Add standalone PKCS#8 and SPKI fuzzers.

We already had coverage for our new EVP_PKEY parsers, but it's good to have some that cover them directly. The initial corpus was generated manually with der-ascii and should cover most of the insanity around EC key serialization. BUG=15 Change-Id: I7aaf56876680bfd5a89f5e365c5052eee03ba862 Reviewed-on: https://boringssl-review.googlesource.com/7728 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan · 1fc7564ba7
--- a/FUZZING.md
+++ b/FUZZING.md
@@ -32,10 +32,12 @@ The recommended values of `max_len` for each test are:

 | Test      | `max_len` value |
 |-----------|-----------------|
 | `privkey` | 2048            |
 | `cert`    | 3072            |
 | `server`  | 4096            |
 | `client`  | 20000           |
 | `pkcs8`   | 2048            |
 | `privkey` | 2048            |
 | `server`  | 4096            |
 | `spki`    | 1024            |


 These were determined by rounding up the length of the largest case in the corpus.
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -166,7 +166,7 @@ add_library(
  $<TARGET_OBJECTS:pem>
  $<TARGET_OBJECTS:x509>
  $<TARGET_OBJECTS:x509v3>
  $<TARGET_OBJECTS:pkcs8>
  $<TARGET_OBJECTS:pkcs8_lib>
 )

 if(NOT MSVC AND NOT ANDROID)
--- a/crypto/pkcs8/CMakeLists.txt
+++ b/crypto/pkcs8/CMakeLists.txt
@@ -1,7 +1,7 @@
 include_directories(../../include)

 add_library(
  pkcs8
  pkcs8_lib

  OBJECT

--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -18,6 +18,24 @@ add_executable(
 target_link_libraries(cert Fuzzer)
 target_link_libraries(cert crypto)

 add_executable(
  spki

  spki.cc
 )

 target_link_libraries(spki Fuzzer)
 target_link_libraries(spki crypto)

 add_executable(
  pkcs8

  pkcs8.cc
 )

 target_link_libraries(pkcs8 Fuzzer)
 target_link_libraries(pkcs8 crypto)

 add_executable(
  server

--- a/fuzz/pkcs8.cc
+++ b/fuzz/pkcs8.cc
@@ -0,0 +1,38 @@
 /* Copyright (c) 2016, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 #include <openssl/bytestring.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>

 extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
  CBS cbs;
  CBS_init(&cbs, buf, len);
  EVP_PKEY *pkey = EVP_parse_private_key(&cbs);
  if (pkey == NULL) {
    return 0;
  }

  uint8_t *der;
  size_t der_len;
  CBB cbb;
  if (CBB_init(&cbb, 0) &&
      EVP_marshal_private_key(&cbb, pkey) &&
      CBB_finish(&cbb, &der, &der_len)) {
    OPENSSL_free(der);
  }
  CBB_cleanup(&cbb);
  EVP_PKEY_free(pkey);
  return 0;
 }
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/fuzz/spki.cc
+++ b/fuzz/spki.cc
@@ -0,0 +1,38 @@
 /* Copyright (c) 2016, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 #include <openssl/bytestring.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>

 extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
  CBS cbs;
  CBS_init(&cbs, buf, len);
  EVP_PKEY *pkey = EVP_parse_public_key(&cbs);
  if (pkey == NULL) {
    return 0;
  }

  uint8_t *der;
  size_t der_len;
  CBB cbb;
  if (CBB_init(&cbb, 0) &&
      EVP_marshal_public_key(&cbb, pkey) &&
      CBB_finish(&cbb, &der, &der_len)) {
    OPENSSL_free(der);
  }
  CBB_cleanup(&cbb);
  EVP_PKEY_free(pkey);
  return 0;
 }
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär
--- a/Binär
+++ b/Binär