diff options
| author | Adam Langley <agl@google.com> | 2015-06-04 17:45:09 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2015-06-10 14:24:17 -0700 |
| commit | 53b272a2813a0b11f107d77100ff8805ada8fbd2 (patch) | |
| tree | 26c038b10145f502cb98f5675516a7ed6bd27fdb /src/crypto/bn | |
| parent | 8bba6292604e7ea3a45449b11c53e7660259956d (diff) | |
| download | external_boringssl-53b272a2813a0b11f107d77100ff8805ada8fbd2.zip external_boringssl-53b272a2813a0b11f107d77100ff8805ada8fbd2.tar.gz external_boringssl-53b272a2813a0b11f107d77100ff8805ada8fbd2.tar.bz2 | |
Bump revision of BoringSSL.
This depends on https://android-review.googlesource.com/#/c/153481/
af0e32c Add SSL_get_tls_unique.
691992b Minor typo fix in comment.
cc1e3df Make CBS_get_any_asn1_element accept only DER.
0976096 bytestring: Test out_header_len != NULL before writing.
ba5934b Tighten up EMS resumption behaviour.
b0eef0a runner: minor tidyups.
9f8ef2d Add |EVP_get_digestbyname|.
b7326b0 Implement |PEM_def_callback| and call it where appropriate.
e26e590 Avoid unused variable warnings with assert.
efad697 Sync vs_toolschain.py up with Chromium.
39da317 Empty commit to kick the bots.
1550a84 Allow compilation for armv6
9a4996e Fix compilation of sha256-armv4.S when using -march=armv6
485a50a Match the ifdef check in bsaes-armv7.S
e216288 Unexport and prune EVP_MD_CTX flags.
af8731f Remove HMAC_CTX_set_flags.
bf3208b Add additional HMAC tests.
a1c90a5 Further tidy up cipher logic.
0fa4012 Add a test that DTLS does not support RC4.
9a980ab Fold TLS1_PRF_* into SSL_HANDSHAKE_MAC_*
29864b5 Remove SSL_CIPHER_ALGORITHM2_AEAD.
904dc72 Fold away SSL_PROTOCOL_METHOD hooks shared between TLS and DTLS.
a602277 Split ssl_read_bytes hook into app_data and close_notify hooks.
c933a47 Switch the ssl_write_bytes hook to ssl_write_app_data.
2c36792 EVP_Digest*Update, EVP_DigestFinal, and HMAC_Update can never fail.
e2375e1 Low-level hash 'final' functions cannot fail.
049756b Fix integer types in low-level hash functions.
338e067 Reject sessions with the wrong structure version.
f297e02 Reject unknown fields in d2i_SSL_SESSION.
8a228f5 Disable the malloc interceptor without glibc.
bd15a8e Fix DTLS handling of multiple records in a packet.
15eaafb Fix bn_test's bc output and shut it up a little.
efd8eb3 Tidy up overflows in obj_cmp.
05ead68 Readd CRYPTO_{LOCK|UNLOCK|READ|WRITE}.
71106ad Add |BIO_read_asn1| to read a single ASN.1 object.
eb930b8 Fix signed/unsigned warning in bn_test.cc.
b3a7b51 Fix off-by-one in BN_rand
074cc04 Reject negative shifts for BN_rshift and BN_lshift.
75fb74a aes/asm/bsaes-armv7.pl: fix compilation with Xcode 6.3.
ff81e10 Add OPENSSL_PUT_ERROR line to X509V3_parse_list.
1590811 Fix typo in valid_star.
e76ccae Release handshake buffer when sending no certificate.
5f04b65 Release the handshake buffer on the client for abbreviated handshakes.
5c1ce29 Decide whether or not to request client certificates early.
4b30b28 Remove server-side renego session resumption check.
5aea93e Deprecate and no-op SSL_VERIFY_CLIENT_ONCE.
34a1635 Remove fake RLE compression OID.
9c0918f Fix typo in objects.txt
91af02a Add some comments and tweak assertions for cbc.c.
74d8bc2 Don't make SSL_MODE_*HELLO_TIME configurable.
7b5aff4 Have consumers supply OPENSSL_C11_ATOMIC.
ac63748 Revert "tool: we don't need -lrt."
444dce4 Do-nothing fns |OpenSSL_add_all_ciphers| and |OpenSSL_add_all_digests|.
ece089c Deprecate and no-op SSL_set_state.
be05c63 Remove compatibility s->version checks.
8ec8810 Remove SSL_in_before and SSL_ST_BEFORE.
cd90f3a Remove renegotiation deferral logic.
44d3eed Forbid caller-initiated renegotiations and all renego as a servers.
3d59e04 Fix test used for not-in-place CBC mode.
5f387e3 Remove s->renegotiate check in SSL_clear.
20f6e97 Switch three more renegotiate checks to initial_handshake_complete.
d23d5a5 Remove remnants of DTLS renegotiate.
9a41d1b Deprecate SSL_*_read_ahead and enforce DTLS packet boundaries.
76e48c5 Fix Windows mode.
3fa65f0 Fix some malloc test crashs.
0b635c5 Add malloc test support to unit tests.
3e3090d Pass a dtls1_use_epoch enum down to dtls1_seal_record.
31a0779 Factor SSL_AEAD_CTX into a dedicated type.
69d07d9 Get version-related functions from crypto.h rather than ssl.h.
b487df6 Pull version, option, and mode APIs into their own sections.
7270cfc Prune version constants.
7ef9fff Remove ssl_ok.
afc9ecd Unexport ssl_get_new_session and ssl_update_cache.
3b7456e Fix some documentation typos.
b480428 Also skip #elif lines.
6deacb3 Parse macros in getNameFromDecl.
4831c33 Document some core SSL_CTX and SSL methods.
4dab297 Don't use struct names in ssl.h.
760b1dd Tidy up state machine coverage tests.
3629c7b Add client peer-initiated renego to the state machine tests.
cff0b90 Add client-side tests for renegotiation_info enforcement.
6bff1ca Specify argc and argv arguments to refcount_test:main.
12a4768 Try to fix MSVC and __STDC_VERSION__ again.
cb56c2a Cast refcounts to _Atomic before use.
0d1d0d5 Try again to only test __STDC_VERSION__ when defined.
7b348dc Disable C11 atomics on OS X.
04edcc8 Tag the mutex functions with OPENSSL_EXPORT.
6e1f645 Don't test __STDC_VERSION__ unless it's defined.
552df47 Remove leftovers of the old-style locks.
6fb174e Remove last references to named locks.
4bdb6e4 Remove remaining calls to the old lock functions.
03163f3 Remove |CRYPTO_add|.
0b5e390 Convert reference counts in ssl/
0da323a Convert reference counts in crypto/
6f2e733 Add infrastructure for reference counts.
daaff93 Use C11 _Static_assert where available.
dc8c739 Implement |DES_ede2_cbc_encrypt|.
a7997f1 Set minimum DH group size to 1024 bits.
4a7b70d Add LICENSE file.
b3a262c Fix |SSLeay|.
f0320d3 Fix use after free in X509.
3dacff9 Always include x86_64-gcc.c in the standalone build.
9660032 Don't use x86_64-gcc.c with NO_ASM.
81091d5 Don't use uninitialized memory in RAND_bytes.
d72e284 Support arbitrary elliptic curve groups.
a07c0fc Fix SSL_get_current_cipher.
4b27d9f Never resume sessions on renegotiations.
785e07b Copy ecdsa_meth in EC_KEY_copy.
08dc68d Define no-op options consistently.
e6df054 Add s->s3->initial_handshake_complete.
897e5e0 Default renegotiations to off.
4690bb5 Port cipher_test to file_test.
771a138 Add missing #include for abort()
de12d6c Mind the end of the buffer in aligned case of generic RC4 implementation.
5694b3a Fix invalid assert in CRYPTO_ctr128_encrypt.
9b68e72 Define compatibility function |ERR_remove_state|.
2607383 Fix generate_build_files.py to account for crypto/test.
af3d5bd Add no-op |RAND_load_file| function for compatibility.
58e95fc Remove a spurious semicolon after |DECLARE_LHASH_OF|.
3c65171 Add buffer.h for compatibility.
c85373d Use EVP_AEAD_CTX in crypto/cipher/internal.h.
(cherry picked from commit f4e427204234da139fd0585def4b4e22502e33f0)
cfb958c Fix Windows SDK build again
Bug: 21325235
Change-Id: Icb01f6393bedebea332fc62dd92b8f6af7d49d9b
Diffstat (limited to 'src/crypto/bn')
| -rw-r--r-- | src/crypto/bn/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | src/crypto/bn/bn_test.cc | 509 | ||||
| -rw-r--r-- | src/crypto/bn/random.c | 2 | ||||
| -rw-r--r-- | src/crypto/bn/shift.c | 12 |
4 files changed, 276 insertions, 251 deletions
diff --git a/src/crypto/bn/CMakeLists.txt b/src/crypto/bn/CMakeLists.txt index 25663af..2e0cb45 100644 --- a/src/crypto/bn/CMakeLists.txt +++ b/src/crypto/bn/CMakeLists.txt @@ -4,7 +4,6 @@ if (${ARCH} STREQUAL "x86_64") set( BN_ARCH_SOURCES - asm/x86_64-gcc.c x86_64-mont.${ASM_EXT} x86_64-mont5.${ASM_EXT} rsaz-x86_64.${ASM_EXT} @@ -38,6 +37,7 @@ add_library( OBJECT add.c + asm/x86_64-gcc.c bn.c cmp.c convert.c @@ -70,6 +70,8 @@ add_executable( bn_test bn_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(bn_test crypto) diff --git a/src/crypto/bn/bn_test.cc b/src/crypto/bn/bn_test.cc index 9aa2bf5..6a7d48c 100644 --- a/src/crypto/bn/bn_test.cc +++ b/src/crypto/bn/bn_test.cc @@ -72,6 +72,7 @@ #define __STDC_FORMAT_MACROS #endif +#include <errno.h> #include <stdio.h> #include <string.h> @@ -83,6 +84,12 @@ #include "../crypto/test/scoped_types.h" +// This program tests the BIGNUM implementation. It takes an optional -bc +// argument to write a transcript compatible with the UNIX bc utility. +// +// TODO(davidben): Rather than generate random inputs and depend on bc to check +// the results, most of these tests should use known answers. + static const int num0 = 100; // number of tests static const int num1 = 50; // additional tests for some functions static const int num2 = 5; // number of tests for slow functions @@ -114,10 +121,7 @@ static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx); static bool test_dec2bn(FILE *fp, BN_CTX *ctx); static bool test_hex2bn(FILE *fp, BN_CTX *ctx); static bool test_asc2bn(FILE *fp, BN_CTX *ctx); - -// g_results can be set to true to cause the result of each computation to be -// printed. -static bool g_results = false; +static bool test_rand(); static const uint8_t kSample[] = "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" @@ -126,7 +130,15 @@ static const uint8_t kSample[] = // A wrapper around puts that takes its arguments in the same order as our *_fp // functions. static void puts_fp(FILE *out, const char *m) { - fputs(m, out); + if (out != nullptr) { + fputs(m, out); + } +} + +static void flush_fp(FILE *out) { + if (out != nullptr) { + fflush(out); + } } static void message(FILE *out, const char *m) { @@ -138,11 +150,24 @@ static void message(FILE *out, const char *m) { int main(int argc, char *argv[]) { CRYPTO_library_init(); + ScopedFILE bc_file; argc--; argv++; while (argc >= 1) { - if (strcmp(*argv, "-results") == 0) { - g_results = true; + if (strcmp(*argv, "-bc") == 0) { + if (argc < 2) { + fprintf(stderr, "Missing parameter to -bc\n"); + return 1; + } + bc_file.reset(fopen(argv[1], "w+")); + if (!bc_file) { + fprintf(stderr, "Failed to open %s: %s\n", argv[1], strerror(errno)); + } + argc--; + argv++; + } else { + fprintf(stderr, "Unknown option: %s\n", argv[0]); + return 1; } argc--; argv++; @@ -154,159 +179,167 @@ int main(int argc, char *argv[]) { return 1; } - if (!g_results) { - puts_fp(stdout, "obase=16\nibase=16\n"); - } + puts_fp(bc_file.get(), "/* This script, when run through the UNIX bc utility, " + "should produce a sequence of zeros. */\n"); + puts_fp(bc_file.get(), "/* tr a-f A-F < bn_test.out | sed s/BAsE/base/ | bc " + "| grep -v 0 */\n"); + puts_fp(bc_file.get(), "obase=16\nibase=16\n"); - message(stdout, "BN_add"); - if (!test_add(stdout)) { + message(bc_file.get(), "BN_add"); + if (!test_add(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_sub"); - if (!test_sub(stdout)) { + message(bc_file.get(), "BN_sub"); + if (!test_sub(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_lshift1"); - if (!test_lshift1(stdout)) { + message(bc_file.get(), "BN_lshift1"); + if (!test_lshift1(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_lshift (fixed)"); + message(bc_file.get(), "BN_lshift (fixed)"); ScopedBIGNUM sample(BN_bin2bn(kSample, sizeof(kSample) - 1, NULL)); if (!sample) { return 1; } - if (!test_lshift(stdout, ctx.get(), bssl::move(sample))) { + if (!test_lshift(bc_file.get(), ctx.get(), bssl::move(sample))) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_lshift"); - if (!test_lshift(stdout, ctx.get(), nullptr)) { + message(bc_file.get(), "BN_lshift"); + if (!test_lshift(bc_file.get(), ctx.get(), nullptr)) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_rshift1"); - if (!test_rshift1(stdout)) { + message(bc_file.get(), "BN_rshift1"); + if (!test_rshift1(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_rshift"); - if (!test_rshift(stdout, ctx.get())) { + message(bc_file.get(), "BN_rshift"); + if (!test_rshift(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_sqr"); - if (!test_sqr(stdout, ctx.get())) { + message(bc_file.get(), "BN_sqr"); + if (!test_sqr(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mul"); - if (!test_mul(stdout)) { + message(bc_file.get(), "BN_mul"); + if (!test_mul(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_div"); - if (!test_div(stdout, ctx.get())) { + message(bc_file.get(), "BN_div"); + if (!test_div(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_div_word"); - if (!test_div_word(stdout)) { + message(bc_file.get(), "BN_div_word"); + if (!test_div_word(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod"); - if (!test_mod(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod"); + if (!test_mod(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod_mul"); - if (!test_mod_mul(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod_mul"); + if (!test_mod_mul(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mont"); - if (!test_mont(stdout, ctx.get())) { + message(bc_file.get(), "BN_mont"); + if (!test_mont(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod_exp"); - if (!test_mod_exp(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod_exp"); + if (!test_mod_exp(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod_exp_mont_consttime"); - if (!test_mod_exp_mont_consttime(stdout, ctx.get()) || - !test_mod_exp_mont5(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod_exp_mont_consttime"); + if (!test_mod_exp_mont_consttime(bc_file.get(), ctx.get()) || + !test_mod_exp_mont5(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_exp"); - if (!test_exp(stdout, ctx.get()) || + message(bc_file.get(), "BN_exp"); + if (!test_exp(bc_file.get(), ctx.get()) || !test_exp_mod_zero()) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); + + message(bc_file.get(), "BN_mod_sqrt"); + if (!test_mod_sqrt(bc_file.get(), ctx.get())) { + return 1; + } + flush_fp(bc_file.get()); - message(stdout, "BN_mod_sqrt"); - if (!test_mod_sqrt(stdout, ctx.get())) { + message(bc_file.get(), "Small prime generation"); + if (!test_small_prime(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "Small prime generation"); - if (!test_small_prime(stdout, ctx.get())) { + message(bc_file.get(), "BN_sqrt"); + if (!test_sqrt(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_sqrt"); - if (!test_sqrt(stdout, ctx.get())) { + message(bc_file.get(), "BN_bn2bin_padded"); + if (!test_bn2bin_padded(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_bn2bin_padded"); - if (!test_bn2bin_padded(stdout, ctx.get())) { + message(bc_file.get(), "BN_dec2bn"); + if (!test_dec2bn(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_dec2bn"); - if (!test_dec2bn(stdout, ctx.get())) { + message(bc_file.get(), "BN_hex2bn"); + if (!test_hex2bn(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_hex2bn"); - if (!test_hex2bn(stdout, ctx.get())) { + message(bc_file.get(), "BN_asc2bn"); + if (!test_asc2bn(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_asc2bn"); - if (!test_asc2bn(stdout, ctx.get())) { + message(bc_file.get(), "BN_rand"); + if (!test_rand()) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); printf("PASS\n"); return 0; @@ -330,12 +363,10 @@ static bool test_add(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " + "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " + "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -380,12 +411,10 @@ static bool test_sub(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -428,21 +457,17 @@ static bool test_div(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -499,11 +524,9 @@ static bool test_lshift1(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * 2"); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * 2"); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -540,12 +563,10 @@ static bool test_rshift(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -575,11 +596,9 @@ static bool test_rshift1(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / 2"); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / 2"); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -620,12 +639,10 @@ static bool test_lshift(FILE *fp, BN_CTX *ctx, ScopedBIGNUM a) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -676,12 +693,10 @@ static bool test_mul(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -730,12 +745,10 @@ static bool test_sqr(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -758,12 +771,10 @@ static bool test_sqr(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -786,12 +797,10 @@ static bool test_sqr(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -846,21 +855,17 @@ static bool test_div_word(FILE *fp) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / "); - print_word(fp, s); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + print_word(fp, s); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " % "); - print_word(fp, s); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + print_word(fp, s); + puts_fp(fp, " - "); print_word(fp, r); puts_fp(fp, "\n"); } @@ -909,14 +914,12 @@ static bool test_mont(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, &mont->N); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, &mont->N); + puts_fp(fp, " - "); BN_print_fp(fp, A.get()); puts_fp(fp, "\n"); } @@ -953,12 +956,10 @@ static bool test_mod(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -1000,22 +1001,20 @@ static bool test_mod_mul(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + if (a->neg != b->neg && !BN_is_zero(e.get())) { + // If (a*b) % c is negative, c must be added + // in order to obtain the normalized remainder + // (new with OpenSSL 0.9.7, previous versions of + // BN_mod_mul could generate negative results) + puts_fp(fp, " + "); BN_print_fp(fp, c.get()); - if (a->neg != b->neg && !BN_is_zero(e.get())) { - // If (a*b) % c is negative, c must be added - // in order to obtain the normalized remainder - // (new with OpenSSL 0.9.7, previous versions of - // BN_mod_mul could generate negative results) - puts_fp(fp, " + "); - BN_print_fp(fp, c.get()); - } - puts_fp(fp, " - "); } + puts_fp(fp, " - "); BN_print_fp(fp, e.get()); puts_fp(fp, "\n"); } @@ -1052,14 +1051,12 @@ static bool test_mod_exp(FILE *fp, BN_CTX *ctx) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " ^ "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); } @@ -1095,14 +1092,12 @@ static bool test_mod_exp_mont_consttime(FILE *fp, BN_CTX *ctx) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " ^ "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); } @@ -1203,12 +1198,10 @@ static bool test_exp(FILE *fp, BN_CTX *ctx) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " ^ "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); } @@ -1247,32 +1240,15 @@ static bool test_exp_mod_zero(void) { } if (!BN_is_zero(r.get())) { - printf("1**0 mod 1 = "); - BN_print_fp(stdout, r.get()); - printf(", should be 0\n"); + fprintf(stderr, "1**0 mod 1 = "); + BN_print_fp(stderr, r.get()); + fprintf(stderr, ", should be 0\n"); return false; } return true; } -static int genprime_cb(int p, int n, BN_GENCB *arg) { - char c = '*'; - - if (p == 0) { - c = '.'; - } else if (p == 1) { - c = '+'; - } else if (p == 2) { - c = '*'; - } else if (p == 3) { - c = '\n'; - } - putc(c, stdout); - fflush(stdout); - return 1; -} - static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { ScopedBIGNUM a(BN_new()); ScopedBIGNUM p(BN_new()); @@ -1281,9 +1257,6 @@ static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { return false; } - BN_GENCB cb; - BN_GENCB_set(&cb, genprime_cb, NULL); - for (int i = 0; i < 16; i++) { if (i < 8) { const unsigned kPrimes[8] = {2, 3, 5, 7, 11, 13, 17, 19}; @@ -1293,10 +1266,9 @@ static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { } else { if (!BN_set_word(a.get(), 32) || !BN_set_word(r.get(), 2 * i + 1) || - !BN_generate_prime_ex(p.get(), 256, 0, a.get(), r.get(), &cb)) { + !BN_generate_prime_ex(p.get(), 256, 0, a.get(), r.get(), nullptr)) { return false; } - putc('\n', stdout); } p->neg = rand_neg(); @@ -1332,26 +1304,21 @@ static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { fprintf(stderr, "\n"); return false; } - - putc('.', stdout); - fflush(stdout); } - - putc('\n', stdout); - fflush(stderr); } return true; } static bool test_small_prime(FILE *fp, BN_CTX *ctx) { - static const int kBits = 10; + static const unsigned kBits = 10; ScopedBIGNUM r(BN_new()); - if (!r || !BN_generate_prime_ex(r.get(), kBits, 0, NULL, NULL, NULL)) { + if (!r || !BN_generate_prime_ex(r.get(), static_cast<int>(kBits), 0, NULL, + NULL, NULL)) { return false; } if (BN_num_bits(r.get()) != kBits) { - fprintf(fp, "Expected %d bit prime, got %d bit number\n", kBits, + fprintf(fp, "Expected %u bit prime, got %u bit number\n", kBits, BN_num_bits(r.get())); return false; } @@ -1617,3 +1584,47 @@ static bool test_asc2bn(FILE *fp, BN_CTX *ctx) { return true; } + +static bool test_rand() { + ScopedBIGNUM bn(BN_new()); + if (!bn) { + return false; + } + + // Test BN_rand accounts for degenerate cases with |top| and |bottom| + // parameters. + if (!BN_rand(bn.get(), 0, 0 /* top */, 0 /* bottom */) || + !BN_is_zero(bn.get())) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + if (!BN_rand(bn.get(), 0, 1 /* top */, 1 /* bottom */) || + !BN_is_zero(bn.get())) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + + if (!BN_rand(bn.get(), 1, 0 /* top */, 0 /* bottom */) || + !BN_is_word(bn.get(), 1)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + if (!BN_rand(bn.get(), 1, 1 /* top */, 0 /* bottom */) || + !BN_is_word(bn.get(), 1)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + if (!BN_rand(bn.get(), 1, -1 /* top */, 1 /* bottom */) || + !BN_is_word(bn.get(), 1)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + + if (!BN_rand(bn.get(), 2, 1 /* top */, 0 /* bottom */) || + !BN_is_word(bn.get(), 3)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + + return true; +} diff --git a/src/crypto/bn/random.c b/src/crypto/bn/random.c index 3be7510..549ac48 100644 --- a/src/crypto/bn/random.c +++ b/src/crypto/bn/random.c @@ -144,7 +144,7 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { } if (top != -1) { - if (top) { + if (top && bits > 1) { if (bit == 0) { buf[0] = 1; buf[1] |= 0x80; diff --git a/src/crypto/bn/shift.c b/src/crypto/bn/shift.c index 1e3b7c3..f143996 100644 --- a/src/crypto/bn/shift.c +++ b/src/crypto/bn/shift.c @@ -58,6 +58,8 @@ #include <string.h> +#include <openssl/err.h> + #include "internal.h" @@ -66,6 +68,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { BN_ULONG *t, *f; BN_ULONG l; + if (n < 0) { + OPENSSL_PUT_ERROR(BN, BN_lshift, BN_R_NEGATIVE_NUMBER); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) { @@ -130,6 +137,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { BN_ULONG *t, *f; BN_ULONG l, tmp; + if (n < 0) { + OPENSSL_PUT_ERROR(BN, BN_rshift, BN_R_NEGATIVE_NUMBER); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; |