diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libcrypto/exp/exptest.c | 87 |
1 files changed, 47 insertions, 40 deletions
diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c index e7f5848528..e6260071b9 100644 --- a/src/regress/lib/libcrypto/exp/exptest.c +++ b/src/regress/lib/libcrypto/exp/exptest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: exptest.c,v 1.7 2018/11/08 22:20:25 jsing Exp $ */ | 1 | /* $OpenBSD: exptest.c,v 1.8 2021/11/18 15:17:31 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -79,8 +79,9 @@ int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 79 | * Test that r == 0 in test_exp_mod_zero(). Returns one on success, | 79 | * Test that r == 0 in test_exp_mod_zero(). Returns one on success, |
| 80 | * returns zero and prints debug output otherwise. | 80 | * returns zero and prints debug output otherwise. |
| 81 | */ | 81 | */ |
| 82 | static int a_is_zero_mod_one(const char *method, const BIGNUM *r, | 82 | static int |
| 83 | const BIGNUM *a) { | 83 | a_is_zero_mod_one(const char *method, const BIGNUM *r, const BIGNUM *a) |
| 84 | { | ||
| 84 | if (!BN_is_zero(r)) { | 85 | if (!BN_is_zero(r)) { |
| 85 | fprintf(stderr, "%s failed:\n", method); | 86 | fprintf(stderr, "%s failed:\n", method); |
| 86 | fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); | 87 | fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); |
| @@ -97,95 +98,101 @@ static int a_is_zero_mod_one(const char *method, const BIGNUM *r, | |||
| 97 | /* | 98 | /* |
| 98 | * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. | 99 | * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. |
| 99 | */ | 100 | */ |
| 100 | static int test_exp_mod_zero(void) | 101 | static int |
| 102 | test_exp_mod_zero(void) | ||
| 101 | { | 103 | { |
| 102 | BIGNUM a, p, m; | 104 | BIGNUM *a = NULL, *p = NULL, *m = NULL, *r = NULL; |
| 103 | BIGNUM r; | ||
| 104 | BN_ULONG one_word = 1; | 105 | BN_ULONG one_word = 1; |
| 105 | BN_CTX *ctx = BN_CTX_new(); | 106 | BN_CTX *ctx; |
| 106 | int ret = 1, failed = 0; | 107 | int ret = 1, failed = 0; |
| 107 | 108 | ||
| 108 | BN_init(&m); | 109 | if ((ctx = BN_CTX_new()) == NULL) |
| 109 | BN_one(&m); | 110 | goto err; |
| 111 | if ((m = BN_new()) == NULL) | ||
| 112 | goto err; | ||
| 113 | BN_one(m); | ||
| 110 | 114 | ||
| 111 | BN_init(&a); | 115 | if ((a = BN_new()) == NULL) |
| 112 | BN_one(&a); | 116 | goto err; |
| 117 | BN_one(a); | ||
| 113 | 118 | ||
| 114 | BN_init(&p); | 119 | if ((p = BN_new()) == NULL) |
| 115 | BN_zero(&p); | 120 | goto err; |
| 121 | BN_zero(p); | ||
| 116 | 122 | ||
| 117 | BN_init(&r); | 123 | if ((r = BN_new()) == NULL) |
| 124 | goto err; | ||
| 118 | 125 | ||
| 119 | if (!BN_rand(&a, 1024, 0, 0)) | 126 | if (!BN_rand(a, 1024, 0, 0)) |
| 120 | goto err; | 127 | goto err; |
| 121 | 128 | ||
| 122 | if (!BN_mod_exp(&r, &a, &p, &m, ctx)) | 129 | if (!BN_mod_exp(r, a, p, m, ctx)) |
| 123 | goto err; | 130 | goto err; |
| 124 | 131 | ||
| 125 | if (!a_is_zero_mod_one("BN_mod_exp", &r, &a)) | 132 | if (!a_is_zero_mod_one("BN_mod_exp", r, a)) |
| 126 | failed = 1; | 133 | failed = 1; |
| 127 | 134 | ||
| 128 | if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx)) | 135 | if (!BN_mod_exp_ct(r, a, p, m, ctx)) |
| 129 | goto err; | 136 | goto err; |
| 130 | 137 | ||
| 131 | if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a)) | 138 | if (!a_is_zero_mod_one("BN_mod_exp_ct", r, a)) |
| 132 | failed = 1; | 139 | failed = 1; |
| 133 | 140 | ||
| 134 | if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx)) | 141 | if (!BN_mod_exp_nonct(r, a, p, m, ctx)) |
| 135 | goto err; | 142 | goto err; |
| 136 | 143 | ||
| 137 | if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a)) | 144 | if (!a_is_zero_mod_one("BN_mod_exp_nonct", r, a)) |
| 138 | failed = 1; | 145 | failed = 1; |
| 139 | 146 | ||
| 140 | if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx)) | 147 | if (!BN_mod_exp_recp(r, a, p, m, ctx)) |
| 141 | goto err; | 148 | goto err; |
| 142 | 149 | ||
| 143 | if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a)) | 150 | if (!a_is_zero_mod_one("BN_mod_exp_recp", r, a)) |
| 144 | failed = 1; | 151 | failed = 1; |
| 145 | 152 | ||
| 146 | if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx)) | 153 | if (!BN_mod_exp_simple(r, a, p, m, ctx)) |
| 147 | goto err; | 154 | goto err; |
| 148 | 155 | ||
| 149 | if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a)) | 156 | if (!a_is_zero_mod_one("BN_mod_exp_simple", r, a)) |
| 150 | failed = 1; | 157 | failed = 1; |
| 151 | 158 | ||
| 152 | if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL)) | 159 | if (!BN_mod_exp_mont(r, a, p, m, ctx, NULL)) |
| 153 | goto err; | 160 | goto err; |
| 154 | 161 | ||
| 155 | if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a)) | 162 | if (!a_is_zero_mod_one("BN_mod_exp_mont", r, a)) |
| 156 | failed = 1; | 163 | failed = 1; |
| 157 | 164 | ||
| 158 | if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL)) | 165 | if (!BN_mod_exp_mont_ct(r, a, p, m, ctx, NULL)) |
| 159 | goto err; | 166 | goto err; |
| 160 | 167 | ||
| 161 | if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a)) | 168 | if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", r, a)) |
| 162 | failed = 1; | 169 | failed = 1; |
| 163 | 170 | ||
| 164 | if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL)) | 171 | if (!BN_mod_exp_mont_nonct(r, a, p, m, ctx, NULL)) |
| 165 | goto err; | 172 | goto err; |
| 166 | 173 | ||
| 167 | if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a)) | 174 | if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", r, a)) |
| 168 | failed = 1; | 175 | failed = 1; |
| 169 | 176 | ||
| 170 | if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) { | 177 | if (!BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)) { |
| 171 | goto err; | 178 | goto err; |
| 172 | } | 179 | } |
| 173 | 180 | ||
| 174 | if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a)) | 181 | if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)) |
| 175 | failed = 1; | 182 | failed = 1; |
| 176 | 183 | ||
| 177 | /* | 184 | /* |
| 178 | * A different codepath exists for single word multiplication | 185 | * A different codepath exists for single word multiplication |
| 179 | * in non-constant-time only. | 186 | * in non-constant-time only. |
| 180 | */ | 187 | */ |
| 181 | if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL)) | 188 | if (!BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL)) |
| 182 | goto err; | 189 | goto err; |
| 183 | 190 | ||
| 184 | if (!BN_is_zero(&r)) { | 191 | if (!BN_is_zero(r)) { |
| 185 | fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); | 192 | fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); |
| 186 | fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); | 193 | fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); |
| 187 | fprintf(stderr, "r = "); | 194 | fprintf(stderr, "r = "); |
| 188 | BN_print_fp(stderr, &r); | 195 | BN_print_fp(stderr, r); |
| 189 | fprintf(stderr, "\n"); | 196 | fprintf(stderr, "\n"); |
| 190 | return 0; | 197 | return 0; |
| 191 | } | 198 | } |
| @@ -193,10 +200,10 @@ static int test_exp_mod_zero(void) | |||
| 193 | ret = failed; | 200 | ret = failed; |
| 194 | 201 | ||
| 195 | err: | 202 | err: |
| 196 | BN_free(&r); | 203 | BN_free(r); |
| 197 | BN_free(&a); | 204 | BN_free(a); |
| 198 | BN_free(&p); | 205 | BN_free(p); |
| 199 | BN_free(&m); | 206 | BN_free(m); |
| 200 | BN_CTX_free(ctx); | 207 | BN_CTX_free(ctx); |
| 201 | 208 | ||
| 202 | return ret; | 209 | return ret; |