+ /* Regression test for carry bug in bn_sqrx8x_internal */
+ {
+ static const char *ahex[] = {
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FFEADBCFC4DAE7FFF908E92820306B",
+ "9544D954000000006C0000000000000000000000000000000000000000000000",
+ "00000000000000000000FF030202FFFFF8FFEBDBCFC4DAE7FFF908E92820306B",
+ "9544D954000000006C000000FF0302030000000000FFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF01FC00FF02FFFFFFFF",
+ "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FCFD",
+ "FCFFFFFFFFFF000000000000000000FF0302030000000000FFFFFFFFFFFFFFFF",
+ "FF00FCFDFDFF030202FF00000000FFFFFFFFFFFFFFFFFF00FCFDFCFFFFFFFFFF",
+ NULL
+ };
+ static const char *nhex[] = {
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8F8F8F8000000",
+ "00000010000000006C0000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000000000FFFFFFFFFFFFF8F8F8F8000000",
+ "00000010000000006C000000000000000000000000FFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFF000000000000000000000000000000000000FFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ NULL
+ };
+
+ parse_bigBN(&a, ahex);
+ parse_bigBN(&n, nhex);
+ }
+ BN_free(b);
+ b = BN_dup(a);
+ BN_MONT_CTX_set(mont, n, ctx);
+ BN_mod_mul_montgomery(c, a, a, mont, ctx);
+ BN_mod_mul_montgomery(d, a, b, mont, ctx);
+ if (!TEST_BN_eq(c, d))
+ goto err;
+
+ /* Regression test for bug in rsaz_1024_mul_avx2 */
+ BN_hex2bn(&a,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF");
+ BN_hex2bn(&b,
+ "2020202020202020202020202020202020202020202020202020202020202020"
+ "2020202020202020202020202020202020202020202020202020202020202020"
+ "20202020202020FF202020202020202020202020202020202020202020202020"
+ "2020202020202020202020202020202020202020202020202020202020202020");
+ BN_hex2bn(&n,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF");
+ BN_MONT_CTX_set(mont, n, ctx);
+ BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont);
+ BN_mod_exp_mont(d, a, b, n, ctx, mont);
+ if (!TEST_BN_eq(c, d))
+ goto err;
+