Bug 1332638 - fuzz PK11_Hashing, r=ttaubert
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Fri, 20 Jan 2017 12:33:54 +0100
changeset 13044 9338958a0692a407548e7e308f42cb56cd77d602
parent 13043 d6c0ca8e233dcb3acca093542d0064fbb7b56512
child 13045 6e1980cb796560b0c459d210b80cdfbb2f487394
push id1944
push userfranziskuskiefer@gmail.com
push dateFri, 20 Jan 2017 15:45:18 +0000
reviewersttaubert
bugs1332638
Bug 1332638 - fuzz PK11_Hashing, r=ttaubert Differential Revision: https://nss-review.dev.mozaws.net/D158
fuzz/cert_target.cc
fuzz/fuzz.gyp
fuzz/hash_target.cc
fuzz/pkcs8_target.cc
fuzz/shared.h
fuzz/spki_target.cc
--- a/fuzz/cert_target.cc
+++ b/fuzz/cert_target.cc
@@ -1,14 +1,13 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "FuzzerInternal.h"
-#include "FuzzerRandom.h"
 #include "asn1_mutators.h"
 #include "shared.h"
 
 extern const uint16_t DEFAULT_MAX_LENGTH = 3072U;
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   CERTCertificate cert;
   QuickDERDecode(&cert, SEC_SignedCertificateTemplate, Data, Size);
--- a/fuzz/fuzz.gyp
+++ b/fuzz/fuzz.gyp
@@ -120,18 +120,31 @@
         'pkcs8_target.cc',
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         'fuzz_base',
       ],
     },
     {
+      'target_name': 'nssfuzz-hash',
+      'type': 'executable',
+      'sources': [
+        'hash_target.cc',
+        'initialize.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'fuzz_base',
+      ],
+    },
+    {
       'target_name': 'nssfuzz',
       'type': 'none',
       'dependencies': [
         'nssfuzz-cert',
-        'nssfuzz-spki',
+        'nssfuzz-hash',
         'nssfuzz-pkcs8',
-      ],
+        'nssfuzz-spki',
+      ]
     }
   ],
 }
new file mode 100644
--- /dev/null
+++ b/fuzz/hash_target.cc
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include <vector>
+
+#include "FuzzerInternal.h"
+#include "hasht.h"
+#include "pk11pub.h"
+#include "secoidt.h"
+#include "shared.h"
+
+extern const uint16_t DEFAULT_MAX_LENGTH = 4096U;
+
+const std::vector<SECOidTag> algos = {SEC_OID_MD5, SEC_OID_SHA1, SEC_OID_SHA256,
+                                      SEC_OID_SHA384, SEC_OID_SHA512};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  uint8_t hashOut[HASH_LENGTH_MAX];
+
+  static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
+  assert(db != nullptr);
+
+  // simple hashing.
+  for (auto algo : algos) {
+    assert(PK11_HashBuf(algo, hashOut, data, size) == SECSuccess);
+  }
+
+  // hashing with context.
+  for (auto algo : algos) {
+    unsigned int len = 0;
+    PK11Context *context = PK11_CreateDigestContext(algo);
+    assert(context != nullptr);
+    assert(PK11_DigestBegin(context) == SECSuccess);
+    assert(PK11_DigestFinal(context, hashOut, &len, HASH_LENGTH_MAX) ==
+           SECSuccess);
+    PK11_DestroyContext(context, PR_TRUE);
+  }
+
+  return 0;
+}
--- a/fuzz/pkcs8_target.cc
+++ b/fuzz/pkcs8_target.cc
@@ -4,17 +4,16 @@
 
 #include <memory>
 #include <vector>
 
 #include "keyhi.h"
 #include "pk11pub.h"
 
 #include "FuzzerInternal.h"
-#include "FuzzerRandom.h"
 #include "asn1_mutators.h"
 #include "assert.h"
 #include "shared.h"
 
 extern const uint16_t DEFAULT_MAX_LENGTH = 2048U;
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   SECItem data = {siBuffer, (unsigned char *)Data, (unsigned int)Size};
--- a/fuzz/shared.h
+++ b/fuzz/shared.h
@@ -2,16 +2,17 @@
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef shared_h__
 #define shared_h__
 
+#include "FuzzerRandom.h"
 #include "cert.h"
 #include "nss.h"
 
 class NSSDatabase {
  public:
   NSSDatabase() { NSS_NoDB_Init(nullptr); }
   ~NSSDatabase() { NSS_Shutdown(); }
 };
--- a/fuzz/spki_target.cc
+++ b/fuzz/spki_target.cc
@@ -1,14 +1,13 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "FuzzerInternal.h"
-#include "FuzzerRandom.h"
 #include "asn1_mutators.h"
 #include "shared.h"
 
 extern const uint16_t DEFAULT_MAX_LENGTH = 1024U;
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   CERTSubjectPublicKeyInfo spki;
   QuickDERDecode(&spki, CERT_SubjectPublicKeyInfoTemplate, Data, Size);