From 3e5ba5bb23cdfff48594161be8b5aca5ec221d3b Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 5 Sep 2025 14:36:03 +0000
Subject: wycheproof: port the MI primes check to v1

---
 .../lib/libcrypto/wycheproof/wycheproof-json.pl    |  4 ++--
 .../lib/libcrypto/wycheproof/wycheproof-primes.c   | 23 +++++++++++++++++++++-
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl b/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
index 45c7542b59..0eea14752c 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
@@ -1,4 +1,4 @@
-# $OpenBSD: wycheproof-json.pl,v 1.2 2022/07/08 14:33:56 tb Exp $
+# $OpenBSD: wycheproof-json.pl,v 1.3 2025/09/05 14:36:03 tb Exp $
 
 # Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
 # Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -17,7 +17,7 @@
 
 use JSON::PP;
 
-$test_vector_path = "/usr/local/share/wycheproof/testvectors";
+$test_vector_path = "/usr/local/share/wycheproof/testvectors_v1";
 
 open JSON, "$test_vector_path/primality_test.json" or die;
 @json = <JSON>;
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c b/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
index 57bd7a53da..e54fd484f9 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: wycheproof-primes.c,v 1.2 2022/12/01 13:49:12 tb Exp $ */
+/*	$OpenBSD: wycheproof-primes.c,v 1.3 2025/09/05 14:36:03 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  *
@@ -16,7 +16,9 @@
  */
 
 #include <err.h>
+#include <limits.h>
 #include <stdio.h>
+#include <string.h>
 
 #include <openssl/bn.h>
 
@@ -26,12 +28,31 @@ int
 primality_test(struct wycheproof_testcase *test)
 {
 	BIGNUM *value = NULL;
+	size_t len;
 	int ret;
 	int failed = 1;
 
 	if (!BN_hex2bn(&value, test->value))
 		errx(1, "%d: failed to set value \"%s\"", test->id, test->value);
 
+	if ((len = strlen(test->value)) > INT_MAX / 4)
+		errx(1, "%d: overlong test string %zu", test->id, len);
+
+	if (len > 0 && test->value[0] >= '8') {
+		BIGNUM *pow2;
+
+		if ((pow2 = BN_new()) == NULL)
+			errx(1, "BN_new");
+
+		if (!BN_set_bit(pow2, 4 * len))
+			errx(1, "BN_set_bit");
+
+		if (!BN_sub(value, value, pow2))
+			errx(1, "BN_sub");
+
+		BN_free(pow2);
+	}
+
 	if ((ret = BN_is_prime_ex(value, BN_prime_checks, NULL, NULL)) < 0)
 		errx(1, "%d: BN_is_prime_ex errored", test->id);
 
-- 
cgit v1.2.3-55-g6feb