summaryrefslogtreecommitdiff
path: root/fuzz/mpi_sqrmod_target.cc
diff options
context:
space:
mode:
authorFranziskus Kiefer <franziskuskiefer@gmail.com>2017-02-08 11:17:15 +0100
committerFranziskus Kiefer <franziskuskiefer@gmail.com>2017-02-08 11:17:15 +0100
commit0b281a3b0744b6c477aa1cbbde00d8910581f236 (patch)
treedfd20406072399d3af0ef7c170927f4f0266a53f /fuzz/mpi_sqrmod_target.cc
parent353a1a1cbca51f6fd056f5f4d0d5e2d49e65134b (diff)
downloadnss-hg-0b281a3b0744b6c477aa1cbbde00d8910581f236.tar.gz
Bug 1334106 - split mpi target, r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D189
Diffstat (limited to 'fuzz/mpi_sqrmod_target.cc')
-rw-r--r--fuzz/mpi_sqrmod_target.cc51
1 files changed, 51 insertions, 0 deletions
diff --git a/fuzz/mpi_sqrmod_target.cc b/fuzz/mpi_sqrmod_target.cc
new file mode 100644
index 000000000..d3886dacd
--- /dev/null
+++ b/fuzz/mpi_sqrmod_target.cc
@@ -0,0 +1,51 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ // We require at least size 3 to get two integers from Data.
+ if (size < 3) {
+ return 0;
+ }
+ mp_int a, b, c;
+ BN_CTX *ctx = BN_CTX_new();
+ BN_CTX_start(ctx);
+ BIGNUM *A = BN_CTX_get(ctx);
+ BIGNUM *B = BN_CTX_get(ctx);
+ BIGNUM *C = BN_CTX_get(ctx);
+ assert(mp_init(&a) == MP_OKAY);
+ assert(mp_init(&b) == MP_OKAY);
+ assert(mp_init(&c) == MP_OKAY);
+ size_t max_size = 4 * size + 1;
+ parse_input(data, size, A, &a);
+
+ // We can't divide by 0.
+ if (mp_cmp_z(&b) == 0) {
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&c);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return 0;
+ }
+
+ // Compare with OpenSSL square mod
+ assert(mp_sqrmod(&a, &b, &c) == MP_OKAY);
+ (void)BN_mod_sqr(C, A, B, ctx);
+ check_equal(C, &c, max_size);
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&c);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
+ return 0;
+}