Bug 1334106 - improve mpi fuzzing, r=me
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Fri, 18 Aug 2017 10:11:07 +0200
changeset 13533 8606d1442fe4eecd2a4ffebf2828d57f009827a4
parent 13531 d50a14c51077c38506ea2304c315b39ed1b739e6
child 13534 b05b124f610577e8bdbd77d86f1ab894df9cdf8d
push id2326
push userfranziskuskiefer@gmail.com
push dateFri, 18 Aug 2017 08:11:35 +0000
reviewersme
bugs1334106
Bug 1334106 - improve mpi fuzzing, r=me
fuzz/mpi_expmod_target.cc
fuzz/mpi_helper.cc
fuzz/mpi_helper.h
--- a/fuzz/mpi_expmod_target.cc
+++ b/fuzz/mpi_expmod_target.cc
@@ -14,14 +14,18 @@ extern "C" int LLVMFuzzerTestOneInput(co
   if (size < 3) {
     return 0;
   }
   INIT_FOUR_NUMBERS
 
   auto modulus = get_modulus(data, size, ctx);
   // Compare with OpenSSL exp mod
   m1 = &std::get<1>(modulus);
+  check_equal(A, &a, max_size);
+  check_equal(B, &b, max_size);
+  print_bn("A", A);
+  print_bn("B", B);
   assert(mp_exptmod(&a, &b, m1, &c) == MP_OKAY);
   (void)BN_mod_exp(C, A, B, std::get<0>(modulus), ctx);
   check_equal(C, &c, 2 * max_size);
 
   CLEANUP_AND_RETURN
 }
--- a/fuzz/mpi_helper.cc
+++ b/fuzz/mpi_helper.cc
@@ -7,16 +7,22 @@
 #include "mpi_helper.h"
 #include <cstdlib>
 #include <random>
 
 char *to_char(const uint8_t *x) {
   return reinterpret_cast<char *>(const_cast<unsigned char *>(x));
 }
 
+void print_bn(std::string label, BIGNUM *x) {
+  char *xc = BN_bn2hex(x);
+  std::cout << label << ": " << std::hex << xc << std::endl;
+  OPENSSL_free(xc);
+}
+
 // Check that the two numbers are equal.
 void check_equal(BIGNUM *b, mp_int *m, size_t max_size) {
   char *bnBc = BN_bn2hex(b);
   char mpiMc[max_size];
   mp_tohex(m, mpiMc);
   std::string bnA(bnBc);
   std::string mpiA(mpiMc);
   OPENSSL_free(bnBc);
--- a/fuzz/mpi_helper.h
+++ b/fuzz/mpi_helper.h
@@ -18,16 +18,17 @@
 #include <openssl/bn.h>
 
 void check_equal(BIGNUM *b, mp_int *m, size_t max_size);
 void parse_input(const uint8_t *data, size_t size, BIGNUM *A, BIGNUM *B,
                  mp_int *a, mp_int *b);
 void parse_input(const uint8_t *data, size_t size, BIGNUM *A, mp_int *a);
 std::tuple<BIGNUM *, mp_int> get_modulus(const uint8_t *data, size_t size,
                                          BN_CTX *ctx);
+void print_bn(std::string label, BIGNUM *x);
 
 // Initialise MPI and BN variables
 // XXX: Also silence unused variable warnings for R.
 #define INIT_FOUR_NUMBERS                \
   mp_int a, b, c, r;                     \
   mp_int *m1 = nullptr;                  \
   BN_CTX *ctx = BN_CTX_new();            \
   BN_CTX_start(ctx);                     \