bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).

Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Andy Polyakov <appro@openssl.org> 2015-12-01 09:00:32 +0100
committer: Matt Caswell <matt@openssl.org> 2015-12-03 13:12:01 +0000
commit: 29851264f11ccc70c6c0140d7e3d8d93ef5c9b11 (patch)
tree: 55e5ad3e76c2a869b25ef0f0ad438262f633e6ff /test/bntest.c
parent: b5516cfbd65de9331d827012fc5bdace1953613e (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/test/bntest.c b/test/bntest.c
index 9caa2c904b..9542800444 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -1023,6 +1023,24 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
             return 0;
         }
     }
+
+    /* Regression test for carry propagation bug in sqr8x_reduction */
+    BN_hex2bn(&a, "050505050505");
+    BN_hex2bn(&b, "02");
+    BN_hex2bn(&c,
+        "4141414141414141414141274141414141414141414141414141414141414141"
+        "4141414141414141414141414141414141414141414141414141414141414141"
+        "4141414141414141414141800000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000001");
+    BN_mod_exp(d, a, b, c, ctx);
+    BN_mul(e, a, a, ctx);
+    if (BN_cmp(d, e)) {
+        fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
+        return 0;
+    }
+
     BN_free(a);
     BN_free(b);
     BN_free(c);
author	Andy Polyakov <appro@openssl.org>	2015-12-01 09:00:32 +0100
committer	Matt Caswell <matt@openssl.org>	2015-12-03 13:12:01 +0000
commit	29851264f11ccc70c6c0140d7e3d8d93ef5c9b11 (patch)
tree	55e5ad3e76c2a869b25ef0f0ad438262f633e6ff /test/bntest.c
parent	b5516cfbd65de9331d827012fc5bdace1953613e (diff)