diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 533a647dc..178d17bbc 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -1,4 +1,5 @@ #include +#include #include "mbedtls/pk.h" //4 Kb should be enough for every bug ;-) @@ -29,8 +30,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); rsa = mbedtls_pk_rsa( pk ); - mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ); - mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); + if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) { + abort(); + } + if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != 0 ) { + abort(); + } mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index df42f7d53..38eacfb61 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,4 +1,5 @@ #include +#include #include "mbedtls/pk.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { @@ -20,8 +21,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); rsa = mbedtls_pk_rsa( pk ); - ret = mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ); - ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); + if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) { + abort(); + } + if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) { + abort(); + } mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );