From: Andy Polyakov <appro@openssl.org>
Date: Sun, 6 Nov 2016 17:31:14 +0000 (+0100)
Subject: test/bntest.c: regression test for CVE-2016-7055.
X-Git-Tag: OpenSSL_1_1_1-pre1~3114
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=dca2e0ee1745ed2d9cba8c29f334f881a58f85dc

test/bntest.c: regression test for CVE-2016-7055.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/test/bntest.c b/test/bntest.c
index 51b75d3ed0..3af2b83e0a 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -836,6 +836,32 @@ int test_mont(BIO *bp, BN_CTX *ctx)
             return 0;
         }
     }
+
+    /* Regression test for carry bug in mulx4x_mont */
+    BN_hex2bn(&a,
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878");
+    BN_hex2bn(&b,
+        "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
+        "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
+        "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
+        "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
+    BN_hex2bn(&n,
+        "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
+        "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
+        "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
+        "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
+    BN_MONT_CTX_set(mont, n, ctx);
+    BN_mod_mul_montgomery(c, a, b, mont, ctx);
+    BN_mod_mul_montgomery(d, b, a, mont, ctx);
+    if (BN_cmp(c, d)) {
+        fprintf(stderr, "Montgomery multiplication test failed:"
+                        " a*b != b*a.\n");
+        return 0;
+    }
+
     BN_MONT_CTX_free(mont);
     BN_free(a);
     BN_free(b);