Bug 1332638 - fuzz PK11_Hashing, r=ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D158

6 files changed, 58 insertions, 5 deletions

diff --git a/fuzz/cert_target.cc b/fuzz/cert_target.cc
index e59a3cf60..bcbef0a4e 100644
--- a/fuzz/cert_target.cc
+++ b/fuzz/cert_target.cc
@@ -3,7 +3,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "FuzzerInternal.h"
-#include "FuzzerRandom.h"
 #include "asn1_mutators.h"
 #include "shared.h"
 
diff --git a/fuzz/fuzz.gyp b/fuzz/fuzz.gyp
index 3e4c62c2b..deb1c6fee 100644
--- a/fuzz/fuzz.gyp
+++ b/fuzz/fuzz.gyp
@@ -125,13 +125,26 @@
       ],
     },
     {
+      'target_name': 'nssfuzz-hash',
+      'type': 'executable',
+      'sources': [
+        'hash_target.cc',
+        'initialize.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'fuzz_base',
+      ],
+    },
+    {
       'target_name': 'nssfuzz',
       'type': 'none',
       'dependencies': [
         'nssfuzz-cert',
-        'nssfuzz-spki',
+        'nssfuzz-hash',
         'nssfuzz-pkcs8',
-      ],
+        'nssfuzz-spki',
+      ]
     }
   ],
 }
diff --git a/fuzz/hash_target.cc b/fuzz/hash_target.cc
new file mode 100644
index 000000000..dad89e8e3
--- /dev/null
+++ b/fuzz/hash_target.cc
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include <vector>
+
+#include "FuzzerInternal.h"
+#include "hasht.h"
+#include "pk11pub.h"
+#include "secoidt.h"
+#include "shared.h"
+
+extern const uint16_t DEFAULT_MAX_LENGTH = 4096U;
+
+const std::vector<SECOidTag> algos = {SEC_OID_MD5, SEC_OID_SHA1, SEC_OID_SHA256,
+                                      SEC_OID_SHA384, SEC_OID_SHA512};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  uint8_t hashOut[HASH_LENGTH_MAX];
+
+  static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
+  assert(db != nullptr);
+
+  // simple hashing.
+  for (auto algo : algos) {
+    assert(PK11_HashBuf(algo, hashOut, data, size) == SECSuccess);
+  }
+
+  // hashing with context.
+  for (auto algo : algos) {
+    unsigned int len = 0;
+    PK11Context *context = PK11_CreateDigestContext(algo);
+    assert(context != nullptr);
+    assert(PK11_DigestBegin(context) == SECSuccess);
+    assert(PK11_DigestFinal(context, hashOut, &len, HASH_LENGTH_MAX) ==
+           SECSuccess);
+    PK11_DestroyContext(context, PR_TRUE);
+  }
+
+  return 0;
+}
diff --git a/fuzz/pkcs8_target.cc b/fuzz/pkcs8_target.cc
index cfc1a9137..04a157a53 100644
--- a/fuzz/pkcs8_target.cc
+++ b/fuzz/pkcs8_target.cc
@@ -9,7 +9,6 @@
 #include "pk11pub.h"
 
 #include "FuzzerInternal.h"
-#include "FuzzerRandom.h"
 #include "asn1_mutators.h"
 #include "assert.h"
 #include "shared.h"
diff --git a/fuzz/shared.h b/fuzz/shared.h
index 3aac0d118..69e429824 100644
--- a/fuzz/shared.h
+++ b/fuzz/shared.h
@@ -7,6 +7,7 @@
 #ifndef shared_h__
 #define shared_h__
 
+#include "FuzzerRandom.h"
 #include "cert.h"
 #include "nss.h"
 
diff --git a/fuzz/spki_target.cc b/fuzz/spki_target.cc
index c91e0d4c7..708ba3bf8 100644
--- a/fuzz/spki_target.cc
+++ b/fuzz/spki_target.cc
@@ -3,7 +3,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "FuzzerInternal.h"
-#include "FuzzerRandom.h"
 #include "asn1_mutators.h"
 #include "shared.h"