From: tb <tb@openbsd.org>
Date: Sun, 26 Mar 2023 18:46:23 +0000 (+0000)
Subject: Add regress coverage for an issue with BN_mod_exp2_mont() reported
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3baba9ac1deb28856d78037e3db9a93d731ac4fa;p=openbsd

Add regress coverage for an issue with BN_mod_exp2_mont() reported
by Guido Vranken in ossfuzz #55997. This test currently fails and
will be fixed momentarily.

This also checks sensible behavior with respect to zero exponents for
this functions.
---

diff --git a/regress/lib/libcrypto/bn/bn_mod_exp.c b/regress/lib/libcrypto/bn/bn_mod_exp.c
index 7009a6096a5..68e44cf9e7e 100644
--- a/regress/lib/libcrypto/bn/bn_mod_exp.c
+++ b/regress/lib/libcrypto/bn/bn_mod_exp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bn_mod_exp.c,v 1.16 2023/03/26 14:50:23 tb Exp $ */
+/*	$OpenBSD: bn_mod_exp.c,v 1.17 2023/03/26 18:46:23 tb Exp $ */
 
 /*
  * Copyright (c) 2022,2023 Theo Buehler <tb@openbsd.org>
@@ -27,6 +27,24 @@
 #define INIT_MOD_EXP_FN(f) { .name = #f, .mod_exp_fn = (f), }
 #define INIT_MOD_EXP_MONT_FN(f) { .name = #f, .mod_exp_mont_fn = (f), }
 
+static int
+bn_mod_exp2_mont_first(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mctx)
+{
+	const BIGNUM *one = BN_value_one();
+
+	return BN_mod_exp2_mont(r, a, p, one, one, m, ctx, mctx);
+}
+
+static int
+bn_mod_exp2_mont_second(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mctx)
+{
+	const BIGNUM *one = BN_value_one();
+
+	return BN_mod_exp2_mont(r, one, one, a, p, m, ctx, mctx);
+}
+
 static const struct mod_exp_zero_test {
 	const char *name;
 	int (*mod_exp_fn)(BIGNUM *, const BIGNUM *, const BIGNUM *,
@@ -43,6 +61,8 @@ static const struct mod_exp_zero_test {
 	INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_ct),
 	INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_consttime),
 	INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_nonct),
+	INIT_MOD_EXP_MONT_FN(bn_mod_exp2_mont_first),
+	INIT_MOD_EXP_MONT_FN(bn_mod_exp2_mont_second),
 };
 
 #define N_MOD_EXP_ZERO_TESTS \
@@ -193,6 +213,8 @@ static const struct mod_exp_test {
 	INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_ct),
 	INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_consttime),
 	INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_nonct),
+	INIT_MOD_EXP_MONT_FN(bn_mod_exp2_mont_first),
+	INIT_MOD_EXP_MONT_FN(bn_mod_exp2_mont_second),
 };
 
 #define N_MOD_EXP_FN (sizeof(mod_exp_fn) / sizeof(mod_exp_fn[0]))