diff options
| author | Theo Buehler <tb@openbsd.org> | 2023-04-11 19:43:49 +0200 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2024-05-02 16:04:49 +0900 |
| commit | 3cd3c27c99393af12d40949f2b40e44ac768c338 (patch) | |
| tree | 98c731e46e362cfd9ec7406a2450d0bbaa3e9efd /test | |
| parent | 09122c5a91b1ca05f46e9ebe0f5e4ac31dca7d9c (diff) | |
| download | ruby-openssl-3cd3c27c99393af12d40949f2b40e44ac768c338.tar.gz | |
Fix modular square root test with LibreSSL >= 3.8maint-3.1
[ This is a backport to the 3.1 branch. ]
If x is a modular square root of a (mod p) then so is (p - x). Both
answers are valid. In particular, both 2 and 3 are valid square roots
of 4 (mod 5). Do not assume that a particular square root is chosen by
the algorithm. Indeed, the algorithm in OpenSSL and LibreSSL <= 3.7
returns a non-deterministic answer in many cases. LibreSSL 3.8 and
later will always return the smaller of the two possible answers. This
breaks the current test case.
Instead of checking for a particular square root, check that the square
of the claimed square root is the given value. This is always true. Add
the simplest test case where the answer is indeed non-deterministic.
(cherry picked from commit 93548ae9597ba40d3f8b564f6a948ce55b432e30)
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_bn.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/test/openssl/test_bn.rb b/test/openssl/test_bn.rb index 77af1409..ea88ff06 100644 --- a/test/openssl/test_bn.rb +++ b/test/openssl/test_bn.rb @@ -175,7 +175,9 @@ class OpenSSL::TestBN < OpenSSL::TestCase end def test_mod_sqrt - assert_equal(3, 4.to_bn.mod_sqrt(5)) + assert_equal(4, 4.to_bn.mod_sqrt(5).mod_sqr(5)) + # One of 189484 or 326277 is returned as a square root of 2 (mod 515761). + assert_equal(2, 2.to_bn.mod_sqrt(515761).mod_sqr(515761)) assert_equal(0, 5.to_bn.mod_sqrt(5)) assert_raise(OpenSSL::BNError) { 3.to_bn.mod_sqrt(5) } end |