Skip to content

Commit

Permalink
Bug 1332652 - Replace SPKI and Cert tests with a single QuickDER fuzz…
Browse files Browse the repository at this point in the history 
…ing target r=franziskus

Differential Revision: https://nss-review.dev.mozaws.net/D166

--HG--
extra : amend_source : 17bdce63fd6aa9471d54836549a3803c40b26ff4
  • Loading branch information
Tim Taubert committed Jan 20, 2017
1 parent 873e70e commit ba08dd1
Show file tree
Hide file tree
Showing 4 changed files with 93 additions and 49 deletions.
21 changes: 3 additions & 18 deletions automation/taskcluster/graph/src/extend.js
View file
Expand Up @@ -321,31 +321,16 @@ async function scheduleFuzzing() {

queue.scheduleTask(merge(base, {
parent: task_build,
name: "Cert",
name: "QuickDER",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
"cert nss/fuzz/corpus/cert -max_total_time=300"
"quickder nss/fuzz/corpus/quickder -max_total_time=300"
],
// Need a privileged docker container to remove this.
env: {ASAN_OPTIONS: "detect_leaks=0"},
symbol: "SCert",
kind: "test"
}));

queue.scheduleTask(merge(base, {
parent: task_build,
name: "SPKI",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
"spki nss/fuzz/corpus/spki -max_total_time=300"
],
// Need a privileged docker container to remove this.
env: {ASAN_OPTIONS: "detect_leaks=0"},
symbol: "SPKI",
symbol: "QuickDER",
kind: "test"
}));

Expand Down
27 changes: 7 additions & 20 deletions fuzz/fuzz.gyp
View file
Expand Up @@ -38,6 +38,7 @@
'<(DEPTH)/lib/util/util.gyp:nssutil',
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
],
'conditions': [
['use_fuzzing_engine==0', {
Expand Down Expand Up @@ -86,38 +87,25 @@
],
},
{
'target_name': 'nssfuzz-cert',
'type': 'executable',
'sources': [
'asn1_mutators.cc',
'cert_target.cc',
'initialize.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'fuzz_base',
],
},
{
'target_name': 'nssfuzz-spki',
'target_name': 'nssfuzz-pkcs8',
'type': 'executable',
'sources': [
'asn1_mutators.cc',
'spki_target.cc',
'initialize.cc',
'pkcs8_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'fuzz_base',
],
},
{
'target_name': 'nssfuzz-pkcs8',
'target_name': 'nssfuzz-quickder',
'type': 'executable',
'sources': [
'asn1_mutators.cc',
'initialize.cc',
'pkcs8_target.cc',
'quickder_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
Expand All @@ -140,11 +128,10 @@
'target_name': 'nssfuzz',
'type': 'none',
'dependencies': [
'nssfuzz-cert',
'nssfuzz-hash',
'nssfuzz-pkcs8',
'nssfuzz-spki',
]
'nssfuzz-quickder',
],
}
],
}
83 changes: 83 additions & 0 deletions fuzz/quickder_target.cc
View file
@@ -0,0 +1,83 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "FuzzerInternal.h"
#include "asn1_mutators.h"
#include "shared.h"

const std::vector<const SEC_ASN1Template *> templates = {
CERT_AttributeTemplate,
CERT_CertExtensionTemplate,
CERT_CertificateRequestTemplate,
CERT_CertificateTemplate,
CERT_CrlTemplate,
CERT_IssuerAndSNTemplate,
CERT_NameTemplate,
CERT_PublicKeyAndChallengeTemplate,
CERT_RDNTemplate,
CERT_SequenceOfCertExtensionTemplate,
CERT_SetOfAttributeTemplate,
CERT_SetOfSignedCrlTemplate,
CERT_SignedCrlTemplate,
CERT_SignedDataTemplate,
CERT_SubjectPublicKeyInfoTemplate,
CERT_TimeChoiceTemplate,
CERT_ValidityTemplate,
SEC_AnyTemplate,
SEC_BitStringTemplate,
SEC_BMPStringTemplate,
SEC_BooleanTemplate,
SEC_CertSequenceTemplate,
SEC_EnumeratedTemplate,
SEC_GeneralizedTimeTemplate,
SEC_IA5StringTemplate,
SEC_IntegerTemplate,
SEC_NullTemplate,
SEC_ObjectIDTemplate,
SEC_OctetStringTemplate,
SEC_PointerToAnyTemplate,
SEC_PointerToEnumeratedTemplate,
SEC_PointerToGeneralizedTimeTemplate,
SEC_PointerToOctetStringTemplate,
SEC_PrintableStringTemplate,
SEC_SetOfAnyTemplate,
SEC_SetOfEnumeratedTemplate,
SEC_SequenceOfAnyTemplate,
SEC_SequenceOfObjectIDTemplate,
SEC_SignedCertificateTemplate,
SEC_SkipTemplate,
SEC_T61StringTemplate,
SEC_UniversalStringTemplate,
SEC_UTCTimeTemplate,
SEC_UTF8StringTemplate,
SEC_VisibleStringTemplate,
SECKEY_DHParamKeyTemplate,
SECKEY_DHPublicKeyTemplate,
SECKEY_DSAPrivateKeyExportTemplate,
SECKEY_DSAPublicKeyTemplate,
SECKEY_PQGParamsTemplate,
SECKEY_PrivateKeyInfoTemplate,
SECKEY_RSAPSSParamsTemplate,
SECKEY_RSAPublicKeyTemplate,
SECOID_AlgorithmIDTemplate};

extern const uint16_t DEFAULT_MAX_LENGTH = 10000U;

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
char *dest[2048];

for (auto tpl : templates) {
PORTCheapArenaPool pool;
SECItem buf = {siBuffer, const_cast<unsigned char *>(Data),
static_cast<unsigned int>(Size)};

PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
(void)SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf);
PORT_DestroyCheapArena(&pool);
}

return 0;
}

ADD_CUSTOM_MUTATORS({&ASN1MutatorFlipConstructed, &ASN1MutatorChangeType})
11 changes: 0 additions & 11 deletions fuzz/shared.h
View file
Expand Up @@ -17,17 +17,6 @@ class NSSDatabase {
~NSSDatabase() { NSS_Shutdown(); }
};

void QuickDERDecode(void *dst, const SEC_ASN1Template *tpl, const uint8_t *buf,
size_t len) {
PORTCheapArenaPool pool;
SECItem data = {siBuffer, const_cast<unsigned char *>(buf),
static_cast<unsigned int>(len)};

PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
(void)SEC_QuickDERDecodeItem(&pool.arena, dst, tpl, &data);
PORT_DestroyCheapArena(&pool);
}

size_t CustomMutate(std::vector<decltype(LLVMFuzzerCustomMutator) *> mutators,
uint8_t *Data, size_t Size, size_t MaxSize,
unsigned int Seed) {
Expand Down

0 comments on commit ba08dd1

Please sign in to comment.