Fix and test for sqrt(0) special case.

diff --git a/ChangeLog b/ChangeLog
index b461a5a30eb942038df76874e83753c724240b22..ba4fa68940f28fd822551de9f75b86dbc97c7744 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2021-11-13  Niels Möller  <nisse@lysator.liu.se>
+
+       * ecc-secp224r1.c (ecc_secp224r1_sqrt): Fix result for zero
+       input, which needs handling as a special case in the
+       Tonelli-Shanks algorithm.
+
+       * testsuite/ecc-sqrt-test.c (test_sqrt_ratio): Check that sqrt(0)
+       returns 0.
+       (test_sqrt_ratio): Check that sqrt (0/1) returns 0.
+
 2021-11-11  Niels Möller  <nisse@lysator.liu.se>
 
        * eccdata.c (output_curve): Output ecc_sqrt_z and ECC_SQRT_E only

diff --git a/ecc-secp224r1.c b/ecc-secp224r1.c
index 3d19fde71c23e15f90c4757144c4d6d4e4eef4a7..bb3212985114a772a9f45e9ed9b00423b950c4c4 100644 (file)
--- a/ecc-secp224r1.c
+++ b/ecc-secp224r1.c
@@ -189,10 +189,11 @@ ecc_secp224r1_sqrt (const struct ecc_modulo *p,
 
       if (m == r)
        {
-         /* No square root. Will always be detected on first round in
-            the outer loop. */
+         /* We get here if there is no square root, or input is zero.
+            Will always be detected on first round in the outer
+            loop. */
          assert (r == ECC_SQRT_E);
-         return 0;
+         return ecc_mod_zero_p (p, xp);
        }
 
       if (m < r - 1)

diff --git a/testsuite/ecc-sqrt-test.c b/testsuite/ecc-sqrt-test.c
index 69e08aa4198b60b9e097e321c06a468f3e6e5e15..096cbafc4720a096caf91633e2748cce07cfcb14 100644 (file)
--- a/testsuite/ecc-sqrt-test.c
+++ b/testsuite/ecc-sqrt-test.c
@@ -87,6 +87,25 @@ test_sqrt (gmp_randstate_t rands, const struct ecc_modulo *m, int use_redc)
   rp = xalloc_limbs (2*m->size);
   scratch = xalloc_limbs (m->sqrt_itch);
 
+  /* Check behaviour for zero input */
+  mpn_zero (up, m->size);
+  memset (rp, 17, m->size * sizeof(*rp));
+  if (!m->sqrt (m, rp, up, scratch))
+    {
+      fprintf (stderr, "m->sqrt returned failure for zero input, bit_size = %d\n",
+              m->bit_size);
+      abort();
+    }
+  if (!ecc_mod_zero_p (m, rp))
+    {
+      fprintf (stderr, "m->sqrt failed for zero input (bit size %u):\n",
+              m->bit_size);
+      fprintf (stderr, "r = ");
+      mpn_out_str (stderr, 16, rp, m->size);
+      fprintf (stderr, " (bad)\n");
+      abort ();
+    }
+
   /* Find a non-square */
   for (z = 2; mpz_ui_kronecker (z, p) != -1; z++)
     ;
@@ -176,6 +195,27 @@ test_sqrt_ratio (gmp_randstate_t rands, const struct ecc_modulo *m)
   rp = xalloc_limbs (2*m->size);
   scratch = xalloc_limbs (m->sqrt_ratio_itch);
 
+  /* Check behaviour for zero input */
+  mpn_zero (up, m->size);
+  mpn_zero (vp, m->size);
+  vp[0] = 1;
+  memset (rp, 17, m->size * sizeof(*rp));
+  if (!m->sqrt_ratio (m, rp, up, vp, scratch))
+    {
+      fprintf (stderr, "m->sqrt_ratio returned failure for zero input, bit_size = %d\n",
+              m->bit_size);
+      abort();
+    }
+  if (!ecc_mod_zero_p (m, rp))
+    {
+      fprintf (stderr, "m->sqrt_ratio failed for zero input (bit size %u):\n",
+              m->bit_size);
+      fprintf (stderr, "r = ");
+      mpn_out_str (stderr, 16, rp, m->size);
+      fprintf (stderr, " (bad)\n");
+      abort ();
+    }
+
   /* Find a non-square */
   for (z = 2; mpz_ui_kronecker (z, p) != -1; z++)
     ;