Bound the input to the bn_mod_exp fuzzer. This is not a speedy operation, so the fuzzers need a bit of help to avoid timeouts. Bug: chromium:786049 Change-Id: Ib56281b63eb6c895057f21254f0cc7c5c2d85ee4 Reviewed-on: https://boringssl-review.googlesource.com/23484 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: fc9c67599d9bdeb2e0467085133b81a8e28f77a4 [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Nov 28 14:49:53 2017 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Nov 28 21:48:00 2017 +0000
tree: 88dffceffe5bbffc563648a3ed9ab514094eec6a
parent: a7673facf85f01f1e880b74c3f9e35563c2a44fd [diff]
diff --git a/fuzz/bn_mod_exp.cc b/fuzz/bn_mod_exp.cc
index bcc5097..46e3c88 100644
--- a/fuzz/bn_mod_exp.cc
+++ b/fuzz/bn_mod_exp.cc

@@ -70,6 +70,16 @@
       CBS_len(&child2) == 0) {
     return 0;
   }
+
+  // Don't fuzz inputs larger than 512 bytes (4096 bits). This isn't ideal, but
+  // the naive |mod_exp| above is somewhat slow, so this otherwise causes the
+  // fuzzers to spend a lot of time exploring timeouts.
+  if (CBS_len(&child0) > 512 ||
+      CBS_len(&child1) > 512 ||
+      CBS_len(&child2) > 512) {
+    return 0;
+  }
+
   bssl::UniquePtr<BIGNUM> base(
       BN_bin2bn(CBS_data(&child0), CBS_len(&child0), nullptr));
   BN_set_negative(base.get(), sign % 2);
commit	fc9c67599d9bdeb2e0467085133b81a8e28f77a4	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Nov 28 14:49:53 2017 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Nov 28 21:48:00 2017 +0000
tree	88dffceffe5bbffc563648a3ed9ab514094eec6a
parent	a7673facf85f01f1e880b74c3f9e35563c2a44fd [diff]