kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't allow BN_mod_sqrt(0) to return P in tests.

Browse Source 
Zero only has one allowed square root, not two.

Change-Id: I1dbd2137a7011d2f327b271b267099771e5499c3
Reviewed-on: https://boringssl-review.googlesource.com/12461
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-11-25 08:56:15 -05:00 committed by Adam Langley
parent 3d622e554e
commit 55a1eccc0c
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/bn/bn_test.cc
View File

@ -568,21 +568,25 @@ static bool TestModSqrt(FileTest *t, BN_CTX *ctx) {
bssl::UniquePtr<BIGNUM> a = GetBIGNUM(t, "A"); bssl::UniquePtr<BIGNUM> a = GetBIGNUM(t, "A");
bssl::UniquePtr<BIGNUM> p = GetBIGNUM(t, "P"); bssl::UniquePtr<BIGNUM> p = GetBIGNUM(t, "P");
bssl::UniquePtr<BIGNUM> mod_sqrt = GetBIGNUM(t, "ModSqrt"); bssl::UniquePtr<BIGNUM> mod_sqrt = GetBIGNUM(t, "ModSqrt");
if (!a || !p || !mod_sqrt) { bssl::UniquePtr<BIGNUM> mod_sqrt2(BN_new());
if (!a || !p || !mod_sqrt || !mod_sqrt2 ||
// There are two possible answers.
!BN_sub(mod_sqrt2.get(), p.get(), mod_sqrt.get())) {
return false; return false;
} }
// -0 is 0, not P.
if (BN_is_zero(mod_sqrt.get())) {
BN_zero(mod_sqrt2.get());
}
bssl::UniquePtr<BIGNUM> ret(BN_new()); bssl::UniquePtr<BIGNUM> ret(BN_new());
bssl::UniquePtr<BIGNUM> ret2(BN_new());
if (!ret || if (!ret ||
!ret2 || !BN_mod_sqrt(ret.get(), a.get(), p.get(), ctx)) {
!BN_mod_sqrt(ret.get(), a.get(), p.get(), ctx) ||
// There are two possible answers.
!BN_sub(ret2.get(), p.get(), ret.get())) {
return false; return false;
} }
if (BN_cmp(ret2.get(), mod_sqrt.get()) != 0 && if (BN_cmp(ret.get(), mod_sqrt2.get()) != 0 &&
!ExpectBIGNUMsEqual(t, "sqrt(A) (mod P)", mod_sqrt.get(), ret.get())) { !ExpectBIGNUMsEqual(t, "sqrt(A) (mod P)", mod_sqrt.get(), ret.get())) {
return false; return false;
} }