Add standalone PKCS#8 and SPKI fuzzers.

We already had coverage for our new EVP_PKEY parsers, but it's good to have
some that cover them directly. The initial corpus was generated manually with
der-ascii and should cover most of the insanity around EC key serialization.

BUG=15

Change-Id: I7aaf56876680bfd5a89f5e365c5052eee03ba862
Reviewed-on: https://boringssl-review.googlesource.com/7728
Reviewed-by: Adam Langley <[email protected]>

FUZZING.md

@@ -32,10 +32,12 @@ The recommended values of `max_len` for each test are:
 
 | Test      | `max_len` value |
 |-----------|-----------------|
-| `privkey` | 2048            |
 | `cert`    | 3072            |
-| `server`  | 4096            |
 | `client`  | 20000           |
+| `pkcs8`   | 2048            |
+| `privkey` | 2048            |
+| `server`  | 4096            |
+| `spki`    | 1024            |
 
 
 These were determined by rounding up the length of the largest case in the corpus.

crypto/CMakeLists.txt

@@ -166,7 +166,7 @@ add_library(
   $<TARGET_OBJECTS:pem>
   $<TARGET_OBJECTS:x509>
   $<TARGET_OBJECTS:x509v3>
-  $<TARGET_OBJECTS:pkcs8>
+  $<TARGET_OBJECTS:pkcs8_lib>
 )
 
 if(NOT MSVC AND NOT ANDROID)

crypto/pkcs8/CMakeLists.txt

@@ -1,7 +1,7 @@
 include_directories(../../include)
 
 add_library(
-  pkcs8
+  pkcs8_lib
 
   OBJECT
 

fuzz/CMakeLists.txt

@@ -18,6 +18,24 @@ add_executable(
 target_link_libraries(cert Fuzzer)
 target_link_libraries(cert crypto)
 
+add_executable(
+  spki
+
+  spki.cc
+)
+
+target_link_libraries(spki Fuzzer)
+target_link_libraries(spki crypto)
+
+add_executable(
+  pkcs8
+
+  pkcs8.cc
+)
+
+target_link_libraries(pkcs8 Fuzzer)
+target_link_libraries(pkcs8 crypto)
+
 add_executable(
   server
 

fuzz/pkcs8.cc

@@ -0,0 +1,38 @@
+/* Copyright (c) 2016, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/bytestring.h>
+#include <openssl/evp.h>
+#include <openssl/mem.h>
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
+  CBS cbs;
+  CBS_init(&cbs, buf, len);
+  EVP_PKEY *pkey = EVP_parse_private_key(&cbs);
+  if (pkey == NULL) {
+    return 0;
+  }
+
+  uint8_t *der;
+  size_t der_len;
+  CBB cbb;
+  if (CBB_init(&cbb, 0) &&
+      EVP_marshal_private_key(&cbb, pkey) &&
+      CBB_finish(&cbb, &der, &der_len)) {
+    OPENSSL_free(der);
+  }
+  CBB_cleanup(&cbb);
+  EVP_PKEY_free(pkey);
+  return 0;
+}

fuzz/spki.cc

@@ -0,0 +1,38 @@
+/* Copyright (c) 2016, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/bytestring.h>
+#include <openssl/evp.h>
+#include <openssl/mem.h>
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
+  CBS cbs;
+  CBS_init(&cbs, buf, len);
+  EVP_PKEY *pkey = EVP_parse_public_key(&cbs);
+  if (pkey == NULL) {
+    return 0;
+  }
+
+  uint8_t *der;
+  size_t der_len;
+  CBB cbb;
+  if (CBB_init(&cbb, 0) &&
+      EVP_marshal_public_key(&cbb, pkey) &&
+      CBB_finish(&cbb, &der, &der_len)) {
+    OPENSSL_free(der);
+  }
+  CBB_cleanup(&cbb);
+  EVP_PKEY_free(pkey);
+  return 0;
+}