| author | sl |
| Tue, 10 Jun 2014 14:32:02 +0200 | |
| changeset 1 | 260cb5ec6c19 |
| permissions | -rw-r--r-- |
1 /* crypto/bn/bntest.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58 /* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the Eric Young open source
65 * license provided above.
66 *
67 * The binary polynomial arithmetic software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71 /*
72 © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
73 */
75 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
76 * deprecated functions for openssl-internal code */
77 #ifndef SYMBIAN
78 #ifdef OPENSSL_NO_DEPRECATED
79 #undef OPENSSL_NO_DEPRECATED
80 #endif
81 #endif
83 #ifdef SYMBIAN
84 #include <e32def.h>
85 #endif
88 #include <stdio.h>
89 #include <stdlib.h>
90 #include <string.h>
91 #ifndef SYMBIAN
92 #include "../e_os.h"
93 #else
94 #include "e_os.h"
95 #endif
97 #include <openssl/bio.h>
98 #include <openssl/bn.h>
99 #include <openssl/rand.h>
100 #include <openssl/x509.h>
101 #include <openssl/err.h>
102 #ifdef SYMBIAN
103 #ifdef stdin
104 #undef stdin
105 #endif
106 #ifdef stdout
107 #undef stdout
108 #endif
109 #ifdef stderr
110 #undef stderr
111 #endif
112 #define stdin fp_stdin
113 #define stdout fp_stdout
114 #define stderr fp_stderr
115 extern FILE *fp_stdout;
116 extern FILE *fp_stderr;
117 #endif
119 const int num0 = 100; /* number of tests */
120 const int num1 = 50; /* additional tests for some functions */
121 const int num2 = 5; /* number of tests for slow functions */
123 int test_add(BIO *bp);
124 int test_sub(BIO *bp);
125 int test_lshift1(BIO *bp);
126 int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
127 int test_rshift1(BIO *bp);
128 int test_rshift(BIO *bp,BN_CTX *ctx);
129 int test_div(BIO *bp,BN_CTX *ctx);
130 int test_div_word(BIO *bp);
131 int test_div_recp(BIO *bp,BN_CTX *ctx);
132 int test_mul(BIO *bp);
133 int test_sqr(BIO *bp,BN_CTX *ctx);
134 int test_mont(BIO *bp,BN_CTX *ctx);
135 int test_mod(BIO *bp,BN_CTX *ctx);
136 int test_mod_mul(BIO *bp,BN_CTX *ctx);
137 int test_mod_exp(BIO *bp,BN_CTX *ctx);
138 int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
139 int test_exp(BIO *bp,BN_CTX *ctx);
140 int test_gf2m_add(BIO *bp);
141 int test_gf2m_mod(BIO *bp);
142 int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
143 int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
144 int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
145 int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
146 int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
147 int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
148 int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
149 int test_kron(BIO *bp,BN_CTX *ctx);
150 int test_sqrt(BIO *bp,BN_CTX *ctx);
151 int rand_neg(void);
152 static int results=0;
154 static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
155 "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
157 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
159 static void message(BIO *out, char *m)
160 {
161 fprintf(stderr, "test %s\n", m);
162 BIO_puts(out, "print \"test ");
163 BIO_puts(out, m);
164 BIO_puts(out, "\\n\"\n");
165 }
167 #ifndef SYMBIAN
168 int main(int argc, char *argv[])
169 #else
170 int bn_main(int argc, char *argv[])
171 #endif
173 {
174 BN_CTX *ctx;
175 BIO *out;
176 char *outfile=NULL;
178 results = 0;
179 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
180 if(errno==ENOMEM)
181 {
182 return 1;
183 }
184 #ifndef SYMBIAN
185 argc--;
186 argv++;
187 #endif
188 while (argc >= 1)
189 {
190 if (strcmp(*argv,"-results") == 0)
191 results=1;
192 else if (strcmp(*argv,"-out") == 0)
193 {
194 if (--argc < 1) break;
195 outfile= *(++argv);
196 }
197 argc--;
198 argv++;
199 }
202 ctx=BN_CTX_new();
203 if(ctx == NULL&&errno==ENOMEM)
204 {
205 return 1;
206 }
207 if (ctx == NULL)
208 return 1;
209 out=BIO_new(BIO_s_file());
210 if(out == NULL&&errno==ENOMEM)
211 {
212 return 1;
213 }
215 if (out == NULL)
216 return 1;
217 if (outfile == NULL)
218 {
219 BIO_set_fp(out,stdout,BIO_NOCLOSE);
220 if(errno==ENOMEM)
221 {
222 return 1;
223 }
224 }
225 else
226 {
227 if (!BIO_write_filename(out,outfile))
228 {
229 return 1;
230 }
231 }
233 if (!results)
234 BIO_puts(out,"obase=16\nibase=16\n");
235 if(errno==ENOMEM)
236 {
237 return 1;
238 }
239 message(out,"BN_add");
240 if (!test_add(out))
241 {
242 if(errno==ENOMEM)
243 {
244 return 1;
245 }
246 goto err;
247 }
248 (void)BIO_flush(out);
249 if(errno==ENOMEM)
250 {
251 return 1;
252 }
254 message(out,"BN_sub");
255 if (!test_sub(out))
256 {
257 if(errno==ENOMEM)
258 {
259 return 1;
260 }
261 goto err;
262 }
263 (void)BIO_flush(out);
264 if(errno==ENOMEM)
265 {
266 return 1;
267 }
269 message(out,"BN_lshift1");
270 if (!test_lshift1(out))
271 {
272 if(errno==ENOMEM)
273 {
274 return 1;
275 }
276 goto err;
277 }
278 (void)BIO_flush(out);
279 if(errno==ENOMEM)
280 {
281 return 1;
282 }
283 message(out,"BN_lshift (fixed)");
284 if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
285 {
286 if(errno==ENOMEM)
287 {
288 return 1;
289 }
290 goto err;
291 }
292 (void)BIO_flush(out);
293 if(errno==ENOMEM)
294 {
295 return 1;
296 }
297 message(out,"BN_lshift");
298 if (!test_lshift(out,ctx,NULL))
299 {
300 if(errno==ENOMEM)
301 {
302 return 1;
303 }
304 goto err;
305 }
306 (void)BIO_flush(out);
307 if(errno==ENOMEM)
308 {
309 return 1;
310 }
311 message(out,"BN_rshift1");
312 if (!test_rshift1(out))
313 {
314 if(errno==ENOMEM)
315 {
316 return 1;
317 }
318 goto err;
319 }
320 (void)BIO_flush(out);
321 if(errno==ENOMEM)
322 {
323 return 1;
324 }
325 message(out,"BN_rshift");
326 if (!test_rshift(out,ctx))
327 {
328 if(errno==ENOMEM)
329 {
330 return 1;
331 }
332 goto err;
333 }
334 (void)BIO_flush(out);
335 if(errno==ENOMEM)
336 {
337 return 1;
338 }
339 message(out,"BN_sqr");
340 if (!test_sqr(out,ctx))
341 {
342 if(errno==ENOMEM)
343 {
344 return 1;
345 }
346 goto err;
347 }
348 (void)BIO_flush(out);
349 if(errno==ENOMEM)
350 {
351 return 1;
352 }
354 message(out,"BN_mul");
355 if (!test_mul(out))
356 {
357 if(errno==ENOMEM)
358 {
359 return 1;
360 }
361 goto err;
362 }
363 (void)BIO_flush(out);
364 if(errno==ENOMEM)
365 {
366 return 1;
367 }
368 message(out,"BN_div");
369 if (!test_div(out,ctx))
370 {
371 if(errno==ENOMEM)
372 {
373 return 1;
374 }
375 goto err;
376 }
377 (void)BIO_flush(out);
378 if(errno==ENOMEM)
379 {
380 return 1;
381 }
382 message(out,"BN_div_word");
383 if (!test_div_word(out))
384 {
385 if(errno==ENOMEM)
386 {
387 return 1;
388 }
389 goto err;
390 }
391 (void)BIO_flush(out);
392 if(errno==ENOMEM)
393 {
394 return 1;
395 }
396 message(out,"BN_div_recp");
397 if (!test_div_recp(out,ctx))
398 {
399 if(errno==ENOMEM)
400 {
401 return 1;
402 }
403 goto err;
404 }
405 (void)BIO_flush(out);
406 if(errno==ENOMEM)
407 {
408 return 1;
409 }
410 message(out,"BN_mod");
411 if (!test_mod(out,ctx))
412 {
413 if(errno==ENOMEM)
414 {
415 return 1;
416 }
417 goto err;
418 }
419 (void)BIO_flush(out);
420 if(errno==ENOMEM)
421 {
422 return 1;
423 }
424 message(out,"BN_mod_mul");
425 if (!test_mod_mul(out,ctx))
426 {
427 if(errno==ENOMEM)
428 {
429 return 1;
430 }
431 goto err;
432 }
433 (void)BIO_flush(out);
434 if(errno==ENOMEM)
435 {
436 return 1;
437 }
438 message(out,"BN_mont");
439 if (!test_mont(out,ctx))
440 {
441 if(errno==ENOMEM)
442 {
443 return 1;
444 }
445 goto err;
446 }
447 (void)BIO_flush(out);
448 if(errno==ENOMEM)
449 {
450 return 1;
451 }
452 message(out,"BN_mod_exp");
453 if (!test_mod_exp(out,ctx))
454 {
455 if(errno==ENOMEM)
456 {
457 return 1;
458 }
459 goto err;
460 }
461 (void)BIO_flush(out);
462 if(errno==ENOMEM)
463 {
464 return 1;
465 }
466 message(out,"BN_mod_exp_mont_consttime");
467 if (!test_mod_exp_mont_consttime(out,ctx))
468 {
469 if(errno==ENOMEM)
470 {
471 return 1;
472 }
473 goto err;
474 }
475 (void)BIO_flush(out);
476 if(errno==ENOMEM)
477 {
478 return 1;
479 }
480 message(out,"BN_exp");
481 if (!test_exp(out,ctx))
482 {
483 if(errno==ENOMEM)
484 {
485 return 1;
486 }
487 goto err;
488 }
489 (void)BIO_flush(out);
490 if(errno==ENOMEM)
491 {
492 return 1;
493 }
494 message(out,"BN_kronecker");
495 if (!test_kron(out,ctx))
496 {
497 if(errno==ENOMEM)
498 {
499 return 1;
500 }
501 goto err;
502 }
503 (void)BIO_flush(out);
504 if(errno==ENOMEM)
505 {
506 return 1;
507 }
508 message(out,"BN_mod_sqrt");
509 if (!test_sqrt(out,ctx))
510 {
511 if(errno==ENOMEM)
512 {
513 return 1;
514 }
515 goto err;
516 }
517 (void)BIO_flush(out);
518 if(errno==ENOMEM)
519 {
520 return 1;
521 }
522 message(out,"BN_GF2m_add");
523 if (!test_gf2m_add(out))
524 {
525 if(errno==ENOMEM)
526 {
527 return 1;
528 }
529 goto err;
530 }
531 (void)BIO_flush(out);
532 if(errno==ENOMEM)
533 {
534 return 1;
535 }
536 message(out,"BN_GF2m_mod");
537 if (!test_gf2m_mod(out))
538 {
539 if(errno==ENOMEM)
540 {
541 return 1;
542 }
543 goto err;
544 }
545 (void)BIO_flush(out);
546 if(errno==ENOMEM)
547 {
548 return 1;
549 }
550 message(out,"BN_GF2m_mod_mul");
551 if (!test_gf2m_mod_mul(out,ctx))
552 {
553 if(errno==ENOMEM)
554 {
555 return 1;
556 }
557 goto err;
558 }
559 (void)BIO_flush(out);
560 if(errno==ENOMEM)
561 {
562 return 1;
563 }
564 message(out,"BN_GF2m_mod_sqr");
565 if (!test_gf2m_mod_sqr(out,ctx))
566 {
567 if(errno==ENOMEM)
568 {
569 return 1;
570 }
571 goto err;
572 }
573 (void)BIO_flush(out);
574 if(errno==ENOMEM)
575 {
576 return 1;
577 }
578 message(out,"BN_GF2m_mod_inv");
579 if (!test_gf2m_mod_inv(out,ctx))
580 {
581 if(errno==ENOMEM)
582 {
583 return 1;
584 }
585 goto err;
586 }
587 (void)BIO_flush(out);
588 if(errno==ENOMEM)
589 {
590 return 1;
591 }
592 message(out,"BN_GF2m_mod_div");
593 if (!test_gf2m_mod_div(out,ctx))
594 {
595 if(errno==ENOMEM)
596 {
597 return 1;
598 }
599 goto err;
600 }
601 (void)BIO_flush(out);
602 if(errno==ENOMEM)
603 {
604 return 1;
605 }
606 message(out,"BN_GF2m_mod_exp");
607 if (!test_gf2m_mod_exp(out,ctx))
608 {
609 if(errno==ENOMEM)
610 {
611 return 1;
612 }
613 goto err;
614 }
615 (void)BIO_flush(out);
616 if(errno==ENOMEM)
617 {
618 return 1;
619 }
620 message(out,"BN_GF2m_mod_sqrt");
621 if (!test_gf2m_mod_sqrt(out,ctx))
622 {
623 if(errno==ENOMEM)
624 {
625 return 1;
626 }
627 goto err;
628 }
629 (void)BIO_flush(out);
630 if(errno==ENOMEM)
631 {
632 return 1;
633 }
634 message(out,"BN_GF2m_mod_solve_quad");
635 if (!test_gf2m_mod_solve_quad(out,ctx))
636 {
637 if(errno==ENOMEM)
638 {
639 return 1;
640 }
641 goto err;
642 }
643 (void)BIO_flush(out);
644 if(errno==ENOMEM)
645 {
646 return 1;
647 }
648 BN_CTX_free(ctx);
649 if(errno==ENOMEM)
650 {
651 return 1;
652 }
653 BIO_free(out);
654 if(errno==ENOMEM)
655 {
656 return 1;
657 }
658 #ifdef SYMBIAN
659 CRYPTO_cleanup_all_ex_data();
660 if(errno==ENOMEM)
661 {
662 return 1;
663 }
664 ERR_remove_state(0);
665 if(errno==ENOMEM)
666 {
667 return 1;
668 }
669 ERR_free_strings();
670 if(errno==ENOMEM)
671 {
672 return 1;
673 }
675 #endif
676 fprintf(stderr,"Test case passed!\n");
677 fprintf(stdout,"Test case passed!\n");
678 return 0;
679 err:
680 BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
681 * the failure, see test_bn in test/Makefile.ssl*/
682 if(errno==ENOMEM)
683 {
684 return 1;
685 }
686 (void)BIO_flush(out);
687 if(errno==ENOMEM)
688 {
689 return 1;
690 }
691 ERR_load_crypto_strings();
692 if(errno==ENOMEM)
693 {
694 return 1;
695 }
696 ERR_print_errors_fp(stderr);
697 if(errno==ENOMEM)
698 {
699 return 1;
700 }
701 ERR_remove_state(0);
702 if(errno==ENOMEM)
703 {
704 return 1;
705 }
706 ERR_free_strings();
707 if(errno==ENOMEM)
708 {
709 return 1;
710 }
712 #ifdef SYMBIAN
713 CRYPTO_cleanup_all_ex_data();
714 if(errno==ENOMEM)
715 {
716 return 1;
717 }
719 #endif
720 return(1);
721 }
724 int test_add(BIO *bp)
725 {
726 BIGNUM a,b,c;
727 int i;
729 BN_init(&a);
731 if(errno==ENOMEM)
732 {
733 return 0;
734 }
735 BN_init(&b);
736 if(errno==ENOMEM)
737 {
738 return 0;
739 }
741 BN_init(&c);
742 if(errno==ENOMEM)
743 {
744 return 0;
745 }
748 BN_bntest_rand(&a,512,0,0);
749 if(errno==ENOMEM)
750 {
751 return 0;
752 }
754 for (i=0; i<num0; i++)
755 {
756 BN_bntest_rand(&b,450+i,0,0);
757 if(errno==ENOMEM)
758 {
759 return 0;
760 }
761 a.neg=rand_neg();
762 if(errno==ENOMEM)
763 {
764 return 0;
765 }
766 b.neg=rand_neg();
767 if(errno==ENOMEM)
768 {
769 return 0;
770 }
771 BN_add(&c,&a,&b);
772 if(errno==ENOMEM)
773 {
774 return 0;
775 }
777 if (bp != NULL)
778 {
779 if (!results)
780 {
781 BN_print(bp,&a);
782 if(errno==ENOMEM)
783 {
784 return 0;
785 }
786 BIO_puts(bp," + ");
787 if(errno==ENOMEM)
788 {
789 return 0;
790 }
792 BN_print(bp,&b);
793 if(errno==ENOMEM)
794 {
795 return 0;
796 }
798 BIO_puts(bp," - ");
799 if(errno==ENOMEM)
800 {
801 return 0;
802 }
804 }
805 BN_print(bp,&c);
806 if(errno==ENOMEM)
807 {
808 return 0;
809 }
811 BIO_puts(bp,"\n");
812 if(errno==ENOMEM)
813 {
814 return 0;
815 }
817 }
818 a.neg=!a.neg;
819 b.neg=!b.neg;
820 BN_add(&c,&c,&b);
821 if(errno==ENOMEM)
822 {
823 return 0;
824 }
826 BN_add(&c,&c,&a);
827 if(errno==ENOMEM)
828 {
829 return 0;
830 }
832 if(!BN_is_zero(&c))
833 {
834 if(errno==ENOMEM)
835 {
836 return 0;
837 }
838 fprintf(stderr,"Add test failed!\n");
839 return 0;
840 }
841 }
842 BN_free(&a);
843 if(errno==ENOMEM)
844 {
845 return 0;
846 }
848 BN_free(&b);
849 if(errno==ENOMEM)
850 {
851 return 0;
852 }
854 BN_free(&c);
855 if(errno==ENOMEM)
856 {
857 return 0;
858 }
859 return(1);
860 }
862 int test_sub(BIO *bp)
863 {
864 BIGNUM a,b,c;
865 int i;
867 BN_init(&a);
868 if(errno==ENOMEM)
869 {
870 return 0;
871 }
873 BN_init(&b);
874 if(errno==ENOMEM)
875 {
876 return 0;
877 }
879 BN_init(&c);
880 if(errno==ENOMEM)
881 {
882 return 0;
883 }
885 for (i=0; i<num0+num1; i++)
886 {
887 if (i < num1)
888 {
889 BN_bntest_rand(&a,512,0,0);
890 if(errno==ENOMEM)
891 {
892 return 0;
893 }
894 BN_copy(&b,&a);
895 if(errno==ENOMEM)
896 {
897 return 0;
898 }
899 if (BN_set_bit(&a,i)==0) return(0);
900 if(errno==ENOMEM)
901 {
902 return 0;
903 }
904 BN_add_word(&b,i);
905 if(errno==ENOMEM)
906 {
907 return 0;
908 }
910 }
911 else
912 {
913 BN_bntest_rand(&b,400+i-num1,0,0);
914 if(errno==ENOMEM)
915 {
916 return 0;
917 }
918 a.neg=rand_neg();
919 if(errno==ENOMEM)
920 {
921 return 0;
922 }
923 b.neg=rand_neg();
924 if(errno==ENOMEM)
925 {
926 return 0;
927 }
929 }
930 BN_sub(&c,&a,&b);
931 if(errno==ENOMEM)
932 {
933 return 0;
934 }
936 if (bp != NULL)
937 {
938 if (!results)
939 {
940 BN_print(bp,&a);
941 if(errno==ENOMEM)
942 {
943 return 0;
944 }
946 BIO_puts(bp," - ");
947 if(errno==ENOMEM)
948 {
949 return 0;
950 }
952 BN_print(bp,&b);
953 if(errno==ENOMEM)
954 {
955 return 0;
956 }
958 BIO_puts(bp," - ");
959 if(errno==ENOMEM)
960 {
961 return 0;
962 }
964 }
965 BN_print(bp,&c);
966 if(errno==ENOMEM)
967 {
968 return 0;
969 }
971 BIO_puts(bp,"\n");
972 if(errno==ENOMEM)
973 {
974 return 0;
975 }
977 }
978 BN_add(&c,&c,&b);
979 if(errno==ENOMEM)
980 {
981 return 0;
982 }
984 BN_sub(&c,&c,&a);
985 if(errno==ENOMEM)
986 {
987 return 0;
988 }
990 if(!BN_is_zero(&c))
991 {
992 if(errno==ENOMEM)
993 {
994 return 0;
995 }
997 fprintf(stderr,"Subtract test failed!\n");
998 return 0;
999 }
1000 }
1001 BN_free(&a);
1002 if(errno==ENOMEM)
1003 {
1004 return 0;
1005 }
1006 BN_free(&b);
1007 if(errno==ENOMEM)
1008 {
1009 return 0;
1010 }
1011 BN_free(&c);
1012 if(errno==ENOMEM)
1013 {
1014 return 0;
1015 }
1016 return(1);
1017 }
1019 int test_div(BIO *bp, BN_CTX *ctx)
1020 {
1021 BIGNUM a,b,c,d,e;
1022 int i;
1024 BN_init(&a);
1025 if(errno==ENOMEM)
1026 {
1027 return 0;
1028 }
1030 BN_init(&b);
1031 if(errno==ENOMEM)
1032 {
1033 return 0;
1034 }
1036 BN_init(&c);
1037 if(errno==ENOMEM)
1038 {
1039 return 0;
1040 }
1042 BN_init(&d);
1043 if(errno==ENOMEM)
1044 {
1045 return 0;
1046 }
1048 BN_init(&e);
1049 if(errno==ENOMEM)
1050 {
1051 return 0;
1052 }
1055 for (i=0; i<num0+num1; i++)
1056 {
1057 if (i < num1)
1058 {
1059 BN_bntest_rand(&a,400,0,0);
1060 if(errno==ENOMEM)
1061 {
1062 return 0;
1063 }
1065 BN_copy(&b,&a);
1066 if(errno==ENOMEM)
1067 {
1068 return 0;
1069 }
1070 BN_lshift(&a,&a,i);
1071 if(errno==ENOMEM)
1072 {
1073 return 0;
1074 }
1075 BN_add_word(&a,i);
1076 if(errno==ENOMEM)
1077 {
1078 return 0;
1079 }
1080 }
1081 else
1082 BN_bntest_rand(&b,50+3*(i-num1),0,0);
1083 if(errno==ENOMEM)
1084 {
1085 return 0;
1086 }
1088 a.neg=rand_neg();
1089 if(errno==ENOMEM)
1090 {
1091 return 0;
1092 }
1093 b.neg=rand_neg();
1094 if(errno==ENOMEM)
1095 {
1096 return 0;
1097 }
1098 BN_div(&d,&c,&a,&b,ctx);
1099 if(errno==ENOMEM)
1100 {
1101 return 0;
1102 }
1103 if (bp != NULL)
1104 {
1105 if (!results)
1106 {
1107 BN_print(bp,&a);
1108 if(errno==ENOMEM)
1109 {
1110 return 0;
1111 }
1112 BIO_puts(bp," / ");
1113 if(errno==ENOMEM)
1114 {
1115 return 0;
1116 }
1118 BN_print(bp,&b);
1119 if(errno==ENOMEM)
1120 {
1121 return 0;
1122 }
1124 BIO_puts(bp," - ");
1125 if(errno==ENOMEM)
1126 {
1127 return 0;
1128 }
1130 }
1131 BN_print(bp,&d);
1132 if(errno==ENOMEM)
1133 {
1134 return 0;
1135 }
1137 BIO_puts(bp,"\n");
1138 if(errno==ENOMEM)
1139 {
1140 return 0;
1141 }
1144 if (!results)
1145 {
1146 BN_print(bp,&a);
1147 if(errno==ENOMEM)
1148 {
1149 return 0;
1150 }
1152 BIO_puts(bp," % ");
1153 if(errno==ENOMEM)
1154 {
1155 return 0;
1156 }
1158 BN_print(bp,&b);
1159 if(errno==ENOMEM)
1160 {
1161 return 0;
1162 }
1164 BIO_puts(bp," - ");
1165 if(errno==ENOMEM)
1166 {
1167 return 0;
1168 }
1170 }
1171 BN_print(bp,&c);
1172 if(errno==ENOMEM)
1173 {
1174 return 0;
1175 }
1177 BIO_puts(bp,"\n");
1178 if(errno==ENOMEM)
1179 {
1180 return 0;
1181 }
1183 }
1184 BN_mul(&e,&d,&b,ctx);
1185 if(errno==ENOMEM)
1186 {
1187 return 0;
1188 }
1190 BN_add(&d,&e,&c);
1191 if(errno==ENOMEM)
1192 {
1193 return 0;
1194 }
1196 BN_sub(&d,&d,&a);
1197 if(errno==ENOMEM)
1198 {
1199 return 0;
1200 }
1202 if(!BN_is_zero(&d))
1203 {
1204 if(errno==ENOMEM)
1205 {
1206 return 0;
1207 }
1209 fprintf(stderr,"Division test failed!\n");
1210 return 0;
1211 }
1212 }
1213 BN_free(&a);
1214 if(errno==ENOMEM)
1215 {
1216 return 0;
1217 }
1219 BN_free(&b);
1220 if(errno==ENOMEM)
1221 {
1222 return 0;
1223 }
1225 BN_free(&c);
1226 if(errno==ENOMEM)
1227 {
1228 return 0;
1229 }
1231 BN_free(&d);
1232 if(errno==ENOMEM)
1233 {
1234 return 0;
1235 }
1237 BN_free(&e);
1238 if(errno==ENOMEM)
1239 {
1240 return 0;
1241 }
1243 return(1);
1244 }
1246 static void print_word(BIO *bp,BN_ULONG w)
1247 {
1248 #ifdef SIXTY_FOUR_BIT
1249 if (sizeof(w) > sizeof(unsigned long))
1250 {
1251 unsigned long h=(unsigned long)(w>>32),
1252 l=(unsigned long)(w);
1254 if (h) BIO_printf(bp,"%lX%08lX",h,l);
1255 else BIO_printf(bp,"%lX",l);
1256 return;
1257 }
1258 #endif
1259 BIO_printf(bp,"%lX",w);
1260 }
1262 int test_div_word(BIO *bp)
1263 {
1264 BIGNUM a,b;
1265 BN_ULONG r,s;
1266 int i;
1268 BN_init(&a);
1269 if(errno==ENOMEM)
1270 {
1271 return 0;
1272 }
1273 BN_init(&b);
1274 if(errno==ENOMEM)
1275 {
1276 return 0;
1277 }
1280 for (i=0; i<num0; i++)
1281 {
1282 do {
1283 BN_bntest_rand(&a,512,-1,0);
1284 if(errno==ENOMEM)
1285 {
1286 return 0;
1287 }
1288 BN_bntest_rand(&b,BN_BITS2,-1,0);
1289 if(errno==ENOMEM)
1290 {
1291 return 0;
1292 }
1293 s = b.d[0];
1294 } while (!s);
1296 BN_copy(&b, &a);
1297 if(errno==ENOMEM)
1298 {
1299 return 0;
1300 }
1302 r = BN_div_word(&b, s);
1303 if(errno==ENOMEM)
1304 {
1305 return 0;
1306 }
1308 if (bp != NULL)
1309 {
1310 if (!results)
1311 {
1312 BN_print(bp,&a);
1313 if(errno==ENOMEM)
1314 {
1315 return 0;
1316 }
1318 BIO_puts(bp," / ");
1319 if(errno==ENOMEM)
1320 {
1321 return 0;
1322 }
1324 print_word(bp,s);
1325 if(errno==ENOMEM)
1326 {
1327 return 0;
1328 }
1330 BIO_puts(bp," - ");
1331 if(errno==ENOMEM)
1332 {
1333 return 0;
1334 }
1336 }
1337 BN_print(bp,&b);
1338 if(errno==ENOMEM)
1339 {
1340 return 0;
1341 }
1343 BIO_puts(bp,"\n");
1344 if(errno==ENOMEM)
1345 {
1346 return 0;
1347 }
1350 if (!results)
1351 {
1352 BN_print(bp,&a);
1353 if(errno==ENOMEM)
1354 {
1355 return 0;
1356 }
1357 BIO_puts(bp," % ");
1358 if(errno==ENOMEM)
1359 {
1360 return 0;
1361 }
1362 print_word(bp,s);
1363 if(errno==ENOMEM)
1364 {
1365 return 0;
1366 }
1367 BIO_puts(bp," - ");
1368 if(errno==ENOMEM)
1369 {
1370 return 0;
1371 }
1373 }
1374 print_word(bp,r);
1375 if(errno==ENOMEM)
1376 {
1377 return 0;
1378 }
1380 BIO_puts(bp,"\n");
1381 if(errno==ENOMEM)
1382 {
1383 return 0;
1384 }
1386 }
1387 BN_mul_word(&b,s);
1388 if(errno==ENOMEM)
1389 {
1390 return 0;
1391 }
1392 BN_add_word(&b,r);
1393 if(errno==ENOMEM)
1394 {
1395 return 0;
1396 }
1398 BN_sub(&b,&a,&b);
1399 if(errno==ENOMEM)
1400 {
1401 return 0;
1402 }
1404 if(!BN_is_zero(&b))
1405 {
1406 if(errno==ENOMEM)
1407 {
1408 return 0;
1409 }
1410 fprintf(stderr,"Division (word) test failed!\n");
1411 return 0;
1412 }
1413 }
1414 BN_free(&a);
1415 if(errno==ENOMEM)
1416 {
1417 return 0;
1418 }
1420 BN_free(&b);
1421 if(errno==ENOMEM)
1422 {
1423 return 0;
1424 }
1426 return(1);
1427 }
1429 int test_div_recp(BIO *bp, BN_CTX *ctx)
1430 {
1431 BIGNUM a,b,c,d,e;
1432 BN_RECP_CTX recp;
1433 int i;
1435 BN_RECP_CTX_init(&recp);
1436 if(errno==ENOMEM)
1437 {
1438 return 0;
1439 }
1441 BN_init(&a);
1442 if(errno==ENOMEM)
1443 {
1444 return 0;
1445 }
1447 BN_init(&b);
1448 if(errno==ENOMEM)
1449 {
1450 return 0;
1451 }
1453 BN_init(&c);
1454 if(errno==ENOMEM)
1455 {
1456 return 0;
1457 }
1459 BN_init(&d);
1460 if(errno==ENOMEM)
1461 {
1462 return 0;
1463 }
1465 BN_init(&e);
1466 if(errno==ENOMEM)
1467 {
1468 return 0;
1469 }
1472 for (i=0; i<num0+num1; i++)
1473 {
1474 if (i < num1)
1475 {
1476 BN_bntest_rand(&a,400,0,0);
1477 if(errno==ENOMEM)
1478 {
1479 return 0;
1480 }
1481 BN_copy(&b,&a);
1482 if(errno==ENOMEM)
1483 {
1484 return 0;
1485 }
1486 BN_lshift(&a,&a,i);
1487 if(errno==ENOMEM)
1488 {
1489 return 0;
1490 }
1491 BN_add_word(&a,i);
1492 if(errno==ENOMEM)
1493 {
1494 return 0;
1495 }
1497 }
1498 else
1499 BN_bntest_rand(&b,50+3*(i-num1),0,0);
1500 if(errno==ENOMEM)
1501 {
1502 return 0;
1503 }
1505 a.neg=rand_neg();
1506 if(errno==ENOMEM)
1507 {
1508 return 0;
1509 }
1511 b.neg=rand_neg();
1512 if(errno==ENOMEM)
1513 {
1514 return 0;
1515 }
1517 BN_RECP_CTX_set(&recp,&b,ctx);
1518 if(errno==ENOMEM)
1519 {
1520 return 0;
1521 }
1523 BN_div_recp(&d,&c,&a,&recp,ctx);
1524 if(errno==ENOMEM)
1525 {
1526 return 0;
1527 }
1529 if (bp != NULL)
1530 {
1531 if (!results)
1532 {
1533 BN_print(bp,&a);
1534 if(errno==ENOMEM)
1535 {
1536 return 0;
1537 }
1539 BIO_puts(bp," / ");
1540 if(errno==ENOMEM)
1541 {
1542 return 0;
1543 }
1545 BN_print(bp,&b);
1546 if(errno==ENOMEM)
1547 {
1548 return 0;
1549 }
1551 BIO_puts(bp," - ");
1552 if(errno==ENOMEM)
1553 {
1554 return 0;
1555 }
1557 }
1558 BN_print(bp,&d);
1559 if(errno==ENOMEM)
1560 {
1561 return 0;
1562 }
1564 BIO_puts(bp,"\n");
1565 if(errno==ENOMEM)
1566 {
1567 return 0;
1568 }
1571 if (!results)
1572 {
1573 BN_print(bp,&a);
1574 if(errno==ENOMEM)
1575 {
1576 return 0;
1577 }
1579 BIO_puts(bp," % ");
1580 if(errno==ENOMEM)
1581 {
1582 return 0;
1583 }
1585 BN_print(bp,&b);
1586 if(errno==ENOMEM)
1587 {
1588 return 0;
1589 }
1590 BIO_puts(bp," - ");
1591 if(errno==ENOMEM)
1592 {
1593 return 0;
1594 }
1596 }
1597 BN_print(bp,&c);
1598 if(errno==ENOMEM)
1599 {
1600 return 0;
1601 }
1603 BIO_puts(bp,"\n");
1604 if(errno==ENOMEM)
1605 {
1606 return 0;
1607 }
1609 }
1610 BN_mul(&e,&d,&b,ctx);
1611 if(errno==ENOMEM)
1612 {
1613 return 0;
1614 }
1616 BN_add(&d,&e,&c);
1617 if(errno==ENOMEM)
1618 {
1619 return 0;
1620 }
1622 BN_sub(&d,&d,&a);
1623 if(errno==ENOMEM)
1624 {
1625 return 0;
1626 }
1628 if(!BN_is_zero(&d))
1629 {
1630 if(errno==ENOMEM)
1631 {
1632 return 0;
1633 }
1634 fprintf(stderr,"Reciprocal division test failed!\n");
1635 fprintf(stderr,"a=");
1636 BN_print_fp(stderr,&a);
1637 if(errno==ENOMEM)
1638 {
1639 return 0;
1640 }
1642 fprintf(stderr,"\nb=");
1643 BN_print_fp(stderr,&b);
1644 if(errno==ENOMEM)
1645 {
1646 return 0;
1647 }
1649 fprintf(stderr,"\n");
1650 return 0;
1651 }
1652 }
1653 BN_free(&a);
1654 if(errno==ENOMEM)
1655 {
1656 return 0;
1657 }
1658 BN_free(&b);
1659 if(errno==ENOMEM)
1660 {
1661 return 0;
1662 }
1664 BN_free(&c);
1665 if(errno==ENOMEM)
1666 {
1667 return 0;
1668 }
1670 BN_free(&d);
1671 if(errno==ENOMEM)
1672 {
1673 return 0;
1674 }
1676 BN_free(&e);
1677 if(errno==ENOMEM)
1678 {
1679 return 0;
1680 }
1682 BN_RECP_CTX_free(&recp);
1683 if(errno==ENOMEM)
1684 {
1685 return 0;
1686 }
1688 return(1);
1689 }
1691 int test_mul(BIO *bp)
1692 {
1693 BIGNUM a,b,c,d,e;
1694 int i;
1695 BN_CTX *ctx;
1697 ctx = BN_CTX_new();
1698 if (ctx == NULL)
1699 return 1;
1701 BN_init(&a);
1702 if(errno==ENOMEM)
1703 {
1704 return 0;
1705 }
1706 BN_init(&b);
1707 if(errno==ENOMEM)
1708 {
1709 return 0;
1710 }
1711 BN_init(&c);
1712 if(errno==ENOMEM)
1713 {
1714 return 0;
1715 }
1716 BN_init(&d);
1717 if(errno==ENOMEM)
1718 {
1719 return 0;
1720 }
1721 BN_init(&e);
1722 if(errno==ENOMEM)
1723 {
1724 return 0;
1725 }
1727 for (i=0; i<num0+num1; i++)
1728 {
1729 if (i <= num1)
1730 {
1731 BN_bntest_rand(&a,100,0,0);
1732 if(errno==ENOMEM)
1733 {
1734 return 0;
1735 }
1736 BN_bntest_rand(&b,100,0,0);
1737 if(errno==ENOMEM)
1738 {
1739 return 0;
1740 }
1741 }
1742 else
1743 BN_bntest_rand(&b,i-num1,0,0);
1744 if(errno==ENOMEM)
1745 {
1746 return 0;
1747 }
1748 a.neg=rand_neg();
1749 if(errno==ENOMEM)
1750 {
1751 return 0;
1752 }
1753 b.neg=rand_neg();
1754 if(errno==ENOMEM)
1755 {
1756 return 0;
1757 }
1758 BN_mul(&c,&a,&b,ctx);
1759 if(errno==ENOMEM)
1760 {
1761 return 0;
1762 }
1763 if (bp != NULL)
1764 {
1765 if (!results)
1766 {
1767 BN_print(bp,&a);
1768 if(errno==ENOMEM)
1769 {
1770 return 0;
1771 }
1772 BIO_puts(bp," * ");
1773 if(errno==ENOMEM)
1774 {
1775 return 0;
1776 }
1777 BN_print(bp,&b);
1778 if(errno==ENOMEM)
1779 {
1780 return 0;
1781 }
1782 BIO_puts(bp," - ");
1783 if(errno==ENOMEM)
1784 {
1785 return 0;
1786 }
1787 }
1788 BN_print(bp,&c);
1789 if(errno==ENOMEM)
1790 {
1791 return 0;
1792 }
1793 BIO_puts(bp,"\n");
1794 if(errno==ENOMEM)
1795 {
1796 return 0;
1797 }
1798 }
1799 BN_div(&d,&e,&c,&a,ctx);
1800 if(errno==ENOMEM)
1801 {
1802 return 0;
1803 }
1804 BN_sub(&d,&d,&b);
1805 if(errno==ENOMEM)
1806 {
1807 return 0;
1808 }
1809 if(!BN_is_zero(&d) || !BN_is_zero(&e))
1810 {
1811 if(errno==ENOMEM)
1812 {
1813 return 0;
1814 }
1815 fprintf(stderr,"Multiplication test failed!\n");
1816 return 0;
1817 }
1818 }
1819 BN_free(&a);
1820 if(errno==ENOMEM)
1821 {
1822 return 0;
1823 }
1824 BN_free(&b);
1825 if(errno==ENOMEM)
1826 {
1827 return 0;
1828 }
1829 BN_free(&c);
1830 if(errno==ENOMEM)
1831 {
1832 return 0;
1833 }
1834 BN_free(&d);
1835 if(errno==ENOMEM)
1836 {
1837 return 0;
1838 }
1839 BN_free(&e);
1840 if(errno==ENOMEM)
1841 {
1842 return 0;
1843 }
1844 BN_CTX_free(ctx);
1845 if(errno==ENOMEM)
1846 {
1847 return 0;
1848 }
1849 return(1);
1850 }
1852 int test_sqr(BIO *bp, BN_CTX *ctx)
1853 {
1854 BIGNUM a,c,d,e;
1855 int i;
1857 BN_init(&a);
1858 if(errno==ENOMEM)
1859 {
1860 return 0;
1861 }
1862 BN_init(&c);
1863 if(errno==ENOMEM)
1864 {
1865 return 0;
1866 }
1867 BN_init(&d);
1868 if(errno==ENOMEM)
1869 {
1870 return 0;
1871 }
1872 BN_init(&e);
1873 if(errno==ENOMEM)
1874 {
1875 return 0;
1876 }
1878 for (i=0; i<num0; i++)
1879 {
1880 BN_bntest_rand(&a,40+i*10,0,0);
1881 if(errno==ENOMEM)
1882 {
1883 return 0;
1884 }
1885 a.neg=rand_neg();
1886 if(errno==ENOMEM)
1887 {
1888 return 0;
1889 }
1890 BN_sqr(&c,&a,ctx);
1891 if(errno==ENOMEM)
1892 {
1893 return 0;
1894 }
1895 if (bp != NULL)
1896 {
1897 if (!results)
1898 {
1899 BN_print(bp,&a);
1900 if(errno==ENOMEM)
1901 {
1902 return 0;
1903 }
1904 BIO_puts(bp," * ");
1905 if(errno==ENOMEM)
1906 {
1907 return 0;
1908 }
1909 BN_print(bp,&a);
1910 if(errno==ENOMEM)
1911 {
1912 return 0;
1913 }
1914 BIO_puts(bp," - ");
1915 if(errno==ENOMEM)
1916 {
1917 return 0;
1918 }
1919 }
1920 BN_print(bp,&c);
1921 if(errno==ENOMEM)
1922 {
1923 return 0;
1924 }
1925 BIO_puts(bp,"\n");
1926 if(errno==ENOMEM)
1927 {
1928 return 0;
1929 }
1930 }
1931 BN_div(&d,&e,&c,&a,ctx);
1932 if(errno==ENOMEM)
1933 {
1934 return 0;
1935 }
1936 BN_sub(&d,&d,&a);
1937 if(errno==ENOMEM)
1938 {
1939 return 0;
1940 }
1941 if(!BN_is_zero(&d) || !BN_is_zero(&e))
1942 {
1943 if(errno==ENOMEM)
1944 {
1945 return 0;
1946 }
1947 fprintf(stderr,"Square test failed!\n");
1948 return 0;
1949 }
1950 }
1951 BN_free(&a);
1952 if(errno==ENOMEM)
1953 {
1954 return 0;
1955 }
1956 BN_free(&c);
1957 if(errno==ENOMEM)
1958 {
1959 return 0;
1960 }
1961 BN_free(&d);
1962 if(errno==ENOMEM)
1963 {
1964 return 0;
1965 }
1966 BN_free(&e);
1967 if(errno==ENOMEM)
1968 {
1969 return 0;
1970 }
1971 return(1);
1972 }
1974 int test_mont(BIO *bp, BN_CTX *ctx)
1975 {
1976 BIGNUM a,b,c,d,A,B;
1977 BIGNUM n;
1978 int i;
1979 BN_MONT_CTX *mont;
1981 BN_init(&a);
1982 if(errno==ENOMEM)
1983 {
1984 return 0;
1985 }
1986 BN_init(&b);
1987 if(errno==ENOMEM)
1988 {
1989 return 0;
1990 }
1991 BN_init(&c);
1992 if(errno==ENOMEM)
1993 {
1994 return 0;
1995 }
1996 BN_init(&d);
1997 if(errno==ENOMEM)
1998 {
1999 return 0;
2000 }
2001 BN_init(&A);
2002 if(errno==ENOMEM)
2003 {
2004 return 0;
2005 }
2006 BN_init(&B);
2007 if(errno==ENOMEM)
2008 {
2009 return 0;
2010 }
2011 BN_init(&n);
2012 if(errno==ENOMEM)
2013 {
2014 return 0;
2015 }
2017 mont=BN_MONT_CTX_new();
2018 if(errno==ENOMEM)
2019 {
2020 return 0;
2021 }
2023 BN_bntest_rand(&a,100,0,0); /**/
2024 if(errno==ENOMEM)
2025 {
2026 return 0;
2027 }
2028 BN_bntest_rand(&b,100,0,0); /**/
2029 if(errno==ENOMEM)
2030 {
2031 return 0;
2032 }
2033 for (i=0; i<num2; i++)
2034 {
2035 int bits = (200*(i+1))/num2;
2037 if (bits == 0)
2038 continue;
2039 BN_bntest_rand(&n,bits,0,1);
2040 if(errno==ENOMEM)
2041 {
2042 return 0;
2043 }
2044 BN_MONT_CTX_set(mont,&n,ctx);
2045 if(errno==ENOMEM)
2046 {
2047 return 0;
2048 }
2050 BN_nnmod(&a,&a,&n,ctx);
2051 if(errno==ENOMEM)
2052 {
2053 return 0;
2054 }
2055 BN_nnmod(&b,&b,&n,ctx);
2056 if(errno==ENOMEM)
2057 {
2058 return 0;
2059 }
2061 BN_to_montgomery(&A,&a,mont,ctx);
2062 if(errno==ENOMEM)
2063 {
2064 return 0;
2065 }
2066 BN_to_montgomery(&B,&b,mont,ctx);
2067 if(errno==ENOMEM)
2068 {
2069 return 0;
2070 }
2072 BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
2073 if(errno==ENOMEM)
2074 {
2075 return 0;
2076 }
2077 BN_from_montgomery(&A,&c,mont,ctx);/**/
2078 if(errno==ENOMEM)
2079 {
2080 return 0;
2081 }
2082 if (bp != NULL)
2083 {
2084 if (!results)
2085 {
2086 #ifdef undef
2087 fprintf(stderr,"%d * %d %% %d\n",
2088 BN_num_bits(&a),
2089 BN_num_bits(&b),
2090 BN_num_bits(mont->N));
2091 #endif
2092 BN_print(bp,&a);
2093 if(errno==ENOMEM)
2094 {
2095 return 0;
2096 }
2097 BIO_puts(bp," * ");
2098 if(errno==ENOMEM)
2099 {
2100 return 0;
2101 }
2102 BN_print(bp,&b);
2103 if(errno==ENOMEM)
2104 {
2105 return 0;
2106 }
2107 BIO_puts(bp," % ");
2108 if(errno==ENOMEM)
2109 {
2110 return 0;
2111 }
2112 BN_print(bp,&(mont->N));
2113 if(errno==ENOMEM)
2114 {
2115 return 0;
2116 }
2117 BIO_puts(bp," - ");
2118 if(errno==ENOMEM)
2119 {
2120 return 0;
2121 }
2122 }
2123 BN_print(bp,&A);
2124 if(errno==ENOMEM)
2125 {
2126 return 0;
2127 }
2128 BIO_puts(bp,"\n");
2129 if(errno==ENOMEM)
2130 {
2131 return 0;
2132 }
2133 }
2134 BN_mod_mul(&d,&a,&b,&n,ctx);
2135 if(errno==ENOMEM)
2136 {
2137 return 0;
2138 }
2139 BN_sub(&d,&d,&A);
2140 if(errno==ENOMEM)
2141 {
2142 return 0;
2143 }
2144 if(!BN_is_zero(&d))
2145 {
2146 if(errno==ENOMEM)
2147 {
2148 return 0;
2149 }
2150 fprintf(stderr,"Montgomery multiplication test failed!\n");
2151 return 0;
2152 }
2153 }
2154 BN_MONT_CTX_free(mont);
2155 if(errno==ENOMEM)
2156 {
2157 return 0;
2158 }
2159 BN_free(&a);
2160 if(errno==ENOMEM)
2161 {
2162 return 0;
2163 }
2164 BN_free(&b);
2165 if(errno==ENOMEM)
2166 {
2167 return 0;
2168 }
2169 BN_free(&c);
2170 if(errno==ENOMEM)
2171 {
2172 return 0;
2173 }
2174 BN_free(&d);
2175 if(errno==ENOMEM)
2176 {
2177 return 0;
2178 }
2179 BN_free(&A);
2180 if(errno==ENOMEM)
2181 {
2182 return 0;
2183 }
2184 BN_free(&B);
2185 if(errno==ENOMEM)
2186 {
2187 return 0;
2188 }
2189 BN_free(&n);
2190 if(errno==ENOMEM)
2191 {
2192 return 0;
2193 }
2194 return(1);
2195 }
2197 int test_mod(BIO *bp, BN_CTX *ctx)
2198 {
2199 BIGNUM *a,*b,*c,*d,*e;
2200 int i;
2202 a=BN_new();
2203 if(errno==ENOMEM)
2204 {
2205 return 0;
2206 }
2207 b=BN_new();
2208 if(errno==ENOMEM)
2209 {
2210 return 0;
2211 }
2212 c=BN_new();
2213 if(errno==ENOMEM)
2214 {
2215 return 0;
2216 }
2217 d=BN_new();
2218 if(errno==ENOMEM)
2219 {
2220 return 0;
2221 }
2222 e=BN_new();
2223 if(errno==ENOMEM)
2224 {
2225 return 0;
2226 }
2228 BN_bntest_rand(a,1024,0,0); /**/
2229 if(errno==ENOMEM)
2230 {
2231 return 0;
2232 }
2233 for (i=0; i<num0; i++)
2234 {
2235 BN_bntest_rand(b,450+i*10,0,0); /**/
2236 if(errno==ENOMEM)
2237 {
2238 return 0;
2239 }
2240 a->neg=rand_neg();
2241 if(errno==ENOMEM)
2242 {
2243 return 0;
2244 }
2245 b->neg=rand_neg();
2246 if(errno==ENOMEM)
2247 {
2248 return 0;
2249 }
2250 BN_mod(c,a,b,ctx);/**/
2251 if(errno==ENOMEM)
2252 {
2253 return 0;
2254 }
2255 if (bp != NULL)
2256 {
2257 if (!results)
2258 {
2259 BN_print(bp,a);
2260 if(errno==ENOMEM)
2261 {
2262 return 0;
2263 }
2264 BIO_puts(bp," % ");
2265 if(errno==ENOMEM)
2266 {
2267 return 0;
2268 }
2269 BN_print(bp,b);
2270 if(errno==ENOMEM)
2271 {
2272 return 0;
2273 }
2274 BIO_puts(bp," - ");
2275 if(errno==ENOMEM)
2276 {
2277 return 0;
2278 }
2279 }
2280 BN_print(bp,c);
2281 if(errno==ENOMEM)
2282 {
2283 return 0;
2284 }
2285 BIO_puts(bp,"\n");
2286 if(errno==ENOMEM)
2287 {
2288 return 0;
2289 }
2290 }
2291 BN_div(d,e,a,b,ctx);
2292 if(errno==ENOMEM)
2293 {
2294 return 0;
2295 }
2296 BN_sub(e,e,c);
2297 if(errno==ENOMEM)
2298 {
2299 return 0;
2300 }
2301 if(!BN_is_zero(e))
2302 {
2303 if(errno==ENOMEM)
2304 {
2305 return 0;
2306 }
2307 fprintf(stderr,"Modulo test failed!\n");
2308 return 0;
2309 }
2310 }
2311 BN_free(a);
2312 if(errno==ENOMEM)
2313 {
2314 return 0;
2315 }
2316 BN_free(b);
2317 if(errno==ENOMEM)
2318 {
2319 return 0;
2320 }
2321 BN_free(c);
2322 if(errno==ENOMEM)
2323 {
2324 return 0;
2325 }
2326 BN_free(d);
2327 if(errno==ENOMEM)
2328 {
2329 return 0;
2330 }
2331 BN_free(e);
2332 if(errno==ENOMEM)
2333 {
2334 return 0;
2335 }
2336 return(1);
2337 }
2339 int test_mod_mul(BIO *bp, BN_CTX *ctx)
2340 {
2341 BIGNUM *a,*b,*c,*d,*e;
2342 int i,j;
2343 unsigned long l;
2345 a=BN_new();
2346 if(errno==ENOMEM)
2347 {
2348 return 0;
2349 }
2350 b=BN_new();
2351 if(errno==ENOMEM)
2352 {
2353 return 0;
2354 }
2355 c=BN_new();
2356 if(errno==ENOMEM)
2357 {
2358 return 0;
2359 }
2360 d=BN_new();
2361 if(errno==ENOMEM)
2362 {
2363 return 0;
2364 }
2365 e=BN_new();
2366 if(errno==ENOMEM)
2367 {
2368 return 0;
2369 }
2371 for (j=0; j<3; j++) {
2372 BN_bntest_rand(c,1024,0,0); /**/
2373 if(errno==ENOMEM)
2374 {
2375 return 0;
2376 }
2377 for (i=0; i<num0; i++)
2378 {
2379 BN_bntest_rand(a,475+i*10,0,0); /**/
2380 if(errno==ENOMEM)
2381 {
2382 return 0;
2383 }
2384 BN_bntest_rand(b,425+i*11,0,0); /**/
2385 if(errno==ENOMEM)
2386 {
2387 return 0;
2388 }
2389 a->neg=rand_neg();
2390 if(errno==ENOMEM)
2391 {
2392 return 0;
2393 }
2394 b->neg=rand_neg();
2395 if(errno==ENOMEM)
2396 {
2397 return 0;
2398 }
2399 if (!BN_mod_mul(e,a,b,c,ctx))
2400 {
2401 if(errno==ENOMEM)
2402 {
2403 return 0;
2404 }
2407 while ((l=ERR_get_error()))
2408 fprintf(stderr,"ERROR:%s\n",
2409 ERR_error_string(l,NULL));
2410 return 1;
2411 if(errno==ENOMEM)
2412 {
2413 return 0;
2414 }
2415 }
2416 if (bp != NULL)
2417 {
2418 if (!results)
2419 {
2420 BN_print(bp,a);
2421 if(errno==ENOMEM)
2422 {
2423 return 0;
2424 }
2425 BIO_puts(bp," * ");
2426 if(errno==ENOMEM)
2427 {
2428 return 0;
2429 }
2430 BN_print(bp,b);
2431 if(errno==ENOMEM)
2432 {
2433 return 0;
2434 }
2435 BIO_puts(bp," % ");
2436 if(errno==ENOMEM)
2437 {
2438 return 0;
2439 }
2440 BN_print(bp,c);
2441 if(errno==ENOMEM)
2442 {
2443 return 0;
2444 }
2445 if ((a->neg ^ b->neg) && !BN_is_zero(e))
2446 {
2447 /* If (a*b) % c is negative, c must be added
2448 * in order to obtain the normalized remainder
2449 * (new with OpenSSL 0.9.7, previous versions of
2450 * BN_mod_mul could generate negative results)
2451 */
2452 if(errno==ENOMEM)
2453 {
2454 return 0;
2455 }
2456 BIO_puts(bp," + ");
2457 if(errno==ENOMEM)
2458 {
2459 return 0;
2460 }
2461 BN_print(bp,c);
2462 if(errno==ENOMEM)
2463 {
2464 return 0;
2465 }
2466 }
2467 BIO_puts(bp," - ");
2468 if(errno==ENOMEM)
2469 {
2470 return 0;
2471 }
2472 }
2473 BN_print(bp,e);
2474 if(errno==ENOMEM)
2475 {
2476 return 0;
2477 }
2478 BIO_puts(bp,"\n");
2479 if(errno==ENOMEM)
2480 {
2481 return 0;
2482 }
2483 }
2484 BN_mul(d,a,b,ctx);
2485 if(errno==ENOMEM)
2486 return 0;
2487 BN_sub(d,d,e);
2488 if(errno==ENOMEM)
2489 return 0;
2490 BN_div(a,b,d,c,ctx);
2491 if(errno==ENOMEM)
2492 return 0;
2493 if(!BN_is_zero(b))
2494 {
2495 if(errno==ENOMEM)
2496 return 0;
2497 fprintf(stderr,"Modulo multiply test failed!\n");
2498 ERR_print_errors_fp(stderr);
2499 if(errno==ENOMEM)
2500 return 0;
2501 return 0;
2502 }
2503 }
2504 }
2505 BN_free(a);
2506 if(errno==ENOMEM)
2507 return 0;
2508 BN_free(b);
2509 if(errno==ENOMEM)
2510 return 0;
2511 BN_free(c);
2512 if(errno==ENOMEM)
2513 return 0;
2514 BN_free(d);
2515 if(errno==ENOMEM)
2516 return 0;
2517 BN_free(e);
2518 if(errno==ENOMEM)
2519 return 0;
2520 return(1);
2521 }
2523 int test_mod_exp(BIO *bp, BN_CTX *ctx)
2524 {
2525 BIGNUM *a,*b,*c,*d,*e;
2526 int i;
2528 a=BN_new();
2529 if(errno==ENOMEM)
2530 return 0;
2531 b=BN_new();
2532 if(errno==ENOMEM)
2533 return 0;
2534 c=BN_new();
2535 if(errno==ENOMEM)
2536 return 0;
2537 d=BN_new();
2538 if(errno==ENOMEM)
2539 return 0;
2540 e=BN_new();
2541 if(errno==ENOMEM)
2542 return 0;
2544 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
2545 if(errno==ENOMEM)
2546 return 0;
2547 for (i=0; i<num2; i++)
2548 {
2549 BN_bntest_rand(a,20+i*5,0,0); /**/
2550 if(errno==ENOMEM)
2551 return 0;
2552 BN_bntest_rand(b,2+i,0,0); /**/
2553 if(errno==ENOMEM)
2554 return 0;
2556 if (!BN_mod_exp(d,a,b,c,ctx))
2557 {
2558 if(errno==ENOMEM)
2559 return 0;
2560 return(00);
2561 }
2563 if (bp != NULL)
2564 {
2565 if (!results)
2566 {
2567 BN_print(bp,a);
2568 if(errno==ENOMEM)
2569 return 0;
2570 BIO_puts(bp," ^ ");
2571 if(errno==ENOMEM)
2572 return 0;
2573 BN_print(bp,b);
2574 if(errno==ENOMEM)
2575 return 0;
2576 BIO_puts(bp," % ");
2577 if(errno==ENOMEM)
2578 return 0;
2579 BN_print(bp,c);
2580 if(errno==ENOMEM)
2581 return 0;
2582 BIO_puts(bp," - ");
2583 if(errno==ENOMEM)
2584 return 0;
2585 }
2586 BN_print(bp,d);
2587 if(errno==ENOMEM)
2588 return 0;
2589 BIO_puts(bp,"\n");
2590 if(errno==ENOMEM)
2591 return 0;
2592 }
2593 BN_exp(e,a,b,ctx);
2594 if(errno==ENOMEM)
2595 return 0;
2596 BN_sub(e,e,d);
2597 if(errno==ENOMEM)
2598 return 0;
2599 BN_div(a,b,e,c,ctx);
2600 if(errno==ENOMEM)
2601 return 0;
2602 if(!BN_is_zero(b))
2603 {
2604 if(errno==ENOMEM)
2605 return 0;
2606 fprintf(stderr,"Modulo exponentiation test failed!\n");
2607 return 0;
2608 }
2609 }
2610 BN_free(a);
2611 if(errno==ENOMEM)
2612 return 0;
2613 BN_free(b);
2614 if(errno==ENOMEM)
2615 return 0;
2616 BN_free(c);
2617 if(errno==ENOMEM)
2618 return 0;
2619 BN_free(d);
2620 if(errno==ENOMEM)
2621 return 0;
2622 BN_free(e);
2623 if(errno==ENOMEM)
2624 return 0;
2625 return(1);
2626 }
2628 int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
2629 {
2630 BIGNUM *a,*b,*c,*d,*e;
2631 int i;
2633 a=BN_new();
2634 if(errno==ENOMEM)
2635 return 0;
2636 b=BN_new();
2637 if(errno==ENOMEM)
2638 return 0;
2639 c=BN_new();
2640 if(errno==ENOMEM)
2641 return 0;
2642 d=BN_new();
2643 if(errno==ENOMEM)
2644 return 0;
2645 e=BN_new();
2646 if(errno==ENOMEM)
2647 return 0;
2649 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
2650 if(errno==ENOMEM)
2651 return 0;
2652 for (i=0; i<num2; i++)
2653 {
2654 BN_bntest_rand(a,20+i*5,0,0); /**/
2655 if(errno==ENOMEM)
2656 return 0;
2657 BN_bntest_rand(b,2+i,0,0); /**/
2658 if(errno==ENOMEM)
2659 return 0;
2661 if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
2662 {
2664 if(errno==ENOMEM)
2665 return 0;
2666 return(00);
2667 }
2668 if (bp != NULL)
2669 {
2670 if (!results)
2671 {
2672 BN_print(bp,a);
2673 if(errno==ENOMEM)
2674 return 0;
2675 BIO_puts(bp," ^ ");
2676 if(errno==ENOMEM)
2677 return 0;
2678 BN_print(bp,b);
2679 if(errno==ENOMEM)
2680 return 0;
2681 BIO_puts(bp," % ");
2682 if(errno==ENOMEM)
2683 return 0;
2684 BN_print(bp,c);
2685 if(errno==ENOMEM)
2686 return 0;
2687 BIO_puts(bp," - ");
2688 if(errno==ENOMEM)
2689 return 0;
2690 }
2691 BN_print(bp,d);
2692 if(errno==ENOMEM)
2693 return 0;
2694 BIO_puts(bp,"\n");
2695 if(errno==ENOMEM)
2696 return 0;
2697 }
2698 BN_exp(e,a,b,ctx);
2699 if(errno==ENOMEM)
2700 return 0;
2701 BN_sub(e,e,d);
2702 if(errno==ENOMEM)
2703 return 0;
2704 BN_div(a,b,e,c,ctx);
2705 if(errno==ENOMEM)
2706 return 0;
2707 if(!BN_is_zero(b))
2708 {
2710 if(errno==ENOMEM)
2711 return 0;
2712 fprintf(stderr,"Modulo exponentiation test failed!\n");
2713 return 0;
2714 }
2715 }
2716 BN_free(a);
2717 if(errno==ENOMEM)
2718 return 0;
2719 BN_free(b);
2720 if(errno==ENOMEM)
2721 return 0;
2722 BN_free(c);
2723 if(errno==ENOMEM)
2724 return 0;
2725 BN_free(d);
2726 if(errno==ENOMEM)
2727 return 0;
2728 BN_free(e);
2729 if(errno==ENOMEM)
2730 return 0;
2731 return(1);
2732 }
2734 int test_exp(BIO *bp, BN_CTX *ctx)
2735 {
2736 BIGNUM *a,*b,*d,*e,*one;
2737 int i;
2739 a=BN_new();
2740 if(errno==ENOMEM)
2741 return 0;
2742 b=BN_new();
2743 if(errno==ENOMEM)
2744 return 0;
2745 d=BN_new();
2746 if(errno==ENOMEM)
2747 return 0;
2748 e=BN_new();
2749 if(errno==ENOMEM)
2750 return 0;
2751 one=BN_new();
2752 if(errno==ENOMEM)
2753 return 0;
2754 BN_one(one);
2755 if(errno==ENOMEM)
2756 return 0;
2758 for (i=0; i<num2; i++)
2759 {
2760 BN_bntest_rand(a,20+i*5,0,0); /**/
2761 if(errno==ENOMEM)
2762 return 0;
2763 BN_bntest_rand(b,2+i,0,0); /**/
2764 if(errno==ENOMEM)
2765 return 0;
2767 if (!BN_exp(d,a,b,ctx))
2768 {
2770 if(errno==ENOMEM)
2771 return 0;
2772 return(00);
2773 }
2774 if (bp != NULL)
2775 {
2776 if (!results)
2777 {
2778 BN_print(bp,a);
2779 if(errno==ENOMEM)
2780 return 0;
2781 BIO_puts(bp," ^ ");
2782 if(errno==ENOMEM)
2783 return 0;
2784 BN_print(bp,b);
2785 if(errno==ENOMEM)
2786 return 0;
2787 BIO_puts(bp," - ");
2788 if(errno==ENOMEM)
2789 return 0;
2790 }
2791 BN_print(bp,d);
2792 if(errno==ENOMEM)
2793 return 0;
2794 BIO_puts(bp,"\n");
2795 if(errno==ENOMEM)
2796 return 0;
2797 }
2798 BN_one(e);
2799 if(errno==ENOMEM)
2800 return 0;
2801 for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
2802 {
2803 if(errno==ENOMEM)
2804 return 0;
2805 BN_mul(e,e,a,ctx);
2806 if(errno==ENOMEM)
2807 return 0;
2808 }
2809 BN_sub(e,e,d);
2810 if(errno==ENOMEM)
2811 return 0;
2812 if(!BN_is_zero(e))
2813 {
2814 if(errno==ENOMEM)
2815 return 0;
2816 fprintf(stderr,"Exponentiation test failed!\n");
2817 return 0;
2818 }
2819 }
2820 BN_free(a);
2821 if(errno==ENOMEM)
2822 return 0;
2823 BN_free(b);
2824 if(errno==ENOMEM)
2825 return 0;
2826 BN_free(d);
2827 if(errno==ENOMEM)
2828 return 0;
2829 BN_free(e);
2830 if(errno==ENOMEM)
2831 return 0;
2832 BN_free(one);
2833 if(errno==ENOMEM)
2834 return 0;
2835 return(1);
2836 }
2838 int test_gf2m_add(BIO *bp)
2839 {
2840 BIGNUM a,b,c;
2841 int i, ret = 0;
2843 BN_init(&a);
2844 if(errno==ENOMEM)
2845 return 0;
2846 BN_init(&b);
2847 if(errno==ENOMEM)
2848 return 0;
2849 BN_init(&c);
2850 if(errno==ENOMEM)
2851 return 0;
2853 for (i=0; i<num0; i++)
2854 {
2855 BN_rand(&a,512,0,0);
2856 if(errno==ENOMEM)
2857 return 0;
2858 BN_copy(&b, BN_value_one());
2859 if(errno==ENOMEM)
2860 return 0;
2861 a.neg=rand_neg();
2862 if(errno==ENOMEM)
2863 return 0;
2864 b.neg=rand_neg();
2865 if(errno==ENOMEM)
2866 return 0;
2867 BN_GF2m_add(&c,&a,&b);
2868 if(errno==ENOMEM)
2869 return 0;
2870 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
2871 if (bp != NULL)
2872 {
2873 if (!results)
2874 {
2875 BN_print(bp,&a);
2876 if(errno==ENOMEM)
2877 return 0;
2878 BIO_puts(bp," ^ ");
2879 if(errno==ENOMEM)
2880 return 0;
2881 BN_print(bp,&b);
2882 if(errno==ENOMEM)
2883 return 0;
2884 BIO_puts(bp," = ");
2885 if(errno==ENOMEM)
2886 return 0;
2887 }
2888 BN_print(bp,&c);
2889 if(errno==ENOMEM)
2890 return 0;
2891 BIO_puts(bp,"\n");
2892 if(errno==ENOMEM)
2893 return 0;
2894 }
2895 #endif
2896 /* Test that two added values have the correct parity. */
2897 if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
2898 {
2900 if(errno==ENOMEM)
2901 return 0;
2902 fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
2903 goto err;
2904 }
2905 BN_GF2m_add(&c,&c,&c);
2906 if(errno==ENOMEM)
2907 return 0;
2908 /* Test that c + c = 0. */
2909 if(!BN_is_zero(&c))
2910 {
2912 if(errno==ENOMEM)
2913 return 0;
2914 fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
2915 goto err;
2916 }
2917 }
2918 ret = 1;
2919 err:
2920 BN_free(&a);
2921 if(errno==ENOMEM)
2922 return 0;
2923 BN_free(&b);
2924 if(errno==ENOMEM)
2925 return 0;
2926 BN_free(&c);
2927 if(errno==ENOMEM)
2928 return 0;
2929 return ret;
2930 }
2932 int test_gf2m_mod(BIO *bp)
2933 {
2934 BIGNUM *a,*b[2],*c,*d,*e;
2935 int i, j, ret = 0;
2936 unsigned int p0[] = {163,7,6,3,0};
2937 unsigned int p1[] = {193,15,0};
2939 a=BN_new();
2940 if(errno==ENOMEM)
2941 return 0;
2942 b[0]=BN_new();
2943 if(errno==ENOMEM)
2944 return 0;
2945 b[1]=BN_new();
2946 if(errno==ENOMEM)
2947 return 0;
2948 c=BN_new();
2949 if(errno==ENOMEM)
2950 return 0;
2951 d=BN_new();
2952 if(errno==ENOMEM)
2953 return 0;
2954 e=BN_new();
2955 if(errno==ENOMEM)
2956 return 0;
2958 BN_GF2m_arr2poly(p0, b[0]);
2959 if(errno==ENOMEM)
2960 return 0;
2961 BN_GF2m_arr2poly(p1, b[1]);
2962 if(errno==ENOMEM)
2963 return 0;
2965 for (i=0; i<num0; i++)
2966 {
2967 BN_bntest_rand(a, 1024, 0, 0);
2968 if(errno==ENOMEM)
2969 return 0;
2970 for (j=0; j < 2; j++)
2971 {
2972 BN_GF2m_mod(c, a, b[j]);
2973 if(errno==ENOMEM)
2974 return 0;
2975 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
2976 if (bp != NULL)
2977 {
2978 if (!results)
2979 {
2980 BN_print(bp,a);
2981 if(errno==ENOMEM)
2982 return 0;
2983 BIO_puts(bp," % ");
2984 if(errno==ENOMEM)
2985 return 0;
2986 BN_print(bp,b[j]);
2987 if(errno==ENOMEM)
2988 return 0;
2989 BIO_puts(bp," - ");
2990 if(errno==ENOMEM)
2991 return 0;
2992 BN_print(bp,c);
2993 if(errno==ENOMEM)
2994 return 0;
2995 BIO_puts(bp,"\n");
2996 if(errno==ENOMEM)
2997 return 0;
2998 }
2999 }
3000 #endif
3001 BN_GF2m_add(d, a, c);
3002 if(errno==ENOMEM)
3003 return 0;
3004 BN_GF2m_mod(e, d, b[j]);
3005 if(errno==ENOMEM)
3006 return 0;
3007 /* Test that a + (a mod p) mod p == 0. */
3008 if(!BN_is_zero(e))
3009 {
3010 if(errno==ENOMEM)
3011 return 0;
3012 fprintf(stderr,"GF(2^m) modulo test failed!\n");
3013 goto err;
3014 }
3015 }
3016 }
3017 ret = 1;
3018 err:
3019 BN_free(a);
3020 if(errno==ENOMEM)
3021 return 0;
3022 BN_free(b[0]);
3023 if(errno==ENOMEM)
3024 return 0;
3025 BN_free(b[1]);
3026 if(errno==ENOMEM)
3027 return 0;
3028 BN_free(c);
3029 if(errno==ENOMEM)
3030 return 0;
3031 BN_free(d);
3032 if(errno==ENOMEM)
3033 return 0;
3034 BN_free(e);
3035 if(errno==ENOMEM)
3036 return 0;
3037 return ret;
3038 }
3040 int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
3041 {
3042 BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
3043 int i, j, ret = 0;
3044 unsigned int p0[] = {163,7,6,3,0};
3045 unsigned int p1[] = {193,15,0};
3047 a=BN_new();
3048 if(errno==ENOMEM)
3049 return 0;
3050 b[0]=BN_new();
3051 if(errno==ENOMEM)
3052 return 0;
3053 b[1]=BN_new();
3054 if(errno==ENOMEM)
3055 return 0;
3056 c=BN_new();
3057 if(errno==ENOMEM)
3058 return 0;
3059 d=BN_new();
3060 if(errno==ENOMEM)
3061 return 0;
3062 e=BN_new();
3063 if(errno==ENOMEM)
3064 return 0;
3065 f=BN_new();
3066 if(errno==ENOMEM)
3067 return 0;
3068 g=BN_new();
3069 if(errno==ENOMEM)
3070 return 0;
3071 h=BN_new();
3072 if(errno==ENOMEM)
3073 return 0;
3075 BN_GF2m_arr2poly(p0, b[0]);
3076 if(errno==ENOMEM)
3077 return 0;
3078 BN_GF2m_arr2poly(p1, b[1]);
3079 if(errno==ENOMEM)
3080 return 0;
3082 for (i=0; i<num0; i++)
3083 {
3084 BN_bntest_rand(a, 1024, 0, 0);
3085 if(errno==ENOMEM)
3086 return 0;
3087 BN_bntest_rand(c, 1024, 0, 0);
3088 if(errno==ENOMEM)
3089 return 0;
3090 BN_bntest_rand(d, 1024, 0, 0);
3091 if(errno==ENOMEM)
3092 return 0;
3093 for (j=0; j < 2; j++)
3094 {
3095 BN_GF2m_mod_mul(e, a, c, b[j], ctx);
3096 if(errno==ENOMEM)
3097 return 0;
3098 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3099 if (bp != NULL)
3100 {
3101 if (!results)
3102 {
3103 BN_print(bp,a);
3104 if(errno==ENOMEM)
3105 return 0;
3106 BIO_puts(bp," * ");
3107 if(errno==ENOMEM)
3108 return 0;
3109 BN_print(bp,c);
3110 if(errno==ENOMEM)
3111 return 0;
3112 BIO_puts(bp," % ");
3113 if(errno==ENOMEM)
3114 return 0;
3115 BN_print(bp,b[j]);
3116 if(errno==ENOMEM)
3117 return 0;
3118 BIO_puts(bp," - ");
3119 if(errno==ENOMEM)
3120 return 0;
3121 BN_print(bp,e);
3122 if(errno==ENOMEM)
3123 return 0;
3124 BIO_puts(bp,"\n");
3125 if(errno==ENOMEM)
3126 return 0;
3127 }
3128 }
3129 #endif
3130 BN_GF2m_add(f, a, d);
3131 if(errno==ENOMEM)
3132 return 0;
3133 BN_GF2m_mod_mul(g, f, c, b[j], ctx);
3134 if(errno==ENOMEM)
3135 return 0;
3136 BN_GF2m_mod_mul(h, d, c, b[j], ctx);
3137 if(errno==ENOMEM)
3138 return 0;
3139 BN_GF2m_add(f, e, g);
3140 if(errno==ENOMEM)
3141 return 0;
3142 BN_GF2m_add(f, f, h);
3143 if(errno==ENOMEM)
3144 return 0;
3145 /* Test that (a+d)*c = a*c + d*c. */
3146 if(!BN_is_zero(f))
3147 {
3149 if(errno==ENOMEM)
3150 return 0;
3151 fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
3152 goto err;
3153 }
3154 }
3155 }
3156 ret = 1;
3157 err:
3158 BN_free(a);
3159 if(errno==ENOMEM)
3160 return 0;
3161 BN_free(b[0]);
3162 if(errno==ENOMEM)
3163 return 0;
3164 BN_free(b[1]);
3165 if(errno==ENOMEM)
3166 return 0;
3167 BN_free(c);
3168 if(errno==ENOMEM)
3169 return 0;
3170 BN_free(d);
3171 if(errno==ENOMEM)
3172 return 0;
3173 BN_free(e);
3174 if(errno==ENOMEM)
3175 return 0;
3176 BN_free(f);
3177 if(errno==ENOMEM)
3178 return 0;
3179 BN_free(g);
3180 if(errno==ENOMEM)
3181 return 0;
3182 BN_free(h);
3183 if(errno==ENOMEM)
3184 return 0;
3185 return ret;
3186 }
3188 int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
3189 {
3190 BIGNUM *a,*b[2],*c,*d;
3191 int i, j, ret = 0;
3192 unsigned int p0[] = {163,7,6,3,0};
3193 unsigned int p1[] = {193,15,0};
3195 a=BN_new();
3196 if(errno==ENOMEM)
3197 return 0;
3198 b[0]=BN_new();
3199 if(errno==ENOMEM)
3200 return 0;
3201 b[1]=BN_new();
3202 if(errno==ENOMEM)
3203 return 0;
3204 c=BN_new();
3205 if(errno==ENOMEM)
3206 return 0;
3207 d=BN_new();
3208 if(errno==ENOMEM)
3209 return 0;
3211 BN_GF2m_arr2poly(p0, b[0]);
3212 if(errno==ENOMEM)
3213 return 0;
3214 BN_GF2m_arr2poly(p1, b[1]);
3215 if(errno==ENOMEM)
3216 return 0;
3218 for (i=0; i<num0; i++)
3219 {
3220 BN_bntest_rand(a, 1024, 0, 0);
3221 if(errno==ENOMEM)
3222 return 0;
3223 for (j=0; j < 2; j++)
3224 {
3225 BN_GF2m_mod_sqr(c, a, b[j], ctx);
3226 if(errno==ENOMEM)
3227 return 0;
3228 BN_copy(d, a);
3229 if(errno==ENOMEM)
3230 return 0;
3231 BN_GF2m_mod_mul(d, a, d, b[j], ctx);
3232 if(errno==ENOMEM)
3233 return 0;
3234 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3235 if (bp != NULL)
3236 {
3237 if (!results)
3238 {
3239 BN_print(bp,a);
3240 if(errno==ENOMEM)
3241 return 0;
3242 BIO_puts(bp," ^ 2 % ");
3243 if(errno==ENOMEM)
3244 return 0;
3245 BN_print(bp,b[j]);
3246 if(errno==ENOMEM)
3247 return 0;
3248 BIO_puts(bp, " = ");
3249 if(errno==ENOMEM)
3250 return 0;
3251 BN_print(bp,c);
3252 if(errno==ENOMEM)
3253 return 0;
3254 BIO_puts(bp,"; a * a = ");
3255 if(errno==ENOMEM)
3256 return 0;
3257 BN_print(bp,d);
3258 if(errno==ENOMEM)
3259 return 0;
3260 BIO_puts(bp,"\n");
3261 if(errno==ENOMEM)
3262 return 0;
3263 }
3264 }
3265 #endif
3266 BN_GF2m_add(d, c, d);
3267 if(errno==ENOMEM)
3268 return 0;
3269 /* Test that a*a = a^2. */
3270 if(!BN_is_zero(d))
3271 {
3272 if(errno==ENOMEM)
3273 return 0;
3274 fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
3275 goto err;
3276 }
3277 }
3278 }
3279 ret = 1;
3280 err:
3281 BN_free(a);
3282 if(errno==ENOMEM)
3283 return 0;
3284 BN_free(b[0]);
3285 if(errno==ENOMEM)
3286 return 0;
3287 BN_free(b[1]);
3288 if(errno==ENOMEM)
3289 return 0;
3290 BN_free(c);
3291 if(errno==ENOMEM)
3292 return 0;
3293 BN_free(d);
3294 if(errno==ENOMEM)
3295 return 0;
3296 return ret;
3297 }
3299 int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
3300 {
3301 BIGNUM *a,*b[2],*c,*d;
3302 int i, j, ret = 0;
3303 unsigned int p0[] = {163,7,6,3,0};
3304 unsigned int p1[] = {193,15,0};
3306 a=BN_new();
3307 if(errno==ENOMEM)
3308 return 0;
3309 b[0]=BN_new();
3310 if(errno==ENOMEM)
3311 return 0;
3312 b[1]=BN_new();
3313 if(errno==ENOMEM)
3314 return 0;
3315 c=BN_new();
3316 if(errno==ENOMEM)
3317 return 0;
3318 d=BN_new();
3319 if(errno==ENOMEM)
3320 return 0;
3322 BN_GF2m_arr2poly(p0, b[0]);
3323 if(errno==ENOMEM)
3324 return 0;
3325 BN_GF2m_arr2poly(p1, b[1]);
3326 if(errno==ENOMEM)
3327 return 0;
3329 for (i=0; i<num0; i++)
3330 {
3331 BN_bntest_rand(a, 512, 0, 0);
3332 for (j=0; j < 2; j++)
3333 {
3334 BN_GF2m_mod_inv(c, a, b[j], ctx);
3335 if(errno==ENOMEM)
3336 return 0;
3337 BN_GF2m_mod_mul(d, a, c, b[j], ctx);
3338 if(errno==ENOMEM)
3339 return 0;
3340 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3341 if (bp != NULL)
3342 {
3343 if (!results)
3344 {
3345 BN_print(bp,a);
3346 if(errno==ENOMEM)
3347 return 0;
3348 BIO_puts(bp, " * ");
3349 if(errno==ENOMEM)
3350 return 0;
3351 BN_print(bp,c);
3352 if(errno==ENOMEM)
3353 return 0;
3354 BIO_puts(bp," - 1 % ");
3355 if(errno==ENOMEM)
3356 return 0;
3357 BN_print(bp,b[j]);
3358 if(errno==ENOMEM)
3359 return 0;
3360 BIO_puts(bp,"\n");
3361 if(errno==ENOMEM)
3362 return 0;
3363 }
3364 }
3365 #endif
3366 /* Test that ((1/a)*a) = 1. */
3367 if(!BN_is_one(d))
3368 {
3369 if(errno==ENOMEM)
3370 return 0;
3371 fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
3372 goto err;
3373 }
3374 }
3375 }
3376 ret = 1;
3377 err:
3378 BN_free(a);
3379 if(errno==ENOMEM)
3380 return 0;
3381 BN_free(b[0]);
3382 if(errno==ENOMEM)
3383 return 0;
3384 BN_free(b[1]);
3385 if(errno==ENOMEM)
3386 return 0;
3387 BN_free(c);
3388 if(errno==ENOMEM)
3389 return 0;
3390 BN_free(d);
3391 if(errno==ENOMEM)
3392 return 0;
3393 return ret;
3394 }
3396 int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
3397 {
3398 BIGNUM *a,*b[2],*c,*d,*e,*f;
3399 int i, j, ret = 0;
3400 unsigned int p0[] = {163,7,6,3,0};
3401 unsigned int p1[] = {193,15,0};
3403 a=BN_new();
3404 if(errno==ENOMEM)
3405 return 0;
3406 b[0]=BN_new();
3407 if(errno==ENOMEM)
3408 return 0;
3409 b[1]=BN_new();
3410 if(errno==ENOMEM)
3411 return 0;
3412 c=BN_new();
3413 if(errno==ENOMEM)
3414 return 0;
3415 d=BN_new();
3416 if(errno==ENOMEM)
3417 return 0;
3418 e=BN_new();
3419 if(errno==ENOMEM)
3420 return 0;
3421 f=BN_new();
3422 if(errno==ENOMEM)
3423 return 0;
3425 BN_GF2m_arr2poly(p0, b[0]);
3426 if(errno==ENOMEM)
3427 return 0;
3428 BN_GF2m_arr2poly(p1, b[1]);
3429 if(errno==ENOMEM)
3430 return 0;
3432 for (i=0; i<num0; i++)
3433 {
3434 BN_bntest_rand(a, 512, 0, 0);
3435 if(errno==ENOMEM)
3436 return 0;
3437 BN_bntest_rand(c, 512, 0, 0);
3438 if(errno==ENOMEM)
3439 return 0;
3440 for (j=0; j < 2; j++)
3441 {
3442 BN_GF2m_mod_div(d, a, c, b[j], ctx);
3443 if(errno==ENOMEM)
3444 return 0;
3445 BN_GF2m_mod_mul(e, d, c, b[j], ctx);
3446 if(errno==ENOMEM)
3447 return 0;
3448 BN_GF2m_mod_div(f, a, e, b[j], ctx);
3449 if(errno==ENOMEM)
3450 return 0;
3451 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3452 if (bp != NULL)
3453 {
3454 if (!results)
3455 {
3456 BN_print(bp,a);
3457 if(errno==ENOMEM)
3458 return 0;
3459 BIO_puts(bp, " = ");
3460 if(errno==ENOMEM)
3461 return 0;
3462 BN_print(bp,c);
3463 if(errno==ENOMEM)
3464 return 0;
3465 BIO_puts(bp," * ");
3466 if(errno==ENOMEM)
3467 return 0;
3468 BN_print(bp,d);
3469 BIO_puts(bp, " % ");
3470 if(errno==ENOMEM)
3471 return 0;
3472 BN_print(bp,b[j]);
3473 if(errno==ENOMEM)
3474 return 0;
3475 BIO_puts(bp,"\n");
3476 if(errno==ENOMEM)
3477 return 0;
3478 }
3479 }
3480 #endif
3481 /* Test that ((a/c)*c)/a = 1. */
3482 if(!BN_is_one(f))
3483 {
3485 if(errno==ENOMEM)
3486 return 0;
3487 fprintf(stderr,"GF(2^m) modular division test failed!\n");
3488 goto err;
3489 }
3490 }
3491 }
3492 ret = 1;
3493 err:
3494 BN_free(a);
3495 if(errno==ENOMEM)
3496 return 0;
3497 BN_free(b[0]);
3498 if(errno==ENOMEM)
3499 return 0;
3500 BN_free(b[1]);
3501 if(errno==ENOMEM)
3502 return 0;
3503 BN_free(c);
3504 if(errno==ENOMEM)
3505 return 0;
3506 BN_free(d);
3507 if(errno==ENOMEM)
3508 return 0;
3509 BN_free(e);
3510 if(errno==ENOMEM)
3511 return 0;
3512 BN_free(f);
3513 if(errno==ENOMEM)
3514 return 0;
3515 return ret;
3516 }
3518 int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
3519 {
3520 BIGNUM *a,*b[2],*c,*d,*e,*f;
3521 int i, j, ret = 0;
3522 unsigned int p0[] = {163,7,6,3,0};
3523 unsigned int p1[] = {193,15,0};
3525 a=BN_new();
3526 if(errno==ENOMEM)
3527 return 0;
3528 b[0]=BN_new();
3529 if(errno==ENOMEM)
3530 return 0;
3531 b[1]=BN_new();
3532 if(errno==ENOMEM)
3533 return 0;
3534 c=BN_new();
3535 if(errno==ENOMEM)
3536 return 0;
3537 d=BN_new();
3538 if(errno==ENOMEM)
3539 return 0;
3540 e=BN_new();
3541 if(errno==ENOMEM)
3542 return 0;
3543 f=BN_new();
3544 if(errno==ENOMEM)
3545 return 0;
3547 BN_GF2m_arr2poly(p0, b[0]);
3548 if(errno==ENOMEM)
3549 return 0;
3550 BN_GF2m_arr2poly(p1, b[1]);
3551 if(errno==ENOMEM)
3552 return 0;
3554 for (i=0; i<num0; i++)
3555 {
3556 BN_bntest_rand(a, 512, 0, 0);
3557 if(errno==ENOMEM)
3558 return 0;
3559 BN_bntest_rand(c, 512, 0, 0);
3560 if(errno==ENOMEM)
3561 return 0;
3562 BN_bntest_rand(d, 512, 0, 0);
3563 if(errno==ENOMEM)
3564 return 0;
3565 for (j=0; j < 2; j++)
3566 {
3567 BN_GF2m_mod_exp(e, a, c, b[j], ctx);
3568 if(errno==ENOMEM)
3569 return 0;
3570 BN_GF2m_mod_exp(f, a, d, b[j], ctx);
3571 if(errno==ENOMEM)
3572 return 0;
3573 BN_GF2m_mod_mul(e, e, f, b[j], ctx);
3574 if(errno==ENOMEM)
3575 return 0;
3576 BN_add(f, c, d);
3577 if(errno==ENOMEM)
3578 return 0;
3579 BN_GF2m_mod_exp(f, a, f, b[j], ctx);
3580 if(errno==ENOMEM)
3581 return 0;
3582 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3583 if (bp != NULL)
3584 {
3585 if (!results)
3586 {
3587 BN_print(bp,a);
3588 if(errno==ENOMEM)
3589 return 0;
3590 BIO_puts(bp, " ^ (");
3591 if(errno==ENOMEM)
3592 return 0;
3593 BN_print(bp,c);
3594 if(errno==ENOMEM)
3595 return 0;
3596 BIO_puts(bp," + ");
3597 if(errno==ENOMEM)
3598 return 0;
3599 BN_print(bp,d);
3600 if(errno==ENOMEM)
3601 return 0;
3602 BIO_puts(bp, ") = ");
3603 if(errno==ENOMEM)
3604 return 0;
3605 BN_print(bp,e);
3606 if(errno==ENOMEM)
3607 return 0;
3608 BIO_puts(bp, "; - ");
3609 if(errno==ENOMEM)
3610 return 0;
3611 BN_print(bp,f);
3612 if(errno==ENOMEM)
3613 return 0;
3614 BIO_puts(bp, " % ");
3615 if(errno==ENOMEM)
3616 return 0;
3617 BN_print(bp,b[j]);
3618 if(errno==ENOMEM)
3619 return 0;
3620 BIO_puts(bp,"\n");
3621 if(errno==ENOMEM)
3622 return 0;
3623 }
3624 }
3625 #endif
3626 BN_GF2m_add(f, e, f);
3627 if(errno==ENOMEM)
3628 return 0;
3629 /* Test that a^(c+d)=a^c*a^d. */
3630 if(!BN_is_zero(f))
3631 {
3632 if(errno==ENOMEM)
3633 return 0;
3634 fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
3635 goto err;
3636 }
3637 }
3638 }
3639 ret = 1;
3640 err:
3641 BN_free(a);
3642 if(errno==ENOMEM)
3643 return 0;
3644 BN_free(b[0]);
3645 if(errno==ENOMEM)
3646 return 0;
3647 BN_free(b[1]);
3648 if(errno==ENOMEM)
3649 return 0;
3650 BN_free(c);
3651 if(errno==ENOMEM)
3652 return 0;
3653 BN_free(d);
3654 if(errno==ENOMEM)
3655 return 0;
3656 BN_free(e);
3657 if(errno==ENOMEM)
3658 return 0;
3659 BN_free(f);
3660 if(errno==ENOMEM)
3661 return 0;
3662 return ret;
3663 }
3665 int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
3666 {
3667 BIGNUM *a,*b[2],*c,*d,*e,*f;
3668 int i, j, ret = 0;
3669 unsigned int p0[] = {163,7,6,3,0};
3670 unsigned int p1[] = {193,15,0};
3672 a=BN_new();
3673 if(errno==ENOMEM)
3674 return 0;
3675 b[0]=BN_new();
3676 if(errno==ENOMEM)
3677 return 0;
3678 b[1]=BN_new();
3679 if(errno==ENOMEM)
3680 return 0;
3681 c=BN_new();
3682 if(errno==ENOMEM)
3683 return 0;
3684 d=BN_new();
3685 if(errno==ENOMEM)
3686 return 0;
3687 e=BN_new();
3688 if(errno==ENOMEM)
3689 return 0;
3690 f=BN_new();
3691 if(errno==ENOMEM)
3692 return 0;
3694 BN_GF2m_arr2poly(p0, b[0]);
3695 if(errno==ENOMEM)
3696 return 0;
3697 BN_GF2m_arr2poly(p1, b[1]);
3698 if(errno==ENOMEM)
3699 return 0;
3701 for (i=0; i<num0; i++)
3702 {
3703 BN_bntest_rand(a, 512, 0, 0);
3704 if(errno==ENOMEM)
3705 return 0;
3706 for (j=0; j < 2; j++)
3707 {
3708 BN_GF2m_mod(c, a, b[j]);
3709 if(errno==ENOMEM)
3710 return 0;
3711 BN_GF2m_mod_sqrt(d, a, b[j], ctx);
3712 if(errno==ENOMEM)
3713 return 0;
3714 BN_GF2m_mod_sqr(e, d, b[j], ctx);
3715 if(errno==ENOMEM)
3716 return 0;
3717 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3718 if (bp != NULL)
3719 {
3720 if (!results)
3721 {
3722 BN_print(bp,d);
3723 if(errno==ENOMEM)
3724 return 0;
3725 BIO_puts(bp, " ^ 2 - ");
3726 if(errno==ENOMEM)
3727 return 0;
3728 BN_print(bp,a);
3729 if(errno==ENOMEM)
3730 return 0;
3731 BIO_puts(bp,"\n");
3732 if(errno==ENOMEM)
3733 return 0;
3734 }
3735 }
3736 #endif
3737 BN_GF2m_add(f, c, e);
3738 if(errno==ENOMEM)
3739 return 0;
3740 /* Test that d^2 = a, where d = sqrt(a). */
3741 if(!BN_is_zero(f))
3742 {
3743 if(errno==ENOMEM)
3744 return 0;
3745 fprintf(stderr,"GF(2^m) modular square root test failed!\n");
3746 goto err;
3747 }
3748 }
3749 }
3750 ret = 1;
3751 err:
3752 BN_free(a);
3753 if(errno==ENOMEM)
3754 return 0;
3755 BN_free(b[0]);
3756 if(errno==ENOMEM)
3757 return 0;
3758 BN_free(b[1]);
3759 if(errno==ENOMEM)
3760 return 0;
3761 BN_free(c);
3762 if(errno==ENOMEM)
3763 return 0;
3764 BN_free(d);
3765 if(errno==ENOMEM)
3766 return 0;
3767 BN_free(e);
3768 if(errno==ENOMEM)
3769 return 0;
3770 BN_free(f);
3771 if(errno==ENOMEM)
3772 return 0;
3773 return ret;
3774 }
3776 int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
3777 {
3778 BIGNUM *a,*b[2],*c,*d,*e;
3779 int i, j, s = 0, t, ret = 0;
3780 unsigned int p0[] = {163,7,6,3,0};
3781 unsigned int p1[] = {193,15,0};
3783 a=BN_new();
3784 if(errno==ENOMEM)
3785 return 0;
3786 b[0]=BN_new();
3787 if(errno==ENOMEM)
3788 return 0;
3789 b[1]=BN_new();
3790 if(errno==ENOMEM)
3791 return 0;
3792 c=BN_new();
3793 if(errno==ENOMEM)
3794 return 0;
3795 d=BN_new();
3796 if(errno==ENOMEM)
3797 return 0;
3798 e=BN_new();
3799 if(errno==ENOMEM)
3800 return 0;
3802 BN_GF2m_arr2poly(p0, b[0]);
3803 if(errno==ENOMEM)
3804 return 0;
3805 BN_GF2m_arr2poly(p1, b[1]);
3806 if(errno==ENOMEM)
3807 return 0;
3809 for (i=0; i<num0; i++)
3810 {
3811 BN_bntest_rand(a, 512, 0, 0);
3812 if(errno==ENOMEM)
3813 return 0;
3814 for (j=0; j < 2; j++)
3815 {
3816 t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
3817 if(errno==ENOMEM)
3818 return 0;
3819 if (t)
3820 {
3821 s++;
3822 BN_GF2m_mod_sqr(d, c, b[j], ctx);
3823 if(errno==ENOMEM)
3824 return 0;
3825 BN_GF2m_add(d, c, d);
3826 if(errno==ENOMEM)
3827 return 0;
3828 BN_GF2m_mod(e, a, b[j]);
3829 if(errno==ENOMEM)
3830 return 0;
3831 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3832 if (bp != NULL)
3833 {
3834 if (!results)
3835 {
3836 BN_print(bp,c);
3837 BIO_puts(bp, " is root of z^2 + z = ");
3838 BN_print(bp,a);
3839 BIO_puts(bp, " % ");
3840 BN_print(bp,b[j]);
3841 BIO_puts(bp, "\n");
3842 }
3843 }
3844 #endif
3845 BN_GF2m_add(e, e, d);
3846 if(errno==ENOMEM)
3847 return 0;
3848 /* Test that solution of quadratic c satisfies c^2 + c = a. */
3849 if(!BN_is_zero(e))
3850 {
3851 if(errno==ENOMEM)
3852 return 0;
3853 fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
3854 goto err;
3855 }
3857 }
3858 else
3859 {
3860 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
3861 if (bp != NULL)
3862 {
3863 if (!results)
3864 {
3865 BIO_puts(bp, "There are no roots of z^2 + z = ");
3866 if(errno==ENOMEM)
3867 return 0;
3868 BN_print(bp,a);
3869 if(errno==ENOMEM)
3870 return 0;
3871 BIO_puts(bp, " % ");
3872 if(errno==ENOMEM)
3873 return 0;
3874 BN_print(bp,b[j]);
3875 if(errno==ENOMEM)
3876 return 0;
3877 BIO_puts(bp, "\n");
3878 if(errno==ENOMEM)
3879 return 0;
3880 }
3881 }
3882 #endif
3883 }
3884 }
3885 }
3886 if (s == 0)
3887 {
3888 fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
3889 fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
3890 goto err;
3891 }
3892 ret = 1;
3893 err:
3894 BN_free(a);
3895 if(errno==ENOMEM)
3896 return 0;
3897 BN_free(b[0]);
3898 if(errno==ENOMEM)
3899 return 0;
3900 BN_free(b[1]);
3901 if(errno==ENOMEM)
3902 return 0;
3903 BN_free(c);
3904 if(errno==ENOMEM)
3905 return 0;
3906 BN_free(d);
3907 if(errno==ENOMEM)
3908 return 0;
3909 BN_free(e);
3910 if(errno==ENOMEM)
3911 return 0;
3912 return ret;
3913 }
3915 static int genprime_cb(int p, int n, BN_GENCB *arg)
3916 {
3917 char c='*';
3919 if (p == 0) c='.';
3920 if (p == 1) c='+';
3921 if (p == 2) c='*';
3922 if (p == 3) c='\n';
3923 putc(c, stderr);
3924 fflush(stderr);
3925 return 1;
3926 }
3928 int test_kron(BIO *bp, BN_CTX *ctx)
3929 {
3930 BN_GENCB cb;
3931 BIGNUM *a,*b,*r,*t;
3932 int i;
3933 int legendre, kronecker;
3934 int ret = 0;
3936 a = BN_new();
3937 if(errno==ENOMEM)
3938 return 0;
3939 b = BN_new();
3940 if(errno==ENOMEM)
3941 return 0;
3942 r = BN_new();
3943 if(errno==ENOMEM)
3944 return 0;
3945 t = BN_new();
3946 if(errno==ENOMEM)
3947 return 0;
3948 if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
3950 BN_GENCB_set(&cb, genprime_cb, NULL);
3951 if(errno==ENOMEM)
3952 return 0;
3954 /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
3955 * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
3956 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
3957 * So we generate a random prime b and compare these values
3958 * for a number of random a's. (That is, we run the Solovay-Strassen
3959 * primality test to confirm that b is prime, except that we
3960 * don't want to test whether b is prime but whether BN_kronecker
3961 * works.) */
3963 if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
3964 {
3966 if(errno==ENOMEM)
3967 return 0;
3968 goto err;
3969 }
3970 b->neg = rand_neg();
3972 if(errno==ENOMEM)
3973 return 0;
3974 putc('\n', stderr);
3976 for (i = 0; i < num0; i++)
3977 {
3978 if (!BN_bntest_rand(a, 512, 0, 0))
3979 {
3980 if(errno==ENOMEM)
3981 return 0;
3982 goto err;
3983 }
3984 a->neg = rand_neg();
3986 if(errno==ENOMEM)
3987 return 0;
3989 /* t := (|b|-1)/2 (note that b is odd) */
3990 if (!BN_copy(t, b)) goto err;
3991 t->neg = 0;
3992 if (!BN_sub_word(t, 1)) goto err;
3993 if (!BN_rshift1(t, t)) goto err;
3994 /* r := a^t mod b */
3995 b->neg=0;
3997 if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
3998 b->neg=1;
4000 if (BN_is_word(r, 1))
4001 legendre = 1;
4002 else if (BN_is_zero(r))
4003 legendre = 0;
4004 else
4005 {
4006 if (!BN_add_word(r, 1)) goto err;
4007 if (0 != BN_ucmp(r, b))
4008 {
4009 fprintf(stderr, "Legendre symbol computation failed\n");
4010 goto err;
4011 }
4012 legendre = -1;
4013 }
4015 kronecker = BN_kronecker(a, b, ctx);
4016 if (kronecker < -1) goto err;
4017 /* we actually need BN_kronecker(a, |b|) */
4018 if (a->neg && b->neg)
4019 kronecker = -kronecker;
4021 if (legendre != kronecker)
4022 {
4023 fprintf(stderr, "legendre != kronecker; a = ");
4024 BN_print_fp(stderr, a);
4025 fprintf(stderr, ", b = ");
4026 BN_print_fp(stderr, b);
4027 fprintf(stderr, "\n");
4028 goto err;
4029 }
4031 putc('.', stderr);
4032 fflush(stderr);
4033 }
4035 putc('\n', stderr);
4036 fflush(stderr);
4037 ret = 1;
4038 err:
4039 if (a != NULL) BN_free(a);
4040 if (b != NULL) BN_free(b);
4041 if (r != NULL) BN_free(r);
4042 if (t != NULL) BN_free(t);
4043 if(errno==ENOMEM)
4044 return 0;
4045 return ret;
4046 }
4048 int test_sqrt(BIO *bp, BN_CTX *ctx)
4049 {
4050 BN_GENCB cb;
4051 BIGNUM *a,*p,*r;
4052 int i, j;
4053 int ret = 0;
4055 a = BN_new();
4056 if(errno==ENOMEM)
4057 return 0;
4058 p = BN_new();
4059 if(errno==ENOMEM)
4060 return 0;
4061 r = BN_new();
4062 if(errno==ENOMEM)
4063 return 0;
4064 if (a == NULL || p == NULL || r == NULL) goto err;
4066 BN_GENCB_set(&cb, genprime_cb, NULL);
4067 if(errno==ENOMEM)
4068 return 0;
4070 for (i = 0; i < 16; i++)
4071 {
4072 if (i < 8)
4073 {
4074 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
4076 if (!BN_set_word(p, primes[i])) goto err;
4077 }
4078 else
4079 {
4080 if (!BN_set_word(a, 32)) goto err;
4081 if (!BN_set_word(r, 2*i + 1)) goto err;
4083 if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
4084 putc('\n', stderr);
4085 }
4086 p->neg = rand_neg();
4088 if(errno==ENOMEM)
4089 return 0;
4090 for (j = 0; j < num2; j++)
4091 {
4092 /* construct 'a' such that it is a square modulo p,
4093 * but in general not a proper square and not reduced modulo p */
4094 if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
4095 if (!BN_nnmod(r, r, p, ctx)) goto err;
4096 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
4097 if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
4098 if (!BN_nnmod(a, a, p, ctx)) goto err;
4099 if (!BN_mod_sqr(a, a, p, ctx)) goto err;
4100 if (!BN_mul(a, a, r, ctx)) goto err;
4101 if (rand_neg())
4102 if (!BN_sub(a, a, p)) goto err;
4104 if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
4105 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
4107 if (!BN_nnmod(a, a, p, ctx)) goto err;
4109 if (BN_cmp(a, r) != 0)
4110 {
4111 fprintf(stderr, "BN_mod_sqrt failed: a = ");
4112 BN_print_fp(stderr, a);
4113 fprintf(stderr, ", r = ");
4114 BN_print_fp(stderr, r);
4115 fprintf(stderr, ", p = ");
4116 BN_print_fp(stderr, p);
4117 fprintf(stderr, "\n");
4118 goto err;
4119 }
4121 putc('.', stderr);
4122 fflush(stderr);
4123 }
4125 putc('\n', stderr);
4126 fflush(stderr);
4127 }
4128 ret = 1;
4129 err:
4130 if (a != NULL) BN_free(a);
4131 if (p != NULL) BN_free(p);
4132 if (r != NULL) BN_free(r);
4134 if(errno==ENOMEM)
4135 return 0;
4136 return ret;
4137 }
4139 int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
4140 {
4141 BIGNUM *a,*b,*c,*d;
4142 int i;
4144 b=BN_new();
4145 if(errno==ENOMEM)
4146 return 0;
4147 c=BN_new();
4148 if(errno==ENOMEM)
4149 return 0;
4150 d=BN_new();
4151 if(errno==ENOMEM)
4152 return 0;
4153 BN_one(c);
4154 if(errno==ENOMEM)
4155 return 0;
4157 if(a_)
4158 a=a_;
4159 else
4160 {
4161 a=BN_new();
4162 if(errno==ENOMEM)
4163 return 0;
4164 BN_bntest_rand(a,200,0,0); /**/
4165 if(errno==ENOMEM)
4166 return 0;
4167 a->neg=rand_neg();
4168 if(errno==ENOMEM)
4169 return 0;
4170 }
4171 for (i=0; i<num0; i++)
4172 {
4173 BN_lshift(b,a,i+1);
4174 if(errno==ENOMEM)
4175 return 0;
4176 BN_add(c,c,c);
4177 if(errno==ENOMEM)
4178 return 0;
4179 if (bp != NULL)
4180 {
4181 if (!results)
4182 {
4183 BN_print(bp,a);
4184 if(errno==ENOMEM)
4185 return 0;
4186 BIO_puts(bp," * ");
4187 if(errno==ENOMEM)
4188 return 0;
4189 BN_print(bp,c);
4190 if(errno==ENOMEM)
4191 return 0;
4192 BIO_puts(bp," - ");
4193 if(errno==ENOMEM)
4194 return 0;
4195 }
4196 BN_print(bp,b);
4197 if(errno==ENOMEM)
4198 return 0;
4199 BIO_puts(bp,"\n");
4200 if(errno==ENOMEM)
4201 return 0;
4202 }
4203 BN_mul(d,a,c,ctx);
4204 if(errno==ENOMEM)
4205 return 0;
4206 BN_sub(d,d,b);
4207 if(errno==ENOMEM)
4208 return 0;
4209 if(!BN_is_zero(d))
4210 {
4211 if(errno==ENOMEM)
4212 return 0;
4213 fprintf(stderr,"Left shift test failed!\n");
4214 fprintf(stderr,"a=");
4215 BN_print_fp(stderr,a);
4216 if(errno==ENOMEM)
4217 return 0;
4218 fprintf(stderr,"\nb=");
4219 BN_print_fp(stderr,b);
4220 if(errno==ENOMEM)
4221 return 0;
4222 fprintf(stderr,"\nc=");
4223 BN_print_fp(stderr,c);
4224 if(errno==ENOMEM)
4225 return 0;
4226 fprintf(stderr,"\nd=");
4227 BN_print_fp(stderr,d);
4228 if(errno==ENOMEM)
4229 return 0;
4230 fprintf(stderr,"\n");
4231 return 0;
4232 }
4233 }
4234 BN_free(a);
4235 if(errno==ENOMEM)
4236 return 0;
4237 BN_free(b);
4238 if(errno==ENOMEM)
4239 return 0;
4240 BN_free(c);
4241 if(errno==ENOMEM)
4242 return 0;
4243 BN_free(d);
4244 if(errno==ENOMEM)
4245 return 0;
4246 return(1);
4247 }
4249 int test_lshift1(BIO *bp)
4250 {
4251 BIGNUM *a,*b,*c;
4252 int i;
4254 a=BN_new();
4255 if(errno==ENOMEM)
4256 return 0;
4257 b=BN_new();
4258 if(errno==ENOMEM)
4259 return 0;
4260 c=BN_new();
4261 if(errno==ENOMEM)
4262 return 0;
4264 BN_bntest_rand(a,200,0,0); /**/
4265 if(errno==ENOMEM)
4266 return 0;
4267 a->neg=rand_neg();
4268 if(errno==ENOMEM)
4269 return 0;
4270 for (i=0; i<num0; i++)
4271 {
4272 BN_lshift1(b,a);
4273 if(errno==ENOMEM)
4274 return 0;
4275 if (bp != NULL)
4276 {
4277 if (!results)
4278 {
4279 BN_print(bp,a);
4280 if(errno==ENOMEM)
4281 return 0;
4282 BIO_puts(bp," * 2");
4283 if(errno==ENOMEM)
4284 return 0;
4285 BIO_puts(bp," - ");
4286 if(errno==ENOMEM)
4287 return 0;
4288 }
4289 BN_print(bp,b);
4290 if(errno==ENOMEM)
4291 return 0;
4292 BIO_puts(bp,"\n");
4293 if(errno==ENOMEM)
4294 return 0;
4295 }
4296 BN_add(c,a,a);
4297 if(errno==ENOMEM)
4298 return 0;
4299 BN_sub(a,b,c);
4300 if(errno==ENOMEM)
4301 return 0;
4302 if(!BN_is_zero(a))
4303 {
4304 if(errno==ENOMEM)
4305 return 0;
4306 fprintf(stderr,"Left shift one test failed!\n");
4307 return 0;
4308 }
4310 BN_copy(a,b);
4311 if(errno==ENOMEM)
4312 return 0;
4313 }
4314 BN_free(a);
4315 if(errno==ENOMEM)
4316 return 0;
4317 BN_free(b);
4318 if(errno==ENOMEM)
4319 return 0;
4320 BN_free(c);
4321 if(errno==ENOMEM)
4322 return 0;
4323 return(1);
4324 }
4326 int test_rshift(BIO *bp,BN_CTX *ctx)
4327 {
4328 BIGNUM *a,*b,*c,*d,*e;
4329 int i;
4331 a=BN_new();
4332 if(errno==ENOMEM)
4333 return 0;
4334 b=BN_new();
4335 if(errno==ENOMEM)
4336 return 0;
4337 c=BN_new();
4338 if(errno==ENOMEM)
4339 return 0;
4340 d=BN_new();
4341 if(errno==ENOMEM)
4342 return 0;
4343 e=BN_new();
4344 if(errno==ENOMEM)
4345 return 0;
4346 BN_one(c);
4347 if(errno==ENOMEM)
4348 return 0;
4350 BN_bntest_rand(a,200,0,0); /**/
4351 if(errno==ENOMEM)
4352 return 0;
4353 a->neg=rand_neg();
4354 if(errno==ENOMEM)
4355 return 0;
4356 for (i=0; i<num0; i++)
4357 {
4358 BN_rshift(b,a,i+1);
4359 if(errno==ENOMEM)
4360 return 0;
4361 BN_add(c,c,c);
4362 if(errno==ENOMEM)
4363 return 0;
4364 if (bp != NULL)
4365 {
4366 if (!results)
4367 {
4368 BN_print(bp,a);
4369 if(errno==ENOMEM)
4370 return 0;
4371 BIO_puts(bp," / ");
4372 if(errno==ENOMEM)
4373 return 0;
4374 BN_print(bp,c);
4375 if(errno==ENOMEM)
4376 return 0;
4377 BIO_puts(bp," - ");
4378 if(errno==ENOMEM)
4379 return 0;
4380 }
4381 BN_print(bp,b);
4382 if(errno==ENOMEM)
4383 return 0;
4384 BIO_puts(bp,"\n");
4385 if(errno==ENOMEM)
4386 return 0;
4387 }
4388 BN_div(d,e,a,c,ctx);
4389 if(errno==ENOMEM)
4390 return 0;
4391 BN_sub(d,d,b);
4392 if(errno==ENOMEM)
4393 return 0;
4394 if(!BN_is_zero(d))
4395 {
4396 if(errno==ENOMEM)
4397 return 0;
4398 fprintf(stderr,"Right shift test failed!\n");
4399 return 0;
4400 }
4401 }
4402 BN_free(a);
4403 if(errno==ENOMEM)
4404 return 0;
4405 BN_free(b);
4406 if(errno==ENOMEM)
4407 return 0;
4408 BN_free(c);
4409 if(errno==ENOMEM)
4410 return 0;
4411 BN_free(d);
4412 if(errno==ENOMEM)
4413 return 0;
4414 BN_free(e);
4415 if(errno==ENOMEM)
4416 return 0;
4417 return(1);
4418 }
4420 int test_rshift1(BIO *bp)
4421 {
4422 BIGNUM *a,*b,*c;
4423 int i;
4425 a=BN_new();
4426 if(errno==ENOMEM)
4427 return 0;
4428 b=BN_new();
4429 if(errno==ENOMEM)
4430 return 0;
4431 c=BN_new();
4432 if(errno==ENOMEM)
4433 return 0;
4435 BN_bntest_rand(a,200,0,0); /**/
4436 if(errno==ENOMEM)
4437 return 0;
4438 a->neg=rand_neg();
4439 if(errno==ENOMEM)
4440 return 0;
4441 for (i=0; i<num0; i++)
4442 {
4443 BN_rshift1(b,a);
4444 if(errno==ENOMEM)
4445 return 0;
4446 if (bp != NULL)
4447 {
4448 if (!results)
4449 {
4450 BN_print(bp,a);
4451 if(errno==ENOMEM)
4452 return 0;
4453 BIO_puts(bp," / 2");
4454 if(errno==ENOMEM)
4455 return 0;
4456 BIO_puts(bp," - ");
4457 if(errno==ENOMEM)
4458 return 0;
4459 }
4460 BN_print(bp,b);
4461 if(errno==ENOMEM)
4462 return 0;
4463 BIO_puts(bp,"\n");
4464 if(errno==ENOMEM)
4465 return 0;
4466 }
4467 BN_sub(c,a,b);
4468 if(errno==ENOMEM)
4469 return 0;
4470 BN_sub(c,c,b);
4471 if(errno==ENOMEM)
4472 return 0;
4473 if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
4474 {
4475 if(errno==ENOMEM)
4476 return 0;
4477 fprintf(stderr,"Right shift one test failed!\n");
4478 return 0;
4479 }
4480 BN_copy(a,b);
4481 if(errno==ENOMEM)
4482 return 0;
4483 }
4484 BN_free(a);
4485 if(errno==ENOMEM)
4486 return 0;
4487 BN_free(b);
4488 if(errno==ENOMEM)
4489 return 0;
4490 BN_free(c);
4491 if(errno==ENOMEM)
4492 return 0;
4493 return(1);
4494 }
4496 int rand_neg(void)
4497 {
4498 static unsigned int neg=0;
4499 static int sign[8]={0,0,0,1,1,0,1,1};
4501 return(sign[(neg++)%8]);
4502 }