[openssl-commits] [openssl] master update
Ben Laurie
ben at openssl.org
Fri Jun 3 10:41:01 UTC 2016
The branch master has been updated
via 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a (commit)
via 75a112295d615ec6baa9e4da6eb4e82a4ce8b40b (commit)
via e298cb10feab3115b6da189a0f569e24b4f6c2a9 (commit)
via e78fadede267e3627ac85b3707a773b3b51e8f46 (commit)
from 63936115e8e70ac36fc865ea32830dc93a7a5157 (commit)
- Log -----------------------------------------------------------------
commit 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a
Author: Ben Laurie <ben at links.org>
Date: Fri Jun 3 11:07:42 2016 +0100
Add ct fuzzer.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 75a112295d615ec6baa9e4da6eb4e82a4ce8b40b
Author: Ben Laurie <ben at links.org>
Date: Thu May 12 10:39:43 2016 +0100
Linkify libfuzzer.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit e298cb10feab3115b6da189a0f569e24b4f6c2a9
Author: Ben Laurie <ben at links.org>
Date: Wed May 11 16:07:14 2016 +0100
Fuzz everything with every input.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit e78fadede267e3627ac85b3707a773b3b51e8f46
Author: Ben Laurie <ben at links.org>
Date: Sat May 7 18:58:44 2016 +0100
Sort.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 ++
fuzz/README.md | 2 +-
fuzz/asn1.c | 92 ++++++++++++++++++++++------------------------------
fuzz/build.info | 26 ++++++++-------
fuzz/{cms.c => ct.c} | 14 ++++----
5 files changed, 62 insertions(+), 74 deletions(-)
copy fuzz/{cms.c => ct.c} (63%)
diff --git a/.gitignore b/.gitignore
index 2f99952..508fe0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,6 +63,7 @@ Makefile
/fuzz/bndiv
/fuzz/conf
/fuzz/cms
+/fuzz/ct
/fuzz/server
/fuzz/x509
/test/sha256t
@@ -85,6 +86,7 @@ Makefile
*.dylib*
*.dll*
*.exe
+*.pyc
# Exceptions
!/test/bctest
!/crypto/des/times/486-50.sol
diff --git a/fuzz/README.md b/fuzz/README.md
index 948590d..9b6d7d7 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -1,6 +1,6 @@
# I Can Haz Fuzz?
-Or, how to fuzz OpenSSL with libfuzzer.
+Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
Starting from a vanilla+OpenSSH server Ubuntu install.
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index fc129a8..fdf4c5e 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -26,61 +26,45 @@
#include <openssl/x509v3.h>
#include "fuzzer.h"
-static const ASN1_ITEM *item_type;
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
- const char *cmd;
- OPENSSL_assert(*argc > 1);
-
- cmd = (*argv)[1];
- (*argv)[1] = (*argv)[0];
- ++*argv;
- --*argc;
-
- // TODO: make this work like d2i_test.c does, once its decided what the
- // common scheme is!
-#define Y(t) if (!strcmp(cmd, #t)) item_type = ASN1_ITEM_rptr(t)
-#define X(t) else Y(t)
-
- Y(ASN1_SEQUENCE);
- X(AUTHORITY_INFO_ACCESS);
- X(BIGNUM);
- X(ECPARAMETERS);
- X(ECPKPARAMETERS);
- X(GENERAL_NAME);
- X(GENERAL_SUBTREE);
- X(NAME_CONSTRAINTS);
- X(OCSP_BASICRESP);
- X(OCSP_RESPONSE);
- X(PKCS12);
- X(PKCS12_AUTHSAFES);
- X(PKCS12_SAFEBAGS);
- X(PKCS7);
- X(PKCS7_ATTR_SIGN);
- X(PKCS7_ATTR_VERIFY);
- X(PKCS7_DIGEST);
- X(PKCS7_ENC_CONTENT);
- X(PKCS7_ENCRYPT);
- X(PKCS7_ENVELOPE);
- X(PKCS7_RECIP_INFO);
- X(PKCS7_SIGN_ENVELOPE);
- X(PKCS7_SIGNED);
- X(PKCS7_SIGNER_INFO);
- X(POLICY_CONSTRAINTS);
- X(POLICY_MAPPINGS);
- X(SXNET);
- //X(TS_RESP); want to do this, but type is hidden, however d2i exists...
- X(X509);
- X(X509_CRL);
- else
- OPENSSL_assert(!"Bad type");
-
- return 0;
-}
+static const ASN1_ITEM *item_type[] = {
+ ASN1_ITEM_rptr(ASN1_SEQUENCE),
+ ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS),
+ ASN1_ITEM_rptr(BIGNUM),
+ ASN1_ITEM_rptr(ECPARAMETERS),
+ ASN1_ITEM_rptr(ECPKPARAMETERS),
+ ASN1_ITEM_rptr(GENERAL_NAME),
+ ASN1_ITEM_rptr(GENERAL_SUBTREE),
+ ASN1_ITEM_rptr(NAME_CONSTRAINTS),
+ ASN1_ITEM_rptr(OCSP_BASICRESP),
+ ASN1_ITEM_rptr(OCSP_RESPONSE),
+ ASN1_ITEM_rptr(PKCS12),
+ ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+ ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+ ASN1_ITEM_rptr(PKCS7),
+ ASN1_ITEM_rptr(PKCS7_ATTR_SIGN),
+ ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY),
+ ASN1_ITEM_rptr(PKCS7_DIGEST),
+ ASN1_ITEM_rptr(PKCS7_ENC_CONTENT),
+ ASN1_ITEM_rptr(PKCS7_ENCRYPT),
+ ASN1_ITEM_rptr(PKCS7_ENVELOPE),
+ ASN1_ITEM_rptr(PKCS7_RECIP_INFO),
+ ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE),
+ ASN1_ITEM_rptr(PKCS7_SIGNED),
+ ASN1_ITEM_rptr(PKCS7_SIGNER_INFO),
+ ASN1_ITEM_rptr(POLICY_CONSTRAINTS),
+ ASN1_ITEM_rptr(POLICY_MAPPINGS),
+ ASN1_ITEM_rptr(SXNET),
+ //ASN1_ITEM_rptr(TS_RESP), want to do this, but type is hidden, however d2i exists...
+ ASN1_ITEM_rptr(X509),
+ ASN1_ITEM_rptr(X509_CRL),
+ NULL
+};
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
- const uint8_t *b = buf;
- ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type);
- ASN1_item_free(o, item_type);
+ for (int n = 0; item_type[n] != NULL; ++n) {
+ const uint8_t *b = buf;
+ ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]);
+ ASN1_item_free(o, item_type[n]);
+ }
return 0;
}
diff --git a/fuzz/build.info b/fuzz/build.info
index 29d14b3..3569418 100644
--- a/fuzz/build.info
+++ b/fuzz/build.info
@@ -1,8 +1,4 @@
-PROGRAMS=server asn1 asn1parse cms conf bignum bndiv
-
-SOURCE[server]=server.c
-INCLUDE[server]=../include ../../../svn-work/Fuzzer
-DEPEND[server]=../libcrypto ../libssl ../../../svn-work/Fuzzer/libFuzzer
+PROGRAMS=asn1 asn1parse bignum bndiv cms conf ct server
SOURCE[asn1]=asn1.c
INCLUDE[asn1]=../include ../../../svn-work/Fuzzer
@@ -12,6 +8,14 @@ SOURCE[asn1parse]=asn1parse.c
INCLUDE[asn1parse]=../include ../../../svn-work/Fuzzer
DEPEND[asn1parse]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+SOURCE[bignum]=bignum.c
+INCLUDE[bignum]=../include ../../../svn-work/Fuzzer
+DEPEND[bignum]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+
+SOURCE[bndiv]=bndiv.c
+INCLUDE[bndiv]=../include ../../../svn-work/Fuzzer
+DEPEND[bndiv]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+
SOURCE[cms]=cms.c
INCLUDE[cms]=../include ../../../svn-work/Fuzzer
DEPEND[cms]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
@@ -20,10 +24,10 @@ SOURCE[conf]=conf.c
INCLUDE[conf]=../include ../../../svn-work/Fuzzer
DEPEND[conf]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
-SOURCE[bignum]=bignum.c
-INCLUDE[bignum]=../include ../../../svn-work/Fuzzer
-DEPEND[bignum]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+SOURCE[ct]=ct.c
+INCLUDE[ct]=../include ../../../svn-work/Fuzzer
+DEPEND[ct]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
-SOURCE[bndiv]=bndiv.c
-INCLUDE[bndiv]=../include ../../../svn-work/Fuzzer
-DEPEND[bndiv]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+SOURCE[server]=server.c
+INCLUDE[server]=../include ../../../svn-work/Fuzzer
+DEPEND[server]=../libcrypto ../libssl ../../../svn-work/Fuzzer/libFuzzer
diff --git a/fuzz/cms.c b/fuzz/ct.c
similarity index 63%
copy from fuzz/cms.c
copy to fuzz/ct.c
index 7b4fc3d..7050461 100644
--- a/fuzz/cms.c
+++ b/fuzz/ct.c
@@ -9,18 +9,16 @@
*/
/*
- * Test CMS DER parsing.
+ * Fuzz the SCT parser.
*/
-#include <openssl/bio.h>
-#include <openssl/cms.h>
+#include <stdio.h>
+#include <openssl/ct.h>
#include "fuzzer.h"
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
- BIO *in = BIO_new(BIO_s_mem());
- OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
- CMS_ContentInfo *i = d2i_CMS_bio(in, NULL);
- CMS_ContentInfo_free(i);
- BIO_free(in);
+ const uint8_t **pp = &buf;
+ STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
+ SCT_LIST_free(scts);
return 0;
}
More information about the openssl-commits
mailing list