1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
57 /* ====================================================================
58 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * Portions of the attached software ("Contribution") are developed by
61 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 * The Contribution is licensed pursuant to the Eric Young open source
64 * license provided above.
66 * The binary polynomial arithmetic software is originally written by
67 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
72 #include <openssl/bio.h>
73 #include <openssl/bn.h>
74 #include <openssl/crypto.h>
75 #include <openssl/err.h>
76 #include <openssl/mem.h>
80 static const int num0 = 100; /* number of tests */
81 static const int num1 = 50; /* additional tests for some functions */
82 static const int num2 = 5; /* number of tests for slow functions */
84 int test_add(BIO *bp);
85 int test_sub(BIO *bp);
86 int test_lshift1(BIO *bp);
87 int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
88 int test_rshift1(BIO *bp);
89 int test_rshift(BIO *bp, BN_CTX *ctx);
90 int test_sqr(BIO *bp, BN_CTX *ctx);
91 int test_mul(BIO *bp);
92 int test_div(BIO *bp, BN_CTX *ctx);
95 int test_div_word(BIO *bp);
96 int test_mont(BIO *bp, BN_CTX *ctx);
97 int test_mod(BIO *bp, BN_CTX *ctx);
98 int test_mod_mul(BIO *bp, BN_CTX *ctx);
99 int test_mod_exp(BIO *bp, BN_CTX *ctx);
100 int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
101 int test_exp(BIO *bp, BN_CTX *ctx);
102 int test_mod_sqrt(BIO *bp, BN_CTX *ctx);
103 static int test_exp_mod_zero(void);
104 int test_small_prime(BIO *bp,BN_CTX *ctx);
105 int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
106 int test_sqrt(BIO *bp, BN_CTX *ctx);
107 int test_bn2bin_padded(BIO *bp, BN_CTX *ctx);
109 int test_gf2m_add(BIO *bp);
110 int test_gf2m_mod(BIO *bp);
111 int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
112 int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
113 int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
114 int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
115 int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
116 int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
117 int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
119 static int results = 0;
121 static unsigned char lst[] =
122 "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
123 "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
125 static void ERR_print_errors_fp(FILE *out) {
128 static void message(BIO *out, char *m) {
129 BIO_puts(out, "print \"test ");
131 BIO_puts(out, "\\n\"\n");
134 int main(int argc, char *argv[]) {
137 char *outfile = NULL;
139 CRYPTO_library_init();
146 if (strcmp(*argv, "-results") == 0)
148 else if (strcmp(*argv, "-out") == 0) {
162 out = BIO_new(BIO_s_file());
167 if (outfile == NULL) {
168 BIO_set_fp(out, stdout, BIO_NOCLOSE);
170 if (!BIO_write_filename(out, outfile)) {
177 BIO_puts(out, "obase=16\nibase=16\n");
179 message(out, "BN_add");
182 (void)BIO_flush(out);
184 message(out, "BN_sub");
187 (void)BIO_flush(out);
189 message(out, "BN_lshift1");
190 if (!test_lshift1(out))
192 (void)BIO_flush(out);
194 message(out, "BN_lshift (fixed)");
195 if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
197 (void)BIO_flush(out);
199 message(out, "BN_lshift");
200 if (!test_lshift(out, ctx, NULL))
202 (void)BIO_flush(out);
204 message(out, "BN_rshift1");
205 if (!test_rshift1(out))
207 (void)BIO_flush(out);
209 message(out, "BN_rshift");
210 if (!test_rshift(out, ctx))
212 (void)BIO_flush(out);
214 message(out, "BN_sqr");
215 if (!test_sqr(out, ctx))
217 (void)BIO_flush(out);
219 message(out, "BN_mul");
222 (void)BIO_flush(out);
224 message(out, "BN_div");
225 if (!test_div(out, ctx))
227 (void)BIO_flush(out);
229 message(out, "BN_div_word");
230 if (!test_div_word(out))
232 (void)BIO_flush(out);
234 message(out, "BN_mod");
235 if (!test_mod(out, ctx))
237 (void)BIO_flush(out);
239 message(out, "BN_mod_mul");
240 if (!test_mod_mul(out, ctx))
242 (void)BIO_flush(out);
244 message(out, "BN_mont");
245 if (!test_mont(out, ctx))
247 (void)BIO_flush(out);
249 message(out, "BN_mod_exp");
250 if (!test_mod_exp(out, ctx))
252 (void)BIO_flush(out);
254 message(out, "BN_mod_exp_mont_consttime");
255 if (!test_mod_exp_mont_consttime(out, ctx) ||
256 !test_mod_exp_mont5(out, ctx)) {
259 (void)BIO_flush(out);
261 message(out, "BN_exp");
262 if (!test_exp(out, ctx) ||
263 !test_exp_mod_zero()) {
266 (void)BIO_flush(out);
268 message(out, "BN_mod_sqrt");
269 if (!test_mod_sqrt(out, ctx))
271 (void)BIO_flush(out);
273 message(out, "Small prime generation");
274 if (!test_small_prime(out, ctx))
276 (void)BIO_flush(out);
278 message(out, "BN_sqrt");
279 if (!test_sqrt(out, ctx))
281 (void)BIO_flush(out);
283 message(out, "BN_bn2bin_padded");
284 if (!test_bn2bin_padded(out, ctx))
286 (void)BIO_flush(out);
295 BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc notices
296 * the failure, see test_bn in test/Makefile.ssl*/
297 (void)BIO_flush(out);
302 int test_add(BIO *bp) {
310 BN_rand(&a, 512, 0, 0);
311 for (i = 0; i < num0; i++) {
312 BN_rand(&b, 450 + i, 0, 0);
330 if (!BN_is_zero(&c)) {
331 fprintf(stderr, "Add test failed!\n");
341 int test_sub(BIO *bp) {
349 for (i = 0; i < num0 + num1; i++) {
351 BN_rand(&a, 512, 0, 0);
353 if (BN_set_bit(&a, i) == 0)
357 BN_rand(&b, 400 + i - num1, 0, 0);
374 if (!BN_is_zero(&c)) {
375 fprintf(stderr, "Subtract test failed!\n");
385 int test_div(BIO *bp, BN_CTX *ctx) {
386 BIGNUM a, b, c, d, e;
395 for (i = 0; i < num0 + num1; i++) {
397 BN_rand(&a, 400, 0, 0);
399 BN_lshift(&a, &a, i);
402 BN_rand(&b, 50 + 3 * (i - num1), 0, 0);
405 BN_div(&d, &c, &a, &b, ctx);
425 BN_mul(&e, &d, &b, ctx);
428 if (!BN_is_zero(&d)) {
429 fprintf(stderr, "Division test failed!\n");
441 int test_lshift1(BIO *bp) {
449 BN_rand(a, 200, 0, 0); /**/
451 for (i = 0; i < num0; i++) {
456 BIO_puts(bp, " * 2");
464 if (!BN_is_zero(a)) {
465 fprintf(stderr, "Left shift one test failed!\n");
477 int test_rshift(BIO *bp, BN_CTX *ctx) {
478 BIGNUM *a, *b, *c, *d, *e;
488 BN_rand(a, 200, 0, 0); /**/
490 for (i = 0; i < num0; i++) {
491 BN_rshift(b, a, i + 1);
503 BN_div(d, e, a, c, ctx);
505 if (!BN_is_zero(d)) {
506 fprintf(stderr, "Right shift test failed!\n");
518 int test_rshift1(BIO *bp) {
526 BN_rand(a, 200, 0, 0); /**/
528 for (i = 0; i < num0; i++) {
533 BIO_puts(bp, " / 2");
541 if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
542 fprintf(stderr, "Right shift one test failed!\n");
553 int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) {
554 BIGNUM *a, *b, *c, *d;
566 BN_rand(a, 200, 0, 0); /**/
569 for (i = 0; i < num0; i++) {
570 BN_lshift(b, a, i + 1);
582 BN_mul(d, a, c, ctx);
584 if (!BN_is_zero(d)) {
585 fprintf(stderr, "Left shift test failed!\n");
586 fprintf(stderr, "a=");
587 BN_print_fp(stderr, a);
588 fprintf(stderr, "\nb=");
589 BN_print_fp(stderr, b);
590 fprintf(stderr, "\nc=");
591 BN_print_fp(stderr, c);
592 fprintf(stderr, "\nd=");
593 BN_print_fp(stderr, d);
594 fprintf(stderr, "\n");
605 int test_mul(BIO *bp) {
606 BIGNUM a, b, c, d, e;
620 for (i = 0; i < num0 + num1; i++) {
622 BN_rand(&a, 100, 0, 0);
623 BN_rand(&b, 100, 0, 0);
625 BN_rand(&b, i - num1, 0, 0);
628 BN_mul(&c, &a, &b, ctx);
639 BN_div(&d, &e, &c, &a, ctx);
641 if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
642 fprintf(stderr, "Multiplication test failed!\n");
655 int test_sqr(BIO *bp, BN_CTX *ctx) {
664 for (i = 0; i < num0; i++) {
665 BN_rand(&a, 40 + i * 10, 0, 0);
678 BN_div(&d, &e, &c, &a, ctx);
680 if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
681 fprintf(stderr, "Square test failed!\n");
694 static unsigned int neg = 0;
695 static int sign[8] = {0, 0, 0, 1, 1, 0, 1, 1};
697 return (sign[(neg++) % 8]);
700 static void print_word(BIO *bp, BN_ULONG w) {
701 BIO_printf(bp, BN_HEX_FMT1, w);
704 int test_div_word(BIO *bp) {
712 for (i = 0; i < num0; i++) {
714 BN_rand(&a, 512, -1, 0);
715 BN_rand(&b, BN_BITS2, -1, 0);
720 r = BN_div_word(&b, s);
744 if (!BN_is_zero(&b)) {
745 fprintf(stderr, "Division (word) test failed!\n");
754 int test_mont(BIO *bp, BN_CTX *ctx) {
755 BIGNUM a, b, c, d, A, B;
768 mont = BN_MONT_CTX_new();
772 BN_rand(&a, 100, 0, 0); /**/
773 BN_rand(&b, 100, 0, 0); /**/
774 for (i = 0; i < num2; i++) {
775 int bits = (200 * (i + 1)) / num2;
779 BN_rand(&n, bits, 0, 1);
780 BN_MONT_CTX_set(mont, &n, ctx);
782 BN_nnmod(&a, &a, &n, ctx);
783 BN_nnmod(&b, &b, &n, ctx);
785 BN_to_montgomery(&A, &a, mont, ctx);
786 BN_to_montgomery(&B, &b, mont, ctx);
788 BN_mod_mul_montgomery(&c, &A, &B, mont, ctx); /**/
789 BN_from_montgomery(&A, &c, mont, ctx); /**/
793 fprintf(stderr, "%d * %d %% %d\n", BN_num_bits(&a), BN_num_bits(&b),
794 BN_num_bits(mont->N));
800 BN_print(bp, &(mont->N));
806 BN_mod_mul(&d, &a, &b, &n, ctx);
808 if (!BN_is_zero(&d)) {
809 fprintf(stderr, "Montgomery multiplication test failed!\n");
813 BN_MONT_CTX_free(mont);
824 int test_mod(BIO *bp, BN_CTX *ctx) {
825 BIGNUM *a, *b, *c, *d, *e;
834 BN_rand(a, 1024, 0, 0); /**/
835 for (i = 0; i < num0; i++) {
836 BN_rand(b, 450 + i * 10, 0, 0); /**/
839 BN_mod(c, a, b, ctx); /**/
850 BN_div(d, e, a, b, ctx);
852 if (!BN_is_zero(e)) {
853 fprintf(stderr, "Modulo test failed!\n");
865 int test_mod_mul(BIO *bp, BN_CTX *ctx) {
866 BIGNUM *a, *b, *c, *d, *e;
875 for (j = 0; j < 3; j++) {
876 BN_rand(c, 1024, 0, 0); /**/
877 for (i = 0; i < num0; i++) {
878 BN_rand(a, 475 + i * 10, 0, 0); /**/
879 BN_rand(b, 425 + i * 11, 0, 0); /**/
882 if (!BN_mod_mul(e, a, b, c, ctx)) {
885 while ((l = ERR_get_error()))
886 fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL));
896 if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
897 /* If (a*b) % c is negative, c must be added
898 * in order to obtain the normalized remainder
899 * (new with OpenSSL 0.9.7, previous versions of
900 * BN_mod_mul could generate negative results)
910 BN_mul(d, a, b, ctx);
912 BN_div(a, b, d, c, ctx);
913 if (!BN_is_zero(b)) {
914 fprintf(stderr, "Modulo multiply test failed!\n");
915 ERR_print_errors_fp(stderr);
928 int test_mod_exp(BIO *bp, BN_CTX *ctx) {
929 BIGNUM *a, *b, *c, *d, *e;
938 BN_rand(c, 30, 0, 1); /* must be odd for montgomery */
939 for (i = 0; i < num2; i++) {
940 BN_rand(a, 20 + i * 5, 0, 0); /**/
941 BN_rand(b, 2 + i, 0, 0); /**/
943 if (!BN_mod_exp(d, a, b, c, ctx))
958 BN_exp(e, a, b, ctx);
960 BN_div(a, b, e, c, ctx);
961 if (!BN_is_zero(b)) {
962 fprintf(stderr, "Modulo exponentiation test failed!\n");
974 int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) {
975 BIGNUM *a, *b, *c, *d, *e;
984 BN_rand(c, 30, 0, 1); /* must be odd for montgomery */
985 for (i = 0; i < num2; i++) {
986 BN_rand(a, 20 + i * 5, 0, 0); /**/
987 BN_rand(b, 2 + i, 0, 0); /**/
989 if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL))
1004 BN_exp(e, a, b, ctx);
1006 BN_div(a, b, e, c, ctx);
1007 if (!BN_is_zero(b)) {
1008 fprintf(stderr, "Modulo exponentiation test failed!\n");
1020 /* Test constant-time modular exponentiation with 1024-bit inputs,
1021 * which on x86_64 cause a different code branch to be taken. */
1022 int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) {
1023 BIGNUM *a, *p, *m, *d, *e;
1033 mont = BN_MONT_CTX_new();
1035 BN_rand(m, 1024, 0, 1); /* must be odd for montgomery */
1037 BN_rand(a, 1024, 0, 0);
1039 if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
1041 if (!BN_is_one(d)) {
1042 fprintf(stderr, "Modular exponentiation test failed!\n");
1046 BN_rand(p, 1024, 0, 0);
1048 if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
1050 if (!BN_is_zero(d)) {
1051 fprintf(stderr, "Modular exponentiation test failed!\n");
1054 /* Craft an input whose Montgomery representation is 1,
1055 * i.e., shorter than the modulus m, in order to test
1056 * the const time precomputation scattering/gathering.
1059 BN_MONT_CTX_set(mont, m, ctx);
1060 if (!BN_from_montgomery(e, a, mont, ctx) ||
1061 !BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL) ||
1062 !BN_mod_exp(a, e, p, m, ctx)) {
1065 if (BN_cmp(a, d) != 0) {
1066 fprintf(stderr, "Modular exponentiation test failed!\n");
1069 /* Finally, some regular test vectors. */
1070 BN_rand(e, 1024, 0, 0);
1071 if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
1073 if (!BN_mod_exp(a, e, p, m, ctx))
1075 if (BN_cmp(a, d) != 0) {
1076 fprintf(stderr, "Modular exponentiation test failed!\n");
1080 BN_MONT_CTX_free(mont);
1089 int test_exp(BIO *bp, BN_CTX *ctx) {
1090 BIGNUM *a, *b, *d, *e, *one;
1100 for (i = 0; i < num2; i++) {
1101 BN_rand(a, 20 + i * 5, 0, 0); /**/
1102 BN_rand(b, 2 + i, 0, 0); /**/
1104 if (BN_exp(d, a, b, ctx) <= 0)
1110 BIO_puts(bp, " ^ ");
1112 BIO_puts(bp, " - ");
1118 for (; !BN_is_zero(b); BN_sub(b, b, one))
1119 BN_mul(e, e, a, ctx);
1121 if (!BN_is_zero(e)) {
1122 fprintf(stderr, "Exponentiation test failed!\n");
1134 /* test_exp_mod_zero tests that x**0 mod 1 == 0. */
1135 static int test_exp_mod_zero(void) {
1138 BN_CTX *ctx = BN_CTX_new();
1151 BN_mod_exp(&r, &a, &p, &m, ctx);
1154 if (BN_is_zero(&r)) {
1157 printf("1**0 mod 1 = ");
1158 BN_print_fp(stdout, &r);
1159 printf(", should be 0\n");
1170 static int genprime_cb(int p, int n, BN_GENCB *arg) {
1186 int test_mod_sqrt(BIO *bp, BN_CTX *ctx) {
1195 if (a == NULL || p == NULL || r == NULL)
1198 BN_GENCB_set(&cb, genprime_cb, NULL);
1200 for (i = 0; i < 16; i++) {
1202 unsigned primes[8] = {2, 3, 5, 7, 11, 13, 17, 19};
1204 if (!BN_set_word(p, primes[i]))
1207 if (!BN_set_word(a, 32))
1209 if (!BN_set_word(r, 2 * i + 1))
1212 if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
1216 p->neg = rand_neg();
1218 for (j = 0; j < num2; j++) {
1219 /* construct 'a' such that it is a square modulo p,
1220 * but in general not a proper square and not reduced modulo p */
1221 if (!BN_rand(r, 256, 0, 3))
1223 if (!BN_nnmod(r, r, p, ctx))
1225 if (!BN_mod_sqr(r, r, p, ctx))
1227 if (!BN_rand(a, 256, 0, 3))
1229 if (!BN_nnmod(a, a, p, ctx))
1231 if (!BN_mod_sqr(a, a, p, ctx))
1233 if (!BN_mul(a, a, r, ctx))
1236 if (!BN_sub(a, a, p))
1239 if (!BN_mod_sqrt(r, a, p, ctx))
1241 if (!BN_mod_sqr(r, r, p, ctx))
1244 if (!BN_nnmod(a, a, p, ctx))
1247 if (BN_cmp(a, r) != 0) {
1248 fprintf(stderr, "BN_mod_sqrt failed: a = ");
1249 BN_print_fp(stderr, a);
1250 fprintf(stderr, ", r = ");
1251 BN_print_fp(stderr, r);
1252 fprintf(stderr, ", p = ");
1253 BN_print_fp(stderr, p);
1254 fprintf(stderr, "\n");
1276 int test_small_prime(BIO *bp, BN_CTX *ctx) {
1277 static const int bits = 10;
1282 if (!BN_generate_prime_ex(&r, bits, 0, NULL, NULL, NULL)) {
1285 if (BN_num_bits(&r) != bits) {
1286 BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits,
1298 int test_sqrt(BIO *bp, BN_CTX *ctx) {
1299 BIGNUM *n = BN_new(), *nn = BN_new(), *sqrt = BN_new();
1302 /* Test some random squares. */
1303 for (i = 0; i < 100; i++) {
1304 if (!BN_rand(n, 1024 /* bit length */, -1 /* no modification of top bits */,
1305 0 /* don't modify bottom bit */) ||
1306 !BN_mul(nn, n, n, ctx) ||
1307 !BN_sqrt(sqrt, nn, ctx)) {
1308 BIO_print_errors_fp(stderr);
1311 if (BN_cmp(n, sqrt) != 0) {
1312 fprintf(stderr, "Bad result from BN_sqrt.\n");
1317 /* Test some non-squares */
1318 for (i = 0; i < 100; i++) {
1319 if (!BN_rand(n, 1024 /* bit length */, -1 /* no modification of top bits */,
1320 0 /* don't modify bottom bit */) ||
1321 !BN_mul(nn, n, n, ctx) ||
1322 !BN_add(nn, nn, BN_value_one())) {
1323 BIO_print_errors_fp(stderr);
1327 if (BN_sqrt(sqrt, nn, ctx)) {
1328 char *nn_str = BN_bn2dec(nn);
1329 fprintf(stderr, "BIO_sqrt didn't fail on a non-square: %s\n", nn_str);
1330 OPENSSL_free(nn_str);
1341 int test_bn2bin_padded(BIO *bp, BN_CTX *ctx) {
1342 BIGNUM *n = BN_new();
1343 uint8_t zeros[256], out[256], reference[128];
1346 memset(zeros, 0, sizeof(zeros));
1348 /* Test edge case at 0. */
1349 if (!BN_bn2bin_padded(NULL, 0, n)) {
1351 "BN_bn2bin_padded failed to encode 0 in an empty buffer.\n");
1354 memset(out, -1, sizeof(out));
1355 if (!BN_bn2bin_padded(out, sizeof(out), n)) {
1357 "BN_bn2bin_padded failed to encode 0 in a non-empty buffer.\n");
1360 if (memcmp(zeros, out, sizeof(out))) {
1361 fprintf(stderr, "BN_bn2bin_padded did not zero buffer.\n");
1365 /* Test a random numbers at various byte lengths. */
1366 for (bytes = 128 - 7; bytes <= 128; bytes++) {
1367 if (!BN_rand(n, bytes * 8, 0 /* make sure top bit is 1 */,
1368 0 /* don't modify bottom bit */)) {
1369 BIO_print_errors_fp(stderr);
1372 if (BN_num_bytes(n) != bytes || BN_bn2bin(n, reference) != bytes) {
1373 fprintf(stderr, "Bad result from BN_rand; bytes.\n");
1376 /* Empty buffer should fail. */
1377 if (BN_bn2bin_padded(NULL, 0, n)) {
1379 "BN_bn2bin_padded incorrectly succeeded on empty buffer.\n");
1382 /* One byte short should fail. */
1383 if (BN_bn2bin_padded(out, bytes - 1, n)) {
1384 fprintf(stderr, "BN_bn2bin_padded incorrectly succeeded on short.\n");
1387 /* Exactly right size should encode. */
1388 if (!BN_bn2bin_padded(out, bytes, n) ||
1389 memcmp(out, reference, bytes) != 0) {
1390 fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
1393 /* Pad up one byte extra. */
1394 if (!BN_bn2bin_padded(out, bytes + 1, n) ||
1395 memcmp(out + 1, reference, bytes) || memcmp(out, zeros, 1)) {
1396 fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
1399 /* Pad up to 256. */
1400 if (!BN_bn2bin_padded(out, sizeof(out), n) ||
1401 memcmp(out + sizeof(out) - bytes, reference, bytes) ||
1402 memcmp(out, zeros, sizeof(out) - bytes)) {
1403 fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");