Fix check_bn_tests.go.
Go and OpenSSL disagree on 0^-1 (mod 1). Also if the input is ill-formed
and there is no inverse, report an error rather than crashing.
Change-Id: Id5b0b70cd7498e0c7526ec6a7bc5480cd9718f41
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39044
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/bn/check_bn_tests.go b/crypto/fipsmodule/bn/check_bn_tests.go
index bf05e75..26443b9 100644
--- a/crypto/fipsmodule/bn/check_bn_tests.go
+++ b/crypto/fipsmodule/bn/check_bn_tests.go
@@ -228,8 +228,8 @@
checkResult(test, "A ^ E", "Exp", r)
}
case "ModSqrt":
- bigOne := new(big.Int).SetInt64(1)
- bigTwo := new(big.Int).SetInt64(2)
+ bigOne := big.NewInt(1)
+ bigTwo := big.NewInt(2)
if checkKeys(test, "A", "P", "ModSqrt") {
test.Values["A"].Mod(test.Values["A"], test.Values["P"])
@@ -249,8 +249,21 @@
}
case "ModInv":
if checkKeys(test, "A", "M", "ModInv") {
- r := new(big.Int).ModInverse(test.Values["A"], test.Values["M"])
- checkResult(test, "A ^ -1 (mod M)", "ModInv", r)
+ a := test.Values["A"]
+ m := test.Values["M"]
+ var r *big.Int
+ if a.Sign() == 0 && m.IsInt64() && m.Int64() == 1 {
+ // OpenSSL says 0^(-1) mod (1) is 0, while Go says the
+ // inverse does not exist.
+ r = big.NewInt(0)
+ } else {
+ r = new(big.Int).ModInverse(a, m)
+ }
+ if r == nil {
+ fmt.Fprintf(os.Stderr, "Line %d: A has no inverse mod M.\n", test.LineNumber)
+ } else {
+ checkResult(test, "A ^ -1 (mod M)", "ModInv", r)
+ }
}
case "ModSquare":
if checkKeys(test, "A", "M", "ModSquare") {
