diff options
author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-02-08 11:17:15 +0100 |
---|---|---|
committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-02-08 11:17:15 +0100 |
commit | 0b281a3b0744b6c477aa1cbbde00d8910581f236 (patch) | |
tree | dfd20406072399d3af0ef7c170927f4f0266a53f /fuzz/mpi_sqrmod_target.cc | |
parent | 353a1a1cbca51f6fd056f5f4d0d5e2d49e65134b (diff) | |
download | nss-hg-0b281a3b0744b6c477aa1cbbde00d8910581f236.tar.gz |
Bug 1334106 - split mpi target, r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D189
Diffstat (limited to 'fuzz/mpi_sqrmod_target.cc')
-rw-r--r-- | fuzz/mpi_sqrmod_target.cc | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/fuzz/mpi_sqrmod_target.cc b/fuzz/mpi_sqrmod_target.cc new file mode 100644 index 000000000..d3886dacd --- /dev/null +++ b/fuzz/mpi_sqrmod_target.cc @@ -0,0 +1,51 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * This target fuzzes NSS mpi against openssl bignum. + * It therefore requires openssl to be installed. + */ + +#include "mpi_helper.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + // We require at least size 3 to get two integers from Data. + if (size < 3) { + return 0; + } + mp_int a, b, c; + BN_CTX *ctx = BN_CTX_new(); + BN_CTX_start(ctx); + BIGNUM *A = BN_CTX_get(ctx); + BIGNUM *B = BN_CTX_get(ctx); + BIGNUM *C = BN_CTX_get(ctx); + assert(mp_init(&a) == MP_OKAY); + assert(mp_init(&b) == MP_OKAY); + assert(mp_init(&c) == MP_OKAY); + size_t max_size = 4 * size + 1; + parse_input(data, size, A, &a); + + // We can't divide by 0. + if (mp_cmp_z(&b) == 0) { + mp_clear(&a); + mp_clear(&b); + mp_clear(&c); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return 0; + } + + // Compare with OpenSSL square mod + assert(mp_sqrmod(&a, &b, &c) == MP_OKAY); + (void)BN_mod_sqr(C, A, B, ctx); + check_equal(C, &c, max_size); + + mp_clear(&a); + mp_clear(&b); + mp_clear(&c); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return 0; +} |