boringssl/fuzz
David Benjamin a63d0ad40d Require BN_mod_exp_mont* inputs be reduced.
If the caller asked for the base to be treated as secret, we should
provide that. Allowing unbounded inputs is not compatible with being
constant-time.

Additionally, this aligns with the guidance here:
https://github.com/HACS-workshop/spectre-mitigations/blob/master/crypto_guidelines.md#1-do-not-conditionally-choose-between-constant-and-non-constant-time

Update-Note: BN_mod_exp_mont_consttime and BN_mod_exp_mont now require
inputs be fully reduced. I believe current callers tolerate this.

Additionally, due to a quirk of how certain operations were ordered,
using (publicly) zero exponent tolerated a NULL BN_CTX while other
exponents required non-NULL BN_CTX. Non-NULL BN_CTX is now required
uniformly. This is unlikely to cause problems. Any call site where the
exponent is always zero should just be replaced with BN_value_one().

Change-Id: I7c941953ea05f36dc2754facb9f4cf83a6789c61
Reviewed-on: https://boringssl-review.googlesource.com/27665
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2018-04-24 18:29:29 +00:00
..
bn_div_corpus Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
bn_mod_exp_corpus Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
cert_corpus Merge in upstream's certificate corpus. 2016-12-12 21:41:00 +00:00
client_corpus Refresh fuzzer corpora. 2017-12-18 21:54:26 +00:00
client_corpus_no_fuzzer_mode Refresh fuzzer corpora. 2017-12-18 21:54:26 +00:00
dtls_client_corpus Refresh fuzzer corpora. 2017-12-18 21:54:26 +00:00
dtls_server_corpus Refresh fuzzer corpora. 2017-12-18 21:54:26 +00:00
pkcs8_corpus Add standalone PKCS#8 and SPKI fuzzers. 2016-04-25 21:57:28 +00:00
privkey_corpus Update fuzzing corpuses. 2016-03-03 18:33:05 +00:00
read_pem_corpus Replace base64 decoding. 2016-05-26 17:59:10 +00:00
server_corpus Refresh fuzzer corpora. 2017-12-18 21:54:26 +00:00
server_corpus_no_fuzzer_mode Refresh fuzzer corpora. 2017-12-18 21:54:26 +00:00
session_corpus Adding a fuzzer for Sessions 2016-12-01 20:22:56 +00:00
spki_corpus Add standalone PKCS#8 and SPKI fuzzers. 2016-04-25 21:57:28 +00:00
ssl_ctx_api_corpus Add a fuzzer for the SSL_CTX API. 2016-10-04 23:07:09 +00:00
bn_div.cc Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
bn_mod_exp.cc Require BN_mod_exp_mont* inputs be reduced. 2018-04-24 18:29:29 +00:00
cert.cc Run the comment converter on fuzz/ and tool/ 2017-08-18 16:42:13 +00:00
client.cc Add DTLS fuzzers. 2017-09-07 22:26:50 +00:00
CMakeLists.txt Add BN fuzzer. 2017-10-23 16:38:28 +00:00
dtls_client.cc Add DTLS fuzzers. 2017-09-07 22:26:50 +00:00
dtls_server.cc Add DTLS fuzzers. 2017-09-07 22:26:50 +00:00
minimise_corpuses.sh Add licenses to fuzz tests. 2016-04-25 20:15:27 +00:00
pkcs8.cc ERR_clear_error at the end of each fuzzer. 2016-10-13 23:20:40 +00:00
privkey.cc ERR_clear_error at the end of each fuzzer. 2016-10-13 23:20:40 +00:00
read_pem.cc ERR_clear_error at the end of each fuzzer. 2016-10-13 23:20:40 +00:00
refresh_ssl_corpora.sh Add DTLS fuzzers. 2017-09-07 22:26:50 +00:00
server.cc Add DTLS fuzzers. 2017-09-07 22:26:50 +00:00
session.cc Remove |X509| things from SSL_SESSION. 2017-02-10 19:12:04 +00:00
spki.cc ERR_clear_error at the end of each fuzzer. 2016-10-13 23:20:40 +00:00
ssl_ctx_api.cc Bound ssl_ctx_api more aggressively. 2017-06-06 20:50:55 +00:00