coverity fixes for bntest.c (87d9429c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

test/bntest.c

+212 −174

Original line number	Diff line number	Diff line
		@@ -160,10 +160,11 @@ static int test_swap(void)
		\|\| !TEST_ptr(d = BN_new()))
		goto err;

		BN_bntest_rand(a, 1024, 1, 0);
		BN_bntest_rand(b, 1024, 1, 0);
		BN_copy(c, a);
		BN_copy(d, b);
		if (!(TEST_true(BN_bntest_rand(a, 1024, 1, 0))
		&& TEST_true(BN_bntest_rand(b, 1024, 1, 0))
		&& TEST_ptr(BN_copy(c, a))
		&& TEST_ptr(BN_copy(d, b))))
		goto err;
		top = BN_num_bits(a) / BN_BITS2;

		/* regular swap */
		@@ -233,20 +234,21 @@ static int test_sub(void)

		for (i = 0; i < NUM0 + NUM1; i++) {
		if (i < NUM1) {
		BN_bntest_rand(a, 512, 0, 0);
		BN_copy(b, a);
		if (!TEST_int_ne(BN_set_bit(a, i), 0))
		if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0)))
		&& TEST_ptr(BN_copy(b, a))
		&& TEST_int_ne(BN_set_bit(a, i), 0)
		&& TEST_true(BN_add_word(b, i)))
		goto err;
		BN_add_word(b, i);
		} else {
		BN_bntest_rand(b, 400 + i - NUM1, 0, 0);
		if (!TEST_true(BN_bntest_rand(b, 400 + i - NUM1, 0, 0)))
		goto err;
		BN_set_negative(a, rand_neg());
		BN_set_negative(b, rand_neg());
		}
		BN_sub(c, a, b);
		BN_add(c, c, b);
		BN_sub(c, c, a);
		if (!TEST_BN_eq_zero(c))
		if (!(TEST_true(BN_sub(c, a, b))
		&& TEST_true(BN_add(c, c, b))
		&& TEST_true(BN_sub(c, c, a))
		&& TEST_BN_eq_zero(c)))
		goto err;
		}
		st = 1;
		@@ -273,20 +275,23 @@ static int test_div_recip(void)

		for (i = 0; i < NUM0 + NUM1; i++) {
		if (i < NUM1) {
		BN_bntest_rand(a, 400, 0, 0);
		BN_copy(b, a);
		BN_lshift(a, a, i);
		BN_add_word(a, i);
		} else
		BN_bntest_rand(b, 50 + 3 * (i - NUM1), 0, 0);
		if (!(TEST_true(BN_bntest_rand(a, 400, 0, 0))
		&& TEST_ptr(BN_copy(b, a))
		&& TEST_true(BN_lshift(a, a, i))
		&& TEST_true(BN_add_word(a, i))))
		goto err;
		} else {
		if (!(TEST_true(BN_bntest_rand(b, 50 + 3 * (i - NUM1), 0, 0))))
		goto err;
		}
		BN_set_negative(a, rand_neg());
		BN_set_negative(b, rand_neg());
		BN_RECP_CTX_set(recp, b, ctx);
		BN_div_recp(d, c, a, recp, ctx);
		BN_mul(e, d, b, ctx);
		BN_add(d, e, c);
		BN_sub(d, d, a);
		if (!TEST_BN_eq_zero(d))
		if (!(TEST_true(BN_RECP_CTX_set(recp, b, ctx))
		&& TEST_true(BN_div_recp(d, c, a, recp, ctx))
		&& TEST_true(BN_mul(e, d, b, ctx))
		&& TEST_true(BN_add(d, e, c))
		&& TEST_true(BN_sub(d, d, a))
		&& TEST_BN_eq_zero(d)))
		goto err;
		}
		st = 1;
		@@ -312,15 +317,17 @@ static int test_mod(void)
		\|\| !TEST_ptr(e = BN_new()))
		goto err;

		BN_bntest_rand(a, 1024, 0, 0);
		if (!(TEST_true(BN_bntest_rand(a, 1024, 0, 0))))
		goto err;
		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(b, 450 + i * 10, 0, 0);
		if (!(TEST_true(BN_bntest_rand(b, 450 + i * 10, 0, 0))))
		goto err;
		BN_set_negative(a, rand_neg());
		BN_set_negative(b, rand_neg());
		BN_mod(c, a, b, ctx);
		BN_div(d, e, a, b, ctx);
		BN_sub(e, e, c);
		if (!TEST_BN_eq_zero(e))
		if (!(TEST_true(BN_mod(c, a, b, ctx))
		&& TEST_true(BN_div(d, e, a, b, ctx))
		&& TEST_true(BN_sub(e, e, c))
		&& TEST_BN_eq_zero(e)))
		goto err;
		}
		st = 1;
		@@ -395,46 +402,52 @@ static int test_modexp_mont5(void)
		\|\| !TEST_ptr(mont = BN_MONT_CTX_new()))
		goto err;

		BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */
		/* must be odd for montgomery */
		if (!(TEST_true(BN_bntest_rand(m, 1024, 0, 1))
		/* Zero exponent */
		BN_bntest_rand(a, 1024, 0, 0);
		&& TEST_true(BN_bntest_rand(a, 1024, 0, 0))))
		goto err;
		BN_zero(p);

		if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)))
		goto err;
		if (!TEST_BN_eq_one(d))
		goto err;

		/* Regression test for carry bug in mulx4x_mont */
		BN_hex2bn(&a,
		if (!(TEST_true(BN_hex2bn(&a,
		"7878787878787878787878787878787878787878787878787878787878787878"
		"7878787878787878787878787878787878787878787878787878787878787878"
		"7878787878787878787878787878787878787878787878787878787878787878"
		"7878787878787878787878787878787878787878787878787878787878787878");
		BN_hex2bn(&b,
		"7878787878787878787878787878787878787878787878787878787878787878"))
		&& TEST_true(BN_hex2bn(&b,
		"095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
		"E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
		"9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
		"9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
		BN_hex2bn(&n,
		"9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81"))
		&& TEST_true(BN_hex2bn(&n,
		"D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
		"91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
		"D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
		"2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
		BN_MONT_CTX_set(mont, n, ctx);
		BN_mod_mul_montgomery(c, a, b, mont, ctx);
		BN_mod_mul_montgomery(d, b, a, mont, ctx);
		if (!TEST_BN_eq(c, d))
		"2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF"))))
		goto err;

		if (!(TEST_true(BN_MONT_CTX_set(mont, n, ctx))
		&& TEST_true(BN_mod_mul_montgomery(c, a, b, mont, ctx))
		&& TEST_true(BN_mod_mul_montgomery(d, b, a, mont, ctx))
		&& TEST_BN_eq(c, d)))
		goto err;

		/* Regression test for carry bug in sqr[x]8x_mont */
		parse_bigBN(&n, bn1strings);
		parse_bigBN(&a, bn2strings);
		if (!(TEST_true(parse_bigBN(&n, bn1strings))
		&& TEST_true(parse_bigBN(&a, bn2strings))))
		goto err;
		BN_free(b);
		b = BN_dup(a);
		BN_MONT_CTX_set(mont, n, ctx);
		BN_mod_mul_montgomery(c, a, a, mont, ctx);
		BN_mod_mul_montgomery(d, a, b, mont, ctx);
		if (!TEST_BN_eq(c, d))
		if (!(TEST_ptr(b = BN_dup(a))
		&& TEST_true(BN_MONT_CTX_set(mont, n, ctx))
		&& TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx))
		&& TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx))
		&& TEST_BN_eq(c, d)))
		goto err;

		/* Regression test for carry bug in bn_sqrx8x_internal */
		@@ -470,78 +483,83 @@ static int test_modexp_mont5(void)
		NULL
		};

		parse_bigBN(&a, ahex);
		parse_bigBN(&n, nhex);
		if (!(TEST_true(parse_bigBN(&a, ahex))
		&& TEST_true(parse_bigBN(&n, nhex))))
		goto err;
		}
		BN_free(b);
		b = BN_dup(a);
		BN_MONT_CTX_set(mont, n, ctx);
		if (!(TEST_ptr(b = BN_dup(a))
		&& TEST_true(BN_MONT_CTX_set(mont, n, ctx))))
		goto err;

		if (!TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx))
		\|\| !TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx))
		\|\| !TEST_BN_eq(c, d))
		goto err;

		/* Regression test for bug in BN_from_montgomery_word */
		BN_hex2bn(&a,
		if (!(TEST_true(BN_hex2bn(&a,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
		BN_hex2bn(&n,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
		&& TEST_true(BN_hex2bn(&n,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
		BN_MONT_CTX_set(mont, n, ctx);
		if (!TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx)))
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
		&& TEST_true(BN_MONT_CTX_set(mont, n, ctx))
		&& TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx))))
		goto err;

		/* Regression test for bug in rsaz_1024_mul_avx2 */
		BN_hex2bn(&a,
		if (!(TEST_true(BN_hex2bn(&a,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF");
		BN_hex2bn(&b,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF"))
		&& TEST_true(BN_hex2bn(&b,
		"2020202020202020202020202020202020202020202020202020202020202020"
		"2020202020202020202020202020202020202020202020202020202020202020"
		"20202020202020FF202020202020202020202020202020202020202020202020"
		"2020202020202020202020202020202020202020202020202020202020202020");
		BN_hex2bn(&n,
		"2020202020202020202020202020202020202020202020202020202020202020"))
		&& TEST_true(BN_hex2bn(&n,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF");
		BN_MONT_CTX_set(mont, n, ctx);
		BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont);
		BN_mod_exp_mont(d, a, b, n, ctx, mont);
		if (!TEST_BN_eq(c, d))
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF"))
		&& TEST_true(BN_MONT_CTX_set(mont, n, ctx))
		&& TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont))
		&& TEST_true(BN_mod_exp_mont(d, a, b, n, ctx, mont))
		&& TEST_BN_eq(c, d)))
		goto err;

		/*
		* rsaz_1024_mul_avx2 expects fully-reduced inputs.
		* BN_mod_exp_mont_consttime should reduce the input first.
		*/
		BN_hex2bn(&a,
		if (!(TEST_true(BN_hex2bn(&a,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF");
		BN_hex2bn(&b,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF"))
		&& TEST_true(BN_hex2bn(&b,
		"1FA53F26F8811C58BE0357897AA5E165693230BC9DF5F01DFA6A2D59229EC69D"
		"9DE6A89C36E3B6957B22D6FAAD5A3C73AE587B710DBE92E83D3A9A3339A085CB"
		"B58F508CA4F837924BB52CC1698B7FDC2FD74362456A595A5B58E38E38E38E38"
		"E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E");
		BN_hex2bn(&n,
		"E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E"))
		&& TEST_true(BN_hex2bn(&n,
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF");
		BN_MONT_CTX_set(mont, n, ctx);
		BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont);
		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF"))
		&& TEST_true(BN_MONT_CTX_set(mont, n, ctx))
		&& TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont))))
		goto err;
		BN_zero(d);
		if (!TEST_BN_eq(c, d))
		goto err;

		/* Zero input */
		BN_bntest_rand(p, 1024, 0, 0);
		if (!TEST_true(BN_bntest_rand(p, 1024, 0, 0)))
		goto err;
		BN_zero(a);
		if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
		\|\| !TEST_BN_eq_zero(d))
		@@ -552,8 +570,9 @@ static int test_modexp_mont5(void)
		* than the modulus m, in order to test the const time precomputation
		* scattering/gathering.
		*/
		BN_one(a);
		BN_MONT_CTX_set(mont, m, ctx);
		if (!(TEST_true(BN_one(a))
		&& TEST_true(BN_MONT_CTX_set(mont, m, ctx))))
		goto err;
		if (!TEST_true(BN_from_montgomery(e, a, mont, ctx))
		\|\| !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
		\|\| !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx))
		@@ -561,10 +580,10 @@ static int test_modexp_mont5(void)
		goto err;

		/* Finally, some regular test vectors. */
		BN_bntest_rand(e, 1024, 0, 0);
		if (!TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
		\|\| !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx))
		\|\| !TEST_BN_eq(a, d))
		if (!(TEST_true(BN_bntest_rand(e, 1024, 0, 0))
		&& TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
		&& TEST_true(BN_mod_exp_simple(a, e, p, m, ctx))
		&& TEST_BN_eq(a, d)))
		goto err;

		st = 1;
		@@ -594,18 +613,19 @@ static int test_gf2m_add(void)
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_rand(a, 512, 0, 0);
		BN_copy(b, BN_value_one());
		if (!(TEST_true(BN_rand(a, 512, 0, 0))
		&& TEST_ptr(BN_copy(b, BN_value_one()))))
		goto err;
		BN_set_negative(a, rand_neg());
		BN_set_negative(b, rand_neg());
		BN_GF2m_add(c, a, b);
		if (!(TEST_true(BN_GF2m_add(c, a, b))
		/* Test that two added values have the correct parity. */
		if (!TEST_false((BN_is_odd(a) && BN_is_odd(c))
		\|\| (!BN_is_odd(a) && !BN_is_odd(c))))
		&& TEST_false((BN_is_odd(a) && BN_is_odd(c))
		\|\| (!BN_is_odd(a) && !BN_is_odd(c)))))
		goto err;
		BN_GF2m_add(c, c, c);
		if (!(TEST_true(BN_GF2m_add(c, c, c))
		/* Test that c + c = 0. */
		if (!TEST_BN_eq_zero(c))
		&& TEST_BN_eq_zero(c)))
		goto err;
		}
		st = 1;
		@@ -629,17 +649,19 @@ static int test_gf2m_mod(void)
		\|\| !TEST_ptr(e = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 1024, 0, 0);
		if (!TEST_true(BN_bntest_rand(a, 1024, 0, 0)))
		goto err;
		for (j = 0; j < 2; j++) {
		BN_GF2m_mod(c, a, b[j]);
		BN_GF2m_add(d, a, c);
		BN_GF2m_mod(e, d, b[j]);
		if (!(TEST_true(BN_GF2m_mod(c, a, b[j]))
		&& TEST_true(BN_GF2m_add(d, a, c))
		&& TEST_true(BN_GF2m_mod(e, d, b[j]))
		/* Test that a + (a mod p) mod p == 0. */
		if (!TEST_BN_eq_zero(e))
		&& TEST_BN_eq_zero(e)))
		goto err;
		}
		}
		@@ -671,22 +693,24 @@ static int test_gf2m_mul(void)
		\|\| !TEST_ptr(h = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 1024, 0, 0);
		BN_bntest_rand(c, 1024, 0, 0);
		BN_bntest_rand(d, 1024, 0, 0);
		if (!(TEST_true(BN_bntest_rand(a, 1024, 0, 0))
		&& TEST_true(BN_bntest_rand(c, 1024, 0, 0))
		&& TEST_true(BN_bntest_rand(d, 1024, 0, 0))))
		goto err;
		for (j = 0; j < 2; j++) {
		BN_GF2m_mod_mul(e, a, c, b[j], ctx);
		BN_GF2m_add(f, a, d);
		BN_GF2m_mod_mul(g, f, c, b[j], ctx);
		BN_GF2m_mod_mul(h, d, c, b[j], ctx);
		BN_GF2m_add(f, e, g);
		BN_GF2m_add(f, f, h);
		if (!(TEST_true(BN_GF2m_mod_mul(e, a, c, b[j], ctx))
		&& TEST_true(BN_GF2m_add(f, a, d))
		&& TEST_true(BN_GF2m_mod_mul(g, f, c, b[j], ctx))
		&& TEST_true(BN_GF2m_mod_mul(h, d, c, b[j], ctx))
		&& TEST_true(BN_GF2m_add(f, e, g))
		&& TEST_true(BN_GF2m_add(f, f, h))
		/* Test that (a+d)c = ac + dc. /
		if (!TEST_BN_eq_zero(f))
		&& TEST_BN_eq_zero(f)))
		goto err;
		}
		}
		@@ -717,18 +741,20 @@ static int test_gf2m_sqr(void)
		\|\| !TEST_ptr(d = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 1024, 0, 0);
		if (!TEST_true(BN_bntest_rand(a, 1024, 0, 0)))
		goto err;
		for (j = 0; j < 2; j++) {
		BN_GF2m_mod_sqr(c, a, b[j], ctx);
		BN_copy(d, a);
		BN_GF2m_mod_mul(d, a, d, b[j], ctx);
		BN_GF2m_add(d, c, d);
		if (!(TEST_true(BN_GF2m_mod_sqr(c, a, b[j], ctx))
		&& TEST_true(BN_copy(d, a))
		&& TEST_true(BN_GF2m_mod_mul(d, a, d, b[j], ctx))
		&& TEST_true(BN_GF2m_add(d, c, d))
		/* Test that aa = a^2. /
		if (!TEST_BN_eq_zero(d))
		&& TEST_BN_eq_zero(d)))
		goto err;
		}
		}
		@@ -754,16 +780,18 @@ static int test_gf2m_modinv(void)
		\|\| !TEST_ptr(d = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		if (!TEST_true(BN_bntest_rand(a, 512, 0, 0)))
		goto err;
		for (j = 0; j < 2; j++) {
		BN_GF2m_mod_inv(c, a, b[j], ctx);
		BN_GF2m_mod_mul(d, a, c, b[j], ctx);
		if (!(TEST_true(BN_GF2m_mod_inv(c, a, b[j], ctx))
		&& TEST_true(BN_GF2m_mod_mul(d, a, c, b[j], ctx))
		/* Test that ((1/a)a) = 1. /
		if (!TEST_BN_eq_one(d))
		&& TEST_BN_eq_one(d)))
		goto err;
		}
		}
		@@ -792,18 +820,20 @@ static int test_gf2m_moddiv(void)
		\|\| !TEST_ptr(f = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		BN_bntest_rand(c, 512, 0, 0);
		if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0))
		&& TEST_true(BN_bntest_rand(c, 512, 0, 0))))
		goto err;
		for (j = 0; j < 2; j++) {
		BN_GF2m_mod_div(d, a, c, b[j], ctx);
		BN_GF2m_mod_mul(e, d, c, b[j], ctx);
		BN_GF2m_mod_div(f, a, e, b[j], ctx);
		if (!(TEST_true(BN_GF2m_mod_div(d, a, c, b[j], ctx))
		&& TEST_true(BN_GF2m_mod_mul(e, d, c, b[j], ctx))
		&& TEST_true(BN_GF2m_mod_div(f, a, e, b[j], ctx))
		/* Test that ((a/c)c)/a = 1. /
		if (!TEST_BN_eq_one(f))
		&& TEST_BN_eq_one(f)))
		goto err;
		}
		}
		@@ -834,22 +864,24 @@ static int test_gf2m_modexp(void)
		\|\| !TEST_ptr(f = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		BN_bntest_rand(c, 512, 0, 0);
		BN_bntest_rand(d, 512, 0, 0);
		if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0))
		&& TEST_true(BN_bntest_rand(c, 512, 0, 0))
		&& TEST_true(BN_bntest_rand(d, 512, 0, 0))))
		goto err;
		for (j = 0; j < 2; j++) {
		BN_GF2m_mod_exp(e, a, c, b[j], ctx);
		BN_GF2m_mod_exp(f, a, d, b[j], ctx);
		BN_GF2m_mod_mul(e, e, f, b[j], ctx);
		BN_add(f, c, d);
		BN_GF2m_mod_exp(f, a, f, b[j], ctx);
		BN_GF2m_add(f, e, f);
		if (!(TEST_true(BN_GF2m_mod_exp(e, a, c, b[j], ctx))
		&& TEST_true(BN_GF2m_mod_exp(f, a, d, b[j], ctx))
		&& TEST_true(BN_GF2m_mod_mul(e, e, f, b[j], ctx))
		&& TEST_true(BN_add(f, c, d))
		&& TEST_true(BN_GF2m_mod_exp(f, a, f, b[j], ctx))
		&& TEST_true(BN_GF2m_add(f, e, f))
		/* Test that a^(c+d)=a^ca^d. /
		if (!TEST_BN_eq_zero(f))
		&& TEST_BN_eq_zero(f)))
		goto err;
		}
		}
		@@ -880,18 +912,21 @@ static int test_gf2m_modsqrt(void)
		\|\| !TEST_ptr(f = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		if (!TEST_true(BN_bntest_rand(a, 512, 0, 0)))
		goto err;

		for (j = 0; j < 2; j++) {
		BN_GF2m_mod(c, a, b[j]);
		BN_GF2m_mod_sqrt(d, a, b[j], ctx);
		BN_GF2m_mod_sqr(e, d, b[j], ctx);
		BN_GF2m_add(f, c, e);
		if (!(TEST_true(BN_GF2m_mod(c, a, b[j]))
		&& TEST_true(BN_GF2m_mod_sqrt(d, a, b[j], ctx))
		&& TEST_true(BN_GF2m_mod_sqr(e, d, b[j], ctx))
		&& TEST_true(BN_GF2m_add(f, c, e))
		/* Test that d^2 = a, where d = sqrt(a). */
		if (!TEST_BN_eq_zero(f))
		&& TEST_BN_eq_zero(f)))
		goto err;
		}
		}
		@@ -921,23 +956,26 @@ static int test_gf2m_modsolvequad(void)
		\|\| !TEST_ptr(e = BN_new()))
		goto err;

		BN_GF2m_arr2poly(p0, b[0]);
		BN_GF2m_arr2poly(p1, b[1]);
		if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
		&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
		goto err;

		for (i = 0; i < NUM0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		if (!TEST_true(BN_bntest_rand(a, 512, 0, 0)))
		goto err;
		for (j = 0; j < 2; j++) {
		t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
		if (t) {
		s++;
		BN_GF2m_mod_sqr(d, c, b[j], ctx);
		BN_GF2m_add(d, c, d);
		BN_GF2m_mod(e, a, b[j]);
		BN_GF2m_add(e, e, d);
		if (!(TEST_true(BN_GF2m_mod_sqr(d, c, b[j], ctx))
		&& TEST_true(BN_GF2m_add(d, c, d))
		&& TEST_true(BN_GF2m_mod(e, a, b[j]))
		&& TEST_true(BN_GF2m_add(e, e, d))
		/*
		* Test that solution of quadratic c satisfies c^2 + c = a.
		* Test that solution of quadratic c
		* satisfies c^2 + c = a.
		*/
		if (!TEST_BN_eq_zero(e))
		&& TEST_BN_eq_zero(e)))
		goto err;
		}
		}