bntest.c 51 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015
  1. /* crypto/bn/bntest.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  60. *
  61. * Portions of the attached software ("Contribution") are developed by
  62. * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  63. *
  64. * The Contribution is licensed pursuant to the Eric Young open source
  65. * license provided above.
  66. *
  67. * The binary polynomial arithmetic software is originally written by
  68. * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
  69. *
  70. */
  71. /*
  72. * Until the key-gen callbacks are modified to use newer prototypes, we allow
  73. * deprecated functions for openssl-internal code
  74. */
  75. #ifdef OPENSSL_NO_DEPRECATED
  76. # undef OPENSSL_NO_DEPRECATED
  77. #endif
  78. #include <stdio.h>
  79. #include <stdlib.h>
  80. #include <string.h>
  81. #include "e_os.h"
  82. #include <openssl/bio.h>
  83. #include <openssl/bn.h>
  84. #include <openssl/rand.h>
  85. #include <openssl/x509.h>
  86. #include <openssl/err.h>
  87. const int num0 = 100; /* number of tests */
  88. const int num1 = 50; /* additional tests for some functions */
  89. const int num2 = 5; /* number of tests for slow functions */
  90. int test_add(BIO *bp);
  91. int test_sub(BIO *bp);
  92. int test_lshift1(BIO *bp);
  93. int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
  94. int test_rshift1(BIO *bp);
  95. int test_rshift(BIO *bp, BN_CTX *ctx);
  96. int test_div(BIO *bp, BN_CTX *ctx);
  97. int test_div_word(BIO *bp);
  98. int test_div_recp(BIO *bp, BN_CTX *ctx);
  99. int test_mul(BIO *bp);
  100. int test_sqr(BIO *bp, BN_CTX *ctx);
  101. int test_mont(BIO *bp, BN_CTX *ctx);
  102. int test_mod(BIO *bp, BN_CTX *ctx);
  103. int test_mod_mul(BIO *bp, BN_CTX *ctx);
  104. int test_mod_exp(BIO *bp, BN_CTX *ctx);
  105. int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
  106. int test_exp(BIO *bp, BN_CTX *ctx);
  107. int test_gf2m_add(BIO *bp);
  108. int test_gf2m_mod(BIO *bp);
  109. int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
  110. int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
  111. int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
  112. int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
  113. int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
  114. int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
  115. int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
  116. int test_kron(BIO *bp, BN_CTX *ctx);
  117. int test_sqrt(BIO *bp, BN_CTX *ctx);
  118. int rand_neg(void);
  119. static int results = 0;
  120. static unsigned char lst[] =
  121. "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
  122. "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
  123. static const char rnd_seed[] =
  124. "string to make the random number generator think it has entropy";
  125. static void message(BIO *out, char *m)
  126. {
  127. fprintf(stderr, "test %s\n", m);
  128. BIO_puts(out, "print \"test ");
  129. BIO_puts(out, m);
  130. BIO_puts(out, "\\n\"\n");
  131. }
  132. int main(int argc, char *argv[])
  133. {
  134. BN_CTX *ctx;
  135. BIO *out;
  136. char *outfile = NULL;
  137. results = 0;
  138. RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
  139. argc--;
  140. argv++;
  141. while (argc >= 1) {
  142. if (strcmp(*argv, "-results") == 0)
  143. results = 1;
  144. else if (strcmp(*argv, "-out") == 0) {
  145. if (--argc < 1)
  146. break;
  147. outfile = *(++argv);
  148. }
  149. argc--;
  150. argv++;
  151. }
  152. ctx = BN_CTX_new();
  153. if (ctx == NULL)
  154. EXIT(1);
  155. out = BIO_new(BIO_s_file());
  156. if (out == NULL)
  157. EXIT(1);
  158. if (outfile == NULL) {
  159. BIO_set_fp(out, stdout, BIO_NOCLOSE);
  160. } else {
  161. if (!BIO_write_filename(out, outfile)) {
  162. perror(outfile);
  163. EXIT(1);
  164. }
  165. }
  166. if (!results)
  167. BIO_puts(out, "obase=16\nibase=16\n");
  168. message(out, "BN_add");
  169. if (!test_add(out))
  170. goto err;
  171. (void)BIO_flush(out);
  172. message(out, "BN_sub");
  173. if (!test_sub(out))
  174. goto err;
  175. (void)BIO_flush(out);
  176. message(out, "BN_lshift1");
  177. if (!test_lshift1(out))
  178. goto err;
  179. (void)BIO_flush(out);
  180. message(out, "BN_lshift (fixed)");
  181. if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
  182. goto err;
  183. (void)BIO_flush(out);
  184. message(out, "BN_lshift");
  185. if (!test_lshift(out, ctx, NULL))
  186. goto err;
  187. (void)BIO_flush(out);
  188. message(out, "BN_rshift1");
  189. if (!test_rshift1(out))
  190. goto err;
  191. (void)BIO_flush(out);
  192. message(out, "BN_rshift");
  193. if (!test_rshift(out, ctx))
  194. goto err;
  195. (void)BIO_flush(out);
  196. message(out, "BN_sqr");
  197. if (!test_sqr(out, ctx))
  198. goto err;
  199. (void)BIO_flush(out);
  200. message(out, "BN_mul");
  201. if (!test_mul(out))
  202. goto err;
  203. (void)BIO_flush(out);
  204. message(out, "BN_div");
  205. if (!test_div(out, ctx))
  206. goto err;
  207. (void)BIO_flush(out);
  208. message(out, "BN_div_word");
  209. if (!test_div_word(out))
  210. goto err;
  211. (void)BIO_flush(out);
  212. message(out, "BN_div_recp");
  213. if (!test_div_recp(out, ctx))
  214. goto err;
  215. (void)BIO_flush(out);
  216. message(out, "BN_mod");
  217. if (!test_mod(out, ctx))
  218. goto err;
  219. (void)BIO_flush(out);
  220. message(out, "BN_mod_mul");
  221. if (!test_mod_mul(out, ctx))
  222. goto err;
  223. (void)BIO_flush(out);
  224. message(out, "BN_mont");
  225. if (!test_mont(out, ctx))
  226. goto err;
  227. (void)BIO_flush(out);
  228. message(out, "BN_mod_exp");
  229. if (!test_mod_exp(out, ctx))
  230. goto err;
  231. (void)BIO_flush(out);
  232. message(out, "BN_mod_exp_mont_consttime");
  233. if (!test_mod_exp_mont_consttime(out, ctx))
  234. goto err;
  235. (void)BIO_flush(out);
  236. message(out, "BN_exp");
  237. if (!test_exp(out, ctx))
  238. goto err;
  239. (void)BIO_flush(out);
  240. message(out, "BN_kronecker");
  241. if (!test_kron(out, ctx))
  242. goto err;
  243. (void)BIO_flush(out);
  244. message(out, "BN_mod_sqrt");
  245. if (!test_sqrt(out, ctx))
  246. goto err;
  247. (void)BIO_flush(out);
  248. message(out, "BN_GF2m_add");
  249. if (!test_gf2m_add(out))
  250. goto err;
  251. (void)BIO_flush(out);
  252. message(out, "BN_GF2m_mod");
  253. if (!test_gf2m_mod(out))
  254. goto err;
  255. (void)BIO_flush(out);
  256. message(out, "BN_GF2m_mod_mul");
  257. if (!test_gf2m_mod_mul(out, ctx))
  258. goto err;
  259. (void)BIO_flush(out);
  260. message(out, "BN_GF2m_mod_sqr");
  261. if (!test_gf2m_mod_sqr(out, ctx))
  262. goto err;
  263. (void)BIO_flush(out);
  264. message(out, "BN_GF2m_mod_inv");
  265. if (!test_gf2m_mod_inv(out, ctx))
  266. goto err;
  267. (void)BIO_flush(out);
  268. message(out, "BN_GF2m_mod_div");
  269. if (!test_gf2m_mod_div(out, ctx))
  270. goto err;
  271. (void)BIO_flush(out);
  272. message(out, "BN_GF2m_mod_exp");
  273. if (!test_gf2m_mod_exp(out, ctx))
  274. goto err;
  275. (void)BIO_flush(out);
  276. message(out, "BN_GF2m_mod_sqrt");
  277. if (!test_gf2m_mod_sqrt(out, ctx))
  278. goto err;
  279. (void)BIO_flush(out);
  280. message(out, "BN_GF2m_mod_solve_quad");
  281. if (!test_gf2m_mod_solve_quad(out, ctx))
  282. goto err;
  283. (void)BIO_flush(out);
  284. BN_CTX_free(ctx);
  285. BIO_free(out);
  286. EXIT(0);
  287. err:
  288. BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc
  289. * notices the failure, see test_bn in
  290. * test/Makefile.ssl */
  291. (void)BIO_flush(out);
  292. ERR_load_crypto_strings();
  293. ERR_print_errors_fp(stderr);
  294. EXIT(1);
  295. return (1);
  296. }
  297. int test_add(BIO *bp)
  298. {
  299. BIGNUM a, b, c;
  300. int i;
  301. BN_init(&a);
  302. BN_init(&b);
  303. BN_init(&c);
  304. BN_bntest_rand(&a, 512, 0, 0);
  305. for (i = 0; i < num0; i++) {
  306. BN_bntest_rand(&b, 450 + i, 0, 0);
  307. a.neg = rand_neg();
  308. b.neg = rand_neg();
  309. BN_add(&c, &a, &b);
  310. if (bp != NULL) {
  311. if (!results) {
  312. BN_print(bp, &a);
  313. BIO_puts(bp, " + ");
  314. BN_print(bp, &b);
  315. BIO_puts(bp, " - ");
  316. }
  317. BN_print(bp, &c);
  318. BIO_puts(bp, "\n");
  319. }
  320. a.neg = !a.neg;
  321. b.neg = !b.neg;
  322. BN_add(&c, &c, &b);
  323. BN_add(&c, &c, &a);
  324. if (!BN_is_zero(&c)) {
  325. fprintf(stderr, "Add test failed!\n");
  326. return 0;
  327. }
  328. }
  329. BN_free(&a);
  330. BN_free(&b);
  331. BN_free(&c);
  332. return (1);
  333. }
  334. int test_sub(BIO *bp)
  335. {
  336. BIGNUM a, b, c;
  337. int i;
  338. BN_init(&a);
  339. BN_init(&b);
  340. BN_init(&c);
  341. for (i = 0; i < num0 + num1; i++) {
  342. if (i < num1) {
  343. BN_bntest_rand(&a, 512, 0, 0);
  344. BN_copy(&b, &a);
  345. if (BN_set_bit(&a, i) == 0)
  346. return (0);
  347. BN_add_word(&b, i);
  348. } else {
  349. BN_bntest_rand(&b, 400 + i - num1, 0, 0);
  350. a.neg = rand_neg();
  351. b.neg = rand_neg();
  352. }
  353. BN_sub(&c, &a, &b);
  354. if (bp != NULL) {
  355. if (!results) {
  356. BN_print(bp, &a);
  357. BIO_puts(bp, " - ");
  358. BN_print(bp, &b);
  359. BIO_puts(bp, " - ");
  360. }
  361. BN_print(bp, &c);
  362. BIO_puts(bp, "\n");
  363. }
  364. BN_add(&c, &c, &b);
  365. BN_sub(&c, &c, &a);
  366. if (!BN_is_zero(&c)) {
  367. fprintf(stderr, "Subtract test failed!\n");
  368. return 0;
  369. }
  370. }
  371. BN_free(&a);
  372. BN_free(&b);
  373. BN_free(&c);
  374. return (1);
  375. }
  376. int test_div(BIO *bp, BN_CTX *ctx)
  377. {
  378. BIGNUM a, b, c, d, e;
  379. int i;
  380. BN_init(&a);
  381. BN_init(&b);
  382. BN_init(&c);
  383. BN_init(&d);
  384. BN_init(&e);
  385. for (i = 0; i < num0 + num1; i++) {
  386. if (i < num1) {
  387. BN_bntest_rand(&a, 400, 0, 0);
  388. BN_copy(&b, &a);
  389. BN_lshift(&a, &a, i);
  390. BN_add_word(&a, i);
  391. } else
  392. BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
  393. a.neg = rand_neg();
  394. b.neg = rand_neg();
  395. BN_div(&d, &c, &a, &b, ctx);
  396. if (bp != NULL) {
  397. if (!results) {
  398. BN_print(bp, &a);
  399. BIO_puts(bp, " / ");
  400. BN_print(bp, &b);
  401. BIO_puts(bp, " - ");
  402. }
  403. BN_print(bp, &d);
  404. BIO_puts(bp, "\n");
  405. if (!results) {
  406. BN_print(bp, &a);
  407. BIO_puts(bp, " % ");
  408. BN_print(bp, &b);
  409. BIO_puts(bp, " - ");
  410. }
  411. BN_print(bp, &c);
  412. BIO_puts(bp, "\n");
  413. }
  414. BN_mul(&e, &d, &b, ctx);
  415. BN_add(&d, &e, &c);
  416. BN_sub(&d, &d, &a);
  417. if (!BN_is_zero(&d)) {
  418. fprintf(stderr, "Division test failed!\n");
  419. return 0;
  420. }
  421. }
  422. BN_free(&a);
  423. BN_free(&b);
  424. BN_free(&c);
  425. BN_free(&d);
  426. BN_free(&e);
  427. return (1);
  428. }
  429. static void print_word(BIO *bp, BN_ULONG w)
  430. {
  431. #ifdef SIXTY_FOUR_BIT
  432. if (sizeof(w) > sizeof(unsigned long)) {
  433. unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);
  434. if (h)
  435. BIO_printf(bp, "%lX%08lX", h, l);
  436. else
  437. BIO_printf(bp, "%lX", l);
  438. return;
  439. }
  440. #endif
  441. BIO_printf(bp, "%lX", w);
  442. }
  443. int test_div_word(BIO *bp)
  444. {
  445. BIGNUM a, b;
  446. BN_ULONG r, s;
  447. int i;
  448. BN_init(&a);
  449. BN_init(&b);
  450. for (i = 0; i < num0; i++) {
  451. do {
  452. BN_bntest_rand(&a, 512, -1, 0);
  453. BN_bntest_rand(&b, BN_BITS2, -1, 0);
  454. s = b.d[0];
  455. } while (!s);
  456. BN_copy(&b, &a);
  457. r = BN_div_word(&b, s);
  458. if (bp != NULL) {
  459. if (!results) {
  460. BN_print(bp, &a);
  461. BIO_puts(bp, " / ");
  462. print_word(bp, s);
  463. BIO_puts(bp, " - ");
  464. }
  465. BN_print(bp, &b);
  466. BIO_puts(bp, "\n");
  467. if (!results) {
  468. BN_print(bp, &a);
  469. BIO_puts(bp, " % ");
  470. print_word(bp, s);
  471. BIO_puts(bp, " - ");
  472. }
  473. print_word(bp, r);
  474. BIO_puts(bp, "\n");
  475. }
  476. BN_mul_word(&b, s);
  477. BN_add_word(&b, r);
  478. BN_sub(&b, &a, &b);
  479. if (!BN_is_zero(&b)) {
  480. fprintf(stderr, "Division (word) test failed!\n");
  481. return 0;
  482. }
  483. }
  484. BN_free(&a);
  485. BN_free(&b);
  486. return (1);
  487. }
  488. int test_div_recp(BIO *bp, BN_CTX *ctx)
  489. {
  490. BIGNUM a, b, c, d, e;
  491. BN_RECP_CTX recp;
  492. int i;
  493. BN_RECP_CTX_init(&recp);
  494. BN_init(&a);
  495. BN_init(&b);
  496. BN_init(&c);
  497. BN_init(&d);
  498. BN_init(&e);
  499. for (i = 0; i < num0 + num1; i++) {
  500. if (i < num1) {
  501. BN_bntest_rand(&a, 400, 0, 0);
  502. BN_copy(&b, &a);
  503. BN_lshift(&a, &a, i);
  504. BN_add_word(&a, i);
  505. } else
  506. BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
  507. a.neg = rand_neg();
  508. b.neg = rand_neg();
  509. BN_RECP_CTX_set(&recp, &b, ctx);
  510. BN_div_recp(&d, &c, &a, &recp, ctx);
  511. if (bp != NULL) {
  512. if (!results) {
  513. BN_print(bp, &a);
  514. BIO_puts(bp, " / ");
  515. BN_print(bp, &b);
  516. BIO_puts(bp, " - ");
  517. }
  518. BN_print(bp, &d);
  519. BIO_puts(bp, "\n");
  520. if (!results) {
  521. BN_print(bp, &a);
  522. BIO_puts(bp, " % ");
  523. BN_print(bp, &b);
  524. BIO_puts(bp, " - ");
  525. }
  526. BN_print(bp, &c);
  527. BIO_puts(bp, "\n");
  528. }
  529. BN_mul(&e, &d, &b, ctx);
  530. BN_add(&d, &e, &c);
  531. BN_sub(&d, &d, &a);
  532. if (!BN_is_zero(&d)) {
  533. fprintf(stderr, "Reciprocal division test failed!\n");
  534. fprintf(stderr, "a=");
  535. BN_print_fp(stderr, &a);
  536. fprintf(stderr, "\nb=");
  537. BN_print_fp(stderr, &b);
  538. fprintf(stderr, "\n");
  539. return 0;
  540. }
  541. }
  542. BN_free(&a);
  543. BN_free(&b);
  544. BN_free(&c);
  545. BN_free(&d);
  546. BN_free(&e);
  547. BN_RECP_CTX_free(&recp);
  548. return (1);
  549. }
  550. int test_mul(BIO *bp)
  551. {
  552. BIGNUM a, b, c, d, e;
  553. int i;
  554. BN_CTX *ctx;
  555. ctx = BN_CTX_new();
  556. if (ctx == NULL)
  557. EXIT(1);
  558. BN_init(&a);
  559. BN_init(&b);
  560. BN_init(&c);
  561. BN_init(&d);
  562. BN_init(&e);
  563. for (i = 0; i < num0 + num1; i++) {
  564. if (i <= num1) {
  565. BN_bntest_rand(&a, 100, 0, 0);
  566. BN_bntest_rand(&b, 100, 0, 0);
  567. } else
  568. BN_bntest_rand(&b, i - num1, 0, 0);
  569. a.neg = rand_neg();
  570. b.neg = rand_neg();
  571. BN_mul(&c, &a, &b, ctx);
  572. if (bp != NULL) {
  573. if (!results) {
  574. BN_print(bp, &a);
  575. BIO_puts(bp, " * ");
  576. BN_print(bp, &b);
  577. BIO_puts(bp, " - ");
  578. }
  579. BN_print(bp, &c);
  580. BIO_puts(bp, "\n");
  581. }
  582. BN_div(&d, &e, &c, &a, ctx);
  583. BN_sub(&d, &d, &b);
  584. if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
  585. fprintf(stderr, "Multiplication test failed!\n");
  586. return 0;
  587. }
  588. }
  589. BN_free(&a);
  590. BN_free(&b);
  591. BN_free(&c);
  592. BN_free(&d);
  593. BN_free(&e);
  594. BN_CTX_free(ctx);
  595. return (1);
  596. }
  597. int test_sqr(BIO *bp, BN_CTX *ctx)
  598. {
  599. BIGNUM *a, *c, *d, *e;
  600. int i, ret = 0;
  601. a = BN_new();
  602. c = BN_new();
  603. d = BN_new();
  604. e = BN_new();
  605. if (a == NULL || c == NULL || d == NULL || e == NULL) {
  606. goto err;
  607. }
  608. for (i = 0; i < num0; i++) {
  609. BN_bntest_rand(a, 40 + i * 10, 0, 0);
  610. a->neg = rand_neg();
  611. BN_sqr(c, a, ctx);
  612. if (bp != NULL) {
  613. if (!results) {
  614. BN_print(bp, a);
  615. BIO_puts(bp, " * ");
  616. BN_print(bp, a);
  617. BIO_puts(bp, " - ");
  618. }
  619. BN_print(bp, c);
  620. BIO_puts(bp, "\n");
  621. }
  622. BN_div(d, e, c, a, ctx);
  623. BN_sub(d, d, a);
  624. if (!BN_is_zero(d) || !BN_is_zero(e)) {
  625. fprintf(stderr, "Square test failed!\n");
  626. goto err;
  627. }
  628. }
  629. /* Regression test for a BN_sqr overflow bug. */
  630. BN_hex2bn(&a,
  631. "80000000000000008000000000000001"
  632. "FFFFFFFFFFFFFFFE0000000000000000");
  633. BN_sqr(c, a, ctx);
  634. if (bp != NULL) {
  635. if (!results) {
  636. BN_print(bp, a);
  637. BIO_puts(bp, " * ");
  638. BN_print(bp, a);
  639. BIO_puts(bp, " - ");
  640. }
  641. BN_print(bp, c);
  642. BIO_puts(bp, "\n");
  643. }
  644. BN_mul(d, a, a, ctx);
  645. if (BN_cmp(c, d)) {
  646. fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
  647. "different results!\n");
  648. #ifdef OPENSSL_FIPS
  649. /*
  650. * This test fails if we are linked to the FIPS module. Unfortunately
  651. * that can't be fixed so we print out the error but continue anyway.
  652. */
  653. fprintf(stderr, " FIPS build: ignoring.\n");
  654. #else
  655. goto err;
  656. #endif
  657. }
  658. /* Regression test for a BN_sqr overflow bug. */
  659. BN_hex2bn(&a,
  660. "80000000000000000000000080000001"
  661. "FFFFFFFE000000000000000000000000");
  662. BN_sqr(c, a, ctx);
  663. if (bp != NULL) {
  664. if (!results) {
  665. BN_print(bp, a);
  666. BIO_puts(bp, " * ");
  667. BN_print(bp, a);
  668. BIO_puts(bp, " - ");
  669. }
  670. BN_print(bp, c);
  671. BIO_puts(bp, "\n");
  672. }
  673. BN_mul(d, a, a, ctx);
  674. if (BN_cmp(c, d)) {
  675. fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
  676. "different results!\n");
  677. goto err;
  678. }
  679. ret = 1;
  680. err:
  681. if (a != NULL)
  682. BN_free(a);
  683. if (c != NULL)
  684. BN_free(c);
  685. if (d != NULL)
  686. BN_free(d);
  687. if (e != NULL)
  688. BN_free(e);
  689. return ret;
  690. }
  691. int test_mont(BIO *bp, BN_CTX *ctx)
  692. {
  693. BIGNUM a, b, c, d, A, B;
  694. BIGNUM n;
  695. int i;
  696. BN_MONT_CTX *mont;
  697. BN_init(&a);
  698. BN_init(&b);
  699. BN_init(&c);
  700. BN_init(&d);
  701. BN_init(&A);
  702. BN_init(&B);
  703. BN_init(&n);
  704. mont = BN_MONT_CTX_new();
  705. BN_bntest_rand(&a, 100, 0, 0);
  706. BN_bntest_rand(&b, 100, 0, 0);
  707. for (i = 0; i < num2; i++) {
  708. int bits = (200 * (i + 1)) / num2;
  709. if (bits == 0)
  710. continue;
  711. BN_bntest_rand(&n, bits, 0, 1);
  712. BN_MONT_CTX_set(mont, &n, ctx);
  713. BN_nnmod(&a, &a, &n, ctx);
  714. BN_nnmod(&b, &b, &n, ctx);
  715. BN_to_montgomery(&A, &a, mont, ctx);
  716. BN_to_montgomery(&B, &b, mont, ctx);
  717. BN_mod_mul_montgomery(&c, &A, &B, mont, ctx);
  718. BN_from_montgomery(&A, &c, mont, ctx);
  719. if (bp != NULL) {
  720. if (!results) {
  721. #ifdef undef
  722. fprintf(stderr, "%d * %d %% %d\n",
  723. BN_num_bits(&a),
  724. BN_num_bits(&b), BN_num_bits(mont->N));
  725. #endif
  726. BN_print(bp, &a);
  727. BIO_puts(bp, " * ");
  728. BN_print(bp, &b);
  729. BIO_puts(bp, " % ");
  730. BN_print(bp, &(mont->N));
  731. BIO_puts(bp, " - ");
  732. }
  733. BN_print(bp, &A);
  734. BIO_puts(bp, "\n");
  735. }
  736. BN_mod_mul(&d, &a, &b, &n, ctx);
  737. BN_sub(&d, &d, &A);
  738. if (!BN_is_zero(&d)) {
  739. fprintf(stderr, "Montgomery multiplication test failed!\n");
  740. return 0;
  741. }
  742. }
  743. BN_MONT_CTX_free(mont);
  744. BN_free(&a);
  745. BN_free(&b);
  746. BN_free(&c);
  747. BN_free(&d);
  748. BN_free(&A);
  749. BN_free(&B);
  750. BN_free(&n);
  751. return (1);
  752. }
  753. int test_mod(BIO *bp, BN_CTX *ctx)
  754. {
  755. BIGNUM *a, *b, *c, *d, *e;
  756. int i;
  757. a = BN_new();
  758. b = BN_new();
  759. c = BN_new();
  760. d = BN_new();
  761. e = BN_new();
  762. BN_bntest_rand(a, 1024, 0, 0);
  763. for (i = 0; i < num0; i++) {
  764. BN_bntest_rand(b, 450 + i * 10, 0, 0);
  765. a->neg = rand_neg();
  766. b->neg = rand_neg();
  767. BN_mod(c, a, b, ctx);
  768. if (bp != NULL) {
  769. if (!results) {
  770. BN_print(bp, a);
  771. BIO_puts(bp, " % ");
  772. BN_print(bp, b);
  773. BIO_puts(bp, " - ");
  774. }
  775. BN_print(bp, c);
  776. BIO_puts(bp, "\n");
  777. }
  778. BN_div(d, e, a, b, ctx);
  779. BN_sub(e, e, c);
  780. if (!BN_is_zero(e)) {
  781. fprintf(stderr, "Modulo test failed!\n");
  782. return 0;
  783. }
  784. }
  785. BN_free(a);
  786. BN_free(b);
  787. BN_free(c);
  788. BN_free(d);
  789. BN_free(e);
  790. return (1);
  791. }
  792. int test_mod_mul(BIO *bp, BN_CTX *ctx)
  793. {
  794. BIGNUM *a, *b, *c, *d, *e;
  795. int i, j;
  796. a = BN_new();
  797. b = BN_new();
  798. c = BN_new();
  799. d = BN_new();
  800. e = BN_new();
  801. for (j = 0; j < 3; j++) {
  802. BN_bntest_rand(c, 1024, 0, 0);
  803. for (i = 0; i < num0; i++) {
  804. BN_bntest_rand(a, 475 + i * 10, 0, 0);
  805. BN_bntest_rand(b, 425 + i * 11, 0, 0);
  806. a->neg = rand_neg();
  807. b->neg = rand_neg();
  808. if (!BN_mod_mul(e, a, b, c, ctx)) {
  809. unsigned long l;
  810. while ((l = ERR_get_error()))
  811. fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL));
  812. EXIT(1);
  813. }
  814. if (bp != NULL) {
  815. if (!results) {
  816. BN_print(bp, a);
  817. BIO_puts(bp, " * ");
  818. BN_print(bp, b);
  819. BIO_puts(bp, " % ");
  820. BN_print(bp, c);
  821. if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
  822. /*
  823. * If (a*b) % c is negative, c must be added in order
  824. * to obtain the normalized remainder (new with
  825. * OpenSSL 0.9.7, previous versions of BN_mod_mul
  826. * could generate negative results)
  827. */
  828. BIO_puts(bp, " + ");
  829. BN_print(bp, c);
  830. }
  831. BIO_puts(bp, " - ");
  832. }
  833. BN_print(bp, e);
  834. BIO_puts(bp, "\n");
  835. }
  836. BN_mul(d, a, b, ctx);
  837. BN_sub(d, d, e);
  838. BN_div(a, b, d, c, ctx);
  839. if (!BN_is_zero(b)) {
  840. fprintf(stderr, "Modulo multiply test failed!\n");
  841. ERR_print_errors_fp(stderr);
  842. return 0;
  843. }
  844. }
  845. }
  846. BN_free(a);
  847. BN_free(b);
  848. BN_free(c);
  849. BN_free(d);
  850. BN_free(e);
  851. return (1);
  852. }
  853. int test_mod_exp(BIO *bp, BN_CTX *ctx)
  854. {
  855. BIGNUM *a, *b, *c, *d, *e;
  856. int i;
  857. a = BN_new();
  858. b = BN_new();
  859. c = BN_new();
  860. d = BN_new();
  861. e = BN_new();
  862. BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
  863. for (i = 0; i < num2; i++) {
  864. BN_bntest_rand(a, 20 + i * 5, 0, 0);
  865. BN_bntest_rand(b, 2 + i, 0, 0);
  866. if (!BN_mod_exp(d, a, b, c, ctx))
  867. return (0);
  868. if (bp != NULL) {
  869. if (!results) {
  870. BN_print(bp, a);
  871. BIO_puts(bp, " ^ ");
  872. BN_print(bp, b);
  873. BIO_puts(bp, " % ");
  874. BN_print(bp, c);
  875. BIO_puts(bp, " - ");
  876. }
  877. BN_print(bp, d);
  878. BIO_puts(bp, "\n");
  879. }
  880. BN_exp(e, a, b, ctx);
  881. BN_sub(e, e, d);
  882. BN_div(a, b, e, c, ctx);
  883. if (!BN_is_zero(b)) {
  884. fprintf(stderr, "Modulo exponentiation test failed!\n");
  885. return 0;
  886. }
  887. }
  888. BN_free(a);
  889. BN_free(b);
  890. BN_free(c);
  891. BN_free(d);
  892. BN_free(e);
  893. return (1);
  894. }
  895. int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
  896. {
  897. BIGNUM *a, *b, *c, *d, *e;
  898. int i;
  899. a = BN_new();
  900. b = BN_new();
  901. c = BN_new();
  902. d = BN_new();
  903. e = BN_new();
  904. BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
  905. for (i = 0; i < num2; i++) {
  906. BN_bntest_rand(a, 20 + i * 5, 0, 0);
  907. BN_bntest_rand(b, 2 + i, 0, 0);
  908. if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL))
  909. return (00);
  910. if (bp != NULL) {
  911. if (!results) {
  912. BN_print(bp, a);
  913. BIO_puts(bp, " ^ ");
  914. BN_print(bp, b);
  915. BIO_puts(bp, " % ");
  916. BN_print(bp, c);
  917. BIO_puts(bp, " - ");
  918. }
  919. BN_print(bp, d);
  920. BIO_puts(bp, "\n");
  921. }
  922. BN_exp(e, a, b, ctx);
  923. BN_sub(e, e, d);
  924. BN_div(a, b, e, c, ctx);
  925. if (!BN_is_zero(b)) {
  926. fprintf(stderr, "Modulo exponentiation test failed!\n");
  927. return 0;
  928. }
  929. }
  930. BN_free(a);
  931. BN_free(b);
  932. BN_free(c);
  933. BN_free(d);
  934. BN_free(e);
  935. return (1);
  936. }
  937. int test_exp(BIO *bp, BN_CTX *ctx)
  938. {
  939. BIGNUM *a, *b, *d, *e, *one;
  940. int i;
  941. a = BN_new();
  942. b = BN_new();
  943. d = BN_new();
  944. e = BN_new();
  945. one = BN_new();
  946. BN_one(one);
  947. for (i = 0; i < num2; i++) {
  948. BN_bntest_rand(a, 20 + i * 5, 0, 0);
  949. BN_bntest_rand(b, 2 + i, 0, 0);
  950. if (BN_exp(d, a, b, ctx) <= 0)
  951. return (0);
  952. if (bp != NULL) {
  953. if (!results) {
  954. BN_print(bp, a);
  955. BIO_puts(bp, " ^ ");
  956. BN_print(bp, b);
  957. BIO_puts(bp, " - ");
  958. }
  959. BN_print(bp, d);
  960. BIO_puts(bp, "\n");
  961. }
  962. BN_one(e);
  963. for (; !BN_is_zero(b); BN_sub(b, b, one))
  964. BN_mul(e, e, a, ctx);
  965. BN_sub(e, e, d);
  966. if (!BN_is_zero(e)) {
  967. fprintf(stderr, "Exponentiation test failed!\n");
  968. return 0;
  969. }
  970. }
  971. BN_free(a);
  972. BN_free(b);
  973. BN_free(d);
  974. BN_free(e);
  975. BN_free(one);
  976. return (1);
  977. }
  978. int test_gf2m_add(BIO *bp)
  979. {
  980. BIGNUM a, b, c;
  981. int i, ret = 0;
  982. BN_init(&a);
  983. BN_init(&b);
  984. BN_init(&c);
  985. for (i = 0; i < num0; i++) {
  986. BN_rand(&a, 512, 0, 0);
  987. BN_copy(&b, BN_value_one());
  988. a.neg = rand_neg();
  989. b.neg = rand_neg();
  990. BN_GF2m_add(&c, &a, &b);
  991. #if 0 /* make test uses ouput in bc but bc can't
  992. * handle GF(2^m) arithmetic */
  993. if (bp != NULL) {
  994. if (!results) {
  995. BN_print(bp, &a);
  996. BIO_puts(bp, " ^ ");
  997. BN_print(bp, &b);
  998. BIO_puts(bp, " = ");
  999. }
  1000. BN_print(bp, &c);
  1001. BIO_puts(bp, "\n");
  1002. }
  1003. #endif
  1004. /* Test that two added values have the correct parity. */
  1005. if ((BN_is_odd(&a) && BN_is_odd(&c))
  1006. || (!BN_is_odd(&a) && !BN_is_odd(&c))) {
  1007. fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
  1008. goto err;
  1009. }
  1010. BN_GF2m_add(&c, &c, &c);
  1011. /* Test that c + c = 0. */
  1012. if (!BN_is_zero(&c)) {
  1013. fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
  1014. goto err;
  1015. }
  1016. }
  1017. ret = 1;
  1018. err:
  1019. BN_free(&a);
  1020. BN_free(&b);
  1021. BN_free(&c);
  1022. return ret;
  1023. }
  1024. int test_gf2m_mod(BIO *bp)
  1025. {
  1026. BIGNUM *a, *b[2], *c, *d, *e;
  1027. int i, j, ret = 0;
  1028. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1029. unsigned int p1[] = { 193, 15, 0 };
  1030. a = BN_new();
  1031. b[0] = BN_new();
  1032. b[1] = BN_new();
  1033. c = BN_new();
  1034. d = BN_new();
  1035. e = BN_new();
  1036. BN_GF2m_arr2poly(p0, b[0]);
  1037. BN_GF2m_arr2poly(p1, b[1]);
  1038. for (i = 0; i < num0; i++) {
  1039. BN_bntest_rand(a, 1024, 0, 0);
  1040. for (j = 0; j < 2; j++) {
  1041. BN_GF2m_mod(c, a, b[j]);
  1042. #if 0 /* make test uses ouput in bc but bc can't
  1043. * handle GF(2^m) arithmetic */
  1044. if (bp != NULL) {
  1045. if (!results) {
  1046. BN_print(bp, a);
  1047. BIO_puts(bp, " % ");
  1048. BN_print(bp, b[j]);
  1049. BIO_puts(bp, " - ");
  1050. BN_print(bp, c);
  1051. BIO_puts(bp, "\n");
  1052. }
  1053. }
  1054. #endif
  1055. BN_GF2m_add(d, a, c);
  1056. BN_GF2m_mod(e, d, b[j]);
  1057. /* Test that a + (a mod p) mod p == 0. */
  1058. if (!BN_is_zero(e)) {
  1059. fprintf(stderr, "GF(2^m) modulo test failed!\n");
  1060. goto err;
  1061. }
  1062. }
  1063. }
  1064. ret = 1;
  1065. err:
  1066. BN_free(a);
  1067. BN_free(b[0]);
  1068. BN_free(b[1]);
  1069. BN_free(c);
  1070. BN_free(d);
  1071. BN_free(e);
  1072. return ret;
  1073. }
  1074. int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
  1075. {
  1076. BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
  1077. int i, j, ret = 0;
  1078. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1079. unsigned int p1[] = { 193, 15, 0 };
  1080. a = BN_new();
  1081. b[0] = BN_new();
  1082. b[1] = BN_new();
  1083. c = BN_new();
  1084. d = BN_new();
  1085. e = BN_new();
  1086. f = BN_new();
  1087. g = BN_new();
  1088. h = BN_new();
  1089. BN_GF2m_arr2poly(p0, b[0]);
  1090. BN_GF2m_arr2poly(p1, b[1]);
  1091. for (i = 0; i < num0; i++) {
  1092. BN_bntest_rand(a, 1024, 0, 0);
  1093. BN_bntest_rand(c, 1024, 0, 0);
  1094. BN_bntest_rand(d, 1024, 0, 0);
  1095. for (j = 0; j < 2; j++) {
  1096. BN_GF2m_mod_mul(e, a, c, b[j], ctx);
  1097. #if 0 /* make test uses ouput in bc but bc can't
  1098. * handle GF(2^m) arithmetic */
  1099. if (bp != NULL) {
  1100. if (!results) {
  1101. BN_print(bp, a);
  1102. BIO_puts(bp, " * ");
  1103. BN_print(bp, c);
  1104. BIO_puts(bp, " % ");
  1105. BN_print(bp, b[j]);
  1106. BIO_puts(bp, " - ");
  1107. BN_print(bp, e);
  1108. BIO_puts(bp, "\n");
  1109. }
  1110. }
  1111. #endif
  1112. BN_GF2m_add(f, a, d);
  1113. BN_GF2m_mod_mul(g, f, c, b[j], ctx);
  1114. BN_GF2m_mod_mul(h, d, c, b[j], ctx);
  1115. BN_GF2m_add(f, e, g);
  1116. BN_GF2m_add(f, f, h);
  1117. /* Test that (a+d)*c = a*c + d*c. */
  1118. if (!BN_is_zero(f)) {
  1119. fprintf(stderr,
  1120. "GF(2^m) modular multiplication test failed!\n");
  1121. goto err;
  1122. }
  1123. }
  1124. }
  1125. ret = 1;
  1126. err:
  1127. BN_free(a);
  1128. BN_free(b[0]);
  1129. BN_free(b[1]);
  1130. BN_free(c);
  1131. BN_free(d);
  1132. BN_free(e);
  1133. BN_free(f);
  1134. BN_free(g);
  1135. BN_free(h);
  1136. return ret;
  1137. }
  1138. int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
  1139. {
  1140. BIGNUM *a, *b[2], *c, *d;
  1141. int i, j, ret = 0;
  1142. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1143. unsigned int p1[] = { 193, 15, 0 };
  1144. a = BN_new();
  1145. b[0] = BN_new();
  1146. b[1] = BN_new();
  1147. c = BN_new();
  1148. d = BN_new();
  1149. BN_GF2m_arr2poly(p0, b[0]);
  1150. BN_GF2m_arr2poly(p1, b[1]);
  1151. for (i = 0; i < num0; i++) {
  1152. BN_bntest_rand(a, 1024, 0, 0);
  1153. for (j = 0; j < 2; j++) {
  1154. BN_GF2m_mod_sqr(c, a, b[j], ctx);
  1155. BN_copy(d, a);
  1156. BN_GF2m_mod_mul(d, a, d, b[j], ctx);
  1157. #if 0 /* make test uses ouput in bc but bc can't
  1158. * handle GF(2^m) arithmetic */
  1159. if (bp != NULL) {
  1160. if (!results) {
  1161. BN_print(bp, a);
  1162. BIO_puts(bp, " ^ 2 % ");
  1163. BN_print(bp, b[j]);
  1164. BIO_puts(bp, " = ");
  1165. BN_print(bp, c);
  1166. BIO_puts(bp, "; a * a = ");
  1167. BN_print(bp, d);
  1168. BIO_puts(bp, "\n");
  1169. }
  1170. }
  1171. #endif
  1172. BN_GF2m_add(d, c, d);
  1173. /* Test that a*a = a^2. */
  1174. if (!BN_is_zero(d)) {
  1175. fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
  1176. goto err;
  1177. }
  1178. }
  1179. }
  1180. ret = 1;
  1181. err:
  1182. BN_free(a);
  1183. BN_free(b[0]);
  1184. BN_free(b[1]);
  1185. BN_free(c);
  1186. BN_free(d);
  1187. return ret;
  1188. }
  1189. int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
  1190. {
  1191. BIGNUM *a, *b[2], *c, *d;
  1192. int i, j, ret = 0;
  1193. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1194. unsigned int p1[] = { 193, 15, 0 };
  1195. a = BN_new();
  1196. b[0] = BN_new();
  1197. b[1] = BN_new();
  1198. c = BN_new();
  1199. d = BN_new();
  1200. BN_GF2m_arr2poly(p0, b[0]);
  1201. BN_GF2m_arr2poly(p1, b[1]);
  1202. for (i = 0; i < num0; i++) {
  1203. BN_bntest_rand(a, 512, 0, 0);
  1204. for (j = 0; j < 2; j++) {
  1205. BN_GF2m_mod_inv(c, a, b[j], ctx);
  1206. BN_GF2m_mod_mul(d, a, c, b[j], ctx);
  1207. #if 0 /* make test uses ouput in bc but bc can't
  1208. * handle GF(2^m) arithmetic */
  1209. if (bp != NULL) {
  1210. if (!results) {
  1211. BN_print(bp, a);
  1212. BIO_puts(bp, " * ");
  1213. BN_print(bp, c);
  1214. BIO_puts(bp, " - 1 % ");
  1215. BN_print(bp, b[j]);
  1216. BIO_puts(bp, "\n");
  1217. }
  1218. }
  1219. #endif
  1220. /* Test that ((1/a)*a) = 1. */
  1221. if (!BN_is_one(d)) {
  1222. fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
  1223. goto err;
  1224. }
  1225. }
  1226. }
  1227. ret = 1;
  1228. err:
  1229. BN_free(a);
  1230. BN_free(b[0]);
  1231. BN_free(b[1]);
  1232. BN_free(c);
  1233. BN_free(d);
  1234. return ret;
  1235. }
  1236. int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
  1237. {
  1238. BIGNUM *a, *b[2], *c, *d, *e, *f;
  1239. int i, j, ret = 0;
  1240. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1241. unsigned int p1[] = { 193, 15, 0 };
  1242. a = BN_new();
  1243. b[0] = BN_new();
  1244. b[1] = BN_new();
  1245. c = BN_new();
  1246. d = BN_new();
  1247. e = BN_new();
  1248. f = BN_new();
  1249. BN_GF2m_arr2poly(p0, b[0]);
  1250. BN_GF2m_arr2poly(p1, b[1]);
  1251. for (i = 0; i < num0; i++) {
  1252. BN_bntest_rand(a, 512, 0, 0);
  1253. BN_bntest_rand(c, 512, 0, 0);
  1254. for (j = 0; j < 2; j++) {
  1255. BN_GF2m_mod_div(d, a, c, b[j], ctx);
  1256. BN_GF2m_mod_mul(e, d, c, b[j], ctx);
  1257. BN_GF2m_mod_div(f, a, e, b[j], ctx);
  1258. #if 0 /* make test uses ouput in bc but bc can't
  1259. * handle GF(2^m) arithmetic */
  1260. if (bp != NULL) {
  1261. if (!results) {
  1262. BN_print(bp, a);
  1263. BIO_puts(bp, " = ");
  1264. BN_print(bp, c);
  1265. BIO_puts(bp, " * ");
  1266. BN_print(bp, d);
  1267. BIO_puts(bp, " % ");
  1268. BN_print(bp, b[j]);
  1269. BIO_puts(bp, "\n");
  1270. }
  1271. }
  1272. #endif
  1273. /* Test that ((a/c)*c)/a = 1. */
  1274. if (!BN_is_one(f)) {
  1275. fprintf(stderr, "GF(2^m) modular division test failed!\n");
  1276. goto err;
  1277. }
  1278. }
  1279. }
  1280. ret = 1;
  1281. err:
  1282. BN_free(a);
  1283. BN_free(b[0]);
  1284. BN_free(b[1]);
  1285. BN_free(c);
  1286. BN_free(d);
  1287. BN_free(e);
  1288. BN_free(f);
  1289. return ret;
  1290. }
  1291. int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
  1292. {
  1293. BIGNUM *a, *b[2], *c, *d, *e, *f;
  1294. int i, j, ret = 0;
  1295. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1296. unsigned int p1[] = { 193, 15, 0 };
  1297. a = BN_new();
  1298. b[0] = BN_new();
  1299. b[1] = BN_new();
  1300. c = BN_new();
  1301. d = BN_new();
  1302. e = BN_new();
  1303. f = BN_new();
  1304. BN_GF2m_arr2poly(p0, b[0]);
  1305. BN_GF2m_arr2poly(p1, b[1]);
  1306. for (i = 0; i < num0; i++) {
  1307. BN_bntest_rand(a, 512, 0, 0);
  1308. BN_bntest_rand(c, 512, 0, 0);
  1309. BN_bntest_rand(d, 512, 0, 0);
  1310. for (j = 0; j < 2; j++) {
  1311. BN_GF2m_mod_exp(e, a, c, b[j], ctx);
  1312. BN_GF2m_mod_exp(f, a, d, b[j], ctx);
  1313. BN_GF2m_mod_mul(e, e, f, b[j], ctx);
  1314. BN_add(f, c, d);
  1315. BN_GF2m_mod_exp(f, a, f, b[j], ctx);
  1316. #if 0 /* make test uses ouput in bc but bc can't
  1317. * handle GF(2^m) arithmetic */
  1318. if (bp != NULL) {
  1319. if (!results) {
  1320. BN_print(bp, a);
  1321. BIO_puts(bp, " ^ (");
  1322. BN_print(bp, c);
  1323. BIO_puts(bp, " + ");
  1324. BN_print(bp, d);
  1325. BIO_puts(bp, ") = ");
  1326. BN_print(bp, e);
  1327. BIO_puts(bp, "; - ");
  1328. BN_print(bp, f);
  1329. BIO_puts(bp, " % ");
  1330. BN_print(bp, b[j]);
  1331. BIO_puts(bp, "\n");
  1332. }
  1333. }
  1334. #endif
  1335. BN_GF2m_add(f, e, f);
  1336. /* Test that a^(c+d)=a^c*a^d. */
  1337. if (!BN_is_zero(f)) {
  1338. fprintf(stderr,
  1339. "GF(2^m) modular exponentiation test failed!\n");
  1340. goto err;
  1341. }
  1342. }
  1343. }
  1344. ret = 1;
  1345. err:
  1346. BN_free(a);
  1347. BN_free(b[0]);
  1348. BN_free(b[1]);
  1349. BN_free(c);
  1350. BN_free(d);
  1351. BN_free(e);
  1352. BN_free(f);
  1353. return ret;
  1354. }
  1355. int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
  1356. {
  1357. BIGNUM *a, *b[2], *c, *d, *e, *f;
  1358. int i, j, ret = 0;
  1359. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1360. unsigned int p1[] = { 193, 15, 0 };
  1361. a = BN_new();
  1362. b[0] = BN_new();
  1363. b[1] = BN_new();
  1364. c = BN_new();
  1365. d = BN_new();
  1366. e = BN_new();
  1367. f = BN_new();
  1368. BN_GF2m_arr2poly(p0, b[0]);
  1369. BN_GF2m_arr2poly(p1, b[1]);
  1370. for (i = 0; i < num0; i++) {
  1371. BN_bntest_rand(a, 512, 0, 0);
  1372. for (j = 0; j < 2; j++) {
  1373. BN_GF2m_mod(c, a, b[j]);
  1374. BN_GF2m_mod_sqrt(d, a, b[j], ctx);
  1375. BN_GF2m_mod_sqr(e, d, b[j], ctx);
  1376. #if 0 /* make test uses ouput in bc but bc can't
  1377. * handle GF(2^m) arithmetic */
  1378. if (bp != NULL) {
  1379. if (!results) {
  1380. BN_print(bp, d);
  1381. BIO_puts(bp, " ^ 2 - ");
  1382. BN_print(bp, a);
  1383. BIO_puts(bp, "\n");
  1384. }
  1385. }
  1386. #endif
  1387. BN_GF2m_add(f, c, e);
  1388. /* Test that d^2 = a, where d = sqrt(a). */
  1389. if (!BN_is_zero(f)) {
  1390. fprintf(stderr, "GF(2^m) modular square root test failed!\n");
  1391. goto err;
  1392. }
  1393. }
  1394. }
  1395. ret = 1;
  1396. err:
  1397. BN_free(a);
  1398. BN_free(b[0]);
  1399. BN_free(b[1]);
  1400. BN_free(c);
  1401. BN_free(d);
  1402. BN_free(e);
  1403. BN_free(f);
  1404. return ret;
  1405. }
  1406. int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
  1407. {
  1408. BIGNUM *a, *b[2], *c, *d, *e;
  1409. int i, j, s = 0, t, ret = 0;
  1410. unsigned int p0[] = { 163, 7, 6, 3, 0 };
  1411. unsigned int p1[] = { 193, 15, 0 };
  1412. a = BN_new();
  1413. b[0] = BN_new();
  1414. b[1] = BN_new();
  1415. c = BN_new();
  1416. d = BN_new();
  1417. e = BN_new();
  1418. BN_GF2m_arr2poly(p0, b[0]);
  1419. BN_GF2m_arr2poly(p1, b[1]);
  1420. for (i = 0; i < num0; i++) {
  1421. BN_bntest_rand(a, 512, 0, 0);
  1422. for (j = 0; j < 2; j++) {
  1423. t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
  1424. if (t) {
  1425. s++;
  1426. BN_GF2m_mod_sqr(d, c, b[j], ctx);
  1427. BN_GF2m_add(d, c, d);
  1428. BN_GF2m_mod(e, a, b[j]);
  1429. #if 0 /* make test uses ouput in bc but bc can't
  1430. * handle GF(2^m) arithmetic */
  1431. if (bp != NULL) {
  1432. if (!results) {
  1433. BN_print(bp, c);
  1434. BIO_puts(bp, " is root of z^2 + z = ");
  1435. BN_print(bp, a);
  1436. BIO_puts(bp, " % ");
  1437. BN_print(bp, b[j]);
  1438. BIO_puts(bp, "\n");
  1439. }
  1440. }
  1441. #endif
  1442. BN_GF2m_add(e, e, d);
  1443. /*
  1444. * Test that solution of quadratic c satisfies c^2 + c = a.
  1445. */
  1446. if (!BN_is_zero(e)) {
  1447. fprintf(stderr,
  1448. "GF(2^m) modular solve quadratic test failed!\n");
  1449. goto err;
  1450. }
  1451. } else {
  1452. #if 0 /* make test uses ouput in bc but bc can't
  1453. * handle GF(2^m) arithmetic */
  1454. if (bp != NULL) {
  1455. if (!results) {
  1456. BIO_puts(bp, "There are no roots of z^2 + z = ");
  1457. BN_print(bp, a);
  1458. BIO_puts(bp, " % ");
  1459. BN_print(bp, b[j]);
  1460. BIO_puts(bp, "\n");
  1461. }
  1462. }
  1463. #endif
  1464. }
  1465. }
  1466. }
  1467. if (s == 0) {
  1468. fprintf(stderr,
  1469. "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n",
  1470. num0);
  1471. fprintf(stderr,
  1472. "this is very unlikely and probably indicates an error.\n");
  1473. goto err;
  1474. }
  1475. ret = 1;
  1476. err:
  1477. BN_free(a);
  1478. BN_free(b[0]);
  1479. BN_free(b[1]);
  1480. BN_free(c);
  1481. BN_free(d);
  1482. BN_free(e);
  1483. return ret;
  1484. }
  1485. static int genprime_cb(int p, int n, BN_GENCB *arg)
  1486. {
  1487. char c = '*';
  1488. if (p == 0)
  1489. c = '.';
  1490. if (p == 1)
  1491. c = '+';
  1492. if (p == 2)
  1493. c = '*';
  1494. if (p == 3)
  1495. c = '\n';
  1496. putc(c, stderr);
  1497. fflush(stderr);
  1498. return 1;
  1499. }
  1500. int test_kron(BIO *bp, BN_CTX *ctx)
  1501. {
  1502. BN_GENCB cb;
  1503. BIGNUM *a, *b, *r, *t;
  1504. int i;
  1505. int legendre, kronecker;
  1506. int ret = 0;
  1507. a = BN_new();
  1508. b = BN_new();
  1509. r = BN_new();
  1510. t = BN_new();
  1511. if (a == NULL || b == NULL || r == NULL || t == NULL)
  1512. goto err;
  1513. BN_GENCB_set(&cb, genprime_cb, NULL);
  1514. /*
  1515. * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
  1516. * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
  1517. * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
  1518. * generate a random prime b and compare these values for a number of
  1519. * random a's. (That is, we run the Solovay-Strassen primality test to
  1520. * confirm that b is prime, except that we don't want to test whether b
  1521. * is prime but whether BN_kronecker works.)
  1522. */
  1523. if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
  1524. goto err;
  1525. b->neg = rand_neg();
  1526. putc('\n', stderr);
  1527. for (i = 0; i < num0; i++) {
  1528. if (!BN_bntest_rand(a, 512, 0, 0))
  1529. goto err;
  1530. a->neg = rand_neg();
  1531. /* t := (|b|-1)/2 (note that b is odd) */
  1532. if (!BN_copy(t, b))
  1533. goto err;
  1534. t->neg = 0;
  1535. if (!BN_sub_word(t, 1))
  1536. goto err;
  1537. if (!BN_rshift1(t, t))
  1538. goto err;
  1539. /* r := a^t mod b */
  1540. b->neg = 0;
  1541. if (!BN_mod_exp_recp(r, a, t, b, ctx))
  1542. goto err;
  1543. b->neg = 1;
  1544. if (BN_is_word(r, 1))
  1545. legendre = 1;
  1546. else if (BN_is_zero(r))
  1547. legendre = 0;
  1548. else {
  1549. if (!BN_add_word(r, 1))
  1550. goto err;
  1551. if (0 != BN_ucmp(r, b)) {
  1552. fprintf(stderr, "Legendre symbol computation failed\n");
  1553. goto err;
  1554. }
  1555. legendre = -1;
  1556. }
  1557. kronecker = BN_kronecker(a, b, ctx);
  1558. if (kronecker < -1)
  1559. goto err;
  1560. /* we actually need BN_kronecker(a, |b|) */
  1561. if (a->neg && b->neg)
  1562. kronecker = -kronecker;
  1563. if (legendre != kronecker) {
  1564. fprintf(stderr, "legendre != kronecker; a = ");
  1565. BN_print_fp(stderr, a);
  1566. fprintf(stderr, ", b = ");
  1567. BN_print_fp(stderr, b);
  1568. fprintf(stderr, "\n");
  1569. goto err;
  1570. }
  1571. putc('.', stderr);
  1572. fflush(stderr);
  1573. }
  1574. putc('\n', stderr);
  1575. fflush(stderr);
  1576. ret = 1;
  1577. err:
  1578. if (a != NULL)
  1579. BN_free(a);
  1580. if (b != NULL)
  1581. BN_free(b);
  1582. if (r != NULL)
  1583. BN_free(r);
  1584. if (t != NULL)
  1585. BN_free(t);
  1586. return ret;
  1587. }
  1588. int test_sqrt(BIO *bp, BN_CTX *ctx)
  1589. {
  1590. BN_GENCB cb;
  1591. BIGNUM *a, *p, *r;
  1592. int i, j;
  1593. int ret = 0;
  1594. a = BN_new();
  1595. p = BN_new();
  1596. r = BN_new();
  1597. if (a == NULL || p == NULL || r == NULL)
  1598. goto err;
  1599. BN_GENCB_set(&cb, genprime_cb, NULL);
  1600. for (i = 0; i < 16; i++) {
  1601. if (i < 8) {
  1602. unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
  1603. if (!BN_set_word(p, primes[i]))
  1604. goto err;
  1605. } else {
  1606. if (!BN_set_word(a, 32))
  1607. goto err;
  1608. if (!BN_set_word(r, 2 * i + 1))
  1609. goto err;
  1610. if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
  1611. goto err;
  1612. putc('\n', stderr);
  1613. }
  1614. p->neg = rand_neg();
  1615. for (j = 0; j < num2; j++) {
  1616. /*
  1617. * construct 'a' such that it is a square modulo p, but in
  1618. * general not a proper square and not reduced modulo p
  1619. */
  1620. if (!BN_bntest_rand(r, 256, 0, 3))
  1621. goto err;
  1622. if (!BN_nnmod(r, r, p, ctx))
  1623. goto err;
  1624. if (!BN_mod_sqr(r, r, p, ctx))
  1625. goto err;
  1626. if (!BN_bntest_rand(a, 256, 0, 3))
  1627. goto err;
  1628. if (!BN_nnmod(a, a, p, ctx))
  1629. goto err;
  1630. if (!BN_mod_sqr(a, a, p, ctx))
  1631. goto err;
  1632. if (!BN_mul(a, a, r, ctx))
  1633. goto err;
  1634. if (rand_neg())
  1635. if (!BN_sub(a, a, p))
  1636. goto err;
  1637. if (!BN_mod_sqrt(r, a, p, ctx))
  1638. goto err;
  1639. if (!BN_mod_sqr(r, r, p, ctx))
  1640. goto err;
  1641. if (!BN_nnmod(a, a, p, ctx))
  1642. goto err;
  1643. if (BN_cmp(a, r) != 0) {
  1644. fprintf(stderr, "BN_mod_sqrt failed: a = ");
  1645. BN_print_fp(stderr, a);
  1646. fprintf(stderr, ", r = ");
  1647. BN_print_fp(stderr, r);
  1648. fprintf(stderr, ", p = ");
  1649. BN_print_fp(stderr, p);
  1650. fprintf(stderr, "\n");
  1651. goto err;
  1652. }
  1653. putc('.', stderr);
  1654. fflush(stderr);
  1655. }
  1656. putc('\n', stderr);
  1657. fflush(stderr);
  1658. }
  1659. ret = 1;
  1660. err:
  1661. if (a != NULL)
  1662. BN_free(a);
  1663. if (p != NULL)
  1664. BN_free(p);
  1665. if (r != NULL)
  1666. BN_free(r);
  1667. return ret;
  1668. }
  1669. int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
  1670. {
  1671. BIGNUM *a, *b, *c, *d;
  1672. int i;
  1673. b = BN_new();
  1674. c = BN_new();
  1675. d = BN_new();
  1676. BN_one(c);
  1677. if (a_)
  1678. a = a_;
  1679. else {
  1680. a = BN_new();
  1681. BN_bntest_rand(a, 200, 0, 0);
  1682. a->neg = rand_neg();
  1683. }
  1684. for (i = 0; i < num0; i++) {
  1685. BN_lshift(b, a, i + 1);
  1686. BN_add(c, c, c);
  1687. if (bp != NULL) {
  1688. if (!results) {
  1689. BN_print(bp, a);
  1690. BIO_puts(bp, " * ");
  1691. BN_print(bp, c);
  1692. BIO_puts(bp, " - ");
  1693. }
  1694. BN_print(bp, b);
  1695. BIO_puts(bp, "\n");
  1696. }
  1697. BN_mul(d, a, c, ctx);
  1698. BN_sub(d, d, b);
  1699. if (!BN_is_zero(d)) {
  1700. fprintf(stderr, "Left shift test failed!\n");
  1701. fprintf(stderr, "a=");
  1702. BN_print_fp(stderr, a);
  1703. fprintf(stderr, "\nb=");
  1704. BN_print_fp(stderr, b);
  1705. fprintf(stderr, "\nc=");
  1706. BN_print_fp(stderr, c);
  1707. fprintf(stderr, "\nd=");
  1708. BN_print_fp(stderr, d);
  1709. fprintf(stderr, "\n");
  1710. return 0;
  1711. }
  1712. }
  1713. BN_free(a);
  1714. BN_free(b);
  1715. BN_free(c);
  1716. BN_free(d);
  1717. return (1);
  1718. }
  1719. int test_lshift1(BIO *bp)
  1720. {
  1721. BIGNUM *a, *b, *c;
  1722. int i;
  1723. a = BN_new();
  1724. b = BN_new();
  1725. c = BN_new();
  1726. BN_bntest_rand(a, 200, 0, 0);
  1727. a->neg = rand_neg();
  1728. for (i = 0; i < num0; i++) {
  1729. BN_lshift1(b, a);
  1730. if (bp != NULL) {
  1731. if (!results) {
  1732. BN_print(bp, a);
  1733. BIO_puts(bp, " * 2");
  1734. BIO_puts(bp, " - ");
  1735. }
  1736. BN_print(bp, b);
  1737. BIO_puts(bp, "\n");
  1738. }
  1739. BN_add(c, a, a);
  1740. BN_sub(a, b, c);
  1741. if (!BN_is_zero(a)) {
  1742. fprintf(stderr, "Left shift one test failed!\n");
  1743. return 0;
  1744. }
  1745. BN_copy(a, b);
  1746. }
  1747. BN_free(a);
  1748. BN_free(b);
  1749. BN_free(c);
  1750. return (1);
  1751. }
  1752. int test_rshift(BIO *bp, BN_CTX *ctx)
  1753. {
  1754. BIGNUM *a, *b, *c, *d, *e;
  1755. int i;
  1756. a = BN_new();
  1757. b = BN_new();
  1758. c = BN_new();
  1759. d = BN_new();
  1760. e = BN_new();
  1761. BN_one(c);
  1762. BN_bntest_rand(a, 200, 0, 0);
  1763. a->neg = rand_neg();
  1764. for (i = 0; i < num0; i++) {
  1765. BN_rshift(b, a, i + 1);
  1766. BN_add(c, c, c);
  1767. if (bp != NULL) {
  1768. if (!results) {
  1769. BN_print(bp, a);
  1770. BIO_puts(bp, " / ");
  1771. BN_print(bp, c);
  1772. BIO_puts(bp, " - ");
  1773. }
  1774. BN_print(bp, b);
  1775. BIO_puts(bp, "\n");
  1776. }
  1777. BN_div(d, e, a, c, ctx);
  1778. BN_sub(d, d, b);
  1779. if (!BN_is_zero(d)) {
  1780. fprintf(stderr, "Right shift test failed!\n");
  1781. return 0;
  1782. }
  1783. }
  1784. BN_free(a);
  1785. BN_free(b);
  1786. BN_free(c);
  1787. BN_free(d);
  1788. BN_free(e);
  1789. return (1);
  1790. }
  1791. int test_rshift1(BIO *bp)
  1792. {
  1793. BIGNUM *a, *b, *c;
  1794. int i;
  1795. a = BN_new();
  1796. b = BN_new();
  1797. c = BN_new();
  1798. BN_bntest_rand(a, 200, 0, 0);
  1799. a->neg = rand_neg();
  1800. for (i = 0; i < num0; i++) {
  1801. BN_rshift1(b, a);
  1802. if (bp != NULL) {
  1803. if (!results) {
  1804. BN_print(bp, a);
  1805. BIO_puts(bp, " / 2");
  1806. BIO_puts(bp, " - ");
  1807. }
  1808. BN_print(bp, b);
  1809. BIO_puts(bp, "\n");
  1810. }
  1811. BN_sub(c, a, b);
  1812. BN_sub(c, c, b);
  1813. if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
  1814. fprintf(stderr, "Right shift one test failed!\n");
  1815. return 0;
  1816. }
  1817. BN_copy(a, b);
  1818. }
  1819. BN_free(a);
  1820. BN_free(b);
  1821. BN_free(c);
  1822. return (1);
  1823. }
  1824. int rand_neg(void)
  1825. {
  1826. static unsigned int neg = 0;
  1827. static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };
  1828. return (sign[(neg++) % 8]);
  1829. }