--- Begin Message ---
Actually, it is the 'fake random number generator' than returns different
values on big endian and thus the test vector fails.
(That is why all other tests run fine).
Will be fixed in 1.3.2.
The following patch should also fix it:
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 881a0ac..b334954 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -2,6 +2,14 @@
#include "polarssl/memory.h"
#endif
+#if defined(WANT_NOT_RND_MPI)
+#if defined(POLARSSL_BIGNUM_C)
+#include "polarssl/bignum.h"
+#else
+#error "not_rnd_mpi() need bignum.c"
+#endif
+#endif
+
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -225,48 +233,36 @@ static int rnd_pseudo_rand( void *rng_state, unsigned
char *output, size_t len )
return( 0 );
}
+#if defined(WANT_NOT_RND_MPI)
/**
- * This function returns a buffer given as a hex string.
+ * NOT random function, to match test vectors.
*
- * The buffer is reversed so that the following are equivalent:
- * mpi_fill_random( x, len, not_rnd, str );
+ * The following are equivalent:
+ * mpi_fill_random( x, strlen( str ) / 2, not_rnd, str );
* mpi_read_string( x, 16, str );
- * (So, not random at all. Usefull to match test vectors.)
- * Based on unhexify(), just reversed (changes marked by "sic")
+ * Warning: no other use is supported!
*/
-static int not_rnd( void *in, unsigned char *out, size_t len )
+#define ciL (sizeof(t_uint)) /* chars in limb */
+#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL) static int
+not_rnd_mpi( void *in, unsigned char *out, size_t len )
{
- unsigned char *obuf;
- const char *ibuf = in;
- unsigned char c, c2;
- assert( len == strlen(ibuf) / 2 );
- assert(!(strlen(ibuf) %1)); // must be even number of bytes
-
- obuf = out + (len - 1); // sic
- while (*ibuf != 0)
- {
- c = *ibuf++;
- if( c >= '0' && c <= '9' )
- c -= '0';
- else if( c >= 'a' && c <= 'f' )
- c -= 'a' - 10;
- else if( c >= 'A' && c <= 'F' )
- c -= 'A' - 10;
- else
- assert( 0 );
-
- c2 = *ibuf++;
- if( c2 >= '0' && c2 <= '9' )
- c2 -= '0';
- else if( c2 >= 'a' && c2 <= 'f' )
- c2 -= 'a' - 10;
- else if( c2 >= 'A' && c2 <= 'F' )
- c2 -= 'A' - 10;
- else
- assert( 0 );
-
- *obuf-- = ( c << 4 ) | c2; // sic
- }
-
- return( 0 );
+ char *str = (char *) in;
+ mpi X;
+
+ /*
+ * The 'in' pointer we get is from an MPI prepared by mpi_fill_random(),
+ * just reconstruct the rest in order to be able to call mpi_read_string()
+ */
+ X.s = 1;
+ X.p = (t_uint *) out;
+ X.n = CHARS_TO_LIMBS( len );
+
+ /*
+ * If str is too long, mpi_read_string() will try to allocate a new buffer
+ * for X.p, which we want to avoid at all costs.
+ */
+ assert( strlen( str ) / 2 == len );
+
+ return( mpi_read_string( &X, 16, str ) );
}
+#endif /* WANT_NOT_RND_MPI */
diff --git a/tests/suites/test_suite_ecdh.function
b/tests/suites/test_suite_ecdh.function
index ba35c76..63917d7 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include <polarssl/ecdh.h>
+#define WANT_NOT_RND_MPI
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -57,14 +58,14 @@ void ecdh_primitive_testvec( int id, char *dA_str, char
*xA_str, char *yA_str,
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
- TEST_ASSERT( ecdh_gen_public( &grp, &dA, &qA, ¬_rnd, dA_str ) == 0 );
+ TEST_ASSERT( ecdh_gen_public( &grp, &dA, &qA, ¬_rnd_mpi, dA_str
+ ) == 0 );
TEST_ASSERT( ! ecp_is_zero( &qA ) );
TEST_ASSERT( mpi_read_string( &check, 16, xA_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qA.X, &check ) == 0 );
TEST_ASSERT( mpi_read_string( &check, 16, yA_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qA.Y, &check ) == 0 );
- TEST_ASSERT( ecdh_gen_public( &grp, &dB, &qB, ¬_rnd, dB_str ) == 0 );
+ TEST_ASSERT( ecdh_gen_public( &grp, &dB, &qB, ¬_rnd_mpi, dB_str
+ ) == 0 );
TEST_ASSERT( ! ecp_is_zero( &qB ) );
TEST_ASSERT( mpi_read_string( &check, 16, xB_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qB.X, &check ) == 0 ); diff --git
a/tests/suites/test_suite_ecdsa.function
b/tests/suites/test_suite_ecdsa.function
index 5ccb39d..34307ca 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include <polarssl/ecdsa.h>
+#define WANT_NOT_RND_MPI
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -63,7 +64,7 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char
*xQ_str, char *yQ_str,
len = unhexify(buf, hash_str);
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, len,
- ¬_rnd, k_str ) == 0 );
+ ¬_rnd_mpi, k_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &r, &r_check ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &s, &s_check ) == 0 );
> -----Original Message-----
> From: Roland Stigge [mailto:sti...@antcom.de]
> Sent: dinsdag 22 oktober 2013 15:07
> To: polarssl_maintai...@polarssl.org; 727...@bugs.debian.org
> Subject: Debian: polarssl 1.3.1 fails to build from source on big endian
> architectures
>
> Hi,
>
> at Debian, it has just been discovered that some tests fail on big endian
> architectures (powerpc etc.), e.g.:
>
> - test_suite_ecdh
> ECDH primitive rfc 5903 p256 ......................................
> FAILED
> mpi_cmp_mpi( &qA.X, &check ) == 0
> ECDH primitive rfc 5903 p384 ...................................... FAILED
> mpi_cmp_mpi( &qA.X, &check ) == 0
> ECDH primitive rfc 5903 p521 ...................................... FAILED
> mpi_cmp_mpi( &qA.X, &check ) == 0
> FAILED (7 / 10 tests (0 skipped))
> **** Failed ***************
>
> - test_suite_ecdsa
> ECDSA primitive rfc 4754 p256 .....................................
> FAILED
> mpi_cmp_mpi( &r, &r_check ) == 0
> ECDSA primitive rfc 4754 p384 ..................................... FAILED
> mpi_cmp_mpi( &r, &r_check ) == 0
> ECDSA primitive rfc 4754 p521 ..................................... FAILED
> mpi_cmp_mpi( &r, &r_check ) == 0
> FAILED (10 / 13 tests (0 skipped))
> **** Failed ***************
>
> See also https://buildd.debian.org/status/package.php?p=polarssl
>
> I guess this is due to some little endian specific code in mpi_shift_r() or
> similar or in tests design.
>
> Best regards,
>
> Roland
--- End Message ---
