The branch master has been updated via adf652436a42a5132e708f8003b7621647f0a404 (commit) via 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b (commit) from 3d0dde847eac17bd5deec1397bce38cb43469525 (commit)
- Log ----------------------------------------------------------------- commit adf652436a42a5132e708f8003b7621647f0a404 Author: Matt Caswell <m...@openssl.org> Date: Thu May 24 16:13:43 2018 +0100 Test that a ^ 0 mod -1 is always 0 Check all functions that do this. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6355) commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b Author: Matt Caswell <m...@openssl.org> Date: Thu May 24 16:12:52 2018 +0100 The result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6355) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 20 ++++++++++---------- test/bntest.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 10 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 9b2042d..258e901 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -178,8 +178,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -320,8 +320,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -629,8 +629,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1143,8 +1143,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1265,8 +1265,8 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { diff --git a/test/bntest.c b/test/bntest.c index 629707a..3558778 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2063,6 +2063,53 @@ err: return st; } +static int test_expmodone(void) +{ + int ret = 0, i; + BIGNUM *r = BN_new(); + BIGNUM *a = BN_new(); + BIGNUM *p = BN_new(); + BIGNUM *m = BN_new(); + + if (!TEST_ptr(r) + || !TEST_ptr(a) + || !TEST_ptr(p) + || !TEST_ptr(p) + || !TEST_ptr(m) + || !TEST_true(BN_set_word(a, 1)) + || !TEST_true(BN_set_word(p, 0)) + || !TEST_true(BN_set_word(m, 1))) + goto err; + + /* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */ + for (i = 0; i < 2; i++) { + if (!TEST_true(BN_mod_exp(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r)) + goto err; + /* Repeat for r = 1 ^ 0 mod -1 */ + if (i == 0) + BN_set_negative(m, 1); + } + + ret = 1; +err: + BN_free(r); + BN_free(a); + BN_free(p); + BN_free(m); + return ret; +} + static int test_smallprime(void) { static const int kBits = 10; @@ -2189,6 +2236,7 @@ int setup_tests(void) ADD_TEST(test_negzero); ADD_TEST(test_badmod); ADD_TEST(test_expmodzero); + ADD_TEST(test_expmodone); ADD_TEST(test_smallprime); ADD_TEST(test_swap); #ifndef OPENSSL_NO_EC2M _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits