From e298cb10feab3115b6da189a0f569e24b4f6c2a9 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Wed, 11 May 2016 16:07:14 +0100 Subject: [PATCH] Fuzz everything with every input. Reviewed-by: Rich Salz --- fuzz/asn1.c | 92 ++++++++++++++++++++----------------------------- fuzz/build.info | 6 +++- 2 files changed, 43 insertions(+), 55 deletions(-) diff --git a/fuzz/asn1.c b/fuzz/asn1.c index fc129a86b0..fdf4c5ee29 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -26,61 +26,45 @@ #include #include "fuzzer.h" -static const ASN1_ITEM *item_type; - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - const char *cmd; - OPENSSL_assert(*argc > 1); - - cmd = (*argv)[1]; - (*argv)[1] = (*argv)[0]; - ++*argv; - --*argc; - - // TODO: make this work like d2i_test.c does, once its decided what the - // common scheme is! -#define Y(t) if (!strcmp(cmd, #t)) item_type = ASN1_ITEM_rptr(t) -#define X(t) else Y(t) - - Y(ASN1_SEQUENCE); - X(AUTHORITY_INFO_ACCESS); - X(BIGNUM); - X(ECPARAMETERS); - X(ECPKPARAMETERS); - X(GENERAL_NAME); - X(GENERAL_SUBTREE); - X(NAME_CONSTRAINTS); - X(OCSP_BASICRESP); - X(OCSP_RESPONSE); - X(PKCS12); - X(PKCS12_AUTHSAFES); - X(PKCS12_SAFEBAGS); - X(PKCS7); - X(PKCS7_ATTR_SIGN); - X(PKCS7_ATTR_VERIFY); - X(PKCS7_DIGEST); - X(PKCS7_ENC_CONTENT); - X(PKCS7_ENCRYPT); - X(PKCS7_ENVELOPE); - X(PKCS7_RECIP_INFO); - X(PKCS7_SIGN_ENVELOPE); - X(PKCS7_SIGNED); - X(PKCS7_SIGNER_INFO); - X(POLICY_CONSTRAINTS); - X(POLICY_MAPPINGS); - X(SXNET); - //X(TS_RESP); want to do this, but type is hidden, however d2i exists... - X(X509); - X(X509_CRL); - else - OPENSSL_assert(!"Bad type"); - - return 0; -} +static const ASN1_ITEM *item_type[] = { + ASN1_ITEM_rptr(ASN1_SEQUENCE), + ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS), + ASN1_ITEM_rptr(BIGNUM), + ASN1_ITEM_rptr(ECPARAMETERS), + ASN1_ITEM_rptr(ECPKPARAMETERS), + ASN1_ITEM_rptr(GENERAL_NAME), + ASN1_ITEM_rptr(GENERAL_SUBTREE), + ASN1_ITEM_rptr(NAME_CONSTRAINTS), + ASN1_ITEM_rptr(OCSP_BASICRESP), + ASN1_ITEM_rptr(OCSP_RESPONSE), + ASN1_ITEM_rptr(PKCS12), + ASN1_ITEM_rptr(PKCS12_AUTHSAFES), + ASN1_ITEM_rptr(PKCS12_SAFEBAGS), + ASN1_ITEM_rptr(PKCS7), + ASN1_ITEM_rptr(PKCS7_ATTR_SIGN), + ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY), + ASN1_ITEM_rptr(PKCS7_DIGEST), + ASN1_ITEM_rptr(PKCS7_ENC_CONTENT), + ASN1_ITEM_rptr(PKCS7_ENCRYPT), + ASN1_ITEM_rptr(PKCS7_ENVELOPE), + ASN1_ITEM_rptr(PKCS7_RECIP_INFO), + ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE), + ASN1_ITEM_rptr(PKCS7_SIGNED), + ASN1_ITEM_rptr(PKCS7_SIGNER_INFO), + ASN1_ITEM_rptr(POLICY_CONSTRAINTS), + ASN1_ITEM_rptr(POLICY_MAPPINGS), + ASN1_ITEM_rptr(SXNET), + //ASN1_ITEM_rptr(TS_RESP), want to do this, but type is hidden, however d2i exists... + ASN1_ITEM_rptr(X509), + ASN1_ITEM_rptr(X509_CRL), + NULL +}; int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { - const uint8_t *b = buf; - ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type); - ASN1_item_free(o, item_type); + for (int n = 0; item_type[n] != NULL; ++n) { + const uint8_t *b = buf; + ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]); + ASN1_item_free(o, item_type[n]); + } return 0; } diff --git a/fuzz/build.info b/fuzz/build.info index 1df1e4d816..3569418c0d 100644 --- a/fuzz/build.info +++ b/fuzz/build.info @@ -1,4 +1,4 @@ -PROGRAMS=asn1 asn1parse bignum bndiv cms conf server +PROGRAMS=asn1 asn1parse bignum bndiv cms conf ct server SOURCE[asn1]=asn1.c INCLUDE[asn1]=../include ../../../svn-work/Fuzzer @@ -24,6 +24,10 @@ SOURCE[conf]=conf.c INCLUDE[conf]=../include ../../../svn-work/Fuzzer DEPEND[conf]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer +SOURCE[ct]=ct.c +INCLUDE[ct]=../include ../../../svn-work/Fuzzer +DEPEND[ct]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer + SOURCE[server]=server.c INCLUDE[server]=../include ../../../svn-work/Fuzzer DEPEND[server]=../libcrypto ../libssl ../../../svn-work/Fuzzer/libFuzzer -- 2.25.1