On Tue, Sep 04, 2001 at 09:13:13PM +0100, Ben Laurie wrote:
> The Montgomery version in this case doesn't even match!!! (note the 0s
> injected into a, b and m).
Interestingly (or maybe not), it's the BN_mod_exp_simple and recp
results that are wrong. bc agrees with the Montgomery result in
this simplified example:
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
int main(int argc, char *argv[])
{
BN_CTX *ctx;
BIO *out=NULL;
int i,ret, numBytes;
unsigned char c;
unsigned char temp[264];
BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
ERR_load_BN_strings();
ctx=BN_CTX_new();
if (ctx == NULL) exit(1);
r_mont=BN_new();
r_recp=BN_new();
r_simple=BN_new();
a=BN_new();
b=BN_new();
m=BN_new();
if ( (r_mont == NULL) || (r_recp == NULL) ||
(a == NULL) || (b == NULL))
goto err;
out=BIO_new(BIO_s_file());
if (out == NULL) exit(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
BN_hex2bn(&a,
"100000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");
BN_hex2bn(&b, "2");
BN_hex2bn(&m,
"1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001");
ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
if (ret <= 0)
{
printf("BN_mod_exp_mont() problems\n");
ERR_print_errors(out);
exit(1);
}
ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
if (ret <= 0)
{
printf("BN_mod_exp_recp() problems\n");
ERR_print_errors(out);
exit(1);
}
ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
if (ret <= 0)
{
printf("BN_mod_exp_simple() problems\n");
ERR_print_errors(out);
exit(1);
}
if (BN_cmp(r_simple, r_mont) == 0
&& BN_cmp(r_simple,r_recp) == 0)
{
printf("they all match! \n");
fflush(stdout);
}
else
{
if (BN_cmp(r_simple,r_mont) != 0)
printf("\nsimple and mont results differ\n");
if (BN_cmp(r_simple,r_recp) != 0)
printf("\nsimple and recp results differ\n");
}
printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a);
printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
printf("\nsimple ="); BN_print(out,r_simple);
printf("\nrecp ="); BN_print(out,r_recp);
printf("\nmont ="); BN_print(out,r_mont);
printf("\n");
BN_free(r_mont);
BN_free(r_recp);
BN_free(r_simple);
BN_free(a);
BN_free(b);
BN_free(m);
BN_CTX_free(ctx);
ERR_remove_state(0);
CRYPTO_mem_leaks(out);
BIO_free(out);
printf(" done\n");
exit(0);
err:
ERR_load_crypto_strings();
ERR_print_errors(out);
exit(1);
return(1);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
