diff --git a/fuzz/mpi_invmod_target.cc b/fuzz/mpi_invmod_target.cc index 9820af947f..6480d5437e 100644 --- a/fuzz/mpi_invmod_target.cc +++ b/fuzz/mpi_invmod_target.cc @@ -32,8 +32,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { bp[primeLen - 1] |= 0x01; /* set low-order bit */ ++count; assert(mp_read_unsigned_octets(&b, bp, primeLen) == MP_OKAY); - } while ((res = mpp_make_prime(&b, primeLen * 8, PR_FALSE, nullptr)) != - MP_YES && + } while ((res = mpp_make_prime(&b, primeLen * 8, PR_FALSE)) != MP_YES && count < 10); if (res != MP_YES) { return 0; diff --git a/gtests/freebl_gtest/dh_unittest.cc b/gtests/freebl_gtest/dh_unittest.cc new file mode 100644 index 0000000000..498ca204bf --- /dev/null +++ b/gtests/freebl_gtest/dh_unittest.cc @@ -0,0 +1,26 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this file, +// You can obtain one at http://mozilla.org/MPL/2.0/. + +#include "blapi.h" +#include "gtest/gtest.h" + +namespace nss_test { + +class DHTest : public ::testing::Test { + protected: + void TestGenParamSuccess(int size) { + DHParams *params; + for (int i = 0; i < 10; i++) { + EXPECT_EQ(SECSuccess, DH_GenParam(size, ¶ms)); + PORT_FreeArena(params->arena, PR_TRUE); + } + } +}; + +// Test parameter generation for minimum and some common key sizes +TEST_F(DHTest, DhGenParamSuccessTest16) { TestGenParamSuccess(16); } +TEST_F(DHTest, DhGenParamSuccessTest224) { TestGenParamSuccess(224); } +TEST_F(DHTest, DhGenParamSuccessTest256) { TestGenParamSuccess(256); } + +} // nss_test diff --git a/gtests/freebl_gtest/freebl_gtest.gyp b/gtests/freebl_gtest/freebl_gtest.gyp index d285954f97..546e69aa95 100644 --- a/gtests/freebl_gtest/freebl_gtest.gyp +++ b/gtests/freebl_gtest/freebl_gtest.gyp @@ -12,6 +12,7 @@ 'type': 'executable', 'sources': [ 'mpi_unittest.cc', + 'dh_unittest.cc', '<(DEPTH)/gtests/common/gtests.cc' ], 'dependencies': [ diff --git a/lib/freebl/blapii.h b/lib/freebl/blapii.h index 570b127b34..0087c78997 100644 --- a/lib/freebl/blapii.h +++ b/lib/freebl/blapii.h @@ -9,6 +9,7 @@ #define _BLAPII_H_ #include "blapit.h" +#include "mpi.h" /* max block size of supported block ciphers */ #define MAX_BLOCK_SIZE 16 @@ -59,6 +60,7 @@ SEC_END_PROTOS #undef HAVE_NO_SANITIZE_ATTR SECStatus RSA_Init(); +SECStatus generate_prime(mp_int *prime, int primeLen); /* Freebl state. */ PRBool aesni_support(); diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c index 97025c7e25..587982a970 100644 --- a/lib/freebl/dh.c +++ b/lib/freebl/dh.c @@ -14,9 +14,9 @@ #include "secerr.h" #include "blapi.h" +#include "blapii.h" #include "secitem.h" #include "mpi.h" -#include "mpprime.h" #include "secmpi.h" #define KEA_DERIVED_SECRET_LEN 128 @@ -46,9 +46,7 @@ DH_GenParam(int primeLen, DHParams **params) { PLArenaPool *arena; DHParams *dhparams; - unsigned char *pb = NULL; unsigned char *ab = NULL; - unsigned long counter = 0; mp_int p, q, a, h, psub1, test; mp_err err = MP_OKAY; SECStatus rv = SECSuccess; @@ -81,12 +79,7 @@ DH_GenParam(int primeLen, DHParams **params) CHECK_MPI_OK(mp_init(&psub1)); CHECK_MPI_OK(mp_init(&test)); /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */ - pb = PORT_Alloc(primeLen); - CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(pb, primeLen)); - pb[0] |= 0x80; /* set high-order bit */ - pb[primeLen - 1] |= 0x01; /* set low-order bit */ - CHECK_MPI_OK(mp_read_unsigned_octets(&p, pb, primeLen)); - CHECK_MPI_OK(mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter)); + CHECK_SEC_OK(generate_prime(&p, primeLen)); /* construct Sophie-Germain prime q = (p-1)/2. */ CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1)); CHECK_MPI_OK(mp_div_2(&psub1, &q)); @@ -121,8 +114,6 @@ DH_GenParam(int primeLen, DHParams **params) mp_clear(&h); mp_clear(&psub1); mp_clear(&test); - if (pb) - PORT_ZFree(pb, primeLen); if (ab) PORT_ZFree(ab, primeLen); if (err) { diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c index 58287192e2..9d6232c29c 100644 --- a/lib/freebl/mpi/mpprime.c +++ b/lib/freebl/mpi/mpprime.c @@ -402,8 +402,7 @@ mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes, #define SIEVE_SIZE 32 * 1024 mp_err -mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, - unsigned long *nTries) +mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong) { mp_digit np; mp_err res; @@ -548,8 +547,6 @@ mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, CLEANUP: mp_clear(&trial); mp_clear(&q); - if (nTries) - *nTries += i; if (sieve != NULL) { memset(sieve, 0, SIEVE_SIZE); free(sieve); diff --git a/lib/freebl/mpi/mpprime.h b/lib/freebl/mpi/mpprime.h index 885bccd4b4..acd888d4ac 100644 --- a/lib/freebl/mpi/mpprime.h +++ b/lib/freebl/mpi/mpprime.h @@ -34,8 +34,7 @@ mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes); mp_err mpp_pprime(mp_int *a, int nt); mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes, unsigned char *sieve, mp_size nSieve); -mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, - unsigned long *nTries); +mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong); SEC_END_PROTOS diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c index 0dc4d6ba6e..17d1d871e3 100644 --- a/lib/freebl/rsa.c +++ b/lib/freebl/rsa.c @@ -190,12 +190,12 @@ rsa_build_from_primes(const mp_int *p, const mp_int *q, } return rv; } -static SECStatus + +SECStatus generate_prime(mp_int *prime, int primeLen) { mp_err err = MP_OKAY; SECStatus rv = SECSuccess; - unsigned long counter = 0; int piter; unsigned char *pb = NULL; pb = PORT_Alloc(primeLen); @@ -208,7 +208,7 @@ generate_prime(mp_int *prime, int primeLen) pb[0] |= 0xC0; /* set two high-order bits */ pb[primeLen - 1] |= 0x01; /* set low-order bit */ CHECK_MPI_OK(mp_read_unsigned_octets(prime, pb, primeLen)); - err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter); + err = mpp_make_prime(prime, primeLen * 8, PR_FALSE); if (err != MP_NO) goto cleanup; /* keep going while err == MP_NO */