Backport regression test
master branch has a specific regression test for a bug in x86_64-mont5 code,
see commit cdfe0fdde6.
This code is now in 1.0.2/1.0.1, so also backport the test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Bodo Möller
Emilia Kasper
parent
a43bcd9e96
commit
bb565cd29e
1 changed files with 76 additions and 0 deletions
|
|
@ -107,6 +107,7 @@ int test_mod(BIO *bp,BN_CTX *ctx);
|
|||
int test_mod_mul(BIO *bp,BN_CTX *ctx);
|
||||
int test_mod_exp(BIO *bp,BN_CTX *ctx);
|
||||
int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
|
||||
int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
|
||||
int test_exp(BIO *bp,BN_CTX *ctx);
|
||||
int test_gf2m_add(BIO *bp);
|
||||
int test_gf2m_mod(BIO *bp);
|
||||
|
|
@ -249,6 +250,7 @@ int main(int argc, char *argv[])
|
|||
|
||||
message(out,"BN_mod_exp_mont_consttime");
|
||||
if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
|
||||
if (!test_mod_exp_mont5(out,ctx)) goto err;
|
||||
(void)BIO_flush(out);
|
||||
|
||||
message(out,"BN_exp");
|
||||
|
|
@ -1012,6 +1014,80 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
|
|||
return(1);
|
||||
}
|
||||
|
||||
/* Test constant-time modular exponentiation with 1024-bit inputs,
|
||||
* which on x86_64 cause a different code branch to be taken.
|
||||
*/
|
||||
int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *a,*p,*m,*d,*e;
|
||||
|
||||
BN_MONT_CTX *mont;
|
||||
|
||||
a=BN_new();
|
||||
p=BN_new();
|
||||
m=BN_new();
|
||||
d=BN_new();
|
||||
e=BN_new();
|
||||
|
||||
mont = BN_MONT_CTX_new();
|
||||
|
||||
BN_bntest_rand(m,1024,0,1); /* must be odd for montgomery */
|
||||
/* Zero exponent */
|
||||
BN_bntest_rand(a,1024,0,0);
|
||||
BN_zero(p);
|
||||
if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
|
||||
return 0;
|
||||
if(!BN_is_one(d))
|
||||
{
|
||||
fprintf(stderr, "Modular exponentiation test failed!\n");
|
||||
return 0;
|
||||
}
|
||||
/* Zero input */
|
||||
BN_bntest_rand(p,1024,0,0);
|
||||
BN_zero(a);
|
||||
if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
|
||||
return 0;
|
||||
if(!BN_is_zero(d))
|
||||
{
|
||||
fprintf(stderr, "Modular exponentiation test failed!\n");
|
||||
return 0;
|
||||
}
|
||||
/* Craft an input whose Montgomery representation is 1,
|
||||
* i.e., shorter than the modulus m, in order to test
|
||||
* the const time precomputation scattering/gathering.
|
||||
*/
|
||||
BN_one(a);
|
||||
BN_MONT_CTX_set(mont,m,ctx);
|
||||
if(!BN_from_montgomery(e,a,mont,ctx))
|
||||
return 0;
|
||||
if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
|
||||
return 0;
|
||||
if(!BN_mod_exp_simple(a,e,p,m,ctx))
|
||||
return 0;
|
||||
if(BN_cmp(a,d) != 0)
|
||||
{
|
||||
fprintf(stderr,"Modular exponentiation test failed!\n");
|
||||
return 0;
|
||||
}
|
||||
/* Finally, some regular test vectors. */
|
||||
BN_bntest_rand(e,1024,0,0);
|
||||
if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
|
||||
return 0;
|
||||
if(!BN_mod_exp_simple(a,e,p,m,ctx))
|
||||
return 0;
|
||||
if(BN_cmp(a,d) != 0)
|
||||
{
|
||||
fprintf(stderr,"Modular exponentiation test failed!\n");
|
||||
return 0;
|
||||
}
|
||||
BN_free(a);
|
||||
BN_free(p);
|
||||
BN_free(m);
|
||||
BN_free(d);
|
||||
BN_free(e);
|
||||
return(1);
|
||||
}
|
||||
|
||||
int test_exp(BIO *bp, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *a,*b,*d,*e,*one;
|
||||
|
|
|
|||
Loading…
Reference in a new issue