Commit ef4664f2 authored by Marcus Burghardt's avatar Marcus Burghardt

Bug 1542077 - Added extra controls and tests to mp_set_int and mp_set_ulong. r=jcj,kjacobs

Differential Revision: https://phabricator.services.mozilla.com/D40649

--HG--
extra : moz-landing-system : lando
parent b9ce9a0e
...@@ -290,4 +290,4 @@ TEST_F(DISABLED_MPITest, MpiCmpConstTest) { ...@@ -290,4 +290,4 @@ TEST_F(DISABLED_MPITest, MpiCmpConstTest) {
mp_clear(&c); mp_clear(&c);
} }
} // nss_test } // namespace nss_test
...@@ -167,6 +167,7 @@ To set an mp_int to a given value, the following functions are given: ...@@ -167,6 +167,7 @@ To set an mp_int to a given value, the following functions are given:
mp_set(mp_int *mp, mp_digit d); mp_set(mp_int *mp, mp_digit d);
mp_set_int(mp_int *mp, long z); mp_set_int(mp_int *mp, long z);
mp_set_ulong(mp_int *mp, unsigned long z);
The mp_set() function sets the mp_int to a single digit value, while The mp_set() function sets the mp_int to a single digit value, while
mp_set_int() sets the mp_int to a signed long integer value. mp_set_int() sets the mp_int to a signed long integer value.
......
...@@ -344,6 +344,8 @@ mp_set_int(mp_int *mp, long z) ...@@ -344,6 +344,8 @@ mp_set_int(mp_int *mp, long z)
unsigned long v = labs(z); unsigned long v = labs(z);
mp_err res; mp_err res;
ARGCHK(mp != NULL, MP_BADARG);
/* https://bugzilla.mozilla.org/show_bug.cgi?id=1509432 */ /* https://bugzilla.mozilla.org/show_bug.cgi?id=1509432 */
if ((res = mp_set_ulong(mp, v)) != MP_OKAY) { /* avoids duplicated code */ if ((res = mp_set_ulong(mp, v)) != MP_OKAY) { /* avoids duplicated code */
return res; return res;
...@@ -1427,7 +1429,7 @@ s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) ...@@ -1427,7 +1429,7 @@ s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
mp_digit d; mp_digit d;
unsigned int dig, bit; unsigned int dig, bit;
ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); ARGCHK(a != NULL && b != NULL && c != NULL && m != NULL, MP_BADARG);
if (mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0) if (mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0)
return MP_RANGE; return MP_RANGE;
...@@ -1514,7 +1516,7 @@ mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c) ...@@ -1514,7 +1516,7 @@ mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c)
mp_int s, x; mp_int s, x;
mp_err res; mp_err res;
ARGCHK(a != NULL && c != NULL, MP_BADARG); ARGCHK(a != NULL && c != NULL && m != NULL, MP_BADARG);
if ((res = mp_init(&s)) != MP_OKAY) if ((res = mp_init(&s)) != MP_OKAY)
return res; return res;
...@@ -1567,6 +1569,8 @@ X: ...@@ -1567,6 +1569,8 @@ X:
int int
mp_cmp_z(const mp_int *a) mp_cmp_z(const mp_int *a)
{ {
ARGMPCHK(a != NULL);
if (SIGN(a) == NEG) if (SIGN(a) == NEG)
return MP_LT; return MP_LT;
else if (USED(a) == 1 && DIGIT(a, 0) == 0) else if (USED(a) == 1 && DIGIT(a, 0) == 0)
...@@ -1657,7 +1661,7 @@ mp_cmp_mag(const mp_int *a, const mp_int *b) ...@@ -1657,7 +1661,7 @@ mp_cmp_mag(const mp_int *a, const mp_int *b)
int int
mp_isodd(const mp_int *a) mp_isodd(const mp_int *a)
{ {
ARGCHK(a != NULL, 0); ARGMPCHK(a != NULL);
return (int)(DIGIT(a, 0) & 1); return (int)(DIGIT(a, 0) & 1);
...@@ -2001,7 +2005,7 @@ s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c) ...@@ -2001,7 +2005,7 @@ s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c)
mp_err k = 0; mp_err k = 0;
mp_int d, f, g; mp_int d, f, g;
ARGCHK(a && p && c, MP_BADARG); ARGCHK(a != NULL && p != NULL && c != NULL, MP_BADARG);
MP_DIGITS(&d) = 0; MP_DIGITS(&d) = 0;
MP_DIGITS(&f) = 0; MP_DIGITS(&f) = 0;
...@@ -2135,7 +2139,7 @@ s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c) ...@@ -2135,7 +2139,7 @@ s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c)
mp_err res; mp_err res;
mp_int x; mp_int x;
ARGCHK(a && m && c, MP_BADARG); ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
return MP_RANGE; return MP_RANGE;
...@@ -2173,7 +2177,7 @@ mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c) ...@@ -2173,7 +2177,7 @@ mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c)
mp_int g, x; mp_int g, x;
mp_err res; mp_err res;
ARGCHK(a && m && c, MP_BADARG); ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
return MP_RANGE; return MP_RANGE;
...@@ -2269,6 +2273,8 @@ s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c) ...@@ -2269,6 +2273,8 @@ s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c)
mp_int oddPart, evenPart; /* parts to combine via CRT. */ mp_int oddPart, evenPart; /* parts to combine via CRT. */
mp_int C2, tmp1, tmp2; mp_int C2, tmp1, tmp2;
ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
/*static const mp_digit d1 = 1; */ /*static const mp_digit d1 = 1; */
/*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */ /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */
...@@ -2347,8 +2353,7 @@ CLEANUP: ...@@ -2347,8 +2353,7 @@ CLEANUP:
mp_err mp_err
mp_invmod(const mp_int *a, const mp_int *m, mp_int *c) mp_invmod(const mp_int *a, const mp_int *m, mp_int *c)
{ {
ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
ARGCHK(a && m && c, MP_BADARG);
if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
return MP_RANGE; return MP_RANGE;
...@@ -2715,6 +2720,8 @@ mp_strerror(mp_err ec) ...@@ -2715,6 +2720,8 @@ mp_strerror(mp_err ec)
mp_err mp_err
s_mp_grow(mp_int *mp, mp_size min) s_mp_grow(mp_int *mp, mp_size min)
{ {
ARGCHK(mp != NULL, MP_BADARG);
if (min > ALLOC(mp)) { if (min > ALLOC(mp)) {
mp_digit *tmp; mp_digit *tmp;
...@@ -2744,6 +2751,8 @@ s_mp_grow(mp_int *mp, mp_size min) ...@@ -2744,6 +2751,8 @@ s_mp_grow(mp_int *mp, mp_size min)
mp_err mp_err
s_mp_pad(mp_int *mp, mp_size min) s_mp_pad(mp_int *mp, mp_size min)
{ {
ARGCHK(mp != NULL, MP_BADARG);
if (min > USED(mp)) { if (min > USED(mp)) {
mp_err res; mp_err res;
...@@ -2863,6 +2872,8 @@ s_mp_lshd(mp_int *mp, mp_size p) ...@@ -2863,6 +2872,8 @@ s_mp_lshd(mp_int *mp, mp_size p)
mp_err res; mp_err res;
unsigned int ix; unsigned int ix;
ARGCHK(mp != NULL, MP_BADARG);
if (p == 0) if (p == 0)
return MP_OKAY; return MP_OKAY;
...@@ -2995,6 +3006,8 @@ s_mp_mul_2(mp_int *mp) ...@@ -2995,6 +3006,8 @@ s_mp_mul_2(mp_int *mp)
unsigned int ix, used; unsigned int ix, used;
mp_digit kin = 0; mp_digit kin = 0;
ARGCHK(mp != NULL, MP_BADARG);
/* Shift digits leftward by 1 bit */ /* Shift digits leftward by 1 bit */
used = MP_USED(mp); used = MP_USED(mp);
pd = MP_DIGITS(mp); pd = MP_DIGITS(mp);
...@@ -3104,6 +3117,8 @@ s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd) ...@@ -3104,6 +3117,8 @@ s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd)
mp_digit b_msd; mp_digit b_msd;
mp_err res = MP_OKAY; mp_err res = MP_OKAY;
ARGCHK(a != NULL && b != NULL && pd != NULL, MP_BADARG);
d = 0; d = 0;
mask = DIGIT_MAX & ~(DIGIT_MAX >> 1); /* mask is msb of digit */ mask = DIGIT_MAX & ~(DIGIT_MAX >> 1); /* mask is msb of digit */
b_msd = DIGIT(b, USED(b) - 1); b_msd = DIGIT(b, USED(b) - 1);
...@@ -4368,6 +4383,8 @@ CLEANUP: ...@@ -4368,6 +4383,8 @@ CLEANUP:
int int
s_mp_cmp(const mp_int *a, const mp_int *b) s_mp_cmp(const mp_int *a, const mp_int *b)
{ {
ARGMPCHK(a != NULL && b != NULL);
mp_size used_a = MP_USED(a); mp_size used_a = MP_USED(a);
{ {
mp_size used_b = MP_USED(b); mp_size used_b = MP_USED(b);
...@@ -4419,6 +4436,8 @@ IS_GT: ...@@ -4419,6 +4436,8 @@ IS_GT:
int int
s_mp_cmp_d(const mp_int *a, mp_digit d) s_mp_cmp_d(const mp_int *a, mp_digit d)
{ {
ARGMPCHK(a != NULL);
if (USED(a) > 1) if (USED(a) > 1)
return MP_GT; return MP_GT;
...@@ -4445,6 +4464,8 @@ s_mp_ispow2(const mp_int *v) ...@@ -4445,6 +4464,8 @@ s_mp_ispow2(const mp_int *v)
mp_digit d; mp_digit d;
int extra = 0, ix; int extra = 0, ix;
ARGMPCHK(v != NULL);
ix = MP_USED(v) - 1; ix = MP_USED(v) - 1;
d = MP_DIGIT(v, ix); /* most significant digit of v */ d = MP_DIGIT(v, ix); /* most significant digit of v */
...@@ -4772,10 +4793,7 @@ mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) ...@@ -4772,10 +4793,7 @@ mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length)
int ix, jx; int ix, jx;
unsigned int bytes; unsigned int bytes;
ARGCHK(mp != NULL, MP_BADARG); ARGCHK(mp != NULL && str != NULL && !SIGN(mp) && length > 0, MP_BADARG);
ARGCHK(str != NULL, MP_BADARG);
ARGCHK(!SIGN(mp), MP_BADARG);
ARGCHK(length > 0, MP_BADARG);
/* Constant time on the value of mp. Don't use mp_unsigned_octet_size. */ /* Constant time on the value of mp. Don't use mp_unsigned_octet_size. */
bytes = USED(mp) * MP_DIGIT_SIZE; bytes = USED(mp) * MP_DIGIT_SIZE;
......
...@@ -288,7 +288,14 @@ void freebl_cpuid(unsigned long op, unsigned long *eax, ...@@ -288,7 +288,14 @@ void freebl_cpuid(unsigned long op, unsigned long *eax,
#define DIGITS(MP) MP_DIGITS(MP) #define DIGITS(MP) MP_DIGITS(MP)
#define DIGIT(MP, N) MP_DIGIT(MP, N) #define DIGIT(MP, N) MP_DIGIT(MP, N)
/* Functions which return an mp_err value will NULL-check their arguments via
* ARGCHK(condition, return), where the caller is responsible for checking the
* mp_err return code. For functions that return an integer type, the caller
* has no way to tell if the value is an error code or a legitimate value.
* Therefore, ARGMPCHK(condition) will trigger an assertion failure on debug
* builds, but no-op in optimized builds. */
#if MP_ARGCHK == 1 #if MP_ARGCHK == 1
#define ARGMPCHK(X) /* */
#define ARGCHK(X, Y) \ #define ARGCHK(X, Y) \
{ \ { \
if (!(X)) { \ if (!(X)) { \
...@@ -297,9 +304,11 @@ void freebl_cpuid(unsigned long op, unsigned long *eax, ...@@ -297,9 +304,11 @@ void freebl_cpuid(unsigned long op, unsigned long *eax,
} }
#elif MP_ARGCHK == 2 #elif MP_ARGCHK == 2
#include <assert.h> #include <assert.h>
#define ARGMPCHK(X) assert(X)
#define ARGCHK(X, Y) assert(X) #define ARGCHK(X, Y) assert(X)
#else #else
#define ARGCHK(X, Y) /* */ #define ARGMPCHK(X) /* */
#define ARGCHK(X, Y) /* */
#endif #endif
#ifdef CT_VERIF #ifdef CT_VERIF
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment