summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-08-28 13:46:24 -0400
committerNick Mathewson <nickm@torproject.org>2017-08-28 13:46:24 -0400
commit18bc7fa70bd277d8284a8f245e54dd54b7a0c529 (patch)
treec06ebb534daa2aafbeddf074582c0342b3e4e199
parentef6ed0f211dc0fcbfdcdb74d896e825cdc37ae9f (diff)
parent97347b1109fcbb9b7d6eb74624748c5e6f560b77 (diff)
downloadtor-18bc7fa70bd277d8284a8f245e54dd54b7a0c529.tar.gz
tor-18bc7fa70bd277d8284a8f245e54dd54b7a0c529.zip
Merge remote-tracking branch 'haxxpop/fuzzing-hsv3'
-rwxr-xr-xscripts/codegen/fuzzing_include_am.py1
-rw-r--r--src/or/torcert.c12
-rw-r--r--src/or/torcert.h11
-rw-r--r--src/test/fuzz/dict/hsdescv36
-rw-r--r--src/test/fuzz/fuzz_hsdescv3.c71
-rw-r--r--src/test/fuzz/include.am23
6 files changed, 113 insertions, 11 deletions
diff --git a/scripts/codegen/fuzzing_include_am.py b/scripts/codegen/fuzzing_include_am.py
index 045d0f8922..f2936ef4ea 100755
--- a/scripts/codegen/fuzzing_include_am.py
+++ b/scripts/codegen/fuzzing_include_am.py
@@ -7,6 +7,7 @@ FUZZERS = """
diff-apply
extrainfo
hsdescv2
+ hsdescv3
http
iptsv2
microdesc
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 69b157446a..05a0a518e1 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -356,12 +356,12 @@ tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
*
* Return 0 on success, negative on failure.
*/
-int
-rsa_ed25519_crosscert_check(const uint8_t *crosscert,
- const size_t crosscert_len,
- const crypto_pk_t *rsa_id_key,
- const ed25519_public_key_t *master_key,
- const time_t reject_if_expired_before)
+MOCK_IMPL(int,
+rsa_ed25519_crosscert_check, (const uint8_t *crosscert,
+ const size_t crosscert_len,
+ const crypto_pk_t *rsa_id_key,
+ const ed25519_public_key_t *master_key,
+ const time_t reject_if_expired_before))
{
rsa_ed_crosscert_t *cc = NULL;
int rv;
diff --git a/src/or/torcert.h b/src/or/torcert.h
index 51f7665f1e..416ff7aa23 100644
--- a/src/or/torcert.h
+++ b/src/or/torcert.h
@@ -75,11 +75,12 @@ ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
const crypto_pk_t *rsa_key,
time_t expires,
uint8_t **cert);
-int rsa_ed25519_crosscert_check(const uint8_t *crosscert,
- const size_t crosscert_len,
- const crypto_pk_t *rsa_id_key,
- const ed25519_public_key_t *master_key,
- const time_t reject_if_expired_before);
+MOCK_DECL(int,
+rsa_ed25519_crosscert_check, (const uint8_t *crosscert,
+ const size_t crosscert_len,
+ const crypto_pk_t *rsa_id_key,
+ const ed25519_public_key_t *master_key,
+ const time_t reject_if_expired_before));
or_handshake_certs_t *or_handshake_certs_new(void);
void or_handshake_certs_free(or_handshake_certs_t *certs);
diff --git a/src/test/fuzz/dict/hsdescv3 b/src/test/fuzz/dict/hsdescv3
new file mode 100644
index 0000000000..84e8db578a
--- /dev/null
+++ b/src/test/fuzz/dict/hsdescv3
@@ -0,0 +1,6 @@
+"hs-descriptor"
+"descriptor-lifetime"
+"descriptor-signing-key-cert"
+"revision-counter"
+"superencrypted"
+"signature"
diff --git a/src/test/fuzz/fuzz_hsdescv3.c b/src/test/fuzz/fuzz_hsdescv3.c
new file mode 100644
index 0000000000..855c0674e5
--- /dev/null
+++ b/src/test/fuzz/fuzz_hsdescv3.c
@@ -0,0 +1,71 @@
+/* Copyright (c) 2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define ROUTERPARSE_PRIVATE
+#define HS_DESCRIPTOR_PRIVATE
+
+#include "crypto_ed25519.h"
+#include "hs_descriptor.h"
+#include "routerparse.h"
+#include "util.h"
+#include "torcert.h"
+
+#include "fuzzing.h"
+
+static void
+mock_dump_desc__nodump(const char *desc, const char *type)
+{
+ (void)desc;
+ (void)type;
+}
+
+static int
+mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
+ const size_t crosscert_len,
+ const crypto_pk_t *rsa_id_key,
+ const ed25519_public_key_t *master_key,
+ const time_t reject_if_expired_before)
+{
+ (void) crosscert;
+ (void) crosscert_len;
+ (void) rsa_id_key;
+ (void) master_key;
+ (void) reject_if_expired_before;
+ return 0;
+}
+
+int
+fuzz_init(void)
+{
+ disable_signature_checking();
+ MOCK(dump_desc, mock_dump_desc__nodump);
+ MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
+ ed25519_init();
+ return 0;
+}
+
+int
+fuzz_cleanup(void)
+{
+ return 0;
+}
+
+int
+fuzz_main(const uint8_t *data, size_t sz)
+{
+ hs_descriptor_t *desc = NULL;
+
+ char *fuzzing_data = tor_memdup_nulterm(data, sz);
+
+ hs_desc_decode_descriptor(fuzzing_data, NULL, &desc);
+ if (desc) {
+ log_debug(LD_GENERAL, "Decoding okay");
+ hs_descriptor_free(desc);
+ } else {
+ log_debug(LD_GENERAL, "Decoding failed");
+ }
+
+ tor_free(fuzzing_data);
+ return 0;
+}
+
diff --git a/src/test/fuzz/include.am b/src/test/fuzz/include.am
index d90e8283f2..6836fb0710 100644
--- a/src/test/fuzz/include.am
+++ b/src/test/fuzz/include.am
@@ -94,6 +94,14 @@ src_test_fuzz_fuzz_hsdescv2_CFLAGS = $(FUZZING_CFLAGS)
src_test_fuzz_fuzz_hsdescv2_LDFLAGS = $(FUZZING_LDFLAG)
src_test_fuzz_fuzz_hsdescv2_LDADD = $(FUZZING_LIBS)
+src_test_fuzz_fuzz_hsdescv3_SOURCES = \
+ src/test/fuzz/fuzzing_common.c \
+ src/test/fuzz/fuzz_hsdescv3.c
+src_test_fuzz_fuzz_hsdescv3_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_hsdescv3_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_hsdescv3_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_hsdescv3_LDADD = $(FUZZING_LIBS)
+
src_test_fuzz_fuzz_http_SOURCES = \
src/test/fuzz/fuzzing_common.c \
src/test/fuzz/fuzz_http.c
@@ -133,6 +141,7 @@ FUZZERS = \
src/test/fuzz/fuzz-diff-apply \
src/test/fuzz/fuzz-extrainfo \
src/test/fuzz/fuzz-hsdescv2 \
+ src/test/fuzz/fuzz-hsdescv3 \
src/test/fuzz/fuzz-http \
src/test/fuzz/fuzz-iptsv2 \
src/test/fuzz/fuzz-microdesc \
@@ -183,6 +192,13 @@ src_test_fuzz_lf_fuzz_hsdescv2_CFLAGS = $(LIBFUZZER_CFLAGS)
src_test_fuzz_lf_fuzz_hsdescv2_LDFLAGS = $(LIBFUZZER_LDFLAG)
src_test_fuzz_lf_fuzz_hsdescv2_LDADD = $(LIBFUZZER_LIBS)
+src_test_fuzz_lf_fuzz_hsdescv3_SOURCES = \
+ $(src_test_fuzz_fuzz_hsdescv3_SOURCES)
+src_test_fuzz_lf_fuzz_hsdescv3_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
+src_test_fuzz_lf_fuzz_hsdescv3_CFLAGS = $(LIBFUZZER_CFLAGS)
+src_test_fuzz_lf_fuzz_hsdescv3_LDFLAGS = $(LIBFUZZER_LDFLAG)
+src_test_fuzz_lf_fuzz_hsdescv3_LDADD = $(LIBFUZZER_LIBS)
+
src_test_fuzz_lf_fuzz_http_SOURCES = \
$(src_test_fuzz_fuzz_http_SOURCES)
src_test_fuzz_lf_fuzz_http_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
@@ -218,6 +234,7 @@ LIBFUZZER_FUZZERS = \
src/test/fuzz/lf-fuzz-diff-apply \
src/test/fuzz/lf-fuzz-extrainfo \
src/test/fuzz/lf-fuzz-hsdescv2 \
+ src/test/fuzz/lf-fuzz-hsdescv3 \
src/test/fuzz/lf-fuzz-http \
src/test/fuzz/lf-fuzz-iptsv2 \
src/test/fuzz/lf-fuzz-microdesc \
@@ -260,6 +277,11 @@ src_test_fuzz_liboss_fuzz_hsdescv2_a_SOURCES = \
src_test_fuzz_liboss_fuzz_hsdescv2_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
src_test_fuzz_liboss_fuzz_hsdescv2_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
+src_test_fuzz_liboss_fuzz_hsdescv3_a_SOURCES = \
+ $(src_test_fuzz_fuzz_hsdescv3_SOURCES)
+src_test_fuzz_liboss_fuzz_hsdescv3_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
+src_test_fuzz_liboss_fuzz_hsdescv3_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
+
src_test_fuzz_liboss_fuzz_http_a_SOURCES = \
$(src_test_fuzz_fuzz_http_SOURCES)
src_test_fuzz_liboss_fuzz_http_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
@@ -287,6 +309,7 @@ OSS_FUZZ_FUZZERS = \
src/test/fuzz/liboss-fuzz-diff-apply.a \
src/test/fuzz/liboss-fuzz-extrainfo.a \
src/test/fuzz/liboss-fuzz-hsdescv2.a \
+ src/test/fuzz/liboss-fuzz-hsdescv3.a \
src/test/fuzz/liboss-fuzz-http.a \
src/test/fuzz/liboss-fuzz-iptsv2.a \
src/test/fuzz/liboss-fuzz-microdesc.a \