diff options
Diffstat (limited to 'src/regress/lib/libcrypto/exp/exptest.c')
| -rw-r--r-- | src/regress/lib/libcrypto/exp/exptest.c | 259 |
1 files changed, 184 insertions, 75 deletions
diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c index 5f9b663a26..45ca5ac5f5 100644 --- a/src/regress/lib/libcrypto/exp/exptest.c +++ b/src/regress/lib/libcrypto/exp/exptest.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| @@ -66,110 +66,213 @@ | |||
| 66 | 66 | ||
| 67 | #define NUM_BITS (BN_BITS*2) | 67 | #define NUM_BITS (BN_BITS*2) |
| 68 | 68 | ||
| 69 | /* | ||
| 70 | * Test that r == 0 in test_exp_mod_zero(). Returns one on success, | ||
| 71 | * returns zero and prints debug output otherwise. | ||
| 72 | */ | ||
| 73 | static int a_is_zero_mod_one(const char *method, const BIGNUM *r, | ||
| 74 | const BIGNUM *a) { | ||
| 75 | if (!BN_is_zero(r)) { | ||
| 76 | fprintf(stderr, "%s failed:\n", method); | ||
| 77 | fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); | ||
| 78 | fprintf(stderr, "a = "); | ||
| 79 | BN_print_fp(stderr, a); | ||
| 80 | fprintf(stderr, "\nr = "); | ||
| 81 | BN_print_fp(stderr, r); | ||
| 82 | fprintf(stderr, "\n"); | ||
| 83 | return 0; | ||
| 84 | } | ||
| 85 | return 1; | ||
| 86 | } | ||
| 87 | |||
| 88 | /* | ||
| 89 | * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. | ||
| 90 | */ | ||
| 91 | static int test_exp_mod_zero(void) | ||
| 92 | { | ||
| 93 | BIGNUM a, p, m; | ||
| 94 | BIGNUM r; | ||
| 95 | BN_ULONG one_word = 1; | ||
| 96 | BN_CTX *ctx = BN_CTX_new(); | ||
| 97 | int ret = 1, failed = 0; | ||
| 98 | |||
| 99 | BN_init(&m); | ||
| 100 | BN_one(&m); | ||
| 101 | |||
| 102 | BN_init(&a); | ||
| 103 | BN_one(&a); | ||
| 104 | |||
| 105 | BN_init(&p); | ||
| 106 | BN_zero(&p); | ||
| 107 | |||
| 108 | BN_init(&r); | ||
| 109 | |||
| 110 | if (!BN_rand(&a, 1024, 0, 0)) | ||
| 111 | goto err; | ||
| 112 | |||
| 113 | if (!BN_mod_exp(&r, &a, &p, &m, ctx)) | ||
| 114 | goto err; | ||
| 115 | |||
| 116 | if (!a_is_zero_mod_one("BN_mod_exp", &r, &a)) | ||
| 117 | failed = 1; | ||
| 118 | |||
| 119 | if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx)) | ||
| 120 | goto err; | ||
| 121 | |||
| 122 | if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a)) | ||
| 123 | failed = 1; | ||
| 124 | |||
| 125 | if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx)) | ||
| 126 | goto err; | ||
| 127 | |||
| 128 | if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a)) | ||
| 129 | failed = 1; | ||
| 130 | |||
| 131 | if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL)) | ||
| 132 | goto err; | ||
| 133 | |||
| 134 | if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a)) | ||
| 135 | failed = 1; | ||
| 136 | |||
| 137 | if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) { | ||
| 138 | goto err; | ||
| 139 | } | ||
| 140 | |||
| 141 | if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a)) | ||
| 142 | failed = 1; | ||
| 143 | |||
| 144 | /* | ||
| 145 | * A different codepath exists for single word multiplication | ||
| 146 | * in non-constant-time only. | ||
| 147 | */ | ||
| 148 | if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL)) | ||
| 149 | goto err; | ||
| 150 | |||
| 151 | if (!BN_is_zero(&r)) { | ||
| 152 | fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); | ||
| 153 | fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); | ||
| 154 | fprintf(stderr, "r = "); | ||
| 155 | BN_print_fp(stderr, &r); | ||
| 156 | fprintf(stderr, "\n"); | ||
| 157 | return 0; | ||
| 158 | } | ||
| 159 | |||
| 160 | ret = failed; | ||
| 161 | |||
| 162 | err: | ||
| 163 | BN_free(&r); | ||
| 164 | BN_free(&a); | ||
| 165 | BN_free(&p); | ||
| 166 | BN_free(&m); | ||
| 167 | BN_CTX_free(ctx); | ||
| 168 | |||
| 169 | return ret; | ||
| 170 | } | ||
| 171 | |||
| 69 | int main(int argc, char *argv[]) | 172 | int main(int argc, char *argv[]) |
| 70 | { | 173 | { |
| 71 | BN_CTX *ctx; | 174 | BN_CTX *ctx; |
| 72 | BIO *out=NULL; | 175 | BIO *out = NULL; |
| 73 | int i,ret; | 176 | int i, ret; |
| 74 | unsigned char c; | 177 | unsigned char c; |
| 75 | BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m; | 178 | BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; |
| 76 | 179 | ||
| 77 | ERR_load_BN_strings(); | 180 | ERR_load_BN_strings(); |
| 78 | 181 | ||
| 79 | ctx=BN_CTX_new(); | 182 | ctx = BN_CTX_new(); |
| 80 | if (ctx == NULL) exit(1); | 183 | if (ctx == NULL) |
| 81 | r_mont=BN_new(); | 184 | exit(1); |
| 82 | r_mont_const=BN_new(); | 185 | r_mont = BN_new(); |
| 83 | r_recp=BN_new(); | 186 | r_mont_const = BN_new(); |
| 84 | r_simple=BN_new(); | 187 | r_recp = BN_new(); |
| 85 | a=BN_new(); | 188 | r_simple = BN_new(); |
| 86 | b=BN_new(); | 189 | a = BN_new(); |
| 87 | m=BN_new(); | 190 | b = BN_new(); |
| 88 | if ( (r_mont == NULL) || (r_recp == NULL) || | 191 | m = BN_new(); |
| 89 | (a == NULL) || (b == NULL)) | 192 | if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL)) |
| 90 | goto err; | 193 | goto err; |
| 91 | 194 | ||
| 92 | out=BIO_new(BIO_s_file()); | 195 | out = BIO_new(BIO_s_file()); |
| 93 | 196 | ||
| 94 | if (out == NULL) exit(1); | 197 | if (out == NULL) |
| 95 | BIO_set_fp(out,stdout,BIO_NOCLOSE); | 198 | exit(1); |
| 199 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | ||
| 96 | 200 | ||
| 97 | for (i=0; i<200; i++) | 201 | for (i = 0; i < 200; i++) { |
| 98 | { | 202 | arc4random_buf(&c, 1); |
| 99 | arc4random_buf(&c,1); | 203 | c = (c % BN_BITS) - BN_BITS2; |
| 100 | c=(c%BN_BITS)-BN_BITS2; | 204 | BN_rand(a, NUM_BITS + c, 0, 0); |
| 101 | BN_rand(a,NUM_BITS+c,0,0); | ||
| 102 | 205 | ||
| 103 | arc4random_buf(&c,1); | 206 | arc4random_buf(&c, 1); |
| 104 | c=(c%BN_BITS)-BN_BITS2; | 207 | c = (c % BN_BITS) - BN_BITS2; |
| 105 | BN_rand(b,NUM_BITS+c,0,0); | 208 | BN_rand(b, NUM_BITS + c, 0, 0); |
| 106 | 209 | ||
| 107 | arc4random_buf(&c,1); | 210 | arc4random_buf(&c, 1); |
| 108 | c=(c%BN_BITS)-BN_BITS2; | 211 | c = (c % BN_BITS) - BN_BITS2; |
| 109 | BN_rand(m,NUM_BITS+c,0,1); | 212 | BN_rand(m, NUM_BITS + c, 0, 1); |
| 110 | 213 | ||
| 111 | BN_mod(a,a,m,ctx); | 214 | BN_mod(a, a, m, ctx); |
| 112 | BN_mod(b,b,m,ctx); | 215 | BN_mod(b, b, m, ctx); |
| 113 | 216 | ||
| 114 | ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL); | 217 | ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL); |
| 115 | if (ret <= 0) | 218 | if (ret <= 0) { |
| 116 | { | ||
| 117 | printf("BN_mod_exp_mont() problems\n"); | 219 | printf("BN_mod_exp_mont() problems\n"); |
| 118 | ERR_print_errors(out); | 220 | ERR_print_errors(out); |
| 119 | exit(1); | 221 | exit(1); |
| 120 | } | 222 | } |
| 121 | 223 | ||
| 122 | ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); | 224 | ret = BN_mod_exp_recp(r_recp, a, b, m, ctx); |
| 123 | if (ret <= 0) | 225 | if (ret <= 0) { |
| 124 | { | ||
| 125 | printf("BN_mod_exp_recp() problems\n"); | 226 | printf("BN_mod_exp_recp() problems\n"); |
| 126 | ERR_print_errors(out); | 227 | ERR_print_errors(out); |
| 127 | exit(1); | 228 | exit(1); |
| 128 | } | 229 | } |
| 129 | 230 | ||
| 130 | ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); | 231 | ret = BN_mod_exp_simple(r_simple, a, b, m, ctx); |
| 131 | if (ret <= 0) | 232 | if (ret <= 0) { |
| 132 | { | ||
| 133 | printf("BN_mod_exp_simple() problems\n"); | 233 | printf("BN_mod_exp_simple() problems\n"); |
| 134 | ERR_print_errors(out); | 234 | ERR_print_errors(out); |
| 135 | exit(1); | 235 | exit(1); |
| 136 | } | 236 | } |
| 137 | 237 | ||
| 138 | ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL); | 238 | ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL); |
| 139 | if (ret <= 0) | 239 | if (ret <= 0) { |
| 140 | { | ||
| 141 | printf("BN_mod_exp_mont_consttime() problems\n"); | 240 | printf("BN_mod_exp_mont_consttime() problems\n"); |
| 142 | ERR_print_errors(out); | 241 | ERR_print_errors(out); |
| 143 | exit(1); | 242 | exit(1); |
| 144 | } | 243 | } |
| 145 | 244 | ||
| 146 | if (BN_cmp(r_simple, r_mont) == 0 | 245 | if (BN_cmp(r_simple, r_mont) == 0 |
| 147 | && BN_cmp(r_simple,r_recp) == 0 | 246 | && BN_cmp(r_simple, r_recp) == 0 |
| 148 | && BN_cmp(r_simple,r_mont_const) == 0) | 247 | && BN_cmp(r_simple, r_mont_const) == 0) { |
| 149 | { | ||
| 150 | printf("."); | 248 | printf("."); |
| 151 | fflush(stdout); | 249 | fflush(stdout); |
| 152 | } | 250 | } else { |
| 153 | else | 251 | if (BN_cmp(r_simple, r_mont) != 0) |
| 154 | { | ||
| 155 | if (BN_cmp(r_simple,r_mont) != 0) | ||
| 156 | printf("\nsimple and mont results differ\n"); | 252 | printf("\nsimple and mont results differ\n"); |
| 157 | if (BN_cmp(r_simple,r_mont_const) != 0) | 253 | if (BN_cmp(r_simple, r_mont_const) != 0) |
| 158 | printf("\nsimple and mont const time results differ\n"); | 254 | printf("\nsimple and mont const time results differ\n"); |
| 159 | if (BN_cmp(r_simple,r_recp) != 0) | 255 | if (BN_cmp(r_simple, r_recp) != 0) |
| 160 | printf("\nsimple and recp results differ\n"); | 256 | printf("\nsimple and recp results differ\n"); |
| 161 | 257 | ||
| 162 | printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a); | 258 | printf("a (%3d) = ", BN_num_bits(a)); |
| 163 | printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b); | 259 | BN_print(out, a); |
| 164 | printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m); | 260 | printf("\nb (%3d) = ", BN_num_bits(b)); |
| 165 | printf("\nsimple ="); BN_print(out,r_simple); | 261 | BN_print(out, b); |
| 166 | printf("\nrecp ="); BN_print(out,r_recp); | 262 | printf("\nm (%3d) = ", BN_num_bits(m)); |
| 167 | printf("\nmont ="); BN_print(out,r_mont); | 263 | BN_print(out, m); |
| 168 | printf("\nmont_ct ="); BN_print(out,r_mont_const); | 264 | printf("\nsimple ="); |
| 265 | BN_print(out, r_simple); | ||
| 266 | printf("\nrecp ="); | ||
| 267 | BN_print(out, r_recp); | ||
| 268 | printf("\nmont ="); | ||
| 269 | BN_print(out, r_mont); | ||
| 270 | printf("\nmont_ct ="); | ||
| 271 | BN_print(out, r_mont_const); | ||
| 169 | printf("\n"); | 272 | printf("\n"); |
| 170 | exit(1); | 273 | exit(1); |
| 171 | } | ||
| 172 | } | 274 | } |
| 275 | } | ||
| 173 | BN_free(r_mont); | 276 | BN_free(r_mont); |
| 174 | BN_free(r_mont_const); | 277 | BN_free(r_mont_const); |
| 175 | BN_free(r_recp); | 278 | BN_free(r_recp); |
| @@ -181,10 +284,16 @@ int main(int argc, char *argv[]) | |||
| 181 | ERR_remove_thread_state(NULL); | 284 | ERR_remove_thread_state(NULL); |
| 182 | CRYPTO_mem_leaks(out); | 285 | CRYPTO_mem_leaks(out); |
| 183 | BIO_free(out); | 286 | BIO_free(out); |
| 184 | printf(" done\n"); | 287 | printf("\n"); |
| 185 | exit(0); | 288 | |
| 186 | err: | 289 | if (test_exp_mod_zero() != 0) |
| 290 | goto err; | ||
| 291 | |||
| 292 | printf("done\n"); | ||
| 293 | |||
| 294 | return (0); | ||
| 295 | err: | ||
| 187 | ERR_load_crypto_strings(); | 296 | ERR_load_crypto_strings(); |
| 188 | ERR_print_errors(out); | 297 | ERR_print_errors(out); |
| 189 | exit(1); | 298 | return (1); |
| 190 | } | 299 | } |