diff options
author | Andy Polyakov <appro@openssl.org> | 2015-12-01 09:00:32 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-12-03 13:12:01 +0000 |
commit | 29851264f11ccc70c6c0140d7e3d8d93ef5c9b11 (patch) | |
tree | 55e5ad3e76c2a869b25ef0f0ad438262f633e6ff /test/bntest.c | |
parent | b5516cfbd65de9331d827012fc5bdace1953613e (diff) |
bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'test/bntest.c')
-rw-r--r-- | test/bntest.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/test/bntest.c b/test/bntest.c index 9caa2c904b..9542800444 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1023,6 +1023,24 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) return 0; } } + + /* Regression test for carry propagation bug in sqr8x_reduction */ + BN_hex2bn(&a, "050505050505"); + BN_hex2bn(&b, "02"); + BN_hex2bn(&c, + "4141414141414141414141274141414141414141414141414141414141414141" + "4141414141414141414141414141414141414141414141414141414141414141" + "4141414141414141414141800000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000001"); + BN_mod_exp(d, a, b, c, ctx); + BN_mul(e, a, a, ctx); + if (BN_cmp(d, e)) { + fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); + return 0; + } + BN_free(a); BN_free(b); BN_free(c); |