmp(e, r) != 0)
197 print = 1;
198 if (print) {
199 failed = 1;
200 print_failure_case(a, b, e, r, i, testname);
201 }
202 }
203
204 err:
205 BN_free(a);
206 BN_free(b);
207 BN_free(e);
208 BN_free(r);
209 return failed;
210}
211
212int
213main(int argc, char *argv[])
214{
215 int failed = 0;
216
217 if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL) {
218 fprintf(stderr, "bnaddsub: failed to initialize bio_err");
219 return 1;
220 }
221
222 if (bn_op_test(BN_add, test_bn_add, nitems(test_bn_add),
223 "BN_add with test_bn_add[]"))
224 failed = 1;
225 if (bn_op_test(BN_uadd, test_bn_add, nitems(test_bn_add),
226 "BN_uadd with test_bn_add[]"))
227 failed = 1;
228 if (bn_op_test(BN_sub, test_bn_sub, nitems(test_bn_sub),
229 "BN_sub with test_bn_sub[]"))
230 failed = 1;
231 if (bn_op_test(BN_usub, test_bn_usub, nitems(test_bn_usub),
232 "BN_usub with test_bn_usub[]"))
233 failed = 1;
234
235 return failed;
236}
diff --git a/src/regress/lib/libcrypto/bn/general/Makefile b/src/regress/lib/libcrypto/bn/general/Makefile
deleted file mode 100644
index d578d0fe12..0000000000
--- a/src/regress/lib/libcrypto/bn/general/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
2
3.include "../../Makefile.inc"
4
5PROG= bntest
6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes
9CFLAGS+= -Werror
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/general/bntest.c b/src/regress/lib/libcrypto/bn/general/bntest.c
deleted file mode 100644
index cff776068b..0000000000
--- a/src/regress/lib/libcrypto/bn/general/bntest.c
+++ /dev/null
@@ -1,2467 +0,0 @@
1/* $OpenBSD: bntest.c,v 1.20 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the Eric Young open source
65 * license provided above.
66 *
67 * The binary polynomial arithmetic software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72/* Until the key-gen callbacks are modified to use newer prototypes, we allow
73 * deprecated functions for openssl-internal code */
74#ifdef OPENSSL_NO_DEPRECATED
75#undef OPENSSL_NO_DEPRECATED
76#endif
77
78#include <stdio.h>
79#include <stdlib.h>
80#include <string.h>
81
82#include <openssl/bio.h>
83#include <openssl/bn.h>
84#include <openssl/x509.h>
85#include <openssl/err.h>
86
87int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
88 const BIGNUM *m, BN_CTX *ctx);
89int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
90 const BIGNUM *m, BN_CTX *ctx);
91int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
92 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
93int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95
96int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
97
98const int num0 = 100; /* number of tests */
99const int num1 = 50; /* additional tests for some functions */
100const int num2 = 5; /* number of tests for slow functions */
101
102int test_add(BIO *bp);
103int test_sub(BIO *bp);
104int test_lshift1(BIO *bp);
105int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
106int test_rshift1(BIO *bp);
107int test_rshift(BIO *bp, BN_CTX *ctx);
108int test_div(BIO *bp, BN_CTX *ctx);
109int test_div_word(BIO *bp);
110int test_div_recp(BIO *bp, BN_CTX *ctx);
111int test_mul(BIO *bp);
112int test_sqr(BIO *bp, BN_CTX *ctx);
113int test_mont(BIO *bp, BN_CTX *ctx);
114int test_mod(BIO *bp, BN_CTX *ctx);
115int test_mod_mul(BIO *bp, BN_CTX *ctx);
116int test_mod_exp(BIO *bp, BN_CTX *ctx);
117int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
118int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
119int test_mod_exp_sizes(BIO *bp, BN_CTX *ctx);
120int test_exp(BIO *bp, BN_CTX *ctx);
121int test_gf2m_add(BIO *bp);
122int test_gf2m_mod(BIO *bp);
123int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
124int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
125int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
126int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
127int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
128int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
129int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
130int test_kron(BIO *bp, BN_CTX *ctx);
131int test_sqrt(BIO *bp, BN_CTX *ctx);
132int rand_neg(void);
133static int results = 0;
134
135static unsigned char lst[] =
136 "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
137 "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
138
139#define PRINT_ERROR printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
140 __LINE__)
141
142#define CHECK_GOTO(a) do { \
143 if (!(a)) { \
144 PRINT_ERROR; \
145 rc = 0; \
146 goto err; \
147 } \
148} while (0)
149
150static void
151message(BIO *out, char *m)
152{
153 fprintf(stderr, "test %s\n", m);
154 BIO_puts(out, "print \"test ");
155 BIO_puts(out, m);
156 BIO_puts(out, "\\n\"\n");
157}
158
159int
160main(int argc, char *argv[])
161{
162 BN_CTX *ctx;
163 BIO *out;
164 char *outfile = NULL;
165
166 results = 0;
167
168 argc--;
169 argv++;
170 while (argc >= 1) {
171 if (strcmp(*argv, "-results") == 0)
172 results = 1;
173 else if (strcmp(*argv, "-out") == 0) {
174 if (--argc < 1)
175 break;
176 outfile= *(++argv);
177 }
178 argc--;
179 argv++;
180 }
181
182
183 ctx = BN_CTX_new();
184 if (ctx == NULL)
185 exit(1);
186
187 out = BIO_new(BIO_s_file());
188 if (out == NULL)
189 exit(1);
190 if (outfile == NULL) {
191 BIO_set_fp(out, stdout, BIO_NOCLOSE);
192 } else {
193 if (!BIO_write_filename(out, outfile)) {
194 perror(outfile);
195 exit(1);
196 }
197 }
198
199 if (!results)
200 BIO_puts(out, "obase=16\nibase=16\n");
201
202 message(out, "BN_add");
203 if (!test_add(out))
204 goto err;
205 (void)BIO_flush(out);
206
207 message(out, "BN_sub");
208 if (!test_sub(out))
209 goto err;
210 (void)BIO_flush(out);
211
212 message(out, "BN_lshift1");
213 if (!test_lshift1(out))
214 goto err;
215 (void)BIO_flush(out);
216
217 message(out, "BN_lshift (fixed)");
218 if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
219 goto err;
220 (void)BIO_flush(out);
221
222 message(out, "BN_lshift");
223 if (!test_lshift(out, ctx, NULL))
224 goto err;
225 (void)BIO_flush(out);
226
227 message(out, "BN_rshift1");
228 if (!test_rshift1(out))
229 goto err;
230 (void)BIO_flush(out);
231
232 message(out, "BN_rshift");
233 if (!test_rshift(out, ctx))
234 goto err;
235 (void)BIO_flush(out);
236
237 message(out, "BN_sqr");
238 if (!test_sqr(out, ctx))
239 goto err;
240 (void)BIO_flush(out);
241
242 message(out, "BN_mul");
243 if (!test_mul(out))
244 goto err;
245 (void)BIO_flush(out);
246
247 message(out, "BN_div");
248 if (!test_div(out, ctx))
249 goto err;
250 (void)BIO_flush(out);
251
252 message(out, "BN_div_word");
253 if (!test_div_word(out))
254 goto err;
255 (void)BIO_flush(out);
256
257 message(out, "BN_div_recp");
258 if (!test_div_recp(out, ctx))
259 goto err;
260 (void)BIO_flush(out);
261
262 message(out, "BN_mod");
263 if (!test_mod(out, ctx))
264 goto err;
265 (void)BIO_flush(out);
266
267 message(out, "BN_mod_mul");
268 if (!test_mod_mul(out, ctx))
269 goto err;
270 (void)BIO_flush(out);
271
272 message(out, "BN_mont");
273 if (!test_mont(out, ctx))
274 goto err;
275 (void)BIO_flush(out);
276
277 message(out, "BN_mod_exp");
278 if (!test_mod_exp(out, ctx))
279 goto err;
280 (void)BIO_flush(out);
281
282 message(out, "BN_mod_exp_mont_consttime");
283 if (!test_mod_exp_mont_consttime(out, ctx))
284 goto err;
285 (void)BIO_flush(out);
286
287 message(out, "BN_mod_exp_mont5");
288 if (!test_mod_exp_mont5(out, ctx))
289 goto err;
290 (void)BIO_flush(out);
291
292 message(out, "BN_exp");
293 if (!test_exp(out, ctx))
294 goto err;
295 (void)BIO_flush(out);
296
297 message(out, "BN_kronecker");
298 if (!test_kron(out, ctx))
299 goto err;
300 (void)BIO_flush(out);
301
302 message(out, "BN_mod_sqrt");
303 if (!test_sqrt(out, ctx))
304 goto err;
305 (void)BIO_flush(out);
306
307 message(out, "Modexp with different sizes");
308 if (!test_mod_exp_sizes(out, ctx))
309 goto err;
310 (void)BIO_flush(out);
311
312#ifndef OPENSSL_NO_EC2M
313 message(out, "BN_GF2m_add");
314 if (!test_gf2m_add(out))
315 goto err;
316 (void)BIO_flush(out);
317
318 message(out, "BN_GF2m_mod");
319 if (!test_gf2m_mod(out))
320 goto err;
321 (void)BIO_flush(out);
322
323 message(out, "BN_GF2m_mod_mul");
324 if (!test_gf2m_mod_mul(out, ctx))
325 goto err;
326 (void)BIO_flush(out);
327
328 message(out, "BN_GF2m_mod_sqr");
329 if (!test_gf2m_mod_sqr(out, ctx))
330 goto err;
331 (void)BIO_flush(out);
332
333 message(out, "BN_GF2m_mod_inv");
334 if (!test_gf2m_mod_inv(out, ctx))
335 goto err;
336 (void)BIO_flush(out);
337
338 message(out, "BN_GF2m_mod_div");
339 if (!test_gf2m_mod_div(out, ctx))
340 goto err;
341 (void)BIO_flush(out);
342
343 message(out, "BN_GF2m_mod_exp");
344 if (!test_gf2m_mod_exp(out, ctx))
345 goto err;
346 (void)BIO_flush(out);
347
348 message(out, "BN_GF2m_mod_sqrt");
349 if (!test_gf2m_mod_sqrt(out, ctx))
350 goto err;
351 (void)BIO_flush(out);
352
353 message(out, "BN_GF2m_mod_solve_quad");
354 if (!test_gf2m_mod_solve_quad(out, ctx))
355 goto err;
356 (void)BIO_flush(out);
357#endif
358 BN_CTX_free(ctx);
359 BIO_free(out);
360
361 exit(0);
362err:
363 BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc notices
364 * the failure, see test_bn in test/Makefile.ssl*/
365
366 (void)BIO_flush(out);
367 ERR_load_crypto_strings();
368 ERR_print_errors_fp(stderr);
369 exit(1);
370}
371
372int
373test_add(BIO *bp)
374{
375 BIGNUM a, b, c;
376 int i;
377 int rc = 1;
378
379 BN_init(&a);
380 BN_init(&b);
381 BN_init(&c);
382
383 CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0));
384 for (i = 0; i < num0; i++) {
385 CHECK_GOTO(BN_bntest_rand(&b, 450 + i, 0, 0));
386 a.neg = rand_neg();
387 b.neg = rand_neg();
388 CHECK_GOTO(BN_add(&c, &a, &b));
389 if (bp != NULL) {
390 if (!results) {
391 CHECK_GOTO(BN_print(bp, &a));
392 BIO_puts(bp, " + ");
393 CHECK_GOTO(BN_print(bp, &b));
394 BIO_puts(bp, " - ");
395 }
396 CHECK_GOTO(BN_print(bp, &c));
397 BIO_puts(bp, "\n");
398 }
399 a.neg = !a.neg;
400 b.neg = !b.neg;
401 CHECK_GOTO(BN_add(&c, &c, &b));
402 CHECK_GOTO(BN_add(&c, &c, &a));
403 if (!BN_is_zero(&c)) {
404 fprintf(stderr, "Add test failed!\n");
405 rc = 0;
406 break;
407 }
408 }
409err:
410 BN_free(&a);
411 BN_free(&b);
412 BN_free(&c);
413 return (rc);
414}
415
416int
417test_sub(BIO *bp)
418{
419 BIGNUM a, b, c;
420 int i;
421 int rc = 1;
422
423 BN_init(&a);
424 BN_init(&b);
425 BN_init(&c);
426
427 for (i = 0; i < num0 + num1; i++) {
428 if (i < num1) {
429 CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0));
430 CHECK_GOTO(BN_copy(&b, &a));
431 if (BN_set_bit(&a, i) == 0) {
432 rc = 0;
433 break;
434 }
435 CHECK_GOTO(BN_add_word(&b, i));
436 } else {
437 CHECK_GOTO(BN_bntest_rand(&b, 400 + i - num1, 0, 0));
438 a.neg = rand_neg();
439 b.neg = rand_neg();
440 }
441 CHECK_GOTO(BN_sub(&c, &a, &b));
442 if (bp != NULL) {
443 if (!results) {
444 CHECK_GOTO(BN_print(bp, &a));
445 BIO_puts(bp, " - ");
446 CHECK_GOTO(BN_print(bp, &b));
447 BIO_puts(bp, " - ");
448 }
449 CHECK_GOTO(BN_print(bp, &c));
450 BIO_puts(bp, "\n");
451 }
452 CHECK_GOTO(BN_add(&c, &c, &b));
453 CHECK_GOTO(BN_sub(&c, &c, &a));
454 if (!BN_is_zero(&c)) {
455 fprintf(stderr, "Subtract test failed!\n");
456 rc = 0;
457 break;
458 }
459 }
460err:
461 BN_free(&a);
462 BN_free(&b);
463 BN_free(&c);
464 return (rc);
465}
466
467int
468test_div(BIO *bp, BN_CTX *ctx)
469{
470 BIGNUM a, b, c, d, e;
471 int i;
472 int rc = 1;
473
474 BN_init(&a);
475 BN_init(&b);
476 BN_init(&c);
477 BN_init(&d);
478 BN_init(&e);
479
480 CHECK_GOTO(BN_one(&a));
481 CHECK_GOTO(BN_zero(&b));
482
483 if (BN_div(&d, &c, &a, &b, ctx)) {
484 fprintf(stderr, "Division by zero succeeded!\n");
485 return (0);
486 }
487
488 for (i = 0; i < num0 + num1; i++) {
489 if (i < num1) {
490 CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0));
491 CHECK_GOTO(BN_copy(&b, &a));
492 CHECK_GOTO(BN_lshift(&a, &a, i));
493 CHECK_GOTO(BN_add_word(&a, i));
494 } else
495 CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0));
496 a.neg = rand_neg();
497 b.neg = rand_neg();
498 CHECK_GOTO(BN_div(&d, &c, &a, &b, ctx));
499 if (bp != NULL) {
500 if (!results) {
501 CHECK_GOTO(BN_print(bp, &a));
502 BIO_puts(bp, " / ");
503 CHECK_GOTO(BN_print(bp, &b));
504 BIO_puts(bp, " - ");
505 }
506 CHECK_GOTO(BN_print(bp, &d));
507 BIO_puts(bp, "\n");
508
509 if (!results) {
510 CHECK_GOTO(BN_print(bp, &a));
511 BIO_puts(bp, " % ");
512 CHECK_GOTO(BN_print(bp, &b));
513 BIO_puts(bp, " - ");
514 }
515 CHECK_GOTO(BN_print(bp, &c));
516 BIO_puts(bp, "\n");
517 }
518 CHECK_GOTO(BN_mul(&e, &d, &b, ctx));
519 CHECK_GOTO(BN_add(&d, &e, &c));
520 CHECK_GOTO(BN_sub(&d, &d, &a));
521 if (!BN_is_zero(&d)) {
522 fprintf(stderr, "Division test failed!\n");
523 rc = 0;
524 break;
525 }
526 }
527err:
528 BN_free(&a);
529 BN_free(&b);
530 BN_free(&c);
531 BN_free(&d);
532 BN_free(&e);
533 return (rc);
534}
535
536static void
537print_word(BIO *bp, BN_ULONG w)
538{
539#ifdef SIXTY_FOUR_BIT
540 if (sizeof(w) > sizeof(unsigned long)) {
541 unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);
542
543 if (h)
544 BIO_printf(bp, "%lX%08lX", h, l);
545 else
546 BIO_printf(bp, "%lX", l);
547 return;
548 }
549#endif
550 BIO_printf(bp, BN_HEX_FMT1, w);
551}
552
553int
554test_div_word(BIO *bp)
555{
556 BIGNUM a, b;
557 BN_ULONG r, rmod, s = 0;
558 int i;
559 int rc = 1;
560
561 BN_init(&a);
562 BN_init(&b);
563
564 for (i = 0; i < num0; i++) {
565 do {
566 if (!BN_bntest_rand(&a, 512, -1, 0) ||
567 !BN_bntest_rand(&b, BN_BITS2, -1, 0)) {
568 rc = 0;
569 break;
570 }
571 s = b.d[0];
572 } while (!s);
573
574 if (!BN_copy(&b, &a)) {
575 rc = 0;
576 break;
577 }
578
579 rmod = BN_mod_word(&b, s);
580 r = BN_div_word(&b, s);
581
582 if (r == (BN_ULONG)-1 || rmod == (BN_ULONG)-1) {
583 rc = 0;
584 break;
585 }
586
587 if (rmod != r) {
588 fprintf(stderr, "Mod (word) test failed!\n");
589 rc = 0;
590 break;
591 }
592
593 if (bp != NULL) {
594 if (!results) {
595 CHECK_GOTO(BN_print(bp, &a));
596 BIO_puts(bp, " / ");
597 print_word(bp, s);
598 BIO_puts(bp, " - ");
599 }
600 CHECK_GOTO(BN_print(bp, &b));
601 BIO_puts(bp, "\n");
602
603 if (!results) {
604 CHECK_GOTO(BN_print(bp, &a));
605 BIO_puts(bp, " % ");
606 print_word(bp, s);
607 BIO_puts(bp, " - ");
608 }
609 print_word(bp, r);
610 BIO_puts(bp, "\n");
611 }
612 CHECK_GOTO(BN_mul_word(&b, s));
613 CHECK_GOTO(BN_add_word(&b, r));
614 CHECK_GOTO(BN_sub(&b, &a, &b));
615 if (!BN_is_zero(&b)) {
616 fprintf(stderr, "Division (word) test failed!\n");
617 rc = 0;
618 break;
619 }
620 }
621err:
622 BN_free(&a);
623 BN_free(&b);
624 return (rc);
625}
626
627int
628test_div_recp(BIO *bp, BN_CTX *ctx)
629{
630 BIGNUM a, b, c, d, e;
631 BN_RECP_CTX recp;
632 int i;
633 int rc = 1;
634
635 BN_RECP_CTX_init(&recp);
636 BN_init(&a);
637 BN_init(&b);
638 BN_init(&c);
639 BN_init(&d);
640 BN_init(&e);
641
642 for (i = 0; i < num0 + num1; i++) {
643 if (i < num1) {
644 CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0));
645 CHECK_GOTO(BN_copy(&b, &a));
646 CHECK_GOTO(BN_lshift(&a, &a, i));
647 CHECK_GOTO(BN_add_word(&a, i));
648 } else
649 CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0));
650 a.neg = rand_neg();
651 b.neg = rand_neg();
652 CHECK_GOTO(BN_RECP_CTX_set(&recp, &b, ctx));
653 CHECK_GOTO(BN_div_recp(&d, &c, &a, &recp, ctx));
654 if (bp != NULL) {
655 if (!results) {
656 CHECK_GOTO(BN_print(bp, &a));
657 BIO_puts(bp, " / ");
658 CHECK_GOTO(BN_print(bp, &b));
659 BIO_puts(bp, " - ");
660 }
661 CHECK_GOTO(BN_print(bp, &d));
662 BIO_puts(bp, "\n");
663
664 if (!results) {
665 CHECK_GOTO(BN_print(bp, &a));
666 BIO_puts(bp, " % ");
667 CHECK_GOTO(BN_print(bp, &b));
668 BIO_puts(bp, " - ");
669 }
670 CHECK_GOTO(BN_print(bp, &c));
671 BIO_puts(bp, "\n");
672 }
673 CHECK_GOTO(BN_mul(&e, &d, &b, ctx));
674 CHECK_GOTO(BN_add(&d, &e, &c));
675 CHECK_GOTO(BN_sub(&d, &d, &a));
676 if (!BN_is_zero(&d)) {
677 fprintf(stderr, "Reciprocal division test failed!\n");
678 fprintf(stderr, "a=");
679 CHECK_GOTO(BN_print_fp(stderr, &a));
680 fprintf(stderr, "\nb=");
681 CHECK_GOTO(BN_print_fp(stderr, &b));
682 fprintf(stderr, "\n");
683 rc = 0;
684 break;
685 }
686 }
687err:
688 BN_free(&a);
689 BN_free(&b);
690 BN_free(&c);
691 BN_free(&d);
692 BN_free(&e);
693 BN_RECP_CTX_free(&recp);
694 return (rc);
695}
696
697int
698test_mul(BIO *bp)
699{
700 BIGNUM a, b, c, d, e;
701 int i;
702 int rc = 1;
703 BN_CTX *ctx;
704
705 ctx = BN_CTX_new();
706 if (ctx == NULL)
707 exit(1);
708
709 BN_init(&a);
710 BN_init(&b);
711 BN_init(&c);
712 BN_init(&d);
713 BN_init(&e);
714
715 for (i = 0; i < num0 + num1; i++) {
716 if (i <= num1) {
717 CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0));
718 CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0));
719 } else
720 CHECK_GOTO(BN_bntest_rand(&b, i - num1, 0, 0));
721 a.neg = rand_neg();
722 b.neg = rand_neg();
723 CHECK_GOTO(BN_mul(&c, &a, &b, ctx));
724 if (bp != NULL) {
725 if (!results) {
726 CHECK_GOTO(BN_print(bp, &a));
727 BIO_puts(bp, " * ");
728 CHECK_GOTO(BN_print(bp, &b));
729 BIO_puts(bp, " - ");
730 }
731 CHECK_GOTO(BN_print(bp, &c));
732 BIO_puts(bp, "\n");
733 }
734 CHECK_GOTO(BN_div(&d, &e, &c, &a, ctx));
735 CHECK_GOTO(BN_sub(&d, &d, &b));
736 if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
737 fprintf(stderr, "Multiplication test failed!\n");
738 rc = 0;
739 break;
740 }
741 }
742err:
743 BN_free(&a);
744 BN_free(&b);
745 BN_free(&c);
746 BN_free(&d);
747 BN_free(&e);
748 BN_CTX_free(ctx);
749 return (rc);
750}
751
752int
753test_sqr(BIO *bp, BN_CTX *ctx)
754{
755 BIGNUM *a, *c, *d, *e;
756 int i, rc = 0;
757
758 a = BN_new();
759 c = BN_new();
760 d = BN_new();
761 e = BN_new();
762
763 for (i = 0; i < num0; i++) {
764 CHECK_GOTO(BN_bntest_rand(a, 40 + i * 10, 0, 0));
765 a->neg = rand_neg();
766 CHECK_GOTO(BN_sqr(c, a, ctx));
767 if (bp != NULL) {
768 if (!results) {
769 CHECK_GOTO(BN_print(bp, a));
770 BIO_puts(bp, " * ");
771 CHECK_GOTO(BN_print(bp, a));
772 BIO_puts(bp, " - ");
773 }
774 CHECK_GOTO(BN_print(bp, c));
775 BIO_puts(bp, "\n");
776 }
777 CHECK_GOTO(BN_div(d, e, c, a, ctx));
778 CHECK_GOTO(BN_sub(d, d, a));
779 if (!BN_is_zero(d) || !BN_is_zero(e)) {
780 fprintf(stderr, "Square test failed!\n");
781 goto err;
782 }
783 }
784
785 /* Regression test for a BN_sqr overflow bug. */
786 if (!BN_hex2bn(&a, "80000000000000008000000000000001"
787 "FFFFFFFFFFFFFFFE0000000000000000")) {
788 fprintf(stderr, "BN_hex2bn failed\n");
789 goto err;
790 }
791 CHECK_GOTO(BN_sqr(c, a, ctx));
792 if (bp != NULL) {
793 if (!results) {
794 CHECK_GOTO(BN_print(bp, a));
795 BIO_puts(bp, " * ");
796 CHECK_GOTO(BN_print(bp, a));
797 BIO_puts(bp, " - ");
798 }
799 CHECK_GOTO(BN_print(bp, c));
800 BIO_puts(bp, "\n");
801 }
802 CHECK_GOTO(BN_mul(d, a, a, ctx));
803 if (BN_cmp(c, d)) {
804 fprintf(stderr,
805 "Square test failed: BN_sqr and BN_mul produce "
806 "different results!\n");
807 goto err;
808 }
809
810 /* Regression test for a BN_sqr overflow bug. */
811 if (!BN_hex2bn(&a, "80000000000000000000000080000001"
812 "FFFFFFFE000000000000000000000000")) {
813 fprintf(stderr, "BN_hex2bn failed\n");
814 goto err;
815 }
816 CHECK_GOTO(BN_sqr(c, a, ctx));
817 if (bp != NULL) {
818 if (!results) {
819 CHECK_GOTO(BN_print(bp, a));
820 BIO_puts(bp, " * ");
821 CHECK_GOTO(BN_print(bp, a));
822 BIO_puts(bp, " - ");
823 }
824 CHECK_GOTO(BN_print(bp, c));
825 BIO_puts(bp, "\n");
826 }
827 CHECK_GOTO(BN_mul(d, a, a, ctx));
828 if (BN_cmp(c, d)) {
829 fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
830 "different results!\n");
831 goto err;
832 }
833 rc = 1;
834err:
835 BN_free(a);
836 BN_free(c);
837 BN_free(d);
838 BN_free(e);
839 return rc;
840}
841
842int
843test_mont(BIO *bp, BN_CTX *ctx)
844{
845 BIGNUM a, b, c, d, A, B;
846 BIGNUM n;
847 int i;
848 int rc = 1;
849 BN_MONT_CTX *mont;
850
851 mont = BN_MONT_CTX_new();
852 if (mont == NULL)
853 return 0;
854
855 BN_init(&a);
856 BN_init(&b);
857 BN_init(&c);
858 BN_init(&d);
859 BN_init(&A);
860 BN_init(&B);
861 BN_init(&n);
862
863 CHECK_GOTO(BN_zero(&n));
864 if (BN_MONT_CTX_set(mont, &n, ctx)) {
865 fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
866 return (0);
867 }
868
869 CHECK_GOTO(BN_set_word(&n, 16));
870 if (BN_MONT_CTX_set(mont, &n, ctx)) {
871 fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
872 return (0);
873 }
874
875 CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0));
876 CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0));
877 for (i = 0; i < num2; i++) {
878 int bits = (200 * (i + 1)) / num2;
879
880 if (bits == 0)
881 continue;
882 CHECK_GOTO(BN_bntest_rand(&n, bits, 0, 1));
883 CHECK_GOTO(BN_MONT_CTX_set(mont, &n, ctx));
884
885 CHECK_GOTO(BN_nnmod(&a, &a, &n, ctx));
886 CHECK_GOTO(BN_nnmod(&b, &b, &n, ctx));
887
888 CHECK_GOTO(BN_to_montgomery(&A, &a, mont, ctx));
889 CHECK_GOTO(BN_to_montgomery(&B, &b, mont, ctx));
890
891 CHECK_GOTO(BN_mod_mul_montgomery(&c, &A, &B, mont, ctx));
892 CHECK_GOTO(BN_from_montgomery(&A, &c, mont, ctx));
893 if (bp != NULL) {
894 if (!results) {
895 CHECK_GOTO(BN_print(bp, &a));
896 BIO_puts(bp, " * ");
897 CHECK_GOTO(BN_print(bp, &b));
898 BIO_puts(bp, " % ");
899 CHECK_GOTO(BN_print(bp, &(mont->N)));
900 BIO_puts(bp, " - ");
901 }
902 CHECK_GOTO(BN_print(bp, &A));
903 BIO_puts(bp, "\n");
904 }
905 CHECK_GOTO(BN_mod_mul(&d, &a, &b, &n, ctx));
906 CHECK_GOTO(BN_sub(&d, &d, &A));
907 if (!BN_is_zero(&d)) {
908 fprintf(stderr, "Montgomery multiplication test failed!\n");
909 rc = 0;
910 break;
911 }
912 }
913err:
914 BN_MONT_CTX_free(mont);
915 BN_free(&a);
916 BN_free(&b);
917 BN_free(&c);
918 BN_free(&d);
919 BN_free(&A);
920 BN_free(&B);
921 BN_free(&n);
922 return (rc);
923}
924
925int
926test_mod(BIO *bp, BN_CTX *ctx)
927{
928 BIGNUM *a, *b, *c, *d, *e;
929 int i;
930 int rc = 1;
931
932 a = BN_new();
933 b = BN_new();
934 c = BN_new();
935 d = BN_new();
936 e = BN_new();
937
938 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
939 for (i = 0; i < num0; i++) {
940 CHECK_GOTO(BN_bntest_rand(b, 450 + i * 10, 0, 0));
941 a->neg = rand_neg();
942 b->neg = rand_neg();
943 CHECK_GOTO(BN_mod(c, a, b, ctx));
944 if (bp != NULL) {
945 if (!results) {
946 CHECK_GOTO(BN_print(bp, a));
947 BIO_puts(bp, " % ");
948 CHECK_GOTO(BN_print(bp, b));
949 BIO_puts(bp, " - ");
950 }
951 CHECK_GOTO(BN_print(bp, c));
952 BIO_puts(bp, "\n");
953 }
954 CHECK_GOTO(BN_div(d, e, a, b, ctx));
955 CHECK_GOTO(BN_sub(e, e, c));
956 if (!BN_is_zero(e)) {
957 fprintf(stderr, "Modulo test failed!\n");
958 rc = 0;
959 break;
960 }
961 }
962err:
963 BN_free(a);
964 BN_free(b);
965 BN_free(c);
966 BN_free(d);
967 BN_free(e);
968 return (rc);
969}
970
971int
972test_mod_mul(BIO *bp, BN_CTX *ctx)
973{
974 BIGNUM *a, *b, *c, *d, *e;
975 int i, j;
976 int rc = 1;
977
978 a = BN_new();
979 b = BN_new();
980 c = BN_new();
981 d = BN_new();
982 e = BN_new();
983
984 CHECK_GOTO(BN_one(a));
985 CHECK_GOTO(BN_one(b));
986 CHECK_GOTO(BN_zero(c));
987 if (BN_mod_mul(e, a, b, c, ctx)) {
988 fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
989 return (0);
990 }
991
992 for (j = 0; j < 3; j++) {
993 CHECK_GOTO(BN_bntest_rand(c, 1024, 0, 0));
994 for (i = 0; i < num0; i++) {
995 CHECK_GOTO(BN_bntest_rand(a, 475 + i * 10, 0, 0));
996 CHECK_GOTO(BN_bntest_rand(b, 425 + i * 11, 0, 0));
997 a->neg = rand_neg();
998 b->neg = rand_neg();
999 if (!BN_mod_mul(e, a, b, c, ctx)) {
1000 unsigned long l;
1001
1002 while ((l = ERR_get_error()))
1003 fprintf(stderr, "ERROR:%s\n",
1004 ERR_error_string(l, NULL));
1005 exit(1);
1006 }
1007 if (bp != NULL) {
1008 if (!results) {
1009 CHECK_GOTO(BN_print(bp, a));
1010 BIO_puts(bp, " * ");
1011 CHECK_GOTO(BN_print(bp, b));
1012 BIO_puts(bp, " % ");
1013 CHECK_GOTO(BN_print(bp, c));
1014 if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
1015 /* If (a*b) % c is negative, c must be added
1016 * in order to obtain the normalized remainder
1017 * (new with OpenSSL 0.9.7, previous versions of
1018 * BN_mod_mul could generate negative results)
1019 */
1020 BIO_puts(bp, " + ");
1021 CHECK_GOTO(BN_print(bp, c));
1022 }
1023 BIO_puts(bp, " - ");
1024 }
1025 CHECK_GOTO(BN_print(bp, e));
1026 BIO_puts(bp, "\n");
1027 }
1028 CHECK_GOTO(BN_mul(d, a, b, ctx));
1029 CHECK_GOTO(BN_sub(d, d, e));
1030 CHECK_GOTO(BN_div(a, b, d, c, ctx));
1031 if (!BN_is_zero(b)) {
1032 fprintf(stderr, "Modulo multiply test failed!\n");
1033 ERR_print_errors_fp(stderr);
1034 rc = 0;
1035 goto err;
1036 }
1037 }
1038 }
1039err:
1040 BN_free(a);
1041 BN_free(b);
1042 BN_free(c);
1043 BN_free(d);
1044 BN_free(e);
1045 return (rc);
1046}
1047
1048int
1049test_mod_exp(BIO *bp, BN_CTX *ctx)
1050{
1051 BIGNUM *a, *b, *c, *d, *e;
1052 int i;
1053 int rc = 1;
1054
1055 a = BN_new();
1056 b = BN_new();
1057 c = BN_new();
1058 d = BN_new();
1059 e = BN_new();
1060
1061 CHECK_GOTO(BN_one(a));
1062 CHECK_GOTO(BN_one(b));
1063 CHECK_GOTO(BN_zero(c));
1064 if (BN_mod_exp(d, a, b, c, ctx)) {
1065 fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
1066 rc = 0;
1067 goto err;
1068 }
1069 if (BN_mod_exp_ct(d, a, b, c, ctx)) {
1070 fprintf(stderr, "BN_mod_exp_ct with zero modulus succeeded!\n");
1071 rc = 0;
1072 goto err;
1073 }
1074 if (BN_mod_exp_nonct(d, a, b, c, ctx)) {
1075 fprintf(stderr, "BN_mod_exp_nonct with zero modulus succeeded!\n");
1076 rc = 0;
1077 goto err;
1078 }
1079
1080 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1081 for (i = 0; i < num2; i++) {
1082 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1083 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1084
1085 if (!BN_mod_exp(d, a, b, c, ctx)) {
1086 rc = 0;
1087 break;
1088 }
1089
1090 if (bp != NULL) {
1091 if (!results) {
1092 CHECK_GOTO(BN_print(bp, a));
1093 BIO_puts(bp, " ^ ");
1094 CHECK_GOTO(BN_print(bp, b));
1095 BIO_puts(bp, " % ");
1096 CHECK_GOTO(BN_print(bp, c));
1097 BIO_puts(bp, " - ");
1098 }
1099 CHECK_GOTO(BN_print(bp, d));
1100 BIO_puts(bp, "\n");
1101 }
1102 CHECK_GOTO(BN_exp(e, a, b, ctx));
1103 CHECK_GOTO(BN_sub(e, e, d));
1104 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1105 if (!BN_is_zero(b)) {
1106 fprintf(stderr, "Modulo exponentiation test failed!\n");
1107 rc = 0;
1108 break;
1109 }
1110 }
1111
1112 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1113 for (i = 0; i < num2; i++) {
1114 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1115 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1116
1117 if (!BN_mod_exp_ct(d, a, b, c, ctx)) {
1118 rc = 0;
1119 break;
1120 }
1121
1122 if (bp != NULL) {
1123 if (!results) {
1124 CHECK_GOTO(BN_print(bp, a));
1125 BIO_puts(bp, " ^ ");
1126 CHECK_GOTO(BN_print(bp, b));
1127 BIO_puts(bp, " % ");
1128 CHECK_GOTO(BN_print(bp, c));
1129 BIO_puts(bp, " - ");
1130 }
1131 CHECK_GOTO(BN_print(bp, d));
1132 BIO_puts(bp, "\n");
1133 }
1134 CHECK_GOTO(BN_exp(e, a, b, ctx));
1135 CHECK_GOTO(BN_sub(e, e, d));
1136 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1137 if (!BN_is_zero(b)) {
1138 fprintf(stderr, "Modulo exponentiation test failed!\n");
1139 rc = 0;
1140 break;
1141 }
1142 }
1143
1144 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1145 for (i = 0; i < num2; i++) {
1146 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1147 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1148
1149 if (!BN_mod_exp_nonct(d, a, b, c, ctx)) {
1150 rc = 0;
1151 break;
1152 }
1153
1154 if (bp != NULL) {
1155 if (!results) {
1156 CHECK_GOTO(BN_print(bp, a));
1157 BIO_puts(bp, " ^ ");
1158 CHECK_GOTO(BN_print(bp, b));
1159 BIO_puts(bp, " % ");
1160 CHECK_GOTO(BN_print(bp, c));
1161 BIO_puts(bp, " - ");
1162 }
1163 CHECK_GOTO(BN_print(bp, d));
1164 BIO_puts(bp, "\n");
1165 }
1166 CHECK_GOTO(BN_exp(e, a, b, ctx));
1167 CHECK_GOTO(BN_sub(e, e, d));
1168 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1169 if (!BN_is_zero(b)) {
1170 fprintf(stderr, "Modulo exponentiation test failed!\n");
1171 rc = 0;
1172 break;
1173 }
1174 }
1175err:
1176 BN_free(a);
1177 BN_free(b);
1178 BN_free(c);
1179 BN_free(d);
1180 BN_free(e);
1181 return (rc);
1182}
1183
1184int
1185test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
1186{
1187 BIGNUM *a, *b, *c, *d, *e;
1188 int i;
1189 int rc = 1;
1190
1191 a = BN_new();
1192 b = BN_new();
1193 c = BN_new();
1194 d = BN_new();
1195 e = BN_new();
1196
1197 CHECK_GOTO(BN_one(a));
1198 CHECK_GOTO(BN_one(b));
1199 CHECK_GOTO(BN_zero(c));
1200 if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
1201 fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus "
1202 "succeeded\n");
1203 rc = 0;
1204 goto err;
1205 }
1206
1207 CHECK_GOTO(BN_set_word(c, 16));
1208 if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
1209 fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus "
1210 "succeeded\n");
1211 rc = 0;
1212 goto err;
1213 }
1214
1215 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1216 for (i = 0; i < num2; i++) {
1217 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1218 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1219
1220 if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
1221 rc = 0;
1222 break;
1223 }
1224
1225 if (bp != NULL) {
1226 if (!results) {
1227 CHECK_GOTO(BN_print(bp, a));
1228 BIO_puts(bp, " ^ ");
1229 CHECK_GOTO(BN_print(bp, b));
1230 BIO_puts(bp, " % ");
1231 CHECK_GOTO(BN_print(bp, c));
1232 BIO_puts(bp, " - ");
1233 }
1234 CHECK_GOTO(BN_print(bp, d));
1235 BIO_puts(bp, "\n");
1236 }
1237 CHECK_GOTO(BN_exp(e, a, b, ctx));
1238 CHECK_GOTO(BN_sub(e, e, d));
1239 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1240 if (!BN_is_zero(b)) {
1241 fprintf(stderr, "Modulo exponentiation test failed!\n");
1242 rc = 0;
1243 break;
1244 }
1245 }
1246err:
1247 BN_free(a);
1248 BN_free(b);
1249 BN_free(c);
1250 BN_free(d);
1251 BN_free(e);
1252 return (rc);
1253}
1254
1255/*
1256 * Test constant-time modular exponentiation with 1024-bit inputs, which on
1257 * x86_64 cause a different code branch to be taken.
1258 */
1259int
1260test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
1261{
1262 BIGNUM *a, *p, *m, *d, *e, *b, *n, *c;
1263 int len, rc = 1;
1264 BN_MONT_CTX *mont;
1265
1266 a = BN_new();
1267 p = BN_new();
1268 m = BN_new();
1269 d = BN_new();
1270 e = BN_new();
1271 b = BN_new();
1272 n = BN_new();
1273 c = BN_new();
1274
1275 CHECK_GOTO(mont = BN_MONT_CTX_new());
1276
1277 CHECK_GOTO(BN_bntest_rand(m, 1024, 0, 1)); /* must be odd for montgomery */
1278 /* Zero exponent */
1279 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1280 CHECK_GOTO(BN_zero(p));
1281 if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
1282 rc = 0;
1283 goto err;
1284 }
1285 if (!BN_is_one(d)) {
1286 fprintf(stderr, "Modular exponentiation test failed!\n");
1287 rc = 0;
1288 goto err;
1289 }
1290 /* Regression test for carry bug in mulx4x_mont */
1291 len = BN_hex2bn(&a,
1292 "7878787878787878787878787878787878787878787878787878787878787878"
1293 "7878787878787878787878787878787878787878787878787878787878787878"
1294 "7878787878787878787878787878787878787878787878787878787878787878"
1295 "7878787878787878787878787878787878787878787878787878787878787878");
1296 CHECK_GOTO(len);
1297 len = BN_hex2bn(&b,
1298 "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
1299 "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
1300 "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
1301 "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
1302 CHECK_GOTO(len);
1303 len = BN_hex2bn(&n,
1304 "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
1305 "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
1306 "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
1307 "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
1308 CHECK_GOTO(len);
1309 CHECK_GOTO(BN_MONT_CTX_set(mont, n, ctx));
1310 CHECK_GOTO(BN_mod_mul_montgomery(c, a, b, mont, ctx));
1311 CHECK_GOTO(BN_mod_mul_montgomery(d, b, a, mont, ctx));
1312 if (BN_cmp(c, d)) {
1313 fprintf(stderr, "Montgomery multiplication test failed:"
1314 " a*b != b*a.\n");
1315 rc = 0;
1316 goto err;
1317 }
1318 /* Regression test for carry bug in sqr[x]8x_mont */
1319 len = BN_hex2bn(&n,
1320 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1321 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1322 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1323 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1324 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1325 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1326 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1327 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF00"
1328 "0000000000000000000000000000000000000000000000000000000000000000"
1329 "0000000000000000000000000000000000000000000000000000000000000000"
1330 "0000000000000000000000000000000000000000000000000000000000000000"
1331 "0000000000000000000000000000000000000000000000000000000000000000"
1332 "0000000000000000000000000000000000000000000000000000000000000000"
1333 "0000000000000000000000000000000000000000000000000000000000000000"
1334 "0000000000000000000000000000000000000000000000000000000000000000"
1335 "00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFF");
1336 CHECK_GOTO(len);
1337 len = BN_hex2bn(&a,
1338 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1339 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1340 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1341 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1342 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1343 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1344 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1345 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF0000000000"
1346 "0000000000000000000000000000000000000000000000000000000000000000"
1347 "0000000000000000000000000000000000000000000000000000000000000000"
1348 "0000000000000000000000000000000000000000000000000000000000000000"
1349 "0000000000000000000000000000000000000000000000000000000000000000"
1350 "0000000000000000000000000000000000000000000000000000000000000000"
1351 "0000000000000000000000000000000000000000000000000000000000000000"
1352 "0000000000000000000000000000000000000000000000000000000000000000"
1353 "000000000000000000000000000000000000000000FFFFFFFFFFFFFF00000000");
1354 CHECK_GOTO(len);
1355 BN_free(b);
1356 CHECK_GOTO(b = BN_dup(a));
1357 CHECK_GOTO(BN_MONT_CTX_set(mont, n, ctx));
1358 CHECK_GOTO(BN_mod_mul_montgomery(c, a, a, mont, ctx));
1359 CHECK_GOTO(BN_mod_mul_montgomery(d, a, b, mont, ctx));
1360 if (BN_cmp(c, d)) {
1361 fprintf(stderr, "Montgomery multiplication test failed:"
1362 " a**2 != a*a.\n");
1363 rc = 0;
1364 goto err;
1365 }
1366 /* Zero input */
1367 CHECK_GOTO(BN_bntest_rand(p, 1024, 0, 0));
1368 CHECK_GOTO(BN_zero(a));
1369 if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
1370 rc = 0;
1371 goto err;
1372 }
1373 if (!BN_is_zero(d)) {
1374 fprintf(stderr, "Modular exponentiation test failed!\n");
1375 rc = 0;
1376 goto err;
1377 }
1378 /*
1379 * Craft an input whose Montgomery representation is 1, i.e., shorter
1380 * than the modulus m, in order to test the const time precomputation
1381 * scattering/gathering.
1382 */
1383 CHECK_GOTO(BN_one(a));
1384 CHECK_GOTO(BN_MONT_CTX_set(mont, m, ctx));
1385 if (!BN_from_montgomery(e, a, mont, ctx)) {
1386 rc = 0;
1387 goto err;
1388 }
1389 if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) {
1390 rc = 0;
1391 goto err;
1392 }
1393 if (!BN_mod_exp_simple(a, e, p, m, ctx)) {
1394 rc = 0;
1395 goto err;
1396 }
1397 if (BN_cmp(a, d) != 0) {
1398 fprintf(stderr, "Modular exponentiation test failed!\n");
1399 rc = 0;
1400 goto err;
1401 }
1402 /* Finally, some regular test vectors. */
1403 CHECK_GOTO(BN_bntest_rand(e, 1024, 0, 0));
1404 if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) {
1405 rc = 0;
1406 goto err;
1407 }
1408 if (!BN_mod_exp_simple(a, e, p, m, ctx)) {
1409 rc = 0;
1410 goto err;
1411 }
1412 if (BN_cmp(a, d) != 0) {
1413 fprintf(stderr, "Modular exponentiation test failed!\n");
1414 rc = 0;
1415 goto err;
1416 }
1417err:
1418 BN_free(a);
1419 BN_free(p);
1420 BN_free(m);
1421 BN_free(d);
1422 BN_free(e);
1423 BN_free(b);
1424 BN_free(n);
1425 BN_free(c);
1426 BN_MONT_CTX_free(mont);
1427 return (rc);
1428}
1429
1430int
1431test_exp(BIO *bp, BN_CTX *ctx)
1432{
1433 BIGNUM *a, *b, *d, *e, *one;
1434 int i;
1435 int rc = 1;
1436
1437 a = BN_new();
1438 b = BN_new();
1439 d = BN_new();
1440 e = BN_new();
1441 one = BN_new();
1442 CHECK_GOTO(BN_one(one));
1443
1444 for (i = 0; i < num2; i++) {
1445 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1446 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1447
1448 if (BN_exp(d, a, b, ctx) <= 0) {
1449 rc = 0;
1450 break;
1451 }
1452
1453 if (bp != NULL) {
1454 if (!results) {
1455 CHECK_GOTO(BN_print(bp, a));
1456 BIO_puts(bp, " ^ ");
1457 CHECK_GOTO(BN_print(bp, b));
1458 BIO_puts(bp, " - ");
1459 }
1460 CHECK_GOTO(BN_print(bp, d));
1461 BIO_puts(bp, "\n");
1462 }
1463 CHECK_GOTO(BN_one(e));
1464 for (; !BN_is_zero(b); BN_sub(b, b, one))
1465 CHECK_GOTO(BN_mul(e, e, a, ctx));
1466 CHECK_GOTO(BN_sub(e, e, d));
1467 if (!BN_is_zero(e)) {
1468 fprintf(stderr, "Exponentiation test failed!\n");
1469 rc = 0;
1470 break;
1471 }
1472 }
1473err:
1474 BN_free(a);
1475 BN_free(b);
1476 BN_free(d);
1477 BN_free(e);
1478 BN_free(one);
1479 return (rc);
1480}
1481
1482#ifndef OPENSSL_NO_EC2M
1483int
1484test_gf2m_add(BIO *bp)
1485{
1486 BIGNUM a, b, c;
1487 int i, rc = 0;
1488
1489 BN_init(&a);
1490 BN_init(&b);
1491 BN_init(&c);
1492
1493 for (i = 0; i < num0; i++) {
1494 CHECK_GOTO(BN_rand(&a, 512, 0, 0));
1495 CHECK_GOTO(BN_copy(&b, BN_value_one()));
1496 a.neg = rand_neg();
1497 b.neg = rand_neg();
1498 CHECK_GOTO(BN_GF2m_add(&c, &a, &b));
1499#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1500 if (bp != NULL) {
1501 if (!results) {
1502 CHECK_GOTO(BN_print(bp, &a));
1503 BIO_puts(bp, " ^ ");
1504 CHECK_GOTO(BN_print(bp, &b));
1505 BIO_puts(bp, " = ");
1506 }
1507 CHECK_GOTO(BN_print(bp, &c));
1508 BIO_puts(bp, "\n");
1509 }
1510#endif
1511 /* Test that two added values have the correct parity. */
1512 if ((BN_is_odd(&a) && BN_is_odd(&c))
1513 || (!BN_is_odd(&a) && !BN_is_odd(&c))) {
1514 fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
1515 goto err;
1516 }
1517 CHECK_GOTO(BN_GF2m_add(&c, &c, &c));
1518 /* Test that c + c = 0. */
1519 if (!BN_is_zero(&c)) {
1520 fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
1521 goto err;
1522 }
1523 }
1524 rc = 1;
1525err:
1526 BN_free(&a);
1527 BN_free(&b);
1528 BN_free(&c);
1529 return rc;
1530}
1531
1532int
1533test_gf2m_mod(BIO *bp)
1534{
1535 BIGNUM *a, *b[2], *c, *d, *e;
1536 int i, j, rc = 0;
1537 int p0[] = { 163, 7, 6, 3, 0, -1 };
1538 int p1[] = { 193, 15, 0, -1 };
1539
1540 a = BN_new();
1541 b[0] = BN_new();
1542 b[1] = BN_new();
1543 c = BN_new();
1544 d = BN_new();
1545 e = BN_new();
1546
1547 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1548 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1549
1550 for (i = 0; i < num0; i++) {
1551 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1552 for (j = 0; j < 2; j++) {
1553 CHECK_GOTO(BN_GF2m_mod(c, a, b[j]));
1554#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1555 if (bp != NULL) {
1556 if (!results) {
1557 CHECK_GOTO(BN_print(bp, a));
1558 BIO_puts(bp, " % ");
1559 CHECK_GOTO(BN_print(bp, b[j]));
1560 BIO_puts(bp, " - ");
1561 CHECK_GOTO(BN_print(bp, c));
1562 BIO_puts(bp, "\n");
1563 }
1564 }
1565#endif
1566 CHECK_GOTO(BN_GF2m_add(d, a, c));
1567 CHECK_GOTO(BN_GF2m_mod(e, d, b[j]));
1568 /* Test that a + (a mod p) mod p == 0. */
1569 if (!BN_is_zero(e)) {
1570 fprintf(stderr, "GF(2^m) modulo test failed!\n");
1571 goto err;
1572 }
1573 }
1574 }
1575 rc = 1;
1576err:
1577 BN_free(a);
1578 BN_free(b[0]);
1579 BN_free(b[1]);
1580 BN_free(c);
1581 BN_free(d);
1582 BN_free(e);
1583 return rc;
1584}
1585
1586int
1587test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
1588{
1589 BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
1590 int i, j, rc = 0;
1591 int p0[] = { 163, 7, 6, 3, 0, -1 };
1592 int p1[] = { 193, 15, 0, -1 };
1593
1594 a = BN_new();
1595 b[0] = BN_new();
1596 b[1] = BN_new();
1597 c = BN_new();
1598 d = BN_new();
1599 e = BN_new();
1600 f = BN_new();
1601 g = BN_new();
1602 h = BN_new();
1603
1604 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1605 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1606
1607 for (i = 0; i < num0; i++) {
1608 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1609 CHECK_GOTO(BN_bntest_rand(c, 1024, 0, 0));
1610 CHECK_GOTO(BN_bntest_rand(d, 1024, 0, 0));
1611 for (j = 0; j < 2; j++) {
1612 CHECK_GOTO(BN_GF2m_mod_mul(e, a, c, b[j], ctx));
1613#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1614 if (bp != NULL) {
1615 if (!results) {
1616 CHECK_GOTO(BN_print(bp, a));
1617 BIO_puts(bp, " * ");
1618 CHECK_GOTO(BN_print(bp, c));
1619 BIO_puts(bp, " % ");
1620 CHECK_GOTO(BN_print(bp, b[j]));
1621 BIO_puts(bp, " - ");
1622 CHECK_GOTO(BN_print(bp, e));
1623 BIO_puts(bp, "\n");
1624 }
1625 }
1626#endif
1627 CHECK_GOTO(BN_GF2m_add(f, a, d));
1628 CHECK_GOTO(BN_GF2m_mod_mul(g, f, c, b[j], ctx));
1629 CHECK_GOTO(BN_GF2m_mod_mul(h, d, c, b[j], ctx));
1630 CHECK_GOTO(BN_GF2m_add(f, e, g));
1631 CHECK_GOTO(BN_GF2m_add(f, f, h));
1632 /* Test that (a+d)*c = a*c + d*c. */
1633 if (!BN_is_zero(f)) {
1634 fprintf(stderr, "GF(2^m) modular multiplication test failed!\n");
1635 goto err;
1636 }
1637 }
1638 }
1639 rc = 1;
1640err:
1641 BN_free(a);
1642 BN_free(b[0]);
1643 BN_free(b[1]);
1644 BN_free(c);
1645 BN_free(d);
1646 BN_free(e);
1647 BN_free(f);
1648 BN_free(g);
1649 BN_free(h);
1650 return rc;
1651}
1652
1653int
1654test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
1655{
1656 BIGNUM *a, *b[2], *c, *d;
1657 int i, j, rc = 0;
1658 int p0[] = { 163, 7, 6, 3, 0, -1 };
1659 int p1[] = { 193, 15, 0, -1 };
1660
1661 a = BN_new();
1662 b[0] = BN_new();
1663 b[1] = BN_new();
1664 c = BN_new();
1665 d = BN_new();
1666
1667 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1668 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1669
1670 for (i = 0; i < num0; i++) {
1671 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1672 for (j = 0; j < 2; j++) {
1673 CHECK_GOTO(BN_GF2m_mod_sqr(c, a, b[j], ctx));
1674 CHECK_GOTO(BN_copy(d, a));
1675 CHECK_GOTO(BN_GF2m_mod_mul(d, a, d, b[j], ctx));
1676#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1677 if (bp != NULL) {
1678 if (!results) {
1679 CHECK_GOTO(BN_print(bp, a));
1680 BIO_puts(bp, " ^ 2 % ");
1681 CHECK_GOTO(BN_print(bp, b[j]));
1682 BIO_puts(bp, " = ");
1683 CHECK_GOTO(BN_print(bp, c));
1684 BIO_puts(bp, "; a * a = ");
1685 CHECK_GOTO(BN_print(bp, d));
1686 BIO_puts(bp, "\n");
1687 }
1688 }
1689#endif
1690 CHECK_GOTO(BN_GF2m_add(d, c, d));
1691 /* Test that a*a = a^2. */
1692 if (!BN_is_zero(d)) {
1693 fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
1694 goto err;
1695 }
1696 }
1697 }
1698 rc = 1;
1699err:
1700 BN_free(a);
1701 BN_free(b[0]);
1702 BN_free(b[1]);
1703 BN_free(c);
1704 BN_free(d);
1705 return rc;
1706}
1707
1708int
1709test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
1710{
1711 BIGNUM *a, *b[2], *c, *d;
1712 int i, j, rc = 0;
1713 int p0[] = { 163, 7, 6, 3, 0, -1 };
1714 int p1[] = { 193, 15, 0, -1 };
1715
1716 a = BN_new();
1717 b[0] = BN_new();
1718 b[1] = BN_new();
1719 c = BN_new();
1720 d = BN_new();
1721
1722 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1723 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1724
1725 for (i = 0; i < num0; i++) {
1726 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1727 for (j = 0; j < 2; j++) {
1728 CHECK_GOTO(BN_GF2m_mod_inv(c, a, b[j], ctx));
1729 CHECK_GOTO(BN_GF2m_mod_mul(d, a, c, b[j], ctx));
1730#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1731 if (bp != NULL) {
1732 if (!results) {
1733 CHECK_GOTO(BN_print(bp, a));
1734 BIO_puts(bp, " * ");
1735 CHECK_GOTO(BN_print(bp, c));
1736 BIO_puts(bp, " - 1 % ");
1737 CHECK_GOTO(BN_print(bp, b[j]));
1738 BIO_puts(bp, "\n");
1739 }
1740 }
1741#endif
1742 /* Test that ((1/a)*a) = 1. */
1743 if (!BN_is_one(d)) {
1744 fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
1745 goto err;
1746 }
1747 }
1748 }
1749 rc = 1;
1750err:
1751 BN_free(a);
1752 BN_free(b[0]);
1753 BN_free(b[1]);
1754 BN_free(c);
1755 BN_free(d);
1756 return rc;
1757}
1758
1759int
1760test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
1761{
1762 BIGNUM *a, *b[2], *c, *d, *e, *f;
1763 int i, j, rc = 0;
1764 int p0[] = { 163, 7, 6, 3, 0, -1 };
1765 int p1[] = { 193, 15, 0, -1 };
1766
1767 a = BN_new();
1768 b[0] = BN_new();
1769 b[1] = BN_new();
1770 c = BN_new();
1771 d = BN_new();
1772 e = BN_new();
1773 f = BN_new();
1774
1775 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1776 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1777
1778 for (i = 0; i < num0; i++) {
1779 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1780 CHECK_GOTO(BN_bntest_rand(c, 512, 0, 0));
1781 for (j = 0; j < 2; j++) {
1782 CHECK_GOTO(BN_GF2m_mod_div(d, a, c, b[j], ctx));
1783 CHECK_GOTO(BN_GF2m_mod_mul(e, d, c, b[j], ctx));
1784 CHECK_GOTO(BN_GF2m_mod_div(f, a, e, b[j], ctx));
1785#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1786 if (bp != NULL) {
1787 if (!results) {
1788 CHECK_GOTO(BN_print(bp, a));
1789 BIO_puts(bp, " = ");
1790 CHECK_GOTO(BN_print(bp, c));
1791 BIO_puts(bp, " * ");
1792 CHECK_GOTO(BN_print(bp, d));
1793 BIO_puts(bp, " % ");
1794 CHECK_GOTO(BN_print(bp, b[j]));
1795 BIO_puts(bp, "\n");
1796 }
1797 }
1798#endif
1799 /* Test that ((a/c)*c)/a = 1. */
1800 if (!BN_is_one(f)) {
1801 fprintf(stderr, "GF(2^m) modular division test failed!\n");
1802 goto err;
1803 }
1804 }
1805 }
1806 rc = 1;
1807err:
1808 BN_free(a);
1809 BN_free(b[0]);
1810 BN_free(b[1]);
1811 BN_free(c);
1812 BN_free(d);
1813 BN_free(e);
1814 BN_free(f);
1815 return rc;
1816}
1817
1818int
1819test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
1820{
1821 BIGNUM *a, *b[2], *c, *d, *e, *f;
1822 int i, j, rc = 0;
1823 int p0[] = { 163, 7, 6, 3, 0, -1 };
1824 int p1[] = { 193, 15, 0, -1 };
1825
1826 a = BN_new();
1827 b[0] = BN_new();
1828 b[1] = BN_new();
1829 c = BN_new();
1830 d = BN_new();
1831 e = BN_new();
1832 f = BN_new();
1833
1834 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1835 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1836
1837 for (i = 0; i < num0; i++) {
1838 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1839 CHECK_GOTO(BN_bntest_rand(c, 512, 0, 0));
1840 CHECK_GOTO(BN_bntest_rand(d, 512, 0, 0));
1841 for (j = 0; j < 2; j++) {
1842 CHECK_GOTO(BN_GF2m_mod_exp(e, a, c, b[j], ctx));
1843 CHECK_GOTO(BN_GF2m_mod_exp(f, a, d, b[j], ctx));
1844 CHECK_GOTO(BN_GF2m_mod_mul(e, e, f, b[j], ctx));
1845 CHECK_GOTO(BN_add(f, c, d));
1846 CHECK_GOTO(BN_GF2m_mod_exp(f, a, f, b[j], ctx));
1847#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1848 if (bp != NULL) {
1849 if (!results) {
1850 CHECK_GOTO(BN_print(bp, a));
1851 BIO_puts(bp, " ^ (");
1852 CHECK_GOTO(BN_print(bp, c));
1853 BIO_puts(bp, " + ");
1854 CHECK_GOTO(BN_print(bp, d));
1855 BIO_puts(bp, ") = ");
1856 CHECK_GOTO(BN_print(bp, e));
1857 BIO_puts(bp, "; - ");
1858 CHECK_GOTO(BN_print(bp, f));
1859 BIO_puts(bp, " % ");
1860 CHECK_GOTO(BN_print(bp, b[j]));
1861 BIO_puts(bp, "\n");
1862 }
1863 }
1864#endif
1865 CHECK_GOTO(BN_GF2m_add(f, e, f));
1866 /* Test that a^(c+d)=a^c*a^d. */
1867 if (!BN_is_zero(f)) {
1868 fprintf(stderr, "GF(2^m) modular exponentiation test failed!\n");
1869 goto err;
1870 }
1871 }
1872 }
1873 rc = 1;
1874err:
1875 BN_free(a);
1876 BN_free(b[0]);
1877 BN_free(b[1]);
1878 BN_free(c);
1879 BN_free(d);
1880 BN_free(e);
1881 BN_free(f);
1882 return rc;
1883}
1884
1885int
1886test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
1887{
1888 BIGNUM *a, *b[2], *c, *d, *e, *f;
1889 int i, j, rc = 0;
1890 int p0[] = { 163, 7, 6, 3, 0, -1 };
1891 int p1[] = { 193, 15, 0, -1 };
1892
1893 a = BN_new();
1894 b[0] = BN_new();
1895 b[1] = BN_new();
1896 c = BN_new();
1897 d = BN_new();
1898 e = BN_new();
1899 f = BN_new();
1900
1901 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1902 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1903
1904 for (i = 0; i < num0; i++) {
1905 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1906 for (j = 0; j < 2; j++) {
1907 CHECK_GOTO(BN_GF2m_mod(c, a, b[j]));
1908 CHECK_GOTO(BN_GF2m_mod_sqrt(d, a, b[j], ctx));
1909 CHECK_GOTO(BN_GF2m_mod_sqr(e, d, b[j], ctx));
1910#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1911 if (bp != NULL) {
1912 if (!results) {
1913 CHECK_GOTO(BN_print(bp, d));
1914 BIO_puts(bp, " ^ 2 - ");
1915 CHECK_GOTO(BN_print(bp, a));
1916 BIO_puts(bp, "\n");
1917 }
1918 }
1919#endif
1920 CHECK_GOTO(BN_GF2m_add(f, c, e));
1921 /* Test that d^2 = a, where d = sqrt(a). */
1922 if (!BN_is_zero(f)) {
1923 fprintf(stderr, "GF(2^m) modular square root test failed!\n");
1924 goto err;
1925 }
1926 }
1927 }
1928 rc = 1;
1929err:
1930 BN_free(a);
1931 BN_free(b[0]);
1932 BN_free(b[1]);
1933 BN_free(c);
1934 BN_free(d);
1935 BN_free(e);
1936 BN_free(f);
1937 return rc;
1938}
1939
1940int
1941test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
1942{
1943 BIGNUM *a, *b[2], *c, *d, *e;
1944 int i, j, s = 0, t, rc = 0;
1945 int p0[] = { 163, 7, 6, 3, 0, -1 };
1946 int p1[] = { 193, 15, 0, -1 };
1947
1948 a = BN_new();
1949 b[0] = BN_new();
1950 b[1] = BN_new();
1951 c = BN_new();
1952 d = BN_new();
1953 e = BN_new();
1954
1955 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1956 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1957
1958 for (i = 0; i < num0; i++) {
1959 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1960 for (j = 0; j < 2; j++) {
1961 t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
1962 if (t) {
1963 s++;
1964 CHECK_GOTO(BN_GF2m_mod_sqr(d, c, b[j], ctx));
1965 CHECK_GOTO(BN_GF2m_add(d, c, d));
1966 CHECK_GOTO(BN_GF2m_mod(e, a, b[j]));
1967#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1968 if (bp != NULL) {
1969 if (!results) {
1970 CHECK_GOTO(BN_print(bp, c));
1971 BIO_puts(bp, " is root of z^2 + z = ");
1972 CHECK_GOTO(BN_print(bp, a));
1973 BIO_puts(bp, " % ");
1974 CHECK_GOTO(BN_print(bp, b[j]));
1975 BIO_puts(bp, "\n");
1976 }
1977 }
1978#endif
1979 CHECK_GOTO(BN_GF2m_add(e, e, d));
1980 /* Test that solution of quadratic c satisfies c^2 + c = a. */
1981 if (!BN_is_zero(e)) {
1982 fprintf(stderr, "GF(2^m) modular solve quadratic test failed!\n");
1983 goto err;
1984 }
1985
1986 } else {
1987#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1988 if (bp != NULL) {
1989 if (!results) {
1990 BIO_puts(bp, "There are no roots of z^2 + z = ");
1991 CHECK_GOTO(BN_print(bp, a));
1992 BIO_puts(bp, " % ");
1993 CHECK_GOTO(BN_print(bp, b[j]));
1994 BIO_puts(bp, "\n");
1995 }
1996 }
1997#endif
1998 }
1999 }
2000 }
2001 if (s == 0) {
2002 fprintf(stderr, "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
2003 fprintf(stderr, "this is very unlikely and probably indicates an error.\n");
2004 goto err;
2005 }
2006 rc = 1;
2007err:
2008 BN_free(a);
2009 BN_free(b[0]);
2010 BN_free(b[1]);
2011 BN_free(c);
2012 BN_free(d);
2013 BN_free(e);
2014 return rc;
2015}
2016#endif
2017static int
2018genprime_cb(int p, int n, BN_GENCB *arg)
2019{
2020 char c = '*';
2021
2022 if (p == 0)
2023 c = '.';
2024 if (p == 1)
2025 c = '+';
2026 if (p == 2)
2027 c = '*';
2028 if (p == 3)
2029 c = '\n';
2030 putc(c, stderr);
2031 fflush(stderr);
2032 return (1);
2033}
2034
2035int
2036test_kron(BIO *bp, BN_CTX *ctx)
2037{
2038 BN_GENCB cb;
2039 BIGNUM *a, *b, *r, *t;
2040 int i;
2041 int legendre, kronecker;
2042 int rc = 0;
2043
2044 a = BN_new();
2045 b = BN_new();
2046 r = BN_new();
2047 t = BN_new();
2048 if (a == NULL || b == NULL || r == NULL || t == NULL)
2049 goto err;
2050
2051 BN_GENCB_set(&cb, genprime_cb, NULL);
2052
2053 /*
2054 * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
2055 * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
2056 * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
2057 * generate a random prime b and compare these values for a number of
2058 * random a's. (That is, we run the Solovay-Strassen primality test to
2059 * confirm that b is prime, except that we don't want to test whether b
2060 * is prime but whether BN_kronecker works.)
2061 */
2062
2063 if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
2064 goto err;
2065 b->neg = rand_neg();
2066 putc('\n', stderr);
2067
2068 for (i = 0; i < num0; i++) {
2069 if (!BN_bntest_rand(a, 512, 0, 0))
2070 goto err;
2071 a->neg = rand_neg();
2072
2073 /* t := (|b|-1)/2 (note that b is odd) */
2074 if (!BN_copy(t, b))
2075 goto err;
2076 t->neg = 0;
2077 if (!BN_sub_word(t, 1))
2078 goto err;
2079 if (!BN_rshift1(t, t))
2080 goto err;
2081 /* r := a^t mod b */
2082 b->neg = 0;
2083
2084 if (!BN_mod_exp_recp(r, a, t, b, ctx))
2085 goto err;
2086 b->neg = 1;
2087
2088 if (BN_is_word(r, 1))
2089 legendre = 1;
2090 else if (BN_is_zero(r))
2091 legendre = 0;
2092 else {
2093 if (!BN_add_word(r, 1))
2094 goto err;
2095 if (0 != BN_ucmp(r, b)) {
2096 fprintf(stderr, "Legendre symbol computation failed\n");
2097 goto err;
2098 }
2099 legendre = -1;
2100 }
2101
2102 kronecker = BN_kronecker(a, b, ctx);
2103 if (kronecker < -1)
2104 goto err;
2105 /* we actually need BN_kronecker(a, |b|) */
2106 if (a->neg && b->neg)
2107 kronecker = -kronecker;
2108
2109 if (legendre != kronecker) {
2110 fprintf(stderr, "legendre != kronecker; a = ");
2111 CHECK_GOTO(BN_print_fp(stderr, a));
2112 fprintf(stderr, ", b = ");
2113 CHECK_GOTO(BN_print_fp(stderr, b));
2114 fprintf(stderr, "\n");
2115 goto err;
2116 }
2117
2118 putc('.', stderr);
2119 fflush(stderr);
2120 }
2121
2122 putc('\n', stderr);
2123 fflush(stderr);
2124 rc = 1;
2125err:
2126 BN_free(a);
2127 BN_free(b);
2128 BN_free(r);
2129 BN_free(t);
2130 return rc;
2131}
2132
2133int
2134test_sqrt(BIO *bp, BN_CTX *ctx)
2135{
2136 BN_GENCB cb;
2137 BIGNUM *a, *p, *r;
2138 int i, j;
2139 int rc = 0;
2140
2141 a = BN_new();
2142 p = BN_new();
2143 r = BN_new();
2144 if (a == NULL || p == NULL || r == NULL)
2145 goto err;
2146
2147 BN_GENCB_set(&cb, genprime_cb, NULL);
2148
2149 for (i = 0; i < 16; i++) {
2150 if (i < 8) {
2151 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
2152
2153 if (!BN_set_word(p, primes[i]))
2154 goto err;
2155 } else {
2156 if (!BN_set_word(a, 32))
2157 goto err;
2158 if (!BN_set_word(r, 2 * i + 1))
2159 goto err;
2160
2161 if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
2162 goto err;
2163 putc('\n', stderr);
2164 }
2165 p->neg = rand_neg();
2166
2167 for (j = 0; j < num2; j++) {
2168 /*
2169 * construct 'a' such that it is a square modulo p, but in
2170 * general not a proper square and not reduced modulo p
2171 */
2172 if (!BN_bntest_rand(r, 256, 0, 3))
2173 goto err;
2174 if (!BN_nnmod(r, r, p, ctx))
2175 goto err;
2176 if (!BN_mod_sqr(r, r, p, ctx))
2177 goto err;
2178 if (!BN_bntest_rand(a, 256, 0, 3))
2179 goto err;
2180 if (!BN_nnmod(a, a, p, ctx))
2181 goto err;
2182 if (!BN_mod_sqr(a, a, p, ctx))
2183 goto err;
2184 if (!BN_mul(a, a, r, ctx))
2185 goto err;
2186 if (rand_neg())
2187 if (!BN_sub(a, a, p))
2188 goto err;
2189
2190 if (!BN_mod_sqrt(r, a, p, ctx))
2191 goto err;
2192 if (!BN_mod_sqr(r, r, p, ctx))
2193 goto err;
2194
2195 if (!BN_nnmod(a, a, p, ctx))
2196 goto err;
2197
2198 if (BN_cmp(a, r) != 0) {
2199 fprintf(stderr, "BN_mod_sqrt failed: a = ");
2200 CHECK_GOTO(BN_print_fp(stderr, a));
2201 fprintf(stderr, ", r = ");
2202 CHECK_GOTO(BN_print_fp(stderr, r));
2203 fprintf(stderr, ", p = ");
2204 CHECK_GOTO(BN_print_fp(stderr, p));
2205 fprintf(stderr, "\n");
2206 goto err;
2207 }
2208
2209 putc('.', stderr);
2210 fflush(stderr);
2211 }
2212
2213 putc('\n', stderr);
2214 fflush(stderr);
2215 }
2216 rc = 1;
2217err:
2218 BN_free(a);
2219 BN_free(p);
2220 BN_free(r);
2221 return rc;
2222}
2223
2224int
2225test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
2226{
2227 BIGNUM *a = NULL, *b, *c, *d;
2228 int i;
2229 int rc = 1;
2230
2231 b = BN_new();
2232 c = BN_new();
2233 d = BN_new();
2234 CHECK_GOTO(BN_one(c));
2235
2236 if (a_)
2237 a = a_;
2238 else {
2239 a = BN_new();
2240 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2241 a->neg = rand_neg();
2242 }
2243 for (i = 0; i < num0; i++) {
2244 CHECK_GOTO(BN_lshift(b, a, i + 1));
2245 CHECK_GOTO(BN_add(c, c, c));
2246 if (bp != NULL) {
2247 if (!results) {
2248 CHECK_GOTO(BN_print(bp, a));
2249 BIO_puts(bp, " * ");
2250 CHECK_GOTO(BN_print(bp, c));
2251 BIO_puts(bp, " - ");
2252 }
2253 CHECK_GOTO(BN_print(bp, b));
2254 BIO_puts(bp, "\n");
2255 }
2256 CHECK_GOTO(BN_mul(d, a, c, ctx));
2257 CHECK_GOTO(BN_sub(d, d, b));
2258 if (!BN_is_zero(d)) {
2259 fprintf(stderr, "Left shift test failed!\n");
2260 fprintf(stderr, "a=");
2261 CHECK_GOTO(BN_print_fp(stderr, a));
2262 fprintf(stderr, "\nb=");
2263 CHECK_GOTO(BN_print_fp(stderr, b));
2264 fprintf(stderr, "\nc=");
2265 CHECK_GOTO(BN_print_fp(stderr, c));
2266 fprintf(stderr, "\nd=");
2267 CHECK_GOTO(BN_print_fp(stderr, d));
2268 fprintf(stderr, "\n");
2269 rc = 0;
2270 break;
2271 }
2272 }
2273err:
2274 BN_free(a);
2275 BN_free(b);
2276 BN_free(c);
2277 BN_free(d);
2278 return (rc);
2279}
2280
2281int
2282test_lshift1(BIO *bp)
2283{
2284 BIGNUM *a, *b, *c;
2285 int i;
2286 int rc = 1;
2287
2288 a = BN_new();
2289 b = BN_new();
2290 c = BN_new();
2291
2292 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2293 a->neg = rand_neg();
2294 for (i = 0; i < num0; i++) {
2295 CHECK_GOTO(BN_lshift1(b, a));
2296 if (bp != NULL) {
2297 if (!results) {
2298 CHECK_GOTO(BN_print(bp, a));
2299 BIO_puts(bp, " * 2");
2300 BIO_puts(bp, " - ");
2301 }
2302 CHECK_GOTO(BN_print(bp, b));
2303 BIO_puts(bp, "\n");
2304 }
2305 CHECK_GOTO(BN_add(c, a, a));
2306 CHECK_GOTO(BN_sub(a, b, c));
2307 if (!BN_is_zero(a)) {
2308 fprintf(stderr, "Left shift one test failed!\n");
2309 rc = 0;
2310 break;
2311 }
2312
2313 CHECK_GOTO(BN_copy(a, b));
2314 }
2315err:
2316 BN_free(a);
2317 BN_free(b);
2318 BN_free(c);
2319 return (rc);
2320}
2321
2322int
2323test_rshift(BIO *bp, BN_CTX *ctx)
2324{
2325 BIGNUM *a, *b, *c, *d, *e;
2326 int i;
2327 int rc = 1;
2328
2329 a = BN_new();
2330 b = BN_new();
2331 c = BN_new();
2332 d = BN_new();
2333 e = BN_new();
2334 CHECK_GOTO(BN_one(c));
2335
2336 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2337 a->neg = rand_neg();
2338 for (i = 0; i < num0; i++) {
2339 CHECK_GOTO(BN_rshift(b, a, i + 1));
2340 CHECK_GOTO(BN_add(c, c, c));
2341 if (bp != NULL) {
2342 if (!results) {
2343 CHECK_GOTO(BN_print(bp, a));
2344 BIO_puts(bp, " / ");
2345 CHECK_GOTO(BN_print(bp, c));
2346 BIO_puts(bp, " - ");
2347 }
2348 CHECK_GOTO(BN_print(bp, b));
2349 BIO_puts(bp, "\n");
2350 }
2351 CHECK_GOTO(BN_div(d, e, a, c, ctx));
2352 CHECK_GOTO(BN_sub(d, d, b));
2353 if (!BN_is_zero(d)) {
2354 fprintf(stderr, "Right shift test failed!\n");
2355 rc = 0;
2356 break;
2357 }
2358 }
2359err:
2360 BN_free(a);
2361 BN_free(b);
2362 BN_free(c);
2363 BN_free(d);
2364 BN_free(e);
2365 return (rc);
2366}
2367
2368int
2369test_rshift1(BIO *bp)
2370{
2371 BIGNUM *a, *b, *c;
2372 int i;
2373 int rc = 1;
2374
2375 a = BN_new();
2376 b = BN_new();
2377 c = BN_new();
2378
2379 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2380 a->neg = rand_neg();
2381 for (i = 0; i < num0; i++) {
2382 CHECK_GOTO(BN_rshift1(b, a));
2383 if (bp != NULL) {
2384 if (!results) {
2385 CHECK_GOTO(BN_print(bp, a));
2386 BIO_puts(bp, " / 2");
2387 BIO_puts(bp, " - ");
2388 }
2389 CHECK_GOTO(BN_print(bp, b));
2390 BIO_puts(bp, "\n");
2391 }
2392 CHECK_GOTO(BN_sub(c, a, b));
2393 CHECK_GOTO(BN_sub(c, c, b));
2394 if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
2395 fprintf(stderr, "Right shift one test failed!\n");
2396 rc = 0;
2397 break;
2398 }
2399 CHECK_GOTO(BN_copy(a, b));
2400 }
2401err:
2402 BN_free(a);
2403 BN_free(b);
2404 BN_free(c);
2405 return (rc);
2406}
2407
2408int
2409rand_neg(void)
2410{
2411 static unsigned int neg = 0;
2412 static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };
2413
2414 return (sign[(neg++) % 8]);
2415}
2416
2417int
2418test_mod_exp_sizes(BIO *bp, BN_CTX *ctx)
2419{
2420 BN_MONT_CTX *mont_ctx = NULL;
2421 BIGNUM *p, *x, *y, *r, *r2;
2422 int size;
2423 int rc = 0;
2424
2425 BN_CTX_start(ctx);
2426 CHECK_GOTO(p = BN_CTX_get(ctx));
2427 CHECK_GOTO(x = BN_CTX_get(ctx));
2428 CHECK_GOTO(y = BN_CTX_get(ctx));
2429 CHECK_GOTO(r = BN_CTX_get(ctx));
2430 CHECK_GOTO(r2 = BN_CTX_get(ctx));
2431 mont_ctx = BN_MONT_CTX_new();
2432
2433 if (r2 == NULL || mont_ctx == NULL)
2434 goto err;
2435
2436 if (!BN_generate_prime_ex(p, 32, 0, NULL, NULL, NULL) ||
2437 !BN_MONT_CTX_set(mont_ctx, p, ctx))
2438 goto err;
2439
2440 for (size = 32; size < 1024; size += 8) {
2441 if (!BN_rand(x, size, -1, 0) ||
2442 !BN_rand(y, size, -1, 0) ||
2443 !BN_mod_exp_mont_consttime(r, x, y, p, ctx, mont_ctx) ||
2444 !BN_mod_exp(r2, x, y, p, ctx))
2445 goto err;
2446
2447 if (BN_cmp(r, r2) != 0) {
2448 char *r_str = NULL;
2449 char *r2_str = NULL;
2450 CHECK_GOTO(r_str = BN_bn2hex(r));
2451 CHECK_GOTO(r2_str = BN_bn2hex(r2));
2452
2453 printf("Incorrect answer at size %d: %s vs %s\n",
2454 size, r_str, r2_str);
2455 free(r_str);
2456 free(r2_str);
2457 goto err;
2458 }
2459 }
2460
2461 rc = 1;
2462
2463err:
2464 BN_MONT_CTX_free(mont_ctx);
2465 BN_CTX_end(ctx);
2466 return rc;
2467}
diff --git a/src/regress/lib/libcrypto/bn/mont/Makefile b/src/regress/lib/libcrypto/bn/mont/Makefile
deleted file mode 100644
index 55c48220d4..0000000000
--- a/src/regress/lib/libcrypto/bn/mont/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2017/01/21 09:38:58 beck Exp $
2
3PROG= mont
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/mont/mont.c b/src/regress/lib/libcrypto/bn/mont/mont.c
deleted file mode 100644
index 30d5317b64..0000000000
--- a/src/regress/lib/libcrypto/bn/mont/mont.c
+++ /dev/null
@@ -1,73 +0,0 @@
1/* $OpenBSD: mont.c,v 1.2 2014/10/22 13:23:05 jsing Exp $ */
2
3/*
4 * Copyright (c) 2014 Miodrag Vallat.
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <stdio.h>
20#include <stdlib.h>
21#include <string.h>
22#include <err.h>
23
24#include <openssl/bn.h>
25#include <openssl/crypto.h>
26#include <openssl/dh.h>
27#include <openssl/err.h>
28
29/*
30 * Test for proper bn_mul_mont behaviour when operands are of vastly different
31 * sizes.
32 */
33
34int
35main(int argc, char *argv[])
36{
37 DH *dh;
38 unsigned char *key, r[32 + 16 * 8];
39 size_t privsz;
40
41 arc4random_buf(r, sizeof(r));
42
43 for (privsz = 32; privsz <= sizeof(r); privsz += 8) {
44 dh = DH_new();
45 if (dh == NULL)
46 goto err;
47 if (DH_generate_parameters_ex(dh, 32, DH_GENERATOR_2,
48 NULL) == 0)
49 goto err;
50
51 /* force private key to be much larger than public one */
52 dh->priv_key = BN_bin2bn(r, privsz, NULL);
53 if (dh->priv_key == NULL)
54 goto err;
55
56 if (DH_generate_key(dh) == 0)
57 goto err;
58 key = malloc(DH_size(dh));
59 if (key == NULL)
60 err(1, "malloc");
61 if (DH_compute_key(key, dh->pub_key, dh) == -1)
62 goto err;
63
64 free(key);
65 DH_free(dh);
66 }
67
68 return 0;
69
70err:
71 ERR_print_errors_fp(stderr);
72 return 1;
73}
diff --git a/src/regress/lib/libcrypto/bn/rand/Makefile b/src/regress/lib/libcrypto/bn/rand/Makefile
deleted file mode 100644
index 52d0835df4..0000000000
--- a/src/regress/lib/libcrypto/bn/rand/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/11/06 06:55:27 tb Exp $
2
3.include "../../Makefile.inc"
4
5PROG= bn_rand_interval
6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes
9CFLAGS+= -Werror
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c b/src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c
deleted file mode 100644
index 09b1a34eea..0000000000
--- a/src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c
+++ /dev/null
@@ -1,113 +0,0 @@
1/* $OpenBSD: bn_rand_interval.c,v 1.2 2018/11/06 13:17:42 tb Exp $ */
2/*
3 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include <openssl/bn.h>
22
23#define NUM_TESTS 1000000
24
25int bn_rand_interval(BIGNUM *rnd, const BIGNUM *lower_incl,
26 const BIGNUM *upper_excl);
27void print_triple(BIGNUM *a, BIGNUM *b, BIGNUM *x);
28
29void
30print_triple(BIGNUM *a, BIGNUM *b, BIGNUM *x) {
31 if (a != NULL) {
32 printf("a = ");
33 BN_print_fp(stdout, a);
34 printf("\n");
35 }
36
37 if (b != NULL) {
38 printf("b = ");
39 BN_print_fp(stdout, b);
40 printf("\n");
41 }
42
43 if (x != NULL) {
44 printf("x = ");
45 BN_print_fp(stdout, x);
46 printf("\n");
47 }
48}
49
50int
51main(int argc, char *argv[])
52{
53 BIGNUM *a, *b, *x;
54 int i, success = 1;
55
56 if ((a = BN_new()) == NULL)
57 err(1, "BN_hex2bn");
58 if ((b = BN_new()) == NULL)
59 err(1, "BN_hex2bn");
60 if ((x = BN_new()) == NULL)
61 err(1, "BN_new()");
62
63 for (i = 0; i < NUM_TESTS; i++) {
64 if (!BN_rand(a, 256, 0, 0))
65 err(1, "BN_rand(a)");
66
67 if (bn_rand_interval(x, a, a) != 0) {
68 success = 0;
69
70 printf("bn_rand_interval(a == a) succeeded\n");
71 print_triple(a, NULL, x);
72 }
73
74 if (!BN_rand(b, 256, 0, 0))
75 err(1, "BN_rand(b)");
76
77 switch(BN_cmp(a, b)) {
78 case 0: /* a == b */
79 continue;
80
81 case 1: /* a > b */
82 BN_swap(a, b);
83 break;
84
85 default: /* a < b */
86 break;
87 }
88
89 if (!bn_rand_interval(x, a, b))
90 err(1, "bn_rand_interval() failed");
91
92 if (BN_cmp(x, a) < 0 || BN_cmp(x, b) >= 0) {
93 success = 0;
94
95 printf("generated number x not inside [a,b)\n");
96 print_triple(a, b, x);
97 }
98
99 if (bn_rand_interval(x, b, a) != 0) {
100 success = 0;
101
102 printf("bn_rand_interval(x, b, a) succeeded\n");
103 print_triple(a, b, x);
104 }
105 }
106
107 if (success == 1)
108 printf("success\n");
109 else
110 printf("FAIL");
111
112 return 1 - success;
113}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 01:28:24 +0000