diff --git a/crypto/pkcs8/pkcs12_test.cc b/crypto/pkcs8/pkcs12_test.cc index 5fb7903ae7..e6c0e56bcd 100644 --- a/crypto/pkcs8/pkcs12_test.cc +++ b/crypto/pkcs8/pkcs12_test.cc @@ -1234,11 +1234,17 @@ TEST(PKCS12Test, TestPBES2) { } TEST(PKCS12Test, TestEmptyPassword) { +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + return; // The MAC check always passes in fuzzer mode. +#endif TestImpl("EmptyPassword (empty password)", kEmptyPassword, "", nullptr); TestImpl("EmptyPassword (null password)", kEmptyPassword, nullptr, nullptr); } TEST(PKCS12Test, TestNullPassword) { +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + return; // The MAC check always passes in fuzzer mode. +#endif TestImpl("NullPassword (empty password)", kNullPassword, "", nullptr); TestImpl("NullPassword (null password)", kNullPassword, nullptr, nullptr); } diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c index 3cdbddb92e..23aad09f3b 100644 --- a/crypto/pkcs8/pkcs8_x509.c +++ b/crypto/pkcs8/pkcs8_x509.c @@ -573,6 +573,9 @@ static int pkcs12_check_mac(int *out_mac_ok, const char *password, } *out_mac_ok = CBS_mem_equal(expected_mac, hmac, hmac_len); +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + *out_mac_ok = 1; +#endif ret = 1; err: diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index eddb38c5b0..a269696112 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -2,127 +2,44 @@ include_directories(../include) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-missing-prototypes") -add_executable( - bn_mod_exp +add_executable(bn_mod_exp bn_mod_exp.cc) +target_link_libraries(bn_mod_exp Fuzzer crypto) - bn_mod_exp.cc -) +add_executable(bn_div bn_div.cc) +target_link_libraries(bn_div Fuzzer crypto) -target_link_libraries(bn_mod_exp Fuzzer) -target_link_libraries(bn_mod_exp crypto) +add_executable(privkey privkey.cc) +target_link_libraries(privkey Fuzzer crypto) -add_executable( - bn_div +add_executable(cert cert.cc) +target_link_libraries(cert Fuzzer crypto) - bn_div.cc -) +add_executable(spki spki.cc) +target_link_libraries(spki Fuzzer crypto) -target_link_libraries(bn_div Fuzzer) -target_link_libraries(bn_div crypto) +add_executable(pkcs8 pkcs8.cc) +target_link_libraries(pkcs8 Fuzzer crypto) -add_executable( - privkey +add_executable(pkcs12 pkcs12.cc) +target_link_libraries(pkcs12 Fuzzer crypto) - privkey.cc -) +add_executable(server server.cc) +target_link_libraries(server Fuzzer crypto ssl) -target_link_libraries(privkey Fuzzer) -target_link_libraries(privkey crypto) +add_executable(client client.cc) +target_link_libraries(client Fuzzer crypto ssl) -add_executable( - cert +add_executable(dtls_server dtls_server.cc) +target_link_libraries(dtls_server Fuzzer crypto ssl) - cert.cc -) +add_executable(dtls_client dtls_client.cc) +target_link_libraries(dtls_client Fuzzer crypto ssl) -target_link_libraries(cert Fuzzer) -target_link_libraries(cert crypto) +add_executable(read_pem read_pem.cc) +target_link_libraries(read_pem Fuzzer crypto) -add_executable( - spki +add_executable(ssl_ctx_api ssl_ctx_api.cc) +target_link_libraries(ssl_ctx_api Fuzzer crypto ssl) - spki.cc -) - -target_link_libraries(spki Fuzzer) -target_link_libraries(spki crypto) - -add_executable( - pkcs8 - - pkcs8.cc -) - -target_link_libraries(pkcs8 Fuzzer) -target_link_libraries(pkcs8 crypto) - -add_executable( - server - - server.cc -) - -target_link_libraries(server Fuzzer) -target_link_libraries(server crypto) -target_link_libraries(server ssl) - -add_executable( - client - - client.cc -) - -target_link_libraries(client Fuzzer) -target_link_libraries(client crypto) -target_link_libraries(client ssl) - -add_executable( - dtls_server - - dtls_server.cc -) - -target_link_libraries(dtls_server Fuzzer) -target_link_libraries(dtls_server crypto) -target_link_libraries(dtls_server ssl) - -add_executable( - dtls_client - - dtls_client.cc -) - -target_link_libraries(dtls_client Fuzzer) -target_link_libraries(dtls_client crypto) -target_link_libraries(dtls_client ssl) - -add_executable( - read_pem - - read_pem.cc -) - -target_link_libraries(read_pem Fuzzer) -target_link_libraries(read_pem crypto) - -add_executable( - ssl_ctx_api - - ssl_ctx_api.cc -) - -target_link_libraries(ssl_ctx_api Fuzzer) -target_link_libraries(ssl_ctx_api crypto) -target_link_libraries(ssl_ctx_api ssl) - -add_executable( - session - - session.cc - - $ -) - -target_link_libraries(session Fuzzer) -target_link_libraries(session crypto) -target_link_libraries(session ssl) +add_executable(session session.cc) +target_link_libraries(session Fuzzer crypto ssl) diff --git a/fuzz/pkcs12.cc b/fuzz/pkcs12.cc new file mode 100644 index 0000000000..85bb0e349b --- /dev/null +++ b/fuzz/pkcs12.cc @@ -0,0 +1,29 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include +#include +#include + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + bssl::UniquePtr certs(sk_X509_new_null()); + EVP_PKEY *key = nullptr; + CBS cbs; + CBS_init(&cbs, buf, len); + PKCS12_get_key_and_certs(&key, certs.get(), &cbs, "foo"); + EVP_PKEY_free(key); + return 0; +} diff --git a/fuzz/pkcs12_corpus/04191202c1f7d978bcb3a4c1316d88b046689e31 b/fuzz/pkcs12_corpus/04191202c1f7d978bcb3a4c1316d88b046689e31 new file mode 100644 index 0000000000..5ead05fc12 Binary files /dev/null and b/fuzz/pkcs12_corpus/04191202c1f7d978bcb3a4c1316d88b046689e31 differ diff --git a/fuzz/pkcs12_corpus/7dbf598a00e4d22ac2ae1bc658fbc6596901d53f b/fuzz/pkcs12_corpus/7dbf598a00e4d22ac2ae1bc658fbc6596901d53f new file mode 100644 index 0000000000..2abe60f5fd Binary files /dev/null and b/fuzz/pkcs12_corpus/7dbf598a00e4d22ac2ae1bc658fbc6596901d53f differ diff --git a/fuzz/pkcs12_corpus/aab806b45129f3284cf9598951cdd57a86e63ab5 b/fuzz/pkcs12_corpus/aab806b45129f3284cf9598951cdd57a86e63ab5 new file mode 100644 index 0000000000..1049426ea9 Binary files /dev/null and b/fuzz/pkcs12_corpus/aab806b45129f3284cf9598951cdd57a86e63ab5 differ diff --git a/fuzz/pkcs12_corpus/fff673b3287ad0d26ffa212d14d94ce2d015c7ab b/fuzz/pkcs12_corpus/fff673b3287ad0d26ffa212d14d94ce2d015c7ab new file mode 100644 index 0000000000..f7cd26f68d Binary files /dev/null and b/fuzz/pkcs12_corpus/fff673b3287ad0d26ffa212d14d94ce2d015c7ab differ