From 4365cb23613edbb6ade5707daa050acab9c69f4f Mon Sep 17 00:00:00 2001 From: Tim Taubert Date: Wed, 12 Oct 2016 15:30:05 +0200 Subject: [PATCH] Bug 1308874 - Land basic libFuzzer fuzzing framework r=franziskus Differential Revision: https://nss-dev.phacility.com/D76 --- .gitignore | 2 + .hgignore | 2 + coreconf/sanitizers.mk | 4 ++ fuzz/.clang-format | 4 ++ fuzz/Makefile | 42 +++++++++++++ fuzz/clone_corpus.sh | 4 ++ fuzz/clone_libfuzzer.sh | 9 +++ fuzz/common.mk | 10 +++ fuzz/libFuzzer/Makefile | 45 ++++++++++++++ fuzz/libFuzzer/config.mk | 14 +++++ fuzz/libFuzzer/manifest.mn | 26 ++++++++ fuzz/manifest.mn | 8 +++ fuzz/nssfuzz/Makefile | 45 ++++++++++++++ fuzz/nssfuzz/cert_target.cc | 35 +++++++++++ fuzz/nssfuzz/manifest.mn | 24 ++++++++ fuzz/nssfuzz/nssfuzz.cc | 114 +++++++++++++++++++++++++++++++++++ fuzz/nssfuzz/pkcs8_target.cc | 37 ++++++++++++ fuzz/nssfuzz/registry.h | 71 ++++++++++++++++++++++ fuzz/nssfuzz/shared.h | 18 ++++++ fuzz/nssfuzz/spki_target.cc | 35 +++++++++++ manifest.mn | 4 ++ 21 files changed, 553 insertions(+) create mode 100644 fuzz/.clang-format create mode 100644 fuzz/Makefile create mode 100755 fuzz/clone_corpus.sh create mode 100755 fuzz/clone_libfuzzer.sh create mode 100644 fuzz/common.mk create mode 100644 fuzz/libFuzzer/Makefile create mode 100644 fuzz/libFuzzer/config.mk create mode 100644 fuzz/libFuzzer/manifest.mn create mode 100644 fuzz/manifest.mn create mode 100644 fuzz/nssfuzz/Makefile create mode 100644 fuzz/nssfuzz/cert_target.cc create mode 100644 fuzz/nssfuzz/manifest.mn create mode 100644 fuzz/nssfuzz/nssfuzz.cc create mode 100644 fuzz/nssfuzz/pkcs8_target.cc create mode 100644 fuzz/nssfuzz/registry.h create mode 100644 fuzz/nssfuzz/shared.h create mode 100644 fuzz/nssfuzz/spki_target.cc diff --git a/.gitignore b/.gitignore index 0a0b178582..c55ef00a24 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ GTAGS #* .#* .ycm_extra_conf.py* +fuzz/libFuzzer/* +fuzz/corpus diff --git a/.hgignore b/.hgignore index fbec8ac1bd..13ba3ed593 100644 --- a/.hgignore +++ b/.hgignore @@ -13,3 +13,5 @@ GTAGS #* .#* .ycm_extra_conf.py* +fuzz/libFuzzer/* +fuzz/corpus diff --git a/coreconf/sanitizers.mk b/coreconf/sanitizers.mk index 01ad213603..2e5e1ab8ca 100644 --- a/coreconf/sanitizers.mk +++ b/coreconf/sanitizers.mk @@ -8,6 +8,10 @@ ifeq ($(USE_UBSAN), 1) SANITIZER_FLAGS_COMMON += -fsanitize=undefined -fno-sanitize-recover=undefined endif +ifeq ($(FUZZ), 1) +SANITIZER_FLAGS_COMMON += -fsanitize-coverage=edge +endif + SANITIZER_FLAGS_COMMON += $(EXTRA_SANITIZER_FLAGS) SANITIZER_CFLAGS = $(SANITIZER_FLAGS_COMMON) SANITIZER_LDFLAGS = $(SANITIZER_FLAGS_COMMON) diff --git a/fuzz/.clang-format b/fuzz/.clang-format new file mode 100644 index 0000000000..06e3c5115f --- /dev/null +++ b/fuzz/.clang-format @@ -0,0 +1,4 @@ +--- +Language: Cpp +BasedOnStyle: Google +... diff --git a/fuzz/Makefile b/fuzz/Makefile new file mode 100644 index 0000000000..ae82276da2 --- /dev/null +++ b/fuzz/Makefile @@ -0,0 +1,42 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### diff --git a/fuzz/clone_corpus.sh b/fuzz/clone_corpus.sh new file mode 100755 index 0000000000..71ea727e09 --- /dev/null +++ b/fuzz/clone_corpus.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +cd $(dirname $0) +git clone https://github.com/mozilla/nss-fuzzing-corpus corpus diff --git a/fuzz/clone_libfuzzer.sh b/fuzz/clone_libfuzzer.sh new file mode 100755 index 0000000000..d58921e6b2 --- /dev/null +++ b/fuzz/clone_libfuzzer.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +cd $(dirname $0) +mkdir tmp/ +git clone -q https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer tmp/ +mv tmp/.git libFuzzer +rm -fr tmp +cd libFuzzer +git reset --hard 4333f2ca71eb7951fcafcdcb111012fbe25c5e7e diff --git a/fuzz/common.mk b/fuzz/common.mk new file mode 100644 index 0000000000..c12014c65d --- /dev/null +++ b/fuzz/common.mk @@ -0,0 +1,10 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +MKPROG = $(CCC) +MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) + +CXXFLAGS += -std=c++11 diff --git a/fuzz/libFuzzer/Makefile b/fuzz/libFuzzer/Makefile new file mode 100644 index 0000000000..85e8e9ac9b --- /dev/null +++ b/fuzz/libFuzzer/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +include config.mk + +include ../common.mk + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### diff --git a/fuzz/libFuzzer/config.mk b/fuzz/libFuzzer/config.mk new file mode 100644 index 0000000000..9ca6cae3ad --- /dev/null +++ b/fuzz/libFuzzer/config.mk @@ -0,0 +1,14 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# According to the LLVM docs, LibFuzzer isn't supposed to be built with any +# sanitizer flags and in fact, building it with ASan coverage currently causes +# Clang 3.9+ to crash, so we filter out all sanitizer-related flags here. +CXXFLAGS := $(filter-out -fsanitize%,$(CXXFLAGS)) +CFLAGS := $(filter-out -fsanitize%,$(CFLAGS)) +LDFLAGS := $(filter-out -fsanitize%,$(LDFLAGS)) +DARWIN_SDK_SHLIBFLAGS := $(filter-out -fsanitize%,$(DARWIN_SDK_SHLIBFLAGS)) + +CXXFLAGS += -g -O2 diff --git a/fuzz/libFuzzer/manifest.mn b/fuzz/libFuzzer/manifest.mn new file mode 100644 index 0000000000..54e0dad525 --- /dev/null +++ b/fuzz/libFuzzer/manifest.mn @@ -0,0 +1,26 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. +DEPTH = ../.. +MODULE = nss + +CPPSRCS = \ + FuzzerCrossOver.cpp \ + FuzzerDriver.cpp \ + FuzzerExtFunctionsDlsym.cpp \ + FuzzerExtFunctionsWeak.cpp \ + FuzzerIO.cpp \ + FuzzerLoop.cpp \ + FuzzerMutate.cpp \ + FuzzerSHA1.cpp \ + FuzzerTracePC.cpp \ + FuzzerTraceState.cpp \ + FuzzerUtil.cpp \ + FuzzerUtilDarwin.cpp \ + FuzzerUtilLinux.cpp \ + $(NULL) + +LIBRARY_NAME = Fuzzer +LIBRARY_VERSION = 1 diff --git a/fuzz/manifest.mn b/fuzz/manifest.mn new file mode 100644 index 0000000000..74d8986211 --- /dev/null +++ b/fuzz/manifest.mn @@ -0,0 +1,8 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = .. +DEPTH = .. + +DIRS = libFuzzer nssfuzz diff --git a/fuzz/nssfuzz/Makefile b/fuzz/nssfuzz/Makefile new file mode 100644 index 0000000000..dafa9f4936 --- /dev/null +++ b/fuzz/nssfuzz/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/cmd/platlibs.mk + +include ../common.mk + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### diff --git a/fuzz/nssfuzz/cert_target.cc b/fuzz/nssfuzz/cert_target.cc new file mode 100644 index 0000000000..147743129b --- /dev/null +++ b/fuzz/nssfuzz/cert_target.cc @@ -0,0 +1,35 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include +#include + +#include "cert.h" + +#include "registry.h" +#include "shared.h" + +extern "C" int cert_fuzzing_target(const uint8_t *Data, size_t Size) { + SECItem data = {siBuffer, (unsigned char *)Data, (unsigned int)Size}; + + static std::unique_ptr db(new NSSDatabase()); + assert(db != nullptr); + + static CERTCertDBHandle *certDB = CERT_GetDefaultCertDB(); + assert(certDB != NULL); + + CERTCertificate *cert = + CERT_NewTempCertificate(certDB, &data, nullptr, false, true); + + if (cert) { + CERT_DestroyCertificate(cert); + } + + return 0; +} + +REGISTER_FUZZING_TARGET("cert", cert_fuzzing_target, 3072, "Certificate Import") diff --git a/fuzz/nssfuzz/manifest.mn b/fuzz/nssfuzz/manifest.mn new file mode 100644 index 0000000000..ac797c2821 --- /dev/null +++ b/fuzz/nssfuzz/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. +DEPTH = ../.. +MODULE = nss + +CPPSRCS = \ + cert_target.cc \ + pkcs8_target.cc \ + spki_target.cc \ + nssfuzz.cc \ + $(NULL) + +INCLUDES += -I$(CORE_DEPTH)/fuzz/libFuzzer + +REQUIRES = nspr nss + +PROGRAM = nssfuzz + +EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)Fuzzer.$(LIB_SUFFIX) + +USE_STATIC_LIBS = 1 diff --git a/fuzz/nssfuzz/nssfuzz.cc b/fuzz/nssfuzz/nssfuzz.cc new file mode 100644 index 0000000000..ebbe7280bd --- /dev/null +++ b/fuzz/nssfuzz/nssfuzz.cc @@ -0,0 +1,114 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include +#include + +#include "keyhi.h" +#include "pk11pub.h" + +#include "FuzzerInternal.h" +#include "registry.h" +#include "shared.h" + +using namespace std; + +void printUsage(const vector &args) { + size_t sep = args.at(0).rfind("/") + 1; + string progName = args.at(0).substr(sep); + + cerr << progName << " - Various libFuzzer targets for NSS" << endl << endl; + cerr << "Usage: " << progName << " " << endl + << endl; + cerr << "Valid targets:" << endl; + + vector names = Registry::Names(); + + // Find length of the longest name. + size_t name_w = + max_element(names.begin(), names.end(), [](string &a, string &b) { + return a.size() < b.size(); + })->size(); + + // Find length of the longest description. + auto max = max_element(names.begin(), names.end(), [](string &a, string &b) { + return Registry::Desc(a).size() < Registry::Desc(b).size(); + }); + size_t desc_w = Registry::Desc(*max).size(); + + // Print list of targets. + for (string name : names) { + cerr << " " << left << setw(name_w) << name << " - " << setw(desc_w) + << Registry::Desc(name) + << " [default max_len=" << Registry::MaxLen(name) << "]" << endl; + } + + // Some usage examples. + cerr << endl << "Run fuzzer with a given corpus directory:" << endl; + cerr << " " << progName << " /path/to/corpus" << endl; + + cerr << endl << "Run fuzzer with a single test input:" << endl; + cerr << " " << progName + << " ./crash-14d4355b971092e39572bc306a135ddf9f923e19" << endl; + + cerr << endl + << "Specify the number of cores you wish to dedicate to fuzzing:" + << endl; + cerr << " " << progName << " -jobs=8 -workers=8 /path/to/corpus" + << endl; + + cerr << endl << "Override the maximum length of a test input:" << endl; + cerr << " " << progName << " -max_len=2048 /path/to/corpus" << endl; + + cerr << endl + << "Minimize a given corpus and put the result into 'new_corpus':" + << endl; + cerr << " " << progName + << " -merge=1 -max_len=50000 ./new_corpus /path/to/corpus" + << endl; + + cerr << endl << "Merge new test inputs into a corpus:" << endl; + cerr + << " " << progName + << " -merge=1 -max_len=50000 /path/to/corpus ./inputs1 ./inputs2" + << endl; + + cerr << endl << "Print libFuzzer usage information:" << endl; + cerr << " " << progName << " -help=1" << endl << endl; + + cerr << "Check out the docs at http://llvm.org/docs/LibFuzzer.html" << endl; +} + +int main(int argc, char **argv) { + vector args(argv, argv + argc); + + if (args.size() < 2 || !Registry::Has(args[1])) { + printUsage(args); + return 1; + } + + string targetName = args.at(1); + uint16_t maxLen = Registry::MaxLen(targetName); + string maxLenArg = "-max_len=" + to_string(maxLen); + + auto find = [](string &a) { + return a.find("-max_len=") == 0 || a.find("-merge=1") == 0; + }; + + if (any_of(args.begin(), args.end(), find)) { + // Remove the 2nd argument. + argv[1] = argv[0]; + argv++; + argc--; + } else { + // Set default max_len arg, if none given and we're not merging. + argv[1] = const_cast(maxLenArg.c_str()); + } + + // Hand control to the libFuzzer driver. + return fuzzer::FuzzerDriver(&argc, &argv, Registry::Func(targetName)); +} diff --git a/fuzz/nssfuzz/pkcs8_target.cc b/fuzz/nssfuzz/pkcs8_target.cc new file mode 100644 index 0000000000..8b6ed7b57b --- /dev/null +++ b/fuzz/nssfuzz/pkcs8_target.cc @@ -0,0 +1,37 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include +#include + +#include "keyhi.h" +#include "pk11pub.h" + +#include "registry.h" +#include "shared.h" + +extern "C" int pkcs8_fuzzing_target(const uint8_t *Data, size_t Size) { + SECItem data = {siBuffer, (unsigned char *)Data, (unsigned int)Size}; + + static std::unique_ptr db(new NSSDatabase()); + assert(db != nullptr); + + PK11SlotInfo *slot = PK11_GetInternalSlot(); + assert(slot != nullptr); + + SECKEYPrivateKey *key = nullptr; + if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, &data, nullptr, nullptr, + false, false, KU_ALL, &key, + nullptr) == SECSuccess) { + SECKEY_DestroyPrivateKey(key); + } + + PK11_FreeSlot(slot); + return 0; +} + +REGISTER_FUZZING_TARGET("pkcs8", pkcs8_fuzzing_target, 2048, "PKCS#8 Import") diff --git a/fuzz/nssfuzz/registry.h b/fuzz/nssfuzz/registry.h new file mode 100644 index 0000000000..3458263aae --- /dev/null +++ b/fuzz/nssfuzz/registry.h @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef registry_h__ +#define registry_h__ + +#include +#include "nss.h" +#include "FuzzerInternal.h" + +class Registry { + public: + static void Add(std::string name, fuzzer::UserCallback func, + uint16_t max_len, std::string desc) { + assert(!Has(name)); + GetInstance().targets_[name] = TargetData(func, max_len, desc); + } + + static bool Has(std::string name) { + return GetInstance().targets_.count(name) > 0; + } + + static fuzzer::UserCallback Func(std::string name) { + assert(Has(name)); + return std::get<0>(Get(name)); + } + + static uint16_t MaxLen(std::string name) { + assert(Has(name)); + return std::get<1>(Get(name)); + } + + static std::string& Desc(std::string name) { + assert(Has(name)); + return std::get<2>(Get(name)); + } + + static std::vector Names() { + std::vector names; + for (auto &it : GetInstance().targets_) { + names.push_back(it.first); + } + return names; + } + + private: + typedef std::tuple TargetData; + + static Registry& GetInstance() { + static Registry registry; + return registry; + } + + static TargetData& Get(std::string name) { + return GetInstance().targets_[name]; + } + + Registry() {} + + std::map targets_; +}; + +#define REGISTER_FUZZING_TARGET(name, func, max_len, desc) \ + static void __attribute__ ((constructor)) RegisterFuzzingTarget() { \ + Registry::Add(name, func, max_len, desc); \ + } + +#endif // registry_h__ diff --git a/fuzz/nssfuzz/shared.h b/fuzz/nssfuzz/shared.h new file mode 100644 index 0000000000..c93aa5dd8a --- /dev/null +++ b/fuzz/nssfuzz/shared.h @@ -0,0 +1,18 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef shared_h__ +#define shared_h__ + +#include "nss.h" + +class NSSDatabase { + public: + NSSDatabase() { NSS_NoDB_Init(nullptr); } + ~NSSDatabase() { NSS_Shutdown(); } +}; + +#endif // shared_h__ diff --git a/fuzz/nssfuzz/spki_target.cc b/fuzz/nssfuzz/spki_target.cc new file mode 100644 index 0000000000..9b1de587a1 --- /dev/null +++ b/fuzz/nssfuzz/spki_target.cc @@ -0,0 +1,35 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include +#include + +#include "keyhi.h" +#include "pk11pub.h" + +#include "registry.h" +#include "shared.h" + +extern "C" int spki_fuzzing_target(const uint8_t *Data, size_t Size) { + SECItem data = {siBuffer, (unsigned char *)Data, (unsigned int)Size}; + + static std::unique_ptr db(new NSSDatabase()); + assert(db != nullptr); + + CERTSubjectPublicKeyInfo *spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&data); + + if (spki) { + SECKEYPublicKey *key = SECKEY_ExtractPublicKey(spki); + SECKEY_DestroyPublicKey(key); + } + + SECKEY_DestroySubjectPublicKeyInfo(spki); + + return 0; +} + +REGISTER_FUZZING_TARGET("spki", spki_fuzzing_target, 1024, "SPKI Import") diff --git a/manifest.mn b/manifest.mn index cb2470bf4a..69fc19d6a7 100644 --- a/manifest.mn +++ b/manifest.mn @@ -11,3 +11,7 @@ IMPORTS = nspr20/v4.8 \ RELEASE = nss DIRS = coreconf lib cmd external_tests + +ifdef FUZZ +DIRS += fuzz +endif