diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2017-01-20 17:17:31 +0100 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2017-01-20 17:17:31 +0100 |
commit | 9f6911e8dcd7d93d15cf1cd0920bf958b386f005 (patch) | |
tree | 14648af076b3170110e8cd0a57e3b0f1a4b98eb6 /fuzz | |
parent | b6fc9de8bb595ffbbca32433f524d507322d31df (diff) | |
download | nss-hg-9f6911e8dcd7d93d15cf1cd0920bf958b386f005.tar.gz |
Bug 1332652 - Replace SPKI and Cert tests with a single QuickDER fuzzing target r=franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D166
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/fuzz.gyp | 27 | ||||
-rw-r--r-- | fuzz/quickder_target.cc | 83 | ||||
-rw-r--r-- | fuzz/shared.h | 11 |
3 files changed, 90 insertions, 31 deletions
diff --git a/fuzz/fuzz.gyp b/fuzz/fuzz.gyp index deb1c6fee..94dac8b3f 100644 --- a/fuzz/fuzz.gyp +++ b/fuzz/fuzz.gyp @@ -38,6 +38,7 @@ '<(DEPTH)/lib/util/util.gyp:nssutil', '<(DEPTH)/lib/nss/nss.gyp:nss_static', '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap', + '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7', ], 'conditions': [ ['use_fuzzing_engine==0', { @@ -86,25 +87,12 @@ ], }, { - 'target_name': 'nssfuzz-cert', - 'type': 'executable', - 'sources': [ - 'asn1_mutators.cc', - 'cert_target.cc', - 'initialize.cc', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports', - 'fuzz_base', - ], - }, - { - 'target_name': 'nssfuzz-spki', + 'target_name': 'nssfuzz-pkcs8', 'type': 'executable', 'sources': [ 'asn1_mutators.cc', - 'spki_target.cc', 'initialize.cc', + 'pkcs8_target.cc', ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', @@ -112,12 +100,12 @@ ], }, { - 'target_name': 'nssfuzz-pkcs8', + 'target_name': 'nssfuzz-quickder', 'type': 'executable', 'sources': [ 'asn1_mutators.cc', 'initialize.cc', - 'pkcs8_target.cc', + 'quickder_target.cc', ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', @@ -140,11 +128,10 @@ 'target_name': 'nssfuzz', 'type': 'none', 'dependencies': [ - 'nssfuzz-cert', 'nssfuzz-hash', 'nssfuzz-pkcs8', - 'nssfuzz-spki', - ] + 'nssfuzz-quickder', + ], } ], } diff --git a/fuzz/quickder_target.cc b/fuzz/quickder_target.cc new file mode 100644 index 000000000..d77baf04c --- /dev/null +++ b/fuzz/quickder_target.cc @@ -0,0 +1,83 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "FuzzerInternal.h" +#include "asn1_mutators.h" +#include "shared.h" + +const std::vector<const SEC_ASN1Template *> templates = { + CERT_AttributeTemplate, + CERT_CertExtensionTemplate, + CERT_CertificateRequestTemplate, + CERT_CertificateTemplate, + CERT_CrlTemplate, + CERT_IssuerAndSNTemplate, + CERT_NameTemplate, + CERT_PublicKeyAndChallengeTemplate, + CERT_RDNTemplate, + CERT_SequenceOfCertExtensionTemplate, + CERT_SetOfAttributeTemplate, + CERT_SetOfSignedCrlTemplate, + CERT_SignedCrlTemplate, + CERT_SignedDataTemplate, + CERT_SubjectPublicKeyInfoTemplate, + CERT_TimeChoiceTemplate, + CERT_ValidityTemplate, + SEC_AnyTemplate, + SEC_BitStringTemplate, + SEC_BMPStringTemplate, + SEC_BooleanTemplate, + SEC_CertSequenceTemplate, + SEC_EnumeratedTemplate, + SEC_GeneralizedTimeTemplate, + SEC_IA5StringTemplate, + SEC_IntegerTemplate, + SEC_NullTemplate, + SEC_ObjectIDTemplate, + SEC_OctetStringTemplate, + SEC_PointerToAnyTemplate, + SEC_PointerToEnumeratedTemplate, + SEC_PointerToGeneralizedTimeTemplate, + SEC_PointerToOctetStringTemplate, + SEC_PrintableStringTemplate, + SEC_SetOfAnyTemplate, + SEC_SetOfEnumeratedTemplate, + SEC_SequenceOfAnyTemplate, + SEC_SequenceOfObjectIDTemplate, + SEC_SignedCertificateTemplate, + SEC_SkipTemplate, + SEC_T61StringTemplate, + SEC_UniversalStringTemplate, + SEC_UTCTimeTemplate, + SEC_UTF8StringTemplate, + SEC_VisibleStringTemplate, + SECKEY_DHParamKeyTemplate, + SECKEY_DHPublicKeyTemplate, + SECKEY_DSAPrivateKeyExportTemplate, + SECKEY_DSAPublicKeyTemplate, + SECKEY_PQGParamsTemplate, + SECKEY_PrivateKeyInfoTemplate, + SECKEY_RSAPSSParamsTemplate, + SECKEY_RSAPublicKeyTemplate, + SECOID_AlgorithmIDTemplate}; + +extern const uint16_t DEFAULT_MAX_LENGTH = 10000U; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + char *dest[2048]; + + for (auto tpl : templates) { + PORTCheapArenaPool pool; + SECItem buf = {siBuffer, const_cast<unsigned char *>(Data), + static_cast<unsigned int>(Size)}; + + PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE); + (void)SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf); + PORT_DestroyCheapArena(&pool); + } + + return 0; +} + +ADD_CUSTOM_MUTATORS({&ASN1MutatorFlipConstructed, &ASN1MutatorChangeType}) diff --git a/fuzz/shared.h b/fuzz/shared.h index 69e429824..142058069 100644 --- a/fuzz/shared.h +++ b/fuzz/shared.h @@ -17,17 +17,6 @@ class NSSDatabase { ~NSSDatabase() { NSS_Shutdown(); } }; -void QuickDERDecode(void *dst, const SEC_ASN1Template *tpl, const uint8_t *buf, - size_t len) { - PORTCheapArenaPool pool; - SECItem data = {siBuffer, const_cast<unsigned char *>(buf), - static_cast<unsigned int>(len)}; - - PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE); - (void)SEC_QuickDERDecodeItem(&pool.arena, dst, tpl, &data); - PORT_DestroyCheapArena(&pool); -} - size_t CustomMutate(std::vector<decltype(LLVMFuzzerCustomMutator) *> mutators, uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed) { |